summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* network: honor M or O flag in RA even if IPv6AcceptRA.DHCPv6Cleint=alwaysv246.8Yu Watanabe2020-12-162-7/+13
| | | | | | | | | | | | Follow-up for ac24e418d9bc988ecf114c464701b35934948178. The original motivation of the commit and RFE #15339 is to start dhcpv6 client in managed mode when neither M nor O flag is set in the RA. But, previously, if the setting is set to "always", then the DHCPv6 client is always started in managed mode even if O flag is set in the RA. Such the behavior breaks RFC 7084. (cherry picked from commit 0e686feaff71465e3220f234871f66a39f0f57ad)
* journalctl: don't skip the entries that have the same seqnumshenyangyang42020-12-162-3/+8
| | | | | | | | These two judgement can't judge that two entries are repeating fully. So i think seqnum is needed to make full judgement. (cherry picked from commit b17f651a17cd6ec0ceac7835f2f8607fbd9ddb95) (cherry picked from commit 60fc09f5db900d622aa956fdc98283f149b4a8b2)
* sd-bus: use SOCK_CLOEXEC on one more socketLennart Poettering2020-12-161-1/+1
| | | | | (cherry picked from commit 68a3d9153883b90c99ea2aec20075146ce58beaa) (cherry picked from commit 4657ed6f93c2e2edd47e65035edfea21fcaa26dd)
* resolved: create stub-resolv.conf symlink with correct security labelOndrej Mosnacek2020-12-161-1/+2
| | | | | | | | | Use symlink_atomic_label() instead of symlink_atomic() as the symlink may need a different label than the parent directory. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> (cherry picked from commit 7b87bece5ded3e8f068df8402901198c069ab5cf) (cherry picked from commit 029331f56a1b6e4fb2823a56a108f741a576d7af)
* efi: Only use arm flags if supportedAndrew Balmos2020-12-161-1/+7
| | | | | | | Support gcc 8 on arm (cherry picked from commit 361f41645cdf920d431e2d68dcfa3f98088c2e03) (cherry picked from commit cb17e9874fb881d0147d44b29163e35471cf00f6)
* core: detect_container() may return negative errnoYu Watanabe2020-12-161-1/+1
| | | | | (cherry picked from commit bcdb3b7d5076cf6ad17cb70df8db22d876880ada) (cherry picked from commit aca0b4339b3966836fcdcd9c488c45c183804dcc)
* meson: Fix reallocarray checkKhem Raj2020-12-161-1/+1
| | | | | | | | | reallocarray() is defined in stdlib.h, so that would be right header to check for its presense. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5bb20fd3d33f7e866a0845f15c1ab5b595147f1e) (cherry picked from commit 1d8cfe817861a0b0de2b561f6770e33d1242db63)
* meson: check that cxx variable is set before using itLuca Boccassi2020-12-161-1/+1
| | | | | | | | | In some cases it is not defined. Eg in a yocto build: src/systemd/meson.build:61:15: ERROR: Unknown variable cxx. (cherry picked from commit 442bc2afee6c5f731c7b3e76ccab7301703a45a7) (cherry picked from commit dad90a476e667b9c570cf236c90b50ccae7e8817)
* udev: Fix sound.target dependencyTakashi Iwai2020-12-101-1/+1
| | | | | | | | | | | | | | | | | The recent bug report indicated a race at device creation and the sound.target dependencies, and the cause turned out to be the condition of the sound.target trigger. Currently it's set for "card*", but this is actually the parent object; i.e. the sound.target is triggered before the sound devices are created. For assuring the whole sound device creations beforehand, we need to use "controlC*" instead of "card*"; as already described in 78-sound-card.rules, this is guaranteed to be the last device, and can be used as a synchronization point. BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1179363 Signed-off-by: Takashi Iwai <tiwai@suse.de> (cherry picked from commit 5926e592fa5e6290b9f4588939945869adb5c55f)
* man: document that automount units are privilegedLennart Poettering2020-12-102-0/+7
| | | | | Fixes: #17886 (cherry picked from commit eef34a1d8fe5ca44bdab189b682642096c53e661)
* log: open journal when cli program run in a service unitYu Watanabe2020-12-101-1/+3
| | | | | | Previously, cli programs like networkctl always use console for logging. (cherry picked from commit 13ee93978479b80e980d8551c689a7087bf1817e)
* log: make show_color variable tristateYu Watanabe2020-12-101-4/+4
| | | | | | Should not change any behavior. (cherry picked from commit db987463fe2df3e2999e1968709a32a674d8e78d)
