summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* network: use "FooOverUDP" as one wordv245.5Zbigniew Jędrzejewski-Szmek2020-04-171-2/+2
| | | | | | | The whole thing is one name, and I think it's confusing to break it up into separate words. (cherry picked from commit fac216635916eee9aa2b08b978bf60d97ac95179)
* network: fix static assertion on IPPROTO_MAX rangeZbigniew Jędrzejewski-Szmek2020-04-171-6/+16
| | | | | | | | | | | | | | | | | Builds with recent glibc would fail with: ../src/network/netdev/fou-tunnel.c: In function ‘config_parse_ip_protocol’: ../src/basic/macro.h:380:9: error: static assertion failed: "IPPROTO_MAX-1 <= UINT8_MAX" 380 | static_assert(expr, #expr) | ^~~~~~~~~~~~~ ../src/network/netdev/fou-tunnel.c:161:9: note: in expansion of macro ‘assert_cc’ 161 | assert_cc(IPPROTO_MAX-1 <= UINT8_MAX); | ^~~~~~~~~ This is because f9ac84f92f151e07586c55e14ed628d493a5929d (present in glibc-2.31.9000-9.fc33.x86_64) added IPPROTO_MPTCP=262, following v5.5-rc5-1002-gfaf391c382 in the kernel. (cherry picked from commit 3d58d7328a6ecbc61d3494803d705edd8a108d72)
* resolved: tone down comment in /run/systemd/{stub-,}resolve.confLennart Poettering2020-04-171-21/+21
| | | | | | | | | | | | There are legitimate reasons to access the file directly, as currently discussed on fedora-devel. Hence tone things down from "must" to "should typically not". Also, let's use fputs() instead of fputs_unlocked() here, fopen_temporary_label() turns off stdio locking anyway for the whole FILE*, hence no need to do this manually each time. (cherry picked from commit ce416f425c509bac429b8c9971f5f4edf726a54f)
* logind: skip polkit query with --no-wallZbigniew Jędrzejewski-Szmek2020-04-171-0/+7
| | | | | | Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1800875. (cherry picked from commit 5644d47b7c288c4126aab60d2d6a65923f7df4cc)
* verify: ignore nonexistent executables if requiredGiedrius Statkevičius2020-04-174-1/+29
| | | | | | | | | | | | | | | | We provide a way via the '-' symbol to ignore errors when nonexistent executable files are passed to Exec* parameters & so on. In such a case, the flag `EXEC_COMMAND_IGNORE_FAILURE` is set and we go on happily with our life if that happens. However, `systemd-analyze verify` complained about missing executables even in such a case. In such a case it is not an error for this to happen so check if the flag is set before checking if the file is accessible and executable. Add some small tests to check this condition. Closes #15218. (cherry picked from commit c90c597ee3b6b9d30ee86410e46939ba875e467a)
* hwdb: optimize isatty()-per-line awayLennart Poettering2020-04-171-1/+1
| | | | | Fixes: #15407 (cherry picked from commit 648ba0ee8178105777502cfcd869d7c04511db96)
* fileio: extend comment a bitLennart Poettering2020-04-171-3/+5
| | | | (cherry picked from commit 451fcbfc58d3ccb9855095666aa9ba4ae1327224)
* fileio: optionally allow telling read_line_full() whether we are processing ↵Lennart Poettering2020-04-172-6/+8
| | | | | | a tty or not (cherry picked from commit 609ae0f59619619efe6db07e34f73a237e7f332b)
* fileio: fileno() can realistically return -1Lennart Poettering2020-04-173-18/+56
| | | | | | | | | | | | | | | | An stdio FILE* stream usually refers to something with a file descriptor, but that's just "usually". It doesn't have to, when taking fmemopen() and similar into account. Most of our calls to fileno() assumed the call couldn't fail. In most cases this was correct, but in some cases where we didn't know whether we work on files or memory we'd use the returned fd as if it was unconditionally valid while it wasn't, and passed it to a multitude of kernel syscalls. Let's fix that, and do something reasonably smart when encountering this case. (Running test-fileio with this patch applied will remove tons of ioctl() calls on -1). (cherry picked from commit 14f594b995bbaea85456a4c26e5c07446a4c446e)
