summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-10networkd: support setting dhcp client listen port (#4631)Susant Sahani
Allow setting custom port for the DHCP client to listen on in networkd. [DHCP] ListenPort=6677
2016-11-10Merge pull request #4635 from eworm-de/resolvedZbigniew Jędrzejewski-Szmek
resolved: unlink /run/systemd/resolve/resolv.conf upon exit
2016-11-10man: mention start rate limiting in Restart= doc (#4637)Lucas Werkmeister
2016-11-10Merge pull request #4104 from ssahani/ethtool_xlink_settingsZbigniew Jędrzejewski-Szmek
Link: port to new ethtool ETHTOOL_xLINKSETTINGS
2016-11-10Merge pull request #4618 from grawity/signal-directionZbigniew Jędrzejewski-Szmek
busctl introspect: accept direction="out" for signals.
2016-11-10core:namespace: count and free failed paths inside chase_all_symlinks() (#4619)Djalal Harouni
This certainly fixes a bug that was introduced by PR https://github.com/systemd/systemd/pull/4594 that intended to fix https://github.com/systemd/systemd/issues/4567. The fix was not complete. This patch makes sure that we count and free all paths that fail inside chase_all_symlinks(). Fixes https://github.com/systemd/systemd/issues/4567
2016-11-10resolved: unlink private resolv.conf on exitChristian Hesse
This fixes the logic with systemd-nspawn which checks for private resov.conf to decide whether or not to mount it into the container.
2016-11-10resolved: use macro for private resolve.confChristian Hesse
Use the macro from header file to have a single definition of the path.
2016-11-10Link: port to new ethtool ETHTOOL_xLINKSETTINGSSusant Sahani
Link: port to new ethtool ETHTOOL_xLINKSETTINGS This patch defines a new ETHTOOL_GLINKSETTINGS/SLINKSETTINGS API, handled by the new get_link_ksettings/set_link_ksettings . This is a WIP version based on this [kernel patch](https://patchwork.kernel.org/patch/8411401/). commit 0527f1c http://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cfommit 35afb33
2016-11-09core: don't use the unified hierarchy for the systemd cgroup yet (#4628)Martin Pitt
Too many things don't get along with the unified hierarchy yet: * https://github.com/opencontainers/runc/issues/1175 * https://github.com/docker/docker/issues/28109 * https://github.com/lxc/lxc/issues/1280 So revert the default to the legacy hierarchy for now. Developers of the above software can opt into the unified hierarchy with "systemd.legacy_systemd_cgroup_controller=0".
2016-11-09man/sd_watchdog_enabled: correct minor typos (#4632)Jonathan Boulle
2016-11-09busctl introspect: use free_and_replace()Mantas Mikulėnas
2016-11-09busctl introspect: accept direction="out" for signalsMantas Mikulėnas
According to the D-Bus spec (v0.29), | The direction element on <arg> may be omitted, in which case it | defaults to "in" for method calls and "out" for signals. Signals only | allow "out" so while direction may be specified, it's pointless. Therefore we still should accept a 'direction' attribute, even if it's useless in reality. Closes: #4616
2016-11-08nspawn: fix condition for mounting resolv.conf (#4622)Christian Hesse
The file /usr/lib/systemd/resolv.conf can be stale, it does not tell us whether or not systemd-resolved is running or not. So check for /run/systemd/resolve/resolv.conf as well, which is created at runtime and hence is a better indication.
2016-11-08core: on DynamicUser= make sure that protecting sensitive paths is enforced ↵Djalal Harouni
(#4596) This adds a variable that is always set to false to make sure that protect paths inside sandbox are always enforced and not ignored. The only case when it is set to true is on DynamicUser=no and RootDirectory=/chroot is set. This allows users to use more our sandbox features inside RootDirectory= The only exception is ProtectSystem=full|strict and when DynamicUser=yes is implied. Currently RootDirectory= is not fully compatible with these due to two reasons: * /chroot/usr|etc has to be present on ProtectSystem=full * /chroot// has to be a mount point on ProtectSystem=strict.
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
core: add new RestrictNamespaces= unit file setting Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08Merge pull request #4612 from keszybz/format-stringsZbigniew Jędrzejewski-Szmek
Format string tweaks (and a small fix on 32bit)
2016-11-08man: fix typo (#4615)Yu Watanabe
2016-11-08Merge pull request #4509 from keszybz/foreach-word-quotedMartin Pitt
Remove FOREACH_WORD_QUOTED
2016-11-08man: add an example how to unconditionally empty a directory (#4570)Zbigniew Jędrzejewski-Szmek
It was logical, but not entirely obvious, that 'e' with no arguments does nothing. Expand the explanation a bit and add an example. Fixes #4564.
