Commit Graph

5492 Commits

Author SHA1 Message Date
Egor
936a7cb66a sleep: don't skip resume device with low priority/available space
this fixes hibernation when there's a higher priority swap preceding
the resume swap in /proc/swaps.

fixes #19486
2021-10-04 10:23:42 +02:00
Luca Boccassi
948def4af6 tree-wide: fix SPDX short identifier for LGPL-2.1-or-later
https://spdx.dev/ids/#:~:text=Allowing%20later%20versions%20of%20a%20license
https://spdx.org/licenses/LGPL-2.1-or-later.html
2021-10-01 17:27:34 +01:00
Benjamin Berg
f833df3848 seccomp: Always install filters for native architecture
The commit 6597686865 ("seccomp: don't install filters for archs that
can't use syscalls") introduced a regression where filters may not be
installed for the "native" architecture. This means that setting
SystemCallArchitectures=native for a unit effectively disables the
SystemCallFilter= and SystemCallLog= options.

Conceptually, we have two filter stages:
 1. architecture used for syscall (SystemCallArchitectures=)
 2. syscall + architecture combination (SystemCallFilter=)

The above commit tried to optimize the filter generation by skipping the
second level filtering when it is not required.

However, systemd will never fully block the "native" architecture using
the first level filter. This makes the code a lot simpler, as systemd
can execve() the target binary using its own architecture. And, it
should be perfectly fine as the "native" architecture will always be the
one with the most restrictive seccomp filtering.

Said differently, the bug arises because (on x86_64):
 1. x86_64 is permitted by libseccomp already
 2. native != x86_64
 3. the loop wants to block x86_64 because the permitted set only
    contains "native" (i.e. "native" != "x86_64")
 4. x86_64 is marked as blocked in seccomp_local_archs

Thereby we have an inconsistency, where it is marked as blocked in the
seccomp_local_archs array but it is allowed by libseccomp. i.e. we will
skip generating filter stage 2 without having stage 1 in place.

The fix is simple, we just skip the native architecture when looping
seccomp_local_archs. This way the inconsistency cannot happen.
2021-09-30 08:04:59 +09:00
Yu Watanabe
200f77f933 Merge pull request #20876 from poettering/openssl3-creds
creds-util: switch to OpenSSL 3.0 APIs
2021-09-30 04:01:57 +09:00
Luca Boccassi
13b7d99dad headers: update bpf_insn.h to dual license
This header is copied from the kernel. It was relicensed from GPL-2.0-only
to GPL-2.0-only OR BSD-2-Clause, so update our SPDX tag accordingly.

For more details and ACKS from all copyright holders authorizing the
license change see:

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=d75fe9cb1dd062684c9fb8a4581738170365dc06
2021-09-29 17:40:55 +01:00
Lennart Poettering
7f12adc300 openssl-util: use EVP API to get RSA bits 2021-09-29 15:04:19 +02:00
Lennart Poettering
18f568b8e6 creds-util: switch to OpenSSL 3.0 APIs
Let's switch from the low-level SHA256 APIs to EVP APIs. The former are
deprecated on OpenSSL 3.0, the latter are supported both by old
OpenSSL and by OpenSSL 3.0, hence are the better choice.

