summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-23resolved: when processing auxiliary DNSSEC transactions, accept those with ↵Lennart Poettering
SERVFAIL Some upstream DNS servers return SERVFAIL if we ask them for DNSSEC RRs, which some forwarding DNS servers pass on to us as SERVFAIL (other though as NOERROR...). This is should not be considered a problem, as long as the domain in question didn't have DNSSEC enabled. Hence: when making use of auxiliary transactions accept those that return SERVFAIL.
2016-06-23resolved: when caching replies, check rcode earlierLennart Poettering
This way we don't log complaints about packets without SOA in case we are not caching it anyway because the rcode is not SUCCESS or NXDOMAIN...
2016-06-23resolved: rework SERVFAIL handlingLennart Poettering
There might be two reasons why we get a SERVFAIL response from our selected DNS server: because this DNS server itself is bad, or because the DNS server actually serving the zone upstream is bad. So far we immediately downgraded our server feature level when getting SERVFAIL, under the assumption that the first case is the only possible case. However, this meant we'd downgrade immediately even if we encountered the second case described above. With this commit handling of SERVFAIL is reworked. As soon as we get a SERVFAIL on a transaction we retry the transaction with a lower feature level, without changing the feature level tracked for the DNS server itself. If that fails too, we downgrade further, and so on. If during this downgrading the SERVFAIL goes away we assume that the DNS server we are talking to is bad, but the zone is fine and propagate the detected feature level to the information we track about the DNS server. Should the SERVFAIL not go away this way we let the transaction fail and accept the SERVFAIL.
2016-06-23udev: bump TasksMax to inifinity (#3593)Franck Bui
udevd already limits its number of workers/children: the max number is actually twice the number of CPUs the system is using. (The limit can also be raised with udev.children-max= kernel command line option BTW). On some servers, this limit can easily exceed the maximum number of tasks that systemd put on all services, which is 512 by default. Since udevd has already its limitation logic, simply disable the static limitation done by TasksMax.
2016-06-23fstab-generator: ignore root=/dev/nfs (#3591)Harald Hoyer
root=/dev/nfs is a legacy option for the kernel to handle root on NFS. Documentation for this kernel command line option can be found in the kernel source tree: Documentation/filesystems/nfs/nfsroot.txt
2016-06-23Merge pull request #3583 from poettering/restrict-realtimeRonny Chevalier
add new RestrictRealtime= option to services (and other fixes)
2016-06-23Merge pull request #3581 from dobyrch/masterRonny Chevalier
systemctl: Add missing "/" to files created by 'edit --runtime'
2016-06-23build-sys: move fdset.[ch] src/basic → src/shared (#3580)Lennart Poettering
It makes use of the sd_listen_fds() call, and as such should live in src/shared, as the distinction between src/basic and src/shared is that the latter may use libsystemd APIs, the former does not. Note that btrfs-util.[ch] and log.[ch] also include header files from libsystemd, but they only need definitions, they do not invoke any function from it. Hence they may stay in src/basic.
2016-06-23execute: add a new easy-to-use RestrictRealtime= option to unitsLennart Poettering
It takes a boolean value. If true, access to SCHED_RR, SCHED_FIFO and SCHED_DEADLINE is blocked, which my be used to lock up the system.
2016-06-23execute: be a little less drastic when MemoryDenyWriteExecute= hitsLennart Poettering
Let's politely refuse with EPERM rather than kill the whole thing right-away.
2016-06-23execute: set PR_SET_NO_NEW_PRIVS also in case the exec memory protection is usedLennart Poettering
This was forgotten when MemoryDenyWriteExecute= was added: we should set NNP in all cases when we set seccomp filters.
2016-06-23execute: use the return value of setrlimit_closest() properlyLennart Poettering
It's a function defined by us, hence we should look for the error in its return value, not in "errno".
2016-06-23core: when writing transient unit files, make sure all lines end with a newlineLennart Poettering
This is a fix-up for 2a9a6f8ac04a69ca36d645f9305a33645f22a22b which covered non-transient units, but missed the case for transient units.
2016-06-22nspawn: improve man page (#3577)Lennart Poettering
This change documents the existance of the systemd-nspawn@.service template unit file, which was previously not mentioned at all. Since the unit file uses slightly different default than nspawn invoked from the command line, these defaults are now explicitly documented too. A couple of further additions and changes are made, too. Replaces: #3497
2016-06-22man: document that %f in units always unescapes (#3578)Lennart Poettering
2016-06-22systemctl: Add missing "/" to files created by 'edit --runtime'Douglas Christman
2016-06-22machinectl: do not escape the unit name (#3554)Elias Probst
Otherwise starting a machine named `foo-bar-baz` will end up in machinectl attempting to start the service unit `systemd-nspawn@foo\x2dbar\x2dbaz` instead of `systemd-nspawn@foo-bar-baz`.
