Compare commits

...

5 Commits

Author SHA1 Message Date
Lennart Poettering 5abede3247 seccomp: move brk+mmap+mmap2 into @default syscall filter set
These three syscalls are internally used by libc's memory allocation
logic, i.e. ultimately back malloc(). Allocating a bit of memory is so
basic, it should just be in the default set.

This fixes a couple of issues with asan/msan and the seccomp tests: when
asan/msan is used some additional, large memory allocations take place
in the background, and unless mmap/mmap2/brk are allowlisted these will
fail, aborting the test prematurely.
2020-11-19 16:44:50 +01:00
Zbigniew Jędrzejewski-Szmek bca0618705
Merge pull request #17667 from fbuihuu/fix-module-loading-from-udev-rule
Fix module loading from udev rule
2020-11-19 16:35:32 +01:00
Lennart Poettering bb4cbb25d4 man: suffix settings name with = and enclose in <varname> 2020-11-19 16:16:17 +01:00
Franck Bui 42cc2855ba units: wait until some fs modules are entirely loaded before mounting their corresponding filesystem
udev requests to start the fs mount units when their respective module is
loaded. For that it monitors uevents of type "ADD" for the relevant fs modules.

However the uevent is sent by the kernel too early, ie before the init() of the
module is called hence before directories in /sys/fs/ are created.

This patch workarounds adds "Requires/After=modprobe@<fs-module>.service" to
the mount unit, which means that modprobe(8) will be called once the fs module
is announced to be loaded. This sounds pointless, but given that modprobe only
returns after the initialization of the module is complete, it should
workaround the issue.

As a side effect, the module will be automatically loaded if the mount unit is
started manually.

Fixes #17586.
2020-11-19 11:50:52 +01:00
Franck Bui b3e32582f6 Revert "units: skip modprobe@.service if the unit appears to be already loaded"
This reverts commit 9cbf1e58f9.

The presence of /sys/module/%I directory can't be used to assert that the load
of a given module is complete and therefore the call to modprobe(8) can be
skipped. Indeed this directory is created before the init() function of the
module is called.

Users of modprobe@.service needs to be sure that once this service returns the
module is fully operational.
2020-11-19 09:49:42 +01:00
5 changed files with 23 additions and 14 deletions

View File

@ -233,13 +233,11 @@
resolver is not capable of authenticating the server, so it is
vulnerable to "man-in-the-middle" attacks.</para>
<para>In addition to this global DNSOverTLS setting
<para>In addition to this global <varname>DNSOverTLS=</varname> setting
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
also maintains per-link DNSOverTLS settings. For system DNS
servers (see above), only the global DNSOverTLS setting is in
effect. For per-link DNS servers the per-link
setting is in effect, unless it is unset in which case the
global setting is used instead.</para>
also maintains per-link <varname>DNSOverTLS=</varname> settings. For system DNS servers (see above), only the global
<varname>DNSOverTLS=</varname> setting is in effect. For per-link DNS servers the per-link setting is in effect, unless
it is unset in which case the global setting is used instead.</para>
<para>Defaults to off.</para>
</listitem>

View File

@ -282,6 +282,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
.name = "@default",
.help = "System calls that are always permitted",
.value =
"brk\0"
"cacheflush\0"
"clock_getres\0"
"clock_getres_time64\0"
@ -319,6 +320,8 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"getuid\0"
"getuid32\0"
"membarrier\0"
"mmap\0"
"mmap2\0"
"nanosleep\0"
"pause\0"
"prlimit64\0"
@ -468,8 +471,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"mkdirat\0"
"mknod\0"
"mknodat\0"
"mmap\0"
"mmap2\0"
"munmap\0"
"newfstatat\0"
"oldfstat\0"
@ -844,7 +845,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"@signal\0"
"@sync\0"
"@timer\0"
"brk\0"
"capget\0"
"capset\0"
"copy_file_range\0"

View File

@ -13,7 +13,6 @@ DefaultDependencies=no
Before=sysinit.target
Documentation=man:modprobe(8)
ConditionCapability=CAP_SYS_MODULE
ConditionPathExists=!/sys/module/%I
[Service]
Type=oneshot

View File

@ -12,12 +12,18 @@ Description=FUSE Control File System
Documentation=https://www.kernel.org/doc/Documentation/filesystems/fuse.txt
Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
DefaultDependencies=no
ConditionPathExists=/sys/fs/fuse/connections
ConditionCapability=CAP_SYS_ADMIN
ConditionVirtualization=!private-users
After=systemd-modules-load.service
Before=sysinit.target
# These dependencies are used to make certain that the module is fully
# loaded. Indeed udev starts this unit when it receives an uevent for the
# module but the kernel sends it too early, ie before the init() of the module
# is fully operational and /sys/fs/fuse/connections is created, see issue#17586.
After=modprobe@fuse.service
Requires=modprobe@fuse.service
[Mount]
What=fusectl
Where=/sys/fs/fuse/connections

View File

@ -12,11 +12,17 @@ Description=Kernel Configuration File System
Documentation=https://www.kernel.org/doc/Documentation/filesystems/configfs/configfs.txt
Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
DefaultDependencies=no
ConditionPathExists=/sys/kernel/config
ConditionCapability=CAP_SYS_RAWIO
After=systemd-modules-load.service
Before=sysinit.target
# These dependencies are used to make certain that the module is fully
# loaded. Indeed udev starts this unit when it receives an uevent for the
# module but the kernel sends it too early, ie before the init() of the module
# is fully operational and /sys/kernel/config is created, see issue#17586.
After=modprobe@configfs.service
Requires=modprobe@configfs.service
[Mount]
What=configfs
Where=/sys/kernel/config