Dan Streetman [Tue, 13 Aug 2019 00:34:43 +0000 (20:34 -0400)]
src/boot/efi/meson.build: if meson --werror is true, set gcc -Werror
This part of the build does not use the normal meson parameters, so
we need to explicitly check for the meson --werror parameter, and if
it's true, set the gcc -Werror parameter for this subdir's build.
Dan Streetman [Tue, 13 Aug 2019 11:02:33 +0000 (07:02 -0400)]
src/boot/efi/linux: elide __attribute__((regparm(0))) on non-i386
This attribute is x86_32-only, so when building on non-intel archs it
generates a compiler warning. When building with -Werror this turns
into an error, so only include the attribute on i386 arch builds.
Dan Streetman [Tue, 13 Aug 2019 10:45:04 +0000 (06:45 -0400)]
src/boot/efi/shim: elide __attribute__((sysv_abi)) on non-intel archs
This attribute is x86-only, so when building on non-intel archs it
generates a compiler warning. When building with -Werror this turns
into an error, so only include the attribute on intel archs.
Dan Streetman [Thu, 15 Aug 2019 01:08:36 +0000 (21:08 -0400)]
src/basic/missing_syscall: add comment lines for PR 13319 changes
Add a comment line explaining that the syscall defines might be
defined to invalid negative numbers, as libseccomp redefines them
to negative numbers if not defined by the kernel headers, which is
not obvious just from reading the code checking for defined && > 0
Since bug reports, backtraces, coverage reports and build logs are scattered
across at least four different places and there is no publicly available dashboards
the badge can point to, let's just point it to the build logs, which hopefully are going to be
a little bit more usable once https://github.com/google/oss-fuzz/issues/2690 is
addressed.
Tommi Rantala [Mon, 5 Aug 2019 11:01:58 +0000 (14:01 +0300)]
update-utmp: fix assertion failure if rescue.target, multi-user.target and graphical.target are all inactive
If rescue.target, multi-user.target and graphical.target are all
inactive, get_current_runlevel() is not able to determine current
runlevel, and returns with zero. This zero runlevel value results to
assertion failure in utmp_put_runlevel().
systemd[1]: Stopped target Graphical Interface.
systemd[1]: Stopped target Multi-User System.
systemd[1]: Starting Update UTMP about System Runlevel Changes...
systemd-update-utmp[67]: Assertion 'runlevel > 0' failed at src/shared/utmp-wtmp.c:275, function utmp_put_runlevel(). Aborting.
systemd[1]: systemd-update-utmp-runlevel.service: Main process exited, code=dumped, status=6/ABRT
systemd[1]: systemd-update-utmp-runlevel.service: Failed with result 'core-dump'.
systemd[1]: Failed to start Update UTMP about System Runlevel Changes.
Let's just print a warning in this case and skip the utmp update, to
avoid systemd-update-utmp-runlevel.service failures.
sysusers: properly mark generated accounts as locked
Previously, we'd only set the shell to /usr/bin/nologin and lock the
password for system users. Let's go one step further and also lock the
whole account.
This is a paranoid safety precaution, since neither disabling the shell
like this nor disabling the password is sufficient to lock an account,
since remote shell tools generally allow passing different shells, and
logins into ftp or similar protocols don't know the shell concept anyway.
Moreover, in times of ssh authentication by password is just one
option of authentication among many.
Takes inspiration from the recommendations in usermod(8)'s -L switch:
"Note: if you wish to lock the account (not only access with a
password), you should also set the EXPIRE_DATE to 1."
Dan Streetman [Thu, 25 Jul 2019 11:57:30 +0000 (07:57 -0400)]
src/basic/missing_syscall: change #ifndef to #if ! (defined && > 0)
The #ifndef check used to work for missing __NR_* syscall defines, but
unfortunately libseccomp now redefines missing syscall number to negative
numbers, in their public header file, e.g.:
https://github.com/seccomp/libseccomp/blob/master/include/seccomp.h.in#L801
When systemd is built, since it includes <seccomp.h>, it pulls in the
incorrect negative value for any __NR_* syscall define that's included in
the seccomp.h header (for those syscalls that the kernel headers don't
yet define, e.g. when built with older/stable-distro kernels). This leads
to bugs like:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1821625
This changes the check so that it can override the negative number that
libseccomp defines, instead of trying to use the negative syscall number.
To avoid gcc warnings (which are failures with meson --werror), this checks
without generating a redefinition gcc warning.
I have no idea why libseccomp decided to define missing syscalls
to negative numbers inside their *public* header file, causing
problems like this.
