| Age | Commit message (Collapse) | Author |
|---|
|
Let's make the error message less confusing here.
Fixes: #4954
|
|
nss user/group name validation fixes
|
|
Fixes: #4987
|
|
EINVAL
It's not our business to validate invalid user/group names or UID/GID.
Ideally, libc would filter these out, but they don't, hence we have to
filter, but let's not propagate this as error, but simply as "not found"
to the caller.
User name rules are pretty vaguely defined, and the rules defined by
POSIX clash with reality quite heavily (for example, utmp doesn't offer
enough room for user name length, and /usr/bin/chown permits separating
user/group names by a single dot, even though POSIX allows dots being
used in user/group names themselves.) We enforce stricter rules than
POSIX for good reason, and hence in doing so we should not categorically
return EINVAL on stuff we don't consider valid, but other components
might.
Fixes: #4983
|
|
|
|
"%d (%m) %s\n" crashes asan: https://github.com/google/sanitizers/issues/759
So, let's place %m after %s
Fixes:
```
$ ./libtool --mode=execute ./test-selinux
...
============ test_misc ==========
ASAN:DEADLYSIGNAL
=================================================================
==2981==ERROR: AddressSanitizer: SEGV on unknown address 0x000041b58ab3 (pc 0x7fd9c55a0eb2 bp 0x7fffdc2f9640 sp 0x7fffdc2f8d68 T0)
#0 0x7fd9c55a0eb1 (/lib64/libasan.so.3+0xdeeb1)
#1 0x7fd9c5550bbf (/lib64/libasan.so.3+0x8ebbf)
#2 0x7fd9c5552cdd in __interceptor_vsnprintf (/lib64/libasan.so.3+0x90cdd)
#3 0x7fd9c5063715 in log_internalv src/basic/log.c:680
#4 0x7fd9c506390a in log_internal src/basic/log.c:697
#5 0x561d398181a2 in test_misc src/test/test-selinux.c:81
#6 0x561d398185e8 in main src/test/test-selinux.c:117
#7 0x7fd9c493a400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#8 0x561d39817859 in _start (/home/vagrant/systemd-asan/.libs/lt-test-selinux+0x1859)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.3+0xdeeb1)
==2981==ABORTING
```
|
|
Print addresses returns EOPNOTSUPP, not ENOSYS, when trying to print
addresses for non-container machines.
|
|
The journalctl man page says: "-m, --merge Show entries interleaved from all
available journals, including remote ones.", but current version of journalctl
doesn't live up to this promise. This patch simply adds
"/var/log/journal/remote" to search path if --merge flag is used.
Should fix issue #3618
|
|
Rename the arp proxy option to IPv4ProxyARP= in order to clarify
its relationship to IPv4, and map to the various IPv6 options we have.
Fixes: #4768
|
|
Fix wrong condition test in manager_etc_hosts_lookup(), which caused it to
return an IPv4 answer when an IPv6 question was asked, and vice versa.
Also only return success if we actually found any A or AAAA record.
In systemd-resolved.service(8), point out that /etc/hosts mappings only
affect address-type lookups, not other types.
The test case currently disables DNSSEC in resolved, as there is a bug
where "-t MX" fails due to "DNSSEC validation failed" even after
"downgrading to non-DNSSEC mode". This should be dropped once that bug
gets fixed.
Fixes #4801
|
|
active_slave:
Specifies the new active slave for modes that support it
(active-backup, balance-alb and balance-tlb).
primary slave:
systemd-networks currently lacks the capability to set the primary slave
in an
active-backup bonding. This is necessary if you prefer one interface
over the
other. A common example is a eth0-wlan0 bonding on a laptop where you'd
want to
switch to the wired connection whenever it's available.
Fixes: #2837
|
|
Fixes: #4768
|
|
Fixes:
```
sudo ./libtool --mode=execute valgrind --leak-check=full ./systemd-nspawn -D ./CONT/ -b
...
==21224== 2,444 (656 direct, 1,788 indirect) bytes in 1 blocks are definitely lost in loss record 13 of 15
==21224== at 0x4C2FA50: calloc (vg_replace_malloc.c:711)
==21224== by 0x4F6F565: sd_event_new (sd-event.c:431)
==21224== by 0x1210BE: run (nspawn.c:3351)
==21224== by 0x123908: main (nspawn.c:3826)
==21224==
==21224== LEAK SUMMARY:
==21224== definitely lost: 656 bytes in 1 blocks
==21224== indirectly lost: 1,788 bytes in 11 blocks
==21224== possibly lost: 0 bytes in 0 blocks
==21224== still reachable: 8,344 bytes in 3 blocks
==21224== suppressed: 0 bytes in 0 blocks
```
Closes #4934
|
|
|
|
Check if the parsed seconds value fits in an integer *after*
multiplying by USEC_PER_SEC, otherwise a large value can trigger
modulo by zero during normalization.
|
|
- linux does not accept prefixes for SLAAC unequal to 64 bits: http://lxr.free-electrons.com/source/net/ipv6/addrconf.c#L2741
- when networkd tries export such a route to the kernel it will get -EINVAL and
set the whole device into a failed state.
