summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-12-14core: add ability to define arbitrary bind mounts for servicesLennart Poettering
This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-12-14namespace: instead of chasing mount symlinks a priori, do so as-we-goLennart Poettering
This is relevant as many of the mounts we try to establish only can be followed when some other prior mount that is a prefix of it is established. Hence: move the symlink chasing into the actual mount functions, so that we do it as late as possibly but as early as necessary. Fixes: #4588
2016-12-14core: rename BindMount structure → MountEntryLennart Poettering
After all, these don#t strictly encapsulate bind mounts anymore, and we are preparing this for adding arbitrary user-defined bind mounts in a later commit, at which point this would become really confusing. Let's clean this up, rename the BindMount structure to MountEntry, so that it is clear that it can contain information about any kind of mount.
2016-12-14namespace: add explicit read-only flagLennart Poettering
This reworks handling of the read-only management for mount points. This will become handy as soon as we add arbitrary bind mount support (which comes in a later commit).
2016-12-13namespace: reindent protect_system_strict_table[] as wellLennart Poettering
All other tables got reindented, but one was forgotten. Fix that.
2016-12-13core: hook up MountFlags= to the transient unit logicLennart Poettering
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making MountFlags= to the list of properties that may be accessed transiently.
2016-12-13sd-id128: id128_write overwrites target fileEvgeny Vereshchagin
2016-12-13machine-id-setup: `--print --commit` respects the --root optionEvgeny Vereshchagin
2016-12-13core: machine_id_setup overwrites broken machine-idEvgeny Vereshchagin
2016-12-13nspawn: when getting SIGCHLD make sure it's from the first child (#4855)Andrey Ulanov
When getting SIGCHLD we should not assume that it was the first child forked from system-nspawn that has died as it may also be coming from an orphan process. This change adds a signal handler that ignores SIGCHLD unless it came from the first containerized child - the real child. Before this change the problem can be reproduced as follows: $ sudo systemd-nspawn --directory=/container-root --share-system Press ^] three times within 1s to kill container. [root@andreyu-coreos ~]# { true & } & [1] 22201 [root@andreyu-coreos ~]# Container root-fedora-latest terminated by signal KILL
2016-12-12Merge pull request #4771 from keszybz/udev-property-orderingMartin Pitt
Udev property ordering
2016-12-12Merge pull request #4867 from keszybz/catalog-messagesLennart Poettering
Catalog message improvements
2016-12-11hwdb: emit warning when matches are specified at the very end of fileZbigniew Jędrzejewski-Szmek
This is also an error, but it wasn't caught. [/tmp/tmp.YWeKax4fMI/etc/udev/hwdb.d/10-bad.hwdb:26] Property expected, ignoring record with no properties
2016-12-11basic/log: CODE_FUNCTION → CODE_FUNCZbigniew Jędrzejewski-Szmek
systemd.journal-fields(7) documents CODE_FUNC=. Internally, we were inconsistent: sd_journal_print uses CODE_FUNC=, log.h has CODE_FUNCTION=, python-systemd and bootchart also used CODE_FUNC=, when they were internal. Most external projects use sd_journal_* functions, so CODE_FUNC=, python-systemd still uses CODE_FUNC=, as does systemd-bootchart, and independent reimplementations in golang-github-coreos-go-systemd, qtbase, network manager, glib, pulseaudio. Hence, I don't think there's much choice.
2016-12-11share/log: change log_syntax from "[a:b] " to "a:b: "Zbigniew Jędrzejewski-Szmek
Those square brackets don't fit how our other messages look like; we use colons everywhere else. The "[a:b]" format was originally added in ed5bcfbe3c3b68e59242c03649eea03a9707d318, and remained unchanged for 7 years, but in the meantime other conventions evolved. The new version is also one character shorter. [/etc/systemd/system/systemd-networkd.service.d/override.conf:2] Failed to parse sec value, ignoring: ... ↓ /etc/systemd/system/systemd-networkd.service.d/override.conf:2: Failed to parse sec value, ignoring: ...
2016-12-11basic/log: merge two big log_struct_internal invocations into oneZbigniew Jędrzejewski-Szmek
We can take advantage of the fact a NULL argument terminates the list.
2016-12-11Merge pull request #4859 from keszybz/networkdLennart Poettering
Networkd man page update and fixes for the fallout
2016-12-11Merge pull request #4864 from keszybz/build-sysLennart Poettering
Fix some build issues and warnings
2016-12-11Merge pull request #4861 from keszybz/dissect-tweaksLennart Poettering
A prettification of the dissect code, mkosi and TODO updates
2016-12-11pid1,catalog: use a different MESSAGE_ID for user manager startupZbigniew Jędrzejewski-Szmek
This add a new message id for the end of user instance startup. User manager startup is a different beast then the system startup. Their descriptions are completely different too. Let's just separate them. Partially fixes #3351. Also remove "successful" from the description, since we don't know if the startup was successful or not.
2016-12-11basic/extract-word,man: clarify "correction" of invalid escapesZbigniew Jędrzejewski-Szmek
Our warning message was misleading, because we wouldn't "correct" anything, we'd just ignore unkown escapes. Update the message. Also, print just the extracted word (which contains the offending sequences) in the message, instead of the whole line. Fixes #4697.
2016-12-11pid1: remove unnecessary counterZbigniew Jędrzejewski-Szmek
The loop must terminate after at most three iterations anyway.
