summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-12-06time-util: accept "µs" as time unit, in addition to "us" (#4836)Lennart Poettering
Let's accept "µs" as alternative time unit for microseconds. We already accept "us" and "usec" for them, lets extend on this and accept the proper scientific unit specification too. We will never output this as time unit, but it's fine to accept it, after all we are pretty permissive with time units already.
2016-12-06core: remove unused variableThomas Hindoe Paaboel Andersen
2016-12-06udev: remove duplicate flagThomas Hindoe Paaboel Andersen
One SA_RESTART is enough. Fall out from e28c7cd0665364bb910fe2cead882623c23c28ac
2016-12-05nspawn: don't hide --bind=/tmp/* mounts (#4824)Evgeny Vereshchagin
Fixes #4789
2016-12-05networkd: link_enter_configured remove assert (#4800)Susant Sahani
When we are in link_enter_configured we assume that the link->state should be LINK_STATE_SETTING_ROUTES but in some situation it's LINK_STATlE_SETTING_ADDRESSES. Just ignore the wrong state. Also since the return value not used any where make link_enter_configured return type void. Fixes: #4746
2016-12-02journal: make sure to initially populate the space info cache (#4807)Franck Bui
Make sure to populate the cache in cache_space_refresh() at least once otherwise it's possible that the system boots fast enough (and the journal flush service is finished) before the invalidate cache timeout (30 us) has expired. Fixes: #4790
2016-12-02cgroup: properly check for ignore-notfound paths (#4803)Dave Reisner
Follow-up to #4687 and e7330dfe14b1965f.
2016-12-02treewide: fix typos (#4802)Torstein Husebø
2016-12-02Merge pull request #4228 from dm0-/coreos-1554Zbigniew Jędrzejewski-Szmek
networkd: support marking links unmanaged
2016-12-01python: adjust imports, indentation, unused variables following pylint adviceZbigniew Jędrzejewski-Szmek
2016-12-01Spot inconsistent quoting (just one single quote) (#4732)Tobias Stoeckmann
It is possible to specify only one quote in udev rules, which is not detected as an invalid quoting (" instead of "" for empty string). Technically this doesn't lead to a bug, because the string ends in two terminating nul characters at this position, but a user should still be reminded that his configuration is invalid.
2016-12-01networkd: support marking links unmanagedDavid Michael
2016-12-01Update boot.c (#4780)Yassine Imounachen
2016-12-01util-lib: rename CHASE_NON_EXISTING → CHASE_NONEXISTENTLennart Poettering
As suggested by @keszybz
2016-12-01nspawn: improve log messagesLennart Poettering
When complaining about the inability to resolve a path, show the full path, not just the relative one. As suggested by @keszybz.
2016-12-01nspawn: optionally, automatically allocated --bind=/--overlay source from ↵Lennart Poettering
/var/tmp This extends the --bind= and --overlay= syntax so that an empty string as source/upper directory is taken as request to automatically allocate a temporary directory below /var/tmp, whose lifetime is bound to the nspawn runtime. In combination with the "+" path extension this permits a switch "--overlay=+/var::/var" in order to use the container's shipped /var, combine it with a writable temporary directory and mount it to the runtime /var of the container.
2016-12-01nspawn: permit prefixing of source paths in --bind= and --overlay= with "+"Lennart Poettering
If a source path is prefixed with "+" it is taken relative to the container's root directory instead of the host. This permits easily establishing bind and overlay mounts based on data from the container rather than the host. This also reworks custom_mounts_prepare(), and turns it into two functions: one custom_mount_check_all() that remains in nspawn.c but purely verifies the validity of the custom mounts configured. And one called custom_mount_prepare_all() that actually does the preparation step, sorts the custom mounts, resolves relative paths, and allocates temporary directories as necessary.
2016-12-01tree-wide: set SA_RESTART for signal handlers we installLennart Poettering
We already set it in most cases, but make sure to set it in all others too, and document that that's a good idea.
