| Age | Commit message (Collapse) | Author |
|---|
|
section_line and filename should be set together or not at all. Change the
if to test filename, since it's the first of the pair and it seems more natural
to test that.
|
|
The code was not incorrect previously, but I think it's easier to follow the
ownership (and the code is more likely to remain correct when updated later on),
if freeing of NetworkConfigSection* is immediately made the responsibility of
route_free(), so instead of relying on route_free() not freeing ->section
if adding to the network hashmap failed, make this freeing unconditional.
|
|
machined userns fixes
|
|
fallback hostname fixes
|
|
|
|
We didn't include the resource limit field, add it.
|
|
trailing zeroes
Our coredump handler operates on a "context" supplied by the kernel via
the core_pattern arguments. When we pass off a coredump for processing
to coredumpd we pass along enough information for this context to be
reconstructed. This information is passed in the usual journal fields,
and that means we extended the 1s granularity timestamp to 1µs
granularity by appending 6 zeroes. We need to chop them off again when
reconstructing the original kernel context.
Fixes: #4779
|
|
strsignal() sucks, as it tries to generate human readable strings from
something that isn't really human readable by concept. Let's use
signal_to_string() instead, making this more grokkable. Difference is:
SIGINT gets translated → "SIGINT" rather than → "Interrupted".
|
|
(Note that we only do this for the journal metadata, not for the xattrs,
as the xattrs are only supposed to store the original 1:1 info we
acquired from the kernel.)
|
|
When we encounter a "special" crash we should not continue processing it
the usual way.
|
|
For caching negative replies we need the SOA TTL information. Hence,
let's authenticate all auxiliary SOA RRs through DS requests on all
negative requests.
|
|
Let's increase a number of timeouts as they apparently are too short for
some real-world lookups.
See:
https://github.com/systemd/systemd/issues/4003#issuecomment-279842616
In particular we change the following timeouts:
1) The first UDP retry we increase 500ms → 750ms. This is a good idea,
since some servers need relatively long responses for trivial lookups,
and giving up our first attempt also has the effect of trying a
different server for the next attempt which has the side effect that
we'll run two down-grade iterations in parallel, on both servers.
Hence, let's give servers a bit more time in the first iteration.
2) Permit 24 retries instead of just 16 per transactions. If we end up
downgrading all the way down to UDP for a lookup we already need 5
iterations for that. If we want permit a couple of lost packages for
each (let's say 4), then we already need 20 iterations.
3) Increase the overall query timeout on the service side to 60s (from
45s), simply because very long and slow DNSSEC + CNAME chains (such as
us.ynuf.alipay.com) hit this boundary too easily. The client side
timeout for the bus method call is increased to 90s, in order to have
room for the dbus reply to go through
|
|
Following our coding style on success we should initialize all return
parameters of a function. We missed to cases for dns_cache_lookup() (but
covered all others), fix them too.
|
|
This is the most important piece of information of replies, hence show
this in the first log message about it.
(Wireshark shows it too in the short summary, hence this definitely
makes sense...)
|
|
Retrying a transaction via TCP is a good approach for mitigating
packet loss. However, it's not a good away way to fix a bad RCODE if we
already downgraded to UDP level for it. Hence, don't do this.
This is a small tweak only, but shortens the time we spend on
downgrading when a specific domain continously returns a bad rcode.
|
|
Some domains (such as us.ynuf.alipay.com) almost appear as if they actively
want to sabotage our DNSSEC work. Specifically, they unconditionally
return SERVFAIL on SOA lookups and always only after a 1s delay (at
least). This is pretty bad for our validation logic, as we use SOA
lookups to distuingish zones from non-terminal names. Moreover, SERVFAIL
is an error that is typically returned if we send requests a server
doesn't grok, and thus is reason for us to downgrade our protocol and
try again. In case of these zones this means we'll accept the SERVFAIL
response only after a full iterative downgrade to our lowest feature
level: TCP. In combination with the 1s delays this has the effect of
making us hit our transaction timeout way to easily.
As first attempt to improve the situation: let's start caching SERVFAIL
responses in our cache, after the full downgrade for a short period of
time.
Conceptually this is exposed as "weird rcode" caching, but for now we
only consider SERVFAIL a "weird rcode" worthy of caching. Later on we
might want to add more.
|
|
When we are doing a TCP transaction the kernel will automatically resend
all packets for us, there's no need to do that ourselves. Hence:
increase the timeout for TCP transactions substantially, to give the
kernel enough time to connect to the peer, without interrupting it when
we become impatient.
|
|
There's no point in talking to a server in DNSSEC mode when we don't
actually want to verify anything.
See: #5352
|
|
authentication bool even on failure
Let's make sure that if we accept a query candidate, then let's also
propagate the authenticated flag for it, so that we can properly report
back to the clients whether lookups failed due to non-existance that can
be proven.
|
|
When we managed to prove non-existance of a name, then we should
properly propagate this to clients by setting the AD bit on NXDOMAIN.
See: #4621
|
|
Doesn't really change anything, but makes things a bit simpler to read.
|
|
The cache might contain all kinds of unauthenticated data that we really
shouldn't be using if we upgrade our feature level and suddenly are able
to get authenticated data again.
