Ignat Korchagin [Wed, 6 Feb 2019 19:51:28 +0000 (19:51 +0000)]
resolved: use Cloudflare public DNS server as a default fallback alongside Google one
Cloudflare public DNS service is currently the fastest one according to
https://www.dnsperf.com/#!dns-resolvers. Why not improve the experience for
systemd users using this as a default fallback nameserver?
Tom Yan [Wed, 9 Jan 2019 15:35:24 +0000 (23:35 +0800)]
mount/generators: do not make unit wanted by its device unit
As device units will be reloaded by systemd whenever the corresponding device generates a "changed" event, if the mount unit / cryptsetup service is wanted by its device unit, the former can be restarted by systemd unexpectedly after the user stopped them explicitly. It is not sensible at all and can be considered dangerous. Neither is the behaviour conventional (as `auto` in fstab should only affect behaviour on boot and `mount -a`) or ever documented at all (not even in systemd, see systemd.mount(5) and crypttab(5)).
sd-bus: if we receive an invalid dbus message, ignore and proceeed
dbus-daemon might have a slightly different idea of what a valid msg is
than us (for example regarding valid msg and field sizes). Let's hence
try to proceed if we can and thus drop messages rather than fail the
connection if we fail to validate a message.
Hopefully the differences in what is considered valid are not visible
for real-life usecases, but are specific to exploit attempts only.
Peter Hutterer [Fri, 8 Feb 2019 00:30:48 +0000 (10:30 +1000)]
sd-hwdb: fix matching for characters with an ord > 127
Devices like the "Microsoft Microsoft® 2.4GHz Transceiver v9.0 Mouse" contain
characters higher than 127. That ® is correctly stored in the hwdb and passed
into the search field during query, but the comparison fails.
Our search string is a const char *, trie_string() returns a const char * but
the current character is cast to uint8_t. This causes anything over 127 to
fail the match. Fix this, we're dealing with characters everywhere here after
all.
We should probably refer to them from other man pages
for programs which use them, since right now all refs are
in systemd-boot(7). But creating the section is a good step
anyway.
They is quite a bit of those directives and they were in "MISCELLANEOUS" because
they don't quite fit anywhere. When the OCI-compat stuff is merged, there'll
be even more, so let's make a separate section for them.
We had "SYSTEM MANAGER DIRECTIVES" which was a misnomer already, because
it also listed user manager stuff. Let's make this a more general section
and move the items for other services there too (from "MISCELANENOUS").
man: move os-release, machine-info, vconsole.conf vars to envvar section
Strictly speaking, those are not environment variables, but they are compatible
and people think about them like this. Moving them makes them easier to find.
Frantisek Sumsal [Tue, 29 Jan 2019 18:33:15 +0000 (19:33 +0100)]
test: replace echo with socat
The original version of the test used netcat along with a standard
AF_UNIX socket, which caused issues across different netcat
implementations. The AF_UNIX socket was then replaced by a FIFO with a
simple echo, which, however, suffers from the same issue (some echo
implementations don't check if the write() was successful).
Let's revert back to the AF_UNIX socket, but replace netcat with socat,
which, hopefully, resolves the main issue.
test-json: do not pass ephemeral array as intializer to JSON_BUILD_STRV
Fixes #11600.
The code was effectively doing:
json_build(..., ({ char **_x = ((char**) ((const char*[]) {"one", "two", "three", "four", NULL })); _x; }));
but there was no guarantee that the storage for the array that _x points to
survives pass the end of the block. Essentially, STRV_MAKE cannot be used
inline inside of a block like this.
YiFei Zhu [Sat, 26 Jan 2019 16:51:27 +0000 (10:51 -0600)]
boot/efi: use a wildcard section copy for final EFI generation
The GNU gold linker uses the section name `.rela.dyn` instead of
`.rela` for containing the relocation information. If this section
is not copied systemd-boot can crash.
Efitools started using wildcard section copies in their commit b98d381b, and these wildcard sections are the only difference between
systemd-boot's section copy list and theirs. This patch add the
wildcard section `.rel*` to our objcopy, as it should include all
other wildcards assuming a recent GNU objcopy. Redundant arguments
for sections that would be matched by this wildcard are removed.
This patch has been tested on EDK II UEFI v2.70 Firmware on QEMU, and
Lenovo 0.5120 UEFI 2.40 Firmware on bare metal.
It should make it easier to tweak them without having access to
SemaphoreCI itself (I'm glad I'm an admin there now but it shouldn't
be necessary to be an admin to add a couple of kludges :-)). More
importantly, changes to the settings will go through review and
be tested before they're applied globally potentially breaking
Semaphore as it happened two days ago.
I'll point Semaphore CI to these scripts once the PR is merged.
NeilBrown [Thu, 7 Feb 2019 22:44:06 +0000 (09:44 +1100)]
automount: don't pass non-blocking pipe to kernel.
Creating a pipe with O_NONBLOCK causes both the read and the write end to
be marked as non-blocking.
