diff options
41 files changed, 572 insertions, 296 deletions
diff --git a/Makefile-man.am b/Makefile-man.am index c47bedd0df..6f59658445 100644 --- a/Makefile-man.am +++ b/Makefile-man.am @@ -481,6 +481,7 @@ MANPAGES_ALIAS += \ man/systemd-udevd-control.socket.8 \ man/systemd-udevd-kernel.socket.8 \ man/systemd-udevd.8 \ + man/systemd-umount.1 \ man/systemd-update-done.8 \ man/systemd-user.conf.5 \ man/systemd-volatile-root.8 \ @@ -837,6 +838,7 @@ man/systemd-tmpfiles-setup.service.8: man/systemd-tmpfiles.8 man/systemd-udevd-control.socket.8: man/systemd-udevd.service.8 man/systemd-udevd-kernel.socket.8: man/systemd-udevd.service.8 man/systemd-udevd.8: man/systemd-udevd.service.8 +man/systemd-umount.1: man/systemd-mount.1 man/systemd-update-done.8: man/systemd-update-done.service.8 man/systemd-user.conf.5: man/systemd-system.conf.5 man/systemd-volatile-root.8: man/systemd-volatile-root.service.8 @@ -1787,6 +1789,9 @@ man/systemd-udevd-kernel.socket.html: man/systemd-udevd.service.html man/systemd-udevd.html: man/systemd-udevd.service.html $(html-alias) +man/systemd-umount.html: man/systemd-mount.html + $(html-alias) + man/systemd-update-done.html: man/systemd-update-done.service.html $(html-alias) diff --git a/Makefile.am b/Makefile.am index c87c547e05..9a435e3a66 100644 --- a/Makefile.am +++ b/Makefile.am @@ -673,6 +673,15 @@ EXTRA_DIST += \ @INTLTOOL_POLICY_RULE@ +systemd-mount-install-hook: + -$(LN_S) systemd-mount $(DESTDIR)$(bindir)/systemd-umount + +systemd-mount-uninstall-hook: + -rm $(DESTDIR)$(bindir)/systemd-umount + +INSTALL_EXEC_HOOKS += systemd-mount-install-hook +UNINSTALL_EXEC_HOOKS += systemd-mount-uninstall-hook + # ------------------------------------------------------------------------------ MANPAGES = @@ -67,13 +67,13 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG - Required for PrivateNetwork and PrivateDevices in service units: + Required for PrivateNetwork= and PrivateDevices= in service units: CONFIG_NET_NS CONFIG_DEVPTS_MULTIPLE_INSTANCES Note that systemd-localed.service and other systemd units use PrivateNetwork and PrivateDevices so this is effectively required. - Required for PrivateUsers in service units: + Required for PrivateUsers= in service units: CONFIG_USER_NS Optional but strongly recommended: @@ -24,6 +24,11 @@ Janitorial Clean-ups: Features: +* maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for + the sd-journal logging socket, and, if the timeout is set to 0, sets + O_NONBLOCK on it. That way people can control if and when to block for + logging. + * journald: when we recv a log datagram via the native or syslog transports, search for the PID in the active stream connections, and let's make sure to always process the datagrams before the streams. Then, cache client metadata @@ -35,6 +40,11 @@ Features: partitions automatically, to be used when the media used is actually larger than the image written onto it is. +* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing + after all. Be strict however, only support the equivalent of nspawn's + --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such + as MAINPID. + * change the dependency Set* objects in Unit structures to become Hashmap*, and then store a bit mask who created a specific dependency: the source unit via fragment configuration, the destination unit via fragment configuration, or @@ -48,6 +58,15 @@ Features: the service cgroup, which is supposed to monitor the service, and when it exits the service is considered failed by its monitor. +* track the per-service PAM process properly (i.e. as an additional control + process), so that it may be queried on the bus and everything. + +* add a new "debug" job mode, that is propagated to unit_start() and for + services results in two things: we raise SIGSTOP right before invoking + execve() and turn off watchdog support. Then, use that to implement + "systemd-gdb" for attaching to the start-up of any system service in its + natural habitat. + * replace all canonicalize_file_name() invocations by chase_symlinks(), in particulr those where a rootdir is relevant. @@ -55,6 +74,9 @@ Features: * set ProtectSystem=strict for all our usual services. +* fix PrivateNetwork= so that we fall back gracefully on kernels lacking + namespacing support (similar for the other namespacing options) + * maybe add gpt-partition-based user management: each user gets his own LUKS-encrypted GPT partition with a new GPT type. A small nss module enumerates users via udev partition enumeration. UIDs are assigned in a fixed diff --git a/catalog/systemd.ru.catalog.in b/catalog/systemd.ru.catalog.in index df55478592..3ee1ed63c0 100644 --- a/catalog/systemd.ru.catalog.in +++ b/catalog/systemd.ru.catalog.in @@ -1,7 +1,7 @@ # This file is part of systemd. # # Copyright 2012 Lennart Poettering -# Copyright 2013-2016 Sergey Ptashnick +# Copyright 2013-2017 Sergey Ptashnick # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by @@ -102,6 +102,18 @@ Documentation: man:core(5) Вероятно, это произошло из-за ошибки, допущенной в коде программы. Рекомендуется сообщить её разработчикам о возникшей проблеме. +# Subject: Core file was truncated to @SIZE_LIMIT@ bytes +-- 5aadd8e954dc4b1a8c954d63fd9e1137 +Subject: Файл с дампом памяти был урезан до @SIZE_LIMIT@ байт +Defined-By: systemd +Support: %SUPPORT_URL% +Documentation: man:coredump.conf(5) + +Объем памяти процесса превысил ограничения на размер дампа, установленные +для systemd-coredump(8). Записаны только первые @SIZE_LIMIT@ байт. Не исключено, +что этот дамп еще пригоден для анализа, хотя инструменты для анализа +дампов (например, gdb(1)) могут выдать предупреждение, что файл был урезан. + # Subject: A new session @SESSION_ID@ has been created for user @USER_ID@ -- 8d45620c1a4348dbb17410da57c60c66 Subject: Для пользователя @USER_ID@ создан новый сеанс @SESSION_ID@ @@ -175,6 +187,19 @@ Support: %SUPPORT_URL% Запуск системных служб занял @USERSPACE_USEC@ микросекунд. +# Subject: User manager start-up is now complete +-- eed00a68ffd84e31882105fd973abdd1 +Subject: Завершен запуск менеджера пользовательского сеанса +Defined-By: systemd +Support: %SUPPORT_URL% + +Менеджер пользовательского сеанса для пользователя с идентификатором @_UID@ +был запущен. Все службы, стоявшие в очереди на запуск, также были запущены. Тем +не менее, прочие службы могут все еще находиться в процессе запуска, либо могут +быть запущены позднее. + +Запуск менеджера занял @USERSPACE_USEC@ микросекунд. + # Subject: System sleep state @SLEEP@ entered -- 6bbd95ee977941e497c48be27c254128 Subject: Система перешла в состояние сна (@SLEEP@) diff --git a/configure.ac b/configure.ac index b9143d28ca..ab1d17c531 100644 --- a/configure.ac +++ b/configure.ac @@ -331,13 +331,15 @@ AC_CHECK_DECLS([ kcmp, keyctl, LO_FLAGS_PARTSCAN, - copy_file_range], + copy_file_range, + explicit_bzero], [], [], [[ #include <sys/types.h> #include <unistd.h> #include <sys/mount.h> #include <fcntl.h> #include <sched.h> +#include <string.h> #include <linux/loop.h> #include <linux/random.h> ]]) diff --git a/man/sd_notify.xml b/man/sd_notify.xml index 6e98041912..4dcefc4baf 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -268,6 +268,15 @@ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.</para> + <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if either + the sending process is still around at the time PID 1 processes the message, or if the sending process is + explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally forked + off the process, i.e. on all processes that match <varname>NotifyAccess=</varname><option>main</option> or + <varname>NotifyAccess=</varname><option>exec</option>. Conversely, if an auxiliary process of the unit sends an + <function>sd_notify()</function> message and immediately exits, the service manager might not be able to properly + attribute the message to the unit, and thus will ignore it, even if + <varname>NotifyAccess=</varname><option>all</option> is set for it.</para> + <para><function>sd_notifyf()</function> is similar to <function>sd_notify()</function> but takes a <function>printf()</function>-like format string plus diff --git a/man/systemd-mount.xml b/man/systemd-mount.xml index 06b7c85bd8..8bba286787 100644 --- a/man/systemd-mount.xml +++ b/man/systemd-mount.xml @@ -45,7 +45,8 @@ <refnamediv> <refname>systemd-mount</refname> - <refpurpose>Establish a mount or auto-mount point transiently</refpurpose> + <refname>systemd-umount</refname> + <refpurpose>Establish and destroy transient mount or auto-mount points</refpurpose> </refnamediv> <refsynopsisdiv> @@ -60,6 +61,11 @@ <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> <arg choice="plain"><option>--list</option></arg> </cmdsynopsis> + <cmdsynopsis> + <command>systemd-umount</command> + <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> + <arg choice="plain" rep="repeat"><replaceable>WHERE</replaceable></arg> + </cmdsynopsis> </refsynopsisdiv> <refsect1> @@ -91,6 +97,9 @@ <para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file systems that may be mounted with this command.</para> + + <para><command>systemd-umount</command> can be used to unmount a mount or automount point. It is the same + as <command>systemd-mount</command> <option>--unmount</option>.