summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
core: add new RestrictNamespaces= unit file setting Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08Merge pull request #4612 from keszybz/format-stringsZbigniew Jędrzejewski-Szmek
Format string tweaks (and a small fix on 32bit)
2016-11-08man: fix typo (#4615)Yu Watanabe
2016-11-08Merge pull request #4509 from keszybz/foreach-word-quotedMartin Pitt
Remove FOREACH_WORD_QUOTED
2016-11-08man: add an example how to unconditionally empty a directory (#4570)Zbigniew Jędrzejewski-Szmek
It was logical, but not entirely obvious, that 'e' with no arguments does nothing. Expand the explanation a bit and add an example. Fixes #4564.
2016-11-08Adjust pkgconfig files to point at rootlibdir (#4584)Mike Gilbert
The .so symlinks got moved to rootlibdir in 082210c7.
2016-11-08build-sys: remove leftover setcap configure check (#4597)Michael Biebl
The check for the setcap binary was added in commit dd5ae4c36c89da5dbe8d1628939b26c00db98753 to set the CAP_MAC_ADMIN capability for systemd-bus-proxyd. Later on, bus-proxyd was removed in commit 798c486fbcdce3346cd862c52e1a200bb8a2cb23. So remove the leftover setcap configure check as well.
2016-11-08coredump: bump type of arg_journal_size_max to uint64 tooZbigniew Jędrzejewski-Szmek
For normal arches this doesn't matter, but on arm32 arg_journal_size_max was smaller than the other *SizeMax variables. This doesn't seem useful. This is anothet part of the fix in 5206a724a0.
2016-11-07build-sys: fix appending of CFLAGS and define __SANE_USERSPACE_TYPES__Zbigniew Jędrzejewski-Szmek
It's pointless to call AC_SUBST more than once on the same variable. Because of all the copypasta, we were mixing CLFAGS and LDFLAGS. … and the assertion in previous commit was wrong. PPC64 is a special snowflake. __SANE_USERSPACE_TYPES__ is needed on PPC64 to make __u64 be llu, instead of lu. Considering that both lu and llu are 64 bits, there's nothing sane about this, maybe the flag should be called __INSANE_USERSPACE_TYPES__ instead. Sane or not, this makes ppc64 kernel headers behave consistent with other architectures. With this flag, no warnings are emitted at -O0 level.
2016-11-07nspawn: fix exit code for --help and --version (#4609)Martin Pitt
Commit b006762 inverted the initial exit code which is relevant for --help and --version without a particular reason. For these special options, parse_argv() returns 0 so that our main() immediately skips to the end without adjusting "ret". Otherwise, if an actual container is being started, ret is set on error in run(), which still provides the "non-zero exit on error" behaviour. Fixes #4605.
2016-11-07tree-wide: drop (llu) casts for kernel's __u64Zbigniew Jędrzejewski-Szmek
According to comments in <asm/types.h>, __u64 is always defined as unsigned long long. Those casts should be superfluous.
2016-11-07tree-wide: add PRI_[NU]SEC, and use time format strings moreZbigniew Jędrzejewski-Szmek
2016-11-08Merge pull request #4594 from endocode/djalal/fix-rootdir-apply-mntnsEvgeny Vereshchagin
core: make RootDirectory= and ProtectKernelModules= work
2016-11-07tests: use less aggressive systemctl --wait timeout in TEST-03-JOBS (#4606)Martin Pitt
If the "systemctl start" happens at an "unlucky" time such as 1000.9 seconds and then e. g. runs for 2.6 s (sleep 2 plus the overhead of starting the unit and waiting for it) the END_SEC would be 1003.5s which would round to 1004, making the difference 4. On busier testbeds the overhead apparently can take a bit more than 0.5s. The main point is really that it doesn't wait that much longer, so "-le 4" seems perfectly fine. We allow up to 1.5s in the subsequent "wait5fail" test below too. Fixes #4582
2016-11-07coredump: fix format string on 32 bitsZbigniew Jędrzejewski-Szmek
