summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-02-24machined: actually open up methods to unprivileged clients on dbus1Lennart Poettering
Many of machined's operations are now opened up to unprivileged clients via PolicyKit. Open up the dbus policy so that we can actually make these calls. kdbus doesn't reuqire this, hence this wasn't noticed before.
2015-02-24importd: create a loopback btrfs file system for /var/lib/machines, if necessaryLennart Poettering
When manipulating container and VM images we need efficient and atomic directory snapshots and file copies, as well as disk quota. btrfs provides this, legacy file systems do not. Hence, implicitly create a loopback file system in /var/lib/machines.raw and mount it to /var/lib/machines, if that directory is not on btrfs anyway. This is done implicitly and transparently the first time the user invokes "machinectl import-xyz". This allows us to take benefit of btrfs features for container management without actually having the rest of the system use btrfs. The loopback is sized 500M initially. Patches to grow it dynamically are to follow.
2015-02-24id128: add new sd_id128_is_null() callLennart Poettering
2015-02-24import: print nice warning if we need btrfs but /var/lib/machines is not btrfsLennart Poettering
2015-02-24test-hashmap: fix gcc5 warningDaniel Mack
gcc5 spits out a warning about test-hashmap.c: CC src/test/test-hashmap.o src/test/test-hashmap.c: In function ‘test_string_compare_func’: src/test/test-hashmap.c:76:79: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
2015-02-24shared/unit-name: fix gcc5 warningDaniel Mack
Fix the following gcc5 warning: CC src/shared/libsystemd_shared_la-unit-name.lo src/shared/unit-name.c: In function 'unit_name_is_valid': src/shared/unit-name.c:102:34: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] if (!template_ok == TEMPLATE_VALID && at+1 == e) ^
2015-02-24systemctl: bump NOFILE only for systemctl_mainZbigniew Jędrzejewski-Szmek
It is not necessary when running as telinit, etc. https://bugzilla.redhat.com/show_bug.cgi?id=1184712
2015-02-24build: add -Wno-format-signednessDavid Herrmann
gcc5 introduced this option (gcc4 silently ignores it, which is fine). Given that gcc5 thinks 'unsigned char'/'unsigned short' is promoted to 'int' for var-args, stuff like this spits out warnings: uint8_t x; printf("%" PRIu8", x); gcc5 promots 'x' to 'int', instead of 'unsigned int' and thus gets a signedness-warnings as it expects an 'unsigned int'. glibc states otherwise: unsigneds are always promoted to 'unsigned int'. Until gcc and glibc figure this out, lets just ignore that warning (which is totally useless in its current form).
2015-02-24bootchart: fix default init pathMartin Pitt
Commit 6e1bf7ab99 used the wrong directory; we need rootlibexecdir, not rootlibdir, as the latter is something like /lib/x86_64-linux-gnu/ on multi-arch systems. https://launchpad.net/bugs/1423867
2015-02-24sd-bus: test-bus-kernel-benchmark: don't rely on fixed unique namesDaniel Mack
The kernel part of kdbus does not allow userspace to make any assumption on which unique address the first user on the bus will get. Instead, use sd_bus_get_unique_name() to get the server's address.
2015-02-24test-time: test "infinity" parsing in nanosecondsDaniel Mack
2015-02-24shared/time-util: fix gcc5 warningDaniel Mack
CC src/shared/libsystemd_shared_la-time-util.lo src/shared/time-util.c: In function 'parse_nsec': src/shared/time-util.c:789:25: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] if (!*s != 0) ^
2015-02-24sd-bus: sync kdbus.hDaniel Mack
Follow two small changes in the kdbus API: * Flags are now returned in cmd->return_flags by KDBUS_CMD_NAME_ACQUIRE * struct kdbus_item_list has been dropped. The information stored in this struct was redundant since awhile already, as all commands report their returned slice size anyway.
