platform/upstream/systemd.git
6 years agofuzz: disable all deps when building with oss-fuzz
Jonathan Rudenberg [Mon, 15 Jan 2018 23:27:37 +0000 (18:27 -0500)]
fuzz: disable all deps when building with oss-fuzz

The fuzz targets are intended to be fast and only target systemd
code, so they don't need to call out to any dependencies. They also
shouldn't depend on shared libraries outside of libc, so we disable
every dependency when compiling against oss-fuzz. This also
simplifies the upstream build environment significantly.

6 years agofuzz: add initial fuzzing infrastructure
Jonathan Rudenberg [Sun, 14 Jan 2018 00:51:07 +0000 (19:51 -0500)]
fuzz: add initial fuzzing infrastructure

The fuzzers will be used by oss-fuzz to automatically and
continuously fuzz systemd.

This commit includes the build tooling necessary to build fuzz
targets, and a fuzzer for the DNS packet parser.

6 years agoMerge pull request #7903 from yuwata/fix-7863
Lennart Poettering [Wed, 17 Jan 2018 18:18:47 +0000 (19:18 +0100)]
Merge pull request #7903 from yuwata/fix-7863

 network: create runtime sub-directories after drop_privileges()

6 years agoMerge pull request #7910 from poettering/getcwd
Lennart Poettering [Wed, 17 Jan 2018 18:16:42 +0000 (19:16 +0100)]
Merge pull request #7910 from poettering/getcwd

some getcwd() fixes, and other path-util tweaks

6 years agoMerge pull request #7911 from poettering/chase-symlinks-tweaks
Lennart Poettering [Wed, 17 Jan 2018 18:15:49 +0000 (19:15 +0100)]
Merge pull request #7911 from poettering/chase-symlinks-tweaks

chase_symlinks() tweaks

6 years agoresolve: check for underflow of size parameter (#7889)
Shawn Landden [Wed, 17 Jan 2018 13:49:22 +0000 (05:49 -0800)]
resolve: check for underflow of size parameter (#7889)

to dns_packet_read_memdup()

Closes #7888

6 years agofs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREF...
Lennart Poettering [Wed, 17 Jan 2018 11:00:40 +0000 (12:00 +0100)]
fs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREFIX_ROOT is set

If we take a relative path we first make it absolute, based on the
current working directory. But if CHASE_PREFIX_ROOT is passe we are
supposed to make the path absolute taking the specified root path into
account, but that makes no sense if we talk about the current working
directory as that is relative to the host's root in any case. Hence,
let's refuse this politely.

6 years agofs-util: extra chase_symlink() safety check on "path" parameter
Lennart Poettering [Wed, 17 Jan 2018 11:00:12 +0000 (12:00 +0100)]
fs-util: extra chase_symlink() safety check on "path" parameter

It's not clear what an empty "path" is even supposed to mean, hence
refuse.

6 years agofs-util: extra safety checks on chase_symlinks() root parameter
Lennart Poettering [Wed, 17 Jan 2018 10:56:52 +0000 (11:56 +0100)]
fs-util: extra safety checks on chase_symlinks() root parameter

Let's handle root="" and root="/" safely.

6 years agopath-util: don't insert duplicate "/" in path_make_absolute_cwd()
Lennart Poettering [Wed, 17 Jan 2018 10:17:55 +0000 (11:17 +0100)]
path-util: don't insert duplicate "/" in path_make_absolute_cwd()

When the working directory is "/" it's prettier not to insert a second
"/" in the path, even though it is technically correct.

6 years agotree-wide: port all code to use safe_getcwd()
Lennart Poettering [Wed, 17 Jan 2018 10:17:38 +0000 (11:17 +0100)]
tree-wide: port all code to use safe_getcwd()

6 years agopath-util: introduce new safe_getcwd() wrapper
Lennart Poettering [Wed, 17 Jan 2018 10:16:31 +0000 (11:16 +0100)]
path-util: introduce new safe_getcwd() wrapper

It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/

6 years agopath-util: don't add extra "/" when prefix already is suffixed by slash
Lennart Poettering [Wed, 17 Jan 2018 10:15:00 +0000 (11:15 +0100)]
path-util: don't add extra "/" when prefix already is suffixed by slash

No need to insert duplicate "/" if we can avoid it. This is particularly
relevant if the prefix passed in is the root directory.

6 years agopath-util: do something useful if the prefix is "" in path_make_absolute()
Lennart Poettering [Wed, 17 Jan 2018 10:13:46 +0000 (11:13 +0100)]
path-util: do something useful if the prefix is "" in path_make_absolute()

Do not insert a "/" if the prefix we shall use is empty. It's a corner
case we should probably take care of.

