system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-09-06 16:56:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
68184 commits 4 branches 388 tags 558 MiB
Commit graph

68184 commits

This branch
This branch
All branches
Author SHA1 Message Date
Lennart Poettering bd1ae17833 io-util: split out "struct iovec" related calls into their own .c/.h files 
This is preparation for #28891, which adds a bunch more helpers around
"struct iovec", at which point this really deserves its own .c/.h file.

The idea is that we sooner or later can consider "struct iovec" as an
entirely generic mechanism to reference some binary blob, and is the
go-to type for this purpose whenever we need one.
 2023-10-20 10:34:33 +02:00
Luca Boccassi 856bed0abe executor: return instead of assert on invalid command line arguments 
Before the split, it made sense to assert, as checks were on setup.
But now these come from deserialization, and the fuzzer hits the
asserts, so simply return an error instead.
 2023-10-20 01:00:36 +01:00
Luca Boccassi 017e8094f6 man: mention that inhibit blocks soft-reboot too 2023-10-20 00:35:12 +01:00
Zbigniew Jędrzejewski-Szmek 974959e6f6 test-recurse-dir: work around nftw() ignoring symlinks() 
We have a test where we compare the results from nftw() and our own
resurce_dit_at(). nftw() skips a dangling symlink when running under mkosi and
the test fails. I don't understand why nftw() does that, but in our code we
don't need to test and care about the details of nftw(), which we don't use,
outside of the one test, so let's just skip symlinks in the test.

Closes #29603.
 2023-10-19 22:40:22 +01:00
Luca Boccassi f5a7476677
Merge pull request #29628 from mrc0mmand/systemd-executor-test 
test: slightly improve sd-executor's coverage
 2023-10-19 19:39:39 +01:00
Lennart Poettering 9bb64f1b8d pidref: make PIDREF_NULL const 
That way compiler can put it in an immutable section
 2023-10-19 18:59:51 +01:00
Luca Boccassi 759cca0348
Merge pull request #29629 from bluca/mount_tunnel_pidref 
mount tunnel: use PidRef
 2023-10-19 18:59:22 +01:00
Luca Boccassi 6fbd1b0457
Merge pull request #29623 from YHNdnzj/core-followup 
Follow-ups for recent changes to core/
 2023-10-19 18:04:40 +01:00
Frantisek Sumsal e98f7f9122 test: skip Protect{Home,System}= tests with coverage builds 
With coverage builds we disable Protect{Home,System}= via a service.d
dropin in /etc, which has, unfortunately, higher priority than our
transient systemd-run stuff. Let's just skip the affected tests in that
case instead of making the test setup even more complicated.
 2023-10-19 18:03:57 +01:00
Zbigniew Jędrzejewski-Szmek af189d7b50 pid1,vconsole-setup: lock /dev/console instead of the tty device 
As requested in https://github.com/systemd/systemd/pull/27867#pullrequestreview-1567161854.
/dev/console, /dev/tty0, and /dev/ttyN are "different" device nodes
that may point to a single underlying device. We want to use a single
lock so that we don't get a race if different writers are using a different
device path, so let's just always lock around /dev/console.
This effectively makes the locking less granular.

Fixup for a0043bfa51.
Fixes https://github.com/systemd/systemd/issues/28721.
Maybe fixes https://github.com/systemd/systemd/issues/28778 and
https://github.com/systemd/systemd/issues/28634.
 2023-10-19 18:03:21 +01:00
Frantisek Sumsal a2dd592002 test: unify checking for user xattrs support in cgroupfs 
Also, run the coredump forwarding test only if user xattrs are
supported.
 2023-10-19 18:01:07 +01:00
Zbigniew Jędrzejewski-Szmek 725e646854 meson: generate proper version tag when git fails on permission errors 
When building with mkosi I would get the following:

    [1/477] Generating version.h with a custom command
    fatal: detected dubious ownership in repository at '/work/src'
    To add an exception for this directory, call:

            git config --global --add safe.directory /work/src

and then the tag would be generated as 'v254-'. This is obviously some problem
with the setup, but we should handle this gracefully. Let's fall back to 'v254'
instead.

In the case where we have a repo but no tags, use --dirty=^ too, as in the case
with tags.

