Yu Watanabe [Wed, 15 Mar 2023 06:12:41 +0000 (15:12 +0900)]
sd-journal: fix segfault
Unfortunately, journal_file_next_entry() returns 0 when the next entry
not found. The commit cc938e4a0ab67707e489cc3970a8557ad89801ca adds
FIXME comment about that. We should really fix that, but the function and
its return value are used in many place, hence checking all usecases is not
easy. So, let's workaround that here, and handle the 0 return value by
the caller.
Let's make use of SD_EVENT_SIGNAL_PROCMASK so that we don't have to mask
the signals manually. Let's use sd_event_set_exit_signal() instead of
rolling our own SIGTERM/SIGINT handling. Let's use "floating" event
sources instead of keeping references on our own.
Let's also debug log if we can't enable watchdog handling.
Daan De Meyer [Mon, 13 Mar 2023 15:17:21 +0000 (16:17 +0100)]
chase-symlinks: Rework open() functions and some chase flags
Currently, when CHASE_PARENT is specified, we chase the parent directory
of the symlink itself. Let's change this and chase the parent directory
of the symlink target so that trying to open the actual file later with
O_NOFOLLOW doesn't fail with ELOOP.
To get the current behavior, callers can add CHASE_NOFOLLOW to chase
the parent directory of the symlink itself.
Currently, when CHASE_MKDIR_0755 is specified, we create all components
of the path as directories. Instead, let's change the flag to only create
parent directories and leave the final component of the PATH untouched.
Also, allow CHASE_NONEXISTENT with CHASE_MKDIR_0755 now that it doesn't
create all components anymore.
Finally, rework chase_symlinks_and_open() and chase_symlinkat_at_and_open()
to always chase the parent directory and use xopenat() to open the final
component of the path. This allows us to pass O_CREAT to create the file or
directory (O_DIRECTORY) if it is missing. If CHASE_PARENT is configured, we
just reopen the parent directory that we chased.
Luca Boccassi [Tue, 14 Mar 2023 20:12:33 +0000 (20:12 +0000)]
core: make the memory pressure cgroup path writable when ProtectControlGroups=yes
The interface requires services to write to the cgroup file to activate notifications,
but with ProtectControlGroups=yes we make it read-only. Add a writable bind mount.
Thomas Weißschuh [Tue, 14 Mar 2023 03:42:23 +0000 (03:42 +0000)]
treewide: memfd_create: use exec flags
Use the flags MEMFD_EXEC or MEMFD_NOEXEC_SEAL as applicable.
These warnings instruct the kernel wether the memfd is executable or
not.
Without specifying those flags the kernel will emit the following
warning since version 6.3,
commit 105ff5339f49 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC"):
kernel: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=1 'systemd'
Jan Janssen [Tue, 14 Mar 2023 13:32:43 +0000 (14:32 +0100)]
stub: Remove overlapping PE section warning
Now that we always create PE images with a non-zero image base we cannot
run into this issue anymore. Any tool that still uses the old hard-coded
section offsets will end up creating bad images with sections below the
image base. objcopy will warn about this and any PE loader will simply
refuse to load such an image. Meanwhile updated tools do not use
hard-coded offsets anymore.
Let's avoid any ambiguities around paths, and make them absolute when
accepting them, like we do in most our tools now. This makes us
independent of the current working directory and allows us to change it
without issues or pass around the paths elsewhere if need be.
cgls: stop showing cgroup ids and xattrs by default
Those are rather specialized bits of information, useful mostly for debugging.
I use cgls quite often but never had the need to use either of those…
But they take up a significant amount of screen real estate, esp. when
executed as root:
Luca Boccassi [Mon, 13 Mar 2023 21:34:37 +0000 (21:34 +0000)]
core: append LogExtraFields= values to log_unit* messages
This ensure messages from PID1 regarding a unit also contain those
fields. For example, portable services have PORTABLE=<image> as
extra fields, which is useful to identify which version of a portable
image produced a log message like an error or an oomd kill.
Franck Bui [Tue, 14 Mar 2023 09:08:11 +0000 (10:08 +0100)]
tests: don't use absolute paths when installing binaries in TEST-58-REPART
Let image_install figures the binary paths out itself as not all distributions
ship the mkfs.* tools in the same location. For example openSUSE ships
mksquashfs in /usr/bin/.
EinBaum [Tue, 14 Mar 2023 08:41:21 +0000 (10:41 +0200)]
hwdb: 60-keyboard.hwdb: Fix modalias for Thinkpad X200 Tablet (#26795)
This fixes the tablet buttons on the Thinkpad X200 Tablet.