* log: merge conditions to reduce indentationYu Watanabe2020-12-101-5/+4
| | | | (cherry picked from commit 5941112e7e92d4afd8a6a6c21b7bfa91012b09f7)
* logind: fix closing of button input devicesLennart Poettering2020-12-101-12/+6
| | | | | | | | | | | | | | | | | | | | | This is a fix of #17751. Specifically: 1. Sort #include headers again 2. Remove tabs, as per coding style 3. Don't install fds in half-initialized objects 4. Use asynchronous_close() everywhere That all said: Quit frankly, I am not convinced we should do all this at all. If close()ing of these input devices is really that slow, then this should probably be fixed in the kernel, not worked around in userspace like this. (cherry picked from commit c74d5fe25d53263c143f0a9c2698d8bb483e398c)
* Update logind-button.cnihilix-melix2020-12-101-3/+6
| | | | (cherry picked from commit eee582e7951fa8e328d1fcdfcff940254070ccba)
* async: add trivial cleanup wrapper for asynchronous_close()Lennart Poettering2020-12-101-0/+6
| | | | (cherry picked from commit 1d9aa4d572b661fd6500c55ab524141332f76230)
* cgroup: Also set blkio.bfq.weightPavel Hrdina2020-12-101-0/+5
| | | | | | | | | | Commit [1] added a workaround when unified cgroups are used but missed legacy cgroups where there is the same issue. [1] <https://github.com/systemd/systemd/commit/2dbc45aea747f25cc1c3848fded2ec0062f96bcf> Signed-off-by: Pavel Hrdina <phrdina@redhat.com> (cherry picked from commit 35e7a62ca32a30169a94693b831e53c832251984)
* generator: use kmsg in system-level generators, journal otherwisev246.7Lennart Poettering2020-12-081-2/+8
| | | | | | | Fixes: #17129. (cherry picked from commit dee29aeb5909f4f5604012ced250488286b8d468) https://github.com/systemd/systemd-stable/issues/76
* log: normalize log target condition checkLennart Poettering2020-12-081-20/+31
| | | | | | | | | | | THis doesn't change the condition's logic at all, but is an attempt to make things a bit more readable: instead of checking log_target != LOG_TARGET_AUTO let's actually list the targets where we want to consider journal/syslog/kmsg, to make things a bit less confusing. After all the message here is not to avoid them if LOG_TARGET_AUTO is set, but to definitely do them in the other cases. (cherry picked from commit ef9bddb79984aa1b9d605d44b8c0890e8289bef1)
* log: update commentLennart Poettering2020-12-081-1/+1
| | | | | | | The logic was changed in bc694c06e60505efeb09e5278a7b22cdfa23975e, let's update the comment accordingly. (cherry picked from commit 27ffec083140467a03f463a446c6d19dc5e437ab)
* Don't assume /run/systemd exists when creating unit-rootDaan De Meyer2020-12-081-0/+5
| | | | | | | | | When running tests in a mkosi container, /run/systemd might not exist yet in the container which causes test-execute to fail. Fixes #17842. (cherry picked from commit 77f16dbd6d93f2b4a96984254cca25cab03479af)
* resolved: beef up logic for suppressing "localhost" entry in /etc/hostsLennart Poettering2020-12-081-4/+91
| | | | | | | | | | | | Either suppress the entry entirely, or not at all. But do not suppress the "localhost" names we recognize, leaving the ones we do not in place. On Fedora, where "localhost4.localdomain4" is among those listed in /etc/hosts for 127.0.0.1 we'd thus otherwise drop the "localhost" but keep the "localhost4.localdomain4" and then on reverse lookups only return that, which is highly confusing. (cherry picked from commit 9ca875e80c38d5bd9898cab61a612ad16d527a5a)
* resolved: use stat_inode_unmodified() to detect /etc/hosts changesLennart Poettering2020-12-083-15/+7
| | | | (cherry picked from commit 36d892b7e6753dfc67110b57c55864647a04c5cb)
* resolved: never allow _gateway lookups to go to the networkLennart Poettering2020-12-081-4/+12
| | | | | | | | | | | | | | | | Make them rather fail than go to the network. Previously we'd filter them on LLMNR (explicitly) and MDNS (implicitly, because it doesn't have .local suffix), but not on DNS. In order to make _gateway truly reliable, let's not allow it to go to DNS either, and keep it local. This is particular relevant, as clients can now request lookups without local RR synthesis, where we'd rather have NXDOMAIN returned for _gateway than have it hit the network. (cherry picked from commit fbbc72189f7844df8500bb10a58988f70bf90c99)
