hwdb: add fuzz for Dell Latitude E7470 (#18876)

It's so similar to copy_access(), hence let's move it over and rename it
in similar style to the rest of the functions.

No change in behaviour, just moving things over.

hwdb.d/60-evdev.hwdb

@@ -265,10 +265,10 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE725
 
 # Dell Latitude E7470
 evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470:*
- EVDEV_ABS_00=29:2930:30
+ EVDEV_ABS_00=29:2930:30:16
- EVDEV_ABS_01=26:1533:29
+ EVDEV_ABS_01=26:1533:29:16
- EVDEV_ABS_35=29:2930:30
+ EVDEV_ABS_35=29:2930:30:16
- EVDEV_ABS_36=26:1533:29
+ EVDEV_ABS_36=26:1533:29:16
 
 # Dell Precision 5510
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510:*

man/systemd-nspawn.xml

@@ -801,46 +801,59 @@
       <varlistentry>
         <term><option>--network-interface=</option></term>
 
-        <listitem><para>Assign the specified network interface to the
+        <listitem><para>Assign the specified network interface to the container. This will remove the
-        container. This will remove the specified interface from the
+        specified interface from the calling namespace and place it in the container. When the container
-        calling namespace and place it in the container. When the
+        terminates, it is moved back to the calling namespace.  Note that
-        container terminates, it is moved back to the host namespace.
+        <option>--network-interface=</option> implies <option>--private-network</option>. This option may be
-        Note that <option>--network-interface=</option> implies
+        used more than once to add multiple network interfaces to the container.</para>
-        <option>--private-network</option>. This option may be used
+
-        more than once to add multiple network interfaces to the
+        <para>Note that any network interface specified this way must already exist at the time the container
-        container.</para></listitem>
+        is started. If the container shall be started automatically at boot via a
+        <filename>systemd-nspawn@.service</filename> unit file instance, it might hence make sense to add a
+        unit file drop-in to the service instance
+        (e.g. <filename>/etc/systemd/system/systemd-nspawn@foobar.service.d/50-network.conf</filename>) with
+        contents like the following:</para>
+
+        <programlisting>[Unit]
+Wants=sys-subsystem-net-devices-ens1.device
+After=sys-subsystem-net-devices-ens1.device</programlisting>
+
+        <para>This will make sure that activation of the container service will be delayed until the
+        <literal>ens1</literal> network interface has shown up. This is required since hardware probing is
+        fully asynchronous, and network interfaces might be discovered only later during the boot process,
+        after the container would normally be started without these explicit dependencies.</para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term><option>--network-macvlan=</option></term>
 
-        <listitem><para>Create a <literal>macvlan</literal> interface
+        <listitem><para>Create a <literal>macvlan</literal> interface of the specified Ethernet network
-        of the specified Ethernet network interface and add it to the
+        interface and add it to the container. A <literal>macvlan</literal> interface is a virtual interface
-        container. A <literal>macvlan</literal> interface is a virtual
+        that adds a second MAC address to an existing physical Ethernet link. The interface in the container
-        interface that adds a second MAC address to an existing
+        will be named after the interface on the host, prefixed with <literal>mv-</literal>. Note that
-        physical Ethernet link. The interface in the container will be
+        <option>--network-macvlan=</option> implies <option>--private-network</option>. This option may be
-        named after the interface on the host, prefixed with
+        used more than once to add multiple network interfaces to the container.</para>
-        <literal>mv-</literal>. Note that
+
-        <option>--network-macvlan=</option> implies
+        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
-        <option>--private-network</option>. This option may be used
+        already exist at the time the container is started, and thus similar unit file drop-ins as described
-        more than once to add multiple network interfaces to the
+        above might be useful.</para></listitem>
-        container.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term><option>--network-ipvlan=</option></term>
 
