summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-12test-process-util: rework the test function to take pid as argumentZbigniew Jędrzejewski-Szmek
This fixes a bunch of copy&paste errors in the output.
2016-06-12util-lib: drop trailing non-printable characters from cmdline (#3512)Max Prokhorov
If max_length is equal or greater than cmdline length all trailing non-printable characters are dropped. If max_length is 0 it should do the same. This should also fix cmdline truncation if the last character is not '\0'. Fixes #3469.
2016-06-12hwdb: change the Logitech MX500 to 1100 dpi (#3517)Peter Hutterer
https://bugs.freedesktop.org/show_bug.cgi?id=96225 and specifically the tech specs here: http://support.logitech.com/en_us/product/corded-mouse-m500
2016-06-12Merge pull request #3502 from poettering/resolved-flush-cacheZbigniew Jędrzejewski-Szmek
resolved: allow clients request cache flushes
2016-06-12Merge pull request #3453 from poettering/fix-3353Zbigniew Jędrzejewski-Szmek
Fixes #3353.
2016-06-12networkd: more vlan cleanup (#3506)Tobias Jungel
use config_parse_vlanid to parse vlan for BridgeFDB entries
2016-06-12networkd: cleanup of bridge vlan code (#3505)Tobias Jungel
cleanup minor nitpicks mentioned in #3428
2016-06-12Fixed a small typo in a comment (#3514)Alex Gaynor
2016-06-10resolved: move verification that link is unmanaged into the proper bus callsLennart Poettering
Previously, we checked only for the various SetLinkXYZ() calls on the Manager object exposed on the bus if the specified interface is managed/unmanaged by networkd (as we don't permit overriding DNS configuration via bus calls if networkd owns the device), but the equivalent SetXYZ() calls on the Link object did not have such a check. Fix that by moving the appropriate check into the latter, as the former just calls that anyway.
2016-06-10resolved: also add a way to flush all caches via the busLennart Poettering
And expose it in "resolve-tool --flush-caches".
2016-06-10man: document what SIGUSR1 and SIGUSR2 do to resolvedLennart Poettering
2016-06-10resolved: flush all caches if SIGUSR2 is receivedLennart Poettering
2016-06-10networkd: fix bad memory access for routes that are note attached to a link ↵Lennart Poettering
yet (#3499) Corrects: 1b566071 Also see: https://github.com/systemd/systemd/pull/3478#issuecomment-225008542
2016-06-10update TODOLennart Poettering
2016-06-10systemctl: prolong timeout of "systemctl daemon-reload"Lennart Poettering
Reloading or reexecuting PID 1 means the unit generators are rerun, which are timed out at 90s. Make sure the method call asking for the reload is timed out at twice that, so that the generators have 90s and the reload operation has 90s too. This reworks the daemon_reload() call in systemctl, and makes it exclusively about reloading/reexecing. Previously it was used for other trivial method calls too, which didn't really help readability. As the code paths are now sufficiently different, split out the old code into a new function trivial_method(). This call also does a similar change as c8ad4efb277c3235d58789170af11bb3c847d655 but for the reload/reexec operation. Fixes: #3353
2016-06-10systemctl: don't suppress error code when handling legacy commandsLennart Poettering
For legacy commands such as /sbin/halt or /sbin/poweroff we support legacy fallbacks that talk via traditional SysV way with PID 1 to issue the desired operation. We do this on any kind of error if the primary method of operation fails. When this is the case we suppress any error message that is normally generated, in order to not confuse the user. When suppressing this log message, don't suppress the original error code, because there's really no reason to.
