| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Switch to sd_event_set_signal_exit() and use Type=notify
|
|
This is done internally by bus_event_loop_with_idle().
|
|
|
|
|
|
We want to retain *some* of the full paths in order to test more code paths.
But the default should be to use the command name only. This makes the tests
less visually cluttered.
|
|
that way clients can distinguish whether there is no cid or whether
hostnamed doesn't support it nicely, by just looking if the prop exists
(but is null) or not.
This is similar how we already handle all other props in the JSON
record.
|
|
|
|
The test cases will call quite a lot of "systemctl stop
systemd-hostnamed", hence let's make sure we reset the start limit
counter each time, to not make this eventually fail.
(At other places we disabled the start limit counter, but here I opted
for resetting it manually via 'systemctl reset-failed', to test another
facet of the mechanism)
|
|
When we run in a container we should show our own system's info, not the
hosts hence suppress this info in that case.
This matches the behaviour of most other calls in hostnamed to expose
system properties.
|
|
It's a bit weird to keep this separate in particular as the polkit
object is already part of the context.
|
|
|
|
man:
- `verify` requires an argument
- `security` does not require an argument
- `fdstore` requires an argument
- `image-policy` requires an argument
`--help` text:
- missing `image-policy` command
- `cat-config` requires NAME or PATH
|
|
Follow-up to 52117f5af831a816c47ceebb83c8244ee93b72fe
|
|
Closes #26702
|
|
It makes sense that these should be one file instead of two, as they both involve mfree()
|
|
Some of these checks before bitwise operations are redundant and compilers
do not always recognize them, so let's simplify the code to make the intentions
clearer.
|
|
|
|
strict
mkdir_p() uses the specified access mode for all dirs that are missing,
hence if we call it on /run/systemd/nspawn/locking and
/run/systemd/nspawn/ doesn't exist yet, we#d create it 0700 here. But
that was never the intention, and all other code creating that dir sets
the mode to 0755. Fix this here to match the rest.
|
|
To make things symmetric to the $SYSTEMD_SSH logic that the varlink
transport supports, let's also honour such a variable in sd-bus when
picking ssh transport.
|
|
This uses openssh 9.4's -W support for AF_UNIX. Unfortunately older versions
don't work with this, and I couldn#t figure a way that would work for
older versions too, would not be racy and where we'd still could keep
track of the forked off ssh process.
Unfortunately, on older versions -W will just hang (because it tries to
resolve the AF_UNIX path as regular host name), which sucks, but hopefully this
issue will go away sooner or later on its own, as distributions update.
Fedora is still stuck at 9.3 at the time of posting this (even on
Fedora), even though 9.4, 9.5, 9.6 have all already been released by
now.
Example:
varlinkctl call -j ssh:root@somehost:/run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt '{"text":"foobar"}'
|
|
If we invoke our own varlink implementation we'll turn on O_NONBLOCK
right-away again, hence there is little point in turning it off,
however, I generally think we probably should always path this fd as
blocking, since that is the default after all, and invoked processes
might want to use it like that.
Or to see this differently: I think the varlink fd passed for activation
in many ways is similar to and as fundamental as stdin/stderr/stdout,
hence should probably be synchronous by default.
|
|
We often create our fds O_NONBLOCK, but when we want to invoke some
program with them as stdin/stdout/stderr we really should turn it off
again.
|
|
And convert some pieces of code over.
|
|
|
|
When using the `--image` or `-E` options, `arg_exclude_prefixes` is extended via
the `exclude_default_prefixes` function, which calls `strv_extend_strv`, adding
values using `strdup` that must be freed on exit.
Also changing `arg_include_prefixes` to use the same model, although there is no
leak here.
|
|
We need to destroy the hashmap entry keyed by the varlink object in case
this is a varlink request.
Follow-up for: d04c1a1c8e7c95daa483d8d52d5fc4c25fbc67f2
|
|
Deprecated IPTOS_LOWDELAY is ignored by most of today's
network equipment that only ever care about DSCP.
Use the DSCP found in other NTP implementations and set the appropiate
TCLASS for IPv6.
|
|
To get the CPUID with EAX=7, we need explicitly set 0 to ECX.
From Intel® Architecture Instruction Set Extensions Programming
Reference and Related Specifications,
===
Leaf 07H output depends on the initial value in ECX.
