summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-22machine-id-setup: port machine_id_commit() to new id128-util.c APIsLennart Poettering
2016-07-22nspawn: rework /etc/machine-id handlingLennart Poettering
With this change we'll no longer write to /etc/machine-id from nspawn, as that breaks the --volatile= operation, as it ensures the image is never considered in "first boot", since that's bound to the pre-existance of /etc/machine-id. The new logic works like this: - If /etc/machine-id already exists in the container, it is read by nspawn and exposed in "machinectl status" and friends. - If the file doesn't exist yet, but --uuid= is passed on the nspawn cmdline, this UUID is passed in $container_uuid to PID 1, and PID 1 is then expected to persist this to /etc/machine-id for future boots (which systemd already does). - If the file doesn#t exist yet, and no --uuid= is passed a random UUID is generated and passed via $container_uuid. The result is that /etc/machine-id is never initialized by nspawn itself, thus unbreaking the volatile mode. However still the machine ID configured in the machine always matches nspawn's and thus machined's idea of it. Fixes: #3611
2016-07-22systemctl: fix format string for uint64_t fieldLennart Poettering
2016-07-22systemctl: fix output alignment in "systemctl status"Lennart Poettering
If we show both a control and a main PID for a service fix this line in the output of "systemctl status": Main PID: 19670 (sleep); : 19671 (sleep) to become this: Main PID: 19670 (sleep); Control PID: 19671 (sleep)
2016-07-22nspawn: rework machine/boot ID handling code to use new calls from ↵Lennart Poettering
id128-util.[ch]
2016-07-22sd-id128: split UUID file read/write code into new id128-util.[ch]Lennart Poettering
We currently have code to read and write files containing UUIDs at various places. Unify this in id128-util.[ch], and move some other stuff there too. The new files are located in src/libsystemd/sd-id128/ (instead of src/shared/), because they are actually the backend of sd_id128_get_machine() and sd_id128_get_boot(). In follow-up patches we can use this reduce the code in nspawn and machine-id-setup by adopted the common implementation.
2016-07-22tree-wide: use sd_id128_is_null() instead of sd_id128_equal where appropriateLennart Poettering
It's a bit easier to read because shorter. Also, most likely a tiny bit faster.
2016-07-22Merge pull request #3762 from poettering/sigkill-logMartin Pitt
log about all processes we forcibly kill
2016-07-22Merge pull request #3764 from poettering/assorted-stuff-2Martin Pitt
Assorted fixes
2016-07-21nspawn: enable major=0/minor=0 devices inside the container (#3773)Alessandro Puccetti
https://github.com/systemd/systemd/pull/3685 introduced /run/systemd/inaccessible/{chr,blk} to map inacessible devices, this patch allows systemd running inside a nspawn container to create /run/systemd/inaccessible/{chr,blk}.
2016-07-21missing_syscall: add __NR_copy_file_range for powerpc architecture (#3772)Alessio Igor Bogani
2016-07-21update TODOLennart Poettering
2016-07-21hwdb: axis resolution override for the Lenovo Y700 (#3769)Peter Hutterer
https://bugs.freedesktop.org/show_bug.cgi?id=97011
2016-07-21Merge pull request #3770 from AlexanderKurtz/masterLennart Poettering
bootctl: Always use upper case for "/EFI/BOOT" and "/EFI/BOOT/BOOT*.EFI".
2016-07-21core: remove duplicate includes (#3771)Thomas H. P. Andersen
2016-07-20Merge pull request #3760 from poettering/rfkill-fixZbigniew Jędrzejewski-Szmek
rfkill dead-lock fix
2016-07-20documentation: add a short document describing how to test your systemd ↵Lennart Poettering
build tree (#3763)
2016-07-21bootctl: Always use upper case for "/EFI/BOOT" and "/EFI/BOOT/BOOT*.EFI".Alexander Kurtz
If the ESP is not mounted with "iocharset=ascii", but with "iocharset=utf8" (which is for example the default in Debian), the file system becomes case sensitive. This means that a file created as "FooBarBaz" cannot be accessed as "foobarbaz" since those are then considered different files. Moreover, a file created as "FooBar" can then also not be accessed as "foobar", and it also prevents such a file from being created, as both would use the same 8.3 short name "FOOBAR". Even though the UEFI specification [0] does give the canonical spelling for the files mentioned above, not all implementations completely conform to that, so it's possible that those files would already exist, but with a different spelling, causing subtle bugs when scanning or modifying the ESP. While the proper fix would of course be that everybody conformed to the standard, we can work around this problem by just referencing the files by their 8.3 short names, i.e. using upper case. Fixes: #3740 [0] <http://www.uefi.org/specifications>, version 2.6, section 3.5.1.1
2016-07-21bootctl: Use lower case string constants in case-insensitive comparisons.Alexander Kurtz
2016-07-20namespace: fix wrong return value from mount(2) (#3758)Topi Miettinen
Fix bug introduced by #3263: mount(2) return value is 0 or -1, not errno. Thanks to Evgeny Vereshchagin (@evverx) for reporting.
2016-07-20basic: fix macro definition in nss-util.hLennart Poettering
Fix a copy/paste mistake.
2016-07-20execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processesLennart Poettering
2016-07-20namespace: add a (void) castLennart Poettering
2016-07-20nspawn: when netns is on, mount /proc/sys/net writableLennart Poettering
Normally we make all of /proc/sys read-only in a container, but if we do have netns enabled we can make /proc/sys/net writable, as things are virtualized then.
