summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-02-01Fix dropping of all capabilitiesZbigniew Jędrzejewski-Szmek
From fd.o bug 88898: systemd-resolved fails to start: Failed to drop capabilities: Operation not permitted Broken in f11943c53ec181829a821c6b27acf828bab71caa. Drop all capabilities: 1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all capabilities 2. setresuid() // bye bye capabilities 3. Add CAP_SETPCAP // fails because we have no capabilities 4. Reduce capability bounding set 5. Drop capabilities 6. prctl(PR_SET_KEEPCAPS, 0) Capabilites should always be kept after setresuid() so that the capability bounding set can be reduced. Based-on-a-patch-by: mustrumr97@gmail.com https://bugs.freedesktop.org/show_bug.cgi?id=88898 We must be careful not to leave PR_SET_KEEPCAPS on. We could use the setresuid() call to drop capabilities, but the rules when capabilities are dropped are fairly complex, since a transition to non-zero uid must happen. Let's instead keep the capabilities during setresuid(), and drop them later.
2015-02-01config_parse_set_status: put signals in the correct setMichael Olbrich
This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-02-01Add a snprinf wrapper which checks that the buffer was big enoughZbigniew Jędrzejewski-Szmek
If we scale our buffer to be wide enough for the format string, we should expect that the calculation was correct. char_array_0() invocations are removed, since snprintf nul-terminates the output in any case. A similar wrapper is used for strftime calls, but only in timedatectl.c.
2015-02-01tmpfiles: accurately report creation resultsZbigniew Jędrzejewski-Szmek
2015-02-01tmpfiles: remove dead branchZbigniew Jędrzejewski-Szmek
In the test, p is a path to a directory, always absolute. dent->d_name is a single path component, so they cannot be equal. The comparison was wrong also for other reasons: D type supports globs, so direct comparisons using streq are not enough.
2015-02-01units: set TimeoutSec on some oneshot servicesZbigniew Jędrzejewski-Szmek
Services which are not crucial to system bootup, and have Type=oneshot can effectively "hang" the system if they fail to complete for whatever reason. To allow the boot to continue, kill them after a timeout. In case of systemd-journal-flush the flush will continue in the background, and in the other two cases the job will be aborted, but this should not result in any permanent problem.
2015-01-31core/cgroup: fix embarrassing typoZbigniew Jędrzejewski-Szmek
https://github.com/docker/docker/issues/10280
2015-01-31test-dhcp-client: remove linebreakZbigniew Jędrzejewski-Szmek
2015-01-31TODOTom Gundersen
2015-01-31networkd: dhcp-server - start as soon as addresses have been setTom Gundersen
We would otherwise wait for the interface to be completely configured, which could take considerable time with IPv4LL. As a result nspawn was very slow at obtaining IP addresses.
2015-01-31networkd-wait-online: allow specific devices to be ignoredTom Gundersen
In addition to the loopback device, also explicitly configured devices to be ignored. Suggested by Charles Devereaux <systemd@guylhem.net>.
2015-01-31sd-rtnl: don't fail event handler when callback failsTom Gundersen
As in sd-bus, simply log at debug level when a callback fails, but don't fail the event handler. Otherwise any error returned by any callback will disable the rtnl event handler. We should only do that on serious internal errors in sd-rtnl that we know cannot be recovered from.
2015-01-30core: make setting the shutdown watchdog configuration via dbus workMaxim Mikityanskiy
https://bugs.freedesktop.org/show_bug.cgi?id=88284
2015-01-30Revert "sd-bus: change serialization of kdbus messages to qualify in their ↵Kay Sievers
entirety as gvariant objects" This breaks booting with kdbus. This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.
