The original reason for deny-listing it was that it's flaky there. I'm
not sure if that's still the case, but the Ubuntu CI jobs for i*86 are
gone, so this file shouldn't be needed anymore anyway.
The regexp only worked if the sections were small enough for the size to
start with "0". I have an initrd that is 0x1078ec7e bytes, so the tests
would spuriously fail.
Note, currently, the function is always called with SCMP_ACT_ALLOW as
the default action, except for the test. So, this should not change
anything in the runtime code.
run: fix bad escaping and memory ownership confusion
arg_description was either set to arg_unit (i.e. a const char*), or to
char *description, the result of allocation in run(). But description
was decorated with _cleanup_, so it would be freed when going out of the
function. Nothing bad would happen, because the program would exit after
exiting from run(), but this is just all too messy.
Also, strv_join(" ") + shell_escape() is not a good way to escape command
lines. In particular, one the join has happened, we cannot distinguish
empty arguments, or arguments with whitespace, etc. We have a helper
function to do the escaping properly, so let's use that.
core: when applying syscall filters, use ENOSYS for unknown calls
glibc starting using fchmodat2 to implement fchmod with flags [1], but
current version of libseccomp does not support fchmodat2 [2]. This is
causing problems with programs sandboxed by systemd. libseccomp needs to know
a syscall to be able to set any kind of filter for it, so for syscalls unknown
by libseccomp we would always do the default action, i.e. either return the
errno set by SystemCallErrorNumber or send a fatal signal. For glibc to ignore
the unknown syscall and gracefully fall back to the older implementation,
we need to return ENOSYS. In particular, tar now fails with the default
SystemCallFilter="@system-service" sandbox [3].
This is of course a wider problem: any time the kernel gains new syscalls,
before libseccomp and systemd have caught up, we'd behave incorrectly. Let's
do the same as we already were doing in nspawn since 3573e032f26724949e86626eace058d006b8bf70, and do the "default action" only
for syscalls which are known by us and libseccomp, and return ENOSYS for
anything else. This means that users can start using a sandbox with the new
syscalls only after libseccomp and systemd have been updated, but before that
happens they behaviour that is backwards-compatible.
In seccomp_restrict_sxid() there's a chunk conditionalized with
'#if defined(__SNR_fchmodat2)'. We need to kep that because seccomp_restrict_sxid()
seccomp_restrict_suid_sgid() uses SCMP_ACT_ALLOW as the default action.
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for
removal in a future version. Use timezone-aware objects to
represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
The difference between the two is that .now(datetime.UTC) returns an object with
a timezone attached, "the numbers" are the same.
This value is fed to cryptography's x509.CertificateBuilder object, so as long
as it can accept a datetime object with tzinfo, the result should be identical.
Takashi Sakamoto [Wed, 29 Nov 2023 13:39:50 +0000 (22:39 +0900)]
hwdb: ieee1394-unit-function: arrangement for Sony DVMC-DA1
A commit 6a42bdb37e39 ("hwdb: ieee1394-unit-function: add Sony
DVMC-DA1") is based on kernel feature unreleased yet (furthermore, not
merged yet). The original intension of new entry is to configure permission
of special file for FireWire character device, so this commit changes the
entry so that it can covers the issued case in existent version of Linux
kernel as out best effort.
When the new version of Linux kernel is released with the new feature,
then following commits would fulfill the hwdb with vendor and model names.
Yu Watanabe [Mon, 27 Nov 2023 02:55:49 +0000 (11:55 +0900)]
sd-journal: fix corrupted journal handling of generic_array_bisect()
Let's consider the following case:
- the direction is down,
- no cached entry,
- the array has 5 entry objects,
- the function test_object() reutns TEST_LEFT for the 1st object,
- the 2nd, 3rd, and 4th objects are broken, so generic_array_bisect_step()
returns TEST_RIGHT for the object.