Might fix: #4866
|
|
For the wildcard NSEC check we need to generate an "asterisk" domain, by
prepend the common ancestor with "*.". So far we did that with a simple
strappenda() which is fine for most domains, but doesn't work if the
common ancestor is the root domain as we usually write that as "." in
normalized form, and "*." joined with "." is "*.." and not "*." as it
should be.
Hence, use the clean way out, let's just use dns_name_concat() which
only exists precisely for this reason, to properly concatenate labels.
There's a good chance this actually fixes #5029, as this NSEC proof is
triggered by lookups in the TLD "example", which doesn't exist in the
Internet.
|
|
This ensures that configured NTAs exclude not only the listed domain but
also all domains below it from DNSSEC validation -- except if a positive
trust anchor is defined below (as suggested by RFC7647, section 1.1)
Fixes: #5048
|
|
As the kernel won't map the UIDs this is simply not safe, and hence we
should generate a clean error and refuse it.
We can restore this feature later should a "shiftfs" become available in
the kernel.
|
|
Actually initialize the "error" structure with the error we got
|
|
This changes the file copy logic of machined to set the UID/GID of all
copied files to 0 if the host and container do not share the same user
namespace.
Fixes: #4078
|
|
This adds a unified "copy_flags" parameter to all copy_xyz() function
calls, replacing the various boolean flags so far used. This should make
many invocations more readable as it is clear what behaviour is
precisely requested. This also prepares ground for adding support for
more modes later on.
|
|
With this change we'll not show an "Addresses" field for machines that
we don't know any addresses for.
This changes print_addresses() to never suffix its output with a
newline, leaving that to the caller. That's a good idea since depending
on who the caller is, different rules apply: if no addresses are found,
then the list view still wants a newline, but the status view does not.
This also changes the function to return the number of found addresses,
which can be used to decide when to add a newline or not.
|
|
UID/GID mapping with userns can be arbitrarily complex. Let's break this
down to a single admin-friendly parameter: let's expose the UID/GID
shift of a container via a new bus call for each container, and let's
show this as part of "machinectl status" if it is not 0.
This should work for pretty much all real-life full OS container setups
(i.e. the stuff machined is suppose to be useful for). For everything
else we generate a clean error, clarifying that we can't expose the
mapping.
|
|
This changes resolved to use the compile-time fallback hostname the
configured one is not set. Note that if the local hostname is set to
"localhost" then we'll instead default to "linux" here, as for
mDNS/LLMNR exposing "localhost" is actively dangerous.
|
|
When /etc/hostname isn't set, default to the configured compile-time
fallback hostname instead of "localhost" for the kernel hostname.
|
|
gethostname_malloc()
Currently, if the hostname is not set gethostname_malloc() defaults to
the "sysname", which is "linux" on Linux. Let's change that to also
honour the compile-time fallback hostname as specified on the configure
command line.
|
|
Fix "make install-tests" when srcdir != builddir, fix valgrind-tests
|
|
We need this for multipath support without relying on NVMe to SCSI
translations.
Signed-off-by: Keith Busch <keith.busch@intel.com>
|
|
|
|
Also sort <refsynopsisdiv>.
|
|
|
|
Drop the TEST_DATA_DIR macro as this was using alloca() within a
function call which is allegedly unsafe. So add a "suffix" argument to
get_testdata_dir() instead and call that directly.
|
|
Rename get_exe_relative_testdata_dir() to get_testdata_dir() and move
the env var check into that, so that everything interesting happens at
the same place.
|
|
automake helpfully sets a few variables for during build. When our executable
is in a directory underneath $(abs_top_builddir), we know that we're in the
build environment $(abs_top_srcdir) contains the sources, and test data is
under $(abs_top_srcdir)/test. This remains true no matter where the build
directory is relative to the source directory. It also works if the test
executable is invoked as ./test-whatever or .libs/test-whatever, since the
relative path is not used at all.
When running from outside of the build directory, we should be running from the
installed location and we can look for ../testdata relative to the location of
the exe file.
Of course, $SYSTEMD_TEST_DATA always overrides this logic.
|
|
TEST_DIR is rather generic, and we prefix all variables used by installed
executables with "SYSTEMD_".
|
|
That way, if the test directory does not exist we don't leave behind
temporary files (as in that case or on test failure the cleanup actions
don't run).
|
|
When trying to directly run a test executable in the build tree without
setting $TEST_DIR, some tests fail with a non-obvious error message.
Print an useful one instead.
|
|
Otherwise we are missing $TEST_DIR for the test data and run the test
against the system-installed binaries and keyboard/locale maps.
|
|
Follow-up for 4f8425b8d5a3fb2e5ec24b77f1a7a95db55f532c
|
|
build-sys: treat journal-data/journal-[12].txt as TEST_DATA_FILES
|
|
This is a follow-up for #5359, fixing the error codes in a similar way
for the other NSS modules.
(user/group lookup calls don't have h_errnop, hence we don't update that
in those cases)
|
|
TEST_DATA_FILES
This is a follow-up for 625d8769fa6394a30
|
|
Fixes:
```
Found container virtualization none.
Assertion 'imp.fd >= 0' failed at ../src/test/test-journal-importer.c:43, function test_basic_parsing(). Aborting.
FAIL: test-journal-importer (code: 134)
```
See https://github.com/systemd/systemd/pull/5366#issuecomment-280353804
|
