platform/upstream/systemd.git
8 years agocore: rework the "no_gc" unit flag to become a more generic "perpetual" flag
Lennart Poettering [Mon, 24 Oct 2016 19:41:54 +0000 (21:41 +0200)]
core: rework the "no_gc" unit flag to become a more generic "perpetual" flag

So far "no_gc" was set on -.slice and init.scope, to units that are always
running, cannot be stopped and never exist in an "inactive" state. Since these
units are the only users of this flag, let's remodel it and rename it
"perpetual" and let's derive more funcitonality off it. Specifically, refuse
enqueing stop jobs for these units, and report that they are "unstoppable" in
the CanStop bus property.

8 years agocore: initialize groups list before checking SupplementaryGroups= of a unit (#4533)
Djalal Harouni [Wed, 2 Nov 2016 16:51:35 +0000 (17:51 +0100)]
core: initialize groups list before checking SupplementaryGroups= of a unit (#4533)

Always initialize the supplementary groups of caller before checking the
unit SupplementaryGroups= option.

Fixes https://github.com/systemd/systemd/issues/4531

8 years agoudev: net_id: add support for phys_port_name attribute (#4506)
Jiří Pírko [Wed, 2 Nov 2016 02:46:01 +0000 (03:46 +0100)]
udev: net_id: add support for phys_port_name attribute (#4506)

Switch drivers uses phys_port_name attribute to pass front panel port
name to user. Use it to generate netdev names.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
8 years agoseccomp: allow specifying arm64, mips, ppc (#4491)
Zbigniew Jędrzejewski-Szmek [Tue, 1 Nov 2016 15:33:18 +0000 (11:33 -0400)]
seccomp: allow specifying arm64, mips, ppc (#4491)

"Secondary arch" table for mips is entirely speculative…

8 years agoRecognise Lustre as a remote file system (#4530)
Brian J. Murrell [Tue, 1 Nov 2016 03:48:00 +0000 (23:48 -0400)]
Recognise Lustre as a remote file system (#4530)

Lustre is also a remote file system that wants the network to be up before it is mounted.

8 years agoman: fix typos (#4527)
Jakub Wilk [Mon, 31 Oct 2016 12:08:08 +0000 (13:08 +0100)]
man: fix typos (#4527)

8 years agoImplement VeraCrypt volume handling in crypttab (#4501)
George Hilliard [Sun, 30 Oct 2016 14:25:31 +0000 (09:25 -0500)]
Implement VeraCrypt volume handling in crypttab (#4501)

This introduces a new option, `tcrypt-veracrypt`, that sets the
corresponding VeraCrypt flag in the flags passed to cryptsetup.

8 years agotests: clarify test_path_startswith return value (#4508)
Zbigniew Jędrzejewski-Szmek [Sun, 30 Oct 2016 14:21:29 +0000 (10:21 -0400)]
tests: clarify test_path_startswith return value (#4508)

A pendant for #4481.

8 years agoMerge pull request #4520 from lucaswerkmeister/systemd-escape-man
Zbigniew Jędrzejewski-Szmek [Sun, 30 Oct 2016 01:11:05 +0000 (21:11 -0400)]
Merge pull request #4520 from lucaswerkmeister/systemd-escape-man

systemd-escape manpage improvements

8 years agoman: make systemd-escape examples more consistent
Lucas Werkmeister [Sun, 30 Oct 2016 00:44:07 +0000 (02:44 +0200)]
man: make systemd-escape examples more consistent

The first example wasn't phrased with "To ..." as the other three are,
and the last example was lacking the colon.

8 years agoman: add missing period
Lucas Werkmeister [Sun, 30 Oct 2016 00:43:17 +0000 (02:43 +0200)]
man: add missing period

8 years agoman: improve systemd-escape --path description
Lucas Werkmeister [Sun, 30 Oct 2016 00:42:22 +0000 (02:42 +0200)]
man: improve systemd-escape --path description

The option does more than the documentation gave it credit for.

8 years ago.gitignore: ignore precompiled GCC headers (#4516)
Daniel Mack [Fri, 28 Oct 2016 17:03:01 +0000 (19:03 +0200)]
.gitignore: ignore precompiled GCC headers (#4516)

Not sure since when this is the default behavior, but my local tree is full
of such files. Let's ignore them for clarity.

8 years agoMerge pull request #4495 from topimiettinen/block-shmat-exec
Djalal Harouni [Fri, 28 Oct 2016 13:41:07 +0000 (15:41 +0200)]
Merge pull request #4495 from topimiettinen/block-shmat-exec

seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute

8 years agoMerge pull request #4458 from keszybz/man-nonewprivileges
Martin Pitt [Fri, 28 Oct 2016 13:35:29 +0000 (15:35 +0200)]
Merge pull request #4458 from keszybz/man-nonewprivileges

Document NoNewPrivileges default value

8 years agoudev: allow substitutions for SECLABEL key (#4505)
Michal Sekletar [Fri, 28 Oct 2016 10:09:14 +0000 (12:09 +0200)]
udev: allow substitutions for SECLABEL key (#4505)

8 years agosystemctl: warn when cat shows changed unit files (#4493)
Lucas Werkmeister [Thu, 27 Oct 2016 13:28:10 +0000 (15:28 +0200)]
systemctl: warn when cat shows changed unit files (#4493)

Suggested by @keszybz in #4488.

