Florian Schmaus [Fri, 10 Nov 2023 10:44:09 +0000 (11:44 +0100)]
cgroup: add support for memory.swap.current
In systemctl-show we only show current swap if ever swapped or non-zero. This
reduces the noise on swapless systems, that would otherwise always show a swap
value that never has the chance to become non-zero. It further reduces the
noise for services that never swapped.
Florian Schmaus [Thu, 9 Nov 2023 07:59:59 +0000 (08:59 +0100)]
core: fix array size in unit_log_resources()
In 0531bded79dc ("core: include peak memory in unit_log_resources()") new log
messages where added, however the size of the according arrays to hold the
messages was not adjusted.
Fixes: 0531bded79dc ("core: include peak memory in unit_log_resources()")
test: use Type=notify together with `busctl monitor`
Let's use the newly gained feature of `busctl` and start is as a
Type=notify unit, which should make sure the unit is started only after
`busctl` is on the bus listening for messages.
This should help with a race spotted in CIs, where we continued too
early after starting `busctl monitor` and miss the emitted signals:
This is pretty much the same stuff as `resolvectl monitor` does, and
allows us to run `busctl monitor` in a Type=notify unit which ensures
that `busctl` is really listening for messages once the unit is marked
as started.
Currently test_setpriority_closest assumes that setting RLIMIT_NICE to 30 will
fail if the process is unprivileged. If it succeeds, it assumes that the
process is privileged and setresuid and setresgid will succeed.
However, if RLIMIT_NICE is already >= 30, then setrlimit will succeed even if
the process is unprivileged. Guard against that by checking for permission
errors in setresuid and setresgid and skipping the full test if so.
Felix Dörre [Fri, 18 Aug 2023 08:00:40 +0000 (10:00 +0200)]
journalctl: verify sealed log epochs are continuous
Currently empty epochs are not sealed. This allows an attacker to truncate
a sealed log and continue it without any problems showing when verifying the
log.
This partially addresses CVE-2023-31438. One way to extend this change to
address CVE-2023-31438 completely, would be to verify that there is exactly
one seal per epoch (and not sealing when the epoch has not ended yet).
the change also adds a journal-file flag: HEADER_COMPATIBLE_SEALED_CONTINUOUS
this flag indicates that a journal file is sealed continuously and decides whether
any missing crypto epochs should trigger a warning or an error.
Mike Yuan [Wed, 8 Nov 2023 17:10:06 +0000 (01:10 +0800)]
fd-util: refuse O_CREAT in fd_reopen
O_CREAT doesn't make sense for fd_reopen, since we're
working on an already opened fd. Also, in fd_reopen
we don't handle the mode parameter of open(2), which
means we may get runtime error like #29938.
Yu Watanabe [Wed, 8 Nov 2023 13:59:33 +0000 (22:59 +0900)]
network: use Kind= instead of Driver=
networkd ignores errors in reading driver through ethtool. The kind of
network interface is retrieved through netlink, and networkd checks
checks many failures. So, using Kind= should be safer.
David Tardon [Wed, 8 Nov 2023 13:41:28 +0000 (14:41 +0100)]
udev-manager: actually remove the property
AFAICT there's no reason to keep removed entries in the Hashmap
(although it doesn't break anything either). The only use of this
hashmap is in udev_rule_apply_token_to_event(), which just retrieves the
value using hashmap_get(), hence there's no difference there between an
existing entry with a NULL value and a missing entry.
Yu Watanabe [Wed, 8 Nov 2023 11:55:50 +0000 (20:55 +0900)]
resolve/mdns: split out mdns_make_dummy_packet()
Then, this fixes the following issues:
- if dns_packet_append_zone() for other transaction is failed with
EMSGSIZE, the previously added key was not removed,
- if dns_transaction_prepare() for other transaction returns 0, then
we restated the loop without dropping previously appended keys, which
might not be necessary any more.
This completes/corrects the documentation for the following fields:
COREDUMP_CGROUP= - doc where wrong, actually covered COREDUMP_PROC_CGROUP=
COREDUMP_CMDLINE= → undocumented so far
COREDUMP_PROC_CGROUP= → docs where there but incorrectly assigned to COREDUMP_CGROUP=
COREDUMP_PROC_AUXV= → undocumented so far
COREDUMP_SESSION= → undocumented so far
41e4ce06fe shortened existing sleeps, which resulted in the check being
sometimes done before the property had a chance to update. Let's do what
what we do with the rest of the checks and retry it a couple of times.
Yu Watanabe [Wed, 8 Nov 2023 04:49:03 +0000 (13:49 +0900)]
sd-dhcp-client,-server: set timestamp based on the time when received a packet
It seems that RFC does not say anything about the timestamp of lease
we should use: time that the client sent a request or received a reply.
In DHCPv6 client and NDisc, we use a timestamp that we receive a packet,
rather than we sent something. So, let's consistently use the same
logic for DHCPv4 client.
Yu Watanabe [Wed, 8 Nov 2023 03:56:57 +0000 (12:56 +0900)]
sd-dhcp-client: make client_handle_message() propagate critical error
Then, stop client in the caller side.