</para> </refsect1> <refsect1> @@ -239,6 +248,15 @@ such as labels, etc.</para></listitem> </varlistentry> + <varlistentry> + <term><option>-u</option></term> + <term><option>--umount</option></term> + + <listitem><para>Stop the mount and automount units corresponding to the specified mount points + <replaceable>WHERE</replaceable>.</para> + </listitem> + </varlistentry> + <xi:include href="user-system-options.xml" xpointer="user" /> <xi:include href="user-system-options.xml" xpointer="system" /> <xi:include href="user-system-options.xml" xpointer="host" /> diff --git a/man/systemd-notify.xml b/man/systemd-notify.xml index 4a8e119eb6..8c56a6b8ed 100644 --- a/man/systemd-notify.xml +++ b/man/systemd-notify.xml @@ -72,10 +72,24 @@ <para>The command line may carry a list of environment variables to send as part of the status update.</para> - <para>Note that systemd will refuse reception of status updates - from this command unless <varname>NotifyAccess=all</varname> is - set for the service unit this command is called from.</para> - + <para>Note that systemd will refuse reception of status updates from this command unless + <varname>NotifyAccess=</varname> is set for the service unit this command is called from.</para> + + <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if either + the sending process is still around at the time PID 1 processes the message, or if the sending process is + explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally forked + off the process, i.e. on all processes that match <varname>NotifyAccess=</varname><option>main</option> or + <varname>NotifyAccess=</varname><option>exec</option>. Conversely, if an auxiliary process of the unit sends an + <function>sd_notify()</function> message and immediately exits, the service manager might not be able to properly + attribute the message to the unit, and thus will ignore it, even if + <varname>NotifyAccess=</varname><option>all</option> is set for it.</para> + + <para><command>systemd-notify</command> will first attempt to invoke <function>sd_notify()</function> pretending to + have the PID of the invoking process. This will only succeed when invoked with sufficient privileges. On failure, + it will then fall back to invoking it under its own PID. This behaviour is useful in order that when the tool is + invoked from a shell script the shell process — and not the <command>systemd-notify</command> process — appears as + sender of the message, which in turn is helpful if the shell process is the main process of a service, due to the + limitations of <varname>NotifyAccess=</varname><option>all</option> described above.</para> </refsect1> <refsect1> diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 1ac5124aa3..5e44b1523d 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -250,7 +250,7 @@ command. See <varname>OnActiveSec=</varname>, <varname>OnBootSec=</varname>, <varname>OnStartupSec=</varname>, <varname>OnUnitActiveSec=</varname> and <varname>OnUnitInactiveSec=</varname> in <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry> for - details. These options may not be combined with <option>--scope</option>.</para> + details. These options may not be combined with <option>--scope</option> or <option>--pty</option>.</para> </listitem> </varlistentry> @@ -259,7 +259,7 @@ <listitem><para>Defines a calendar timer for starting the specified command. See <varname>OnCalendar=</varname> in <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This - option may not be combined with <option>--scope</option>.</para> + option may not be combined with <option>--scope</option> or <option>--pty</option>.</para> </listitem> </varlistentry> diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml index a86b13daa8..b8a7800b82 100644 --- a/man/systemd-socket-proxyd.xml +++ b/man/systemd-socket-proxyd.xml @@ -135,8 +135,7 @@ server { </example> <example> <title>Enabling the proxy</title> - <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket -# systemctl start proxy-to-nginx.socket + <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket $ curl http://localhost:80/]]></programlisting> </example> </refsect2> @@ -176,8 +175,7 @@ server { </example> <example> <title>Enabling the proxy</title> - <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket -# systemctl start proxy-to-nginx.socket + <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket $ curl http://localhost:80/]]></programlisting> </example> </refsect2> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 699f6e263f..bb38ea2467 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1508,40 +1508,29 @@ <varlistentry> <term><varname>RestrictAddressFamilies=</varname></term> - <listitem><para>Restricts the set of socket address families - accessible to the processes of this unit. Takes a - space-separated list of address family names to whitelist, - such as - <constant>AF_UNIX</constant>, - <constant>AF_INET</constant> or - <constant>AF_INET6</constant>. When - prefixed with <constant>~</constant> the listed address - families will be applied as blacklist, otherwise as whitelist. - Note that this restricts access to the - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry> - system call only. Sockets passed into the process by other - means (for example, by using socket activation with socket - units, see - <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>) - are unaffected. Also, sockets created with - <function>socketpair()</function> (which creates connected - AF_UNIX sockets only) are unaffected. Note that this option - has no effect on 32-bit x86 and is ignored (but works - correctly on x86-64). If running in user mode, or in system - mode, but without the <constant>CAP_SYS_ADMIN</constant> - capability (e.g. setting <varname>User=nobody</varname>), - <varname>NoNewPrivileges=yes</varname> is implied. By - default, no restriction applies, all address families are - accessible to processes. If assigned the empty string, any - previous list changes are undone.</para> - - <para>Use this option to limit exposure of processes to remote - systems, in particular via exotic network protocols. Note that - in most cases, the local <constant>AF_UNIX</constant> address - family should be included in the configured whitelist as it is - frequently used for local communication, including for + <listitem><para>Restricts the set of socket address families accessible to the processes of this unit. Takes a + space-separated list of address family names to whitelist, such as <constant>AF_UNIX</constant>, + <constant>AF_INET</constant> or <constant>AF_INET6</constant>. When prefixed with <constant>~</constant> the + listed address families will be applied as blacklist, otherwise as whitelist. Note that this restricts access + to the <citerefentry + project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call + only. Sockets passed into the process by other means (for example, by using socket activation with socket + units, see <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>) + are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected AF_UNIX + sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x, mips, mips-le, + ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other architectures, including x86-64). If + running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability + (e.g. setting <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. By default, + no restrictions apply, all address families are accessible to processes. If assigned the empty string, any + previous address familiy restriction changes are undone. This setting does not affect commands prefixed with + <literal>+</literal>.</para> + + <para>Use this option to limit exposure of processes to remote access, in particular via exotic and sensitive + network protocols, such as <constant>AF_PACKET</constant>. Note that in most cases, the local + <constant>AF_UNIX</constant> address family should be included in the configured whitelist as it is frequently + used for local communication, including for <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry> - logging. This does not affect commands prefixed with <literal>+</literal>.</para></listitem> + logging.