* coredumpctl: support --file=PATHFrantisek Sumsal2020-04-172-0/+29
| | | | | | | | Let's match journalctl's functionality by throwing --file for coredumpctl into the mix, so we can work on a single journal file as well. (cherry picked from commit aeb56450820f824785d1d2718064598293e3bd6c)
* Fix pam_systemd_home's debug parameter to match man page descriptionJoel Shapiro2020-04-171-1/+4
| | | | (cherry picked from commit 332f38d084c68c3d524c086f4d7843a2fd048ba8)
* core: make sure ProtectHostname= is handled gracefully in containers lacking ↵Lennart Poettering2020-04-171-20/+40
| | | | | | | seccomp Fixes: #15408 (cherry picked from commit daf8f72b4eba3702a5bdf109c82dc71d1483f1c6)
* test: wait a bit after stopping the test serviceFrantisek Sumsal2020-04-171-0/+1
| | | | | | | | | | | | | | | | | | | | Give systemd a chance to process the stop event before checking if the PID has indeed leaked. This should fix the intermittent test fails in CI even with a fixed systemd version, like this one: ``` Apr 08 10:22:09 testsuite-47.sh[345]: ++ cat /leakedtestpid Apr 08 10:22:09 testsuite-47.sh[334]: + leaked_pid=342 Apr 08 10:22:09 testsuite-47.sh[334]: + systemctl stop testsuite-47-repro Apr 08 10:22:10 testsuite-47.sh[334]: + ps -p 342 Apr 08 10:22:10 testsuite-47.sh[348]: PID TTY TIME CMD Apr 08 10:22:10 testsuite-47.sh[348]: 342 ? 00:00:00 sleep Apr 08 10:22:10 testsuite-47.sh[334]: + exit 42 ``` Followup to 197298ff9fc930de450330095cc5b67d165d0801 (cherry picked from commit e00e2e0b50bbd120290572c8d1242703fb98b34e)
* catalog: add entry for SD_MESSAGE_UNSAFE_USER_NAMELennart Poettering2020-04-171-0/+23
| | | | (cherry picked from commit ad313ec33bb367624c25c9264994d6e43b8a7e2e)
* docs: hook up the new USER_NAMES document everywhereLennart Poettering2020-04-174-8/+18
| | | | | | | (Also correct the set of names we accept in User=, which was forgotten to be updated in ae480f0b09aec815b64579bb1828ea935d8ee236. (cherry picked from commit 887a8fa341d9b24a7c9cd3f1fce328f8e43a1b4f)
* user-util: rework how we validate user namesLennart Poettering2020-04-1723-245/+302
| | | | | | | | | | | | | | | | | | | | | | | | | | This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090 (cherry picked from commit 7a8867abfab10e5bbca10590ec2aa40c5b27d8fb)
* userdbctl: drop redundant user name validity checkLennart Poettering2020-04-171-6/+5
| | | | | | | | | The userdb_by_name() invocation immediately following does the same check anyway, no need to do this twice. (Also, make sure we exit the function early on failure) (cherry picked from commit 2aea5883f1d016ec7304acdb59516c30cae92452)
* man: explicitly note that ExecSt*Post does count for After/Before orderingLuca Boccassi2020-04-172-2/+8
| | | | (cherry picked from commit fe78538cab13fd8b6180dfdfab87d86bfdd1ac58)
* sleep: improve log msg slightlyLennart Poettering2020-04-171-1/+1
| | | | | | | | | Let's make the log msgs a bit longer, to make clearer what is going on here... Prompted bymy attempts to debug #15354 (cherry picked from commit 0ed4b54e05e8436685cab79177c64a5fe8a2d15c)
* man: correct the default slice for systemd-run unitsLennart Poettering2020-04-171-2/+4
| | | | | | As suggested in #15362 (cherry picked from commit ba45534917d5ac56bf621ab6e6f4ccb11d0eb269)
* hwdb: Update database of Bluetooth company identifiersMarcel Holtmann2020-04-171-68/+3623
| | | | (cherry picked from commit 9fac14980df8dcce922e1fe8856a88b09590d2c3)
* detect-virt: also detect "microsoft" as WSLZbigniew Jędrzejewski-Szmek2020-04-171-6/+7
