summaryrefslogtreecommitdiff
path: root/src/basic
AgeCommit message (Collapse)Author
2015-10-20Merge pull request #1619 from iaguis/nspawn-sysfs-netns-3Lennart Poettering
nspawn: skip /sys-as-tmpfs if we don't use private-network
2015-10-20nspawn: skip /sys-as-tmpfs if we don't use private-networkIago López Galeiras
Since v3.11/7dc5dbc ("sysfs: Restrict mounting sysfs"), the kernel doesn't allow mounting sysfs if you don't have CAP_SYS_ADMIN rights over the network namespace. So the mounting /sys as a tmpfs code introduced in d8fc6a000fe21b0c1ba27fbfed8b42d00b349a4b doesn't work with user namespaces if we don't use private-net. The reason is that we mount sysfs inside the container and we're in the network namespace of the host but we don't have CAP_SYS_ADMIN over that namespace. To fix that, we mount /sys as a sysfs (instead of tmpfs) if we don't use private network and ignore the /sys-as-a-tmpfs code if we find that /sys is already mounted as sysfs. Fixes #1555
2015-10-19strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_Zbigniew Jędrzejewski-Szmek
2015-10-19tree-wide: whenever we deal with passwords, erase them from memory after useLennart Poettering
A bit snake-oilish, but can't hurt.
2015-10-19Merge pull request #1598 from evverx/run-oomscoreadjustLennart Poettering
systemd-run can launch units with OOMScoreAdjust
2015-10-18Merge pull request #1595 from poettering/proxy-fixesDavid Herrmann
bus proxy fixes, and more
2015-10-17util: add func for checking OOMScoreAdjustEvgeny Vereshchagin
2015-10-15sd-netlink: refcount multicast groupsTom Gundersen
Track the number of matches installed for a given multicast group, and leave the group once no matches depend on it. In order to handle passed-in sockets that are already members of multicast groups we initialize the refcount based on the membership once we take over the socket. This way we will leave the socket in the state we found it once we finish with it. On kernels that do not fully support reading out the multicast group membership we fall back to never leaving any groups (as before).
2015-10-15btrfs: always remove the per-subvol qgroup when removing a subvolLennart Poettering
btrfs doesn't do that automatically, hence let's do that explicitly each time.
2015-10-15basic: calendarspec UTC supportHristo Venev
Just add " UTC" to the end of the event expression. Works for the special expressions.
2015-10-15basic: parse_timestamp UTC and fractional seconds supportHristo Venev
2015-10-15basic: add mktime_or_timegm and localtime_or_gmtime_rHristo Venev
to time-util.h. They take an extra argument `bool utc`.
2015-10-14util: add functions for validating syslog level and facilityEvgeny Vereshchagin
2015-10-08util: minor modernization of vt_disallocate()Lennart Poettering
2015-10-08util: do not reset terminal in acquire_terminal()Lennart Poettering
Before, we'd always reset acquired terminals, which is not really desired, as we expose a setting TTYReset= which is supposed to control whether the TTY is reset or not. Previously that setting would only enable a second resetting of the TTY, which is of course pointless... Hence, move the implicit resetting out of acquire_terminal() and make the callers do it if they need it.
2015-10-08machined: when opening a shell via machined, pass tty fds inLennart Poettering
With this change we'll open the shell's tty right from machined and then pass it to the transient unit we create. This way we make sure the pty is opened exactly as long as the transient service is around, and no longer, and vice versa. This way pty forwarders do not have to deal with EIO problems due to vhangup, as the pty is open all the time from the point we set things up to the point where the service goes away.
2015-10-08basic: move two more terminal-related calls into terminal-util.[ch]Lennart Poettering
2015-10-07util: always enforce O_NOCTTY and O_CLOEXEC in openpt_in_namespace()Lennart Poettering
The child process is shortliving, hence always set O_NOCTTY so that the tty doesn't quickly become controlling TTY and then gives it up again. Also set O_CLOEXEC, because it's cleaner, and doesn't affect the parent anyway.
2015-10-07Merge pull request #1484 from poettering/ask-pass-kernel-keyringDaniel Mack
cache harddisk passwords in the kernel keyring
2015-10-07basic: fix env expansion for strings leading with two dollar signsMichal Schmidt
The way to escape a literal dollar sign is to write "$$". But this does not work right if it's at the beginning of the argument. Fix it.
