| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
arg_early_core_pattern and arg_watchdog_device hold pointers to memory
allocated with strdup() (inside path_make_absolute_cwd). The memory needs
to be freed in reset_arguments() during reload rather than forgotten.
Change-Id: I2ab2fb856ce9dae70443430d99279f4d4848231e
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Origin: https://github.com/systemd/systemd/commit/919ea64f69f710840c1bc93f0f7cb7c51aae45d0
(cherry picked from commit 27b7cf01161e1688277ce959ea985bd27d16aed4)
|
|
daemon-reload operations can empty the cgroup procs of transient unit,
resulting in user@5001.service stop.
org.freedesktop.systemd1.Manager.Reload
V
unit_free()
V
unit_unwatch_pid() Unit=user-5001.slice <-- tlm-sessiond
V
/sys/fs/cgroup/systemd/user.slice/user-5001.slice/session-c1.scope becomes empty
V
systemd-logind removes session-c1.scope by garbage collection
V
user@5001.service stops
Change-Id: I6195ed25a99c8506534b3bc8d72fbf83906b107c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
user-runtime-dir@.service should never stop.
When it stops,
user@5001.service(Requires=user-runtime-dir.service) stops accordingly.
Change-Id: I24f5780ab0eebcfbd2efa4c75141f817a9242bca
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
booting-done.service should be privileged to be responsible for
checkpointing booting status not only for normal booting
but also for FOTA and recovery booting.
Change-Id: Ied2d9dfc12c0017107d3f97b66907e346d772c2e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
There is no point in having /run/user/UID mounted with exec, especially
that /run itself is mounted with noexec.
Change-Id: I16d46c3f3103205edf81764ca479ee0a569f90f7
(cherry picked from commit b54e100943117254c35aa3b2f98b64b4c58c814b)
|
|
[Problem]
Subject: FW: RE:(2) ~RE(3): [Debug Attach] Program Symbols Not Loading
+ Tomasz Swierczek
Hello Tomasz,
A problem has been reported that the "Debug Attach" function does not work in Tizen Studio.
(For more information, please refer to the mails below.)
This seems to be related to mount namespace separation operation.
If we revert https://review.tizen.org/gerrit/#/c/platform/core/appfw/launchpad/+/212712/ , it works well as expected.
It seems that the gdserver process requires setns operation to attach to the app process that is already in operation.
To solve this problem, capabilities need to be assigned to "gdserver" executable file, but it is pushed by tizen-studio
during the runtime of debugging, so "setcap" does not work because it has "sdk_user" permission.
There seems to be no solution at the moment, if you have any good ideas, please share them.
Thanks,
Jin-gyu Kim
[Solution]
Precondition : A. launchpad needs to know that the current request was made by the gdbserver.
B. launchpad needs to know the pid of the target app process.
1. Add "cap_sys_chroot" to launchpad process. (It should be also included in user@.service as an inheritable option.)
2. If the current request is executed by the gdbserver, it's namespace needs to be equal to the target app process by using setns().
- setns() requires the pid of target app process. (Please refer https://man7.org/linux/man-pages/man2/setns.2.html)
example : int fd = open("/proc/1234/ns/mnt", O_RDONLY); setns(fd,0); // "/proc/[pid]/ns/mnt"
- These must be executed before "security_manager_prepare_app()".
Change-Id: Ief42b5e40259fa074ec110cfac957508dcb468d3
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
(cherry picked from commit 3c7df46b0c0108f34fdc2de4cafe7384e07ea1a4)
|
|
Change-Id: Iece3b236f3f2848179dacd3a7ac8afdb008af482
(cherry picked from commit d1e94ebce5e792efbe1f880c7197d0fee199f9a9)
|
|
/usr/bin/device_board_set_boot_success reports boot success to the bootloader.
If boot success is not reported for, e.g., 10-times booting in a row,
bootloader recovers the system.
-- Bootloader --
If (BOOT_SUCCESS flag is set) {
Clear the BOOT_SUCCESS flag
BOOT_FAIL_COUNT = 0
} Else {
If (++ BOOT_FAIL_COUNT > 10) {
BOOT_FAIL_COUNT = 0
Restore to the other partitions (e.g., b -> a)
Proceed to the recovery booting (ramdisk-recovery, bootmode="recovery")
}
}
Proceed to the normal booting (ramdisk, bootmode="")
Change-Id: I581c5dbcf216806dfcff826bbdf7ca82dc944676
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
(cherry picked from commit 4c96e536e1f90b3ec3dbedaf591d6c7cdb95fb49)
|
|
|
|
Change-Id: Ibf05bd9901ce98110c7bb48e62810b8fd6baaf9c
|
|
A user systemd session accesses /proc/1/sched to detect container.