If ECX contains an invalid sub leaf index, EAX/EBX/ECX/EDX return 0
===
Fixes #30822.
|
|
To me this is the last major basic functionality that couldn't be
configured via credentials: the network.
We do not invent any new format for this, but simply copy relevant creds
1:1 into /run/systemd/network/ to open up the full functionality of
networkd to VM hosts.
|
|
This is a host identifier of major relevance, since it is how you
connect to this system if it is a VM, hence expose this nicely.
|
|
|
|
Even though systemd-resolved doesn't support zone transfers (AXFR/IXFR),
it should still just refuse such requests without choking on them.
See: https://github.com/systemd/systemd/pull/30809#issuecomment-1880102804
|
|
|
|
|
|
This also separates check for DNS and LLMNR, as the existing comments
are for LLMNR, not DNS. And this moves the comment for mDNS.
Fixes the issue reported at
https://github.com/systemd/systemd/pull/30809#issuecomment-1880102804.
|
|
Follow-up for 9d5b6901007e6717c6a37c49eb73bc0260e93893
Otherwise if session_load() went wrong, and we got pidfd
from fdstore, the assertion is triggered.
|
|
Otherwise we might be too fast, resulting in failed namespace check
later:
[ 7.351453] testsuite-44.sh[401]: + journalctl --list-namespaces
[ 7.351784] testsuite-44.sh[402]: + grep foobar
[ 7.358851] testsuite-44.sh[402]: foobar
[ 7.359598] testsuite-44.sh[403]: + journalctl --list-namespaces
[ 7.359974] testsuite-44.sh[404]: + grep foobaz
[ 7.369882] systemd[1]: testsuite-44.service: Failed with result 'exit-code'.
Follow-up for 68f66a1713.
|
|
|
|
Properly skip over dropped partitions and make sure they don't affect
the final graphical output (for example by leaving empty "spaces" where
their definition file name would otherwise be).
Resolves: #30742
|
|
attribute
Otherwise, e.g. when we enumerate a bridge port first, then the bridge
main interface, then the port cannot be managed by the main interface.
Fixes #30682.
|
|
Since libfuzzer feeds a single fuzzing process with multiple inputs, we
might carry over arg_transport from a previous invocation, tripping over
the assert in acquire_bus():
+----------------------------------------Release Build Stacktrace----------------------------------------+
Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Aborting.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2739==ERROR: AddressSanitizer: ABRT on unknown address 0x00000ab3 (pc 0xf7f52509 bp 0xffdf74cc sp 0xffdf74b0 T0)
SCARINESS: 10 (signal)
#0 0xf7f52509 in linux-gate.so.1
#1 0xf703b415 in raise
#2 0xf70233f6 in abort
#3 0xf772ac0a in log_assert_failed systemd/src/basic/log.c:968:9
#4 0xf77300d5 in log_assert_failed_return systemd/src/basic/log.c:987:17
#5 0xf7432bbf in bus_connect_transport systemd/src/shared/bus-util.c:284:9
#6 0x818cd17 in acquire_bus systemd/src/systemctl/systemctl-util.c:53:29
#7 0x815fd3c in help_boot_loader_entry systemd/src/systemctl/systemctl-logind.c:431:13
#8 0x819ca87 in systemctl_parse_argv systemd/src/systemctl/systemctl.c:863:37
#9 0x8197632 in systemctl_dispatch_parse_argv systemd/src/systemctl/systemctl.c:1137:16
#10 0x813328d in LLVMFuzzerTestOneInput systemd/src/systemctl/fuzz-systemctl-parse-argv.c:54:13
#11 0x81bbe7e in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#12 0x81bb5b8 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned int, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
#13 0x81bd42d in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:826:7
#14 0x81bd62e in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
#15 0x81ac84c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
#16 0x81d65c7 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#17 0xf7024ed4 in __libc_start_main
#18 0x806bdb5 in _start
Resolves: #30802
|
|
|
|
|
|
The passed attribute type will be used later.
This also
- rename conf parsers,
- sort gperf entries by the attr type.
No functional change, just refactoring and preparation for later commits.
|
|
networkd-route-nexthop.c
This also split config_parse_route_boolean() into two:
for GatewayOnline= and boolean route metrics.
No functional change, just refactoring and preparation for later commits.
|
|
|
|
assigned to MultiPathRoute=
|
|
Otherwise, networkd may be restarted by DBus and we may get wrong
results.
|
|
|
|
|
