summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-05-09Merge pull request #3209 from poettering/nspawn-network-zonesZbigniew Jędrzejewski-Szmek
introduce simple "network zones" concept to nspawn
2016-05-09update TODOLennart Poettering
2016-05-09nspawn: only remove veth links we created ourselvesLennart Poettering
Let's make sure we don't remove veth links that existed before nspawn was invoked. https://github.com/systemd/systemd/pull/3209#discussion_r62439999
2016-05-09network: Make sure we log about parse errors for ifname listsLennart Poettering
Fix-up for 93e2822684b37a4eeef03775a7a1f44a3055d7b2
2016-05-09network: allow LLDP packets to cross non-customer bridges for container ↵Lennart Poettering
network interfaces This changes the default .network files we ship for nspawn containers to set EmitLLDP=customer-bridge in order to allow propagation of the LLDP packets across bridges. This is useful so that "networkctl status" shows all peers connected to a virtual container network, collecting this data via LLDP. This is safe since the default configuration for these interfaces does not bridge these links to external interfaces, but relies on IP routing for this.
2016-05-09networkd: reworkd LLDP emission to allow control of propagation levelLennart Poettering
This allows selecting the propagation level of emitted LLDP packets (specifically: the destination MAC address of the packets). This is useful because it allows generating LLDP packets that optionally cross certain types of bridges. See 802.11ab-2009, Table 7-1 for details.
2016-05-09tree-wide: port more code to use ifname_valid()Lennart Poettering
2016-05-09man: add documentation for the new --network-zone= concept of nspawnLennart Poettering
2016-05-09network: add automatic configuration for the networks created by nspawn ↵Lennart Poettering
--network-zone= This way, they "just work", similar to --network-veth behaves, as long as networkd is enabled and running on all involved nodes.
2016-05-09nspawn: add new --network-zone= switch for automatically managed bridge devicesLennart Poettering
This adds a new concept of network "zones", which are little more than bridge devices that are automatically managed by nspawn: when the first container referencing a bridge is started, the bridge device is created, when the last container referencing it is removed the bridge device is removed again. Besides this logic --network-zone= is pretty much identical to --network-bridge=. The usecase for this is to make it easy to run multiple related containers (think MySQL in one and Apache in another) in a common, named virtual Ethernet broadcast zone, that only exists as long as one of them is running, and fully automatically managed otherwise.
2016-05-09util-lib: add new ifname_valid() call that validates interface namesLennart Poettering
Make use of this in nspawn at a couple of places. A later commit should port more code over to this, including networkd.
2016-05-09man: document that nspawn's host0 and ve-* interfaces have default config in ↵Lennart Poettering
networkd
2016-05-09Merge pull request #3222 from keszybz/tests-workLennart Poettering
Some small fixes to make it easier to run tests and fix failure in TEST-{02,08}
2016-05-08TEST-08: make sure / is remounted rwZbigniew Jędrzejewski-Szmek
In this test /etc/fstab is replaced by -.mount unit. This causes systemd-remount-fs.service to not remount / rw, which in turn causes various failures becuase /var is not writable. In particular systemd-tmpfiles-setup.service reports many failures. This is something to possibly fix on its own (see https://github.com/systemd/systemd/issues/791); in the meanwhile let's fix this test so that it doesn't fail, since the point of the test is to check aliases on mount units, and not a ro root.
2016-05-08tests: enable logging for pid1, disable for other systemd servicesZbigniew Jędrzejewski-Szmek
systemd-udev generated an insane amount of log output at debug level. It would break TEST-02-CRYPTSETUP by filling the overflowing the disk (which seems to be a bug in itself!).
2016-05-08tests: allow root to login with empty password to test imagesZbigniew Jędrzejewski-Szmek
2016-05-08tree-wide: remove uses of --failedZbigniew Jędrzejewski-Szmek
It has been replaced by --state=failed.
2016-05-08tests: specify format=raw for qemu to avoid warningZbigniew Jędrzejewski-Szmek
WARNING: Image format was not specified for '/var/tmp/systemd-test.tGi3od/rootdisk.img' and probing guessed raw. Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. Specify the 'raw' format explicitly to remove the restrictions. Also use unsafe caching mode, we don't care about data integrity here.
2016-05-08Merge pull request #3202 from poettering/socket-fixesMartin Pitt
don't reopen socket fds when reloading the daemon
2016-05-07NEWS: typo fix and american english (#3219)Thomas H. P. Andersen
2016-05-07Merge pull request #3205 from poettering/iaidZbigniew Jędrzejewski-Szmek
more dhcp fixes
2016-05-07Merge pull request #3160 from htejun/cgroup-fixes-rev2Zbigniew Jędrzejewski-Szmek
Cgroup fixes.
