summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-12Merge pull request #167 from keszybz/line-oriented-ima-setupkeszybz
ima-setup: write policy one line at a time
2015-06-12selinux: whitespace fixesLennart Poettering
2015-06-12Merge pull request #173 from mischief/ipforwarding-3Lennart Poettering
IPForwarding=kernel v3
2015-06-12core: fix CID 996302Susant Sahani
CID 996302: Error handling issues (CHECKED_RETURN)
2015-06-11networkd: create "kernel" setting for IPForwardingNick Owens
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report.
2015-06-11Merge pull request #171 from teg/rtnl-broadcast-2David Herrmann
sd-rtnl: make joining broadcast groups implicit
2015-06-11sd-rtnl: make joining broadcast groups implicitTom Gundersen
2015-06-11Merge pull request #143 from teg/networkd-packets-per-slave-modeLennart Poettering
networkd: bond - only set packets_per_slave on balance-rr mode
2015-06-11Merge pull request #156 from filbranden/journal_leading_whitespaceLennart Poettering
journald: do not strip leading whitespace from messages
2015-06-11kmod-setup: don't print warning on -ENOSYSDaniel Mack
-ENOSYS is returned from kmod_module_probe_insert_module() if a module isn't available, not -ENOENT. Don't spit out a warning in that case unless the warn_if_unavailable flag is set. Also factor out the condition into an own variable for better readability.
2015-06-11sd-rtnl: use netlink header rather than ucred in socket_recv_message()Tom Gundersen
Lets us simplify the function and drop SO_PASSCRED. Thanks to Alexander Larsson and David Herrmann.
2015-06-11ima-setup: write policy one line at a timeZbigniew Jędrzejewski-Szmek
ima_write_policy() expects data to be written as one or more rules, no more than PAGE_SIZE at a time. Easiest way to ensure that we are not splitting rules is to read and write one line at a time. https://bugzilla.redhat.com/show_bug.cgi?id=1226948
2015-06-11kmod-setup: when we fail to load a kmod, log the error causeLennart Poettering
(Also, downgrade message from LOG_ERROR to LOG_WARNING, after all we don't care much and just proceed)
2015-06-11core: Let two more booleans survive a daemon-reloadWerner Fink
Without the boolean bus_name_good services as well as cgroup_realized for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID will be terminated if systemd will be daemon reloaded. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746151 https://bugs.freedesktop.org/show_bug.cgi?id=78311 https://bugzilla.opensuse.org/show_bug.cgi?id=934077
2015-06-11Merge pull request #158 from ssahani/netLennart Poettering
Net
2015-06-11Merge pull request #160 from kaysievers/libsplitDaniel Mack
build-sys: split internal basic/ library from shared/
2015-06-11Merge pull request #150 from poettering/journal-no-recv-loopLennart Poettering
journald: don't employ inner loop for reading from incoming sockets
2015-06-11build-sys: split internal basic/ library from shared/Kay Sievers
basic/ can be used by everything cannot use anything outside of basic/ libsystemd/ can use basic/ cannot use shared/ shared/ can use libsystemd/
2015-06-11sd-network: fix CID 1306198Susant Sahani
2015-06-11networkd: improve loggingSusant Sahani
Replace strerror() usage with log_netdev_error_errno()
2015-06-11networkd: macvlan improve loggingSusant Sahani
Replace strerror() usage with log_netdev_error_errno()
2015-06-10journald: do not strip leading whitespace from messagesFilipe Brandenburger
Keep leading whitespace for compatibility with older syslog implementations. Also useful when piping formatted output to the `logger` command. Keep removing trailing whitespace. Tested with `pstree | logger` and checking that the output of `journalctl | tail` included aligned and formatted output. Confirmed that all test cases still pass as expected.
2015-06-11Merge pull request #3 from threatgrid/more_cgtop_enhancementsLennart Poettering
cgtop enhancements for easier machine-readable output
2015-06-10cgtop: IO readings are valid if any data is available, even if unchanged ↵Charles Duffy
since last tick Emit "0" rather than "-" if no change in IO values are seen for a process since last tick, so long as accounting has registered content at all.
2015-06-11Merge pull request #6 from xnox/drop-nameLennart Poettering
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
2015-06-10Merge pull request #148 from teg/sd-network-raceLennart Poettering
sd-network: allow the state dir to be created after the monitor
2015-06-10Merge pull request #151 from mischief/dns-shared-3Lennart Poettering
move dns code from resolve to shared v3
2015-06-10bus: we now support path_namespace=/David Herrmann
Our bloom-filters support root-path matching. Make sure we properly add the path_namespace= tag.
