summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | macro: check existence of cleanup function before call itYu Watanabe2022-12-221-2/+10
| | | | | | | | | | | | | | | | | | | | | The free function specified in the macro may be provided by a dynamically loaded library. Replaces #25781.
* | | dissect-image: let's lock down fstypes a bitLennart Poettering2022-12-224-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we dissect images automatically, let's be a bit more conservative with the file system types we are willing to mount: only mount common file systems automatically. Explicit mounts requested by admins should always be OK, but when we do automatic mounts, let's not permit barely maintained, possibly legacy file systems. The list for now covers the four common writable and two common read-only file systems. Sooner or later we might want to add more to the list. Also, it might make sense to eventually make this configurable via the image dissection policy logic.
* | | Merge pull request #25829 from poettering/empty-to-null-const-fixYu Watanabe2022-12-222-4/+13
|\ \ \ | |_|/ |/| | string-util: don't add `const` to return pointer of empty_to_null() if input didn't have it
| * | creds: use empty_or_dash() where appropriateLennart Poettering2022-12-211-1/+1
| | |
| * | string-util: rework empty_to_null() to not change "const" qualifier of inputLennart Poettering2022-12-211-3/+12
|/ / | | | | | | | | | | | | | | This changes the definition from enpty_to_null() so that we are still typesafe (i.e. only accept strings) but do not drop (or add) any const to the returned string that wasn't also on the input. Inspired by: https://github.com/systemd/systemd/pull/25805/commits/3196e2996f613a2e3568a791c503306b7c58d593
* | gpt-auto-generator: honour rootfstype= and rootflags= kernel cmdline optionLennart Poettering2022-12-213-9/+40
| | | | | | | | | | | | | | | | Even if root= is not specified on the kernel cmdline, we should honour the other rootXYZ= options. Fixes: #8411 See: #17034
* | hwdb: Add mic-mute, control-center and screen-rotation mappings for MSI laptopsHans de Goede2022-12-221-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MSI Summit E16 Flip A12UCT laptop sends the following unmapped atkbd scancodes: 0x91: Launch MSI Control Center 0xf1: Toggle mic mute 0xf2: Rotate screen The 0x91, 0xf1 and 0xf2 codes are already present in the MSI Prestige/Modern series specific keymappings and the 0xf1 mapping is also already present in the MSI Bravo 15-B5DX FnKeys entry. This shows that these are generic to many MSI models, so add mappings for these to the generic MSI mappings. Since the MSI Bravo 15-B5DX FnKeys entry only contains the 0xf1 mapping and that is covered by the generic MSI mappings now, that entry is removed. Link: https://gitlab.freedesktop.org/libinput/libinput/-/issues/822 Link: https://bugzilla.kernel.org/show_bug.cgi?id=216824
* | hwdb: change definition of PROXIMITY_NEAR_LEVEL for sensorsPhilipp Jungkamp2022-12-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The [kernel documentation][0] for the in_proximity_nearlevel sysfs attribute on iio proximity devices states: If the value read from the sensor is above or equal to the value in this file an object should typically be considered near. Meaning a 'greater than or equal to' comparison. Make the documentation comment in 60-sensors.hwdb suggest a greater-or-equal rather than a strict greater-than comparison. [0]: https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-bus-iio-proximity Fixes #25793
* | systemctl: fix typoAntonio Alvarez Feijoo2022-12-211-1/+1
| |
* | rules: add missing line continuationYu Watanabe2022-12-211-1/+1
| | | | | | | | | | | | Fixes a bug introduced by 953c928c24455744d5534679998d129b947a5e04. Fixes #25811.
* | man: create a new section for nspawn files in systemd.syntax man page (#25807)Steve Ramage2022-12-211-2/+5
| | | | | | Closes #25806.
