summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-30dns-domain: make sure dns_name_to_wire_format() may properly encode the root ↵Lennart Poettering
domain The root domain consists of zero labels, and we should be able to encode that.
2015-11-30dns-domain: don't accept overly long hostnamesLennart Poettering
Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid() do not accept/generate invalidly long hostnames, i.e. longer than 253 characters.
2015-11-30dns-domain: be more strict when encoding/decoding labelsLennart Poettering
Labels of zero length are not OK, refuse them early on. The concept of a "zero-length label" doesn't exist, a zero-length full domain name however does (representing the root domain). See RFC 2181, Section 11.
2015-11-30Merge pull request #2068 from grawity/cgls-error-v2Lennart Poettering
cgls: add a better error message for missing cgroupfs [v2]
2015-11-30Merge pull request #2053 from poettering/selinux-fixDavid Herrmann
Two unrelated fixes
2015-11-30cgls: add a better error message for missing cgroupfsMantas Mikulėnas
2015-11-30Merge pull request #2063 from keszybz/issue-1977-2Lennart Poettering
journal: clean up permission setting and acl adjustements on user journals
2015-11-29tmpfiles: set acls on system.journal explicitlyZbigniew Jędrzejewski-Szmek
https://github.com/systemd/systemd/issues/1397
2015-11-29tmpfiles: also set acls on /var/log/journalZbigniew Jędrzejewski-Szmek
This way, directories created later for containers or for journald-remote, will be readable by adm & wheel groups by default, similarly to /var/log/journal/%m itself. https://github.com/systemd/systemd/issues/1971
2015-11-29Merge pull request #2058 from phomes/unused-variable2Ronny Chevalier
tree-wide: remove unused variables
2015-11-29tree-wide: remove unused variablesThomas Hindoe Paaboel Andersen
2015-11-28acl-util: only set the mask if not presentZbigniew Jędrzejewski-Szmek
When we have non-owner user or group entries, we need the mask for the acl to be valid. But acl_calc_mask() calculates the mask to include all permissions, even those that were masked before. Apparently this happens when we inherit *:r-x permissions from a parent directory — the kernel sets *:r-x, mask:r--, effectively masking the executable bit. acl_calc_mask() would set the mask:r-x, effectively enabling the bit. To avoid this, be more conservative when to add the mask entry: first iterate over all entries, and do nothing if a mask. This returns the code closer to J.A.Steffens' original version in v204-90-g23ad4dd884. Should fix https://github.com/systemd/systemd/issues/1977.
2015-11-28test-acl-util: add new testZbigniew Jędrzejewski-Szmek
For now, only add_acls_for_user is tested. When run under root, it actually sets the acls. When run under non-root, it sets the acls for the user, which does nothing, but at least calls the functions.
2015-11-27journal: move the gist of server_fix_perms to acl-util.[hc]Zbigniew Jędrzejewski-Szmek
Most of the function is moved to acl-util.c to make it possible to add tests in subsequent commit. Setting of the mode in server_fix_perms is removed: - we either just created the file ourselves, and the permission be better right, - or the file was already there, and we should not modify the permissions. server_fix_perms is renamed to server_fix_acls to better reflect new meaning, and made static because it is only used in one file.
2015-11-27libsystemd: make sure we prefix even the dirty secrets in our API with "_sd_"Lennart Poettering
This renames __useless_struct_to_allow_trailing_semicolon__ everywhere to _sd_useless_struct_to_allow_trailing_semicolon_, to follow our usual rule of prefixing stuff from public headers that should be considered internal with "_sd_". While we are at it, also to be safe: when the struct is used in the C++ protector macros make sure to use two different names depending on whether it appears in the C++ or C side of things. After all, there might be compilers that don't consider C++ and C structs the same. See https://github.com/systemd/systemd/pull/2052#discussion_r46067059
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27Merge pull request #2052 from poettering/export-cleanupDavid Herrmann
Make gcc cleanup helper calls public in most of our sd-xyz APIs
2015-11-27Merge pull request #2043 from teg/resolved-edns0-5Lennart Poettering
resolved: add edns0 support
2015-11-27resolved: add one more comment with a link to the matching RFCLennart Poettering
2015-11-27util-lib: move nss-util.h from shared/ to basic/Lennart Poettering
The header file defines some helpers for GLIBC NSS and doesn't include anything else but glibc headers, hence there's little reason to keep it in shared/. See: #2008
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27Merge pull request #2049 from evverx/journal-test-dont-run-on-incomplete-setupDaniel Mack
tests: don't run test on incomplete setup; use sync
2015-11-27tests: use sync instead of flushEvgeny Vereshchagin
flush doesn't sync a journal -> tests sometimes fail
2015-11-27Merge pull request #2048 from poettering/fork-errnoDaniel Mack
core:execute: fix fork() fail handling in exec_spawn()
2015-11-27tests: don't run test on incomplete setupEvgeny Vereshchagin
This is a follow-up commit for https://github.com/systemd/systemd/pull/1937 See https://github.com/systemd/systemd/pull/2030
2015-11-27core:execute: fix fork() fail handling in exec_spawn()lc85446
If pid < 0 after fork(), 0 is always returned because r = exec_context_load_environment() has exited successfully. This will make the caller of exec_spawn() not able to handle the fork() error case and make systemd abort assert() possibly.
