summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* test: mangle the machine ID only for the QEMU test partHEADmainFrantisek Sumsal2023-05-171-1/+5
| | | | | | | | | | | | | systemd-nspawn doesn't like invalid machine IDs and refuses to boot with one: TEST-74-AUX-UTILS RUN: Tests for auxiliary utilities ... Spawning container TEST-74-AUX-UTILS--3 on /var/tmp/systemd-test-TEST-74-AUX-UTILS_3/root. Press Ctrl-] three times within 1s to kill container. Failed to read machine ID from container image: Structure needs cleaning E: nspawn failed with exit code 1 Follow-up to b4d42a82eb.
* Merge pull request #27669 from keszybz/man-fixes-254Zbigniew Jędrzejewski-Szmek2023-05-173-33/+45
|\ | | | | Some simple man page fixes to reduce the list of issues tagged for v254
| * man/tmpfiles: fix off-by-one in exampleZbigniew Jędrzejewski-Szmek2023-05-171-1/+1
| | | | | | | | Reported and diagnosed by gitterman. Fixes #26617.
| * man: explain allowed values for /sys/power/{disk,state}Zbigniew Jędrzejewski-Szmek2023-05-171-24/+31
| | | | | | | | | | | | | | Also fix the grammar: "neither" can only be used with two values, and here we have an inderminate number >= 1. Fixes #26460.
| * man: say that ProtectClock= also affects readsZbigniew Jędrzejewski-Szmek2023-05-171-8/+13
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #26413: the docs said that the filter prevents writes, but it just a filter at the system call level, and some of those calls are used for writing and reading. This is confusing esp. when a higher level library call like ntp_gettime() is denied. I don't think it's realistic that we'll make the filter smarter in the near future, so let's change the docs to describe the implementation. Also, split out the advice part into a separate paragraph.
* | Merge pull request #27671 from keszybz/manpage-fixes-254-2Zbigniew Jędrzejewski-Szmek2023-05-1719-83/+106
|\ \ | |/ |/| man: fixes for assorted issues reported by the manpage-l10n project
| * man: fixes for assorted issues reported by the manpage-l10n projectZbigniew Jędrzejewski-Szmek2023-05-1719-83/+106
|/ | | | Fixes #26761.
* Merge pull request #27664 from mrc0mmand/test-mergeYu Watanabe2023-05-1778-508/+521
|\ | | | | test: let's merge more tests together
| * test: move runas() to the shared utility libraryFrantisek Sumsal2023-05-164-17/+14
| |
| * test: make shellcheck happy againFrantisek Sumsal2023-05-1610-6/+13
| | | | | | | | No functional changes.
| * test: merge TEST-48-START-STOP-NO-RELOAD into TEST-23-UNIT-FILEFrantisek Sumsal2023-05-164-47/+33
| |
| * test: merge TEST-49-RUNTIME-BIND-PATHS into TEST-23-UNIT-FILEFrantisek Sumsal2023-05-167-68/+44
| |
| * test: clean up test artifactsFrantisek Sumsal2023-05-162-0/+19
| | | | | | | | So we don't run into unexpected fails when two tests use the same paths.
| * test: merge TEST-28-PERCENTJ-WANTEDBY into TEST-23-UNIT-FILEFrantisek Sumsal2023-05-167-33/+18
| |
| * test: merge TEST-56-EXIT-TYPE into TEST-19-CGROUPFrantisek Sumsal2023-05-165-99/+102
| | | | | | | | And clean it up a bit.
| * test: rename TEST-19-DELEGATE to TEST-19-CGROUPFrantisek Sumsal2023-05-164-66/+109
| | | | | | | | And clean it up a bit.
| * test: introduce get_cgroup_hierarchy()Frantisek Sumsal2023-05-161-0/+18
| |
| * test: rename assert.sh to util.shFrantisek Sumsal2023-05-1628-55/+55
| | | | | | | | | | | | | | So we can extend it with additional utility functions without making it confusing. No functional change.
