| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
I want to use efivars.[ch] in proc-cmdline.c, but most of the efivars stuff is
not needed in basic/. Move the file from shared/ to basic/, but then move back
most of the higher-level functions to the new shared/efi-loader.c file.
|
|
This replaces the internal uses of __FILE__ with the new macro.
|
|
Before only one comparison was allowed. Let's make this more flexible:
ConditionKernelVersion = ">=4.0" "<=4.5"
Fixes #12881.
This also fixes expressions like "ConditionKernelVersion=>" which would
evaluate as true.
|
|
Whenever I see EXTRACT_QUOTES, I'm always confused whether it means to
leave the quotes in or to take them out. Let's say "unquote", like we
say "cunescape".
|
|
|
|
ConditionNull= is the only condition where parameter==NULL is allowed,
and we'd print ConditionNull=(null) or ConditionNull=!(null).
|
|
It just seems to fit better there and it's always better to have things
in shared/ rather than basic/.
|
|
add ConditionCPUs= + ConditionMemory=
|
|
This fixes a bug introduced by c4f58deab56282cd438922203287cb073b861513.
Closes oss-fuzz#13878, oss-fuzz#13882, oss-fuzz#13884, oss-fuzz#13886, and
oss-fuzz#13888.
|
|
|
|
|
|
We have all the building blocks in place already, let's add this.
Fixes: #8990
|
|
|
|
|
|
Let's split out the operator parsing and the final verdict
determination. That way we can reuse this logic for other purposes later
on.
|
|
It's quite complex, let's split this out.
No code changes, just some file rearranging.
|
|
The idea is that anything which is related to actually manipulating mounts is
in mount-util.c, but functions for mountpoint introspection are moved to the
new file. Anything which requires libmount must be in mount-util.c.
This was supposed to be a preparation for further changes, with no functional
difference, but it results in a significant change in linkage:
$ ldd build/libnss_*.so.2
(before)
build/libnss_myhostname.so.2:
linux-vdso.so.1 (0x00007fff77bf5000)
librt.so.1 => /lib64/librt.so.1 (0x00007f4bbb7b2000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007f4bbb755000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4bbb734000)
libc.so.6 => /lib64/libc.so.6 (0x00007f4bbb56e000)
/lib64/ld-linux-x86-64.so.2 (0x00007f4bbb8c1000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f4bbb51b000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f4bbb512000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4bbb4e3000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f4bbb45e000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f4bbb458000)
build/libnss_mymachines.so.2:
linux-vdso.so.1 (0x00007ffc19cc0000)
librt.so.1 => /lib64/librt.so.1 (0x00007fdecb74b000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fdecb744000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fdecb6e7000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdecb6c6000)
libc.so.6 => /lib64/libc.so.6 (0x00007fdecb500000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdecb8a9000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fdecb4ad000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fdecb4a2000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdecb475000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fdecb3f0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fdecb3ea000)
build/libnss_resolve.so.2:
linux-vdso.so.1 (0x00007ffe8ef8e000)
librt.so.1 => /lib64/librt.so.1 (0x00007fcf314bd000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fcf314b6000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fcf31459000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf31438000)
libc.so.6 => /lib64/libc.so.6 (0x00007fcf31272000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcf31615000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fcf3121f000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcf31214000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fcf311e7000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fcf31162000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fcf3115c000)
build/libnss_systemd.so.2:
linux-vdso.so.1 (0x00007ffda6d17000)
librt.so.1 => /lib64/librt.so.1 (0x00007f610b83c000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f610b835000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007f610b7d8000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610b7b7000)
libc.so.6 => /lib64/libc.so.6 (0x00007f610b5f1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f610b995000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f610b59e000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f610b593000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f610b566000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f610b4e1000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f610b4db000)
(after)
build/libnss_myhostname.so.2:
linux-vdso.so.1 (0x00007fff0b5e2000)
librt.so.1 => /lib64/librt.so.1 (0x00007fde0c328000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fde0c307000)
libc.so.6 => /lib64/libc.so.6 (0x00007fde0c141000)
/lib64/ld-linux-x86-64.so.2 (0x00007fde0c435000)
build/libnss_mymachines.so.2:
linux-vdso.so.1 (0x00007ffdc30a7000)
librt.so.1 => /lib64/librt.so.1 (0x00007f06ecabb000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f06ecab4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f06eca93000)
libc.so.6 => /lib64/libc.so.6 (0x00007f06ec8cd000)
/lib64/ld-linux-x86-64.so.2 (0x00007f06ecc15000)
build/libnss_resolve.so.2:
linux-vdso.so.1 (0x00007ffe95747000)
librt.so.1 => /lib64/librt.so.1 (0x00007fa56a80f000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fa56a808000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa56a7e7000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa56a621000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa56a964000)
build/libnss_systemd.so.2:
linux-vdso.so.1 (0x00007ffe67b51000)
librt.so.1 => /lib64/librt.so.1 (0x00007ffb32113000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007ffb3210c000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffb320eb000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffb31f25000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffb3226a000)
I don't quite understand what is going on here, but let's not be too picky.
|
|
Let's modernize things a bit.
|
|
Now that we don't (mis-)use the env file parser to parse kernel command
lines there's no need anymore to override the used newline character
set. Let's hence drop the argument and just "\n\r" always. This nicely
simplifies our code.
|
|
|
|
Let's fold get_user_creds_clean() into get_user_creds(), and introduce a
flags argument for it to select "clean" behaviour. This flags parameter
also learns to other new flags:
- USER_CREDS_SYNTHESIZE_FALLBACK: in this mode the user records for
root/nobody are only synthesized as fallback. Normally, the synthesized
records take precedence over what is in the user database. With this
flag set this is reversed, and the user database takes precedence, and
the synthesized records are only used if they are missing there. This
flag should be set in cases where doing NSS is deemed safe, and where
there's interest in knowing the correct shell, for example if the
admin changed root's shell to zsh or suchlike.