2016-05-07Merge pull request #3215 from keszybz/news-and-other-small-cleanupsLennart Poettering
News and other small cleanups
2016-05-07Merge pull request #3191 from poettering/cgroups-agent-dgramEvgeny Vereshchagin
core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification
2016-05-07NEWS: machinectl and loginctl also support --valueZbigniew Jędrzejewski-Szmek
2016-05-07systemctl: do not print header if no units will be listedZbigniew Jędrzejewski-Szmek
"0 units listed." is still printed.
2016-05-07systemctl: rewrite code to explicitly take care of n_units==0 caseZbigniew Jędrzejewski-Szmek
Coverity was complaing, but it was a false positive (CID #1354669). Nevertheless, it's better to rewrite the code so that units is never null.
2016-05-07Merge pull request #3210 from evverx/expose-usecEvgeny Vereshchagin
core: expose TriggerLimitIntervalUSec, dump TriggerLimitIntervalSec and TriggerLimitBurst too
2016-05-07Merge pull request #3212 from dmedri/masterLennart Poettering
Minor fixes and .po updates
2016-05-07NEWS: minor fixesDaniele Medri
2016-05-07italian: .po updatesDaniele Medri
2016-05-06tests: add test for #3171 (#3206)Evgeny Vereshchagin
2016-05-06core: dump TriggerLimitIntervalSec and TriggerLimitBurst tooEvgeny Vereshchagin
2016-05-06core: expose TriggerLimitIntervalUSecEvgeny Vereshchagin
Before: $ systemctl show --property TriggerLimitIntervalSec test.socket TriggerLimitIntervalSec=2000000 After: $ systemctl show --property TriggerLimitIntervalUSec test.socket TriggerLimitIntervalUSec=2s
2016-05-06core: update the right mtime after finishing writing of transient units (#3203)Lennart Poettering
Fixes: #3194
2016-05-06man: link the part about [DHCP] to the DHCP= explanationLennart Poettering
2016-05-06man: move IPv6 note to the right sectionLennart Poettering
Make the XML validate again.
2016-05-06networkd: move the IAID configuration option into the [DHCP] sectionLennart Poettering
It's only relevant to DHCP, and it should be where the DUID is configured too.
2016-05-06systemctl: indentation fixLennart Poettering
2016-05-06NEWS: bring NEWS a bit up-to-dateLennart Poettering
2016-05-06core: rework how we flush incoming traffic when a socket unit goes downLennart Poettering
Previously, we'd simply close and reopen the socket file descriptors. This is problematic however, as we won't transition through the SOCKET_CHOWN state then, and thus the file ownership won't be correct for the sockets. Rework the flushing logic, and actually read any queued data from the sockets for flushing, and accept any queued messages and disconnect them.
2016-05-06core: don't implicit open missing socket fds on daemon reloadLennart Poettering
Previously, when the daemon was reloaded and the configuration of a socket unit file was changed so that a different set of socket ports was defined for the socket we'd simply reopen the socket fds not yet open. This is problematic however, as this means the SOCKET_CHOWN state is not run for them, and thus their UID/GID is not corrected. With this change, don't open the missing file descriptors, but log about this issue, and ask the user to restart the socket explicit, to make sure all missing fds are opened. Fixes: #3171
2016-05-06core: split out selinux label retrieval logic into a function of its ownLennart Poettering
This should bring no behavioural change.
2016-05-06Merge pull request #3201 from ssahani/net-wordLennart Poettering
networkd lib: cleanup FOREACH_WORD
2016-05-06networkd: route fix commentSusant Sahani
2016-05-06networkd: cleanup FOREACH_WORDSusant Sahani
2016-05-05Merge pull request #3190 from poettering/logind-fixesZbigniew Jędrzejewski-Szmek
2016-05-06Merge pull request #3198 from poettering/trigger-timeout-defaultsEvgeny Vereshchagin
change trigger timeout defaults
2016-05-05logind: drop pointless UINT64_C() macro useLennart Poettering
2016-05-05logind: enforce a limit on inhibitors we hand outLennart Poettering
For similar reasons as the recent addition of a limit on sessions. Note that we don't enforce a limit on inhibitors per-user currently, but there's an implicit one, since each inhibitor takes up one fd, and fds are limited via RLIMIT_NOFILE, and the limit on the number of processes per user.