summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-01-21import: support downloading bzip2-encoded imagesLennart Poettering
This way, we can import CoreOS images unmodified.
2015-01-21journal: Fix syslog forwarding without CAP_SYS_ADMINChristian Seiler
In case CAP_SYS_ADMIN is missing (like in containers), one cannot fake pid in struct ucred (uid/gid are fine if CAP_SETUID/CAP_SETGID are present). Ensure that journald will try again to forward the messages to syslog without faking the SCM_CREDENTIALS pid (which isn't guaranteed to succeed anyway, since it also does the same thing if the process has already exited). With this patch, journald will no longer silently discard messages that are supposed to be sent to syslog in these situations. https://bugs.debian.org/775067
2015-01-21import: also add verification support to tar importerLennart Poettering
2015-01-21import: make verification code generic, in preparation for using it pull-tarLennart Poettering
2015-01-21import: improve loggingLennart Poettering
2015-01-21import: show download speed while downloadingLennart Poettering
2015-01-21import: add image verification using gpgLennart Poettering
This also adds an initial keyring for the verification, that contains Ubuntu's and Fedora's key. We should probably add more entries sooner or later.
2015-01-20nspawn: work around kernel bug with partition table probing on loopback devicesLennart Poettering
When we set up a loopback device with partition probing, the udev "change" event about the configured device is first passed on to userspace, only the the in-kernel partition prober is started. Since partition probing fails with EBUSY when somebody has the device open, the probing frequently fails since udev starts probing/opening the device as soon as it gets the notification about it, and it might do so earlier than the kernel probing. This patch adds a (hopefully temporary) work-around for this, that compares the number of probed partitions of the kernel with those of blkid and synchronously asks for reprobing until the numebrs are in sync. This really deserves a proper kernel fix.
2015-01-20import: add a couple of additional suffixes to remove from raw imagesLennart Poettering
2015-01-20import: make image verification optionalLennart Poettering
2015-01-20sd-dhcp6-client: Remove unnecessary debug printoutPatrik Flykt
2015-01-20import: add a simple scheme for validating the SHA256 sums of downloaded raw ↵Lennart Poettering
files
2015-01-20import: be less aggressive when allocating memory for downloaded payloadLennart Poettering
2015-01-20import: improve logging a bitLennart Poettering
2015-01-20import: port pull-raw to helper tools implemented for pull-tarLennart Poettering
This allows us to reuse a lot more code, and simplify pull-raw drastically.
2015-01-20import: add support for pulling raw tar balls as containersLennart Poettering
Ubuntu provides their cloud images optionally as tarball, hence also support downloading those.
2015-01-20util: make http url validity checks more generic, and move them to util.cLennart Poettering
2015-01-20networkd: fix a typo in networkd-wait-online-manager.Rami Rosen
subscibe->subscribe
2015-01-19man: add networkctl(1)Zbigniew Jędrzejewski-Szmek
2015-01-20nspawn: add ipvlan supportTom Gundersen
2015-01-19networkd: netdev - add ipvlan supportTom Gundersen
2015-01-19systemctl: do not show dots with --plainZbigniew Jędrzejewski-Szmek
Plain implies a ... "plain" output. Also do not say "No jobs" with --no-legend. We skip reporting the number of jobs with --no-legend if there are any, and 0 is also a number, and should be skipped.
2015-01-19nspawn: support dissecting GPT images that contain only a single generic ↵Lennart Poettering
linux partition This should allow running Ubuntu UEFI GPT Images with nspawn, unmodified.
2015-01-19import: clarify when we are unpacking the qcow2 deviceLennart Poettering
2015-01-19inspawn: wait until udev has probed a loopback device before making us of itLennart Poettering
2015-01-19import: make sure don't leak the LZMA contextLennart Poettering
2015-01-19machined: refer to the disk space allocated for an image to "usage" rather ↵Lennart Poettering
than "size" After all, it's closer to the "du"-reported value than to the file sizes...
