summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-22units: add nosuid and nodev options to tmp.mount (#3575)Martin Pitt
This makes privilege escalation attacks harder by putting traps and exploits into /tmp. https://bugs.debian.org/826377
2016-06-21man: document some sd-bus functions (#3567)mahkoh
* sd_bus_add_match * sd_bus_get_fd * sd_bus_message_read_basic * sd_bus_process
2016-06-21Do not ellipsize cgroups when showing slices in --full mode (#3560)Ian Lee
Do not ellipsize cgroups when showing slices in --full mode
2016-06-21emergency.service: Don't say "Welcome" when it's an emergency (#3569)Lennart Poettering
Quoting @cgwalters: Just uploading this as an RFC. Now I know reading the code that systemd says `Welcome to $OS` as a generic thing, but my initial impression on seeing this was that it was almost sarcastic =) Let's say "You are in emergency mode" as a more neutral/less excited phrase. This patch is based on #3556, but makes the same change for rescue mode.
2016-06-20core: log the right set of the supported controllers (#3558)Evgeny Vereshchagin
Jun 16 05:12:08 systemd[1]: Controller 'io' supported: yes Jun 16 05:12:08 systemd[1]: Controller 'memory' supported: yes Jun 16 05:12:08 systemd[1]: Controller 'pids' supported: yes instead of Jun 16 04:06:50 systemd[1]: Controller 'memory' supported: yes Jun 16 04:06:50 systemd[1]: Controller 'devices' supported: yes Jun 16 04:06:50 systemd[1]: Controller 'pids' supported: yes
2016-06-20Merge pull request #3564 from evverx/valgrind-tests-fixesRonny Chevalier
tests: fix memory leak, don't run test_get_process_cmdline_harder under valgrind
2016-06-19tests: don't run test_get_process_cmdline_harder under valgrindEvgeny Vereshchagin
See https://github.com/systemd/systemd/pull/3555#issuecomment-226564908
2016-06-19man: match runlevel symlinks recommendation with our makefile (#3563)Lukáš Nykrýn
In makefile we create symlinks runlevel5.target to graphical.target and runlevel2-4.target to multi-user.target. Let's say the same thing in systemd.special manpage.
2016-06-19tests: fix memory leak in test-keymap-utilEvgeny Vereshchagin
Fixes: ==27917== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==27917== at 0x4C28BF6: malloc (vg_replace_malloc.c:299) ==27917== by 0x55083D9: strdup (in /usr/lib64/libc-2.22.so) ==27917== by 0x1140DA: find_converted_keymap (keymap-util.c:524) ==27917== by 0x110844: test_find_converted_keymap (test-keymap-util.c:52) ==27917== by 0x1124FE: main (test-keymap-util.c:213) ==27917==
2016-06-18Ensure kdbus isn't used (#3501)Dave Reisner
Delete the dbus1 generator and some critical wiring. This prevents kdbus from being loaded or detected. As such, it will never be used, even if the user still has a useful kdbus module loaded on their system. Sort of fixes #3480. Not really, but it's better than the current state.
2016-06-17Merge pull request #3557 from whot/hwdb-updatesLennart Poettering
Hwdb updates
2016-06-17Revert "hwdb: change the Logitech MX500 to 1100 dpi (#3517)"Peter Hutterer
Likely bad measurement and all other websites refer to it being 1000dpi. See https://bugs.freedesktop.org/show_bug.cgi?id=96225#c13 This reverts commit e7b90ddc345d1817ca48bfcc4e3e73836c8051af.