Dan Streetman [Wed, 24 Jul 2019 23:58:48 +0000 (19:58 -0400)]
src/basic/missing_syscall: add s390 syscall number for __NR_pkey_mprotect
The syscall number for s390 was added to the kernel at:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b41c51c8e194c0bdfb4b1778a137aea8246c86cd
Frantisek Sumsal [Mon, 12 Aug 2019 22:14:54 +0000 (00:14 +0200)]
test: store coredumps in journal
To make debugging much easier, especially for crashes in tests under
QEMU, let's store the entire coredump bundle in the systemd journal,
which is usually kept around by various CIs. Right now, we usually end
up with a journal, but without the coredump itself, which is pretty
useless.
firstboot: drop duplicate trailing whitespace from root pw question
Since ask_password() (and related calls) already append one char, we
ended up appending two. That's not pretty. Let's fix this, and do it
like in all other cases ask_password() (or an equivalent function) is
called.
networkd: Routes should take the gateway into account
Otherwise, changing the default gateway doesn't purge old gateway routes
left on the system during daemon restart. This also fixes removing other
foreign gateway routes that don't match the expected configuration.
Tested:
Changed gateway addresses prior to the patch and they lingered on
the system during each reconfiguration. Applied this patch and
reconfigured gateways and other routes multiple times and it removed
the foreign routes that had gateways that didn't match.
Signed-off-by: William A. Kennington III <william@wkennington.com>
timedated: always enable&start the service with highest priority
This removes a special case that was implemented before: if some service
was already enabled, we'd treat it as having higher priority.
From https://bugzilla.redhat.com/show_bug.cgi?id=1735584#c4:
> Setting ntp off and on should give the same result as just setting it
> on. There should be no stickiness (hidden state). It should behave like
> running an ansible role.
>
> The other service might have been enabled because no other was installed at
> the time. If I install a new NTP service with a higher priority, setting ntp
> on should enable and start the new service, and disable all other. Also, if
> for some reason multiple services are enabled, after setting ntp on there
> should be only one enabled to avoid systemd selecting between them randomly
> on the next boot.
timedated: log about unit enablement actions and enhance logs in general
The general idea is that for things which can occur repeatedly, like SetNTP
being called with the same argument, we only log at debug level. For things
which change state, like when we realize that a unit that wasn't enabled
before needs to be enabled, we log at info level.
Also, don't return success if there are no units loaded.
meson: create (empty) /etc/systemd/system during installation
We explicitly create /etc/systemd/user and other parts of the basic directory
tree. I think we should create /etc/systemd/system too. (The alternative would
be to not create those other directories too, but I think it's nice to have
the basic directory structure in place after installation.)
The `coproc` implementation seems to be a little bit different in older
bash versions, so the `strace` is sometimes started AFTER `systemctl
daemon-reload`, which causes unexpected fails. Let's help it a little by
sleeping for a bit.
test: support MPOL_LOCAL matching in unpatched strace versions
The MPOL_LOCAL constant is not recognized in current strace versions.
Let's match at least the numerical value of this constant until the
strace patch is approved & merged.
libsystemd-network: make option_append() atomic and make the code a bit clearer
Comparisons are done in the normal order (if (need > available), not if (available < need)),
variables have reduced scope and are renamed for clarity.
The only functional change is that if we return -ENAMETOOLONG, we do that
without modifying the options[] array.
I also added an explanatory comment. The use of one offset to point into three
buffers is not obvious.
Coverity (in CID#1402354) says that sname might be accessed at bad offset, but
I cannot see this happening. We check for available space before writing anything.
time-util: improve detection of synchronized clock
Instead of checking for the STA_UNSYNC flag in the timex status, check
the maximum error. It is updated by the kernel, increasing at a rate of
500 ppm. The maximum value is 16 seconds, which triggers the STA_UNSYNC
flag.
This follows timedatex and allows timedated to correctly detect a clock
synchronized by chronyd when configured to not synchronize the RTC.
test: print an error when networkctl returns an unexpected EC
If networkctl crashes, like recently with SIGABRT, it returns absolutely
no output, which may be confusing during debugging. Help it a little
with a short informative message.
test-execute: skip test_exec_systemcallfilter_system under ASan
This particular test case keeps intermittently failing due to crashing
LSan when running under clang+ASan. Generally, sanitizers don't
like seccomp filters, so the best option here is to just switch this
test off for this scenario.
`adduser` is in certain cases a standalone package which provides a
better user experience. In other cases it's just a symlink to `useradd`.
And some distributions don't have `adduser` at all, like Arch Linux.
Let's use the `useradd` binary instead, which should provide the same
functionality everywhere.