2016-06-22watchdog: Support changing watchdog_usec during runtime (#3492)Minkyung
Add sd_notify() parameter to change watchdog_usec during runtime. Application can change watchdog_usec value by sd_notify like this. Example. sd_notify(0, "WATCHDOG_USEC=20000000"). To reset watchdog_usec as configured value in service file, restart service. Notice. sd_event is not currently supported. If application uses sd_event_set_watchdog, or sd_watchdog_enabled, do not use "WATCHDOG_USEC" option through sd_notify.
2016-06-22NEWS: start section for 231, with tmpfs.mount option changes (#3576)Martin Pitt
This documents the "add nosuid and nodev options to tmp.mount" change from commit 2f9df7c96a2.
2016-06-22Merge pull request #3526 from fbuihuu/fix-console-log-colorLennart Poettering
Fix console log color
2016-06-22units: add nosuid and nodev options to tmp.mount (#3575)Martin Pitt
This makes privilege escalation attacks harder by putting traps and exploits into /tmp. https://bugs.debian.org/826377
2016-06-22pid1: initialize status color mode after setting up TERMFranck Bui
Also we had to connect PID's stdio to null later since colors_enabled() assume that stdout is connected to the console.
2016-06-22pid1: initialize TERM environment variable correctlyFranck Bui
When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-21man: document some sd-bus functions (#3567)mahkoh
* sd_bus_add_match * sd_bus_get_fd * sd_bus_message_read_basic * sd_bus_process
2016-06-21Do not ellipsize cgroups when showing slices in --full mode (#3560)Ian Lee
Do not ellipsize cgroups when showing slices in --full mode
2016-06-21emergency.service: Don't say "Welcome" when it's an emergency (#3569)Lennart Poettering
Quoting @cgwalters: Just uploading this as an RFC. Now I know reading the code that systemd says `Welcome to $OS` as a generic thing, but my initial impression on seeing this was that it was almost sarcastic =) Let's say "You are in emergency mode" as a more neutral/less excited phrase. This patch is based on #3556, but makes the same change for rescue mode.
2016-06-20core: log the right set of the supported controllers (#3558)Evgeny Vereshchagin
Jun 16 05:12:08 systemd[1]: Controller 'io' supported: yes Jun 16 05:12:08 systemd[1]: Controller 'memory' supported: yes Jun 16 05:12:08 systemd[1]: Controller 'pids' supported: yes instead of Jun 16 04:06:50 systemd[1]: Controller 'memory' supported: yes Jun 16 04:06:50 systemd[1]: Controller 'devices' supported: yes Jun 16 04:06:50 systemd[1]: Controller 'pids' supported: yes
2016-06-20Revert "do not pass-along the environment from the kernel or initrd"Franck Bui
This reverts commit ce8aba568156f2b9d0d3b023e960cda3d9d7db81. We should pass an environment as close as possible to what we originally got.
2016-06-20pid1: reconnect to the console before being re-executedFranck Bui
When re-executed, reconnect the console to PID1's stdios as it was the case when PID1 was initially started by the kernel.
2016-06-20Merge pull request #3564 from evverx/valgrind-tests-fixesRonny Chevalier
tests: fix memory leak, don't run test_get_process_cmdline_harder under valgrind
2016-06-19tests: don't run test_get_process_cmdline_harder under valgrindEvgeny Vereshchagin
See https://github.com/systemd/systemd/pull/3555#issuecomment-226564908
2016-06-19man: match runlevel symlinks recommendation with our makefile (#3563)Lukáš Nykrýn
In makefile we create symlinks runlevel5.target to graphical.target and runlevel2-4.target to multi-user.target. Let's say the same thing in systemd.special manpage.
2016-06-19tests: fix memory leak in test-keymap-utilEvgeny Vereshchagin
Fixes: ==27917== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==27917== at 0x4C28BF6: malloc (vg_replace_malloc.c:299) ==27917== by 0x55083D9: strdup (in /usr/lib64/libc-2.22.so) ==27917== by 0x1140DA: find_converted_keymap (keymap-util.c:524) ==27917== by 0x110844: test_find_converted_keymap (test-keymap-util.c:52) ==27917== by 0x1124FE: main (test-keymap-util.c:213) ==27917==
2016-06-18Ensure kdbus isn't used (#3501)Dave Reisner
Delete the dbus1 generator and some critical wiring. This prevents kdbus from being loaded or detected. As such, it will never be used, even if the user still has a useful kdbus module loaded on their system. Sort of fixes #3480. Not really, but it's better than the current state.