My Lenovo ThinkPad X200 Tablet is called "ThinkPadX200T" instead of "ThinkPadX200Tablet":
```
$ cat /sys/devices/virtual/dmi/id/modalias
dmi:bvnLENOVO:bvr7WET71WW(3.21):bd11/29/2012:br3.33:efr1.6:svnLENOVO:pn7453WVK:pvrThinkPadX200T:rvnLENOVO:rn7453WVK:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:sku:
```
This patch makes both strings work correctly to support the extra tablet keys.
A S Alam [Tue, 14 Mar 2023 02:20:31 +0000 (03:20 +0100)]
po: Translated using Weblate (Punjabi)
Currently translated at 6.2% (12 of 193 strings)
Co-authored-by: A S Alam <amanpreet.alam@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/pa/
Translation: systemd/main
namespace-util: set mounts back to MS_SHARED in detach_mount_namespace()
For nspawn and services we first turn off two-way propagation of mounts
from host to sandbox via MS_SLAVE, and then set MS_SHARED again, so that
we create a new mount prop peer group again, and that we provide
behaviour similar to what we provide on the host further down the tree.
Let's do the same in detach_mount_namespace(), which we use for the
temporary mounts in the implementation of --image= in various tools.
This doesn't fix any immediate issue, but ensures we expose somewhat
systematic behaviour: whenever we detach mount namespaces we always set
things back to MS_SLAVE in the child.
core: rename "mount_flags" → "mount_propagation_flag" internally where appropriate
ExecContext has a field that controls the mount propagation flag of the
mounts in the resulting namespace. This is exposed as "MountFlags="
which is super confusing, as it suggests one could control more than
propagation, and that it was actually a flags field. It's an enum
though only, and nothing else.
We might want to rename this externally one day, but given the compat
kludges this requires and the fact this is somewhat nichey it might not
be worth it. But internally let's rename it, as it makes things much
easier to grok, in particular as part of the codebase already exposed
the concept as mount_propagation_flag.
Topi Miettinen [Sun, 6 Nov 2022 19:12:45 +0000 (21:12 +0200)]
execute: use prctl(PR_SET_MDWE) for MemoryDenyWriteExecute=yes
On some ARM platforms, the dynamic linker could use PROT_BTI memory protection
flag with `mprotect(..., PROT_BTI | PROT_EXEC)` to enable additional memory
protection for executable pages. But `MemoryDenyWriteExecute=yes` blocks this
with seccomp filter denying all `mprotect(..., x | PROT_EXEC)`.
Newly preferred method is to use prctl(PR_SET_MDWE) on supported kernels. Then
in-kernel implementation can allow PROT_BTI as necessary, without weakening
MDWE. In-kernel version may also be extended to more sophisticated protections
in the future.
Franck Bui [Fri, 27 Jan 2023 10:32:27 +0000 (11:32 +0100)]
conf: replace config_parse_many_nulstr() with config_parse_config_file()
All daemons use a similar scheme to read their main config files and theirs
drop-ins. The main config files are always stored in /etc/systemd directory and
it's easy enough to construct the name of the drop-in directories based on the
name of the main config file.
Hence the new helper does that internally, which allows to reduce and simplify
the args passed previously to config_parse_many_nulstr().
Besides the overall code simplification it results:
Brett Holman [Mon, 13 Mar 2023 15:21:30 +0000 (09:21 -0600)]
network: ipv4acd: update MAC address on change (#26753)
Commit 76a86ffdbee2dd9ef0f2b5338e14eb6ba7671456 added function
ipv4acd_update_mac() but invoked ipv4ll_update_mac(), which doesn't
align with debug or commit messages.
Yu Watanabe [Mon, 13 Mar 2023 11:57:50 +0000 (20:57 +0900)]
udev-rule: rework logging about udev rules
This makes the loggers take the most relevant object, i.e. when
applying udev rules to a device, the loggers take sd_device and
UdevRuleToken object, and when parsing udev rules, they take
UdevRuleLine or UdevRuleFile object.
To achieve that, this drops 'iterators' in UdevRules or friends named
`current_file` or so. Instead of that, each object now has its
parent object, e.g. UdevRuleToken.rule_line that references the
UdevRuleLine object the token belonging to. And each function previously
took UdevRules object now takes the most relevant object, e.g. UdevRuleToken.
Solves the discussion in https://github.com/systemd/systemd/pull/26698#discussion_r1129261193.
Daan De Meyer [Mon, 13 Mar 2023 12:05:19 +0000 (13:05 +0100)]
dynamic-user: Revert back to using POSIX locks
unposix locks are shared between child and parent after fork() which
is precisely what we don't want in this case so revert back to POSIX
locks which are not shared between parent and child.
projects / thirdparty / systemd.git / log
