summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)Author
2016-10-13Merge pull request #4243 from ↵Lennart Poettering
endocode/djalal/sandbox-first-protection-kernelmodules-v1 core:sandbox: Add ProtectKernelModules= and some fixes
2016-10-12build-sys: Allow disabling installation of pam config snippetFelipe Sateler
2016-10-12test: add test to make sure that ProtectKernelModules=yes disconnect mount ↵Djalal Harouni
propagation
2016-10-12test: add capability tests for ProtectKernelModules=Djalal Harouni
This just adds capabilities test.
2016-10-10unit: drop console-shell.service (#4298) (#4325)Franck Bui
console-shell.service was supposed to be useful for normal clean boots (i.e. multi-user.target or so), as a replacement for logind/getty@.service for simpler use cases. But due to the lack of documentation and sanity check one can easily be confused and enable this service in // with getty@.service. In this case we end up with both services sharing the same tty which ends up in strange results. Even worse, console-shell.service might be failing while getty@.service tries to acquire the terminal which ends up in the system to poweroff since console-shell.service uses: "ExecStopPost=-/usr/bin/systemctl poweroff". Another issue: this service doesn't work well if plymouth is also used since it lets the splash screen program run and mess the tty (at least a "plymouth quit" is missing). So let's kill it for now.
2016-10-03build-sys: use non-breaking spaces in contributor listZbigniew Jędrzejewski-Szmek
I think it's easier to read peoples' names with this change.
2016-09-27test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ↵Djalal Harouni
propagation Better safe.
2016-09-27test: add tests for simple ReadOnlyPaths= caseDjalal Harouni
2016-09-25test: add CAP_MKNOD tests for PrivateDevices=Djalal Harouni
2016-09-24build-sys: get rid of move-to-rootlibdirMaciek Borzecki
Replace move-to-rootlibdir calls in post-install hooks with explicitly used ${rootlibdir} where needed. Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
2016-09-21nss: install nss modules to ${rootlibdir}Maciek Borzecki
NSS modules (libnss_*.so.*) need to be installed into ${rootlibdir} (typically /lib) in order to be used. Previously, the modules were installed into ${libdir}, thus usually ending up in /usr/lib, even on systems where split usr is enabled, or ${libdir} is passed explicitly. Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
2016-09-14networkd: add support to configure virtual CAN device (#4139)Susant Sahani
1. add support for kind vcan 2. fixup indention netlink-types.c, networkd-netdev.c
2016-08-22sd-bus: add a small test case for sd_bus_trackLennart Poettering
This tests in particular that disconnecting results in the tracking object's handlers to be called.
2016-08-19Merge pull request #3909 from poettering/mount-toolEvgeny Vereshchagin
add a new tool for creating transient mount and automount units
2016-08-19units: install user units as real files, not symlinks to ../system/Zbigniew Jędrzejewski-Szmek
This was causing preset-all --global to create symlinks: $ systemctl preset-all --global --root=/var/tmp/inst1 Created symlink /var/tmp/inst1/etc/systemd/user/shutdown.target → /usr/lib/systemd/user/../system/shutdown.target. Created symlink /var/tmp/inst1/etc/systemd/user/sockets.target → /usr/lib/systemd/user/../system/sockets.target. Created symlink /var/tmp/inst1/etc/systemd/user/timers.target → /usr/lib/systemd/user/../system/timers.target. Created symlink /var/tmp/inst1/etc/systemd/user/paths.target → /usr/lib/systemd/user/../system/paths.target. Created symlink /var/tmp/inst1/etc/systemd/user/bluetooth.target → /usr/lib/systemd/user/../system/bluetooth.target. Created symlink /var/tmp/inst1/etc/systemd/user/printer.target → /usr/lib/systemd/user/../system/printer.target. Created symlink /var/tmp/inst1/etc/systemd/user/sound.target → /usr/lib/systemd/user/../system/sound.target. Created symlink /var/tmp/inst1/etc/systemd/user/smartcard.target → /usr/lib/systemd/user/../system/smartcard.target. Created symlink /var/tmp/inst1/etc/systemd/user/busnames.target → /usr/lib/systemd/user/../system/busnames.target. It is better to create units in a state that completely matches the presets, i.e. preset-all should do nothing when invoked immediately after installation. I'm sure it was confusing to users too, suggesting that system and user units may somehow alias each other.
