summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-15tmpfiles: automatically remove old machine snapshots at bootLennart Poettering
Remove old temporary snapshots, but only at boot. Ideally we'd have "self-destroying" btrfs snapshots that go away if the last last reference to it does. To mimic a scheme like this at least remove the old snapshots on fresh boots, where we know they cannot be referenced anymore. Note that we actually remove all temporary files in /var/lib/machines/ at boot, which should be safe since the directory has defined semantics. In the root directory (where systemd-nspawn --ephemeral places snapshots) we are more strict, to avoid removing unrelated temporary files. This also splits out nspawn/container related tmpfiles bits into a new tmpfiles snippet to systemd-nspawn.conf
2015-06-15tmpfiles: make sure "R" lines also remove subvolumesLennart Poettering
2015-06-15util: when creating temporary file names, allow including extra id string in itLennart Poettering
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(), tempfn_ranomd_child(). If non-NULL this string is included in the middle of the newly created file name. This is useful for being able to distuingish the kind of temporary file when we see one. This also adds tests for the three call. For now, we don't make use of this at all, but port all users over.
2015-06-15btrfs-util: when snapshotting make sure we don't descent into subvolumes we ↵Lennart Poettering
just created We already had a safety check in place that we don't end up descending to the original subvolume again, but we also should avoid descending in the newly created one. This is particularly important if we make a snapshot below its source, like we do in "systemd-nspawn --ephemeral -D /". Closes https://bugs.freedesktop.org/show_bug.cgi?id=90803
2015-06-15firewall: rename fw-util.[ch] → firewall-util.[ch]Daniel Mack
The names fw-util.[ch] are too ambiguous, better rename the files to firewall-util.[ch]. Also rename the test accordingly.
2015-06-15Merge pull request #180 from ronnychevalier/rc/coverity_cid_1304686Lennart Poettering
login: fix potential null pointer dereference
2015-06-15Merge pull request #205 from endocode/iaguis/seccomp-v2Lennart Poettering
nspawn: make seccomp loading errors non-fatal
2015-06-15nspawn: make seccomp loading errors non-fatalIago López Galeiras
seccomp_load returns -EINVAL when seccomp support is not enabled in the kernel [1]. This should be a debug log, not an error that interrupts nspawn. If the seccomp filter can't be set and audit is enabled, the user will get an error message anyway. [1]: http://man7.org/linux/man-pages/man2/prctl.2.html
2015-06-15login: fix potential null pointer dereferenceRonny Chevalier
Fix CID 1304686: Dereference after null check (FORWARD_NULL) However, this commit does not fix any bug in logind. It helps to keep the elect_display_compare() function generic.
2015-06-14Merge pull request #144 from teg/udev-spawn-log-less-2Kay Sievers
udevd: event - don't log about failures of spawn processes when this …
2015-06-14Merge pull request #196 from dvdhrm/bus-map-propsTom Gundersen
tree-wide: fix memory leaks in users of bus_map_all_properties()
2015-06-14tree-wide: fix memory leaks in users of bus_map_all_properties()David Herrmann
If you use bus_map_all_properties(), you must be aware that it might touch output variables even though it may fail. This is, because we parse many different bus-properties and cannot tell how to clean them up, in case we fail deep down in the parser. Fix all callers of bus_map_all_properties() to correctly cleanup any context structures at all times.
2015-06-14test-netlink-manual: typo fixThomas Hindoe Paaboel Andersen
No functional change, but looked weird.
2015-06-14Merge pull request #183 from ssahani/netDavid Herrmann
Improve tun/tap logging by using the new log_*errno*() functions that set 'errno' explicitly. Also fix a bunch of incorrect errno/r confusions.
2015-06-14Merge pull request #189 from teg/rtnl-renameDavid Herrmann
Rename sd_rtnl to sd_netlink to prepare for further netlink-protocol support. Anything rtnl specific still uses the sd_rtnl prefix, but the generic parts (including the bus and message objects) are now called sd_netlink.
2015-06-14networkd: tuntap improve loggingSusant Sahani
Replaces strerror() usage with log_netdev_error_errno()
2015-06-13sd-netlink: socket - move some functions from main source fileTom Gundersen
2015-06-13sd-netlink: message - split up source fileTom Gundersen
Split netlink-socket.c and rtnl-message.c from netlink-message.c.
2015-06-13sd-netlink: drop the write-queueTom Gundersen
AF_NETLINK is not write-buffered, so this was actually never used.
2015-06-13sd-netlink: rename from sd-rtnlTom Gundersen
2015-06-12Merge pull request #167 from keszybz/line-oriented-ima-setupkeszybz
ima-setup: write policy one line at a time
2015-06-12selinux: whitespace fixesLennart Poettering
2015-06-12Merge pull request #173 from mischief/ipforwarding-3Lennart Poettering
IPForwarding=kernel v3
2015-06-12core: fix CID 996302Susant Sahani
CID 996302: Error handling issues (CHECKED_RETURN)
2015-06-11networkd: create "kernel" setting for IPForwardingNick Owens
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report.