</para></listitem> </varlistentry> <varlistentry> @@ -1694,9 +1683,7 @@ <term><varname>$SHELL</varname></term> <listitem><para>User name (twice), home directory, and the - login shell. The variables are set for the units that have - <varname>User=</varname> set, which includes user - <command>systemd</command> instances. See + login shell. See <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>. </para></listitem> </varlistentry> diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 522ed5e61e..627176750f 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -136,9 +136,10 @@ process it supervises. A number of options that may be used in this section are shared with other unit types. These options are documented in - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> + <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> and - <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The options specific to the <literal>[Service]</literal> section of service units are the following:</para> @@ -792,26 +793,26 @@ <varlistentry> <term><varname>NotifyAccess=</varname></term> - <listitem><para>Controls access to the service status - notification socket, as accessible via the - <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> - call. Takes one of <option>none</option> (the default), - <option>main</option>, <option>exec</option> or - <option>all</option>. If <option>none</option>, no daemon status - updates are accepted from the service processes, all status - update messages are ignored. If <option>main</option>, only - service updates sent from the main process of the service are - accepted. If <option>exec</option>, only service updates sent - from any of the control processes originating from one of the - <varname>Exec*=</varname> commands are accepted. If - <option>all</option>, all services updates from all members of - the service's control group are accepted. This option should - be set to open access to the notification socket when using - <varname>Type=notify</varname> or - <varname>WatchdogSec=</varname> (see above). If those options - are used but <varname>NotifyAccess=</varname> is not - configured, it will be implicitly set to - <option>main</option>.</para></listitem> + <listitem><para>Controls access to the service status notification socket, as accessible via the + <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> call. Takes one + of <option>none</option> (the default), <option>main</option>, <option>exec</option> or + <option>all</option>. If <option>none</option>, no daemon status updates are accepted from the service + processes, all status update messages are ignored. If <option>main</option>, only service updates sent from the + main process of the service are accepted. If <option>exec</option>, only service updates sent from any of the + main or control processes originating from one of the <varname>Exec*=</varname> commands are accepted. If + <option>all</option>, all services updates from all members of the service's control group are accepted. This + option should be set to open access to the notification socket when using <varname>Type=notify</varname> or + <varname>WatchdogSec=</varname> (see above). If those options are used but <varname>NotifyAccess=</varname> is + not configured, it will be implicitly set to <option>main</option>.</para> + + <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if + either the sending process is still around at the time PID 1 processes the message, or if the sending process + is explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally + forked off the process, i.e. on all processes that match <option>main</option> or + <option>exec</option>. Conversely, if an auxiliary process of the unit sends an + <function>sd_notify()</function> message and immediately exits, the service manager might not be able to + properly attribute the message to the unit, and thus will ignore it, even if + <varname>NotifyAccess=</varname><option>all</option> is set for it.</para></listitem> </varlistentry> <varlistentry> diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index dbb0dc7bd7..eb00a2e88e 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -203,7 +203,8 @@ <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence - over unit files wherever located.</para> + over unit files wherever located. Multiple drop-in files with different names are applied in + lexicographic order, regardless of which of the directories they reside in.</para> <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want people to use .d/ drop-ins instead. --> @@ -1343,7 +1344,7 @@ ExecStart=/usr/sbin/foo-daemon file <filename><replaceable>name</replaceable>.conf</filename> there that only changes the specific settings one is interested in. Note that multiple such drop-in files are read if - present.</para> + present, processed in lexicographic order of their filename.</para> <para>The advantage of the first method is that one easily overrides the complete unit, the vendor unit is not parsed at @@ -9,24 +9,24 @@ msgstr "" "Project-Id-Version: systemd master\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-04-23 14:24+0200\n" -"PO-Revision-Date: 2016-11-30 16:00+0100\n" +"PO-Revision-Date: 2017-02-07 18:38+0100\n" "Last-Translator: Daniel Rusek <mail@asciiwolf.com>\n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " -"|| n%100>=20) ? 1 : 2);\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n" +"%100>=20) ? 1 : 2);\n" +"Language-Team: \n" +"X-Generator: Poedit 1.8.7.1\n" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:1 msgid "Send passphrase back to system" msgstr "Odeslat heslo zpět do systému" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:2 -msgid "" -"Authentication is required to send the entered passphrase back to the system." -msgstr "" -"Autentizace je vyžadována pro odeslání zadaného hesla do systému." +msgid "Authentication is required to send the entered passphrase back to the system." +msgstr "Autentizace je vyžadována pro odeslání zadaného hesla do systému." #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:3 msgid "Manage system services or other units" @@ -35,8 +35,7 @@ msgstr "Správa systémových služeb nebo dalších jednotek" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:4 msgid "Authentication is required to manage system services or other units." msgstr "" -"Autentizace je vyžadována pro správu systémových služeb nebo dalších " -"jednotek." +"Autentizace je vyžadována pro správu systémových služeb nebo dalších jednotek." #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:5 msgid "Manage system service or unit files" @@ -48,17 +47,15 @@ msgstr "Autentizace je vyžadována pro správu systémové služby nebo soubor #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:7 msgid "Set or unset system and service manager environment variables" -msgstr "" -"Nastavení nebo rušení proměnných správce systému a služeb" - +msgstr "Nastavení nebo rušení proměnných správce systému a služeb" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:8 msgid "" -"Authentication is required to set or unset system and service manager " -"environment variables." +"Authentication is required to set or unset system and service manager environment " +"variables." msgstr "" -"Autentizace je vyžadována pro nastavení nebo rušení proměnných správce " -"systému a služeb." +"Autentizace je vyžadována pro nastavení nebo rušení proměnných správce systému a " +"služeb." #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:9 msgid "Reload the systemd state" @@ -82,11 +79,11 @@ msgstr "Nastavení statického názvu stoje" #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4 msgid "" -"Authentication is required to set the statically configured local host name, " -"as well as the pretty host name." +"Authentication is required to set the statically configured local host name, as " +"well as the pretty host name." msgstr "" -"Autentizace je vyžadována pro nastavení staticky konfigurovaného názvu " -"lokálního stroje, stejně tak pro změnu uživatelsky přívětivého jména." +"Autentizace je vyžadována pro nastavení staticky konfigurovaného názvu lokálního " +"stroje, stejně tak pro změnu uživatelsky přívětivého jména." #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5 msgid "Set machine information" @@ -137,18 +134,15 @@ msgstr "Nastavení systémové konfigurace klávesnice" #: ../src/locale/org.freedesktop.locale1.policy.in.h:4 msgid "Authentication is required to set the system keyboard settings." -msgstr "" -"Autentizace je vyžadována pro nastavení systémové konfigurace klávesnice." +msgstr "Autentizace je vyžadována pro nastavení systémové konfigurace klávesnice." #: ../src/login/org.freedesktop.login1.policy.in.h:1 msgid "Allow applications to inhibit system shutdown" msgstr "Povolit aplikacím zakázat vypnutí systému" #: ../src/login/org.freedesktop.login1.policy.in.h:2 -msgid "" -"Authentication is required for an application to inhibit system shutdown." -msgstr "" -"Autentizace je vyžadována pro povolení aplikacím zakázat vypnutí systému." +msgid "Authentication is required for an application to inhibit system shutdown." +msgstr "Autentizace je vyžadována pro povolení aplikacím zakázat vypnutí systému." #: ../src/login/org.freedesktop.login1.policy.in.h:3 msgid "Allow applications to delay system shutdown" @@ -156,8 +150,7 @@ msgstr "Povolit aplikacím odložit vypnutí systému" #: ../src/login/org.freedesktop.login1.policy.in.h:4 msgid "Authentication is required for an application to delay system shutdown." -msgstr "" -"Autentizace je vyžadována pro povolení aplikacím odložit vypnutí systému." +msgstr "Autentizace je vyžadována pro povolení aplikacím odložit vypnutí systému." #: ../src/login/org.freedesktop.login1.policy.in.h:5 msgid "Allow applications to inhibit system sleep" @@ -165,8 +158,7 @@ msgstr "Povolit aplikacím zakázat uspání systému" #: ../src/login/org.freedesktop.login1.policy.in.h:6 msgid "Authentication is required for an application to inhibit system sleep." -msgstr "" -"Autentizace je vyžadována pro