2015-02-23systemctl: support auditd.service betterZbigniew Jędrzejewski-Szmek
We would print the filename header before trying to open the file. But since the header was printed to stdout, and the error to stderr, the error would appear on the terminal before the header. It is cleaner to open the file first, then and only then print the header. Also exit on first error. We shouldn't report success if we were unable to open a file.
2015-02-23systemctl: check validity of PID we receivedZbigniew Jędrzejewski-Szmek
2015-02-23resolved: use == for comparing unsigned against zeroZbigniew Jędrzejewski-Szmek
2015-02-23tmpfiles: avoid creating duplicate acl entriesZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=89202 https://bugs.debian.org/778656 Status quo ante can be restored with: getfacl -p /var/log/journal/`cat /etc/machine-id`|grep -v '^#'|sort -u|sudo setfacl --set-file=- /var/log/journal/`cat /etc/machine-id`
2015-02-23libsystemd: revert one hunk of duplicate ifdef removalZbigniew Jędrzejewski-Szmek
This change exposed a bug in kernel headers: /usr/include/linux/if_bridge.h:184:20: error: field 'ip6' has incomplete type struct in6_addr ip6; ^ /usr/include/linux/if_tunnel.h:76:19: error: field 'prefix' has incomplete type struct in6_addr prefix; ^
2015-02-23man: explain time units in tmpfilesZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1195294
2015-02-24sd-bus, shared: fix includesDaniel Mack
Include <sys/socket.h> from util.h and bus-message.h in order to build errors like the ones below on kdbus enabled systems. ./src/shared/util.h:976:32: warning: its scope is only this definition or declaration, which is probably not what you want In file included from src/libsystemd/sd-bus/bus-kernel.c:37:0: ./src/shared/util.h:1081:28: warning: 'struct msghdr' declared inside parameter list void cmsg_close_all(struct msghdr *mh); ^ CC src/libsystemd/sd-bus/libsystemd_la-bus-creds.lo In file included from src/libsystemd/sd-bus/bus-creds.c:25:0: ./src/shared/util.h:976:32: warning: 'struct ucred' declared inside parameter list int getpeercred(int fd, struct ucred *ucred); ^
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-23nspawn: fix whitespace and typo in partition table blurbJan Synacek
2015-02-22po: update French translationSylvain Plantefève
2015-02-22build-sys: bootctl depends on HAVE_BLKIDMarcel Holtmann
2015-02-21logind: fix a typo in a polkit descriptionPiotr Drąg
2015-02-20README: add pkg-config to required deps for autogenPeter Waller
Otherwise, several macros are undefined.
2015-02-20man: make bootup graph consistentChris Morin
2015-02-20build-sys: update gitignoreKay Sievers
2015-02-20shared: handle unnamed sockets in socket_address_equal()Michal Schmidt
Make sure we don't inspect sun_path of unnamed sockets. Since we cannot know if two unnamed sockets' adresses refer to the same socket, just return false.
2015-02-20shared: avoid semi-duplicating socket_address_equal()Michal Schmidt
Just call socket_address_equal() from socket_address_matches_fd() instead of implementing similar comparing of addresses.
2015-02-20shared: use SocketAddress in socket_address_matches_fd()Michal Schmidt
Cleanup. No behavior change.
2015-02-20core, shared: in deserializing, match same files reached via different pathsMichal Schmidt
When dbus.socket is updated like this: -ListenStream=/var/run/dbus/system_bus_socket +ListenStream=/run/dbus/system_bus_socket ... and daemon-reload is performed, bad things happen. During deserialization systemd does not recognize that the two paths refer to the same named socket and replaces the socket file with a new one. As a result, applications hang when they try talking to dbus. Fix this by finding a match not only when the path names are equal, but also when they point to the same inode. In socket_address_equal() it is necessary to move the address size comparison into the abstract sockets branch. For path name sockets the comparison must not be done and for other families it is redundant (their sizes are constant and checked by socket_address_verify()). FIFOs and special files can also have multiple pathnames, so compare the inodes for them as well. Note that previously the pathname checks used streq_ptr(), but the paths cannot be NULL. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186018
2015-02-19bus: sync with kdbus.git (ABI break)David Herrmann
This syncs up the new KDBUS_CMD_CONN_INFO behavior: - attach-flags are passed in .attach_flags, instead of directly merged with the command flags.