2016-11-08Adjust pkgconfig files to point at rootlibdir (#4584)Mike Gilbert
The .so symlinks got moved to rootlibdir in 082210c7.
2016-11-08build-sys: remove leftover setcap configure check (#4597)Michael Biebl
The check for the setcap binary was added in commit dd5ae4c36c89da5dbe8d1628939b26c00db98753 to set the CAP_MAC_ADMIN capability for systemd-bus-proxyd. Later on, bus-proxyd was removed in commit 798c486fbcdce3346cd862c52e1a200bb8a2cb23. So remove the leftover setcap configure check as well.
2016-11-08coredump: bump type of arg_journal_size_max to uint64 tooZbigniew Jędrzejewski-Szmek
For normal arches this doesn't matter, but on arm32 arg_journal_size_max was smaller than the other *SizeMax variables. This doesn't seem useful. This is anothet part of the fix in 5206a724a0.
2016-11-07build-sys: fix appending of CFLAGS and define __SANE_USERSPACE_TYPES__Zbigniew Jędrzejewski-Szmek
It's pointless to call AC_SUBST more than once on the same variable. Because of all the copypasta, we were mixing CLFAGS and LDFLAGS. … and the assertion in previous commit was wrong. PPC64 is a special snowflake. __SANE_USERSPACE_TYPES__ is needed on PPC64 to make __u64 be llu, instead of lu. Considering that both lu and llu are 64 bits, there's nothing sane about this, maybe the flag should be called __INSANE_USERSPACE_TYPES__ instead. Sane or not, this makes ppc64 kernel headers behave consistent with other architectures. With this flag, no warnings are emitted at -O0 level.
2016-11-07nspawn: fix exit code for --help and --version (#4609)Martin Pitt
Commit b006762 inverted the initial exit code which is relevant for --help and --version without a particular reason. For these special options, parse_argv() returns 0 so that our main() immediately skips to the end without adjusting "ret". Otherwise, if an actual container is being started, ret is set on error in run(), which still provides the "non-zero exit on error" behaviour. Fixes #4605.
2016-11-07tree-wide: drop (llu) casts for kernel's __u64Zbigniew Jędrzejewski-Szmek
According to comments in <asm/types.h>, __u64 is always defined as unsigned long long. Those casts should be superfluous.
2016-11-07tree-wide: add PRI_[NU]SEC, and use time format strings moreZbigniew Jędrzejewski-Szmek
2016-11-08Merge pull request #4594 from endocode/djalal/fix-rootdir-apply-mntnsEvgeny Vereshchagin
core: make RootDirectory= and ProtectKernelModules= work
2016-11-07tests: use less aggressive systemctl --wait timeout in TEST-03-JOBS (#4606)Martin Pitt
If the "systemctl start" happens at an "unlucky" time such as 1000.9 seconds and then e. g. runs for 2.6 s (sleep 2 plus the overhead of starting the unit and waiting for it) the END_SEC would be 1003.5s which would round to 1004, making the difference 4. On busier testbeds the overhead apparently can take a bit more than 0.5s. The main point is really that it doesn't wait that much longer, so "-le 4" seems perfectly fine. We allow up to 1.5s in the subsequent "wait5fail" test below too. Fixes #4582
2016-11-07coredump: fix format string on 32 bitsZbigniew Jędrzejewski-Szmek
In file included from ./src/basic/macro.h:415:0, from ./src/shared/acl-util.h:28, from src/coredump/coredump.c:36: src/coredump/coredump.c: In function ‘submit_coredump’: src/coredump/coredump.c:711:26: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:183:28: note: in expansion of macro ‘log_full’ #define log_info(...) log_full(LOG_INFO, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:711:17: note: in expansion of macro ‘log_info’ log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^~~~~~~~ src/coredump/coredump.c:711:26: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 8 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:183:28: note: in expansion of macro ‘log_full’ #define log_info(...) log_full(LOG_INFO, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:711:17: note: in expansion of macro ‘log_info’ log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^~~~~~~~ src/coredump/coredump.c:741:27: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:182:28: note: in expansion of macro ‘log_full’ #define log_debug(...) log_full(LOG_DEBUG, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:741:17: note: in expansion of macro ‘log_debug’ log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^~~~~~~~~ src/coredump/coredump.c:741:27: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 8 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:182:28: note: in expansion of macro ‘log_full’ #define log_debug(...) log_full(LOG_DEBUG, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:741:17: note: in expansion of macro ‘log_debug’ log_debug("Not generating stack trace: core size %zu is greater than %zu (the configured maximum)", ^~~~~~~~~ src/coredump/coredump.c:768:34: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘uint64_t {aka long long unsigned int}’ [-Wformat=] log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^ ./src/basic/log.h:175:82: note: in definition of macro ‘log_full_errno’ ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ ^~~~~~~~~~~ ./src/basic/log.h:183:28: note: in expansion of macro ‘log_full’ #define log_info(...) log_full(LOG_INFO, __VA_ARGS__) ^~~~~~~~ src/coredump/coredump.c:768:25: note: in expansion of macro ‘log_info’ log_info("The core will not be stored: size %zu is greater than %zu (the configured maximum)", ^~~~~~~~
2016-11-07Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek
We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-07nspawn: slight simplificationZbigniew Jędrzejewski-Szmek
2016-11-07nspawn: avoid one strdup by using free_and_replaceZbigniew Jędrzejewski-Szmek
2016-11-07systemd-nspawn: decrease non-fatal mount errors to debug level (#4569)tblume
non-fatal mount errors shouldn't be logged as warnings.
