summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-17pid1: do not use mtime==0 as sign of masking (#4388)Zbigniew Jędrzejewski-Szmek
It is allowed for unit files to have an mtime==0, so instead of assuming that any file that had mtime==0 was masked, use the load_state to filter masked units. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1384150.
2016-10-17Merge pull request #4391 from keszybz/treewide-macrosMartin Pitt
Use mfree more and add another function to simplify a common set&free pattern
2016-10-17Merge pull request #4381 from keszybz/man-pagesMartin Pitt
2016-10-16tree-wide: introduce free_and_replace helperZbigniew Jędrzejewski-Szmek
It's a common pattern, so add a helper for it. A macro is necessary because a function that takes a pointer to a pointer would be type specific, similarly to cleanup functions. Seems better to use a macro.
2016-10-16tree-wide: use mfree moreZbigniew Jędrzejewski-Szmek
2016-10-16shared/install: use _cleanup_free_Zbigniew Jędrzejewski-Szmek
Also rewrap some comments so that they don't have a very long line and a very short line.
2016-10-17Merge pull request #4380 from bgamari/masterPeter Hutterer
hwdb: Add sensitivity for Dell Latitude E7470 pointing stick
2016-10-16man: document sd_event_get_tid() return value (#4385)Martin Ejdestig
2016-10-15man: drop discouragment of runtime and vendor drop-insZbigniew Jędrzejewski-Szmek
In certain situations drop-ins in /usr/lib/ are useful, for example when one package wants to modify the behaviour of another package, or the vendor wants to tweak some upstream unit without patching. Drop-ins in /run are useful for testing, and may also be created by systemd itself. Follow-up for the discussion in #2103.
2016-10-15man: add journal-upload.conf(5)Zbigniew Jędrzejewski-Szmek
Fixes #3370.
2016-10-15man: add notes about thread safety of sd_journal_* functionsZbigniew Jędrzejewski-Szmek
Fixes #4056.
2016-10-15man: add crosslink between systemd.resource-control(5) and systemd.exec(5)Zbigniew Jędrzejewski-Szmek
Fixes #4379.
2016-10-15virt: add possibility to skip the check for chroot (#4374)Lukáš Nykrýn
https://bugzilla.redhat.com/show_bug.cgi?id=1379852
2016-10-15hwdb: Add sensitivity for Dell Latitude E7470 pointingstickBen Gamari
2016-10-14core: make settings for unified cgroup hierarchy supersede the ones for ↵Tejun Heo
legacy hierarchy (#4269) There are overlapping control group resource settings for the unified and legacy hierarchies. To help transition, the settings are translated back and forth. When both versions of a given setting are present, the one matching the cgroup hierarchy type in use is used. Unfortunately, this is more confusing to use and document than necessary because there is no clear static precedence. Update the translation logic so that the settings for the unified hierarchy are always preferred. systemd.resource-control man page is updated to reflect the change and reorganized so that the deprecated settings are at the end in its own section.
2016-10-14nspawn: remove unused variable (#4369)Thomas H. P. Andersen
2016-10-13Merge pull request #4243 from ↵Lennart Poettering
endocode/djalal/sandbox-first-protection-kernelmodules-v1 core:sandbox: Add ProtectKernelModules= and some fixes
2016-10-13Merge pull request #653 from dvdhrm/bus-goldZbigniew Jędrzejewski-Szmek
2016-10-13Merge pull request #4363 from stefan-it/replace-while-loopsDaniel Mack
basic,coredump: use for loop instead of while
2016-10-13Merge pull request #4364 from phomes/man-fixesDaniel Mack
man: typo fixes
2016-10-13nspawn: cleanup and chown the synced cgroup hierarchy (#4223)Evgeny Vereshchagin
Fixes: #4181
2016-10-13Merge pull request #4362 from poettering/journalbootlistfixZbigniew Jędrzejewski-Szmek
2016-10-12man: typo fixesThomas Hindoe Paaboel Andersen
A mix of fixes for typos and UK english
2016-10-12coredump: use for() loop instead of while()Stefan Schweter
2016-10-12basic: use for() loop instead of while()Stefan Schweter
2016-10-12Merge pull request #4358 from fsateler/pam-configLennart Poettering
Pam config fixes
2016-10-12update TODOLennart Poettering
2016-10-12journalctl: say in which directory we vacuum stuffLennart Poettering
Fixes: #4060
2016-10-12journalctl: don't claim the journal was stored on diskLennart Poettering
Let's just say that the journal takes up space in the file system, not on disk, as tmpfs is definitely a file system, but not a disk. Fixes: #4059
2016-10-12journal: refuse opening journal files from the future for writingLennart Poettering
Never permit that we write to journal files that have newer timestamps than our local wallclock has. If we'd accept that, then the entries in the file might end up not being ordered strictly. Let's refuse this with ETXTBSY, and then immediately rotate to use a new file, so that each file remains strictly ordered also be wallclock internally.