Fixes: #20775
2021-09-29 15:04:14 +02:00
Yu Watanabe
16653f9782 wifi-util: introduce nl80211_cmd_to_string() 2021-09-29 15:38:59 +09:00
Yu Watanabe
77f75f4fff network: rename wifi_iftype -> wlan_iftype 2021-09-29 15:38:59 +09:00
Yu Watanabe
abad436d4c wifi-util: move, rename, and expose wifi_iftype_to_string() 2021-09-29 15:38:59 +09:00
Yu Watanabe
f3e235ffb2 sd-netlink, wifi-util: fix attribute type of NL80211_ATTR_SSID 2021-09-29 15:38:59 +09:00
Yu Watanabe
ae2b86de43 wifi-util: add "ret_" prefix for arguments which store results 2021-09-29 15:38:59 +09:00
Yu Watanabe
83455d0c8b Merge pull request #20865 from keszybz/meson-net-naming-definitions
Allow defining new naming scheme entries as configuration time
2021-09-29 12:29:14 +09:00
Yu Watanabe
17373589f3 Merge pull request #20860 from yuwata/libsystemd-network-get-ifname-negative-errno
libsystemd-network: make sd_dhcp_client_get_ifname() or friends return negative errno
2021-09-29 12:27:01 +09:00
Yu Watanabe
5977b71f28 libsystemd-network: make sd_dhcp_client_get_ifname() or friends return negative errno on error 2021-09-29 03:37:09 +09:00
Yu Watanabe
01afd0f7f5 tree-wide: make format_ifname() or friends return negative errno on failure
Also,
- drop unnecessary +1 from buffer size, as IF_NAMESIZE or IFNAMSIZ
  includes the nul at the end.
- format_ifname() does not update buffer on failure,
- introduces format_ifname_alloc(), FORMAT_IFNAME(), and their friends.
2021-09-29 03:37:06 +09:00
Lennart Poettering
c2fa92e7e8 dissect-image: optionally, validate dm-verity signatures in userspace
Getting certificates for dm-verity roothash signing into the trusted
kernel keychain is a royal PITA (means recompiling or rebooting with
shim), hence let's add a minimal userspace PKCS7 validation as well.

The mechanism is really simple and compatible with the verification the
kernel does. The only difference is that the certificates are searched
in /etc/verity.d/*.crt (and similar dirs in /usr/lib/, …).

We'll first try validation by passing the PKCS#7 data to the kernel, but
if that doesn't work we'll see if one of the certificates found that way
works and then attempt to attach the image without passing the PKCS#7
data to the kernel.

This makes it very easy to have fully validated GPT disk images. For
example, just copy the 'mkosi.secure-boot.crt' file you have in your
mkosi build dir to /etc/verity.d/ and things should just work.
2021-09-28 17:03:31 +02:00
Lennart Poettering
d5fcc5b053 dissect-image: add env var for disabling "sidecar" loading of verity params
Just to make debugging easier.
2021-09-28 17:03:26 +02:00
Lennart Poettering
88b3300fdc dissect-image: load embedded verity signature info from image
This adds support for actually using embedded signature data from
partitions.
2021-09-28 17:02:54 +02:00
Lennart Poettering
8ee9615e10 dissect-image: discover verity signature partitions
This doesn't make use of the discovered partitions yet, but it finds
them at least.
2021-09-28 17:02:27 +02:00
Lennart Poettering
1420cfb4b4 gpt: add partition type for PKCS#7 signatures for root hashes 2021-09-28 17:01:29 +02:00
Albert Brox
5918a93355 core: implement RuntimeMaxDeltaSec directive 2021-09-28 16:46:20 +02:00
alexlzhu
8c35c10d20 core: Add ExecSearchPath parameter to specify the directory relative to which binaries executed by Exec*= should be found
Currently there does not exist a way to specify a path relative to which
all binaries executed by Exec should be found. The only way is to
specify the absolute path.

This change implements the functionality to specify a path relative to which
binaries executed by Exec*= can be found.

Closes #6308
2021-09-28 14:52:27 +01:00
Zbigniew Jędrzejewski-Szmek
681cb84a63 meson: allow extra net naming schemes to be defined during configuration
In upstream, we have a linearly-growing list of net-naming-scheme defines;
we add a new one for every release where we make user-visible changes to the
naming scheme.

But the general idea was that downstream distributions could define their
own combinations (or even just their own names for existing combinations),
so provide stability for their users. So far this required patching of the
netif-naming-scheme.c and .h files to add the new lines.