- this patch will make networkd ignore such prefixes for SLAAC,
but process other informations which may contain other prefixes.
- Note that rfc4862 does not forbid prefix length != 64 bit
|
|
calendarspec: allow repetition values with ranges
|
|
Core was generated by `systemctl cat test@.target test@.service'.
Program terminated with signal SIGSEGV, Segmentation fault.
32 movdqu (%rdi), %xmm0
(gdb) bt
-0 strrchr () at ../sysdeps/x86_64/strrchr.S:32
-1 0x00007f57fdf837fe in __GI___basename (filename=0x0) at basename.c:24
-2 0x000055b8a77d0d91 in unit_find_paths (bus=0x55b8a9242f90, unit_name=0x55b8a92428f0 "test@.service", lp=0x7ffdc9070400, fragment_path=0x7ffdc90703e0, dropin_paths=0x7ffdc90703e8) at src/systemctl/systemctl.c:2584
-3 0x000055b8a77dbae5 in cat (argc=3, argv=0x7ffdc9070678, userdata=0x0) at src/systemctl/systemctl.c:5324
-4 0x00007f57fe55fc6b in dispatch_verb (argc=5, argv=0x7ffdc9070668, verbs=0x55b8a77f1c60 <verbs>, userdata=0x0) at src/basic/verbs.c:92
-5 0x000055b8a77e477f in systemctl_main (argc=5, argv=0x7ffdc9070668) at src/systemctl/systemctl.c:8141
-6 0x000055b8a77e5572 in main (argc=5, argv=0x7ffdc9070668) at src/systemctl/systemctl.c:8412
The right behaviour is not easy in this case. Implement some "sensible" logic.
Fixes #4912.
|
|
At least bird's implementation of router advertisement does not
set MTU option by default (instead it supplies an option to the user).
In this case just leave MTU as it is.
|
|
That message is emitted by every systemd instance on every resume:
Dec 06 08:03:38 laptop systemd[1]: Time has been changed
Dec 06 08:03:38 laptop systemd[823]: Time has been changed
Dec 06 08:03:38 laptop systemd[916]: Time has been changed
Dec 07 08:00:32 laptop systemd[1]: Time has been changed
Dec 07 08:00:32 laptop systemd[823]: Time has been changed
Dec 07 08:00:32 laptop systemd[916]: Time has been changed
-- Reboot --
Dec 07 08:02:46 laptop systemd[836]: Time has been changed
Dec 07 08:02:46 laptop systemd[1]: Time has been changed
Dec 07 08:02:46 laptop systemd[926]: Time has been changed
Dec 07 19:48:12 laptop systemd[1]: Time has been changed
Dec 07 19:48:12 laptop systemd[836]: Time has been changed
Dec 07 19:48:12 laptop systemd[926]: Time has been changed
...
Fixes #4896.
|
|
|
|
691b90d465 fixed one spot, but missed the other one.
|
|
|
|
Also free the allocated memory before exiting.
|
|
|
|
This means that callers can distiguish an error from flags==0,
and don't have to special-case the empty string.
|
|
Various smaller fixes
|
|
Even if pressing Ctrl-c after spawning gdb with "coredumpctl gdb" is not really
useful, we should let gdb handle the signal entirely otherwise the user can be
suprised to see a different behavior when gdb is started by coredumpctl vs when
it's started directly.
Indeed in the former case, gdb exits due to coredumpctl being killed by the
signal.
So this patch makes coredumpctl ignore SIGINT as long as gdb is running.
|
|
|
|
value/range_end -> start/stop
|
|
"Every other hour from 9 until 5" can be written as
`9..17/2:00` instead of `9,11,13,15,17:00`
|
|
(#4515)
Since commit 9d06297, mount units from mountinfo are not bound to their devices
anymore (they use the "Requires" dependency instead).
This has the following drawback: if a media is mounted and the eject button is
pressed then the media is unconditionally ejected leaving some inconsistent
states.
