summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-02-13Merge pull request #2589 from keszybz/resolve-tool-2Lennart Poettering
Better support of OPENPGPKEY, CAA, TLSA packets and tests
2016-02-12Merge pull request #2601 from poettering/systemd-analyze-dump-alignZbigniew Jędrzejewski-Szmek
core: fix indenting in dump output
2016-02-12resolve: always align flags to 8th column and print CAA flagsZbigniew Jędrzejewski-Szmek
Left-over unknown flags are printed numerically. Otherwise, it wouldn't be known what bits are remaining without knowning what the known bits are. A test case is added to verify the flag printing code: ============== src/resolve/test-data/fake-caa.pkts ============== google.com. IN CAA 0 issue "symantec.com" google.com. IN CAA 128 issue "symantec.com" -- Flags: critical google.com. IN CAA 129 issue "symantec.com" -- Flags: critical 1 google.com. IN CAA 22 issue "symantec.com" -- Flags: 22
2016-02-12resolve: parse CAA recordsZbigniew Jędrzejewski-Szmek
2016-02-12Fix hashing of TLSA packetsZbigniew Jędrzejewski-Szmek
Also add example files with TLSA and SSHFP records.
2016-02-12test-dns-packet: allow running without argumentsZbigniew Jędrzejewski-Szmek
2016-02-12test-dns-packet: add framework to read and dump packetsZbigniew Jędrzejewski-Szmek
Packets are stored in a simple format: <size> <packet-wire-format> <size> <packet-wire-format> ... Packets for some example domains are dumped, to test rr code for various record types. Currently: A AAAA CAA DNSKEY LOC MX NS NSEC OPENPGPKEY SOA SPF TXT The hashing code is executed, but results are not checked. Also build other tests in src/resolve only with --enable-resolve.
2016-02-12core: fix indenting in dump outputLennart Poettering
Fixes: #2593
2016-02-12time-util: map ALARM clockids to non-ALARM clockids in now()Lennart Poettering
Fixes: #2597
2016-02-12Merge pull request #2594 from keszybz/spellingMartin Pitt
Spelling
2016-02-11Merge pull request #2590 from zonque/bus-endpoint-removalZbigniew Jędrzejewski-Szmek
Remove kdbus custom endpoint support
2016-02-11TypoZbigniew Jędrzejewski-Szmek
2016-02-12Typo fixesMichael Biebl
2016-02-11Remove kdbus custom endpoint supportDaniel Mack
This feature will not be used anytime soon, so remove a bit of cruft. The BusPolicy= config directive will stay around as compat noop.
2016-02-11Merge pull request #2587 from haraldh/tpmv3Lennart Poettering
sd-boot: put hashed kernel command line in a PCR of the TPM
2016-02-11resolved: add cleanup function to rewind packetsZbigniew Jędrzejewski-Szmek
This makes the behaviour more consistent. Before we would not rewind after some errors, but this seems to have been an unintentional omission.
2016-02-11systemd-resolve: allow easy querying of openpgp keysZbigniew Jędrzejewski-Szmek
$ systemd-resolve --openpgp zbyszek@fedoraproject.org d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlM yfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAyn ...
2016-02-11Move initialize_libgcrypt to separate fileZbigniew Jędrzejewski-Szmek
It's annoying to have the exact same function in three places. It's stored in src/shared, but it's not added to the library to avoid the dependency on libgcrypt.
2016-02-11Add memcpy_safeZbigniew Jędrzejewski-Szmek
ISO/IEC 9899:1999 §7.21.1/2 says: Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4. In base64_append_width memcpy was called as memcpy(x, NULL, 0). GCC 4.9 started making use of this and assumes This worked fine under -O0, but does something strange under -O3. This patch fixes a bug in base64_append_width(), fixes a possible bug in journal_file_append_entry_internal(), and makes use of the new function to simplify the code in other places.