* | resolve: fix enumerator name for DNS search domainJacek Migacz2022-12-201-1/+1
| |
* | Merge pull request #25789 from yuwata/EBADFLennart Poettering2022-12-2076-131/+134
|\ \ | | | | | | tree-wide: use -EBADF more
| * | tree-wide: use -EBADF moreYu Watanabe2022-12-2141-65/+65
| | |
| * | tree-wide: introduce PIPE_EBADF macroYu Watanabe2022-12-2047-63/+65
| | |
| * | fuzz: sort headersYu Watanabe2022-12-201-3/+4
| |/
* | Merge branch 'systemd-security/coredump-capabilities'Zbigniew Jędrzejewski-Szmek2022-12-202-41/+220
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel setting Affects systemd >= 247 with libacl support enabled. This is a merge of https://github.com/systemd/systemd-security/pull/12/. I'm doing the merge locally because github doesn't support merging directly from systemd/systemd-security to systemd/systemd.
| * | coredump: do not allow user to access coredumps with changed ↵Zbigniew Jędrzejewski-Szmek2022-12-072-13/+192
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | uid/gid/capabilities When the user starts a program which elevates its permissions via setuid, setgid, or capabilities set on the file, it may access additional information which would then be visible in the coredump. We shouldn't make the the coredump visible to the user in such cases. Reported-by: Matthias Gerstner <mgerstner@suse.de> This reads the /proc/<pid>/auxv file and attaches it to the process metadata as PROC_AUXV. Before the coredump is submitted, it is parsed and if either at_secure was set (which the kernel will do for processes that are setuid, setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file is not made accessible to the user. If we can't access this data, we assume the file should not be made accessible either. In principle we could also access the auxv data from a note in the core file, but that is much more complex and it seems better to use the stand-alone file that is provided by the kernel. Attaching auxv is both convient for this patch (because this way it's passed between the stages along with other fields), but I think it makes sense to save it in general. We use the information early in the core file to figure out if the program was 32-bit or 64-bit and its endianness. This way we don't need heuristics to guess whether the format of the auxv structure. This test might reject some cases on fringe architecutes. But the impact would be limited: we just won't grant the user permissions to view the coredump file. If people report that we're missing some cases, we can always enhance this to support more architectures. I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and ppc64el, but not the whole coredump handling.
| * | coredump: adjust whitespaceZbigniew Jędrzejewski-Szmek2022-12-021-28/+28
| | |
* | | systemctl: new option --drop-in for specifying drop-in filenameMike Yuan2022-12-204-2/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously 'systemctl edit' would only operate on 'override.conf', but users may need more than that. Thus the new option '--drop-in' is added to allow users to specify the drop-in file name. Closes #25767
* | | github: update version in bug templatesZbigniew Jędrzejewski-Szmek2022-12-202-2/+2
| |/ |/|
* | Merge pull request #25786 from keszybz/ebadfYu Watanabe2022-12-20301-878/+878
|\ \ | | | | | | Use -EBADF for fd initialization
| * | basic/fd-util: rearrange variable declarationsZbigniew Jędrzejewski-Szmek2022-12-191-14/+10
| | | | | | | | | | | | | | | Having two blocks of normal variable declarations was unnecessary. Also 'i' can be narrower in scope.
| * | tree-wide: use -EBADF also in pipe initializersZbigniew Jędrzejewski-Szmek2022-12-1942-65/+68
| | | | | | | | | | | | In some places, initialization is dropped when unnecesary.
| * | tree-wide: change initialization to use EBADF instead of EBADFDZbigniew Jędrzejewski-Szmek2022-12-194-5/+5
| | | | | | | | | | | | | | | Those fds never were, so it's not fair to say that they are in "bad state". Let's use the shorter and more direct errno.
| * | tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-19284-793/+792
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
| * | sd-event: never pass negative errnos as signalfd to signalfdZbigniew Jędrzejewski-Szmek2022-12-191-1/+3
| | | | | | | | | | | | | | | We treat any negative value as "invalid fd", but signalfd only accepts -1.