2016-07-20nspawn: document why the uid shift range is the way it isLennart Poettering
2016-07-20conf-parser: minor coding style improvementsLennart Poettering
2016-07-20units: fix TasksMax=16384 for systemd-nspawn@.serviceLennart Poettering
When a container scope is allocated via machined it gets 16K set already since cf7d1a30e44bf380027a2e73f9bf13f423a33cc1. Make sure when a container is run as system service it gets the same values.
2016-07-20core: normalize header inclusion in execute.h a bitLennart Poettering
We don't actually need any functionality from cgroup.h in execute.h, hence don't include that. However, we do need the Unit structure from unit.h, hence include that, and move it as late as possible, since it needs the definitions from execute.h.
2016-07-20execute: normalize connect_logger_as() parameters slightlyLennart Poettering
All other functions in execute.c that need the unit id take a Unit* parameter as first argument. Let's change connect_logger_as() to follow a similar logic.
2016-07-20logind: always abandon session scopes before killing themLennart Poettering
This way systemd is informed that we consider everything inside the scope as "left-over", and systemd can log about killing it. With this change systemd will log about all processes killed due to the session clean-up on KillUserProcesses=yes.
2016-07-20core: when a scope was abandoned, always log about processes we killLennart Poettering
After all, if a unit is abandoned, all processes inside of it may be considered "left over" and are something we should better log about.
2016-07-20core: make sure RequestStop signal is send directedLennart Poettering
This was accidentally left commented out for debugging purposes, let's fix that and make the signal directed again.
2016-07-20cgroup: suppress sending follow-up SIGCONT after sending SIGCONT/SIGKILL anywayLennart Poettering
2016-07-20core: when forcibly killing/aborting left-over unit processes log about itLennart Poettering
Let's lot at LOG_NOTICE about any processes that we are going to SIGKILL/SIGABRT because clean termination of them didn't work. This turns the various boolean flag parameters to cg_kill(), cg_migrate() and related calls into a single binary flags parameter, simply because the function now gained even more parameters and the parameter listed shouldn't get too long. Logging for killing processes is done either when the kill signal is SIGABRT or SIGKILL, or on explicit request if KILL_TERMINATE_AND_LOG instead of LOG_TERMINATE is passed. This isn't used yet in this patch, but is made use of in a later patch.
2016-07-20PO: italian updates (#3761)Daniele Medri
2016-07-20util: don't send SIGCONT following a SIGCONT or SIGKILL in kill_and_sigcont()Lennart Poettering
2016-07-20logind: minor coding style improvementsLennart Poettering
2016-07-20Merge pull request #3759 from poettering/namespace-fixupLennart Poettering
minor follow-up fixes for #3685
2016-07-20rules: make sure always set at least one property on rfkill devicesLennart Poettering
The rfkill service waits for rfkill device initialization as reported by udev_device_is_initialized(), and if that is never reported it might dead-lock. However, udev never reports completed initialization for devices that have no properties or tags set. For some rfkill devices this might be the case, in particular those which are connected to exotic busses, where path_id returns nothing. This patch simply sets the SYSTEM_RFKILL property on all rfkill devices, to ensure that udev_device_is_initialized() always reports something useful and we don't dead-lock. Fixes: #2745
2016-07-20man: document a tiny bit better what udev_device_get_is_initialized() ↵Lennart Poettering
actually returns
2016-07-20namespace: minor improvementsLennart Poettering
We generally try to avoid strerror(), due to its threads-unsafety, let's do this here, too. Also, let's be tiny bit more explanatory with the log messages, and let's shorten a few things.
2016-07-20core: hide legacy bus propertiesLennart Poettering
We usually hide legacy bus properties from introspection. Let's do that for the InaccessibleDirectories= properties too. The properties stay accessible if requested, but they won't be listed anymore if people introspect the unit.
2016-07-19man: revise entry about specifying a file path (#3739)mulkieran
* Specifying a device node has an effect much larger than a simple shortcut for a field/value match, so the original sentence is no longer a good way to start the paragraph. * Specifying a device node causes matches to be generated for all ancestor devices of the device specified, not just its parents. * Indicates that the path must be absolute, but that it may be a link. * Eliminates a few typos.
2016-07-19man: mention that locale changes might require initramfs to be rebuilt (#3754)Zbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1151651 Also explain what localectl does a bit better: https://bugzilla.redhat.com/show_bug.cgi?id=1357861
2016-07-19Merge pull request #3685 from kinvolk/alessandro/inaccessible-pathsLennart Poettering
namespace: unify limit behavior on non-directory paths
2016-07-19Merge pull request #3636 from poettering/logs-show-utf8Evgeny Vereshchagin
improve handling of trailing newline in journal logging
2016-07-19sd-journal: suppress empty linesLennart Poettering
Let's make sure our logging APIs is in sync with how stdout/stderr logging works.
2016-07-19doc,core: Read{Write,Only}Paths= and InaccessiblePaths=Alessandro Puccetti
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories= to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept as aliases but they are not advertised in the documentation. Renamed variables: `read_write_dirs` --> `read_write_paths` `read_only_dirs` --> `read_only_paths` `inaccessible_dirs` --> `inaccessible_paths`
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
2016-07-19man: document that sd_journal_print() strips trailing whitespaceLennart Poettering