summaryrefslogtreecommitdiffstats
path: root/test/TEST-06-SELINUX/systemd_test.if (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-11-10udev: log when we fail to query ID_NET_DRIVERZbigniew Jędrzejewski-Szmek1-1/+4
Inspired by #17532.
2020-11-09network: convert router lifetime from usec_t to uint16_tYu Watanabe1-7/+12
2020-11-09sd-radv: refuse to set preference except medium when router lifetime is zeroYu Watanabe1-3/+6
2020-11-09sd-radv: router lifetime is uint16_tYu Watanabe2-4/+4
2020-11-09network: make default router lifetime to 30minYu Watanabe2-3/+3
Closes #17527.
2020-11-09core: reduce scope of variantsYu Watanabe1-5/+5
Fixes #17543.
2020-11-09sd-bus: fix possible division by 0Yu Watanabe1-0/+2
Fixes #17541.
2020-11-09home: fix copy-and-paste mistakeYu Watanabe1-1/+1
Fixes #17542.
2020-11-09license: GPL-2.0+ -> GPL-2.0-or-laterYu Watanabe39-39/+39
2020-11-09license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2580-2581/+2581
2020-11-07hwdb: Add support for HP ZBook Studio G5 keyboard (#17525)fwSmit1-0/+7
I tested this on my ZBook Studio G5. I'm not sure if this works for other ZBook studio machines. I have two more notes on this PR: - some keys send multiple scancodes. I matched only on one of them, because I couldn't figure out how to match on all of them. This results in the others still being visible: Event: time 1604520228.146226, -------------- SYN_REPORT ------------ Event: time 1604520228.151533, type 4 (EV_MSC), code 4 (MSC_SCAN), value db Event: time 1604520228.151533, type 1 (EV_KEY), code 125 (KEY_LEFTMETA), value 1 Event: time 1604520228.151533, -------------- SYN_REPORT ------------ Event: time 1604520228.259862, type 4 (EV_MSC), code 4 (MSC_SCAN), value 38 Event: time 1604520228.259862, type 1 (EV_KEY), code 56 (KEY_LEFTALT), value 0 Event: time 1604520228.259862, -------------- SYN_REPORT ------------ Event: time 1604520228.259944, type 4 (EV_MSC), code 4 (MSC_SCAN), value 66 Event: time 1604520228.259944, type 1 (EV_KEY), code 218 (KEY_CONNECT), value 0 Event: time 1604520228.259944, -------------- SYN_REPORT ------------ Event: time 1604520228.266513, type 4 (EV_MSC), code 4 (MSC_SCAN), value db Event: time 1604520228.266513, type 1 (EV_KEY), code 125 (KEY_LEFTMETA), value 0 Event: time 1604520228.266513, -------------- SYN_REPORT ------------ I wanted to set the display key to switchvideomode, but another key is already set to that, so I set it to displaytoggle instead.
2020-11-06resolved: fix non-initialized memory accessLennart Poettering1-3/+4
Fix for bug introduced in 1ed314087fab3988f3221b1b736a7e711f174349.
2020-11-06resolved: slightly extend debug log output about outgoing messagesLennart Poettering1-2/+11
2020-11-06resolved: don't resolve "local." via LLMNRLennart Poettering1-0/+1
It's the mDNS top-level domain, hence don't consider it for LLMNR, ever. Fixes: #16233
2020-11-06resolved: add comments for various query flagsLennart Poettering1-15/+25
2020-11-06resolved: show all answer flags when dumping answerLennart Poettering1-1/+5
2020-11-06resolved: add minor optimization path to dns_answer_merge()Lennart Poettering1-0/+5
2020-11-06resolved: suppress misleading debug message about ignored resolv.conf lineLennart Poettering1-0/+2
2020-11-06errno: ETIMEDOUT is also a connection errorLennart Poettering1-2/+6
2020-11-06journalctl: show boot id in the reboot context separatorRonan Pigott1-2/+2
2020-11-06hwdb: Fix Pinebook Pro's brightness up/down and sleep keysJian-Hong Pan1-0/+10
Pinebook Pro's display brightness up & down keys do not work until the keys are mapped to the corresponding codes. Also, the sleep key is mapped to KEY_POWER code originally. This quirk maps the sleep key to the KEY_SLEEP code. This idea comes from the pinebookpro-post-install package [1] of Manjaro ARM, which is the preloaded OS on Pinebook Pro. [1]: https://gitlab.manjaro.org/manjaro-arm/packages/community/pinebookpro-post-install/-/commit/7ab1a134ea9d5b55d99de567d1ebee4ebd6f6640
2020-11-05seccomp: allow turning off of seccomp filtering via env varLennart Poettering3-9/+22
Fixes: #17504 (While we are it, also move $SYSTEMD_SECCOMP_LOG= env var description into the right document section) Also suggested in: https://github.com/systemd/systemd/issues/17245#issuecomment-704773603
2020-11-04update TODOLennart Poettering1-0/+3
2020-11-04selinux: also try the netlink-based fallback and continue on permission errorZbigniew Jędrzejewski-Szmek1-8/+16
Fedora Rawhide still has the old policy, so selinux prevents our selinux code from checking if selinux is enabled. But it seems smart to fall back to the old API anyway. Follow-up for fd5e402fa9377f2860e02bdb5b84d5f5942e73f4. Both the reference policy [1] and Fedora selinux policy [2] needed to be updated, so it's likely that this will impact other distros too. [1] https://github.com/SELinuxProject/refpolicy/pull/308 [2] https://github.com/fedora-selinux/selinux-policy/pull/464
2020-11-04shared/seccomp-util: move stime() to @obsoleteTopi Miettinen1-1/+1
Quoting the manual page of stime(2): "Starting with glibc 2.31, this function is no longer available to newly linked applications and is no longer declared in <time.h>."
