| Age | Commit message (Collapse) | Author |
|---|
|
* test: check resolved generated resolv.conf in networkd-test
Directly verify the contents of /run/systemd/resolve/resolv.conf instead of
/etc/resolv.conf. The latter might be a plain file or a symlink to something
else (like Debian's resolvconf output), and in these cases we cannot make
strong assumptions about the contents.
Drop the "/etc/resolv.conf is a symlink" conditions and the "resolv.conf can
have at most three nameservers" alternatives, as we know that resolved always
adds all nameservers.
Explicitly start resolved at the start of a test to ensure that it is running.
* test: get along with existing system search domains in resolv.conf
The previous change has uncovered a bug in the tests: Existing search domains
can exist in resolv.conf which test_search_domains{,_too_long} didn't take into account.
As existing domains take some of the "max 6 domains" and "max 255 chars" limit,
don't expect that the last items from our test data actually appears in the
output, just the first few.
|
|
build-sys: Convert libshared into a private shared library
|
|
Make `journalctl --directory=... --boot 0` work
|
|
The loop on bus_match_run should break and return immediately if
bus->match_callbacks_modified is true. Otherwise the loop may access
free'd data.
|
|
fixes https://bugzilla.redhat.com/show_bug.cgi?id=842060
|
|
--boot=0 magically meant "this boot", but when used with --file/--directory it
should simply refer to the last boot found in the specified journal. This way,
--boot and --list-boots are consistent.
Fixes #3603.
|
|
Those are just local variables and ref_boot_offset is especially
obnoxious.
|
|
Before --this-boot was deprecated in a331b5e6d47243, it did not take
any arguments.
|
|
It works mostly fine, and can be quite useful to examine data from another
system.
OTOH, a single boot id doesn't make sense with --merge, so mixing with --merge
is still not allowed.
|
|
“systemctl show” added an extra blank line after the dump of the
EnvironmentFile property of the unit.
|
|
Type=notify has a magic overriding case where a NotifyAccess=none
is turned into a NotifyAccess=main for sanity purposes.
This makes docs more clear about such behavior:
https://github.com/systemd/systemd/blob/2787d83c28b7565ea6f80737170514e5e6186917/src/core/service.c#L650:L651
|
|
With commit 6f7da49d00 route-only domains do not get put into resolv.conf's
"search" list any more. Add a comment about the tri-state, to clarify its
semantics and why we are passing a bool parameter into an int type. Also add a
test case for it.
|
|
|
|
to hide casting of '-1' strings and make code cleaner.
|
|
Fixes:
```
$ systemctl list-unit-files 'hey\*'
0 unit files listed.
$ systemctl list-unit-files | grep hey
hey\x7eho.service static
```
|
|
machinectl: interpret options placed between "shell" verb and machine name
|
|
(#3597)
Let's allow distros to change the support URL to expose in catalog entries by
default. It doesn't make sense to direct end-users to the upstream project for
common errors.
This adds a --with-support-url= switch to configure, which allows overriding
the default at build-time.
Fixes: #2516
|
|
Let's make sure we catch early when a machine doesn't exist that is attempted
to be started or enabled as system service.
|
|
|
|
means (#3571)
My educated guess is that #3561 was filed due to confusion around the
systemd-resolve "Data Authenticated:" output. Let's try to clean up the
confusion a bit, and document what it means in the man page.
|
|
Fstab generator fixes
|
|
|
|
An incorrectly set if/else chain caused aus to apply the access mode of a
symlink to the directory it is located in. Yuck.
Fixes: #3547
|
|
Link as many binaries as possible with it, to save storage space.
Preserve the static libshared and libbasic for use in libraries, nss
modules and udev.
Libraries need to be static in order to avoid polluting the symbol
namespace.
Udev needs to be static so downstream can avoid strict version dependencies
with the systemd package, and this can complicate upgrade scenarios.
|
|
|
|
|
|
We do the same already for the root device, hence follow the scheme for /usr
too.
(Also add some explanatory comments.)
|
|
Let's follow the same logic for all mounts here: log errors, and exit the
process uncleanly ultimately, but do not skip further mounts if we encounter a
problem with an earlier one.
