summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-07-08resolved: fix marshalling of RRSIG recordsTom Gundersen
The key tag is 16, not 8 bits.
2015-07-07logind: fail on CreateSession if already in sessionDavid Herrmann
Right now, if you're already in a session and call CreateSession, we return information about the current session of yours. This is highy confusing and a nasty hack. Avoid that, and instead return a commonly known error, so the caller can detect that. This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT in pam_systemd, if you're already in a session. But this sounds like the right thing to do, anyway.
2015-07-07logind: allow sessions to share a VT if it's a greeterDavid Herrmann
Old gdm and lightdm start the user-session during login before they destroy the greeter-session. Therefore, the user-session will take over the VT from the greeter. We recently prevented this by never allowing multiple sessions on the same VT. Fix this now, by explicitly allowing this if the owning session is a GREETER. Note that gdm no longer behaves like this. Instead, due to wayland, they always use a different VT for each session. All other login-managers are highly encouraged to destroy the greeter-session _before_ starting the user-session. We now work around this, but this will probably not last forever (and will already have nasty side-effects on the greeter-session).
2015-07-07Remove repeated 'the'sZbigniew Jędrzejewski-Szmek
2015-07-06Merge pull request #502 from keszybz/login-small-cleanupDaniel Mack
Login small cleanup
2015-07-06treewide: fix typos of let'sZbigniew Jędrzejewski-Szmek
2015-07-06login: use normal comparison to zero for integersZbigniew Jędrzejewski-Szmek
! is supposed to be used for booleans and pointers.
2015-07-06get_process_environ: exit early when there is nothing to readKay Sievers
2015-07-06Merge pull request #492 from ↵Lennart Poettering
richardmaw-codethink/nspawn-automatic-uid-shift-fix-v2 nspawn: Communicate determined UID shift to parent version 2
2015-07-06networkd: various fixes for the IPv6 privacy extensions supportLennart Poettering
- Make sure that the IPv6PrivacyExtensions=yes results in prefer-temporary, not prefer-public. - Introduce special enum value "kernel" to leave setting unset, similar how we have it for the IP forwarding settings. - Bring the enum values in sync with the the strings we parse for them, to the level this makes sense (specifically, rename "disabled" to "no", and "prefer-temporary" to "yes"). - Make sure we really set the value to to "no" by default, the way it is already documented in the man page. - Fix whitespace error. - Make sure link_ipv6_privacy_extensions() actually returns the correct enum type, rather than implicitly casting it to "bool". - properly size formatting buffer for ipv6 sysctl value - Don't complain if /proc/sys isn't writable - Document that the enum follows the kernel's own values (0 = off, 1 = prefer-public, 2 = prefer-temporary) - Drop redundant negating of error code passed to log_syntax() - Manpage fixes This fixes a number of issues from PR #417
2015-07-06Merge pull request #495 from poettering/forwarding-fixDaniel Mack
networkd: be more defensive when writing to ipv4/ipv6 forwarding sett…
2015-07-06bus-proxyd: fix log message and explain dbus-1 compat matchesKay Sievers
2015-07-06bus-proxyd: subscribe to unicast signals directed to the proxy connectionKay Sievers
2015-07-06sd-bus: support matching on destination namesDavid Herrmann
Right now, we never install destination matches on kdbus as the kernel did not support MATCH rules on those. With the introduction of KDBUS_ITEM_DST_ID we can now match on destination IDs, so add explicit support for those. This requires a recent kdbus module to work. However, there seems to be no user-space that uses "Destination=''" matches, yet, so old kdbus modules still work fine (we couldn't find any real user). This is needed to match on unicast signals in bus-proxy. A followup will add support for this.
2015-07-06nspawn: Communicate determined UID shift to parentRichard Maw
There is logic to determine the UID shift from the file-system, rather than having it be explicitly passed in. However, this needs to happen in the child process that sets up the mounts, as what's important is the UID of the mounted root, rather than the mount-point. Setting up the UID map needs to happen in the parent becuase the inner child needs to have been started, and the outer child is no longer able to access the uid_map file, since it lost access to it when setting up the mounts for the inner child. So we need to communicate the uid shift back out, along with the PID of the inner child process. Failing to communicate this means that the invalid UID shift, which is the value used to specify "this needs to be determined from the file system" is left invalid, so setting up the user namespace's UID shift fails.
