summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-03-19core: when creating an activating busname attach all metadata fields to the ↵Lennart Poettering
messages queued for it This way we can be sure that the service the messages are ultimately intended for finds all fields it might need.
2014-03-19update kdbus.hLennart Poettering
2014-03-19missing: define LO_FLAGS_PARTSCAN if it is missingLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=76335
2014-03-19util: add new FOREACH_STRING() macro as syntactic sugar to iterate through a ↵Lennart Poettering
number of fixed strings
2014-03-18update TODOLennart Poettering
2014-03-18man: dcument sd_bus_negotiate_fds() and friendsLennart Poettering
2014-03-18sd-bus: if we got a message with fds attached even though we didn't ↵Lennart Poettering
negotiate it, refuse to take it This makes sure we don't mishandle if developers specificy a different AcceptFileDescriptors= setting in .busname units then they set for the bus connection in the activated program.
2014-03-18core: add new AcceptFD= setting to .busname unitsLennart Poettering
AcceptFD= defaults to true, thus making sure that by default fd passing is enabled for all activatable names. Since for normal bus connections fd passing is enabled too by default this makes sure fd passing works correctly regardless whether a service is already activated or not. Making this configurable on both busname units and in bus connections is messy, but unavoidable since busnames are established and may queue messages before the connection feature negotiation is done by the service eventually activated. Conversely, feature negotiation on bus connections takes place before the connection acquires its names. Of course, this means developers really should make sure to keep the settings in .busname units in sync with what they later intend to negotiate.
2014-03-18testLennart Poettering
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-18udate TODOLennart Poettering
2014-03-18core: drop CAP_MKNOD when PrivateDevices= is setLennart Poettering
2014-03-18timedated: update test addressKay Sievers
2014-03-18hwdb: updateKay Sievers
2014-03-18sd-dhcp-client: make sure timers fire immediatelyTom Gundersen
The default slack caused there to be a delay before timers fired. Solve it by setting timers that should trigger immediately to trigger far in the past. This brings down the ideal-case dhcp lease acquisition time from about 500ms to about 50ms (over a veth pair, so no network latency involved). All the rest of the time (except for ~0.5ms) is spent in the bind() call in, dhcp_network_bind_raw_socket(). I don't know if there is anything to be done about that though...
2014-03-18microhttpd-util: avoid double free on errorZbigniew Jędrzejewski-Szmek
It seems that resources are properly deallocated by MHD_destroy_response, even if enqueuing the request fails. Also replace a trivial printf with alloca and fixup log message (it'll now be something like "Connection from CN=some.host.name", which seems clear enough.)
2014-03-18journal-remote: do not attempt to read from µhttpd connectionsZbigniew Jędrzejewski-Szmek
This chunk got lost in one of the rebases :(
2014-03-18machinectl: reimplement machinectl's "reboot" verb on top of "kill", and add ↵Lennart Poettering
new verb "poweroff" There's really no point to send the reboot SIGINT from machinectl directly, if machined can do that anyway. This saves code, and makes machinectl network transparent for these verbs. And while we are at it we can easily add a "poweroff" verb in addition to "reboot". Yay!
2014-03-18machined: fix Kill() bus call on machine objects when "what" is specified as ↵Lennart Poettering
"leader"
2014-03-18update TODOLennart Poettering
2014-03-18core: remount /sys/fs/cgroup/ read-only after we mounted all controllersLennart Poettering
Given that glibc searches for /dev/shm by just looking for any tmpfs we should be more careful with providing tmpfs instances arbitrary code might end up writing to.
2014-03-18cgroup: it's not OK to invoke alloca() in loopsLennart Poettering
2014-03-18systemctl: sort local host entry before container in list-machines outputLennart Poettering
2014-03-18systemctl: prefix list-units and list-machines output with a circle ↵Lennart Poettering
indicating a failure state (Subject to --no-legend)
2014-03-18timedatectl: clear ADJ_MAXERROR to make sure we keep STA_SYNC setKay Sievers
2014-03-17systemd-run: extend bash completionThomas Hindoe Paaboel Andersen
--system -H --host -M --machine --service-type (options: simple forking oneshot dbus notify idle) --uid --gid --nice --setenv -p --property (options read from bus_append_unit_property_assignment)
2014-03-17remove unused variableThomas Hindoe Paaboel Andersen
2014-03-17man: networkd - additional examples related to bridgingpoma
2014-03-17build-sys: move sd-login src/login → src/libsystemd/sd-loginLennart Poettering
After all, it is ultimately linked to libsystems.so anyway, thus belongs there and shares very little with the rest of logind, hence let's move this away.
