summaryrefslogtreecommitdiffstats
path: root/src/test (follow)
Commit message (Collapse)AuthorAgeFilesLines
* mount-util: introduce path_is_network_fs_harder()Yu Watanabe2024-11-051-0/+7
| | | | It also detects e.g. glusterfs or mounts with "_netdev" option.
* namespace-util: add util function to check if id-mapped mounts are supported ↵Andres Beltran2024-11-011-0/+8
| | | | for a given path
* core/service: don't propagate stop jobs if RestartMode=direct (#34768)Lennart Poettering2024-11-011-12/+12
|\ | | | | Fixes https://github.com/systemd/systemd/issues/34758
| * core/manager: introduce manager_add_job_full() which takes extra ↵Mike Yuan2024-10-271-12/+12
| | | | | | | | | | | | TransactionAddFlags No functional change. Preparation for later commits.
* | util-lib/systemd-run: implement race-free PTY peer opening (#34953)Luca Boccassi2024-11-011-3/+22
|\ \ | | | | | | | | | | | | | | | | | | | | | This makes use of the new TIOCGPTPEER pty ioctl() for directly opening a PTY peer, without going via path names. This is nice because it closes a race around allocating and opening the peer. And also has the nice benefit that if we acquired an fd originating from some other namespace/container, we can directly derive the peer fd from it, without having to reenter the namespace again.
| * | terminal-util: add pty_open_peer() helperLennart Poettering2024-10-301-3/+22
| | | | | | | | | | | | | | | This opens a pty peer in one go, and uses the new race-free TIOCGPTPEER ioctl() to do so – if it is available.
* | | tweaks to ANSI sequence (OSC) handling (#34964)Luca Boccassi2024-11-011-0/+9
|\ \ \ | | | | | | | | | | | | | | | | | | | | Fixes: #34604 Prompted by that I realized we do not correctly recognize both "ST" sequences we want to recognize, fix that.
| * | | string-util: also check for 0x1b 0x5c ST when stripping ANSI from stringsLennart Poettering2024-10-311-0/+9
| | | |
* | | | Homed update policy: user changing own settings (#31153)Luca Boccassi2024-11-012-0/+102
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework of #30109 to deal with changes in #30840 and discussed changes to behavior Depends on and includes #30840 Fixes https://github.com/systemd/systemd/issues/34268
| * | | | test: Test user record selfModifiable behaviorAdrian Vovk2024-11-012-0/+102
| |/ / /
* | | | Drop trailing NUL in .sbat/.sdmagic sections (#34950)Lennart Poettering2024-10-311-5/+14
|\ \ \ \
| * | | | test-sbat: separate the two sbat sectionsZbigniew Jędrzejewski-Szmek2024-10-301-5/+14
| | | | |
* | | | | env-util: introduce strv_env_get_merged()Yu Watanabe2024-10-311-0/+11
| |/ / / |/| | |
* | | | sd-varlink: change sd_varlink_error() to always return an errorLennart Poettering2024-10-311-8/+20
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's make sure that sd_varlink_error() always returns an error code, so that we can use it in a style "return sd_varlink_error(…);" everywhere, which has two effects: return a good error reply to clients, and exit the current stack frame with a failure code. Interestingly sd_varlink_error_invalid_parameter() already worked like this in some cases, but sd_varlink_error() itself didn't. This is an alternative to the error handling tweak proposed in #34882, but I think is a lot more generically useful, since it establishes a pattern. I checked our codebase, and this change should generally be OK without breaking callsites, since the current callers (with exception of the machined case from #34882) called sd_varlink_error() in the outermost varlink method call dispatch stack frame, where this behaviour change does not alter anything. This is similar btw, how sd_bus_error_setf() and friends always return error codes too, synthesized from its parameters.
* | | Fix display of qrcodes by bsod and other related cleanups (#34914)Lennart Poettering2024-10-301-0/+4
|\ \ \ | |/ / |/| |
| * | test-terminal-util: print value of colors_enabled()Zbigniew Jędrzejewski-Szmek2024-10-291-0/+4
| |/ | | | | | | This makes it easier to diagnose why colors are disabled.
* | pretty-print: add format-string version of draw_progress_bar()Lennart Poettering2024-10-291-3/+3
| | | | | | | | | | We often format the prefix string via asprintf() before, let's hence add a helper for that.
* | meson.build: do not mark test-progress-bar as manualLennart Poettering2024-10-291-1/+0
|/ | | | | It will finish on its own always and cleanly, and running it always should increase test coverage.