8 years agoMerge pull request #4485 from endocode/djalal/portable-branch-v1
Zbigniew Jędrzejewski-Szmek [Thu, 27 Oct 2016 13:17:14 +0000 (09:17 -0400)]
Merge pull request #4485 from endocode/djalal/portable-branch-v1

core: improve mount namespace and working directory setup

8 years agoMerge pull request #4442 from keszybz/detect-virt-userns
Evgeny Vereshchagin [Thu, 27 Oct 2016 10:16:16 +0000 (13:16 +0300)]
Merge pull request #4442 from keszybz/detect-virt-userns

detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users

8 years agocore: make unit argument const for apply seccomp functions
Djalal Harouni [Thu, 27 Oct 2016 07:39:20 +0000 (09:39 +0200)]
core: make unit argument const for apply seccomp functions

8 years agocore: lets apply working directory just after mount namespaces
Djalal Harouni [Tue, 25 Oct 2016 14:24:35 +0000 (16:24 +0200)]
core: lets apply working directory just after mount namespaces

This makes applying groups after applying the working directory, this
may allow some flexibility but at same it is not a big deal since we
don't execute or do anything between applying working directory and
droping groups.

8 years agocore: get the working directory value inside apply_working_directory()
Djalal Harouni [Thu, 27 Oct 2016 07:28:54 +0000 (09:28 +0200)]
core: get the working directory value inside apply_working_directory()

Improve apply_working_directory() and lets get the current working directory
inside of it.

8 years agocore: move apply working directory code into its own apply_working_directory()
Djalal Harouni [Thu, 27 Oct 2016 07:21:44 +0000 (09:21 +0200)]
core: move apply working directory code into its own apply_working_directory()

8 years agocore: move the code that setups namespaces on its own function
Djalal Harouni [Thu, 27 Oct 2016 07:20:18 +0000 (09:20 +0200)]
core: move the code that setups namespaces on its own function

8 years agohwdb: fix error check of wrong variable (#4499)
Thomas H. P. Andersen [Thu, 27 Oct 2016 01:22:26 +0000 (03:22 +0200)]
hwdb: fix error check of wrong variable (#4499)

We updated 'fn' but checked 'v' instead.

From 698c5a17

Spotted with PVS

8 years agoMerge pull request #4448 from msoltyspl/vcfix
Zbigniew Jędrzejewski-Szmek [Thu, 27 Oct 2016 00:26:32 +0000 (20:26 -0400)]
Merge pull request #4448 from msoltyspl/vcfix

Fix some formatting details in the merge.

8 years agounits: disable /dev/hugepages in private user namespaces
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 03:00:38 +0000 (23:00 -0400)]
units: disable /dev/hugepages in private user namespaces

The mount fails, even though CAP_SYS_ADMIN is granted.

8 years agocondition: simplify condition_test_virtualization
Zbigniew Jędrzejewski-Szmek [Tue, 25 Oct 2016 02:53:07 +0000 (22:53 -0400)]
condition: simplify condition_test_virtualization

Rewrite the function to be slightly simpler. In particular, if a specific
match is found (like ConditionVirtualization=yes), simply return an answer
immediately, instead of relying that "yes" will not be matched by any of
the virtualization names below.

No functional change.

8 years agotest-tables: test ConditionVirtualization
Zbigniew Jędrzejewski-Szmek [Mon, 24 Oct 2016 23:17:50 +0000 (19:17 -0400)]
test-tables: test ConditionVirtualization

8 years agoshared/condition: add ConditionVirtualization=[!]private-users
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 02:56:58 +0000 (22:56 -0400)]
shared/condition: add ConditionVirtualization=[!]private-users

This can be useful to silence warnings about units which fail in userns
container.

8 years agodetect-virt: add --private-users switch to check if a userns is active
Zbigniew Jędrzejewski-Szmek [Fri, 21 Oct 2016 03:41:21 +0000 (23:41 -0400)]
detect-virt: add --private-users switch to check if a userns is active

Various things don't work when we're running in a user namespace, but it's
pretty hard to reliably detect if that is true.

A function is added which looks at /proc/self/uid_map and returns false
if the default "0 0 UINT32_MAX" is found, and true if it finds anything else.
This misses the case where an 1:1 mapping with the full range was used, but
I don't know how to distinguish this case.

'systemd-detect-virt --private-users' is very similar to
'systemd-detect-virt --chroot', but we check for a user namespace instead.

