summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-07-07firstboot: change /etc/shadow access mode to 000Lennart Poettering
It appears to be customary to remove all access bits from /etc/shadow including those for the root owner), hence let's do the same.
2014-07-07dhcp-network: make clear that we are ANDing Fragment offset field with maskMichal Sekletar
Reading BPF assembly written as C macros is inherently difficult. Don't make it harder than necessary and provide clearer explanation in the comment.
2014-07-07dhcp-network: ignore IP packets with More Fragments (MF) flag setMichal Sekletar
We already ignore IP fragments, because we expect that Fragment offset (FO) field is not set. However first fragment in a fragmented IP flow will have all zeroes in FO field. We should ignore such packet as well, thus we need to look at MF flag in the IP header. Checking MF flag will filter out all except last packet in fragmented flows. Last one will be ruled out by next check for value of FO.
2014-07-07firstboot: add new component to query basic system settings on first boot, ↵Lennart Poettering
or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not.
2014-07-07architecture: add string table entries for mips-le archs which were missingLennart Poettering
2014-07-07man: chroot jails are no longer detected by ConditionVirtualization=Lennart Poettering
2014-07-07man: add missing archs to ConditionArchitecture= descriptionLennart Poettering
2014-07-07fileio: simplify write_env_file()Lennart Poettering
2014-07-07util: don't consider tabs special in string_has_cc() anymoreLennart Poettering
Instead, take a list of exceptions to our usual CC check
2014-07-07shared: make timezone and locale enumeration and validation genericLennart Poettering
This way we can reuse it other code thatn just localectl/localed + timedatectl/timedated.
2014-07-07update TODOLennart Poettering
2014-07-07main: explain our /etc empty check a bit in a commentLennart Poettering
2014-07-07util: consider 0x7F a control chracter (which it is: DEL)Lennart Poettering
Let's better be safe than sorry.
2014-07-07udev: link_config - ignore errors due to missing MAC addressTom Gundersen
Otherwis, we get misleading error messages on links with MACs. Reported by Leonid Isaev.
2014-07-07vconsole-setup: fix inverted error messagesZbigniew Jędrzejewski-Szmek
Introduced in abee28c56d. Pointed-out-by: Werner Fink <werner@suse.de>
2014-07-07man: network - document Peer keyTom Gundersen
2014-07-07networkd: netdev - add missing refsTom Gundersen
Without this, the underlying device would get freed (and hence fail).
2014-07-07networkd: add support for peer addressSusant Sahani
This patch adds peer address support for networkd . In the [Address] a new configurable param is Peer. [Match] Name=ipip-tun [Address] Address=10.0.0.1/32 Peer=10.0.0.2/32
2014-07-07dhcp-network: add check for DHCP.chaddrMichal Sekletar
Check that received DHCP packets actually include our MAC address in chaddr field. BPF interpreter has 32 bit wide registers but MAC address is 48 bits long so we have to do check in two steps.
2014-07-06coredumpctl: show a useful error on permission problemsZbigniew Jędrzejewski-Szmek
2014-07-06compress: add benchmark-style testZbigniew Jędrzejewski-Szmek
This is useful to test the behaviour of the compressor for various buffer sizes. Time is limited to a minute per compression, since otherwise, when LZ4 takes more than a second which is necessary to reduce the noise, XZ takes more than 10 minutes. % build/test-compress-benchmark (without time limit) XZ: compressed & decompressed 2535300963 bytes in 794.57s (3.04MiB/s), mean compresion 99.95%, skipped 3570 bytes LZ4: compressed & decompressed 2535303543 bytes in 1.56s (1550.07MiB/s), mean compresion 99.60%, skipped 990 bytes % build/test-compress-benchmark (with time limit) XZ: compressed & decompressed 174321481 bytes in 60.02s (2.77MiB/s), mean compresion 99.76%, skipped 3570 bytes LZ4: compressed & decompressed 2535303543 bytes in 1.63s (1480.83MiB/s), mean compresion 99.60%, skipped 990 bytes It appears that there's a bug in lzma_end where it leaks 32 bytes.
2014-07-06journal: add LZ4 as optional compressorZbigniew Jędrzejewski-Szmek
Add liblz4 as an optional dependency when requested with --enable-lz4, and use it in preference to liblzma for journal blob and coredump compression. To retain backwards compatibility, XZ is used to decompress old blobs. Things will function correctly only with lz4-119. Based on the benchmarks found on the web, lz4 seems to be the best choice for "quick" compressors atm. For pkg-config status, see http://code.google.com/p/lz4/issues/detail?id=135.