* resolved: lower SERVFAIL cache timeout from 30s to 10sLennart Poettering2020-12-081-1/+1
| | | | | | | | | | | | | | Apparently 30s is a bit too long for some cases, see #5552. But not caching SERVFAIL at all also breaks stuff, see explanation in 201d99584ed7af8078bb243ce2587e5455074713. Let's try to find some middle ground, by lowering the cache timeout to 10s. This should be ample for the problem 201d99584ed7af8078bb243ce2587e5455074713 attackes, but not as long as half a miute, as #5552 complains. Fixes: #5552 (cherry picked from commit 19bcef9dc3fde342f138394333ab04d7e44b7da2)
* resolved: bind socket to interface during connect()Lennart Poettering2020-12-082-2/+29
| | | | | | | | | | | | | | | | Apparently, IF_UNICAST_IF does not influence the routing decisions done during connect(). But SO_BINDTODEVICE/SO_BINDTOINDEX does, which however brings a lot of other semantics with it, we are not so interested in (i.e. it doesn't not allow packets from any other iface to us, even if routing otherwise allows it). Hence, let's bind to the ifindex immediately before the connect() and unbind right after again, so that we get the semantics we want, but not the ones we don't. Fixes: #11935 Replaces: #12004 (cherry picked from commit d301c52383ca7cfa6b7cda87d7a4209c234a532c)
* socket-util: add sockaddr_in_addr() helperLennart Poettering2020-12-082-1/+21
| | | | | | | This extracts the IP address (as union in_addr_union) from a socket address (i.e. a struct sockaddr). (cherry picked from commit 3132597182c806e5193aebb0b67cdc0f73154a51)
* resolved: insert large dgram size into EDNS0 only when in LARGE UDP modeLennart Poettering2020-12-081-1/+1
| | | | | | Specifically, in TLS-DO there's no reason to set the exotic dgram size. (cherry picked from commit 0a489d3f5d2a6ef8667224d838044a520e98ab37)
* dns-domain: try IDN2003 rules if IDN2008 doesn't workLennart Poettering2020-12-081-0/+6
| | | | | | | | This follows more closely what web browsers do, and makes sure emojis in domains work. Fixes: #14483 (cherry picked from commit d80e72ec602c2af2983842ad87e4443fce89d423)
* virt: Properly detect nested UML inside another hypervisorChristopher Obbard2020-12-081-9/+11
| | | | | | | | | | | | | UML runs as a user-process so it can quite easily be ran inside of another hypervisor, for instance inside a KVM instance. UML passes through the CPUID from the host machine so in this case detect_vm incorrectly identifies as running under KVM. So check we are running a UML kernel first, before we check any other hypervisors. Resolves: #17754 Signed-off-by: Christopher Obbard <chris.obbard@collabora.com> (cherry picked from commit c8037dbf05da586b6a210ac04f145d99f424971f)
* resolved: properly check per-link NTA listLennart Poettering2020-12-083-1/+26
| | | | | | | We need to check for parent domains too. We did this correctly for the system-wide NTA list, but not for the per-link one. Let's fix that. (cherry picked from commit 7e8a93b77c3c4d4df1e8c3177dc9553c94fac759)
* meson: use '_' as separator in fuzz test namesYu Watanabe2020-12-081-1/+1
| | | | | | | | Follow-up for d448888924c1d4815cb97bcd5d94419812c053b9 and ca121e20c42219e3bc4e5cb63dcc96cc5eae2879. Fixes #17568. (cherry picked from commit 0f82a2ab5c8d812791aca9686bdcc45f39c62431)
* man: Speicfy exact return values of sd_bus_message_enter_containerigo958622020-12-081-2/+7
| | | | (cherry picked from commit 1edc1f1b626446a20db405d041cd70ed3d52c632)
* network: fix return valuesYu Watanabe2020-12-081-5/+4
| | | | (cherry picked from commit 72f092815ada28431103d2145ffa61e1ae14aded)
* shared/seccomp-util: address family filtering is broken on ppcZbigniew Jędrzejewski-Szmek2020-12-082-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts the gist of da1921a5c396547261c8c7fcd94173346eb3b718 and 0d9fca76bb69e162265b2d25cb79f1890c0da31b (for ppc). Quoting #17559: > libseccomp 2.5 added socket syscall multiplexing on ppc64(el): > https://github.com/seccomp/libseccomp/pull/229 > > Like with i386, s390 and s390x this breaks socket argument filtering, so > RestrictAddressFamilies doesn't work. > > This causes the unit test to fail: > /* test_restrict_address_families */ > Operating on architecture: ppc > Failed to install socket family rules for architecture ppc, skipping: Operation canceled > Operating on architecture: ppc64 > Failed to add socket() rule for architecture ppc64, skipping: Invalid argument > Operating on architecture: ppc64-le > Failed to add socket() rule for architecture ppc64-le, skipping: Invalid argument > Assertion 'fd < 0' failed at src/test/test-seccomp.c:424, function test_restrict_address_families(). Aborting. > > The socket filters can't be added so `socket(AF_UNIX, SOCK_DGRAM, 0);` still > works, triggering the assertion. Fixes #17559. (cherry picked from commit d5923e38bc0e6cf9d7620ed5f1f8606fe7fe1168)
