summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-07-06Merge pull request #496 from poettering/ipv6-privacyDaniel Mack
networkd: various fixes for the IPv6 privacy extensions support
2015-07-06man: sd-bus: typo fixThomas Hindoe Paaboel Andersen
2015-07-06networkd: various fixes for the IPv6 privacy extensions supportLennart Poettering
- Make sure that the IPv6PrivacyExtensions=yes results in prefer-temporary, not prefer-public. - Introduce special enum value "kernel" to leave setting unset, similar how we have it for the IP forwarding settings. - Bring the enum values in sync with the the strings we parse for them, to the level this makes sense (specifically, rename "disabled" to "no", and "prefer-temporary" to "yes"). - Make sure we really set the value to to "no" by default, the way it is already documented in the man page. - Fix whitespace error. - Make sure link_ipv6_privacy_extensions() actually returns the correct enum type, rather than implicitly casting it to "bool". - properly size formatting buffer for ipv6 sysctl value - Don't complain if /proc/sys isn't writable - Document that the enum follows the kernel's own values (0 = off, 1 = prefer-public, 2 = prefer-temporary) - Drop redundant negating of error code passed to log_syntax() - Manpage fixes This fixes a number of issues from PR #417
2015-07-06Merge pull request #495 from poettering/forwarding-fixDaniel Mack
networkd: be more defensive when writing to ipv4/ipv6 forwarding sett…
2015-07-06NEWS: mention ipv6 privacy extensionsDavid Herrmann
2015-07-06bus-proxyd: fix log message and explain dbus-1 compat matchesKay Sievers
2015-07-06docs: add .gitignoreKay Sievers
2015-07-06bus-proxyd: subscribe to unicast signals directed to the proxy connectionKay Sievers
2015-07-06sd-bus: support matching on destination namesDavid Herrmann
Right now, we never install destination matches on kdbus as the kernel did not support MATCH rules on those. With the introduction of KDBUS_ITEM_DST_ID we can now match on destination IDs, so add explicit support for those. This requires a recent kdbus module to work. However, there seems to be no user-space that uses "Destination=''" matches, yet, so old kdbus modules still work fine (we couldn't find any real user). This is needed to match on unicast signals in bus-proxy. A followup will add support for this.
2015-07-06Merge pull request #491 from torstehu/fix-typoDaniel Mack
treewide: fix typos
2015-07-06nspawn: Communicate determined UID shift to parentRichard Maw
There is logic to determine the UID shift from the file-system, rather than having it be explicitly passed in. However, this needs to happen in the child process that sets up the mounts, as what's important is the UID of the mounted root, rather than the mount-point. Setting up the UID map needs to happen in the parent becuase the inner child needs to have been started, and the outer child is no longer able to access the uid_map file, since it lost access to it when setting up the mounts for the inner child. So we need to communicate the uid shift back out, along with the PID of the inner child process. Failing to communicate this means that the invalid UID shift, which is the value used to specify "this needs to be determined from the file system" is left invalid, so setting up the user namespace's UID shift fails.
2015-07-06networkd: be more defensive when writing to ipv4/ipv6 forwarding settingsLennart Poettering
1) never bother with setting the flag for loopback devices 2) if we fail to write the flag due to EROFS (which is likely to happen in containers where /proc/sys is read-only) or any other error, check if the flag already has the right value. If so, don't complain. Closes #469
2015-07-06treewide: fix typosTorstein Husebø
2015-07-06update TODOLennart Poettering
2015-07-06nspawn: fix indentingLennart Poettering
2015-07-06Merge pull request #443 from ssahani/lldpTom Gundersen
lldp: set correct state for processing
2015-07-05Merge pull request #417 from ssahani/ipv6-privateDaniel Mack
Ipv6 private extensions
2015-07-05login: simplify assignmentZbigniew Jędrzejewski-Szmek
2015-07-05rules: block - add dasd to whitelistKay Sievers
2015-07-05build-sys: bump sonamesKay Sievers
2015-07-05hwdb: updateKay Sievers
2015-07-05NEWS: updateKay Sievers
2015-07-05core: fix missing bus-util.h includeDavid Herrmann
Whoopsy, forgot to 'git add' this, sorry.
2015-07-05core: don't mount kdbusfs if not wantedDavid Herrmann
Just like we conditionalize loading kdbus.ko, we should conditionalize mounting kdbusfs. Otherwise, we might run with kdbus if it is builtin, even though the user didn't want this.
2015-07-05NEWS: mention accelerometer removal for 222David Herrmann
Add NEWS entry for 222 and mention the removal of the udev accelerometer. iio-sensor-proxy-1.0 is required if you want orientation data to still work.
