summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-02-01sd-event: permit a USEC_INFINITY timeout as an alternative to a disabling an ↵Lennart Poettering
event source This should simplify handling of time events in clients and is in-line with the USEC_INFINITY macro we already have. This way setting a timeout to 0 indicates "elapse immediately", and a timeout of USEC_INFINITY "elapse never".
2016-02-01sd-event: when determining the last allowed time a time event may elapse, ↵Lennart Poettering
deal with overflows
2016-02-01util: add usec_add() which adds two usec_t values with overflow handlingLennart Poettering
2016-02-01resolved: rework what ResolveHostname() with family == AF_UNSPEC meansLennart Poettering
Previously, if a hostanem is resolved with AF_UNSPEC specified, this would be used as indication to resolve both an AF_INET and an AF_INET6 address. With this change this logic is altered: an AF_INET address is only resolved if there's actually a routable IPv4 address on the specific interface, and similar an AF_INET6 address is only resolved if there's a routable IPv6 address. With this in place, it's ensured that the returned data is actually connectable by applications. This logic mimics glibc's resolver behaviour. Note that if the client asks explicitly for AF_INET or AF_INET6 it will get what it asked for. This also simplifies the logic how it is determined whether a specific lookup shall take place on a scope. Specifically, the checks with dns_scope_good_key() are now moved out of the transaction code and into the query code, so that we don't even create a transaction object on a specific scope if we cannot execute the resolution on it anyway.
2016-02-01journal-cat: don't allocate memory for the syslog identifierLennart Poettering
Fixes: #2490
2016-02-01activate: reorder --help textLennart Poettering
Make sure the --help and --version options are mentioned first, like in all our other tools.
2016-02-01activate: fix memory allocation for execv() parametersLennart Poettering
Make sure we construct the full environment block on the heap, so that we can clean things up properly if execv() fails.
2016-02-01resolve: Silence build warning, when systemd is built without libidnTorstein Husebø
HAVE_IDN is not defined when systemd is build without it
2016-02-01resolve: fix typosTorstein Husebø
2016-02-01Merge pull request #2497 from jsynacek/bootoffset-runtime-v4Lennart Poettering
Expose additional booleans in sd_journal and improve error messages in journalctl
2016-02-01journalctl: improve error messages when the specified boot is not foundJan Synacek
2016-02-01journalctl: show friendly info when using -b on runtime journal onlyJan Synacek
Make it clear that specifing boot when there is actually only one has no effect. This cosmetic patch improves user experience a bit.
2016-02-01sd-journal: introduce has_runtime_files and has_persistent_filesJan Synacek
Also introduce sd_journal_has_runtime_files() and sd_journal_has_persistent_files() to the public API. These functions can be used to easily find out if the open journal files are runtime and/or persistent.
2016-02-01Merge pull request #2481 from xnox/pretty-ccwLennart Poettering
udev: net_id - for ccw bus, shorten the identifier and stip leading z…
2016-02-01Merge pull request #2493 from evverx/fix-selinux-checksLennart Poettering
Fix selinux check for ReloadUnit
2016-01-31resolved: allow building without libgcryptMichael Olbrich
2016-01-31resolved: make dnssec_nsec_test_enclosed() staticMichael Olbrich
It's not used anywhere else.
2016-01-31resolved: reorder functionsMichael Olbrich
Preparation to make gcrypt optional.
2016-01-31core: let's check access before type modificationEvgeny Vereshchagin
2016-01-31core: refactoring: add job_type_to_access_methodEvgeny Vereshchagin
remove duplication
2016-01-31core: fix selinux check for reloadEvgeny Vereshchagin
Fixes: -bash-4.3# echo 1 >/sys/fs/selinux/enforce -bash-4.3# runcon -t systemd_test_start_t systemctl start hola -bash-4.3# sesearch --allow -s systemd_test_reload_t -c service Found 1 semantic av rules: allow systemd_test_reload_t systemd_unit_file_t : service reload ; -bash-4.3# runcon -t systemd_test_reload_t systemctl reload hola Failed to reload hola.service: Access denied See system logs and 'systemctl status hola.service' for details. -bash-4.3# journalctl -b | grep -i user_avc | grep reload USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' avc: denied { start } for auid=0 uid=0 gid=0 path="/etc/systemd/system/hola.service" cmdline="systemctl reload hola" scontext=unconfined_u:unconfined_r:systemd_test_reload_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service See https://fedoraproject.org/wiki/Features/SELinuxSystemdAccessControl#Documentation
2016-01-31bootctl: replace readdir() loops with FOREACH_DIRENTMichal Sekletar
2016-01-30Merge pull request #2469 from keszybz/resolved-2Lennart Poettering
Resolved 2
2016-01-29basic: fix touch() creating files with 07777 modeMantas Mikulėnas
mode_t is unsigned, so MODE_INVALID < 0 can never be true. This fixes a possible DoS where any user could fill /run by writing to a world-writable /run/systemd/show-status.
