summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-10-19bootctl: don't try to remove esp_path (#4407)Evgeny Vereshchagin
This is a follow-up for 9ee051b9c7623
2016-10-19boot: fix `bootctl install` segfault (#4404)Yu Watanabe
2016-10-18Merge pull request #4382 from keszybz/unit-type-underlineLennart Poettering
systemctl: use underlines to seperate unit types in listing
2016-10-17networkd: use proper cast to access VTI6 (#4399)Susant Sahani
Fixes #4371.
2016-10-17core/exec: add a named-descriptor option ("fd") for streams (#4179)Luca Bruno
This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-17terminal-util: helper macro for highlighting functionsZbigniew Jędrzejewski-Szmek
2016-10-17systemctl: ditto for list-unit-filesZbigniew Jędrzejewski-Szmek
2016-10-17systemctl: use underlines to seperate unit types in listingZbigniew Jędrzejewski-Szmek
(printf("%.*s", -1, "…") is the same as not specifying the precision at all.) v2: also underline highlighted (failing) units Fixes #4137.
2016-10-17Merge pull request #4392 from keszybz/running-timersLennart Poettering
Fix for display of elapsed timers
2016-10-17Merge pull request #4387 from keszybz/loginctl-ttyLennart Poettering
loginctl: print TTY field in the session listing
2016-10-17core/timer: reset next_elapse_*time when timer is not waitingZbigniew Jędrzejewski-Szmek
When the unit that is triggered by a timer is started and running, we transition to "running" state, and the timer will not elapse again until the unit has finished running. In this state "systemctl list-timers" would display the previously calculated next elapse time, which would now of course be in the past, leading to nonsensical values. Simply set the next elapse to infinity, which causes list-timers to show n/a. We cannot specify when the next elapse will happen, possibly never. Fixes #4031.
2016-10-17pid1: do not use mtime==0 as sign of masking (#4388)Zbigniew Jędrzejewski-Szmek
It is allowed for unit files to have an mtime==0, so instead of assuming that any file that had mtime==0 was masked, use the load_state to filter masked units. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1384150.
2016-10-17test-calendarspec: test that hourly timers are incremented properlyZbigniew Jędrzejewski-Szmek
Apparently this works just fine, so the issue in #4031 is elsewhere.
2016-10-16tree-wide: introduce free_and_replace helperZbigniew Jędrzejewski-Szmek
It's a common pattern, so add a helper for it. A macro is necessary because a function that takes a pointer to a pointer would be type specific, similarly to cleanup functions. Seems better to use a macro.
2016-10-16tree-wide: use mfree moreZbigniew Jędrzejewski-Szmek
2016-10-16shared/install: use _cleanup_free_Zbigniew Jędrzejewski-Szmek
Also rewrap some comments so that they don't have a very long line and a very short line.
2016-10-16loginctl: report tty in session listingsZbigniew Jędrzejewski-Szmek
Without the tty it's really hard to tell which session is which. New output: $ ./loginctl SESSION UID USER SEAT TTY 13 1002 zbyszek seat0 tty3 c1 42 gdm seat0 /dev/tty1 11 1002 zbyszek seat0 tty4 3 1002 zbyszek seat0 /dev/tty2 17 1002 zbyszek seat0 tty5 18 1002 zbyszek seat0 tty6 6 sessions listed.
2016-10-16loginctl: drop casts in printfZbigniew Jędrzejewski-Szmek
2016-10-15virt: add possibility to skip the check for chroot (#4374)Lukáš Nykrýn
https://bugzilla.redhat.com/show_bug.cgi?id=1379852
2016-10-14core: make settings for unified cgroup hierarchy supersede the ones for ↵Tejun Heo
legacy hierarchy (#4269) There are overlapping control group resource settings for the unified and legacy hierarchies. To help transition, the settings are translated back and forth. When both versions of a given setting are present, the one matching the cgroup hierarchy type in use is used. Unfortunately, this is more confusing to use and document than necessary because there is no clear static precedence. Update the translation logic so that the settings for the unified hierarchy are always preferred. systemd.resource-control man page is updated to reflect the change and reorganized so that the deprecated settings are at the end in its own section.
2016-10-14nspawn: remove unused variable (#4369)Thomas H. P. Andersen
2016-10-13Merge pull request #4243 from ↵Lennart Poettering
endocode/djalal/sandbox-first-protection-kernelmodules-v1 core:sandbox: Add ProtectKernelModules= and some fixes
2016-10-13Merge pull request #653 from dvdhrm/bus-goldZbigniew Jędrzejewski-Szmek
2016-10-13Merge pull request #4363 from stefan-it/replace-while-loopsDaniel Mack
basic,coredump: use for loop instead of while
2016-10-13nspawn: cleanup and chown the synced cgroup hierarchy (#4223)Evgeny Vereshchagin
Fixes: #4181
2016-10-13Merge pull request #4362 from poettering/journalbootlistfixZbigniew Jędrzejewski-Szmek
2016-10-12coredump: use for() loop instead of while()Stefan Schweter
2016-10-12basic: use for() loop instead of while()Stefan Schweter
2016-10-12Merge pull request #4358 from fsateler/pam-configLennart Poettering
Pam config fixes
2016-10-12journalctl: say in which directory we vacuum stuffLennart Poettering
Fixes: #4060
2016-10-12journalctl: don't claim the journal was stored on diskLennart Poettering
Let's just say that the journal takes up space in the file system, not on disk, as tmpfs is definitely a file system, but not a disk. Fixes: #4059
2016-10-12journal: refuse opening journal files from the future for writingLennart Poettering
Never permit that we write to journal files that have newer timestamps than our local wallclock has. If we'd accept that, then the entries in the file might end up not being ordered strictly. Let's refuse this with ETXTBSY, and then immediately rotate to use a new file, so that each file remains strictly ordered also be wallclock internally.