| | | | | | | | | | | | | | | From https://github.com/microsoft/WSL/issues/423#issuecomment-221627364: > it's unlikely we'll change it to something that doesn't contain "Microsoft" > or "WSL". ... but well, it happened. If they change it incompatibly w/o adding an stable detection mechanism, I think we should not add yet another detection method. But adding a different casing of "microsoft" is not a very big step, so let's do that. Follow-up for #11932. (cherry picked from commit a2f838d59075a49b012f9b7056664f7ffeed44d2)
* dbus-execute: show also ProtectClockTopi Miettinen2020-04-171-0/+1
| | | | | | | Show also `ProtectClock=` setting. This also lets `systemd-analyze security` get the correct state for it. (cherry picked from commit b8b7b838fd6e1ab36962a592838a59de30c32b98)
* man: add note that --no-hostname has limited effectZbigniew Jędrzejewski-Szmek2020-04-171-4/+9
| | | | | | | | Clearly there is some confusion about the intent of this option, let's add a short note. https://bugzilla.redhat.com/show_bug.cgi?id=1819313 (cherry picked from commit e6a4e25a829470c055a1195a8e97834408138c32)
* journal-remote: fix description of optionZbigniew Jędrzejewski-Szmek2020-04-171-1/+1
| | | | | | We use whatever compression is configured, most often not XZ. (cherry picked from commit 82b2281dd54b2b83c53ccbaf73b6ca9b687e0b94)
* capability: don't skip ambient caps setup if we actually have something to setLennart Poettering2020-04-171-3/+5
| | | | | | | | Follow-up for 7ea4392f1e444388caa706d6bd64fb7b30dc2903 Let's not hide errors needlessly aggressively. (cherry picked from commit c4b23712634d020184393ba83451bd200a1e785f)
* shared/dissect-image: log messages from cryptsetupTopi Miettinen2020-04-171-0/+4
| | | | | | | | | | | | | | | | Before: ``` write(2, "Device /dev/loop1p1 is too small.\n", 34) = -1 ENOTCONN (Transport endpoint is not connected) ``` After: ``` $ journalctl -b -e | grep 'too small' Apr 02 16:53:30 loora systemd[343579]: Device /dev/loop1p1 is too small. ``` (cherry picked from commit 1887032f71b00e51d04bb5ae1860d581da786154)
* resolve: reload /etc/hosts on inode changeGiedrius Statkevičius2020-04-173-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | On certain distributions such as NixOS the mtime of `/etc/hosts` is locked to a fixed value. In such cases, only checking the last mtime of `/etc/hosts` is not enough - we also need to check if the st_ino/st_dev match up. Thus, let's make sure make sure that systemd-resolved also rereads `/etc/hosts` if the inode or the device containing `/etc/hosts` changes. Test script: ```bash hosts="/etc/hosts" echo "127.0.0.1 testpr" > "hosts_new" mv "hosts_new" "$hosts" resolvectl query testpr || exit 1 mtime="$(stat -c %y "$hosts")" echo "127.0.0.1 newhost" > "hosts_tmp" touch -d "$mtime" "hosts_tmp" install -p "hosts_tmp" "$hosts" sleep 10 resolvectl query newhost || exit 1 rm -f "hosts_tmp" ``` Closes #14456. (cherry picked from commit aa5408e2e8a66b71f38531f1dcb91252c586a23c)
* string-util: make sure we eat even half complete words in split()Lennart Poettering2020-04-172-3/+8
| | | | | | | | | | split() and FOREACH_WORD really should die, and everything be moved to extract_first_word() and friends, but let's at least make sure that for the remaining code using it we can't deadlock by not progressing in the word iteration. Fixes: #15305 (cherry picked from commit 29965a2a6e22c9f369e70cffd9ff780d1c1d31a1)
* udev: Fix SIGSEGV in AlternativeNamesPolicy handlingLénaïc Huard2020-04-171-1/+1