* tree-wide: replace for loop with FOREACH_ELEMENT or FOREACH_ARRAY macros ↵Integral2024-10-2613-75/+72
| | | | (#34893)
* run0: optionally show superhero emoji on each shell promptLennart Poettering2024-10-251-1/+2
| | | | | This makes use of the infra introduced in 229d4a980607e9478cf1935793652ddd9a14618b to indicate visually on each prompt that we are in superuser mode temporarily. pick ad5de3222f userdbctl: add some basic client-side filtering
* user-util: tighten shell validation a tiny bitLennart Poettering2024-10-241-0/+18
|
* Merge pull request #27916 from yuwata/test-execute-credstoreYu Watanabe2024-10-241-4/+4
|\ | | | | test: update permission of credstore
| * test-execute: update permission of credstoreYu Watanabe2024-10-221-4/+4
| | | | | | | | Follow-up for 40fb9eebbc075ce1e63100386d2c5f177ad7d738.
* | refactor: replace sizeof in loop with ELEMENTSOF & FOREACH_ELEMENT (#34863)Integral2024-10-231-7/+6
| |
* | fs-util: tweak how openat_report_new() operates when O_CREAT is used on a ↵Lennart Poettering2024-10-222-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dangling symlink One of the big mistakes of Linux is that when you create a file with open() and O_CREAT and the file already exists as dangling symlink that the symlink will be followed and the file created that it points to. This has resulted in many vulnerabilities, and triggered the creation of the O_MOFOLLOW flag, addressing the problem. O_NOFOLLOW is less than ideal in many ways, but in particular one: when actually creating a file it makes sense to set, because it is a problem to follow final symlinks in that case. But if the file is already existing, it actually does make sense to follow the symlinks. With openat_report_new() we distinguish these two cases anyway (the whole function exists only to distinguish the create and the exists-already case after all), hence let's do something about this: let's simply never create files "through symlinks". This can be implemented very easily: just pass O_NOFOLLOW to the 2nd openat() call, where we actually create files. And then basically remove 0dd82dab91eaac5e7b17bd5e9a1e07c6d2b78dca again, because we don't need to care anymore, we already will see ELOOP when we touch a symlink. Note that this change means that openat_report_new() will thus start to deviate from plain openat() behaviour in this one small detail: when actually creating files we will *never* follow the symlink. That should be a systematic improvement of security. Fixes: #34088
* | label: tweak LabelOps post() hook to take "created" booleanLennart Poettering2024-10-221-7/+7
|/ | | | | | | | | | | | | We have two distinct implementations of the post hook. 1. For SELinux we just reset the selinux label we told the kernel earlier to use for new inodes. 2. For SMACK we might apply an xattr to the specified file. The two calls are quite different: the first call we want to call in all cases (failure or success), the latter only if we actually managed to create an inode, in which case it is called on the inode.
* Merge pull request #30952 from rpigott/resolved-dnrLennart Poettering2024-10-221-0/+89
|\ | | | | RFC9463: Discovery of Network-designated Resolvers
| * dns: introduce dns_name_from_wire_formatRonan Pigott2024-09-141-0/+89
| | | | | | | | | | This is implemented in various places, but it is better to share this code.
* | test: CET/EET are deprecated, use Europe/Berlin and KyivLuca Boccassi2024-10-211-11/+11
| | | | | | | | | | The links moved to the legacy dataset so they won't be available by default, so stop using them and just use the city ones instead
* | test: fix TOCTOU in test-jsonYu Watanabe2024-10-161-4/+4
| | | | | | | | | | Follow-up for 60ae3b86fb52d545b279e3927d2214462385e734. Fixes CID#1563782.
* | json-util: initialize "remote" flag for PidRef when parsing JSON pidref ↵Lennart Poettering2024-10-151-4/+22
| | | | | | | | | | | | | | serializations Now that we have a way to recognize "remoteness" of a PidRef, let's make sure when we decode a JSON pidref we initialize things that way.
* | pidref: add explicit concept of "remote" PidRefLennart Poettering2024-10-151-0/+22
| | | | | | | | | | | | | | | | | | | | This PidRef just track some data, but cannot be used for any active operation. Background: for https://github.com/systemd/systemd/pull/34703 it makes sense to track explicitly if some PidRef is not a local one, so that we never attempt to for example "kill a remote process" and thus acccidentally hit the wrong process (i.e. a local one by the same PID).
* | Merge pull request #34778 from poettering/userdb-error-tweakLennart Poettering2024-10-151-3/+54
|\ \ | | | | | | userdb: handle userbd replies indicating invalid user/group names like record not found
| * | sd-varlink: add new sd_varlink_error_is_invalid_parameter() helperLennart Poettering2024-10-151-3/+54
| | |
* | | Merge pull request #34747 from yuwata/busctl-json-fdLennart Poettering2024-10-151-0/+94
|\ \ \ | |/ / |/| | busctl: dump passed fd info
| * | sd-json: introduce json_variant_new_fd_info()Yu Watanabe2024-10-151-0/+71
| | | | | | | | | | | | Currently this is not used, but will be used later.
| * | sd-json: introduce json_variant_new_devnum() and friendsYu Watanabe2024-10-151-0/+23
| | |
* | | machine: add MachineImage interfaceYu Watanabe2024-10-151-0/+3
|/ / | | | | | | | | Follow-up for fb0ea6a6a36b5fa97e6c57d608bb9f7acb63c8b2. Fixes #34772.