2020-11-04sd-login: fix parsing in sd_uid_is_on_seatZbigniew Jędrzejewski-Szmek1-1/+1
Bug introduced in 81823e6c12771721e9a729f6280a9de26fd70bad: logind uses spaces not commas to separate items.
2020-11-03resolved: handle RRs where we don't have a signerLennart Poettering1-0/+2
If we encounter an RR that has no matching signature, then we don't know whether it was expanded from a wildcard or not. We need to accept that and not make the NSEC test fail, just skip over the RR.
2020-11-03resolved: drop unused family argument from manager_routable()Lennart Poettering3-6/+10
2020-11-03resolved: fix dumping of DnsAnswer objectsLennart Poettering1-1/+1
2020-11-03resolved: put size limit in DnsAnswer size to UINT16_MAXLennart Poettering2-1/+9
The three answer sections can only carry up to UINT16_MAX entries, hence put a hard upper limit on how far DnsAnswer can grow. The three count fields in the DNS packet header are 16 bit only, hence the limit. If code actually tries to add more than 64K RRs it will get ENOSPC with this new checking. And similar to DnsQuestion.
2020-11-03resolved: check return value of memdup() correctly for OOMLennart Poettering1-1/+1
2020-11-03man: remove misplaced commaLennart Poettering1-1/+1
2020-11-03Partially revert "hwdb: reindent commments and say that "*" should always be ↵Zbigniew Jędrzejewski-Szmek8-19/+4
trailing" This partially reverts commit 62ad1c6495c098a09b36bb20bb37a9b8a11df76f. I kept the reindents and other cosmetic changes, but removed the statements about trailing ":*".
2020-11-03Revert "parse_hwdb: enforce the ":*" suffix"Zbigniew Jędrzejewski-Szmek1-3/+2
This reverts commit ad2d8e61eeab27f3e36572c7981362227357f420.
2020-11-03strv.c: simplify strv_new_apRasmus Villemoes1-29/+13
Instead of duplicating the code for x and the varargs, handle them all the same way by using for loops.
2020-11-03signal-util: make sigaction_many_ap a little more conciseRasmus Villemoes1-10/+1
There's no reason to duplicate the stop condition sig < 0, nor the sigaction() call.
2020-11-03string-util: improve overflow checkingRasmus Villemoes1-2/+2
The current overflow checking is broken in the corner case of the strings' combined length being exactly SIZE_MAX: After the loop, l would be SIZE_MAX, but we're not testing whether the l+1 expression overflows. Fix it by simply pre-accounting for the final '\0': initialize l to 1 instead of 0.
2020-11-03string-util: simplify logic in strjoin_real()Rasmus Villemoes1-40/+15
The loops over (x, then all varargs, until a NULL is found) can be written much simpler with an ordinary for loop. Just initialize the loop variable to x, test that, and in the increment part, fetch the next va_arg(). That removes a level of indentation, and avoids doing a separate strlen()/stpcpy() call for x. While touching this code anyway, change (size_t)-1 to the more readable SIZE_MAX.
