summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-06-03core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379)Topi Miettinen
New exec boolean MemoryDenyWriteExecute, when set, installs a seccomp filter to reject mmap(2) with PAGE_WRITE|PAGE_EXEC and mprotect(2) with PAGE_EXEC.
2016-06-03Merge pull request #3409 from tomty89/update-2Lennart Poettering
networkd-dhcp6: DHCPv6 starting fixes
2016-06-03Merge pull request #3418 from htejun/cgroup2-log-compatLennart Poettering
core: log cgroup legacy and unified hierarchy setting translations
2016-06-03core: always use "infinity" for no upper limit instead of "max" (#3417)Tejun Heo
Recently added cgroup unified hierarchy support uses "max" in configurations for no upper limit. While consistent with what the kernel uses for no upper limit, it is inconsistent with what systemd uses for other controllers such as memory or pids. There's no point in introducing another term. Update cgroup unified hierarchy support so that "infinity" is the only term that systemd uses for no upper limit.
2016-06-03missing include added for build with -DDEBUG (#3424)Tobias Jungel
2016-06-03resolved: fix comments in resolve.conf for search domain overflows (#3422)Martin Pitt
Write comments about "too many search domains" and "Total length of all search domains is too long" just once. Also put it on a separate line, as resolv.conf(5) only specifies comments in a line by themselves. This is ugly to do if write_resolv_conf_search() gets called once for every search domain. So change it to receive the complete OrderedSet instead and do the iteration by itself. Add test cases to networkd-test.py. https://launchpad.net/bugs/1588229
2016-06-02core: log cgroup legacy and unified hierarchy setting translationsTejun Heo
To accommodate changes in kernel interface, cgroup unified hierarchy support added several configuration items which overlap with the existing resource control settings and there is simple config translation between the overlapping settings to ease the transition. As why certain cgroup knobs are being configured can become confusing, this patch adds a master warning message which is printed once when such translation is first used and logs each translation with a debug message. v2: - Switched to log_unit*().
2016-06-02core: pass Unit into cgroup_context_apply() and use log_unit*()Tejun Heo
cgroup_context_apply() and friends take CGroupContext and cgroup path as input and has no way of getting back to the associated Unit and thus uses raw cgroup path for logging. This makes the log messages difficult to track down. There's no reason to avoid passing in Unit into these functions. Pass in Unit and use log_unit*() instead. While at it, make cgroup_context_apply(), which has no outside users, static. Also, drop cgroup path from log messages where the path itself isn't too interesting and can be easily obtained from the unit.
2016-06-02networkd-ndisc: do not start DHCPv6 when after NDISC timeoutTom Yan
For it's silly and unnecessary. Although it was apparently mandated by RFC 2462 in [5.5.2. Absence of Router Advertisements], that has been changed in the same section of RFC 4862, which obsoleted the former RFC.
2016-06-01core: add pre-defined syscall groups to SystemCallFilter= (#3053) (#3157)Topi Miettinen
Implement sets of system calls to help constructing system call filters. A set starts with '@' to distinguish from a system call. Closes: #3053, #3157
2016-06-01networkd-dhcp6: generalize DHCPv6 client (re)startingTom Yan
dhcp6_request_address() was merely a function to switch the DHCPv6 client from "stateless" mode to "stateful" mode. It was also a one-way switch. Also, to (re)start the client, we would need to repeat separate function calls. In this patch, dhcp6_request_address() is made a general starter/manager of the DHCPv6 client. It now takes an extra parameter so we will be specifying which mode the DHCPv6 client should be started in. Also it will keep track of the current mode and compare with the newly requested mode, and only restart the client in case there is a difference between them. This also makes sure that the DHCPv6 client will be (re)started accordingly as per the Router Advertisement flags.
2016-05-31systemctl: systemctl show --property' needs verification of property (#3364)Susant Sahani
systemctl --property doesn't validate if a requested property is valid or not, and always returns with an exit code of 0, regardless of whether the requested property exists or not. How reproducible: This works fine: Id=multi-user.target But put in a non-existing property: Id=default.targets.service Id=default.targets.service 0 [root@shou18lkvm8 ~]# systemctl show --property Id this.is.rubbish; echo $? Id=this.is.rubbish.service 0 After: sus@maximus bz-95593]$ ./systemctl show --property Id this.is.rubbish; echo $? Can't display property this.is.rubbish. Unit this.is.rubbish.service does not exist. 4 fixes #2295
2016-05-31systemctl: Replace init script error codes with enum (#3400)Susant Sahani
Now we just using constants for the init script exit status codes. Replace those error codes with enum so that it's more meaningful and readable.