8 years agogitignore: add test-seccomp (#4498)
Thomas H. P. Andersen [Wed, 26 Oct 2016 23:40:25 +0000 (01:40 +0200)]
gitignore: add test-seccomp (#4498)

8 years agonetworkd : verify dns ip address when parsing configuration (#4492)
Susant Sahani [Wed, 26 Oct 2016 23:31:04 +0000 (05:01 +0530)]
networkd : verify dns ip address when parsing configuration (#4492)

Invalid IP addresses would be passed through as-is:
$ networkctl status wlp3s0:
● 2: wlp3s0
       Link File: /usr/lib/systemd/network/99-default.link
    Network File: /etc/systemd/network/wlp3s0.network
            Type: wlan
           State: routable (configured)
            Path: pci-0000:03:00.0
          Driver: iwlwifi
          Vendor: Intel Corporation
           Model: Centrino Advanced-N 6205 [Taylor Peak] (Centrino Advanced-N 6205 AGN)
      HW Address: XXXXXXXXXX (Intel Corporate)
         Address: 192.168.2.103
                  XXXXXXXXXXX
         Gateway: 192.168.2.1 (Arcadyan Technology Corporation)
             DNS: 127.0.0.5553

Instead verify that DNS= has a valid list of addresses when parsing configuration.

Fixes #4462.

8 years agovconsole: manual update (#4021)
Michal Soltys [Wed, 26 Oct 2016 23:21:02 +0000 (01:21 +0200)]
vconsole: manual update (#4021)

To more correctly reflect current behaviour as well as to provide
a few more details.

8 years agoseccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
Topi Miettinen [Wed, 26 Oct 2016 15:52:53 +0000 (18:52 +0300)]
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute

shmat(..., SHM_EXEC) can be used to create writable and executable
memory, so let's block it when MemoryDenyWriteExecute is set.

8 years agovconsole: setup_remaining_vcs() - more sanity checks
Michal Soltys [Wed, 12 Oct 2016 16:20:50 +0000 (18:20 +0200)]
vconsole: setup_remaining_vcs() - more sanity checks

Check if values filled up by KD_FONT_OP_GET ioctl make sense -
dummy driver for example doesn't implement required functionality
at all.

8 years agoman: document that systemctl cat shows file content (#4488)
Lucas Werkmeister [Wed, 26 Oct 2016 00:40:21 +0000 (02:40 +0200)]
man: document that systemctl cat shows file content (#4488)

... and that that content might be outdated.

8 years agobuild-sys/autogen: don't use bashisms (#4489)
Evgeny Vereshchagin [Tue, 25 Oct 2016 23:39:48 +0000 (02:39 +0300)]
build-sys/autogen: don't use bashisms (#4489)

Fixes:
$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Feb 17  2016 /bin/sh -> dash

$ ./autogen.sh c
./autogen.sh: 22: ./autogen.sh: [[: not found
...
checking whether make supports nested variables... (cached) yes
checking build system type... Invalid configuration `c': machine `c' not
recognized
configure: error: /bin/bash build-aux/config.sub c failed

this is a follow-up for a5e739a570081231

8 years agoMerge pull request #4476 from poettering/systemctl-free
Martin Pitt [Tue, 25 Oct 2016 18:59:24 +0000 (20:59 +0200)]
Merge pull request #4476 from poettering/systemctl-free

two minor systemctl memleak fixes

8 years agotest: skip exec tests when inaccessible dir is unavailable
Dongsu Park [Tue, 25 Oct 2016 12:51:01 +0000 (14:51 +0200)]
test: skip exec tests when inaccessible dir is unavailable

In case of running test-execute on systems with systemd < v232, several
tests like privatedevices or protectkernelmodules fail because
/run/systemd/inaccessible/ doesn't exist. In these cases, we should skip
tests to avoid unnecessary errors.

See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566

8 years agosystemctl: fix two minor memory leaks in --wait handling
Lennart Poettering [Mon, 24 Oct 2016 18:06:22 +0000 (20:06 +0200)]
systemctl: fix two minor memory leaks in --wait handling

(Also, let's not use the binary |= operator on "bool" variables).

Fix-up for 93a0884126146361ca078ec627da2cf766205a1c.

8 years agoupdate NEWS file a bit more
Lennart Poettering [Mon, 24 Oct 2016 18:06:03 +0000 (20:06 +0200)]
update NEWS file a bit more

8 years agoMerge pull request #4474 from poettering/nsswitch
Martin Pitt [Tue, 25 Oct 2016 06:13:07 +0000 (08:13 +0200)]
Merge pull request #4474 from poettering/nsswitch

various nss module/resolved fixes

8 years agoman: document the default value of NoNewPrivileges=
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 03:41:45 +0000 (23:41 -0400)]
man: document the default value of NoNewPrivileges=

Fixes #4329.

8 years agoMerge pull request #4450 from poettering/seccompfixes
Zbigniew Jędrzejewski-Szmek [Tue, 25 Oct 2016 00:23:21 +0000 (20:23 -0400)]
Merge pull request #4450 from poettering/seccompfixes

Various seccomp fixes and NEWS update.

