summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-22Merge pull request #4692 from poettering/networkd-dhcpZbigniew Jędrzejewski-Szmek
Various networkd/DHCP fixes.
2016-11-22Document an edge-case with resume and mounting (#4581)Janne Heß
When trying to read keyfiles from an encrypted partition to unlock the swap, a cyclic dependency is generated because systemd can not mount the filesystem before it has checked if there is a swap to resume from. Closes #3940
2016-11-22Merge pull request #4693 from poettering/nspawn-ephemeralZbigniew Jędrzejewski-Szmek
nspawn: support ephemeral boots from images
2016-11-22nspawn: don't require chown() if userns is not onLennart Poettering
Fixes: #4711
2016-11-22nspawn: add fallback top normal copy/reflink when we cannot btrfs snapshotLennart Poettering
Given that other file systems (notably: xfs) support reflinks these days, let's extend the file system snapshotting logic to fall back to plan copies or reflinks when full btrfs subvolume snapshots are not available. This essentially makes "systemd-nspawn --ephemeral" and "systemd-nspawn --template=" available on non-btrfs subvolumes. Of course, both operations will still be slower on non-btrfs than on btrfs (simply because reflinking each file individually in a directory tree is still slower than doing this in one step for a whole subvolume), but it's probably good enough for many cases, and we should provide the users with the tools, they have to figure out what's good for them. Note that "machinectl clone" already had a fallback like this in place, this patch generalizes this, and adds similar support to our other cases.
2016-11-22nspawn: remove temporary root directory on exitLennart Poettering
When mountint a loopback image, we need a temporary root directory we can mount stuff to. Make sure to actually remove it when exiting, so that we don't leave stuff around in /tmp unnecessarily. See: #4664
2016-11-22nspawn: try to wait for the container PID 1 to exit, before we exitLennart Poettering
Let's make the shutdown logic synchronous, so that there's a better chance to detach the loopback device after use.
2016-11-22nspawn: add ability to run nspawn without container locks appliedLennart Poettering
This adds a new undocumented env var $SYSTEMD_NSPAWN_LOCK. When set to "0", nspawn will not attempt to lock the image. Fixes: #4037
2016-11-22shared: make sure image_path_lock() return parameters are always initialized ↵Lennart Poettering
on success We forgot to initialize the "global" return parameter in one case. Fix that.
2016-11-22nspawn: support ephemeral boots from imagesLennart Poettering
Previously --ephemeral was only supported with container trees in btrfs subvolumes (i.e. in combination with --directory=). This adds support for --ephemeral in conjunction with disk images (i.e. --image=) too. As side effect this fixes that --ephemeral was accepted but ignored when using -M on a container that turned out to be an image. Fixes: #4664
2016-11-21seccomp: add @filesystem syscall group (#4537)Lennart Poettering
@filesystem groups various file system operations, such as opening files and directories for read/write and stat()ing them, plus renaming, deleting, symlinking, hardlinking.
2016-11-21sd-event: fix sd_event_source_get_priority() (#4712)Martin Ejdestig
To properly store priority in passed in pointer and return 0 for success. Also add a test for verifying that it works correctly.
2016-11-21sd-dhcp-client: use free_and_strdupZbigniew Jędrzejewski-Szmek
This changes the return value a bit: 1 will be returned if the value is changed. But the return value was not documented, and the change should be for the good anyway. Current callers don't care.