6 years agoefivars: include errno.h when EFI support is disabled (#7900)
Yu Watanabe [Wed, 17 Jan 2018 09:25:42 +0000 (18:25 +0900)]
efivars: include errno.h when EFI support is disabled (#7900)

Fixes #7898.

6 years agoMerge pull request #7886 from gdamjan/fix-ptmx
Alan Jenkins [Wed, 17 Jan 2018 09:24:00 +0000 (09:24 +0000)]
Merge pull request #7886 from gdamjan/fix-ptmx

namespace: make /dev/ptmx a copy of the host not a symlink

6 years agoMerge pull request #7893 from poettering/parse-tweaks
Zbigniew Jędrzejewski-Szmek [Wed, 17 Jan 2018 09:22:17 +0000 (20:22 +1100)]
Merge pull request #7893 from poettering/parse-tweaks

parsing tweaks

6 years agoMerge pull request #7902 from yuwata/fix-warning-by-clang
Zbigniew Jędrzejewski-Szmek [Wed, 17 Jan 2018 09:17:23 +0000 (20:17 +1100)]
Merge pull request #7902 from yuwata/fix-warning-by-clang

network: small fixes

6 years agohwdb: 60-sensors: Add DMI strings for Trekstor Surftab 7.0 newer BIOS versions (...
Hans de Goede [Wed, 17 Jan 2018 09:15:41 +0000 (10:15 +0100)]
hwdb: 60-sensors: Add DMI strings for Trekstor Surftab 7.0 newer BIOS versions (#7904)

Some newer BIOS versions of the TrekStor SurfTab wintron 7.0 tablet use
different (better) DMI strings, update the existing 60-sensors.hwdb
entry for this tablet to also work with the newer BIOS.

6 years ago hwdb: HP vendor name for ZBooks in 60-keyboard.hwdb (#7905)
Jerónimo Borque [Wed, 17 Jan 2018 09:15:00 +0000 (06:15 -0300)]
 hwdb: HP vendor name for ZBooks in 60-keyboard.hwdb (#7905)

Added new HP vendor name to support Zbook's mic mute key mapping

6 years agoMerge pull request #7897 from yuwata/small-man-fixes
Zbigniew Jędrzejewski-Szmek [Wed, 17 Jan 2018 09:13:54 +0000 (20:13 +1100)]
Merge pull request #7897 from yuwata/small-man-fixes

Several man fixes

6 years agonamespace: only make the symlink /dev/ptmx if it was already a symlink
Дамјан Георгиевски [Tue, 16 Jan 2018 20:50:36 +0000 (21:50 +0100)]
namespace: only make the symlink /dev/ptmx if it was already a symlink

…otherwise try to clone it as a device node

On most contemporary distros /dev/ptmx is a device node, and
/dev/pts/ptmx has 000 inaccessible permissions. In those cases
the symlink /dev/ptmx -> /dev/pts/ptmx breaks the pseudo tty support.

In that case we better clone the device node.

OTOH, in nspawn containers (and possibly others), /dev/pts/ptmx has
normal permissions, and /dev/ptmx is a symlink. In that case make the
same symlink.

fixes #7878

6 years agonamespace: extract clone_device_node function from mount_private_dev
Дамјан Георгиевски [Tue, 16 Jan 2018 20:27:51 +0000 (21:27 +0100)]
namespace: extract clone_device_node function from mount_private_dev

6 years agonetwork: create runtime sub-directories after drop_privileges()
Yu Watanabe [Tue, 16 Jan 2018 18:35:25 +0000 (03:35 +0900)]
network: create runtime sub-directories after drop_privileges()

For old kernels not supporting AmbientCapabilities=, networkd is
started as root with limited capabilities. Then, networkd cannot
chown the directories under runtime directory as
CapabilityBoundingSet= does not contains enough capabilities.
This makes these directories are created after dropping privileges.
Thus, networkd does not need to chown them anymore.

Fixes #7863.

