| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
let's mark cgroupsv1 systems as "tainted" in the taint string logic.
It's time.
|
| |\
| |
| | |
xdg-autostart-generator: silence warning
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://wiki.gnome.org/HowDoI/DBusApplicationLaunching and
https://wiki.gnome.org/Initiatives/GnomeGoals/DBusActivatable for a description
of this key:
> Instead of the typical UNIX-style fork()/exec() approach to process creation,
> launching an application is done by sending a D-Bus message to the well-known
> name of that application, causing a D-Bus activation.
>
> Starting processes with D-Bus activation ensures that each application gets
> started in its own pristine environment, as a direct descendent of the
> session -- not in the environment of whatever its parent happened to be. This
> is important for ensuring the app ends up in the correct cgroup, for example.
So this motivation is not important for us: we launch stuff ourselves better.
This fixes warnings during boot:
systemd-xdg-autostart-generator[2274]: /etc/xdg/autostart/org.freedesktop.problems.applet.desktop:92: Unknown key name 'DBusActivatable' in section 'Desktop Entry', ignoring.
|
| | | |
|
| |\ \
| | |
| | | |
Links and syntax highlighting
|
| | |/
| |
| |
| |
| | |
Having the extra slash at the end is not a problem, just inconsistent. But the links with
.html or .md return 404.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
freep() has it's own definition, so I missed it in fd421c4adc7406de02e03e2f7ceede2cc6e1d9d4.
Again, there is a small growth, but the compiler should be able to optimize it away:
-Dbuildtype=debug:
-rwxrwxr-x 1 zbyszek zbyszek 4106816 Feb 19 12:52 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7492952 Feb 19 12:52 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472624 Feb 19 12:53 build/systemd
-rwxrwxr-x 1 zbyszek zbyszek 4107056 Feb 19 13:03 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7493480 Feb 19 13:03 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472760 Feb 19 13:03 build/systemd
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31055.
|
| |\ \
| | |
| | | |
network: several follow-ups for recent IPMasquerade= change
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, any positive boolean string for IPMasquerade= enables only IPv4
masquerade. The commit 48ed276647c754bfb3ed5c6c5af9404e073ffe54 adds
IPv6 masquerade support. However, only "yes" is handled as "ipv4", and other
positive boolean strings are handled as "both".
This makes all positive boolean strings considered as "ipv4", warn that they
are deprecated, and suggest to use "ipv4" or "both".
Follow-up for 48ed276647c754bfb3ed5c6c5af9404e073ffe54.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
It is not necessary to use different flag for each address family.
Follow-up for 48ed276647c754bfb3ed5c6c5af9404e073ffe54.
|
| | |/
|/|
| |
| | |
potentically -> potentially
(And a small grammar fix)
|
| | |
| |
| |
| |
| |
| |
| | |
Otherwise, nexthop_configure() -> nexthop_add() creates NextHop object
without ID in link->nexthop, and then, manager_rtnl_process_nexthop() ->
nexthop_add_foreign() also creates another NextHop object with ID in
link->nexthop_foreign.
|
| | |
| |
| |
| |
| | |
This is a preparation for later commits. When RTA_NH_ID is set to a
route, then the corresponding nexthop must be exist.
|
| |/ |
|
| |\
| |
| | |
use scaling relative to UINT32_MAX instead of percentages/permyriads wherever we can
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
oomd.conf has two parameters with fractionals: SwapUsedLimit= and
DefaultMemoryPressureLimit=, but one accepts permyriads, the other only
percentages, for no apparent reason. One carries the "Percent" in the
name, the other doesn't.
Let's clean this up: always accept permyriads, and drop the suffix,
given that it is misleading.
I figure we should internally try to focus on scaling everything
relative to UINT32_MAX, and if that isn't in the cards at least 10000,
but never permille nor percent unless there's a really really good
reason for it (e.g. interface defined by someone else).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
So far OOMD limits used permyriads, as an upgrade from the original
percent.
The rest of our codebase typically scales stuff relative to UINT32_MAX.
Let's clean this up, an make sure this happens here too. This is
particularly relevant, as this is exposed in unit files and API, and
before we mark this stable we should get the APIs right.
|
| | |
| |
| |
| |
| |
| | |
Let's define a set of macros for making output of permyriad values easy.
They are printed in pure ASCII, i.e. without the permille/permyriad
suffix, using just percent and two places after the dot.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
2^32-1
At various places we accept values scaled to the range 0…2^32-1 which
are exposed to the user as percentages/permille/permyriad. Let's add
some helper macros (actually: typesafe macro-like functions) that help
with converting our internal encoding to the external encodings.
benefits: some of the previous code rounded up, some down. let's always
round to nearest, to ensure that our conversions are reversible. Also,
check for overflows correctly.
This also adds a test that makes sure that for the full
percent/permille/permyriad ranges we can convert forth and back without
loss of accuracy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
after the dot
Previously, when parsing myriads, we'd support:
x% → percent, no places after the dot
x.yz% → percent, two places after the dot
x‰ → permille, no places after the dot
x.y‰ → permille, one place after the dot
x‱ → permyriad, no places after the dot
What's missing is:
x.y% → percent, one place after the dot
Let's add it in.
|
| | |
| |
| |
| |
| |
| |
| | |
A good chunk of parse-util.[ch] has been about parsing parts per
hundred/thousand/ten-thousand. Let's split that out into its own file.
