Condition checks shouldn't log loudly, since they run all the time.
Let's make things debuggable, by keeping the messages in LOG_DEBUG in,
but don't make more noise than necessary.
We should do this check first since it is done on the string itself
without any conditioning of system state otherwise. It is a weird to do
this test only if /etc is read-only.
meson: initialize time-epoch to reproducible builds compatible value
Debian Policy encourages to preserve timestamps whenever possible in the
tarballs, thus stable release updates of systemd usually do not bump NEWS file
timestamp. And thus time-epoch remains the same for the lifetime of a release.
It would be better, if each new stable release rebuild of systemd would bump
the time epoch a bit. But at the same time remain
reproducible. SOURCE_DATE_EPOCH is an environmnet variable defined for this
purpose. Thus if available, prefer that, instead of the NEWS file modification
time.
For example, on Debian/Ubuntu under the reproducible builds the
SOURCE_DATE_EPOCH is set to the timestamp from the packaging metadata, thus it
is incremented on every new stable release update, whilst preserving
reproducible builds capability.
Eric DeVolder [Mon, 13 Apr 2020 21:22:04 +0000 (16:22 -0500)]
pstore: introduce tmpfiles.d/systemd-pstore.conf
The systemd pstore service archives the contents of /sys/fs/pstore
upon boot so that there is room for a subsequent dump. The issue is
that while the service is present, the kernel still needs to be
configured to write data into the pstore. The kernel has two
parameters, crash_kexec_post_notifiers and printk.always_kmsg_dump,
that control writes into pstore.
The crash_kexec_post_notifiers parameter enables the kernel to write
dmesg (including stack trace) into pstore upon a panic, and
printk.always_kmsg_dump parameter enables the kernel to write dmesg
upon a shutdown (shutdown, reboot, halt).
As it stands today, these parameters are not managed/manipulated by
the systemd pstore service, and are solely reliant upon the user [to
have the foresight] to set them on the kernel command line at boot, or
post boot via sysfs. Furthermore, the user would need to set these
parameters in a persistent fashion so that that they are enabled on
subsequent reboots.
This patch introduces the setting of these two kernel parameters via
the systemd tmpfiles technique.
Topi Miettinen [Fri, 15 May 2020 15:33:45 +0000 (18:33 +0300)]
Increase size of /run to 20%
For low memory machines (256MB), 10% of RAM for /run may not be enough for
re-exec of PID1 because 16MB of free space is required and /run may already
contain something.
udev: get rid of "Could not set flow control of" message on "lo" interface
When setting flow control attributes of an interface we first acquire
the current settings and then add in the new settings before applying
them again. This only works on interfaces that implement the ethtool
ioctls. on others we'll see an ugly "Could not set flow control of"
message, simply because we issue the SIOCETHTOOL ioctl once, for getting
the data. In particular we'll get it for the "lo" interface all the
time, which sucks hard. Let's get rid of it.
Frantisek Sumsal [Fri, 15 May 2020 10:02:43 +0000 (12:02 +0200)]
shared: fix integer overflow in calendarspec
Fixes: oss-fuzz#22208
```
test/fuzz/fuzz-calendarspec/oss-fuzz-22208... ../src/shared/calendarspec.c:666:48: runtime error: signed integer overflow: 2147000000 + 1000000 cannot be represented in type 'int'
#0 0x7f0b9f6cc56a in prepend_component ../src/shared/calendarspec.c:666
#1 0x7f0b9f6cd03a in parse_chain ../src/shared/calendarspec.c:718
#2 0x7f0b9f6cea1c in parse_calendar_time ../src/shared/calendarspec.c:845
#3 0x7f0b9f6d1397 in calendar_spec_from_string ../src/shared/calendarspec.c:1084
#4 0x401570 in LLVMFuzzerTestOneInput ../src/fuzz/fuzz-calendarspec.c:17
#5 0x401ae0 in main ../src/fuzz/fuzz-main.c:39
#6 0x7f0b9e31b1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
#7 0x40122d in _start (/home/fsumsal/repos/systemd/build/fuzz-calendarspec+0x40122d)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/calendarspec.c:666:48 in
```
It's easy to add, and should be pretty useful, in particular as in
AssertPathIsEncrypted= as it can be used for checking that
some path is encrypted before some service is invoked that might want to
place secure material there.
Link groups are similar to port ranges found in managed switches.
You can add network interfaces to a numbered group and perform operations
on all the interfaces from that group at once.
core: automatically update StandardOuput=syslog to =journal (and similar for StandardError=)
Let's go one step further and upgrade implicitly. Usually =syslog
assignments are historic artifacts only. Let's upgrade the lines
automatically, and politely suggest people update their unit
files/configuration (and drop the lines altogether, without
replacement).
repart: add support for create/growing loopback files
This adds --empty=create and --size= for creating loopback files from
scratch of a specified size, or growing loopback files to the specified
size when they already exist.
This is useful when operating on disk image files, as a manual
invocation of fallocate(1) becomes unnecessary.