6 years agotimesync: do not fail when started as privileged user
Yu Watanabe [Tue, 16 Jan 2018 18:34:45 +0000 (03:34 +0900)]
timesync: do not fail when started as privileged user

6 years agodhcp6: fix warnings by clang with -Waddress-of-packed-member
Yu Watanabe [Tue, 16 Jan 2018 16:53:00 +0000 (01:53 +0900)]
dhcp6: fix warnings by clang with -Waddress-of-packed-member

This fixes the following warnings:
```
[194/1521] Compiling C object 'src/libsystemd-network/systemd-network@sta/dhcp6-option.c.o'.
../../git/systemd/src/libsystemd-network/dhcp6-option.c:110:25: warning: taking address of packed member 'id' of class or structure 'ia_na' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_na.id;
                        ^~~~~~~~~~~~
../../git/systemd/src/libsystemd-network/dhcp6-option.c:115:25: warning: taking address of packed member 'id' of class or structure 'ia_ta' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_ta.id;
                        ^~~~~~~~~~~~
2 warnings generated.
```

6 years agonetworkd: fix wrong argument check
Yu Watanabe [Tue, 16 Jan 2018 16:29:13 +0000 (01:29 +0900)]
networkd: fix wrong argument check

6 years agoipvlan: fix wrong assignment in ipvlan_init()
Yu Watanabe [Tue, 16 Jan 2018 16:28:09 +0000 (01:28 +0900)]
ipvlan: fix wrong assignment in ipvlan_init()

6 years agoman: mention that systemctl is-active or is-failed do not load units
Yu Watanabe [Tue, 16 Jan 2018 14:25:56 +0000 (23:25 +0900)]
man: mention that systemctl is-active or is-failed do not load units

See the discussion in the issue #7875.

6 years agovirt: add comment that we need to use sscanf()
Yu Watanabe [Tue, 16 Jan 2018 14:00:39 +0000 (23:00 +0900)]
virt: add comment that we need to use sscanf()

Follow-up for 13e0f9fe8334859ee86f4ff725374d1d83f5baf7.
See PR #7890 and comment in PR #7581.

6 years agoman: remove duplicated line
Yu Watanabe [Tue, 16 Jan 2018 13:22:14 +0000 (22:22 +0900)]
man: remove duplicated line

Follow-up for c46bc7e2162d774f55847c1a8cb9d49085cf89bb.

6 years agoparse-util: detect overflows in parse_percent_unbounded()
Lennart Poettering [Tue, 16 Jan 2018 10:50:12 +0000 (11:50 +0100)]
parse-util: detect overflows in parse_percent_unbounded()

We shouldn't accept percentages beyon INT32_MAX and consider them
valid.

6 years agoparse-util: coding style fix
Lennart Poettering [Tue, 16 Jan 2018 10:49:24 +0000 (11:49 +0100)]
parse-util: coding style fix

Let's not rely on C's downgrade-to-bool feature to check for NUL bytes

6 years agolocale-util: add freelocale() cleanup helper
Lennart Poettering [Tue, 16 Jan 2018 10:48:25 +0000 (11:48 +0100)]
locale-util: add freelocale() cleanup helper

6 years agoMerge pull request #7885 from pfl/dhcp6_fixes
Lennart Poettering [Tue, 16 Jan 2018 09:44:35 +0000 (10:44 +0100)]
Merge pull request #7885 from pfl/dhcp6_fixes

Minor fixes

6 years agoman: fix broken kernel document links (#7892)
John Lin [Tue, 16 Jan 2018 09:29:35 +0000 (17:29 +0800)]
man: fix broken kernel document links (#7892)

6 years agoFix parsing of features in detect_vm_xen_dom0 (#7890)
Olaf Hering [Tue, 16 Jan 2018 09:24:37 +0000 (10:24 +0100)]
Fix parsing of features in detect_vm_xen_dom0 (#7890)

Use sscanf instead of the built-in safe_atolu because the scanned string
lacks the leading "0x", it is generated with snprintf(b, "%08x", val).
As a result strtoull handles it as octal, and parsing fails.

The initial submission already used sscanf, then parsing was replaced by
safe_atolu without retesting the updated PR.

Fixes 575e6588d ("virt: use XENFEAT_dom0 to detect the hardware domain
(#6442, #6662) (#7581)")

6 years agoMerge pull request #7540 from fbuihuu/systemd-delta-tweaks
Zbigniew Jędrzejewski-Szmek [Tue, 16 Jan 2018 09:22:25 +0000 (20:22 +1100)]
Merge pull request #7540 from fbuihuu/systemd-delta-tweaks

Systemd delta tweaks

6 years agomachined: use getent to get default shell for machinectl shell (#7684)
Shawn Landden [Mon, 15 Jan 2018 18:17:51 +0000 (10:17 -0800)]
machined: use getent to get default shell for machinectl shell (#7684)

Closes: https://github.com/systemd/systemd/issues/1395

6 years agosd-dhcp6-client: Use offsetof() instead of sizeof()
Patrik Flykt [Mon, 15 Jan 2018 15:37:52 +0000 (17:37 +0200)]
sd-dhcp6-client: Use offsetof() instead of sizeof()

The slightly modified review comments say that "...in theory
offsetof(DHCP6Option, data) is nicer than sizeof(DHCP6Option)
because the former removes alignment artifacts. In this
specific case there are no alignment whitespaces hence it's
fine, but out of a matter of principle offsetof() is preferred
over sizeof() in cases like this..."