2016-11-21man: make /etc/nsswitch.conf documentation for nss-resolve match exampleLennart Poettering
Fixes: #4683
2016-11-21dhcp4: filter bogus DNS/NTP server addresses silentlyLennart Poettering
if we receive a bogus lease with a DNS/NTP server within local scope let's politely ignore. Fixes: #4524
2016-11-21networkd: do not automatically propagate bogus DNS/NTP serversLennart Poettering
Never propagate DNS/NTP servers on the local link via the DHCP server. The DNS/NTP servers 0.0.0.0 and 127.0.0.1 only make sense in the local context, hence never propagate them automatically to other hosts. Fixes: #4524
2016-11-21networkd: rename link_push_dns_to_dhcp_server() → ↵Lennart Poettering
link_push_uplink_dns_to_dhcp_server() Let's clarify that this is only relevant for pushing uplink DNS config data, not in any other context. (Same for NTP)
2016-11-21networkd: store DNS servers configured per-network as parsed addressesLennart Poettering
DNS servers must be specified as IP addresses, hence let's store them as that internally, so that they are guaranteed to be fully normalized always, and invalid data cannot be stored.
2016-11-21networkd: minor word extraction fixesLennart Poettering
Let's make the loops around extract_first_word() be more alike.
2016-11-21networkd: reorder fields in Network struct a bitLennart Poettering
Let's reorder them a bit, so that stuff that belongs together semantically is placed together (in particular, move the various DHCP "use" booleans together).
2016-11-21networkd: validate NTP server strings configured in .network filesLennart Poettering
Let's be a bit stricter, and make sure users only configure proper DNS names or IP addresses, but not any other strings.
2016-11-21shared: add new API to validate a string as hostname or IP addressLennart Poettering
2016-11-21basic: make sure in_addr_from_string() can take NULL argumentsLennart Poettering
This way, we can use it for validating IP address strings.
2016-11-21basic: add explicit ipv4-specific in_addr classification callsLennart Poettering
This adds in4_addr_is_localhost() and in4_addr_is_link_local() that only take an IPv4 "struct in_addr", to match in_addr_is_localhost() and in_addr_is_link_local() that that a "union in_addr_union". This matches the existing in4_addr_is_null() call that already exists. For IPv6 glibc already exports a set of macros, hence we don't add similar functions in6_addr_is_localhost(). We also drop in6_addr_is_null() as IN6_IS_ADDR_UNSPECIFIED() already provides that.
2016-11-21networkd: rework how we set the hostname on the dhcp4 clientLennart Poettering
Let's split out the code into its own little function and let's use gethostname_strict() which already filters out localhost for us.
2016-11-21sd-dhcp: permit unsetting the hostname againLennart Poettering
Let's handle NULL hostnames (for unsetting it) before we validate the name.
2016-11-21Merge pull request #4701 from martinpitt/networkd-polkitLennart Poettering
hostnamed: allow networkd to set the transient hostname
2016-11-21tests: check transient hostname with and without static hostnameMartin Pitt
We expect a static hostname to win over a transient one, so test both cases.
2016-11-20Merge pull request #4691 from keszybz/test-suite-fixesEvgeny Vereshchagin
Test suite fixes
2016-11-20hostnamed: allow networkd to set the transient hostnameMartin Pitt
systemd-networkd runs as user "systemd-network" and thus is not privileged to set the transient hostname: systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required. Standard polkit *.policy files do not have a syntax for granting privileges to a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules file (for polkit >= 106) that grants the "systemd-network" system user that privilege. Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to cover this. Make do_test() a bit more flexible by interpreting "coldplug==None" as "test sets up the interface by itself". Change DnsmasqClientTest to set up test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a special host name for that. Fixes #4646
2016-11-20test: clean up "dummy0" interface after each test case in networkd-test.pyMartin Pitt
2016-11-19test-functions: also add qemu define for ppc64Zbigniew Jędrzejewski-Szmek
