Age | Commit message (Collapse) | Author |
|
Fix issue where IN6_ADDR_GEN_MODE_STABLE_PRIVACY is undefined but
IFLA_INET6_ADDR_GEN_MODE is defined and thus the former does not get
fixed in missing.h. This occurs with kernel headers new enough to have
the IFLA_INET6_ADDR_GEN_MODE but old enough to not yet have
IN6_ADDR_GEN_MODE_STABLE_PRIVACY (e.g. 3.18).
|
|
Syscall filter fixes, tighter nspawn seccomp sandbox by default
|
|
Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
|
|
More verbose logging in localed, unit tests, and a few tweaks to keymap conversions
|
|
Let's block access to the kernel keyring and a number of obsolete system calls.
Also, update list of syscalls that may alter the system clock, and do raw IO
access. Filter ptrace() if CAP_SYS_PTRACE is not passed to the container and
acct() if CAP_SYS_PACCT is not passed.
This also changes things so that kexec(), some profiling calls, the swap calls
and quotactl() is never available to containers, not even if CAP_SYS_ADMIN is
passed. After all we currently permit CAP_SYS_ADMIN to containers by default,
but these calls should not be available, even then.
|
|
This adds three new seccomp syscall groups: @keyring for kernel keyring access,
@cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and
suchlike, and @debug for ptrace() and related calls.
Also, the @clock group is updated with more syscalls that alter the system
clock. capset() is added to @privileged, and pciconfig_iobase() is added to
@raw-io.
Finally, @obsolete is a cleaned up. A number of syscalls that never existed on
Linux and have no number assigned on any architecture are removed, as they only
exist in the man pages and other operating sytems, but not in code at all.
create_module() is moved from @module to @obsolete, as it is an obsolete system
call. mem_getpolicy() is removed from the @obsolete list, as it is not
obsolete, but simply a NUMA API.
|
|
|
|
Follow-up for #3502.
|
|
Enhance test-process-util to take the PID to look at
|
|
Not every link has kind associated with it.
(gdb) r
Starting program: /home/sus/tt/systemd/systemd-networkd
Missing separate debuginfos, use: dnf debuginfo-install
glibc-2.23.1-7.fc24.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
vboxnet0: Gained IPv6LL
wlp3s0: Gained IPv6LL
enp0s25: Gained IPv6LL
Enumeration completed
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e27ade in __strcmp_sse2_unaligned () from /lib64/libc.so.6
(gdb) bt
src/network/networkd-link.c:2008
src/network/networkd-link.c:2059
src/network/networkd-link.c:2442
m=0x555555704a30, userdata=0x55555570bfe0) at src/network/networkd-link.c:2497
at src/libsystemd/sd-netlink/sd-netlink.c:347
src/libsystemd/sd-netlink/sd-netlink.c:402
src/libsystemd/sd-netlink/sd-netlink.c:432
userdata=0x5555556f7470) at src/libsystemd/sd-netlink/sd-netlink.c:739
src/libsystemd/sd-event/sd-event.c:2275
src/libsystemd/sd-event/sd-event.c:2626
timeout=18446744073709551615) at src/libsystemd/sd-event/sd-event.c:2685
bus=0x5555556f9af0, name=0x555555692315 "org.freedesktop.network1",
timeout=30000000,
check_idle=0x55555556ac84 <manager_check_idle>, userdata=0x5555556f6b20) at
src/shared/bus-util.c:134
src/network/networkd-manager.c:1128
src/network/networkd.c:127
(gdb) f 1
src/network/networkd-link.c:2008
2008 if (link->network->bridge || streq("bridge", link->kind)) {
(gdb) p link->kind
$1 = 0x0
|
|
safe_atou32 (#3522)
|
|
Move the merger of environment variables before setting up the PAM
session and pass the aggregate environment to PAM setup. This allows
control over the PAM session hooks through environment variables.
PAM session initiation may update the environment. On successful
initiation of a PAM session, we adopt the environment of the
PAM context.
|
|
... as well as halt/poweroff/kexec/suspend/hibernate/hybrid-sleep.
