summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)Author
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-03resolved: run as unpriviliged "systemd-resolve" userTom Gundersen
This service is not yet network facing, but let's prepare nonetheless. Currently all caps are dropped, but some may need to be kept in the future.
2014-06-03networkd: drop CAP_SYS_MODULETom Gundersen
Rely on modules being built-in or autoloaded on-demand. As networkd is a network facing service, we want to limits its capabilities, as much as possible. Also, we may not have CAP_SYS_MODULE in a container, and we want networkd to work the same there. Module autoloading does not always work, but should be fixed by the kernel patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which is currently in net-next and which people may consider backporting if they want tunneling support without compiling in the modules. Early adopters may also use a module-load.d snippet and order systemd-modules-load.service before networkd to force the module loading of tunneling modules. This sholud fix the various build issues people have reported.
2014-06-02networkd: introduce veth device supportSusant Sahani
This patch adds veth device support to networkd. Example conf: File: veth.netdev [NetDev] Name=veth-test Kind=veth [Peer] Name=veth-peer
2014-06-01networkd: run as unpriviliged "systemd-network" userLennart Poettering
This allows us to run networkd mostly unpriviliged with the exception of CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter though...
2014-05-28virt: rework container detection logicLennart Poettering
Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-27build-sys: bump package and library versionLennart Poettering
2014-05-25nspawn: make nspawn robust to container failureDjalal Harouni
nspawn and the container child use eventfd to wait and notify each other that they are ready so the container setup can be completed. However in its current form the wait/notify event ignore errors that may especially affect the child (container). On errors the child will jump to the "child_fail" label and terminate with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd is created without the "EFD_NONBLOCK" flag, this leaves the parent blocking on the eventfd_read() call. The container can also be killed at any moment before execv() and the parent will not receive notifications. We can fix this by using cheap mechanisms, the new high level eventfd API and handle SIGCHLD signals: * Keep the cheap eventfd and EFD_NONBLOCK flag. * Introduce eventfd states for parent and child to sync. Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the parent from waiting on an event that will never come. * If the child is killed before execv() or before notifying the parent, we install a NOP handler for SIGCHLD which will interrupt blocking calls with EINTR. This gives a chance to the parent to call wait() and terminate in main(). * If there are no errors, parent will block SIGCHLD, restore default handler and notify child which will do execv(), then parent will pass control to process_pty() to do its magic. This was exposed in part by: https://bugs.freedesktop.org/show_bug.cgi?id=76193 Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-24shared: rename hwclock.[ch] to clock-util.[ch]Kay Sievers
2014-05-22build-sys: let libsystemd_network pull in libudev-internal.laKay Sievers
On Thu, May 22, 2014 at 9:53 AM, Jan Engelhardt <jengelh@inai.de> wrote: > > If libsystemd-network.la is relying on that udev function, it ought > to specify libudev(-internal).la in libsystemd_network_la_LIBADD.
2014-05-22build-sys: do not run symbol list export test for compat-only libsKay Sievers
The verbose link-time deprecation warnings are annoying. These libs will never change or be extended; there is no need to test the list of exported symbols.
2014-05-22build-sys: fix linking orderKay Sievers
./.libs/libsystemd-network.a(libsystemd_network_la-network-internal.o): network-internal.c:function net_get_unique_predictable_data: error: undefined reference to 'udev_device_get_property_value' collect2: error: ld returned 1 exit status
2014-05-22Makefile.am: fix whitespaceKay Sievers
2014-05-22build: put missing KMOD_CFLAGS into MakefileJan Engelhardt
The build fails if kmod is not in a default location.
2014-05-21logind: don't apply RemoveIPC= to system usersLennart Poettering
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
2014-05-19resolved: add daemon to manage resolv.confTom Gundersen
Also remove the equivalent functionality from networkd.
2014-05-18network: always take possession of host side of nspawn veth tunnels and do ↵Lennart Poettering
IPv4LL on them
2014-05-18timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still ↵Lennart Poettering
with CAP_SYS_TIME)
2014-05-16networkd: manager - read fallback DNS servers from config fileTom Gundersen
We will still use the compiled-in defaults if no DNS entry exists in the config file.
2014-05-15network: fix build failure, missing KMOD_XXX flagsCristian Rodríguez
- Add KMOD_CFLAGS and KMOD_LIBS where appropiate - networkd now requires kmod. make --disable-kmod --enable-networkd to raise an error.
2014-05-15readahead: add test to show fs_on_ssd() resultZbigniew Jędrzejewski-Szmek
2014-05-15sd-bus: introduce sd_bus_slot objects encapsulating callbacks or vtables ↵Lennart Poettering
attached to a bus connection This makes callback behaviour more like sd-event or sd-resolve, and creates proper object for unregistering callbacks. Taking the refernce to the slot is optional. If not taken life time of the slot will be bound to the underlying bus object (or in the case of an async call until the reply has been recieved).
2014-05-13shared: add ring bufferDavid Herrmann
New "struct ring" object that implements a basic ring buffer for arbitrary byte-streams. A new basic runtime test is also added. This will be needed for our pty helpers for systemd-console and friends.