I tested four cases:
- normal checkout
- checkout with .git removed
- checkout with .git chowned to root
- checkout wiht all tags removed
 2023-10-19 17:52:44 +02:00
Luca Boccassi 8c08523736 Update TODO 2023-10-19 16:31:05 +01:00
Luca Boccassi 5f48198af8 mount tunnel: use PidRef 2023-10-19 16:31:05 +01:00
Frantisek Sumsal d31330c1fa core: properly cleanup ExecParameter's prefix array 2023-10-19 16:59:43 +02:00
Frantisek Sumsal 4701425dd5 test: add coverage for #29610 
As reproducing it is actually pretty easy, with the benefit of hindsight:

~# systemd-run -P -p MountImages="/this/should/definitely/not/exist.img:/run/img2\:3:nosuid" false
Running as unit: run-u42.service
free(): double free detected in tcache 2
 2023-10-19 16:23:28 +02:00
Frantisek Sumsal 447894be41 test: add a real-world state to the corpus 
To give the fuzzer a nice head start.
 2023-10-19 16:12:45 +02:00
Mike Yuan bca0805311
core/service: check error first and log about errno 
Follow-up for becdfcb9f1
 2023-10-19 21:37:39 +08:00
Mike Yuan f65a40fb0b
cgroup-util: use RET_GATHER more, return first error 2023-10-19 21:37:33 +08:00
Mike Yuan dbc0342e61
core/exec-invoke: use correct exit status 
These calls can fail not only due to OOM.
 2023-10-19 21:37:33 +08:00
Mike Yuan bbe92ea5cc
core/namespace: merge if blocks 2023-10-19 21:37:33 +08:00
Luca Boccassi 9dc6a6af28 executor: fix double free of MountOptions 
This list is owned by ExecContext, which is cleaned up when sd-executor
fails, but it is also cleaned up when namespace setup exits, so we get
a double free.

Fixes https://github.com/systemd/systemd/issues/29610

Follow-up for bb5232b6a3
 2023-10-19 14:24:55 +01:00
Luca Boccassi 41204a6d74
Merge pull request #29617 from keszybz/efi-no-xmalloc0 
efi: drop duplicate initialization to 0
 2023-10-19 14:23:54 +01:00
Arseny Maslennikov 8b45281daa seccomp: also check the mode parameter of fchmodat2(2) 
If there is no libseccomp support, just ban the entire syscall instead
so wrappers will fall back to older, supported syscalls.
Also reflect all of this in `test-seccomp.c`.
 2023-10-19 15:53:58 +03:00
Arseny Maslennikov 6e10405aa2 seccomp: include fchmodat2 in @file-system 2023-10-19 15:53:45 +03:00
Yu Watanabe be3b6b6fe5 cgroup-util: drop dead code block 
Follow-up for 4d1b2df199.

Fixes CID#1522888.
 2023-10-19 20:24:54 +08:00
Arseny Maslennikov 3677364cc3 basic/missing_syscall: generate defs for fchmodat2(2) 
We will need this to set seccomp filters on this system call regardless
of libseccomp or kernel support.
 2023-10-19 14:07:54 +03:00
Arseny Maslennikov c83f838193 Update system call tables for Linux 6.6 
We are doing this to obtain the definition of fchmodat2.
 2023-10-19 14:07:54 +03:00
Arseny Maslennikov a539314a87 seccomp: fix debug logging typo 
Fixes: da4dc9a674 ("seccomp: rework how the S[UG]ID filter is installed")
 2023-10-19 14:07:54 +03:00
Luca Boccassi 1ca8cc9fb6
Merge pull request #29595 from YHNdnzj/systemctl-failed-system 
systemctl: is-failed: check if system is degraded when no unit given
 2023-10-19 12:07:37 +01:00
Zbigniew Jędrzejewski-Szmek 6e98ddf825 efi: drop unused xmalloc0() 
Keeping this separate to make it easy to revert if it's ever needed again.
 2023-10-19 12:24:53 +02:00
Zbigniew Jędrzejewski-Szmek 586f19976a efi: do not memzero fields before initializing them 
In all three cases we immediately overwrite the whole field anyway,
so the call to memzero is not needed.
 2023-10-19 12:24:53 +02:00
Arthur Shau 1bd0b9c053 varlink: Add new varlink_collect method 
varlink_collect is meant to be used when the client is willing to wait for the reply from the varlink method, much like varlink_call.
However, unlike varlink_call, it allows the client to collect all "more" replies that may be sent by method before the "final" reply is enqueued.
It aggregates all of these replies into a json variant array that it returns to the client.
 2023-10-19 11:52:09 +02:00
Yu Watanabe cbdac0c33a tree-wide: check results of PAGE_ALIGN() 
Fixes CID#1491282, CID#1491283, CID#1491285, CID#1491288.
 2023-10-19 18:31:44 +09:00
Yu Watanabe c886f2d26e mmap-cache: check offset and size more carefully 
PAGE_ALIGN() and friends take size_t, while offset is uint64_t.
Let's use macros for uint64_t.

