summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-02-20environment-generator: new generator to peruse environment.dZbigniew Jędrzejewski-Szmek
Why the strange name: the prefix is necessary to follow our own advice that environment generators should have numerical prefixes. I also put -d- in the name because otherwise the name was very easy to mistake with systemd.environment-generator. This additional letter clarifies that this on special generator that supports environment.d files.
2017-02-20basic: add new merge_env_file functionRay Strode
merge_env_file is a new function, that's like load_env_file, but takes a pre-existing environment as an input argument. New environment entries are merged. Variable expansion is performed. Falling back to the process environment is supported (when a flag is set). Alternatively this could be implemented as passing an additional fallback environment array, but later on we're adding another flag to allow braceless expansion, and the two flags can be combined in one arg, so there's less stuff to pass around.
2017-02-20basic: drop unnecessary strempty() call in replace_envRay Strode
strempty() converts a NULL value to empty string, so that it can be passed on to functions that don't support NULL. replace_env calls strempty before passing its value on to strappend. strappend supports NULL just fine, though, so this commit drops the strempty call.
2017-02-20basic: fix strv_env_get_n for unclean arraysRay Strode
If an environment array has duplicates, strv_env_get_n returns the results for the first match. This is wrong, because later entries in the environment are supposed to replace earlier entries.
2017-02-20man: add systemd.environment-generator(7) with two examplesZbigniew Jędrzejewski-Szmek
v2: - add example files to EXTRA_DIST v3: - rework for the new scheme where nothing is written to disk v4: - use separate dirs for system and user env generators
2017-02-20manager: run environment generatorsZbigniew Jędrzejewski-Szmek
Environment file generators are a lot like unit file generators, but not exactly: 1. environment file generators are run for each manager instance, and their output is (or at least can be) individualized. The generators themselves are system-wide, the same for all users. 2. environment file generators are run sequentially, in priority order. Thus, the lifetime of those files is tied to lifecycle of the manager instance. Because generators are run sequentially, later generators can use or modify the output of earlier generators. Each generator is run with no arguments, and the whole state is stored in the environment variables. The generator can echo a set of variable assignments to standard output: VAR_A=something VAR_B=something else This output is parsed, and the next and subsequent generators run with those updated variables in the environment. After the last generator is done, the environment that the manager itself exports is updated. Each generator must return 0, otherwise the output is ignored. The generators in */user-env-generator are for the user session managers, including root, and the ones in */system-env-generator are for pid1.
2017-02-20exec-util: implement a set of callbacks to pass variables aroundZbigniew Jędrzejewski-Szmek
Only tests are added, otherwise the new code is unused.
2017-02-20basic/env-util: drop _pure_ from static functionZbigniew Jędrzejewski-Szmek
2017-02-20env-util,fileio: immediately replace variables in load_env_file_push()Zbigniew Jędrzejewski-Szmek
strv_env_replace was calling env_match(), which in effect allowed multiple values for the same key to be inserted into the environment block. That's pointless, because APIs to access variables only return a single value (the latest entry), so it's better to keep the block clean, i.e. with just a single entry for each key. Add a new helper function that simply tests if the part before '=' is equal in two strings and use that in strv_env_replace. In load_env_file_push, use strv_env_replace to immediately replace the previous assignment with a matching name. Afaict, none of the callers are materially affected by this change, but it seems like some pointless work was being done, if the same value was set multiple times. We'd go through parsing and assigning the value for each entry. With this change, we handle just the last one.
