summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | sd-hwdb: fix NULL arg to %s in error messagesZbigniew Jędrzejewski-Szmek2022-06-071-14/+10
| | | | | | | | | | | | | | | gcc warns about $subject, and it is obviously correct. path may or may not be set.
| * | basic/unit-file: make sure we don't call streq() on NULLZbigniew Jędrzejewski-Szmek2022-06-071-0/+1
| | | | | | | | | | | | | | | | | | | | | add_names is called in two places, with fragment_basename=NULL in one of them. gcc warns that it can be NULL. Fixes #23646.
* | | Merge pull request #23678 from aafeijoo-suse/shell-completion-cryptenrollZbigniew Jędrzejewski-Szmek2022-06-094-2/+105
|\ \ \ | |_|/ |/| | bash-completion: add systemd-cryptenroll support
| * | bash-completion: add systemd-cryptenroll supportAntonio Alvarez Feijoo2022-06-092-0/+103
| | |
| * | bash-completion: fix typos in commentsAntonio Alvarez Feijoo2022-06-092-2/+2
|/ /
* | Resolve conflicts between #23616 and the recent NFT additionsZbigniew Jędrzejewski-Szmek2022-06-093-36/+22
| |
* | Merge pull request #23616 from keszybz/in-addr-to-string-formattingYu Watanabe2022-06-0945-444/+323
|\ \ | | | | | | Add macros that allocate a fixed buffer for in_addr_to_string(), in_addr_prefix+to_string()
| * | various: use CONST_MAX for array allocationZbigniew Jędrzejewski-Szmek2022-06-062-3/+3
| | | | | | | | | | | | | | | | | | IIUC, with MAX() we get a VLA and the size is "decided" at runtime, even though the result is always the same, but with CONST_MAX() we get a normal stack variable.
| * | CODING_STYLE: say that inet_ntop() is a no noZbigniew Jędrzejewski-Szmek2022-06-061-0/+5
| | |
| * | tree-wide: convert inet_ntop() calls to anonymous-buffer macrosZbigniew Jędrzejewski-Szmek2022-06-066-35/+19
| | |
| * | basic/in-addr-util: add IN_ADDR_PREFIX_TO_STRINGZbigniew Jędrzejewski-Szmek2022-06-0618-223/+155
| | |
| * | basic/in-addr-util: drop check for prefix length in formatting functionZbigniew Jędrzejewski-Szmek2022-06-063-6/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The general rule should be to be strict when parsing data, but lenient when printing it. Or in other words, we should verify data in verification functions, but not when printing things. It doesn't make sense to refuse to print a value that we are using internally. We were tripping ourselves in some of the print functions: we want to report than an address was configured with too-long prefix, but the log line would use "n/a" if the prefix was too long. This is not useful. Most of the time, the removal of the check doesn't make any difference, because we verified the prefix length on input.
| * | libsystemd-network: minor simplificationZbigniew Jędrzejewski-Szmek2022-06-061-4/+2
| | |
| * | resolved: use TAKE_PTR() in one more placeZbigniew Jędrzejewski-Szmek2022-06-061-3/+2
| | |
| * | networkctl: assume that we can always print local networking addressesZbigniew Jędrzejewski-Szmek2022-06-061-41/+18
| | | | | | | | | | | | | | | | | | IN6_ADDR_TO_STRING(…) always returns something, so we can simplify the code a lot. Also, let's not do step-wise concatenation, but instead handle everything with one str_extendf() call.
| * | basic/in-addr-util: add IN_ADDR_TO_STRINGZbigniew Jędrzejewski-Szmek2022-06-0623-134/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we don't need the error value, and the buffer is allocated with a fixed size, the whole logic provided by in_addr_to_string() becomes unnecessary, so it's enough to wrap inet_ntop() directly. inet_ntop() can only fail with ENOSPC. But we specify a buffer that is supposed to be large enough, so this should never fail. A bunch of tests of this are added. This allows all the wrappers like strna(), strnull(), strempty() to be dropped. The guard of 'if (DEBUG_LOGGING)' can be dropped from around log_debug(), because log_debug() implements the check outside of the function call. But log_link_debug() does not, so it we need it to avoid unnecessary evaluation of the formatting.
* | | hwdb: Add HP Dev OneJeremy Soller2022-06-091-0/+5
| | | | | | | | | | | | | | | This enables the microphone mute and programmable hotkey for the HP Dev One.
* | | meson: Add nspawn-locale meson optionDaan De Meyer2022-06-093-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/systemd/systemd/pull/23192 caused breakage in Arch Linux's build tooling. Let's give users an opt-out aside from reverting the patch. It's hardly any maintenance work on our side and gives users an easy way to revert the locale change if needed. Of course, by default we still pick C.UTF-8 if the option is not specified.