8 years agoman: Fix event source priority enum names in synopsis (#4478)
Martin Ejdestig [Mon, 24 Oct 2016 22:30:26 +0000 (00:30 +0200)]
man: Fix event source priority enum names in synopsis (#4478)

8 years agoMerge pull request #4477 from poettering/enumerate-load-fix
Lennart Poettering [Mon, 24 Oct 2016 21:48:48 +0000 (23:48 +0200)]
Merge pull request #4477 from poettering/enumerate-load-fix

Properly synthesize -.slice and init.scope

8 years agonetworkd: fix mixup of bond options (#4470)
Benjamin Richter [Mon, 24 Oct 2016 19:24:47 +0000 (21:24 +0200)]
networkd: fix mixup of bond options (#4470)

8 years agocore: drop -.slice from shipped units
Lennart Poettering [Mon, 24 Oct 2016 18:49:48 +0000 (20:49 +0200)]
core: drop -.slice from shipped units

Since this unit is synthesized anyway there's no point in actually shipping it
on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *"
won't be confused by the leading dash of the file name anymore.

8 years agocore: move initialization of -.slice and init.scope into the unit_load() callbacks
Lennart Poettering [Mon, 24 Oct 2016 18:37:54 +0000 (20:37 +0200)]
core: move initialization of -.slice and init.scope into the unit_load() callbacks

Previously, we'd synthesize the root slice unit and the init scope unit in the
enumerator callbacks for the unit type. This is problematic if either of them
is already referenced from a unit that is loaded as result of another unit
type's enumerator logic.

Let's clean this up and simply create the two objects from the enumerator
callbacks, if they are not around yet. Do the actual filling in of the settings
from the unit_load() callbacks, to match how other units are loaded.

Fixes: #4322

8 years agoman: sync up the suggested nsswitch.conf configuration for our four NSS modules
Lennart Poettering [Mon, 24 Oct 2016 16:58:03 +0000 (18:58 +0200)]
man: sync up the suggested nsswitch.conf configuration for our four NSS modules

This unifies the suggested nsswitch.conf configuration for our four NSS modules to this:

    hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

Note that this restores "myhostname" to the suggested configuration of
nss-resolve for the time being, undoing 4484e1792b64b01614f04b7bde97bf019f601bf9.

"myhostname" should probably be dropped eventually, but when we do this we
should do it in full, and not only drop it from the suggested nsswitch.conf
for one of the modules, but also drop it in source and stop referring to it
altogether.

Note that nss-resolve doesn't replace nss-myhostname in full: the former only
works if D-Bus/resolved is available for resolving the local hostname, the
latter works in all cases even if D-Bus or resolved are not in operation, hence
there's some value in keeping the line as it is right now. Note that neither
dns nor myhostname are considered at all with the above configuration unless
the resolve module actually returns UNAVAIL. Thus, even though handling of
local hostname resolving is implemented twice this way it is only executed once
for each lookup.

8 years agonss-resolve: be a bit more careful with returning NSS_STATUS_NOTFOUND
Lennart Poettering [Mon, 24 Oct 2016 16:50:43 +0000 (18:50 +0200)]
nss-resolve: be a bit more careful with returning NSS_STATUS_NOTFOUND

Let's tighten the cases when our module returns NSS_STATUS_NOTFOUND. Let's do
so only if we actually managed to talk to resolved. In all other cases stick to
NSS_STATUS_UNAVAIL as before, as it clearly indicates that our module or the
system is borked, and the "dns" fallback should really take place.

In particular this fixes the 2nd-level fallback from our own dlopen() based
fallback handling. In this case we really should return UNAVAIL so that the
caller can apply its own fallback still.

Fix-up for d7247512a904f1dd74125859d8da66166c2a6933.

Note that our own dlopen() based fallback is pretty much redundant now if
nsswitch.conf is configured like this:

   hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

In a future release we should probably drop our internal fallback then, in
favour of this nsswitch.conf-based one.

8 years agoresolved: properly check for the root domain
Lennart Poettering [Mon, 24 Oct 2016 16:49:27 +0000 (18:49 +0200)]
resolved: properly check for the root domain

Fix-up for #4164

8 years agoVarious additions to NEWS
Lennart Poettering [Fri, 21 Oct 2016 18:15:18 +0000 (20:15 +0200)]
Various additions to NEWS

8 years agoseccomp: add test-seccomp test tool
Lennart Poettering [Fri, 21 Oct 2016 19:48:10 +0000 (21:48 +0200)]
seccomp: add test-seccomp test tool

This validates the system call set table and many of our seccomp-util.c APIs.

8 years agoseccomp: add new helper call seccomp_load_filter_set()
Lennart Poettering [Fri, 21 Oct 2016 19:18:46 +0000 (21:18 +0200)]
seccomp: add new helper call seccomp_load_filter_set()

This allows us to unify most of the code in apply_protect_kernel_modules() and
apply_private_devices().

8 years agoseccomp: two fixes for the syscall set tables
Lennart Poettering [Fri, 21 Oct 2016 19:15:43 +0000 (21:15 +0200)]
seccomp: two fixes for the syscall set tables

"oldumount()" is not a syscall, but simply a wrapper for it, the actual syscall
nr is called "umount" (and the nr of umount() is called umount2 internally).

"sysctl()" is not a syscall, but "_syscall()" is. Fix this in the table.

