diff options
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | configure.ac | 13 | ||||
| -rw-r--r-- | m4/attributes.m4 | 15 | ||||
| -rw-r--r-- | man/systemd-run.xml | 2 | ||||
| -rw-r--r-- | src/basic/missing.h | 7 | ||||
| -rw-r--r-- | src/core/dbus-execute.c | 27 | ||||
| -rw-r--r-- | src/core/execute.c | 91 | ||||
| -rw-r--r-- | src/core/main.c | 7 | ||||
| -rw-r--r-- | src/network/networkd-link.c | 24 | ||||
| -rw-r--r-- | src/shared/bus-util.c | 3 |
10 files changed, 124 insertions, 70 deletions
@@ -31,8 +31,9 @@ CHANGES WITH 227: assignments and "auto" for picking a free value automatically. - * The PrivateTmp, PrivateDevices, PrivateNetwork and - NoNewPrivileges properties can now be set for transient units. + * The PrivateTmp, PrivateDevices, PrivateNetwork, + NoNewPrivileges, TTYPath, WorkingDirectory and RootDirectory + properties can now be set for transient units. * Galician and Turkish translations were added. diff --git a/configure.ac b/configure.ac index d71cb07366..ef03fb082c 100644 --- a/configure.ac +++ b/configure.ac @@ -171,7 +171,6 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -Werror=implicit-function-declaration \ -Werror=missing-declarations \ -Werror=return-type \ - -Werror=shadow \ -Wstrict-prototypes \ -Wredundant-decls \ -Wmissing-noreturn \ @@ -196,6 +195,17 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -fPIE \ --param=ssp-buffer-size=4]) +CC_CHECK_FLAG_APPEND([with_cflags], [CFLAGS], [-Werror=shadow], [ +#include <time.h> +#include <inttypes.h> +typedef uint64_t usec_t; +usec_t now(clockid_t clock); +int main(void) { + struct timespec now; + return 0; +} +]) + AS_CASE([$CC], [*clang*], [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ -Wno-typedef-redefinition \ @@ -1251,7 +1261,6 @@ if test "x$enable_myhostname" != "xno"; then AC_TYPE_SIZE_T AC_HEADER_TIME - AC_FUNC_MALLOC AC_FUNC_SELECT_ARGTYPES AC_CHECK_FUNCS([gethostbyaddr gethostbyname gettimeofday inet_ntoa memset select socket strcspn strdup strerror strncasecmp strcasecmp strspn]) diff --git a/m4/attributes.m4 b/m4/attributes.m4 index 97f094b07a..db5df250f4 100644 --- a/m4/attributes.m4 +++ b/m4/attributes.m4 @@ -35,15 +35,18 @@ dnl well. dnl Check if FLAG in ENV-VAR is supported by compiler and append it dnl to WHERE-TO-APPEND variable. Note that we invert -Wno-* checks to -dnl -W* as gcc cannot test for negated warnings. -dnl CC_CHECK_FLAG_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG]) +dnl -W* as gcc cannot test for negated warnings. If a C snippet is passed, +dnl use it, otherwise use a simple main() definition that just returns 0. +dnl CC_CHECK_FLAG_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG], [C-SNIPPET]) AC_DEFUN([CC_CHECK_FLAG_APPEND], [ AC_CACHE_CHECK([if $CC supports flag $3 in envvar $2], AS_TR_SH([cc_cv_$2_$3]), [eval "AS_TR_SH([cc_save_$2])='${$2}'" eval "AS_TR_SH([$2])='-Werror `echo "$3" | sed 's/^-Wno-/-W/'`'" - AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; } ])], + AC_LINK_IFELSE([AC_LANG_SOURCE(ifelse([$4], [], + [int main(void) { return 0; } ], + [$4]))], [eval "AS_TR_SH([cc_cv_$2_$3])='yes'"], [eval "AS_TR_SH([cc_cv_$2_$3])='no'"]) eval "AS_TR_SH([$2])='$cc_save_$2'"]) @@ -52,10 +55,10 @@ AC_DEFUN([CC_CHECK_FLAG_APPEND], [ [eval "$1='${$1} $3'"]) ]) -dnl CC_CHECK_FLAGS_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG1 FLAG2]) +dnl CC_CHECK_FLAGS_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG1 FLAG2], [C-SNIPPET]) AC_DEFUN([CC_CHECK_FLAGS_APPEND], [ - for flag in $3; do - CC_CHECK_FLAG_APPEND($1, $2, $flag) + for flag in [$3]; do + CC_CHECK_FLAG_APPEND([$1], [$2], $flag, [$4]) done ]) diff --git a/man/systemd-run.xml b/man/systemd-run.xml index b220e0dce1..8850735a34 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -381,7 +381,7 @@ Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.</programlisti as a service passing its standard input, output and error to the calling TTY.