Alin Popa [Fri, 14 Feb 2020 08:33:43 +0000 (09:33 +0100)]
systemd: Fix busctl crash on aarch64 when setting output table format
The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
It also fixes all other occurences for table_set_display() and
table_set_sort().
Alin Popa [Fri, 14 Feb 2020 08:33:43 +0000 (09:33 +0100)]
systemd: Fix busctl crash on aarch64 when setting output table format
The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
An alternative solution would be to change the table_set_display() function
arguments to unsigned type.
Frantisek Sumsal [Mon, 10 Feb 2020 18:42:44 +0000 (19:42 +0100)]
lgtm: use the system version of meson
LGTM was upgraded to Ubuntu Eoan, so the meson there is pretty new.
Also, the pip command didn't work anyway, since it didn't attempt to
update the previously installed meson.
Frantisek Sumsal [Mon, 10 Feb 2020 17:35:36 +0000 (18:35 +0100)]
lgtm: set TMPDIR to /var/tmp
`/tmp` has `noexec` set in the LGTM infrastructure which breaks meson's
compilation checks. Let's use `/var/tmp` for now, until the issue is
properly resolved
Unfortunately the same usb hub is used in other places, and causes
numerous regressions (#14822,
https://bugzilla.redhat.com/show_bug.cgi?id=1800820). Let's revert
until a non-regressing approach is found.
network: Make address_hash_ops available outside of networkd-address.c
In order to allow other parts of systemd-networkd to use sets/hashmaps
of Address objects, the address_hash_ops structure needs to be made
available to them.
network: Document the lack of actual DAD usage in prefixstable algorithm
The RFC 7217 (prefixstable) algorithm can use Duplicate Address
Detection to produce multiple candidate addresses, but the implementation
here does not currently employ that mechanism.
network: Rewrite IPv6Token documentation for new modes
This patch provides new documentation for IPv6Token,
reflecting the new modes (and the existing mode), and documents
various caveats users should be aware of when using these
modes.
This error message will be emitted when any form of SLAAC address
generation fails, not just 'prefix stable', so the message should
only refer to SLAAC.
network: Improve variable name for address generation
The logic which can produce an IPv6 address using SLAAC produces an
address, not a prefix, so the boolean variable used to detect whether
it succeeded should reflect that.
Yu Watanabe [Sun, 9 Feb 2020 15:43:58 +0000 (00:43 +0900)]
test-network: tentatively stops .socket units for udevd
To suppress the following warning:
---
Warning: Stopping systemd-udevd.service, but it can still be activated by:
systemd-udevd-control.socket
systemd-udevd-kernel.socket
test: give systemd chance to actually start the unit
In certain cases the expected enqueue-start-replace-continue
sequence would end up as enqueue-replace-start-continue which causes
unexpected fails even though the serialization/deserialization part
works as expected. As we can't use `--wait` in this case, let's give
sysetmd a second to actually start the unit before replacing it with
another one.
Also, switch from the single-letter test output to a bit verbose format.
Luca Boccassi [Thu, 23 Jan 2020 16:50:15 +0000 (16:50 +0000)]
portablectl: add --now and --enable to attach/detach
Add shortcuts to enable and start, or disable and stop, portable
services with a single portablectl command.
Allow to pass a filter on detach, as it's necessary to call
GetImageMetadata to get the unit names associated with an image.
Matthew Leeds [Fri, 7 Feb 2020 00:30:25 +0000 (16:30 -0800)]
hwdb: Fix touchpad toggle on WeiHeng P325J
On the WeiHeng P325J laptop, Fn+F2 sends LeftWindow (0xe0 0x5b) +
LeftCtrl (0x1d) + F24 (0x76). Add a quirk to remap the 0x76 to F21 which
toggles the touchpad. The Ctrl + Win part is handled in userspace, e.g
by gnome-settings-daemon here:
https://gitlab.gnome.org/GNOME/gnome-settings-daemon/commit/f545950fe
This is analogous to what was done for the T-bao hardware here:
https://github.com/systemd/systemd/commit/d4a5df521d
Anita Zhang [Thu, 6 Feb 2020 23:34:17 +0000 (15:34 -0800)]
core: sync SeccompParseFlags between dbus-execute and load-fragment
9e486265716963439fb0fd7f2a97abf109f24f75 added some new syscalls to the
filter lists. However, on systems that do not yet support the new calls,
running systemd-run with the filter set results in error:
```
$ sudo systemd-run -t -r -p "SystemCallFilter=~@mount" /bin/true
Failed to start transient service unit: Invalid argument
```
Having the same properties in a unit file will start the service
without issue. This is because the load-fragment code will parse the
syscall filters in permissive mode:
https://github.com/systemd/systemd/blob/master/src/core/load-fragment.c#L2909
whereas the dbus-execute equivalent of the code does not.
