namespace: when DynamicUser=1 is set, mount StateDirectory= bind mounts "nosuid"
Add even more suid/sgid protection to DynamicUser= envionments: the
state directories we bind mount from the host will now have the nosuid
flag set, to disable the effect of nosuid on them.
nspawn: mount mqueue with nodev,noexec,nosuid, too
The host mounts it like that, nspawn hence should do too.
Moreover, mount the file system after doing CLONEW_NEWIPC so that it
actually reflects the right mqueues. Finally, mount it wthout
considering it fatal, since POSIX mqueue support is little used and it
should be fine not to support it in the kernel.
mount-util: beef up bind_remount_recursive() to be able to toggle more than MS_RDONLY
The function is otherwise generic enough to toggle other bind mount
flags beyond MS_RDONLY (for example: MS_NOSUID or MS_NODEV), hence let's
beef it up slightly to support that too.
Jan Engelhardt [Wed, 20 Mar 2019 09:58:41 +0000 (10:58 +0100)]
rpm: avoid hiding errors from systemd commands
Humans are susceptible to making orthographic errors sometimes. A
misspelled "%systemd_post caek.service" would go unnoticed due to all
output from systemctl being discarded if and when %post runs.
To alleviate this, cease hiding outputs. Then, to account for the
potential absence of systemd from the system, add file checks so as
to not generate a "command not found" error.
Previously both run() and run_container() would free 'fds'. Let's fix
that, and let run() free it but make run_container() already remove all
fds from it, because that's what we actually want to do.
Commit d85515edcf9700dc068201ab9f7103f04f3b25b2 changed logic how reboot is
executed. That commit changed behavior to use emergency action reboot code path
to perform the reboot.
This inadvertently broke rebooting with argument:
$ systemctl reboot custom-reason
Restore original behavior so that if reboot service unit similar to
systemd-reboot.service is executed it is possible to override reboot reason
with "systemctl reboot ARG".
When "systemctl reboot ARG" is executed ARG is placed in file
/run/systemd/reboot-param and reboot is issued using logind's Reboot
dbus-service.
If RebootArgument is specified in systemd-reboot.service it takes precedence
over what systemctl sets.
Franck Bui [Fri, 22 Mar 2019 10:09:08 +0000 (11:09 +0100)]
meson: add libseccomp as a nspawn dep (#12067)
Due to this specific change: d0b6a10#diff-0203416587516c224c8fcfe8129e7caeR8,
systemd-nspawn uses libseccomp now if it is available. We we need to pass -I/usr/include
/libseccomp (or wherever seccomp.h is located) when compiling systemd-nspawn because
nspawn-settings.h does #include <seccomp.h>.
hwdb: make ids_parser.py compatible with pyparsing-2.3.0+
https://github.com/pyparsing/pyparsing/blob/master/CHANGES#L175
says something about fixing erroneously created levels in the hierarchy.
I don't have the faintest idea what this means, but with the change in
this patch we generate output that is unchanged from pre-2.3.0 versions.
Tested with python3-pyparsing-2.3.1-1.fc30.noarch and
python3-pyparsing-2.2.0-3.fc29.noarch.
Jan Engelhardt [Wed, 20 Mar 2019 13:48:47 +0000 (14:48 +0100)]
rpm: check argument counts for systemd macros
Invoking %systemd_tmpfiles (in %post) without any arguments, while
possible, will cause systemd-tmpfiles to process the entire system
configuration, rather than just the newly installed configuration
files. In https://github.com/systemd/systemd/pull/12048, it was
established that processing everything constitutes unusual practice,
and should be flagged as a mistake at build time.
Furthermore, invoking %systemd_post without any arguments will cause
the underlying `systemctl preset` to outright return an error ("Too
few arguments") when run. This can be flagged during build time in
the same manner.
As I have found no ways to successfully nest %if clauses inside a
macro[1], I am helping myself by reusing the recursive variable
expansion technique pioneered in [2].
Now, when %systemd_post or %systemd_tmpfiles is incorrectly used,
rpm gives accurate line number reporting, too:
error: This macro requires some arguments
error: line 11: %{systemd_post}
error: This macro requires two arguments
error: line 13: %{tmpfiles_create_package meh more more}
[1] what has been tried: %{expand:%%if "%#" == 0 \\\
%%{error:you have given me %# args} \\\
%%endif}
man: make separate "Errors" sections subsection of "Return value"
Logically, this is better, because we're describing a subset of possible
return values. Visually this also looks quite good because groff renders
refsect2 much less prominently.
Also rewrap things, add <constant> in various places, fix some typos.
man: adjust nspawn man page to follow same section/order as --help text
No other changes, just some reshuffling and adding of section headers
(well, admittedly, I changed some "see above" and "see below" in the
text to match the new order.)