namespace-util: use inode_same_at() instead of FORMAT_PROC_FD_PATH()
Doesn't matter much, but this makes it leas magic and independent of
/proc/ mounts. (Well, it actually doesn't, since the right-hand path is
also in /proc/, but still...
Let's be more accurate about what this function does: it checks whether
the underlying reported inode is the same. Internally, this already uses
a better named stat_inode_same() call, hence let's similarly name the
wrapping function following the same logic.
Similar for files_same_at() and path_equal_or_same_files().
manager: restrict Dump*() to privileged callers or ratelimit
Dump*() methods can take quite some time due to the amount of data to
serialize, so they can potentially stall the manager. Make them
privileged, as they are debugging tools anyway. Use a new 'dump'
capability for polkit, and the 'reload' capability for SELinux, as
that's also non-destructive but slow.
If the caller is not privileged, allow it but rate limited to 10 calls
every 10 minutes.
Frantisek Sumsal [Fri, 19 May 2023 09:45:11 +0000 (11:45 +0200)]
test: build the SELinux test module on the host
Let's save some time and build the SELinux test module on the host
instead of a possibly unaccelerated VM. This brings the runtime of
TEST-06-SELINUX from ~12 minutes down to a ~1 minute.
Frantisek Sumsal [Fri, 19 May 2023 09:07:07 +0000 (11:07 +0200)]
test: drop generated stuff from the final coverage report
Let's drop stuff from the current $BUILD_DIR from the final coverage
report, as it's all generated files (mostly gperf) which we don't
really care about and it makes the Coveralls report confusing, since it
reports "source not available" for all such files.
Frantisek Sumsal [Fri, 19 May 2023 08:48:15 +0000 (10:48 +0200)]
test: make the stress test slightly less stressful on slower machines
Without acceleration this part of the test takes over 10 minutes (!),
which feels quite unnecessary. Let's cut down the number of stuff we
dump to the journal in such case, but keep the original value if we run
with acceleration (since in that case it takes less than 10 seconds).
Dmitry V. Levin [Thu, 18 May 2023 17:00:00 +0000 (17:00 +0000)]
udev-rules: avoid issuing redundant diagnostics in verify mode
When udevadm verify is given an argument that doesn't point to an
existing file, there used to be two diagnostics messages, the first one
at a warning level, and the second one at an error level:
$ build/udevadm verify /no/such/directory
Failed to open /no/such/directory, ignoring: No such file or directory
Failed to parse rules file /no/such/directory: No such file or directory
Luca Boccassi [Thu, 18 May 2023 12:08:56 +0000 (13:08 +0100)]
integration test: pass 'noresume' to qemu
When running on Debian/Ubuntu, I get a minute delay or so on every boot
because the local initramfs tries to resume from hibernation. This is
not really useful here, so always skip it
sd-bus,sd-event: allow querying of description even after fork
This in unnecessarilly unpleasant: the code might report about a bus
connection, e.g. in an error message or assert. Let's let it query
the name of the object.
sd-bus: do not assert if bus description is not set
The code has an explicit fallback using runtime_scope_to_string(), which
is also documented in the man page. So -ENXIO should only be returned when
the fallback doesn't work, i.e. bus->runtime_scope == -EINVAL.
This should fix the following errors during boot:
May 18 16:05:37 fedora systemd-update-utmp[263]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemctl[360]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemctl[363]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemd-update-utmp[372]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora @ystemctl[387]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:40 fedora systemd-update-utmp[477]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-homed[509]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-logind[510]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-update-utmp[529]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemd-user-runtime-dir[531]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemctl[542]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemd-hostnamed[556]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
Frantisek Sumsal [Thu, 18 May 2023 10:54:15 +0000 (12:54 +0200)]
nspawn: correctly parse a list of interfaces
Interface=/MACVLAN=/IPVLAN= nspawn options take a _list_ of interface
names - this was recently enhanced by 2f091b1b49 to support interface
pairs. Unfortunately, this also introduced a regression where we don't
parse the list as a list, but just as a single value. For example,
having `Interface=sd-shared1 sd-shared2` in an nspawn config file would
throw:
systemd-nspawn[898]: Network interface, interface name not valid: sd-shared1 sd-shared2
systemd-nspawn[898]: /run/systemd/nspawn/testsuite-13.nspawn-settings.1po.nspawn:41: Failed to parse file: Invalid argument
DVE-2018-0001 has been fixed by the vendor, and this workaround is no longer
needed. Removal of this workaround improves performance as queries used to be
retried more than necessory.
Keep .clamp_feature_level_servfail name, as imho it is more descriptive than
just .clamp_feature_level, especially if we ever need to add similar
workarounds as the one we had for DVE-2018-0001.
Matt Johnston [Thu, 18 May 2023 04:28:06 +0000 (12:28 +0800)]
busctl: Add space before "tree" paths for copying
This allows a double-click on the path in a terminal to select the
whole path. Otherwise the leading '-' character is also included in
the copied path.
Frantisek Sumsal [Wed, 17 May 2023 17:10:55 +0000 (19:10 +0200)]
test: get rid of the busybox stuff
It already required a lot of workarounds, since the busybox utilities
often work differently than their "full" counterparts, and putting
the container together using our "tools" is quite simple anyway.
Frantisek Sumsal [Wed, 17 May 2023 07:05:04 +0000 (09:05 +0200)]
test: mangle the machine ID only for the QEMU test part
systemd-nspawn doesn't like invalid machine IDs and refuses to boot with one:
TEST-74-AUX-UTILS RUN: Tests for auxiliary utilities
...
Spawning container TEST-74-AUX-UTILS--3 on /var/tmp/systemd-test-TEST-74-AUX-UTILS_3/root.
Press Ctrl-] three times within 1s to kill container.
Failed to read machine ID from container image: Structure needs cleaning
E: nspawn failed with exit code 1
Fixes #26413: the docs said that the filter prevents writes, but it just a
filter at the system call level, and some of those calls are used for writing
and reading. This is confusing esp. when a higher level library call like
ntp_gettime() is denied.
I don't think it's realistic that we'll make the filter smarter in the near
future, so let's change the docs to describe the implementation.
Also, split out the advice part into a separate paragraph.
switch-root: when switching root via MS_MOVE unmount all remaining mounts first
Let's try to unmount anything left, since if we don't they will remain
as "shadow" mounts, hidden underneath our new root.
This is only necessary when we transition into a new root via MS_MOVE.
If we do so via pivot_root() this is not necessary as the kernel will
get rid of the mounts anyway for us.
mount-util: keep fd to /proc/self/mountinfo continously open in umount_recursive()
That way, if we end up unmounting /proc/ in our loop we can still
operate correctly, since we don't have to go through /proc/ again to
open the mount table again.