Re: [systemd-devel] Work on adding polkit support to systemd1
On 18.08.2014 18:22, Lennart Poettering wrote: On Fri, 15.08.14 19:28, Stef Walter (st...@redhat.com) wrote: On 15.08.2014 18:56, Lennart Poettering wrote: On Fri, 15.08.14 18:25, Stef Walter (st...@redhat.com) wrote: On 13.08.2014 20:27, Lennart Poettering wrote: On Wed, 06.08.14 13:23, Stef Walter (st...@redhat.com) wrote: I've done initial work on adding polkit support to systemd1 DBus methods. You can see it here: Thanks for the review. Worked on this a bit more. I might drop off the face of the earth for a couple weeks. In case I do, I thought I'd update my public branch. But if I'm around, I'll test and prepare a patch set early next week. https://github.com/stefwalter/systemd/commits/polkit-systemd1 Hmm, yuck. There's a security issue here... Reading the capabilities from the sender on dbus1 is racy, since we have to read it from /proc/$PID/stat and don't get it sent along with the message, like we do on kdbus. A rogue client could send a message, quickly invoke some suid binary, and we'd consider the client trusted. Now for the low-level implementation of the vtable bit we are actually smart, and check by UID on dbus1, and by cap on kdbus, in order to avoid the vulnerability. Hmm, now I wonder how to best handle this for cases like this, we probably need some generic way how clients can make this decision in an always safe way... I need to think more about this... By the way, there's some similar problematic code in the modified KillUnit() method implementation ... changed from specifying the CAP_KILL in the vtable, and now it does a manual check. Patch set looks great otherwise. I'll come up with something for the security issue, then adapt your patch, and merge it. I haven't tested the updated branch at all :) So it may go boom... I have now pushed this, after reworking this on top some major changes to bus_verify_polkit(), which avoids having to pass the original callbacks through to the function that ultimately does the verification. While merging I also made another change, you are probably not going to like: I turned of the interactivity for the polkit checks. Interactivity needs to be optional, and it currently is for all out polkit-enabled bus methods. And we should do the same for the PID 1 offered methods. Ugh. Now, of course, we should open this up for inetractive (after all, that's what polkit is good for), but we probably need a new set of methods for that, which take the original arguments but also take a boolean argument to enable ineractivity. Hence, we probably should have StartUnit2() in addition to StartUnit(). That seems ugly. I think we should either: * Have a method which we can invoke to make a client opt into interactive polkit prompting for any invoked method. * Version all the org.freedesktop.systemd1.Manager to org.freedesktop.systemd1.Manager2 or something like that and support both interfaces. Cheers, Stef ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Work on adding polkit support to systemd1
Hi On Mon, Sep 1, 2014 at 9:51 AM, Stef Walter st...@redhat.com wrote: On 18.08.2014 18:22, Lennart Poettering wrote: I have now pushed this, after reworking this on top some major changes to bus_verify_polkit(), which avoids having to pass the original callbacks through to the function that ultimately does the verification. While merging I also made another change, you are probably not going to like: I turned of the interactivity for the polkit checks. Interactivity needs to be optional, and it currently is for all out polkit-enabled bus methods. And we should do the same for the PID 1 offered methods. Ugh. Now, of course, we should open this up for inetractive (after all, that's what polkit is good for), but we probably need a new set of methods for that, which take the original arguments but also take a boolean argument to enable ineractivity. Hence, we probably should have StartUnit2() in addition to StartUnit(). That seems ugly. I think we should either: * Have a method which we can invoke to make a client opt into interactive polkit prompting for any invoked method. * Version all the org.freedesktop.systemd1.Manager to org.freedesktop.systemd1.Manager2 or something like that and support both interfaces. We had the idea to reserve a single bit in the dbus message header for that. See the discussion on the dbus-ML: http://lists.freedesktop.org/archives/dbus/2014-August/016294.html It looks like the most sane way to resolve this issue, imho. Thanks David ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 3/3] TODO: Remove Elapsed Time DHCPv6 option as it is done