Then, previously, generic_array_bisect_step() updated the values like the following:
0th: (m = 5, left = 0, right = 4, i = 4) -> (m = 4, left = 0, right = 3, RIGHT)
1st: (m = 4, left = 0, right = 3, i = 1) -> (m = 4, left = 2, right = 3, LEFT)
2nd: (m = 4, left = 2, right = 3, i = 2) -> (m = 2, left = 2, right = 1, RIGHT) <- ouch!!
So, assert(left < right) in generic_array_bisect() was triggered.
See issue #30210.
In such situation, there is no matching entry in the array. By returning
TEST_GOTO_PREVIOUS, generic_array_bisect() handles the result so.
Yu Watanabe [Wed, 29 Nov 2023 21:46:21 +0000 (06:46 +0900)]
sd-journal: ignore failure in testing cached corrupted entry
Let's consider the case that the 1st entry in an array is broken, but
n-th entry is valid. Then, if generic_array_get() is called to read
n-th object, the offset of the broken entry is cached by the function.
If generic_array_bisect() is followed, even if the matching entry is
valid, it always fail with -EBADMSG or friends, as the function test the
cached entry at the beginnning. Let's ignore the failure in testing the
cached entry.
Before this commit, between fdopen() (in parse_argv()) and fdset_remove(),
the serialization fd is owned by both arg_serialization FILE stream and fdset.
Therefore, if something wrong happens between the two calls, or if --deserialize=
is specified more than once, we end up closing the serialization fd twice.
Normally this doesn't matter much, but I still think it's better to fix this.
Let's call fdset_new_fill() after parsing serialization fd hence.
We set the fd to CLOEXEC in parse_argv(), so it will be filtered
when the fdset is created.
While at it, also move fdset_new_fill() under the second log_open(), so
that we always log to the log target specified in arguments.
Daan De Meyer [Wed, 29 Nov 2023 14:57:46 +0000 (15:57 +0100)]
core: Always call log_open() in systemd-executor
log_setup() will open the console in systemd-executor because it's
not pid 1 and it's not connected to the journal. So if the log target
is later changed to kmsg, we have to reopen the log.
But since log_open() won't open the same log twice, let's just call it
unconditionally since it will be a noop if we try to reopen the same log.
This makes sure that systemd-executor will log to the log target passed
via --log-target= after parsing arguments.
Daan De Meyer [Wed, 29 Nov 2023 13:46:20 +0000 (14:46 +0100)]
mkosi: Drop building custom kernel logic
Now that mkosi-kernel is a thing, this logic in systemd is just mostly
bitrotting since I just use mkosi-kernel these days. If I ever need to
hack on systemd and the kernel in tandem, I'll just add support for
building systemd to mkosi-kernel instead, so let's drop the support for
building a custom kernel in systemd's mkosi configuration.
janana [Wed, 29 Nov 2023 03:36:52 +0000 (11:36 +0800)]
rules: go to the end of rules indeed when dm is suspended
The previous patch 466266c does not make sense indeed, that is to say, if the SYSTEMD_READY is not recorded in the database, the GOTO="systemd_end" will not be applied.
The IMPORT{db} is actually a matching token, it returns false when there is no SYSTEMD_READY recorded in the database.
The previous patch 466266c tended to inherit the state of SYSTEMD_READY from the database and skip to the end of current rule file. But when the database does not contain SYSTEMD_READY, e.g., the dm-* is not set db_persistent during initrd and the database will be cleared after switching root, the following rules will still be applied not as expected.
stdio-bridge: properly handle org.freedesktop.DBus.Local.Disconnected signal
Previously, we'd forward org.freedesktop.DBus.Local.Disconnected like
any other message to the other side. But that's not OK, as messages in
the org.freedesktop.DBus.Local.* namespace are supposed to never touch
the wire, and are synthetic messages that the library uses to
communicate with the app, but never with other apps.
dbus-daemon never cared, but dbus-broker complains about this, hence
clean this up.
Daan De Meyer [Tue, 28 Nov 2023 22:19:44 +0000 (23:19 +0100)]
mkosi: pin CentOS8 kernel to working version
Newer kernels are affected by a regression that causes a kernel panic
on boot when using cgroupv2, so pin them for now. Can be reverted once
that problem is fixed.