* test: use cap_last_cap() for max supported cap number, not ↵Dan Streetman2020-12-082-29/+36
| | | | | | | | | | | | | | | capability_list_length() This test assumes capability_list_length() is an invalid cap number, but that isn't true if the running kernel supports more caps than we were compiled with, which results in the test failing. Instead use cap_last_cap() + 1. If cap_last_cap() is 63, there are no more 'invalid' cap numbers to test with, so the invalid cap number test part is skipped. (cherry picked from commit ebc815cd1c647faa934a446ceea91ff4bc9dffa4)
* man: slightly update the man page of sd_bus_message_read_basic()Yu Watanabe2020-12-081-1/+1
| | | | | | Follow-up for 73a1d7d2433edd1872ec53db3e804009298ebb1d. (cherry picked from commit 7a1fe27f81dace11a25a0573dc170d86d1f92023)
* man: Fixed an incomplete sentenceigo958622020-12-081-1/+1
| | | | (cherry picked from commit 78c4f2f153b93fdb39654edb93a73b202a67dcfd)
* man: Specify that sd_bus_message_read_basic returns 0 if end of array had ↵igo958622020-12-081-3/+3
| | | | | | been reached. (cherry picked from commit 73a1d7d2433edd1872ec53db3e804009298ebb1d)
* core/mount: mount command may fail after adding the corresponding proc ↵Yu Watanabe2020-12-081-0/+9
| | | | | | | | mountinfo entry Hopefully fixes #17617. (cherry picked from commit 2fa0bd7d57863dffda89190a70a83c51bd7d114a)
* mkosi: make sure our mkosi files work with f33Lennart Poettering2020-12-082-2/+6
| | | | (cherry picked from commit e2c5e698c094165919af8d5f91896425c918c850)
* man: clarify DefaultTasksMax docPavel Sapezhko2020-12-081-2/+4
| | | | (cherry picked from commit 77f5277a7abf7d6b0a4bbf4ecf872da0b92335b5)
* seccomp: also move munmap into @default syscall filter setYu Watanabe2020-12-081-1/+1
| | | | | | Follow-up for 5abede3247591248718026cb8be6cd231de7728b. (cherry picked from commit 11b9105dfdbcea5dc9f4a5dd676ca494ab8b909e)
* sd-device-enumerator: do not return error when a device is removedINSUN PYO2020-12-081-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If /sys/class/OOO node is created and destroyed during booting (kernle driver initialization fails), systemd-udev-trigger.service fails due to race condition. ***** race condition *********************************************************************************** 1. kernel driver create /sys/class/OOO 2. systemd-udev-trigger.service execues "/usr/bin/udevadm trigger --type=devices --action=add" 3. device_enumerator_scan_devices() => enumerator_scan_devices_all() => enumerator_scan_dir("class") => opendir("/sys/class") and iterate all subdirs ==> enumerator_scan_dir_and_add_devices("/sys/class/OOO") 4. kernel driver fails and destroy /sys/class/OOO 5. enumerator_scan_dir_and_add_devices("/sys/class/OOO") fails in opendir("/sys/class/OOO") 6. "systemd-udev-trigger.service" fails 7. udev coldplug fails and some device units not ready 8. mount units asociated with device units fail 9. local-fs.target fails 10. enters emergency mode ******************************************************************************************************** ***** status of systemd-udev-trigger.service unit ****************************************************** $ systemctl status systemd-udev-trigger.service systemd-udev-trigger.service - udev Coldplug all Devices Loaded: loaded (/usr/lib/systemd/system/systemd-udev-trigger.