On Linux only the "w" access bit is necessary to connect to an AF_UNIX
socket, hence let's only set that and nothing else, to limit exposure.
Just paranoia.
Previously, there was no way to override the log level for test and
test-builtin commands. Let's re-parse environment after setting the log
level to debug. Then, we can control the log level through environment
variable.
Let's operate on fds rather than paths. Make some tweaks to the logic on
top:
1. Mark the resulting dir as read-only after we are done.
2. Use the new inode_type_to_string() calls to determine the inode
names.
3. If an inode already exists, try to adjust the access mode, just in
case.
4. Use FOREACH_ARRAY()
This patch adds a new parameter to parse_ip_port_range, giving callers
the option to allow ranges to have their min be 0 instead of 1.
This is then used by parse_ip_ports_token, intern used by
parse_socket_bind_item to allow port 0 when restricting bind system
calls with SocketBindDeny / SocketBindAllow.
With this, users running server software written using the golang
standard library will be able to effectively sandbox their software,
albeit with a small loss in security protections by allowing the
process to bind on a random port in the
/proc/sys/net/ipv4/ip_local_port_range.
If we want to allow method replies to be extended without this breaking
compat, then we should set this flag. Do so at various method call
replies hence.
Also do it when parsing user/group records, which are expressly
documented to be extensible, as well as the hibernate JSON record.
This is a subset of JSON_PERMISSIVE focussed on allowing parsing of
varlink replies that get extended, i.e. gain new fields, without
allowing more than that (i.e. without allowing missing fields, or bad
field types or such).
This avoids the ({}) that IOVEC_MAKE_STRING() so far used and might
cause a memory corruption if the parameter passed in is itself allocated
via a compount initialized array or so.
Also, this makes sure both IOVEC_MAKE_STRING() and IOVEC_MAKE() accept
'const' parameters without this causing a compiler warning.
We already have specifiers that resolve to $XDG_STATE_HOME, and
$XDG_CONFIG_HOME. $XDG_DATA_HOME is in a similar vein.
It allows units belonging to the user service manager to correctly look
into ~/.local/share. I imagine this would be most useful inside of
condition checks (i.e. only run a service on session startup if some
data is not found in ~/.local/share) or in the inotify monitoring of a
.path unit
cryptenroll accepts only PKCS#11 URIs that match both a certificate and a private key in a token.
This patch allows users to provide a PKCS#11 URI that points to a certificate only, and makes possible to use output of some PKCS#11 tools directly.
Internally the patch changes 'type=cert' in the provided PKCS#11 URI to 'type=private' before storing in a LUKS2 header.
Fixes: #23479
Follow-up for b732606950 and
6706ce2fd2.
If Network.ignore_carrier_loss_set flag is set, then the timeout value
is always used, hence the logic implemented by
b732606950 never worked.
Fix the path for the generated.pcrlock files for the cmdline and initrd
cases. Without it the tool complains with:
Failed to parse component file /var/lib/pcrlock.d/720-kernel-initrd.pcrlock, ignoring: Is a directory
Signed-off-by: Alberto Planas <aplanas@suse.com>