6 years agodhcp6: Fix valgrind nitpick about returned test case value
Patrik Flykt [Mon, 15 Jan 2018 15:15:13 +0000 (17:15 +0200)]
dhcp6: Fix valgrind nitpick about returned test case value

Calling dhcp6_option_parse_address() will always return a value
< 0 on error even though lt_valid remains unset. This is more
than valgrind can safely detect, but let's fix the valgrind
nitpick anyway.

While fixing, use UINT32_MAX instead of ~0 on the same line.

6 years agoMerge pull request #7884 from yuwata/small-fixes
Lennart Poettering [Mon, 15 Jan 2018 15:40:41 +0000 (16:40 +0100)]
Merge pull request #7884 from yuwata/small-fixes

Small fixes

6 years agoman: fix typo
Дилян Палаузов [Mon, 15 Jan 2018 15:09:59 +0000 (00:09 +0900)]
man: fix typo

Closes #7866.

6 years agoman: logind: update reference
Yu Watanabe [Mon, 15 Jan 2018 15:03:29 +0000 (00:03 +0900)]
man: logind: update reference

Fixes #7858.

6 years agojournal: coding style fix
Yu Watanabe [Mon, 15 Jan 2018 14:53:05 +0000 (23:53 +0900)]
journal: coding style fix

This is originally pointed out by @cpsw.

6 years agonetwork: fix indentation
Yu Watanabe [Mon, 15 Jan 2018 14:49:30 +0000 (23:49 +0900)]
network: fix indentation

Follow-up for 56a23cb40aadea95f7e24a911ba973fe132878b8.

6 years agonetworkd: remove unnecessary parentheses
Yu Watanabe [Mon, 15 Jan 2018 14:47:55 +0000 (23:47 +0900)]
networkd: remove unnecessary parentheses

Follow-up for 56a23cb40aadea95f7e24a911ba973fe132878b8.

6 years agosystemctl: comment that the verb 'check' is deprecated
Yu Watanabe [Mon, 15 Jan 2018 14:44:23 +0000 (23:44 +0900)]
systemctl: comment that the verb 'check' is deprecated

6 years agotimesync: use current uid when started as non-root user
Yu Watanabe [Mon, 15 Jan 2018 14:40:23 +0000 (23:40 +0900)]
timesync: use current uid when started as non-root user

Fixes #7883.

6 years agotest: free memory
Yu Watanabe [Mon, 15 Jan 2018 14:36:58 +0000 (23:36 +0900)]
test: free memory

Fixes #7882.

6 years agoadd false option for tests (#7778)
Adam Duskett [Mon, 15 Jan 2018 11:25:46 +0000 (06:25 -0500)]
add false option for tests (#7778)

Currently there is no way to prevent tests from building using meson.
This introduces two problems:

1) It adds a extra 381 files to compile.
2) One of these tests explicitly requires libgcrypt to be built even if systemd
   is not using it.
3) It adds C++ to the requirements to build systemd.

When cross-compiling, this is uneccessary.

6 years agoMerge pull request #7582 from pfl/dhcp6_prefix_delegation
Lennart Poettering [Mon, 15 Jan 2018 11:02:37 +0000 (12:02 +0100)]
Merge pull request #7582 from pfl/dhcp6_prefix_delegation

DHCPv6 prefix delegation

6 years agoman: --this-boot is deprecated (#7880)
Zbigniew Jędrzejewski-Szmek [Mon, 15 Jan 2018 10:45:40 +0000 (14:45 +0400)]
man: --this-boot is deprecated (#7880)

This removes the last public reference. Follow-up for #7844.