2016-01-29resolved: log server type when switching serversZbigniew Jędrzejewski-Szmek
I'm not defining _DNS_SERVER_TYPE_MAX/INVALID as usual in the enum, because it wouldn't be used, and then gcc would complain that various enums don't test for _DNS_SERVER_TYPE_MAX. It seems better to define the macro rather than add assert_not_reached() in multiple places.
2016-01-29resolved: add macro to compare sized fieldsZbigniew Jędrzejewski-Szmek
For consistency, generic.size is renamed to generic.data_size. nsec3.next_hashed_name comparison was missing a size check.
2016-01-29resolve-host: add option to list protocolsZbigniew Jędrzejewski-Szmek
2016-01-29resolve-host: allow specifying type as TYPEnnZbigniew Jędrzejewski-Szmek
This mirrors the behaviour of host and makes the conversion to and from string symmetrical.
2016-01-29test-tables: ellide boring parts of sparse mappingsZbigniew Jędrzejewski-Szmek
2016-01-29test-resolve-tables: new "test", useful to print mappingsZbigniew Jędrzejewski-Szmek
2016-01-29resolved: calculate and print tags for DNSKEY recordsZbigniew Jędrzejewski-Szmek
2016-01-29udev: net_id - for ccw bus, shorten the identifier and stip leading zerosDimitri John Ledkov
The commmon case default qeth link is enccw0.0.0600 is rather long. Thus strip leading zeros (which doesn't make the bus_id unstable), similar to the PCI domain case. Also 'ccw' is redundant on S/390, as there aren't really other buses available which could have qeth driver interfaces. Not sure why this code is even compiled on non-s390[x] platforms. But to distinguish from e.g. MAC stable names shorten the suffix to just 'c'. Thus enccw0.0.0600 becomes enc600.
2016-01-29systemctl: actually honour the try-reload-or-restart verb aabf5d4243408 promisedLennart Poettering
The verb entry got lost in the ultimate commit.
2016-01-29systemctl: make most systemctl commands NOPs in a chroot() environmentLennart Poettering
Fixes #2015
2016-01-29systemctl: consider a chroot() environment always offlineLennart Poettering
2016-01-29basic: when parsing verb command lines, optionally shortcut them in chroot() ↵Lennart Poettering
environments This adds some basic infrastructure in order to fix #2015.
2016-01-28Merge pull request #2466 from poettering/nspawn-journalZbigniew Jędrzejewski-Szmek
Two small nspawn fixes
2016-01-28resolved: expand flags field in DNSKEY recordsZbigniew Jędrzejewski-Szmek
2016-01-28resolved: convert TLSA fields to stringZbigniew Jędrzejewski-Szmek
Example output: _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256
2016-01-28resolved: OPENPGPKEY recordsZbigniew Jędrzejewski-Szmek
2016-01-28resolved: TLSA recordsZbigniew Jędrzejewski-Szmek
2016-01-28resolved: add alignment to base64Zbigniew Jędrzejewski-Szmek
We try to fit the lengthy key data into available space. If the other fields take less than half of the available columns, we use align everything in the remaining columns. Otherwise, we put everything after a newline, indented with 8 spaces. This is similar to dig and other tools do. $ COLUMNS=78 ./systemd-resolve -t any . . IN SOA a.root-servers.net nstld.verisign-grs.com 2016012701 1800 900 604800 86400 . IN RRSIG SOA RSASHA256 0 86400 20160206170000 20160127160000 54549 S1uhUoBAReAFi5wH/KczVDgwLb+B9Zp57dSYj9aX4XxBhKuzccIducpg0wWXhjCRAWuzY fQ/J2anm4+C4BLUTdlytPIemd42SUffQk2WGuuukI8e67nkrNF3WFtoeXQ4OchsyO24t2 rxi682Zo9ViqmXZ+MSsjWKt1jdem4noaY= . IN NS h.root-servers.net . IN NS k.root-servers.net . IN NS e.root-servers.net . IN NS c.root-servers.net . IN NS b.root-servers.net . IN NS g.root-servers.net . IN NS d.root-servers.net . IN NS f.root-servers.net . IN NS i.root-servers.net . IN NS j.root-servers.net . IN NS m.root-servers.net . IN NS a.root-servers.net . IN NS l.root-servers.net . IN RRSIG NS RSASHA256 0 518400 20160206170000 20160127160000 54549 rxhmTVKUgs72G3VzL+1JRuD0nGLIrPM+ISfmUx0eYUH5wZD5XMu2X+8PfkAsEQT1dziPs ac+zK1YZPbNgr3yGI5H/wEbK8S7DmlvO+/I9WKTLp/Zxn3yncvnTOdjFMZxkAqHbjVOm+ BFz7RjQuvCQlEJX4PQBFphgEnkiOnmMdI= . IN NSEC aaa ( NS SOA RRSIG NSEC DNSKEY ) . IN RRSIG NSEC RSASHA256 0 86400 20160206170000 20160127160000 54549 HY49/nGkUJJP1zLmH33MIKnkNH33jQ7bsAHE9itEjvC4wfAzgq8+Oh9fjYav1R1GDeJ2Z HOu3Z2uDRif10R8RsmZbxyZXJs7eHui9KcAMot1U4uKCCooC/5GImf+oUDbvaraUCMQRU D3mUzoa0BGWfxgZEDqZ55raVFT/olEgG8= . IN DNSKEY 257 3 RSASHA256 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0 O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0 NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL4 96M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1ap AzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6 dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ2 5AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1 ihz0= . IN DNSKEY 256 3 RSASHA256 AwEAAbr/RV0stAWYbmKOldjShp4AOQGOyY3ATI1NUpP4X1qBs 6lsXpc+1ABgv6zkg02IktjZrHnmD0HsElu3wqXMrT5KL1W7Sp mg0Pou9WZ8QttdTKXwrVXrASsaGI2z/pLBSnK8EdzqUrTVxY4 TEGZtxV519isM06CCMihxTn5cfFBF . IN RRSIG DNSKEY RSASHA256 0 172800 20160204235959 20160121000000 19036 XYewrVdYKRDfZptAATwT+W4zng04riExV36+z04kok09W0RmOtDlQrlrwHLlD2iN/zYpg EqGgDF5T2xlrQdNpn+PFHhypHM7NQAgLTrwmiw6mGbV0bsZN3rhFxHwW7QVUFAvo9eNVu INrjm+sArwxq3DnPkmA+3K4ikKD2iiT/jT91VYr9SHFqXXURccLjI+nmaE7m31hXcirX/ r5i3J+B4Fx4415IavSD72r7cmruocnCVjcp+ZAUKeMyW+RwigzevLz3oEcCZ4nrTpGLEj wFaVePYoP+rfdmfLfTdmkkm4APRJa2My3XOdGFlgNS1pW1pH4az5LapLE2vMO7p1aQ== -- Information acquired via protocol DNS in 14.4ms. -- Data is authenticated: no
2016-01-28resolved: emit full path to file we failed to writeZbigniew Jędrzejewski-Szmek
Otherwise it's unclear if it's /etc/resolv.conf or some other file that is meant.
2016-01-28nspawn: make sure --link-journal=host may be used twice in a rowLennart Poettering
Fixes #2186 This fixes fall-out from 574edc90066c3faeadcf4666928ed9b0ac409c75.
2016-01-28nspawn: make journal linking non-fatal in try and auto modesLennart Poettering
Fixes #2091
2016-01-28systemctl: rename "reload-or-try-restart" verb to "try-reload-or-restart"Lennart Poettering
But also keep the old name as (undocumented) compatibility around. The reload-or-try-restart was documented to be a NOP if the unit is not running, since the previous commits this is also implemented. The old name suggests that the "try" logic only applies to restarting. Fix this, by moving the "try-" to the front, to indicate that the whole option is a NOP if the service isn't running.
2016-01-28systemctl: improve message when a job fails with a JOB_INVALID stateLennart Poettering
This result can only happen if the job was a reload job for an inactive unit. Make the error message actually say that.
2016-01-28core: when propagating reload jobs, downgrade them to try-reloadLennart Poettering
Otherwise we might end up generating jobs that fail immediately. This follows the same logic that restart propagation follows.
2016-01-28core: when determining system state, don't bother with JOB_TRY_RESTARTLennart Poettering
When we determine the current system state we check whether units like emergency.target are running or a job that results in them being run is queued. However, this is not the case for JOB_TRY_RESTART, since that's a NOP if the unit has not been running before. Hence, don't bother with checking for that job type.
2016-01-28core: make sure "systemctl reload-or-try-restart is actually a noop if a ↵Lennart Poettering
unit is not running This makes sure we follow the same basic logic for try-restart if we have a try-reload. Fixes #688