Age | Commit message (Collapse) | Author |
|
Let's protect ourselves against the recently reported docker security
issue. Our man page makes clear that we do not make any security
promises anyway, but well, this one is easy to mitigate, so let's do it.
While we are at it block a couple of more syscalls that are no good in
containers, too.
|
|
|
|
|
|
This is at the suggestion of Djalal Harouni on the mailing list, and
reflects the behavior of shared/util.c:wait_for_terminate_and_warn().
|
|
Commit 113cea8 introduced a bug that caused the exit code of systemd-nspawn
to not reflect the exit code of the program executed in the container.
|
|
|
|
|
|
|
|
Otherwise the test fails because specifier_runtime() returns -ENOTSUP
when XDG_RUNTIME_DIR is not set.
|
|
|
|
|
|
strndup need to be chcked
|
|
The logic otherwise is that we leave anything preconfigured alone, but in the case of DHCP
we actually need to update it whenever the lease is renewed.
|
|
Even if we cannot renew the lease at T1, we will likely succeed at T2, so warn and ignore the failure.
This could happen if for whatever reason the received address is not yet configured, or it has
been lost.
|
|
|
|
Don't wait for IPv4LL nor DHCP to finish before setting statically configured addresses.
|
|
This adds support for DHCP options 33 and 121: Static Route and
Classless Static Route. To enable this feature, set UseRoutes=true
in .network file. Returned routes are added to the routing table.
|
|
If there are v4 or v6 specific options we can keep those in separate sections,
but for the common options, we will use only one.
Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.
|
|
Note that /proc/sys/net/ipv4/ip_dynaddr needs to be non-zero.
[tomegun: hook up DHCP renew events to increase the lifetime when necessary]
|
|
|
|
|
|
descriptor
|
|
journald.conf(5) states that the default for MaxFileSec is one month,
but the code didn't respect that.
|
|
This also make sure we remove the original coredump temporary file if we
successfully managed to compress the coredump.
|
|
Let's move things closer to journald's configuration settings, which
knows Compress= already, as a boolean. This makes things more uniform,
but also gives us more freedom to possibly swap out the used compression
algorithm one day.
|
|
This sounds overly low-level and implementation-detaily. Let's just
use the default level XZ suggests. This gives us more room to possibly
swap out the compression algorithm used, as the compression level range
will not leak into user configuration.
|
|
|
|
while we work on it
|
|
|
|
When disk space taken up by coredumps grows beyond a configured limit
start removing the oldest coredump of the user with the most coredumps,
until we get below the limit again.
|
|
|
|
|
|
|
|
|
|
reorder the code so the fstat is done before we can jump to
uncompressed
|
|
|
|
typo from 347272731e15d3c4a70fad7ccd7185e8e8059d01
|
|
Add a Rapid Commit option to Solicit messages and expect a Reply to
be received instead of an Advertise. When receiving a DHCPv6 message
from the server in state Solicit, continue testing whether the
message is a Reply. Ease up the message type checking, it's not fatal
if the message is of a wrong type.
Add helper functions to set/get the rapid commit of a lease. See
RFC 3315, sections 17., 17.1.2., 17.1.4. and 18.1.8.
|
|
Start sending Renew and Rebind DHCPv6 messages when respective timers T1
and T2 expire. Rebind messages do not include a Server ID option and the
Rebind procedure ends when the last IPv6 address valid lifetime expires,
whereafter the client restarts the address acquisition procedure by
Soliciting for available servers.
See RFC 3315, sections 18.1.3. and 18.1.4. for details.
|
|
Create a helper function to compute the remaining time in seconds from
time T2 to the IPv6 address with the longest lifetime. The computed
time is used as the Maximum Retransmission Duration in Rebinding state.
See RFC 3315, section 18.1.4. for details.
|
|
Provide a function to request more options from the DHCPv6 server.
Provide a sensible default set at startup and add test basic test
cases for the intended usage.
Define DNS and NTP related option codes and add comments for the
unassigned codes.
|
|
When a link fails or looses carrier, always stop ongoing router
solicitation and any DHCPv6 client that may be running.
|
|
In some use cases stopping an ongoing ICMPv6 discovery is more
useful than always unreferencing the whole structure.
|
|
In order to keep the refcounting working, a DONT_DESTROY macro similar
to the one in sd-bus has been added also to DHCPv6.
|
|
The stamp file for systemd --user timers was named stamp-foo.timer if
XDG_DATA_HOME was unset, but foo.timer otherwise.
|
|
|
|
Fixes the following build error:
CCLD coredumpctl
src/journal/coredumpctl.o: In function `save_core':
/src/systemd-master/src/journal/coredumpctl.c:656:
undefined reference to `decompress_stream'
collect2: error: ld returned 1 exit status
make[2]: *** [coredumpctl] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
|
|
Patch fixes some incorrect-looking code in transaction.c.
It could fix cases where Debian users with bad package configurations
had systemd go into an infinite loop printing messages about breaking an
ordering cycle, though I have not reproduced that problem myself.
transaction_verify_order_one() considers jobs/units outside current
transaction when checking whether ordering dependencies cause cycles.
It would also incorrectly try to break cycles at these jobs; this
cannot work, as the break action is to remove the job from the
transaction, which is a no-op if the job isn't part of the transaction
to begin with. The unit_matters_to_anchor() test also looks like it
would not work correctly for non-transaction jobs. Add a check to
verify that the unit is part of the transaction before considering a
job a candidate for deletion.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752259
|
|
Failure to mount cgroups with xattr should not be fatal
|
|
|