2016-08-19units: synchronize Makefile and presets settingsZbigniew Jędrzejewski-Szmek
Enable reboot.target and disable exit.target: the first is used on normal machines, the second only in containers, and the more general one should be enabled by default. Also fix the Makefile to match what preset-all does. With this and the previous commits, doing "make instal DESTDIR=…" followed by "systemctl preset-all --root=…" doesn't result in any changes.
2016-08-18add a new tool for creating transient mount and automount unitsLennart Poettering
This adds "systemd-mount" which is for transient mount and automount units what "systemd-run" is for transient service, scope and timer units. The tool allows establishing mounts and automounts during runtime. It is very similar to the usual /bin/mount commands, but can pull in additional dependenices on access (for example, it pulls in fsck automatically), an take benefit of the automount logic. This tool is particularly useful for mount removable file systems (such as USB sticks), as the automount logic (together with automatic unmount-on-idle), as well as automatic fsck on first access ensure that the removable file system has a high chance to remain in a fully clean state even when it is unplugged abruptly, and returns to a clean state on the next re-plug. This is a follow-up for #2471, as it adds a simple client-side for the transient automount logic added in that PR. In later work it might make sense to invoke this tool automatically from udev rules in order to implement a simpler and safer version of removable media management á la udisks.
2016-08-09build-sys: hook up the hwdb parser to checkZbigniew Jędrzejewski-Szmek
2016-08-02test: fix test-execute personality tests on ppc64 and aarch64 (#3825)Jan Synacek
2016-08-02units: add graphical-session-pre.target user unit (#3848)Martin Pitt
This complements graphical-session.target for services which set up the environment (e. g. dbus-update-activation-environment) and need to run before the actual graphical session.
2016-07-28Merge pull request #3742 from msoltyspl/vconfix2Zbigniew Jędrzejewski-Szmek
vconsole-setup: updates & fixes V2
2016-07-27vconsole: Don't do static installation under sysinit.targetMichal Soltys
Udev rules cover all the necessary initializations. As the service now is neither installed, nor installable - we can remove explicit dependencies and RemainAfterExit=yes option.
2016-07-25Merge pull request #3728 from poettering/dynamic-usersZbigniew Jędrzejewski-Szmek
2016-07-25units: add graphical-session.target user unit (#3678)Martin Pitt
This unit acts as a dynamic "alias" target for any concrete graphical user session like gnome-session.target; these should declare "BindsTo=graphical-session.target" so that both targets stop and start at the same time. This allows services that run in a particular graphical user session (e. g. gnome-settings-daemon.service) to declare "PartOf=graphical-session.target" without having to know or get updated for all/new session types. This will ensure that stopping the graphical session will stop all services which are associated to it.
2016-07-25build-sys: metadata updates for v231 (#3803)systemd/v231-1systemd/v231Lennart Poettering
2016-07-22nss: add new "nss-systemd" NSS module for mapping dynamic usersLennart Poettering
With this NSS module all dynamic service users will be resolvable via NSS like any real user.
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a ↵Lennart Poettering
service is running This adds a new boolean setting DynamicUser= to service files. If set, a new user will be allocated dynamically when the unit is started, and released when it is stopped. The user ID is allocated from the range 61184..65519. The user will not be added to /etc/passwd (but an NSS module to be added later should make it show up in getent passwd). For now, care should be taken that the service writes no files to disk, since this might result in files owned by UIDs that might get assigned dynamically to a different service later on. Later patches will tighten sandboxing in order to ensure that this cannot happen, except for a few selected directories. A simple way to test this is: systemd-run -p DynamicUser=1 /bin/sleep 99999
2016-07-22nspawn: rework /etc/machine-id handlingLennart Poettering
With this change we'll no longer write to /etc/machine-id from nspawn, as that breaks the --volatile= operation, as it ensures the image is never considered in "first boot", since that's bound to the pre-existance of /etc/machine-id. The new logic works like this: - If /etc/machine-id already exists in the container, it is read by nspawn and exposed in "machinectl status" and friends. - If the file doesn't exist yet, but --uuid= is passed on the nspawn cmdline, this UUID is passed in $container_uuid to PID 1, and PID 1 is then expected to persist this to /etc/machine-id for future boots (which systemd already does). - If the file doesn#t exist yet, and no --uuid= is passed a random UUID is generated and passed via $container_uuid. The result is that /etc/machine-id is never initialized by nspawn itself, thus unbreaking the volatile mode. However still the machine ID configured in the machine always matches nspawn's and thus machined's idea of it. Fixes: #3611
2016-07-22sd-id128: split UUID file read/write code into new id128-util.[ch]Lennart Poettering
We currently have code to read and write files containing UUIDs at various places. Unify this in id128-util.[ch], and move some other stuff there too. The new files are located in src/libsystemd/sd-id128/ (instead of src/shared/), because they are actually the backend of sd_id128_get_machine() and sd_id128_get_boot(). In follow-up patches we can use this reduce the code in nspawn and machine-id-setup by adopted the common implementation.