2015-01-30Revert "core: make setting the shutdown watchdog configuration via dbus work"Kay Sievers
This reverts commit df6e44c4affced590b0d19c594d9301ffd436591. systemd --version segfaults. Starting program: /usr/lib/systemd/systemd --version Missing separate debuginfos, use: debuginfo-install systemd-216-16.fc21.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". systemd 218 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN Program received signal SIGSEGV, Segmentation fault. 0x000055555557c9be in main (argc=2, argv=0x7fffffffe4d8) at src/core/main.c:1832 1832 arg_shutdown_watchdog = m->shutdown_watchdog; (gdb) bt (gdb) bt full m = 0x0
2015-01-29Updates in bash autocompletionsCarlos Morata Castillo
Hi, I did ./check-undocumented.sh -b (my script just submitted) and checked the results. Cheers.
2015-01-29hwdb: add a touchpad hwdbPeter Hutterer
Currently used to tag devices in the new Lenovo *50 series and the X1 Carbon 3rd. These laptops re-introduced the physical trackpoint buttons that were missing from the *40 series but those buttons are now wired up to the touchpad. The touchpad now sends BTN_0, BTN_1 and BTN_2 for the trackpoint. The same button codes were used in older touchpads that had dedicated scroll up/down buttons. Input drivers need to work around this and thus know what they're dealing with. For the previous gen we introduced INPUT_PROP_TOPBUTTONPAD in the kernel, but the resulting mess showed that these per-device quirks should really live in userspace. The list currently includes the X1 Carbon 3rd PNPID, others will be added as get to know which PNPID they have.
2015-01-28systemctl: refuse --host with catZbigniew Jędrzejewski-Szmek
This might be fixed one day, but for now it's better to fail. https://bugzilla.redhat.com/show_bug.cgi?id=1186952
2015-01-29update TODOLennart Poettering
2015-01-29Fix ordering of the 70-mouse.rule in the MakefilePeter Hutterer
2015-01-29coredump: drop caps while we are processing the coredumpLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=87354
2015-01-29Revert "journal: do not check for number of files"Lennart Poettering
This reverts commit b914ea8d379b446c4c9fac4ba181771676ef38cd. We really need to put a limit on all our resources, everywhere, and in particular if we operate on external data. Hence, let's reintroduce the limit, but bump it substantially, so that it is guaranteed to be higher than any realistic RLIMIT_NOFILE setting.
2015-01-29man: turn new netdev table into a proper tableLennart Poettering
2015-01-29core: make setting the shutdown watchdog configuration via dbus workMaxim Mikityanskiy
https://bugs.freedesktop.org/show_bug.cgi?id=88284
2015-01-28man: netdev - add some minimal explanation to the different netdev kinds and ↵Tom Gundersen
modes Would be awesome to expand on this a lot, as there is currently no decent documentation for most of these things.
2015-01-28networkd: tunnel - call tunnel modes ipip6, not ip4ipv6 to match ip(8)Tom Gundersen
2015-01-28logind: handle closing sessions over daemon restartsMartin Pitt
It may happen that you have several sessions with the same VT: - Open a session c1 which leaves some processes around, and log out. The session will stay in State=closing and become Active=no. - Log back in on the same VT, get a new session "c2" which is State=active and Active=yes. When restarting logind after that, the first session that matches the current VT becomes Active=yes, which will be c1; c2 thus is Active=no and does not get the usual polkit/device ACL privileges. Restore the "closing" state in session_load(), to avoid treating all restored sessions as State=active. In seat_active_vt_changed(), prefer active sessions over closing ones if more than one session matches the current VT. Finally, fix the confusing comment in session_load() and explain it a bit better. https://launchpad.net/bugs/1415104
2015-01-28util: add comment explaining hostname_is_valid()Lennart Poettering
2015-01-28update TODOLennart Poettering
2015-01-28sd-dhcp: chop of trailing dot of DHCP supplied host and domain namsLennart Poettering
2015-01-28rules: clean up stale CD drive mounts after ejectionMartin Pitt
Ejecting a CD with the hardware drive button only causes a change uevent, but the device node stays around (just without a medium). Pick up these uevents and mark the device as SYSTEMD_READY=0 on ejection, so that systemd stops the device unit and consequently all mount units on it. On media insertion, mark the device as SYSTEMD_READY=1 again. https://bugs.freedesktop.org/show_bug.cgi?id=72206 https://bugzilla.opensuse.org/show_bug.cgi?id=909418 https://bugs.archlinux.org/task/42071 https://bugs.launchpad.net/bugs/1168742
2015-01-28core/mount: add dependencies to dynamically mounted mounts tooMartin Pitt
Add unit dependencies for dynamic (i. e. not from fstab) mounts. With that, mount units properly bind to their underlying device, and thus get automatically stopped/unmounted when the underlying device goes away. This cleans up stale mounts from unplugged devices. Thanks to Lennart Poettering for pointing out the fix!