2017-02-20basic/fileio: add helper function for a set of two common checksZbigniew Jędrzejewski-Szmek
2017-02-20core/manager: move environment serialization out to basic/env-util.cZbigniew Jędrzejewski-Szmek
This protocol is generally useful, we might just as well reuse it for the env. generators. The implementation is changed a bit: instead of making a new strv and freeing the old one, just mutate the original. This is much faster with larger arrays, while in fact atomicity is preserved, since we only either insert the new entry or not, without being in inconsistent state. v2: - fix confusion with return value
2017-02-20core/manager: fix grammar in commentZbigniew Jędrzejewski-Szmek
2017-02-20basic/exec-util: add support for synchronous (ordered) executionZbigniew Jędrzejewski-Szmek
The output of processes can be gathered, and passed back to the callee. (This commit just implements the basic functionality and tests.) After the preparation in previous commits, the change in functionality is relatively simple. For coding convenience, alarm is prepared *before* any children are executed, and not before. This shouldn't matter usually, since just forking of the children should be pretty quick. One could also argue that this is more correct, because we will also catch the case when (for whatever reason), forking itself is slow. Three callback functions and three levels of serialization are used: - from individual generator processes to the generator forker - from the forker back to the main process - deserialization in the main process v2: - replace an structure with an indexed array of callbacks
2017-02-20core/manager: split out creation of serialization fd out to a helperZbigniew Jędrzejewski-Szmek
There is a slight change in behaviour: the user manager for root will create a temporary file in /run/systemd, not /tmp. I don't think this matters, but simplifies implementation.
2017-02-11basic/strv: allow NULLs to be inserted into strvZbigniew Jędrzejewski-Szmek
All callers of this function insert non-empty strings, so there's no functional change.
2017-02-11manager: fix handling of failure in initializationZbigniew Jędrzejewski-Szmek
We would warn and continue after failure in manager_startup, but there's no way we can continue. We must fail.
2017-02-11basic/def: indentationZbigniew Jędrzejewski-Szmek
2017-02-11basic/exec-util: use conf_files_list_strv to list executablesZbigniew Jędrzejewski-Szmek
Essentially the same logic as in conf_files_list() was independently implemented in do_execute(). With previous commit, do_execute() can just call conf_files_list() to get a list of executable paths.
2017-02-11basic/conf-files: extend conf_files_list() to list unsuffixed filesZbigniew Jędrzejewski-Szmek
5dd11ab5f36ce71138005 did a similar change for conf_files_list_strv(). Here we do the same for conf_files_list() and conf_files_list_nulstr(). No change for existing users. Tests are added.
2017-02-11basic/exec-util: split out actual execution to a different functionZbigniew Jędrzejewski-Szmek
This corrects an error in error handling: if execution fails, we should never use return, but immediately _exit().
2017-02-11basic/util: move execute_directory() to separate fileZbigniew Jędrzejewski-Szmek
It's a fairly specialized function. Let's make new files for it and the tests.
2017-02-09core: make sure to destroy all name watching bus slots when we are kicked ↵Lennart Poettering
off the bus (#5294) Fixes: #4528
2017-02-09tests: show journal on systemd-resolved.service failures (#5297)Martin Pitt
In networkd-test.py, show resolved's journal on failure, to debug issues like https://github.com/systemd/systemd/pull/5283.
2017-02-09seccomp: add forgotten munmap() syscall to @file-system (#5291)Lennart Poettering
We added mmap() and mmap2(), but forgot munmap(). Fix that. Pointed out by @lucaswerkmeister: https://github.com/systemd/systemd/pull/4537#issuecomment-273275298
2017-02-09Merge pull request #5293 from poettering/seccomp-docsZbigniew Jędrzejewski-Szmek
Two doc fixes
2017-02-10Merge pull request #5295 from poettering/shutup-canonicalizeEvgeny Vereshchagin
Shut up canonicalize debug log messages
2017-02-09dropin: always initialize return parameters on successLennart Poettering
Just as a matter of coding style: whenever we return successfully, let's make sure all our return parameters are properly initialized to something.
2017-02-09dropin: let's reduce duplicate a bitLennart Poettering
After generating the template name we can shortcut things and just call unit_file_find_dirs() from inside itself, just with the new name and save a good number of duplicate lines.