* | | Merge pull request #23675 from enr0n/udev-available-cleanupYu Watanabe2022-06-092-3/+2
|\ \ \ | | | | | | | | Use udev_available() where appropriate
| * | | nspawn: use udev_available()Nick Rosbrook2022-06-091-1/+1
| | | |
| * | | libsystemd-network: use udev_available()Nick Rosbrook2022-06-091-2/+1
|/ / /
* | | cifuzz: build fuzzers on i386 as wellEvgeny Vereshchagin2022-06-081-2/+7
| | | | | | | | | | | | It's a follow-up to https://github.com/systemd/systemd/pull/23550.
* | | po: Added translation using Weblate (Estonian)H A2022-06-082-0/+848
| | | | | | | | | | | | Co-authored-by: H A <contact+fedora@hen.ee>
* | | core: firewall integration with DynamicUserNFTSet=Topi Miettinen2022-06-0814-0/+310
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New directive `DynamicUserNFTSet=` provides a method for integrating configuration of dynamic users into firewall rules with NFT sets. Example: ``` table inet filter { set u { typeof meta skuid } chain service_output { meta skuid != @u drop accept } } ``` ``` /etc/systemd/system/dunft.service [Service] DynamicUser=yes DynamicUserNFTSet=inet:filter:u ExecStart=/bin/sleep 1000 [Install] WantedBy=multi-user.target ``` ``` $ sudo nft list set inet filter u table inet filter { set u { typeof meta skuid elements = { 64864 } } } $ ps -n --format user,group,pid,command -p `pgrep sleep` USER GROUP PID COMMAND 64864 64864 55158 /bin/sleep 1000 ```
* | | core: firewall integration with ControlGroupNFTSet=Topi Miettinen2022-06-0815-0/+304
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New directive `ControlGroupNFTSet=` provides a method for integrating services into firewall rules with NFT sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] ControlGroupNFTSet=inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
* | | network: firewall integration with NFT setsTopi Miettinen2022-06-0813-7/+792
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New directives `NFTSet=`, `IPv4NFTSet=` and `IPv6NFTSet=` provide a method for integrating configuration of dynamic networks into firewall rules with NFT sets. /etc/systemd/network/eth.network ``` [DHCPv4] ... NFTSet=netdev:filter:eth_ipv4_address ``` ``` table netdev filter { set eth_ipv4_address { type ipv4_addr flags interval } chain eth_ingress { type filter hook ingress device "eth0" priority filter; policy drop; ip saddr != @eth_ipv4_address drop accept } } ``` ``` sudo nft list set netdev filter eth_ipv4_address table netdev filter { set eth_ipv4_address { type ipv4_addr flags interval elements = { 10.0.0.0/24 } } } ```
* | | Merge pull request #23641 from keszybz/janitorialsLuca Boccassi2022-06-085-63/+48
|\ \ \ | | | | | | | | Janitorial cleanups
| * | | basic/socket-util: align tablesZbigniew Jędrzejewski-Szmek2022-06-071-20/+20
| | | |
| * | | activate: reduce scope of iterator variablesZbigniew Jędrzejewski-Szmek2022-06-071-12/+9
| | | |
| * | | core: wrap some long commentsZbigniew Jędrzejewski-Szmek2022-06-071-7/+7
| | | |
| * | | shared/condition: reduce scope of variablesZbigniew Jędrzejewski-Szmek2022-06-071-18/+7
| | | |
| * | | bootctl: inline iterator variableZbigniew Jędrzejewski-Szmek2022-06-071-6/+5
| | | |
* | | | basic: Propagate SIGBUS signal info when re-raising signalsDaan De Meyer2022-06-071-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | raise() won't propagate the siginfo information of the signal that's re-raised. rt_sigqueueinfo() allows us to provide the original siginfo struct which makes sure it is propagated to the next signal handler (or to the coredump).
* | | | Merge pull request #23645 from DaanDeMeyer/journalctl-static-destructorDaan De Meyer2022-06-075-25/+26
|\ \ \ \ | | | | | | | | | | journalctl: Use STATIC_DESTRUCTOR_REGISTER()
| * | | | journalctl: Use STATIC_DESTRUCTOR_REGISTER()Daan De Meyer2022-06-061-17/+16
| | | | |
| * | | | shared: Rename pcre2-dlopen.h/c to pcre2-util.h/cDaan De Meyer2022-06-065-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already store the dlopen() stuff for other libraries in util headers as well so let's do the same for pcre2. We also move the definition of some trivial cleanup functions from journalctl.c to pcre2-util.h
* | | | | Merge pull request #23643 from mrc0mmand/asan-tweaksFrantisek Sumsal2022-06-072-3/+2
|\ \ \ \ \ | | | | | | | | | | | | test: fix (not only) TEST-70 under sanitizers
| * | | | | test: fix TEST-70 under sanitizersFrantisek Sumsal2022-06-061-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Addresses: * https://github.com/systemd/systemd/issues/23578#issuecomment-1144089821 * https://github.com/systemd/systemd-centos-ci/pull/496#issuecomment-1144640305
| * | | | | test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSOFrantisek Sumsal2022-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we unset $LD_PRELOAD in the testsuite-* units (due to another issue), let's store the path to the ASan DSO in another env variable, so we can easily access it in the testsuite scripts when needed.
