summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-22nspawn: don't try to resolve passed binary before entering namespaceLennart Poettering
Othewise we might follow the symlinks on the host, instead of the container. Fixes #1400
2015-10-22nspawn: rework how we determine private networking settingsLennart Poettering
Make sure we acquire CAP_NET_ADMIN if we require virtual networking. Make sure we imply virtual ethernet correctly when bridge is request. Fixes: #1511 Fixes: #1554 Fixes: #1590
2015-10-22units: also whitelist "blkext" block devices for nspawn serviceLennart Poettering
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop, hence whitelist this too. Fixes #1446
2015-10-22import: don't claim we moved .nspawn file into place when in fact we did notLennart Poettering
2015-10-22import: correct handling if .nspawn file could not be downloadedLennart Poettering
2015-10-22machinectl: accept "none" and "infinity" as specifier when dropping quotas ↵Lennart Poettering
using "machinectl set-limit" Previously, we already accepted "-" as special value for dropping limits. Add "infinity", as that's what we support for RLIMITs and hence should support here to. Also add "none" as that's what the btrfs tools use.
2015-10-22update TODOLennart Poettering
2015-10-22tmpfiles.d: change all subvolumes to use quotaLennart Poettering
Let's make sure the subvolumes we create fit into a sensible definition of a quota tree.
2015-10-22tmpfiles: introduce "q" and "Q" for creating quota-enabled btrfs subvolumesLennart Poettering
This allows us to set up the quota group hierarchy in a reasonable way on btrfs file systems.
2015-10-22import: when downloading images, create a subtree quota group for themLennart Poettering
2015-10-22btrfs: beef-up btrfs support with a limited understanding of quotaLennart Poettering
With this change we understand more than just leaf quota groups for btrfs file systems. Specifically: - When we create a subvolume we can now optionally add the new subvolume to all qgroups its parent subvolume was member of too. Alternatively it is also possible to insert an intermediary quota group between the parent's qgroups and the subvolume's leaf qgroup, which is useful for a concept of "subtree" qgroups, that contain a subvolume and all its children. - The remove logic for subvolumes has been updated to optionally remove any leaf qgroups or "subtree" qgroups, following the logic above. - The snapshot logic for subvolumes has been updated to replicate the original qgroup setup of the source, if it follows the "subtree" design described above. It will not cover qgroup setups that introduce arbitrary qgroups, especially those orthogonal to the subvolume hierarchy. This also tries to be more graceful when setting up /var/lib/machines as btrfs. For example, if mkfs.btrfs is missing we don't even try to set it up as loopback device. Fixes #1559 Fixes #1129
2015-10-22logind: minor clean-upsLennart Poettering
2015-10-22systemctl: the various list commands actually can take any number of argumentsLennart Poettering
I accidentally broke this a while back when I ported systemctl to the verbs logic. Add support for this back.
2015-10-22util: improve dir_is_empty() callLennart Poettering
Simplify the call, and add dir_is_populated() as inverse call, in order to make some checks easier to read.
2015-10-21Merge pull request #1639 from alkino/masterLennart Poettering
core dbus: Check that flush works with memstream
2015-10-21core dbus: Check that flush works with memstreamNicolas Cornu
2015-10-21Merge pull request #1637 from alkino/masterLennart Poettering
shell-completion: systemd-run: add new property EnvironmentFile
2015-10-21shell-completion: systemd-run: add new property EnvironmentFileNicolas Cornu
2015-10-21Merge pull request #1632 from evverx/fix-namespace-parsingLennart Poettering
core: fix namespace parsing
2015-10-21Merge pull request #1636 from alkino/masterLennart Poettering
Add zsh completion on systemd-run's properties
2015-10-21Add zsh completion on systemd-run's propertiesNicolas Cornu
2015-10-21core: fix namespace parsingEvgeny Vereshchagin
ReadOnlyDirectories=-/ works fine
2015-10-21Merge pull request #1623 from evverx/run-rw-ro-ia-dirsLennart Poettering
systemd-run can launch units with ReadWriteDirectories, ReadOnlyDirectories, InaccessibleDirectories
2015-10-21Merge pull request #1626 from teg/networkdLennart Poettering
networkd: assorted fixes
2015-10-21networkd: manager/link - only serialize once per event-loop iterationTom Gundersen
Every time the state is written out we may trigger third-party apps, so let's be a bit more careful about writing this out unnecessarily.
