Compare commits

...

9 Commits

Author SHA1 Message Date
Topi Miettinen cabc1c6d7a units: add ProtectClock=yes
Add `ProtectClock=yes` to systemd units. Since it implies certain
`DeviceAllow=` rules, make sure that the units have `DeviceAllow=` rules so
they are still able to access other devices. Exclude timesyncd and timedated.
2020-04-07 15:37:14 +02:00
Zbigniew Jędrzejewski-Szmek c3362c2f97 Remove message->priority field
A warning is emitted from sd_bus_message_{get,set}_priority. Those functions
are exposed by pystemd, so we have no easy way of checking if anything is
calling them.

Just making the functions always return without doing anything would be an
option, but then we could leave the caller with an undefined variable. So I
think it's better to make the functions emit a warnings and return priority=0
in the get operation.
2020-04-07 15:29:23 +02:00
Zbigniew Jędrzejewski-Szmek 6635f57d3e sysctl: enable coredump for suid binaries
Right now the kernel will not dump anything that went through setuid or
setgid. But it is routine for daemons to do that, and it makes things hard to
debug.

systemd-coredump saves the coredump readable by the users the process was
running as. This should be enough to avoid information leakage. So let's also
tell the kernel to do the coredump.

For https://bugzilla.redhat.com/show_bug.cgi?id=1790972.

Both patterns are stored in the same file, so they are enabled or disabled
together. (Though suid_dumpable=2 is supposed to be safe even when writing to
plain files.)
2020-04-07 15:28:46 +02:00
root f9d29f6d06 fix manager_state 2020-04-07 15:27:50 +02:00
Hans de Goede e6b68254c2 hwdb: Add accel orientation quirk for MPMAN MPWIN895CL tablet
Add a quirk to fix the accelerometer orientation on the MPMAN MPWIN895CL
tablet.
2020-04-07 14:23:31 +02:00
Lennart Poettering 602235f27d
Merge pull request #15349 from keszybz/doc-work
Remove stray file and fix two minor issues in man pages
2020-04-07 14:10:56 +02:00
Zbigniew Jędrzejewski-Szmek 9aa822179b man: update rules
Apparently this step was forgotten in 935052a8aa.
2020-04-06 20:47:14 +02:00
Zbigniew Jędrzejewski-Szmek 326b1f897b Remove stray file 2020-04-06 20:45:41 +02:00
Zbigniew Jędrzejewski-Szmek bb288a2cb3 man: drop apostophe from section title
For whatever reason, this does not get rendered propely in the man
page and results in an invalid code:
W: manual-page-warning /usr/share/man/man7/systemd.special.7.gz 103: warning: macro `AQ' not defined

We say 'user manager' and 'system manager' in most other places, so let's just
use this form here too.
2020-04-06 20:45:41 +02:00
18 changed files with 73 additions and 21 deletions

6
NEWS
View File

@ -1,5 +1,11 @@
systemd System and Service Manager
CHANGES WITH 246 in spe:
* The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
systemd-coredump to save core files for suid processes. When saving
the core file, systemd-coredump will use the effective uid and gid of
the process that faulted.
CHANGES WITH 245:
* A new tool "systemd-repart" has been added, that operates as an

View File

@ -469,6 +469,12 @@ sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnE*:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnMEDION*:*
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
#########################################
# MPMAN
#########################################
sensor:modalias:acpi:BMA250E*:dmi:*:svnMPMAN:pnMPWIN8900CL:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
#########################################
# MSI
#########################################

View File

@ -140,7 +140,12 @@ manpages = [
''],
['sd_bus_attach_event', '3', ['sd_bus_detach_event', 'sd_bus_get_event'], ''],
['sd_bus_call', '3', ['sd_bus_call_async'], ''],
['sd_bus_call_method', '3', ['sd_bus_call_method_async'], ''],
['sd_bus_call_method',
'3',
['sd_bus_call_method_async',
'sd_bus_call_method_asyncv',
'sd_bus_call_methodv'],
''],
['sd_bus_close', '3', ['sd_bus_default_flush_close', 'sd_bus_flush'], ''],
['sd_bus_creds_get_pid',
'3',
@ -325,9 +330,11 @@ manpages = [
'3',
['sd_bus_reply_method_errno',
'sd_bus_reply_method_errnof',
'sd_bus_reply_method_errorf'],
'sd_bus_reply_method_errnofv',
'sd_bus_reply_method_errorf',
'sd_bus_reply_method_errorfv'],
''],
['sd_bus_reply_method_return', '3', [], ''],
['sd_bus_reply_method_return', '3', ['sd_bus_reply_method_returnv'], ''],
['sd_bus_request_name',
'3',
['sd_bus_release_name',

View File

@ -65,7 +65,7 @@
<para>Output for a signal message (with <constant>SD_BUS_MESSAGE_DUMP_WITH_HEADER</constant>):
<programlisting>
‣ Type=signal Endian=l Flags=1 Version=1 Priority=0 Cookie=22
‣ Type=signal Endian=l Flags=1 Version=1 Cookie=22
Path=/value/a Interface=org.freedesktop.DBus.Properties Member=PropertiesChanged
MESSAGE "sa{sv}as" {
STRING "org.freedesktop.systemd.ValueTest";

View File

@ -106,7 +106,7 @@
</refsect1>
<refsect1>
<title>Units managed by the system's service manager</title>
<title>Units managed by the system service manager</title>
<refsect2>
<title>Special System Units</title>
@ -1058,7 +1058,7 @@
</refsect1>
<refsect1>
<title>Units managed by the user's service manager</title>
<title>Units managed by the user service manager</title>
<refsect2>
<title>Special User Units</title>