Since udev is the component that is reacting (no matter if the device is used
or not) to the eject button, users expect that udev at least try to unmount the
media properly.
This patch introduces a new property "SYSTEMD_MOUNT_DEVICE_BOUND". When set on
a block device, all units that requires this device will see their "Requires"
dependency upgraded to a "BindTo" one. This is currently only used by cdrom
devices.
This patch also gives the possibility to the user to restore the previous
behavior that is bind a mount unit to a device. This is achieved by passing the
"x-systemd.device-bound" option to mount(8). Please note that currently this is
not working because libmount treats the x-* options has comments therefore
they're not available in utab for later application retrievals.
|
|
|
|
socket_find_symlink_target() returns a pointer to
p->address.sockaddr.un.sun_path when the first byte is non-zero without
checking that this is AF_UNIX socket. Since sockaddr is a union this
byte could be non-zero for AF_INET sockets.
Existing callers happen to be safe but is an accident waiting to happen.
Use socket_address_get_path() since it checks for AF_UNIX.
|
|
This prevents memory leaks on strings like `*~*-*`.
Fixes #4887
|
|
PR_SET_MM_ARG_START allows us to relatively cleanly implement process renaming.
However, it's only available with privileges. Hence, let's try to make use of
it, and if we can't fall back to the traditional way of overriding argv[0].
This removes size restrictions on the process name shown in argv[] at least for
privileged processes.
|
|
We used the wrong return value in one case, so that our translations were
thrown away.
While we are at it, make sure to always initialize *ret on successful function
exits.
Fixes: #4762
|
|
Fixes: #4823
|
|
Fixes: #4660
|
|
The container detection code in virt.c we ship checks for /proc/1/environ,
looking for "container=" in it. Let's make sure our "-a" init stub exposes that
correctly.
Without this "systemd-detect-virt" run in a "-a" container won't detect that it
is being run in a container.
|
|
Previously, systemd-detect-virt was unable to detect "systemd-nspawn -a"
container environments, i.e. where PID 1 is a stub process running in host
context, as in that case /proc/1/environ was inherited from the host. Let's
improve that, and add an additional check for container environments where
/proc/1/environ is not cleaned up and does not contain the $container
environment variable:
The /proc/1/sched file shows the host PID in the first line. if this is not
1, we know we are running in a PID namespace (but not which implementation).
With these changes we should be able to detect container environments that
don't set $container at all.
|
|
Fixes #1188.
|
|
test-fs-util: fix memleak
|
|
Otherwise we might get started too early.
|
|
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider
them managed by something else and do not add automatic ordering against
umount.target, local-fs.target, remote-fs.target.
Extrinsic mounts are considered:
- All mounts if we are running in --user mode
- API mounts such as everything below /proc, /sys, /dev, which exist from
earliest boot to latest shutdown.
- All mounts marked as initrd mounts, if we run on the host
- The initrd's private directory /run/initrams that should survive until last
reboot.
This primarily merges a couple of different exclusion lists into a single
concept.
|
|
also ordered against it
Let's tweak the automatic dependency generation of target units: not only add a
Conflicts= towards shutdown.target but also an After= line for it, so that we
can be sure the new target is not started when the old target is still up.
Discovered in the context of #4733
(Also, exclude dependency generation if for shutdown.target itself. — This is
strictly speaking redundant, as unit_add_two_dependencies_by_name() detects
that and becomes a NOP, but let's make this explicit for readability.)
|
|
Let's be a bit more careful when detecting chroot() environments, so that we
can discern them from namespaced environments.
Previously this would simply check if the root directory of PID 1 matches our
own root directory. With this commit, we also check whether the namespaces of
PID 1 and ourselves are the same. If not we assume we are running inside of a
namespaced environment instead of a chroot() environment.
This has the benefit that systemctl (which uses running_in_chroot()) will work
as usual when invoked in a namespaced service.
|
|
set up a per-service session kernel keyring, and store the invocation ID in it
|
|
Fixes:
```
$ ./libtool --mode=execute valgrind --leak-check=full ./test-fs-util
...
==22871==
==22871== 27 bytes in 1 blocks are definitely lost in loss record 1 of 1
==22871== at 0x4C2FC47: realloc (vg_replace_malloc.c:785)
==22871== by 0x4E86D05: strextend (string-util.c:726)
==22871== by 0x4E8F347: chase_symlinks (fs-util.c:712)
==22871== by 0x109EBF: test_chase_symlinks (test-fs-util.c:75)
==22871== by 0x10C381: main (test-fs-util.c:305)
==22871==
```
Closes #4888
|
|
Fixes: #4402
|
