diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-12-14 22:57:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-14 22:57:17 +0100 |
commit | e3140015a71632f9fef699b38094ad3a75fa45ed (patch) | |
tree | 58192969ec219c0ea6aa0552736f27897965b8dc | |
parent | bdd2bbc4450e0d7515b556c04828dc69ef0b5c09 (diff) | |
parent | 590171d1c956ac3b073bc73a7ca1f5529b01ab83 (diff) | |
download | systemd-e3140015a71632f9fef699b38094ad3a75fa45ed.tar.gz |
Merge pull request #7640 from keszybz/tainting-updates
Tainting updates
-rw-r--r-- | TODO | 5 | ||||
-rw-r--r-- | catalog/meson.build | 4 | ||||
-rw-r--r-- | catalog/systemd.catalog.in | 17 | ||||
-rw-r--r-- | src/core/main.c | 7 | ||||
-rw-r--r-- | src/core/manager.c | 13 | ||||
-rw-r--r-- | src/systemd/sd-messages.h | 2 |
6 files changed, 39 insertions, 9 deletions
@@ -657,6 +657,11 @@ Features: Benefit: nspawn --ephemeral would start working nicely with the journal. - assign MESSAGE_ID to log messages about failed services +* add a test if all entries in the catalog are properly formatted. + (Adding dashes in a catalog entry currently results in the catalog entry + being silently skipped. journalctl --update-catalog must warn about this, + and we should also have a unit test to check that all our message are OK.) + * document: - document that deps in [Unit] sections ignore Alias= fields in [Install] units of other units, unless those units are disabled diff --git a/catalog/meson.build b/catalog/meson.build index baebd45ea4..69f970388a 100644 --- a/catalog/meson.build +++ b/catalog/meson.build @@ -44,3 +44,7 @@ foreach file : in_files install : true, install_dir : catalogdir) endforeach + +meson.add_install_script('sh', '-c', + 'test -n "$DESTDIR" || @0@/journalctl --update-catalog' + .format(rootbindir)) diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in index 412ea8aa16..118fe860fe 100644 --- a/catalog/systemd.catalog.in +++ b/catalog/systemd.catalog.in @@ -359,3 +359,20 @@ Defined-By: systemd Support: %SUPPORT_URL% The unit @UNIT@ completed and consumed the indicated resources. + +-- 50876a9db00f4c40bde1a2ad381c3a1b +Subject: The system is configured in a way that might cause problems +Defined-By: systemd +Support: %SUPPORT_URL% + +The following "tags" are possible: +- "split-usr" — /usr is a separate file system and was not mounted when systemd + was booted +- "cgroups-missing" — the kernel was compiled without cgroup support or access + to expected interface files is resticted +- "var-run-bad" — /var/run is not a symlink to /run +- "overflowuid-not-65534" — the kernel user ID used for "unknown" users (with + NFS or user namespaces) is not 65534 +- "overflowgid-not-65534" — the kernel group ID used for "unknown" users (with + NFS or user namespaces) is not 65534 +Current system is tagged as @TAINT@. diff --git a/src/core/main.c b/src/core/main.c index d79e183a72..2ad5073368 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -38,6 +38,7 @@ #include "sd-bus.h" #include "sd-daemon.h" +#include "sd-messages.h" #include "alloc-util.h" #include "architecture.h" @@ -2420,7 +2421,11 @@ int main(int argc, char *argv[]) { taint = manager_taint_string(m); if (!isempty(taint)) - log_notice("System is tainted: %s", taint); + log_struct(LOG_NOTICE, + LOG_MESSAGE("System is tainted: %s", taint), + "TAINT=%s", taint, + "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR, + NULL); } if (arg_action == ACTION_TEST) { diff --git a/src/core/manager.c b/src/core/manager.c index e85accbbca..81c4d5289b 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -3872,14 +3872,17 @@ char *manager_taint_string(Manager *m) { char *buf, *e; int r; + /* Returns a "taint string", e.g. "local-hwclock:var-run-bad". + * Only things that are detected at runtime should be tagged + * here. For stuff that is set during compilation, emit a warning + * in the configuration phase. */ + assert(m); buf = new(char, sizeof("split-usr:" "cgroups-missing:" "local-hwclock:" "var-run-bad:" - "weird-nobody-user:" - "weird-nobody-group:" "overflowuid-not-65534:" "overflowgid-not-65534:")); if (!buf) @@ -3901,12 +3904,6 @@ char *manager_taint_string(Manager *m) { if (r < 0 || !PATH_IN_SET(destination, "../run", "/run")) e = stpcpy(e, "var-run-bad:"); - if (!streq(NOBODY_USER_NAME, "nobody")) - e = stpcpy(e, "weird-nobody-user:"); - - if (!streq(NOBODY_GROUP_NAME, "nobody")) - e = stpcpy(e, "weird-nobody-group:"); - r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid); if (r >= 0 && !streq(overflowuid, "65534")) e = stpcpy(e, "overflowuid-not-65534:"); diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h index 874329ff8c..5a3f78bdbc 100644 --- a/src/systemd/sd-messages.h +++ b/src/systemd/sd-messages.h @@ -70,6 +70,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_MESSAGE_TIMEZONE_CHANGE SD_ID128_MAKE(45,f8,2f,4a,ef,7a,4b,bf,94,2c,e8,61,d1,f2,09,90) #define SD_MESSAGE_TIMEZONE_CHANGE_STR SD_ID128_MAKE_STR(45,f8,2f,4a,ef,7a,4b,bf,94,2c,e8,61,d1,f2,09,90) +#define SD_MESSAGE_TAINTED SD_ID128_MAKE(50,87,6a,9d,b0,0f,4c,40,bd,e1,a2,ad,38,1c,3a,1b) +#define SD_MESSAGE_TAINTED_STR SD_ID128_MAKE_STR(50,87,6a,9d,b0,0f,4c,40,bd,e1,a2,ad,38,1c,3a,1b) #define SD_MESSAGE_STARTUP_FINISHED SD_ID128_MAKE(b0,7a,24,9c,d0,24,41,4a,82,dd,00,cd,18,13,78,ff) #define SD_MESSAGE_STARTUP_FINISHED_STR SD_ID128_MAKE_STR(b0,7a,24,9c,d0,24,41,4a,82,dd,00,cd,18,13,78,ff) #define SD_MESSAGE_USER_STARTUP_FINISHED \ |