In file included from ./src/basic/macro.h:415:0, from ./src/shared/acl-util.h:28, from src/coredump/coredump.c:36: src/coredump/coredump.c: In function ‘submit_coredump’: src/coredump/coredump.c:711:26: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:183:28: note: in expansion of macro ‘log_full’ #define log_info(...) log_full(LOG_INFO, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:711:17: note: in expansion of macro ‘log_info’ log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^~~~~~~~ src/coredump/coredump.c:711:26: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 8 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:183:28: note: in expansion of macro ‘log_full’ #define log_info(...) log_full(LOG_INFO, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:711:17: note: in expansion of macro ‘log_info’ log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^~~~~~~~ src/coredump/coredump.c:741:27: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:182:28: note: in expansion of macro ‘log_full’ #define log_debug(...) log_full(LOG_DEBUG, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:741:17: note: in expansion of macro ‘log_debug’ log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^~~~~~~~~ src/coredump/coredump.c:741:27: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 8 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:182:28: note: in expansion of macro ‘log_full’ #define log_debug(...) log_full(LOG_DEBUG, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:741:17: note: in expansion of macro ‘log_debug’ log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^~~~~~~~~ src/coredump/coredump.c:768:34: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:183:28: note: in expansion of macro ‘log_full’ #define log_info(...) log_full(LOG_INFO, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:768:25: note: in expansion of macro ‘log_info’ log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^~~~~~~~
2016-11-07Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek
We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-07nspawn: slight simplificationZbigniew Jędrzejewski-Szmek
2016-11-07nspawn: avoid one strdup by using free_and_replaceZbigniew Jędrzejewski-Szmek
2016-11-07systemd-nspawn: decrease non-fatal mount errors to debug level (#4569)tblume
non-fatal mount errors shouldn't be logged as warnings.
2016-11-07core: make RootDirectory= and ProtectKernelModules= workDjalal Harouni
Instead of having two fields inside BindMount struct where one is stack based and the other one is heap, use one field to store the full path and updated it when we chase symlinks. This way we avoid dealing with both at the same time. This makes RootDirectory= work with ProtectHome= and ProtectKernelModules=yes Fixes: https://github.com/systemd/systemd/issues/4567
2016-11-06machinectl: don't output "No machines." with --no-legend option (#4593)Viktar Vaŭčkievič
2016-11-06delta: skip symlink paths when split-usr is enabled (#4591)Felipe Sateler
If systemd is built with --enable-split-usr, but the system is indeed a merged-usr system, then systemd-delta gets all confused and reports that all units and configuration files have been overridden. Skip any prefix paths that are symlinks in this case. Fixes: #4573
2016-11-05Drop FOREACH_WORD_QUOTEDZbigniew Jędrzejewski-Szmek
2016-11-05core/device: port to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-05core/load-fragment: modify existing environment instead of copying strv over ↵Zbigniew Jędrzejewski-Szmek
and over
2016-11-05core/load-fragment: port to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-05tree-wide: drop unneded WHITESPACE param to extract_first_wordZbigniew Jędrzejewski-Szmek
It's the default, and NULL is shorter.
2016-11-05Merge pull request #4578 from evverx/no-hostname-memleakRonny Chevalier
journalctl: fix memleak
2016-11-05Merge pull request #4579 from evverx/acl-memleakRonny Chevalier
acl-util: fix memleak
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-04kernel-install: use exit instead of return (#4565)Yu Watanabe
/bin/kernel-install: line 143: return: can only `return' from a function or sourced script https://bugzilla.redhat.com/show_bug.cgi?id=1391829
2016-11-04man: update kernel-install(8) to match reality (#4563)Zbigniew Jędrzejewski-Szmek
2016-11-03Merge pull request #4548 from keszybz/seccomp-helpZbigniew Jędrzejewski-Szmek
systemd-analyze syscall-filter
2016-11-03doc: clarify NoNewPrivileges (#4562)Kees Cook
Setting no_new_privs does not stop UID changes, but rather blocks gaining privileges through execve(). Also fixes a small typo.