2016-06-17Merge pull request #3557 from whot/hwdb-updatesLennart Poettering
Hwdb updates
2016-06-17Revert "hwdb: change the Logitech MX500 to 1100 dpi (#3517)"Peter Hutterer
Likely bad measurement and all other websites refer to it being 1000dpi. See https://bugs.freedesktop.org/show_bug.cgi?id=96225#c13 This reverts commit e7b90ddc345d1817ca48bfcc4e3e73836c8051af.
2016-06-17hwdb: touchpad ranges for Dell Precision M4700Peter Hutterer
From https://bugs.freedesktop.org/show_bug.cgi?id=95417
2016-06-16process-util: fix two bugs in get_process_cmdline() (#3555)Lennart Poettering
See: https://github.com/systemd/systemd/pull/3529#issuecomment-226421007
2016-06-16Merge pull request #3546 from keszybz/systemctl-fixesLennart Poettering
Systemctl fixes
2016-06-16resolved: when restarting a transaction make sure to not touch it anymore ↵Lennart Poettering
(#3553) dns_transaction_maybe_restart() is supposed to return 1 if the the transaction has been restarted and 0 otherwise. dns_transaction_process_dnssec() relies on this behaviour. Before this change in case of restart we'd call dns_transaction_go() when restarting the lookup, returning its return value unmodified. This is wrong however, as that function returns 1 if the transaction is pending, and 0 if it completed immediately, which is a very different set of return values. Fix this, by always returning 1 on redirection. The wrong return value resulted in all kinds of bad memory accesses as we might continue processing a transaction that was redirected and completed immediately (and thus freed). This patch also adds comments to the two functions to clarify the return values for the future. Most likely fixes: #2942 #3475 #3484
2016-06-16update TODOLennart Poettering
2016-06-16systemctl: delay pager/polkit agent opening as much as possibleZbigniew Jędrzejewski-Szmek
In https://github.com/systemd/systemd/issues/3543, we would open the pager before starting ssh, and the pipe fd was "leaked" into the ssh child as the stderr fd. Previous commit fixes bus-socket to nullify stderr before launching the child, but it seems reasonable to also delay starting the pager. If we are going to croak when trying to open the transport, it seems better to do this before starting the pager. This commit would also fix #3543 on its own.
2016-06-16systemctl: make sure we terminate the bus connection first, and then close ↵Lennart Poettering
the pager (#3550) If "systemctl -H" is used, let's make sure we first terminate the bus connection, and only then close the pager. If done in this order ssh will get an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then terminate. This makes sure the standard error we were invoked on is released by ssh, and only that makes sure we don't deadlock on the pager which waits for all clients closing its input pipe. (Similar fixes for the various other xyzctl tools that support both pagers and -H) Fixes: #3543
2016-06-16Merge pull request #3511 from andir/networkd-vrfZbigniew Jędrzejewski-Szmek
networkd: add support for vrf interfaces (#3316)
2016-06-16Merge pull request #3481 from poettering/relative-memcgLennart Poettering
various changes, most importantly regarding memory metrics
2016-06-15Merge pull request #3537 from poettering/journal-stream-envZbigniew Jędrzejewski-Szmek
Permit services to detect whether their stdout/stderr is connected to the journal.
2016-06-16networkd: vrf: add support for enslaving devices to VRFsAndreas Rammhold
2016-06-16networkd: added support for vrf interfaces (#3316)Andreas Rammhold
2016-06-15load-fragment: ignore ENOTDIR/EACCES errors (#3510)Zbigniew Jędrzejewski-Szmek
If for whatever reason the file system is "corrupted", we want to be resilient and ignore the error, as long as we can load the units from a different place. Arch bug https://bugs.archlinux.org/task/49547. A user had an ntfs symlink (essentially a file) instead of a directory after restoring from backup. We should just ignore that like we would treat a missing directory, for general resiliency. We should treat permission errors similarly. For example an unreadable /usr/local/lib directory would prevent (user) instances of systemd from loading any units. It seems better to continue.
2016-06-15core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of ↵Lennart Poettering
executed services This permits services to detect whether their stdout/stderr is connected to the journal, and if so talk to the journal directly, thus permitting carrying of metadata. As requested by the gtk folks: #2473