| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quoting https://github.com/systemd/systemd/issues/10074:
> detect_vm_uml() reads /proc/cpuinfo with read_full_file()
> read_full_file() has a file max limit size of READ_FULL_BYTES_MAX=(4U*1024U*1024U)
> Unfortunately, the size of my /proc/cpuinfo is bigger, approximately:
> echo $(( 4* $(cat /proc/cpuinfo | wc -c)))
> 9918072
> This causes read_full_file() to fail and the Condition test fallout.
Let's just read line by line until we find an intersting line. This also
helps if not running under UML, because we avoid reading as much data.
(cherry picked from commit 6058516a14ada1748313af6783f5b4e7e3006654)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SO_RCVBUF/SO_SNDBUF fails
Both SO_SNDBUFFORCE and SO_RCVBUFFORCE requires capability 'net_admin'.
If this capability is not granted to the service the first attempt to increase
the recv/snd buffers (via sd_notify()) with SO_RCVBUFFORCE/SO_SNDBUFFORCE will
fail, even if the requested size is lower than the limit enforced by the
kernel.
If apparmor is used, the DENIED logs for net_admin will show up. These log
entries are seen as red warning light, because they could indicate that a
program has been hacked and tries to compromise the system.
It would be nicer if they can be avoided without giving services (relying on
sd_notify) net_admin capability or dropping DENIED logs for all such services
via their apparmor profile.
I'm not sure if sd_notify really needs to forcibly increase the buffer sizes,
but at least if the requested size is below the kernel limit, the capability
(hence the log entries) should be avoided.
Hence let's first ask politely for increasing the buffers and only if it fails
then ignore the kernel limit if we have sufficient privileges.
(cherry picked from commit 10ce2e0681ac16e7bb3619b7bb1a72a6f98a2f2c)
|
|
|
|
|
|
|
| |
Pass 0 as leader PID to CreateSession to let logind use the PID from the
D-Bus credentials. This allows use of pam_systemd in PID namespaces.
(cherry picked from commit da0da5eccf5f20874111e0681b111704bf9a1c92)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compiler flag -Wmaybe-uninitialized is quite noisy and produces many false
positives, especially when optimization flags are enabled (tested gcc 8.2.1),
so let's just disable it in systemd build.
For example, with CFLAGS=-O2, the build produces 11 such warnings and the
default CFLAGS of Fedora's rpmbuild warns about it in 176 places. A look at a
sample of those shows that most are false positives, where the compiler just
can't figure it out correctly. (While fixing those would be nice, I'm not sure
it's a good use of our time.)
The noisy [-Wmaybe-uninitialized] warnings are not just an annoyance, since
they make it harder to spot warnings that indicate actual problems (such as
variable declared but not used.) Silencing those is beneficial, so that
contributors would see warnings where there are actually actionable problems,
so there's a better chance of having those issues addressed before a PR is
pushed.
Tested:
$ CFLAGS='-O2 -Wp,-D_FORTIFY_SOURCE=2' meson build/
$ ninja -C build/
(NOTE: -Wp,-D_FORTIFY_SOURCE=2 prevents [-Wstringop-truncation] warnings.)
With the commands above, the build will not produce any [-Wmaybe-uninitialized]
warnings (or any other warnings), which is not really the case before this commit.
Also tested with rpmbuild on Fedora, after this commit there are no warnings
produced in the build step.
(cherry picked from commit 8794164fed5f0142c34358613f92f4f761af4edd)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to RFC2616[1], HTTP header names are case-insensitive. So
it's totally valid to have a header starting with either `Date:` or
`date:`.
However, when systemd-importd pulls an image from an HTTP server, it
parses HTTP headers by comparing header names as-is, without any
conversion. That causes failures when some HTTP servers return headers
with different combinations of upper-/lower-cases.
An example:
https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_developer_container.bin.bz2 returns `Etag: "pe89so9oir60"`,
while https://alpha.release.core-os.net/amd64-usr/current/coreos_developer_container.bin.bz2
returns `ETag: "f03372edea9a1e7232e282c346099857"`.
Since systemd-importd expects to see `ETag`, the etag for the Container Linux image
is correctly interpreted as a part of the hidden file name.
However, it cannot parse etag for Flatcar Linux, so the etag the Flatcar Linux image
is not appended to the hidden file name.