Daan De Meyer [Tue, 28 Nov 2023 17:38:22 +0000 (18:38 +0100)]
Update to mkosi v19
- Use mkosi.images/ instead of mkosi.presets/
- Use the .chroot suffix to run scripts in the image
- Use BuildSources= match for the kernel build
- Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf
for local configuration
Output is otherwise so weird, since this is the last log line seen for a
while typically, and if it doesn#t put the cursor back in the first
column it looks like something is incomplete and hanging. Hence do what
we always do: finish log messages with a newline.
Yu Watanabe [Tue, 28 Nov 2023 04:02:02 +0000 (13:02 +0900)]
core/cgroup: fix compile error
With gcc-13,
```
CFLAGS="-O3 -fno-semantic-interposition" meson setup build
```
triggers the following error:
```
../src/core/cgroup.c: In function ‘cgroup_context_dump’:
../src/core/cgroup.c:633:44: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
633 | "%sDeviceAllow: %s %s\n",
| ^~
cc1: some warnings being treated as errors
```
fuzzers randomly fail with the following:
```
==172==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7f41169cb39b in update_argv /work/build/../../src/systemd/src/basic/argv-util.c:96:13
#1 0x7f41169cb39b in rename_process /work/build/../../src/systemd/src/basic/argv-util.c:210:16
#2 0x7f4116b6824e in safe_fork_full /work/build/../../src/systemd/src/basic/process-util.c:1516:21
#3 0x7f4116bffa36 in safe_fork /work/build/../../src/systemd/src/basic/process-util.h:191:16
#4 0x7f4116bffa36 in parse_timestamp /work/build/../../src/systemd/src/basic/time-util.c:1047:13
#5 0x4a61e6 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-time-util.c:16:16
#6 0x4c4a13 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#7 0x4c41fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
#8 0x4c58c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
#9 0x4c6595 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
#10 0x4b58ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
#11 0x4def52 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#12 0x7f4115ea3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: e678fe54a5d2c2092f8e47eb0b33105e380f7340)
#13 0x41f5ad in _start (build-out/fuzz-time-util+0x41f5ad)
DEDUP_TOKEN: update_argv--rename_process--safe_fork_full
Uninitialized value was created by an allocation of 'fv' in the stack frame of function 'have_effective_cap'
#0 0x7f41169d3540 in have_effective_cap /work/build/../../src/systemd/src/basic/capability-util.c:21
```
Yu Watanabe [Sun, 26 Nov 2023 21:26:07 +0000 (06:26 +0900)]
test: verify json format passed through varlink
This drops logs of failed unit tests in TEST-02-UNITTESTS from the journal,
as the expected logs from test-varlink-idl makes the post script fail.
Saving logs in journal is simply noisy, and we will output anyway after
qemu or nspawn finished by check_result_{qemu,nspawn}_unittests().
test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone
Our timestamp conversion roundtrip test was failing. But I think that this
is not our bug:
$ TZ='Africa/Khartoum' date --date='@1509482094'
Tue Oct 31 23:34:54 EAT 2017
$ TZ='Africa/Khartoum' date --date='Tue Oct 31 23:34:54 EAT 2017' +%s 1509485694
$ TZ='Africa/Khartoum' date --date='@1509485694'
Tue Oct 31 23:34:54 CAT 2017
$ echo $[1509485694 - 1509482094]
3600
This is essentially the same as what happens in our test. After a round-trip, we
end up one hour ahead.
> For 1509482094632752, from the change log of tzdata:
>
> Release 2017c - 2017-10-20 14:49:34 -0700
>
> Changes to future timestamps
> Sudan will switch from +03 to +02 on 2017-11-01.
Adam Goldman [Sun, 26 Nov 2023 10:45:25 +0000 (02:45 -0800)]
hwdb: ieee1394-unit-function: add Sony DVMC-DA1
This commit adds a hwdb entry for the Sony DVMC-DA1. This media converter
works with video capture software such as dvgrab, but it doesn't support
the AV/C command set and doesn't match the general entry.