summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-07-06nspawn: Communicate determined UID shift to parentRichard Maw
There is logic to determine the UID shift from the file-system, rather than having it be explicitly passed in. However, this needs to happen in the child process that sets up the mounts, as what's important is the UID of the mounted root, rather than the mount-point. Setting up the UID map needs to happen in the parent becuase the inner child needs to have been started, and the outer child is no longer able to access the uid_map file, since it lost access to it when setting up the mounts for the inner child. So we need to communicate the uid shift back out, along with the PID of the inner child process. Failing to communicate this means that the invalid UID shift, which is the value used to specify "this needs to be determined from the file system" is left invalid, so setting up the user namespace's UID shift fails.
2015-07-05core: fix missing bus-util.h includeDavid Herrmann
Whoopsy, forgot to 'git add' this, sorry.
2015-07-05core: don't mount kdbusfs if not wantedDavid Herrmann
Just like we conditionalize loading kdbus.ko, we should conditionalize mounting kdbusfs. Otherwise, we might run with kdbus if it is builtin, even though the user didn't want this.
2015-07-05NEWS: mention accelerometer removal for 222David Herrmann
Add NEWS entry for 222 and mention the removal of the udev accelerometer. iio-sensor-proxy-1.0 is required if you want orientation data to still work.
2015-07-04Merge pull request #488 from miguelinux/bootZbigniew Jędrzejewski-Szmek
bootctl: fix sdboot to systemd-boot
2015-07-04bootctl: fix sdboot to systemd-bootMiguel Bernal Marin
sdboot was renamed to systemd-boot Fixes: e7dd673d1e0a ("gummiboot/sd-boot/systemd-boot: rename galore") Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
2015-07-04man: fix sysctl references in networkd-manpageDavid Herrmann
We refer to the same sysctl-setting twice, which is misleading. Correctly list all global forwarding options. As we _always_ change the forwarding setting on links, they will get disabled by default. The global sysctl defaults thus will not have any effect.
2015-07-04Merge pull request #485 from poettering/sd-bus-flush-close-unrefDavid Herrmann
sd-bus: introduce new sd_bus_flush_close_unref() call
2015-07-04core: fix coding style in agent-handlingDavid Herrmann
Avoid late bail-out based on a condition. This makes code hard to read. Instead, reverse the forwarding-condition.
2015-07-04core: harden cgroups-agent forwardingDavid Herrmann
On dbus1, we receive systemd1.Agent signals via the private socket, hence it's trusted. However, on kdbus we receive it on the system bus. We must make sure it's sent by UID=0, otherwise unprivileged users can fake it. Furthermore, never forward broadcasts we sent ourself. This might happen on kdbus, as we forward the message on the same bus we received it on, thus ending up in an endless loop.
2015-07-04busctl: flush stdout after dumping dataDavid Herrmann
Running `busctl monitor` currently buffers data for several seconds / kilobytes before writing stdout. This is highly confusing if you dump in a file, ^C busctl and then end up with a file with data of the last few _seconds_ missing. Fix this by explicitly flushing after each signal.
2015-07-03Merge pull request #484 from xnox/persistent-journalLennart Poettering
journal: in persistent mode create /var/log/journal, with all parents.
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-07-03Merge pull request #478 from ↵Daniel Mack
systemd/revert-429-nspawn-userns-uid-shift-autodetection-fix Revert "nspawn: determine_uid_shift before forking"
2015-07-03journal: in persistent mode create /var/log/journal, with all parents.Dimitri John Ledkov
systemd-journald races with systemd-tmpfiles-setup, and hence both are started at about the same time. On a bare-bones system (e.g. with empty /var, or even non-existent /var), systemd-tmpfiles will create /var/log. But it can happen too late, that is systemd-journald already attempted to mkdir /var/log/journal, ignoring the error. Thus failing to create /var/log/journal. One option, without modifiying the dependency graph is to create /var/log/journal directory with parents, when persistent storage has been requested.
