summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)Author
2016-12-21verity: add support for setting up verity-protected root disks in the initrdLennart Poettering
This adds a generator and a small service that will look for "roothash=" on the kernel command line and use it for setting up a very partition for the root device. This provides similar functionality to nspawn's existing --roothash= switch.
2016-12-21fstab-generator: add support for volatile bootsLennart Poettering
This adds support for a new kernel command line option "systemd.volatile=" that provides the same functionality that systemd-nspawn's --volatile= switch provides, but for host systems (i.e. systems booting with a kernel). It takes the same parameter and has the same effect. In order to implement systemd.volatile=yes a new service systemd-volatile-root.service is introduced that only runs in the initrd and rearranges the root directory as needed to become a tmpfs instance. Note that systemd.volatile=state is implemented different: it simply generates a var.mount unit file that is part of the normal boot and has no effect on the initrd execution. The way this is implemented ensures that other explicit configuration for /var can always override the effect of these options. Specifically, the var.mount unit is generated in the "late" generator directory, so that it only is in effect if nothing else overrides it.
2016-12-20nspawn: split out VolatileMode definitionsLennart Poettering
This moves the VolatileMode enum and its helper functions to src/shared/. This is useful to then reuse them to implement systemd.volatile= in a later commit.
2016-12-14build-sys: include the builddir in $PATH while testingLennart Poettering
udev-test.pl shells out systemd-detect-virt, and it really should invoke the version from the build tree instead of one supplied by the installed system, hence let's add the builddir to $PATH while building.
2016-12-13core: hook up MountFlags= to the transient unit logicLennart Poettering
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making MountFlags= to the list of properties that may be accessed transiently.
2016-12-13core: machine_id_setup overwrites broken machine-idEvgeny Vereshchagin
2016-12-12Merge pull request #4771 from keszybz/udev-property-orderingMartin Pitt
Udev property ordering
2016-12-10Merge pull request #4844 from hadess/sensor-quirksLennart Poettering
udev: Add rules for accelerometer orientation quirks
2016-12-10udev: Add rules for accelerometer orientation quirksBastien Nocera
This commit adds a rules file to extract the properties from hwdb to set on i2c IIO devices. This is used to set the ACCEL_MOUNT_MATRIX property on IIO devices, to be consumed by iio-sensor-proxy or equivalent daemon. The hwdb file contains documentation on how to write quirks. Note however that mount information is usually exported in: - the device-tree for ARM devices - the ACPI DSDT for Intel-compatible devices but currently not extracted by the kernel. Also note that some devices have the framebuffer rotation that changes between the bootloader and the main system, which might mean that the accelerometer is then wrongly oriented. This is a missing feature in the i915 kernel driver: https://bugs.freedesktop.org/show_bug.cgi?id=94894 which needs to be fixed, and won't require quirks.
2016-12-10Merge pull request #4795 from poettering/dissectZbigniew Jędrzejewski-Szmek
Generalize image dissection logic of nspawn, and make it useful for other tools.
2016-12-08Merge pull request #4686 from poettering/machine-id-app-specificZbigniew Jędrzejewski-Szmek
Add new "khash" API and add new sd_id128_get_machine_app_specific() function
2016-12-07dissect: add support for encrypted imagesLennart Poettering
This adds support to the image dissector to deal with encrypted images (only LUKS). Given that we now have a neatly isolated image dissector codebase, let's add a new feature to it: support for automatically dealing with encrypted images. This is then exposed in systemd-dissect and nspawn. It's pretty basic: only support for passphrase-based encryption. In order to ensure that "systemd-dissect --mount" results in mount points whose backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at the moment doesn't provide a proper API for this. Thankfully, the ioctl() API is pretty easy to use.
2016-12-07dissect: add small "systemd-dissect" tool as wrapper around dissect-image.cLennart Poettering
This adds a small tool that may be used to look into OS images, and mount them to any place. This is mostly a friendlier version of test-dissect-image.c. I am not sure this should really become a proper command of systemd, hence for now do not install it into bindir, but simply libexecdir. This tool is already pretty useful since you can mount image files with it, honouring the various partitions correctly. I figure this is going to become more interesting if the dissctor learns luks and verity support.
2016-12-07util-lib: split out image dissecting code and loopback code from nspawnLennart Poettering
This adds two new APIs to systemd: - loop-util.h is a simple internal API for allocating, setting up and releasing loopback block devices. - dissect-image.h is an internal API for taking apart disk images and figuring out what the purpose of each partition is. Both APIs are basically refactored versions of similar code in nspawn. This rework should permit us to reuse this in other places than just nspawn in the future. Specifically: to implement RootImage= in the service image, similar to RootDirectory=, but operating on a disk image; to unify the gpt-auto-discovery generator code with the discovery logic in nspawn; to add new API to machined for determining the OS version of a disk image (i.e. not just running containers). This PR does not make any such changes however, it just provides the new reworked API. The reworked code is also slightly more powerful than the nspawn original one. When pointing it to an image or block device with a naked file system (i.e. no partition table) it will simply make it the root device.