* | | | | | meson: adjust rootlibdir default for multiarchMike Gilbert2022-06-071-1/+6
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Debian, libdir is commonly something like 'lib/x86_64-linux-gnu'. The result of get_option('libdir') is normalized to a prefix-relative path by meson, so we can just append it to rootprefixdir. Fixes https://github.com/systemd/systemd/issues/23648.
* | | | | meson: install libsystemd-shared into rootpkglibdirMichael Biebl2022-06-075-128/+132
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce rootpkglibdir for installing libsystemd-{shared,core}.so. The benefit over using rootlibexecdir is that this path can be multiarch aware, i.e. this path can be architecture qualified. This is something we'd like to make use of in Debian/Ubuntu to make libsystemd-shared co-installable, e.g. for i386 the path would be /usr/lib/i386-linux-gnu/systemd/libsystemd-shared-*.so and for amd64 /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-*.so. This will allow for example to install and run systemd-boot/i386 on an amd64 host. It also simplifies/enables cross-building/bootstrapping. For more infos about Multi-Arch see https://wiki.debian.org/Multiarch. See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990547
* | | | | networkd: NetLabel integrationTopi Miettinen2022-06-0616-7/+445
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New directive `NetLabel=` provides a method for integrating dynamic network configuration into Linux NetLabel subsystem rules, used by Linux security modules (LSMs) for network access control. The option expects a whitespace separated list of NetLabel labels. The labels must conform to lexical restrictions of LSM labels. When an interface is configured with IP addresses, the addresses and subnetwork masks will be appended to the NetLabel Fallback Peer Labeling rules. They will be removed when the interface is deconfigured. Failures to manage the labels will be ignored. Example: ``` [DHCP] NetLabel=system_u:object_r:localnet_peer_t:s0 ``` With the above rules for interface `eth0`, when the interface is configured with an IPv4 address of 10.0.0.0/8, `systemd-networkd` performs the equivalent of `netlabelctl` operation ``` $ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0 ``` Result: ``` $ sudo netlabelctl -p unlbl list ... interface: eth0 address: 10.0.0.0/8 label: "system_u:object_r:localnet_peer_t:s0" ... ```
* | | | | hwdb: Add accel orientation quirk for the Aya Neo NextMaccraft1232022-06-061-0/+8
| | | | |
* | | | | execute: fix resource leakShreenidhi Shedi2022-06-061-1/+1
|/ / / / | | | | | | | | | | | | CID#1431998
* | | | Merge pull request #23621 from evverx/clang-releaseZbigniew Jędrzejewski-Szmek2022-06-063-18/+12
|\ \ \ \ | |_|/ / |/| | | ci: build systemd with clang with -Dmode=release --optimization=2
| * | | Revert "Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size."Evgeny Vereshchagin2022-06-051-13/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 0bd292567a543d124cd303f7dd61169a209cae64. It isn't guaranteed anywhere that __builtin_dynamic_object_size can always deduce the size of every object passed to it so systemd can end up using either malloc_usable_size or __builtin_dynamic_object_size when pointers are passed around, which in turn can lead to actual segfaults like the one mentioned in https://github.com/systemd/systemd/issues/23619. Apparently __builtin_object_size can return different results for pointers referring to the same memory as well but somehow it hasn't caused any issues yet. Looks like this whole malloc_usable_size/FORTIFY_SOURCE stuff should be revisited. Closes https://github.com/systemd/systemd/issues/23619 and https://github.com/systemd/systemd/issues/23150. Reopens https://github.com/systemd/systemd/issues/22801
| * | | ci: build systemd with clang with -Dmode=release --optimization=2Evgeny Vereshchagin2022-06-052-5/+9
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | This is what's most likely used to build systemd with clang in practice so let's test it as well. Preparation for reverting https://github.com/systemd/systemd/commit/0bd292567a543d124cd303f7dd61169a209cae64 (which replaced bogus buffer overflow found with _FORTIFY_SOURCE=3 with actual segfaults).
* | | Merge pull request #23626 from sshedi/retval-fixesZbigniew Jędrzejewski-Szmek2022-06-063-8/+8
|\ \ \ | |/ / |/| | Retval fixes
| * | manager: ignore return value of unit_watch_pid()Shreenidhi Shedi2022-06-051-6/+6
| | | | | | | | | | | | | | | | | | | | | Also, explicitly ignore return value of service_set_main_pid() calls in few places. Fixes: CID#1474975
| * | machinectl: ignore return value of get_process_comm()Shreenidhi Shedi2022-06-051-1/+1
| | | | | | | | | | | | Fixes: CID#1469720