Zbigniew Jędrzejewski-Szmek [Fri, 4 Nov 2016 00:27:45 +0000 (20:27 -0400)]
Merge pull request #4548 from keszybz/seccomp-help
systemd-analyze syscall-filter
Kees Cook [Fri, 4 Nov 2016 00:26:59 +0000 (18:26 -0600)]
doc: clarify NoNewPrivileges (#4562)
Setting no_new_privs does not stop UID changes, but rather blocks
gaining privileges through execve(). Also fixes a small typo.
Martin Pitt [Thu, 3 Nov 2016 21:15:33 +0000 (23:15 +0200)]
build-sys: link test-seccomp against seccomp libs (#4560)
Fixes build error on recent toolchains:
../src/test/test-seccomp.c:35: error: undefined reference to 'seccomp_arch_native'
collect2: error: ld returned 1 exit status
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 18:33:49 +0000 (14:33 -0400)]
analyze: fix build w/o seccomp
Lennart Poettering [Thu, 3 Nov 2016 19:59:20 +0000 (13:59 -0600)]
Merge pull request #4510 from keszybz/tree-wide-cleanups
Tree wide cleanups
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 17:16:42 +0000 (13:16 -0400)]
Revert "sd-bus: use PRIu64 instead of casting" (#4556)
This reverts commit
75ead2b753cb9586f3f208326446081baab70da1.
Follow up for #4546:
> @@ -848,8 +848,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {
if (k->src_id == KDBUS_SRC_ID_KERNEL)
bus_message_set_sender_driver(bus, m);
else {
- xsprintf(m->sender_buffer, ":1.%llu",
- (unsigned long long)k->src_id);
+ xsprintf(m->sender_buffer, ":1.%"PRIu64, k->src_id);
This produces:
src/libsystemd/sd-bus/bus-kernel.c: In function ‘bus_kernel_make_message’:
src/libsystemd/sd-bus/bus-kernel.c:851:44: warning: format ‘%lu’ expects argument of type ‘long
unsigned int’, but argument 4 has type ‘__u64 {aka long long unsigned int}’ [-Wformat=]
xsprintf(m->sender_buffer, ":1.%"PRIu64, k->src_id);
^
Lennart Poettering [Thu, 3 Nov 2016 17:16:01 +0000 (11:16 -0600)]
hwdb update for 232 (#4557)
Lennart Poettering [Thu, 3 Nov 2016 14:56:26 +0000 (08:56 -0600)]
final NEWS update for 232 (#4558)
let's get this out today!
Zbigniew Jędrzejewski-Szmek [Wed, 2 Nov 2016 16:24:34 +0000 (12:24 -0400)]
seccomp-util, analyze: export comments as a help string
Just to make the whole thing easier for users.
Zbigniew Jędrzejewski-Szmek [Wed, 2 Nov 2016 16:01:04 +0000 (12:01 -0400)]
seccomp-util: move @default to the first position
Now that the list is user-visible, @default should be first.
Zbigniew Jędrzejewski-Szmek [Wed, 2 Nov 2016 15:58:18 +0000 (11:58 -0400)]
analyze: add syscall-filter verb
This should make it easier for users to understand what each filter
means as the list of syscalls is updated in subsequent systemd versions.
Djalal Harouni [Thu, 3 Nov 2016 10:48:28 +0000 (11:48 +0100)]
Merge pull request #4543 from endocode/djalal/fix-dynamicuser-supplementary-groups
core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is set
Djalal Harouni [Wed, 2 Nov 2016 22:02:28 +0000 (23:02 +0100)]
test: test DynamicUser= with SupplementaryGroups=
Djalal Harouni [Wed, 2 Nov 2016 21:59:41 +0000 (22:59 +0100)]
test: test DynamicUser= with a fixed user
Djalal Harouni [Wed, 2 Nov 2016 21:42:40 +0000 (22:42 +0100)]
core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is set
Make sure that when DynamicUser= is set that we intialize the user
supplementary groups and that we also support SupplementaryGroups=
Fixes: https://github.com/systemd/systemd/issues/4539
Thanks Evgeny Vereshchagin (@evverx)
Lennart Poettering [Thu, 3 Nov 2016 05:06:53 +0000 (23:06 -0600)]
Merge pull request #4547 from keszybz/two-testsuite-tweaks
Two testsuite tweaks
Lennart Poettering [Thu, 3 Nov 2016 04:44:36 +0000 (22:44 -0600)]
Merge pull request #4546 from keszybz/xsprintf-revert
xsprintf revert
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:48:08 +0000 (22:48 -0400)]
parse_hwdb: add import fallback for python2
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:05:48 +0000 (22:05 -0400)]
udev/udev-watch: calculate the real buffer sizes needed
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:05:06 +0000 (22:05 -0400)]
Do not raise in switch root if paths are too long
If we encounter the (unlikely) situation where the combined path to the
new root and a path to a mount to be moved together exceed maximum path length,
we shouldn't crash, but fail this path instead.