2015-06-11Merge pull request #171 from teg/rtnl-broadcast-2David Herrmann
sd-rtnl: make joining broadcast groups implicit
2015-06-11sd-rtnl: make joining broadcast groups implicitTom Gundersen
2015-06-11Merge pull request #143 from teg/networkd-packets-per-slave-modeLennart Poettering
networkd: bond - only set packets_per_slave on balance-rr mode
2015-06-11Merge pull request #156 from filbranden/journal_leading_whitespaceLennart Poettering
journald: do not strip leading whitespace from messages
2015-06-11kmod-setup: don't print warning on -ENOSYSDaniel Mack
-ENOSYS is returned from kmod_module_probe_insert_module() if a module isn't available, not -ENOENT. Don't spit out a warning in that case unless the warn_if_unavailable flag is set. Also factor out the condition into an own variable for better readability.
2015-06-11sd-rtnl: use netlink header rather than ucred in socket_recv_message()Tom Gundersen
Lets us simplify the function and drop SO_PASSCRED. Thanks to Alexander Larsson and David Herrmann.
2015-06-11ima-setup: write policy one line at a timeZbigniew Jędrzejewski-Szmek
ima_write_policy() expects data to be written as one or more rules, no more than PAGE_SIZE at a time. Easiest way to ensure that we are not splitting rules is to read and write one line at a time. https://bugzilla.redhat.com/show_bug.cgi?id=1226948
2015-06-11kmod-setup: when we fail to load a kmod, log the error causeLennart Poettering
(Also, downgrade message from LOG_ERROR to LOG_WARNING, after all we don't care much and just proceed)
2015-06-11core: Let two more booleans survive a daemon-reloadWerner Fink
Without the boolean bus_name_good services as well as cgroup_realized for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID will be terminated if systemd will be daemon reloaded. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746151 https://bugs.freedesktop.org/show_bug.cgi?id=78311 https://bugzilla.opensuse.org/show_bug.cgi?id=934077
2015-06-11Merge pull request #158 from ssahani/netLennart Poettering
Net
2015-06-11Merge pull request #160 from kaysievers/libsplitDaniel Mack
build-sys: split internal basic/ library from shared/
2015-06-11Merge pull request #150 from poettering/journal-no-recv-loopLennart Poettering
journald: don't employ inner loop for reading from incoming sockets
2015-06-11build-sys: split internal basic/ library from shared/Kay Sievers
basic/ can be used by everything cannot use anything outside of basic/ libsystemd/ can use basic/ cannot use shared/ shared/ can use libsystemd/
2015-06-11sd-network: fix CID 1306198Susant Sahani
2015-06-11networkd: improve loggingSusant Sahani
Replace strerror() usage with log_netdev_error_errno()
2015-06-11networkd: macvlan improve loggingSusant Sahani
Replace strerror() usage with log_netdev_error_errno()
2015-06-10journald: do not strip leading whitespace from messagesFilipe Brandenburger
Keep leading whitespace for compatibility with older syslog implementations. Also useful when piping formatted output to the `logger` command. Keep removing trailing whitespace. Tested with `pstree | logger` and checking that the output of `journalctl | tail` included aligned and formatted output. Confirmed that all test cases still pass as expected.
2015-06-11Merge pull request #3 from threatgrid/more_cgtop_enhancementsLennart Poettering
cgtop enhancements for easier machine-readable output
2015-06-10cgtop: IO readings are valid if any data is available, even if unchanged ↵Charles Duffy
since last tick Emit "0" rather than "-" if no change in IO values are seen for a process since last tick, so long as accounting has registered content at all.
2015-06-11Merge pull request #6 from xnox/drop-nameLennart Poettering
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
2015-06-10Merge pull request #148 from teg/sd-network-raceLennart Poettering
sd-network: allow the state dir to be created after the monitor
2015-06-10Merge pull request #151 from mischief/dns-shared-3Lennart Poettering
move dns code from resolve to shared v3
2015-06-10bus: we now support path_namespace=/David Herrmann
Our bloom-filters support root-path matching. Make sure we properly add the path_namespace= tag.
2015-06-10bus: fix pattern matchingDavid Herrmann
DBus-spec defines two different pattern matchings: 1) Path and namespace prefix matching. In this case, A matches B either if both are equal, or if B is fully included in the namespace of A. In other words, A has to be a prefix of B, but end with a separator character (or the following character in B must be one). This is used for path_namespace= and arg0namespace= 2) The other pattern matching is used for arg0path= which does a two-way matching. That is, A must be a prefix of B, or B a prefix of A. Furthermore, the prefix must end with a separator. Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_' prefixes don't make any sense now, but.. eh..
2015-06-10bus: fix test-bus-kerne-bloom.c to match properlyDavid Herrmann
Make sure we actually verify our match-rules are executed properly. Right now all we test is the bloom-matches, which are non-reliable as they leave through false-positives.