Andreas Rammhold [Thu, 14 May 2020 17:23:33 +0000 (19:23 +0200)]
sd-netlink: remove unused RTNL_WQUEUE_MAX define
While investigating why some of my netlink calls would timeout I
stumbled upon the definition of the max write queue length. Finding this
constant made me believe we still had a write queue in the code - which
isn't true. The netlink write queue code was removed in #189.
Ankit Jain [Fri, 6 Mar 2020 12:57:50 +0000 (18:27 +0530)]
journal-send: Fix the limitation of LINE_MAX
- If length of formatted string >= LONG_LINE_MAX then return -ENOBUFS
- Normal Case:
- length of formatted string < POSIX defined LINE_MAX
- Allocate sbuf to accomodate the message
- Rare case:
- LINE_MAX < length of formatted string < LONG_LINE_MAX
- Allocate the required length using alloca()
To judge from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947134 and
https://salsa.debian.org/debian/util-linux/-/commit/44ec91ef110e7131d8a0467374797bc2e0f30e51,
`util-linux` no longer depends on `fdisk` so it seems it should be installed
manually.
Benjamin Robin [Sun, 10 May 2020 16:46:45 +0000 (18:46 +0200)]
core: Parse the tags list sooner, and use it for multiple function
- Parse the tags list using strv_split_newlines() which remove any
unnecessary empty string at the end of the strv.
- Use this parsed list for manager_process_barrier_fd() and every call
to manager_invoke_notify_message().
- This also allow to simplify the manager_process_barrier_fd() function.
Benjamin Robin [Sat, 9 May 2020 10:01:07 +0000 (12:01 +0200)]
test: Stricter test case for #15654 (Add more checks)
Check:
- There is only 3 messages logged with type stdout
- Check all messages logged does not have new line: LINE_BREAK=eof
- Check that the 3 messages are logged from a different PID
- Check the 3 MESSAGE= content
Benjamin Robin [Sun, 3 May 2020 16:37:21 +0000 (18:37 +0200)]
journald: Increase stdout buffer size sooner, when almost full
If the previous received buffer length is almost equal to the allocated
buffer size, before this change the next read can only receive a couple
of bytes (in the worst case only 1 byte), which is not efficient.
sd-bus: introduce new SD_BUS_VTABLE_ABSOLUTE_OFFSET vtable flag
When set, the offset specified for the vtable entry is passed to the
handler as-is, and is not added to the userdata pointer. This is useful
in case methods/properties are mixed on the same vtable, that expect to
operate relative to some object in memory and that expect pointers to
absolute memory, or that just want a number passed.
Jeremy Cline [Tue, 12 May 2020 14:12:57 +0000 (10:12 -0400)]
Tidy up the Fedora mkosi Package list
libzstd is a new dependency for systemd that's not in a stable release
yet, so it's not pulled in by the RPM package dependency. Manually
include it in the package section so the image mkosi produces works. It
can be removed when the RPM depends on it.
Additionally, a number of packages in the list appear to be pulled in
because they're dependencies in the systemd rpm, so remove them.
Finally, mkosi v5 adds the proper fs utilities for bootable images type
so drop that dependency as well.
Limit size of various tmpfs mounts to 10% of RAM, except volatile root and /var
to 25%. Another exception is made for /dev (also /devs for PrivateDevices) and
/sys/fs/cgroup since no (or very few) regular files are expected to be used.
In addition, since directories, symbolic links, device specials and xattrs are
not counted towards the size= limit, number of inodes is also limited
correspondingly: 4MB size translates to 1k of inodes (assuming 4k each), 10% of
RAM (using 16GB of RAM as baseline) translates to 400k and 25% to 1M inodes.
Because nr_inodes option can't use ratios like size option, there's an
unfortunate side effect that with small memory systems the limit may be on the
too large side. Also, on an extremely small device with only 256MB of RAM, 10%
of RAM for /run may not be enough for re-exec of PID1 because 16MB of free
space is required.
pam_systemd_home: also store acquirement fd per user
We might pin a home through authentication and a different one through a
session, all from the same PAM context, like sudo does. Hence also store
the referencing fd keyed by the user name.
pam_systemd/pam_systemd_home: rework how we cache user records
Since acquiring user records involves plenty of IPC we try to cache user
records in the PAM context between our various hooks. Previously we'd
just cache whatever we acquired, and use it from the on, forever until
the context is destroyed.
This is problematic however, since some programs (notably sudo) use the
same PAM context for multiple different operations. Specifically, sudo
first authenticates the originating user before creating a session for
the destination user, all with the same PAM context. Thankfully, there
was a safety check for this case in place that re-validated that the
cached user record actually matched our current idea of the user to
operate on, but this just meant the hook would fail entirely.
Let's rework this: let's key the cache by the user name, so that we do
not confused by the changing of the user name during the context's
lifecycle and always, strictly use the cached user record of the user we
operate on.
Essentially this just means we now include the user name in the PAM data
field.
Secondly, this gets rid of the extra PAM data field that indicates
whether a user record is from homed or something else. To simplify
things we instead just cache the user record twice: once for consumption
by pam_systemd_home (which only wants homed records) and once shared by
pam_systemd and pam_systemd_home (and whoever else wants it). The cache
entries simply have different field names.