2016-07-05Merge pull request #3638 from whot/udev-prop-touchpad-integrationLennart Poettering
tag touchpads as internal/external
2016-07-03build-sys: link test-keymap-util against libsystemd-sharedFelipe Sateler
2016-07-03tests: run file via libtool to determine shell scriptsFelipe Sateler
The actual output file might be a wrapper script, so lets follow the indirection Fixes: #3644
2016-07-01hwdb: add a 70-touchpad.hwdb to tag internal vs external touchpadsPeter Hutterer
Add a new key ID_INPUT_TOUCHPAD_INTEGRATION=internal|external so we have a single source for figuring out which touchpads are built-in. Fairly simple approach: bluetooth is external, usb is external unless it's an Apple touchpad. Everything else is internal.
2016-06-29Merge pull request #3516 from fsateler/shared-basicLennart Poettering
build-sys: Convert libshared into a private shared library
2016-06-26catalog: make support URL to show in shipped catalog entries configurable ↵Lennart Poettering
(#3597) Let's allow distros to change the support URL to expose in catalog entries by default. It doesn't make sense to direct end-users to the upstream project for common errors. This adds a --with-support-url= switch to configure, which allows overriding the default at build-time. Fixes: #2516
2016-06-24build-sys: Add new libsystemd-shared private libraryFelipe Sateler
Link as many binaries as possible with it, to save storage space. Preserve the static libshared and libbasic for use in libraries, nss modules and udev. Libraries need to be static in order to avoid polluting the symbol namespace. Udev needs to be static so downstream can avoid strict version dependencies with the systemd package, and this can complicate upgrade scenarios.
2016-06-24build-sys: do not recompile everything for libsystemdFelipe Sateler
2016-06-24Merge pull request #3549 from poettering/resolved-moreTom Gundersen
resolved: more fixes, among them "systemctl-resolve --status" to see DNS configuration in effect, and a local DNS stub listener on 127.0.0.53
2016-06-23build-sys: move fdset.[ch] src/basic → src/shared (#3580)Lennart Poettering
It makes use of the sd_listen_fds() call, and as such should live in src/shared, as the distinction between src/basic and src/shared is that the latter may use libsystemd APIs, the former does not. Note that btrfs-util.[ch] and log.[ch] also include header files from libsystemd, but they only need definitions, they do not invoke any function from it. Hence they may stay in src/basic.
2016-06-21resolved: respond to local resolver requests on 127.0.0.53:53Lennart Poettering
In order to improve compatibility with local clients that speak DNS directly (and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process any queries made that way. Note that resolved does not implement a full DNS server on this port, but simply enough to allow normal, local clients to resolve RRs through resolved. Specifically it does not implement queries without the RD bit set (these are requests where recursive lookups are explicitly disabled), and neither queries with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with validation turned off). It also refuses zone transfers and obsolete RR types. All lookups done this way will be rejected with a clean error code, so that the client side can repeat the query with a reduced feature set. The code will set the DNSSEC AD flag however, depending on whether the data resolved has been validated (or comes from a local, trusted source). Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary, but this is only partially useful as DNS packets cannot carry IP scope data (i.e. the ifindex), and hence link-local addresses returned cannot be used properly (and given that LLMNR/mDNS are mostly about link-local communication this is quite a limitation). Also, given that DNS tends to use IDNA for non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1. In general this should improve compatibility with clients bypassing NSS but it is highly recommended for clients to instead use NSS or our native bus API. This patch also beefs up the DnsStream logic, as it reuses the code for local TCP listening. DnsStream now provides proper reference counting for its objects. In order to avoid feedback loops resolved will no silently ignore 127.0.0.53 specified as DNS server when reading configuration. resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave the latter free for local, external DNS servers or forwarders. This also changes the "etc.conf" tmpfiles snippet to create a symlink from /etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this stub the default mode of operation if /etc is not populated.