```
$ sudo ls -al /var/lib/machines/
-r--r--r-- 1 root root 3303014400 Aug 21 20:07 '.raw-https:\x2f\x2falpha\x2erelease\x2ecore-os\x2enet\x2famd64-usr\x2fcurrent\x2fcoreos_developer_container\x2ebin\x2ebz2.\x22f03372edea9a1e7232e282c346099857\x22.raw'
-r--r--r-- 1 root root 3303014400 Aug 17 06:15 '.raw-https:\x2f\x2falpha\x2erelease\x2eflatcar-linux\x2enet\x2famd64-usr\x2fcurrent\x2fflatcar_developer_container\x2ebin\x2ebz2.raw'
```
As a result, when the Flatcar image is removed and downloaded again,
systemd-importd is not able to determine if the file has been already
downloaded, so it always download it again. Then it fails to rename it
to an expected name, because there's already a hidden file.
To fix this issue, let's introduce a new helper function
`memory_startswith_no_case()`, which compares memory regions in a
case-insensitive way. Use this function in `curl_header_strdup()`.
See also https://github.com/kinvolk/kube-spawn/issues/304
[1]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
(cherry picked from commit 21224070e802878f81c342835364880ef1a63e88)
|
|
|
|
|
|
|
|
|
|
| |
Fix #9993. When this code was split out to user-runtime-dir, it forgot to
include the call to mac_selinux_init(). So mkdir_label() stopped working.
Fixes: a9f0f5e50104 ("logind: split %t directory creation to a helper
unit")
(cherry picked from commit 81375d802672f34205bef9f301c58854af5fc568)
|
|
|
|
|
|
|
|
|
|
|
| |
This GDB script was converted to use Python 3 along with all other
Python scripts in commit b95f5528cc, but still used the Python 2 print
statement syntax instead of the Python 3 print function. Fix that.
We also add the Python 2 compatibility statement, just in case some GDB
still uses Python 2 instead of Python 3.
(cherry picked from commit e12f39768344e2dd8540ddcd9aa186b7e68ca780)
|
|
|
|
|
|
|
|
|
|
| |
This replaces strndupa() by strndup() in socket_address_parse(),
as input string may be too long.
Fixes issue 10007 by ClusterFuzz-External:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10007
(cherry picked from commit 8d30fcb9b51b1d102a589171b6e28f5f370236f6)
|
|
|
|
|
|
| |
Fixes #9773.
(cherry picked from commit 68c597e9e4bb36ade966d9df54dfaa9f956230e9)
|
|
|
|
|
|
|
|
|
|
|
| |
As the comments already say it might be quite likely that
$XDG_RUNTIME_DIR is not set up as mount, and we shouldn't complain about
that.
Moreover, let's make this idempotent, so that a runtime dir that is
already gone and is removed again doesn't cause failure.
(cherry picked from commit 3a13442bbf72e7ebdd0b4d60c2922ea7c5cc9496)
|
|
|
|
|
|
|
|
| |
We would verify destination e.g. in sd_bus_message_new_call, but allow setting
any value later on with sd_bus_message_set_destination. I assume this check was
omitted not on purpose.
(cherry picked from commit 3d51a011f11523694f03c74cdd011c89beba05cc)
|
|
|
|
| |
(cherry picked from commit 1595b257df98b361d178b3ce3e4ca5ac463be0cd)
|
|
|
|
|
|
|
| |
This fixes something I think was basically a typo introduced in
db69869f264af2d1afcdd3e573e0e9fdd5bef065.
(cherry picked from commit 3dea6886c20a32d832971e589cbc1807c549b66f)
|
|
|
|
|
|
|
|
| |
On a host with sufficiently large zram but with no actual swap, logind will
respond to CanHibernate() with yes. With this patch, it will correctly respond
no, unless there are other swap devices to consider.
(cherry picked from commit 411ae92b407bd7b4549b205ad754bcd0e3dfd81f)
|
|
|
|
|
|
|
|
|
|
| |
If 'v' is negative, it's wrong to add the decimal to it, as we'd
actually need to subtract it in this case. But given that we don't want
to allow negative vaues anyway, simply check earlier whether what we
have parsed so far was negative, and react to that before adding the
decimal to it.
(cherry picked from commit 8cbc92d5975b603002c3141364a7709a9c66e23a)
|
|
|
|
|
|
| |
Fixes #9590.
(cherry picked from commit a99655b0521cb9ede20e8d21622280dcfbdd02c7)
|
|
|
|
| |
(cherry picked from commit ace5e3111c0b8d8bfd84b32f2c689b0a4d92c061)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using `getent' and `id' command in case of cross compiling does not
make much sense. This is because it is the host files that are checked.
Besides, in some restricted cross compilation environment, these two
command may not even be available. This is to avoid host comtamination.
So we should only check the validity using getent and id when not
cross compiling.
