| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Useful for testing a single module. If nothing is specified, behaviour is the
same as before.
$ ./test-nss myhostname 192.168.0.14 localhost
======== myhostname ========
_nss_myhostname_gethostbyname4_r("localhost") → status=NSS_STATUS_SUCCESS
pat=buffer+0x38 errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0
"localhost" AF_INET 127.0.0.1 %lo
"localhost" AF_INET6 ::1 %lo
_nss_myhostname_gethostbyname3_r("localhost", AF_INET) → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0
"localhost"
AF_INET 127.0.0.1
canonical: "localhost"
_nss_myhostname_gethostbyname3_r("localhost", AF_INET6) → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0
"localhost"
AF_INET6 ::1
canonical: "localhost"
_nss_myhostname_gethostbyname3_r("localhost", *) → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0
"localhost"
AF_INET 127.0.0.1
canonical: "localhost"
_nss_myhostname_gethostbyname3_r("localhost", AF_UNIX) → status=NSS_STATUS_UNAVAIL
errno=97/EAFNOSUPPORT h_errno=4/No address associated with name ttl=2147483647
_nss_myhostname_gethostbyname2_r("localhost", AF_INET) → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error)
"localhost"
AF_INET 127.0.0.1
_nss_myhostname_gethostbyname2_r("localhost", AF_INET6) → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error)
"localhost"
AF_INET6 ::1
_nss_myhostname_gethostbyname2_r("localhost", *) → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error)
"localhost"
AF_INET 127.0.0.1
_nss_myhostname_gethostbyname2_r("localhost", AF_UNIX) → status=NSS_STATUS_UNAVAIL
errno=97/EAFNOSUPPORT h_errno=4/No address associated with name
_nss_myhostname_gethostbyname_r("localhost") → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error)
"localhost"
AF_INET 127.0.0.1
_nss_myhostname_gethostbyaddr2_r("192.168.0.14") → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0
"laptop"
AF_INET 192.168.0.14
AF_INET 192.168.122.1
AF_INET 169.254.209.76
_nss_myhostname_gethostbyaddr_r("192.168.0.14") → status=NSS_STATUS_SUCCESS
errno=0/--- h_errno=0/Resolver Error 0 (no error)
"laptop"
AF_INET 192.168.0.14
AF_INET 192.168.122.1
AF_INET 169.254.209.76
|
|
core: add new RestrictNamespaces= unit file setting
Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
|
|
Format string tweaks (and a small fix on 32bit)
|
|
We don't have plural in the name of any other -util files and this
inconsistency trips me up every time I try to type this file name
from memory. "formats-util" is even hard to pronounce.
|
|
|
|
This new setting permits restricting whether namespaces may be created and
managed by processes started by a unit. It installs a seccomp filter blocking
certain invocations of unshare(), clone() and setns().
RestrictNamespaces=no is the default, and does not restrict namespaces in any
way. RestrictNamespaces=yes takes away the ability to create or manage any kind
of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces
so that only mount and IPC namespaces may be created/managed, but no other
kind of namespaces.
This setting should be improve security quite a bit as in particular user
namespacing was a major source of CVEs in the kernel in the past, and is
accessible to unprivileged processes. With this setting the entire attack
surface may be removed for system services that do not make use of namespaces.
|
|
Tree wide cleanups
|
|
|
|
|
|
This is a follow-up for 6309e51ea32d64524431ee65c49eecd44390da8f and makes sure
we compare test results with the right user identifier.
|
|
"Secondary arch" table for mips is entirely speculative…
|
|
A pendant for #4481.
|
|
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
|
|
|
|
This can be useful to silence warnings about units which fail in userns
container.
|
|
In case of running test-execute on systems with systemd < v232, several
tests like privatedevices or protectkernelmodules fail because
/run/systemd/inaccessible/ doesn't exist. In these cases, we should skip
tests to avoid unnecessary errors.