Without these changes libseccomp cannot actually translate the tables in full.
This wasn't noticed before as the code was written defensively for this case.

8 years agoseccomp: add new seccomp_init_conservative() helper
Lennart Poettering [Fri, 21 Oct 2016 18:28:05 +0000 (20:28 +0200)]
seccomp: add new seccomp_init_conservative() helper

This adds a new seccomp_init_conservative() helper call that is mostly just a
wrapper around seccomp_init(), but turns off NNP and adds in all secondary
archs, for best compatibility with everything else.

Pretty much all of our code used the very same constructs for these three
steps, hence unifying this in one small function makes things a lot shorter.

This also changes incorrect usage of the "scmp_filter_ctx" type at various
places. libseccomp defines it as typedef to "void*", i.e. it is a pointer type
(pretty poor choice already!) that casts implicitly to and from all other
pointer types (even poorer choice: you defined a confusing type now, and don't
even gain any bit of type safety through it...). A lot of the code assumed the
type would refer to a structure, and hence aded additional "*" here and there.
Remove that.

8 years agocore: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter_set()
Lennart Poettering [Fri, 21 Oct 2016 18:12:33 +0000 (20:12 +0200)]
core: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter_set()

Let's simplify this call, by making use of the new infrastructure.

This is actually more in line with Djalal's original patch but instead of
search the filter set in the array by its name we can now use the set index and
jump directly to it.

8 years agocore: rework syscall filter set handling
Lennart Poettering [Fri, 21 Oct 2016 19:50:05 +0000 (21:50 +0200)]
core: rework syscall filter set handling

A variety of fixes:

- rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main
  instance of it (the syscall_filter_sets[] array) used to abbreviate
  "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not
  mix and match too wildly. Let's pick the shorter name in this case, as it is
  sufficiently well established to not confuse hackers reading this.

- Export explicit indexes into the syscall_filter_sets[] array via an enum.
  This way, code that wants to make use of a specific filter set, can index it
  directly via the enum, instead of having to search for it. This makes
  apply_private_devices() in particular a lot simpler.

- Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to
  find a set by its name, seccomp_add_syscall_filter_set() to add a set to a
  seccomp object.

- Update SystemCallFilter= parser to use extract_first_word().  Let's work on
  deprecating FOREACH_WORD_QUOTED().

- Simplify apply_private_devices() using this functionality

8 years agocore: move misplaced comment to the right place
Lennart Poettering [Fri, 21 Oct 2016 18:05:49 +0000 (20:05 +0200)]
core: move misplaced comment to the right place

8 years agocore: simplify skip_seccomp_unavailable() a bit
Lennart Poettering [Fri, 21 Oct 2016 18:03:51 +0000 (20:03 +0200)]
core: simplify skip_seccomp_unavailable() a bit

Let's prefer early-exit over deep-indented if blocks. Not behavioural change.

8 years agoupdate-done: minor clean-ups
Lennart Poettering [Fri, 21 Oct 2016 16:26:30 +0000 (18:26 +0200)]
update-done: minor clean-ups

This is a follow-up for fb8b0869a7bc30e23be175cf978df23192d59118, and makes a
couple of minor clean-up changes:

- The field name in the timestamp file is changed from "TimestampNSec=" to
  "TIMESTAMP_NSEC=". This is done simply to reflect the fact that we parse the
  file with the env var file parser, and hence the contents should better
  follow the usual capitalization of env vars, i.e. be all uppercase.

- Needless negation of the errno parameter log_error_errno() and friends has
  been removed.

- Instead of manually calculating the nsec remainder of the timestamp, use
  timespec_store().

- We now check whether we were able to write the timestamp file in full with
  fflush_and_check() the way we usually do it.

8 years agoMerge pull request #4459 from keszybz/commandline-parsing
Lennart Poettering [Mon, 24 Oct 2016 15:20:37 +0000 (17:20 +0200)]
Merge pull request #4459 from keszybz/commandline-parsing

Commandline parsing simplification and udev fix

8 years agoMerge pull request #4469 from endocode/djalal/groups-test
Djalal Harouni [Mon, 24 Oct 2016 13:46:36 +0000 (15:46 +0200)]
Merge pull request #4469 from endocode/djalal/groups-test

test: lets add more tests to cover SupplementaryGroups= cases.

8 years agoMerge pull request #4406 from jsynacek/jsynacek-is-enabled
Lennart Poettering [Mon, 24 Oct 2016 12:19:18 +0000 (14:19 +0200)]
Merge pull request #4406 from jsynacek/jsynacek-is-enabled

shared, systemctl: teach is-enabled to show install targets

8 years agonetworkd-ndisc: Don't add NDisc route for local address (#4467)
Patrik Flykt [Mon, 24 Oct 2016 11:44:01 +0000 (14:44 +0300)]
networkd-ndisc: Don't add NDisc route for local address (#4467)

When systemd-networkd is run on the same IPv6 enabled interface where
radvd is announcing prefixes, a route is being set up pointing to the
interface address. As this will fail with an invalid argument error,
the link is marked as failed and the following message like the
following will appear in in the logs:

systemd-networkd[21459]: eth1: Could not set NDisc route or address: Invalid argument
systemd-networkd[21459]: eth1: Failed

Should the interface be required by systemd-networkd-wait-online,
network-online.target will wait until its timeout hits thereby
significantly delaying system startup.