2020-11-03Partially revert "hwdb: add trailing ":*" everywhere"Zbigniew Jędrzejewski-Szmek8-86/+86
This reverts commit c0443b97b71d5f70a0622061f589307bec5502c6. I got various cases wrong: "usb:v04F3p2B7Cd5912dc00dsc00dp00ic03isc00ip00in00" "usb:v0627p0001:QEMU USB Tablet" "input:b0003v0627p0001e0001-e0,1,2,4,k110,111,112,r0,1,8,B,am4,lsfw" OTOH: -evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnASUSTeKComputerInc.:pnN53SV:* +evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnASUSTeKComputerInc.:pnN53SV* is OK. Other parts follow after 'pn'. -mouse:*:name:*Trackball*:* -mouse:*:name:*trackball*:* -mouse:*:name:*TrackBall*:* +mouse:*:name:*Trackball*: +mouse:*:name:*trackball*: +mouse:*:name:*TrackBall*: ... and anything else with :name should be OK too, because our imports always include ":" at the end: IMPORT{builtin}="hwdb 'joystick:$env{ID_BUS}:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'" Including '*' at the end makes the pattern work even if we decide to add something to the match string later. Fixes #17499.
2020-11-03fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket ↵Lennart Poettering14-34/+95
name This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of read_full_file_full() a bit: when used a sender socket name may be specified. If specified as NULL behaviour is as before: the client socket name is picked by the kernel. But if specified as non-NULL the client can pick a socket name to use when connecting. This is useful to communicate a minimal amount of metainformation from client to server, outside of the transport payload. Specifically, these beefs up the service credential logic to pass an abstract AF_UNIX socket name as client socket name when connecting via READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name and the eventual credential name. This allows servers implementing the trivial credential socket logic to distinguish clients: via a simple getpeername() it can be determined which unit is requesting a credential, and which credential specifically. Example: with this patch in place, in a unit file "waldo.service" a configuration line like the following: LoadCredential=foo:/run/quux/creds.sock will result in a connection to the AF_UNIX socket /run/quux/creds.sock, originating from an abstract namespace AF_UNIX socket: @$RANDOM/unit/waldo.service/foo (The $RANDOM is replaced by some randomized string. This is included in the socket name order to avoid namespace squatting issues: the abstract socket namespace is open to unprivileged users after all, and care needs to be taken not to use guessable names) The services listening on the /run/quux/creds.sock socket may thus easily retrieve the name of the unit the credential is requested for plus the credential name, via a simpler getpeername(), discarding the random preifx and the /unit/ string. This logic uses "/" as separator between the fields, since both unit names and credential names appear in the file system, and thus are designed to use "/" as outer separators. Given that it's a good safe choice to use as separators here, too avoid any conflicts. This is a minimal patch only: the new logic is used only for the unit file credential logic. For other places where we use READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this scheme too, but this should be done carefully in later patches, since the socket names become API that way, and we should determine the right amount of info to pass over.
2020-11-02update TODOLennart Poettering1-0/+6
2020-11-02po: Update Turkish translationMuhammet Kara1-104/+115
2020-11-01network: selinux hook handling to enumerate nexthopPurushottam choudhary1-1/+2
When selinux is enabled, the call of manager_rtnl_enumerate_nexthop() fails. This fix is to facilitate selinux hook handling for enumerating nexthop. In manager_rtnl_enumerate_nexthop() there is a check if "Not supported" is returned by the send_netlink() call. This check expects that -EOPNOTSUPP is returned, the selinux hook seems to return -EINVAL instead. This happens in kernel older than 5.3 (more specificallytorvalds/linux@65ee00a) as it does not support nexthop handling through netlink. And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP returns -EINVAL. Thus adding a call in the manager_rtnl_enumerate_nexthop for the extra return -EINVAL.
2020-11-01Fix typoSorin Ionescu1-1/+1
2020-10-30automount: make user unmounting for automount units more debuggableLennart Poettering2-0/+8
Let's add an explicit log message plus an error state for automount units, if users explicitly unmounted our autofs mount. Prompted by: #17448
2020-10-30pid1: various minor watchdog modernizationsLennart Poettering2-35/+29
Just some clean-ups.
2020-10-29hwdb: Add accel orientation quirk for Predia Basic tabletHans de Goede1-0/+8
Add a quirk to fix the accelerometer orientation on the Predia Basic tablet.
2020-10-29document udev escaped string in udev(7)Yu, Li-Yu1-722/+746
2020-10-29udev: add fuzzer for udev_rule_parse_valueYu, Li-Yu2-0/+35
2020-10-29udev: test udev_rule_parse_value()Yu, Li-Yu2-0/+206