Age | Commit message (Collapse) | Author |
|
|
|
journal-gatewayd: timeout journal wait to allow thread cleanup
|
|
tests: test-resolve: wait until all queries are completed
|
|
resolved: query_process_cname - make fully recursive
|
|
This is a follow-up for 4a134c4903dbf6ef6c6a
Fixes:
$ ./test-resolve
209.132.183.105:80
209.132.183.105:80
canonical name: n/a
193.99.144.85:0
[2a02:2e0:3fe:1001:7777:772e:2:85]:0
canonical name: www.heise.de
Host: web.heise.de -- Serv: http
$ ./test-resolve
193.99.144.85:0
[2a02:2e0:3fe:1001:7777:772e:2:85]:0
canonical name: www.heise.de
Host: web.heise.de -- Serv: http
$ ./test-resolve
...
|
|
Twelfth DNSSEC PR
|
|
This ensures we properly resolve the CNAME chain as far as we can, rather
than only CNAME chains of length one.
|
|
build-sys: valgrind-tests: exclude python scripts too
|
|
|
|
|
|
|
|
On errors, mention the functions that really failed.
|
|
Fstab gen fix device timeout
|
|
tests: don't change hard limit in test-rlimit-util
|
|
tests: add regression test for `systemctl restart systemd-journald`
|
|
tests: use sd_bus_flush_close_unref instead of sd_bus_unref in test-bus-cleanup
|
|
systemd-mailing-devs/1452047873-6043-1-git-send-email-hui.wang@canonical.com
keymap: remap microphone mute keycode for Lenovo Thinkcentre M800z
|
|
This Lenovo machine use codec Line2 to implement a microphone mute
button, it depends on the unsolicited interrupt to generate key event,
the scan code for this button is assigned to 0x00 in the linux kernel
driver, and the keycode is KEY_MICMUTE(248), we need to remap this
keycode to KEY_F20 to make this hotkey work in X11.
BugLink: https://bugs.launchpad.net/bugs/1531362
Signed-off-by: Hui Wang <hui.wang@canonical.com>
|
|
Now that we populate the trust database by default with a larger number
of entires, we better make sure to output a more readable version.
|
|
Let's increase compatibility with many private domains by default, and
ship a default NTA list of wel-known private domains, where it is
unlikely they will be deployed as official TLD anytime soon.
|
|
|
|
|
|
After all, when we don't support the algorithm we cannot determine
validity.
|
|
non-DNSSEC mode for them
This adds logic to detect cases like the Fritz!Box routers which serve
a private DNS domain "fritz.box" under the TLD "box" that does not
exist in the root servers. If this is detected DNSSEC validation is
turned off for this private domain, thus improving compatibility with
such private DNS zones.
This should be fairly secure as we first rely on the proof that .box
does not exist before this logic is applied. Nevertheless the logic is
only enabled for DNSSEC=allow-downgrade mode.
This logic does not work for routers that set up a full DNS zone directly
under a non-existing TLD, as in that case we cannot prove
that the domain is truly non-existing according to the root servers.
|
|
|
|
We followed the wrong connection. This only worked sometimes at all, because we
also return the wrong error code.
|
|
|
|
This adds a DNSSEC= setting to .network files, and makes resolved honour
them.
|
|
|
|
|
|
After discussing this with Tom, we figured out "allow-downgrade" sounds
nicer.
|
|
|
|
The option is already there, but wasn't exported in the configuration
file so far. Fix that.
|
|
|
|
networkd previously knew an enum "ResolveSupport" for configuring
per-interface LLMNR support, resolved had a similar enum just called
"Support", with the same value and similar pasers.
Unify this, call the enum ResolveSupport, and port both daemons to it.
|
|
In a couple of cases we maintain configuration settings that know an on
and off state, like a boolean, plus some additional states. We generally
parse them as booleans first, and if that fails check for specific
additional values.
This adds a generalized set of macros for parsing such settings, and
ports one use in resolved and another in networkd over to it.
|
|
|
|
|
|
machine: fix typo: MS_MOUNT does not exist
|
|
Fixes:
$ make valgrind-tests TESTS=test-bus-cleanup
==6363== 9 bytes in 1 blocks are possibly lost in loss record 1 of 28
==6363== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
==6363== by 0x197D12: hexmem (hexdecoct.c:79)
==6363== by 0x183083: bus_socket_start_auth_client (bus-socket.c:639)
==6363== by 0x1832A0: bus_socket_start_auth (bus-socket.c:678)
==6363== by 0x183438: bus_socket_connect (bus-socket.c:705)
==6363== by 0x14B0F2: bus_start_address (sd-bus.c:1053)
==6363== by 0x14B592: sd_bus_start (sd-bus.c:1134)
==6363== by 0x14B95E: sd_bus_open_system (sd-bus.c:1235)
==6363== by 0x1127E2: test_bus_open (test-bus-cleanup.c:42)
==6363== by 0x112AAE: main (test-bus-cleanup.c:87)
==6363==
...
$ ./libtool --mode=execute valgrind ./test-bus-cleanup
==6584== LEAK SUMMARY:
...
==6584== possibly lost: 10,566 bytes in 27 blocks
|
|
|
|
Eleventh DNSSEC patch set
|
|
|
|
for the root domain defined
We already skip this when the trust anchor files define a DS RR for the
root domain, now also skip it if there's a DNSKEY RR.
|
|
These files are not specific to resolved really, and this is then more
in-line with how /etc/sysctl.d and suchlike is handled.
|
|
mount-setup.c: fix handling of symlink Smack labelling in cgroup setup
|
|
The code introduced in f8c1a81c51 (= systemd 227) failed for me with:
Failed to copy smack label from net_cls to /sys/fs/cgroup/net_cls: No such file or directory
There is no need for a symlink in this case because source and target
are identical. The symlink() call is allowed to fail when the target
already exists. When that happens, copying the Smack label must be
skipped.
But the code also failed when there is a symlink, like "cpu ->
cpu,cpuacct", because mac_smack_copy() got called with
src="cpu,cpuacct" which fails to find the entry because the current
directory is not inside /sys/fs/cgroup. The absolute path to the existing
entry must be used instead.
|
|
hwdb: add axis ranges and resolution for Dell Lattitude E6220
|
|
When storing negative responses, clamp the SOA minimum TTL (as suggested
by RFC2308) to the TTL of the NSEC/NSEC3 RRs we used to prove
non-existance, if it there is any.
This is necessary since otherwise an attacker might put together a faked
negative response for one of our question including a high-ttl SOA RR
for any parent zone, and we'd use trust the TTL.
|
|
|