Jan Janssen [Fri, 26 Nov 2021 13:00:02 +0000 (14:00 +0100)]
meson: Default to sbat-distro=auto
Any recent shim will refuse starting an image that does not have an sbat section
and will do so with a generic "Security Violation" message. And it is very easy
to forget passing -Dsbat-distro=auto to meson when creating a fresh build dir.
Adding sbat info when shim is not used or secure boot is disabled does not hurt
anyone, so default to auto. This still ensures to not add auto-detected info in
case we are cross building.
Topi Miettinen [Sat, 27 Nov 2021 10:51:39 +0000 (12:51 +0200)]
namespace: allow ProcSubset=pid with some ProtectKernel options
In case `/proc` is successfully mounted with pid tree subset only due to
`ProcSubset=pid`, the protective mounts for `ProtectKernelTunables=yes` and
`ProtectKernelLogs=yes` to non-pid `/proc` paths are failing because the paths
don't exist. But the pid only option may have failed gracefully (for example
because of ancient kernel), so let's try the mounts but it's not fatal if they
don't succeed.
Alyssa Ross [Sat, 27 Nov 2021 12:10:38 +0000 (12:10 +0000)]
docs: fix descriptions in discoverable partitions
00db9a114e ("docs: generate table from header using a script") got the
descriptions for the partition types mixed up. After that change, the
spec claimed, for example, that the /usr partition should contain
"dm-verity integrity hash data for the matching root partition", and
that the /usr verity partition should be of type "Any native, optionally
in LUKS". This made the spec an extremely confusing read before I
figured out what must have happened!
I've gone through the table as it existed prior to 00db9a114e, and moved
the descriptions around in the script that generates the table until
they matched up with what they used to be. Then I regenerated the
table from the fixed script.
I think the function name is confusing: we generally say "free_free" when
both keys and values are freed in a hash map, but here the type is an
array of strvs, so the name should be something like strv_array_free.
test-journal-flush: do not croak on corrupted input files
We would fail if the input file was corrupted:
build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~
journal_file_copy_entry failed: Bad message
Assertion 'r >= 0' failed at src/libsystemd/sd-journal/test-journal-flush.c:55, function main(). Aborting.
[1] 619472 IOT instruction (core dumped) build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~
Vito Caputo [Thu, 25 Nov 2021 18:39:34 +0000 (10:39 -0800)]
mmap-cache: embed MMapCache.contexts[]
Code simplification; no idea why the Context structs were being
heap-allocated piecemeal. There aren't many and they're small,
and made even smaller with this commit.
This also gets rid of the Context.cache backreference by just
accompanying the Context* with MMapCache* to the few private
Context* operations, resolving the context ID to a Context* at
the single public entrypoint: mmap_cache_fd_get(), which asserts
on the value being within bounds. The Context.id member and
checks are also removed, as there's far less opportunity for
these things to become inconsistent now.
Of course this drops all context_{add,free}() related code,
making for a tasty diffstat.
Daan De Meyer [Fri, 12 Nov 2021 14:32:40 +0000 (14:32 +0000)]
journal: Deduplicate entry items before they are stored in the entry object
If the iovec contains the same data more than once, we'll end up with
duplicate offsets in the items array. Let's make sure we remove any
duplicates before we store the items in an entry object.
Vito Caputo [Thu, 25 Nov 2021 15:05:06 +0000 (07:05 -0800)]
mmap-cache: LIST_REMOVE() *after* w->unused_prev
The LIST_REMOVE() macro always assigns NULL to w->unused_prev,
meaning every time this window was in last_unused, the remainder
of the unused list was lost to the ether.
Turns out there's been a memory leak in journald after all, this
code has been there since at least 2013...
Henri Chain [Tue, 23 Nov 2021 15:47:18 +0000 (16:47 +0100)]
Try to fix exittype test flakyness
The test was changed at @bluca 's request to avoid sleeps,
but the change insufficient to avoid all races.
The kill command is now run from the script itself to avoid using
ExecStartPost
Daan De Meyer [Fri, 12 Nov 2021 14:29:02 +0000 (14:29 +0000)]
journal: Remove entry seqnum revert logic
This actually causes mismatches between the header tail entry seqnum
and the last entry seqnum since when we revert the header seqnum, we
don't remove the entry object we added. If adding the entry object
itself fails, we don't need to revert the seqnum since it's never
incremented so let's remove this logic alltogether.
homed: support LogControl1 D-Bus API too, and make use of it
All our D-Bus services support the LogControl1 API, but homed didn't so
far. Fix that, and make use of it in the test case, to make debugging it
easier.
Jan Janssen [Wed, 24 Nov 2021 11:11:17 +0000 (12:11 +0100)]
test: Use TEST macro in more cases
This converts to TEST macro in less trivial cases. This is mostly
due to having an intro or outro before/after the actual tests.
Some notable changes:
- add a "test" to make sure the hashmap and ordered_hashmap tests
from different compilation units are actually run in test-hashmap.c
- make root arg a global var in test-install-root.c
- slightly rework an EFI specific test in test-proc-cmdline.c
- usage of saved_argv/saved_argc in test-process-util.c
- splitting test-rlimit-util.c into several tests
- moving the hwdb open check into intro in test-sd-hwdb.c
- condense several "tests" into one in test-udev-util.c
Jan Janssen [Wed, 24 Nov 2021 11:00:02 +0000 (12:00 +0100)]
test: Use TEST macro
This converts to TEST macro where it is trivial.
Some additional notable changes:
- simplify HAVE_LIBIDN #ifdef in test-dns-domain.c
- use saved_argc/saved_argv in test-copy.c, test-path-util.c,
test-tmpfiles.c and test-unit-file.c
Jan Janssen [Wed, 24 Nov 2021 17:45:16 +0000 (18:45 +0100)]
test-time-util: Properly restore TZ variable
The test fails to call tzset() after unsetting TZ variable, which
could break other tests. Also, let's be nicer and actually restore
the TZ to its original value.
This macro is like JSON_BUILD_STRING() but uses our json library's
ability to use literal strings directly as JsonVariant objects.
The changes all our codebase to use this new macro whenever we build
JSON objects from literal strings.
(I tried to make this automatic, i.e. to detect in JSON_BUILD_STRING()
whether something is a literal string nicely and thus do this stuff
automatically, but I couldn't find a way.)
This should reduce memory usage of our JSON code a bit. Constant strings
we use very often will now be shared and mapped directly from the ELF
image.
json: don't assert() if we add a NULL element via json_variant_set_field()
The rest of our JSON code tries hard to magically convert NULL inputs
into "null" JSON objects, let's make sure this also works with
json_variant_set_field().
- execute.c: bpf functions were in the middle of an #if HAVE_SECCOMP
block for no reason
- test-fd-util.c: make seccomp-util.h includable without depending on
<seccomp.h>, and make is_seccomp_available() hardcoded to returning
false in this case.
Also fix a stray DEFINED() -- HAVE_SECCOMP is defined as 0, so normal
#if should be used like everywhere else.
socket: always pass socket, fd and SocketPeer ownership to service together
Per-connection socket instances we currently maintain three fields
related to the socket: a reference to the Socket unit, the connection fd,
and a reference to the SocketPeer object that counts socket peers.
Let's synchronize their lifetime, i.e. always set them all three
together or unset them together, so that their reference counters stay
synchronous.
THis will in particuar ensure that we'll drop the SocketPeer reference
whenever we leave an active state of the service unit, i.e. at the same
time we close the fd for it.
homework: also apply uid shifting when changing passwords/resizing/updating home areas
This adds uidmap shifting also when resizing/updating/changing
passwords. Prviously I thought we didn't have to, because the user is
not going to access the uidmap if we only quickly activate the home
area. But this thinking is wrong, because the three operations will
result in an update ~/.identity fie to be written, and we should do that
with uidmap applied, so that its ownership maps down to nobody below as
intended.
homework: don't try to shift uidmap for already activated home areas
When we want to operate on an already activated home area we so far
tried to reapply the uidmapping logic. We shouldn't do that, it's
already applied after all.
We only want to apply this for newly activated home areas. Hence check
for the right HomeSetupFlags flag for it HOME_SETUP_ALREADY_ACTIVATED.
The patch is actually in theory a two-liner. Except that so far we don#t
pass the HomeSetupFlags flags down all necessary functions where the
uidmap stuff will eventually run. Hence this larger than intended
commit.
homectl: also acquire "cheap" passwords for homectl update/passwd
In 57bb9bcba5563c040ee0c41f58e3730a006a8de2 support was added to read
"cheap" passwords from env vars and stuff before issuing the first
operation, instead of waiting for it until the first operation failed.
This was added for most verbs of "homectl", but two were left out:
update + passwd. Add it there too.
dissect-image: always say "file of image" when reporting about the image
We give a path, but the path is only meaningful inside of the image.
Some messages made it clear that it's a path in the image, let's make
them all do that.
projects / thirdparty / systemd.git / log
