Dave Reisner [Tue, 6 Nov 2012 14:49:27 +0000 (09:49 -0500)]
cryptsetup: hash=plain means don't use a hash
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.
Dave Reisner [Mon, 5 Nov 2012 17:50:19 +0000 (12:50 -0500)]
Implement SocketUser= and SocketGroup= for [Socket]
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it
makes sense to also allow specific user/group ownership of the socket
file for restricting access.
Kay Sievers [Sun, 4 Nov 2012 15:55:23 +0000 (16:55 +0100)]
kmod-setup: mounting efivarfs, *after* we tried to mount it, is pointless
The mount() system call, which we issue before loading modules, will trigger
a modprobe by the kernel and block until it returns. Trying to load it again
later, will have exactly the same result as the first time.
Michal Schmidt [Tue, 30 Oct 2012 13:29:38 +0000 (14:29 +0100)]
shared, core: do not always accept numbers in string lookups
The behaviour of the common name##_from_string conversion is surprising.
It accepts not only the strings from name##_table but also any number
that falls within the range of the table. The order of items in most of
our tables is an internal affair. It should not be visible to the user.
I know of a case where the surprising numeric conversion leads to a crash.
We will allow the direct numeric conversion only for the tables where the
mapping of strings to numeric values has an external meaning. This holds
for the following lookup tables:
- netlink_family, ioprio_class, ip_tos, sched_policy - their numeric
values are stable as they are defined by the Linux kernel interface.
- log_level, log_facility_unshifted - the well-known syslog interface.
We allow the user to use numeric values whose string names systemd does
not know. For instance, the user may want to test a new kernel featuring
a scheduling policy that did not exist when his systemd version was
released. A slightly unpleasant effect of this is that the
name##_to_string conversion cannot return pointers to constant strings
anymore. The strings have to be allocated on demand and freed by the
caller.
Michal Schmidt [Tue, 30 Oct 2012 09:29:40 +0000 (10:29 +0100)]
shared, libsystemd-daemon: check for empty strings in strto*l conversions
strtol() and friends may set EINVAL if no conversion was performed, but
they are not required to do so. In practice they don't. We need to check
for it.
Auke Kok [Mon, 29 Oct 2012 22:30:05 +0000 (15:30 -0700)]
SMACK: Add configuration options. (v3)
This adds SMACK label configuration options to socket units.
SMACK labels should be applied to most objects on disk well before
execution time, but two items remain that are generated dynamically
at run time that require SMACK labels to be set in order to enforce
MAC on all objects.
Files on disk can be labelled using package management.
For device nodes, simple udev rules are sufficient to add SMACK labels
at boot/insertion time.
Sockets can be created at run time and systemd does just that for
several services. In order to protect FIFO's and UNIX domain sockets,
we must instruct systemd to apply SMACK labels at runtime.
This patch adds the following options:
Smack - applicable to FIFO's.
SmackIpIn/SmackIpOut - applicable to sockets.
No external dependencies are required to support SMACK, as setting
the labels is done using fsetxattr(). The labels can be set on a
kernel that does not have SMACK enabled either, so there is no need
to #ifdef any of this code out.
For more information about SMACK, please see Documentation/Smack.txt
in the kernel source code.
v3 of this patch changes the config options to be CamelCased.
Michal Schmidt [Mon, 29 Oct 2012 20:04:47 +0000 (21:04 +0100)]
util: improve overflow checks
commit 49371bb fixed the observed division by zero, but missed another
occurrence of the same bug. It was also not the optimal fix. We can
simply make the divisor a constant by swapping it with the compared
value.
Dave Reisner [Mon, 29 Oct 2012 19:49:34 +0000 (15:49 -0400)]
util: avoid divide by zero FPE
In early userspace, if kernel initialization happens extremely quickly,
a call to systemd-timestamp can potentially result in division by zero.
Ensure that the check in timespec_load, which only makes sense if tv_sec
is greater than zero, is guarded by this condition.
Olivier Brunel [Sat, 13 Oct 2012 12:24:15 +0000 (14:24 +0200)]
swap: fix swap behaviour with symlinks
Starting a swap unit pointing to (What) a symlink (e.g. /dev/mapper/swap
or /dev/disk/by-uuid/...) would have said unit marked active, following
the one using the "actual" device (/dev/{dm-1,sda3}), but that new unit
would be seen as inactive.
Since all requests to stop swap units would follow/redirect to it,
and it is seen inactive, nothing would be done (swapoff never called).
This is because this unit would be treated twice in
swap_process_new_swap, the second call to swap_add_one causing it to
eventually be marked inactive.
Michal Sekletar [Fri, 26 Oct 2012 12:16:18 +0000 (14:16 +0200)]
localectl: fix memleak, use _cleanup_strv_free_
l might contain zero strings, however there is still memory
allocated for NULL terminator, use _cleanup_strv_free_ instead to
prevent tiny leak in such case.
journal: provide an API that allows client to figure out whether they need to recheck the journal manually for changes in regular intervals
Network file systems generally do not offer inotify() that would work
across the network. We hence cannot rely on inotify() exclusiely in
those case. Provide an API to determine these cases, and suggest doing
manual regular rechecks.
Note that this is not complete yet, as we need to rescan journal dirs on
network file systems explicitly to find new/removed files
When traversing entry array chains for a bisection or for retrieving an
item by index we previously always started at the beginning of the
chain. Since we tend to look at the same chains repeatedly, let's cache
where we have been the last time, and maybe we can skip ahead with this
the next time.
This turns most bisections and index lookups from O(log(n)*log(n)) into
O(log(n)). More importantly however, we seek around on disk much less,
which is good to reduce buffer cache and seek times on rotational disks.