2015-07-03Merge pull request #480 from rinrinne/fix-messageLennart Poettering
Fix error message for enumerate addresses
2015-07-03Revert "nspawn: determine_uid_shift before forking"Lennart Poettering
2015-07-03Fix error message for enumerate addressesrinrinne
Error message for enumerating addresses was not 'addresses' but 'links'. This patch fixes it.
2015-07-03Merge pull request #473 from ↵Lennart Poettering
richardmaw-codethink/machinectl-import-earlier-than-3-15 util: fall back in rename_noreplace when renameat2 isn't implemented
2015-07-02login: add rule for qemu's pci-bridge-seatGerd Hoffmann
Qemu provides a separate pci-bridge exclusively for multi-seat setups. The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new pci-bridge-seat was specifically added to simplify guest-side multiseat configuration. It is identical to the normal pci-pci bridge, except that it has a different id (1b36:000a) so we can match it and configure multiseating automatically. Make sure we always treat this as separate seat if we detect this, just like other "Pluggable" devices. (David: write commit-message)
2015-07-02util: fall back in rename_noreplace when renameat2 isn't implementedRichard Maw
According to README we only need 3.7, and while it may also make sense to bump that requirement when appropriate, it's trivial to fall back when renameat2 is not available.
2015-07-02Merge pull request #472 from keszybz/documentation-updates2Zbigniew Jędrzejewski-Szmek
Documentation updates
2015-07-02Merge pull request #470 from marineam/escapeZbigniew Jędrzejewski-Szmek
escape: fix exit code
2015-07-02Merge pull request #427 from keszybz/man-list-fixesZbigniew Jędrzejewski-Szmek
Update Makefile-man.am after recent changes and fix regeneration of Makefile-man.am Fixes fallout from https://github.com/systemd/systemd/pull/282.
2015-07-02man: update sysctl example about netfilterZbigniew Jędrzejewski-Szmek
It turns out that since kernel 3.18 netfilter on bridged packets is off anyway, so the example should be reworded (and the module name updated).
2015-07-02man: information about available propertiesZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1144496
2015-07-02sd-bus: don't leak kdbus notificationsDavid Herrmann
When we get notifications from the kernel, we always turn them into synthetic dbus1 messages. This means, we do *not* consume the kdbus message, and as such have to free the offset. Right now, the translation-helpers told the caller that they consumed the message, which is wrong. Fix this by explicitly releasing all kernel messages that are translated.
2015-07-01escape: fix exit codeMichael Marineau
r == 0 indicates success, not failure
2015-07-01Merge pull request #409 from teg/networkd-enslave-segfaultDaniel Mack
fix segfault when cancelling enslaving of links by netdevs
2015-07-01Merge pull request #466 from rivanvx/masterDaniel Mack
timedatectl: trim non-local RTC warning to 80 chars wide
2015-07-02timedatectl: trim non-local RTC warning to 80 chars wideVedran Miletić
2015-07-01Merge pull request #459 from ctrochalakis/reuse-port-before-bindDaniel Mack
socket: Set SO_REUSEPORT before bind()
2015-07-01Merge pull request #419 from eworm-de/man-protecthomeDaniel Mack
man: ProtectHome= protects /root as well
2015-07-01Merge pull request #463 from dvdhrm/udev-runDaniel Mack
udev: destroy manager before cleaning environment
2015-07-01udev: destroy manager before cleaning environmentDavid Herrmann
Due to our _cleanup_ usage for the udev manager, it will be destroyed after the "exit:" label has finished. Therefore, it is the last destruction done in main(). This has two side-effects: - mac_selinux is destroyed before the udev manager is, possible causing use-after-free if the manager-cleanup accesses selinux data - log_close() is called *before* the manager is destroyed, possibly re-opening the log if you use --debug (and thus not re-applying the --debug option) Avoid this by moving the manager-handling into a new function called run(). This function will be left before we enter the "exit:" label in main(), hence, the manager object will be destroyed early.