2016-12-10shared/firewall-util: remove warning about net/if.h workaroundZbigniew Jędrzejewski-Szmek
This is already fixed upstream, so warning is not useful. Let's keep the workaround until the fix has percolated downstream.
2016-12-10journal: fix warning about LZ4_compress_limitedOutputZbigniew Jędrzejewski-Szmek
2016-12-10dissect: assume GPT_ROOT_SECONDARY_VERITY is defined when GPT_ROOT_SECONDARY isZbigniew Jędrzejewski-Szmek
We define those macros, and there's no reason to have one without the other.
2016-12-10build-sys: define arm as secondary architecture for arm64Zbigniew Jędrzejewski-Szmek
Completely unstested. Fixes #4862.
2016-12-10Merge pull request #4835 from poettering/unit-name-printfZbigniew Jędrzejewski-Szmek
Various specifier resolution fixes.
2016-12-10Merge pull request #4795 from poettering/dissectZbigniew Jędrzejewski-Szmek
Generalize image dissection logic of nspawn, and make it useful for other tools.
2016-12-10nspawn: add missing -E to getopt_long (#4860)Wim de With
2016-12-09networkd: check that VTI/VTI6 tunnels have a local addressZbigniew Jędrzejewski-Szmek
Otherwise we'd fail with an assertion: Assertion 't->family == AF_INET' failed at ../src/network/netdev/tunnel.c:244, function netdev_vti_fill_message_create(). Aborting.
2016-12-09networkd: tighten parsing of Tunnel addressesZbigniew Jędrzejewski-Szmek
When assigning addresses, we'd set the family, and later verify that the address on the other end has the same family. But when the address was specified as "any", we'd simply unset the family. Instead, only unset the family if both addresses are wiped. Also, don't bother setting family = AF_UNSPEC, since it's the default (0).
2016-12-09networkd: use log_netdev_error in a two more placesZbigniew Jędrzejewski-Szmek
2016-12-09networkd: do not print ": Success" in debug messageZbigniew Jędrzejewski-Szmek
%m isn't useful in success path.
2016-12-09pid1: simplify the logic in two statements related to killing processesZbigniew Jędrzejewski-Szmek
Generally non-inverted conditions are nicer, and ternary operators with complex conditions are a bit hard to read. No functional change.
2016-12-09tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853)Reverend Homer
2016-12-08Merge pull request #4686 from poettering/machine-id-app-specificZbigniew Jędrzejewski-Szmek
Add new "khash" API and add new sd_id128_get_machine_app_specific() function
2016-12-07network: fix const qualifier (#4849)David Michael
Follow up for #4809.
2016-12-07nspawn: resolv.conf might not be created initially (#4799)Franck Bui
This might happen that resolv.conf is missing in a minimal rootfs and in this case the following warning is emitted: Failed to mount n/a on /mnt/etc/resolv.conf (MS_BIND ""): No such file or directory This patch fixes this case.
2016-12-07Merge pull request #4843 from joukewitteveen/protocolLennart Poettering
Go through stop_post on failure (#4770)
2016-12-07dissect: add DISSECT_IMAGE_DISCARD_ANY maskZbigniew Jędrzejewski-Szmek
This makes the code to set arg_flags much more readable.
2016-12-07network: support negation in matching patterns (#4809)David Michael
2016-12-07core: add a note clarifying that we should be careful when adding new specifiersLennart Poettering
2016-12-07core: deprecate %c, %r, %R specifiersLennart Poettering
%c and %r rely on settings made in the unit files themselves and hence resolve to different values depending on whether they are used before or after Slice=. Let's simply deprecate them and drop them from the documentation, as that's not really possible to fix. Moreover they are actually redundant, as the same information may always be queried from /proc/self/cgroup and /proc/1/cgroup. (Accurately speaking, %R is actually not broken like this as it is constant. However, let's remove all cgroup-related specifiers at once, as it is also redundant, and doesn't really make much sense alone.)
2016-12-07tests: let's make function tables static/constLennart Poettering
2016-12-07core: add specifier expansion to ReadOnlyPaths= and friendsLennart Poettering
Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-07core: add specifier expansion to RequiresMountsFor=Lennart Poettering
This might be useful for some people, for example to pull in mounts for paths including the machine ID or hostname.
2016-12-07core: turn on specifier expansion for more unit file settingsLennart Poettering
Let's permit specifier expansion at a numbre of additional fields, where arbitrary strings might be passed where this might be useful one day. (Or at least where there's no clear reason where it wouldn't make sense to have.)
2016-12-07core: use unit_full_printf() at a couple of locations we used ↵Lennart Poettering
unit_name_printf() before For settings that are not taking unit names there's no reason to use unit_name_printf(). Use unit_full_printf() instead, as the names are validated anyway in one form or another after expansion.
2016-12-07core: resolve more specifiers in unit_name_printf()Lennart Poettering
unit_name_printf() is usually what we use when the resulting string shall qualify as unit name, and it hence avoids resolving specifiers that almost certainly won't result in valid unit names. Add a couple of more specifiers that unit_full_printf() resolves also to the list unit_name_printf() resolves, as they are likely to be useful in valid unit names too. (Note that there might be cases where this doesn't hold, but we should still permit this, as more often than not they are safe, and if people want to use them that way, they should be able to.)
2016-12-07core: move specifier expansion out of service.c/socket.cLennart Poettering
This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061