Commit Graph

3248 Commits

Author SHA1 Message Date
William Hubbs
b6fef599bf checkpath: fix CVE-2018-21269
This walks the directory path to the file we are going to manipulate to make
sure that when we create the file and change the ownership and permissions
we are working on the same file.
Also, all non-terminal symbolic links must be owned by root. This will
keep a non-root user from making a symbolic link as described in the
bug. If root creates the symbolic link, it is assumed to be trusted.

On non-linux platforms, we no longer follow non-terminal symbolic links
by default. If you need to do that, add the -s option on the checkpath
command line, but keep in mind that this is not secure.

This fixes #201.
2020-11-20 09:15:59 -06:00
Julien Surloppe
aac1734a70 Update user-guide.md
Add missing underscore.
2020-11-01 15:45:12 -05:00
William Hubbs
2355f1a3f2 supervise-daemon: only log debug logs when verbose mode is active 2020-09-25 16:33:32 -05:00
Manuel Rüger
fbec1eed51 .cirrus.yml: Update FreeBSD releases
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2020-04-19 13:15:35 +02:00
Austin English
229692cc34 man/openrc-run.8: fix a typo 2020-02-05 12:37:46 -05:00
Sergei Trofimovich
375ef42393 src/rc/rc-logger.h: fix build failure against gcc-10
On gcc-10 (and gcc-9 -fno-common) build fails as:

```
cc  -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \
  -Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \
  -Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \
  -Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \
  -Wsequence-point -Werror=implicit-function-declaration    \
  -Wl,-rpath=/lib   -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16:
  multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17:
  multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here
```

gcc-10 will change the default from -fcommon to fno-common:
https://gcc.gnu.org/PR85678.

The error also happens if CFLAGS=-fno-common passed explicitly.

This fixes #348.
2020-01-19 16:52:21 -06:00
Wolf
6deda13754 supervise-daemon: Fix segfault when executable does not exist
When executable is provided just by name (and therefore searched in a
path), exec_file is reset to NULL every time. exists() handles it being
NULL just fine, but dereferencing it in eerror does not work.

Fixes #326
Fixes #327
2020-01-11 13:36:33 -06:00
artoo
eb61085951 binfmt: ensure a file is ungegistered before registering
This fixes #328
2020-01-11 13:32:38 -06:00
Andrew Scheller
039845b742 Fix typo in README
This fixes #338
2020-01-11 12:16:19 -06:00
Ethan Sommer
a7e7fd2b37 make grep usage POSIX compliant
use grep -E instead of egrep
check for space or end of line instead of GNU-specific word boundary

This fixes #345
2020-01-11 12:09:10 -06:00
Jason Bowen
12e147a107 Delete stray text.
It looks like some stray text was left at the bottom of the file:
```
package.
migrating your system to openrc-init.
```
There's a subsection on migrating a system to `openrc-ini`; perhaps this was
an embryonic section title?

This fixes #347.
2020-01-11 11:15:56 -06:00
William Hubbs
fd852865e0 openrc-shutdown.c: typo fix 2019-12-05 12:11:08 -06:00
William Hubbs
35ec935741 ci/travis.sh: run shellcheck on shell scripts 2019-10-28 18:42:10 -05:00
Austin English
19cfd82dad .travis.yml: install shellcheck 2019-10-28 16:48:40 -05:00
E5ten
87cfad3d6c cgroup2_set_limits: verify that the cgroup2 path is a mount point
prior to cgroups getting mounted, /sys/fs/cgroup will still exist,
but attempts to make directories in it will fail, change cgroup2_set_limits() to
verify that cgroups are mounted instead of just checking that /sys/fs/cgroup
exists.

This fixes #307.
This fixes #321.
2019-09-03 16:38:03 -05:00
William Hubbs
8e31614c4b fix clang build 2019-08-20 16:06:46 -05:00
William Hubbs
a177d15641 version 0.42 2019-08-20 13:13:30 -05:00
William Hubbs
2b4c486043 Update ChangeLog 2019-08-20 13:09:50 -05:00
William Hubbs
ed24d28163 update sysvinit support files 2019-08-20 13:08:44 -05:00
William Hubbs
1bc96141e6 fix single user mode 2019-08-19 14:55:54 -05:00
William Hubbs
c7000aeaab optimize loops for installing gettys 2019-08-15 18:40:51 -05:00
William Hubbs
5c5129b534 Remove "single" runlevel directory
Single user mode should be handled in the init process directly.
2019-08-15 18:40:51 -05:00
William Hubbs
0dabda6f6f fix sysvinit compatibility
This allows openrc to direct sysvinit to shut down the system by setting
the INIT_HALT environment variable appropriately. Also, we do not try to
communicate with sysvinit if its fifo does not exist.
2019-08-15 12:02:30 -05:00
William Hubbs
92de9a693b Add documentation for openrc-init and update the NEWS file 2019-08-02 16:29:03 -05:00
William Hubbs
a71aebcae1 init.d/agetty: provide the getty virtual service 2019-07-29 17:39:11 -05:00
William Hubbs
61596b16d2 Install gettys if the MKSYSVINIT switch is set to yes
The default is to put one getty in the "single" runlevel and 6 in the
"default" runlevel.
2019-07-29 17:38:47 -05:00
William Hubbs
104eb3420b Add the "single" runlevel 2019-07-29 16:27:14 -05:00
Chloe Kudryavtsev
70b8df3e9c clarify supervise-daemon-guide
1. The given default for respawn_max is wrong.
2. The example for respawn_period is nonsensical.