(cherry picked from commit 2484bff32bc5af4af811381393df1090d6e4586f)
|
|
|
|
|
|
|
|
|
|
| |
Currently to set the flag to reboot into the firmware setup an
authentication by an administrative user is required. Since we are
already enabling active users to reboot the system, it is advisable to
let the user decide if he wants to boot into the firmware setup without
any more hassle.
(cherry picked from commit ba9778d9b7e8c33acc0d9f41e747b1066196a201)
|
|
|
|
|
|
|
|
| |
Follow-up for 3cb9b42af3b205fba176ebf51ce0e07739698278 (#9516).
Fixes oss-fuzz-9532.
(cherry picked from commit ba323bbead1dda558a5bbe42846cdee5c8b0fc85)
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately this needs libshared to link to libkmod. Before it was linked
into systemd-udevd, udevadm, and systemd each seperately. On most systems this
doesn't make much difference, because at least systemd would be installed, but
it might not be in small chroots. It is a small library, so I hope this is not
a big issue.
(cherry picked from commit 3cb9b42af3b205fba176ebf51ce0e07739698278)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The switch to memory_startswith() changed the logic to only look for a space or
NUL byte after the matched word, but matching the full size should also be
acceptable.
This changed the behavior of parsing of "AUTH\r\n", where m will be set to 4,
since even though the word will match, the check for it being followed by ' '
or NUL will make line_begins() return false.
Tested:
- Using netcat to connect to the private socket directly:
$ echo -ne '\0AUTH\r\n' | sudo nc -U /run/systemd/private
REJECTED EXTERNAL ANONYMOUS
- Running the Ignition blackbox test:
$ sudo sh -c 'PATH=$PWD/bin/amd64:$PATH ./tests.test'
PASS
Fixes: d27b725abf64a19a6b2f99332b663f17ad046771
(cherry picked from commit 3f10c66270b74530339b3f466c43874bb40c210f)
|
|
|
|
|
|
| |
Reported in #9590.
(cherry picked from commit 948f7ce4fbbb393e3c6a12ab3fbc7023b4124e43)
|
|
|
|
| |
(cherry picked from commit 475d8599b0821eefb6e6c283f4f9847cffbb4b7b)
|
|
|
|
| |
(cherry picked from commit a6e964712c53b877543cf18aff59ae99cffc1f50)
|
|
|
|
|
|
| |
Fixes #9549.
(cherry picked from commit a26db0bc5d4011de24e5930af6fd9051deeb46be)
|
|
|
|
|
|
|
|
|
|
|
| |
When unmounting user runtime directory, only UID is necessary,
and the corresponding user may not exist anymore.
This makes first try to parse the input by parse_uid(), and only if it
fails, prase the input by get_user_creds().
Fixes #9541.
(cherry picked from commit 86d18f3b09ec984ef3732567af992adb2dc77a8a)
|
|
|
|
|
|
|
|
|
|
|
| |
When a slot is disconnected, then slot->match_callback.install_slot
is also disconnected. So, bus_slot_disconnect() removes the install_slot
from the list of slots in bus, although it is a floating object.
This makes install_slot unreffed from bus when it is disconnected.
Fixes #9505 and #9510.
(cherry picked from commit 20d4ee2cbc21e0c4d2dd6c01d5a18a4cf0d98222)
|
|
|
|
|
|
| |
ENABLE_GSHADOW is defined to be 0 or 1. So #if should be used instead of #ifdef.
(cherry picked from commit 4f07ffa8f5ab85011422bb7114f1cddf49d4923d)
|
|
|
|
|
|
| |
Fixes: 96f64eb5741b157f26a9089816fdd992e959792e
Closes: https://github.com/systemd/systemd/issues/9444
(cherry picked from commit 358248caa3eca525751694de7c34b16bb46d5a9c)
|
|
|
|
|
|
| |
Fixes #9442.
(cherry picked from commit 04e075b572b168a183cde29480dbb30d027d4fe7)
|
|
|
|
| |
(cherry picked from commit affaed1e55685e8e248db1afd50b3e0f466ce5cc)
|
|
|
|
|
|
|
|
|
| |
Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.
Fixes #9883.
(cherry picked from commit 8f6b442a78d0b485f044742ad90b2e8271b4e68e)
|
|
|
|
| |
(cherry picked from commit 0ceff9068d4def8895929ba8c201a23502a7f941)
|
|
|
|
|
|
| |
Fixes #10290.