Running those commands will fail in user mode, but we try to set the wall
message first, which might even succeed for privileged users. Best to nip
the whole sequence in the bud.
https://github.com/systemd/systemd/pull/3453#issuecomment-225455156
|
|
Our functions that query /proc/pid/ support using pid==0 to mean
self. get_process_id also seemed to support that, but it was not implemented
correctly: the result should be in *uid, not returned, and also it gave
completely bogus result when called from get_process_gid(). But afaict,
get_process_{uid,gid} were never called with pid==0, so it's not an actual
bug. Remove the broken code to avoid confusion.
|
|
This makes it easy to test the query code on "ssh localhost"
and similar.
|
|
This fixes a bunch of copy&paste errors in the output.
|
|
If max_length is equal or greater than cmdline length all trailing non-printable
characters are dropped. If max_length is 0 it should do the same.
This should also fix cmdline truncation if the last character is not '\0'.
Fixes #3469.
|
|
resolved: allow clients request cache flushes
|
|
Fixes #3353.
|
|
use config_parse_vlanid to parse vlan for BridgeFDB entries
|
|
cleanup minor nitpicks mentioned in #3428
|
|
|
|
This adds (undocumented) environment variables SYSTEMD_KBD_MODEL_MAP
and SYSTEMD_LANGUAGE_FALLBACK_MAP, which, if set, override compiled-in
locations of those two files.
Instead of skipping tests when the maps are not installed, just use
the one from the source dir. We still cannot do the mappings the other
way if /usr/lib/kbd/keymaps is not present, so truncate the tests in
that case.
Also tweak the debug messages a bit to make it easier to see
which function is failing.
|
|
Previously, we checked only for the various SetLinkXYZ() calls on the Manager
object exposed on the bus if the specified interface is managed/unmanaged by
networkd (as we don't permit overriding DNS configuration via bus calls if
networkd owns the device), but the equivalent SetXYZ() calls on the Link object
did not have such a check. Fix that by moving the appropriate check into the
latter, as the former just calls that anyway.
|
|
And expose it in "resolve-tool --flush-caches".
|
|
|
|
yet (#3499)
Corrects: 1b566071
Also see: https://github.com/systemd/systemd/pull/3478#issuecomment-225008542
|
|
Reloading or reexecuting PID 1 means the unit generators are rerun, which are
timed out at 90s. Make sure the method call asking for the reload is timed out
at twice that, so that the generators have 90s and the reload operation has 90s
too.
This reworks the daemon_reload() call in systemctl, and makes it exclusively
about reloading/reexecing. Previously it was used for other trivial method
calls too, which didn't really help readability. As the code paths are now
sufficiently different, split out the old code into a new function
trivial_method().
This call also does a similar change as
c8ad4efb277c3235d58789170af11bb3c847d655 but for the reload/reexec operation.
Fixes: #3353
|
|
For legacy commands such as /sbin/halt or /sbin/poweroff we support legacy
fallbacks that talk via traditional SysV way with PID 1 to issue the desired
operation. We do this on any kind of error if the primary method of operation
fails. When this is the case we suppress any error message that is normally
generated, in order to not confuse the user. When suppressing this log message,
don't suppress the original error code, because there's really no reason to.
|
|
|
|
This patch implements the new magic character '!'. By putting '!' in front
of a command, systemd executes it with full privileges ignoring paramters
such as User, Group, SupplementaryGroups, CapabilityBoundingSet,
AmbientCapabilities, SecureBits, SystemCallFilter, SELinuxContext,
AppArmorProfile, SmackProcessLabel, and RestrictAddressFamilies.
Fixes partially https://github.com/systemd/systemd/issues/3414
Related to https://github.com/coreos/rkt/issues/2482
Testing:
1. Create a user 'bob'
2. Create the unit file /etc/systemd/system/exec-perm.service
(You can use the example below)
3. sudo systemctl start ext-perm.service
4. Verify that the commands starting with '!' were not executed as bob,
4.1 Looking to the output of ls -l /tmp/exec-perm
4.2 Each file contains the result of the id command.
`````````````````````````````````````````````````````````````````
[Unit]
Description=ext-perm
[Service]
Type=oneshot
TimeoutStartSec=0
User=bob
ExecStartPre=!/usr/bin/sh -c "/usr/bin/rm /tmp/exec-perm*" ;
/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-pre"
ExecStart=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start" ;
!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-star-2"
ExecStartPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-post"
ExecReload=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-reload"
ExecStop=!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop"
ExecStopPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop-post"
[Install]
WantedBy=multi-user.target]
`````````````````````````````````````````````````````````````````
|
|
This the patch implements a notificaiton mechanism from the init process
in the container to systemd-nspawn.
The switch --notify-ready=yes configures systemd-nspawn to wait the "READY=1"
message from the init process in the container to send its own to systemd.