Jan 01 09:00:14 localhost audit[636]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=636 comm="systemd" name="sched" dev="proc" ino=12247
Jan 01 09:00:14 localhost audit[636]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=636 comm="systemd" name="sched" dev="proc" ino=12247
Jan 01 09:00:14 localhost audit[636]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=636 comm="systemd" name="sched" dev="proc" ino=12247
Jan 01 09:00:23 localhost audit[915]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=915 comm="systemctl" name="sched" dev="proc" ino=12247
Change-Id: I0d6f632b090582888c45f309c8a8bf06f4f0f510
|
|
input udev rule uses /usr/bin/setfacl command.
===============================================================================================n
55-udev-smack-default.rules:SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*|ts[0-9]*|uinput",
GROUP="input", SECLABEL{smack}="*", RUN+="/usr/bin/setfacl -m group:priv_keygrab:r %N"
===============================================================================================
Change-Id: I041cfda0c1ef58f02dea8e2ec9fc004121a42cd8
|
|
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
Change-Id: I4e2d3a82bbc4f53845cca6186c62588d8894566e
|
|
- /usr/lib/pkgconfig/libsystemd-daemon.pc
- /usr/lib/pkgconfig/libsystemd-id128.pc
- /usr/lib/pkgconfig/libsystemd-journal.pc
- /usr/lib/pkgconfig/libsystemd-login.pc
Change-Id: I4e2d3a82bbc4f53845cca6186c62588d8894566f
|
|
Change-Id: I5682de7dce014f76f403406ef73c7bd5a9661d5f
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
From now on, tizen supports docker.
Change-Id: I2ec4d5a9266fb5190279e57906a056d090b8eb9a
|
|
Change-Id: I289839f05abd3830691119ac8c9a8a7c370e757e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
We would refuse to print capabilities which were didn't have a name
for. The kernel adds new capabilities from time to time, most recently
cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
"Failed to parse bus message: Invalid argument" because
capability_set_to_string_alloc() would fail with -EINVAL. So let's
print such capabilities in hexadecimal:
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
0x17 0x18 0x19 0x1a ...
For symmetry, also allow capabilities that we don't know to be specified.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
Change-Id: I9cb97a37024d9781fdf3bc741eb1cdc801e91bb5
|
|
This reverts commit e03bd8dae27026782e1cf524b78f87637238cf5c.
Description is not enough to keep this, and quite likely the
problem is long gone.
Tizen uses it's own shutdown program (deviced-shutdown) from
around Tizen 5.x, which handles the shutdown sequence exactly
as wanted.
Right now it actually causes more harm than good, as it makes
impossible to run any action for two out of four "shutdown"
actions.
Change-Id: I871ffa573fefbb280a5b23e4cd62727dda478eb5
|
|
shutdown.target is special unit to which systemd automatically adds
Conflicts= with for every unit.
By removing the relation to this target in shutdown units we practically
change the shutdown to use only explicitly configured units.
Change-Id: I93a43cdb3875250920e3e49817ffcd6f7f7725b6
|
|
This reverts commit 34e316b4345a71a353c0ff622975144e0af98515.
Change-Id: I4f86bdfda8dd0a4b99dcb02bd2ad0a32a0602f93
|
|
Change-Id: Iba815676531a7561c4c4f7c12263464b1dba7f22
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
Change-Id: I5bcc23a74950d2d8ae0db2ecabf5ea14d358b0ec
|
|
Journal seems to default to /dev/null even when not explicitly
specified, so there is no separate "dlog|journal|null".
Change-Id: I5682de7dce014f76f403406ef73c7bd5a9661d5e
|
|
|
|
Set Standard{Output,Error}=dlog in a service file,
or DefaultStandard{Output,Error}=dlog for global.
Note that setting the global default should only
really be done if DLog is working under the Android
Logger backend, since the Pipe backend daemon is
not really available early on which can make early
daemons fail.
Change-Id: Icf7224d1fabd4cdb45971ac9314ed4d19d220bbb
|
|
The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
It also fixes all other occurences for table_set_display() and
table_set_sort().
