summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-17core: fix property changes in transient unitsLennart Poettering
2014-02-17unit: slice dependencies should not be subject to DefaultDependenciesLennart Poettering
2014-02-17main: don't set no_new_privs when using SystemCallArchitectures= system-wideLennart Poettering
After all, we want to allow userspace to get new privs...
2014-02-17nspawn: netns_fd can be removed nowLennart Poettering
2014-02-17core: rework cgroup mask propagationLennart Poettering
Previously a cgroup setting down tree would result in cgroup membership additions being propagated up the tree and to the siblings, however a unit could never lose cgroup memberships again. With this change we'll make sure that both cgroup additions and removals propagate properly.
2014-02-17Pass log config from systemd to systemd-shutdownZbigniew Jędrzejewski-Szmek
If PID 1 debug logging is enabled, it is nice to keep those settings when switching to systemd-shutdown binary, independently of whether this was done through /proc/cmdline options, or through runtime manipulations.
2014-02-17Some modernizationsZbigniew Jędrzejewski-Szmek
2014-02-17Extract looping over /proc/cmdline into a shared functionZbigniew Jędrzejewski-Szmek
In cryptsetup-generator automatic cleanup had to be replaced with manual cleanup, and the code gets a bit longer. But existing code had the issue that it returned negative values from main(), which was wrong, so should be reworked anyway.
2014-02-17logind: close race on session state during loginsDjalal Harouni
At login there is a small race window where session_get_state() will return SESSION_ACTIVE instead of SESSION_OPENING. This must be fixed since during that time there are calls to session_save() to save session states and we want to write the correct state. When we queue the start scope and service jobs, we wait for both of them to finish before calling and continue processing in: "session_jobs_reply() => session_send_create_reply()" to create the session fifo and notify clients. However, in the match_job_removed() D-Bus signal, we may hit situations where the scope job has successfully finished and we are still waiting for the user service job to finish. During that time the "session->scope_job" will be freed and set to NULL, this makes session_get_state() return SESSION_ACTIVE before it is really active, it should return SESSION_OPENING since we are still waiting for the service job to finish in order to create the session fifo. To fix this, we also check if the session fifo fd was created, if so then the session has entered the SESSION_ACTIVE state, if not then it is still in the SESSION_OPENING state and it is waiting for the scope and service jobs to finish.
2014-02-16sd-dhcp: silently ignore malformed packetsTom Gundersen
This fixes a regression introduced in e5002702.
2014-02-16sd-rtnl: do not require ifindex to be set for SETLINK messagesTom Gundersen
The kernel will then look up the ifindex itself based on the name. This should be used very carefully as it is racey. [This was a left-over hunk from my previous nspawn patch.]
2014-02-16TODO: remove done itemThomas Hindoe Paaboel Andersen
strv_append was removed in e3e45d4f82daa5cd85ba40dde9127df900096c0c
2014-02-16nspawn: typo fix in helpThomas Hindoe Paaboel Andersen
2014-02-16nspawn: add new --network-bridge= switchTom Gundersen
This adds the host side of the veth link to the given bridge. Also refactor the creation of the veth interfaces a bit to set it up from the host rather than the container. This simplifies the addition to the bridge, but otherwise the behavior is unchanged.
2014-02-16Add white space between _XZ_FEATURE_ and _SECCOMP_FEATURE_Djalal Harouni
2014-02-16bus: fix match_parse for unquoted matchesSimon Peeters
2014-02-16core: check for return value from get_process_stateYuxuan Shui
Fix for commit e10c9985bb.
2014-02-15README: mention libudev's requirementKay Sievers
2014-02-15sd-dhcp: network - don't hardcode portsTom Gundersen
We want to reuse these functions for the server library too.
2014-02-15sd-rtnl: always include linux/rtnetlink.hTom Gundersen
2014-02-15sd-dhcp: minimum options size is part of the protocolTom Gundersen
2014-02-15sd-dhcp-client: explicitly handle raw and udp messagesTom Gundersen
Split the recevie_message callback into _raw and _udp parts and a generic DHCPMessage handler. Also always verify the xid/MAC, rather than only for udp messages.
2014-02-15sd-rtnl: message_open_container - don't take a 'size' argumentTom Gundersen
We can always know the size based on the type, so let's do this inside the library.
2014-02-15sd-rtnl: link flags - don't allow change = 0Tom Gundersen
The kernel will happily treat 0x0 as 0xffffffff, but it is for backwards compatibility only, so let's not perpetuate this.
2014-02-14Fix prototype of get_process_stateZbigniew Jędrzejewski-Szmek
2014-02-15util: fix mismatching function signatureKay Sievers
2014-02-14man: use spaces instead of tabsJason St. John
Several sections of the man pages included intermixed tabs and spaces; this commit replaces all tabs with spaces.
