summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-03test: test DynamicUser= with SupplementaryGroups=Djalal Harouni
2016-11-03test: test DynamicUser= with a fixed userDjalal Harouni
2016-11-03core: intialize user aux groups and SupplementaryGroups= when DynamicUser= ↵Djalal Harouni
is set Make sure that when DynamicUser= is set that we intialize the user supplementary groups and that we also support SupplementaryGroups= Fixes: https://github.com/systemd/systemd/issues/4539 Thanks Evgeny Vereshchagin (@evverx)
2016-11-02Merge pull request #4547 from keszybz/two-testsuite-tweaksLennart Poettering
Two testsuite tweaks
2016-11-02Merge pull request #4546 from keszybz/xsprintf-revertLennart Poettering
xsprintf revert
2016-11-02parse_hwdb: add import fallback for python2Zbigniew Jędrzejewski-Szmek
2016-11-02udev/udev-watch: calculate the real buffer sizes neededZbigniew Jędrzejewski-Szmek
2016-11-02Do not raise in switch root if paths are too longZbigniew Jędrzejewski-Szmek
If we encounter the (unlikely) situation where the combined path to the new root and a path to a mount to be moved together exceed maximum path length, we shouldn't crash, but fail this path instead.
2016-11-02sd-bus: use PRIu64 instead of castingZbigniew Jędrzejewski-Szmek
2016-11-02Revert some uses of xsprintfZbigniew Jędrzejewski-Szmek
This reverts some changes introduced in d054f0a4d4. xsprintf should be used in cases where we calculated the right buffer size by hand (using DECIMAL_STRING_MAX and such), and never in cases where we are printing externally specified strings of arbitrary length. Fixes #4534.
2016-11-02Merge pull request #4481 from poettering/perpetualZbigniew Jędrzejewski-Szmek
Add "perpetual" unit concept, sysctl fixes, networkd fixes, systemctl color fixes, nspawn discard.
2016-11-02Merge pull request #4542 from poettering/v232prepZbigniew Jędrzejewski-Szmek
preparation for 232
2016-11-02core: make a constant table actually constantLennart Poettering
2016-11-02core: don't hit an assert when printing status messages about units with ↵Lennart Poettering
overly long description strings This essentially reverts one part of d054f0a4d451120c26494263fc4dc175bfd405b1. (We might also choose to use proper ellipsation here, but I wasn't sure the memory allocation this requires wouöld be a good idea here...) Fixes: #4534
2016-11-02man: fix two typos (is → are) (#4544)Lucas Werkmeister
2016-11-02Merge pull request #4456 from keszybz/stored-fdsLennart Poettering
Preserve stored fds over service restart
2016-11-02systemctl: fix incorrect "need reload" on cat (#4535)Lucas Werkmeister
Reported by @evverx in #4493.
2016-11-02Merge pull request #4483 from poettering/exec-orderLennart Poettering
more seccomp fixes, and change of order of selinux/aa/smack and seccomp application on exec
2016-11-02build-sys: bump package and library version in preparation for v232Lennart Poettering
2016-11-02add two additional entries to NEWSLennart Poettering
2016-11-02NEWS: add contributor list to news fileLennart Poettering
Unfortunately, github drops the original commiter when a PR is "squashed" (even if it is only a single commit) and replaces it with some rubbish github-specific user id. Thus, to make the contributors list somewhat useful, update the .mailmap file and undo all the weirdness github applied there.
2016-11-02pid1: fix fd memleak when we hit FileDescriptorStoreMax limitZbigniew Jędrzejewski-Szmek
Since service_add_fd_store() already does the check, remove the redundant check from service_add_fd_store_set(). Also, print a warning when repopulating FDStore after daemon-reexec and we hit the limit. This is a user visible issue, so we should not discard fds silently. (Note that service_deserialize_item is impacted by the return value from service_add_fd_store(), but we rely on the general error message, so the caller does not need to be modified, and does not show up in the diff.)
2016-11-02core: change mount_synthesize_root() return to intLennart Poettering
Let's propagate the error here, instead of eating it up early. In a later change we should probably also change mount_enumerate() to propagate errors up, but that would mean we'd have to change the unit vtable, and thus change all unit types, hence is quite an invasive change.
2016-11-02networkd: flush DNSSL/RDNSS lists when we lose carrierLennart Poettering
Fixes: #3870
2016-11-02netword: minor memory leak fixLennart Poettering
2016-11-02nspawn: if we set up a loopback device, try to mount it with "discard"Lennart Poettering
Let's make sure that our loopback files remain sparse, hence let's set "discard" as mount option on file systems that support it if the backing device is a loopback.
2016-11-02systemctl: tweak the "systemctl list-units" output a bitLennart Poettering
Make the underlining between the header and the body and between the units of different types span the whole width of the table. Let's never make the table wider than necessary (which is relevant due the above). When space is limited and we can't show the full ID or description string prefer showing the full ID over the full description. The ID is after all something people might want to copy/paste, while the description is mostly just helpful decoration.