2015-01-28sysv-generator: no need to check for identical symlinks source and target twiceLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2015-January/027594.html
2015-01-28core: output unit status output strings to console, only if we actually are ↵Lennart Poettering
changing unit state Unit _start() and _stop() implementations can fail with -EAGAIN to delay execution temporarily. Thus, we should not output status messages before invoking these calls, but after, and only when we know that the invocation actually made a change.
2015-01-28test: duplicate LIST_FOREACH_OTHERS test to check for corner cases of end ↵Lennart Poettering
and start of list
2015-01-28list: properly skip over first item in LIST_FOREACH_OTHERSLennart Poettering
2015-01-28manager: fix minor typoLennart Poettering
2015-01-28sysv-generator: Re-fix .sh suffix handlingMartin Pitt
Commit 4e48855534 caused the .sh suffix to be stripped from the original "filename", which caused the generated units to call the wrong init.d script. Only use the .sh stripped file name for comparing with Provides:, not for generating the Exec*= lines. Spotted by sysv-generator-test.
2015-01-27build-sys: add check for --help widthZbigniew Jędrzejewski-Szmek
2015-01-27notify,firstboot,analyze,run: trim --help output to 80 linesZbigniew Jędrzejewski-Szmek
2015-01-27tmpfiles: fix help textZbigniew Jędrzejewski-Szmek
The help text, apart from being too long, did not describe what the options really do.
2015-01-28build-sys: make xz and zlib build-time optional againLennart Poettering
2015-01-28man: document the new Ctrl-Alt-Del magicLennart Poettering
2015-01-28manager: when we immediately reboot due to 7x C-A-D within 2s, mention this ↵Lennart Poettering
on the console too
2015-01-28update TODOLennart Poettering
2015-01-28core: when the user hits Ctrl-Alt-Del more than 7x per 2s, reboot immediatelyLennart Poettering
This should be useful for cases where clean rebooting doesn't work, and the user wants to hurry up the reboot.
2015-01-28sysv-generator: there's really no need to invoke fstatat() multiple times on ↵Lennart Poettering
the same sysv script It's sufficient to check once if something is a regular file, hence, let's do that.
2015-01-28update TODOLennart Poettering
2015-01-28core: if two start jobs for the same swap device node are queued, only ↵Lennart Poettering
dispatch one of them at a time If two start jobs for two seperate .swap device nodes are queued, which then turns out to be referring to the same device node, refuse dispatching more than one of them at the same time. This should solve an issue when the same swap partition is found via GPT auto-discovery and via /etc/fstab, where one uses a symlink path, and the other the raw devce node. So far we might have ended up invoking mkswap on the same node at the very same time with the two device node names. With this change only one mkswap should be executed at a time. THis mkswap should have immediate effect on the other swap unit, due to the state in /proc/swaps changing, and thus suppressing actual invocation of the second mkswap. http://lists.freedesktop.org/archives/systemd-devel/2015-January/027314.html
2015-01-28swap: simplify a few things by making use of new LIST_FOREACH_OTHERS macroLennart Poettering