2014-07-06journal/compress: return early in uncompress_startswithZbigniew Jędrzejewski-Szmek
uncompress_startswith would always decode the whole stream, even if it did not start with the given prefix. Reallocation policy was also strange.
2014-07-06vconsole-setup: run setfont before loadkeysZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=80685
2014-07-06sysusers: fix uninitialized warningRonny Chevalier
2014-07-06machine: don't return uninitialized variableTom Gundersen
Repotred by Ronny Chevalier
2014-07-04man: document nspawn's new --volatile switchLennart Poettering
2014-07-04networkd: accept section DHCP in systemd.network filesSteven Noonan
2014-07-04networkd: don't clear dhcpv6 lease timers if there's no previous leaseSteven Noonan
If client->lease is NULL, dhcp6_lease_clear_timers will cause a segmentation fault.
2014-07-04nspawn: add new --volatile switch for booting containers in volatile ↵Lennart Poettering
(ephemeral) mode Two modes are supported: --volatile=yes mounts only /usr into the container, and a tmpfs as root directory. --volatile=state mounts the full OS tree in, but overmounts /var with a tmpfs. --volatile=yes hence boots with an unpopulated /etc and /var, starting with pristine configuration and state. --volatile=state hence boots with an unpopulated /var, only starting with pristine state.
2014-07-04main: change check whether /etc is unpopulated to look for /etc/machine-idLennart Poettering
Previously, we checked whether /etc was completely empty. This makes it difficult though for container managers such as nspawn to install a small number of files (such as /etc/timezone), and have the system otherwise populate its own tree. Hence, change this by looking for /etc/machine-id, which should be a good sign whether /etc is populated or not.
2014-07-04units: conditionalize configfs and debugfs with CAP_SYS_RAWIOLennart Poettering
We really don't want these in containers as they provide a too lowlevel look on the system. Conditionalize them with CAP_SYS_RAWIO since that's required to access /proc/kcore, /dev/kmem and similar, which feel similar in style. Also, npsawn containers lack that capability.
2014-07-04units: conditionalize static device node logic on CAP_SYS_MODULES instead of ↵Lennart Poettering
CAP_MKNOD npsawn containers generally have CAP_MKNOD, since this is required to make PrviateDevices= work. Thus, it's not useful anymore to conditionalize the kmod static device node units. Use CAP_SYS_MODULES instead which is not available for nspawn containers. However, the static device node logic is only done for being able to autoload modules with it, and if we can't do that there's no point in doing it.
2014-07-04man: netdev - mention tun and tapTom Gundersen
Reported by Moviuro <moviuro@gmail.com>
2014-07-03networkd: properly track addresses when first addedTom Gundersen
When doing a NEWADDR, the reply we get back is the NEWADDR itself, rather than just an empty ack (unlike how NEWLINK works). For this reason, the process that did the NEWADDR does not get the broadcast message. We were only listening for broadcast messages, and hence not tracking the addresses we added ourselves. This went unnoticed as the kernel will usually send NEWADDR messages from time to time anyway, so things would mostly work, but in the worst case we would not notice that a routable address was available and consider ourselves offline.
2014-07-03networkd: link - improve link tracking loggingTom Gundersen
2014-07-03architecture: remove "cris" from uname listLennart Poettering
the only correct name appears to be "crisv32"... http://lists.freedesktop.org/archives/systemd-devel/2014-July/020899.html
2014-07-03sd-path: add missing headerUmut Tezduyar Lindskog
2014-07-03man: add link to Open Group Base SpecificationsZbigniew Jędrzejewski-Szmek
2014-07-03build-sys: bump package and library versionssystemd/v215Lennart Poettering
2014-07-03NEWS: prepare for releaseLennart Poettering
2014-07-03man: document that systemctl's -H may now be used to connect directly to a ↵Lennart Poettering
container on a remote host
2014-07-03machine: properly distuingish created and registered machinesLennart Poettering
2014-07-03update TODOLennart Poettering
2014-07-03sysusers: add new line type "m" to add users as members to groupsLennart Poettering
2014-07-03update TODOLennart Poettering
2014-07-03machinectl: show /etc/os-release information of container in status outputLennart Poettering
2014-07-03hwdb: updateKay Sievers
2014-07-03namespace: make sure /tmp, /var/tmp and /dev are writable in namespaces we ↵Lennart Poettering
set up
2014-07-03namespace: fix uninitialized memory accessLennart Poettering