bootspec: store 'root' field in each bootspec entry we load
This 'root' field contains the root path of the partition we found the
snippet in. The 'kernel', 'initrd', 'efi', … fields are relative to this
path.
This becomes particularly useful later when we add support for loading
snippets from both the ESP and XBOOTLDR, but already simplifies the code
for us a bit in systemctl.
dissect: when mounting an image mount the XBOOTLDR partition to /boot
Previously, we'd mount the ESP to /efi if that existed and was empty,
falling back to /boot if that existed and was empty.
With this change, the XBOOTLDR partition is mounted to /boot
unconditionally. And the EFI is mounted to /efi if that exists (but it
doesn't have to be empty — after all the name is very indicative of what
this is supposed to be), and to /boot as a fallback but only if it
exists and is empty (we insist on emptiness for that, since it might be
used differently than what we assume).
The net effect is that $BOOT should be reliably found under /boot, and
the ESP is either /efi or /boot.
(Note that this commit only is relevant for nspawn and suchlike, i.e.
the codepaths that mount an image without involving udev during boot.)
The boot loader spec supports two places to store boot loader
configuration: the ESP and a generic replacement for it in case the ESP
is not available or not suitable. Let's look for both.
Martin Pitt [Fri, 1 Mar 2019 09:01:09 +0000 (10:01 +0100)]
semaphoreci: Run subset of autopkgtests in LXC (#11814)
Run build/test in LXC for now, as full nested QEMU is too brittle right
now: https://github.com/semaphoreci/semaphore/issues/37
But this at least runs some tests. It ensures that systemd generally
works in containers, as well as provides some backup results if the main
Ubuntu CI is down.
Jörg Sommer [Thu, 28 Feb 2019 14:53:40 +0000 (15:53 +0100)]
Better C code formatting of arguments in Emacs
In [PR#11696][1] it came up that the formatting of continued arguments should
follow the default Emacs style. To ensure this happens when someone has changed
his setting in her private config, the value should be set by *dir-locals.el*.
Christopher Wong [Thu, 28 Feb 2019 13:22:42 +0000 (14:22 +0100)]
Use new time zone list
When systemd retrieve the time zone it read what is in the file
/usr/share/zoneinfo/zone.tab provided by the Time Zone Database.
According to the comments in zone.tab its content is for backward-
compatibility aid for older programs. New programs should use
zone1970.tab. This patch replaces zone.tab with zone1970.tab.
Apparently this happens IRL. Let's carefully deal with issues like this:
when we overrun, let's not go back to zero but instead leave the highest
cookie bit set. We use that as indication that we are in "overrun
territory", and then are particularly careful with checking cookies,
i.e. that they haven't been used for still outstanding replies yet. This
should retain the quick cookie generation behaviour we used to have, but
permits dealing with overruns.
udev-builtin-usb_id: guard against overflow when reading descriptor data
CID#996458. Coverity warns that we trust desc->bLength as read in
the input data to adjust our position in the buffer. This value could
be anything, leading to overflow. It's unlikely that the kernel feeds
us invalid data, but let's me more careful.
shared/install: do not use a temporary variable outside of its scope
Coverity says:
> Pointer to local outside scope (RETURN_LOCAL)9.
> use_invalid: Using dirs, which points to an out-of-scope temporary variable of type char const *[5].
And indeed, the switch statement forms a scope. Let's use an if to
avoid creating a scope.
Yu Watanabe [Wed, 27 Feb 2019 09:22:40 +0000 (18:22 +0900)]
network: relax the .network file check
Previously, if a .networ file contains invalid [Address] or [Route]
section, then the file is completely dropped. This makes networkd
just drops invalid sections.
Martin Pitt [Wed, 27 Feb 2019 22:15:31 +0000 (23:15 +0100)]
networkd-test: ignore failures of test_route_only_dns* in containers
This test exposes a race condition when running in LXC, see issue #11848
for details. Until that is understood and fixed, skip the test as it's
not a recent regression.