2015-11-27Merge pull request #1833 from utezduyar/drop-warning-on-presetLennart Poettering
drop warning if setting preset worked anyways
2015-11-27Merge pull request #1937 from evverx/fix-stdout-parsingLennart Poettering
Fix stdout stream parsing
2015-11-27Merge pull request #2017 from haraldh/nobinddevice2Lennart Poettering
core: Do not bind a mount unit to a device, if it was from mountinfo
2015-11-27Merge pull request #1828 from fbuihuu/set-property-on-inactive-unitLennart Poettering
core: allow 'SetUnitProperties()' to run on inactive units too
2015-11-27Merge pull request #1989 from keszybz/filetriggers-v2Lennart Poettering
Return of the file triggers
2015-11-27Merge pull request #2040 from keszybz/randomized-delayLennart Poettering
core: rename Random* to RandomizedDelay*
2015-11-27Merge pull request #2046 from evverx/rlimit-parsingDaniel Mack
Fix rlimit parsing
2015-11-27core: dump rlim_cur tooEvgeny Vereshchagin
2015-11-27core: fix rlimit parsingEvgeny Vereshchagin
* refuse limits if soft > hard * print an actual value instead of (null) see https://github.com/systemd/systemd/pull/1994#issuecomment-159999123
2015-11-27Merge pull request #2030 from evverx/dont-run-tests-on-incomplete-setupDaniel Mack
tests: don't run tests on incomplete setup
2015-11-27Merge pull request #2044 from grawity/patch-1David Herrmann
resolved: fix typo in in_addr_is_localhost()
2015-11-27Merge pull request #2029 from teg/network-fixesMartin Pitt
Network fixes
2015-11-27resolved: fix typo in in_addr_is_localhost()Mantas Mikulėnas
2015-11-26Merge commit 'pr/2036^^'Zbigniew Jędrzejewski-Szmek
2015-11-27resolved: announce support for large UDP packetsTom Gundersen
This is often needed for proper DNSSEC support, and even to handle AAAA records without falling back to TCP. If the path between the client and server is fully compliant, this should always work, however, that is not the case, and overlarge packets will get mysteriously lost in some cases. For that reason, we use a similar fallback mechanism as we do for palin EDNS0, EDNS0+DO, etc.: The large UDP size feature is different from the other supported feature, as we cannot simply verify that it works based on receiving a reply (as the server will usually send us much smaller packets than what we claim to support, so simply receiving a reply does not mean much). For that reason, we keep track of the largest UDP packet we ever received, as this is the smallest known good size (defaulting to the standard 512 bytes). If announcing the default large size of 4096 fails (in the same way as the other features), we fall back to the known good size. The same logic of retrying after a grace-period applies.
2015-11-27resolved: set the DNSSEC OK (DO) flagTom Gundersen
This indicates that we can handle DNSSEC records (per RFC3225), even if all we do is silently drop them. This feature requires EDNS0 support. As we do not yet support larger UDP packets, this feature increases the risk of getting truncated packets. Similarly to how we fall back to plain UDP if EDNS0 fails, we will fall back to plain EDNS0 if EDNS0+DO fails (with the same logic of remembering success and retrying after a grace period after failure).
2015-11-27resolved: implement minimal EDNS0 supportTom Gundersen
This is a minimal implementation of RFC6891. Only default values are used, so in reality this will be a noop. EDNS0 support is dependent on the current server's feature level, so appending the OPT pseudo RR is done when the packet is emitted, rather than when it is assembled. To handle different feature levels on retransmission, we strip off the OPT RR again after sending the packet. Similarly, to how we fall back to TCP if UDP fails, we fall back to plain UDP if EDNS0 fails (but if EDNS0 ever succeeded we never fall back again, and after a timeout we will retry EDNS0).
2015-11-27resolved: rr - add OPT pseudo-rr supportTom Gundersen
Needed for EDNS0.
2015-11-27resolved: degrade the feature level on explicit failureTom Gundersen
Previously, we would only degrade on packet loss, but when adding EDNS0 support, we also have to handle the case where the server replies with an explicit error.
2015-11-27resolved: fallback to TCP if UDP failsTom Gundersen
This is inspired by the logic in BIND [0], follow-up patches will implement the reset of that scheme. If we get a server error back, or if after several attempts we don't get a reply at all, we switch from UDP to TCP for the given server for the current and all subsequent requests. However, if we ever successfully received a reply over UDP, we never fall back to TCP, and once a grace-period has passed, we try to upgrade again to using UDP. The grace-period starts off at five minutes after the current feature level was verified and then grows exponentially to six hours. This is to mitigate problems due to temporary lack of network connectivity, but at the same time avoid flooding the network with retries when the feature attempted feature level genuinely does not work. Note that UDP is likely much more commonly supported than TCP, but depending on the path between the client and the server, we may have more luck with TCP in case something is wrong. We really do prefer UDP though, as that is much more lightweight, that is why TCP is only the last resort. [0]: <https://kb.isc.org/article/AA-01219/0/Refinements-to-EDNS-fallback-behavior-can-cause-different-outcomes-in-Recursive-Servers.html>
2015-11-27Merge pull request #2042 from poettering/resolved-various-3Tom Gundersen
resolved: Flush caches more agressively, fixes #2038
2015-11-27update TODOLennart Poettering
2015-11-27resolved: never cache RRs originating from localhostLennart Poettering
After all, this is likely a local DNS forwarder that caches anyway, hence there's no point in caching twice. Fixes #2038.
2015-11-27resolved: flush the global DNS cache if /etc/resolv.conf is touchedLennart Poettering
After all /etc/resolv.conf is usually done when the network configuration changes, which is a good reason to flush the global cache. See: #2038