2016-05-31network: fix wrong include of source file "ether-addr-util.c" (#3402)Thomas Haller
Fixes: 9ed8b06c9be4a5efae432d5cf4b1c47d03e6f107
2016-05-30networkd: bridge add support to configure VLAN filtering (#3344)Tobias Jungel
This patch implements support for IFLA_BR_VLAN_FILTERING configuration.
2016-05-30systemctl: return diffrent error code if service exist or not (#3385)Susant Sahani
Before: [sus@maximus bz-1256858]$ systemctl status rsyslog.service;echo $? ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/rsyslog.service.d └─50-CPUShares.conf Active: inactive (dead) since Mon 2016-05-30 11:54:25 IST; 2h 26min ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 1159 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1159 (code=exited, status=0/SUCCESS) May 30 11:07:50 maximus systemd[1]: Starting System Logging Service... May 30 11:07:50 maximus systemd[1]: Started System Logging Service. May 30 11:54:25 maximus systemd[1]: Stopping System Logging Service... May 30 11:54:25 maximus systemd[1]: Stopped System Logging Service. 3 [sus@maximus bz-1256858]$ systemctl status hello.service;echo $? ● hello.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) 3 After: $ ./systemctl status hello.service;echo $? Failed to dump process list, ignoring: Access denied ● hello.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) 4 [sus@maximus bz-1256858]$ ./systemctl status rsyslog.service;echo $? Failed to dump process list, ignoring: Access denied ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/rsyslog.service.d └─50-CPUShares.conf Active: inactive (dead) since Mon 2016-05-30 11:54:25 IST; 2h 24min ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 1159 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1159 (code=exited, status=0/SUCCESS) May 30 11:07:50 maximus systemd[1]: Starting System Logging Service... May 30 11:07:50 maximus systemd[1]: Started System Logging Service. May 30 11:54:25 maximus systemd[1]: Stopping System Logging Service... May 30 11:54:25 maximus systemd[1]: Stopped System Logging Service. 3 Fixes: 1092
2016-05-30udevd: try close ctrl connection blocking socket only once when spawning a ↵Franck Bui
new worker (#3387)
2016-05-29util-lib: Add sparc64 support for process creation (#3348)Michael Karcher
The current raw_clone function takes two arguments, the cloning flags and a pointer to the stack for the cloned child. The raw cloning without passing a "thread main" function does not make sense if a new stack is specified, as it returns in both the parent and the child, which will fail in the child as the stack is virgin. All uses of raw_clone indeed pass NULL for the stack pointer which indicates that both processes should share the stack address (so you better don't pass CLONE_VM). This commit refactors the code to not require the caller to pass the stack address, as NULL is the only sensible option. It also adds the magic code needed to make raw_clone work on sparc64, which does not return 0 in %o0 for the child, but indicates the child process by setting %o1 to non-zero. This refactoring is not plain aesthetic, because non-NULL stack addresses need to get mangled before being passed to the clone syscall (you have to apply STACK_BIAS), whereas NULL must not be mangled. Implementing the conditional mangling of the stack address would needlessly complicate the code. raw_clone is moved to a separete header, because the burden of including the assert machinery and sched.h shouldn't be applied to every user of missing_syscalls.h
2016-05-29Merge pull request #3378 from keszybz/unit-write-drop-in-newline-removalLennart Poettering
Remove newlines from drop in format strings + some formatting fixes
2016-05-29Fix FS_EXTENT_FL description (#3381)kpengboy
2016-05-28tree-wide: remove newlines from unit_write_drop_inZbigniew Jędrzejewski-Szmek
This reverts part of #3329, but all for a good cause.
2016-05-28core/unit: append newline when writing drop insZbigniew Jędrzejewski-Szmek
unit_write_drop_in{,_private}{,_format} are all affected. We already append a header to the file (and section markers), so those functions can only be used to write a whole file at once. Including the newline at the end feels natural. After this commit newlines will be duplicated. They will be removed in subsequent commit. Also, rewrap the "autogenerated" header to fit within 80 columns.
2016-05-28Merge pull request #3326 from tomty89/update-2Zbigniew Jędrzejewski-Szmek
networkd: IPv6 fixes
2016-05-28Merge pull request #3360 from glaubitz/masterZbigniew Jędrzejewski-Szmek
Fix multiple unaligned accesses in test-dns-packet and sd-dhcp-server.
2016-05-28Typo fix: s/advertisment/advertisement/Zbigniew Jędrzejewski-Szmek
2016-05-28systemctl: remove empty line between comment and actionZbigniew Jędrzejewski-Szmek
It's harder to miss the comment without the newline ;) See https://github.com/systemd/systemd/pull/3336#issuecomment-221749423 for context.