</para> - <programlisting># systemd-run -t /bin/bash</programlisting> + <programlisting># systemd-run -t --send-sighup /bin/bash</programlisting> </refsect1> diff --git a/src/basic/missing.h b/src/basic/missing.h index dc1f244d4c..9811b6b23e 100644 --- a/src/basic/missing.h +++ b/src/basic/missing.h @@ -139,6 +139,8 @@ static inline int pivot_root(const char *new_root, const char *put_old) { # define __NR_memfd_create 385 # elif defined __aarch64__ # define __NR_memfd_create 279 +# elif defined __s390__ +# define __NR_memfd_create 350 # elif defined _MIPS_SIM # if _MIPS_SIM == _MIPS_SIM_ABI32 # define __NR_memfd_create 4354 @@ -1028,7 +1030,12 @@ static inline int renameat2(int oldfd, const char *oldname, int newfd, const cha #if !HAVE_DECL_KCMP static inline int kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) { +#if defined(__NR_kcmp) return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2); +#else + errno = ENOSYS; + return -1; +#endif } #endif diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index fd13c6d019..868c8cc05a 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -847,27 +847,36 @@ int bus_exec_context_set_transient_property( return 1; - } else if (streq(name, "TTYPath")) { - const char *tty; + } else if (STR_IN_SET(name, + "TTYPath", "WorkingDirectory", "RootDirectory")) { + const char *s; - r = sd_bus_message_read(message, "s", &tty); + r = sd_bus_message_read(message, "s", &s); if (r < 0) return r; - if (!path_is_absolute(tty)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "TTY device not absolute path"); + if (!path_is_absolute(s)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s takes an absolute path", name); if (mode != UNIT_CHECK) { char *t; - t = strdup(tty); + t = strdup(s); if (!t) return -ENOMEM; - free(c->tty_path); - c->tty_path = t; + if (streq(name, "TTYPath")) { + free(c->tty_path); + c->tty_path = t; + } else if (streq(name, "WorkingDirectory")) { + free(c->working_directory); + c->working_directory = t; + } else if (streq(name, "RootDirectory")) { + free(c->root_directory); + c->root_directory = t; + } - unit_write_drop_in_private_format(u, mode, name, "TTYPath=%s\n", tty); + unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, s); } return 1; diff --git a/src/core/execute.c b/src/core/execute.c index 6e14848cd4..7796c07fcf 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -50,6 +50,7 @@ #include <sys/apparmor.h> #endif +#include "barrier.h" #include "sd-messages.h" #include "rm-rf.h" #include "strv.h" @@ -768,10 +769,11 @@ static int setup_pam( .appdata_ptr = NULL }; + _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; pam_handle_t *handle = NULL; sigset_t old_ss; int pam_code = PAM_SUCCESS; - int err; + int err = 0; char **e = NULL; bool close_session = false; pid_t pam_pid = 0, parent_pid; @@ -788,6 +790,10 @@ static int setup_pam( * daemon. We do things this way to ensure that the main PID * of the daemon is the one we initially fork()ed. */ + err = barrier_create(&barrier); + if (err < 0) + goto fail; + if (log_get_max_level() < LOG_DEBUG) flags |= PAM_SILENT; @@ -836,6 +842,7 @@ static int setup_pam( /* The child's job is to reset the PAM session on * termination */ + barrier_set_role(&barrier, BARRIER_CHILD); /* This string must fit in 10 chars (i.e. the length * of "/sbin/init"), to look pretty in /bin/ps */ @@ -863,6 +870,11 @@ static int setup_pam( if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) goto child_finish; + /* Tell the parent that our setup is done. This is especially + * important regarding dropping privileges. Otherwise, unit + * setup might race against our setresuid(2) call. */ + barrier_place(&barrier); + /* Check if our parent process might already have * died? */ if (getppid() == parent_pid) { @@ -898,6 +910,8 @@ static int setup_pam( _exit(r); } + barrier_set_role(&barrier, BARRIER_PARENT); + /* If the child was forked off successfully it will do all the * cleanups, so forget about the handle here. */ handle = NULL; @@ -909,6 +923,11 @@ static int setup_pam( * might have opened it, but we don't want this fd around. */ closelog(); + /* Synchronously wait for the child to initialize. We don't care for + * errors as we cannot recover. However, warn loudly if it happens. */ + if (!barrier_place_and_sync(&barrier)) + log_error("PAM initialization failed"); + *pam_env = e; e = NULL; @@ -919,7 +938,7 @@ fail: log_error("PAM failed: %s", pam_strerror(handle, pam_code)); err = -EPERM; /* PAM errors do not map to errno */ } else { - err = log_error_errno(errno, "PAM failed: %m"); + err = log_error_errno(err < 0 ? err : errno, "PAM failed: %m"); } if (handle) { @@ -1582,25 +1601,50 @@ static int exec_child( } } + umask(context->umask); + if (params->apply_permissions) { r = enforce_groups(context, username, gid); if (r < 0) { *exit_status = EXIT_GROUP; return r; } - } +#ifdef HAVE_SMACK + if (context->smack_process_label) { + r = mac_smack_apply_pid(0, context->smack_process_label); + if (r < 0) { + *exit_status = EXIT_SMACK_PROCESS_LABEL; + return r; + } + } +#ifdef SMACK_DEFAULT_PROCESS_LABEL + else { + _cleanup_free_ char *exec_label = NULL; - umask(context->umask); + r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label); + if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) { + *exit_status = EXIT_SMACK_PROCESS_LABEL; + return r; + } + r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL); + if (r < 0) { + *exit_status = EXIT_SMACK_PROCESS_LABEL; + return r; + } + } +#endif +#endif #ifdef HAVE_PAM - if (params->apply_permissions && context->pam_name && username) { - r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds); - if (r < 0) { - *exit_status = EXIT_PAM; - return r; + if (context->pam_name && username) { + r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds); + if (r < 0) { + *exit_status = EXIT_PAM; + return r; + } } - } #endif + } if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) { r = setup_netns(runtime->netns_storage_socket); @@ -1729,33 +1773,6 @@ static int exec_child( } } -#ifdef HAVE_SMACK - if (context->smack_process_label) { - r = mac_smack_apply_pid(0, context->smack_process_label); - if (r < 0) { - *exit_status = EXIT_SMACK_PROCESS_LABEL; - return r; - } - } -#ifdef SMACK_DEFAULT_PROCESS_LABEL - else { - _cleanup_free_ char *exec_label = NULL; - - r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label); - if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) { - *exit_status = EXIT_SMACK_PROCESS_LABEL; - return r; - } - - r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL); - if (r < 0) { - *exit_status = EXIT_SMACK_PROCESS_LABEL; - return r; - } - } -#endif -#endif - if (context->user) { r = enforce_user(context, uid); if (r < 0) { diff --git a/src/core/main.c b/src/core/main.c index 9c1f8648e7..b57f4c1b7a 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1807,6 +1807,13 @@ int main(int argc, char *argv[]) { goto finish; case MANAGER_EXIT: + if (m->running_as == MANAGER_USER) { + retval = EXIT_SUCCESS; + log_debug("Exit."); + goto finish; + } + + /* fallthrough */ case MANAGER_REBOOT: case MANAGER_POWEROFF: case MANAGER_HALT: diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 86f1c3bb1a..05a1358eca 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1794,7 +1794,6 @@ static int link_set_ipv6_privacy_extensions(Link *link) { static int link_set_ipv6_accept_ra(Link *link) { const char *p = NULL, *v = NULL; - bool b; int r; /* Make this a NOP if IPv6 is not available */ @@ -1804,20 +1803,21 @@ static int link_set_ipv6_accept_ra(Link *link) { if (link->flags & IFF_LOOPBACK) return 0; - /* if unset check the ip forwarding setting maintained for the interface - * and then set it to depending on that. enabled if local forwarding - * is disabled. disabled if local forwarding is enabled. + /* If unset use system default (enabled if local forwarding is disabled. + * disabled if local forwarding is enabled). + * If set, ignore or enforce RA independent of local forwarding state. */ if (link->network->ipv6_accept_ra < 0) { - if (IN_SET(link->network->ip_forward, ADDRESS_FAMILY_YES, ADDRESS_FAMILY_IPV6)) - b = false; - else - b = true; - } else - b = link->network->ipv6_accept_ra; - + /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */ + v = "1"; + } else if (link->network->ipv6_accept_ra > 0) { + /* "2" means accept RA even if ip_forward is enabled */ + v = "2"; + } else { + /* "0" means ignore RA */ + v = "0"; + } p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/accept_ra"); - v = one_zero(b); r = write_string_file(p, v, 0); if (r < 0) { diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index fdf41cec19..16b17c2c82 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -1492,7 +1492,8 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen "User", "Group", "DevicePolicy", "KillMode", "UtmpIdentifier", "UtmpMode", "PAMName", "TTYPath", "StandardInput", "StandardOutput", "StandardError", - "Description", "Slice", "Type")) + "Description", "Slice", "Type", "WorkingDirectory", + "RootDirectory")) r = sd_bus_message_append(m, "v", "s", eq); else if (streq(field, "DeviceAllow")) { |