* | Merge pull request #34723 from poettering/machined-pidref-moreLennart Poettering2024-10-151-0/+16
|\ \ | | | | | | machined: switch remaining Varlink overs over to use json_dispatch_pidref() and friends
| * | pidref: hookup PID_AUTOMATIC special pid_t value with PidRefLennart Poettering2024-10-141-0/+16
| | | | | | | | | | | | | | | | | | The PID_AUTOMATIC value is now properly recognized by the PidRef logic too. This needed some massaging of header includes, to ensure pidref.h can access process-util.h's definitions and vice versa.
* | | shared/exec-util: minor rearrangement, drop unused EXEC_DIR_NONEMike Yuan2024-10-151-1/+3
| | |
* | | test: add test for local outbounds with preferred source addressYu Watanabe2024-10-131-9/+84
|/ /
* | Merge pull request #34722 from anonymix007/fundamental-sha1Yu Watanabe2024-10-122-0/+59
|\ \ | | | | | | fundamental: Add SHA1
| * | test: Add tests for SHA1anonymix0072024-10-112-0/+59
| | |
* | | in-addr-util: rename in_addr_prefix_from_string_auto_internal() -> _full()Yu Watanabe2024-10-111-1/+1
|/ / | | | | | | | | The function is also used in other source files. Hence, not internal. No functional change, just refactoring.
* | json: add builder/dispatcher for PidRef → JSON and backLennart Poettering2024-10-111-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far, at the one place we sent a PID over Varlink we did so as a simple numeric pid_t value. That's of course is racy, since classic PIDs are recycled too eagerly. Let's address that, by passing around JSON objects distantly resembling our PidRef structure. Note that this JSON object does *not* contain the pidfd, however, but just the pidfd inode number if known. I originally planned to include the pidfd in some direct form, but I figured that's not really the best idea, since we always need a side-channel of some form for that (i.e. AF_UNIX/SCM_RIGHTS), but we should be able to report about PIDs even without that. Moreover, while sending the pid number and pidfd id around should always be OK to do, it's a lot more problematic to always send a pidfd around, since that implies that fd passing is on and it is OK to install fds remotely in some IPC peers fd table. For example, when doing a wild dump of service manager service state we really shouldn't end up with a bunch of fds installed in our client's fd table. Hence, all in all I think it is cleaner to define a structure carrying pid number and pidfd inode id, wich is passed directly as JSON. And then optionally, in a separate field also pass around a pidfd where it makes sense. Note that sending around pidfds is not that beneficial anymore if we have the pidfd inode id, because we can always securely and reliably get a pidfd back from a pair of pid + inode id: first we do pidfd_open() on the pid, and then we check if it is really the right one by comparing .st_ino after fstat(). This logic is implemented gracefully: if for some reason pidfd/pidfd inode nrs are not available (too old kernel), we'll fall back to plain PID numbers. The dispatching logic knows two distinct levels of validation of the provided PID data: if SD_JSON_STRICT is specified we'll acquire a pidfd for the PID, thus verifying it currently exists and failing if it doesn't. If the flag is not set, well just store the provided info as-is, will try to acquire a pidfd for it, but not fail if we cannot. Both modes are important in different contexts. Also note that in addition to the pidfd inode nr we always store the current boot ID of the system in the JSON object, since only the combination of pidfd inode nr and boot ID of the system really is a world-wide unique reference to a process. When dispatching a JSON pid field we operate somewhat gracefully: we either support the triplet structure of pid, pid inode nr, boot id, or we accept a simple classic UNIX pid.
* | test: also dump varlink IDL for Machine interface in the testLennart Poettering2024-10-111-0/+3
| |
* | Merge pull request #34675 from poettering/dupfd-queryLuca Boccassi2024-10-082-22/+44
|\ \ | | | | | | fd-util: use F_DUPFD_QUERY for same_fd()
| * | fd-util: use F_DUPFD_QUERY for same_fd()Lennart Poettering2024-10-081-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Catch up with the nice little toys the kernel fs developers have added for us. Preferably, let's make use of the new F_DUPFD_QUERY fcntl() call that checks whether two fds are just duplicates of each other (duplicates as in dup(), not as in open() of the same inode, i.e. whether they share a single file offset and so on). This API is much nicer, since it is a core kernel feature, unlike the kcmp() call we so far used, which is part of the (optional) checkpoint/restore stuff. F_DUPFD_QUERY is available since kernel 6.10.
| * | fd-util: introduce fd_validate() helperLennart Poettering2024-10-082-21/+27
| | | | | | | | | | | | | | | It just uses F_GETFD to validate an fd. it's a bit easier to read though, and handles the < 0 case internally.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 20:13:03 +0100