summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-14unit: properly comment generated comments in unit filesLennart Poettering
Fix-up for 2a9a6f8ac04a69ca36d645f9305a33645f22a22b
2016-06-14sd-ndisc: add missing castLennart Poettering
Apparently newer gcc versions are a bit more forgiving when assigning an "unsigned char*" pointer to something of a different type. Let's add the missing cast so that old gcc versions are fine, too.
2016-06-14systemctl: allow percent-based MemoryLimit= settings via systemctl set-propertyLennart Poettering
The unit files already accept relative, percent-based memory limit specification, let's make sure "systemctl set-property" support this too. Since we want the physical memory size of the destination machine to apply we pass the percentage in a new set of properties that only exist for this purpose, and can only be set.
2016-06-14util: introduce physical_memory_scale() to unify how we scale by physical memoryLennart Poettering
The various bits of code did the scaling all different, let's unify this, given that the code is not trivial.
2016-06-14core: make sure to use "infinity" in unit files, not "max"Lennart Poettering
THe latter is a kernelism, we only understand "infinity".
2016-06-14core: when receiving a memory limit via the bus, refuse 0Lennart Poettering
When parsing unit files we already refuse unit memory limits of zero, let's also refuse it when the value is set via the bus.
2016-06-14man: minor fixesLennart Poettering
2016-06-14core: optionally, accept a percentage value for MemoryLimit= and related ↵Lennart Poettering
settings If a percentage is used, it is taken relative to the installed RAM size. This should make it easier to write generic unit files that adapt to the local system.
2016-06-14util-lib: introduce parse_percent() for parsing percent specificationsLennart Poettering
And port a couple of users over to it.
2016-06-14util: when determining the amount of memory on this system, take cgroup ↵Lennart Poettering
limit into account When determining the amount of RAM in the system, let's make sure we also read the root-level cgroup memory limit into account. This isn't particularly useful on the host, but in containers it makes sure that whatever memory the container got assigned is actually used for RAM size calculations.
2016-06-14networkd: Tunnel add support to configure key for VTI/VTI6 (#3532)Susant Sahani
fixes #3298
2016-06-14Merge pull request #3527 from poettering/systemctl-fixesDaniel Mack
Systemctl fixes
2016-06-14manager: reduce complexity of unit_gc_sweep (#3507)Lukáš Nykrýn
When unit is marked as UNSURE, we are trying to find if it state was changed over and over again. So lets not go through the UNSURE states again. Also when we find a GOOD unit lets propagate the GOOD state to all units that this unit reference. This is a problem on machines with a lot of initscripts with different starting priority, since those units will reference each other and the original algorithm might get to n! complexity. Thanks HATAYAMA Daisuke for the expand_good_state code.
2016-06-14core: on unified we don't need to check u->pids: we can use proper ↵Evgeny Vereshchagin
notifications (#3531) Fixes: #3483
2016-06-14build: fix missing symbol for old kernel headers (#3530)Andrew Jeddeloh
Fix issue where IN6_ADDR_GEN_MODE_STABLE_PRIVACY is undefined but IFLA_INET6_ADDR_GEN_MODE is defined and thus the former does not get fixed in missing.h. This occurs with kernel headers new enough to have the IFLA_INET6_ADDR_GEN_MODE but old enough to not yet have IN6_ADDR_GEN_MODE_STABLE_PRIVACY (e.g. 3.18).
2016-06-13systemctl: rework "systemctl status" a bitLennart Poettering
This reworks "systemctl status" and "systemctl show" a bit. It removes the definition of the `property_info` structure, because we can simply reuse the existing UnitStatusInfo type for that. The "could not be found" message is now printed by show_one() itself (and not its caller), so that it is shown regardless by who the function is called. (This makes it necessary to pass the unit name to the function.) This also adds all properties found to a set, and then checks if any of the properties passed via "--property=" is mising in it, if so, a proper error is generated. Support for checking the PID file of a unit is removed, as this cannot be done reasonably client side (since the systemd instance we are talking to might sit on another host) Replaces: #3411 Fixes: #3425 Also see: #3504
2016-06-13systemctl: fix assertion hit when showing state of a unit without control groupLennart Poettering
2016-06-13unit-name: remove spurious newlineLennart Poettering
2016-06-13Merge pull request #3491 from poettering/hwdb-acpiTom Gundersen
hwdb: update UEFI/ACPI/PNP/EISA/EDID database from UEFI web site
2016-06-13Merge pull request #3498 from poettering/syscall-filter-fixesLennart Poettering
Syscall filter fixes, tighter nspawn seccomp sandbox by default
2016-06-13core: parse `rd.rescue` and `rd.emergency` as initrd-specific shorthands (#3488)Ivan Shapovalov
Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
2016-06-13Merge pull request #3384 from keszybz/localed-keymapLennart Poettering
More verbose logging in localed, unit tests, and a few tweaks to keymap conversions
2016-06-13nspawn: lock down system call filter a bitLennart Poettering
Let's block access to the kernel keyring and a number of obsolete system calls. Also, update list of syscalls that may alter the system clock, and do raw IO access. Filter ptrace() if CAP_SYS_PTRACE is not passed to the container and acct() if CAP_SYS_PACCT is not passed. This also changes things so that kexec(), some profiling calls, the swap calls and quotactl() is never available to containers, not even if CAP_SYS_ADMIN is passed. After all we currently permit CAP_SYS_ADMIN to containers by default, but these calls should not be available, even then.