2016-06-17hwdb: touchpad ranges for Dell Precision M4700Peter Hutterer
From https://bugs.freedesktop.org/show_bug.cgi?id=95417
2016-06-16process-util: fix two bugs in get_process_cmdline() (#3555)Lennart Poettering
See: https://github.com/systemd/systemd/pull/3529#issuecomment-226421007
2016-06-16Merge pull request #3546 from keszybz/systemctl-fixesLennart Poettering
Systemctl fixes
2016-06-16resolved: when restarting a transaction make sure to not touch it anymore ↵Lennart Poettering
(#3553) dns_transaction_maybe_restart() is supposed to return 1 if the the transaction has been restarted and 0 otherwise. dns_transaction_process_dnssec() relies on this behaviour. Before this change in case of restart we'd call dns_transaction_go() when restarting the lookup, returning its return value unmodified. This is wrong however, as that function returns 1 if the transaction is pending, and 0 if it completed immediately, which is a very different set of return values. Fix this, by always returning 1 on redirection. The wrong return value resulted in all kinds of bad memory accesses as we might continue processing a transaction that was redirected and completed immediately (and thus freed). This patch also adds comments to the two functions to clarify the return values for the future. Most likely fixes: #2942 #3475 #3484
2016-06-16update TODOLennart Poettering
2016-06-16systemctl: delay pager/polkit agent opening as much as possibleZbigniew Jędrzejewski-Szmek
In https://github.com/systemd/systemd/issues/3543, we would open the pager before starting ssh, and the pipe fd was "leaked" into the ssh child as the stderr fd. Previous commit fixes bus-socket to nullify stderr before launching the child, but it seems reasonable to also delay starting the pager. If we are going to croak when trying to open the transport, it seems better to do this before starting the pager. This commit would also fix #3543 on its own.
2016-06-16systemctl: make sure we terminate the bus connection first, and then close ↵Lennart Poettering
the pager (#3550) If "systemctl -H" is used, let's make sure we first terminate the bus connection, and only then close the pager. If done in this order ssh will get an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then terminate. This makes sure the standard error we were invoked on is released by ssh, and only that makes sure we don't deadlock on the pager which waits for all clients closing its input pipe. (Similar fixes for the various other xyzctl tools that support both pagers and -H) Fixes: #3543
2016-06-16Merge pull request #3511 from andir/networkd-vrfZbigniew Jędrzejewski-Szmek
networkd: add support for vrf interfaces (#3316)
2016-06-16Merge pull request #3481 from poettering/relative-memcgLennart Poettering
various changes, most importantly regarding memory metrics
2016-06-15Merge pull request #3537 from poettering/journal-stream-envZbigniew Jędrzejewski-Szmek
Permit services to detect whether their stdout/stderr is connected to the journal.
2016-06-16networkd: vrf: add support for enslaving devices to VRFsAndreas Rammhold
2016-06-16networkd: added support for vrf interfaces (#3316)Andreas Rammhold
2016-06-15load-fragment: ignore ENOTDIR/EACCES errors (#3510)Zbigniew Jędrzejewski-Szmek
If for whatever reason the file system is "corrupted", we want to be resilient and ignore the error, as long as we can load the units from a different place. Arch bug https://bugs.archlinux.org/task/49547. A user had an ntfs symlink (essentially a file) instead of a directory after restoring from backup. We should just ignore that like we would treat a missing directory, for general resiliency. We should treat permission errors similarly. For example an unreadable /usr/local/lib directory would prevent (user) instances of systemd from loading any units. It seems better to continue.
2016-06-15core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of ↵Lennart Poettering
executed services This permits services to detect whether their stdout/stderr is connected to the journal, and if so talk to the journal directly, thus permitting carrying of metadata. As requested by the gtk folks: #2473
2016-06-15execute: minor coding style improvementsLennart Poettering
2016-06-15systemctl: also fall back to ListUnitsFiltered on access deniedZbigniew Jędrzejewski-Szmek
When running systemctl from git on systemd from systemd-229-8.fc24.x86_64, ListUnitsByPatterns results in org.freedesktop.DBus.Error.AccessDenied.
2016-06-15systemctl: do not open pager twiceZbigniew Jędrzejewski-Szmek
Second attempt had no effect anyway.
2016-06-15socket-util: Run the fallback when the kernel complains about the null ↵Kai Ruhnau
buffer (#3541) Calling recv with a NULL buffer returns EFAULT instead of EOPNOTSUPP on older kernels (3.14). Fixes #3407 Signed-off-by: Kai Ruhnau <kai.ruhnau@target-sg.com>
2016-06-14Merge pull request #3540 from poettering/resolved-variousZbigniew Jędrzejewski-Szmek
three resolved fixes
2016-06-15tree-wide: htonl() is weird, let's use htobe32() instead (#3538)Lennart Poettering
Super-important change, yeah!
