meson: when pivot_root() is added one day, look for it in <unistd.h>
We of course don't know in which header glibc will export pivot_root()
and if it ever will. But there's a good chance they'll place it where
chroot() is located, given the similarity in the operations, hence let's
try our luck and look for it at the same place.
If we are lucky this means we don't have to patch our code if glibc
decides to expose the call one day.
meson: use "args" for setting _GNU_SOURCE when checking for functions
This reworks how we set _GNU_SOURCE when checking for the availability
of functions:
1. We set it for most of the functions we look for. After all we set it
for our entire built anyway, and it's usually how Linux-specific
definitions in glibc are protected these days. Given that we usually
have checks for such modern stuff only anyway, let's just blanket enable
it.
2. Use "args" instead of "prefix" to set the macro. This is what is
suggested in the meson docs, hence let's do it.
Recently glibc added `copy_file_range()`, but to use it,
`_GNU_SOURCE` needs to be defined. This adds the flag in
meson.build to detect the function by meson correctly.
systemctl: don't show vendor preset state for generated/transient units (#7711)
Showing the preset state for those suggests they could actually be
enabled/disabled, but that concept doesn't exist for generated/transient
units, hence hide this information.
Yu Watanabe [Sat, 23 Dec 2017 10:10:24 +0000 (19:10 +0900)]
cgroup: IODeviceWeight= or friends can take device node files in /run/systemd/inaccessible/
systemd creates several device nodes in /run/systemd/inaccessible/.
This makes CGroup's settings related to IO can take device node
files in the directory.
Yu Watanabe [Tue, 19 Dec 2017 02:05:43 +0000 (11:05 +0900)]
core,seccomp: fix logic to parse RestrictAddressFamilies= in dbus-execute.c
If multiple RestrictAddressFamilies= settings, some of them are
whitelist and the others are blacklist, are sent to bus, then parsing
result was corrupted.
This fixes the parse logic, now it is the same as one used in
load-fragment.c
Yu Watanabe [Sat, 23 Dec 2017 09:45:32 +0000 (18:45 +0900)]
core,seccomp: fix logic to parse syscall filter in dbus-execute.c
If multiple SystemCallFilter= settings, some of them are whitelist
and the others are blacklist, are sent to bus, then the parse
result was corrupted.
This fixes the parse logic, now it is the same as one used in
load-fragment.c
With these additions, coccinelle finds everything fixed by the first
commit in PR #7695. In order not to needlessly conflict with that PR
this PR won't include those fixes, but only the coccinelle changes to
detect them automatically in the future.
Michał [Thu, 21 Dec 2017 13:17:33 +0000 (14:17 +0100)]
hwdb: Add accelerometer orientation entry for Lenovo MIIX3-1030 tablet (#7713)
Full dmi/id/modalias:
dmi:bvnLENOVO:bvrB4CN29WW:bd12/04/2015:svnLENOVO:pn80HV:pvrLenovoMIIX3-1030:rvnLENOVO:rnMartini:rvrSDK0G98662WIN:cvnLENOVO:ct11:cvrLenovoMIIX3-1030:
network: fix memory leak when an netdev was skipped
In general we'd leak anything that was allocated in the first parsing of
netdev, e.g. netdev name, host name, etc. Use normal netdev_unref to make sure
everything is freed.
--- command ---
/home/zbyszek/src/systemd/build2/test-network
--- stderr ---
/etc/systemd/network/wg0.netdev:3: Failed to parse netdev kind, ignoring: wireguard
/etc/systemd/network/wg0.netdev:5: Unknown section 'WireGuard'. Ignoring.
/etc/systemd/network/wg0.netdev:9: Unknown section 'WireGuardPeer'. Ignoring.
NetDev has no Kind configured in /etc/systemd/network/wg0.netdev. Ignoring
/etc/systemd/network/br0.network:13: Unknown lvalue 'NetDev' in section 'Network'
br0: netdev ready
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f3a314cf238 in __interceptor_strdup (/lib64/libasan.so.4+0x77238)
#1 0x7f3a30e71ad1 in free_and_strdup ../src/basic/string-util.c:870
#2 0x7f3a30d34fba in config_parse_ifname ../src/shared/conf-parser.c:981
#3 0x7f3a30d2f5b0 in next_assignment ../src/shared/conf-parser.c:155
#4 0x7f3a30d30303 in parse_line ../src/shared/conf-parser.c:273
#5 0x7f3a30d30dee in config_parse ../src/shared/conf-parser.c:390
#6 0x7f3a30d310a5 in config_parse_many_files ../src/shared/conf-parser.c:428
#7 0x7f3a30d3181c in config_parse_many ../src/shared/conf-parser.c:487
#8 0x55b4200f9b00 in netdev_load_one ../src/network/netdev/netdev.c:634
#9 0x55b4200fb562 in netdev_load ../src/network/netdev/netdev.c:778
#10 0x55b4200c607a in manager_load_config ../src/network/networkd-manager.c:1299
#11 0x55b4200818e0 in test_load_config ../src/network/test-network.c:128
#12 0x55b42008343b in main ../src/network/test-network.c:254
#13 0x7f3a305f8889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
-------
Alan Jenkins [Tue, 19 Dec 2017 20:22:05 +0000 (20:22 +0000)]
man: User=, Group= *never* work for mount units (#7602)
Old text:
> Note that the User= and
> Group= options are not particularly useful for mount units specifying a
> "Type=" option or using configuration not specified in /etc/fstab;
> mount(8) will refuse options that are not listed in /etc/fstab if it is
> not run as UID 0.