--notify-ready=no is equivalent to the previous behavior before this patch,
systemd-nspawn notifies systemd with a "READY=1" message when the container is
created. This notificaiton mechanism uses socket file with path relative to the contanier
"/run/systemd/nspawn/notify". The default values it --notify-ready=no.
It is also possible to configure this mechanism from the .nspawn files using
NotifyReady. This parameter takes the same options of the command line switch.
Before this patch, systemd-nspawn notifies "ready" after the inner child was created,
regardless the status of the service running inside it. Now, with --notify-ready=yes,
systemd-nspawn notifies when the service is ready. This is really useful when
there are dependencies between different contaniers.
Fixes https://github.com/systemd/systemd/issues/1369
Based on the work from https://github.com/systemd/systemd/pull/3022
Testing:
Boot a OS inside a container with systemd-nspawn.
Note: modify the commands accordingly with your filesystem.
1. Create a filesystem where you can boot an OS.
2. sudo systemd-nspawn -D ${HOME}/distros/fedora-23/ sh
2.1. Create the unit file /etc/systemd/system/sleep.service inside the container
(You can use the example below)
2.2. systemdctl enable sleep
2.3 exit
3. sudo systemd-run --service-type=notify --unit=notify-test
${HOME}/systemd/systemd-nspawn --notify-ready=yes
-D ${HOME}/distros/fedora-23/ -b
4. In a different shell run "systemctl status notify-test"
When using --notify-ready=yes the service status is "activating" for 20 seconds
before being set to "active (running)". Instead, using --notify-ready=no
the service status is marked "active (running)" quickly, without waiting for
the 20 seconds.
This patch was also test with --private-users=yes, you can test it just adding it
at the end of the command at point 3.
------ sleep.service ------
[Unit]
Description=sleep
After=network.target
[Service]
Type=oneshot
ExecStart=/bin/sleep 20
[Install]
WantedBy=multi-user.target
------------ end ------------
|
|
networkd: add support to configure VLAN on bridge ports
|
|
Fix issue where the *Network passed via userdata is being offset
by offsetof(Network, matchmac) leading to incorrect values being
exposed in dbus.
|
|
|
|
|
|
networkd: rename IPv6AcceptRouterAdvertisements to IPv6AcceptRA
|
|
Let's add a generic parser for VLAN ids, which should become handy as
preparation for PR #3428. Let's also make sure we use uint16_t for the vlan ID
type everywhere, and that validity checks are already applied at the time of
parsing, and not only whne we about to prepare a netdev.
Also, establish a common definition VLANID_INVALID we can use for
non-initialized VLAN id fields.
|
|
Now we don't support parsing double at map_basic.
when trying to use bus_message_map_all_properties with a double
this fails. Let's add it.
|
|
The flags check was accidentally placed in the ESP if block, but should be in
the root if block.
This corrects: 0238d4c660e732dd03ba0cdb54a29ec5870ee849
Fixes: #3440
Also see: #3441
|
|
an instance (#3451)
Corrects: 7aad67e7
Fixes: #3438
|
|
resolved: support IPv6 DNS servers on the local link
|
|
it (#3457)
Let's add an extra safety check before we chmod/chown a TTY to the right user,
as we might end up having connected something to STDIN/STDOUT that is actually
not a TTY, even though this might have been requested, due to permissive
StandardInput= settings or transient service activation with fds passed in.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=85255
|
|
put limits on addresses and routers per link and per network
|
|
|
|
|
|
The changes in 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f weren't complete, only
half the code that dealt with K links was removed. This is a follow-up patch
that removes the rest too.
No functional changes.
|
|
-bash-4.3# rm /etc/udev/hwdb.bin
-bash-4.3# systemd-hwdb update
-bash-4.3# ls -Z /etc/udev/hwdb.bin
system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin
Fixes: #3458
|
|
The long name is just too hard to type. We generally should avoid using
acronyms too liberally, if they aren't established enough, but it appears that
"RA" is known well enough. Internally we call the option "ipv6_accept_ra"
anyway, and the kernel also exposes it under this name. Hence, let's rename the
IPv6AcceptRouterAdvertisements= setting and the
[IPv6AcceptRouterAdvertisements] section to IPv6AcceptRA= and [IPv6AcceptRA].
The old setting IPv6AcceptRouterAdvertisements= is kept for compatibility with
older configuration. (However the section [IPv6AcceptRouterAdvertisements] is
not, as it was never available in a published version of systemd.
|
|
timestamping improvements and IPv6 RA revamp
|