2015-07-01udevd: force --debug mode to stderrKay Sievers
https://github.com/systemd/systemd/issues/462
2015-07-01bus-proxy: never apply policy when sending signalsDavid Herrmann
Unlike dbus-daemon, the bus-proxy does not know the receiver of a broadcast (as the kernel has exclusive access on the bus connections). Hence, and "destination=" matches in dbus1 policies cannot be applied. But kdbus does not place any restrictions on *SENDING* broadcasts, anyway. The kernel never returns EPERM to KDBUS_CMD_SEND if KDBUS_MSG_SIGNAL is set. Instead, receiver policies are checked. Hence, stop checking sender policies for signals in bus-proxy and leave it up to the kernel. This fixes some network-manager bus-proxy issues where NM uses weird dst-based matches against interface-based matches. As we cannot perform dst-based matches, our bus-proxy cannot properly implement this policy.
2015-07-01login: re-use VT-sessions if they already existDavid Herrmann
Right now, if you start a session via 'su' or 'sudo' from within a session, we make sure to re-use the existing session instead of creating a new one. We detect this by reading the session of the requesting PID. However, with gnome-terminal running as a busname-unit, and as such running outside the session of the user, this will no longer work. Therefore, this patch makes sure to return the existing session of a VT if you start a new one. This has the side-effect, that you will re-use a session which your PID is not part of. This works fine, but will break assumptions if the parent session dies (and as such close your session even though you think you're part of it). However, this should be perfectly fine. If you run multiple logins on the same session, you should really know what you're doing. The current way of silently accepting it but choosing the last registered session is just weird.
2015-07-01Merge pull request #460 from xnox/bootchart-warningDaniel Mack
bootchart: do not report warning when disk is missing model.
2015-07-01bootchart: do not report warning when disk is missing model.Dimitri John Ledkov
In VMs / virtio drives there is no model. Also don't print "Disk: (null)" in output if no model is available.
2015-07-01socket: Set SO_REUSEPORT before bind()Christos Trochalakis
bind() fails if it is called before setting SO_REUSEPORT and another process is already binded to the same addess. A new reuse_port option has been introduced to socket_address_listen() to set the option as part of socket initialization.
2015-07-01sysv-generator: fix coding-styleDavid Herrmann
Fix weird coding-style: - proper white-space - no if (func() >= 0) bail-outs - fix braces - avoid 'r' for anything but errno - init _cleanup_ variables unconditionally, even if not needed
2015-07-01Revert "kmod-setup: don't print warning on -ENOSYS"David Herrmann
This partially reverts commit 78d298bbc57e412574ea35e6e66f562d97fd9ebc. The changed coding-style is kept, but the ENOENT->ENOSYS conversion is reverted. kmod was fixed upstream to no longer return ENOSYS. Also see: https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/?id=114ec87c85c35a2bd3682f9f891e494127be6fb5 The kmod fix is marked for backport, so no reason to bump the kmod version we depend on.
2015-07-01sysv-generator test: Fix random ordering failureMartin Pitt
test_simple_escaped() sometimes fails with AssertionError: Lists differ: ['foo\\x2b.service', 'foo-admin.service'] != ['foo-admin.service', 'foo\\x2b.service'] We don't need to assume any order here, so compare them as a set, not a list.
2015-06-30Merge pull request #411 from teg/udev-simplify-exec-envpKay Sievers
udev: event - simplify udev_event_spawn() logic
2015-06-30Merge pull request #398 from teg/netlink-container-reworkDavid Herrmann
netlink container rework Allocate containers as separate structs instead of individual arrays for each member field.
2015-06-30Merge pull request #434 from kaysievers/wipMartin Pitt
udev: remove WAIT_FOR key
2015-06-30udev: remove WAIT_FOR keyKay Sievers
This facility was never a proper solution, but only papered over real bugs in the kernel. There are no known sysfs "timing bugs" since a long time.
2015-06-30man: ProtectHome= protects /root as wellChristian Hesse
2015-06-30Merge pull request #430 from gmacario/fix-issue404-v2Tom Gundersen
bootchart: Ensure that /proc/schedstat is read entirely (v2)