povolení aplikacím zakázat uspání systému." +msgstr "Autentizace je vyžadována pro povolení aplikacím zakázat uspání systému." #: ../src/login/org.freedesktop.login1.policy.in.h:7 msgid "Allow applications to delay system sleep" @@ -174,8 +166,7 @@ msgstr "Povolit aplikacím odložit uspání systému" #: ../src/login/org.freedesktop.login1.policy.in.h:8 msgid "Authentication is required for an application to delay system sleep." -msgstr "" -"Autentizace je vyžadována pro povolení aplikacím odložit uspání systému." +msgstr "Autentizace je vyžadována pro povolení aplikacím odložit uspání systému." #: ../src/login/org.freedesktop.login1.policy.in.h:9 msgid "Allow applications to inhibit automatic system suspend" @@ -183,47 +174,43 @@ msgstr "Povolit aplikacím zakázat automatické vypnutí systému" #: ../src/login/org.freedesktop.login1.policy.in.h:10 msgid "" -"Authentication is required for an application to inhibit automatic system " -"suspend." +"Authentication is required for an application to inhibit automatic system suspend." msgstr "" -"Autentizace je vyžadována pro povolení aplikacím zakázat automatické " -"vypnutí systému." +"Autentizace je vyžadována pro povolení aplikacím zakázat automatické vypnutí " +"systému." #: ../src/login/org.freedesktop.login1.policy.in.h:11 msgid "Allow applications to inhibit system handling of the power key" -msgstr "" -"Povolit aplikacím zakázat chovaní systému na stisknutí vypínacího tlačítka" +msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí vypínacího tlačítka" #: ../src/login/org.freedesktop.login1.policy.in.h:12 msgid "" -"Authentication is required for an application to inhibit system handling of " -"the power key." +"Authentication is required for an application to inhibit system handling of the " +"power key." msgstr "" "Autentizace je vyžadována pro povolení aplikacím zakázat chovaní systému na " "stisknutí vypínacího tlačítka." #: ../src/login/org.freedesktop.login1.policy.in.h:13 msgid "Allow applications to inhibit system handling of the suspend key" -msgstr "" -"Povolit aplikacím zakázat chovaní systému na stisknutí uspávacího tlačítka" +msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí uspávacího tlačítka" #: ../src/login/org.freedesktop.login1.policy.in.h:14 msgid "" -"Authentication is required for an application to inhibit system handling of " -"the suspend key." +"Authentication is required for an application to inhibit system handling of the " +"suspend key." msgstr "" "Autentizace je vyžadována pro povolení aplikacím zakázat chovaní systému na " "stisknutí uspávacího tlačítka." #: ../src/login/org.freedesktop.login1.policy.in.h:15 msgid "Allow applications to inhibit system handling of the hibernate key" -msgstr "" -"Povolit aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace" +msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace" #: ../src/login/org.freedesktop.login1.policy.in.h:16 msgid "" -"Authentication is required for an application to inhibit system handling of " -"the hibernate key." +"Authentication is required for an application to inhibit system handling of the " +"hibernate key." msgstr "" "Autentizace je vyžadována pro povolení aplikacím zakázat chovaní systému na " "stisknutí tlačítka hibernace." @@ -234,8 +221,8 @@ msgstr "Povolit aplikacím zakázat chovaní systému na zavření víka" #: ../src/login/org.freedesktop.login1.policy.in.h:18 msgid "" -"Authentication is required for an application to inhibit system handling of " -"the lid switch." +"Authentication is required for an application to inhibit system handling of the " +"lid switch." msgstr "" "Autentizace je vyžadována pro povolení aplikacím zakázat chovaní systému na " "zavření víka." @@ -255,8 +242,7 @@ msgstr "Povolit nepřihlášeným uživatelům spouštět programy" #: ../src/login/org.freedesktop.login1.policy.in.h:22 msgid "Authentication is required to run programs as a non-logged-in user." -msgstr "" -"Autentizace je vyžadována ke spuštění programů jako nepřihlášený uživatel." +msgstr "Autentizace je vyžadována ke spuštění programů jako nepřihlášený uživatel." #: ../src/login/org.freedesktop.login1.policy.in.h:23 msgid "Allow attaching devices to seats" @@ -271,8 +257,7 @@ msgid "Flush device to seat attachments" msgstr "Odstranění přiřazení zařízení ke stanovištím" #: ../src/login/org.freedesktop.login1.policy.in.h:26 -msgid "" -"Authentication is required for resetting how devices are attached to seats." +msgid "Authentication is required for resetting how devices are attached to seats." msgstr "" "Autentizace je vyžadována pro reset způsobu jak jsou zařízení přiřazována ke " "stanovištím." @@ -294,8 +279,8 @@ msgid "" "Authentication is required for powering off the system while other users are " "logged in." msgstr "" -"Autentizace je vyžadována pro vypnutí systému, když jsou přihlášeni " -"další uživatelé." +"Autentizace je vyžadována pro vypnutí systému, když jsou přihlášeni další " +"uživatelé." #: ../src/login/org.freedesktop.login1.policy.in.h:31 msgid "Power off the system while an application asked to inhibit it" @@ -303,11 +288,11 @@ msgstr "Vypnout systém, i když aplikace požádala o zákaz vypnutí" #: ../src/login/org.freedesktop.login1.policy.in.h:32 msgid "" -"Authentication is required for powering off the system while an application " -"asked to inhibit it." +"Authentication is required for powering off the system while an application asked " +"to inhibit it." msgstr "" -"Autentizace je vyžadována pro vypnutí systému, když aplikace požádala o " -"zákaz vypnutí." +"Autentizace je vyžadována pro vypnutí systému, když aplikace požádala o zákaz " +"vypnutí." #: ../src/login/org.freedesktop.login1.policy.in.h:33 msgid "Reboot the system" @@ -323,11 +308,11 @@ msgstr "Restartovat systém, i když jsou přihlášeni další uživatelé" #: ../src/login/org.freedesktop.login1.policy.in.h:36 msgid "" -"Authentication is required for rebooting the system while other users are " -"logged in." +"Authentication is required for rebooting the system while other users are logged " +"in." msgstr "" -"Autentizace je vyžadována pro restart systému, když jsou přihlášeni " -"další uživatelé." +"Autentizace je vyžadována pro restart systému, když jsou přihlášeni další " +"uživatelé." #: ../src/login/org.freedesktop.login1.policy.in.h:37 msgid "Reboot the system while an application asked to inhibit it" @@ -335,11 +320,11 @@ msgstr "Restartovat systém, i když aplikace požádala o zákaz restartu" #: ../src/login/org.freedesktop.login1.policy.in.h:38 msgid "" -"Authentication is required for rebooting the system while an application " -"asked to inhibit it." +"Authentication is required for rebooting the system while an application asked to " +"inhibit it." msgstr "" -"Autentizace je vyžadována pro restart systému, když aplikace požádala o " -"zákaz restartu." +"Autentizace je vyžadována pro restart systému, když aplikace požádala o zákaz " +"restartu." #: ../src/login/org.freedesktop.login1.policy.in.h:39 msgid "Suspend the system" @@ -355,11 +340,10 @@ msgstr "Uspat systém, i když jsou přihlášeni další uživatelé" #: ../src/login/org.freedesktop.login1.policy.in.h:42 msgid "" -"Authentication is required for suspending the system while other users are " -"logged in." +"Authentication is required for suspending the system while other users are logged " +"in." msgstr "" -"Autentizace je vyžadována pro uspání systému, když jsou přihlášeni " -"další uživatelé." +"Autentizace je vyžadována pro uspání systému, když jsou přihlášeni další uživatelé." #: ../src/login/org.freedesktop.login1.policy.in.h:43 msgid "Suspend the system while an application asked to inhibit it" @@ -367,11 +351,11 @@ msgstr "Uspat systém, i když aplikace požádala o zákaz uspání" #: ../src/login/org.freedesktop.login1.policy.in.h:44 msgid "" -"Authentication is required for suspending the system while an application " -"asked to inhibit it." +"Authentication is required for suspending the system while an application asked to " +"inhibit it." msgstr "" -"Autentizace je vyžadována pro uspání systému, když aplikace požádala o " -"zákaz uspání." +"Autentizace je vyžadována pro uspání systému, když aplikace požádala o zákaz " +"uspání." #: ../src/login/org.freedesktop.login1.policy.in.h:45 msgid "Hibernate the system" @@ -387,11 +371,11 @@ msgstr "Hibernovat systém, i když jsou přihlášeni další uživatelé" #: ../src/login/org.freedesktop.login1.policy.in.h:48 msgid "" -"Authentication is required for hibernating the system while other users are " -"logged in." +"Authentication is required for hibernating the system while other users are logged " +"in." msgstr "" -"Autentizace je vyžadována pro hibernaci systému, když jsou přihlášeni " -"další uživatelé." +"Autentizace je vyžadována pro hibernaci systému, když jsou přihlášeni další " +"uživatelé." #: ../src/login/org.freedesktop.login1.policy.in.h:49 msgid "Hibernate the system while an application asked to inhibit it" @@ -399,19 +383,18 @@ msgstr "Hibernace systému, i když aplikace požádala o zákaz hibernace" #: ../src/login/org.freedesktop.login1.policy.in.h:50 msgid "" -"Authentication is required for hibernating the system while an application " -"asked to inhibit