- USER_CREDS_ALLOW_MISSING: if set, and a UID/GID is specified by
numeric value, and there's no user/group record for it accept it
anyway. This allows us to fix #9767
This then also ports all users to set the most appropriate flags.
Fixes: #9767
[zj: remove one isempty() call]
|
|
We have the detector call for this anyway, and it's useful for
conditioning out dbxtool.service, hence let's add this tiny new option.
|
|
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
|
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|
|
They are not needed, because anything that is non-zero is converted
to true.
C11:
> 6.3.1.2: When any scalar value is converted to _Bool, the result is 0 if the
> value compares equal to 0; otherwise, the result is 1.
https://stackoverflow.com/questions/31551888/casting-int-to-bool-in-c-c
|
|
This way we don't need to repeat the argument twice.
I didn't replace all instances. I think it's better to leave out:
- asserts
- comparisons like x & y == x, which are mathematically equivalent, but
here we aren't checking if flags are set, but if the argument fits in the
flags.
|
|
Most our other parsing functions do this, let's do this here too,
internally we accept that anyway. Also, the closely related
load_env_file() and load_env_file_pairs() also do this, so let's be
systematic.
|
|
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
|
|
This shortens the code by a few lines.
|
|
Now that we have str_verscmp() in our source tree anyway, let's make it
generic and reuse it for ConditionKernelVersion=.
|
|
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
|
|
Up until now, the behaviour in systemd has (mostly) been to silently
ignore failures to action unit directives that refer to an unavailble
controller. The addition of AssertControlGroupController and its
conditional counterpart allow explicit specification of the desired
behaviour when such a situation occurs.
As for how this can happen, it is possible that a particular controller
is not available in the cgroup hierarchy. One possible reason for this
is that, in the running kernel, the controller simply doesn't exist --
for example, the CPU controller in cgroup v2 has only recently been
merged and was out of tree until then. Another possibility is that the
controller exists, but has been forcibly disabled by `cgroup_disable=`
on the kernel command line.
In future this will also support whatever comes out of issue #7624,
`DefaultXAccounting=never`, or similar.
|
|
This adds uid_is_system() and gid_is_system(), similar in style to
uid_is_dynamic(). That a helper like this is useful is illustrated by
the fact that test-condition.c didn't get the check right so far, which
this patch fixes.
|
|
|
|
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
|
|
TOMOYO is a Mandatory Access Control security module for Linux.
Rather than ship rules, TOMOYO features a learning mode.
http://tomoyo.osdn.jp/
http://tomoyo.osdn.jp/2.5/index.html.en
|
|
|
|
This moves pretty much all uses of getpid() over to getpid_raw(). I
didn't specifically check whether the optimization is worth it for each
replacement, but in order to keep things simple and systematic I
switched over everything at once.
|
|
core: add ConditionUID and ConditionGID
|
|
It allows checking if the user is a system user or a normal user
|
|
This adds two options that are useful for user units. In particular, it
is useful to check ConditionUser=!0 to not start for the root user.
Closes: #5187
|
|
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and systemd instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for systemd --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
|
|
Let's use chase_symlinks() everywhere, and stop using GNU
canonicalize_file_name() everywhere. For most cases this should not change
behaviour, however increase exposure of our function to get better tested. Most
importantly in a few cases (most notably nspawn) it can take the correct root
directory into account when chasing symlinks.
|
|
extract_first_words deals fine with the string being NULL, so drop the upfront
check for that.
|
|
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
|
|
Rewrite the function to be slightly simpler. In particular, if a specific
match is found (like ConditionVirtualization=yes), simply return an answer
immediately, instead of relying that "yes" will not be matched by any of
the virtualization names below.
No functional change.
|
|
This can be useful to silence warnings about units which fail in userns
container.
|
|
This is a follow-up for fb8b0869a7bc30e23be175cf978df23192d59118, and makes a
couple of minor clean-up changes:
- The field name in the timestamp file is changed from "TimestampNSec=" to
"TIMESTAMP_NSEC=". This is done simply to reflect the fact that we parse the
file with the env var file parser, and hence the contents should better
follow the usual capitalization of env vars, i.e. be all uppercase.
- Needless negation of the errno parameter log_error_errno() and friends has
been removed.
- Instead of manually calculating the nsec remainder of the timestamp, use
timespec_store().
- We now check whether we were able to write the timestamp file in full with
fflush_and_check() the way we usually do it.
|