Martin Pitt [Tue, 26 Feb 2019 22:05:05 +0000 (23:05 +0100)]
networkd-test: specify Address= with prefix length
This avoids a warning:
An address '192.168.42.100' is specified without prefix length. The
behavior of parsing addresses without prefix length will be changed
in the future release. Please specify prefix length explicitly.
Jörg Sommer [Mon, 11 Feb 2019 23:19:13 +0000 (00:19 +0100)]
journalctl: New option --cursor-file
The option cursor-file takes a filename as argument. If the file exists and
contains a valid cursor, this is used to start the output after this position.
At the end, the last cursor gets written to the file.
This allows for an easy implementation of a timer that regularly looks in the
journal for some messages.
This test case is a bit silly, but it shows that our code is unprepared to
handle so many network servers, with quadratic complexity in various places.
I don't think there are any valid reasons to have hundres of NTP servers
configured, so let's just emit a warning and cut the list short.
Michal Sekletar [Tue, 26 Feb 2019 16:33:27 +0000 (17:33 +0100)]
selinux: don't log SELINUX_INFO and SELINUX_WARNING messages to audit
Previously we logged even info message from libselinux as USER_AVC's to
audit. For example, setting SELinux to permissive mode generated
following audit message,
This is unnecessary and wrong at the same time. First, kernel already
records audit event that SELinux was switched to permissive mode, also
the type of the message really shouldn't be USER_AVC.
Let's ignore SELINUX_WARNING and SELINUX_INFO and forward to audit only
USER_AVC's and errors as these two libselinux message types have clear
mapping to audit message types.
Yu Watanabe [Fri, 22 Feb 2019 04:27:44 +0000 (13:27 +0900)]
network: remove routing policy rule from foreign rule database when it is removed
Previously, When the first link configures rules, it removes all saved
rules, which were configured by networkd previously, in the foreign rule
database, but the rules themselves are still in the database.
Thus, when the second or later link configures rules, it errnously
treats the rules already exist.
This is the root of issue #11280.
This removes rules from the foreign database when they are removed.
fuzz-journal-stream: avoid assertion failure on samples which don't fit in pipe
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11587.
We had a sample which was large enough that write(2) failed to push all the
data into the pipe, and an assert failed. The code could be changed to use
a loop, but then we'd need to interleave writes and sd_event_run (to process
the journal). I don't think the complexity is worth it — fuzzing works best
if the sample is not too huge anyway. So let's just reject samples above 64k,
and tell oss-fuzz about this limit.
Anita Zhang [Thu, 21 Feb 2019 18:37:40 +0000 (10:37 -0800)]
core: consider non-SERVICE_EXEC_START commands for EXIT_CLEAN_COMMAND
When there are multiple ExecStop= statements, the next command would continue
to run even after TimeoutStopSec= is up and sends SIGTERM. This is because,
unless Type= is oneshot, the exit code/status would evaluate to SERVICE_SUCCESS
in service_sigchld_event()'s call to is_clean_exit(). This success indicates
following commands would continue running until the end of the list
is reached, or another timeout is hit and SIGKILL is sent.
Since long running processes should not be invoked in non-SERVICE_EXEC_START
commands, consider them for EXIT_CLEAN_COMMAND instead of EXIT_CLEAN_DAEMON.
Passing EXIT_CLEAN_COMMAND to is_clean_exit() evaluates the SIGTERM exit
code/status to failure and will stop execution after the first timeout is hit.
Ryan Gonzalez [Sat, 23 Feb 2019 05:45:03 +0000 (23:45 -0600)]
cryptsetup: Treat key file errors as a failed password attempt
6f177c7dc092eb68762b4533d41b14244adb2a73 caused key file errors to immediately fail, which would make it hard to correct an issue due to e.g. a crypttab typo or a damaged key file.