For an example where we already use it, see man:sd-login(3):
> A session is defined by the time a user is logged in until they log out.
As far as I can tell, this removes the only remaining occurrences of
referring to users by gendered pronouns in our documentation (though
some still survive in code comments and the NEWS and TODO files):
doc: fix resolvectl(1) per-interface DNS configuration documentation
You can only have one listitem in each varlistentry.
xmllint says:
resolvectl.xml:269: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term term term term term term term listitem listitem listitem )
doc: fix udev(7) documentation about ATTR{} and SYSCTL{}
Without this fix, udev(7) munges the two items together, like so:
ATTR{filename}, SYSCTL{kernel parameter}
Match sysfs attribute values of the event device. Trailing
whitespace in the attribute values is ignored unless the specified
match value itself contains trailing whitespace. Match a kernel
parameter value.
You're not allowed to have a <term> element after a <listitem> element within a
<varlistentry>.
xmllint complains:
udev.xml:192: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term listitem term listitem )
Chris Chiu [Tue, 8 Aug 2017 14:27:33 +0000 (22:27 +0800)]
hwdb: Apply Acer mappings to all Gateway and Packard Bell models
Gateway and Packard Bell both belong to Acer and need the same mappings.
This has been checked on several Gateway and Packard Bell models enabled
by Endless and confirmed by Acer Product Manager.
Signed-off-by: Chris Chiu <chiu@endlessm.com> Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
random-util: use RDRAND for randomness if the kernel doesn't want to give us any
Pretty much all intel cpus have had RDRAND in a long time. While
CPU-internal RNG are widely not trusted, for seeding hash tables it's
perfectly OK to use: we don't high quality entropy in that case, hence
let's use it.
This is only hooked up with 'high_quality_required' is false. If we
require high quality entropy the kernel is the only source we should
use.
namespace: be more careful when handling namespacing failures gracefully
This makes two changes to the namespacing code:
1. We'll only gracefully skip service namespacing on access failure if
exclusively sandboxing options where selected, and not mount-related
options that result in a very different view of the world. For example,
ignoring RootDirectory=, RootImage= or Bind= is really probablematic,
but ReadOnlyPaths= is just a weaker sandbox.
2. The namespacing code will now return a clearly recognizable error
code when it cannot enforce its namespacing, so that we cannot
confuse EPERM errors from mount() with those from unshare(). Only the
errors from the first unshare() are now taken as hint to gracefully
disable namespacing.
aszlig [Mon, 20 Aug 2018 03:33:58 +0000 (05:33 +0200)]
umount: Don't use options from fstab on remount
The fstab entry may contain comment/application-specific options, like
for example x-systemd.automount or x-initrd.mount.
With the recent switch to libmount, the mount options during remount are
now gathered via mnt_fs_get_options(), which returns the merged fstab
options with the effective options in mountinfo.
Unfortunately if one of these application-specific options are set in
fstab, the remount will fail with -EINVAL.
In systemd 238:
Remounting '/test-x-initrd-mount' read-only in with options
'errors=continue,user_xattr,acl'.
In systemd 239:
Remounting '/test-x-initrd-mount' read-only in with options
'errors=continue,user_xattr,acl,x-initrd.mount'.
Failed to remount '/test-x-initrd-mount' read-only: Invalid argument
So instead of using mnt_fs_get_options(), we're now using both
mnt_fs_get_fs_options() and mnt_fs_get_vfs_options() and merging the
results together so we don't get any non-relevant options from fstab.
This patch makes "path" parameter mandatory in fd_set_*() helpers removing the
need to use fd_get_path() when NULL was passed. The caller is supposed to pass
the fd anyway so assuming that it also knows the path should be safe.
Actually, the only case where this was useful (or used) was when we were
walking through directory trees (in item_do()). But even in those cases the
paths could be constructed trivially, which is still better than relying on
fd_get_path() (which is an ugly API).
A very succinct test case is also added for 'z/Z' operators so the code dealing
with recursive operators is tested minimally.
Let's fold get_user_creds_clean() into get_user_creds(), and introduce a
flags argument for it to select "clean" behaviour. This flags parameter
also learns to other new flags:
- USER_CREDS_SYNTHESIZE_FALLBACK: in this mode the user records for
root/nobody are only synthesized as fallback. Normally, the synthesized
records take precedence over what is in the user database. With this
flag set this is reversed, and the user database takes precedence, and
the synthesized records are only used if they are missing there. This
flag should be set in cases where doing NSS is deemed safe, and where
there's interest in knowing the correct shell, for example if the
admin changed root's shell to zsh or suchlike.