6 years agoMerge pull request #7816 from poettering/chase-pid
Zbigniew Jędrzejewski-Szmek [Mon, 15 Jan 2018 10:14:34 +0000 (14:14 +0400)]
Merge pull request #7816 from poettering/chase-pid

Make MAINPID= and PIDFile= handling more restrictive (and other stuff)

6 years agoMerge pull request #7844 from yuwata/bash-completion
Zbigniew Jędrzejewski-Szmek [Mon, 15 Jan 2018 09:51:29 +0000 (13:51 +0400)]
Merge pull request #7844 from yuwata/bash-completion

update bash completions

6 years agoMerge pull request #7855 from poettering/log-h-includes
Zbigniew Jędrzejewski-Szmek [Mon, 15 Jan 2018 09:43:09 +0000 (13:43 +0400)]
Merge pull request #7855 from poettering/log-h-includes

log.h #include cleanups

6 years agoMerge pull request #7871 from sourcejedi/log_mounts
Zbigniew Jędrzejewski-Szmek [Mon, 15 Jan 2018 09:34:06 +0000 (13:34 +0400)]
Merge pull request #7871 from sourcejedi/log_mounts

core: fix output (logging) for mount units (#7603)

6 years agoMerge pull request #7872 from mineo/coredumpctl-zsh-completion
Zbigniew Jędrzejewski-Szmek [Mon, 15 Jan 2018 09:28:14 +0000 (13:28 +0400)]
Merge pull request #7872 from mineo/coredumpctl-zsh-completion

Fix the ZSH completion on `coredumpctl gdb <tab>`

6 years agocore: prevent spurious retries of umount
Alan Jenkins [Sat, 13 Jan 2018 17:22:46 +0000 (17:22 +0000)]
core: prevent spurious retries of umount

Testing the previous commit with `systemctl stop tmp.mount` logged the
reason for failure as expected, but unexpectedly the message was repeated
32 times.

The retry is a special case for umount; it is only supposed to cover the
case where the umount command was _successful_, but there was still some
remaining mount(s) underneath.  Fix it by making sure to test the first
condition :).

Re-tested with and without a preceding `mount --bind /mnt /tmp`,
and using `findmnt` to check the end result.

6 years agozsh/coredumpctl: Never sort the completion candidates
Wieland Hoffmann [Sat, 13 Jan 2018 14:23:28 +0000 (15:23 +0100)]
zsh/coredumpctl: Never sort the completion candidates

That way, they're always sorted by date. I do not know how to make ZSH sort
them by PID through some option, but that doesn't seem very useful in the first
place.

6 years agozsh/coredumpctl: Fix the completion
Wieland Hoffmann [Sat, 13 Jan 2018 12:43:28 +0000 (13:43 +0100)]
zsh/coredumpctl: Fix the completion

An output from coredumpctl list is like

> TIME                            PID   UID   GID SIG COREFILE  EXE
> Sun 2016-05-29 18:44:03 CEST  14578  1000  1000   6 none      /tmp/pacaurtmp-wieland/python33/src/Python-3.3.6/python

  ^1  ^2         ^3       ^4    ^5

, but the previous sub() command turns that into

> TIMEPID   UID   GID SIG COREFILE  EXE
> Sun2016-05-29 18:44:03 CEST  14578  1000  1000   6 none      /tmp/pacaurtmp-wieland/python33/src/Python-3.3.6/python
  ^1            ^2       ^3    ^4     ^5

so the whole pipeline generated entries like

$UID:$DESCRIPTION

but that's not useful and probably not what was supposed to happen.

This now generates entries like

$PID:$DESCRIPTION

which make everything work.

Note that with this commmit, the completions will be sorted by PID by
ZSH.

6 years agocore: fix output (logging) for mount units (#7603)
Alan Jenkins [Sat, 13 Jan 2018 12:30:43 +0000 (12:30 +0000)]
core: fix output (logging) for mount units (#7603)

Documentation - systemd.exec - strongly implies mount units get logging.

It is safe for mounts to depend on systemd-journald.socket.  There is no
cyclic dependency generated.  This is because the root, -.mount, was
already deliberately set to EXEC_OUTPUT_NULL.  See comment in
mount_load_root_mount().  And /run is excluded from being a mount unit.

Nor does systemd-journald depend on /var.  It starts earlier, initially
logging to /run.

Tested before/after using `systemctl stop tmp.mount`.