2016-06-13units: tighten system call filters a bitLennart Poettering
Take away kernel keyring access, CPU emulation system calls and various debug system calls from the various daemons we have.
2016-06-13core: improve seccomp syscall grouping a bitLennart Poettering
This adds three new seccomp syscall groups: @keyring for kernel keyring access, @cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and suchlike, and @debug for ptrace() and related calls. Also, the @clock group is updated with more syscalls that alter the system clock. capset() is added to @privileged, and pciconfig_iobase() is added to @raw-io. Finally, @obsolete is a cleaned up. A number of syscalls that never existed on Linux and have no number assigned on any architecture are removed, as they only exist in the man pages and other operating sytems, but not in code at all. create_module() is moved from @module to @obsolete, as it is an obsolete system call. mem_getpolicy() is removed from the @obsolete list, as it is not obsolete, but simply a NUMA API.
2016-06-13nspawn: order caps to retain alphabeticallyLennart Poettering
2016-06-13update TODOLennart Poettering
2016-06-13resolved: use single message for both dbus and signal calls (#3515)Zbigniew Jędrzejewski-Szmek
Follow-up for #3502.
2016-06-13Merge pull request #3520 from keszybz/add-release.mdLennart Poettering
Add RELEASE.md
2016-06-13Merge pull request #3518 from keszybz/test-process-utilLennart Poettering
Enhance test-process-util to take the PID to look at
2016-06-13networkd: fix NULL pointer (#3523)Susant Sahani
Not every link has kind associated with it. (gdb) r Starting program: /home/sus/tt/systemd/systemd-networkd Missing separate debuginfos, use: dnf debuginfo-install glibc-2.23.1-7.fc24.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". vboxnet0: Gained IPv6LL wlp3s0: Gained IPv6LL enp0s25: Gained IPv6LL Enumeration completed Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6e27ade in __strcmp_sse2_unaligned () from /lib64/libc.so.6 (gdb) bt src/network/networkd-link.c:2008 src/network/networkd-link.c:2059 src/network/networkd-link.c:2442 m=0x555555704a30, userdata=0x55555570bfe0) at src/network/networkd-link.c:2497 at src/libsystemd/sd-netlink/sd-netlink.c:347 src/libsystemd/sd-netlink/sd-netlink.c:402 src/libsystemd/sd-netlink/sd-netlink.c:432 userdata=0x5555556f7470) at src/libsystemd/sd-netlink/sd-netlink.c:739 src/libsystemd/sd-event/sd-event.c:2275 src/libsystemd/sd-event/sd-event.c:2626 timeout=18446744073709551615) at src/libsystemd/sd-event/sd-event.c:2685 bus=0x5555556f9af0, name=0x555555692315 "org.freedesktop.network1", timeout=30000000, check_idle=0x55555556ac84 <manager_check_idle>, userdata=0x5555556f6b20) at src/shared/bus-util.c:134 src/network/networkd-manager.c:1128 src/network/networkd.c:127 (gdb) f 1 src/network/networkd-link.c:2008 2008 if (link->network->bridge || streq("bridge", link->kind)) { (gdb) p link->kind $1 = 0x0
2016-06-13networkd: route priority replace parsing config_parse_uint32 with ↵Susant Sahani
safe_atou32 (#3522)
2016-06-13core/execute: pass env vars to PAM session setup (#3503)Jouke Witteveen
Move the merger of environment variables before setting up the PAM session and pass the aggregate environment to PAM setup. This allows control over the PAM session hooks through environment variables. PAM session initiation may update the environment. On successful initiation of a PAM session, we adopt the environment of the PAM context.
