summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-22nspawn: add ability to run nspawn without container locks appliedLennart Poettering
This adds a new undocumented env var $SYSTEMD_NSPAWN_LOCK. When set to "0", nspawn will not attempt to lock the image. Fixes: #4037
2016-11-22shared: make sure image_path_lock() return parameters are always initialized ↵Lennart Poettering
on success We forgot to initialize the "global" return parameter in one case. Fix that.
2016-11-22nspawn: support ephemeral boots from imagesLennart Poettering
Previously --ephemeral was only supported with container trees in btrfs subvolumes (i.e. in combination with --directory=). This adds support for --ephemeral in conjunction with disk images (i.e. --image=) too. As side effect this fixes that --ephemeral was accepted but ignored when using -M on a container that turned out to be an image. Fixes: #4664
2016-11-21seccomp: add @filesystem syscall group (#4537)Lennart Poettering
@filesystem groups various file system operations, such as opening files and directories for read/write and stat()ing them, plus renaming, deleting, symlinking, hardlinking.
2016-11-21sd-event: fix sd_event_source_get_priority() (#4712)Martin Ejdestig
To properly store priority in passed in pointer and return 0 for success. Also add a test for verifying that it works correctly.
2016-11-21Merge pull request #4701 from martinpitt/networkd-polkitLennart Poettering
hostnamed: allow networkd to set the transient hostname
2016-11-21tests: check transient hostname with and without static hostnameMartin Pitt
We expect a static hostname to win over a transient one, so test both cases.
2016-11-20Merge pull request #4691 from keszybz/test-suite-fixesEvgeny Vereshchagin
Test suite fixes
2016-11-20hostnamed: allow networkd to set the transient hostnameMartin Pitt
systemd-networkd runs as user "systemd-network" and thus is not privileged to set the transient hostname: systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required. Standard polkit *.policy files do not have a syntax for granting privileges to a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules file (for polkit >= 106) that grants the "systemd-network" system user that privilege. Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to cover this. Make do_test() a bit more flexible by interpreting "coldplug==None" as "test sets up the interface by itself". Change DnsmasqClientTest to set up test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a special host name for that. Fixes #4646
2016-11-20test: clean up "dummy0" interface after each test case in networkd-test.pyMartin Pitt
2016-11-19test-functions: also add qemu define for ppc64Zbigniew Jędrzejewski-Szmek
2016-11-19hwdb: keyboard: Ignore brightness hotkey presses on MSI VR420 (model ↵Hans de Goede
MS-1422) (#4696) Add MSI VR420 (model MS-1422) to the list of MSI models which need to ignore brightness hotkey presses, as these are already reported through the acpi-video interface. Bug-link: https://bugzilla.redhat.com/show_bug.cgi?id=1270124 Reported-by: David Dreggors <dadreggors@gmail.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-11-18Merge pull request #4395 from s-urbaniak/rw-supportLennart Poettering
nspawn: R/W support for /sysfs, /proc, and /proc/sys/net
2016-11-18Merge pull request #4538 from fbuihuu/confirm-spawn-fixesLennart Poettering
Confirm spawn fixes/enhancements
2016-11-18tests/TEST-13-NSPAWN-SMOKE: add SYSTEMD_NSPAWN_API_VFS_WRITABLEEvgeny Vereshchagin
https://github.com/systemd/systemd/pull/4395
2016-11-18nspawn: R/W support for /sys, and /proc/sysSergiusz Urbaniak
This commit adds the possibility to leave /sys, and /proc/sys read-write. It introduces a new (undocumented) env var SYSTEMD_NSPAWN_API_VFS_WRITABLE to enable this feature. If set to "yes", /sys, and /proc/sys will be read-write. If set to "no", /sys, and /proc/sys will be read-only. If set to "network" /proc/sys/net will be read-write. This is useful in use-cases, where systemd-nspawn is used in an external network namespace. This adds the possibility to start privileged containers which need more control over settings in the /proc, and /sys filesystem. This is also a follow-up on the discussion from https://github.com/systemd/systemd/pull/4018#r76971862 where an introduction of a simple env var to enable R/W support for those directories was already discussed.