2015-10-21networkd: link - serialize addressesTom Gundersen
2015-10-21networkd: route - add hash_opsTom Gundersen
2015-10-21networkd: route - simplify route_new()Tom Gundersen
2015-10-21networkd: address - distinguish between addresses added by us and by othersTom Gundersen
We only keep the addresses that we added ourselves in link->addresses, and introduce a new set link->addresses_foreign to keep addresses of unknown origin. Only functional change is that "foreign" addresses no longer prevent a link from entering "configured" state.
2015-10-21networkd: address - rework firewall rules lifetimeTom Gundersen
Establish the firewall rule before creating the address, and do not create the address if the firewall rule could not be created. Also, only drop the firewall rule once the address has been removed from the kernel.
2015-10-21networkd: address - merge _change() into _configure()Tom Gundersen
These functions are almost entirely the same, so avoid duplication.
2015-10-21networkd: address - factor out address_update()Tom Gundersen
Call back into link_check_ready() whenever an address state change may have made a link ready.
2015-10-21networkd: link - only consider configured when all addresses are readyTom Gundersen
We were considering a link configured whilst its IPv6 addresses were still tentative. Fixes issue #650.
2015-10-20shell-completion: systemd-run: add new propertiesEvgeny Vereshchagin
"ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories"
2015-10-20run: can launch units with ReadWriteDirectories, ReadOnlyDirectories, ↵Evgeny Vereshchagin
InaccessibleDirectories
2015-10-20Merge pull request #1622 from phomes/unused-variableRonny Chevalier
dbus-execute: remove unused variable
2015-10-20dbus-execute: remove unused variableThomas Hindoe Paaboel Andersen
from ceb728cf
2015-10-20Merge pull request #1616 from evverx/run-fix-environment-parsingLennart Poettering
run: fix Environment parsing
2015-10-20Merge pull request #1538 from ssahani/ipv62Tom Gundersen
networkd: add support to configure IPv6 DAD
2015-10-20run: fix Environment parsingEvgeny Vereshchagin
* `Environment=` resets previous assignments * `Environment='a=1 b=2'` sets `a` to `1` and `b` to `2` * `Environment='"a=1 2" b=2"'` sets `a` to `1 2` and `b` to `2`
2015-10-20Merge pull request #1619 from iaguis/nspawn-sysfs-netns-3Lennart Poettering
nspawn: skip /sys-as-tmpfs if we don't use private-network
2015-10-20Merge pull request #1568 from poettering/netclassDaniel Mack
various fixes, for various things
2015-10-20nspawn: skip /sys-as-tmpfs if we don't use private-networkIago López Galeiras
Since v3.11/7dc5dbc ("sysfs: Restrict mounting sysfs"), the kernel doesn't allow mounting sysfs if you don't have CAP_SYS_ADMIN rights over the network namespace. So the mounting /sys as a tmpfs code introduced in d8fc6a000fe21b0c1ba27fbfed8b42d00b349a4b doesn't work with user namespaces if we don't use private-net. The reason is that we mount sysfs inside the container and we're in the network namespace of the host but we don't have CAP_SYS_ADMIN over that namespace. To fix that, we mount /sys as a sysfs (instead of tmpfs) if we don't use private network and ignore the /sys-as-a-tmpfs code if we find that /sys is already mounted as sysfs. Fixes #1555
2015-10-19dbus-execute: some cleanups when parsing EnvironmentFiles= for transient unitsLennart Poettering
2015-10-19strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_Zbigniew Jędrzejewski-Szmek
2015-10-19tree-wide: whenever we deal with passwords, erase them from memory after useLennart Poettering
A bit snake-oilish, but can't hurt.
2015-10-19core: actually set pids_max field after parsing itLennart Poettering
Fixes one of the issues pointed out in #1522.
2015-10-19journald: make sure r is always initializedLennart Poettering
2015-10-19journal: fix bad memory freeingLennart Poettering
2015-10-19tree-wide: add more void casts for various syscall invocationsLennart Poettering