View File

@ -1200,7 +1200,6 @@ static int message_json(sd_bus_message *m, FILE *f) {
JSON_BUILD_PAIR("endian", JSON_BUILD_STRING(e)),
JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(m->header->flags)),
JSON_BUILD_PAIR("version", JSON_BUILD_INTEGER(m->header->version)),
JSON_BUILD_PAIR_CONDITION(m->priority != 0, "priority", JSON_BUILD_INTEGER(m->priority)),
JSON_BUILD_PAIR("cookie", JSON_BUILD_INTEGER(BUS_MESSAGE_COOKIE(m))),
JSON_BUILD_PAIR_CONDITION(m->reply_cookie != 0, "reply_cookie", JSON_BUILD_INTEGER(m->reply_cookie)),
JSON_BUILD_PAIR_CONDITION(m->sender, "sender", JSON_BUILD_STRING(m->sender)),

View File

@ -4247,6 +4247,11 @@ ManagerState manager_state(Manager *m) {
assert(m);
/* Is the special shutdown target active or queued? If so, we are in shutdown state */
u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
if (u && unit_active_or_pending(u))
return MANAGER_STOPPING;
/* Did we ever finish booting? If not then we are still starting up */
if (!MANAGER_IS_FINISHED(m)) {
@ -4257,11 +4262,6 @@ ManagerState manager_state(Manager *m) {
return MANAGER_STARTING;
}
/* Is the special shutdown target active or queued? If so, we are in shutdown state */
u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
if (u && unit_active_or_pending(u))
return MANAGER_STOPPING;
if (MANAGER_IS_SYSTEM(m)) {
/* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);

View File

@ -56,7 +56,7 @@ _public_ int sd_bus_message_dump(sd_bus_message *m, FILE *f, uint64_t flags) {
if (flags & SD_BUS_MESSAGE_DUMP_WITH_HEADER) {
fprintf(f,
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u Priority=%"PRIi64,
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u",
m->header->type == SD_BUS_MESSAGE_METHOD_ERROR ? ansi_highlight_red() :
m->header->type == SD_BUS_MESSAGE_METHOD_RETURN ? ansi_highlight_green() :
m->header->type != SD_BUS_MESSAGE_SIGNAL ? ansi_highlight() : "",
@ -69,8 +69,7 @@ _public_ int sd_bus_message_dump(sd_bus_message *m, FILE *f, uint64_t flags) {
m->header->endian,
m->header->flags,
m->header->version,
m->priority);
m->header->version);
/* Display synthetic message serial number in a more readable
* format than (uint32_t) -1 */

View File

@ -5924,18 +5924,31 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
}
_public_ int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority) {
static bool warned = false;
assert_return(m, -EINVAL);
assert_return(priority, -EINVAL);
*priority = m->priority;
if (!warned) {
log_debug("sd_bus_message_get_priority() is deprecated and always returns 0.");
warned = true;
}
*priority = 0;
return 0;
}
_public_ int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority) {
static bool warned = false;
assert_return(m, -EINVAL);
assert_return(!m->sealed, -EPERM);
m->priority = priority;
if (!warned) {
log_debug("sd_bus_message_set_priority() is deprecated and does nothing.");
warned = true;
}
return 0;
}

View File

@ -76,7 +76,6 @@ struct sd_bus_message {
usec_t monotonic;
usec_t realtime;
uint64_t seqnum;
int64_t priority;
uint64_t verify_destination_id;
bool sealed:1;

View File

@ -5,8 +5,23 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See sysctl.d(5) for the description of the files in this directory,
# and systemd-coredump(8) and core(5) for the explanation of the
# setting below.
# See sysctl.d(5) for the description of the files in this directory.
# Pipe the core file to systemd-coredump. The systemd-coredump process spawned
# by the kernel will start a second copy of itself as the
# systemd-coredump@.service, which will do the actual processing and storing of
# the core dump.
#
# See systemd-coredump(8) and core(5).
kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h
# Also dump processes executing a set-user-ID/set-group-ID program that is
# owned by a user/group other than the real user/group ID of the process, or
# a program that has file capabilities. ("2" is called "suidsafe" in core(5)).
#
# systemd-coredump will store the core file owned by the effective uid and gid
# of the running process (and not the filesystem-user-ID which the kernel uses
# when saving a core dump).
#
# See proc(5), setuid(2), capabilities(7).
fs.suid_dumpable=2

View File

@ -21,6 +21,7 @@ NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes

View File

@ -25,6 +25,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
OOMScoreAdjust=-250
ProtectClock=yes
Restart=always
RestartSec=0
RestrictAddressFamilies=AF_UNIX AF_NETLINK

View File

@ -36,6 +36,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes

View File

@ -26,6 +26,7 @@ ExecStart=!!@rootlibexecdir@/systemd-networkd
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes

View File

@ -28,6 +28,7 @@ MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes

View File

@ -16,6 +16,8 @@ Before=sysinit.target
ConditionPathIsReadWrite=/sys
[Service]
DeviceAllow=block-* rwm
DeviceAllow=char-* rwm
Type=notify
# Note that udev also adjusts the OOM score internally and will reset the value internally for its workers
OOMScoreAdjust=-1000
@ -27,6 +29,7 @@ ExecReload=udevadm control --reload --timeout 0
KillMode=mixed
TasksMax=infinity
PrivateMounts=yes
ProtectClock=yes
ProtectHostname=yes
MemoryDenyWriteExecute=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6