-        <listitem><para>Create an <literal>ipvlan</literal> interface
+        <listitem><para>Create an <literal>ipvlan</literal> interface of the specified Ethernet network
-        of the specified Ethernet network interface and add it to the
+        interface and add it to the container. An <literal>ipvlan</literal> interface is a virtual interface,
-        container. An <literal>ipvlan</literal> interface is a virtual
+        similar to a <literal>macvlan</literal> interface, which uses the same MAC address as the underlying
-        interface, similar to a <literal>macvlan</literal> interface,
+        interface.  The interface in the container will be named after the interface on the host, prefixed
-        which uses the same MAC address as the underlying interface.
+        with <literal>iv-</literal>.  Note that <option>--network-ipvlan=</option> implies
-        The interface in the container will be named after the
+        <option>--private-network</option>. This option may be used more than once to add multiple network
-        interface on the host, prefixed with <literal>iv-</literal>.
+        interfaces to the container.</para>
-        Note that <option>--network-ipvlan=</option> implies
+
-        <option>--private-network</option>. This option may be used
+        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
-        more than once to add multiple network interfaces to the
+        already exist at the time the container is started, and thus similar unit file drop-ins as described
-        container.</para></listitem>
+        above might be useful.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -907,7 +920,11 @@
         this option is used, the host side of the Ethernet link will use the <literal>vb-</literal> prefix
         instead of <literal>ve-</literal>. Regardless of the used naming prefix the same network interface
         name length limits imposed by Linux apply, along with the complications this creates (for details see
-        above).</para></listitem>
+        above).</para>
+
+        <para>As with <option>--network-interface=</option>, the underlying bridge network interface must
+        already exist at the time the container is started, and thus similar unit file drop-ins as described
+        above might be useful.</para></listitem>
       </varlistentry>
 
       <varlistentry>

src/basic/copy.c

@@ -1147,24 +1147,24 @@ int copy_file_atomic_full(
          * writing it. */
 
         if (copy_flags & COPY_REPLACE) {
-                r = tempfn_random(to, NULL, &t);
+                _cleanup_free_ char *f = NULL;
+
+                r = tempfn_random(to, NULL, &f);
                 if (r < 0)
                         return r;
 
                 if (copy_flags & COPY_MAC_CREATE) {
                         r = mac_selinux_create_file_prepare(to, S_IFREG);
-                        if (r < 0) {
+                        if (r < 0)
-                                t = mfree(t);
                                 return r;
-                        }
                 }
-                fdt = open(t, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
+                fdt = open(f, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
                 if (copy_flags & COPY_MAC_CREATE)
                         mac_selinux_create_file_clear();
-                if (fdt < 0) {
+                if (fdt < 0)
-                        t = mfree(t);
                         return -errno;
-                }
+
+                t = TAKE_PTR(f);
         } else {
                 if (copy_flags & COPY_MAC_CREATE) {
                         r = mac_selinux_create_file_prepare(to, S_IFREG);
@@ -1232,6 +1232,8 @@ int copy_access(int fdf, int fdt) {
         assert(fdf >= 0);
         assert(fdt >= 0);
 
+        /* Copies just the access mode (and not the ownership) from fdf to fdt */
+
         if (fstat(fdf, &st) < 0)
                 return -errno;
 
@@ -1241,6 +1243,20 @@ int copy_access(int fdf, int fdt) {
         return 0;
 }
 
+int copy_rights(int fdf, int fdt) {
+        struct stat st;
+
+        assert(fdf >= 0);
+        assert(fdt >= 0);
+
+        /* Copies both access mode and ownership from fdf to fdt */
+
+        if (fstat(fdf, &st) < 0)
+                return -errno;
+
+        return fchmod_and_chown(fdt, st.st_mode & 07777, st.st_uid, st.st_gid);
+}
+
 int copy_xattr(int fdf, int fdt) {
         _cleanup_free_ char *names = NULL;
         int ret = 0, r;

src/basic/copy.h

@@ -64,4 +64,5 @@ static inline int copy_bytes(int fdf, int fdt, uint64_t max_bytes, CopyFlags cop
 
 int copy_times(int fdf, int fdt, CopyFlags flags);
 int copy_access(int fdf, int fdt);
+int copy_rights(int fdf, int fdt);
 int copy_xattr(int fdf, int fdt);

src/basic/fileio.c

@@ -548,7 +548,9 @@ int read_full_stream_full(
                 }
 
                 buf = t;
-                n = n_next;
+                /* Unless a size has been explicitly specified, try to read as much as fits into the memory
+                 * we allocated (minus 1, to leave one byte for the safety NUL byte) */
+                n = size == SIZE_MAX ? malloc_usable_size(buf) - 1 : n_next;
 
                 errno = 0;
                 k = fread(buf + l, 1, n - l, f);
@@ -1325,15 +1327,6 @@ int warn_file_is_world_accessible(const char *filename, struct stat *st, const c
         return 0;
 }
 