2016-11-07core: make RootDirectory= and ProtectKernelModules= workDjalal Harouni
Instead of having two fields inside BindMount struct where one is stack based and the other one is heap, use one field to store the full path and updated it when we chase symlinks. This way we avoid dealing with both at the same time. This makes RootDirectory= work with ProtectHome= and ProtectKernelModules=yes Fixes: https://github.com/systemd/systemd/issues/4567
2016-11-06machinectl: don't output "No machines." with --no-legend option (#4593)Viktar Vaŭčkievič
2016-11-06delta: skip symlink paths when split-usr is enabled (#4591)Felipe Sateler
If systemd is built with --enable-split-usr, but the system is indeed a merged-usr system, then systemd-delta gets all confused and reports that all units and configuration files have been overridden. Skip any prefix paths that are symlinks in this case. Fixes: #4573
2016-11-05Drop FOREACH_WORD_QUOTEDZbigniew Jędrzejewski-Szmek
2016-11-05core/device: port to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-05core/load-fragment: modify existing environment instead of copying strv over ↵Zbigniew Jędrzejewski-Szmek
and over
2016-11-05core/load-fragment: port to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-05tree-wide: drop unneded WHITESPACE param to extract_first_wordZbigniew Jędrzejewski-Szmek
It's the default, and NULL is shorter.
2016-11-05Merge pull request #4578 from evverx/no-hostname-memleakRonny Chevalier
journalctl: fix memleak
2016-11-05Merge pull request #4579 from evverx/acl-memleakRonny Chevalier
acl-util: fix memleak
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-04kernel-install: use exit instead of return (#4565)Yu Watanabe
/bin/kernel-install: line 143: return: can only `return' from a function or sourced script https://bugzilla.redhat.com/show_bug.cgi?id=1391829
2016-11-04man: update kernel-install(8) to match reality (#4563)Zbigniew Jędrzejewski-Szmek
2016-11-03Merge pull request #4548 from keszybz/seccomp-helpZbigniew Jędrzejewski-Szmek
systemd-analyze syscall-filter
2016-11-03doc: clarify NoNewPrivileges (#4562)Kees Cook
Setting no_new_privs does not stop UID changes, but rather blocks gaining privileges through execve(). Also fixes a small typo.
2016-11-03acl-util: fix memleakEvgeny Vereshchagin
Fixes: $ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null ==22309== Memcheck, a memory error detector ==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==22309== Command: /home/vagrant/systemd/.libs/lt-journalctl ==22309== Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. ==22309== ==22309== HEAP SUMMARY: ==22309== in use at exit: 8,680 bytes in 4 blocks ==22309== total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated ==22309== ==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4 ==22309== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==22309== by 0x6F37A0A: __new_var_obj_p (__libobj.c:36) ==22309== by 0x6F362F7: __acl_init_obj (acl_init.c:28) ==22309== by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54) ==22309== by 0x6F36087: acl_get_file (acl_get_file.c:69) ==22309== by 0x4F15752: acl_search_groups (acl-util.c:172) ==22309== by 0x113A1E: access_check_var_log_journal (journalctl.c:1836) ==22309== by 0x113D8D: access_check (journalctl.c:1889) ==22309== by 0x115681: main (journalctl.c:2236) ==22309== ==22309== LEAK SUMMARY: ==22309== definitely lost: 56 bytes in 1 blocks ==22309== indirectly lost: 432 bytes in 1 blocks ==22309== possibly lost: 0 bytes in 0 blocks ==22309== still reachable: 8,192 bytes in 2 blocks ==22309== suppressed: 0 bytes in 0 blocks