summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-05-06core: don't implicit open missing socket fds on daemon reloadLennart Poettering
Previously, when the daemon was reloaded and the configuration of a socket unit file was changed so that a different set of socket ports was defined for the socket we'd simply reopen the socket fds not yet open. This is problematic however, as this means the SOCKET_CHOWN state is not run for them, and thus their UID/GID is not corrected. With this change, don't open the missing file descriptors, but log about this issue, and ask the user to restart the socket explicit, to make sure all missing fds are opened. Fixes: #3171
2016-05-06core: split out selinux label retrieval logic into a function of its ownLennart Poettering
This should bring no behavioural change.
2016-05-06Merge pull request #3201 from ssahani/net-wordLennart Poettering
networkd lib: cleanup FOREACH_WORD
2016-05-06networkd: route fix commentSusant Sahani
2016-05-06networkd: cleanup FOREACH_WORDSusant Sahani
2016-05-05Merge pull request #3190 from poettering/logind-fixesZbigniew Jędrzejewski-Szmek
2016-05-06Merge pull request #3198 from poettering/trigger-timeout-defaultsEvgeny Vereshchagin
change trigger timeout defaults
2016-05-05logind: drop pointless UINT64_C() macro useLennart Poettering
2016-05-05logind: enforce a limit on inhibitors we hand outLennart Poettering
For similar reasons as the recent addition of a limit on sessions. Note that we don't enforce a limit on inhibitors per-user currently, but there's an implicit one, since each inhibitor takes up one fd, and fds are limited via RLIMIT_NOFILE, and the limit on the number of processes per user.
2016-05-05logind: expose more configuration settings as bus propertiesLennart Poettering
2016-05-05logind: don't include session lists in PropertyChanged messagesLennart Poettering
If we have a lot of simultaneous sessions we really shouldn't send the full list of active sessions with each PropertyChanged message for user and seat objects, as that can become quite substantial data, we probably shouldn't dump on the bus on each login and logout. Note that the global list of sessions doesn't send out changes like this either, it only supports requesting the session list with ListSessions(). If cients want to get notified about sessions coming and going they should subscribe to SessionNew and SessionRemoved signals, and clients generally do that already. This is kind of an API break, but then again the fact that this was included was never documented.
2016-05-05logind: process session/inhibitor fds at higher priorityLennart Poettering
Let's make sure we process session and inhibitor pipe fds (that signal sessions/inhibtors going away) at a higher priority than new bus calls that might create new sessions or inhibitors. This helps ensuring that the number of open sessions stays minimal.
2016-05-05logind: enforce a limit on current user sessionsLennart Poettering
We really should put limits on all resources we manage, hence add one to the number of concurrent sessions, too. This was previously unbounded, hence set a relatively high limit of 8K by default. Note that most PAM setups will actually invoke pam_systemd prefixed with "-", so that the return code of pam_systemd is ignored, and the login attempt succeeds anyway. On systems like this the session will be created but is not tracked by systemd.