--- TODO | 1 - 1 file changed, 1 deletion(-) diff --git a/TODO b/TODO index 221b39f..4aebcc4 100644 --- a/TODO +++ b/TODO @@ -697,7 +697,6 @@ Features: - implement reconfigure support, see 5.3., 15.11. and 22.20. - implement information request, see 1.2. and 18.1.5. - implement support for temporary adressess (IA_TA) - - implement elapsed time option - implement dhcpv6 authentication - investigate the usefulness of Confirm messages; i.e. are there any situations where the link changes without any loss in carrier detection -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 1/3] sd-dhcp6-client: Implement Elapsed Time option
Implement Elapsed Time option as it is defined as MUST in RFC 3315, section 22.9. The elapsed time value is a 1/100th of a second with a max value of 0x, i.e. 655.35 seconds. As the main loop might not be running yet when sd_dhcp6_client_start() is called, fetch the monotonic time directly and not from the event loop while in state DHCP6_STATE_STOPPED. --- src/libsystemd-network/sd-dhcp6-client.c | 40 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 6860c66..c190b56 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -49,6 +49,7 @@ struct sd_dhcp6_client { struct ether_addr mac_addr; DHCP6IA ia_na; be32_t transaction_id; +usec_t transaction_start; struct sd_dhcp6_lease *lease; int fd; be16_t *req_opts; @@ -203,6 +204,7 @@ static int client_reset(sd_dhcp6_client *client) { client-fd = safe_close(client-fd); client-transaction_id = 0; +client-transaction_start = 0; client-ia_na.timeout_t1 = sd_event_source_unref(client-ia_na.timeout_t1); @@ -230,13 +232,15 @@ static void client_stop(sd_dhcp6_client *client, int error) { client_reset(client); } -static int client_send_message(sd_dhcp6_client *client) { +static int client_send_message(sd_dhcp6_client *client, usec_t time_now) { _cleanup_free_ DHCP6Message *message = NULL; struct in6_addr all_servers = IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT; size_t len, optlen = 512; uint8_t *opt; int r; +usec_t elapsed_usec; +be16_t elapsed_time; len = sizeof(DHCP6Message) + optlen; @@ -308,6 +312,17 @@ static int client_send_message(sd_dhcp6_client *client) { if (r 0) return r; +elapsed_usec = time_now - client-transaction_start; +if (elapsed_usec 0x * USEC_PER_MSEC * 10) +elapsed_time = htobe16(elapsed_usec / USEC_PER_MSEC / 10); +else +elapsed_time = 0x; + +r = dhcp6_option_append(opt, optlen, DHCP6_OPTION_ELAPSED_TIME, +sizeof(elapsed_time), elapsed_time); +if (r 0) +return r; + r = dhcp6_network_send_udp_socket(client-fd, all_servers, message, len - optlen); if (r 0) @@ -455,15 +470,14 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec, return 0; } -r = client_send_message(client); -if (r = 0) -client-retransmit_count++; - - r = sd_event_now(client-event, clock_boottime_or_monotonic(), time_now); if (r 0) goto error; +r = client_send_message(client, time_now); +if (r = 0) +client-retransmit_count++; + if (!client-retransmit_time) { client-retransmit_time = client_timeout_compute_random(init_retransmit_time); @@ -882,6 +896,15 @@ static int client_start(sd_dhcp6_client *client, enum DHCP6State state) client-retransmit_time = 0; client-retransmit_count = 0; +if (client-state == DHCP6_STATE_STOPPED) { +time_now = now(clock_boottime_or_monotonic()); +} else { +r = sd_event_now(client-event, clock_boottime_or_monotonic(), + time_now); +if (r 0) +return r; +} + switch (state) { case DHCP6_STATE_STOPPED: case DHCP6_STATE_SOLICITATION: @@ -926,10 +949,6 @@ static int client_start(sd_dhcp6_client *client, enum DHCP6State state) case DHCP6_STATE_BOUND: -r = sd_event_now(client-event, clock_boottime_or_monotonic(), time_now); -if (r 0) -return r; - if (client-lease-ia.lifetime_t1 == 0x || client-lease-ia.lifetime_t2 == 0x) { @@ -996,6 +1015,7 @@ static int client_start(sd_dhcp6_client *client, enum DHCP6State state) } client-transaction_id = random_u32() htobe32(0x00ff); +client-transaction_start = time_now; r = sd_event_add_time(client-event, client-timeout_resend, clock_boottime_or_monotonic(), 0, 0, client_timeout_resend, -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 0/3] Add DHCPv6 Elapsed Time option
Hi, This patch implements the DHCPv6 Elapsed Time option. RFC 3315 says that this option is a MUST, so it'd be better to have it implemented. The patch is quite straight forward, the time at transaction start is recorded and the elapsed time calculated when the message is sent. In order to work in a situation where the main loop is not yet running, the start time in the stopped state is read directly from the clock. All other states are entered via callbacks attached to the main loop, which means they can request the current time from the sd_event itself. The test case for this option verifies that the option is present and has a proper length. Cheers, Patrik Patrik Flykt (3): sd-dhcp6-client: Implement Elapsed Time option test-dhcp6-client: Add checks for Elapsed Time option TODO: Remove Elapsed Time DHCPv6 option as it is done TODO | 1 - src/libsystemd-network/sd-dhcp6-client.c | 40 ++ src/libsystemd-network/test-dhcp6-client.c | 32 +--- 3 files changed, 58 insertions(+), 15 deletions(-) -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/3] test-dhcp6-client: Add checks for Elapsed Time option