| | | | | | | | | | The function sd_device_get_property_value has some paths where it exits without touching the n pointer. In those cases, n remained uninitialized until it was eventually read inside isempty where it caused the segmentation fault. Fixes #15078 (cherry picked from commit 61fd7d6720c562c88ab79062ff8d131e5e3c7b1b)
* man: mention that stdout logging works the same as stderr loggingv245.4Lennart Poettering2020-04-011-10/+8
| | | | | | | Apparently people wondered about that: https://lists.freedesktop.org/archives/systemd-devel/2020-March/044091.html (cherry picked from commit 9e76a88fafcba7d5bd7736013b6cb2eb291a006f)
* userwork: fix signal worker sends to manager requesting more workersLennart Poettering2020-04-011-1/+1
| | | | | | | | | | That's what you get for changing these signals around, after checking everything works, not before. Bad, Lennart, bad! Fixes: #15085 (cherry picked from commit e3028514aeb7feee67b4c4747a3af52d09a3e9fd)
* units: do not pull in home.mount from systemd-homed.serviceLennart Poettering2020-04-011-1/+1
| | | | | | | | | | /home is posibly a remote file system. it makes sense to order homed after it, so that we can properly enumerate users in it, but we probably shouldn't pull it in ourselves, and leave that to users to configure otherwise. Fixes: #15102 (cherry picked from commit 286fe8ee2132b058c98051cd106c468b011f0418)
* home: fix several typosVito Caputo2020-04-0111-35/+35
| | | | (cherry picked from commit 80ace4f25e08989c84302fdd8d38f000ded2eaee)
* homectl: fix a typoPiero La Terza2020-04-011-1/+1
| | | | | | stroage -> storage (cherry picked from commit 36e4a8f22a766345e433a74cfa3feeed1063e91a)
* import: Only keep RO copy if ETag header is setKevin Kuehler2020-04-011-7/+10
| | | | | | | | | | | | | | | | | | | | | | We fix the case when the webserver servers container images without setting the ETag header in the response. When an image is downloaded to image root, a read only copy is stored alongside it. The filename has the following form: .raw-<encoded-url-of-image>.\x22<ETAG-header>\22.raw. This is so, if the same resource is fetched multiple times, importd can avoid extra downloads by creating the new image using the local read-only copy. The current code assumes the ETag header is set because, if the server does not set the ETag header, the file is stored without the ETag value in the filename. When importd fetches a duplicate image, it will run rename_noreplace and fail: Failed to rename raw file to /var/lib/machines/.raw-http:\x2f\x2flocalhost:8000\x2fwalkthroughd.raw: File exists This patch makes importd only store a read-only image if the webserver has set the ETag header. (cherry picked from commit 50dfca2eaf325835c2bd75565f65bfbe84d3cae5)
* nss-systemd: add missing jump to unlock mutexZbigniew Jędrzejewski-Szmek2020-04-011-2/+3
| | | | | | CID#1412415. (cherry picked from commit e7e9a9d0dce3fe1a133a42f69a2547749b5bcd46)
* basic: Fix capability_ambient_set_apply for kernels < 4.3Kevin Kuehler2020-04-011-0/+4
| | | | | | | | | | | | | | | https://github.com/systemd/systemd/pull/14133 made capability_ambient_set_apply() acquire capabilities that were explicitly asked for and drop all others. This change means the function is called even with an empty capability set, opening up a code path for users without ambient capabilities to call this function. This function will error with EINVAL out on kernels < 4.3 because PR_CAP_AMBIENT is not understood. This turns capability_ambient_set_apply() into a noop for kernels < 4.3 Fixes https://github.com/systemd/systemd/issues/15225 (cherry picked from commit 7ea4392f1e444388caa706d6bd64fb7b30dc2903)
* sd-journal: remove the dead code and actually fix #14695Michal Sekletár2020-04-011-4/+3