| * test: merge TEST-33-CLEAN-UNIT into TEST-23-UNIT-FILEFrantisek Sumsal2023-05-164-25/+2
| |
| * test: merge TEST-27-STDOUTFILE into TEST-23-UNIT-FILEFrantisek Sumsal2023-05-164-27/+6
| |
| * test: merge TEST-14-MACHINE-ID into TEST-74-AUX-UTILSFrantisek Sumsal2023-05-166-65/+88
|/
* man/systemd-sysext: correct explanation of confexts directoriesAntonio Alvarez Feijoo2023-05-161-4/+4
|
* switch-root: add a comment regarding the safety limits of rm_rf_children()Lennart Poettering2023-05-171-0/+2
|
* Merge pull request #27606 from YHNdnzj/loginctl-list-show-stateYu Watanabe2023-05-172-29/+82
|\ | | | | loginctl: list-{users,sessions}: add a column for showing state
| * test: add test for state in loginctl list-{users,sessions}Mike Yuan2023-05-161-4/+14
| |
| * loginctl: list-sessions: also show stateMike Yuan2023-05-161-3/+20
| |
| * loginctl: list-sessions: minor modernizationMike Yuan2023-05-161-18/+19
| |
| * loginctl: list-users: also show stateMike Yuan2023-05-161-5/+30
| |
* | Merge pull request #27655 from ↵Yu Watanabe2023-05-1723-89/+262
|\ \ | | | | | | | | | | | | yuwata/udev-net-assign-alternative-names-only-on-add-event udev/net: assign alternative names only on add event
| * | test: add tests for renaming network interfaceYu Watanabe2023-05-161-0/+86
| | |
| * | udev/net: assign alternative names only on add ueventYu Watanabe2023-05-165-31/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we first assign alternative names to a network interface, then later change its main name if requested. So, we could not assign the name that currently assigned as the main name of an interface as an alternative name. So, we retry to assign the previous main name as an alternative name on later move uevent. However, that causes some confusing situation. E.g. if a .link file has ``` Name=foo AlternativeNames=foo baz ``` then even if the interface is renamed by a user e.g. by invoking 'ip link' command manually, the interface can be still referenced as 'foo', as the name is now assigned as an alternative name. This makes the order of name assignment inverse: the main name is first changed, and then the requested alternative names are assigned. And udevd do not assign alternative names on move uevent. Replaces #27506.
| * | sd-netlink: make rtnl_set_link_name() optionally append alternative namesYu Watanabe2023-05-164-24/+78
| | |
| * | udev/net: generate new network interface name only on add ueventYu Watanabe2023-05-161-1/+1
| | | | | | | | | | | | | | | On other uevents, the name will be anyway ignored in rename_netif() in udev-event.c.
| * | udev/net: verify ID_NET_XYZ before trying to assign it as an alternative nameYu Watanabe2023-05-161-1/+1
| | |
| * | udev: make udev_builtin_run() take UdevEvent*Yu Watanabe2023-05-1616-31/+41
| | | | | | | | | | | | No functional change, preparation for later commits.