The fix is to check whether the gateway address obtained from NDisc
messages is equal to any of the interface addresses on the same link
and not set the NDisc route in that case.

8 years agocore: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)
Djalal Harouni [Mon, 24 Oct 2016 11:13:06 +0000 (13:13 +0200)]
core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)

Remove the assert and check the return code of sysconf(_SC_NGROUPS_MAX).

_SC_NGROUPS_MAX maps to NGROUPS_MAX which is defined in <limits.h> to
65536 these days. The value is a sysctl read-only
/proc/sys/kernel/ngroups_max and the kernel assumes that it is always
positive otherwise things may break. Follow this and support only
positive values for all other case return either -errno or -EOPNOTSUPP.

Now if there are systems that want to re-write NGROUPS_MAX then they
should not pass SupplementaryGroups= in units even if it is empty, in
this case nothing fails and we just ignore supplementary groups. However
if SupplementaryGroups= is passed even if it is empty we have to assume
that there will be groups manipulation from our side or the kernel and
since the kernel always assumes that NGROUPS_MAX is positive, then
follow that and support only positive values.

8 years agotest: lets add more tests to cover SupplementaryGroups= cases.
Djalal Harouni [Mon, 24 Oct 2016 10:38:53 +0000 (12:38 +0200)]
test: lets add more tests to cover SupplementaryGroups= cases.

8 years agoshared, systemctl: teach is-enabled to show installation targets
Jan Synacek [Thu, 20 Oct 2016 13:20:11 +0000 (15:20 +0200)]
shared, systemctl: teach is-enabled to show installation targets

It may be desired by users to know what targets a particular service is
installed into. Improve user friendliness by teaching the is-enabled
command to show such information when used with --full.

This patch makes use of the newly added UnitFileFlags and adds
UNIT_FILE_DRY_RUN flag into it. Since the API had already been modified,
it's now easy to add the new dry-run feature for other commands as
well. As a next step, --dry-run could be added to systemctl, which in
turn might pave the way for a long requested dry-run feature when
running systemctl start.

8 years agoinstall: introduce UnitFileFlags
Jan Synacek [Thu, 20 Oct 2016 12:48:33 +0000 (14:48 +0200)]
install: introduce UnitFileFlags

Introduce a new enum to get rid of some boolean arguments of unit_file_*
functions. It unifies the code, makes it a bit cleaner and extensible.

8 years agoMerge pull request #4372 from evverx/fix-synced-cgroup-hierarchy-perms
Zbigniew Jędrzejewski-Szmek [Mon, 24 Oct 2016 03:25:57 +0000 (23:25 -0400)]
Merge pull request #4372 from evverx/fix-synced-cgroup-hierarchy-perms

8 years agotests/TEST-13-NSPAWN-SMOKE: remove an expected failure check
Evgeny Vereshchagin [Thu, 20 Oct 2016 09:16:23 +0000 (09:16 +0000)]
tests/TEST-13-NSPAWN-SMOKE: remove an expected failure check

https://github.com/systemd/systemd/issues/4352 has been fixed
So, we don't need this workaround anymore

8 years agonspawn: become a new root early
Evgeny Vereshchagin [Thu, 20 Oct 2016 09:05:46 +0000 (09:05 +0000)]
nspawn: become a new root early

https://github.com/torvalds/linux/commit/036d523641c66bef713042894a17f4335f199e49

> vfs: Don't create inodes with a uid or gid unknown to the vfs
  It is expected that filesystems can not represent uids and gids from
  outside of their user namespace.  Keep things simple by not even
  trying to create filesystem nodes with non-sense uids and gids.

So, we actually should `reset_uid_gid` early to prevent https://github.com/systemd/systemd/pull/4223#issuecomment-252522955

$ sudo UNIFIED_CGROUP_HIERARCHY=no LD_LIBRARY_PATH=.libs .libs/systemd-nspawn -D /var/lib/machines/fedora-rawhide -U -b systemd.unit=multi-user.target

Spawning container fedora-rawhide on /var/lib/machines/fedora-rawhide.
Press ^] three times within 1s to kill container.
Child died too early.
Selected user namespace base 1073283072 and range 65536.
Failed to mount to /sys/fs/cgroup/systemd: No such file or directory

Details: https://github.com/systemd/systemd/pull/4223#issuecomment-253046519
Fixes: #4352

8 years agonspawn: really lchown(uid/gid)
Evgeny Vereshchagin [Thu, 20 Oct 2016 09:03:40 +0000 (09:03 +0000)]
nspawn: really lchown(uid/gid)

https://github.com/systemd/systemd/pull/4372#issuecomment-253723849:

* `mount_all (outer_child)` creates `container_dir/sys/fs/selinux`
* `mount_all (outer_child)` doesn't patch `container_dir/sys/fs` and so on.
* `mount_sysfs (inner_child)` tries to create `/sys/fs/cgroup`
* This fails