2016-02-11core: use correct enumThomas Hindoe Paaboel Andersen
from e903182e5b0daa941de47a9c08c824106cec7fe0
2016-02-11sd-boot: put hashed kernel command line in a PCR of the TPMHarald Hoyer
The UEFI BIOS already hashes the contents of the loaded image, so the initrd and the command line of the binary are recorded. Because manually added LoadOptions are not taken into account, these should be recorded also. This patch logs and extends a TPM PCR register with the LoadOptions. This feature can be enabled with configure --enable-tpm The PCR register index can be specified with configure --with-tpm-pcrindex=<NUM>
2016-02-11delta: minor coding style fixesLennart Poettering
no change in behaviour
2016-02-11core: don't choke if a unit another unit triggers vanishes during reloadLennart Poettering
Fixes: #1981
2016-02-10nss-mymachines: never resolve unmapped UIDs/GIDsLennart Poettering
Don't ever permit successful user or group lookups if no UID/GID mapping is actually applied. THis way, we can be sure that nss-mymachines cannot be used to insert invalid cache entries into nscd's cache. https://bugzilla.redhat.com/show_bug.cgi?id=1285339
2016-02-10Merge pull request #2574 from zonque/netclass-removeLennart Poettering
cgroup: remove support for NetClass= directive
2016-02-10Merge pull request #2495 from heftig/masterLennart Poettering
tty-ask-password: Split out password sending
2016-02-10cgroup: remove support for NetClass= directiveDaniel Mack
Support for net_cls.class_id through the NetClass= configuration directive has been added in v227 in preparation for a per-unit packet filter mechanism. However, it turns out the kernel people have decided to deprecate the net_cls and net_prio controllers in v2. Tejun provides a comprehensive justification for this in his commit, which has landed during the merge window for kernel v4.5: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671 As we're aiming for full support for the v2 cgroup hierarchy, we can no longer support this feature. Userspace tool such as nftables are moving over to setting rules that are specific to the full cgroup path of a task, which obsoletes these controllers anyway. This commit removes support for tweaking details in the net_cls controller, but keeps the NetClass= directive around for legacy compatibility reasons.
2016-02-10core: treat JobTimeout=0 as equivalent to JobTimeout=infinityLennart Poettering
Corrects an incompatibility introduced with 36c16a7cdd6c33d7980efc2cd6a2211941f302b4. Fixes: #2537
2016-02-10core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec=Lennart Poettering
Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
2016-02-10coredump: dump priviliges when processing system coredumpsLennart Poettering
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-10core: set RLIMIT_CORE to unlimited by defaultLennart Poettering
The kernel sets RLIMIT_CORE to 0 by default. Let's bump this to unlimited by default (for systemd itself and all processes we fork off), so that the coredump hooks have an effect if they honour it. Bumping RLIMIT_CORE of course would have the effect that "core" files will end up on the system at various places, if no coredump hook is used. To avoid this, make sure PID1 sets the core pattern to the empty string by default, so that this logic is disabled. This change in defaults should be useful for all systems where coredump hooks are used, as it allows useful usage of RLIMIT_CORE from these hooks again. OTOH systems that expect that coredumps are placed under the name "core" in the current directory will break with this change. Given how questionnable this behaviour is, and given that no common distro makes use of this by default it shouldn't be too much of a loss. Also, the old behaviour may be restored by explicitly configuring a "core_pattern" of "core", and setting the default system RLIMIT_CORE to 0 again via system.conf.
2016-02-10coredump: honour RLIMIT_CORE when saving/processing coredumpsLennart Poettering
With this change processing/saving of coredumps takes the RLIMIT_CORE resource limit of the crashing process into account, given the user control whether specific processes shall core dump or not, and how large to make the core dump. Note that this effectively disables core-dumping for now, as RLIMIT_CORE defaults to 0 (i.e. is disabled) for all system processes.
2016-02-10coredump: rework coredumping logicLennart Poettering
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a stacktrace and writes the coredump to disk. This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust= and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally priorized processes. This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until /var/systemd/coredump is mounted and writable. Fixes: #2286
2016-02-10activate: add a new switch --inetd to enable inetd-style socket activationLennart Poettering
Previously, using --accept would enable inetd-style socket activation in addition to per-connection operation. This is now split into two switches: --accept only switches between per-connection or single-instance operation. --inetd switches between inetd-style or new-style fd passing. This breaks the interface of the tool, but given that it is a debugging tool shipped in /usr/lib/systemd/ it's not really a public interface. This change allows testing new-style per-connection daemons.