2016-11-17test-ipcrm: skip test if nfsnobody is missingZbigniew Jędrzejewski-Szmek
2016-11-17basic/process-util: we need to take the shorter of two stringsZbigniew Jędrzejewski-Szmek
==30496== Conditional jump or move depends on uninitialised value(s) ==30496== at 0x489F654: memcmp (vg_replace_strmem.c:1091) ==30496== by 0x49BF203: getenv_for_pid (process-util.c:678) ==30496== by 0x4993ACB: detect_container (virt.c:442) ==30496== by 0x182DFF: test_get_process_comm (test-process-util.c:98) ==30496== by 0x185847: main (test-process-util.c:368) ==30496==
2016-11-17test-process-util: bind mount fails under selinux, skip testZbigniew Jędrzejewski-Szmek
2016-11-17Merge pull request #4671 from poettering/namespace-bindZbigniew Jędrzejewski-Szmek
rework service namespace handling a bit
2016-11-17basic/env-uil: fix assertion failure in strv_env_replace (#4688)Zbigniew Jędrzejewski-Szmek
free_and_replace sets the setcond argument to NULL (it's designed to be used with _clenaup_ macros), and we don't want that here. Fixes #4684.
2016-11-17core: in confirm spawn, suggest 'f' when user selects 'n' choiceFranck Bui
2016-11-17core: confirm_spawn: always accept units with same_pgrp set for nowFranck Bui
For some reasons units remaining in the same process group as PID 1 (same_pgrp=true) fail to acquire the console even if it's not taken by anyone. So always accept for units with same_pgrp set for now.
2016-11-17core: include the unit name when notifying that a confirmation question ↵Franck Bui
timed out
2016-11-17core: add 'c' in confirmation_spawn to resume the boot processFranck Bui
2016-11-17core: add 'j' in confirmation_spawn to list the jobs that are in progressFranck Bui
2016-11-17core: add 'D' in confirmat spawn to show a full dump of the unit to spawnFranck Bui
2016-11-17core: add 'i' in confirm spawn to give a short summary of the unit to spawnFranck Bui
2016-11-17core: rework the confirmation spawn promptFranck Bui
Previously it was "[Yes, Fail, Skip]" which is pretty misleading because it suggests that the whole word needs to be entered instead of a single char. Also this won't fit well when we'll extend the number of choices. This patch addresses this by changing the choice hint with "[y, f, s – h for help]" so it's now clear that a single letter has to be entered. It also introduces a new choice 'h' which describes all possible choices since a single letter can be not descriptive enough for new users. It also allow to stick with the same hint string regardless of how many choices we will support.
2016-11-17core: limit the length of the confirmation questionFranck Bui
When "confirmation_spawn=1", the confirmation question can look like: Execute /usr/bin/kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf? [Yes, No, Skip] which is pretty verbose and might not fit in the console width size (which is usually 80 chars) and thus question will be splitted into 2 consecutive lines. However since the question is now refreshed every 2 secs, the reprinted question will overwrite the second line of the previous one... To prevent this, this patch makes sure that the command line won't be longer than 60 chars by ellipsizing it if the command is longer: Execute /usr/bin/kmod static-nodes --format=tmpfiles --output=/ru…nf? [Yes, No, View, Skip] A following patch will introduce a new choice that will allow the user to get details on the command to be executed so it will still be possible to see the full command line.
2016-11-17core: reprint the question every 2 sec in ask_char()Franck Bui
ask_char() now reprints the question every 2sec automatically. It prefixes its output with '\r' to to bring the cursor to the beginning of the terminal line, and then print the message, redoing it every 2sec. As long as nothing interferes with out output this logic will have no visible effect as we constantly overprint the visible text with the exact same text. However, if something is dumped in the middle, then our question won't get lost, as we'll ask soon again. This is useful if the question is asked to a terminal that is also used to dump some other status messages/logs. For example when confirmation messages are enabled during the boot (systemd.confirm_spawn=1), the question can easily be lost if the kernel logs are also enabled and both use the same console. Idea suggested by Lennart Poettering.
2016-11-17core: in confirm_spawn, the meaning of 'n' and 's' choices are confusingFranck Bui
Before this patch we had: - "no" which gives "failing execution" but the command is actually assumed as succeed. - "skip" which gives "skipping", but the command is assumed to have failed, which ends up with "Failed to start ..." on the console. Now we have: - "fail" which gives "failing execution" and the command is indeed assumed as failed. - "skip" which gives "skipping execution" and the command is assumed as succeed.
2016-11-17core: rework ask_for_confirmation()Franck Bui
Now the reponses are handled by ask_for_confirmation() as well as the report of any errors occuring during the process of retrieving the confirmation response. One benefit of this is that there's no need to open/close the console one more time when reporting error/status messages. The caller now just needs to care about the return values whose meanings are: - don't execute and pretend that the command failed - don't execute and pretend that the command succeeed - positive answer, execute the command Also some slight code reorganization and introduce write_confirm_error() and write_confirm_error_fd(). write_confim_message becomes unneeded.
2016-11-17core: allow to redirect confirmation messages to a different consoleFranck Bui
It's rather hard to parse the confirmation messages (enabled with systemd.confirm_spawn=true) amongst the status messages and the kernel ones (if enabled). This patch gives the possibility to the user to redirect the confirmation message to a different virtual console, either by giving its name or its path, so those messages are separated from the other ones and easier to read.