370   stat("/sys/fs", {st_dev=makedev(0, 28), st_ino=13880, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=60, st_atime=2016/10/14-05:16:43.398665943, st_mtime=2016/10/14-05:16:43.399665943, st_ctime=2016/10/14-05:16:43.399665943}) = 0
370   mkdir("/sys/fs/cgroup", 0755)     = -1 EACCES (Permission denied)

* `mount_syfs (inner_child)` ignores that error and

mount(NULL, "/sys", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL) = 0

* `mount_cgroups` finally fails

8 years agobasic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
Evgeny Vereshchagin [Thu, 20 Oct 2016 09:01:45 +0000 (09:01 +0000)]
basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo

https://github.com/systemd/systemd/pull/4372#discussion_r83354107:
I get `open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)`

327   mkdir("/proc", 0755 <unfinished ...>
327   <... mkdir resumed> )             = -1 EEXIST (File exists)
327   stat("/proc",  <unfinished ...>
327   <... stat resumed> {st_dev=makedev(8, 1), st_ino=28585, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=1024, st_blocks=4, st_size=1024, st_atime=2016/10/14-02:55:32, st_mtime=2016/
327   mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL <unfinished ...>
327   <... mount resumed> )             = 0
327   lstat("/proc",  <unfinished ...>
327   <... lstat resumed> {st_dev=makedev(0, 34), st_ino=1, st_mode=S_IFDIR|0555, st_nlink=75, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:35.971031263,
327   lstat("/proc/sys", {st_dev=makedev(0, 34), st_ino=4026531855, st_mode=S_IFDIR|0555, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:39.1630
327   openat(AT_FDCWD, "/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_PATH) = 11</proc>
327   name_to_handle_at(11</proc>, "sys", {handle_bytes=128}, 0x7ffe3a238604, AT_SYMLINK_FOLLOW) = -1 EOPNOTSUPP (Operation not supported)
327   name_to_handle_at(11</proc>, "", {handle_bytes=128}, 0x7ffe3a238608, AT_EMPTY_PATH) = -1 EOPNOTSUPP (Operation not supported)
327   openat(11</proc>, "sys", O_RDONLY|O_CLOEXEC|O_PATH) = 13</proc/sys>
327   open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
327   close(13</proc/sys> <unfinished ...>
327   <... close resumed> )             = 0
327   close(11</proc> <unfinished ...>
327   <... close resumed> )             = 0

-bash-4.3# ls -ld /proc/
dr-xr-xr-x 76 65534 65534 0 Oct 14 02:57 /proc/

-bash-4.3# ls -ld /proc/1
dr-xr-xr-x 9 root root 0 Oct 14 02:57 /proc/1

-bash-4.3# ls -ld /proc/1/fdinfo
dr-x------ 2 65534 65534 0 Oct 14 03:00 /proc/1/fdinfo

8 years agoMerge pull request #4373 from endocode/djalal/fix-mountflags
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 22:54:20 +0000 (18:54 -0400)]
Merge pull request #4373 from endocode/djalal/fix-mountflags

8 years agocore: lets move the setup of working directory before group enforce
Djalal Harouni [Fri, 21 Oct 2016 20:22:56 +0000 (22:22 +0200)]
core: lets move the setup of working directory before group enforce

This is minor but lets try to split and move bit by bit cgroups and
portable environment setup before applying the security context.

8 years agotest: add more tests for SupplementaryGroups=
Djalal Harouni [Mon, 17 Oct 2016 08:06:18 +0000 (10:06 +0200)]
test: add more tests for SupplementaryGroups=

8 years agotest: Add simple test for supplementary groups
Djalal Harouni [Fri, 14 Oct 2016 08:32:27 +0000 (10:32 +0200)]
test: Add simple test for supplementary groups

8 years agocore: first lookup and cache creds then apply them after namespace setup
Djalal Harouni [Sun, 23 Oct 2016 21:24:14 +0000 (23:24 +0200)]
core: first lookup and cache creds then apply them after namespace setup

This fixes: https://github.com/systemd/systemd/issues/4357

Let's lookup and cache creds then apply them. We also switch from
getgroups() to getgrouplist().

8 years agocore: do not set no_new_privileges flag in config_parse_syscall_filter
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 03:28:46 +0000 (23:28 -0400)]
core: do not set no_new_privileges flag in config_parse_syscall_filter

If SyscallFilter was set, and subsequently cleared, the no_new_privileges flag
was not reset properly. We don't need to set this flag here, it will be
set automatically in unit_patch_contexts() if syscall_filter is set.

8 years agoMerge pull request #4428 from lnykryn/ctrl_v2
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 03:16:11 +0000 (23:16 -0400)]
Merge pull request #4428 from lnykryn/ctrl_v2

rename failure-action to emergency-action and use it for ctrl+alt+del burst

8 years agotree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 19:31:14 +0000 (15:31 -0400)]
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically

This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.

