summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-03core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379)Topi Miettinen
New exec boolean MemoryDenyWriteExecute, when set, installs a seccomp filter to reject mmap(2) with PAGE_WRITE|PAGE_EXEC and mprotect(2) with PAGE_EXEC.
2016-06-03Merge pull request #3409 from tomty89/update-2Lennart Poettering
networkd-dhcp6: DHCPv6 starting fixes
2016-06-03Merge pull request #3418 from htejun/cgroup2-log-compatLennart Poettering
core: log cgroup legacy and unified hierarchy setting translations
2016-06-03core: always use "infinity" for no upper limit instead of "max" (#3417)Tejun Heo
Recently added cgroup unified hierarchy support uses "max" in configurations for no upper limit. While consistent with what the kernel uses for no upper limit, it is inconsistent with what systemd uses for other controllers such as memory or pids. There's no point in introducing another term. Update cgroup unified hierarchy support so that "infinity" is the only term that systemd uses for no upper limit.
2016-06-03missing include added for build with -DDEBUG (#3424)Tobias Jungel
2016-06-03tests: introduce UNIFIED_CGROUP_HIERARCHY (#3419)Evgeny Vereshchagin
There are many cgroups-related changes (thanks, @htejun!) This commit will simplify testing a bit. Use: make run UNIFIED_CGROUP_HIERARCHY=yes to enable cgroup-v2 make run UNIFIED_CGROUP_HIERARCHY=no to enable cgroup-v1
2016-06-03resolved: fix comments in resolve.conf for search domain overflows (#3422)Martin Pitt
Write comments about "too many search domains" and "Total length of all search domains is too long" just once. Also put it on a separate line, as resolv.conf(5) only specifies comments in a line by themselves. This is ugly to do if write_resolv_conf_search() gets called once for every search domain. So change it to receive the complete OrderedSet instead and do the iteration by itself. Add test cases to networkd-test.py. https://launchpad.net/bugs/1588229
2016-06-03hwdb: Add Thinkpad X1 carbon 4th gen to 70-pointingstick.hwdb (#3426)Matthieu Codron
Like many other recent thinkpads the factory default pointingstick sensitivity on these devices is quite low, making the pointingstick very slow in moving the cursor. This extends the existing hwdb rules for tweaking the sensitivity to also apply to the X1 carbon 4thgen model.
2016-06-02core: log cgroup legacy and unified hierarchy setting translationsTejun Heo
To accommodate changes in kernel interface, cgroup unified hierarchy support added several configuration items which overlap with the existing resource control settings and there is simple config translation between the overlapping settings to ease the transition. As why certain cgroup knobs are being configured can become confusing, this patch adds a master warning message which is printed once when such translation is first used and logs each translation with a debug message. v2: - Switched to log_unit*().
2016-06-02core: pass Unit into cgroup_context_apply() and use log_unit*()Tejun Heo
cgroup_context_apply() and friends take CGroupContext and cgroup path as input and has no way of getting back to the associated Unit and thus uses raw cgroup path for logging. This makes the log messages difficult to track down. There's no reason to avoid passing in Unit into these functions. Pass in Unit and use log_unit*() instead. While at it, make cgroup_context_apply(), which has no outside users, static. Also, drop cgroup path from log messages where the path itself isn't too interesting and can be easily obtained from the unit.
2016-06-02networkd-ndisc: do not start DHCPv6 when after NDISC timeoutTom Yan
For it's silly and unnecessary. Although it was apparently mandated by RFC 2462 in [5.5.2. Absence of Router Advertisements], that has been changed in the same section of RFC 4862, which obsoleted the former RFC.
2016-06-01core: add pre-defined syscall groups to SystemCallFilter= (#3053) (#3157)Topi Miettinen
Implement sets of system calls to help constructing system call filters. A set starts with '@' to distinguish from a system call. Closes: #3053, #3157
2016-06-01units: wait for plymouth to shut down in rescue.sevice (#3367)Franck Bui
In the same vein as commit ac59f0c12c117b9bb5b7e17f33987b0107791239 which added the --wait option to the emergency service, this patch makes sure that plymouth has exited before entering into the rescue mode.
2016-06-01networkd-dhcp6: generalize DHCPv6 client (re)startingTom Yan
dhcp6_request_address() was merely a function to switch the DHCPv6 client from "stateless" mode to "stateful" mode. It was also a one-way switch. Also, to (re)start the client, we would need to repeat separate function calls. In this patch, dhcp6_request_address() is made a general starter/manager of the DHCPv6 client. It now takes an extra parameter so we will be specifying which mode the DHCPv6 client should be started in. Also it will keep track of the current mode and compare with the newly requested mode, and only restart the client in case there is a difference between them. This also makes sure that the DHCPv6 client will be (re)started accordingly as per the Router Advertisement flags.
