summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-04-25nspawn: make -U a tiny bit smarterLennart Poettering
With this change -U will turn on user namespacing only if the kernel actually supports it and otherwise gracefully degrade to non-userns mode.
2016-04-25nspawn: allow configuration of user namespaces in .nspawn filesLennart Poettering
In order to implement this we change the bool arg_userns into an enum UserNamespaceMode, which can take one of NO, PICK or FIXED, and replace the arg_uid_range_pick bool with it.
2016-04-25nspawn: add -U as shortcut for --private-users=pickLennart Poettering
Given that user namespacing is pretty useful now, let's add a shortcut command line switch for the logic.
2016-04-25nspawn: optionally, automatically allocate a UID/GID range for userns containersLennart Poettering
This adds the new value "pick" to --private-users=. When specified a new UID/GID range of 65536 users is automatically and randomly allocated from the host range 0x00080000-0xDFFF0000 and used for the container. The setting implies --private-users-chown, so that container directory is recursively chown()ed to the newly allocated UID/GID range, if that's necessary. As an optimization before picking a randomized UID/GID the UID of the container's root directory is used as starting point and used if currently not used otherwise. To protect against using the same UID/GID range multiple times a few mechanisms are in place: - The first and the last UID and GID of the range are checked with getpwuid() and getgrgid(). If an entry already exists a different range is picked. Note that by "last" UID the user 65534 is used, as 65535 is the 16bit (uid_t) -1. - A lock file for the range is taken in /run/systemd/nspawn-uid/. Since the ranges are taken in a non-overlapping fashion, and always start on 64K boundaries this allows us to maintain a single lock file for each range that can be randomly picked. This protects nspawn from picking the same range in two parallel instances. - If possible the /etc/passwd lock file is taken while a new range is selected until the container is up. This means adduser/addgroup should safely avoid the range as long as nss-mymachines is used, since the allocated range will then show up in the user database. The UID/GID range nspawn picks from is compiled in and not configurable at the moment. That should probably stay that way, since we already provide ways how users can pick their own ranges manually if they don't like the automatic logic. The new --private-users=pick logic makes user namespacing pretty useful now, as it relieves the user from managing UID/GID ranges.
2016-04-25nspawn: optionally fix up OS tree uid/gids for usernsLennart Poettering
This adds a new --private-userns-chown switch that may be used in combination with --private-userns. If it is passed a recursive chmod() operation is run on the OS tree, fixing all file owner UID/GIDs to the right ranges. This should make user namespacing pretty workable, as the OS trees don't need to be prepared manually anymore.
2016-04-25util: copy_file_range() returns EBADF when used on a ttyLennart Poettering
In nspawn we invoke copy_bytes() on a TTY fd. copy_file_range() returns EBADF on a TTY and this error is considered fatal by copy_bytes() so far. Correct that, so that nspawn's copy_bytes() operation works again. This is a follow-up for a44202e98b638024c45e50ad404c7069c7835c04.
2016-04-22machinectl: don't parse command line switches after "shell" verb (#3095)Lennart Poettering
Fixes: #2420
2016-04-22tree-wide: remove unused variables (#3098)Thomas H. P. Andersen
2016-04-22Merge pull request #3094 from poettering/run-sliceZbigniew Jędrzejewski-Szmek
systemd-run: fix --slice= in conjunction with --scope
2016-04-22journal-remote : Ensure reallocation of source->buf does not result in ↵Klearchos Chaloulos
source->size < source->filled (#3086) While the function journal-remote-parse.c:get_line() enforces an assertion that source->filled <= source->size, in function journal-remote-parse.c:process_source() there is a chance that source->size will be decreased to a lower value than source->filled, when source->buf is reallocated. Therefore a check is added that ensures that source->buf is reallocated only when source->filled is smaller than target / 2.
2016-04-22run: make --slice= work in conjunction with --scopeLennart Poettering
Fixes: #2991
2016-04-22core: don't dispatch load queue when setting Slice= for transient unitsLennart Poettering
Let's be more careful when setting up the Slice= property of transient units: let's use manager_load_unit_prepare() instead of manager_load_unit(), so that the load queue isn't dispatched right away, because our own transient unit is in it, and we don#t want to have it loaded until we finished initializing it.