With this patch, patching is not required:

$ meson configure build \
  -Dextra-net-naming-schemes=gargoyle=v238+npar_ari+allow_rerenames,gargoyle2=gargoyle+nspawn_long_hash \
  -Ddefault-net-naming-scheme=gargoyle2

or even

$ meson configure build \
  -Dextra-net-naming-schemes=gargoyle=v238+npar_ari+allow_rerenames,gargoyle2=gargoyle+nspawn_long_hash,latest=v249 \
  -Ddefault-net-naming-scheme=gargoyle2

The syntax is a comma-separated list of NAME=name+name+…
This syntax is a bit scary, but any typos result in compilation errors,
so I think it should be OK in practice.

With this approach, we don't allow users to define arbitrary combinations:
what is allowed is still defined at compilation time, so it's up to the
distribution maintainers to provide reasonable combinations. In this regard,
the only difference from status quo is that it's much easier to do (and harder
to do incorrectly, for example by forgetting to add a name to one of the
maps).
2021-09-28 14:22:40 +02:00
Zbigniew Jędrzejewski-Szmek
77faadfdd3 meson: drop the list of valid net naming schemes
We used 'combo' type for the scheme list. For a while we forgot to add
new names, and recently aa0a23ec86 added v241, v243, v245, and v247.
I want to allow defining new values during configuration, which means
that we can't use meson to verify the list of options. So any value is
allowed, but then two tests are added: one that will fail compilation if some
invalid name is given (other than "latest"), and one that converts
DEFAULT_NET_NAMING_SCHEME to a NamingScheme pointer.
2021-09-28 14:22:37 +02:00
Zbigniew Jędrzejewski-Szmek
acaa636866 netif-naming: inline one iterator variable 2021-09-28 12:26:09 +02:00
dann frazier
c3138b46bc Remind developers to update the list of net naming schemes that can be selected as a build-time defaults. 2021-09-27 11:12:32 -06:00
nl6720
3f67dccca0 user-record: switch the default LUKS PBKDF to argon2id to match cryptsetup
cryptsetup 2.4.0 changed the default LUKS2 PBKDF to argon2id.
See db77541790.
2021-09-24 21:02:21 +01:00
Lennart Poettering
f7c9ade22f smack-util: tiny simplification 2021-09-23 21:15:46 +02:00
Zbigniew Jędrzejewski-Szmek
3c9fbb993b variuos: add missing includes 2021-09-22 12:58:46 +02:00
Zbigniew Jędrzejewski-Szmek
465a6f1544 Merge pull request #20767 from bluca/portable_extract_selinux
portable: copy SELinux label when extracting units from images
2021-09-22 12:57:30 +02:00
Zbigniew Jędrzejewski-Szmek
07b382cc2b meson: ignore -Dsmack-run-label= if -Dsmack=false
Compilation would fail because we could have HAVE_SMACK_RUN_LABEL without
HAVE_SMACK. This doesn't make much sense, so let's just make -Dsmack=false
completely disable smack.

Also, the logic in smack-setup.c seems dubious: '#ifdef SMACK_RUN_LABEL'
would evaluate to true even if -Dsmack-run-label='' is used. I think
this was introduced in the conversion to meson:
8b197c3a8a added

AC_ARG_WITH(smack-run-label,
AS_HELP_STRING([--with-smack-run-label=STRING],
        [run systemd --system with a specific SMACK label]),
        [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run with a smack label])],
        [])

i.e. it really was undefined if not specified. And it was same
still in 72cdb3e783 when configure.ac
was dropped.

So let's use the single conditional HAVE_SMACK_RUN_LABEL everywhere.
2021-09-21 20:13:37 +02:00
Zbigniew Jędrzejewski-Szmek
ce0458be09 smack: move helper function to smack-util.c
The function was in basic/fileio.c, but it's more appropriate to
keep it out of src/basic.