2016-10-12journald: automatically rotate journal files when the clock jumps backwardsLennart Poettering
As soon as we notice that the clock jumps backwards, rotate journal files. This is beneficial, as this makes sure that the entries in journal files remain strictly ordered internally, and thus the bisection algorithm applied on it is not confused. This should help avoiding borked wallclock-based bisection on journal files as witnessed in #4278.
2016-10-12journald: use the event loop dispatch timestamp for journal entriesLennart Poettering
Let's use the earliest linearized event timestamp for journal entries we have: the event dispatch timestamp from the event loop, instead of requerying the timestamp at the time of writing. This makes the time a bit more accurate, allows us to query the kernel time one time less per event loop, and also makes sure we always use the same timestamp for both attempts to write an entry to a journal file.
2016-10-12journal: when iterating through entry arrays and we hit an invalid one keep ↵Lennart Poettering
going When iterating through partially synced journal files we need to be prepared for hitting with invalid entries (specifically: non-initialized). Instead of generated an error and giving up, let's simply try to preceed with the next one that is valid (and debug log about this). This reworks the logic introduced with caeab8f626e709569cc492b75eb7e119076059e7 to iteration in both directions, and tries to look for valid entries located after the invalid one. It also extends the behaviour to both iterating through the global entry array and per-data object entry arrays. Fixes: #4088
2016-10-12journal: add an explicit check for uninitialized objectsLennart Poettering
Let's make dissecting of borked journal files more expressive: if we encounter an object whose first 8 bytes are all zeroes, then let's assume the object was simply never initialized, and say so. Previously, this would be detected as "overly short object", which is true too in a away, but it's a lot more helpful printing different debug options for the case where the size is not initialized at all and where the size is initialized to some bogus value. No function behaviour change, only a different log messages for both cases.
2016-10-12journal: also check that our entry arrays are properly orderedLennart Poettering
Let's and extra check, reusing check_properly_ordered() also for journal_file_next_entry_for_data().
2016-10-12journal: split out check for properly ordered arrays into its own functionLennart Poettering
This adds a new call check_properly_ordered(), which we can reuse later, and makes the code a bit more readable.
2016-10-12journal: split out array index inc/dec code into a new call bump_array_index()Lennart Poettering
This allows us to share a bit more code between journal_file_next_entry() and journal_file_next_entry_for_data().
2016-10-12journal: when we encounter a broken journal file, add some debug loggingLennart Poettering
Let's make it easier to figure out when we see an invalid journal file, why we consider it invalid, and add some minimal debug logging for it. This log output is normally not seen (after all, this all is library code), unless debug logging is exlicitly turned on.
2016-10-12build-sys: Allow disabling installation of pam config snippetFelipe Sateler
2016-10-12Avoid forever loop for journalctl --list-boots command (#4278)hese10
When date is changed in system to future and normal user logs to new journal file, and then date is changed back to present time, the "journalctl --list-boot" command goes to forever loop. This commit tries to fix this problem by checking first the boot id list if the found boot id was already in that list. If it is found, then stopping the boot id find loop.
2016-10-12systemd-user: add pam_unix account moduleFelipe Sateler
Otherwise systemd-user@ fails because systemd validates the account Fixes: #4342
2016-10-12hwdb: Treat Latitude 2110 brightness keys like on Inspiron 1520 (#4355)Ben Harris
Like the Inspiron 1520, the Dell Latitude 2110 emits brightness-control key events both through atkbd and acpi-video. This suppresses them on the atkbd side.
2016-10-12test: add test to make sure that ProtectKernelModules=yes disconnect mount ↵Djalal Harouni
propagation
2016-10-12core: make sure to dump ProtectKernelModules= valueDjalal Harouni
2016-10-12core: check protect_kernel_modules and private_devices in order to setup NNPDjalal Harouni
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
Lets go further and make /lib/modules/ inaccessible for services that do not have business with modules, this is a minor improvment but it may help on setups with custom modules and they are limited... in regard of kernel auto-load feature. This change introduce NameSpaceInfo struct which we may embed later inside ExecContext but for now lets just reduce the argument number to setup_namespace() and merge ProtectKernelModules feature.
2016-10-12doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables=Djalal Harouni
2016-10-12test: add test to make sure that CAP_SYS_RAWIO was removed on PrivateDevices=yesDjalal Harouni
2016-10-12core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yesDjalal Harouni
The rawio system calls were filtered, but CAP_SYS_RAWIO allows to access raw data through /proc, ioctl and some other exotic system calls...
2016-10-12test: add capability tests for ProtectKernelModules=Djalal Harouni
This just adds capabilities test.