2015-02-19man: add newlines to the pull-raw example in machinectl(1)Benjamin Franzke
They were removed in commit 798d3a52 ("Reindent man pages to 2ch").
2015-02-19nspawn: chown basic device nodes to userns rootLennart Poettering
2015-02-19nspawn: fix build on non-selinux systemsLennart Poettering
2015-02-19nspawn: add basic user namespacing supportLennart Poettering
(This is incomplete, /proc and /sys are still owned by root from outside the container, not inside)
2015-02-19sysv-generator: fix wrong "Overwriting existing symlink" warningsMartin Pitt
Fix result testing of is_symlink() to ignore negative results, which happen if the file name does not exist at all. In this case we do not want a warning and unlink the non-existing link. https://bugs.debian.org/778700
2015-02-19systemd-sysv-generator test: Adjust to dropped runlevelN.target mappingMartin Pitt
Commit d5d8429a dropped the explicit runlevelN.target mapping. Adjust the tests accordingly to explicitly state the expected targets instead of runlevels.
2015-02-19hwdb: fix ThinkPad X* Tablet special keysLubomir Rintel
ThinkPad tablet firmware has DMI product name and version reversed: Handle 0x0001, DMI type 1, 27 bytes System Information Manufacturer: LENOVO Product Name: 7762AS1 Version: ThinkPad X61 Tablet Serial Number: LKZCDH2 UUID: 6ADBC681-4FC9-11CB-844F-B47CB9210BE2 Wake-up Type: Power Switch SKU Number: Not Specified Family: ThinkPad X61 Tablet
2015-02-19po: update Russian translationSergey Ptashnick
Add strings for fsckd.
2015-02-18update TODOLennart Poettering
2015-02-18nspawn: when connected to pipes for stdin/stdout, pass them as-is to PID 1Lennart Poettering
Previously we always invoked the container PID 1 on /dev/console of the container. With this change we do so only if nspawn was invoked interactively (i.e. its stdin/stdout was connected to a TTY). In all other cases we directly pass through the fds unmodified. This has the benefit that nspawn can be added into shell pipelines. https://bugs.freedesktop.org/show_bug.cgi?id=87732
2015-02-18systemd-boot: fix alignment of version in tableThomas Hindoe Paaboel Andersen
2015-02-18everywhere: remove configurability of sysv runlevel to target mappingLennart Poettering
With this change runlevel 2, 3, 4 are mapped to multi-user.target for good, and 5 to graphical.target. This was already the previous mapping but is now no longer reconfigurable, but hard-coded into the core. This should generally simplify things, but also fix one bug: the sysv-generator previously generated symlinks to runlevel[2-5].target units, which possibly weren't picked up if these aliases were otherwise only referenced by the real names "multi-user.target" and "graphical.target". We keep compat aliases "runlevel[2345].target" arround for cases where this target name is explicitly requested.
2015-02-18update TODOLennart Poettering
2015-02-18run: if we fail to set a property assignment then really failLennart Poettering
2015-02-18nspawn: add support for --property= to set scope propertiesLennart Poettering
This is similar to systemd-run's --property= setting.
2015-02-18shared: introduce cmsg_close_all() callLennart Poettering
The call iterates through cmsg list and closes all fds passed via SCM_RIGHTS. This patch also ensures the call is used wherever appropriate, where we might get spurious fds sent and we should better close them, then leave them lying around.
2015-02-18systemctl: allow interactive authorization for all bus callsLennart Poettering
Make use of the new sd_bus_set_allow_interactive_authorization() call to globally enable interactive authorization. Also, turn on PK agent for more calls. This allows us to make use of the sd_bus_call_method() convencience helper at more places.