2014-05-12networkd: introduce ipip tunnelSusant Sahani
This patch enables basic ipip tunnel support. It works with kernel module ipip example conf: file: ipip.netdev [NetDev] Name=ipip-tun Kind=ipip MTUBytes=1480 [Tunnel] Local=192.168.223.238 Remote=192.169.224.239 TTL=64 file: ipip.network [Match] Name=em1 [Network] Tunnel=ipip-tun [tomegun: - drop unused variable - take ref when enslaving]
2014-05-08timesyncd: only run when the system has a carrier on a network interfaceTom Gundersen
As the operational state detection in sd-network is still too primitive, timesyncd will likely try to connect a bit early, so the first attempt will fail.
2014-05-06timesyncd: hook up systemd-timesyncd with systemd-timedatedLennart Poettering
Later on we will probably remove support for controlling any other NTP implementations but systemd-timesyncd, but for now, let's keep things generic
2014-05-06timesyncd: read server settings from a configuration fileLennart Poettering
Also, allow compiling in a default server list via a configure command line item.
2014-05-05timesyncd: lookup name server via sd-resolve, support IPv6, react to ↵Lennart Poettering
SIGINT/SITERM
2014-05-05build-sys: move async.[ch] to src/sharedLennart Poettering
So that we can use it at multiple places.
2014-04-29build-sys: fix linking order for networkd-wait-onlyKay Sievers
2014-04-29sd-resolve: rework sd-resolve to be callback based, similar in style to ↵Lennart Poettering
sd-bus and sd-event
2014-04-29networkd: fix distcheckTom Gundersen
2014-04-29timesyncd: add unit and man pageKay Sievers
2014-04-28rename timedate-sntp to timesyncKay Sievers
2014-04-27libnetworkd: add link local testsUmut Tezduyar Lindskog
- Also only allow positive ifindex on both dhcp and ipv4ll [tomegun: the kernel always sets a positive ifindex, but some APIs accept ifindex=0 with various meanings, so we should protect against accidentally passing ifindex=0 along.]
2014-04-26networkd-wait-online: drop config file and add commandline options insteadTom Gundersen
2014-04-24errno: make sure to handle the 3 errnos that are aliases for others properlyLennart Poettering
2014-04-24networkd-wait-online: improve interoptability and enable by defaultTom Gundersen
To make sure we don't delay boot on systems where (some) network links are managed by someone else we don't block if something else has successfully brought up a link. We will still block until all links we are aware of that are managed by networkd have been configured, but if no such links exist, and someone else have configured a link sufficiently that it has a carrier, it may be that the link is ready so we should no longer block. Note that in all likelyhood the link is not ready (no addresses/routes configured), so whatever network managment daemon configured it should provide a similar wait-online service to block network-online.target until it is ready. The aim is to block as long as we know networking is not fully configured, but no longer. This will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't know whether networkd is the main/only network manager. Even in the case networking is fully configured by networkd, the default behavior may not be sufficient: if two links need to be configured, but the first is fully configured before the second one appears we will assume the network is up. To work around that, we allow specifying specific devices to wait for before considering the network up. This unit is enabled by default, just like systemd-networkd, but will only be pulled in if anyone pulls in network-online.target.
2014-04-22remove bus-driverd, the interface is now handled natively by bus-proxydKay Sievers
2014-04-19nss-myhostname: port to sd-rtnlTom Gundersen
2014-04-17build-sys: do not try to build test-rtnl-manual w/o kmodZbigniew Jędrzejewski-Szmek
2014-04-17build-sys: add libkmod flags for test_rtnl_manualŁukasz Stelmach
2014-04-13udev: remove seqnum API and all assumptions about seqnumsKay Sievers
The way the kernel namespaces have been implemented breaks assumptions udev made regarding uevent sequence numbers. Creating devices in a namespace "steals" uevents and its sequence numbers from the host. It confuses the "udevadmin settle" logic, which might block until util a timeout is reached, even when no uevent is pending. Remove any assumptions about sequence numbers and deprecate libudev's API exposing these numbers; none of that can reliably be used anymore when namespaces are involved.
2014-04-10bus: update kdbus.hKay Sievers
2014-04-10cgls: fix running with -M optionLukas Nykryn
systemd-machined doesn't store cgroup path in a state file anymore. Let's figure it out from the scope.
2014-04-02build-sys: remove no longer needed user/org.freedesktop.DBus.busnameKay Sievers
2014-03-28sd-rtnl: rework rtnl type systemTom Gundersen
Use a static table with all the typing information, rather than repeated switch statements. This should make it a lot simpler to add new types. We need to keep all the type info to be able to create containers without exposing their implementation details to the users of the library. As a freebee we verify the types of appended/read attributes. The API is extended to nicely deal with unions of container types.
2014-03-26build-sys: update "linkcheck"Kay Sievers
<kay> ssuominen: and drop --no-as-needed from the linkcheck? <kay> ssuominen: i expect it all triggers without the gc-sections thing alone <ssuominen> if the intention is to make it strict as possible, to catch undefined references caused by missing -lfoo in linker line, then LDFLAGS="-Wl,-fuse-ld=gold -Wl,--as-needed -Wl,--no-gc-sections"
2014-03-26build-sys: rename "check-broken" to "linkcheck"Kay Sievers
2014-03-26build-sys: split "make upload" and "make tango"Kay Sievers