2016-02-10activate: minor fixesLennart Poettering
2016-02-10activate: add new --seqpacket switch for testing SOCK_SEQPACKET socketsLennart Poettering
2016-02-10resolved: include inttypes.h in resolved-def.h given that we use UINT64_CLennart Poettering
2016-02-10build-sys: move coredump logic into subdir of its ownLennart Poettering
2016-02-10Merge pull request #2569 from zonque/removalsMartin Pitt
Remove some old cruft
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
2016-02-10Merge pull request #2564 from poettering/fix-2467Daniel Mack
Fix for #2467
2016-02-10util-lib: make sure usec_sub() doesn't degrade USEC_INFINITYLennart Poettering
As suggested in: https://github.com/systemd/systemd/pull/2542#issuecomment-181877820
2016-02-10core: make the StartLimitXYZ= settings generic and apply to any kind of ↵Lennart Poettering
unit, not just services This moves the StartLimitBurst=, StartLimitInterval=, StartLimitAction=, RebootArgument= from the [Service] section into the [Unit] section of unit files, and thus support it in all unit types, not just in services. This way we can enforce the start limit much earlier, in particular before testing the unit conditions, so that repeated start-up failure due to failed conditions is also considered for the start limit logic. For compatibility the four options may also be configured in the [Service] section still, but we only document them in their new section [Unit]. This also renamed the socket unit failure code "service-failed-permanent" into "service-start-limit-hit" to express more clearly what it is about, after all it's only triggered through the start limit being hit. Finally, the code in busname_trigger_notify() and socket_trigger_notify() is altered to become more alike. Fixes: #2467
2016-02-10Merge pull request #2563 from 0xAX/timespec_load_nsec-staticLennart Poettering
time-util: make timespec_load_nsec() static
2016-02-10time-util: make timespec_load_nsec() staticAlexander Kuleshov
The timespec_load_nsec() function has no callers outside of the time-util.c, so we can make it static.
2016-02-09Merge pull request #2565 from poettering/fix-2315Zbigniew Jędrzejewski-Szmek
2016-02-09core: clarify which unit file is masked in error messageLennart Poettering
After all, the masked unit file error might be returned when enqueuing a unit that is not masked but requires a masked unit. In this case it should really be clear which unit is meant here.
2016-02-09core: change internal error code for masked units from EBADR to ESHUTDOWNLennart Poettering
This commit changes the mapping of the BUS_ERROR_UNIT_MASKED error to ESHUTDOWN. This error is used whenever the transaction engine is asked to operate on a masked unit. ESHUTDOWN is what is used for the similar case when the unit file enable/disable logic hits a masked unit file, hence is a natural candidate to be used here too. Background: before this patch both "job type not applicable" and "unit masked" where mapped to EBADR, which transaction_add_job_and_dependencies() then checked for. It actually wanted to check exclusively for the former error condition, not the latter but due to the same mapping this failed to work. This patch semi-undoes an accidental change made in caffa4ef700fdd0eadd6c0b2ef9925611672a1bc, however restores the error number to ESHUTDOWN instead of the original ENOSYS (for the reasons indicated above). To make this easier to grok for the future, I added comments to explaining which error conditions are checked for. Fixes: #2315
2016-02-09Merge pull request #2561 from msekletar/virtio-blk-by-pathLennart Poettering
path_id: reintroduce by-path links for virtio block devices
2016-02-09path_id: reintroduce by-path links for virtio block devicesMichal Sekletar
Enumeration of virtio buses is global and hence non-deterministic. However, we are guaranteed there is never going to be more than one virtio bus per parent PCI device. While populating ID_PATH we simply skip virtio part of the syspath and we extend the path using the sysname of the parent PCI device. With this patch udev creates following by-path links for virtio-blk device /dev/vda which contains two partitions. ls -l /dev/disk/by-path/ total 0 lrwxrwxrwx 1 root root 9 Feb 9 10:47 virtio-pci-0000:00:05.0 -> ../../vda lrwxrwxrwx 1 root root 10 Feb 9 10:47 virtio-pci-0000:00:05.0-part1 -> ../../vda1 lrwxrwxrwx 1 root root 10 Feb 9 10:47 virtio-pci-0000:00:05.0-part2 -> ../../vda2 See: http://lists.linuxfoundation.org/pipermail/virtualization/2015-August/030328.html Fixes #2501