summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-07-28Merge pull request #362 from d-hatayama/fix_selinux_unit_check_v2Lennart Poettering
selinux: fix missing SELinux unit access check
2015-07-28Merge pull request #748 from teg/dns-name-between-4Daniel Mack
basic: dns-name - between()
2015-07-28Merge pull request #739 from intelfx/systemd-analyze-plot-user-instanceDaniel Mack
analyze: correctly draw the plot for user instances.
2015-07-28analyze: correctly draw the plot for user instancesIvan Shapovalov
Start-up timestamp of a user instance (userspace_time in struct boot_times) actually may be arbitrarily big. This, because all timestamps are offset by that value, leads to creation of arbitrarily wide SVGs which almost completely consist of blank space. Fix this by inverse-offsetting all timestamps by that value if user instance operation is requested. Fixes #740.
2015-07-28TODOTom Gundersen
2015-07-28shared: dns-name - add dns_name_between()Tom Gundersen
Given three DNS names this function indicates if the second argument lies strictly between the first and the third according to the canonical DNS name order. Note that the order is circular, so the last name is considered to be before the first.
2015-07-28shared: dns-name - use the canonical dns name orderingTom Gundersen
The canonical DNS name ordering considers the rightmost label the most significant, we were considering it the least significant. This is important when implementing NSEC, which relies on the correct order.
2015-07-28shared: dns-name - introduce dns_label_unescape_suffix()Tom Gundersen
Intended to be called repeatedly, and returns then successive unescaped labels from the most to the least significant (left to right). This is slightly inefficient as it scans the string three times (two would be sufficient): once to find the end of the string, once to find the beginning of each label and lastly once to do the actual unescaping. The latter two could be done in one go, but that seemed unnecessarily convoluted.
2015-07-28analyze: move acquire_boot_times() above acquire_time_data()Ivan Shapovalov
Next patch will make the latter call into the former.
2015-07-27NEWS: follow VNetHeader renameDaniel Mack
VnetHeader was renamed to VNetHeader just now. Update NEWS accordingly.
2015-07-27Merge pull request #744 from poettering/vnethdr-fixDaniel Mack
networkd: capitalize VNetHeader= as VnetHeader=
2015-07-27Merge pull request #746 from teg/resolved-connect-udpLennart Poettering
resolved: UDP fixes
2015-07-27util: base32hex - explain distinction with base32Tom Gundersen
2015-07-27resolved: transaction - don't explicitly verify packet sourceTom Gundersen
This is handled by the kernel now that the socket is connect()ed.
2015-07-27resolved: transaction - don't unref server when creating TCP socketTom Gundersen
This was a bug.
2015-07-27resolved: scope - write() unicast DNS packetsTom Gundersen
As we have connect()ed to the desired DNS server, we no longer need to pass control messages manually when sending packets. Simplify the logic accordingly.
2015-07-27resolved: transaction - introduce dns_transaction_emit()Tom Gundersen
This function emits the UDP packet via the scope, but first it will determine the current server (and connect to it) and store the server in the transaction. This should not change the behavior, but simplifies the code.
2015-07-27networkd: capitalize VNetHeader= as VnetHeader=Lennart Poettering
Even when we use shortened, combined words, we still should uppercase where a new word starts. I couldn't find a canonically capitalized version of this term, hence I think we should follow our naming rules here.
2015-07-27resolved: transaction - move a couple of functionsTom Gundersen
No functional change, but makes follow-up patch clearer.
2015-07-27resolved: transaction - move DNS UDP socket creation to the scopeTom Gundersen
With access to the server when creating the socket, we can connect() to the server and hence simplify message sending and receiving in follow-up patches.
2015-07-27resolved: transaction - close socket when changing serverTom Gundersen
Close the socket when changing the server in a transaction, in order for it to be reopened with the right server when we send the next packet. This fixes a regression where we could get stuck with a failing server.
2015-07-27resolved: transaction - don't request PKTINFO for unicast DNSTom Gundersen
This was only ever used by LLMNR, so don't request this for unicast DNS packets.
2015-07-27resloved: transaction - unify IPv4 and IPv6 socketsTom Gundersen
A transaction can only have one socket at a time, so no need to distinguish these.
2015-07-27sd-bus: fix path of object-manager signalsDavid Herrmann
Each signal of the ObjectManager interface carries the path of the object in question as an argument. Therefore, a caller will deduce the object this signal is generated for, by parsing the _argument_. A caller will *not* use the object-path of the message itself (i.e., message->path). This is done on purpose, so the caller can rely on message->path to be the path of the actual object-manager that generated this signal, instead of the path of the object that triggered this signal. This commit fixes all InterfacesAdded/Removed signals to use the path of the closest object-manager as message->path. 'closest' in this case means closest parent with at least one object-manager registered. This fix raises the question what happens if we stack object-managers in a hierarchy. Two implementations are possible: First, we report each object only on the nearest object-manager. Second, we report it on each parent object-manager. This patch chooses the former. This is compatible with other existing ObjectManager implementations, which are required to call GetManagedObjects() recursively on each object they find, which implements the ObjectManager interface.