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:03:27 +0000 (22:03 -0400)]
sd-bus: use PRIu64 instead of casting
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:02:46 +0000 (22:02 -0400)]
Revert some uses of xsprintf
This reverts some changes introduced in
d054f0a4d4.
xsprintf should be used in cases where we calculated the right buffer
size by hand (using DECIMAL_STRING_MAX and such), and never in cases where
we are printing externally specified strings of arbitrary length.
Fixes #4534.
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 01:03:26 +0000 (21:03 -0400)]
Merge pull request #4481 from poettering/perpetual
Add "perpetual" unit concept, sysctl fixes, networkd fixes, systemctl color fixes, nspawn discard.
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 00:13:27 +0000 (20:13 -0400)]
Merge pull request #4542 from poettering/v232prep
preparation for 232
Lennart Poettering [Wed, 2 Nov 2016 18:05:22 +0000 (12:05 -0600)]
core: make a constant table actually constant
Lennart Poettering [Wed, 2 Nov 2016 18:02:53 +0000 (12:02 -0600)]
core: don't hit an assert when printing status messages about units with overly long description strings
This essentially reverts one part of
d054f0a4d451120c26494263fc4dc175bfd405b1.
(We might also choose to use proper ellipsation here, but I wasn't sure the
memory allocation this requires wouöld be a good idea here...)
Fixes: #4534
Lucas Werkmeister [Thu, 3 Nov 2016 00:10:29 +0000 (01:10 +0100)]
man: fix two typos (is → are) (#4544)
Lennart Poettering [Wed, 2 Nov 2016 22:29:04 +0000 (16:29 -0600)]
Merge pull request #4456 from keszybz/stored-fds
Preserve stored fds over service restart
Lucas Werkmeister [Wed, 2 Nov 2016 22:12:03 +0000 (23:12 +0100)]
systemctl: fix incorrect "need reload" on cat (#4535)
Reported by @evverx in #4493.
Lennart Poettering [Wed, 2 Nov 2016 22:09:59 +0000 (16:09 -0600)]
Merge pull request #4483 from poettering/exec-order
more seccomp fixes, and change of order of selinux/aa/smack and seccomp application on exec
Lennart Poettering [Wed, 2 Nov 2016 22:04:40 +0000 (16:04 -0600)]
build-sys: bump package and library version in preparation for v232
Lennart Poettering [Wed, 2 Nov 2016 22:02:12 +0000 (16:02 -0600)]
add two additional entries to NEWS
Lennart Poettering [Wed, 2 Nov 2016 21:52:57 +0000 (15:52 -0600)]
NEWS: add contributor list to news file
Unfortunately, github drops the original commiter when a PR is "squashed" (even
if it is only a single commit) and replaces it with some rubbish
github-specific user id. Thus, to make the contributors list somewhat useful,
update the .mailmap file and undo all the weirdness github applied there.
Zbigniew Jędrzejewski-Szmek [Wed, 2 Nov 2016 19:00:54 +0000 (15:00 -0400)]
pid1: fix fd memleak when we hit FileDescriptorStoreMax limit
Since service_add_fd_store() already does the check, remove the redundant check
from service_add_fd_store_set().
Also, print a warning when repopulating FDStore after daemon-reexec and we hit
the limit. This is a user visible issue, so we should not discard fds silently.
(Note that service_deserialize_item is impacted by the return value from
service_add_fd_store(), but we rely on the general error message, so the caller
does not need to be modified, and does not show up in the diff.)
Lennart Poettering [Wed, 2 Nov 2016 17:38:12 +0000 (11:38 -0600)]
core: change mount_synthesize_root() return to int
Let's propagate the error here, instead of eating it up early.
In a later change we should probably also change mount_enumerate() to propagate
errors up, but that would mean we'd have to change the unit vtable, and thus
change all unit types, hence is quite an invasive change.