it." +"Authentication is required for hibernating the system while an application asked " +"to inhibit it." msgstr "" -"Autentizace je vyžadována pro hibernaci systému, když aplikace požádala o " -"zákaz hibernace." +"Autentizace je vyžadována pro hibernaci systému, když aplikace požádala o zákaz " +"hibernace." #: ../src/login/org.freedesktop.login1.policy.in.h:51 msgid "Manage active sessions, users and seats" msgstr "Správa aktivních sezení, uživatelů a stanovišť" #: ../src/login/org.freedesktop.login1.policy.in.h:52 -msgid "" -"Authentication is required for managing active sessions, users and seats." +msgid "Authentication is required for managing active sessions, users and seats." msgstr "" "Autentizace je vyžadována pro správu aktivních sezení, uživatelů a stanovišť." @@ -429,8 +412,7 @@ msgstr "Povolit indikaci firmwaru bootovat instalační prostředí" #: ../src/login/org.freedesktop.login1.policy.in.h:56 msgid "" -"Authentication is required to indicate to the firmware to boot to setup " -"interface." +"Authentication is required to indicate to the firmware to boot to setup interface." msgstr "" "Autentizace je vyžadována k povolení indikace firmwaru bootovat instalační " "prostředí." @@ -480,8 +462,7 @@ msgid "Acquire a pseudo TTY in a local container" msgstr "Získání Pseudo TTY v lokálním kontejneru" #: ../src/machine/org.freedesktop.machine1.policy.in.h:10 -msgid "" -"Authentication is required to acquire a pseudo TTY in a local container." +msgid "Authentication is required to acquire a pseudo TTY in a local container." msgstr "Autentizace je vyžadována pro získání pseudo TTY v lokálním kontejneru." #: ../src/machine/org.freedesktop.machine1.policy.in.h:11 @@ -497,8 +478,7 @@ msgid "Manage local virtual machines and containers" msgstr "Spravovat lokální virtuální stroje a kontejnery" #: ../src/machine/org.freedesktop.machine1.policy.in.h:14 -msgid "" -"Authentication is required to manage local virtual machines and containers." +msgid "Authentication is required to manage local virtual machines and containers." msgstr "" "Autentizace je vyžadována pro správu lokálních virtuálních strojů a kontejnerů." @@ -508,10 +488,8 @@ msgstr "Spravovat lokální obrazy virtuálních strojů a kontejnerů" #: ../src/machine/org.freedesktop.machine1.policy.in.h:16 msgid "" -"Authentication is required to manage local virtual machine and container " -"images." -msgstr "" -"Autentizace je vyžadována ke správě obrazů virtuálních strojů a kontejnerů." +"Authentication is required to manage local virtual machine and container images." +msgstr "Autentizace je vyžadována ke správě obrazů virtuálních strojů a kontejnerů." #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:1 msgid "Set system time" @@ -535,11 +513,10 @@ msgstr "Nastavit RTC na lokální časovou zónu nebo UTC" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:6 msgid "" -"Authentication is required to control whether the RTC stores the local or " -"UTC time." +"Authentication is required to control whether the RTC stores the local or UTC time." msgstr "" -"Autentizace je vyžadována pro kontrolu jestli RTC ukládá lokální časovou " -"zónu nebo UTC čas." +"Autentizace je vyžadována pro kontrolu jestli RTC ukládá lokální časovou zónu nebo " +"UTC čas." #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:7 msgid "Turn network time synchronization on or off" @@ -547,8 +524,8 @@ msgstr "Zapnout nebo vypnout synchronizaci s časem ze sítě" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:8 msgid "" -"Authentication is required to control whether network time synchronization " -"shall be enabled." +"Authentication is required to control whether network time synchronization shall " +"be enabled." msgstr "Autentizace je vyžadována pro kontrolu synchronizace času ze sítě." #: ../src/core/dbus-unit.c:459 @@ -573,9 +550,7 @@ msgstr "Autentizace je vyžadována pro ukončení „$(unit)”." #: ../src/core/dbus-unit.c:601 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." -msgstr "" -"Autentizace je vyžadována pro resetování chybného stavu " -"„$(unit)”." +msgstr "Autentizace je vyžadována pro resetování chybného stavu „$(unit)”." #: ../src/core/dbus-unit.c:634 msgid "Authentication is required to set properties on '$(unit)'." diff --git a/po/id.po b/po/id.po index 72eb94c7ec..72eb94c7ec 100755..100644 --- a/po/id.po +++ b/po/id.po diff --git a/src/basic/string-util.c b/src/basic/string-util.c index 2ba3604ba0..9d2f4bc8f9 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c @@ -821,6 +821,7 @@ int free_and_strdup(char **p, const char *s) { return 1; } +#if !HAVE_DECL_EXPLICIT_BZERO /* * Pointer to memset is volatile so that compiler must de-reference * the pointer and can't assume that it points to any function in @@ -831,19 +832,19 @@ typedef void *(*memset_t)(void *,int,size_t); static volatile memset_t memset_func = memset; -void* memory_erase(void *p, size_t l) { - return memset_func(p, 'x', l); +void explicit_bzero(void *p, size_t l) { + memset_func(p, '\0', l); } +#endif char* string_erase(char *x) { - if (!x) return NULL; /* A delicious drop of snake-oil! To be called on memory where * we stored passphrases or so, after we used them. */ - - return memory_erase(x, strlen(x)); + explicit_bzero(x, strlen(x)); + return x; } char *string_free_erase(char *s) { diff --git a/src/basic/string-util.h b/src/basic/string-util.h index e99f7964be..be44dedff4 100644 --- a/src/basic/string-util.h +++ b/src/basic/string-util.h @@ -189,7 +189,10 @@ static inline void *memmem_safe(const void *haystack, size_t haystacklen, const return memmem(haystack, haystacklen, needle, needlelen); } -void* memory_erase(void *p, size_t l); +#if !HAVE_DECL_EXPLICIT_BZERO +void explicit_bzero(void *p, size_t l); +#endif + char *string_erase(char *x); char *string_free_erase(char *s); diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c index ea79b9185e..5574c14555 100644 --- a/src/cgls/cgls.c +++ b/src/cgls/cgls.c @@ -241,9 +241,9 @@ int main(int argc, char *argv[]) { goto finish; } - r = cg_split_spec(*name, &c, &p); - if (r < 0) { - log_error_errno(r, "Failed to split argument %s: %m", *name); + q = cg_split_spec(*name, &c, &p); + if (q < 0) { + log_error_errno(q, "Failed to split argument %s: %m", *name); goto failed; } diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 9876251438..0136d38833 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -19,6 +19,7 @@ #include <errno.h> #include <sys/prctl.h> +#include <sys/statvfs.h> #include <unistd.h> #include "alloc-util.h" @@ -38,6 +39,7 @@ #include "fs-util.h" #include "install.h" #include "log.h" +#include "parse-util.h" #include "path-util.h" #include "selinux-access.h" #include "stat-util.h" @@ -48,6 +50,10 @@ #include "virt.h" #include "watchdog.h" +/* Require 16MiB free in /run/systemd for reloading/reexecing. After all we need to serialize our state there, and if + * we can't we'll fail badly. */ +#define RELOAD_DISK_SPACE_MIN (UINT64_C(16) * UINT64_C(1024) * UINT64_C(1024)) + static UnitFileFlags unit_file_bools_to_flags(bool runtime, bool force) { return (runtime ? UNIT_FILE_RUNTIME : 0) | (force ? UNIT_FILE_FORCE : 0); @@ -1312,6 +1318,40 @@ static int method_refuse_snapshot(sd_bus_message *message, void *userdata, sd_bu return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Support for snapshots has been removed."); } +static int verify_run_space(const char *message, sd_bus_error *error) { + struct statvfs svfs; + uint64_t available; + + if (statvfs("/run/systemd", &svfs) < 0) + return sd_bus_error_set_errnof(error, errno, "Failed to statvfs(/run/systemd): %m"); + + available = (uint64_t) svfs.f_bfree * (uint64_t) svfs.f_bsize; + + if (available < RELOAD_DISK_SPACE_MIN) { + char fb_available[FORMAT_BYTES_MAX], fb_need[FORMAT_BYTES_MAX]; + return sd_bus_error_setf(error, + BUS_ERROR_DISK_FULL, + "%s, not enough space available on /run/systemd. " + "Currently, %s are free, but a safety buffer of %s is enforced.", + message, + format_bytes(fb_available, sizeof(fb_available), available), + format_bytes(fb_need, sizeof(fb_need), RELOAD_DISK_SPACE_MIN)); + } + + return 0; +} + +int verify_run_space_and_log(const char *message) { + sd_bus_error error = SD_BUS_ERROR_NULL; + int r; + + r = verify_run_space(message, &error); + if (r < 0) + log_error_errno(r, "%s", bus_error_message(&error, r)); + + return r; +} + static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) { Manager *m = userdata; int r; @@ -1319,6 +1359,10 @@ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error * assert(message); assert(m); + r = verify_run_space("Refusing to reload", error); + if (r < 0) + return r; + r = mac_selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1351,6 +1395,10 @@ static int method_reexecute(sd_bus_message *message, void *userdata, sd_bus_erro assert(message); assert(m); + r = verify_run_space("Refusing to reexecute", error); + if (r < 0) + return r; + r = mac_selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1469,11 +1517,26 @@ static int method_switch_root(sd_bus_message *message, void *userdata, sd_bus_er char *ri = NULL, *rt = NULL; const char *root, *init; Manager *m = userdata; + struct statvfs svfs; + uint64_t available; int