seccomp: move brk+mmap+mmap2 into @default syscall filter set
These three syscalls are internally used by libc's memory allocation
logic, i.e. ultimately back malloc(). Allocating a bit of memory is so
basic, it should just be in the default set.
This fixes a couple of issues with asan/msan and the seccomp tests: when
asan/msan is used some additional, large memory allocations take place
in the background, and unless mmap/mmap2/brk are allowlisted these will
fail, aborting the test prematurely.
Franck Bui [Thu, 19 Nov 2020 08:17:19 +0000 (09:17 +0100)]
units: wait until some fs modules are entirely loaded before mounting their corresponding filesystem
udev requests to start the fs mount units when their respective module is
loaded. For that it monitors uevents of type "ADD" for the relevant fs modules.
However the uevent is sent by the kernel too early, ie before the init() of the
module is called hence before directories in /sys/fs/ are created.
This patch workarounds adds "Requires/After=modprobe@<fs-module>.service" to
the mount unit, which means that modprobe(8) will be called once the fs module
is announced to be loaded. This sounds pointless, but given that modprobe only
returns after the initialization of the module is complete, it should
workaround the issue.
As a side effect, the module will be automatically loaded if the mount unit is
started manually.
The presence of /sys/module/%I directory can't be used to assert that the load
of a given module is complete and therefore the call to modprobe(8) can be
skipped. Indeed this directory is created before the init() function of the
module is called.
Users of modprobe@.service needs to be sure that once this service returns the
module is fully operational.
In Fedora rawhide various perl modules are now available as separate
packages that are not pulled in by dependencies. If we don't have some
package, skip the tests.
This ugly code is apparently the way to do conditional imports:
https://www.cs.ait.ac.th/~on/O/oreilly/perl/cookbook/ch12_03.htm.
Having the "%H" host name specifier in a DNSSD service name template
triggers a failed assertion during name template instantiation as
specifier_dnssd_host_name expects DnssdService in its userdata
pointer but finds NULL instead.
test_oomd_cgroup_context_acquire_and_insert reads the live cgroup data used
by the unit test. Under certain conditions, the memory pressure for the cgroup
can be non-zero (although most of the time it is 0 since these tests don't
generate much pressure).
Since these values are too dependent on the state of the system, remove the
checks. The type used is always >= 0 and test-psi-util already unit tests that
PSI values are parsed correctly from files so this test is redundant anyways.
The original motivation of the commit and RFE #15339 is to start dhcpv6
client in managed mode when neither M nor O flag is set in the RA.
But, previously, if the setting is set to "always", then the DHCPv6
client is always started in managed mode even if O flag is set in the
RA. Such the behavior breaks RFC 7084.
Michael Biebl [Fri, 13 Nov 2020 22:48:37 +0000 (23:48 +0100)]
test: bump timeout for test-libcrypt-util
Apparently this test is prone to time out on slower architectures, so
bump it from 30s to 120s.
See
https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=mipsel&ver=247%7Erc2-2&stamp=1605303506&raw=0
https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=sparc64&ver=247%7Erc2-2&stamp=1605294845&raw=0
Daan De Meyer [Mon, 16 Nov 2020 00:11:50 +0000 (00:11 +0000)]
clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros
I contributed this option to LLVM a while ago to reduce the amount of
changes clang-format makes when formatting systemd source files. As
LLVM 11 is now starting to becomes widely available, let's configure
it in the clang-format config.
The configuration of networkd has a DHCPv6Client setting in its
[IPv6AcceptRA] section, which, according to the man page, can be
a boolean, or the special value "always". The man page states
that "true" is the default.
The default value is implemented in src/network/networkd-network.c
by setting field ipv6_accept_ra_start_dhcp6_client of network to
true. However, this field is not a boolean, but an enum type
IPv6AcceptRAStartDHCP6Client (src/network/networkd-ndisc.h).
Setting ipv6_accept_ra_start_dhcp6_client to true effectively
corresponds to the enum value IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS,
resulting in the DHCPv6Client setting having the default value
"always".
This patch changes the initialisation to the correct enum value
IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES.
Hans de Goede [Wed, 4 Nov 2020 09:36:09 +0000 (10:36 +0100)]
hwdb: 60-keyboard: Add Logitech Dinovo Edge special key key-mappings
The Logitech Dinovo Edge has 5 special hotkeys, one with a phone symbol
and the 4 usual Logitech A-D smartkeys. These send custom Logitech
0xc10xx keycodes, add mappings for these.
meson: allow oomd to be enabled even in release mode
A distro (Fedora in particular) may want to enable oomd in a unstable
branch for testing, even though the package as a whole is compiled in release
mode. Let's emit a warning but otherwise allow this.
Jörg Thalheim [Thu, 12 Nov 2020 07:01:39 +0000 (08:01 +0100)]
meson: add option to skip installing to $sysconfdir
This is useful for development where overwriting files out side
the configured prefix will affect the host as well as stateless
systems such as NixOS that don't let packages install to /etc but handle
configuration on their own.
Alternative to https://github.com/systemd/systemd/pull/17501
":" is prettier, but meson 0.56+ doesn't like it:
src/systemd/meson.build:73: DEPRECATION: ":" is not allowed in test name "cc-sd-bus.h:c", it has been replaced with "_"
src/systemd/meson.build:73: DEPRECATION: ":" is not allowed in test name "cc-sd-bus.h:c-ansi", it has been replaced with "_"
...
With the grandparent change to move most units to app.slice,
those units would be ordered After=app.slice which doesn't make any sense.
Actually they appear earlier, before the manager is even started, and
conceputally it doesn't seem useful to put them under any slice.
... when called with a valid environment variable name. This means that
any time we call it with a fixed string, it is guaranteed to return 0.
(Also when the variable is not present in the environment block.)
sd-event: update state at the end in event_source_enable
Coverity in CID#1435966 was complaining that s->enabled is not "restored" in
all cases. But the code was actually correct, since it should only be
"restored" in the error paths. But let's still make this prettier by not setting
the state before all operations that may fail are done.
We need to set .enabled for the prioq reshuffling operations, so move those down.