Lennart Poettering [Tue, 25 Oct 2016 10:08:43 +0000 (12:08 +0200)]
networkd: flush DNSSL/RDNSS lists when we lose carrier
Fixes: #3870
Lennart Poettering [Tue, 25 Oct 2016 10:08:24 +0000 (12:08 +0200)]
netword: minor memory leak fix
Lennart Poettering [Tue, 25 Oct 2016 09:39:09 +0000 (11:39 +0200)]
nspawn: if we set up a loopback device, try to mount it with "discard"
Let's make sure that our loopback files remain sparse, hence let's set
"discard" as mount option on file systems that support it if the backing device
is a loopback.
Lennart Poettering [Tue, 25 Oct 2016 09:06:47 +0000 (11:06 +0200)]
systemctl: tweak the "systemctl list-units" output a bit
Make the underlining between the header and the body and between the units of
different types span the whole width of the table.
Let's never make the table wider than necessary (which is relevant due the
above).
When space is limited and we can't show the full ID or description string
prefer showing the full ID over the full description. The ID is after all
something people might want to copy/paste, while the description is mostly just
helpful decoration.
Lennart Poettering [Tue, 25 Oct 2016 08:00:06 +0000 (10:00 +0200)]
systemctl: properly turn off color after active column
If we turn on red color for the active column and it is not combined with
underlining, then we need to turn it off explicitly afterwards. Do that.
Lennart Poettering [Tue, 25 Oct 2016 07:27:39 +0000 (09:27 +0200)]
sysctl: minor simplification
Let's place only one ternary operator.
Lennart Poettering [Tue, 25 Oct 2016 07:26:31 +0000 (09:26 +0200)]
sysctl: no need to check for eof twice
Let's only check for eof once after the fgets(). There's no point in checking
EOF before the first read, and twice in each loop.
Lennart Poettering [Tue, 25 Oct 2016 07:26:10 +0000 (09:26 +0200)]
sysctl: when failing to process a config line, show line nr
Lennart Poettering [Tue, 25 Oct 2016 07:25:21 +0000 (09:25 +0200)]
sysctl: split out condition check into its own function
This way, we can get rid of a label/goto.
Lennart Poettering [Tue, 25 Oct 2016 07:22:22 +0000 (09:22 +0200)]
sysctl: do not fail systemd-sysctl.service if /proc/sys is mounted read-only
Let's make missing write access to /proc/sys non-fatal to the sysctl service.
This is a follow-up to
411e869f497c7c7bd0688f1e3500f9043bc56e48 which altered
the condition for running the sysctl service to check for /proc/sys/net being
writable, accepting that /proc/sys might be read-only. In order to ensure the
boot-up stays clean in containers lower the log level for the EROFS errors
generated due to this.
Lennart Poettering [Mon, 24 Oct 2016 22:29:05 +0000 (00:29 +0200)]
unit: unify some code with new unit_new_for_name() call
Lennart Poettering [Mon, 24 Oct 2016 22:04:55 +0000 (00:04 +0200)]
core: make the root mount perpetual too
Now that have a proper concept of "perpetual" units, let's make the root mount
one too, since it also cannot go away.
Lennart Poettering [Mon, 24 Oct 2016 19:41:54 +0000 (21:41 +0200)]
core: rework the "no_gc" unit flag to become a more generic "perpetual" flag
So far "no_gc" was set on -.slice and init.scope, to units that are always
running, cannot be stopped and never exist in an "inactive" state. Since these
units are the only users of this flag, let's remodel it and rename it
"perpetual" and let's derive more funcitonality off it. Specifically, refuse
enqueing stop jobs for these units, and report that they are "unstoppable" in
the CanStop bus property.
Djalal Harouni [Wed, 2 Nov 2016 16:51:35 +0000 (17:51 +0100)]
core: initialize groups list before checking SupplementaryGroups= of a unit (#4533)
Always initialize the supplementary groups of caller before checking the
unit SupplementaryGroups= option.
Fixes https://github.com/systemd/systemd/issues/4531
Lennart Poettering [Wed, 2 Nov 2016 02:30:11 +0000 (20:30 -0600)]
tests: make sure tests pass when invoked in "sudo"
This is a follow-up for
6309e51ea32d64524431ee65c49eecd44390da8f and makes sure
we compare test results with the right user identifier.
Lennart Poettering [Tue, 25 Oct 2016 14:08:38 +0000 (16:08 +0200)]
man: document that too strict system call filters may affect the service manager
If execve() or socket() is filtered the service manager might get into trouble
executing the service binary, or handling any failures when this fails. Mention
this in the documentation.