This fixes #311.
2019-07-26 12:52:52 -05:00
William Hubbs
cac41092e4 add ability for openrc-shutdown to communicate with sysvinit
This fixes #315.
2019-07-25 14:47:18 -05:00
Martin Wilke
7ddc281ab6 Fix build with Clang
This fixes #313.
2019-07-24 12:32:23 -05:00
William Hubbs
c092ff6da1 Add Sony Interactive Entertainment as an author 2019-07-22 10:46:32 -05:00
William Hubbs
54780a4582 supervise-daemon: allow --respawn-max to be zero 2019-03-29 14:09:08 -05:00
William Hubbs
44f5a72d1a remove hidden-visibility.h
I am removing this on the advice of a member of the Gentoo toolchain
team. It was explained to me that this doesn't offer any significant
benefits to OpenRC.

If anyone ffeels differently, please open a pull request reverting
this and adding an explanation of what it does and how to know which
functions to mark hidden in the future.

This fixes #301.
2019-02-26 17:47:55 -06:00
William Hubbs
0d378974bf openrc-init: fix waitpid checks
The do_openrc() function was not waiting properly for the child process
which started the runlevel to return. We need to repeatedly call
waitpid() until its return value matches the pid of the child process or
the child process does not exist.

This fixes #216.
This fixes #300.
2019-02-25 18:55:13 -06:00
William Hubbs
028da5c2e3 librc: fix potential buffer overflow in pid_is_argv
This fixes #299.
2019-02-23 17:44:07 -06:00
William Hubbs
d8dbb890aa Revert "src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv"
This reverts commit 084877eb52.
The mentioned commit caused some systems to have some services reported
as crashed.

This fixes #297.
This fixes #298.
2019-02-23 16:24:55 -06:00
William Hubbs
56c006ebd6 Update ChangeLog 2019-02-22 19:03:41 -06:00
William Hubbs
067088bbff move ci scripts to their own directory
This fixes #296.
2019-02-22 18:50:13 -06:00
William Hubbs
52d4e56674 combine test directories
This fixes #295.
2019-02-22 18:08:19 -06:00
William Hubbs
6e6902c28b remove unused test ignore patterns 2019-02-22 16:27:52 -06:00
William Hubbs
084823182a remove unused test data files 2019-02-22 13:25:51 -06:00
Georgy Yakovlev
7478c104fc librc/librc-depend.c: fix NULL pointer dereference
In some cases deptree or depinfo can be NULL, check
before dereferencing.

Fixes https://github.com/OpenRC/openrc/issues/293
Fixes https://github.com/OpenRC/openrc/pulls/294
X-Gentoo-Bug: 659906
X-Gentoo-Bug-URL: https://bugs.gentoo.org/659906
2019-02-21 17:49:54 -06:00
Georgy Yakovlev
065b7ecc0d use cirrus-ci for FreeBSD builds
This fixes #265.
2019-02-19 13:59:01 -06:00
Sergei Trofimovich
b054aca50b src/test/runtests.sh: drop 'readelf'-based tests
The 'readelf'-based tests cover a few situations:
1. undefined symbols in shared libraries
2. unexpected exports in shared libraries

Bug #575958 shows that [2.] implementation is too simplistic
in assuming that presence of relocation equals to export presence.

It is incorrect for PLT stubs and local symbols.
Let's just drop these tests.

If one needs to cover [1.] it is better to use LDFLAGS=-Wl,--no-undefined.

This closes #292.

X-Reported-by: Benda Xu
X-Gentoo-Bug: https://bugs.gentoo.org/575958
X-Gentoo-Bug-URL: https://bugs.gentoo.org/575958
2019-02-19 11:50:11 -06:00
William Hubbs
f9e7a00ba9 rc-status: style fixes 2019-02-15 20:36:46 -06:00
William Hubbs
f1f48011ac update ChangeLog 2019-02-15 14:37:57 -06:00
William Hubbs
427a1ce299 rc-status: add -f option to allow formatting output
The -f option can be used when showing the status of services in
runlevels to allow making the output more easily parsable.
Currently, the .ini format is the only one supported.
2019-02-15 14:21:43 -06:00
William Hubbs
f43cec34ca rc-status.c: small style changes 2019-02-14 13:14:31 -06:00
William Hubbs
d64c9d2050 add experimental support for an alternate shell for service scripts
This is for #288.
2019-02-13 18:22:25 -06:00
Edan Bedrik
b2b2c57a38 librc: fix realpath() return value check
This fixes #226.
2019-02-12 17:56:17 -06:00