Changes by caller:
log.c (systemd.log_*):      changed to accept rd-dot-prefix params
pid1:                       no change, custom logic
cryptsetup-generator:       no change, still accepts rd-dot-prefix params
debug-generator:            no change, does not accept rd-dot-prefix params
fsck:                       changed to accept rd-dot-prefix params
fstab-generator:            no change, custom logic
gpt-auto-generator:         no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald:                   changed to accept rd-dot-prefix params
modules-load:               no change, still accepts rd-dot-prefix params
quote-check:                no change, does not accept rd-dot-prefix params
udevd:                      no change, still accepts rd-dot-prefix params

I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.

8 years agoudev: change kernel commandline option parsing
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 18:38:49 +0000 (14:38 -0400)]
udev: change kernel commandline option parsing

- do not crash if an option without value is specified on the kernel command
  line, e.g. "udev.log-priority" :P
- simplify the code a bit
- warn about unknown "udev.*" options — this should make it easier to spot
  typos and reduce user confusion

8 years agojournald: convert journald to use parse_proc_cmdline
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 18:25:30 +0000 (14:25 -0400)]
journald: convert journald to use parse_proc_cmdline

This makes journald use the common option parsing functionality.
One behavioural change is implemented:
"systemd.journald.forward_to_syslog" is now equivalent to
"systemd.journald.forward_to_syslog=1".
I think it's nicer to use this way.

8 years agotree-wide: allow state to be passed through to parse_proc_cmdline_item
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 18:24:52 +0000 (14:24 -0400)]
tree-wide: allow state to be passed through to parse_proc_cmdline_item

No functional change.

8 years agoMerge pull request #4455 from endocode/dongsu/l10n-catalog-korean
Daniel Mack [Sat, 22 Oct 2016 18:01:02 +0000 (20:01 +0200)]
Merge pull request #4455 from endocode/dongsu/l10n-catalog-korean

catalog: add more Korean translations

8 years agocatalog: add more Korean translations
Dongsu Park [Sat, 22 Oct 2016 15:29:38 +0000 (17:29 +0200)]
catalog: add more Korean translations

Add more Korean translations of journal and DNSSEC log messages.

8 years agocatalog: fix typo and make a clear sentence
Dongsu Park [Sat, 22 Oct 2016 15:29:33 +0000 (17:29 +0200)]
catalog: fix typo and make a clear sentence

Fix typo: s/ournald.conf/journald.conf/
Change also "시스템의 다음 위치에" to "시스템을 별도 위치에" to make
a clear sentence.

8 years agojournal: remove unused variable
Thomas Hindoe Paaboel Andersen [Sat, 22 Oct 2016 12:01:20 +0000 (14:01 +0200)]
journal: remove unused variable

8 years agoMerge pull request #4452 from jwilk/spelling
Michael Biebl [Sat, 22 Oct 2016 13:31:58 +0000 (15:31 +0200)]
Merge pull request #4452 from jwilk/spelling

NEWS: fix typos

8 years agoNEWS: fix typos
Jakub Wilk [Sat, 22 Oct 2016 11:18:17 +0000 (13:18 +0200)]
NEWS: fix typos

8 years agojournald: systemd.journald.max_level_* kernel command line options (#4427)
Umut Tezduyar Lindskog [Fri, 21 Oct 2016 23:40:55 +0000 (01:40 +0200)]
journald: systemd.journald.max_level_* kernel command line options (#4427)

The log forward levels can be configured through kernel command line.

8 years agoNEWS: option is ProtectKernelTunables not ProtectedKernelTunables (#4451)
Djalal Harouni [Fri, 21 Oct 2016 22:43:36 +0000 (00:43 +0200)]
NEWS: option is ProtectKernelTunables not ProtectedKernelTunables (#4451)

8 years agovconsole: skip unnecessary udev call for dummy device
Michal Soltys [Fri, 21 Oct 2016 14:11:39 +0000 (16:11 +0200)]
vconsole: skip unnecessary udev call for dummy device

In particular, the font copying has no chance of succeeding as
the required functionality is not implemented, see:

drivers/video/console/dummycon.c

8 years agoMerge pull request #4447 from poettering/oneshotassertfix
Daniel Mack [Fri, 21 Oct 2016 14:22:15 +0000 (16:22 +0200)]
Merge pull request #4447 from poettering/oneshotassertfix

core: if the start command vanishes during runtime don't hit an assert

8 years agocore: use emergency_action for ctr+alt+del burst
Lukas Nykryn [Tue, 18 Oct 2016 10:16:32 +0000 (12:16 +0200)]
core: use emergency_action for ctr+alt+del burst

Fixes #4306

8 years agofailure-action: generalize failure action to emergency action
Lukas Nykryn [Thu, 20 Oct 2016 13:27:37 +0000 (15:27 +0200)]
failure-action: generalize failure action to emergency action

8 years agoNEWS: update NEWS about ProtectKernelModules= option (#4445)
Djalal Harouni [Fri, 21 Oct 2016 11:25:23 +0000 (13:25 +0200)]
NEWS: update NEWS about ProtectKernelModules= option (#4445)