2016-04-22machinectl: fix misplaced newline in --help outputLennart Poettering
2016-04-22journalctl: add --no-hostname switchLennart Poettering
This suppresses output of the hostname for messages from the local system. Fixes: #2342
2016-04-22journalctl: add output mode where time is shown in seconds since 1st Jan ↵Lennart Poettering
1970 UTC aka "UNIX time". Fixes: #2120
2016-04-22shared: move output_mode_to_string() into output-mode.cLennart Poettering
After all, the enum definition is in output-mode.h
2016-04-22coredump,basic: generalize O_TMPFILE handling a bitLennart Poettering
This moves the O_TMPFILE handling from the coredumping code into common library code, and generalizes it as open_tmpfile_linkable() + link_tmpfile(). The existing open_tmpfile() function (which creates an unlinked temporary file that cannot be linked into the fs) is renamed to open_tmpfile_unlinkable(), to make the distinction clear. Thus, code may now choose between: a) open_tmpfile_linkable() + link_tmpfile() b) open_tmpfile_unlinkable() Depending on whether they want a file that may be linked back into the fs later on or not. In a later commit we should probably convert fopen_temporary() to make use of open_tmpfile_linkable(). Followup for: #3065
2016-04-22systemctl: add two minor assert()sLennart Poettering
2016-04-22path-lookup: optimize a common strv copy operation awayLennart Poettering
Follow-up for: https://github.com/systemd/systemd/pull/3033#discussion_r59689398
2016-04-22tree-wide: don't assume CLOCK_BOOTIME is generally availableLennart Poettering
Before we invoke now(CLOCK_BOOTTIME), let's make sure we actually have that clock, since now() will otherwise hit an assert. Specifically, let's refuse CLOCK_BOOTTIME early in sd-event if the kernel doesn't actually support it. This is a follow-up for #3037, and specifically: https://github.com/systemd/systemd/pull/3037#issuecomment-210199167
2016-04-22machine-id-setup: explicitly fsync() the machine ID after writingLennart Poettering
As discussed here: https://github.com/systemd/systemd/issues/2619#issuecomment-184670042 Explicitly syncing /etc/machine-id after writing it, is probably a good idea, since it has a strong "commit" character and is generally a one-time thing. Fixes #2619.
2016-04-22shared: move unit-specific code from bus-util.h to bus-unit-util.hLennart Poettering
Previously we'd have generally useful sd-bus utilities in bust-util.h, intermixed with code that is specifically for writing clients for PID 1, wrapping job and unit handling. Let's split the latter out and move it into bus-unit-util.c, to make the sources a bit short and easier to grok.
2016-04-22shared: drop kernel_thread bool from cgroups show codeLennart Poettering
Make this an output flag instead, so that our function prototypes can lose one parameter
2016-04-22loginctl,machinectl: also make use of new GetProcesses() bus callLennart Poettering
This ports over machinectl and loginctl to also use the new GetProcesses() bus call to show the process tree of a container or login session. This is similar to how systemctl already has been ported over in a previous commit.
2016-04-22networkd: consider various IPv6 features as disabled if IPv6 is not ↵Lennart Poettering
available in the kernel
2016-04-22core,systemctl: add bus API to retrieve processes of a unitLennart Poettering
This adds a new GetProcesses() bus call to the Unit object which returns an array consisting of all PIDs, their process names, as well as their full cgroup paths. This is then used by "systemctl status" to show the per-unit process tree. This has the benefit that the client-side no longer needs to access the cgroupfs directly to show the process tree of a unit. Instead, it now uses this new API, which means it also works if -H or -M are used correctly, as the information from the specific host is used, and not the one from the local system. Fixes: #2945
2016-04-22shared: fix minor memory leak in log display codeLennart Poettering
2016-04-22treewide: fix typos (#3092)Torstein Husebø
2016-04-22Merge pull request #3084 from keszybz/preset-fixesLennart Poettering
Nicer error message is symlinking chokes on an existing file
2016-04-21tree-wide: use mdash instead of a two minusesZbigniew Jędrzejewski-Szmek
2016-04-21shared/install: always overwrite symlinks in .wants and .requiresZbigniew Jędrzejewski-Szmek
Before: $ systemctl preset getty@.service Failed to preset unit, file /etc/systemd/system/getty.target.wants/getty@tty1.service already exists and is a symlink to ../../../../usr/lib/systemd/system/getty@.service. After: $ systemctl preset getty@.service Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service, pointing to /usr/lib/systemd/system/getty@.service. We don't really care where the symlink points to. For example, it might point to /usr/lib or /etc, and systemd will always load the unit from /etc in preference to /usr/lib. In fact, if we make a symlink like /etc/systemd/system/multi-user.target.wants/b.service -> ../a.service, pid1 will still start b.service. The name of the symlink is the only thing that matters, as far as systemd is concerned. For humans it's confusing when the symlinks points to anything else than the actual unit file. At the very least, the symlink is supposed to point to a file with the same name in some other directory. Since we don't care where the symlink points, we can always replace an existing symlink. Another option I considered would be to simply leave an existing symlink in place. That would work too, but replacing the symlink with the expected value seems more intuitive. Of course those considerations only apply to .wants and .requires. Symlinks created with "link" and "alias" are a separate matter. Fixes #3056.
2016-04-21systemctl,pid1: do not warn about missing install info with "preset"Zbigniew Jędrzejewski-Szmek
When "preset" was executed for a unit without install info, we'd warn similarly as for "enable" and "disable". But "preset" is usually called for all units, because the preset files are provided by the distribution, and the units are under control of individual programs, and it's reasonable to call "preset" for all units rather then try to do it only for the ones that can be installed. We also don't warn about missing info for "preset-all". Thus it seems reasonable to silently ignore units w/o install info when presetting. (In addition, when more than one unit was specified, we'd issue the warning only if none of them had install info. But this is probably something to fix for enable/disable too.)