The other option would be to implicitly whitelist all system calls that are
required for these codepaths. However, that appears less than desirable as this
would mean socket() and many related calls have to be whitelisted
unconditionally. As writing system call filters requires a certain level of
expertise anyway it sounds like the better option to simply document these
issues and suggest that the user disables system call filters in the service
temporarily in order to debug any such failures.
See: #3993.
Lennart Poettering [Tue, 25 Oct 2016 13:52:54 +0000 (15:52 +0200)]
execute: apply seccomp filters after changing selinux/aa/smack contexts
Seccomp is generally an unprivileged operation, changing security contexts is
most likely associated with some form of policy. Moreover, while seccomp may
influence our own flow of code quite a bit (much more than the security context
change) make sure to apply the seccomp filters immediately before executing the
binary to invoke.
This also moves enforcement of NNP after the security context change, so that
NNP cannot affect it anymore. (However, the security policy now has to permit
the NNP change).
This change has a good chance of breaking current SELinux/AA/SMACK setups, because
the policy might not expect this change of behaviour. However, it's technically
the better choice I think and should hence be applied.
Fixes: #3993
Lennart Poettering [Wed, 2 Nov 2016 14:46:18 +0000 (08:46 -0600)]
seccomp: add two new syscall groups
@resources contains various syscalls that alter resource limits and memory and
scheduling parameters of processes. As such they are good candidates to block
for most services.
@basic-io contains a number of basic syscalls for I/O, similar to the list
seccomp v1 permitted but slightly more complete. It should be useful for
building basic whitelisting for minimal sandboxes
Lennart Poettering [Tue, 25 Oct 2016 13:44:54 +0000 (15:44 +0200)]
man: two minor fixes
Lennart Poettering [Tue, 25 Oct 2016 13:43:31 +0000 (15:43 +0200)]
seccomp: include pipes and memfd in @ipc
These system calls clearly fall in the @ipc category, hence should be listed
there, simply to avoid confusion and surprise by the user.
Lennart Poettering [Tue, 25 Oct 2016 13:42:10 +0000 (15:42 +0200)]
seccomp: drop execve() from @process list
The system call is already part in @default hence implicitly allowed anyway.
Also, if it is actually blocked then systemd couldn't execute the service in
question anymore, since the application of seccomp is immediately followed by
it.
Lennart Poettering [Tue, 25 Oct 2016 13:38:36 +0000 (15:38 +0200)]
seccomp: add clock query and sleeping syscalls to "@default" group
Timing and sleep are so basic operations, it makes very little sense to ever
block them, hence don't.
Lennart Poettering [Tue, 25 Oct 2016 10:43:53 +0000 (12:43 +0200)]
update TODO
Jiří Pírko [Wed, 2 Nov 2016 02:46:01 +0000 (03:46 +0100)]
udev: net_id: add support for phys_port_name attribute (#4506)
Switch drivers uses phys_port_name attribute to pass front panel port
name to user. Use it to generate netdev names.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Evgeny Vereshchagin [Thu, 20 Oct 2016 13:18:12 +0000 (13:18 +0000)]
tests: add test that journald keeps fds over termination by signal
This test fails before previous commit, and passes with it.
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 02:16:02 +0000 (22:16 -0400)]
core: when restarting services, don't close fds
We would close all the stored fds in service_release_resources(), which of
course broke the whole concept of storing fds over service restart.
Fixes #4408.
Zbigniew Jędrzejewski-Szmek [Tue, 1 Nov 2016 15:33:18 +0000 (11:33 -0400)]
seccomp: allow specifying arm64, mips, ppc (#4491)
"Secondary arch" table for mips is entirely speculative…
Brian J. Murrell [Tue, 1 Nov 2016 03:48:00 +0000 (23:48 -0400)]
Recognise Lustre as a remote file system (#4530)
Lustre is also a remote file system that wants the network to be up before it is mounted.
Zbigniew Jędrzejewski-Szmek [Mon, 31 Oct 2016 17:16:44 +0000 (13:16 -0400)]
test-compression: allow the file to compress to be specified
I'm seeing strange decompression errors with lz4, which
might be content-dependent. Extend test-compression to allow
testing specific content.
(Edit: PEBKAC: lzcat and lz4cat are not the same beast.
Nevertheless, the test might still be useful in the future.)