Since the permissive mode appears to be the right setting to support
older kernels/libseccomp, this will update the dbus-execute parsing
to also be permissive.
core/selinux-access: use _cleanup_ and improve logging
Instead of setting the bus error structure and then freeing it, let's only set
it if used. If we will ignore the selinux denial, say ", ignore" to make this
clear. Also, use _cleanup_ to avoid gotos.
../src/core/selinux-access.c: In function ‘mac_selinux_generic_access_check’:
../src/basic/log.h:223:27: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
../src/core/selinux-access.c:235:85: note: format string is defined here
235 | log_warning_errno(errno, "SELinux getcon_raw failed (tclass=%s perm=%s): %m", tclass, permission);
| ^~
I wonder why nobody ever noticed this.
Fixes #14691 (other issues listed in that ticket have already been fixed).
shared/ask-password-api: show "(press TAB for no echo)"
For #8495: it is arguably useful to not show the length of the password
in public spaces. It is possible to press TAB or BS to cancel the asterisks,
but this is not very discoverable. Let's make it discoverable by showing
a message (in gray). The message is "erased" after the first character
is entered.
shared/ask-password-api: return "error" when dialogue is cancelled
test-ask-password-api would crash if ^D was pressed.
If think the callers generally expect a non-empty strv as reply. Let's
return an error if we have nothing to return.
core: do not prepare a SELinux context for dummy files for devicenode bind-mounting
Let systemd create the dummy file where a device node will be mounted on with the default label for the parent directory (e.g. /tmp/namespace-dev-yTMwAe/dev/).
See c80a9a33d04fb4381327a69ce929c94a9f1d0e6c, target units can't fail.
I guess we need to figure out some replacement functionality, but at least
let's avoid the warning from systemd for now.
Chris Down [Wed, 5 Feb 2020 12:12:52 +0000 (12:12 +0000)]
cgroup: systemctl: Don't display NULL if protection was set to max
Inside format_bytes, we return NULL if the value is UINT64_MAX. This
makes some kind of sense where this has some other semantic meaning than
being a value, but in this case the value is both a.) not the default
(so we definitely want to display it), and b.) means "infinity" (or
"max" in cgroup terminology).
This patch adds a small wrapper around format_bytes that can be used for
these cases, to avoid the following situation:
[root@tangsanjiao ~]# cat /sys/fs/cgroup/workload.slice/memory.low
max
[root@tangsanjiao ~]# systemctl show workload.slice -p MemoryLow
MemoryLow=infinity
[root@tangsanjiao ~]# systemctl status workload.slice | grep low:
Memory: 14.9G (low: (null))
Since libcap v2.29 the format of cap_to_text() has been changed which
makes certain `test-execute` subtest fail. Let's remove the offending
part of the output (dropped capabilities) to make it compatible with
both the old and the new libcap.
polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it
Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.
sd-bus: introduce API for re-enqueuing incoming messages
When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.
This might have other uses too, for example debugging.
polkit: on async pk requests, re-validate action/details
When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.
selinux-access: log warning on context acquisition failure
Relevant when testing in permissive mode, where the function does not return a failure to the client.
This helps to configure a system in permissive mode, without getting surprising failures when switching to enforced mode.
`log_enforcing()` and `log_enforcing_errno()` are only used for important messages, which describe failures in enforced mode.
They are guarded either by `!mac_selinux_use()` or `!label_hnd` checks, where the latter is itself guarded by the former.
Only SELinux enabled systems print these logs.
This helps to configure a system in permissive mode, without getting surprising failures when switching to enforced mode.
projects / thirdparty / systemd.git / log