2016-04-21shared/install: rewrite unit_file_changes_add()Zbigniew Jędrzejewski-Szmek
path_kill_slashes was applied to the wrong arg...
2016-04-21core/dbus-manager: drop unused param from installation functionsZbigniew Jędrzejewski-Szmek
2016-04-21shared/install: nicer error message is symlinking chokes on an existing fileZbigniew Jędrzejewski-Szmek
Fixes #1892. Previously: Failed to enable unit: Invalid argument Now: Failed to enable unit, file /etc/systemd/system/ssh.service already exists. It would be nice to include the unit name in the message too. I looked into this, but it would require major surgery on the whole installation logic, because we first create a list of things to change, and then try to apply them in a loop. To transfer the knowledge which unit was the source of each change, the data structures would have to be extended to carry the unit name over into the second loop. So I'm skipping this for now.
2016-04-21networkd: When link gets dirty mark manager dirty too (#3080)Susant Sahani
If we not marking manager dirty when link is dirty then the state file is not updated. This is a side effect of issue 2850 setting CriticalConnection=yes timesyncd NTP servers given by DHCP server are ignored.
2016-04-21Merge pull request #3005 from keszybz/kill-user-procesesLennart Poettering
Kill user session scope by default
2016-04-21build: fix test-nss.c build failure with --disable-{resolved,myhostname} (#3081)Martin Pitt
When building without resolved and/or myhostname, test-nss.c failed to build with src/test/test-nss.c: In function 'main': src/test/test-nss.c:417:32: error: 'MODULE1' undeclared (first use in this function) NULSTR_FOREACH(module, MODULE1 MODULE2 MODULE3 MODULE4) { ^ Ensure that all MODULEx are always defined, and empty if the module is not available (so that it will be a no-op in the string concatenation).
2016-04-21shared/logs-show: fix memleak in add_matches_for_unitZbigniew Jędrzejewski-Szmek
2016-04-21loginctl: show linger status in user-statusZbigniew Jędrzejewski-Szmek
zbyszek (1002) Since: Tue 2016-04-12 23:11:46 EDT; 23min ago State: active Sessions: *3 Linger: yes Unit: user-1002.slice ├─user@1002.service │ └─init.scope │ ├─38 /usr/lib/systemd/systemd --user │ └─39 (sd-pam) └─session-3.scope ├─ 31 login -- zbyszek ├─ 44 -bash ├─15076 loginctl user-status zbyszek └─15077 less
2016-04-21logind: allow any user to request lingeringZbigniew Jędrzejewski-Szmek
We enable lingering for anyone who wants this. It is still disabled by default to avoid keeping long-running processes accidentally. Admins might want to customize this policy on multi-user sites.
2016-04-21logind: make KillOnlyUsers override KillUserProcessesZbigniew Jędrzejewski-Szmek
Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be used to specify users to kill, independently of the KillUserProcesses setting. Having the settings orthogonal seems to make more sense. It also makes KillOnlyUsers symmetrical to KillExcludeUsers.
2016-04-21build-sys: add --without-kill-user-processes configure optionZbigniew Jędrzejewski-Szmek
2016-04-21logind: flip KillUserProcesses to on by defaultZbigniew Jędrzejewski-Szmek
This ensures that users sessions are properly cleaned up after. The admin can still enable or disable linger for specific users to allow them to run processes after they log out. Doing that through the user session is much cleaner and provides better control. dbus daemon can now be run in the user session (with --enable-user-session, added in 1.10.2), and most distributions opted to pick this configuration. In the normal case it makes a lot of sense to kill remaining processes. The exception is stuff like screen and tmux. But it's easy enough to work around, a simple example was added to the man page in previous commit. In the long run those services should integrate with the systemd users session on their own. https://bugs.freedesktop.org/show_bug.cgi?id=94508 https://github.com/systemd/systemd/issues/2900
2016-04-21logind: reload config on SIGHUPZbigniew Jędrzejewski-Szmek
v2: - fix setting of kill_user_processes and *_ignore_inhibited settings
2016-04-21core: prefix selinux messages with "selinux: "Zbigniew Jędrzejewski-Szmek
SELinux outputs semi-random messages like "Unknown permission start for class system", and the user has to dig into message metadata to find out where they are comming from. Add a prefix to give a hint.
2016-04-20networkd: respect DHCP UseRoutes option (#3075)Susant Sahani
This fixes #2282.
2016-04-20networkd: bump MTU to 1280 for interfaces which have IPv6 enabled (#3077)Susant Sahani
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface. This fixes #3046. Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled. Introduce network_has_static_ipv6_addresses() to find out if any static ipv6 address configured. If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static IPv6 addresses not configured, then IPv6 will be automatically disabled for that interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
2016-04-20Merge pull request #3074 from keszybz/tmpfilesLennart Poettering
systemd-tmpfiles improvements, nspawn -E, honouring $TERM in pid1
2016-04-20tmpfiles: add new 'e' action which cleans up a dir without creating itZbigniew Jędrzejewski-Szmek
I wanted to add a config line that would empty a directory without creating it if doesn't exist. Existing actions don't allow this. v2: properly add 'e' to needs_glob() and takes_ownership()