This also makes
- ignore all errors except for resource errors like OOM when FORCERENEW
is received,
- trigger assertion when an message received even if the client is
stopped.
This should not change any functionality. Just refactoring.
../src/src/vmspawn/vmspawn-util.c:33:13: error: implicit declaration of function ‘access’; did you mean ‘accept’? [-Werror=implicit-function-declaration]
meson: enable vmspawn by default in developer mode
This should also implicitly enabled vmspawn in CI. It wasn't passing even the
basic tests, which we didn't see, because it needs to be explicitly enabled.
xdg-autostart: downgrade warning for missing executables
On a system with a shared home directory, I'm getting a bunch of warnings:
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.signal.Signal.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/im.riot.Riot.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/libexec/gnome-tweak-tool-lid-inhibitor' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/ignore-lid-switch-tweak.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.telegram.desktop.desktop: not generating unit, error parsing Exec= line: No such file or directory
This isn't really a problem. Let's just print an info message.
timesync: fix PropertiesChanges signals for NTP properties
As in their current form they didn't work at all:
systemd-timesyncd[190115]: Assertion 's' failed at src/libsystemd/sd-event/sd-event.c:3058, function sd_event_source_set_enabled(). Ignoring.
systemd-timesyncd[190115]: Failed to reenable system ntp server change event source!
systemd-timesyncd[190115]: Failed to enable ntp server defer event, ignoring: Invalid argument
This was also pointed out in the post-merge review [0].
Let's address this together with the rest of the comments, and add
some tests to make sure everything works as it should.
man: link to new btrfs website for btrfs man pages
https://archive.kernel.org/oldwiki/btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5).html
says "This wiki has been archived and the content is no longer updated."
and redirects to https://btrfs.readthedocs.io/en/latest/btrfs-man5.html.
Let's move all the btrfs links to btrfs.readthedocs.io.
Dan Streetman [Tue, 7 Nov 2023 17:18:08 +0000 (12:18 -0500)]
test: fix env var name of persistent handle used for testing so it is removed after test
The cleanup uses PERSISTENT_HANDLE while the test uses PERSISTENT, so change
the test to use PERSISTENT_HANDLE so it's cleaned up (i.e. removed from the
tpm) after the test.
Dan Streetman [Fri, 21 Jul 2023 19:49:16 +0000 (15:49 -0400)]
cryptenroll: add support for calculated TPM2 enrollment
Instead of enrolling the local TPM to a luks volume, use the public key from a
TPM to enroll it into the luks volume. This is useful when enrolling a TPM that
is not currently accessible, for example if the TPM is located on a different
system.
Dan Streetman [Tue, 3 Oct 2023 14:25:19 +0000 (10:25 -0400)]
tpm2: allow using tpm2_get_srk_template() without tpm
The SRK templates are defined by specification, so move the check for TPM
support to the tpm2_get_best_srk_template() function, and allow anyone to get
the ECC and RSA templates.
Also add test to verify the SRK templates are correct.
coredumpctl: propagate SIGTERM to the debugger process
If we're waiting for the debugger process to exit and receive SIGTERM,
propagate it to all processes in our process group, including the
debugger, so we can follow it up with a proper cleanup.
kernel-install: make version/kernel image parameters optional for "add"
Let's make kernel-install a bit easier to use:
If the kernel version is not specified, let's imply "uname -r", so that
we regnerate the entries for the current kernel.
If the kernel image is not specified let's imply using
/usr/lib/modules/$version/vmlinuz, i.e. the location distros like Fedora
drop the kernel into, which we generally recommend people to use.
If the kernel is not found there, don't try to automatically pick the
kernel path, and fail, as before.
tree-wide: take in all *our* JSON structures also decimal strings
Let's be friendly in what we accept: whenever we define a JSON
structure, let's also allow decimal strings where we want an integer.
This patch purely replaces JSON_VARIANT_UNSIGNED by
_JSON_VARIANT_TYPE_INVALID in the various JsonDispatch[] tables, so that
we'll happily accept any type in json_dispatch(), so that
json_dispatch_uint64() and related tools can do their thing.
This does not switch over OCI (as a JSON structure not defined by us).
json: teach dispatch logic to also take numbers formatted as strings
JSON famously is problematic with integers beyond 53 bits, because
JavaScript stores everything in double precision floating points.
Various implementations in other languages can deal with signed 64 bit
integers, and a few can deal with unsigned 64bit too (like ours).
Typically program that need more then 53 bit of accuracy encode integers
as decimal strings, to make sure that even if consumers can't really
process larger values they at least won't corrupt the data while passing
it along. This is also recommended by JSON-I (RFC 7493)
To maximize compatibility with other implementations let's add 1st class
parsing support for such objects in the json_dispatch() API.
This makes json_dispatch_uint64() and related calls parse such
integers-formatted-as-decimal-strings as uint64_t. This logic will only
be enabled if the "type" field of JsonDispatch is left unspecified (i.e.
set to negative/_JSON_VARIANT_TYPE_INVALID) though, hence alone does not
change anything in effect.
This purely is about consuming such values, whether we should genreate
them also is a discussion for a separate PR.