summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-10login: drop fedora-specific PAM config, add note to DISTRO_PORTING (#4314)Felipe Sateler
It is impossible to ship a fully generic PAM configuration upstream. Therefore, ship a minimal configuration with the systemd --user requirements, and add a note to DISTRO_PORTING documenting this. Fixes #4284
2016-10-10unit: drop console-shell.service (#4298) (#4325)Franck Bui
console-shell.service was supposed to be useful for normal clean boots (i.e. multi-user.target or so), as a replacement for logind/getty@.service for simpler use cases. But due to the lack of documentation and sanity check one can easily be confused and enable this service in // with getty@.service. In this case we end up with both services sharing the same tty which ends up in strange results. Even worse, console-shell.service might be failing while getty@.service tries to acquire the terminal which ends up in the system to poweroff since console-shell.service uses: "ExecStopPost=-/usr/bin/systemctl poweroff". Another issue: this service doesn't work well if plymouth is also used since it lets the splash screen program run and mess the tty (at least a "plymouth quit" is missing). So let's kill it for now.
2016-10-10Merge pull request #4323 from keszybz/resolved-in-usernsLennart Poettering
A fix to get resolved to start in userns
2016-10-09main: initialize default unit little later (#4321)0xAX
systemd fills arg_default_unit during startup with default.target value. But arg_default_unit may be overwritten in parse_argv() or parse_proc_cmdline_item(). Let's check value of arg_default_unit after calls of parse_argv() and parse_proc_cmdline_item() and fill it with default.target if it wasn't filled before. In this way we will not spend unnecessary time to for filling arg_default_unit with default.target.
2016-10-09tree-wide: print warning in a failure case of make_null_stdio() (#4320)0xAX
The make_null_stdio() may fail. Let's check its result and print warning message instead of keeping silence.
2016-10-09resolved: also disable stub listener on EPERMZbigniew Jędrzejewski-Szmek
When running in a user namespace without private networking, resolved would fail to start. There isn't much difference between EADDRINUSE and EPERM, so treat them the same, except for the warning message text.
2016-10-09resolved: simplify error handling in manager_dns_stub_{udp,tcp}_fd()Zbigniew Jędrzejewski-Szmek
Make sure an error is always printed… When systemd-resolved is started in a user namespace without private network, it would fail on setsockopt, but the error wouldn't be particularly informative: "Failed to start manager: permission denied."
2016-10-10Merge pull request #4319 from keszybz/nspawn-argumentsEvgeny Vereshchagin
Nspawn arguments parsing and man page update
2016-10-09sd-boot: trigger to record further logs to tcg 2.0 final event log area (#4302)Lans Zhang
According to TCG EFI Protocol Specification for TPM 2.0 family, all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka EFI TCG 2.0 final events table. Hence, it is necessary to trigger the internal switch through calling get_event_log() in order to allow to retrieve the logs from OS runtime. msekletar: > I've looked at EDK2 and indeed log entry is added to FinalEventsTable only after > EFI_TCG2_PROTOCOL.GetEventLog was called[1][2]. Also, same patch was currently > merged to shim by Peter Jones [3]. [1] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L698 [2] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L824 [3] rhinstaller/shim#64
2016-10-09man: describe how to reverse systemd-nspawn -UZbigniew Jędrzejewski-Szmek
Now that systemd-nspawn@.service includes -U, more users might be interested in this tidbit ;)
2016-10-09nspawn: fix parsing of numeric arguments for --private-usersZbigniew Jędrzejewski-Szmek
The documentation says lists "yes", "no", "pick", and numeric arguments. But parse_boolean was attempted first, so various numeric arguments were misinterpreted. In particular, this fixes --private-users=0 to mean the same thing as --private-users=0:65536. While at it, use strndupa to avoid some error handling. Also give a better error for an empty UID range. I think it's likely that people will use --private-users=0:0 thinking that the argument means UID:GID.
2016-10-09nspawn: reindent tableZbigniew Jędrzejewski-Szmek
2016-10-08machinectl: enable pager on help (#4313)0xAX
as its output is fairly long.