2016-05-05core: fix owner user/group output in socket dumpLennart Poettering
The unit file settings are called SocketUser= and SocketGroup= hence name these fields that way in the "systemd-analyze dump" output too. https://github.com/systemd/systemd/issues/3171#issuecomment-216216995
2016-05-05core: change default trigger limits for socket unitsLennart Poettering
Let's lower the default values a bit, and pick different defaults for Accept=yes and Accept=no sockets. Fixes: #3167
2016-05-05test-networkd-conf: fix memleakThomas Hindoe Paaboel Andersen
2016-05-05networkd: fix memleak in config_parse_duid_rawdataThomas Hindoe Paaboel Andersen
2016-05-05Trivial network cleanup (#3196)Thomas H. P. Andersen
* gitignore: typo fix for test-networkd-conf * networkd: fix double include
2016-05-04Merge pull request #3156 from keszybz/duid-settingsLennart Poettering
Rework DUID setting
2016-05-04treewide: fix typos (#3187)Torstein Husebø
2016-05-04Merge pull request #3170 from poettering/v230-preparation-fixesLennart Poettering
make virtualization detection quieter, rework unit start limit logic, detect unit file drop-in changes correctly, fix autofs state propagation
2016-05-03Merge pull request #3185 from NetworkManager/lr/unhappy-trieZbigniew Jędrzejewski-Szmek
Fix incorrect string deduplication in udev
2016-05-03strbuf: set the proper character when creating new nodesLubomir Rintel
Commit 82501b3fc added an early break when a terminal node is found to incorrect place -- before setting c. This caused trie to be built that does not correspond to what it points to in buffer, causing incorrect deduplications: # cat /etc/udev/rules.d/99-bug.rules ENV{FOO}=="0" ENV{xx0}=="BAR" ENV{BAZ}=="00" # udevadm test * RULE /etc/udev/rules.d/99-bug.rules:1, token: 0, count: 2, label: '' M ENV match 'FOO' '0'(plain) * RULE /etc/udev/rules.d/99-bug.rules:2, token: 2, count: 2, label: '' M ENV match 'xx0' 'BAR'(plain) * RULE /etc/udev/rules.d/99-bug.rules:3, token: 4, count: 2, label: '' M ENV match 'BAZ' 'x0'(plain) * END The addition of "xx0" following "0" will cause a trie like this to be created: c=\0 c=0 "0" c=0 "xx0" <-- note the c is incorrect here, causing "00" to be c=O "FOO" deduplicated to it c=R "BAR" This in effect caused the usb_modeswitch rule for Huawei modems to never match and this never be switched to serial mode from mass storage.
2016-05-03udev: fix build with DEBUG=1Lubomir Rintel
Alternatively, this could perhaps be removed since it was broken for a long time and noone seemed to care. But it was helpful for me today.
2016-05-03Merge pull request #3183 from crawford/preset-arrayZbigniew Jędrzejewski-Szmek
install: cache the presets before evaluating
2016-05-03networkd: Add support to configure IPv6 preferred lifetime (#3102)Susant Sahani
Closes #2166. We only allow 0, infinity and forever. infinity and forever is same.
2016-05-03Merge pull request #3132 from ssahani/route-tableZbigniew Jędrzejewski-Szmek
networkd: add support to set route table
2016-05-03Merge pull request #3173 from poettering/dnssec-incapdns-fixZbigniew Jędrzejewski-Szmek
Dnssec incapdns fix
2016-05-03install: cache the presets before evaluatingAlex Crawford
The previous implementation traversed the various config directories, walking the preset files and parsing each line to determine if a service should be enabled or disabled. It did this for every service which resulted in many more file operations than neccessary. This approach parses each of the preset entries into an array which is then used to check if each service should be enabled or disabled.
2016-05-03test-dnssec: drop unused variableLennart Poettering
(zjs: the tree is now back to 0b2abe0f034f7f2d8654adb11b516d1090ec9a9c.)
2016-05-03Merge pull request #2921 from keszybz/do-not-report-masked-units-as-changedZbigniew Jędrzejewski-Szmek
2016-05-03Revert "Do not report masked units as changed (#2921)"Zbigniew Jędrzejewski-Szmek
This reverts commit 6d10d308c6cd16528ef58fa4f5822aef936862d3. It got squashed by mistake.
2016-05-03Revert "test-dnssec: drop unused variable"Zbigniew Jędrzejewski-Szmek
This reverts commit 0bed31c1038c439cc5956fb44017ba28e503095b.
2016-05-03Merge pull request #3111 from poettering/nspawn-remove-vethZbigniew Jędrzejewski-Szmek
2016-05-03Revert "nspawn: explicitly remove veth links after use (#3111)"Zbigniew Jędrzejewski-Szmek
This reverts commit d2773e59de3dd970d861e9f996bc48de20ef4314. Merge got squashed by mistake.
2016-05-03networkd: add support to set route tableSusant Sahani
networkd: add support to set route table 1. add support to configure the table id. if id is less than 256 we can fit this in the header of route as netlink property is a char. But in kernel this proepty is a unsigned 32. Hence if greater that 256 add this as RTA_TABLE attribute. 2. we are not setting the address family now. Now set this property.
2016-05-03sd-netlink: introduce route attribute set APISusant Sahani
Introduce 1. sd_rtnl_message_route_set_table to set table ID 2. sd_rtnl_message_route_set_family to set family Both required to configure route properties.
