Age | Commit message (Collapse) | Author |
|
Many of machined's operations are now opened up to unprivileged clients
via PolicyKit. Open up the dbus policy so that we can actually make
these calls.
kdbus doesn't reuqire this, hence this wasn't noticed before.
|
|
When manipulating container and VM images we need efficient and atomic
directory snapshots and file copies, as well as disk quota. btrfs
provides this, legacy file systems do not. Hence, implicitly create a
loopback file system in /var/lib/machines.raw and mount it to
/var/lib/machines, if that directory is not on btrfs anyway.
This is done implicitly and transparently the first time the user
invokes "machinectl import-xyz".
This allows us to take benefit of btrfs features for container
management without actually having the rest of the system use btrfs.
The loopback is sized 500M initially. Patches to grow it dynamically are
to follow.
|
|
|
|
|
|
gcc5 spits out a warning about test-hashmap.c:
CC src/test/test-hashmap.o
src/test/test-hashmap.c: In function ‘test_string_compare_func’:
src/test/test-hashmap.c:76:79: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
|
|
Fix the following gcc5 warning:
CC src/shared/libsystemd_shared_la-unit-name.lo
src/shared/unit-name.c: In function 'unit_name_is_valid':
src/shared/unit-name.c:102:34: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
if (!template_ok == TEMPLATE_VALID && at+1 == e)
^
|
|
It is not necessary when running as telinit, etc.
https://bugzilla.redhat.com/show_bug.cgi?id=1184712
|
|
gcc5 introduced this option (gcc4 silently ignores it, which is fine).
Given that gcc5 thinks 'unsigned char'/'unsigned short' is promoted to
'int' for var-args, stuff like this spits out warnings:
uint8_t x;
printf("%" PRIu8", x);
gcc5 promots 'x' to 'int', instead of 'unsigned int' and thus gets a
signedness-warnings as it expects an 'unsigned int'.
glibc states otherwise: unsigneds are always promoted to 'unsigned int'.
Until gcc and glibc figure this out, lets just ignore that warning (which
is totally useless in its current form).
|
|
Commit 6e1bf7ab99 used the wrong directory; we need rootlibexecdir, not
rootlibdir, as the latter is something like /lib/x86_64-linux-gnu/ on
multi-arch systems.
https://launchpad.net/bugs/1423867
|
|
The kernel part of kdbus does not allow userspace to make any assumption on
which unique address the first user on the bus will get.
Instead, use sd_bus_get_unique_name() to get the server's address.
|
|
|
|
CC src/shared/libsystemd_shared_la-time-util.lo
src/shared/time-util.c: In function 'parse_nsec':
src/shared/time-util.c:789:25: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
if (!*s != 0)
^
|
|
Follow two small changes in the kdbus API:
* Flags are now returned in cmd->return_flags by KDBUS_CMD_NAME_ACQUIRE
* struct kdbus_item_list has been dropped. The information stored in
this struct was redundant since awhile already, as all commands
report their returned slice size anyway.
|
|
We would print the filename header before trying to open the file. But since
the header was printed to stdout, and the error to stderr, the error would appear
on the terminal before the header. It is cleaner to open the file first, then
and only then print the header.
Also exit on first error. We shouldn't report success if we were unable to open
a file.
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=89202
https://bugs.debian.org/778656
Status quo ante can be restored with:
getfacl -p /var/log/journal/`cat /etc/machine-id`|grep -v '^#'|sort -u|sudo setfacl --set-file=- /var/log/journal/`cat /etc/machine-id`
|
|
This change exposed a bug in kernel headers:
/usr/include/linux/if_bridge.h:184:20: error: field 'ip6' has incomplete type
struct in6_addr ip6;
^
/usr/include/linux/if_tunnel.h:76:19: error: field 'prefix' has incomplete type
struct in6_addr prefix;
^
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1195294
|
|
Include <sys/socket.h> from util.h and bus-message.h in order to
build errors like the ones below on kdbus enabled systems.