r; assert(message); assert(m); + if (statvfs("/run/systemd", &svfs) < 0) + return sd_bus_error_set_errnof(error, errno, "Failed to statvfs(/run/systemd): %m"); + + available = (uint64_t) svfs.f_bfree * (uint64_t) svfs.f_bsize; + + if (available < RELOAD_DISK_SPACE_MIN) { + char fb_available[FORMAT_BYTES_MAX], fb_need[FORMAT_BYTES_MAX]; + log_warning("Dangerously low amount of free space on /run/systemd, root switching operation might not complete successfuly. " + "Currently, %s are free, but %s are suggested. Proceeding anyway.", + format_bytes(fb_available, sizeof(fb_available), available), + format_bytes(fb_need, sizeof(fb_need), RELOAD_DISK_SPACE_MIN)); + } + r = mac_selinux_access_check(message, "reboot", error); if (r < 0) return r; diff --git a/src/core/dbus-manager.h b/src/core/dbus-manager.h index 36a2e9481b..9f3222da28 100644 --- a/src/core/dbus-manager.h +++ b/src/core/dbus-manager.h @@ -26,3 +26,5 @@ extern const sd_bus_vtable bus_manager_vtable[]; void bus_manager_send_finished(Manager *m, usec_t firmware_usec, usec_t loader_usec, usec_t kernel_usec, usec_t initrd_usec, usec_t userspace_usec, usec_t total_usec); void bus_manager_send_reloading(Manager *m, bool active); void bus_manager_send_change_signal(Manager *m); + +int verify_run_space_and_log(const char *message); diff --git a/src/core/execute.c b/src/core/execute.c index 47cc4311c1..aa0ddb564e 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -815,13 +815,10 @@ static int get_fixed_user(const ExecContext *c, const char **user, assert(c); - if (!c->user) - return 0; - /* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway * (i.e. are "/" or "/bin/nologin"). */ - name = c->user; + name = c->user ?: "root"; r = get_user_creds_clean(&name, uid, gid, home, shell); if (r < 0) return r; @@ -2439,11 +2436,12 @@ static int exec_child( } if (context->utmp_id) - utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path, + utmp_put_init_process(context->utmp_id, getpid(), getsid(0), + context->tty_path, context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS : context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS : USER_PROCESS, - username ? "root" : context->user); + username); if (context->user) { r = chown_terminal(STDIN_FILENO, uid); diff --git a/src/core/manager.c b/src/core/manager.c index d83c5ef5e2..e4da945777 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1984,7 +1984,9 @@ static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t if (MANAGER_IS_SYSTEM(m)) { /* This is for compatibility with the * original sysvinit */ - m->exit_code = MANAGER_REEXECUTE; + r = verify_run_space_and_log("Refusing to reexecute"); + if (r >= 0) + m->exit_code = MANAGER_REEXECUTE; break; } @@ -2061,7 +2063,9 @@ static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t } case SIGHUP: - m->exit_code = MANAGER_RELOAD; + r = verify_run_space_and_log("Refusing to reload"); + if (r >= 0) + m->exit_code = MANAGER_RELOAD; break; default: { @@ -2432,18 +2436,22 @@ void manager_send_unit_plymouth(Manager *m, Unit *u) { } int manager_open_serialization(Manager *m, FILE **_f) { - const char *path; int fd = -1; FILE *f; assert(_f); - path = MANAGER_IS_SYSTEM(m) ? "/run/systemd" : "/tmp"; - fd = open_tmpfile_unlinkable(path, O_RDWR|O_CLOEXEC); - if (fd < 0) - return -errno; + fd = memfd_create("systemd-serialization", MFD_CLOEXEC); + if (fd < 0) { + const char *path; - log_debug("Serializing state to %s", path); + path = MANAGER_IS_SYSTEM(m) ? "/run/systemd" : "/tmp"; + fd = open_tmpfile_unlinkable(path, O_RDWR|O_CLOEXEC); + if (fd < 0) + return -errno; + log_debug("Serializing state to %s.", path); + } else + log_debug("Serializing state to memfd."); f = fdopen(fd, "w+"); if (!f) { diff --git a/src/core/timer.c b/src/core/timer.c index d7441d638f..af67b7591a 100644 --- a/src/core/timer.c +++ b/src/core/timer.c @@ -350,7 +350,7 @@ static void add_random(Timer *t, usec_t *v) { else *v += add; - log_unit_info(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0)); + log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0)); } static void timer_enter_waiting(Timer *t, bool initial) { diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 2639fd6cf5..9ad6f115a1 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -686,7 +686,9 @@ static int parse_argv(int argc, char *argv[]) { r = free_and_strdup(&arg_verify_key, optarg); if (r < 0) return r; - string_erase(optarg); + /* Use memset not string_erase so this doesn't look confusing + * in ps or htop output. */ + memset(optarg, 'x', strlen(optarg)); arg_merge = false; break; diff --git a/src/libsystemd/sd-bus/bus-common-errors.c b/src/libsystemd/sd-bus/bus-common-errors.c index c9fd79e3b4..b40ba2520c 100644 --- a/src/libsystemd/sd-bus/bus-common-errors.c +++ b/src/libsystemd/sd-bus/bus-common-errors.c @@ -47,6 +47,7 @@ BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = { SD_BUS_ERROR_MAP(BUS_ERROR_SCOPE_NOT_RUNNING, EHOSTDOWN), SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_DYNAMIC_USER, ESRCH), SD_BUS_ERROR_MAP(BUS_ERROR_NOT_REFERENCED, EUNATCH), + SD_BUS_ERROR_MAP(BUS_ERROR_DISK_FULL, ENOSPC), SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_MACHINE, ENXIO), SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_IMAGE, ENOENT), diff --git a/src/libsystemd/sd-bus/bus-common-errors.h b/src/libsystemd/sd-bus/bus-common-errors.h index 525b79fa77..4523be05ce 100644 --- a/src/libsystemd/sd-bus/bus-common-errors.h +++ b/src/libsystemd/sd-bus/bus-common-errors.h @@ -43,6 +43,7 @@ #define BUS_ERROR_SCOPE_NOT_RUNNING "org.freedesktop.systemd1.ScopeNotRunning" #define BUS_ERROR_NO_SUCH_DYNAMIC_USER "org.freedesktop.systemd1.NoSuchDynamicUser" #define BUS_ERROR_NOT_REFERENCED "org.freedesktop.systemd1.NotReferenced" +#define BUS_ERROR_DISK_FULL "org.freedesktop.systemd1.DiskFull" #define BUS_ERROR_NO_SUCH_MACHINE "org.freedesktop.machine1.NoSuchMachine" #define BUS_ERROR_NO_SUCH_IMAGE "org.freedesktop.machine1.NoSuchImage" diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c index e66c2fe5f3..4b3cac8a22 100644 --- a/src/mount/mount-tool.c +++ b/src/mount/mount-tool.c @@ -100,7 +100,7 @@ static void help(void) { " Set automount unit property\n" " --bind-device Bind automount unit to device\n" " --list List mountable block devices\n" - " -u --umount Unmount a mount point\n" + " -u --umount Unmount mount points\n" , program_invocation_short_name); } @@ -139,6 +139,7 @@ static int parse_argv(int argc, char *argv[]) { { "discover", no_argument, NULL, ARG_DISCOVER }, { "type", required_argument, NULL, 't' }, { "options", required_argument, NULL, 'o' }, + { "fsck", required_argument, NULL, ARG_FSCK }, { "description", required_argument, NULL, ARG_DESCRIPTION }, { "property", required_argument, NULL, 'p' }, { "automount", required_argument, NULL, ARG_AUTOMOUNT }, diff --git a/src/reply-password/reply-password.c b/src/reply-password/reply-password.c index 17eab9772e..a17c8a62b8 100644 --- a/src/reply-password/reply-password.c +++ b/src/reply-password/reply-password.c @@ -90,7 +90,7 @@ int main(int argc, char *argv[]) { r = send_on_socket(fd, argv[2], packet, length); finish: - memory_erase(packet, sizeof(packet)); + explicit_bzero(packet, sizeof(packet)); return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index e76de6c06a..4a3c5f612f 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -328,7 +328,7 @@ static void dns_stub_process_query(Manager *m, DnsStream *s, DnsPacket *p) { goto fail; } - log_info("Processing query..."); + log_debug("Processing query..."); return; fail: diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 3e877920da..e3b29e390c 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -95,7 +95,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) { if (n < m) break; - memory_erase(p, n); + explicit_bzero(p, n); free(p); m *= 2; } @@ -104,7 +104,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) { if (!l) return -ENOMEM; - memory_erase(p, n); + explicit_bzero(p, n); *ret = l; return 0; @@ -140,7 +140,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa return r; serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING); - memory_erase(p, n); + explicit_bzero(p, n); if (serial == -1) return -errno; @@ -390,7 +390,7 @@ int ask_password_tty( } x = strndup(passphrase, p); - memory_erase(passphrase, p); + explicit_bzero(passphrase, p); if (!x) { r = -ENOMEM; goto finish; @@ -647,7 +647,7 @@ int ask_password_agent( l = strv_new("", NULL); else l = strv_parse_nulstr(passphrase+1, n-1); - memory_erase(passphrase, n); + explicit_bzero(passphrase, n); if (!l) { r = -ENOMEM; goto finish; diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 878cb008aa..c17486cba2 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -347,9 +347,6 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI sd_id128_t type_id, id; bool rw = true; - if (pflags & GPT_FLAG_NO_AUTO) - continue; - sid = blkid_partition_get_uuid(pp); if (!sid) continue; @@ -363,18 +360,37 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI continue; if (sd_id128_equal(type_id, GPT_HOME)) { + + if (pflags & GPT_FLAG_NO_AUTO) + continue; + designator = PARTITION_HOME; rw = !