2016-05-03sd-netlink: fix sd_netlink_message_append_dataSusant Sahani
Also remove the braces add_rtattr not required.
2016-05-03network: get rid of DUID_TYPE_RAWZbigniew Jędrzejewski-Szmek
It wasn't used for anything after the recent changes.
2016-05-03test-networkd-conf: add tests for the parsing functionsZbigniew Jędrzejewski-Szmek
2016-05-03networkd: rework duid_{type,duid_type,duid,duid_len} settingZbigniew Jędrzejewski-Szmek
Separate fields are replaced with a struct. Second second duid type field is removed. The first field was used to carry the result of DUIDType= configuration, and the second was either a copy of this, or contained the type extracted from DuidRawData. The semantics are changed so that the type specified in DUIDType is always used. DUIDRawData= no longer overrides the type setting. The networkd code is now more constrained than the sd-dhcp code: DUIDRawData cannot have 0 length, length 0 is treated the same as unsetting. Likewise, it is not possible to set a DUIDType=0. If it ever becomes necessary to set type=0 or a zero-length duid, the code can be changed to support that. Nevertheless, I think that's unlikely. This addresses #3127 § 1 and 3. v2: - rename DUID.duid, DUID.duid_len to DUID.raw_data, DUID.raw_data_len
2016-05-03dh-dhcp{,6}-client: change the semantics of DUID settingZbigniew Jędrzejewski-Szmek
Both versions of the code are changed to allow the caller to override DUID using simple rules: duid type and value may be specified, in which case the caller is responsible to providing the contents, or just duid type may be specified as DUID_TYPE_EN, in which case we we fill in the values. In the future more support for other types may be added, e.g. DUID_TYPE_LLT. There still remains and ugly discrepancy between dhcp4 and dhcp6 code: dhcp6 has sd_dhcp6_client_set_duid and sd_dhcp6_client_set_iaid and requires client->state to be DHCP6_STATE_STOPPED, while dhcp4 has sd_dhcp_client_set_iaid_duid and will reconfigure the client if it is not stopped. This commit doesn't touch that part. This addresses #3127 § 2.
2016-05-03dhcp-identifier: un-inline dhcp_validate_duid_lenZbigniew Jędrzejewski-Szmek
After all it is used in more than one place and is not that short. Also tweak the test a bit: - do not check that duid_len > 0, because we want to allow unknown duid types, and there might be some which are fine with 0 length data, (also assert should not be called from library code), - always check that duid_len <= MAX_DUID_LEN, because we could overwrite available buffer space otherwise.
2016-05-03sd-dhcp: change uint8_t *duid to const void*Zbigniew Jędrzejewski-Szmek
2016-05-03sd-dhcp{,6}-client: use standard indentation for functions argsZbigniew Jędrzejewski-Szmek
2016-05-02locale: Language fallbacks for fr_(BE|CA|CH|LU) to fr_FR (#3178)Sylvain Plantefève
2016-05-02Merge pull request #3162 from keszybz/alias-refusalLennart Poettering
Refuse Alias, DefaultInstance, templated units in install (as appropriate)
2016-05-02Merge pull request #3153 from poettering/async-cloneZbigniew Jędrzejewski-Szmek
machined: make "clone" asynchronous, and support copy-based fall-back
2016-05-02resolved: work around broken DNS zones set up by incapdns.netLennart Poettering
incapdns.net returns NXDOMAIN for the SOA of the zone itself but is not a terminal. This is against the specs, but we really should be able to deal with this. Previously, when verifying whether an NXDOMAIN response for a SOA/NS lookup is rightfully unsigned we'd issue a SOA lookup for the parent's domain, to derive the state from that. If the parent SOA would get an NXDOMAIN, we'd continue upwards, until we hit a signed top-level domain, which suggests that the domain actually exists. With this change whenver we need to authenticate an NXDOMAIN SOA reply, we'll request the DS RR for the zone first, and use for validation, since that this must be from the parent's zone, not the incorrect lower zone. Fixes: #2894
2016-05-02automount: move resetting of expiry timeout to automount_set_state()Lennart Poettering
that way we can be sure that there's no expiry timeout in place at any time when we aren't in the RUNNING state.