2016-05-31systemctl: systemctl show --property' needs verification of property (#3364)Susant Sahani
systemctl --property doesn't validate if a requested property is valid or not, and always returns with an exit code of 0, regardless of whether the requested property exists or not. How reproducible: This works fine: Id=multi-user.target But put in a non-existing property: Id=default.targets.service Id=default.targets.service 0 [root@shou18lkvm8 ~]# systemctl show --property Id this.is.rubbish; echo $? Id=this.is.rubbish.service 0 After: sus@maximus bz-95593]$ ./systemctl show --property Id this.is.rubbish; echo $? Can't display property this.is.rubbish. Unit this.is.rubbish.service does not exist. 4 fixes #2295
2016-05-31systemctl: Replace init script error codes with enum (#3400)Susant Sahani
Now we just using constants for the init script exit status codes. Replace those error codes with enum so that it's more meaningful and readable.
2016-05-31network: fix wrong include of source file "ether-addr-util.c" (#3402)Thomas Haller
Fixes: 9ed8b06c9be4a5efae432d5cf4b1c47d03e6f107
2016-05-31hwdb: add axis ranges for the Lenovo X220 touchpad (#3397)Peter Hutterer
Side-effect of https://bugs.freedesktop.org/show_bug.cgi?id=94989
2016-05-31man: document that systemctl -ff reboot does not require PID 1 to work (#3310)Lennart Poettering
As suggested in https://github.com/systemd/systemd/issues/3282#issuecomment-220264509
2016-05-30networkd: bridge add support to configure VLAN filtering (#3344)Tobias Jungel
This patch implements support for IFLA_BR_VLAN_FILTERING configuration.
2016-05-30systemctl: return diffrent error code if service exist or not (#3385)Susant Sahani
Before: [sus@maximus bz-1256858]$ systemctl status rsyslog.service;echo $? ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/rsyslog.service.d └─50-CPUShares.conf Active: inactive (dead) since Mon 2016-05-30 11:54:25 IST; 2h 26min ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 1159 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1159 (code=exited, status=0/SUCCESS) May 30 11:07:50 maximus systemd[1]: Starting System Logging Service... May 30 11:07:50 maximus systemd[1]: Started System Logging Service. May 30 11:54:25 maximus systemd[1]: Stopping System Logging Service... May 30 11:54:25 maximus systemd[1]: Stopped System Logging Service. 3 [sus@maximus bz-1256858]$ systemctl status hello.service;echo $? ● hello.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) 3 After: $ ./systemctl status hello.service;echo $? Failed to dump process list, ignoring: Access denied ● hello.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) 4 [sus@maximus bz-1256858]$ ./systemctl status rsyslog.service;echo $? Failed to dump process list, ignoring: Access denied ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/rsyslog.service.d └─50-CPUShares.conf Active: inactive (dead) since Mon 2016-05-30 11:54:25 IST; 2h 24min ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 1159 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1159 (code=exited, status=0/SUCCESS) May 30 11:07:50 maximus systemd[1]: Starting System Logging Service... May 30 11:07:50 maximus systemd[1]: Started System Logging Service. May 30 11:54:25 maximus systemd[1]: Stopping System Logging Service... May 30 11:54:25 maximus systemd[1]: Stopped System Logging Service. 3 Fixes: 1092
2016-05-30doc: clarify systemd.exec's paths definition (#3368)Alessandro Puccetti
Definitions of ReadWriteDirectories=, ReadOnlyDirectories=, InaccessibleDirectories=, WorkingDirectory=, and RootDirecory= were not clear. This patch specifies when they are relative to the host's root directory and when they are relative to the service's root directory. Fixes #3248
2016-05-30udevd: try close ctrl connection blocking socket only once when spawning a ↵Franck Bui
new worker (#3387)
2016-05-30Merge pull request #3389 from lucab/to-upstream/man-typosRonny Chevalier
man: fix recurring typo
2016-05-30man: fix recurring typoLuca Bruno
2016-05-29util-lib: Add sparc64 support for process creation (#3348)Michael Karcher
The current raw_clone function takes two arguments, the cloning flags and a pointer to the stack for the cloned child. The raw cloning without passing a "thread main" function does not make sense if a new stack is specified, as it returns in both the parent and the child, which will fail in the child as the stack is virgin. All uses of raw_clone indeed pass NULL for the stack pointer which indicates that both processes should share the stack address (so you better don't pass CLONE_VM). This commit refactors the code to not require the caller to pass the stack address, as NULL is the only sensible option. It also adds the magic code needed to make raw_clone work on sparc64, which does not return 0 in %o0 for the child, but indicates the child process by setting %o1 to non-zero. This refactoring is not plain aesthetic, because non-NULL stack addresses need to get mangled before being passed to the clone syscall (you have to apply STACK_BIAS), whereas NULL must not be mangled. Implementing the conditional mangling of the stack address would needlessly complicate the code. raw_clone is moved to a separete header, because the burden of including the assert machinery and sched.h shouldn't be applied to every user of missing_syscalls.h
2016-05-29Merge pull request #3378 from keszybz/unit-write-drop-in-newline-removalLennart Poettering
Remove newlines from drop in format strings + some formatting fixes
2016-05-29Fix FS_EXTENT_FL description (#3381)kpengboy
2016-05-28man: cite systemd.offline-updates(7) instead of linking to old wiki pageZbigniew Jędrzejewski-Szmek
2016-05-28man: punctuation fixesZbigniew Jędrzejewski-Szmek
Fixes #3376.