2016-11-17core: prevent the cylon when confirmation_spawn=yes (#2194)Franck Bui
When booting with systemd.confirm_spawn=true, the eye of cylon animation kicks in pretty quickly so user doesn't have any chance to answer the questions which services to start before the confirmation message is screwed by the cylon. This basically breaks the confirm_spawn functionality completely. This patch prevents the cylon animation to kick in when confirmation_spawn=yes. Fixes: #2194
2016-11-17update TODOLennart Poettering
2016-11-17namespace: clarify that /proc/apm is obsolete, but leave it blockedLennart Poettering
2016-11-17namespace: reindent namespace tablesLennart Poettering
Let's align all our BindMount tables, let's use the same column widths in all of them, and let's make them not any wider than necessary. This only changes whitespace, not contents of any of the tables.
2016-11-17namespace: simplify, optimize and extend handling of mounts for namespaceLennart Poettering
This changes a couple of things in the namespace handling: It merges the BindMount and TargetMount structures. They are mostly the same, hence let's just use the same structue, and rely on C's implicit zero initialization of partially initialized structures for the unneeded fields. This reworks memory management of each entry a bit. It now contains one "const" and one "malloc" path. We use the former whenever we can, but use the latter when we have to, which is the case when we have to chase symlinks or prefix a root directory. This means in the common case we don't actually need to allocate any dynamic memory. To make this easy to use we add an accessor function bind_mount_path() which retrieves the right path string from a BindMount structure. While we are at it, also permit "+" as prefix for dirs configured with ReadOnlyPaths= and friends: if specified the root directory of the unit is implicited prefixed. This also drops set_bind_mount() and uses C99 structure initialization instead, which I think is more readable and clarifies what is being done. This drops append_protect_kernel_tunables() and append_protect_kernel_modules() as append_static_mounts() is now simple enough to be called directly. Prefixing with the root dir is now done in an explicit step in prefix_where_needed(). It will prepend the root directory on each entry that doesn't have it prefixed yet. The latter is determined depending on an extra bit in the BindMount structure.
2016-11-17core: monitor the inotify file descriptor not the console one in ↵Franck Bui
acquire_terminal() When waiting for the terminal to be release in acquire_terminal(), we were monitoring the terminal fd instead of the inotify descriptor. Therefore any write accesses would wake up the waiting process instead of being wake up when the tty is closed only.
2016-11-17Merge pull request #4681 from keszybz/shorteningMartin Pitt
Shortening
2016-11-16Merge pull request #4678 from poettering/gc-deviceZbigniew Jędrzejewski-Szmek
Automatically GC device jobs when there's no need to keep them in the job queue anymore. Implement systemctl list-jobs --before/--after. Allow systemd-run -p After/Before/Wants/Requires= ...
2016-11-16core/dbus-job, systemctl: shorten some codeZbigniew Jędrzejewski-Szmek
2016-11-16systemctl: shorter list-jobs --before/--after output a bitZbigniew Jędrzejewski-Szmek
(before)$ systemctl list-jobs --before --after JOB UNIT TYPE STATE 8769 foobar.device start running A job waits for this job: 8669 (run-rb6da596d0cfa4e36b7c594cd973e795a.service/start) 8669 run-rb6da596d0cfa4e36b7c594cd973e795a.service start waiting This job waits for a job: 8769 (foobar.device/start) 2 jobs listed. (after)$ systemctl list-jobs --before --after JOB UNIT TYPE STATE 8769 foobar.device start running waiting for job 8669 (run-rb6da596d0cfa4e36b7c594cd973e795a.service/start) 8669 run-rb6da596d0cfa4e36b7c594cd973e795a.service start waiting blocking job 8769 (foobar.device/start) 2 jobs listed.
2016-11-16hwdb: fix airplane mode trigger when switching from laptop to desktop on HP ↵Francesco Brozzu
Pavilion x360 13 (#4680)
2016-11-16update TODOLennart Poettering
2016-11-16systemctl: show waiting jobs when "systemctl list-jobs --after/--before" is ↵Lennart Poettering
called Let's expose the new bus functions we added in the previous commit in systemctl.
2016-11-16core: add bus calls for determining jobs waiting for other jobsLennart Poettering
This should make it easier to debug job deadlocks.
2016-11-16system-run: add support for configuring unit dependencies with --property=Lennart Poettering
Support on the server side has already been in place for quite some time, let's also add support on the client side for this.
2016-11-16systemctl: add env var to force connection to system manager via the busLennart Poettering
Sometimes it is useful for debugging purposes to force systemctl to connect to PID 1 via the bus instead of direct connection, even if the direct connection is possible.