2016-12-01hwdb: improve and test syntax error messagesZbigniew Jędrzejewski-Szmek
Since syntax error are non-fatal, downgrade them to warnings. Use log_syntax to have uniform formatting including the line number. State machine states like DATA and MATCH are internal, user-facing messages should use the names from hwdb(7): match, property, record. Also change "key/value" to "key-value", since there's no alternative here, both parts must be present. [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:2] Property expected, ignoring record with no properties [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:5] Property expected, ignoring record with no properties [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:9] Property expected, ignoring record with no properties [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:11] Key/value pair expected but got " NO_VALUE", ignoring [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:18] Property or empty line expected, got "BAD:7:match at wrong place", ignoring record [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:22] Property or empty line expected, got "BAD:8:match at wrong place", ignoring record [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:23] Match expected but got indented property " Z=z", ignoring line squash! hwdb: improve syntax error messages
2016-11-29networkctl: install zsh completion from #3062 (#4767)Gabriel Rauter
zsh autocompletion provided by #3062 will be installed when networkd is enabled.
2016-11-29core: add "khash" API to src/basic/ (as wrapper around kernel AF_ALG)Lennart Poettering
Let's take inspiration from bluez's ELL library, and let's move our cryptographic primitives away from libgcrypt and towards the kernel's AF_ALG cryptographic userspace API. In the long run we should try to remove the dependency on libgcrypt, in favour of using only the kernel's own primitives, however this is unlikely to happen anytime soon, as the kernel does not provide Elliptic Curve APIs to userspace at this time, and we need them for the DNSSEC cryptographic. This commit only covers hashing for now, symmetric encryption/decryption or even asymetric encryption/decryption is not available for now. "khash" is little more than a lightweight wrapper around the kernel's AF_ALG socket API.
2016-11-29units: add system-update-cleanup.service to guard against offline-update loopsZbigniew Jędrzejewski-Szmek
Note: the name is "system-update-cleanup.service" rather than "system-update-done.service", because it should not run normally, and also because there's already "systemd-update-done.service", and having them named so similarly would be confusing. In https://bugzilla.redhat.com/show_bug.cgi?id=1395686 the system repeatedly entered system-update.target on boot. Because of a packaging issue, the tool that created the /system-update symlink could be installed without the service unit that was supposed to perform the upgrade (and remove the symlink). In fact, if there are no units in system-update.target, and /system-update symlink is created, systemd always "hangs" in system-update.target. This is confusing for users, because there's no feedback what is happening, and fixing this requires starting an emergency shell somehow, and also knowing that the symlink must be removed. We should be more resilient in this case, and remove the symlink automatically ourselves, if there are no upgrade service to handle it. This adds a service which is started after system-update.target is reached and the symlink still exists. It nukes the symlink and reboots the machine. It should subsequently boot into the default default.target. This is a more general fix for https://bugzilla.redhat.com/show_bug.cgi?id=1395686 (the packaging issue was already fixed).
2016-11-24tests: add hwdb parsing testMartin Pitt
This calls the built "systemd-hwdb update" on the source tree's hwdb/ in a temporary directory and verifies that there are no error messages.
2016-11-23networkd: allow networkd to set the timezone in timedatedMartin Pitt
systemd-networkd runs as user "systemd-network" and thus is not privileged to set the timezone acquired from DHCP: systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required. Similarly to commit e8c0de912, add a polkit rule to grant org.freedesktop.timedate1.set-timezone to the "systemd-network" system user. Move the polkit rules from src/hostname/ to src/network/ to avoid too many small distributed policy snippets (there might be more in the future), as it's easier to specify the privileges for a particular subject in this case. Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for all people except those in Pacific/Honolulu, there the test doesn't prove anything -- sorry ☺ ).
2016-11-20hostnamed: allow networkd to set the transient hostnameMartin Pitt
systemd-networkd runs as user "systemd-network" and thus is not privileged to set the transient hostname: systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required. Standard polkit *.policy files do not have a syntax for granting privileges to a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules file (for polkit >= 106) that grants the "systemd-network" system user that privilege. Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to cover this. Make do_test() a bit more flexible by interpreting "coldplug==None" as "test sets up the interface by itself". Change DnsmasqClientTest to set up test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a special host name for that. Fixes #4646
2016-11-15test: add tests for RestrictNamespaces=Djalal Harouni
2016-11-14networkd: clean up main header file a bitTom Gundersen
Rename networkd.h to networkd-manager.h, to more accurately describe what it contains.