2015-10-07ask-password: add support for caching passwords in the kernel keyringLennart Poettering
This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07Merge pull request #1481 from again4you/devel/smack_sysuser_#4Daniel Mack
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled (v3)
2015-10-07strv: fix infinite loop in strv_extend_n()reverendhomer
Fixes Coverity #1325768
2015-10-07smack: label /etc/passwd and friends as '_' smack label when ↵Sangjung Woo
--with-smack-run-label' is enabled systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
2015-10-06siphash24: coding-style fixesTom Gundersen
Drop custom types. Drop unnecessary macros. Fix whitespace. Add asserts.
2015-10-06siphash24: unify APITom Gundersen
Make the API of the new helpers more similar to the old wrapper. In particular we now return the hash as a byte string to avoid any endianness problems.
2015-10-06Merge pull request #1469 from poettering/even-more-fixedDaniel Mack
Even more fixes
2015-10-06Merge pull request #1465 from teg/siphash24Lennart Poettering
hashmap/siphash24: refactor hash functions
2015-10-06util: some comment fixes in fdname_is_valid()Lennart Poettering
2015-10-06strv: properly return ENOMEM where we should in strv_extend_n()Lennart Poettering
2015-10-06Merge pull request #1468 from poettering/fdnamesTom Gundersen
Add support for naming fds for socket activation and more
2015-10-06core: add support for naming file descriptors passed using socket activationLennart Poettering
This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-06Merge pull request #1452 from poettering/journal-vacuumDaniel Mack
A variety of journal vacuuming improvements, plus an nspawn fix
2015-10-05hashmap: hash_funcs - make inputs unambiguousTom Gundersen
Make sure all variable-length inputs are properly terminated or that their length is encoded in some way. This avoids ambiguity of adjacent inputs. E.g., in case of a hash function taking two strings, compressing "ab" followed by "c" is now distinct from "a" followed by "bc".
2015-10-05hashmap: refactor hash_funcTom Gundersen
All our hash functions are based on siphash24(), factor out siphash_init() and siphash24_finalize() and pass the siphash state to the hash functions rather than the hash key. This simplifies the hash functions, and in particular makes composition simpler as calling siphash24_compress() repeatedly on separate chunks of input has the same effect as first concatenating the input and then calling siphash23_compress() on the result.
2015-10-05siphash24: expose the internal helper functionsTom Gundersen
2015-10-05siphash24: make siphash24_compress decomposableTom Gundersen
This allows the input to siphash24_compress to be decomposed into smaller chunks and the function to be called on each individual chunk.
2015-10-05siphash24: move last compression iteration from compression step to ↵Tom Gundersen
finalization step The last compression is special as it deals with the length byte, and padding. Move it to the finalization step in preparation for making compression decomposable.
2015-10-05siphash24: split out the compression stepTom Gundersen
2015-10-05siphash24: split out the finalization stepTom Gundersen
2015-10-05siphash24: introduce state structTom Gundersen
Encapsulate the four state variables in a struct so we can more easily pass them around.
2015-10-05missing.h : add bridge paramsSusant Sahani
2015-10-02util: rework fgetxattrat_fake() to use O_PATHLennart Poettering
That way, we don't ever open the file, thus leave the atime untouched, and this works even when unprivileged.
2015-10-01logind: remove warn_melody() logicLennart Poettering
The internal speaker is usually not available on modern latops that support suspend, and even if it is available in the hardware, most distributions turned support for it off in the kernel. And even if it is enabled, it's probably still a bad idea to make use of it for the suspend-failures. If anything a proper sound should be played. Long story short, let's remove support of this anachronism.
2015-10-01Merge pull request #1426 from poettering/log-syntaxDaniel Mack
logging fixes and more
2015-09-30Merge pull request #1419 from keszybz/shell-completionLennart Poettering
Shell completion tweaks
2015-09-30tree-wide: remove a number of invocations of strerror() and replace by %mLennart Poettering
Let's clean up our tree a bit, and reduce invocations of the thread-unsafe strerror() by replacing it with printf()'s %m specifier.
2015-09-30basic: split out cpu set specific APIs into cpu-set-util.[ch]Lennart Poettering
2015-09-30util: there cannot be trailing garbage when parsing cpu setsLennart Poettering
extract_first() already skips trailing whitespace, hence no reason to explicitly check for it.
2015-09-30util: rename parse_cpu_set() to parse_cpu_set_and_warn()Lennart Poettering
It's pretty untypical for our parsing functions to log on their own. Clarify in the name that this one does.