summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-01-15nspawn,machined: change default container image location from ↵Lennart Poettering
/var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".
2015-01-15import: rename "gpt" disk image type to "raw"Lennart Poettering
After all, nspawn can now dissect MBR partition levels, too, hence ".gpt" appears a misnomer. Moreover, the the .raw suffix for these files is already pretty popular (the Fedora disk images use it for example), hence sounds like an OK scheme to adopt.
2015-01-15test-path: do not skip tests if we are not rootRonny Chevalier
We can properly run the tests without being root
2015-01-15test-exec: do not skip all the testsRonny Chevalier
Only 5 tests cannot be executed if we are not root, so just skip them but not the whole set.
2015-01-15spawn: downgrade loopback detach errors to debugLennart Poettering
Sometimes udev or some other background daemon might keep the loopback devices busy while we already want to detach them. Downgrade the warning about it. Given that we use autodetach downgrading these messages should be with little risk.
2015-01-15nspawn: add support for limited dissecting of MBR disk images with nspawnLennart Poettering
With this change nspawn's -i switch now can now make sense of MBR disk images too - however only if there's only a single, bootable partition of type 0x83 on the image. For all other cases we cannot really make sense from the partition table alone. The big benefit of this change is that upstream Fedora Cloud Images can now be booted unmodified with systemd-nspawn: # wget http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz # unxz Fedora-Cloud-Base-20141203-21.x86_64.raw.xz # systemd-nspawn -i Fedora-Cloud-Base-20141203-21.x86_64.raw -b Next stop: teach the import logic to automatically download these images, uncompress and verify them.
2015-01-14nspawn: pass the container's init PID out via sd_notify()Lennart Poettering
This is useful for nspawn managers that want to learn when nspawn is finished with initialiuzation, as well what the PID of the init system in the container is.
2015-01-14nspawn: fix an incorrect assert comparisonLennart Poettering
2015-01-14loginctl: fix misuse compound literalsLennart Poettering
The lifetime of compound literals is bound to the local scope, we hence cannot refernce them outside of it.
2015-01-14sd-bus: tell Coverity that it's OK not to care for return values in some casesLennart Poettering
2015-01-14nspawn: add file system locks for controlling access to container imagesLennart Poettering
This adds three kinds of file system locks for container images: a) a file system lock next to the actual image, in a .lck file in the same directory the image is located. This lock has the benefit of usually being located on the same NFS share as the image itself, and thus allows locking container images across NFS shares. b) a file system lock in /run, named after st_dev and st_ino of the root of the image. This lock has the advantage that it is unique even if the same image is bind mounted to two different places at the same time, as the ino/dev stays constant for them. c) a file system lock that is only taken when a new disk image is about to be created, that ensures that checking whether the name is already used across the search path, and actually placing the image is not interrupted by other code taking the name. a + b are read-write locks. When a container is booted in read-only mode a read lock is taken, otherwise a write lock. Lock b is always taken after a, to avoid ABBA problems. Lock c is mostly relevant when renaming or cloning images.
2015-01-14sysv-generator: always use fstatat() if we canLennart Poettering
2015-01-14sysv-generator: fix memory leak on failureLennart Poettering
This fixes a memory leak introduced by 1ed0c19f81fd13cdf283c6def0168ce122a853a9
2015-01-14machinectl: fix minor memory leakLennart Poettering
2015-01-14pty: minor modernizationLennart Poettering
We initialize structs during declartion if possible
2015-01-14machined: use the FS_IMMUTABLE_FL file flag, if available, to implement a ↵Lennart Poettering
"read-only" concept for raw disk images, too
2015-01-14util: the chattr flags field is actually unsigned, judging by kernel sourcesLennart Poettering
Unlike some client code suggests...
2015-01-14ptyfw: add missing error checkLennart Poettering
2015-01-14nspawn: remove the right propagation directoryLennart Poettering
2015-01-14test: hashmap_put behaviour for equal keysMartin Pitt
Check string ops hashmap_put() for keys with a different pointer but the same value.
2015-01-13machinectl: use GNU basename, not the XPG versionCristian Rodríguez
2015-01-13refcnt: refcnt is unsigned, fix comparisonsTom Gundersen
This does not make a difference, but the code was confusing.
2015-01-13nspawn: --help typo fixLennart Poettering
2015-01-13networkd: propagate IPFoward= per-interface setting also to ↵Lennart Poettering
/proc/sys/net/ipv4/ip_forward We need to turn on /proc/sys/net/ipv4/ip_forward before the per-interface forwarding setting is useful, hence let's propagate the per-interface setting once to the system-wide setting. Due to the unclear ownership rules of that flag, and the fact that turning it on also has effects on other sysctl flags we try to minimize changes to the flag, and only turn it on once. There's no logic to turning it off again, but this should be fairly unproblematic as the per-interface setting defaults to off anyway.
2015-01-13udev: make use of new one_zero() helper where appropriateLennart Poettering
2015-01-13networkd: make IP forwarding for IPv4 and IPv6 individually configurableLennart Poettering
2015-01-13networkd: rename misnamed booleanLennart Poettering
2015-01-13networkd: introduce an AddressFamilyBoolean enum typeLennart Poettering
This introduces am AddressFamilyBoolean type that works more or less like a booleaan, but can optionally turn on/off things for ipv4 and ipv6 independently. THis also ports the DHCP field over to it.
2015-01-13journald: allow zero length datagrams againLennart Poettering
This undoes a small part of 13790add4bf648fed816361794d8277a75253410 which was erroneously added, given that zero length datagrams are OK, and hence zero length reads on a SOCK_DGRAM be no means mean EOF.