2015-07-06networkd: be more defensive when writing to ipv4/ipv6 forwarding settingsLennart Poettering
1) never bother with setting the flag for loopback devices 2) if we fail to write the flag due to EROFS (which is likely to happen in containers where /proc/sys is read-only) or any other error, check if the flag already has the right value. If so, don't complain. Closes #469
2015-07-06treewide: fix typosTorstein Husebø
2015-07-06nspawn: fix indentingLennart Poettering
2015-07-06Merge pull request #443 from ssahani/lldpTom Gundersen
lldp: set correct state for processing
2015-07-05Merge pull request #417 from ssahani/ipv6-privateDaniel Mack
Ipv6 private extensions
2015-07-05login: simplify assignmentZbigniew Jędrzejewski-Szmek
2015-07-05core: fix missing bus-util.h includeDavid Herrmann
Whoopsy, forgot to 'git add' this, sorry.
2015-07-05core: don't mount kdbusfs if not wantedDavid Herrmann
Just like we conditionalize loading kdbus.ko, we should conditionalize mounting kdbusfs. Otherwise, we might run with kdbus if it is builtin, even though the user didn't want this.
2015-07-05networkd: Add support for ipv6 privacy extensionSusant Sahani
This patch add support for ipv6 privacy extensions. The variable /proc/sys/net/ipv6/conf/<if>/use_tempaddr can be changed via the boolean IPv6PrivacyExtensions=[yes/no/prefer-temporary] When true enables privacy extensions, but prefer public addresses over temporary addresses. prefer-temporary prefers temporary adresses over public addresses. Defaults to false. [Match] Name=enp0s25 [Network] IPv6PrivacyExtensions=prefer-temporary
2015-07-04bootctl: fix sdboot to systemd-bootMiguel Bernal Marin
sdboot was renamed to systemd-boot Fixes: e7dd673d1e0a ("gummiboot/sd-boot/systemd-boot: rename galore") Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
2015-07-04Merge pull request #485 from poettering/sd-bus-flush-close-unrefDavid Herrmann
sd-bus: introduce new sd_bus_flush_close_unref() call
2015-07-04core: fix coding style in agent-handlingDavid Herrmann
Avoid late bail-out based on a condition. This makes code hard to read. Instead, reverse the forwarding-condition.
2015-07-04core: harden cgroups-agent forwardingDavid Herrmann
On dbus1, we receive systemd1.Agent signals via the private socket, hence it's trusted. However, on kdbus we receive it on the system bus. We must make sure it's sent by UID=0, otherwise unprivileged users can fake it. Furthermore, never forward broadcasts we sent ourself. This might happen on kdbus, as we forward the message on the same bus we received it on, thus ending up in an endless loop.
2015-07-04busctl: flush stdout after dumping dataDavid Herrmann
Running `busctl monitor` currently buffers data for several seconds / kilobytes before writing stdout. This is highly confusing if you dump in a file, ^C busctl and then end up with a file with data of the last few _seconds_ missing. Fix this by explicitly flushing after each signal.
2015-07-03Merge pull request #484 from xnox/persistent-journalLennart Poettering
journal: in persistent mode create /var/log/journal, with all parents.
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-07-03Merge pull request #478 from ↵Daniel Mack
systemd/revert-429-nspawn-userns-uid-shift-autodetection-fix Revert "nspawn: determine_uid_shift before forking"
2015-07-03journal: in persistent mode create /var/log/journal, with all parents.Dimitri John Ledkov
systemd-journald races with systemd-tmpfiles-setup, and hence both are started at about the same time. On a bare-bones system (e.g. with empty /var, or even non-existent /var), systemd-tmpfiles will create /var/log. But it can happen too late, that is systemd-journald already attempted to mkdir /var/log/journal, ignoring the error. Thus failing to create /var/log/journal. One option, without modifiying the dependency graph is to create /var/log/journal directory with parents, when persistent storage has been requested.
2015-07-03Revert "nspawn: determine_uid_shift before forking"Lennart Poettering
2015-07-03Fix error message for enumerate addressesrinrinne
Error message for enumerating addresses was not 'addresses' but 'links'. This patch fixes it.