Jakub Wilk [Mon, 31 Oct 2016 12:08:08 +0000 (13:08 +0100)]
man: fix typos (#4527)
George Hilliard [Sun, 30 Oct 2016 14:25:31 +0000 (09:25 -0500)]
Implement VeraCrypt volume handling in crypttab (#4501)
This introduces a new option, `tcrypt-veracrypt`, that sets the
corresponding VeraCrypt flag in the flags passed to cryptsetup.
Zbigniew Jędrzejewski-Szmek [Sun, 30 Oct 2016 14:21:29 +0000 (10:21 -0400)]
tests: clarify test_path_startswith return value (#4508)
A pendant for #4481.
Zbigniew Jędrzejewski-Szmek [Sun, 30 Oct 2016 01:11:05 +0000 (21:11 -0400)]
Merge pull request #4520 from lucaswerkmeister/systemd-escape-man
systemd-escape manpage improvements
Lucas Werkmeister [Sun, 30 Oct 2016 00:44:07 +0000 (02:44 +0200)]
man: make systemd-escape examples more consistent
The first example wasn't phrased with "To ..." as the other three are,
and the last example was lacking the colon.
Lucas Werkmeister [Sun, 30 Oct 2016 00:43:17 +0000 (02:43 +0200)]
man: add missing period
Lucas Werkmeister [Sun, 30 Oct 2016 00:42:22 +0000 (02:42 +0200)]
man: improve systemd-escape --path description
The option does more than the documentation gave it credit for.
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 00:32:59 +0000 (20:32 -0400)]
man: add a note that FDSTORE=1 requires epoll-compatible fds
Let's say that this was not obvious from our man page.
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 00:01:37 +0000 (20:01 -0400)]
pid1: nicely log when doing operation on stored fds
Should help with debugging #4408.
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 22:53:24 +0000 (18:53 -0400)]
pid1: only log about added fd if it was really added
If it was a duplicate, log nothing.
Daniel Mack [Fri, 28 Oct 2016 17:03:01 +0000 (19:03 +0200)]
.gitignore: ignore precompiled GCC headers (#4516)
Not sure since when this is the default behavior, but my local tree is full
of such files. Let's ignore them for clarity.
Djalal Harouni [Fri, 28 Oct 2016 13:41:07 +0000 (15:41 +0200)]
Merge pull request #4495 from topimiettinen/block-shmat-exec
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
Martin Pitt [Fri, 28 Oct 2016 13:35:29 +0000 (15:35 +0200)]
Merge pull request #4458 from keszybz/man-nonewprivileges
Document NoNewPrivileges default value
Michal Sekletar [Fri, 28 Oct 2016 10:09:14 +0000 (12:09 +0200)]
udev: allow substitutions for SECLABEL key (#4505)
Lucas Werkmeister [Thu, 27 Oct 2016 13:28:10 +0000 (15:28 +0200)]
systemctl: warn when cat shows changed unit files (#4493)
Suggested by @keszybz in #4488.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Oct 2016 13:17:14 +0000 (09:17 -0400)]
Merge pull request #4485 from endocode/djalal/portable-branch-v1
core: improve mount namespace and working directory setup
Evgeny Vereshchagin [Thu, 27 Oct 2016 10:16:16 +0000 (13:16 +0300)]
Merge pull request #4442 from keszybz/detect-virt-userns
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
Djalal Harouni [Thu, 27 Oct 2016 07:39:20 +0000 (09:39 +0200)]
core: make unit argument const for apply seccomp functions
Djalal Harouni [Tue, 25 Oct 2016 14:24:35 +0000 (16:24 +0200)]
core: lets apply working directory just after mount namespaces
This makes applying groups after applying the working directory, this
may allow some flexibility but at same it is not a big deal since we
don't execute or do anything between applying working directory and
droping groups.
Djalal Harouni [Thu, 27 Oct 2016 07:28:54 +0000 (09:28 +0200)]
core: get the working directory value inside apply_working_directory()
Improve apply_working_directory() and lets get the current working directory
inside of it.
Djalal Harouni [Thu, 27 Oct 2016 07:21:44 +0000 (09:21 +0200)]
core: move apply working directory code into its own apply_working_directory()
Djalal Harouni [Thu, 27 Oct 2016 07:20:18 +0000 (09:20 +0200)]
core: move the code that setups namespaces on its own function
Thomas H. P. Andersen [Thu, 27 Oct 2016 01:22:26 +0000 (03:22 +0200)]
hwdb: fix error check of wrong variable (#4499)
We updated 'fn' but checked 'v' instead.
