summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-02-11Merge pull request #2587 from haraldh/tpmv3Lennart Poettering
sd-boot: put hashed kernel command line in a PCR of the TPM
2016-02-11Merge pull request #2588 from phomes/core-enum-fixZbigniew Jędrzejewski-Szmek
core: use correct enum
2016-02-11core: use correct enumThomas Hindoe Paaboel Andersen
from e903182e5b0daa941de47a9c08c824106cec7fe0
2016-02-11sd-boot: put hashed kernel command line in a PCR of the TPMHarald Hoyer
The UEFI BIOS already hashes the contents of the loaded image, so the initrd and the command line of the binary are recorded. Because manually added LoadOptions are not taken into account, these should be recorded also. This patch logs and extends a TPM PCR register with the LoadOptions. This feature can be enabled with configure --enable-tpm The PCR register index can be specified with configure --with-tpm-pcrindex=<NUM>
2016-02-11configure: bump version numbersystemd/v229Lennart Poettering
2016-02-11delta: minor coding style fixesLennart Poettering
no change in behaviour
2016-02-11man: document that resolved cares about /etc/hostsLennart Poettering
2016-02-11Merge pull request #2581 from evverx/dev-mqueue-condLennart Poettering
units: don't try to mount the mqueue fs if we lack the privileges for it
2016-02-11Merge pull request #2576 from poettering/random-fixesMartin Pitt
Random fixes
2016-02-11build-sys: bump so versionLennart Poettering
2016-02-11build-sys: run "make hwdb-update"Lennart Poettering
2016-02-11fill in contributors list in NEWSLennart Poettering
2016-02-11core: don't choke if a unit another unit triggers vanishes during reloadLennart Poettering
Fixes: #1981
2016-02-11Merge pull request #2579 from evverx/TEST-1981Daniel Mack
tests: add test for https://github.com/systemd/systemd/issues/1981
2016-02-11Merge pull request #2578 from keszybz/man-pagesDaniel Mack
man: follow up fixes for #2575
2016-02-11units: don't try to mount the mqueue fs if we lack the privileges for itEvgeny Vereshchagin
See https://github.com/systemd/systemd/pull/2576#discussion-diff-52592680
2016-02-10man: follow up fixes for #2575Zbigniew Jędrzejewski-Szmek
2016-02-10Merge pull request #2575 from poettering/manfixesZbigniew Jędrzejewski-Szmek
A variety of man page fixes
2016-02-10man: correct explanation of "systemctl is-enabled" outputLennart Poettering
The "is-enabled" command doesn't care whether the symlinks are declared in the [Install] section of a unit file or not, when returning "enabled". Any alias, .wants/ or .requires/ symlinks suffice. Fixes: #975
2016-02-10man: document that ExecStartPost= is only run if ExecStart= succeededLennart Poettering
Fixes: #846
2016-02-10man: document that "systemctl enable" supports abbreviated unit file namesLennart Poettering
Fixes: #1502
2016-02-10man: document that nss-myhostname handles *.localhost and *.localdomain tooLennart Poettering
(And similar for resolved) Fixes: #1630
2016-02-10man: document that [Install] has no effect in unit file .d/*.conf drop-insLennart Poettering
Fixes: #1774 Fixes: #1090
2016-02-10man: document distinction between ConditionXYZ= and AssertXYZ=Lennart Poettering
References: #2468
2016-02-10man: document rescue.target and emergency.target in more detailLennart Poettering
Fixes: #2523
2016-02-10units: don't try to mount the FUSE fs if we lack the privileges for itLennart Poettering
See: https://lists.freedesktop.org/archives/systemd-devel/2016-February/035740.html
2016-02-10nss-mymachines: never resolve unmapped UIDs/GIDsLennart Poettering
Don't ever permit successful user or group lookups if no UID/GID mapping is actually applied. THis way, we can be sure that nss-mymachines cannot be used to insert invalid cache entries into nscd's cache. https://bugzilla.redhat.com/show_bug.cgi?id=1285339
2016-02-10update TODOLennart Poettering
2016-02-10build-sys: add TEST-06-SELINUX to distEvgeny Vereshchagin
This is a follow-up to https://github.com/systemd/systemd/pull/2493
2016-02-10tests: add test for https://github.com/systemd/systemd/issues/1981Evgeny Vereshchagin
2016-02-10Merge pull request #2574 from zonque/netclass-removeLennart Poettering
cgroup: remove support for NetClass= directive
2016-02-10Merge pull request #2495 from heftig/masterLennart Poettering
tty-ask-password: Split out password sending
2016-02-10Merge pull request #2555 from poettering/coredump-fixesLennart Poettering
Coredump fixes and more
2016-02-10cgroup: remove support for NetClass= directiveDaniel Mack
Support for net_cls.class_id through the NetClass= configuration directive has been added in v227 in preparation for a per-unit packet filter mechanism. However, it turns out the kernel people have decided to deprecate the net_cls and net_prio controllers in v2. Tejun provides a comprehensive justification for this in his commit, which has landed during the merge window for kernel v4.5: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671 As we're aiming for full support for the v2 cgroup hierarchy, we can no longer support this feature. Userspace tool such as nftables are moving over to setting rules that are specific to the full cgroup path of a task, which obsoletes these controllers anyway. This commit removes support for tweaking details in the net_cls controller, but keeps the NetClass= directive around for legacy compatibility reasons.
