Jörg Sommer [Thu, 28 Feb 2019 14:53:40 +0000 (15:53 +0100)]
Better C code formatting of arguments in Emacs
In [PR#11696][1] it came up that the formatting of continued arguments should
follow the default Emacs style. To ensure this happens when someone has changed
his setting in her private config, the value should be set by *dir-locals.el*.
Christopher Wong [Thu, 28 Feb 2019 13:22:42 +0000 (14:22 +0100)]
Use new time zone list
When systemd retrieve the time zone it read what is in the file
/usr/share/zoneinfo/zone.tab provided by the Time Zone Database.
According to the comments in zone.tab its content is for backward-
compatibility aid for older programs. New programs should use
zone1970.tab. This patch replaces zone.tab with zone1970.tab.
Apparently this happens IRL. Let's carefully deal with issues like this:
when we overrun, let's not go back to zero but instead leave the highest
cookie bit set. We use that as indication that we are in "overrun
territory", and then are particularly careful with checking cookies,
i.e. that they haven't been used for still outstanding replies yet. This
should retain the quick cookie generation behaviour we used to have, but
permits dealing with overruns.
udev-builtin-usb_id: guard against overflow when reading descriptor data
CID#996458. Coverity warns that we trust desc->bLength as read in
the input data to adjust our position in the buffer. This value could
be anything, leading to overflow. It's unlikely that the kernel feeds
us invalid data, but let's me more careful.
shared/install: do not use a temporary variable outside of its scope
Coverity says:
> Pointer to local outside scope (RETURN_LOCAL)9.
> use_invalid: Using dirs, which points to an out-of-scope temporary variable of type char const *[5].
And indeed, the switch statement forms a scope. Let's use an if to
avoid creating a scope.
Yu Watanabe [Wed, 27 Feb 2019 09:22:40 +0000 (18:22 +0900)]
network: relax the .network file check
Previously, if a .networ file contains invalid [Address] or [Route]
section, then the file is completely dropped. This makes networkd
just drops invalid sections.
Martin Pitt [Wed, 27 Feb 2019 22:15:31 +0000 (23:15 +0100)]
networkd-test: ignore failures of test_route_only_dns* in containers
This test exposes a race condition when running in LXC, see issue #11848
for details. Until that is understood and fixed, skip the test as it's
not a recent regression.
Martin Pitt [Tue, 26 Feb 2019 22:05:05 +0000 (23:05 +0100)]
networkd-test: specify Address= with prefix length
This avoids a warning:
An address '192.168.42.100' is specified without prefix length. The
behavior of parsing addresses without prefix length will be changed
in the future release. Please specify prefix length explicitly.
Jörg Sommer [Mon, 11 Feb 2019 23:19:13 +0000 (00:19 +0100)]
journalctl: New option --cursor-file
The option cursor-file takes a filename as argument. If the file exists and
contains a valid cursor, this is used to start the output after this position.
At the end, the last cursor gets written to the file.
This allows for an easy implementation of a timer that regularly looks in the
journal for some messages.
This test case is a bit silly, but it shows that our code is unprepared to
handle so many network servers, with quadratic complexity in various places.
I don't think there are any valid reasons to have hundres of NTP servers
configured, so let's just emit a warning and cut the list short.
Michal Sekletar [Tue, 26 Feb 2019 16:33:27 +0000 (17:33 +0100)]
selinux: don't log SELINUX_INFO and SELINUX_WARNING messages to audit
Previously we logged even info message from libselinux as USER_AVC's to
audit. For example, setting SELinux to permissive mode generated
following audit message,
This is unnecessary and wrong at the same time. First, kernel already
records audit event that SELinux was switched to permissive mode, also
the type of the message really shouldn't be USER_AVC.
Let's ignore SELINUX_WARNING and SELINUX_INFO and forward to audit only
USER_AVC's and errors as these two libselinux message types have clear
mapping to audit message types.
Yu Watanabe [Fri, 22 Feb 2019 04:27:44 +0000 (13:27 +0900)]
network: remove routing policy rule from foreign rule database when it is removed
Previously, When the first link configures rules, it removes all saved
rules, which were configured by networkd previously, in the foreign rule
database, but the rules themselves are still in the database.
Thus, when the second or later link configures rules, it errnously
treats the rules already exist.
This is the root of issue #11280.
This removes rules from the foreign database when they are removed.
fuzz-journal-stream: avoid assertion failure on samples which don't fit in pipe
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11587.
We had a sample which was large enough that write(2) failed to push all the
data into the pipe, and an assert failed. The code could be changed to use
a loop, but then we'd need to interleave writes and sd_event_run (to process
the journal). I don't think the complexity is worth it — fuzzing works best
if the sample is not too huge anyway. So let's just reject samples above 64k,
and tell oss-fuzz about this limit.
Anita Zhang [Thu, 21 Feb 2019 18:37:40 +0000 (10:37 -0800)]
core: consider non-SERVICE_EXEC_START commands for EXIT_CLEAN_COMMAND
When there are multiple ExecStop= statements, the next command would continue
to run even after TimeoutStopSec= is up and sends SIGTERM. This is because,
unless Type= is oneshot, the exit code/status would evaluate to SERVICE_SUCCESS
in service_sigchld_event()'s call to is_clean_exit(). This success indicates
following commands would continue running until the end of the list
is reached, or another timeout is hit and SIGKILL is sent.
Since long running processes should not be invoked in non-SERVICE_EXEC_START
commands, consider them for EXIT_CLEAN_COMMAND instead of EXIT_CLEAN_DAEMON.
Passing EXIT_CLEAN_COMMAND to is_clean_exit() evaluates the SIGTERM exit
code/status to failure and will stop execution after the first timeout is hit.
Ryan Gonzalez [Sat, 23 Feb 2019 05:45:03 +0000 (23:45 -0600)]
cryptsetup: Treat key file errors as a failed password attempt
6f177c7dc092eb68762b4533d41b14244adb2a73 caused key file errors to immediately fail, which would make it hard to correct an issue due to e.g. a crypttab typo or a damaged key file.
Add wrapper for __msan_unpoinson() to reduce #ifdeffery
This isn't really necessary for the subsequent commit, but I expect that we'll
need to unpoison more often once we turn on msan in CI, so I think think this
change makes sense in the long run.