Change-Id: Ie225491ae3f9752183d6ea7993d02ef450ed6ab6
|
|
The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
An alternative solution would be to change the table_set_display() function
arguments to unsigned type.
Change-Id: I862db0168d58ecb3b7ee7dcf7f751be5a6121fd9
|
|
Due to noise coming into the serial console or other abnormal behavior,
agetty changes the baudrate in the following order: 115200, 38400, 9600.
Since tizen only uses 115200 baudrate, this is fixed.
It is reported in the DA.
Change-Id: Icf7224d1fabd4cdb45971ac9314ed4d19d220bb1
|
|
kdbus.h is being moved to libdbuspolicy1 package.
Change-Id: Ib9009bc7fdc5c407d6e9349a028a81322294d2d7
|
|
VD security remove capability of /usr/bin/touch. (cap_dac_override=ei)
Change permision and group of /run/systemd/system
from 0755/root/root to 0775/root/systemf_fw.
Change-Id: I6e2189c2cd0d4a86db995651b43a4dcdc25fcabf
|
|
Since Tizen 6.5, a HAL image is mounted on the /hal directory,
which contains hardware-specific configurations and drivers,
for better portability of Tizen.
This is the priority of path searching for configuration file.
1. /etc/
2. /run/
3. /usr/local/lib/
4. /usr/lib/
5. /hal/lib/
When the same file exists, the higher priority file is used.
In this case, "/etc" is the highest priority.
Because hal can never override platform,
hal has a lower priority than platform.
Change-Id: Ie5e6cf98e64b4317bda23d49571b5c0f60084569
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Change search order for /hal to be searched last ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
|
|
/proc/sys/net/core/default_qdisc has only pfifo_fast values in all targets.
(TM1, TW2, TW3, RPI3, RPI4, ARTIK, EMUL)
If this conf does not exist, there is warning journal log and this is not harmful.
"Jan 01 11:36:16 localhost systemd-sysctl[208]: Couldn't write 'pfifo_fast' to 'net/core/default_qdisc', ignoring: No such file or directory"
Change-Id: I970dc97fc0771b1ef3fce1ef05b5f6a2d6b22778
|
|
Change-Id: Ifacc46fcc5c7ec7bb52f9b4f47ed5ea98aa5fd5a
|
|
Delay time is also applied to user systemd.
System systemd is already applied.
Change-Id: I8da0c1f224a74d45badd82f2ac1dda13cb8febbb
|
|
If /sys/class/OOO node is created and destroyed during booting (kernle driver initialization fails),
systemd-udev-trigger.service fails due to race condition.
***** race condition ***********************************************************************************
1. kernel driver create /sys/class/OOO
2. systemd-udev-trigger.service execues "/usr/bin/udevadm trigger --type=devices --action=add"
3. device_enumerator_scan_devices() => enumerator_scan_devices_all() => enumerator_scan_dir("class") =>
opendir("/sys/class") and iterate all subdirs ==> enumerator_scan_dir_and_add_devices("/sys/class/OOO")
4. kernel driver fails and destroy /sys/class/OOO
5. enumerator_scan_dir_and_add_devices("/sys/class/OOO") fails in opendir("/sys/class/OOO")
6. "systemd-udev-trigger.service" fails
7. udev coldplug fails and some device units not ready
8. mount units asociated with device units fail
9. local-fs.target fails
10. enters emergency mode
********************************************************************************************************
***** status of systemd-udev-trigger.service unit ******************************************************
$ systemctl status systemd-udev-trigger.service
systemd-udev-trigger.service - udev Coldplug all Devices
Loaded: loaded (/usr/lib/systemd/system/systemd-udev-trigger.service; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-01-02 13:16:54 KST; 22min ago
Docs: man:udev(7)
man:systemd-udevd.service(8)
Process: 2162 ExecStart=/usr/bin/udevadm trigger --type=subsystems --action=add (code=exited, status=0/SUCCESS)
Process: 2554 ExecStart=/usr/bin/udevadm trigger --type=devices --action=add (code=exited, status=1/FAILURE)
Main PID: 2554 (code=exited, status=1/FAILURE)
Jan 02 13:16:54 localhost udevadm[2554]: Failed to scan devices: No such file or directory
Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Failed with result 'exit-code'.