2016-02-10update NEWSLennart Poettering
2016-02-10core: treat JobTimeout=0 as equivalent to JobTimeout=infinityLennart Poettering
Corrects an incompatibility introduced with 36c16a7cdd6c33d7980efc2cd6a2211941f302b4. Fixes: #2537
2016-02-10core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec=Lennart Poettering
Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
2016-02-10update TODOLennart Poettering
2016-02-10coredump: dump priviliges when processing system coredumpsLennart Poettering
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-10core: set RLIMIT_CORE to unlimited by defaultLennart Poettering
The kernel sets RLIMIT_CORE to 0 by default. Let's bump this to unlimited by default (for systemd itself and all processes we fork off), so that the coredump hooks have an effect if they honour it. Bumping RLIMIT_CORE of course would have the effect that "core" files will end up on the system at various places, if no coredump hook is used. To avoid this, make sure PID1 sets the core pattern to the empty string by default, so that this logic is disabled. This change in defaults should be useful for all systems where coredump hooks are used, as it allows useful usage of RLIMIT_CORE from these hooks again. OTOH systems that expect that coredumps are placed under the name "core" in the current directory will break with this change. Given how questionnable this behaviour is, and given that no common distro makes use of this by default it shouldn't be too much of a loss. Also, the old behaviour may be restored by explicitly configuring a "core_pattern" of "core", and setting the default system RLIMIT_CORE to 0 again via system.conf.
2016-02-10coredump: honour RLIMIT_CORE when saving/processing coredumpsLennart Poettering
With this change processing/saving of coredumps takes the RLIMIT_CORE resource limit of the crashing process into account, given the user control whether specific processes shall core dump or not, and how large to make the core dump. Note that this effectively disables core-dumping for now, as RLIMIT_CORE defaults to 0 (i.e. is disabled) for all system processes.
2016-02-10coredump: rework coredumping logicLennart Poettering
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a stacktrace and writes the coredump to disk. This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust= and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally priorized processes. This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until /var/systemd/coredump is mounted and writable. Fixes: #2286
2016-02-10activate: add a new switch --inetd to enable inetd-style socket activationLennart Poettering
Previously, using --accept would enable inetd-style socket activation in addition to per-connection operation. This is now split into two switches: --accept only switches between per-connection or single-instance operation. --inetd switches between inetd-style or new-style fd passing. This breaks the interface of the tool, but given that it is a debugging tool shipped in /usr/lib/systemd/ it's not really a public interface. This change allows testing new-style per-connection daemons.
2016-02-10activate: minor fixesLennart Poettering
2016-02-10activate: add new --seqpacket switch for testing SOCK_SEQPACKET socketsLennart Poettering
2016-02-10resolved: include inttypes.h in resolved-def.h given that we use UINT64_CLennart Poettering
2016-02-10build-sys: move coredump logic into subdir of its ownLennart Poettering
2016-02-10Merge pull request #2569 from zonque/removalsMartin Pitt
Remove some old cruft
2016-02-10Merge pull request #2571 from martinpitt/masterDaniel Mack
NEWS: Various clarification and grammar fixes
2016-02-10Merge pull request #2570 from zonque/buildMartin Pitt
configure.ac: Fix help text of --enable-* options