Also, mmap() takes size_t for size. So, let's also use size_t to
calculate a window size.

Prompted by CID#1491286.
 2023-10-19 18:31:44 +09:00
Yu Watanabe ffee7b97e3 macro: introduce u64_multiply_safe() to avoid overflow 
Just a paranoia.
 2023-10-19 18:31:44 +09:00
Yu Watanabe b39907c712 sd-journal: use PAGE_ALIGN_U64() and friends 
This also make constants declared with UINT64_C().
 2023-10-19 18:31:44 +09:00
Yu Watanabe 2977904cad macro: introduce several helper functions for alignment 
Some of them are not used in this commit, but will be used later.
 2023-10-19 18:31:44 +09:00
Yu Watanabe d54c0f37d8 macro: paranoia about overflow 
E.g. Consider the case ALIGN_TO(SIZE_MAX - 3, 4). The overflow check
passes as the condition
```
SIZE_MAX - 3 > SIZE_MAX - (4 - 1)
```
is false.
However, the value
```
l + ali - 1
```
may overflow as it is equivalent to
```
SIZE_MAX - 3 + 4 - 1
```
 2023-10-19 18:31:44 +09:00
Yu Watanabe 86cbbc6d05 tree-wide: check if return value of lseek() and friends is negative 
We usually check return value of syscalls or glibc functions by it is
negative or not, something like that `if (stat(path, &st) < 0)`.
Let's also use the same style for lseek() and friends even the type of
their return value is off_t.

Note, fseeko() returns int, instead of off_t.
 2023-10-19 18:31:44 +09:00
Frantisek Sumsal 4820c9d417 fuzz: unify logging setup 
Make sure we don't log anything when running in "fuzzing" mode. Also,
when at it, unify the setup logic into a helper, pretty similar to
the test_setup_logging() one.

Addresses:
  - https://github.com/systemd/systemd/pull/29558#pullrequestreview-1676060607
  - https://github.com/systemd/systemd/pull/29558#discussion_r1358940663
 2023-10-19 10:05:20 +01:00
Luca Boccassi 47174dc054
Merge pull request #29611 from mrc0mmand/execute-serialize-fuzz 
test: add a fuzzer for exec_{serialize,deserialize}_invocation()
 2023-10-18 23:33:00 +01:00
Frantisek Sumsal 892eb4d795 core: don't assert when serializing malformed state 2023-10-18 22:44:16 +02:00
Frantisek Sumsal 81c4be64da test: add a fuzzer for exec_{serialize,deserialize}_invocation() 2023-10-18 22:44:16 +02:00
Mike Yuan 2ee346160c
systemctl: is-failed: check if system is degraded when no unit given 
Closes #3335
 2023-10-19 00:12:28 +08:00
Mike Yuan def1e20a18
systemctl: minor modernization 2023-10-19 00:12:27 +08:00
Lennart Poettering 81c1c387fe
Merge pull request #29594 from poettering/cgroup-rename-ret-params 
more pidfdification
 2023-10-18 17:25:44 +02:00
Frantisek Sumsal 7e9c7d6f5b test: use Type=exec for the test unit 
Make sure everything we need is set up before continuing further with
the test. This should, hopefully, help with a race where we check
a dynamic user before it's created by NFTSet= stuff.

