summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-02seccomp: add two new syscall groupsLennart Poettering
@resources contains various syscalls that alter resource limits and memory and scheduling parameters of processes. As such they are good candidates to block for most services. @basic-io contains a number of basic syscalls for I/O, similar to the list seccomp v1 permitted but slightly more complete. It should be useful for building basic whitelisting for minimal sandboxes
2016-11-02man: two minor fixesLennart Poettering
2016-11-02seccomp: include pipes and memfd in @ipcLennart Poettering
These system calls clearly fall in the @ipc category, hence should be listed there, simply to avoid confusion and surprise by the user.
2016-11-02seccomp: drop execve() from @process listLennart Poettering
The system call is already part in @default hence implicitly allowed anyway. Also, if it is actually blocked then systemd couldn't execute the service in question anymore, since the application of seccomp is immediately followed by it.
2016-11-02seccomp: add clock query and sleeping syscalls to "@default" groupLennart Poettering
Timing and sleep are so basic operations, it makes very little sense to ever block them, hence don't.
2016-11-02update TODOLennart Poettering
2016-11-01udev: net_id: add support for phys_port_name attribute (#4506)Jiří Pírko
Switch drivers uses phys_port_name attribute to pass front panel port name to user. Use it to generate netdev names. Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2016-11-01tests: add test that journald keeps fds over termination by signalEvgeny Vereshchagin
This test fails before previous commit, and passes with it.
2016-11-01core: when restarting services, don't close fdsZbigniew Jędrzejewski-Szmek
We would close all the stored fds in service_release_resources(), which of course broke the whole concept of storing fds over service restart. Fixes #4408.
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…
2016-11-01Recognise Lustre as a remote file system (#4530)Brian J. Murrell
Lustre is also a remote file system that wants the network to be up before it is mounted.
2016-10-31test-compression: allow the file to compress to be specifiedZbigniew Jędrzejewski-Szmek
I'm seeing strange decompression errors with lz4, which might be content-dependent. Extend test-compression to allow testing specific content. (Edit: PEBKAC: lzcat and lz4cat are not the same beast. Nevertheless, the test might still be useful in the future.)
2016-10-31man: fix typos (#4527)Jakub Wilk
2016-10-30Implement VeraCrypt volume handling in crypttab (#4501)George Hilliard
This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30tests: clarify test_path_startswith return value (#4508)Zbigniew Jędrzejewski-Szmek
A pendant for #4481.
2016-10-29Merge pull request #4520 from lucaswerkmeister/systemd-escape-manZbigniew Jędrzejewski-Szmek
systemd-escape manpage improvements
2016-10-30man: make systemd-escape examples more consistentLucas Werkmeister
The first example wasn't phrased with "To ..." as the other three are, and the last example was lacking the colon.
2016-10-30man: add missing periodLucas Werkmeister
2016-10-30man: improve systemd-escape --path descriptionLucas Werkmeister
The option does more than the documentation gave it credit for.
2016-10-28man: add a note that FDSTORE=1 requires epoll-compatible fdsZbigniew Jędrzejewski-Szmek
Let's say that this was not obvious from our man page.
2016-10-28pid1: nicely log when doing operation on stored fdsZbigniew Jędrzejewski-Szmek
Should help with debugging #4408.
2016-10-28pid1: only log about added fd if it was really addedZbigniew Jędrzejewski-Szmek
If it was a duplicate, log nothing.
2016-10-28.gitignore: ignore precompiled GCC headers (#4516)Daniel Mack
Not sure since when this is the default behavior, but my local tree is full of such files. Let's ignore them for clarity.
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
2016-10-28Merge pull request #4458 from keszybz/man-nonewprivilegesMartin Pitt
Document NoNewPrivileges default value
2016-10-28udev: allow substitutions for SECLABEL key (#4505)Michal Sekletar
2016-10-27systemctl: warn when cat shows changed unit files (#4493)Lucas Werkmeister
Suggested by @keszybz in #4488.
2016-10-27Merge pull request #4485 from endocode/djalal/portable-branch-v1Zbigniew Jędrzejewski-Szmek
core: improve mount namespace and working directory setup
2016-10-27Merge pull request #4442 from keszybz/detect-virt-usernsEvgeny Vereshchagin
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
2016-10-27core: make unit argument const for apply seccomp functionsDjalal Harouni
2016-10-27core: lets apply working directory just after mount namespacesDjalal Harouni
This makes applying groups after applying the working directory, this may allow some flexibility but at same it is not a big deal since we don't execute or do anything between applying working directory and droping groups.
