Frantisek Sumsal [Tue, 18 Jun 2019 09:25:16 +0000 (11:25 +0200)]
hashmap: avoid using TLS in a destructor
Using C11 thread-local storage in destructors causes uninitialized
read. Let's avoid that using a direct comparison instead of using
the cached values. As this code path is taken only when compiled
with -DVALGRIND=1, the performance cost shouldn't matter too much.
Franck Bui [Fri, 7 Jun 2019 08:17:11 +0000 (10:17 +0200)]
terminal-util: introduce openpt_allocate()
Allocating a pty is done in a couple of places so let's introduce a new helper
which does the job.
Also the new function, as well as openpt_in_namespace(), returns both pty
master and slave so the callers don't need to know about the pty slave
allocation details.
For the same reasons machine_openpt() prototype has also been changed to return
both pty master and slave so callers don't need to allocate a pty slave which
might be in a different namespace.
Finally openpt_in_namespace() has been renamed into
openpt_allocate_in_namespace().
Franck Bui [Thu, 6 Jun 2019 08:05:33 +0000 (10:05 +0200)]
nspawn: allocate the pty used for /dev/console within the container
The console tty is now allocated from within the container so it's not
necessary anymore to allocate it from the host and bind mount the pty slave
into the container. The pty master is sent to the host.
/dev/console is now a symlink pointing to the pty slave.
This might also be less confusing for applications running inside the container
and the overall result looks cleaner (we don't need to apply manually the
passed selinux context, if any, to the allocated pty for instance).
core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX
Since kernel 5.2 the kernel thankfully returns proper errors when we
write a value out of range to the sysctl. Which however breaks writing
ULONG_MAX to request the maximum value. Hence let's write the new
maximum value instead, LONG_MAX.
This is for 6d3646406560. It turns out that this is causing more problems than
expected. Let's retroactively introduce naming scheme v241 to conditionalize
this change.
Follow-up for #12792 and 6d36464065601f7. See also
https://bugzilla.suse.com/show_bug.cgi?id=1136600.
$ SYSTEMD_LOG_LEVEL=debug NET_NAMING_SCHEME=v240 build/udevadm test-builtin net_setup_link /sys/class/net/br11
$ SYSTEMD_LOG_LEVEL=debug NET_NAMING_SCHEME=v241 build/udevadm test-builtin net_setup_link /sys/class/net/br11
...
@@ -20,11 +20,13 @@
link_config: could not set ethtool features for br11
Could not set offload features of br11: Operation not permitted
br11: Device has name_assign_type=3
-Using interface naming scheme 'v240'.
+Using interface naming scheme 'v241'.
br11: Policy *keep*: keeping existing userspace name
br11: Device has addr_assign_type=1
-br11: No stable identifying information found
-br11: Could not generate persistent MAC: No data available
+br11: Using "br11" as stable identifying information
+br11: Using generated persistent MAC address
+Could not set Alias=, MACAddress= or MTU= on br11: Operation not permitted
+br11: Could not apply link config, ignoring: Operation not permitted
Unload module index
Unloaded link configuration context.
ID_NET_DRIVER=bridge
libsystemd-network: rename net_get_name() to net_get_name_persistent()
This reflect its role better.
(I didn't use …_persistent_name(), because which name is actually used
depends on the policy. So it's better not to make this sound like it returns
*the* persistent name.)
This is in preparation for later changes. Let's change the documentation of
net.naming-scheme= to also say that it applies to MAC addresses. This commit
doesn't actually implement that though.
Revert this because it does not take the OpenSSL internal read pointer
into considoration. Resulting in padding in packetdata and therefore
broken SSL connections.
Coverity is unpredictable and, according to a notification I received
yeserday, it will be upgraded on June 17. During the upgrade
it might be offline for 3 days, af far as I understand. Anyway, Travis
stops as soon as a stage fails so it makes sense to put stages that
are likely to fail at the end so that the others have a chance to
do what they are supposed to do.
Jeka Pats [Tue, 11 Jun 2019 06:25:45 +0000 (09:25 +0300)]
Continuous Fuzzing Integration with Fuzzit
includes two travis ci steps:
1) Every pull-request/push all fuzzing targets will do a quick
sanity run on the generated corpus and crashes (via Fuzzit)
2) On a daily basis the fuzzing targets will be compiled (from
master) and will and their respectible fuzzing job on Fuzzit
will be updated to the new binary.
Yu Watanabe [Thu, 13 Jun 2019 20:16:11 +0000 (05:16 +0900)]
network: skip to check dynamic addresses when ConfigureWithoutCarrier=yes
Otherwise, the interface cannot be in "configured" state, as ipv6 link local
addressing is enabled by default. Note that even if ConfigureWithoutCarrier=
is set, all dynamic configurations are checked when the interface has
carrier.