Before:
$ journalctl -o short-monotonic --grep '(test-nft|NFT|testsuite-75)' --no-hostname
...
[ 3657.929223] testsuite-75.sh[48]: + systemd-run -u test-nft.service -p DynamicUser=yes -p 'NFTSet=cgroup:inet:sd_test:c user:inet:sd_test:u group:inet:sd_test:g' sleep 10000
...
[ 3657.977372] systemd[1]: test-nft.service: Changed dead -> running
[ 3657.977388] systemd[1]: test-nft.service: Job 376 test-nft.service/start finished, result=done
[ 3657.977407] testsuite-75.sh[853]: Running as unit: test-nft.service; invocation ID: 8776af2ec7864a60a058cb5d403d1ca6
[ 3657.982437] testsuite-75.sh[856]:                 elements = { "system.slice/test-nft.service" }
[ 3657.984570] testsuite-75.sh[48]: + grep -qF test-nft.service /tmp/tmp.uqXKfyzcpJ
[ 3657.985400] testsuite-75.sh[859]: ++ getent passwd test-nft
[ 3657.986434] systemd[1]: varlink-12: New incoming message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"userName":"test-nft","service":"io.systemd.DynamicUser"}}
[ 3657.986503] systemd[1]: varlink-12: Sending message: {"error":"io.systemd.UserDatabase.NoRecordFound","parameters":{}}
[ 3657.986643] systemd[1]: testsuite-75.service: Child 48 belongs to testsuite-75.service.
[ 3657.986660] systemd[1]: testsuite-75.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
[ 3657.986681] systemd[1]: testsuite-75.service: Failed with result 'exit-code'.
...
[ 3657.989885] systemd[1]: test-nft.service: User lookup succeeded: uid=64568 gid=64568
[ 3657.989936] systemd[1]: Added NFT set: family inet, table sd_test, set u, ID 64568
[ 3657.989965] systemd[1]: Added NFT set: family inet, table sd_test, set g, ID 64568

After:
$ journalctl -o short-monotonic --grep '(test-nft|NFT|testsuite-75)' --no-hostname
[ 1523.874408] testsuite-75.sh[49]: + systemd-run -u test-nft.service --service-type=exec -p DynamicUser=yes -p 'NFTSet=cgroup:inet:sd_test:c user:inet:sd_test:u group:inet:sd_test:g' sleep 10000
...
[ 1523.924091] systemd[1]: Starting test-nft.service...
[ 1523.928891] systemd[1]: test-nft.service: User lookup succeeded: uid=64568 gid=64568
[ 1523.929102] systemd[1]: Added NFT set: family inet, table sd_test, set u, ID 64568
[ 1523.929220] systemd[1]: Added NFT set: family inet, table sd_test, set g, ID 64568
...
[ 1523.933263] systemd[1]: Started test-nft.service.
[ 1523.933626] testsuite-75.sh[849]: Running as unit: test-nft.service; invocation ID: d1a5c3eacbc647a7a5fcbd46c7b2f863
[ 1523.940810] testsuite-75.sh[852]:                 elements = { "system.slice/test-nft.service" }
[ 1523.942880] testsuite-75.sh[49]: + grep -qF test-nft.service /tmp/tmp.gWka2x3mQq
[ 1523.944031] testsuite-75.sh[855]: ++ getent passwd test-nft
[ 1523.945496] systemd[1]: varlink-18: New incoming message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"userName":"test-nft","service":"io.systemd.DynamicUser"}}
[ 1523.951593] systemd[1]: varlink-18: Sending message: {"parameters":{"record":{"userName":"test-nft","uid":64568,"gid":64568,"realName":"Dynamic User",...
 2023-10-18 16:08:44 +01:00
Lennart Poettering 06044356de manager: move idle_pipe allocation to manager.c and make it atomic 
Let's make sure it either fails or suceeds, but never fails half-way
leaving a half-initialized array around.
 2023-10-18 16:07:41 +01:00
Luca Boccassi 668d60627e
Merge pull request #29583 from poettering/deserialize-fd-many 
add serialize_fd_many() + deserialize_fd_many() helpers
 2023-10-18 16:06:22 +01:00