2016-11-03acl-util: fix memleakEvgeny Vereshchagin
Fixes: $ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null ==22309== Memcheck, a memory error detector ==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==22309== Command: /home/vagrant/systemd/.libs/lt-journalctl ==22309== Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. ==22309== ==22309== HEAP SUMMARY: ==22309== in use at exit: 8,680 bytes in 4 blocks ==22309== total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated ==22309== ==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4 ==22309== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==22309== by 0x6F37A0A: __new_var_obj_p (__libobj.c:36) ==22309== by 0x6F362F7: __acl_init_obj (acl_init.c:28) ==22309== by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54) ==22309== by 0x6F36087: acl_get_file (acl_get_file.c:69) ==22309== by 0x4F15752: acl_search_groups (acl-util.c:172) ==22309== by 0x113A1E: access_check_var_log_journal (journalctl.c:1836) ==22309== by 0x113D8D: access_check (journalctl.c:1889) ==22309== by 0x115681: main (journalctl.c:2236) ==22309== ==22309== LEAK SUMMARY: ==22309== definitely lost: 56 bytes in 1 blocks ==22309== indirectly lost: 432 bytes in 1 blocks ==22309== possibly lost: 0 bytes in 0 blocks ==22309== still reachable: 8,192 bytes in 2 blocks ==22309== suppressed: 0 bytes in 0 blocks
2016-11-03journalctl: fix memleakEvgeny Vereshchagin
bash-4.3# journalctl --no-hostname >/dev/null ================================================================= ==288==ERROR: LeakSanitizer: detected memory leaks Direct leak of 48492 byte(s) in 2694 object(s) allocated from: #0 0x7fb4aba13e60 in malloc (/lib64/libasan.so.3+0xc6e60) #1 0x7fb4ab5b2cc4 in malloc_multiply src/basic/alloc-util.h:70 #2 0x7fb4ab5b3194 in parse_field src/shared/logs-show.c:98 #3 0x7fb4ab5b4918 in output_short src/shared/logs-show.c:347 #4 0x7fb4ab5b7cb7 in output_journal src/shared/logs-show.c:977 #5 0x5650e29cd83d in main src/journal/journalctl.c:2581 #6 0x7fb4aabdb730 in __libc_start_main (/lib64/libc.so.6+0x20730) SUMMARY: AddressSanitizer: 48492 byte(s) leaked in 2694 allocation(s). Closes: #4568
2016-11-03build-sys: link test-seccomp against seccomp libs (#4560)Martin Pitt
Fixes build error on recent toolchains: ../src/test/test-seccomp.c:35: error: undefined reference to 'seccomp_arch_native' collect2: error: ld returned 1 exit status
2016-11-03analyze: fix build w/o seccompZbigniew Jędrzejewski-Szmek
2016-11-03Merge pull request #4510 from keszybz/tree-wide-cleanupsLennart Poettering
Tree wide cleanups
2016-11-03Revert "sd-bus: use PRIu64 instead of casting" (#4556)systemd/v232Zbigniew Jędrzejewski-Szmek
This reverts commit 75ead2b753cb9586f3f208326446081baab70da1. Follow up for #4546: > @@ -848,8 +848,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { if (k->src_id == KDBUS_SRC_ID_KERNEL) bus_message_set_sender_driver(bus, m); else { - xsprintf(m->sender_buffer, ":1.%llu", - (unsigned long long)k->src_id); + xsprintf(m->sender_buffer, ":1.%"PRIu64, k->src_id); This produces: src/libsystemd/sd-bus/bus-kernel.c: In function ‘bus_kernel_make_message’: src/libsystemd/sd-bus/bus-kernel.c:851:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘__u64 {aka long long unsigned int}’ [-Wformat=] xsprintf(m->sender_buffer, ":1.%"PRIu64, k->src_id); ^
2016-11-03hwdb update for 232 (#4557)Lennart Poettering
2016-11-03final NEWS update for 232 (#4558)Lennart Poettering
let's get this out today!
2016-11-03seccomp-util, analyze: export comments as a help stringZbigniew Jędrzejewski-Szmek
Just to make the whole thing easier for users.
2016-11-03seccomp-util: move @default to the first positionZbigniew Jędrzejewski-Szmek
Now that the list is user-visible, @default should be first.
2016-11-03analyze: add syscall-filter verbZbigniew Jędrzejewski-Szmek
This should make it easier for users to understand what each filter means as the list of syscalls is updated in subsequent systemd versions.
2016-11-03Merge pull request #4543 from ↵Djalal Harouni
endocode/djalal/fix-dynamicuser-supplementary-groups core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is set
2016-11-03test: test DynamicUser= with SupplementaryGroups=Djalal Harouni
2016-11-03test: test DynamicUser= with a fixed userDjalal Harouni
2016-11-03core: intialize user aux groups and SupplementaryGroups= when DynamicUser= ↵Djalal Harouni
is set Make sure that when DynamicUser= is set that we intialize the user supplementary groups and that we also support SupplementaryGroups= Fixes: https://github.com/systemd/systemd/issues/4539 Thanks Evgeny Vereshchagin (@evverx)
2016-11-02Merge pull request #4547 from keszybz/two-testsuite-tweaksLennart Poettering
Two testsuite tweaks