2016-11-02systemctl: properly turn off color after active columnLennart Poettering
If we turn on red color for the active column and it is not combined with underlining, then we need to turn it off explicitly afterwards. Do that.
2016-11-02sysctl: minor simplificationLennart Poettering
Let's place only one ternary operator.
2016-11-02sysctl: no need to check for eof twiceLennart Poettering
Let's only check for eof once after the fgets(). There's no point in checking EOF before the first read, and twice in each loop.
2016-11-02sysctl: when failing to process a config line, show line nrLennart Poettering
2016-11-02sysctl: split out condition check into its own functionLennart Poettering
This way, we can get rid of a label/goto.
2016-11-02sysctl: do not fail systemd-sysctl.service if /proc/sys is mounted read-onlyLennart Poettering
Let's make missing write access to /proc/sys non-fatal to the sysctl service. This is a follow-up to 411e869f497c7c7bd0688f1e3500f9043bc56e48 which altered the condition for running the sysctl service to check for /proc/sys/net being writable, accepting that /proc/sys might be read-only. In order to ensure the boot-up stays clean in containers lower the log level for the EROFS errors generated due to this.
2016-11-02unit: unify some code with new unit_new_for_name() callLennart Poettering
2016-11-02core: make the root mount perpetual tooLennart Poettering
Now that have a proper concept of "perpetual" units, let's make the root mount one too, since it also cannot go away.
2016-11-02core: rework the "no_gc" unit flag to become a more generic "perpetual" flagLennart Poettering
So far "no_gc" was set on -.slice and init.scope, to units that are always running, cannot be stopped and never exist in an "inactive" state. Since these units are the only users of this flag, let's remodel it and rename it "perpetual" and let's derive more funcitonality off it. Specifically, refuse enqueing stop jobs for these units, and report that they are "unstoppable" in the CanStop bus property.
2016-11-02core: initialize groups list before checking SupplementaryGroups= of a unit ↵Djalal Harouni
(#4533) Always initialize the supplementary groups of caller before checking the unit SupplementaryGroups= option. Fixes https://github.com/systemd/systemd/issues/4531
2016-11-02tests: make sure tests pass when invoked in "sudo"Lennart Poettering
This is a follow-up for 6309e51ea32d64524431ee65c49eecd44390da8f and makes sure we compare test results with the right user identifier.
2016-11-02man: document that too strict system call filters may affect the service managerLennart Poettering
If execve() or socket() is filtered the service manager might get into trouble executing the service binary, or handling any failures when this fails. Mention this in the documentation. The other option would be to implicitly whitelist all system calls that are required for these codepaths. However, that appears less than desirable as this would mean socket() and many related calls have to be whitelisted unconditionally. As writing system call filters requires a certain level of expertise anyway it sounds like the better option to simply document these issues and suggest that the user disables system call filters in the service temporarily in order to debug any such failures. See: #3993.
2016-11-02execute: apply seccomp filters after changing selinux/aa/smack contextsLennart Poettering
Seccomp is generally an unprivileged operation, changing security contexts is most likely associated with some form of policy. Moreover, while seccomp may influence our own flow of code quite a bit (much more than the security context change) make sure to apply the seccomp filters immediately before executing the binary to invoke. This also moves enforcement of NNP after the security context change, so that NNP cannot affect it anymore. (However, the security policy now has to permit the NNP change). This change has a good chance of breaking current SELinux/AA/SMACK setups, because the policy might not expect this change of behaviour. However, it's technically the better choice I think and should hence be applied. Fixes: #3993
2016-11-02seccomp: add two new syscall groupsLennart Poettering
@resources contains various syscalls that alter resource limits and memory and scheduling parameters of processes. As such they are good candidates to block for most services. @basic-io contains a number of basic syscalls for I/O, similar to the list seccomp v1 permitted but slightly more complete. It should be useful for building basic whitelisting for minimal sandboxes
2016-11-02man: two minor fixesLennart Poettering
2016-11-02seccomp: include pipes and memfd in @ipcLennart Poettering
These system calls clearly fall in the @ipc category, hence should be listed there, simply to avoid confusion and surprise by the user.
2016-11-02seccomp: drop execve() from @process listLennart Poettering
The system call is already part in @default hence implicitly allowed anyway. Also, if it is actually blocked then systemd couldn't execute the service in question anymore, since the application of seccomp is immediately followed by it.
2016-11-02seccomp: add clock query and sleeping syscalls to "@default" groupLennart Poettering
Timing and sleep are so basic operations, it makes very little sense to ever block them, hence don't.
2016-11-02update TODOLennart Poettering
2016-11-01udev: net_id: add support for phys_port_name attribute (#4506)Jiří Pírko
Switch drivers uses phys_port_name attribute to pass front panel port name to user. Use it to generate netdev names. Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2016-11-01tests: add test that journald keeps fds over termination by signalEvgeny Vereshchagin
This test fails before previous commit, and passes with it.
2016-11-01core: when restarting services, don't close fdsZbigniew Jędrzejewski-Szmek
We would close all the stored fds in service_release_resources(), which of course broke the whole concept of storing fds over service restart. Fixes #4408.
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…