2016-06-14util-lib: rework get_process_cmdline() (#3529)Lennart Poettering
This reworks get_process_cmdline() quite substantially, fixing the following: - Fixes: https://github.com/systemd/systemd/pull/3512/commits/a4e3bf4d7ac2de51191ce136ee9361ba319e106c#r66837630 - The passed max_length is also applied to the "comm" name, if comm_fallback is set. - The right thing happens if max_length == 1 is specified - when the cmdline "foobar" is abbreviated to 6 characters the result is not "foobar" instead of "foo...". - trailing whitespace are removed before the ... suffix is appended. The 7 character abbreviation of "foo barz" is hence "foo..." instead of "foo ...". - leading whitespace are suppressed from the cmdline - a comprehensive test case is added
2016-06-14Merge pull request #3539 from keszybz/udevadm-man-fixLennart Poettering
Udevadm man fix
2016-06-14resolved: in the ResolveHostname() bus call, accept IP addresses with scopeLennart Poettering
When we get a literal IP address as string that includes a zone suffix, process this properly and return the parsed ifindex back to the client, and include it in the canonical name in case of a link-local IP address.
2016-06-14resolved: make sure we initialize the ifindex of direct zone answers properlyLennart Poettering
Previously, after checking the local zone for a reply and finding one we'd not initialize the answer ifindex from that. Let's fix that.
2016-06-14resolve: port resolve tool to in_addr_ifindex_{from_string_auto|to_string}()Lennart Poettering
We can reuse some code here, so let's do it.
2016-06-14man: fix option letter in udevadm control -eZbigniew Jędrzejewski-Szmek
-x never worked, so let's just correct the man page. Fixes #3524.
2016-06-14udevadm: trivial simplificationZbigniew Jędrzejewski-Szmek
2016-06-14update TODOLennart Poettering
2016-06-14unit: properly comment generated comments in unit filesLennart Poettering
Fix-up for 2a9a6f8ac04a69ca36d645f9305a33645f22a22b
2016-06-14sd-ndisc: add missing castLennart Poettering
Apparently newer gcc versions are a bit more forgiving when assigning an "unsigned char*" pointer to something of a different type. Let's add the missing cast so that old gcc versions are fine, too.
2016-06-14systemctl: allow percent-based MemoryLimit= settings via systemctl set-propertyLennart Poettering
The unit files already accept relative, percent-based memory limit specification, let's make sure "systemctl set-property" support this too. Since we want the physical memory size of the destination machine to apply we pass the percentage in a new set of properties that only exist for this purpose, and can only be set.
2016-06-14util: introduce physical_memory_scale() to unify how we scale by physical memoryLennart Poettering
The various bits of code did the scaling all different, let's unify this, given that the code is not trivial.
2016-06-14core: make sure to use "infinity" in unit files, not "max"Lennart Poettering
THe latter is a kernelism, we only understand "infinity".
2016-06-14core: when receiving a memory limit via the bus, refuse 0Lennart Poettering
When parsing unit files we already refuse unit memory limits of zero, let's also refuse it when the value is set via the bus.
2016-06-14man: minor fixesLennart Poettering
2016-06-14core: optionally, accept a percentage value for MemoryLimit= and related ↵Lennart Poettering
settings If a percentage is used, it is taken relative to the installed RAM size. This should make it easier to write generic unit files that adapt to the local system.
2016-06-14util-lib: introduce parse_percent() for parsing percent specificationsLennart Poettering
And port a couple of users over to it.
2016-06-14util: when determining the amount of memory on this system, take cgroup ↵Lennart Poettering
limit into account When determining the amount of RAM in the system, let's make sure we also read the root-level cgroup memory limit into account. This isn't particularly useful on the host, but in containers it makes sure that whatever memory the container got assigned is actually used for RAM size calculations.