| * | udev: use SYNTHETIC_ERRNO() at one more placeYu Watanabe2023-05-161-2/+1
| |/
* | Merge pull request #27651 from mrc0mmand/more-nspawn-testsFrantisek Sumsal2023-05-166-70/+641
|\ \ | | | | | | nspawn: OCI related fixes & tests
| * | nspawn: make sure the device type survives when setting device modeFrantisek Sumsal2023-05-161-1/+1
| | |
| * | fuzz: update the base JSON for fuzz-nspawn-ociFrantisek Sumsal2023-05-161-20/+227
| | |
| * | test: add a couple of tests for nspawn's OCI stuffFrantisek Sumsal2023-05-162-20/+384
| | |
| * | nspawn: fix a global-buffer-overflowFrantisek Sumsal2023-05-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Whoopsie. ================================================================= ==3789231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000051d0b8 at pc 0x7f70850bc904 bp 0x7ffd9bbdf660 sp 0x7ffd9bbdf658 READ of size 8 at 0x00000051d0b8 thread T0 #0 0x7f70850bc903 in json_dispatch ../src/shared/json.c:4347 #1 0x4a5b54 in oci_seccomp_syscalls ../src/nspawn/nspawn-oci.c:1838 #2 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 #3 0x4a668c in oci_seccomp ../src/nspawn/nspawn-oci.c:1905 #4 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 #5 0x4a7d8c in oci_linux ../src/nspawn/nspawn-oci.c:2030 #6 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4aa31c in oci_load ../src/nspawn/nspawn-oci.c:2198 #8 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #9 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #10 0x4552fb in main ../src/nspawn/nspawn.c:5920 #11 0x7f7083a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #12 0x7f7083a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #13 0x40d284 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/systemd-nspawn+0x40d284) 0x00000051d0b8 is located 40 bytes to the left of global variable 'bus_standard_errors_copy_0' defined in '../src/libsystemd/sd-bus/bus-error.h:57:1' (0x51d0e0) of size 8 0x00000051d0b8 is located 0 bytes to the right of global variable 'table' defined in '../src/nspawn/nspawn-oci.c:1829:43' (0x51d040) of size 120 SUMMARY: AddressSanitizer: global-buffer-overflow ../src/shared/json.c:4347 in json_dispatch Shadow bytes around the buggy address: 0x00008009b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009b9d0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008009b9e0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008009b9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 =>0x00008009ba10: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 f9 f9 f9 0x00008009ba20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3789231==ABORTING
| * | nspawn: fix inverted conditionFrantisek Sumsal2023-05-161-1/+1
| | |
| * | nspawn: call json_dispatch() with a correct pointerFrantisek Sumsal2023-05-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #14 0x4552fb in main ../src/nspawn/nspawn.c:5920 #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING
| * | nspawn: all hooks should be arrays of objects, not just objectsFrantisek Sumsal2023-05-161-3/+3
| | | | | | | | | | | | See: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#posix-platform-hooks
| * | nspawn: use the just returned errno in the log messageFrantisek Sumsal2023-05-161-1/+1
| | | | | | | | | | | | | | | | | | | | | Use the returned errno even though we are going to ignore it, otherwise the log message is just confusing: config.json:119:13: Failed to resolve device node 4:2, ignoring: Success
| * | nspawn: disableOOMKiller should be boolean, not intFrantisek Sumsal2023-05-161-7/+7
| | | | | | | | | | | | See: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config-linux.md#memory
| * | nspawn: modernize the cleanup functions a bitFrantisek Sumsal2023-05-161-16/+12
| | |
| * | nspawn: avoid NULL pointer dereferenceFrantisek Sumsal2023-05-162-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When merging the settings we take the pointer to the array of extra devices, but don't reset the array counter to zero. This later leads to a NULL pointer dereference, where device_node_array_free() attempts to loop over a NULL pointer: + systemd-nspawn --oci-bundle=/var/lib/machines/testsuite-13.oci-bundle.Npo ../src/nspawn/nspawn-settings.c:118:29: runtime error: member access within null pointer of type 'struct DeviceNode' #0 0x4b91ee in device_node_array_free ../src/nspawn/nspawn-settings.c:118 #1 0x4ba42a in settings_free ../src/nspawn/nspawn-settings.c:161 #2 0x410b79 in settings_freep ../src/nspawn/nspawn-settings.h:249 #3 0x446ce8 in load_oci_bundle ../src/nspawn/nspawn.c:4733 #4 0x44ff42 in run ../src/nspawn/nspawn.c:5476 #5 0x455296 in main ../src/nspawn/nspawn.c:5919 #6 0x7f0cb7a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #7 0x7f0cb7a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #8 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/nspawn/nspawn-settings.c:118:29 in Also, add an appropriate assert to catch such issues in the future.
| * | nspawn: file system namespace -> mount namespaceFrantisek Sumsal2023-05-151-1/+1
| | |
| * | nspawn: fix a typo in an error messageFrantisek Sumsal2023-05-151-1/+1
| | |
View Lorry Controller Status