-int sync_rights(int from, int to) {
-        struct stat st;
-
-        if (fstat(from, &st) < 0)
-                return -errno;
-
-        return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
-}
-
 int rename_and_apply_smack_floor_label(const char *from, const char *to) {
         int r = 0;
         if (rename(from, to) < 0)

src/basic/fileio.h

@@ -118,6 +118,4 @@ int safe_fgetc(FILE *f, char *ret);
 
 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line);
 
-int sync_rights(int from, int to);
-
 int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);

src/basic/rm-rf.h

@@ -24,7 +24,7 @@ static inline char *rm_rf_physical_and_free(char *p) {
         if (!p)
                 return NULL;
 
-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK|REMOVE_CHMOD);
         free(p);
         return NULL;
 }
@@ -37,7 +37,7 @@ static inline char *rm_rf_subvolume_and_free(char *p) {
         if (!p)
                 return NULL;
 
-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME|REMOVE_MISSING_OK|REMOVE_CHMOD);
         free(p);
         return NULL;
 }

src/firstboot/firstboot.c

@@ -675,7 +675,7 @@ static int write_root_passwd(const char *passwd_path, const char *password, cons
         if (original) {
                 struct passwd *i;
 
-                r = sync_rights(fileno(original), fileno(passwd));
+                r = copy_rights(fileno(original), fileno(passwd));
                 if (r < 0)
                         return r;
 
@@ -743,7 +743,7 @@ static int write_root_shadow(const char *shadow_path, const char *hashed_passwor
         if (original) {
                 struct spwd *i;
 
-                r = sync_rights(fileno(original), fileno(shadow));
+                r = copy_rights(fileno(original), fileno(shadow));
                 if (r < 0)
                         return r;
 

src/run/run.c

@@ -956,10 +956,12 @@ static int make_unit_name(sd_bus *bus, UnitType t, char **ret) {
                 return 0;
         }
 
-        /* We managed to get the unique name, then let's use that to
+        /* We managed to get the unique name, then let's use that to name our transient units. */
-         * name our transient units. */
 
-        id = startswith(unique, ":");
+        id = startswith(unique, ":1."); /* let' strip the usual prefix */
+        if (!id)
+                id = startswith(unique, ":"); /* the spec only requires things to start with a colon, hence
+                                               * let's add a generic fallback for that. */
         if (!id)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Unique name %s has unexpected format.",

src/sysusers/sysusers.c

@@ -393,7 +393,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
         original = fopen(passwd_path, "re");
         if (original) {
 
-                r = sync_rights(fileno(original), fileno(passwd));
+                r = copy_rights(fileno(original), fileno(passwd));
                 if (r < 0)
                         return r;
 
@@ -494,7 +494,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
         original = fopen(shadow_path, "re");
         if (original) {
 
-                r = sync_rights(fileno(original), fileno(shadow));
+                r = copy_rights(fileno(original), fileno(shadow));
                 if (r < 0)
                         return r;
 
@@ -590,7 +590,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
         original = fopen(group_path, "re");
         if (original) {
 
-                r = sync_rights(fileno(original), fileno(group));
+                r = copy_rights(fileno(original), fileno(group));
                 if (r < 0)
                         return r;
 
@@ -688,7 +688,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
         if (original) {
                 struct sgrp *sg;
 
-                r = sync_rights(fileno(original), fileno(gshadow));
+                r = copy_rights(fileno(original), fileno(gshadow));
                 if (r < 0)
                         return r;