2015-01-19qcow2: when dissecting qcow2, use btrfs clone ioctls for reflinking blocks ↵Lennart Poettering
to target
2015-01-19import: when downloading raw files, show simple progress reportsLennart Poettering
2015-01-19import: simplify the code a bitLennart Poettering
2015-01-19import-raw: when downloading raw images, generate sparse files if we canLennart Poettering
2015-01-19import-raw: set NOCOW flag on all raw images we createLennart Poettering
2015-01-19systemctl: fix import-environment description, trim help to 80 colsZbigniew Jędrzejewski-Szmek
2015-01-19journalctl: trim --help to fit in 80 columnsZbigniew Jędrzejewski-Szmek
Terminals tend to be 80 columns wide by default, and the help text is only supposed to be a terse reminder anyway. https://bugzilla.redhat.com/show_bug.cgi?id=1183771
2015-01-19cgroup: fix typoDaniel Mack
2015-01-18Move DEFINE_TRIVIAL_CLEANUP_FUNC to macro.hZbigniew Jędrzejewski-Szmek
This remove the need for various header files to include the (relatively heavyweight) util.h.
2015-01-18Add initialization helper for file_handle_unionZbigniew Jędrzejewski-Szmek
2015-01-18bus: drop systemd.kdbus_attach_flags_mask= cmdlineDavid Herrmann
There is no reason to provide our own attach_flags_mask. We can simply rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod. If it's set, we assume the user wants to override our setting, so we simply skip setting it.
2015-01-18core: write kdbus.attach_flags_mask only on real bootDavid Herrmann
The kernel module system is not namespaced, so no container should ever modify global options. Make sure we set the kdbus attach_flags_mask only on a real boot as PID1.
2015-01-18libudev: fix check for too long packetTopi Miettinen
Don't use recvmsg(2) return value to check for too long packets (it doesn't work) but MSG_TRUNC flag. (David: add parantheses around condition)
2015-01-18util: replace RUN_WITH_LOCALE with extended locale functionsCristian Rodríguez
There were two callers, one can use strtod_l() and the other strptime_l(). (David: fix up commit-msg and coding-style)
2015-01-18timesyncd: consider too long packets as invalidTopi Miettinen
If the received NTP message from server didn't fit to our buffer, either it is doing something nasty or we don't know the protocol. Consider the packet as invalid. (David: add parantheses around conditional)
2015-01-18bus-proxy: don't pretend everyone is rootDavid Herrmann
While it's a lovely scenario, it's probably not really useful. Fix our GetConnectionUnixUser() to return the actual 'euid' which we asked for, not the possible uninitialized 'uid'.
2015-01-18Revert "test-exec: do not skip all the tests"David Herrmann
This reverts commit 68e68ca8106e7cd874682ae425843b48579c6539. We *need* root access to create cgroups. The only exception is if it is run from within a cgroup with "Delegate=yes". However, this is not always true and we really shouldn't rely on this. If your terminal runs from within a systemd --user instance, you're fine. Everyone else is not (like running from ssh, VTs, and so on..).
2015-01-18bus: fix SD_BUS_CREDS_AUGMENT on kdbus queriesDavid Herrmann
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we can lookup further information from /proc. However, we *must* set SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never actually copy the pid into "sd_bus_creds". Fix this, so SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by the caller.
2015-01-18bus: fix typoDavid Herrmann
Fix comment typo and clarify that this is not about privileges but can have rather arbitrary reasons.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-18bus-proxy: fake all UIDs/GIDs, not just the real UID/GIDDavid Herrmann
Make sure we tell the kernel to fake all UIDs/GIDs. Otherwise, the remote side has no chance of querying our effective UID (which is usually what they're interested in).
2015-01-18bus-proxy: fix bus-uid trackingDavid Herrmann
We need to implicitly allow HELLO from users with the same uid as the bus. Fix the bus-uid tracking to use the original uid, not the uid after privilege-dropping.
2015-01-18logind: hide 'self' links if not availableDavid Herrmann
If the caller does not run in a session/seat or has no tracked user, hide the /org/freedesktop/login1/.../self links in introspection data. Otherwise, "busctl tree org.freedesktop.login1" tries to query those nodes even though it cant.