2017-02-09dropin: let's prefer strjoina() over strjoin()Lennart Poettering
2017-02-09dropin: downgrade logging about paths we cannot canonicalizeLennart Poettering
After all, most units won't have drop-in dirs, hence there's no point in logging about that. Fixes: #5252
2017-02-09man: update pam_systemd and systemd-logind man pages a bitLennart Poettering
This builds on @utezduyar's #4640, but extends on it. Fixes: #4550 Replaces: #4640
2017-02-09man: improve documentation on seccomp regarding alternative ABIsLennart Poettering
Let's clarify that RestrictAddressFamilies= and MemoryDenyWriteExecute= are only fully effective if non-native system call architectures are disabled, since they otherwise may be used to circumvent the filters, as the filters aren't equally effective on all ABIs. Fixes: #5277
2017-02-09Introduce '## ' as internal comment prefix in .in files and filter out a ↵Zbigniew Jędrzejewski-Szmek
comment (#5289) Sometimes we have comments which don't make sense outside of the systemd codebase, so let's filter them out from the user-visible files. Fixes #5286.
2017-02-09Merge pull request #5287 from poettering/exit-codesZbigniew Jędrzejewski-Szmek
rework WorkingDirectory= and RootDirectory= management for services
2017-02-09Merge pull request #5255 from poettering/percent-escapeZbigniew Jędrzejewski-Szmek
fstab-generator: Options= applies specifier expansion
2017-02-09execute: set the right exit status for CHDIR vs. CHROOTLennart Poettering
Fixes: #5125
2017-02-09execute: use prefix_roota() where appropriateLennart Poettering
2017-02-09execute: set working directory to /root if User= is not set, but ↵Lennart Poettering
WorkingDirectory=~ is Or actually, try to to do the right thing depending on what is available: - If we know $HOME from User=, then use that. - If the UID for the service is 0, hardcode that WorkingDirectory=~ means WorkingDirectory=/root - In any other case (which will be the unprivileged --user case), use get_home_dir() to find the $HOME of the user we are running as. - Otherwise fail. Fixes: #5246 #5124
2017-02-09Revert "core/execute: set HOME, USER also for root users"Lennart Poettering
This reverts commit 8b89628a10af3863bfc97872912e9da4076a5929. This broke #5246
2017-02-09networkd: add multicast membership to lldp socket (#5282)27o
2017-02-09dhcp-server: always save the ACKed lease address (#5281)27o
2017-02-09Merge pull request #5279 from keszybz/man-revertsMartin Pitt
A revert and some other tweaks for the man pages
2017-02-08Merge pull request #4962 from poettering/root-directory-2Zbigniew Jędrzejewski-Szmek
Add new MountAPIVFS= boolean unit file setting + RootImage=
2017-02-08man: add more commas for clarify and reword a few sentencesZbigniew Jędrzejewski-Szmek
2017-02-08man: revert documentation about RequiresMountsFor= honoring noautoZbigniew Jędrzejewski-Szmek
This effectively reverts commit 5d2abc04fc95f5c5f6d0eaf2f: Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Date: Wed Apr 16 22:15:42 2014 -0400 man: document relationship between RequiresMountsFor and noauto https://bugzilla.redhat.com/show_bug.cgi?id=1088057 Fixes #5249.
2017-02-08man: break long lines and update Fedora versionsZbigniew Jędrzejewski-Szmek
We should try to keep the unbreakable lines below 80 columns. It's not always possible of course. Also, use the dl.fp.o alias instead of a specific mirror.
2017-02-09Merge pull request #5270 from poettering/seccomp-namespace-fixEvgeny Vereshchagin
swap seccomp filter params on s390
2017-02-09man: fix docs for swap's DefaultDependencies= (#5278)David Glasser
There was a missing dependency and one with the wrong type. Additionally, refer to DefaultDependencies= once instead of twice, without a vague reference in the first one that doesn't mention that the value matters. Fixes #5226.
2017-02-08update TODOLennart Poettering
2017-02-08seccomp: on s390 the clone() parameters are reversedLennart Poettering
Add a bit of code that tries to get the right parameter order in place for some of the better known architectures, and skips restrict_namespaces for other archs. This also bypasses the test on archs where we don't know the right order. In this case I didn't bother with testing the case where no filter is applied, since that is hopefully just an issue for now, as there's nothing stopping us from supporting more archs, we just need to know which order is right. Fixes: #5241