2014-03-17update TODOLennart Poettering
2014-03-17sd-login: add calls that retrieve credentials of peers connected to AF_UNIX ↵Lennart Poettering
peers This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC, except for cgroup information.
2014-03-17update TODOLennart Poettering
2014-03-17core, libsystemd, systemd, timedate, udev: spelling fixesMiklos Vajna
2014-03-17man: improve wording of systemctl's --after/--beforeJason St. John
Commit 4a77ca7 was an attempt at fixing the wording of --after and --before, but the new wording was unclear. Split the combined --after/--before section into a separate section for each, explicitly state what each option does, and add information about how these lists are generated. Reported-by: Andrey Borzenkov <arvidjaar@gmail.com> Reported-by: Lennart Poettering <lennart@poettering.net>
2014-03-17build-sys: bump required µhttpd versionZbigniew Jędrzejewski-Szmek
MHD_USE_EPOLL_LINUX_ONLY, MHD_USE_DUAL_STACK are only available in next-but-last release.
2014-03-17journal-remote: implement inheriting http(s) socketsZbigniew Jędrzejewski-Szmek
Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd server on those two ports, in http and https modes respectively. As before, --listen-http=3 --listen-https=4 will launch µhttpd servers on ports 3 and 4.
2014-03-17microhttpd-util: use static buffer for static messagesZbigniew Jędrzejewski-Szmek
Most of the messages we send do not require a allocating and freeing a buffer, to optimize this by using const strings. Also, rename respond_error to mhd_respond*, since it is used not only for errors. Make use of information from printf to avoid one extra call to strlen.
2014-03-17journal-remote: HTTP(s) supportZbigniew Jędrzejewski-Szmek
The whole tool is made dependent on µhttpd availability. It should be easy to make the µhttpd parts conditional, but since transfer over HTTP seems to be the primary use case, currently this is not done. Current implementation uses nested epoll loops: sd-event is used for the external event loop, and µhttpd uses epoll in its own loop. Unfortunately µhttpd does not expose enough information to add the descriptors it uses to the external event loop. This means that starvation of other events is possible, if one of the inner µhttpd loops is constantly busy. This means that µhttpd servers should not be mixed with other sources. The TLS authentication parts haven't been really tested properly, and should not be take too seriously.
2014-03-17journal-remote: tool to receive messages over the networkZbigniew Jędrzejewski-Szmek
2014-03-17journal-gatewayd: check if certificate is signed by CAZbigniew Jędrzejewski-Szmek
If --trust=ca.crt is used, only clients presenting certificates signed by the ca will be allowed to proceed. No hostname matching is performed, so any client wielding a signed certificate will be authorized. Error functions are moved from journal-gateway to microhttp-util and made non-static, since now they are used in two source files.
2014-03-17journal-gatewayd: log to journal from gnutlsZbigniew Jędrzejewski-Szmek
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels to syslog levels is done, but since gnutls levels seem to be used rather loosely, most end up as debug.
2014-03-17build-sys: add check on gnutlsZbigniew Jędrzejewski-Szmek
2014-03-17journal-gatewayd: ask clients to provide certificatesZbigniew Jędrzejewski-Szmek
A certificate authority certificate will be presented to clients, causing them to present their client certificate, if it is signed by this authority (default behaviour of most clients). No certificate checking is actually performed.
2014-03-17activate: export make_socket_fdZbigniew Jędrzejewski-Szmek
Also improve logging to print out the parsed address on error.
2014-03-17shared: export is_dirZbigniew Jędrzejewski-Szmek
2014-03-17journal: export valid_user_field and size definesZbigniew Jędrzejewski-Szmek
In preparation for use elsewhere.
2014-03-17journal: extract duplicated code to a functionZbigniew Jędrzejewski-Szmek
2014-03-17journal: extract duplicated code to a functionZbigniew Jędrzejewski-Szmek
2014-03-17journald: remove stray reset of error return valueZbigniew Jędrzejewski-Szmek
2014-03-17systemctl: introduce -r switch to show units running in local containers in ↵Lennart Poettering
addition to the host