2014-02-14man: replace STDOUT with standard output, etc.Zbigniew Jędrzejewski-Szmek
Actually 'STDOUT' is something that doesn't appear anywhere: in the stdlib we have 'stdin', and there's only the constant STDOUT_FILENO, so there's no reason to use capitals. When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc.
2014-02-14man: fix grammatical errors and other formatting issuesJason St. John
* standardize capitalization of STDIN, STDOUT, and STDERR * reword some sentences for clarity * reflow some very long lines to be shorter than ~80 characters * add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags
2014-02-14core: fix detection of dead processesYuxuan Shui
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd actually reaps the zombie. Which leads to service_load_pid_file accepting zombie as a valid pid. This fixes timeouts like: [ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing. [ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring. [ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing. [ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
2014-02-14test: add basic seccomp testsRonny Chevalier
2014-02-14units: systemd-logind fails hard without dbusZbigniew Jędrzejewski-Szmek
That is, without --enable-kdbus and kdbus running. With --enable-kdbus things are more complicated, because dbus might be necessary, if kdbus is missing at runtime. If it is not necessary, the socket will be started, which is not imporant, but not the service.
2014-02-14test: print the important commands to make debugging easierZbigniew Jędrzejewski-Szmek
2014-02-14test: make the image biggerZbigniew Jędrzejewski-Szmek
I got some errors about lack of disk space... 100MB either way shouldn't matter.
2014-02-14nspawn: if we don't find bash, try shLennart Poettering
2014-02-14update TODOLennart Poettering
2014-02-14nspawn: don't accept just any tree to executeLennart Poettering
When invoked without -D in an arbitrary directory we should not try to execute anything, make some validity checks first.
2014-02-14man: always place <programlisting> and </programlisting> in a line with ↵Lennart Poettering
actual sources, so that we don't get spurious newlines in the man page output
2014-02-14localectl: log error if bus_map_all_properties() failsDjalal Harouni
2014-02-14service: when we complain about a notify message we cannot map to main pid ↵Lennart Poettering
because we don't know anything about the main pid, do so at debug level
2014-02-14service: if we don't know the main pid of a service, we cannot accept any ↵Lennart Poettering
notification messages
2014-02-14build-sys: fix for "recipe for target 'dbus1-generator-install-hook' failed"Simon Peeters
2014-02-14man: systemd.service(5): clarify behavior of SuccessExitStatusDave Reisner
The behavior of this is a little cryptic in that $MAINPID must exit as a direct result of receiving a signal in order for a listed signal to be considered a success condition.
2014-02-14shared: include root when canonicalizing conf pathsMichael Marineau
The conf_files_list family accepts an alternate root path to prefix all directories in the list but path_strv_canonicalize_uniq doesn't use it. This results in the suspicious behavior of resolving directory symlinks based on the contents of / instead of the alternate root. This adds a prefix argument to path_strv_canonicalize which will now prepend the prefix, if given, to every path in the list. To avoid answering what a relative path means when called with a root prefix path_strv_canonicalize is now path_strv_canonicalize_absolute and only considers absolute paths. Fortunately all users of already call path_strv_canonicalize with a list of absolute paths.
2014-02-13logind: make sure to terminate systemd user on logoutsDjalal Harouni
Currently if the user logs out, the GC may never call user_stop(), this will not terminate the systemd user and (sd-pam) of that user. To fix this, remove the USER_CLOSING state check that is blocking the GC from calling user_stop(). Since if user_check_gc() returns false this means that all the sessions of the user were removed which will make user_get_state() return USER_CLOSING. Conclusion: that test will never be statisfied. So we remove the USER_CLOSING check and replace it with a check inside user_stop() this way we know that user_stop() has already queued stop jobs, no need to redo. This ensures that the GC will get its two steps correctly as pointed out by Lennart: http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html Note: this also fixes another bug that prevents creating the user private dbus socket which will break communications with the user manager.
2014-02-13nspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in ↵Lennart Poettering
containers The kernel still doesn't support audit in containers, so let's make use of seccomp and simply turn it off entirely. We can get rid of this big as soon as the kernel is fixed again.
2014-02-13nspawn: add new --network-veth switch to add a virtual ethernet link to the hostLennart Poettering
2014-02-13rtnl: support adding VETH_INFO_PEER containers into rtnl messagesLennart Poettering
2014-02-13systemctl: fix exit statuses from is-active/is-failedDave Reisner
This was inadvertantly disturbed in e3e0314b when glob support was added.
2014-02-13everywhere: always use O_CLOEXEC where it makes senseLennart Poettering