2016-06-10core: disable colors when displaying cylon when systemd.log_color=off (#3495)Franck Bui
2016-06-10update TODOLennart Poettering
2016-06-10core/execute: add the magic character '!' to allow privileged execution (#3493)Alessandro Puccetti
This patch implements the new magic character '!'. By putting '!' in front of a command, systemd executes it with full privileges ignoring paramters such as User, Group, SupplementaryGroups, CapabilityBoundingSet, AmbientCapabilities, SecureBits, SystemCallFilter, SELinuxContext, AppArmorProfile, SmackProcessLabel, and RestrictAddressFamilies. Fixes partially https://github.com/systemd/systemd/issues/3414 Related to https://github.com/coreos/rkt/issues/2482 Testing: 1. Create a user 'bob' 2. Create the unit file /etc/systemd/system/exec-perm.service (You can use the example below) 3. sudo systemctl start ext-perm.service 4. Verify that the commands starting with '!' were not executed as bob, 4.1 Looking to the output of ls -l /tmp/exec-perm 4.2 Each file contains the result of the id command. ````````````````````````````````````````````````````````````````` [Unit] Description=ext-perm [Service] Type=oneshot TimeoutStartSec=0 User=bob ExecStartPre=!/usr/bin/sh -c "/usr/bin/rm /tmp/exec-perm*" ; /usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-pre" ExecStart=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start" ; !/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-star-2" ExecStartPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-post" ExecReload=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-reload" ExecStop=!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop" ExecStopPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop-post" [Install] WantedBy=multi-user.target] `````````````````````````````````````````````````````````````````
2016-06-10rules: block - add scm block devices to whitelist (#3494)Lennart Poettering
Since the introduction of the whitelist in 60-persistent-storage.rules block device symlinks are no longer created for scm block devices. Add scm to the whitelist. Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
2016-06-10nspawn: introduce --notify-ready=[no|yes] (#3474)Alessandro Puccetti
This the patch implements a notificaiton mechanism from the init process in the container to systemd-nspawn. The switch --notify-ready=yes configures systemd-nspawn to wait the "READY=1" message from the init process in the container to send its own to systemd. --notify-ready=no is equivalent to the previous behavior before this patch, systemd-nspawn notifies systemd with a "READY=1" message when the container is created. This notificaiton mechanism uses socket file with path relative to the contanier "/run/systemd/nspawn/notify". The default values it --notify-ready=no. It is also possible to configure this mechanism from the .nspawn files using NotifyReady. This parameter takes the same options of the command line switch. Before this patch, systemd-nspawn notifies "ready" after the inner child was created, regardless the status of the service running inside it. Now, with --notify-ready=yes, systemd-nspawn notifies when the service is ready. This is really useful when there are dependencies between different contaniers. Fixes https://github.com/systemd/systemd/issues/1369 Based on the work from https://github.com/systemd/systemd/pull/3022 Testing: Boot a OS inside a container with systemd-nspawn. Note: modify the commands accordingly with your filesystem. 1. Create a filesystem where you can boot an OS. 2. sudo systemd-nspawn -D ${HOME}/distros/fedora-23/ sh 2.1. Create the unit file /etc/systemd/system/sleep.service inside the container (You can use the example below) 2.2. systemdctl enable sleep 2.3 exit 3. sudo systemd-run --service-type=notify --unit=notify-test ${HOME}/systemd/systemd-nspawn --notify-ready=yes -D ${HOME}/distros/fedora-23/ -b 4. In a different shell run "systemctl status notify-test" When using --notify-ready=yes the service status is "activating" for 20 seconds before being set to "active (running)". Instead, using --notify-ready=no the service status is marked "active (running)" quickly, without waiting for the 20 seconds. This patch was also test with --private-users=yes, you can test it just adding it at the end of the command at point 3. ------ sleep.service ------ [Unit] Description=sleep After=network.target [Service] Type=oneshot ExecStart=/bin/sleep 20 [Install] WantedBy=multi-user.target ------------ end ------------
2016-06-10Merge pull request #3428 from toanju/networkd/brvlanLennart Poettering
networkd: add support to configure VLAN on bridge ports
2016-06-10l10n: update belarusian translation (#3482)Viktar Vaŭčkievič
2016-06-10networkd: fix dbus matchmac interface (#3485)Andrew Jeddeloh
Fix issue where the *Network passed via userdata is being offset by offsetof(Network, matchmac) leading to incorrect values being exposed in dbus.
2016-06-10networkd: add support to configure VLAN on bridge portsTobias Jungel
2016-06-09networkd-link: parse linkinfo to get kindTobias Jungel
2016-06-09Merge pull request #3456 from poettering/ipv6-ra-renameTom Gundersen
networkd: rename IPv6AcceptRouterAdvertisements to IPv6AcceptRA
2016-06-09networkd: clean up vlan handling a bit (#3478)Lennart Poettering
Let's add a generic parser for VLAN ids, which should become handy as preparation for PR #3428. Let's also make sure we use uint16_t for the vlan ID type everywhere, and that validity checks are already applied at the time of parsing, and not only whne we about to prepare a netdev. Also, establish a common definition VLANID_INVALID we can use for non-initialized VLAN id fields.
2016-06-09Updated Turkish translation (#3477)Muhammet Kara
2016-06-09bus_util: add support to map double (#3479)Susant Sahani
Now we don't support parsing double at map_basic. when trying to use bus_message_map_all_properties with a double this fails. Let's add it.
