summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-14test: add basic seccomp testsRonny Chevalier
2014-02-14units: systemd-logind fails hard without dbusZbigniew Jędrzejewski-Szmek
That is, without --enable-kdbus and kdbus running. With --enable-kdbus things are more complicated, because dbus might be necessary, if kdbus is missing at runtime. If it is not necessary, the socket will be started, which is not imporant, but not the service.
2014-02-14test: print the important commands to make debugging easierZbigniew Jędrzejewski-Szmek
2014-02-14test: make the image biggerZbigniew Jędrzejewski-Szmek
I got some errors about lack of disk space... 100MB either way shouldn't matter.
2014-02-14nspawn: if we don't find bash, try shLennart Poettering
2014-02-14update TODOLennart Poettering
2014-02-14nspawn: don't accept just any tree to executeLennart Poettering
When invoked without -D in an arbitrary directory we should not try to execute anything, make some validity checks first.
2014-02-14man: always place <programlisting> and </programlisting> in a line with ↵Lennart Poettering
actual sources, so that we don't get spurious newlines in the man page output
2014-02-14localectl: log error if bus_map_all_properties() failsDjalal Harouni
2014-02-14service: when we complain about a notify message we cannot map to main pid ↵Lennart Poettering
because we don't know anything about the main pid, do so at debug level
2014-02-14service: if we don't know the main pid of a service, we cannot accept any ↵Lennart Poettering
notification messages
2014-02-14build-sys: fix for "recipe for target 'dbus1-generator-install-hook' failed"Simon Peeters
2014-02-14man: systemd.service(5): clarify behavior of SuccessExitStatusDave Reisner
The behavior of this is a little cryptic in that $MAINPID must exit as a direct result of receiving a signal in order for a listed signal to be considered a success condition.
2014-02-14shared: include root when canonicalizing conf pathsMichael Marineau
The conf_files_list family accepts an alternate root path to prefix all directories in the list but path_strv_canonicalize_uniq doesn't use it. This results in the suspicious behavior of resolving directory symlinks based on the contents of / instead of the alternate root. This adds a prefix argument to path_strv_canonicalize which will now prepend the prefix, if given, to every path in the list. To avoid answering what a relative path means when called with a root prefix path_strv_canonicalize is now path_strv_canonicalize_absolute and only considers absolute paths. Fortunately all users of already call path_strv_canonicalize with a list of absolute paths.
2014-02-13logind: make sure to terminate systemd user on logoutsDjalal Harouni
Currently if the user logs out, the GC may never call user_stop(), this will not terminate the systemd user and (sd-pam) of that user. To fix this, remove the USER_CLOSING state check that is blocking the GC from calling user_stop(). Since if user_check_gc() returns false this means that all the sessions of the user were removed which will make user_get_state() return USER_CLOSING. Conclusion: that test will never be statisfied. So we remove the USER_CLOSING check and replace it with a check inside user_stop() this way we know that user_stop() has already queued stop jobs, no need to redo. This ensures that the GC will get its two steps correctly as pointed out by Lennart: http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html Note: this also fixes another bug that prevents creating the user private dbus socket which will break communications with the user manager.
2014-02-13nspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in ↵Lennart Poettering
containers The kernel still doesn't support audit in containers, so let's make use of seccomp and simply turn it off entirely. We can get rid of this big as soon as the kernel is fixed again.
2014-02-13nspawn: add new --network-veth switch to add a virtual ethernet link to the hostLennart Poettering
2014-02-13rtnl: support adding VETH_INFO_PEER containers into rtnl messagesLennart Poettering
2014-02-13systemctl: fix exit statuses from is-active/is-failedDave Reisner
This was inadvertantly disturbed in e3e0314b when glob support was added.
2014-02-13everywhere: always use O_CLOEXEC where it makes senseLennart Poettering
2014-02-13everywhere: make use of new0() and macro() macros, and stop using perror()Lennart Poettering
2014-02-13nspawn: check with udev before we take possession of an interfaceLennart Poettering
2014-02-13nspawn: no need to subscribe to netlink messages if we just want to execute ↵Lennart Poettering
one operation
2014-02-13nspawn: --private-network should imply CAP_NET_ADMINLennart Poettering
2014-02-13rtnl: rename constructors from the form sd_rtnl_xxx_yyy_new() to ↵Lennart Poettering
sd_rtnl_xxx_new_yyy() So far we followed the rule to always indicate the "flavour" of constructors after the "_new_" or "_open_" in the function name, so let's keep things in sync here for rtnl and do the same.
2014-02-13rtnl: drop "sd_" prefix from cleanup macrosLennart Poettering
The "sd_" prefix is supposed to be used on exported symbols only, and not in the middle of names. Let's drop it from the cleanup macros hence, to make things simpler. The bus cleanup macros don't carry the "sd_" either, so this brings the APIs a bit nearer.
2014-02-13nspawn: add new --network-interface= switch to move an existing interface ↵Lennart Poettering
into the container
2014-02-13nspawn: introduce --capability=all for retaining all capabilitiesLennart Poettering
2014-02-13seccomp: fix build again if libseccomp is missingLennart Poettering
2014-02-13update TODOLennart Poettering
2014-02-13core: make StopWhenUnneeded work in conjunction with units that failLennart Poettering
during their start job https://bugzilla.redhat.com/show_bug.cgi?id=997031
2014-02-13update TODOLennart Poettering
2014-02-13core: add a system-wide SystemCallArchitectures= settingLennart Poettering
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13networkd: correctly handle manager_free(NULL)Tom Gundersen
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-12core: fix build without libseccompLennart Poettering
2014-02-12core: rework syscall filterLennart Poettering
- Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12syscallfilter: port to libseccompRonny Chevalier
2014-02-12sd-dhcp: make sure client->secs > 0Tom Gundersen
Some DHCP servers will not work correctly if secs == 0, so round up to at least 1.
2014-02-12networkd: work inside containersTom Gundersen
Udev does not run in containers, so instead of relying on it to tell us when a network device is ready to be used by networkd, we simply assume that any device was fully initialized before being added to the container.
2014-02-12update TODO (add section for things to fix before 209)Lennart Poettering
2014-02-12build-sys: make lxml required when generating indicesZbigniew Jędrzejewski-Szmek
Since the manpage indices generated without lxml would be missing some parts, it doesn't make sense to keep lxml optional anymore.
2014-02-12build-sys: add less-variables.xml to EXTRA_DISTZbigniew Jędrzejewski-Szmek
2014-02-12man: use xinclude to de-deduplicate common textZbigniew Jędrzejewski-Szmek
I only tested with python-lxml. I'm not sure if xml.etree should be deprecated.
2014-02-12pager: support SYSTEMD_LESS environment variableJason A. Donenfeld
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less.
2014-02-12nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵Lennart Poettering
of this
2014-02-12test: fix "make check"Lennart Poettering
Let's remove the tests for cg_path_get_machine_name(), since they no longer operate solely on the cgroup path, but actually look up data in /run. Since we have a test for cg_pid_get_machine_name() this shouldn't be too much of a loss.
2014-02-12machinectl: add new "machinectl reboot" callLennart Poettering
2014-02-11logind: ignore PropertiesChanged signals for jobsZbigniew Jędrzejewski-Szmek
Otherwise we get a (harmless) message like: systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument
2014-02-11logind: always kill session when termination is requestedZbigniew Jędrzejewski-Szmek
KillUserProcesses=yes/no should be ignored when termination is explicitly requested.