However I recently learnt the following:
> The mount program does not read the /etc/fstab file if both device
> and dir are specified.
Therefore, if both device and dir are specified, the `user` or `users`
options in `fstab` will not have any effect. Run as a normal user,
you will always see
mount: only root can do that
Fix the explanation in the man page.
Also make sure to markup User= and Group= with <varname>.
sd-bus: drop check for selinux before calling getsockopt(SO_PEERSEC)
Quoting Lennart Poettering in
https://github.com/systemd/systemd/pull/6464#issuecomment-319029293:
> If the kernel allows us to query that data we should also be Ok with passing
> it on to our own caller, regardless if selinux is technically on or off...
John Paul Herold [Tue, 19 Dec 2017 10:22:36 +0000 (04:22 -0600)]
Add T430 series to list of supported trackpoint (#7699)
Confirmed via `udevadm test /sys/class/input/eventX` that
POINTINGSTICK_* properties were not being set for my T430s trackpoint.
After adding a local entry file (as advised in this file), the same
`udevadm test` command showed properties.
More importantly, the movement of mouse using trackpoint felt much
better. Hard to describe its previous state, but following come to mind:
slippery, hard to control, awkward. Now it feels more consistent and predictable.
A little on the sensitive side with the defaults, but didn't think it warranted
dedicated properties just for this series though as the X230 is same generation
and uses the defaults.
Jörg Thalheim [Tue, 19 Dec 2017 10:13:34 +0000 (10:13 +0000)]
more portable perl shebangs (#7701)
same motivation as in #5816:
- distributions have scripts to rewrite shebangs on installation and
they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
there PATH correctly.
analyze: use normal bus connection for "plot" verb (#7685)
We need to connect to hostnamed, so a private bus connection is no good.
It'd be simpler to use the normal bus connection unconditionally, but
that'd mean that e.g. systemd-analyze set-log-level might not work in
emergency mode. So let's keep trying to use the private connection except
for "plot".
cryptsetup-generator: Don't mistake NULL input as OOM (#7688)
Since systemd v236, several Arch users complained that
systemd-cryptsetup-generator exits with an OOM error and that it
prevents the boot from continuing.
Investigating the diff of cryptsetup-generator between v235 and v236 I
noticed that create_disk allowed for the `password` and `filtered`
variables to be NULL (they're handled with `strempty()`) but not their
`*_escaped` versions, and returned OOM errors in those cases.
Fix this by checking that the input string is non-NULL before deciding
that `specifier_escape` had an OOM error.
I could not test this fix myself, but some users have reported success.
Up until now, the behaviour in systemd has (mostly) been to silently
ignore failures to action unit directives that refer to an unavailble
controller. The addition of AssertControlGroupController and its
conditional counterpart allow explicit specification of the desired
behaviour when such a situation occurs.
As for how this can happen, it is possible that a particular controller
is not available in the cgroup hierarchy. One possible reason for this
is that, in the running kernel, the controller simply doesn't exist --
for example, the CPU controller in cgroup v2 has only recently been
merged and was out of tree until then. Another possibility is that the
controller exists, but has been forcibly disabled by `cgroup_disable=`
on the kernel command line.
In future this will also support whatever comes out of issue #7624,
`DefaultXAccounting=never`, or similar.
Alan Jenkins [Sat, 16 Dec 2017 10:48:12 +0000 (10:48 +0000)]
man: generalize "binary" to "program" (#7668)
Systemd services are permitted to be scripts, as well as binary
executables.
The same also applies to the underlying /sbin/mount and /sbin/swapon.
It is not necessary for the user to consider what type of program file
these are. Nor is it necessary with systemd-nspawn, to distinguish between
init as a "binary" v.s. a user-specified "program".
Also fix a couple of grammar nits in the modified sentences.
This code is executed before we parse command line/configuration
parameters, hence let's not use arg_system to figure our how to clean up
things, but instead PID == 1. Let's move that check inside of the
function, to make things a bit more robust abstract from the outside.
Also, let's add a log message about this, that was so far missing.
main: move install_crash_handler() and mount_cgroup_controllers() invocations
Let's place them in initialize_runtime(), where they appear to fit best.
Effectively this is just a move a little bit down, swapping places with
log_execution_mode(), which should require neither call to be done
first.
Note that changes the conditionalization a bit for these calls, from
(PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same
however, as we don't allow PID 1 without ACTION_RUN and without
arg_system set, safety_checks() ensures that.
core: move arg_show_status fix-up into load_configuration()
It's part of finalizing our runtime parameters, hence let's move this
into load_configuration() after we loaded everything else. This is safe,
since we don't use it between the location where it was and where we
place it now yet.