The "write" end is passed to the kernel autofs module, and it does not
expect a non-blocking pipe. If it gets -EAGAIN when trying to write
(which is unlikely, but not completely impossible), it will close the
write end of the pipe, which leads to unexpected errors.
So change the code to only set O_NONBLOCK on the "read" end of the
pipe. This is the only end that systemd interacts with, so the only end
it should be configuring.
Susant Sahani [Fri, 1 Jun 2018 09:34:49 +0000 (15:04 +0530)]
networkd: Allow to retain configs even if carrier is lost
When there is bad link in the network the carrier goes up/down.
This makes networkd stops all the clients and drop config.
But if the remote router/dhcpserver running a prevention
of DHCP Starvation attack or DHCP Flood attack it does not allow
networkd to take a DHCP lease resulting failure in configuration.
This patch allows to keep the client running and keep the conf
also for this scenario.
efivars: remove direct access to unaligned structure members
Most of the accesses *were* aligned. The only one that definetely wasn't was to
drive_path->part_start and drive_path->part_size, because those both expect
8 byte alignment, and are at offsets 4 and 12 in the packed structure.
Because of the way that device_path structure is defined and used, we expect
that device_path.length is always two-byte aligned.
This adds asserts in various places to ensure the proper alignment, and uses
memcpy in other places where the alignment might be off.
efivars: make sure that _packed_ structure members are actually aligned as expected
When looking for the terminating double-NUL, don't just read the memory
until the terminator is found, but use the information we got about the
buffer size.
The length parameter passed to utf16_to_utf8() would include the terminator, so
the converted string would end up with two terminators (the original one
converted to "utf8", still 0, and then the one that was always added anyway).
Instead let's pass just the length of the actual data to utf16_to_utf8().
The test queries some domain names. If the DNS servers are unreachable,
e.g. in a rawhide container I get the total runtime of 24.5s usually, but
sometimes slightly longer, enough to reach the default timeout of 30s.
libsystemd-network: remove _packed_ attribute to appease the compiler
gcc-9 warns whenever the elements of a structure defined with _packed_ are used:
../src/network/networkd-dhcp6.c: In function ‘dhcp6_pd_prefix_assign’:
../src/network/networkd-dhcp6.c:92:53: warning: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Waddress-of-packed-member]
92 | r = manager_dhcp6_prefix_add(link->manager, &p->opt.in6_addr, link);
| ^~~~~~~~~~~~~~~~
And the compiler is right, because in principle the alignment could be wrong.
In this particular case it is not, because the structure is carefully defined
not to have holes. Let's remove _packed_ and use compile-time asserts to verify
that the offsets are not changed.
Yu Watanabe [Fri, 1 Feb 2019 10:49:24 +0000 (11:49 +0100)]
analyze security: fix recursive call of syscall_names_in_filter()
When `syscall_names_in_filter()` is called in itself, it is already
examined with `whitelist`. Or, in other words, `syscall_names_in_filter()`
returns bad or good in boolean. So, the returned value should not be
compared with `whitelist` again.
portable: document /etc/machine-id and /etc/resolv.conf
… requirement for portable service images.
systemd will mount the host machine-id and resolv.conf at these
locations, so for read-only images these must exist in the image,
because they can't be created.
Thomas Haller [Mon, 4 Feb 2019 08:36:17 +0000 (09:36 +0100)]
hashmap: always set key output argument of internal_hashmap_first_key_and_value()
internal_hashmap_first_key_and_value() returns the first value, or %NULL
if the hashmap is empty.
However, hashmaps may contain %NULL values. That means, a caller getting
%NULL doesn't know whether the hashmap is empty or whether the first
value is %NULL.
For example, a caller may be tempted to do something like:
if ((val = hashmap_steal_first_key_and_value (h, (void **) key))) {
// process first entry.
}
But this is only correct if the caller made sure that the hash is either
not empty or contains no NULL values.
Anyway, since a %NULL return value can signal an empty hash or a %NULL
value, it seems error prone to leave the key output argument
uninitialized in situations that the caller cannot clearly distinguish
(without making additional assumptions).
Thomas Haller [Sun, 3 Feb 2019 11:56:24 +0000 (12:56 +0100)]
hashmap: avoid uninitialized variable warning in internal_hashmap_clear()
GCC 8.2 with LTO and -O2 emits a false warning:
src/basic/hashmap.c: In function 'internal_hashmap_free.constprop':
src/basic/hashmap.c:898:33: error: 'k' may be used uninitialized in this function [-Werror=maybe-uninitialized]
free_key(k);
^
Hans de Goede [Sun, 3 Feb 2019 22:58:39 +0000 (23:58 +0100)]
hwdb: Add key-mapping for GPIO-keys on HP stream 7 tablet (#11631)
The HP stream 7 ACPI tables contains a gpio-keys entry for a non connected
GPIO causing spurious events, this commit maps this key to unknown to
disable it.