2016-05-28tree-wide: remove newlines from unit_write_drop_inZbigniew Jędrzejewski-Szmek
This reverts part of #3329, but all for a good cause.
2016-05-28core/unit: append newline when writing drop insZbigniew Jędrzejewski-Szmek
unit_write_drop_in{,_private}{,_format} are all affected. We already append a header to the file (and section markers), so those functions can only be used to write a whole file at once. Including the newline at the end feels natural. After this commit newlines will be duplicated. They will be removed in subsequent commit. Also, rewrap the "autogenerated" header to fit within 80 columns.
2016-05-28Merge pull request #3326 from tomty89/update-2Zbigniew Jędrzejewski-Szmek
networkd: IPv6 fixes
2016-05-28Merge pull request #3360 from glaubitz/masterZbigniew Jędrzejewski-Szmek
Fix multiple unaligned accesses in test-dns-packet and sd-dhcp-server.
2016-05-28Typo fix: s/advertisment/advertisement/Zbigniew Jędrzejewski-Szmek
2016-05-28systemctl: remove empty line between comment and actionZbigniew Jędrzejewski-Szmek
It's harder to miss the comment without the newline ;) See https://github.com/systemd/systemd/pull/3336#issuecomment-221749423 for context.
2016-05-28Merge pull request #3328 from poettering/ipv4ll-ipv4acd-fixesZbigniew Jędrzejewski-Szmek
various sd-Ipv4ll/sd-ipv4acd fixes
2016-05-28Merge pull request #3336 from eworm-de/systemctl-set-defaultZbigniew Jędrzejewski-Szmek
systemctl: return success for set-default, add-wants, add-requires...
2016-05-28login: Fix policy for org.freedesktop.login1.set-self-linger (#3365) (#3373)Michael Biebl
We need to explicitly define authorizations for allow_inactive and allow_active. Otherwise one is getting "Access denied" when run from a local console: $ loginctl enable-linger Could not enable linger: Access denied
2016-05-28networkd: disable IPv6 for bridge slaveTom Yan
If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
2016-05-28networkd: unset master if not enslaved with networkdTom Yan
When we manage an interface with networkd but not as a slave (i.e. no `Bridge=` or `Bond=` set in its .network), we do not want it to remain slaved.
2016-05-27networkd/sd-dhcp-server: Fix unaligned access in parse_request().John Paul Adrian Glaubitz
2016-05-27core: add cgroup memory controller support on the unified hierarchy (#3315)Tejun Heo
On the unified hierarchy, memory controller implements three control knobs - low, high and max which enables more useable and versatile control over memory usage. This patch implements support for the three control knobs. * MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and memory.max, respectively. * As all absolute limits on the unified hierarchy use "max" for no limit, make memory limit parse functions accept "max" in addition to "infinity" and document "max" for the new knobs. * Implement compatibility translation between MemoryMax and MemoryLimit. v2: - Fixed missing else's in config_parse_memory_limit(). - Fixed missing newline when writing out drop-ins. - Coding style updates to use "val > 0" instead of "val". - Minor updates to documentation.
2016-05-27Merge pull request #3329 from htejun/dbus-cgroup-fixesLennart Poettering
dbus-cgroup fixes
2016-05-27core: fix missing newline when writing drop-in for WorkingDirectory (#3337)Tejun Heo
2016-05-27Merge pull request #3356 from OpenDZ/tixxdz/nspawn-quick-v1Lennart Poettering
nspawn: filesystem uid patching fixes and other minor improvments
2016-05-27systemctl: fix code path (and memory leak) on errorChristian Hesse
2016-05-27systemctl: fix return values on successChristian Hesse
2016-05-27systemctl: remove extra commaChristian Hesse
2016-05-26resolve/test-dns-packet: Fix unaligned access in test_packet_from_file().John Paul Adrian Glaubitz