Many sandboxing options add implicit DeviceAllow rules, which might be confusing
for users running systemd-analyze security and not expecting it.
Print the list.
1449b0f8a96b27 fixed seccomp arch check for the offline case,
but broke it for the normal case, as when coming from D-Bus the
list of seccomp architectures is already converted to string.
stat-util: ignore hidden_or_backup_file when checking if dir is empty
Commit https://github.com/systemd/systemd/commit/a068aceafbf
changed dir_is_emtpy_at to use FOREACH_DIRENT_IN_BUFFER instead of
FOREACH_DIRENT, but used dot_or_dotdot which just checks if the name
is literally '.' or '..' which is not enough, previous behaviour was
to ignore all hidden files, so restore that and add a test case.
meson: also check c_args to maybe add -Wno-maybe-uninitialized
People (and build systems) sometimes set flags through -Dc_args=… or $CFLAGS.
Let's catch this common case too. meson will set c_args from $CFLAGS, so we
only need to check the former.
libsystemd-network: add assert about packet length
We reject too-short packets in client_receive_message_raw(), so
the packets that dhcp_packet_verify_headers() gets are of sufficient size.
But let's add an assert to clarify this for the reader.
pid1: search for creds in LoadCredential=/LoadCredentialEncrypted=
This adds support for searching for credentials more comprehensively.
Specifically, unless an absolute source path is specified we'll now
search for the credentials in the system credentials first, and then in
/etc/credstore/, /run/credstore/, and /usr/lib/credstore, making these
dirs hence the recommended place for credentials to leave in the system.
For LoadCredentialEncrypted= we'll also look into
/etc/credstore.encrypted/, /run/credstore.encrypted/, …. These dirs are
hence suitable for credentials whose provenience isn't trusted (e.g.
UEFI creds from systemd-stub), and thus require to be authenticated
before use.
pid1: import creds from sd-stub + qemu + kernel cmdline
Let's beef up our system credential game a bit, and explicitly import
creds from sd-stub, from qemu fw_cfg and the kernel cmdline and expose
them in the same way as those passed in from nspawn.
Specifically, this will imprt such credentials to
/run/credentials/@system (if the source can be trusted, as in the
qemu/kernel cmdline case) and /run/credentials/@encrypted (otherwise,
such as sd-stub provided ones).
Once imported we'll set the $CREDENTIALS_PATH env var for PID 1, like it
would be done by a container manager for the payload. (Conversely, we'll
also creat a symlink from /run/credentials/@system to whatever is set in
$CREDENTIALS_PATH in case we are invoked by a container manager, thus
providing a fixed path where system credentials are found).
pid1: load 'qemu_fw_cfg' kmod super early, so that we can import credentials from it
In one of the next commits we want to add support for importing system
credentials from qemu_fw_cfg, very early during boot. (So that we can
use the credentials therein for generators and even earlier). But that
means udev won#t load these modules for us, we have to load them
manually first.
man: beef up the description of systemd-oomd.service
The gist of the description is moved from systemd.resource-control
to systemd-oomd man page. Cross-references to OOMPolicy, memory.oom.group,
oomctl, ManagedOOMSwap and ManagedOOMMemoryPressure are added in all
places.
The descriptions are also more down-to-earth: instead of talking
about "taking action" let's just say "kill". We *might* add configuration
for different actions in the future, but we're not there yet, so let's
just describe what we do now.
test: exclude "bdi" subsystem and loop block devices
On several CI environments, it seems that some loop block devices and
corresponding bdi devices are sometimes removed during the test is
running. Let's exclude them.
compress: make Compression a regular non-sparse enum
Given we have two different types for the journal object flags and the
Compression enum, let's make the latter a regular non-sparse enum, and
thus remove some surprises. We have to convert anyway between the two,
and already do via COMPRESSION_FROM_OBJECT().
The compression helpers are used both in journal code and in coredump
code, and there's a good chance we'll use them later for other stuff.
Let's hence move them into src/basic/, to make them a proper internal
API we can use from everywhere where that's desirable. (pstore might be
a candidate, for example)
No real code changes, just some moving around, build system
rearrangements, and stripping of journal-def.h inclusion.
The idea was to catch CFLite regressions but since the action itself
pulls the latest docker images it can't be pinned properly and issues
like https://github.com/google/clusterfuzzlite/issues/91 are going to
pop up anyway. Let's unpin it by analogy with CIFuzz and hope it doesn't
break very often.
Benjamin Berg [Fri, 22 Apr 2022 13:59:34 +0000 (15:59 +0200)]
hwdb: Remap micmute to f20 for ASUS WMI hotkeys
For micmute userspace handles both micmute and f20, as Xorg cannot
handle the high keycode that the micmute key has. As such, adding the
remapping means that the key will work on Xorg clients and not just when
using wayland.
meson: use a single constant for default compression setting
Suggested by Daniele Nicolodi:
https://github.com/systemd/systemd/pull/23160#discussion_r855853716
This is possible only if the macro is never used in #if, but only in C code.
This means that all places that use #if have to be refactored into C, but we
reduce the duplication a bit, and C is nicer to read than preprocessor
conditionals.
Follow-up for da13d2ca0731b413841663052f2cc6832a855334. Instead of having
separate definitions of the bitmask flags, just define DEFAULT_COMPRESSION_FOO=0|1
directly.
(It *should* be possible to do this more simply, but the problem is that
anything that is used in #if cannot refer to C constants or enums. This is the
simplest I could come up with that preserves the property that we don't use #ifdef.)
The return value from compress_blob() is changed to propagate the error instead
of always returning -EOPNOTSUPP. The callers don't care about the specific error
value. compress_blob_*() are changed to return the compression method on success, so
that compress_blob() can be simplified. compress_stream_*() and compress_stream() are
changed in the same way for consistency, even though the callers do not currently use
this information (outside of tests).
execute: restore ability that SetCredential= can act as fallback for LoadCredential=
If SetCredential= and LoadCredentials= are combined for the same
credential name, then the former shall act as fallback for the latter in
case the source file does not exist. That's documented, but didn't work.
Let's fix that.
Basically, we want that if a relative name is specified as source to
load from we take it relative to the credentials dir the service manager
itself got passed.
execute: sort directory entries when loading credentials recursively
Given that the recusive credential loading allows two ways to load the
same credentials, it's important to define a clear order so that it is
always the same one that wins.
i.e. if you use LoadCredential=foobar:/tmp/xyz and there are two files
/tmp/xyz/abc/cde and /tmp/xyz/abc_cde these would both result in a
credential foobar_abc_cde being set, hence it is important to make clear
which one shall win, and that it is always the same one.
When checking whether we already loaded a credential before, let's just
use faccessat() in the credential dir we are populating. First of all,
we already do it exactly that way when appliying SetCredential= settings
later. Secondly, this is not performance relevant, and by using
faccessat() things simply become a lot simpler.
Given we only need a single field off the ExecLoadCredential structure
we don't have to link it as a whole, but just copy that one bit over
directly, simplifying the struct a bit.
execute: let recurse_dir() concate the cred name for us
recurse_dir() allows specifiying a freely choosable initial path to
which to append the subdirs as it descends into the tree. If we pass the
configured id there, recurse_dir() will suffix the subdir to that for
us, so that we don't have to do that manually anymore in the callback,
simplifying things a bit.
execute: rework load_credential() not to take an ExecLoadCredential object we must synthesize
Let's just simplify the logic and pass the fields we need as regular
arguments, even if that means the function now has a lot. It's otherwise
really weird that we have to fake a local ExecLoadCredential from the
real one.
projects / thirdparty / systemd.git / log