Verify that the Elapsed Time option is present. --- src/libsystemd-network/test-dhcp6-client.c | 32 ++ 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index d102a79..37ddfc2 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -269,6 +269,11 @@ static int test_advertise_option(sd_event *e) { *optval) = 0); break; +case DHCP6_OPTION_ELAPSED_TIME: +assert_se(optlen == 2); + +break; + default: break; } @@ -361,7 +366,8 @@ static int test_client_verify_request(DHCP6Message *request, uint8_t *option, uint8_t *optval; uint16_t optcode; size_t optlen; -bool found_clientid = false, found_iana = false, found_serverid = false; +bool found_clientid = false, found_iana = false, found_serverid = false, +found_elapsed_time = false; int r; struct in6_addr addr; be32_t val; @@ -410,11 +416,20 @@ static int test_client_verify_request(DHCP6Message *request, uint8_t *option, assert_se(!memcmp(msg_advertise[179], optval, optlen)); break; + +case DHCP6_OPTION_ELAPSED_TIME: +assert_se(!found_elapsed_time); +found_elapsed_time = true; + +assert_se(optlen == 2); + +break; } } assert_se(r == -ENOMSG); -assert_se(found_clientid found_iana found_serverid); +assert_se(found_clientid found_iana found_serverid + found_elapsed_time); assert_se(sd_dhcp6_lease_get_first_address(lease, addr, lt_pref, lt_valid) = 0); @@ -452,7 +467,8 @@ static int test_client_verify_solicit(DHCP6Message *solicit, uint8_t *option, uint8_t *optval; uint16_t optcode; size_t optlen; -bool found_clientid = false, found_iana = false; +bool found_clientid = false, found_iana = false, +found_elapsed_time = false; int r; assert_se(solicit-type == DHCP6_SOLICIT); @@ -478,11 +494,19 @@ static int test_client_verify_solicit(DHCP6Message *solicit, uint8_t *option, memcpy(test_iaid, optval, sizeof(test_iaid)); break; + +case DHCP6_OPTION_ELAPSED_TIME: +assert_se(!found_elapsed_time); +found_elapsed_time = true; + +assert_se(optlen == 2); + +break; } } assert_se(r == -ENOMSG); -assert_se(found_clientid found_iana); +assert_se(found_clientid found_iana found_elapsed_time); return 0; } -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Work on adding polkit support to systemd1
On 01.09.2014 11:47, David Herrmann wrote: Hi On Mon, Sep 1, 2014 at 9:51 AM, Stef Walter st...@redhat.com wrote: On 18.08.2014 18:22, Lennart Poettering wrote: I have now pushed this, after reworking this on top some major changes to bus_verify_polkit(), which avoids having to pass the original callbacks through to the function that ultimately does the verification. While merging I also made another change, you are probably not going to like: I turned of the interactivity for the polkit checks. Interactivity needs to be optional, and it currently is for all out polkit-enabled bus methods. And we should do the same for the PID 1 offered methods. Ugh. Now, of course, we should open this up for inetractive (after all, that's what polkit is good for), but we probably need a new set of methods for that, which take the original arguments but also take a boolean argument to enable ineractivity. Hence, we probably should have StartUnit2() in addition to StartUnit(). That seems ugly. I think we should either: * Have a method which we can invoke to make a client opt into interactive polkit prompting for any invoked method. * Version all the org.freedesktop.systemd1.Manager to org.freedesktop.systemd1.Manager2 or something like that and support both interfaces. We had the idea to reserve a single bit in the dbus message header for that. See the discussion on the dbus-ML: http://lists.freedesktop.org/archives/dbus/2014-August/016294.html Thanks. It looks like the most sane way to resolve this issue, imho. I guess so. Makes a lot of sense. We'll need to see how backportable this ends up being for all of libdbus, gdbus ... of hand it doesn't that seem *that* invasive if it's just a flag. Otherwise (for Cockpit) we'll end up doing the brain-dead wrapping all systemd APIs with yet another daemon that just does interactive polkit authentication :S Will keep an eye on this. Cheers, Stef ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Add the CPU hotplug rule
Cpu doesn't get online automaticly after hotplug when we test guest cpu add/remove in xen env. I don't have an baremetal env to test this, but I think it's same. The rule is missed in systemd but exist in legacy udev. Signed-off-by: Zhenzhong Duan zhenzhong.d...@oracle.com --- rules/50-udev-default.rules |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/rules/50-udev-default.rules b/rules/50-udev-default.rules index 2bf9c1e..ac44f81 100644 --- a/rules/50-udev-default.rules +++ b/rules/50-udev-default.rules @@ -71,4 +71,6 @@ KERNEL==tun, MODE=0666, OPTIONS+=static_node=net/tun KERNEL==fuse, MODE=0666, OPTIONS+=static_node=fuse +KERNEL==cpu[0-9]*, SUBSYSTEM==cpu, ATTR{online}=1 + LABEL=default_permissions_end -- 1.7.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-215: could not boot, missing /dev/disk/...-part2 symlink