(cherry picked from commit c250bf671b89768ed27984defe9b5af262618e42)
|
|
|
|
|
|
|
|
| |
Using _GNU_SOURCE is better because that's how we include the headers in the
actual build, and some headers define different stuff when it is defined.
sys/stat.h for example defines 'struct statx' conditionally.
(cherry picked from commit 9c869d08d82c73f62ab3527567858ce4b0cf1257)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting with glibc 2.27.9000-36.fc29, include file sys/stat.h will have a
definition for struct statx, in which case include file linux/stat.h should be
avoided, in order to prevent a duplicate definition.
In file included from ../src/basic/missing.h:18,
from ../src/basic/util.h:28,
from ../src/basic/hashmap.h:10,
from ../src/shared/bus-util.h:12,
from ../src/libsystemd/sd-bus/bus-creds.c:11:
/usr/include/linux/stat.h:99:8: error: redefinition of ‘struct statx’
struct statx {
^~~~~
In file included from /usr/include/sys/stat.h:446,
from ../src/basic/util.h:19,
from ../src/basic/hashmap.h:10,
from ../src/shared/bus-util.h:12,
from ../src/libsystemd/sd-bus/bus-creds.c:11:
/usr/include/bits/statx.h:36:8: note: originally defined here
struct statx
^~~~~
Extend our meson.build to look for struct statx when only sys/stat.h is
included and, in that case, do not include linux/stat.h anymore.
Tested that systemd builds correctly when using a glibc version that includes a
definition for struct statx.
glibc Fedora RPM update:
https://src.fedoraproject.org/rpms/glibc/c/28cb5d31fc1e5887912283c889689c47076278ae
glibc upstream commit:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fd70af45528d59a00eb3190ef6706cb299488fcd
(cherry picked from commit 75720bff62a84896e9a0654afc7cf9408cf89a38)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old implementation was done assuming that only glibc provides
both program_invocation_name and program_invocation_short_name.
This worked well for users using musl-libc with the library having
been built without -D_GNU_SOURCE. However, alternative libc
implementations that actually do provide these variables, could
cause elogind to crash.
To be on the safe side, we now actually check whether both these
variables are present by letting meson check whether a code snippet
accessing these compiles and links.
|
|
|
|
|
|
|
|
|
|
| |
While migrating the v237/v238 commits, a migration error caused
session_may_gc() to always return false.
This caused closed sessions to stay on state "closing" forever.
Bug: https://github.com/elogind/elogind/issues/82
Closes: https://github.com/elogind/elogind/issues/82
Signed-off-by: Sven Eden <sven.eden@prydeworx.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The final test use the outcome of the already masked part that
utilizes terminal_urlify_path(). That function is masked, because
it is nowhere used within elogind.
The previously unmasked final test used the outcome of that already
masked part and therefore crashed.
Bug: https://github.com/elogind/elogind/issues/81
Closes: https://github.com/elogind/elogind/issues/81
Signed-of-by: Sven Eden <sven.eden@prydeworx.com>
|
|
|
| |
Elogind is missing the man page for elogind-inhibit: this is just a copy of the systemd-inhibit manpage from systemd upstream, with 'systemd' replaced by 'elogind', where applicable.
|
|
|
|
|
|
| |
Package managers like Portage strip empty directories. To ensure that
these directories are still installed, we simply touch empty and
hidden files into them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The creation of the system shutdown dir and the system sleep dir had
been masked. This was an oversight that is now fixed.
systemshutdowndir defaults to [/usr]/lib/elogind/system-shutdown
systemsleepdir defaults to [/usr]/lib/elogind/system-sleep
Executables in these folders are meant to run prior the system either
shuts down or goes to sleep, including all variants.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the path to system_bus_socket is hardcoded to
/run/dbus/system_bus_socket
which works everywhere for systemd.
However, distributions which do no symlink /var/run on /run will have
it only accessible via
/run/dbus/system_bus_socket
which should be supported by elogind, too.
Closes #77
Signed-off-by: Christoph Willing <chris.willing@linux.com>
Sigend-off-by: Sven Eden <sven.eden@prydeworx.com>
|
|
|
|
|
|
|
| |
It appears that the necessary bits were already there, but commented
out. When meson checked for 'struct statx', the inclusion of both
sys/stat.h and linux/stat.h where commented out. Uncommenting them
should be enough.
|
|
|
|
| |
debug-extra option
|
|
|
|
|
|
|
| |
Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.
Fixes #76.
|
|
|
|
|
|
| |
Closes: https://github.com/elogind/elogind/issues/74
Signed-off-by: Christoph Willing <chris.willing@linux.com>
Signed-off-by: Sven Eden <sven.eden@prydeworx.com>
|