6 years agodbus-execute: define bus_set_transient_errno() only if HAVE_SECCOMP (#7869)
0xAX [Fri, 12 Jan 2018 23:48:53 +0000 (00:48 +0100)]
dbus-execute: define bus_set_transient_errno() only if HAVE_SECCOMP (#7869)

in other way we will get a warning during build:

../src/core/dbus-util.h:55:13: warning: ‘bus_set_transient_errno’
defined but not used [-Wunused-function]

    int bus_set_transient_##function(

6 years agologin: avoid external process call
Max Harmathy [Fri, 12 Jan 2018 13:16:43 +0000 (14:16 +0100)]
login: avoid external process call

Use a shell builtin of posix shells insteaf of calling 'which'.
See also http://stackoverflow.com/a/677212

6 years agoprocess-util: make our freeze() routine do something useful
Michal Sekletar [Fri, 12 Jan 2018 12:05:48 +0000 (13:05 +0100)]
process-util: make our freeze() routine do something useful

When we crash we freeze() our-self (or possibly we reboot the machine if
that is configured). However, calling pause() is very unhelpful thing to
do. We should at least continue to do what init systems being doing
since 70's and that is reaping zombies. Otherwise zombies start to
accumulate on the system which is a very bad thing. As that can prevent
admin from taking manual steps to reboot the machine in somewhat
graceful manner (e.g. manually stopping services, unmounting data
volumes  and calling reboot -f).

Fixes #7783

6 years agoMerge pull request #7865 from fbuihuu/restore-termination-of-bus-connection-first
Lennart Poettering [Fri, 12 Jan 2018 16:24:56 +0000 (17:24 +0100)]
Merge pull request #7865 from fbuihuu/restore-termination-of-bus-connection-first

Restore termination of bus connection first

6 years agoComment the fact that some tools need to termintate their bus connect first
Franck Bui [Fri, 12 Jan 2018 15:20:36 +0000 (16:20 +0100)]
Comment the fact that some tools need to termintate their bus connect first

6 years agomount: make sure we terminate the bus connection first, and then close the pager
Franck Bui [Fri, 12 Jan 2018 15:11:46 +0000 (16:11 +0100)]
mount: make sure we terminate the bus connection first, and then close the pager

See cf647b69baee4c478d3909c327e3d917e1563f44 commit message for details.

6 years agoRevert "tree-wide: use _cleanup_(sd_bus_flush_close_unrefp) at various appropriate...
Franck Bui [Fri, 12 Jan 2018 15:09:21 +0000 (16:09 +0100)]
Revert "tree-wide: use  _cleanup_(sd_bus_flush_close_unrefp) at various appropriate places"

This reverts commit 0b3c84eb7da3a8c28ac248a68228f6a7edbb2e19.

The removal of _cleanup_() usages was done on purpose, see
cf647b69baee4c478d3909c327e3d917e1563f44.

Fixes: #3543

6 years agosupport LZMA concatenated files
Matthew Thode [Thu, 11 Jan 2018 16:48:43 +0000 (10:48 -0600)]
support LZMA concatenated files

The xz format supports concatenated files, images are sometimes created
and shipped with it to increase compression.

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1742744 is
the source bug for this issue.

6 years agoMerge pull request #7851 from msekletar/dbus-error-logging
Lennart Poettering [Thu, 11 Jan 2018 22:37:04 +0000 (23:37 +0100)]
Merge pull request #7851 from msekletar/dbus-error-logging

dbus: propagate errors from bus_init_system() and bus_init_api()

6 years agobootctl: add newline after printf (#7856)
winnerman-pythian [Thu, 11 Jan 2018 17:01:57 +0000 (12:01 -0500)]
bootctl: add newline after printf (#7856)

Upon error condition, a newline is not printed, leading to the shell prompt jamming against this line.

6 years agoMerge pull request #7833 from keszybz/netdev-relaxed
Lennart Poettering [Thu, 11 Jan 2018 16:14:49 +0000 (17:14 +0100)]
Merge pull request #7833 from keszybz/netdev-relaxed

Avoid spurious warnings about unknown sections in .netdev files

6 years agococci: there's not ENOTSUP, there's only EOPNOTSUPP
Lennart Poettering [Fri, 5 Jan 2018 12:41:33 +0000 (13:41 +0100)]
cocci: there's not ENOTSUP, there's only EOPNOTSUPP

On Linux the former is a compat alias to the latter, and that's really
weird, as inside the kernel the two are distinct. Which means we really
should stay away from it.

