Commit Graph

44427 Commits

Author SHA1 Message Date
Lennart Poettering
dfe01841e6 tmpfiles: remove unnecessary assert
if we parse an xattr line that has no valid assignment, we might end up
with an empty ->xattr list. Don't hit assert on that, just go on.

Fixes: #15610
2020-04-29 00:23:28 +02:00
Lennart Poettering
d02933fded tmpfiles: use log_syntax() for all parse errors 2020-04-29 00:23:28 +02:00
Lennart Poettering
76410e9849 update TODO 2020-04-28 20:02:50 +02:00
Lennart Poettering
04d1ee0f7e main: bump RLIMIT_MEMLOCK by physical RAM size
Let's allow more memory to be locked on beefy machines than on small
ones. The previous limit of 64M is the lower bound still. This
effectively means on a 4GB machine we can lock 512M, which should be
more than enough, but still not lock up the machine entirely under
pressure.

Fixes: #15053
2020-04-28 19:54:21 +02:00
Lennart Poettering
dcff2fa5d1 nspawn: be more careful with creating/chowning directories to overmount
We should never re-chown selinuxfs.

Fixes: #15475
2020-04-28 19:40:46 +02:00
Lennart Poettering
c98fef264b update TODO 2020-04-28 19:38:55 +02:00
Daan De Meyer
bac1b83217 sd-bus: Add sd_bus_query_sender_creds/privilege docs 2020-04-28 19:38:04 +02:00
Zbigniew Jędrzejewski-Szmek
2344aefccf
Merge pull request #15618 from keszybz/help-output
Small adjustments to --help output
2020-04-28 19:31:16 +02:00
Daan De Meyer
8653422b6a sd-bus: Add sd_bus_get_creds_mask docs 2020-04-28 19:30:49 +02:00
Luca Boccassi
4096043f05 Revert "detect-virt: also detect "microsoft" as WSL"
WSL2 will soon (TM) include the "WSL2" string in /proc/sys/kernel/osrelease
so the workaround will no longer be necessary.
We have several different cloud images which do include the "microsoft"
string already, which would break this detection. They are for internal
usage at the moment, but the userspace side can come from all over the
place so it would be quite hard to track and downstream-patch to avoid
breakages.

This reverts commit a2f838d590.
2020-04-28 13:13:12 +02:00
Zbigniew Jędrzejewski-Szmek
c11428adf9 homectl: say "home area" in more places
Follow-up for b5947b5b10.
2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
460e5af05d meson: test userdbctl and homectl --help 2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
7009610ff5 userdbctl: make --help fit in 80 columns 2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
6164ec4c93 meson: modernize indentation
By using a newline after executable( and run_target(, we get less
indentation and the indentation level does not change when the returned
object is saved to a variable.
2020-04-28 09:53:51 +02:00
Zbigniew Jędrzejewski-Szmek
7229ec02ab efivars: retry open and read operations
On my laptop (Lenovo X1carbo 4th) I very occasionally see test-boot-timestamps
fail with this tb:

262/494 test-boot-timestamps                    FAIL    0.7348453998565674 s (killed by signal 6 SIGABRT)

08:12:48 SYSTEMD_LANGUAGE_FALLBACK_MAP='/home/zbyszek/src/systemd/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/home/zbyszek/src/systemd/src/locale/kbd-model-map' PATH='/home/zbyszek/src/systemd/build:/home/zbyszek/.local/bin:/usr/lib64/qt-3.3/bin:/usr/share/Modules/bin:/usr/condabin:/usr/lib64/ccache:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/home/zbyszek/bin:/var/lib/snapd/snap/bin' /home/zbyszek/src/systemd/build/test-boot-timestamps
--- stderr ---
Failed to read $container of PID 1, ignoring: Permission denied
Found container virtualization none.
Failed to get SystemdOptions EFI variable, ignoring: Interrupted system call
Failed to read ACPI FPDT: Permission denied
Failed to read LoaderTimeInitUSec: Interrupted system call
Failed to read EFI loader data: Interrupted system call
Assertion 'q >= 0' failed at src/test/test-boot-timestamps.c:84, function main(). Aborting.

Normally it takes ~0.02s, but here there's a slowdown to 0.73 and things fail with EINTR.
This happens only occasionally, and I haven't been able to capture a strace.

It would be to ignore that case in test-boot-timestamps or always translate
EINTR to -ENODATA. Nevertheless, I think it's better to retry, since this gives
as more resilient behaviour and avoids a transient failure.