From
698c5a17
Spotted with PVS
Zbigniew Jędrzejewski-Szmek [Thu, 27 Oct 2016 00:26:32 +0000 (20:26 -0400)]
Merge pull request #4448 from msoltyspl/vcfix
Fix some formatting details in the merge.
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 03:00:38 +0000 (23:00 -0400)]
units: disable /dev/hugepages in private user namespaces
The mount fails, even though CAP_SYS_ADMIN is granted.
Zbigniew Jędrzejewski-Szmek [Tue, 25 Oct 2016 02:53:07 +0000 (22:53 -0400)]
condition: simplify condition_test_virtualization
Rewrite the function to be slightly simpler. In particular, if a specific
match is found (like ConditionVirtualization=yes), simply return an answer
immediately, instead of relying that "yes" will not be matched by any of
the virtualization names below.
No functional change.
Zbigniew Jędrzejewski-Szmek [Mon, 24 Oct 2016 23:17:50 +0000 (19:17 -0400)]
test-tables: test ConditionVirtualization
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 02:56:58 +0000 (22:56 -0400)]
shared/condition: add ConditionVirtualization=[!]private-users
This can be useful to silence warnings about units which fail in userns
container.
Zbigniew Jędrzejewski-Szmek [Fri, 21 Oct 2016 03:41:21 +0000 (23:41 -0400)]
detect-virt: add --private-users switch to check if a userns is active
Various things don't work when we're running in a user namespace, but it's
pretty hard to reliably detect if that is true.
A function is added which looks at /proc/self/uid_map and returns false
if the default "0 0 UINT32_MAX" is found, and true if it finds anything else.
This misses the case where an 1:1 mapping with the full range was used, but
I don't know how to distinguish this case.
'systemd-detect-virt --private-users' is very similar to
'systemd-detect-virt --chroot', but we check for a user namespace instead.
Thomas H. P. Andersen [Wed, 26 Oct 2016 23:40:25 +0000 (01:40 +0200)]
gitignore: add test-seccomp (#4498)
Susant Sahani [Wed, 26 Oct 2016 23:31:04 +0000 (05:01 +0530)]
networkd : verify dns ip address when parsing configuration (#4492)
Invalid IP addresses would be passed through as-is:
$ networkctl status wlp3s0:
● 2: wlp3s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/wlp3s0.network
Type: wlan
State: routable (configured)
Path: pci-0000:03:00.0
Driver: iwlwifi
Vendor: Intel Corporation
Model: Centrino Advanced-N 6205 [Taylor Peak] (Centrino Advanced-N 6205 AGN)
HW Address: XXXXXXXXXX (Intel Corporate)
Address: 192.168.2.103
XXXXXXXXXXX
Gateway: 192.168.2.1 (Arcadyan Technology Corporation)
DNS: 127.0.0.5553
Instead verify that DNS= has a valid list of addresses when parsing configuration.
Fixes #4462.
Michal Soltys [Wed, 26 Oct 2016 23:21:02 +0000 (01:21 +0200)]
vconsole: manual update (#4021)
To more correctly reflect current behaviour as well as to provide
a few more details.
Topi Miettinen [Wed, 26 Oct 2016 15:52:53 +0000 (18:52 +0300)]
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
shmat(..., SHM_EXEC) can be used to create writable and executable
memory, so let's block it when MemoryDenyWriteExecute is set.
Michal Soltys [Wed, 12 Oct 2016 16:20:50 +0000 (18:20 +0200)]
vconsole: setup_remaining_vcs() - more sanity checks
Check if values filled up by KD_FONT_OP_GET ioctl make sense -
dummy driver for example doesn't implement required functionality
at all.
Lucas Werkmeister [Wed, 26 Oct 2016 00:40:21 +0000 (02:40 +0200)]
man: document that systemctl cat shows file content (#4488)
... and that that content might be outdated.
Evgeny Vereshchagin [Tue, 25 Oct 2016 23:39:48 +0000 (02:39 +0300)]
build-sys/autogen: don't use bashisms (#4489)
Fixes:
$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Feb 17 2016 /bin/sh -> dash
$ ./autogen.sh c
./autogen.sh: 22: ./autogen.sh: [[: not found
...
checking whether make supports nested variables... (cached) yes
checking build system type... Invalid configuration `c': machine `c' not
recognized
configure: error: /bin/bash build-aux/config.sub c failed
this is a follow-up for
a5e739a570081231