2016-12-01nspawn: add ability to configure overlay mounts to .nspawn filesLennart Poettering
Fixes: #4634
2016-12-01nspawn: split out overlayfs argument parsing into a function of its ownLennart Poettering
Add overlay_mount_parse() similar in style to tmpfs_mount_parse() and bind_mount_parse().
2016-12-01nspawn: use -ENOMEM instead of log_oom() in one caseLennart Poettering
The function is of the "library" kind and doesn't log ENOMEM in all other cases, hence fix the one outlier.
2016-12-01nspawn: make use of CHASE_NON_EXISTING when locking imageLennart Poettering
If --template= is used on an image, then the image might not exist initially. We can use CHASE_NON_EXISTING to properly lock the image already before it exists. Let's do so.
2016-12-01nspawn: use the new CHASE_NON_EXISTING flag when resolving mount pointsLennart Poettering
This restores the ability to implicitly create files/directories to mount specified mount points on.
2016-12-01fs-util: add new CHASE_NON_EXISTING flag to chase_symlinks()Lennart Poettering
This new flag controls whether to consider a problem if the referenced path doesn't actually exist. If specified it's OK if the final file doesn't exist. Note that this permits one or more final components of the path not to exist, but these must not contain "../" for safety reasons (or, to be extra safe, neither "./" and a couple of others, i.e. what path_is_safe() permits). This new flag is useful when resolving paths before issuing an mkdir() or open(O_CREAT) on a path, as it permits that the file or directory is created later. The return code of chase_symlinks() is changed to return 1 if the file exists, and 0 if it doesn't. The latter is only returned in case CHASE_NON_EXISTING is set.
2016-12-01fs-util: add flags parameter to chase_symlinks()Lennart Poettering
Let's remove chase_symlinks_prefix() and instead introduce a flags parameter to chase_symlinks(), with a flag CHASE_PREFIX_ROOT that exposes the behaviour of chase_symlinks_prefix().
2016-12-01fs-util: change chase_symlinks() behaviour in regards to escaping the root dirLennart Poettering
Previously, we'd generate an EINVAL error if it is attempted to escape a root directory with relative ".." symlinks. With this commit this is changed so that ".." from the root directory is a NOP, following the kernel's own behaviour where /.. is equivalent to /. As suggested by @keszybz.
2016-12-01test-fs-util: add a test case with repeated ".." parts that would escape the ↵Zbigniew Jędrzejewski-Szmek
root
2016-12-01nspawn: use chase_symlinks() on all paths specified via --tmpfs=, --bind= ↵Lennart Poettering
and so on Fixes: #2860
2016-12-01fs-util: add chase_symlinks_prefix() and extend commentsLennart Poettering
chase_symlinks() currently expects a fully qualified, absolute path, relative to the host's root as first argument. Which is useful in many ways, and similar to the paths unlink(), rename(), open(), … expect. Sometimes it's however useful to first prefix the specified path with the specified root directory. Add a new call chase_symlinks_prefix() for this, that is a simple wrapper.
2016-12-01nspawn: coding style: don't mix variable declarations and function callsLennart Poettering
2016-12-01nspawn: use realloc_multiply() where it makes senseLennart Poettering
2016-12-01nspawn: accept --ephemeral --template= as alternative for --ephemeral ↵Lennart Poettering
--directory= As suggested in PR #3667. This PR simply ensures that --template= can be used as alternative to --directory= when --ephemeral is used, following the logic that for ephemeral options the source directory is actually a template. This does not deprecate usage of --directory= with --ephemeral, as I am not convinced the old logic wouldn't make sense. Fixes: #3667
2016-12-01nspawn: properly handle image/directory paths that are symlinksLennart Poettering
This resolves any paths specified on --directory=, --template=, and --image= before using them. This makes sure nspawn can be used correctly on symlinked images and directory trees. Fixes: #2001
2016-12-01tree-wide: stop using canonicalize_file_name(), use chase_symlinks() insteadLennart Poettering
Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-12-01core: make unit_free() accept NULL pointersLennart Poettering
We generally try to make our destructors robust regarding NULL pointers, much in the same way as glibc's free(). Do this also for unit_free(). Follow-up for #4748.