2016-11-19hwdb: keyboard: Ignore brightness hotkey presses on MSI VR420 (model ↵Hans de Goede
MS-1422) (#4696) Add MSI VR420 (model MS-1422) to the list of MSI models which need to ignore brightness hotkey presses, as these are already reported through the acpi-video interface. Bug-link: https://bugzilla.redhat.com/show_bug.cgi?id=1270124 Reported-by: David Dreggors <dadreggors@gmail.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-11-18Merge pull request #4395 from s-urbaniak/rw-supportLennart Poettering
nspawn: R/W support for /sysfs, /proc, and /proc/sys/net
2016-11-18Merge pull request #4538 from fbuihuu/confirm-spawn-fixesLennart Poettering
Confirm spawn fixes/enhancements
2016-11-18tests/TEST-13-NSPAWN-SMOKE: add SYSTEMD_NSPAWN_API_VFS_WRITABLEEvgeny Vereshchagin
https://github.com/systemd/systemd/pull/4395
2016-11-18nspawn: R/W support for /sys, and /proc/sysSergiusz Urbaniak
This commit adds the possibility to leave /sys, and /proc/sys read-write. It introduces a new (undocumented) env var SYSTEMD_NSPAWN_API_VFS_WRITABLE to enable this feature. If set to "yes", /sys, and /proc/sys will be read-write. If set to "no", /sys, and /proc/sys will be read-only. If set to "network" /proc/sys/net will be read-write. This is useful in use-cases, where systemd-nspawn is used in an external network namespace. This adds the possibility to start privileged containers which need more control over settings in the /proc, and /sys filesystem. This is also a follow-up on the discussion from https://github.com/systemd/systemd/pull/4018#r76971862 where an introduction of a simple env var to enable R/W support for those directories was already discussed.
2016-11-17test-ipcrm: skip test if nfsnobody is missingZbigniew Jędrzejewski-Szmek
2016-11-17basic/process-util: we need to take the shorter of two stringsZbigniew Jędrzejewski-Szmek
==30496== Conditional jump or move depends on uninitialised value(s) ==30496== at 0x489F654: memcmp (vg_replace_strmem.c:1091) ==30496== by 0x49BF203: getenv_for_pid (process-util.c:678) ==30496== by 0x4993ACB: detect_container (virt.c:442) ==30496== by 0x182DFF: test_get_process_comm (test-process-util.c:98) ==30496== by 0x185847: main (test-process-util.c:368) ==30496==
2016-11-17test-process-util: bind mount fails under selinux, skip testZbigniew Jędrzejewski-Szmek
2016-11-17Merge pull request #4671 from poettering/namespace-bindZbigniew Jędrzejewski-Szmek
rework service namespace handling a bit
2016-11-17basic/env-uil: fix assertion failure in strv_env_replace (#4688)Zbigniew Jędrzejewski-Szmek
free_and_replace sets the setcond argument to NULL (it's designed to be used with _clenaup_ macros), and we don't want that here. Fixes #4684.
2016-11-17core: in confirm spawn, suggest 'f' when user selects 'n' choiceFranck Bui
2016-11-17core: confirm_spawn: always accept units with same_pgrp set for nowFranck Bui
For some reasons units remaining in the same process group as PID 1 (same_pgrp=true) fail to acquire the console even if it's not taken by anyone. So always accept for units with same_pgrp set for now.
2016-11-17core: include the unit name when notifying that a confirmation question ↵Franck Bui
timed out
2016-11-17core: add 'c' in confirmation_spawn to resume the boot processFranck Bui
2016-11-17core: add 'j' in confirmation_spawn to list the jobs that are in progressFranck Bui
2016-11-17core: add 'D' in confirmat spawn to show a full dump of the unit to spawnFranck Bui
2016-11-17core: add 'i' in confirm spawn to give a short summary of the unit to spawnFranck Bui
2016-11-17core: rework the confirmation spawn promptFranck Bui
Previously it was "[Yes, Fail, Skip]" which is pretty misleading because it suggests that the whole word needs to be entered instead of a single char. Also this won't fit well when we'll extend the number of choices. This patch addresses this by changing the choice hint with "[y, f, s – h for help]" so it's now clear that a single letter has to be entered. It also introduces a new choice 'h' which describes all possible choices since a single letter can be not descriptive enough for new users. It also allow to stick with the same hint string regardless of how many choices we will support.