2015-01-13nspawn: add "-n" shortcut for "--network-veth"Lennart Poettering
Now that networkd's IP masquerading support means that running containers with "--network-veth" will provide network access out of the box for the container, let's add a shortcut "-n" for it, to make it easily accessible.
2015-01-13fw-util: fix errno typo for !HAVE_LIBIPTCDaniel Mack
2015-01-13machined: refuse certain operation on non-container machines, since they ↵Lennart Poettering
cannot work elsewhere
2015-01-13import: make sure we don't mangle file ownerships with the local passwd ↵Lennart Poettering
database when untarring
2015-01-13nspawn: add new option "--port=" for exposing container ports on the local hostLennart Poettering
This exposes an IP port on the container as local port using DNAT.
2015-01-13networkd: add minimal IP forwarding and masquerading support to .network filesLennart Poettering
This adds two new settings to networkd's .network files: IPForwarding=yes and IPMasquerade=yes. The former controls the "forwarding" sysctl setting of the interface, thus controlling whether IP forwarding shall be enabled on the specific interface. The latter controls whether a firewall rule shall be installed that exposes traffic coming from the interface as coming from the local host to all other interfaces. This also enables both options by default for container network interfaces, thus making "systemd-nspawn --network-veth" have network connectivity out of the box.
2015-01-13shared: add minimal firewall manipulation helpers for establishing NAT ↵Lennart Poettering
rules, using libiptc
2015-01-13core: Fix EACCES check for OOM adjustmentsMartin Pitt
Commit 3bd5c3 added a check for EACCES, but missed the minus sign.
2015-01-12udev: link_config - modernize a bit and fix leakesTom Gundersen
Not all of the link_config struct was getting freed.
2015-01-12network-intenal: user _cleanup_ macro in parse_ifnameTom Gundersen
2015-01-12core/mount: remove "fail" againZbigniew Jędrzejewski-Szmek
deb6120920 'man: there's actually no "fail" fstab option, but only "nofail" removed it from our documentation, which I missed. fstab(5) only mentions "auto", "noauto", and "nofail". Stick to those three.
2015-01-12sd-bus: sync kdbus.h (API break)Daniel Mack
Just a simple variable rename, and a dropped flag that sd-bus didn't make use of.
2015-01-12core/mount: use isempty() to check for empty stringsDaniel Mack
strempty() will return an empty string in case the input parameter is a NULL pointer. The correct test to check for an empty string is isempty(), so use that instead. This fixes a regression from commit 17a1c59 ("core/mount: filter out noauto,auto,nofail,fail options").
2015-01-11udev: Add builtin/rule to export evdev information as udev propertiesCarlos Garnacho
This rule is only run on tablet/touchscreen devices, and extracts their size in millimeters, as it can be found out through their struct input_absinfo. The first usecase is exporting device size from tablets/touchscreens. This may be useful to separate policy and application at the time of mapping these devices to the available outputs in windowing environments that don't offer that information as readily (eg. Wayland). This way the compositor can stay deterministic, and the mix-and-match heuristics are performed outside. Conceivably, size/resolution information can be changed through EVIOCSABS anywhere else, but we're only interested in values prior to any calibration, this rule is thus only run on "add", and no tracking of changes is performed. This should only remain a problem if calibration were automatically applied by an earlier udev rule (read: don't). v2: Folded rationale into commit log, made a builtin, set properties on device nodes themselves v3: Use inline function instead of macro for mm. size calculation, use DECIMAL_STR_MAX, other code style issues v4: Made rule more selective v5: Minor style issues, renamed to a more generic builtin, refined rule further.
2015-01-11fstab-util: fix priority parsing and add testZbigniew Jędrzejewski-Szmek
2015-01-11shared/util: respect buffer boundary on incomplete escape sequencesZbigniew Jędrzejewski-Szmek
cunescape_length_with_prefix() is called with the length as an argument, so it cannot rely on the buffer being NUL terminated. Move the length check before accessing the memory. When an incomplete escape sequence was given at the end of the buffer, c_l_w_p() would read past the end of the buffer. Fix this and add a test.
2015-01-11core/load-fragment: avoid allocating 0 bytes when given an invalid commandZbigniew Jędrzejewski-Szmek
With a command line like "@/something" we would allocate an array with 0 elements. Avoid that, and add a test too.
2015-01-11test-unit-file: don't access out-of-bounds memoryZbigniew Jędrzejewski-Szmek
Fixes an error introduced by me when the test was added.
2015-01-11core/mount: filter out noauto,auto,nofail,fail optionsZbigniew Jędrzejewski-Szmek
We passed the full option string from fstab to /bin/mount. It would in turn pass the full option string to its helper, if it needed to invoke one. Some helpers would ignore things like "nofail", but others would be confused. We could try to get all helpers to ignore those "meta-options", but it seems better to simply filter them out. In our model, /bin/mount simply has no business in knowing whether the mount was configured as fail or nofail, auto or noauto, in the fstab. If systemd tells invokes a command to mount something, and it fails, it should always return an error. It seems cleaner to filter out the option, since then there's no doubt how the command should behave. https://bugzilla.redhat.com/show_bug.cgi?id=1177823
2015-01-11Support negated fstab optionsZbigniew Jędrzejewski-Szmek
We would ignore options like "fail" and "auto", and for any option which takes a value the first assignment would win. Repeated and options equivalent to the default are rarely used, but they have been documented forever, and people might use them. Especially on the kernel command line it is easier to append a repeated or negated option at the end.
2015-01-11cryptsetup-generator: remove duplicated functionZbigniew Jędrzejewski-Szmek