Jan 02 13:16:54 localhost systemd[1]: Failed to start udev Coldplug all Devices.
*******************************************************************************************************
***** journal log with Environment=SYSTEMD_LOG_LEVEL=debug in systemd-udev-trigger.service ***********
Jan 01 21:57:20 localhost udevadm[2039]: sd-device-enumerator: Scanning /sys/bus
Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scan all dirs
Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/bus
Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/class
Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Failed to scan /sys/class: No such file or directory
Jan 01 21:57:21 localhost udevadm[2522]: Failed to scan devices: No such file or directory
*******************************************************************************************************
Change-Id: Iefc64406a72e5facf1f9c48ea2f36fdadf18891d
|
|
Change-Id: Ib4b6481a67646e02f59a622c42ca84f26616a394
|
|
If /etc/systemd/delayed-target.conf exists and has DelayedTargetWait environment value,
delayed.target starts after DelayedTargetWait seconds.
If the /tmp/.systemd_delayed_target_wait file is created within the delayed time,
delayed.target starts immediately.
Change-Id: I4ad1ff6a8084ed9db7d630f533a9348b41decbf0
|
|
Change-Id: I5ff9241180d32fb936a19dadfea9fa7d174a1dee
|
|
KERNEL[3.864698] add /devices/virtual/rc/rc1/input2 (input)
DEVPATH=/devices/virtual/rc/rc1/input2
UDEV [6.541278] add /devices/virtual/rc/rc1/input2 (input)
DEVPATH=/devices/virtual/rc/rc1/input2
For fast input accessing, input udev should be set up early,
so that udev_device_get_is_initialized(input_udev_dev) check can be skipped before UDEV [6.541278].
Change-Id: I8182f856b0169f9c434bb360a49cfef109485c94
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
system-delayed-target-trigger.service
Add 'Requires=sysinit.target' and 'After=sysinit.target basic.target'
Two dependencies prevent those service from running in emergency mode,
because sysinit.target always fails in emergency mode.
Change-Id: I7602100652f478b3d66fcba215659f39a63694e2
|
|
The emergency-target-holder.service prevents emergency.target from completing.
If emergency.target is not completed,
other services that are not intended can not be run in emergency mode.
Detailed information.
============================================================================================================================
1. If local-fs.target fails, emergency.target is started by 'OnFailure=emergency.target'.
2. By 'OnFailureJobMode=replace-irreversibly' option,
emergency.target cannot be canceled until completion.
3. When starting a new service by any activation(dbus, path, socket) in emergency mode,
sysinit.target is always checked and started by 'DefaultDependency=yes'.
4. sysinit.target stops emergency.target because of the 'Conflicts=emergency.target' setting.
5. However, emergency.target can not be stopped
because it started with 'replace-irreversibly' and not finished yet.
6. So sysinit.target can not be started.
7. New service can not be run because sysinit.target could not be started.
============================================================================================================================
Logs when running new services after applying this patch
=============================================================================================================================
bash-3.2# systemctl start deviced.service
Failed to start deviced.service: Transaction for deviced.service/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status deviced.service' for details.
bash-3.2# systemctl start sysinit.target
Failed to start sysinit.target: Transaction for sysinit.target/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status sysinit.target' for details.
==============================================================================================================================
Change-Id: I2cefadd7228d463fe1755e0c475f4563d98c8260
|
|
Change-Id: Id8c736f5d00823a67446df98e19f8e9faa6536ca
|
|
Change-Id: I0c737140c57588a2e8dc936b0e371040ab20e3d2
|
|
Change-Id: I37ced8706c8bb86e465226b01fffe9976edbf08c
|
|
Change-Id: I73301481613fbefc77374fcc42297d10eebe3795
|
|
Change-Id: I43030af64c1791ffbc99aeb3906a5517edbd3670
|
|
Change-Id: I1496d79b626da11085caceec32e1748bb5b16836
|
|
Change-Id: Ifccdcf1561a32d04526d8ccf8ea76586b5a1c85c
|
|
1. Tizen does not support continer and vm.
2. Resolving Smack error.
==========================================================================================
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="environ" dev="proc" ino=12572
Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="sched" dev="proc" ino=12322
Jan 01 09:00:30 localhost audit[949]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=949 comm="systemctl" name="sched" dev="proc" ino=12322
==========================================================================================
Change-Id: I8b947a0de6c030fa7dd4f8d8b080b1f7783a4010
|