- USER_CREDS_ALLOW_MISSING: if set, and a UID/GID is specified by
numeric value, and there's no user/group record for it accept it
anyway. This allows us to fix #9767
This then also ports all users to set the most appropriate flags.
namespace: when creating device nodes, also create /dev/char/* symlinks
On the host these symlinks are created by udev, and we consider them API
and make use of them ourselves at various places. Hence when running a
private /dev, also create these symlinks so that lookups by major/minor
work in such an environment, too.
random-seed: write the machine ID into /dev/urandom as well
This is some extra protection for sloppy "golden master" systems, where
images are duplicated many times but the random seed is not
deleted (or reset for each copy). That golden master systems have to
reset /etc/machine-id is better known, and easier to notice (as having
the same ID will result in address conflicts and suchlike quite often).
Hence let's write the machine ID into /dev/urandom, in case it has been
initialized and unlikely the stored random seed has been provisioned
differently on each image.
Note that we don't credit the entropy either way, hence in the case
there's a cycle of a) generating the machine-id early at boot and b)
writing it back into /dev/urandom late at boot it shouldn't matter. It's
never going to make things worse, just in a few cases better.
tree-wide: add clickable man page link to all --help texts
This is a bit like the info link in most of GNU's --help texts, but we
don't do info but man pages, and we make them properly clickable on
terminal supporting that, because awesome.
I think it's generally advisable to link up our (brief) --help texts and
our (more comprehensive) man pages a bit, so this should be an easy and
straight-forward way to do it.
Peter Hutterer [Tue, 14 Aug 2018 02:59:06 +0000 (12:59 +1000)]
hwdb: explicitly label the XP-PEN STAR 06 as tablet
Exports BTN_LEFT...BTN_FORWARD, BTN_TOUCH, REL_X/Y/WHEEL/MISC and
ABS_X/Y/PRESSURE. Rather than figure out what builtin-input_id tweak we need
for this device, just add the tablet bit.
Direct leak of 65 byte(s) in 1 object(s) allocated from:
#0 0x7f71b0878850 in malloc (/usr/lib64/libasan.so.4+0xde850)
#1 0x7f71afaf69b0 in malloc_multiply ../src/basic/alloc-util.h:63
#2 0x7f71afaf6c95 in hexmem ../src/basic/hexdecoct.c:62
#3 0x7f71afbb574b in string_hashsum ../src/basic/gcrypt-util.c:45
#4 0x56201333e0b9 in string_hashsum_sha256 ../src/basic/gcrypt-util.h:30
#5 0x562013347b63 in resolve_openpgp ../src/resolve/resolvectl.c:908
#6 0x562013348b9f in verb_openpgp ../src/resolve/resolvectl.c:944
#7 0x7f71afbae0b0 in dispatch_verb ../src/basic/verbs.c:119
#8 0x56201335790b in native_main ../src/resolve/resolvectl.c:2947
#9 0x56201335880d in main ../src/resolve/resolvectl.c:3087
#10 0x7f71ad8fcf29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
SUMMARY: AddressSanitizer: 65 byte(s) leaked in 1 allocation(s).
```
The workaround is no longer necessary, because the scripts
checking fuzzers have stopped going down to the subdirectories
of $OUT and started to look for the string "LLVMFuzzerTestOneInput"
to tell fuzzers and random binaries apart. Some more details can be
found at https://github.com/google/oss-fuzz/issues/1566.
Iwan Timmer [Mon, 13 Aug 2018 06:20:25 +0000 (08:20 +0200)]
resolved: do not keep dns_server to dns_stream ref if tls connection failed (#9855)
The references to the dns_server are now setup after the tls connection is setup.
This ensures that the stream got fully stopped when the initial tls setup failed
instead of having the unref being blocked by the reference to the stream by the server.
Therefore on_stream_io would no longer be called with a half setup encrypted connection.
Previously, we'd act immediately on StopWhenUnneeded= when a unit state
changes. With this rework we'll maintain a queue instead: whenever
there's the chance that StopWhenUneeded= might have an effect we enqueue
the unit, and process it later when we have nothing better to do.
This should make the implementation a bit more reliable, as the unit notify event
cannot immediately enqueue tons of side-effect jobs that might
contradict each other, but we do so only in a strictly ordered fashion,
from the main event loop.
This slightly changes the check when to consider a unit "unneeded".
Previously, we'd assume that a unit in "deactivating" state could also
be cleaned up. With this new logic we'll only consider units unneeded
that are fully up and have no job queued. This means that whenever
there's something pending for a unit we won't clean it up.
journald: make it clear that dev_kmsg_record modifies the string passed to it
The function replaces a couple commas, a semicolon and the final newline with
zero bytes in the string passed to it. The 'const' seems to have been added
by accident during a bulk edit (more specifically 3b3154df7e2773332bb814).
Franck Bui [Mon, 6 Aug 2018 10:29:54 +0000 (12:29 +0200)]
tmpfiles: don't adjust qgroups on existing subvolumes
The qgroup logic (types 'q' and 'Q') only has an effect if there's no previous
setup at all, and any explicitly configured subvolumes with their qgroups are
left entirely unmodified.
The idea is that if users want a different logic than the one we set up by
default, then by all means they should do that before hand, and tmpfiles won't
override their logic.