(pflags & GPT_FLAG_READ_ONLY); } else if (sd_id128_equal(type_id, GPT_SRV)) { + + if (pflags & GPT_FLAG_NO_AUTO) + continue; + designator = PARTITION_SRV; rw = !(pflags & GPT_FLAG_READ_ONLY); } else if (sd_id128_equal(type_id, GPT_ESP)) { + + /* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is not defined + * there. We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as recommended by the + * UEFI spec (See "12.3.3 Number and Location of System Partitions"). */ + + if (pflags & GPT_FLAG_NO_BLOCK_IO_PROTOCOL) + continue; + designator = PARTITION_ESP; fstype = "vfat"; } #ifdef GPT_ROOT_NATIVE else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE)) { + if (pflags & GPT_FLAG_NO_AUTO) + continue; + /* If a root ID is specified, ignore everything but the root id */ if (!sd_id128_is_null(root_uuid) && !sd_id128_equal(root_uuid, id)) continue; @@ -384,6 +400,9 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI rw = !(pflags & GPT_FLAG_READ_ONLY); } else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE_VERITY)) { + if (pflags & GPT_FLAG_NO_AUTO) + continue; + m->can_verity = true; /* Ignore verity unless a root hash is specified */ @@ -399,6 +418,9 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI #ifdef GPT_ROOT_SECONDARY else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY)) { + if (pflags & GPT_FLAG_NO_AUTO) + continue; + /* If a root ID is specified, ignore everything but the root id */ if (!sd_id128_is_null(root_uuid) && !sd_id128_equal(root_uuid, id)) continue; @@ -407,6 +429,10 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI architecture = SECONDARY_ARCHITECTURE; rw = !(pflags & GPT_FLAG_READ_ONLY); } else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY_VERITY)) { + + if (pflags & GPT_FLAG_NO_AUTO) + continue; + m->can_verity = true; /* Ignore verity unless root has is specified */ @@ -420,10 +446,17 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI } #endif else if (sd_id128_equal(type_id, GPT_SWAP)) { + + if (pflags & GPT_FLAG_NO_AUTO) + continue; + designator = PARTITION_SWAP; fstype = "swap"; } else if (sd_id128_equal(type_id, GPT_LINUX_GENERIC)) { + if (pflags & GPT_FLAG_NO_AUTO) + continue; + if (generic_node) multiple_generic = true; else { diff --git a/src/shared/gpt.h b/src/shared/gpt.h index 13d80d611c..cc752006fa 100644 --- a/src/shared/gpt.h +++ b/src/shared/gpt.h @@ -71,6 +71,8 @@ # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARM_VERITY #endif +#define GPT_FLAG_NO_BLOCK_IO_PROTOCOL (1ULL << 1) + /* Flags we recognize on the root, swap, home and srv partitions when * doing auto-discovery. These happen to be identical to what * Microsoft defines for its own Basic Data Partitions, but that's diff --git a/src/shared/install.c b/src/shared/install.c index 478abac8ab..f25ed685f6 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -208,7 +208,7 @@ static int path_is_control(const LookupPaths *p, const char *path) { path_equal_ptr(parent, p->runtime_control); } -static int path_is_config(const LookupPaths *p, const char *path) { +static int path_is_config(const LookupPaths *p, const char *path, bool check_parent) { _cleanup_free_ char *parent = NULL; assert(p); @@ -217,15 +217,19 @@ static int path_is_config(const LookupPaths *p, const char *path) { /* Note that we do *not* have generic checks for /etc or /run in place, since with * them we couldn't discern configuration from transient or generated units */ - parent = dirname_malloc(path); - if (!parent) - return -ENOMEM; + if (check_parent) { + parent = dirname_malloc(path); + if (!parent) + return -ENOMEM; - return path_equal_ptr(parent, p->persistent_config) || - path_equal_ptr(parent, p->runtime_config); + path = parent; + } + + return path_equal_ptr(path, p->persistent_config) || + path_equal_ptr(path, p->runtime_config); } -static int path_is_runtime(const LookupPaths *p, const char *path) { +static int path_is_runtime(const LookupPaths *p, const char *path, bool check_parent) { _cleanup_free_ char *parent = NULL; const char *rpath; @@ -239,16 +243,20 @@ static int path_is_runtime(const LookupPaths *p, const char *path) { if (rpath && path_startswith(rpath, "/run")) return true; - parent = dirname_malloc(path); - if (!parent) - return -ENOMEM; + if (check_parent) { + parent = dirname_malloc(path); + if (!parent) + return -ENOMEM; - return path_equal_ptr(parent, p->runtime_config) || - path_equal_ptr(parent, p->generator) || - path_equal_ptr(parent, p->generator_early) || - path_equal_ptr(parent, p->generator_late) || - path_equal_ptr(parent, p->transient) || - path_equal_ptr(parent, p->runtime_control); + path = parent; + } + + return path_equal_ptr(path, p->runtime_config) || + path_equal_ptr(path, p->generator) || + path_equal_ptr(path, p->generator_early) || + path_equal_ptr(path, p->generator_late) || + path_equal_ptr(path, p->transient) || + path_equal_ptr(path, p->runtime_control); } static int path_is_vendor(const LookupPaths *p, const char *path) { @@ -677,7 +685,6 @@ static int find_symlinks_fd( int fd, const char *path, const char *config_path, - const LookupPaths *lp, bool *same_name_link) { _cleanup_closedir_ DIR *d = NULL; @@ -688,7 +695,6 @@ static int find_symlinks_fd( assert(fd >= 0); assert(path); assert(config_path); - assert(lp); assert(same_name_link); d = fdopendir(fd); @@ -722,7 +728,7 @@ static int find_symlinks_fd( } /* This will close nfd, regardless whether it succeeds or not */ - q = find_symlinks_fd(root_dir, name, nfd, p, config_path, lp, same_name_link); + q = find_symlinks_fd(root_dir, name, nfd, p, config_path, same_name_link); if (q > 0) return 1; if (r == 0) @@ -800,7 +806,6 @@ static int find_symlinks( const char *root_dir, const char *name, const char *config_path, - const LookupPaths *lp, bool *same_name_link) { int fd; @@ -817,44 +822,82 @@ static int find_symlinks( } /* This takes possession of fd and closes it */ - return find_symlinks_fd(root_dir, name, fd, config_path, config_path, lp, same_name_link); + return find_symlinks_fd(root_dir, name, fd, config_path, config_path, same_name_link); } static int find_symlinks_in_scope( - UnitFileScope scope, const LookupPaths *paths, const char *name, UnitFileState *state) { - bool same_name_link_runtime = false, same_name_link = false; + bool same_name_link_runtime = false, same_name_link_config = false; + bool enabled_in_runtime = false, enabled_at_all = false; + char **p; int r; - assert(scope >= 0); - assert(scope < _UNIT_FILE_SCOPE_MAX); assert(paths); assert(name); - /* First look in the persistent config path */ - r = find_symlinks(paths->root_dir, name, paths->persistent_config, paths, &same_name_link); - if (r < 0) - return r; - if (r > 0) { - *state = UNIT_FILE_ENABLED; - return r; + STRV_FOREACH(p, paths->search_path) { + bool same_name_link = false; + + r = find_symlinks(paths->root_dir, name, *p, &same_name_link); + if (r < 0) + return r; + if (r > 0) { + /* We found symlinks in this dir? Yay! Let's see where precisely it is enabled. */ + + r = path_is_config(paths, *p, false); + if (r < 0) + return r; + if (r > 0) { + /* This is the best outcome, let's return it immediately. */ + *state = UNIT_FILE_ENABLED; + return 1; + } + + r = path_is_runtime(paths, *p, false); + if (r < 0) + return r; + if (r > 0) + enabled_in_runtime = true; + else + enabled_at_all = true; + + } else if (same_name_link) { + + r = path_is_config(paths, *p, false); + if (r < 0) + return r; + if (r > 0) + same_name_link_config = true; + else { + r = path_is_runtime(paths, *p, false); + if (r < 0) + return r; + if (r > 0) + same_name_link_runtime = true; + } + } } - /* Then look in runtime config path */ - r = find_symlinks(paths->root_dir, name, paths->runtime_config, paths, &same_name_link_runtime); - if (r < 0) - return r; - if (r > 0) { + if (enabled_in_runtime) { *state = UNIT_FILE_ENABLED_RUNTIME; - return r; + return 1; + } + + /* Here's a special rule: if the unit we are looking for is an instance, and it symlinked in the search path + * outside of runtime and configuration directory, then we consider it statically enabled. Note we do that only + * for instance, not for regular names, as those are merely aliases, while instances explicitly instantiate + * something, and hence are a much stronger concept. */ + if (enabled_at_all && unit_name_is_valid(name, UNIT_NAME_INSTANCE)) { + *state = UNIT_FILE_STATIC; + return 1; } /* Hmm, we didn't find it, but maybe we found the same name * link? */ - if (same_name_link) { + if (same_name_link_config) { *state = UNIT_FILE_LINKED; return 1; } @@ -1354,7 +1397,8 @@ static int install_info_follow( InstallContext *c, UnitFileInstallInfo *i, const char *root_dir, - SearchFlags flags) { + SearchFlags flags, + bool ignore_different_name) { assert(c); assert(i); @@ -1367,7 +1411,7 @@ static int install_info_follow( /* If the basename doesn't match, the caller should add a * complete new entry for this. */ - if (!streq(basename(i->symlink_target), i->name)) + if (!ignore_different_name && !streq(basename(i->symlink_target), i->name)) return -EXDEV; free_and_replace(i->path, i->symlink_target); @@ -1408,14 +1452,14 @@ static int install_info_traverse( return -ELOOP; if (!