Fixes: #2344
|
|
We really shouldn't make up errors like "-1", but use proper errno definitions.
|
|
We have to check for OOM here, let's add that. There's really no point in
checking for path_is_absolute() on the result however, as there's no particular
reason why that should be refused. Also, we don't have similar checks for the
other mount devices the generator deals with, hence don't bother with it here
either. Let's remove that check.
(And it shouldn't return made-up errors like "-1" in this case anyway.)
|
|
unset
Let's a comment about this, to avoid questions popping up like in #2344.
|
|
|
|
Fix some test issues
|
|
This makes nspawn tests symmetric with run_qemu() which also exits with 1 if
QEMU is not available.
|
|
Commit 3a18b60489504056f9b0b1a139439cbfa60a87e1 introduced a regression that
disabled the color mode for container.
This patch fixes this.
|
|
If run_qemu() exits with non-zero, this either meant that QEMU was not
available (which should be a SKIP) or that QEMU timed out if $QEMU_TIMEOUT was
set (which then should be a FAIL).
Limit the exit code of run_qemu() to QEMU availability only, and track timeouts
separately through the new $TIMED_OUT variable, which is then checked in
check_result_qemu().
Do the same for $NSPAWN_TIMEOUT and run_nspawn() so that nspawn and QEMU work
similarly.
|
|
The result of check_nspawn does not mean much, and this forgot to ask
check_nspawn() whether nspawn can be used at all. This brings
TEST-12-ISSUE-3171 in line with other nspawn tests.
|
|
|
|
Fix TEST-{08,09,10,11} to properly skip the test if QEMU is not available
instead of failing, like in the other tests.
|
|
selinux=1 is not sufficient when running on a kernel which also has another LSM
(such as AppArmor) enabled and defaults to that.
|
|
resolved fixes for handling SERVFAIL errors from servers
|
|
|
|
In some cases, caching DNS results locally is not desirable, a it makes DNS
cache poisoning attacks a tad easier and also allows users on the system to
determine whether or not a particular domain got visited by another user. Thus
provide a new "Cache" resolved.conf option to disable it.
|
|
resolved: more fixes, among them "systemctl-resolve --status" to see DNS configuration in effect, and a local DNS stub listener on 127.0.0.53
|
|
SERVFAIL
Some upstream DNS servers return SERVFAIL if we ask them for DNSSEC RRs, which
some forwarding DNS servers pass on to us as SERVFAIL (other though as
NOERROR...). This is should not be considered a problem, as long as the domain
in question didn't have DNSSEC enabled. Hence: when making use of auxiliary
transactions accept those that return SERVFAIL.
|
|
This way we don't log complaints about packets without SOA in case we are not
caching it anyway because the rcode is not SUCCESS or NXDOMAIN...
|
|
There might be two reasons why we get a SERVFAIL response from our selected DNS
server: because this DNS server itself is bad, or because the DNS server
actually serving the zone upstream is bad. So far we immediately downgraded our
server feature level when getting SERVFAIL, under the assumption that the first
case is the only possible case. However, this meant we'd downgrade immediately
even if we encountered the second case described above.
With this commit handling of SERVFAIL is reworked. As soon as we get a SERVFAIL
on a transaction we retry the transaction with a lower feature level, without
changing the feature level tracked for the DNS server itself. If that fails
too, we downgrade further, and so on. If during this downgrading the SERVFAIL
goes away we assume that the DNS server we are talking to is bad, but the zone
is fine and propagate the detected feature level to the information we track
about the DNS server. Should the SERVFAIL not go away this way we let the
transaction fail and accept the SERVFAIL.
|
|
udevd already limits its number of workers/children: the max number is actually
twice the number of CPUs the system is using.
(The limit can also be raised with udev.children-max= kernel command line
option BTW).
On some servers, this limit can easily exceed the maximum number of tasks that
systemd put on all services, which is 512 by default.
Since udevd has already its limitation logic, simply disable the static
limitation done by TasksMax.
|
|
root=/dev/nfs is a legacy option for the kernel to handle root on NFS.
Documentation for this kernel command line option
can be found in the kernel source tree:
Documentation/filesystems/nfs/nfsroot.txt
|
|
add new RestrictRealtime= option to services (and other fixes)
|