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2020-01-02 13:16:54 KST; 22min ago Docs: man:udev(7) man:systemd-udevd.service(8) Process: 2162 ExecStart=/usr/bin/udevadm trigger --type=subsystems --action=add (code=exited, status=0/SUCCESS) Process: 2554 ExecStart=/usr/bin/udevadm trigger --type=devices --action=add (code=exited, status=1/FAILURE) Main PID: 2554 (code=exited, status=1/FAILURE) Jan 02 13:16:54 localhost udevadm[2554]: Failed to scan devices: No such file or directory Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Main process exited, code=exited, status=1/FAILURE Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Failed with result 'exit-code'. Jan 02 13:16:54 localhost systemd[1]: Failed to start udev Coldplug all Devices. ******************************************************************************************************* ***** journal log with Environment=SYSTEMD_LOG_LEVEL=debug in systemd-udev-trigger.service *********** Jan 01 21:57:20 localhost udevadm[2039]: sd-device-enumerator: Scanning /sys/bus Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scan all dirs Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/bus Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/class Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Failed to scan /sys/class: No such file or directory Jan 01 21:57:21 localhost udevadm[2522]: Failed to scan devices: No such file or directory ******************************************************************************************************* (cherry picked from commit cfb6197bc31eb6b2631dec7bf8d7a253e7891016)
* curl-util: fix callback prototypeEtienne Doms2020-12-081-1/+1
| | | | | | CURLMOPT_SOCKETFUNCTION callback is an easy handle, not a multi. (cherry picked from commit 5b639090d0b4a49d77ba58bebe180b2a6f8da322)
* curl-util: fix type CURL -> CURLMYu Watanabe2020-12-082-2/+2
| | | | (cherry picked from commit 2d052a0a48cc184ea3748c2e364c661985aa21d5)
* units: restore sysfs conditions in sys-fs-fuse-connections.mount and ↵Franck Bui2020-12-082-0/+2
| | | | | | | | | | | | | | | | | sys-kernel-config.mount Commit 42cc2855ba2fe4c6f5d incorrectly removed the condition on sysfs in both sys-fs-fuse-connections.mount and sys-kernel-config.mount. However there are still needed in case modprobe of one of these modules is intentionally skipped (due to lack of privs for example). This patch restores the 2 conditions which should be safe for the common case, since all conditions are only checked after all deps ordered before are complete. Follow-up for 42cc2855ba2fe4c6f5dc863507a1c843611350a0. (cherry picked from commit 07ccf434e77b17b20d773ce8b2637083cd4fdafc)
* core/mount: mount_start() may be called during the state is MOUNT_MOUNTING_DONEYu Watanabe2020-12-081-1/+1
| | | | | | | | | As, both MOUNT_MOUNTING and MOUNT_MOUNTING_DONE are mapped to UNIT_ACTIVATING. Fixes #17570. (cherry picked from commit db39a62784e8f857a67cb4a83ade28a906f79679)
* seccomp: move brk+mmap+mmap2 into @default syscall filter setLennart Poettering2020-12-081-3/+3
| | | | | | | | | | | | | These three syscalls are internally used by libc's memory allocation logic, i.e. ultimately back malloc(). Allocating a bit of memory is so basic, it should just be in the default set. This fixes a couple of issues with asan/msan and the seccomp tests: when asan/msan is used some additional, large memory allocations take place in the background, and unless mmap/mmap2/brk are allowlisted these will fail, aborting the test prematurely. (cherry picked from commit 5abede3247591248718026cb8be6cd231de7728b)
* units: wait until some fs modules are entirely loaded before mounting their ↵Franck Bui2020-12-082-4/+16
| | | | | | | | | | | | | | | | | | | | | | | corresponding filesystem udev requests to start the fs mount units when their respective module is loaded. For that it monitors uevents of type "ADD" for the relevant fs modules. However the uevent is sent by the kernel too early, ie before the init() of the module is called hence before directories in /sys/fs/ are created. This patch workarounds adds "Requires/After=modprobe@<fs-module>.service" to the mount unit, which means that modprobe(8) will be called once the fs module is announced to be loaded. This sounds pointless, but given that modprobe only returns after the initialization of the module is complete, it should workaround the issue. As a side effect, the module will be automatically loaded if the mount unit is started manually. Fixes #17586. (cherry picked from commit 42cc2855ba2fe4c6f5dc863507a1c843611350a0)
View Lorry Controller Status