2016-06-09udev-builtin-blkid: fix GPT_FLAG_NO_AUTO check for ESP (#3450)Lennart Poettering
The flags check was accidentally placed in the ESP if block, but should be in the root if block. This corrects: 0238d4c660e732dd03ba0cdb54a29ec5870ee849 Fixes: #3440 Also see: #3441
2016-06-09load-fragment: don't try to do a template instance replacement if we are not ↵Lennart Poettering
an instance (#3451) Corrects: 7aad67e7 Fixes: #3438
2016-06-09Merge pull request #3432 from poettering/resolved-ll-ipv6Martin Pitt
resolved: support IPv6 DNS servers on the local link
2016-06-09execute: check whether the specified fd is a tty before chowning/chmoding ↵Lennart Poettering
it (#3457) Let's add an extra safety check before we chmod/chown a TTY to the right user, as we might end up having connected something to STDIN/STDOUT that is actually not a TTY, even though this might have been requested, due to permissive StandardInput= settings or transient service activation with fds passed in. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=85255
2016-06-09Update spanish po file (#3463)Pablo Lezaeta Reyes [pˈaβ̞lo lˌe̞θaˈeta rˈejɛ]
2016-06-09units: add a basic SystemCallFilter (#3471)Topi Miettinen
Add a line SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace for daemons shipped by systemd. As an exception, systemd-timesyncd needs @clock system calls and systemd-localed is not privileged. ptrace(2) is blocked to prevent seccomp escapes.
2016-06-08Merge pull request #3431 from poettering/network-fixesTom Gundersen
put limits on addresses and routers per link and per network
2016-06-08Merge pull request #3470 from fbuihuu/logind-fix-ignore-inhibitLennart Poettering
Logind: fix handling of *KeyIgnoreInhibited options in logind.conf
2016-06-08logind: minor cleanup and use IN_SET() in manager_handle_action()Franck Bui
2016-06-08logind: really handle *KeyIgnoreInhibited options in logind.confFranck Bui
2016-06-08units: enable MemoryDenyWriteExecute (#3459)Topi Miettinen
Secure daemons shipped by systemd by enabling MemoryDenyWriteExecute. Closes: #3459
2016-06-08sysv-generator: remove more dead code (#3462)Lennart Poettering
The changes in 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f weren't complete, only half the code that dealt with K links was removed. This is a follow-up patch that removes the rest too. No functional changes.
2016-06-07hwdb: selinuxify a bit (#3460)Evgeny Vereshchagin
-bash-4.3# rm /etc/udev/hwdb.bin -bash-4.3# systemd-hwdb update -bash-4.3# ls -Z /etc/udev/hwdb.bin system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin Fixes: #3458
2016-06-07networkd: rename IPv6AcceptRouterAdvertisements to IPv6AcceptRALennart Poettering
The long name is just too hard to type. We generally should avoid using acronyms too liberally, if they aren't established enough, but it appears that "RA" is known well enough. Internally we call the option "ipv6_accept_ra" anyway, and the kernel also exposes it under this name. Hence, let's rename the IPv6AcceptRouterAdvertisements= setting and the [IPv6AcceptRouterAdvertisements] section to IPv6AcceptRA= and [IPv6AcceptRA]. The old setting IPv6AcceptRouterAdvertisements= is kept for compatibility with older configuration. (However the section [IPv6AcceptRouterAdvertisements] is not, as it was never available in a published version of systemd.
2016-06-07Merge pull request #3394 from poettering/triple-tstampLennart Poettering
timestamping improvements and IPv6 RA revamp
2016-06-07sd-netlink: fix deep recursion in message destruction (#3455)David Herrmann
On larger systems we might very well see messages with thousands of parts. When we free them, we must avoid recursing into each part, otherwise we very likely get stack overflows. Fix sd_netlink_message_unref() to use an iterative approach rather than recursion (also avoid tail-recursion in case it is not optimized by the compiler).
2016-06-07fstab-generator: don't process root= if it happens to be "gpt-auto" (#3452)Lennart Poettering
As that's handled by "gpt-auto-generator". Fixes: #3404
2016-06-06os-release: Add VERSION_CODENAME field (#3445)Benjamin Drung
Debian and their derivatives (Ubuntu, Trisquel, etc.) use a code name for their repositories. Thus record the code name in os-release for processing. Closes systemd/systemd#3429
2016-06-06cgtop: minimize aux variable scopeLennart Poettering
2016-06-06core: add minor commentLennart Poettering
Let's explain #3444 briefly in the sources, too.