2016-11-13networkd: netdev - move to separate subdirectoryTom Gundersen
This could (and should) be made into a separate daemon, at least move the sourcefiles out for now.
2016-11-13networkd-wait-online: move to separate subdirectoryTom Gundersen
Also clean up the header files a bit.
2016-11-12build-sys: do not install ctrl-alt-del.target symlink twiceZbigniew Jędrzejewski-Szmek
It was a harmless but pointless duplication. Fixes #4655. Note: in general we try to install as little as possible in /etc/systemd/{system,user}. We only install .wants links there for units which are "user configurable", i.e. which have an [Install] section. Most our units and aliases are not user configurable, do not have an [Install] section, and must be symlinked statically during installation. A few units do have an [Install] section, and are enabled through symlinks in /etc/ during installation using GENERAL_ALIASES. It *would* be possible to not create those symlinks, and instead require 'systemctl preset' to be invoked after installation, but GENERAL_ALIASES works well enough.
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
core: add new RestrictNamespaces= unit file setting Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08Merge pull request #4612 from keszybz/format-stringsZbigniew Jędrzejewski-Szmek
Format string tweaks (and a small fix on 32bit)
2016-11-08Adjust pkgconfig files to point at rootlibdir (#4584)Mike Gilbert
The .so symlinks got moved to rootlibdir in 082210c7.
2016-11-07Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek
We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-03build-sys: link test-seccomp against seccomp libs (#4560)Martin Pitt
Fixes build error on recent toolchains: ../src/test/test-seccomp.c:35: error: undefined reference to 'seccomp_arch_native' collect2: error: ld returned 1 exit status
2016-11-03test: test DynamicUser= with SupplementaryGroups=Djalal Harouni
2016-11-03test: test DynamicUser= with a fixed userDjalal Harouni
2016-11-02build-sys: bump package and library version in preparation for v232Lennart Poettering
2016-10-24Merge pull request #4450 from poettering/seccompfixesZbigniew Jędrzejewski-Szmek
Various seccomp fixes and NEWS update.
2016-10-24core: drop -.slice from shipped unitsLennart Poettering
Since this unit is synthesized anyway there's no point in actually shipping it on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *" won't be confused by the leading dash of the file name anymore.
2016-10-24seccomp: add test-seccomp test toolLennart Poettering
This validates the system call set table and many of our seccomp-util.c APIs.
2016-10-24test: lets add more tests to cover SupplementaryGroups= cases.Djalal Harouni
2016-10-23Merge pull request #4372 from evverx/fix-synced-cgroup-hierarchy-permsZbigniew Jędrzejewski-Szmek
2016-10-23tests/TEST-13-NSPAWN-SMOKE: remove an expected failure checkEvgeny Vereshchagin
https://github.com/systemd/systemd/issues/4352 has been fixed So, we don't need this workaround anymore
2016-10-23test: add more tests for SupplementaryGroups=Djalal Harouni
2016-10-23test: Add simple test for supplementary groupsDjalal Harouni
2016-10-21failure-action: generalize failure action to emergency actionLukas Nykryn
2016-10-17tests: add smoke test for systemd-nspawnEvgeny Vereshchagin
Basically, this test runs: ``` systemd-nspawn --register=no -D "$_root" -b systemd-nspawn --register=no -D "$_root" --private-network -b systemd-nspawn --register=no -D "$_root" -U -b systemd-nspawn --register=no -D "$_root" --private-network -U -b ``` and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]` Inspired by * systemd#3589 (comment) * systemd#4372 (comment) * systemd#4223 (comment) * systemd#1555 and so on :-)
2016-10-13Merge pull request #4243 from ↵Lennart Poettering
endocode/djalal/sandbox-first-protection-kernelmodules-v1 core:sandbox: Add ProtectKernelModules= and some fixes
2016-10-12build-sys: Allow disabling installation of pam config snippetFelipe Sateler
2016-10-12test: add test to make sure that ProtectKernelModules=yes disconnect mount ↵Djalal Harouni
propagation
2016-10-12test: add capability tests for ProtectKernelModules=Djalal Harouni
This just adds capabilities test.
2016-10-10unit: drop console-shell.service (#4298) (#4325)Franck Bui
console-shell.service was supposed to be useful for normal clean boots (i.e. multi-user.target or so), as a replacement for logind/getty@.service for simpler use cases. But due to the lack of documentation and sanity check one can easily be confused and enable this service in // with getty@.service. In this case we end up with both services sharing the same tty which ends up in strange results. Even worse, console-shell.service might be failing while getty@.service tries to acquire the terminal which ends up in the system to poweroff since console-shell.service uses: "ExecStopPost=-/usr/bin/systemctl poweroff". Another issue: this service doesn't work well if plymouth is also used since it lets the splash screen program run and mess the tty (at least a "plymouth quit" is missing). So let's kill it for now.