2016-10-08systemd-resolve: use sha256 for local-part of openpgp key (#4193)Stefan Schweter
2016-10-08networkd: address add support to configure flags (#4201)Susant Sahani
This patch enables to configure IFA_F_HOMEADDRESS IFA_F_NODAD IFA_F_MANAGETEMPADDR IFA_F_NOPREFIXROUTE IFA_F_MCAUTOJOIN
2016-10-07Merge pull request #4061 from dm0-/coreos-1545Lennart Poettering
resolved: add an option to disable the stub resolver
2016-10-07resolved: add an option to control the DNS stub listenerDavid Michael
2016-10-07Merge pull request #4304 from poettering/notify-nul-checkLennart Poettering
3 minor improvements for notification message handling
2016-10-07core: only warn on short reads on signal fdZbigniew Jędrzejewski-Szmek
2016-10-07networkd: remote checksum offload for vxlan (#4110)Susant Sahani
This patch adds support to remote checksum checksum offload to VXLAN. This patch adds RemoteCheckSumTx and RemoteCheckSumRx vxlan configuration to enable remote checksum offload for transmit and receive on the VXLAN tunnel.
2016-10-07architecture: Add support for the RISC-V architecture. (#4305)rwmjones
RISC-V is an open source ISA in development since 2010 at UCB. For more information, see https://riscv.org/ I am adding RISC-V support to Fedora: https://fedoraproject.org/wiki/Architectures/RISC-V There are three major variants of the architecture (32-, 64- and 128-bit). The 128-bit variant is a paper exercise, but the other two really exist in silicon. RISC-V is always little endian. On Linux, the default kernel uname(2) can return "riscv" for all variants. However a patch was added recently which makes the kernel return one of "riscv32" or "riscv64" (or in future "riscv128"). So systemd should be prepared to handle any of "riscv", "riscv32" or "riscv64" (in future, "riscv128" but that is not included in the current patch). If the kernel returns "riscv" then you need to use the pointer size in order to know the real variant. The Fedora/RISC-V kernel only ever returns "riscv64" since we're only doing Fedora for 64 bit at the moment, and we've patched the kernel so it doesn't return "riscv". As well as the major bitsize variants, there are also architecture extensions. However I'm trying to ensure that uname(2) does *not* return any other information about those in utsname.machine, so that we don't end up with "riscv64abcde" nonsense. Instead those extensions will be exposed in /proc/cpuinfo similar to how flags work in x86.
2016-10-07manager: tighten incoming notification message checksLennart Poettering
Let's not accept datagrams with embedded NUL bytes. Previously we'd simply ignore everything after the first NUL byte. But given that sending us that is pretty ugly let's instead complain and refuse. With this change we'll only accept messages that have exactly zero or one NUL bytes at the very end of the datagram.
2016-10-07manager: be stricter with incomining notifications, warn properly about too ↵Lennart Poettering
large ones Let's make the kernel let us know the full, original datagram size of the incoming message. If it's larger than the buffer space provided by us, drop the whole message with a warning. Before this change the kernel would truncate the message for us to the buffer space provided, and we'd not complain about this, and simply process the incomplete message as far as it made sense.
2016-10-07manager: don't ever busy loop when we get a notification message we can't ↵Lennart Poettering
process If the kernel doesn't permit us to dequeue/process an incoming notification datagram message it's still better to stop processing the notification messages altogether than to enter a busy loop where we keep getting notified but can't do a thing about it. With this change, manager_dispatch_notify_fd() behaviour is changed like this: - if an error indicating a spurious wake-up is seen on recvmsg(), ignore it (EAGAIN/EINTR) - if any other error is seen on recvmsg() propagate it, thus disabling processing of further wakeups - if any error is seen on later code in the function, warn about it but do not propagate it, as in this cas we're not going to busy loop as the offending message is already dequeued.
2016-10-07Merge pull request #4300 from keszybz/mkosiLennart Poettering
Various mkosi bits
2016-10-06core: add possibility to set action for ctrl-alt-del burst (#4105)Lukáš Nykrýn
For some certification, it should not be possible to reboot the machine through ctrl-alt-delete. Currently we suggest our customers to mask the ctrl-alt-delete target, but that is obviously not enough. Patching the keymaps to disable that is really not a way to go for them, because the settings need to be easily checked by some SCAP tools.
2016-10-06Merge pull request #4299 from poettering/varietyEvgeny Vereshchagin
ioctl socket fixes, sd-bus error updates, resolved error addition, PAM stub process priv fix
2016-10-06user-util: rework maybe_setgroups() a bitLennart Poettering
Let's drop the caching of the setgroups /proc field for now. While there's a strict regime in place when it changes states, let's better not cache it since we cannot really be sure we follow that regime correctly. More importantly however, this is not in performance sensitive code, and there's no indication the cache is really beneficial, hence let's drop the caching and make things a bit simpler. Also, while we are at it, rework the error handling a bit, and always return negative errno-style error codes, following our usual coding style. This has the benefit that we can sensible hanld read_one_line_file() errors, without having to updat errno explicitly.