2016-06-18Ensure kdbus isn't used (#3501)Dave Reisner
Delete the dbus1 generator and some critical wiring. This prevents kdbus from being loaded or detected. As such, it will never be used, even if the user still has a useful kdbus module loaded on their system. Sort of fixes #3480. Not really, but it's better than the current state.
2016-06-16networkd: added support for vrf interfaces (#3316)Andreas Rammhold
2016-06-13Merge pull request #3491 from poettering/hwdb-acpiTom Gundersen
hwdb: update UEFI/ACPI/PNP/EISA/EDID database from UEFI web site
2016-06-13Merge pull request #3384 from keszybz/localed-keymapLennart Poettering
More verbose logging in localed, unit tests, and a few tweaks to keymap conversions
2016-06-11test-keymap-util: use kbd-model-map/language-fallback-map from $(srcdir)Zbigniew Jędrzejewski-Szmek
This adds (undocumented) environment variables SYSTEMD_KBD_MODEL_MAP and SYSTEMD_LANGUAGE_FALLBACK_MAP, which, if set, override compiled-in locations of those two files. Instead of skipping tests when the maps are not installed, just use the one from the source dir. We still cannot do the mappings the other way if /usr/lib/kbd/keymaps is not present, so truncate the tests in that case. Also tweak the debug messages a bit to make it easier to see which function is failing.
2016-06-10hwdb: update UEFI/ACPI/PNP/EISA/EDID database from UEFI web siteFederico Mena Quintero
Let's hook up the ACPI database we maintain from the upstream UEFI sources. This adds a tool to convert the database provided upstream to our native format, similar to how this is handled for the PCI and USB databases. Note that the upstream web site claims to offer an XLS download, but the actual data made available is an HTML file in reality, just one with the ".xls" suffix... The data provided from the UEFI folks is not very high quality nor complete, hence apply a patch after the conversion step that fixes up a few things and adds in more entries from various sources. For example, the EDID ids maintained by GNOME and other sources have been added too, as they all appear to use the same ID namespace. This also adds explicit support for 4 character ACPI ids, in addition to the normal 3 character PNP ids. Also fixes: https://bugs.freedesktop.org/show_bug.cgi?id=90524
2016-06-10networkd: add support to configure VLAN on bridge portsTobias Jungel
2016-06-09networkd: clean up vlan handling a bit (#3478)Lennart Poettering
Let's add a generic parser for VLAN ids, which should become handy as preparation for PR #3428. Let's also make sure we use uint16_t for the vlan ID type everywhere, and that validity checks are already applied at the time of parsing, and not only whne we about to prepare a netdev. Also, establish a common definition VLANID_INVALID we can use for non-initialized VLAN id fields.
2016-06-06network: beef up ipv6 RA support considerablyLennart Poettering
This reworks sd-ndisc and networkd substantially to support IPv6 RA much more comprehensively. Since the API is extended quite a bit networkd has been ported over too, and the patch is not as straight-forward as one could wish. The rework includes: - Support for DNSSL, RDNSS and RA routing options in sd-ndisc and networkd. Two new configuration options have been added to networkd to make this configurable. - sd-ndisc now exposes an sd_ndisc_router object that encapsulates a full RA message, and has direct, friendly acessor functions for the singleton RA properties, as well as an iterative interface to iterate through known and unsupported options. The router object may either be retrieved from the wire, or generated from raw data. In many ways the sd-ndisc API now matches the sd-lldp API, except that no implicit database of seen data is kept. (Note that sd-ndisc actually had a half-written, but unused implementaiton of such a store, which is removed now.) - sd-ndisc will now collect the reception timestamps of RA, which is useful to make sd_ndisc_router fully descriptive of what it covers. Fixes: #1079
2016-06-06keymap-util: add tests and fix one small bugZbigniew Jędrzejewski-Szmek
When converting an empty x11 variant, we would not delete vconsole mapping properly. find_legacy_keymap() is made non-static. I think it's important to be able to test it. In principle we could also test it through the higher-level interface of x11_convert_to_vconsole, but x11_convert_to_vconsole also uses find_converted_keymap, and it's better to test at this lower level. Note that find_legacy_keymap might be a bit of a misnomer, because we'd probably want to keep kbd-model-map even if the "legacy" layouts went away. So we might want to change this name, but I'm leaving that for another commit.