2016-05-28Merge pull request #3328 from poettering/ipv4ll-ipv4acd-fixesZbigniew Jędrzejewski-Szmek
various sd-Ipv4ll/sd-ipv4acd fixes
2016-05-28Merge pull request #3336 from eworm-de/systemctl-set-defaultZbigniew Jędrzejewski-Szmek
systemctl: return success for set-default, add-wants, add-requires...
2016-05-28login: Fix policy for org.freedesktop.login1.set-self-linger (#3365) (#3373)Michael Biebl
We need to explicitly define authorizations for allow_inactive and allow_active. Otherwise one is getting "Access denied" when run from a local console: $ loginctl enable-linger Could not enable linger: Access denied
2016-05-28networkd: disable IPv6 for bridge slaveTom Yan
If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
2016-05-28networkd: unset master if not enslaved with networkdTom Yan
When we manage an interface with networkd but not as a slave (i.e. no `Bridge=` or `Bond=` set in its .network), we do not want it to remain slaved.
2016-05-27networkd/sd-dhcp-server: Fix unaligned access in parse_request().John Paul Adrian Glaubitz
2016-05-27core: add cgroup memory controller support on the unified hierarchy (#3315)Tejun Heo
On the unified hierarchy, memory controller implements three control knobs - low, high and max which enables more useable and versatile control over memory usage. This patch implements support for the three control knobs. * MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and memory.max, respectively. * As all absolute limits on the unified hierarchy use "max" for no limit, make memory limit parse functions accept "max" in addition to "infinity" and document "max" for the new knobs. * Implement compatibility translation between MemoryMax and MemoryLimit. v2: - Fixed missing else's in config_parse_memory_limit(). - Fixed missing newline when writing out drop-ins. - Coding style updates to use "val > 0" instead of "val". - Minor updates to documentation.
2016-05-27Merge pull request #3329 from htejun/dbus-cgroup-fixesLennart Poettering
dbus-cgroup fixes
2016-05-27core: fix missing newline when writing drop-in for WorkingDirectory (#3337)Tejun Heo
2016-05-27systemctl: fix code path (and memory leak) on errorChristian Hesse
2016-05-27systemctl: fix return values on successChristian Hesse
2016-05-27systemctl: remove extra commaChristian Hesse
2016-05-26resolve/test-dns-packet: Fix unaligned access in test_packet_from_file().John Paul Adrian Glaubitz
2016-05-26nspawn: rename arg_retain to arg_caps_retainDjalal Harouni
The argument is about capabilities.
2016-05-26nspawn: split out seccomp call into nspawn-seccomp.[ch]Djalal Harouni
Split seccomp into nspawn-seccomp.[ch]. Currently there are no changes, but this will make it easy in the future to share or use the seccomp logic from systemd core.
2016-05-26nspawn: rename is_procfs_sysfs_or_suchlike() to is_fs_fully_userns_compatible()Djalal Harouni
Rename is_procfs_sysfs_or_suchlike() to is_fs_fully_userns_compatible() to give it the real meaning. This may prevent future modifications that may introduce bugs.
2016-05-26nspawn: a bench of special fileystems that should not be shiftedDjalal Harouni
Add some special filesystems that should not be shifted, most of them relate to the host and not to containers.
2016-05-26{machine,system}ctl: always pass &changes and &n_changes (#3350)Christian Hesse
We have to pass addresses of changes and n_changes to bus_deserialize_and_dump_unit_file_changes(). Otherwise we are hit by missing information (subsequent calls to unit_file_changes_add() to not add anything). Also prevent null pointer dereference in bus_deserialize_and_dump_unit_file_changes() by asserting. Fixes #3339
2016-05-26ipv4ll: shorten some checks by using IN_SET a bitLennart Poettering
As suggested: https://github.com/systemd/systemd/pull/3328#discussion-diff-64285764
2016-05-26sd-ndisc: small coding style fixesLennart Poettering
Let's use usec_t internally always, when dealing with time values. Let's use uint8_t* pointers if we are dealing with generic byte pointers.
2016-05-26sd-ndisc: add more whitespaceLennart Poettering
Whitespace doesn't hurt and helps structuring things.
2016-05-26sd-ndisc: stop discovery properly when something failsLennart Poettering
2016-05-26sd-ndisc: rework size checking in ndisc_ra_parse()Lennart Poettering
Let's better check the size before we subtract. Also, let's change the size argument to size_t, as it cannot be signed anyway. Finally, use EBADMSG for indicating invalid packets, like we do everywhere else.
2016-05-26sd-ndisc: simplify clamping of router "pref" parameterLennart Poettering