./src/shared/util.h:976:32: warning: its scope is only this definition or declaration, which is probably not what you want
In file included from src/libsystemd/sd-bus/bus-kernel.c:37:0:
./src/shared/util.h:1081:28: warning: 'struct msghdr' declared inside parameter list
void cmsg_close_all(struct msghdr *mh);
^
CC src/libsystemd/sd-bus/libsystemd_la-bus-creds.lo
In file included from src/libsystemd/sd-bus/bus-creds.c:25:0:
./src/shared/util.h:976:32: warning: 'struct ucred' declared inside parameter list
int getpeercred(int fd, struct ucred *ucred);
^
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
|
|
|
|
|
|
|
|
Otherwise, several macros are undefined.
|
|
|
|
|
|
Make sure we don't inspect sun_path of unnamed sockets.
Since we cannot know if two unnamed sockets' adresses refer to the same
socket, just return false.
|
|
Just call socket_address_equal() from socket_address_matches_fd()
instead of implementing similar comparing of addresses.
|
|
Cleanup. No behavior change.
|
|
When dbus.socket is updated like this:
-ListenStream=/var/run/dbus/system_bus_socket
+ListenStream=/run/dbus/system_bus_socket
... and daemon-reload is performed, bad things happen.
During deserialization systemd does not recognize that the two paths
refer to the same named socket and replaces the socket file with a new
one. As a result, applications hang when they try talking to dbus.
Fix this by finding a match not only when the path names are equal, but
also when they point to the same inode.
In socket_address_equal() it is necessary to move the address size
comparison into the abstract sockets branch. For path name sockets the
comparison must not be done and for other families it is redundant
(their sizes are constant and checked by socket_address_verify()).
FIFOs and special files can also have multiple pathnames, so compare the
inodes for them as well. Note that previously the pathname checks used
streq_ptr(), but the paths cannot be NULL.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186018
|
|
This syncs up the new KDBUS_CMD_CONN_INFO behavior:
- attach-flags are passed in .attach_flags, instead of directly merged
with the command flags.
|
|
They were removed in commit 798d3a52 ("Reindent man pages to 2ch").
|
|
|
|
|
|
(This is incomplete, /proc and /sys are still owned by root from outside
the container, not inside)
|
|
Fix result testing of is_symlink() to ignore negative results, which happen if
the file name does not exist at all. In this case we do not want a warning and
unlink the non-existing link.
https://bugs.debian.org/778700
|
|
Commit d5d8429a dropped the explicit runlevelN.target mapping. Adjust the tests
accordingly to explicitly state the expected targets instead of runlevels.
|
|
ThinkPad tablet firmware has DMI product name and version reversed:
Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: LENOVO
Product Name: 7762AS1
Version: ThinkPad X61 Tablet
Serial Number: LKZCDH2
UUID: 6ADBC681-4FC9-11CB-844F-B47CB9210BE2
Wake-up Type: Power Switch
SKU Number: Not Specified
Family: ThinkPad X61 Tablet
|
|
Add strings for fsckd.
|
|
|
|
Previously we always invoked the container PID 1 on /dev/console of the
container. With this change we do so only if nspawn was invoked
interactively (i.e. its stdin/stdout was connected to a TTY). In all other
cases we directly pass through the fds unmodified.
This has the benefit that nspawn can be added into shell pipelines.
https://bugs.freedesktop.org/show_bug.cgi?id=87732
|
|
|
|
With this change runlevel 2, 3, 4 are mapped to multi-user.target for
good, and 5 to graphical.target. This was already the previous mapping
but is now no longer reconfigurable, but hard-coded into the core.
This should generally simplify things, but also fix one bug: the
sysv-generator previously generated symlinks to runlevel[2-5].target
units, which possibly weren't picked up if these aliases were otherwise
only referenced by the real names "multi-user.target" and
"graphical.target".
We keep compat aliases "runlevel[2345].target" arround for cases where
this target name is explicitly requested.
|
|
|
|
|
|
This is similar to systemd-run's --property= setting.
|
|
The call iterates through cmsg list and closes all fds passed via
SCM_RIGHTS.
This patch also ensures the call is used wherever appropriate, where we
might get spurious fds sent and we should better close them, then leave
them lying around.
|
|
Make use of the new sd_bus_set_allow_interactive_authorization() call to
globally enable interactive authorization. Also, turn on PK agent for
more calls.
This allows us to make use of the sd_bus_call_method() convencience
helper at more places.
|