See
https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L75
and
bef3efbeb8.
2020-04-28 09:00:25 +02:00
Ronan Pigott
4b6d94a1e5 shell-completion/zsh: update systemd-analyze completions 2020-04-27 08:40:15 +02:00
Haochen Tong
f5b3be308d zsh: fix disable/enable completion
The "preset" column introduced in
b01c1f305c breaks zsh completion for
systemctl disable/enable. Fix by ignoring everything after the last
space in a line.
2020-04-27 08:12:27 +02:00
Topi Miettinen
3c14dc61f7 tests: various small fixes for strict systems
Don't assume that 4MB can be allocated from stack since there could be smaller
DefaultLimitSTACK= in force, so let's use malloc(). NUL terminate the huge
strings by hand, also ensure termination in test_lz4_decompress_partial() and
optimize the memset() for the string.

Some items in /proc and /etc may not be accessible to poor unprivileged users
due to e.g. SELinux, BOFH or both, so check for EACCES and EPERM.

/var/tmp may be a symlink to /tmp and then path_compare() will always fail, so
let's stick to /tmp like elsewhere.

/tmp may be mounted with noexec option and then trying to execute scripts from
there would fail.

Detect and warn if seccomp is already in use, which could make seccomp test
fail if the syscalls are already blocked.

Unset $TMPDIR so it will not break specifier tests where %T is assumed to be
/tmp and %V /var/tmp.
2020-04-26 20:18:48 +02:00
Daan De Meyer
7b679a188e sd-bus: Cite sd_bus_creds_unref in sd_bus_get_name_creds docs 2020-04-25 10:01:18 +02:00
Dan Streetman
af5654d35c test-cgroup: skip if /sys/fs/cgroup unknown fs
It's not always mounted, e.g. during the build-time tests, it's running inside
a chroot (that's how Debian/Ubuntu build packages, in chroots) so this test
always fails because /sys/fs/cgroup isn't mounted.
2020-04-25 10:00:43 +02:00
Dan Streetman
0bc5f001db cgroup-util: check for SYSFS_MAGIC when detecting cgroup format
When nothing at all is mounted at /sys/fs/cgroup, the fs.f_type is
SYSFS_MAGIC (0x62656572) which results in the confusing debug log:

"Unknown filesystem type 62656572 mounted on /sys/fs/cgroup."

Instead, if the f_type is SYSFS_MAGIC, a more accurate message is:

"No filesystem is currently mounted on /sys/fs/cgroup."
2020-04-25 10:00:43 +02:00
Norbert Lange
84cb27086f Improve help for clang-format
The comments lack the most important usecase: fixing up your commits.
2020-04-25 09:39:31 +02:00
Frantisek Sumsal
3b4ea094e2 ci: introduce CIFuzz
Per-PR fuzzing provided by OSS-Fuzz using GH workflows.

See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
2020-04-24 14:06:21 +03:00
Thomas Haller
feb7d7a212 dhcp6: make string argument to sd_dhcp6_client_set_request_mud_url() const 2020-04-24 10:13:33 +02:00
Zbigniew Jędrzejewski-Szmek
c13f4643f4 Merge pull request #15579 from DaanDeMeyer/sd-bus-get-name/owner-creds-docs 2020-04-24 08:29:41 +02:00
Zbigniew Jędrzejewski-Szmek
e2697253c8
Merge pull request #15564 from poettering/tmpfiles-no-proc
util-lib: check for /proc being mounted in some really basic fs operations
2020-04-24 08:16:22 +02:00
Daan De Meyer
425d5cecbe sd-bus: Add sd_bus_get_name/owner_creds docs 2020-04-24 08:15:05 +02:00
Zbigniew Jędrzejewski-Szmek
11f9379866
Merge pull request #15570 from poettering/cmsg-find
CMSG_FIND_DATA() and cmsg_find() work
2020-04-24 07:45:07 +02:00
Lennart Poettering
41ab8c67eb tree-wide: use structured initialization at various places 2020-04-24 07:44:42 +02:00
Lennart Poettering
2efa5bc6fa dhcp-server: port to recvmsg_safe()
Split out of #15457, let's see if this is the culprit of the CI failure.
2020-04-24 07:43:42 +02:00
Lennart Poettering
2adfd1bda1 icmp6-util: port to recvmsg_safe()
Split out of #15457, let's see if this is the culprit of the CI failure.
2020-04-24 07:41:32 +02:00
Lennart Poettering
84b5d3e532 dhcp-client: port to recvmsg_safe()
Split out of #15457, let's see if this is the culprit of the CI failure.