2016-10-12journald: automatically rotate journal files when the clock jumps backwardsLennart Poettering
As soon as we notice that the clock jumps backwards, rotate journal files. This is beneficial, as this makes sure that the entries in journal files remain strictly ordered internally, and thus the bisection algorithm applied on it is not confused. This should help avoiding borked wallclock-based bisection on journal files as witnessed in #4278.
2016-10-12journald: use the event loop dispatch timestamp for journal entriesLennart Poettering
Let's use the earliest linearized event timestamp for journal entries we have: the event dispatch timestamp from the event loop, instead of requerying the timestamp at the time of writing. This makes the time a bit more accurate, allows us to query the kernel time one time less per event loop, and also makes sure we always use the same timestamp for both attempts to write an entry to a journal file.
2016-10-12journal: when iterating through entry arrays and we hit an invalid one keep ↵Lennart Poettering
going When iterating through partially synced journal files we need to be prepared for hitting with invalid entries (specifically: non-initialized). Instead of generated an error and giving up, let's simply try to preceed with the next one that is valid (and debug log about this). This reworks the logic introduced with caeab8f626e709569cc492b75eb7e119076059e7 to iteration in both directions, and tries to look for valid entries located after the invalid one. It also extends the behaviour to both iterating through the global entry array and per-data object entry arrays. Fixes: #4088
2016-10-12journal: add an explicit check for uninitialized objectsLennart Poettering
Let's make dissecting of borked journal files more expressive: if we encounter an object whose first 8 bytes are all zeroes, then let's assume the object was simply never initialized, and say so. Previously, this would be detected as "overly short object", which is true too in a away, but it's a lot more helpful printing different debug options for the case where the size is not initialized at all and where the size is initialized to some bogus value. No function behaviour change, only a different log messages for both cases.
2016-10-12journal: also check that our entry arrays are properly orderedLennart Poettering
Let's and extra check, reusing check_properly_ordered() also for journal_file_next_entry_for_data().
2016-10-12journal: split out check for properly ordered arrays into its own functionLennart Poettering
This adds a new call check_properly_ordered(), which we can reuse later, and makes the code a bit more readable.
2016-10-12journal: split out array index inc/dec code into a new call bump_array_index()Lennart Poettering
This allows us to share a bit more code between journal_file_next_entry() and journal_file_next_entry_for_data().
2016-10-12journal: when we encounter a broken journal file, add some debug loggingLennart Poettering
Let's make it easier to figure out when we see an invalid journal file, why we consider it invalid, and add some minimal debug logging for it. This log output is normally not seen (after all, this all is library code), unless debug logging is exlicitly turned on.
2016-10-12Avoid forever loop for journalctl --list-boots command (#4278)hese10
When date is changed in system to future and normal user logs to new journal file, and then date is changed back to present time, the "journalctl --list-boot" command goes to forever loop. This commit tries to fix this problem by checking first the boot id list if the found boot id was already in that list. If it is found, then stopping the boot id find loop.
2016-10-12systemd-user: add pam_unix account moduleFelipe Sateler
Otherwise systemd-user@ fails because systemd validates the account Fixes: #4342
2016-10-12test: add test to make sure that ProtectKernelModules=yes disconnect mount ↵Djalal Harouni
propagation
2016-10-12core: make sure to dump ProtectKernelModules= valueDjalal Harouni
2016-10-12core: check protect_kernel_modules and private_devices in order to setup NNPDjalal Harouni
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
Lets go further and make /lib/modules/ inaccessible for services that do not have business with modules, this is a minor improvment but it may help on setups with custom modules and they are limited... in regard of kernel auto-load feature. This change introduce NameSpaceInfo struct which we may embed later inside ExecContext but for now lets just reduce the argument number to setup_namespace() and merge ProtectKernelModules feature.
2016-10-12test: add test to make sure that CAP_SYS_RAWIO was removed on PrivateDevices=yesDjalal Harouni
2016-10-12core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yesDjalal Harouni
The rawio system calls were filtered, but CAP_SYS_RAWIO allows to access raw data through /proc, ioctl and some other exotic system calls...
2016-10-12test: add capability tests for ProtectKernelModules=Djalal Harouni
This just adds capabilities test.
2016-10-12core:sandbox: Add ProtectKernelModules= optionDjalal Harouni
This is useful to turn off explicit module load and unload operations on modular kernels. This option removes CAP_SYS_MODULE from the capability bounding set for the unit, and installs a system call filter to block module system calls. This option will not prevent the kernel from loading modules using the module auto-load feature which is a system wide operation.