2015-06-10bus: fix pattern matchingDavid Herrmann
DBus-spec defines two different pattern matchings: 1) Path and namespace prefix matching. In this case, A matches B either if both are equal, or if B is fully included in the namespace of A. In other words, A has to be a prefix of B, but end with a separator character (or the following character in B must be one). This is used for path_namespace= and arg0namespace= 2) The other pattern matching is used for arg0path= which does a two-way matching. That is, A must be a prefix of B, or B a prefix of A. Furthermore, the prefix must end with a separator. Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_' prefixes don't make any sense now, but.. eh..
2015-06-10bus: fix test-bus-kerne-bloom.c to match properlyDavid Herrmann
Make sure we actually verify our match-rules are executed properly. Right now all we test is the bloom-matches, which are non-reliable as they leave through false-positives.
2015-06-10bus: fix arg0path= two-way matchingDavid Herrmann
DBus spec clearly defines arg0path= to be a two-way matching. That is, either the matcher or the matchee can be a prefix of the other to match. This is not possible to implement with bloom-filters. Instead, we'd have to add a separate filter for each prefix. This is non-trivial, though. Hence, just skip the match for now and match locally.
2015-06-10bus: fix bloom_add_prefixes() to add all required dataDavid Herrmann
Lets look at an example where we add arg0="/foo/bar/waldo" to a bloom-filter. The following strings are added: "arg0:/foo/bar/waldo" "arg0-slash-prefix:/foo/bar" "arg0-slash-prefix:/foo" Two problems arise: 1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly states that equal strings are also considered prefixes. However, in the bloom-match, we can only provide a single match-filter. Therefore, we have to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in the bloom-mask of the message. Hence, this patch makes sure bloom_add_prefixes() adds the full path as prefix, too. 2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path does prefix-matching with the trailing slash _included_, unlike path_namespace= matches, which does *not* include them. This is inconsistent, but we have to support the specs. Therefore, we must add prefixes with _and_ without trailing separators. Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with the trailing slash included. The final set of strings added therefore is: "arg0:/foo/bar/waldo" "arg0-slash-prefix:/foo/bar/waldo" "arg0-slash-prefix:/foo/bar/" "arg0-slash-prefix:/foo/bar" "arg0-slash-prefix:/foo/" "arg0-slash-prefix:/foo" "arg0-slash-prefix:/"
2015-06-10libsystemd-network: use domain validation instead of hostname validation for ↵Nick Owens
dhcp domain option previously hostname_is_valid was used to validate domain names, which would silently drop perfectly valid dns names that were longer than a single dns label.
2015-06-10shared: add convenience function for validating dns namesNick Owens
2015-06-10resolve: move dns routines into sharedNick Owens
2015-06-10journald: don't employ inner loop for reading from incoming socketsLennart Poettering
Otherwise, if the socket is constantly busy we will never return to the event loop, but we really need to to dispatch other (possibly more high-priority) events too. Hence, return after dispatching one message to the event handler, and rely on the event loop calling us back right-away. Fixes #125
2015-06-10sd-network: allow the state dir to be created after the monitorTom Gundersen
We now listen for new subdirs of /run/systemd, and /run/systemd/netif in case /run/systemd/netif/links does not exist.
2015-06-10Merge pull request #147 from poettering/cmsgDaniel Mack
util: introduce CMSG_FOREACH() macro and make use of it everywhere
2015-06-10networkd: bond - only set packets_per_slave on balance-rr modeTom Gundersen
Otherwise the creation of the bond fails.
2015-06-10util: introduce CMSG_FOREACH() macro and make use of it everywhereLennart Poettering
It's only marginally shorter then the usual for() loop, but certainly more readable.
2015-06-10Fix typoZbigniew Jędrzejewski-Szmek
Follow up for 7c918141ed.
2015-06-10Merge pull request #142 from teg/sd-network-unref-NULLLennart Poettering
sd-network: allow NULL in sd_network_monitor_unref
2015-06-10sd-network: allow NULL in sd_network_monitor_unrefTom Gundersen
Match rest of codebase, we always allow unref'ing NULL.
2015-06-10Merge pull request #85 from keszybz/selinux-contextZbigniew Jędrzejewski-Szmek
2015-06-10test-copy: test copy_bytes()Zbigniew Jędrzejewski-Szmek
2015-06-10sd-bus: remove ucred parameter from bus_message_from_header() since we don't ↵Lennart Poettering
use it anymore
2015-06-10sd-bus: fix early exit when we lack all data in bus_get_owner_creds_dbus1()Lennart Poettering
2015-06-10bus-message: remove shadow warning with log_debug_bus_message()Lennart Poettering
2015-06-10journald: simplify context handlingZbigniew Jędrzejewski-Szmek
By using our homegrown function we can dispense with all the iffdefery.
2015-06-10sd-bus: store selinux context at connection timeZbigniew Jędrzejewski-Szmek
This appears to be the right time to do it for SOCK_STREAM unix sockets. Also: condition bus_get_owner_creds_dbus1 was reversed. Split it out to a separate variable for clarity and fix. https://bugzilla.redhat.com/show_bug.cgi?id=1224211