2015-07-03Merge pull request #473 from ↵Lennart Poettering
richardmaw-codethink/machinectl-import-earlier-than-3-15 util: fall back in rename_noreplace when renameat2 isn't implemented
2015-07-02login: add rule for qemu's pci-bridge-seatGerd Hoffmann
Qemu provides a separate pci-bridge exclusively for multi-seat setups. The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new pci-bridge-seat was specifically added to simplify guest-side multiseat configuration. It is identical to the normal pci-pci bridge, except that it has a different id (1b36:000a) so we can match it and configure multiseating automatically. Make sure we always treat this as separate seat if we detect this, just like other "Pluggable" devices. (David: write commit-message)
2015-07-02util: fall back in rename_noreplace when renameat2 isn't implementedRichard Maw
According to README we only need 3.7, and while it may also make sense to bump that requirement when appropriate, it's trivial to fall back when renameat2 is not available.
2015-07-02Merge pull request #470 from marineam/escapeZbigniew Jędrzejewski-Szmek
escape: fix exit code
2015-07-02sd-bus: don't leak kdbus notificationsDavid Herrmann
When we get notifications from the kernel, we always turn them into synthetic dbus1 messages. This means, we do *not* consume the kdbus message, and as such have to free the offset. Right now, the translation-helpers told the caller that they consumed the message, which is wrong. Fix this by explicitly releasing all kernel messages that are translated.
2015-07-01escape: fix exit codeMichael Marineau
r == 0 indicates success, not failure
2015-07-02lldp: set correct state for processingSusant Sahani
ldp_receive_frame after correct processing of the packet the state should be LLDP_AGENT_RX_WAIT_FOR_FRAME not LLDP_AGENT_RX_UPDATE_INFO.
2015-07-01Merge pull request #409 from teg/networkd-enslave-segfaultDaniel Mack
fix segfault when cancelling enslaving of links by netdevs
2015-07-02timedatectl: trim non-local RTC warning to 80 chars wideVedran Miletić
2015-07-01Merge pull request #459 from ctrochalakis/reuse-port-before-bindDaniel Mack
socket: Set SO_REUSEPORT before bind()
2015-07-01Merge pull request #463 from dvdhrm/udev-runDaniel Mack
udev: destroy manager before cleaning environment
2015-07-01udev: destroy manager before cleaning environmentDavid Herrmann
Due to our _cleanup_ usage for the udev manager, it will be destroyed after the "exit:" label has finished. Therefore, it is the last destruction done in main(). This has two side-effects: - mac_selinux is destroyed before the udev manager is, possible causing use-after-free if the manager-cleanup accesses selinux data - log_close() is called *before* the manager is destroyed, possibly re-opening the log if you use --debug (and thus not re-applying the --debug option) Avoid this by moving the manager-handling into a new function called run(). This function will be left before we enter the "exit:" label in main(), hence, the manager object will be destroyed early.
2015-07-01udevd: force --debug mode to stderrKay Sievers
https://github.com/systemd/systemd/issues/462
2015-07-01bus-proxy: never apply policy when sending signalsDavid Herrmann
Unlike dbus-daemon, the bus-proxy does not know the receiver of a broadcast (as the kernel has exclusive access on the bus connections). Hence, and "destination=" matches in dbus1 policies cannot be applied. But kdbus does not place any restrictions on *SENDING* broadcasts, anyway. The kernel never returns EPERM to KDBUS_CMD_SEND if KDBUS_MSG_SIGNAL is set. Instead, receiver policies are checked. Hence, stop checking sender policies for signals in bus-proxy and leave it up to the kernel. This fixes some network-manager bus-proxy issues where NM uses weird dst-based matches against interface-based matches. As we cannot perform dst-based matches, our bus-proxy cannot properly implement this policy.
2015-07-01login: re-use VT-sessions if they already existDavid Herrmann
Right now, if you start a session via 'su' or 'sudo' from within a session, we make sure to re-use the existing session instead of creating a new one. We detect this by reading the session of the requesting PID. However, with gnome-terminal running as a busname-unit, and as such running outside the session of the user, this will no longer work. Therefore, this patch makes sure to return the existing session of a VT if you start a new one. This has the side-effect, that you will re-use a session which your PID is not part of. This works fine, but will break assumptions if the parent session dies (and as such close your session even though you think you're part of it). However, this should be perfectly fine. If you run multiple logins on the same session, you should really know what you're doing. The current way of silently accepting it but choosing the last registered session is just weird.