2016-10-06tree-wide: drop some misleading compiler warningsLennart Poettering
gcc at some optimization levels thinks thes variables were used without initialization. it's wrong, but let's make the message go anyway.
2016-10-06core: leave PAM stub process around with GIDs updatedLennart Poettering
In the process execution code of PID 1, before 096424d1230e0a0339735c51b43949809e972430 the GID settings where changed before invoking PAM, and the UID settings after. After the change both changes are made after the PAM session hooks are run. When invoking PAM we fork once, and leave a stub process around which will invoke the PAM session end hooks when the session goes away. This code previously was dropping the remaining privs (which were precisely the UID). Fix this code to do this correctly again, by really dropping them else (i.e. the GID as well). While we are at it, also fix error logging of this code. Fixes: #4238
2016-10-06sd-bus: add DNS errors to the errno translation tableLennart Poettering
We generate these, hence we should also add errno translations for them.
2016-10-06resolved: properly handle BADCOOKIE DNS errorLennart Poettering
Add this new error code (documented in RFC7873) to our list of known errors.
2016-10-06sd-bus: add a few missing entries to the error translation tablesLennart Poettering
These were forgotten, let's add some useful mappings for all errors we define.
2016-10-06sd-device/networkd: unify code to get a socket for issuing netdev ioctls onLennart Poettering
As suggested here: https://github.com/systemd/systemd/pull/4296#issuecomment-251911349 Let's try AF_INET first as socket, but let's fall back to AF_NETLINK, so that we can use a protocol-independent socket here if possible. This has the benefit that our code will still work even if AF_INET/AF_INET6 is made unavailable (for exmple via seccomp), at least on current kernels.
2016-10-06mkosi: install Fedora 25Zbigniew Jędrzejewski-Szmek
No need to look back at the past. Fedora 25 is here (almost).
2016-10-06mkosi: drop git cleanZbigniew Jędrzejewski-Szmek
This is required after systemd/mkosi#25.
2016-10-06mkosi: disable our own cacheZbigniew Jędrzejewski-Szmek
No point in spamming the fs.
2016-10-06mkosi: create .mkosi directoryZbigniew Jędrzejewski-Szmek
Since it looks like we'll wind up with a bunch of mkosi files for different distros, it's probably better to keep them in a subdirectory.
2016-10-06update TODOLennart Poettering
2016-10-06Merge pull request #4280 from giuseppe/unprivileged-userLennart Poettering
[RFC] run systemd in an unprivileged container
2016-10-06units: systemd-udevd: add AF_INET and AF_INET6 to RestrictAddressFamilies= ↵Yu Watanabe
(#4296) The udev builtin command `net_setup_link` requires AF_INET and AF_INET6. Fixes #4293.
2016-10-06Merge pull request #4199 from dvdhrm/hwdb-orderLennart Poettering
hwdb: return conflicts in a well-defined order
2016-10-06core: do not fail in a container if we can't use setgroupsGiuseppe Scrivano
It might be blocked through /proc/PID/setgroups
2016-10-06audit: disable if cannot create NETLINK_AUDIT socketGiuseppe Scrivano
2016-10-06networkd: fix coding style (#4294)Susant Sahani
2016-10-06journald, ratelimit: fix inaccurate message suppression in ↵Yuki Inoguchi
journal_rate_limit_test() (#4291) Currently, the ratelimit does not handle the number of suppressed messages accurately. Even though the number of messages reaches the limit, it still allows to add one extra messages to journal. This patch fixes the problem.
2016-10-05catalog,po: update Polish translation (#4290)Piotr Drąg
2016-10-05Fix typoGiuseppe Scrivano
2016-10-05networkd: use BridgeFDB as well on bridge ports (#4253)Tobias Jungel
[BridgeFDB] did not apply to bridge ports so far. This patch adds the proper handling. In case of a bridge interface the correct flag NTF_MASTER is now set in the netlink call. FDB MAC addresses are now applied in link_enter_set_addresses to make sure the link is setup.
2016-10-05Added ArchLinux config for mkosi (#4274)Zeal Jagannatha