No code changes, just some shuffling around.
|
| | |
| |
| |
| |
| | |
This way we can take benefit of the fact that physical_memory_scale()
aligns on page sizes.
|
| | |
| |
| |
| |
| |
| | |
Given that we now have a parser for permyriads, let's use it everywhere
for greater accuracy. This means wherever we previously supported % and
‰, we now also support ‱.
|
| | |
| |
| |
| |
| |
| |
| | |
(physical_memory|system_tasks)_max_scale()
Also, shortcut two special cases for passing through values as-is, so
that we are not needlessly subjected to overflow issues for them.
|
| | |
| |
| |
| | |
As discussed in https://github.com/systemd/systemd/pull/18347.
|
| |/
|
|
| |
Fixes #18415.
|
| |
|
|
|
| |
Prompted by
https://github.com/systemd/systemd/pull/18543#issuecomment-780798451.
|
| |\
| |
| | |
sd-network.h type tweaks
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apparently, in our current public headers (i.e. those called sd-*.h) we
suffixed typedefs that we use as values with _t, but we didn't do this
for enum typedefs. Fix that while this stuff is not actually public yet.
With this scheme "value typedefs" now end systematically in _t, and
"object typedefs" (i.e. structures that are typically passed around via
pointers and not values) do not.
No code changes, just some renaming.
|
| | |
| |
| |
| |
| |
| | |
As the name of the function suggests this is supposed to return
uint64_t, of course. Fix it. Not sure how this mistake happened in the
first place...
|
| |\ \
| | |
| | | |
export sd_device_get_action() API + more
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This doesn't really change anything, but feels nicer, since it abstracts
away what device_action_from_string()/device_action_to_string() do
internally, and always uses a normalized action string (yes, there's no
ambiguity, but it's nice to stay abstract, maybe one day there is
ambiguity around this)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sd_device_new_from_stat_rdev()
To make sd-device properly usable for all programs we need to provide an
API for the "action" field of an event, it's one of the most relevant
ones, and it was so far missing.
This also adds sd_device_get_seqnum(), which isn't that interesting,
except for generating pretty debug output, which we use it ourselves
for.
This also makes device_new_from_stat_rdev() public, as it is truly
useful, as we can see in our own uses of it, and I think is fairly
generic to show up in the public APIs.
|
| | | |
| | |
| | |
| | | |
Our coding style says no to this.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
struct rfkill_event read/write size leniency
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I'm seeing the following with kernel-core-5.10.16-200.fc33.x86_64:
$ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-rfkill
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 0 and type bluetooth.
Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
Found container virtualization none.
rfkill0: Operating on rfkill device 'tpacpi_bluetooth_sw'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/platform-thinkpad_acpi:bluetooth.
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 1 and type wwan.
rfkill1: Operating on rfkill device 'tpacpi_wwan_sw'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/platform-thinkpad_acpi:wwan.
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 2 and type bluetooth.
rfkill2: Operating on rfkill device 'hci0'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/pci-0000:00:14.0-usb-0:7:1.0:bluetooth.
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 3 and type wlan.
rfkill3: Operating on rfkill device 'phy0'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/pci-0000:04:00.0:wlan.
All events read and idle, exiting.
We were expecting a read of exactly RFKILL_EVENT_SIZE_V1==8 bytes. But the
structure has 9 after [1].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=14486c82612a177cb910980c70ba900827ca0894
For some reason the kernel does not accept the full structure size, but cuts
the write short after 8 bytes:
static ssize_t rfkill_fop_write(struct file *file, const char __user *buf,
size_t count, loff_t *pos)
{
struct rfkill_event ev;
/* we don't need the 'hard' variable but accept it */
if (count < RFKILL_EVENT_SIZE_V1 - 1)
return -EINVAL;
/*
* Copy as much data as we can accept into our 'ev' buffer,
* but tell userspace how much we've copied so it can determine
* our API version even in a write() call, if it cares.
*/
count = min(count, sizeof(ev));
if (copy_from_user(&ev, buf, count))
return -EFAULT;
... so it should accept the full size. I'm not sure what is going on here.
But we don't care about the extra fields, so let's accept a write as long as
it's at least RFKILL_EVENT_SIZE_V1.
Fixes #18677.
|
| | | | |
| | | |
| | | |
| | | | |
If we get something of unexpected size, log the sizes. Also, don't log twice.
|
| | | | |
| | | |
| | | |
| | | | |
Fixes: #18005
|
| |\ \ \ \
| |_|/ /
|/| | | |
resolved: many UDP fragmentation tweaks
|
| | | | |
| | | |
| | | |
| | | | |
packet size
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fragmenting sucks, let's avoid it. Thus let's start tracking the maximum
fragment size we receive.
Also, let's redo a transaction via TCP if we see fragmenting on UDP, as
effective mitigation against DNS fragment attacks.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Let's take all MTU info we possibly have into account, i.e. the one
reported via netlink, as before and the one the socket might now (from
PMTUD and such), clamped by our own ideas.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We can later use this to adapt our announced EDNS buffer size in order
to avoid fragmentation to make the best of large datagrams while still
avoiding he security weaknesses of it.
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This disables path MTU discovery both for our UDP upstream connections
and our UDP stub, following the suggestions of:
https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
This more or less follows the model of other DNS servers on this.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
same values as were already set
Prompted-by: #17577 (but doesn't fix this, since this commit only
handles D-Bus-induced changes, not the ones made via networkd)
|