6 years agoethtool-util: don't pass fds as pointers if we don't have to
Lennart Poettering [Fri, 5 Jan 2018 12:36:38 +0000 (13:36 +0100)]
ethtool-util: don't pass fds as pointers if we don't have to

Passing them as pointers is just weird, hence don't do it

6 years agoethtool-util: fix weird whitespace
Lennart Poettering [Fri, 5 Jan 2018 12:33:22 +0000 (13:33 +0100)]
ethtool-util: fix weird whitespace

6 years agoethtool-util: order includes properly
Lennart Poettering [Fri, 5 Jan 2018 12:33:10 +0000 (13:33 +0100)]
ethtool-util: order includes properly

6 years agoethtool-util: no need for memcpy() where normal assignment works too
Lennart Poettering [Fri, 5 Jan 2018 12:32:39 +0000 (13:32 +0100)]
ethtool-util: no need for memcpy() where normal assignment works too

6 years agocore: be stricter when handling PID files and MAINPID sd_notify() messages
Lennart Poettering [Fri, 5 Jan 2018 11:20:22 +0000 (12:20 +0100)]
core: be stricter when handling PID files and MAINPID sd_notify() messages

Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.

This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.

When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.

Fixes: #6632

6 years agonotify: add new --uid= command
Lennart Poettering [Fri, 5 Jan 2018 12:26:38 +0000 (13:26 +0100)]
notify: add new --uid= command

The new --uid= switch allows selecting the UID from which the
notificaiton messages shall originate.

This is primarily useful for testing purposes, but might have other
uses.

6 years agosd-dameon: also sent ucred when our UID differs from EUID
Lennart Poettering [Fri, 5 Jan 2018 12:24:58 +0000 (13:24 +0100)]
sd-dameon: also sent ucred when our UID differs from EUID

Let's be explicit, and always send the messages from our UID and never
our EUID. Previously this behaviour was conditionalized only on whether
the PID was specified, which made this non-obvious.

6 years agomanager: make use of pid_is_valid() where appropriate
Lennart Poettering [Fri, 5 Jan 2018 11:19:22 +0000 (12:19 +0100)]
manager: make use of pid_is_valid() where appropriate

6 years agomanager: make use of NEWLINE macro where appropriate
Lennart Poettering [Fri, 5 Jan 2018 11:18:32 +0000 (12:18 +0100)]
manager: make use of NEWLINE macro where appropriate

6 years agodbus-util: properly parse timeout values
Lennart Poettering [Fri, 5 Jan 2018 11:17:35 +0000 (12:17 +0100)]
dbus-util: properly parse timeout values

This makes transient TimeoutStopSec= properties work. After all they are
64bit entitites, not 32bit ones.

6 years agomanager: swap order in which we ellipsize/escape sd_notify() messages for debugging
Lennart Poettering [Thu, 4 Jan 2018 20:00:10 +0000 (21:00 +0100)]
manager: swap order in which we ellipsize/escape sd_notify() messages for debugging

If we have to chose between truncated escape sequences and strings
exploded to 4 times the desried length by fully escaping, prefer the
latter.

It's for debug only, hence doesn't really matter much.

6 years agofs-util: add new chase_symlinks() flag CHASE_OPEN
Lennart Poettering [Thu, 4 Jan 2018 19:00:28 +0000 (20:00 +0100)]
fs-util: add new chase_symlinks() flag CHASE_OPEN

The new flag returns the O_PATH fd of the final component, which may be
converted into a proper fd by open()ing it again through the
/proc/self/fd/xyz path.

Together with O_SAFE this provides us with a somewhat safe way to open()
files in directories potentially owned by unprivileged code, where we
want to refuse operation if any symlink tricks are played pointing to
privileged files.

6 years agofs-util: add new CHASE_SAFE flag to chase_symlinks()
Lennart Poettering [Thu, 4 Jan 2018 18:44:27 +0000 (19:44 +0100)]
fs-util: add new CHASE_SAFE flag to chase_symlinks()

When the flag is specified we won't transition to a privilege-owned
file or directory from an unprivileged-owned one. This is useful when
privileged code wants to load data from a file unprivileged users have
write access to, and validates the ownership, but want's to make sure
that no symlink games are played to read a root-owned system file
belonging to a different context.

6 years agoupdate TODO
Lennart Poettering [Thu, 11 Jan 2018 14:10:29 +0000 (15:10 +0100)]
update TODO

6 years agounit: log when we cannot add a watch on a specific PID
Lennart Poettering [Thu, 11 Jan 2018 14:07:14 +0000 (15:07 +0100)]
unit: log when we cannot add a watch on a specific PID

6 years agonetworkd: initcwn/initwnd use the right parsers
Susant Sahani [Tue, 2 Jan 2018 09:20:15 +0000 (14:50 +0530)]
networkd: initcwn/initwnd use the right parsers

Closes #7765

6 years agohwdb: Add accelerometer orientation entry for Asus TP300LA
Samuel Dionne-Riel [Wed, 27 Dec 2017 20:42:38 +0000 (15:42 -0500)]
hwdb: Add accelerometer orientation entry for Asus TP300LA

6 years agolog: assign the realm to a variable first in log_full_errno_realm()
Lennart Poettering [Thu, 11 Jan 2018 12:15:19 +0000 (13:15 +0100)]
log: assign the realm to a variable first in log_full_errno_realm()

Let's avoid duplicate evaluation (which might have side-effects) and
assign the realm to an internal variable first, as we need it twice.