2016-06-13systemctl: disallow systemctl --user reboot (#3519)Zbigniew Jędrzejewski-Szmek
... as well as halt/poweroff/kexec/suspend/hibernate/hybrid-sleep. Running those commands will fail in user mode, but we try to set the wall message first, which might even succeed for privileged users. Best to nip the whole sequence in the bud. https://github.com/systemd/systemd/pull/3453#issuecomment-225455156
2016-06-12Add RELEASE.md file which lists the steps needed for releaseZbigniew Jędrzejewski-Szmek
I put it in .github, so it doesn't stand out too much; after all it's not interesting to most people.
2016-06-12CONTRIBUTING: ask people to comment after after force-pushZbigniew Jędrzejewski-Szmek
2016-06-12CONTRIBUTING: remove line wrappingZbigniew Jędrzejewski-Szmek
GitHub displays this file poorly, because it preserves the newlines. Let's try how things look without any wrapping.
2016-06-12process-util: remove broken support for pid==0Zbigniew Jędrzejewski-Szmek
Our functions that query /proc/pid/ support using pid==0 to mean self. get_process_id also seemed to support that, but it was not implemented correctly: the result should be in *uid, not returned, and also it gave completely bogus result when called from get_process_gid(). But afaict, get_process_{uid,gid} were never called with pid==0, so it's not an actual bug. Remove the broken code to avoid confusion.
2016-06-12test-process-util: allow pid to be specified on the command lineZbigniew Jędrzejewski-Szmek
This makes it easy to test the query code on "ssh localhost" and similar.
2016-06-12test-process-util: rework the test function to take pid as argumentZbigniew Jędrzejewski-Szmek
This fixes a bunch of copy&paste errors in the output.
2016-06-12util-lib: drop trailing non-printable characters from cmdline (#3512)Max Prokhorov
If max_length is equal or greater than cmdline length all trailing non-printable characters are dropped. If max_length is 0 it should do the same. This should also fix cmdline truncation if the last character is not '\0'. Fixes #3469.
2016-06-12hwdb: change the Logitech MX500 to 1100 dpi (#3517)Peter Hutterer
https://bugs.freedesktop.org/show_bug.cgi?id=96225 and specifically the tech specs here: http://support.logitech.com/en_us/product/corded-mouse-m500
2016-06-12Merge pull request #3502 from poettering/resolved-flush-cacheZbigniew Jędrzejewski-Szmek
resolved: allow clients request cache flushes
2016-06-12Merge pull request #3453 from poettering/fix-3353Zbigniew Jędrzejewski-Szmek
Fixes #3353.
2016-06-12networkd: more vlan cleanup (#3506)Tobias Jungel
use config_parse_vlanid to parse vlan for BridgeFDB entries
2016-06-12networkd: cleanup of bridge vlan code (#3505)Tobias Jungel
cleanup minor nitpicks mentioned in #3428
2016-06-12Fixed a small typo in a comment (#3514)Alex Gaynor
2016-06-11test-keymap-util: use kbd-model-map/language-fallback-map from $(srcdir)Zbigniew Jędrzejewski-Szmek
This adds (undocumented) environment variables SYSTEMD_KBD_MODEL_MAP and SYSTEMD_LANGUAGE_FALLBACK_MAP, which, if set, override compiled-in locations of those two files. Instead of skipping tests when the maps are not installed, just use the one from the source dir. We still cannot do the mappings the other way if /usr/lib/kbd/keymaps is not present, so truncate the tests in that case. Also tweak the debug messages a bit to make it easier to see which function is failing.
2016-06-10hwdb: update UEFI/ACPI/PNP/EISA/EDID database from UEFI web siteFederico Mena Quintero
Let's hook up the ACPI database we maintain from the upstream UEFI sources. This adds a tool to convert the database provided upstream to our native format, similar to how this is handled for the PCI and USB databases. Note that the upstream web site claims to offer an XLS download, but the actual data made available is an HTML file in reality, just one with the ".xls" suffix... The data provided from the UEFI folks is not very high quality nor complete, hence apply a patch after the conversion step that fixes up a few things and adds in more entries from various sources. For example, the EDID ids maintained by GNOME and other sources have been added too, as they all appear to use the same ID namespace. This also adds explicit support for 4 character ACPI ids, in addition to the normal 3 character PNP ids. Also fixes: https://bugs.freedesktop.org/show_bug.cgi?id=90524
2016-06-10resolved: move verification that link is unmanaged into the proper bus callsLennart Poettering
Previously, we checked only for the various SetLinkXYZ() calls on the Manager object exposed on the bus if the specified interface is managed/unmanaged by networkd (as we don't permit overriding DNS configuration via bus calls if networkd owns the device), but the equivalent SetXYZ() calls on the Link object did not have such a check. Fix that by moving the appropriate check into the latter, as the former just calls that anyway.