| * | socket-proxyd: do not hardcode -1 in a check for fd validityZbigniew Jędrzejewski-Szmek2022-12-191-3/+3
| | |
* | | Merge pull request #25787 from msekletar/rename-process-capYu Watanabe2022-12-202-7/+5
|\ \ \ | | | | | | | | units: allow systemd-userdbd to change process name
| * | | units: allow systemd-userdbd to change process nameMichal Sekletar2022-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rename_process() requires CAP_SYS_RESOURCE so let's make sure it is in our permitted set after execve() by adding in to the bounding set. Previously, systemd-userdbd.service - User Database Manager Loaded: loaded (/usr/lib/systemd/system/systemd-userdbd.service; indirect; preset: disabled) Active: active (running) since Mon 2022-12-19 17:07:21 CET; 17min ago TriggeredBy: ● systemd-userdbd.socket Docs: man:systemd-userdbd.service(8) Main PID: 1880 (systemd-userdbd) Status: "Processing requests..." Tasks: 4 (limit: 2272) Memory: 5.2M CPU: 244ms CGroup: /system.slice/systemd-userdbd.service ├─1880 /usr/lib/systemd/systemd-userdbd ├─2270 systemd-userwork ├─2271 systemd-userwork └─2272 systemd-userwork Now, Loaded: loaded (/usr/lib/systemd/system/systemd-userdbd.service; indirect; preset: disabled) Active: active (running) since Mon 2022-12-19 17:27:02 CET; 15s ago TriggeredBy: ● systemd-userdbd.socket Docs: man:systemd-userdbd.service(8) Main PID: 2404 (systemd-userdbd) Status: "Processing requests..." Tasks: 4 (limit: 2272) Memory: 5.5M CPU: 89ms CGroup: /system.slice/systemd-userdbd.service ├─2404 /usr/lib/systemd/systemd-userdbd ├─2407 "systemd-userwork: waiting..." ├─2408 "systemd-userwork: waiting..." └─2409 "systemd-userwork: waiting..."
| * | | argv-util: do proper permission check while when changing process nameMichal Sekletar2022-12-191-6/+4
| |/ / | | | | | | | | | | | | | | | Process renaming happens very seldomly so we are able to afford proper permission check, i.e. actually check for CAP_SYS_RESOURCE capability instead of euid.
* | | hwdb: Fn+F5 fix for MSI Bravo 15-B5DX (#25788)noodlejetski2022-12-201-0/+4
| | | | | | | | | Closes #25782.
* | | Merge pull request #25783 from keszybz/trivial-cleanupsLennart Poettering2022-12-194-18/+10
|\ \ \ | | | | | | | | Trivial cleanups
| * | | basic/hashmap: add commentZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | Coverity complains that the check is suspicious. Add a comment to help the reader.
| * | | efi: do not use 'r' as pointer nameZbigniew Jędrzejewski-Szmek2022-12-191-3/+3
| | | | | | | | | | | | | | | | 'r' should only be used as in 'int r'.
| * | | userdb: fix typoZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | |
| * | | shared/dns-domain: reduce scope of variable declarationsZbigniew Jędrzejewski-Szmek2022-12-191-13/+5
| | | |
* | | | Merge pull request #25771 from bluca/pkcs11_dlopenLennart Poettering2022-12-198-61/+202
|\ \ \ \ | |_|/ / |/| | | p11kit: switch to dlopen()
| * | | Update TODOLuca Boccassi2022-12-191-1/+0
| | | |
| * | | p11kit: switch to dlopen()Luca Boccassi2022-12-197-60/+202
|/ / /
* | | Merge pull request #25784 from poettering/bootctl-splitLennart Poettering2022-12-1917-2164/+2309
|\ \ \ | | | | | | | | bootctl: split up bootctl.c into multiple files
| * | | bootctl: split out "install" verb tooLennart Poettering2022-12-195-1188/+1184
| | | |
| * | | bootctl: split out "status" verb tooLennart Poettering2022-12-197-603/+647
| | | |
| * | | bootctl: split out "set-efivar" verbs, tooLennart Poettering2022-12-194-138/+156
| | | |
| * | | bootctl: also split out 'systemd-efi-options' verbLennart Poettering2022-12-194-32/+44
| | | |
| * | | bootctl: split out random seed verb, tooLennart Poettering2022-12-197-171/+235
| | | |
| * | | bootctl: let's start splitting up bootctl like we did for systemctl and othersLennart Poettering2022-12-194-34/+45
| |/ /
* | | unit: use underbar for module nameYu Watanabe2022-12-191-1/+1
|/ / | | | | | | For consistency with src/core/unit.c.
* | Merge pull request #25779 from bluca/journa_remote_vacuumYu Watanabe2022-12-192-4/+4
|\ \ | | | | | | journal-remote: follow-ups for #25076
| * | journal-remote: fix memory leak on initialization errorLuca Boccassi2022-12-181-3/+3
| | | | | | | | | | | | | | | | | | | | | Follow-up for f12b399dd6362a03379cb769954ebfb9972236ed from https://github.com/systemd/systemd/pull/25076 CID#1501550
View Lorry Controller Status