Fixes compilation with -Dsmack-run-label= set.
2021-09-21 18:31:42 +02:00
Luca Boccassi
6f7ccbcc74 selinux: add mac_selinux_create_file_prepare_label helper
Allow to use setfscreatecon with a custom label rather than the default
2021-09-20 14:23:55 +01:00
Yu Watanabe
73bf0f2ace Merge pull request #20738 from mrc0mmand/ci-llvm-13
ci: build with clang-13
2021-09-16 09:32:21 +09:00
Lennart Poettering
84b5e291e2 watchdog: add ", ignoring" to log messages about errors we ignore
As per coding style. Also downgrade relevant log messages to
LOG_WARNING.
2021-09-15 16:01:02 +02:00
Lennart Poettering
a4588af942 watchdog: pass right error code to log function so that %m works 2021-09-15 16:00:20 +02:00
Luca Boccassi
8f8e9ad7cb Merge pull request #20650 from fbuihuu/watchdog-rework
Watchdog rework
2021-09-15 14:44:49 +01:00
Yu Watanabe
65bf08dd4a Merge pull request #20729 from yuwata/ethtool-features-set
ethtool-util: support more offloading feature settings
2021-09-15 20:28:24 +09:00
Frantisek Sumsal
d7ac09520b tree-wide: mark set-but-not-used variables as unused to make LLVM happy
LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which
trips over some intentionally set-but-not-used variables or variables
attached to cleanup handlers with side effects (`_cleanup_umask_`,
`_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.):

```
../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable]
        _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL;
                                                     ^
                                                     1 error generated.
```
2021-09-15 13:09:45 +02:00
Franck Bui
10fd2b1180 watchdog: use MIN() in update_timeout()
Also the previous expression was probably wrong as "(int) t >= INT_MAX" is
likely to always evaluate to false.
2021-09-15 12:14:53 +02:00
Franck Bui
bcc3a1830e watchdog: constify watchdog_set_device() parameter 2021-09-15 12:14:53 +02:00
Franck Bui
d74965e6fe watchdog: rename watchdog_set_timeout() into watchdog_setup()
"watchdog_set_timeout()" was misleading as the function is not just a setter -
it must be called for activating the watchdog device.
2021-09-15 12:14:34 +02:00
Franck Bui
9692ead197 watchdog: minor simplification of watchdog_runtime_wait()
No functional change.
2021-09-15 11:32:21 +02:00
Franck Bui
e94f9e720c watchdog: no need to ping the device twice in watchdog_ping() if the device has just been opened 2021-09-15 11:32:21 +02:00
Franck Bui
564096795e watchdog: update watchdog_timeout with the closest timeout found by the driver
Store the actual timeout value found by the driver in watchdog_timeout since
this value is more accurate for calculating the next time for pinging the
device.
2021-09-15 11:32:10 +02:00
Franck Bui
2628b98f0c core: watchdog_set_timeout() doesn't need to return the timeout value used by the HW
The manager currently doesn't need it and if it does in the future an helper
should probably be introduced instead.
2021-09-15 10:56:26 +02:00
Franck Bui
5bbf2db1e4 watchdog: make watchdog_ping() a NOP when the watchdog is disabled or closed
This patch allows watchdog_ping() to be used unconditionally regardless of
whether watchdog_set_timeout() or watchdog_close() has been previously called
or not and in both cases watchdog_ping() does nothing.

shutdown.c has been updated to cope with this change.
2021-09-15 10:54:19 +02:00
Peter Morrow
31d3a52029 cgroup: add support for StartupAllowedCPUs and StartupAllowedMemoryNodes
Add new settings which can be used to control cpuset based cpu affinity
during the startup phase only.

Signed-off-by: Peter Morrow <pemorrow@linux.microsoft.com>
2021-09-15 09:30:12 +01:00
Yu Watanabe
77bf5c31de ethtool-util: add more network device features
Then, we can easily add new settings to configure features in .link
file.
2021-09-15 02:12:02 +09:00