2016-11-30systemctl: fix 'is-enabled' exit status on failure when executed in chroot ↵Franck Bui
(#4773)
2016-11-30As per use case we should allow ForwardDelaySec to be set as 0 (#4765)Susant Sahani
So let's set ForwardDelaySec to USEC_INFINITY . Reference: https://wiki.linuxfoundation.org/networking/bridge#does-dhcp-work-overthrough-a-bridge
2016-11-30Merge pull request #4745 from joukewitteveen/notifyEvgeny Vereshchagin
Improvements for notify services (including #4212)
2016-11-29service: new NotifyAccess= value for control processes (#4212)Jouke Witteveen
Setting NotifyAccess=exec allows notifications coming directly from any control process.
2016-11-29bus-util: add protocol error type explanationJouke Witteveen
2016-11-29cgroup: support prefix "-" in cgroups whitelisting entries (#4687)Dongsu Park
So far systemd-nspawn container has been creating files under /run/systemd/inaccessible, no matter whether it's running in user namespace or not. That's fine for regular files, dirs, socks, fifos. However, it's not for block and character devices, because kernel doesn't allow them to be created under user namespace. It results in warnings at booting like that: ==== Couldn't stat device /run/systemd/inaccessible/chr Couldn't stat device /run/systemd/inaccessible/blk ==== Thus we need to have the cgroups whitelisting handler to silently ignore a file, when the device path is prefixed with "-". That's exactly the same convention used in directives like ReadOnlyPaths=. Also insert the prefix "-" to inaccessible entries.
2016-11-29ima: Write the policy filename into IMA's sysfs policy file (#4766)Stefan Berger
IMA validates file signatures based on the security.ima xattr. As of Linux-4.7, instead of copying the IMA policy into the securityfs policy, the IMA policy pathname can be written, allowing the IMA policy file signature to be validated. This patch modifies the existing code to first attempt to write the pathname, but on failure falls back to copying the IMA policy contents.
2016-11-29service: prevent registering control pids as the main pidJouke Witteveen
We assume a process can be only one of the two in service_sigchld_event.
2016-11-29service: only fail notify services on empty cgroup during startJouke Witteveen
We stay in the SERVICE_START while no READY=1 notification message has been received. When we are in the SERVICE_START_POST state, we have already received a ready notification. Hence we should not fail when the cgroup becomes empty in that state.
2016-11-28Merge pull request #4761 from fsateler/python3Martin Pitt
Explicitly use python3 everywhere
2016-11-28networkd: move event loop handling out of the manager (#4723)Tom Gundersen
This will allow us to have several managers sharing an event loop and running in parallel, as if they were running in separate processes. The long term-aim is to allow networkd to be split into separate processes, so restructure the code to make this simpler. For now we drop the exit-on-idle logic, as this was anyway severely restricted at the moment. Once split, we will revisit this as it may then make more sense again.
2016-11-28Use python3 explicitly in all python scriptsFelipe Sateler
2016-11-28socket-proxyd: Introduced dynamic connection limit via an option. (#4749)(GalaxyMaster)
2016-11-28udevd: check correct return value of fcntl() (#4758)Daniel Wagner
This looks like a copy&paste error from the code block above.
2016-11-27device: Avoid calling unit_free(NULL) in device setup logic (#4748)Dave Reisner
Since a581e45ae8f9bb5c, there's a few function calls to unit_new_for_name which will unit_free on failure. Prior to this commit, a failure would result in calling unit_free with a NULL unit, and hit an assertion failure, seen at least via device_setup_unit: Assertion 'u' failed at src/core/unit.c:519, function unit_free(). Aborting. Fixes #4747 https://bugs.archlinux.org/task/51950