Hello. I have a Gentoo system, with btrfs on /dev/sda2 (also known as /dev/disk/by-id/ata-OCZ-VECTOR_OCZ-Z5CB4KC20X0ZG7F8-part2) and with dracut 038 with Gentoo patches that you can view here: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-kernel/dracut/files/ (see 0038-*) Today, I powered the computer on (without applying any updates since the previous successful boot), but the boot stalled, and I was dropped into an emergency shell. I have saved the SOS report, see the attachment. As you can see, /dev/sda2 exists, but the link doesn't. udevadm trigger helped it to appear, and the boot continued. I initially thought that it might be due to locking that systemd-udevd applies to block devices for the period of running its IMPORT{program} rules. Look: if in worker_new() the lock is not acquired successfully, then the event processing is skipped (and this also means symlinks are not created). But then there should be an Unable to flock debug message in journalctl -b -p debug, and it doesn't exist. So it must be something else. Any other ideas? -- Alexander E. Patrakov + cat /lib/dracut/dracut-038-r2 dracut-038-r2 + cat /proc/cmdline BOOT_IMAGE=/vmlinuz root=/dev/disk/by-id/ata-OCZ-VECTOR_OCZ-Z5CB4KC20X0ZG7F8-part2 usbcore.autosuspend=0 log_buf_len=524288 intel_iommu=igfx_off rootfstype=btrfs rootflags=subvol=kde,compress rw init=/usr/lib/systemd/systemd rd.info initrd=/initramfs.img + '[' -f /etc/cmdline ']' + for _i in '/etc/cmdline.d/*.conf' + '[' -f /etc/cmdline.d/base.conf ']' + echo /etc/cmdline.d/base.conf /etc/cmdline.d/base.conf + cat /etc/cmdline.d/base.conf ro + cat /proc/self/mountinfo 0 0 0:1 / / rw shared:1 - rootfs rootfs rw 14 0 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:2 - sysfs sysfs rw 15 0 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:7 - proc proc rw 16 0 0:5 / /dev rw,nosuid shared:8 - devtmpfs devtmpfs rw,size=8135608k,nr_inodes=2033902,mode=755 17 14 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:3 - securityfs securityfs rw 18 16 0:16 / /dev/shm rw,nosuid,nodev shared:9 - tmpfs tmpfs rw 19 16 0:11 / /dev/pts rw,nosuid,noexec,relatime shared:10 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 20 0 0:17 / /run rw,nosuid,nodev shared:11 - tmpfs tmpfs rw,mode=755 21 14 0:18 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:4 - tmpfs tmpfs ro,mode=755 22 21 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:5 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 23 14 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:6 - pstore pstore rw 24 21 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuset 25 21 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,cpu,cpuacct 26 21 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,memory 27 21 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,devices 28 21 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,freezer 29 21 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,net_cls 30 21 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,blkio 31 21 0:28 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb 51 14 0:29 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw + cat /proc/mounts rootfs / rootfs rw 0 0 sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 devtmpfs /dev devtmpfs rw,nosuid,size=8135608k,nr_inodes=2033902,mode=755 0 0 securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0 devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 tmpfs /run tmpfs rw,nosuid,nodev,mode=755 0 0 tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0 cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0 pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0 cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0 cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0 cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0 cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0 cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0 cgroup /sys/fs/cgroup/net_cls cgroup rw,nosuid,nodev,noexec,relatime,net_cls 0 0 cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0 cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0 configfs /sys/kernel/config
Re: [systemd-devel] [PATCH] Add the CPU hotplug rule
On Tue, Sep 2, 2014 at 5:22 AM, Zhenzhong Duan zhenzhong.d...@oracle.com wrote: Cpu doesn't get online automaticly after hotplug when we test guest cpu add/remove in xen env. I don't have an baremetal env to test this, but I think it's same. The rule is missed in systemd but exist in legacy udev. Udev is not a mechanism to establish an unconditional loop from the kernel back to the kernel. Such rule makes no sense and we never shipped that and will not ship it upstream now. If a device should be unconditionally change its state, the kernel should just do that on its own, and not rely on userspace to do that. Kay ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel