Frantisek Sumsal [Mon, 17 Oct 2022 13:00:12 +0000 (15:00 +0200)]
test: use SIGKILL to kill the container if necessary
TEST-69 uses a Python wrapper around the systemd-nspawn call, which on
error calls the `spawn.terminate()` method. However, with no arguments
it will only use SIGHUP and SIGINT signals - this might leave a stuck
container around, causing fails if the test is run again. With `force=True`
SIGKILL is used as well (if necessary).
Frantisek Sumsal [Mon, 17 Oct 2022 12:31:25 +0000 (14:31 +0200)]
test: ignore gcov errors in TEST-34
TEST-34 complains in `test_check_writable` when running with gcov, as
the build directory tree is not writable with DynamicUser=true. As I had
no luck with $GCOV_PREFIX and other runtime gcov configuration, let's
just ignore the gcov errors for this test.
Jan Janssen [Sun, 16 Oct 2022 07:36:21 +0000 (09:36 +0200)]
stub: Fix booting with old kernels
This fixes a regression introduced in e1636807 that removed setting this
value as it seemingly was not used by the kernel and would actively
break above 4G boots. But old kernels (4.18 in particular) will not boot
properly if it is not filled out by us.
The original issue was using the truncated value to then jump into the
kernel entry point, which we do not do anymore. So setting this value
again on newer kernels is fine.
gpt-auto: rename all functions that operate on a DissectedPartition object add_partition_xyz()
The function for handling regular mounts based on DissectedPartition
objects is called add_partition_mount(), so let's follow this scheme for
all other functions that handle them, too. This nicely separates out the
low-level functions (which get split up args) from the high-level
functions (which get a DissectedPartition object): the latter are called
add_partition_xyz() the former just add_xyz().
This makes naming a bit more systematic. No change in behaviour.
seccomp: drop per arch conditionalization in filter groups
We list plenty of arch-specific syscalls in our filter groups, treat the
s390 syscalls the same.
We handle gracefully anyway if some syscall doesn't exist locally on the
kernel or arch, let's rely on it. This has the benefit that
"systemd-analyze" will comprehensively tell you the syscalls filtered on
any arch for any arch.
msizanoen1 [Wed, 12 Oct 2022 06:40:05 +0000 (13:40 +0700)]
shared/logs-show: do not overwrite journal time in export format with source timestamps
Using _SOURCE_{MONOTONIC,REALTIME}_TIMESTAMP in place of the results of
sd_journal_get_{monotonic,realtime}_usecs in export formats might cause
internal inconsistency of realtime timestamp values within a journal export,
violating the export file format and causing systemd-journal-remote to
mass-generate journal files.
Fix this by using the real journal timestamps for
__{REALTIME,MONOTONIC}_TIMESTAMP.
Yu Watanabe [Fri, 14 Oct 2022 07:18:35 +0000 (16:18 +0900)]
udev-builtin-kmod: support to run without arguments
If no module name is provided, then try to load modules based on the
device modealias.
Previously, MODALIAS property is passed as an argument, but it may
contain quotation. Hence, unfortunately the modalias may be modified
and cannot load expected modules.
install: include full type name in special UnitFilePresetMode values
Typically the _MAX and _INVALID special enum values use the full type as
prefix, even if the actual values of the enum might not. Let's follow
this rule here too.
install: make InstallChange enum type a proper type
We can just make this an enum, as long as we ensure it has enough range,
which we can do by adding -ERRNO_MAX as one possible value (at least on
GNU C). We already do that at multiple other places, so let's do this
here too.
shared/install: print warning when unmasking unit with cmdline mask
'systemctl unmask foo' will try to remove the symlink to /dev/null under /etc/.
But the unit may also be masked by a symlink under /run/generator, in particular
the one created by systemd-debug-generator based on systemd.mask=foo on the
kernel commandline. The unmask call cannot anything about this: even if it removed
the symlink from /run/generator, it'll be recreated on the next daemon-reload.
Thus, we can only warn about it.
Initially, I wanted to check if 'systemctl.mask' is defined on the kernel
command-line, but that's not effective, because such mask symlinks can be
created by other generators based on other conditions. Checking for runtime
mask is "dumber", but is more robust because it doesn't assume who created the
mask and why.
The handling of InstallInfo is the copied from install_info_symlink_wants().
It's pretty ugly, this whole code should be rewritten from scratch.
The message is printed, but the whole operation is still "successful". This
keep backwards compatibility: people might call unmask to remove filesystem
masks even if there's still a cmdline param in place. We allow 'systemctl
mask' to create such a mask, so 'unmask' should be able to remove it.
shared/install: rename 'unit_file_change_type' to 'install_change' + followups
We had an anonymous enum with values called UNIT_FILE_…, which could easily be
confused with UNIT_FILE_… from UnitFileFlags enum. This commit renames the enum
values and also the variables which refer to them.
Yu Watanabe [Thu, 13 Oct 2022 08:34:08 +0000 (17:34 +0900)]
test: drop unused modules
Suggested by CodeQL#167 (https://github.com/systemd/systemd/security/code-scanning/167)
and CodeQL#168 (https://github.com/systemd/systemd/security/code-scanning/168).
analyze: extend the dump command to accept patterns
The new function DumpPatterns() can be used to limit (drastically) the size of
the data returned by PID1. Hence the optimization of serializing data into a
file descriptor should be less relevant than having the possibility to limit
the data when communicating with the service manager remotely.
NB: when passing patterns, the dump command omits the version of the manager as
well as the features and the timestamps.
dissect-image: open dissected or decrypted partitions and mount through the file descriptor
If multiple services with the same encrypted image are simultaneously
starting, one may deactivate the dm device while others using it.
Or, similary, after (regular) partitions are dissected, another process
may try to remove them before we mount them.
To prevent such situations, let's keep the dissected and decrypted
partitions opened. Then, use the file descriptors when we mount the
partitions.
Frantisek Sumsal [Wed, 12 Oct 2022 15:28:47 +0000 (17:28 +0200)]
test: disable LSan in the ASan env wrapper
This wrapper is used in situations where we don't care about *San reports,
we just want to make things work. However, with enabled LSan we might
trigger some bogus reports we're definitely not interested in, causing
unexpected test fails.
Michael Biebl [Wed, 12 Oct 2022 09:07:57 +0000 (11:07 +0200)]
logind: fix getting property OnExternalPower via D-Bus
The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
argument, so we need to call manager_is_on_external_power(). Otherwise
the function pointer is interpreted as a boolean and always returns
true:
```
$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
b true
$ /lib/systemd/systemd-ac-power --verbose
no
```
Thanks: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
PID 1 is not allowed to do nss lookups because this may take a long time or
even deadlock.
While at it, the comparisons are reordered to do the "easy" comparisons which
only require a string comparison first. Delay parsing of the UID until it is
really necessary. The result is the same, because we know that "root" and
"nobody" parse as valid.
basic/chase-symlinks: add note that CHASE_WARN is not for PID 1
This should be enough to make us remember that constraint. A more heavy-weight
approach like renaming the option to CHASE_WARN_NSS_LOOKUP would be possible,
but it'd make the callers quite verbose and doesn't seem worth it.
Those may go via the PC speaker, which is annoying and unexpected.
Most people have it off, so this doesn't work reliably anyway, so we can
disable it without much loss.
Let's nudge people towards the use of an anonymous buffer like we
do internally.
"errno" → "errnum", to match the man page for strerror, and also to avoid
confusion with the global variable. In general, I think that errno is a
terrible interface and we shouldn't encourage people to use it. Those functions
use errno-style error numbers, which are a different thing.
The need to set errno is very very ugly, but at least it is thread-safe and
works correctly. Using strerror() is likely to be wrong, so let's not recommend
that. People who do a lot of logging would provide use some wrapper that sets
errno like we do, so nudge people towards %m.
I tested that all the separate .c files compile cleanly.
sd-bus: make bus_error_message() a thread-safe macro
strerror_r() is used instead of strerror(). The usual trick is employed: we
allocate a buffer that lives until the end of the surrounding block to provide
the scratch space. This change is particularly important forn sd-bus and the
pam modules, which may be called from threaded code.
I checked the codebase, and we only use bus_error_message() in log statements,
so the returned pointer is not used beyond its valid lifetime.
projects / thirdparty / systemd.git / log