(flags & SEARCH_FOLLOW_CONFIG_SYMLINKS)) { - r = path_is_config(paths, i->path); + r = path_is_config(paths, i->path, true); if (r < 0) return r; if (r > 0) return -ELOOP; } - r = install_info_follow(c, i, paths->root_dir, flags); + r = install_info_follow(c, i, paths->root_dir, flags, false); if (r == -EXDEV) { _cleanup_free_ char *buffer = NULL; const char *bn; @@ -1439,6 +1483,18 @@ static int install_info_traverse( if (r < 0) return r; + if (streq(buffer, i->name)) { + + /* We filled in the instance, and the target stayed the same? If so, then let's + * honour the link as it is. */ + + r = install_info_follow(c, i, paths->root_dir, flags, true); + if (r < 0) + return r; + + continue; + } + bn = buffer; } @@ -2027,7 +2083,7 @@ static int path_shall_revert(const LookupPaths *paths, const char *path) { /* Checks whether the path is one where the drop-in directories shall be removed. */ - r = path_is_config(paths, path); + r = path_is_config(paths, path, true); if (r != 0) return r; @@ -2135,7 +2191,7 @@ int unit_file_revert( if (errno != ENOENT) return -errno; } else if (S_ISREG(st.st_mode) || S_ISLNK(st.st_mode)) { - r = path_is_config(&paths, path); + r = path_is_config(&paths, path, true); if (r < 0) return r; if (r > 0) { @@ -2481,7 +2537,7 @@ static int unit_file_lookup_state( switch (i->type) { case UNIT_FILE_TYPE_MASKED: - r = path_is_runtime(paths, i->path); + r = path_is_runtime(paths, i->path, true); if (r < 0) return r; @@ -2505,7 +2561,7 @@ static int unit_file_lookup_state( break; } - r = find_symlinks_in_scope(scope, paths, i->name, &state); + r = find_symlinks_in_scope(paths, i->name, &state); if (r < 0) return r; if (r == 0) { diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 2c73cb8fa4..609e0619af 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -171,11 +171,11 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_ if (arch != SCMP_ARCH_NATIVE && arch != seccomp_arch_native()) { - r = seccomp_arch_add(seccomp, arch); + r = seccomp_arch_remove(seccomp, seccomp_arch_native()); if (r < 0) goto finish; - r = seccomp_arch_remove(seccomp, seccomp_arch_native()); + r = seccomp_arch_add(seccomp, arch); if (r < 0) goto finish; @@ -873,6 +873,8 @@ int seccomp_protect_sysctl(void) { } int seccomp_restrict_address_families(Set *address_families, bool whitelist) { + +#if !SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN uint32_t arch; int r; @@ -1001,6 +1003,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { if (r < 0) log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); } +#endif return 0; } diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 4438e87fa6..2563fcd38a 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -76,6 +76,14 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist); int seccomp_restrict_realtime(void); int seccomp_memory_deny_write_execute(void); +#if defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__) || defined(__powerpc__) || defined (__mips__) +/* On these archs, socket() is implemented via the socketcall() syscall multiplexer, and we can't restrict it hence via + * seccomp */ +#define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 +#else +#define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 0 +#endif + extern const uint32_t seccomp_local_archs[]; #define SECCOMP_FOREACH_LOCAL_ARCH(arch) \ diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c index d0bc8004f3..575401cb91 100644 --- a/src/test/test-install-root.c +++ b/src/test/test-install-root.c @@ -736,6 +736,28 @@ static void test_preset_order(const char *root) { assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "prefix-2.service", &state) >= 0 && state == UNIT_FILE_DISABLED); } +static void test_static_instance(const char *root) { + UnitFileState state; + const char *p; + + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "static-instance@.service", &state) == -ENOENT); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "static-instance@foo.service", &state) == -ENOENT); + + p = strjoina(root, "/usr/lib/systemd/system/static-instance@.service"); + assert_se(write_string_file(p, + "[Install]\n" + "WantedBy=multi-user.target\n", WRITE_STRING_FILE_CREATE) >= 0); + + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "static-instance@.service", &state) >= 0 && state == UNIT_FILE_DISABLED); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "static-instance@foo.service", &state) >= 0 && state == UNIT_FILE_DISABLED); + + p = strjoina(root, "/usr/lib/systemd/system/static-instance@foo.service"); + assert_se(symlink("static-instance@.service", p) >= 0); + + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "static-instance@.service", &state) >= 0 && state == UNIT_FILE_DISABLED); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "static-instance@foo.service", &state) >= 0 && state == UNIT_FILE_STATIC); +} + int main(int argc, char *argv[]) { char root[] = "/tmp/rootXXXXXX"; const char *p; @@ -766,6 +788,7 @@ int main(int argc, char *argv[]) { test_preset_and_list(root); test_preset_order(root); test_revert(root); + test_static_instance(root); assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0); diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 6f15879c45..54e7947c2f 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -283,8 +283,14 @@ static void test_restrict_address_families(void) { assert_se(fd >= 0); safe_close(fd); +#if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN + fd = socket(AF_UNIX, SOCK_DGRAM, 0); + assert_se(fd >= 0); + safe_close(fd); +#else assert_se(socket(AF_UNIX, SOCK_DGRAM, 0) < 0); assert_se(errno == EAFNOSUPPORT); +#endif fd = socket(AF_NETLINK, SOCK_DGRAM, 0); assert_se(fd >= 0); @@ -300,11 +306,21 @@ static void test_restrict_address_families(void) { assert_se(fd >= 0); safe_close(fd); +#if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN + fd = socket(AF_UNIX, SOCK_DGRAM, 0); + assert_se(fd >= 0); + safe_close(fd); + + fd = socket(AF_NETLINK, SOCK_DGRAM, 0); + assert_se(fd >= 0); + safe_close(fd); +#else assert_se(socket(AF_UNIX, SOCK_DGRAM, 0) < 0); assert_se(errno == EAFNOSUPPORT); assert_se(socket(AF_NETLINK, SOCK_DGRAM, 0) < 0); assert_se(errno == EAFNOSUPPORT); +#endif _exit(EXIT_SUCCESS); } diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c index e43373b0f5..4b3e924cfb 100644 --- a/src/test/test-string-util.c +++ b/src/test/test-string-util.c @@ -29,31 +29,20 @@ static void test_string_erase(void) { assert_se(streq(string_erase(x), "")); x = strdupa("1"); - assert_se(streq(string_erase(x), "x")); - - x = strdupa("12"); - assert_se(streq(string_erase(x), "xx")); - - x = strdupa("123"); - assert_se(streq(string_erase(x), "xxx")); - - x = strdupa("1234"); - assert_se(streq(string_erase(x), "xxxx")); - - x = strdupa("12345"); - assert_se(streq(string_erase(x), "xxxxx")); - - x = strdupa("123456"); - assert_se(streq(string_erase(x), "xxxxxx")); - - x = strdupa("1234567"); - assert_se(streq(string_erase(x), "xxxxxxx")); - - x = strdupa("12345678"); - assert_se(streq(string_erase(x), "xxxxxxxx")); + assert_se(streq(string_erase(x), "")); x = strdupa("123456789"); - assert_se(streq(string_erase(x), "xxxxxxxxx")); + assert_se(streq(string_erase(x), "")); + + assert_se(x[1] == '\0'); + assert_se(x[2] == '\0'); + assert_se(x[3] == '\0'); + assert_se(x[4] == '\0'); + assert_se(x[5] == '\0'); + assert_se(x[6] == '\0'); + assert_se(x[7] == '\0'); + assert_se(x[8] == '\0'); + assert_se(x[9] == '\0'); } static void test_ascii_strcasecmp_n(void) { diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c index b45490be1a..a17c006d57 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c @@ -243,7 +243,7 @@ static int ask_password_plymouth( r = 0; finish: - memory_erase(buffer, sizeof(buffer)); + explicit_bzero(buffer, sizeof(buffer)); return r; } @@ -283,7 +283,7 @@ static int send_passwords(const char *socket_name, char **passwords) { r = log_debug_errno(errno, "sendto(): %m"); finish: - memory_erase(packet, packet_length); + explicit_bzero(packet, packet_length); return r; } diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 index 2cd58e9121..76e3829ab2 100644 --- a/tmpfiles.d/systemd.conf.m4 +++ b/tmpfiles.d/systemd.conf.m4 @@ -49,21 +49,21 @@ z /var/log/journal/%m/system.journal 0640 root systemd-journal - - m4_ifdef(`HAVE_ACL',`m4_dnl m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x -a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group::r-x,group:adm:r-x,group:wheel:r-x a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- '', `` -a+ /var/log/journal - - - - d:group:adm:r-x -a+ /var/log/journal - - - - group:adm:r-x +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x +a+ /var/log/journal - - - - group::r-x,group:adm:r-x a+ /var/log/journal/%m - - - - d:group:adm:r-x a+ /var/log/journal/%m - - - - group:adm:r-x a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- '')',`m4_dnl m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /var/log/journal - - - - d:group:wheel:r-x -a+ /var/log/journal - - - - group:wheel:r-x +a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group::r-x,group:wheel:r-x a+ /var/log/journal/%m - - - - d:group:wheel:r-x a+ /var/log/journal/%m - - - - group:wheel:r-x a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- |