| | | | | | | | | | | | | journal_file_fstat() returns an error if we call it on already unlinked journal file and hence we never reach remove_file_real() which is the entire point. I must have made some mistake while testing the fix that got me thinking the issue is gone while opposite was true. Fixes #14695 (cherry picked from commit 8581b9f9732d4c158bb5f773230a65ce77f2c292)
* user-util: switch order of checks in valid_user_group_name_or_id_full()Lennart Poettering2020-04-011-2/+2
| | | | | | | | | | | | When we are supposed to accept numeric UIDs formatted as string, then let's check that first, before passing things on to valid_user_group_name_full(), since that might log about, and not the other way round. See: #15201 Follow-up for: 93c23c9297e48e594785e0bb9c51504aae5fbe3e (cherry picked from commit a85daa0dfb3eb03be9845760e90e54b9af8fb00e)
* user-util: Allow names starting with a digitBalint Reczey2020-04-012-5/+19
| | | | | | | | | In 1a29610f5fa1bcb2eeb37d2c6b79d8d1a6dbb865 the change inadvertedly disabled names with digit as the first character. This follow-up change allows a digit as the first character in compat mode. Fixes: #15141 (cherry picked from commit 93c23c9297e48e594785e0bb9c51504aae5fbe3e)
* Remove stale doc about PrivateNetwork and typeZhu Li2020-04-011-2/+1
| | | | (cherry picked from commit 9520a0308d45ad9c885f5413238ecc54c643d972)
* Add `shell` to machinectl ZSH completionPieter Lexis2020-04-011-0/+1
| | | | (cherry picked from commit 72e1c0b308ac0947d625766a59d07336ee42ec31)
* Silence Wstring-plus-int warning when using clangd with GCC.Daan De Meyer2020-04-011-1/+1
| | | | (cherry picked from commit f455f8633e3d829bca46dae68e0fb5ca10e8e139)
* path-lookup: Use default value for XDG_CONFIG_DIRS if environment is not setDavid Edmundson2020-04-011-4/+5
| | | | | | | If XDG_CONFIG_DIRS is unset, the specification says we should assume /etc/xdg. (cherry picked from commit f0d0698f0b7d565e6eade043450f7f5557c8db48)
* network: DHCP lease load SIP copy paste errorv245.3Susant Sahani2020-03-261-1/+1
| | | | (cherry picked from commit be1af905852d25e11fdf0cb4f37be2a58567dd94)
* davfs is a network file systempelzvieh2020-03-261-1/+2
| | | | (cherry picked from commit 137d4487511b3221d3c9165326bf55f297dcd5a6)
* units: Don't mount tracefs in LXCBalint Reczey2020-03-261-0/+1
| | | | | | | | | Mounting tracefs fails in unprivileged LXC containers and latest LXD (3.23) bind mounts tracefs already. Fixes https://github.com/lxc/lxd/issues/7059 (cherry picked from commit cdc6c95737d26b1746b446dfe662872d593d23c6)
* swap: check p->what for NULLVito Caputo2020-03-261-1/+1
| | | | | | | | | Commit 61f9cf4e4c introduced swap_get_parameters(s) but only checked its return for NULL and not its ->what. Fixes https://github.com/systemd/systemd/issues/15070 (cherry picked from commit d4a3494e65946ab78647b5277adcabed0ec43da3)
* login: allow non-console sessions to change vtArnaud Ferraris2020-03-261-1/+1
| | | | | | | | | | | | | | | | | | | | When starting a wayland session through a systemd service for a non-root user, the compositor (based on wlroots) is denied the authorization to change vt. Once the user logs in, either through a local console or via ssh, the compositor can work properly. This is related to the login polkit policy: - `allow_inactive` has value `auth_admin_keep`, denying any non-root user session the authorization to change vt - `allow_active` has value `yes`, which explains why the vt change becomes possible once the user logs in through another channel By changing the `allow_inactive` value to `yes`, any user session setup in a service file can switch vt, allowing wayland sessions for non-root users. (cherry picked from commit 19bb87fbfac8df67c0c8ff4714382a88733c61a2)
View Lorry Controller Status