6 years agolog: rework log_syntax_invalid_utf8() a bit
Lennart Poettering [Thu, 11 Jan 2018 12:13:02 +0000 (13:13 +0100)]
log: rework log_syntax_invalid_utf8() a bit

The macro used utf8.h functions without including that. Let's clean this
up, by moving that code inside of log.c.

Let's also make the call return -EINVAL in all cases. This is in line
with log_oom() which also returns a well-defined error code even though
it doesn#t take one.

6 years agolog: minor modernizations to log_received_signal()
Lennart Poettering [Thu, 11 Jan 2018 12:09:30 +0000 (13:09 +0100)]
log: minor modernizations to log_received_signal()

6 years agoUIDS-GIDS: document early on, that 32bit uids are a linux 2.4 thing
Lennart Poettering [Thu, 11 Jan 2018 12:08:57 +0000 (13:08 +0100)]
UIDS-GIDS: document early on, that 32bit uids are a linux 2.4 thing

6 years agotty-ask-password-agent: add (void) cast to mkdir/mkfifo calls we knowingly ignore
Lennart Poettering [Thu, 11 Jan 2018 12:08:18 +0000 (13:08 +0100)]
tty-ask-password-agent: add (void) cast to mkdir/mkfifo calls we knowingly ignore

6 years agolog: minimize includes in log.h
Lennart Poettering [Wed, 10 Jan 2018 23:39:12 +0000 (00:39 +0100)]
log: minimize includes in log.h

log.h really should only include the bare minimum of other headers, as
it is really pulled into pretty much everything else and already in
itself one of the most basic pieces of code we have.

Let's hence drop inclusion of:

1. sd-id128.h because it's entirely unneeded in current log.h
2. errno.h, dito.
3. sys/signalfd.h which we can replace by a simple struct forward
   declaration
4. process-util.h which was needed for getpid_cached() which we now hide
   in a funciton log_emergency_level() instead, which nicely abstracts
   the details away.
5. sys/socket.h which was needed for struct iovec, but a simple struct
   forward declaration suffices for that too.

Ultimately this actually makes our source tree larger (since users of
the functionality above must now include it themselves, log.h won't do
that for them), but I think it helps to untangle our web of includes a
tiny bit.

(Background: I'd like to isolate the generic bits of src/basic/ enough
so that we can do a git submodule import into casync for it)

6 years agosd-bus: drop bloom stuff, it's not needed anymore since kdbus is gone
Lennart Poettering [Wed, 10 Jan 2018 23:28:49 +0000 (00:28 +0100)]
sd-bus: drop bloom stuff, it's not needed anymore since kdbus is gone

6 years agodbus: propagate errors from bus_init_system() and bus_init_api()
Michal Sekletar [Wed, 10 Jan 2018 16:22:12 +0000 (17:22 +0100)]
dbus: propagate errors from bus_init_system() and bus_init_api()

The aim of this change is to make sure that we properly log about all
D-Bus connection problems. After all, we only ever attempt to get on the
bus if dbus-daemon is around, so any failure in the process should be
treated as an error.

bus_init_system() is only called from bus_init() and in
bus_init() we have a bool flag which governs whether we should attempt
to connect to the system bus or not.
Hence if we are in bus_init_system() then it is clear we got called from
a context where connection to the bus is actually required and therefore
shouldn't be treated as the "best effort" type of operation. Same
applies to bus_init_api().

We make use of those error codes in bus_init() and log high level
message that informs admin about what is going on (and is easy to spot
and makes sense to an end user).

Also "retrying later" bit is actually a lie. We won't retry unless we
are explicitly told to reconnect via SIGUSR1 or re-executed. This is
because bus_init() is always called from the context where dbus-daemon
is already around and hence bus_init() won't be called again from
unit_notify().

Fixes #7782

6 years agobus-socket: slight simplification in bus_get_peercred()
Zbigniew Jędrzejewski-Szmek [Thu, 4 Jan 2018 14:28:57 +0000 (15:28 +0100)]
bus-socket: slight simplification in bus_get_peercred()