2015-07-05TODO: remove ipv6 Ipv6 privacy extensionsSusant Sahani
2015-07-05man: add manual for ipv6 privacy extensionSusant Sahani
2015-07-05networkd: Add support for ipv6 privacy extensionSusant Sahani
This patch add support for ipv6 privacy extensions. The variable /proc/sys/net/ipv6/conf/<if>/use_tempaddr can be changed via the boolean IPv6PrivacyExtensions=[yes/no/prefer-temporary] When true enables privacy extensions, but prefer public addresses over temporary addresses. prefer-temporary prefers temporary adresses over public addresses. Defaults to false. [Match] Name=enp0s25 [Network] IPv6PrivacyExtensions=prefer-temporary
2015-07-04Merge pull request #488 from miguelinux/bootZbigniew Jędrzejewski-Szmek
bootctl: fix sdboot to systemd-boot
2015-07-04bootctl: fix sdboot to systemd-bootMiguel Bernal Marin
sdboot was renamed to systemd-boot Fixes: e7dd673d1e0a ("gummiboot/sd-boot/systemd-boot: rename galore") Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
2015-07-04man: fix sysctl references in networkd-manpageDavid Herrmann
We refer to the same sysctl-setting twice, which is misleading. Correctly list all global forwarding options. As we _always_ change the forwarding setting on links, they will get disabled by default. The global sysctl defaults thus will not have any effect.
2015-07-04Merge pull request #485 from poettering/sd-bus-flush-close-unrefDavid Herrmann
sd-bus: introduce new sd_bus_flush_close_unref() call
2015-07-04core: fix coding style in agent-handlingDavid Herrmann
Avoid late bail-out based on a condition. This makes code hard to read. Instead, reverse the forwarding-condition.
2015-07-04core: harden cgroups-agent forwardingDavid Herrmann
On dbus1, we receive systemd1.Agent signals via the private socket, hence it's trusted. However, on kdbus we receive it on the system bus. We must make sure it's sent by UID=0, otherwise unprivileged users can fake it. Furthermore, never forward broadcasts we sent ourself. This might happen on kdbus, as we forward the message on the same bus we received it on, thus ending up in an endless loop.
2015-07-04busctl: flush stdout after dumping dataDavid Herrmann
Running `busctl monitor` currently buffers data for several seconds / kilobytes before writing stdout. This is highly confusing if you dump in a file, ^C busctl and then end up with a file with data of the last few _seconds_ missing. Fix this by explicitly flushing after each signal.
2015-07-03Merge pull request #484 from xnox/persistent-journalLennart Poettering
journal: in persistent mode create /var/log/journal, with all parents.
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-07-03Merge pull request #478 from ↵Daniel Mack
systemd/revert-429-nspawn-userns-uid-shift-autodetection-fix Revert "nspawn: determine_uid_shift before forking"
2015-07-03journal: in persistent mode create /var/log/journal, with all parents.Dimitri John Ledkov
systemd-journald races with systemd-tmpfiles-setup, and hence both are started at about the same time. On a bare-bones system (e.g. with empty /var, or even non-existent /var), systemd-tmpfiles will create /var/log. But it can happen too late, that is systemd-journald already attempted to mkdir /var/log/journal, ignoring the error. Thus failing to create /var/log/journal. One option, without modifiying the dependency graph is to create /var/log/journal directory with parents, when persistent storage has been requested.
2015-07-03Merge pull request #480 from rinrinne/fix-messageLennart Poettering
Fix error message for enumerate addresses
2015-07-03Revert "nspawn: determine_uid_shift before forking"Lennart Poettering
2015-07-03Fix error message for enumerate addressesrinrinne
Error message for enumerating addresses was not 'addresses' but 'links'. This patch fixes it.
2015-07-03Merge pull request #473 from ↵Lennart Poettering
richardmaw-codethink/machinectl-import-earlier-than-3-15 util: fall back in rename_noreplace when renameat2 isn't implemented
2015-07-02login: add rule for qemu's pci-bridge-seatGerd Hoffmann
Qemu provides a separate pci-bridge exclusively for multi-seat setups. The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new pci-bridge-seat was specifically added to simplify guest-side multiseat configuration. It is identical to the normal pci-pci bridge, except that it has a different id (1b36:000a) so we can match it and configure multiseating automatically. Make sure we always treat this as separate seat if we detect this, just like other "Pluggable" devices. (David: write commit-message)
2015-07-02util: fall back in rename_noreplace when renameat2 isn't implementedRichard Maw
According to README we only need 3.7, and while it may also make sense to bump that requirement when appropriate, it's trivial to fall back when renameat2 is not available.
2015-07-02Merge pull request #472 from keszybz/documentation-updates2Zbigniew Jędrzejewski-Szmek
Documentation updates
2015-07-02Merge pull request #470 from marineam/escapeZbigniew Jędrzejewski-Szmek
escape: fix exit code
2015-07-02Merge pull request #427 from keszybz/man-list-fixesZbigniew Jędrzejewski-Szmek
Update Makefile-man.am after recent changes and fix regeneration of Makefile-man.am Fixes fallout from https://github.com/systemd/systemd/pull/282.
2015-07-02man: update sysctl example about netfilterZbigniew Jędrzejewski-Szmek
It turns out that since kernel 3.18 netfilter on bridged packets is off anyway, so the example should be reworded (and the module name updated).
2015-07-02man: information about available propertiesZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1144496