See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566
|
|
This validates the system call set table and many of our seccomp-util.c APIs.
|
|
Commandline parsing simplification and udev fix
|
|
test: lets add more tests to cover SupplementaryGroups= cases.
|
|
|
|
Introduce a new enum to get rid of some boolean arguments of unit_file_*
functions. It unifies the code, makes it a bit cleaner and extensible.
|
|
|
|
|
|
|
|
This makes strjoin and strjoina more similar and avoids the useless final
argument.
spatch -I . -I ./src -I ./src/basic -I ./src/basic -I ./src/shared -I ./src/shared -I ./src/network -I ./src/locale -I ./src/login -I ./src/journal -I ./src/journal -I ./src/timedate -I ./src/timesync -I ./src/nspawn -I ./src/resolve -I ./src/resolve -I ./src/systemd -I ./src/core -I ./src/core -I ./src/libudev -I ./src/udev -I ./src/udev/net -I ./src/udev -I ./src/libsystemd/sd-bus -I ./src/libsystemd/sd-event -I ./src/libsystemd/sd-login -I ./src/libsystemd/sd-netlink -I ./src/libsystemd/sd-network -I ./src/libsystemd/sd-hwdb -I ./src/libsystemd/sd-device -I ./src/libsystemd/sd-id128 -I ./src/libsystemd-network --sp-file coccinelle/strjoin.cocci --in-place $(git ls-files src/*.c)
git grep -e '\bstrjoin\b.*NULL' -l|xargs sed -i -r 's/strjoin\((.*), NULL\)/strjoin(\1)/'
This might have missed a few cases (spatch has a really hard time dealing
with _cleanup_ macros), but that's no big issue, they can always be fixed
later.
|
|
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
|
|
No functional change.
|
|
|
|
Fixes:
```
==10750==
==10750== HEAP SUMMARY:
==10750== in use at exit: 96 bytes in 3 blocks
==10750== total heap usage: 1,711 allocs, 1,708 frees, 854,545 bytes
allocated
==10750==
==10750== 96 (64 direct, 32 indirect) bytes in 1 blocks are definitely
lost in loss record 3 of 3
==10750== at 0x4C2DA60: calloc (vg_replace_malloc.c:711)
==10750== by 0x4EB3BDA: calendar_spec_from_string
(calendarspec.c:771)
==10750== by 0x109675: test_hourly_bug_4031 (test-calendarspec.c:118)
==10750== by 0x10A00E: main (test-calendarspec.c:202)
==10750==
==10750== LEAK SUMMARY:
==10750== definitely lost: 64 bytes in 1 blocks
==10750== indirectly lost: 32 bytes in 2 blocks
==10750== possibly lost: 0 bytes in 0 blocks
==10750== still reachable: 0 bytes in 0 blocks
==10750== suppressed: 0 bytes in 0 blocks
==10750==
==10750== For counts of detected and suppressed errors, rerun with: -v
==10750== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
```
|
|
Various install-related tweaks
|
|
When a unit file is invalid, we'd return an error without any details:
$ systemctl --root=/ enable testing@instance.service
Failed to enable: Invalid argument.
Fix things to at least print the offending file name:
$ systemctl enable testing@instance.service
Failed to enable unit: File testing@instance.service: Invalid argument
$ systemctl --root=/ enable testing@instance.service
Failed to enable unit, file testing@instance.service: Invalid argument.
A real fix would be to pass back a proper error message from conf-parser.
But this would require major surgery, since conf-parser functions now
simply print log errors, but we would need to return them over the bus.
So let's just print the file name, to indicate where the error is.
(Incomplete) fix for #4210.
|
|
Apparently this works just fine, so the issue in #4031 is elsewhere.
|
|
endocode/djalal/sandbox-first-protection-kernelmodules-v1
core:sandbox: Add ProtectKernelModules= and some fixes
|
|
Fixes: #4181
|
|
propagation
|
|
Lets go further and make /lib/modules/ inaccessible for services that do
not have business with modules, this is a minor improvment but it may
help on setups with custom modules and they are limited... in regard of
kernel auto-load feature.
This change introduce NameSpaceInfo struct which we may embed later
inside ExecContext but for now lets just reduce the argument number to
setup_namespace() and merge ProtectKernelModules feature.
|
|
|
|
This just adds capabilities test.
|
|
Add an "invocation ID" concept to the service manager
|
|
This is a bit crude and only works for new systemd versions which
have libsystemd-shared.
|
|
Let's make sure people invoking STRV_FOREACH_BACKWARDS() as a single statement
of an if statement don't fall into a trap, and find the tail for the list via
strv_length().
|
|
If the new item is inserted before the first item in the list, then the
head must be updated as well.
Add a test to the list unit test to check for this.
|
|
core:sandbox: Add new ProtectKernelTunables=, ProtectControlGroups=, ProtectSystem=strict and fixes
|
|
propagation
Better safe.
|
|
|
|
|