2016-10-27core: get the working directory value inside apply_working_directory()Djalal Harouni
Improve apply_working_directory() and lets get the current working directory inside of it.
2016-10-27core: move apply working directory code into its own apply_working_directory()Djalal Harouni
2016-10-27core: move the code that setups namespaces on its own functionDjalal Harouni
2016-10-26hwdb: fix error check of wrong variable (#4499)Thomas H. P. Andersen
We updated 'fn' but checked 'v' instead. From 698c5a17 Spotted with PVS
2016-10-26Merge pull request #4448 from msoltyspl/vcfixZbigniew Jędrzejewski-Szmek
Fix some formatting details in the merge.
2016-10-26units: disable /dev/hugepages in private user namespacesZbigniew Jędrzejewski-Szmek
The mount fails, even though CAP_SYS_ADMIN is granted.
2016-10-26condition: simplify condition_test_virtualizationZbigniew Jędrzejewski-Szmek
Rewrite the function to be slightly simpler. In particular, if a specific match is found (like ConditionVirtualization=yes), simply return an answer immediately, instead of relying that "yes" will not be matched by any of the virtualization names below. No functional change.
2016-10-26test-tables: test ConditionVirtualizationZbigniew Jędrzejewski-Szmek
2016-10-26shared/condition: add ConditionVirtualization=[!]private-usersZbigniew Jędrzejewski-Szmek
This can be useful to silence warnings about units which fail in userns container.
2016-10-26detect-virt: add --private-users switch to check if a userns is activeZbigniew Jędrzejewski-Szmek
Various things don't work when we're running in a user namespace, but it's pretty hard to reliably detect if that is true. A function is added which looks at /proc/self/uid_map and returns false if the default "0 0 UINT32_MAX" is found, and true if it finds anything else. This misses the case where an 1:1 mapping with the full range was used, but I don't know how to distinguish this case. 'systemd-detect-virt --private-users' is very similar to 'systemd-detect-virt --chroot', but we check for a user namespace instead.
2016-10-26gitignore: add test-seccomp (#4498)Thomas H. P. Andersen
2016-10-26networkd : verify dns ip address when parsing configuration (#4492)Susant Sahani
Invalid IP addresses would be passed through as-is: $ networkctl status wlp3s0: ● 2: wlp3s0 Link File: /usr/lib/systemd/network/99-default.link Network File: /etc/systemd/network/wlp3s0.network Type: wlan State: routable (configured) Path: pci-0000:03:00.0 Driver: iwlwifi Vendor: Intel Corporation Model: Centrino Advanced-N 6205 [Taylor Peak] (Centrino Advanced-N 6205 AGN) HW Address: XXXXXXXXXX (Intel Corporate) Address: 192.168.2.103 XXXXXXXXXXX Gateway: 192.168.2.1 (Arcadyan Technology Corporation) DNS: 127.0.0.5553 Instead verify that DNS= has a valid list of addresses when parsing configuration. Fixes #4462.
2016-10-26vconsole: manual update (#4021)Michal Soltys
To more correctly reflect current behaviour as well as to provide a few more details.
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
shmat(..., SHM_EXEC) can be used to create writable and executable memory, so let's block it when MemoryDenyWriteExecute is set.
2016-10-26vconsole: setup_remaining_vcs() - more sanity checksMichal Soltys
Check if values filled up by KD_FONT_OP_GET ioctl make sense - dummy driver for example doesn't implement required functionality at all.
2016-10-25man: document that systemctl cat shows file content (#4488)Lucas Werkmeister
... and that that content might be outdated.
2016-10-25build-sys/autogen: don't use bashisms (#4489)Evgeny Vereshchagin
Fixes: $ ls -l /bin/sh lrwxrwxrwx 1 root root 4 Feb 17 2016 /bin/sh -> dash $ ./autogen.sh c ./autogen.sh: 22: ./autogen.sh: [[: not found ... checking whether make supports nested variables... (cached) yes checking build system type... Invalid configuration `c': machine `c' not recognized configure: error: /bin/bash build-aux/config.sub c failed this is a follow-up for a5e739a570081231
2016-10-25Merge pull request #4476 from poettering/systemctl-freeMartin Pitt
two minor systemctl memleak fixes
2016-10-25test: skip exec tests when inaccessible dir is unavailableDongsu Park
In case of running test-execute on systems with systemd < v232, several tests like privatedevices or protectkernelmodules fail because /run/systemd/inaccessible/ doesn't exist. In these cases, we should skip tests to avoid unnecessary errors. See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566