(also setting green label here, since @keszybz already greenlit it in that other PR)
2020-04-24 07:40:32 +02:00
Frantisek Sumsal
a8af7f6a5c fuzzit: make the submit phase a bit more robust
The submit phase of the Fuzzit Travis job has been spuriously failing
for some time with various (and usually pretty hidden) errors, like:

```
./fuzzit create job --type regression ...
2020/04/23 17:02:12 please set env variable FUZZIT_API_KEY or pass --api-key. API Key for you account: ...
```

```
./fuzzit create job --type regression ...
2020/04/23 11:36:53 Creating job...
2020/04/23 11:36:54 Uploading fuzzer...
2020/04/23 11:36:54 Job created successfully
2020/04/23 11:36:54 Get https://...&action=create: read tcp x.x.x.x:39674->x.x.x.x:443: read: connection reset by peer
```

```
./fuzzit create job --type regression ...
2020/04/22 18:09:15 Creating job...
2020/04/22 18:09:16 Uploading fuzzer...
2020/04/22 18:09:37 Job created successfully
2020/04/22 18:09:37 500 Internal Server Error
```

etc.

Let's retry each submit job up to three times to (hopefully) mitigate this.
2020-04-24 01:58:37 +03:00
Lennart Poettering
9494da41c2 nss-systemd: don't synthesize root/nobody when iterating
Fixes: #15160
2020-04-23 23:07:08 +02:00
Daan De Meyer
68b5003bc1 sd-bus: Add sd_bus_message_get_creds docs 2020-04-23 22:56:10 +02:00
Daan De Meyer
0e4305eeea sd-bus: Add sd_bus_get_name_machine_id docs 2020-04-23 22:40:20 +02:00
Daan De Meyer
d7fbc6804e sd-bus: Add sd_bus_send_to docs 2020-04-23 22:38:44 +02:00
Lennart Poettering
bf39cb7b92
Merge pull request #15566 from poettering/destroy-binfmt
unregister binary formats during shutdown
2020-04-23 21:15:22 +02:00
Lennart Poettering
113a51d221 home: fix strv NUL termination
Fixes: #15559
2020-04-23 21:15:02 +02:00
Zbigniew Jędrzejewski-Szmek
927cffd57f Merge pull request #15569 from DaanDeMeyer/sd-bus-message-peek-type-docs 2020-04-23 20:11:14 +02:00
Lennart Poettering
b2cdefad3a networkd: don't do lldp rx nor tx on bond devices
Fixes: #15146
2020-04-23 20:01:30 +02:00
Zbigniew Jędrzejewski-Szmek
37f446eab7
Merge pull request #15550 from DaanDeMeyer/sd-bus-open/close/enter/exit-container-docs
sd-bus: Add sd_bus_open/close/enter/exit_container docs
2020-04-23 19:58:43 +02:00
Zbigniew Jędrzejewski-Szmek
9d569d5fcb man: add a description of handling of single-label names
It turns out that our man page didn't describe the handling of single-label
names almost at all. This probably adds to the confusion regarding the subject.
So let's first describe what our current implementation is doing.

Quoting https://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/:
> Applications and platforms that apply a suffix search list to a single-label
> name are in conformance with IETF standards track RFCs. Furthermore,
> applications and platforms that do not query DNS for a TLD are in conformance
> with IETF standards track recommendations

Current behaviour is in line with that recommendation.

For #13763.
2020-04-23 19:54:52 +02:00
Lennart Poettering
035e3cb9f9
Merge pull request #15563 from keszybz/wait-callback-tweak
Add NULL callback check in one more place
2020-04-23 19:50:36 +02:00
Lennart Poettering
08508c4862
Merge pull request #15561 from poettering/udev-memdup-fix
udev: nulstr NUL termination fix
2020-04-23 19:50:12 +02:00
Lennart Poettering
371d72e05b socket-util: introduce type-safe, dereferencing wrapper CMSG_FIND_DATA around cmsg_find()
let's take this once step further, and add type-safety to cmsg_find(),
and imply the CMSG_DATA() macro for finding the cmsg payload.
2020-04-23 19:41:15 +02:00
Lennart Poettering
dac556fa7b tree-wide: use cmsg_find() helper at various places where appropriate 2020-04-23 19:41:15 +02:00
Daan De Meyer
3df22bb5c8 sd-bus: Add sd_bus_message_peek_type docs 2020-04-23 19:37:21 +02:00
Daan De Meyer
7cd40caa66 sd-bus: Add sd_bus_message_open/close/enter/exit_container docs 2020-04-23 18:30:40 +02:00
Daan De Meyer
31e4abd1a6 sd-bus: Fix typo in sd_bus_message_append_array docs 2020-04-23 18:27:34 +02:00