2015-07-27NEWS: group systemd-networkd itemsDaniel Mack
… for better readability.
2015-07-27NEWS: fix typosKay Sievers
2015-07-27Merge pull request #738 from poettering/machined-capsDaniel Mack
units: add more caps to machined
2015-07-27NEWS: add entries for v223David Herrmann
New features and API changes for v223. Please review carefully and amend!
2015-07-27units: add more caps to machinedLennart Poettering
Otherwise copying full directory trees between container and host won't work, as we cannot access some fiels and cannot adjust the ownership properly on the destination. Of course, adding these many caps to the daemon kinda defeats the purpose of the caps lock-down... but well... Fixes #433
2015-07-27bus-proxy: augment debug message for dropped broadcasts a bitDaniel Mack
Add the PID we are proxying for, as well as the message's sender and destination string, to the debug message that is printed when the proxy drops unmatched broadcasts.
2015-07-26networkd-wait-online: fix -i argumentMartin Pitt
-i (aka --interface) takes an argument. Tell getopt_long() that, so that optarg isn't NULL.
2015-07-26Merge pull request #716 from michaelolbrich/automount-fixesKay Sievers
Automount fixes
2015-07-26Merge pull request #724 from dbuch/masterKay Sievers
proxyd: downgrade to log_debug() for unmatched broadcasts
2015-07-26systemd-boot: fix whitespaceKay Sievers
2015-07-26Merge pull request #634 from icarlosvenegas/sd-boot-show-efi-cmdline_v2Kay Sievers
sd-boot: Show stub cmdline when edit (v2)
2015-07-25Merge pull request #727 from phomes/masterTom Gundersen
man: typo fixes
2015-07-25Merge pull request #725 from keszybz/network-file-maskingTom Gundersen
man: describe masking of .network files better
2015-07-25man: typo fixesThomas Hindoe Paaboel Andersen
2015-07-25man: describe masking of .network files betterZbigniew Jędrzejewski-Szmek
This should clear up some confusion in https://github.com/systemd/systemd/issues/717. This basically copies the description from systemd.unit to this man page. Masking can happen also in /run, so strike the part about /etc, and also add the magic work "mask".
2015-07-25proxyd: downgrade to log_debug() for unmatched broadcastsDaniel Buch
2015-07-25Merge pull request #722 from keszybz/networkd-clarificationsDaniel Mack
Networkd clarifications
2015-07-24networkd: rename RootBlock to AllowPortToBeRootZbigniew Jędrzejewski-Szmek
Justification is similar to BPDUGuard rename. "Positive" values are easier. This is a rather uncommon option, so using a slightly longer name should not be a problem, and may in fact may make it easier to guess what the option does without reading the documentation.
2015-07-24networkd: turn UnicastFlood on by defaultZbigniew Jędrzejewski-Szmek
Looking at the kernel commit, "on" seems to be the default value: commit 867a59436fc35593ae0e0efcd56cc6d2f8506586 Author: Vlad Yasevich <vyasevic@redhat.com> Date: Wed Jun 5 10:08:01 2013 -0400 bridge: Add a flag to control unicast packet flood. Add a flag to control flood of unicast traffic. By default, flood is on and the bridge will flood unicast traffic if it doesn't know the destination. When the flag is turned off, unicast traffic without an FDB will not be forwarded to the specified port. ... and it seems to be the reasonable thing to do by default.
2015-07-24networkd: rename BPDUGuard to UseBPDUZbigniew Jędrzejewski-Szmek
Rename to follow the follow the style of other options. In general "positive" options are preferred to "negative" ones, because they are easier to describe and easier for humans to parse (c.f. the shortening on the man page entry).
2015-07-24man: reword new Bridge descriptionsZbigniew Jędrzejewski-Szmek
2015-07-24network: rename DiffServiceCodePoint to CopyDSCPZbigniew Jędrzejewski-Szmek
Old name was slightly misleading, because this flag does not determine whether DSCP is used overall, but only if it is copied to the decapsulated packet. Rename to better reflect that. "Copy" does not imply direction. This is on purpose, because we might later on enhance the setting to allow/disallow copying in the other direction, to the encapsulated packet. If that is implemented, CopyDSCP could understand additional values. This is nicer than having two separate settings and follows the example of DHCP=. Also, we try to avoid abbreviations, but we allow acronyms like MTU, in DiscoverPathMTU=. This setting was recently added, so it's fine to rename it without backwards compat.
2015-07-24man: try to better describe DiffServiceCodePoint= settingZbigniew Jędrzejewski-Szmek
http://marc.info/?l=linux-netdev&m=109507453227993&w=2
2015-07-24netlink-types: use consistent whitespace at EOLZbigniew Jędrzejewski-Szmek
Follow up for v222-124-g79e27dbcb1.
2015-07-24man: reword description of Hostname=Zbigniew Jędrzejewski-Szmek
Also add dots at the end of sentences.
2015-07-25bootctl: add missing newlineKay Sievers