summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-08-26selinux: fix regression of systemctl subcommands when absolute unit file ↵HATAYAMA Daisuke
paths are specified The commit 4938696301a914ec26bcfc60bb99a1e9624e3789 overlooked the fact that unit files can be specified as unit file paths, not unit file names, wrongly passing a unit file path to the 1st argument of manager_load_unit() that handles it as a unit file name. As a result, the following 4 systemctl subcommands: enable disable reenable link mask unmask fail with the following error message: # systemctl enable /usr/lib/systemd/system/kdump.service Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid. # systemctl disable /usr/lib/systemd/system/kdump.service Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid. # systemctl reenable /usr/lib/systemd/system/kdump.service Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid. # cp /usr/lib/systemd/system/kdump.service /tmp/ # systemctl link /tmp/kdump.service Failed to execute operation: Unit name /tmp/kdump.service is not valid. # systemctl mask /usr/lib/systemd/system/kdump.service Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid. # systemctl unmask /usr/lib/systemd/system/kdump.service Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid. To fix the issue, first check whether a unit file is passed as a unit file name or a unit file path, and then pass the unit file to the appropreate argument of manager_load_unit(). By the way, even with this commit mask and unmask reject unit file paths as follows and this is a correct behavior: # systemctl mask /usr/lib/systemd/system/kdump.service Failed to execute operation: Invalid argument # systemctl unmask /usr/lib/systemd/system/kdump.service Failed to execute operation: Invalid argument
2015-08-26Merge pull request #1043 from phomes/masterDaniel Mack
test-util: fix a memleak
2015-08-25Merge pull request #1039 from poettering/nspawn-machine-templateDaniel Mack
nspawn: make sure --template= and --machine= my be combined
2015-08-25Merge pull request #1038 from poettering/coredumpctl-directoryDaniel Mack
Add --directory= option for reading alternate journal
2015-08-25Merge pull request #1040 from poettering/cgroup-path-fixDaniel Mack
fix "systemctl status idontexist.service" showing the full cgroup tree
2015-08-25test-util: fix a memleakThomas Hindoe Paaboel Andersen
2015-08-25resolve: fix regression in dns-scopeDaniel Mack
Bring back a return statement 106784eb errornously removed. Thanks to @phomes for reporting.
2015-08-25Merge pull request #1041 from phomes/masterDaniel Mack
trivial cleanups
2015-08-25Merge pull request #1034 from poettering/resolved-fixes-2Daniel Mack
various resolved fixes
2015-08-25machinectl: remove unused variableThomas Hindoe Paaboel Andersen
2015-08-25execute: make the invalid entry of the enum -1Thomas Hindoe Paaboel Andersen
Set _EXEC_UTMP_MODE_INVALID to -1. This matches the return value from string_table_lookup.
2015-08-25core: report root cgroup as "/" over the busLennart Poettering
Internally, the root cgroup is stored as the empty string in Unit.cgroup_path, and "no cgroup" as NULL. Unfortunately, D-Bus does not know a NULL concept, hence when reporting the cgroup to clients we should turn the root cgroup into "/", and leave the empty string for the "no cgroup" case. This should make sure that "systemctl status -- -.slice" works correctly and shows the entire cgroup tree.
2015-08-25Revert "systemctl: properly handle empty control group paths in "status""Lennart Poettering
This reverts commit b04c25f9ef6359ed0ae403bdbfe4df840aba0f58.
2015-08-25nspawn: make sure --template= and --machine= my be combinedLennart Poettering
Fixes #1018. Based on a patch from Seth Jennings.
2015-08-25coredumpctl: Add --directory option for reading alternate journalStef Walter
In the Cockpit integration tests we hang onton the journal files for a failed test and would like to inspect them using coredumpctl. This commit adds the ability to specify an alternate directory for coredumpctl to read the journal from.
2015-08-25resolved: add comments to DNS_PACKET_MAKE_FLAGS() clarifying DNS vs LLMNRLennart Poettering
Some flags are defined differently on unicast DNS and LLMNR, let's document this in the DNS_PACKET_MAKE_FLAGS() macro.
2015-08-25resolved: make packet flags logic more expressive againLennart Poettering
This partially reverts 106784ebb7b303ae471851100a773ad2aebf5b80, ad readds separate DNS_PACKET_MAKE_FLAGS() invocations for the LLMNR and DNS case. This is important since SOme flags have different names and meanings on LLMNR and on DNS and we should clarify that via the comments and how we put things together.
2015-08-25resolved: rename DNS UDP socket to 'dns_udp_fd'Lennart Poettering
This hopefully makes this a bit more expressive and clarifies that the fd is not used for the DNS TCP socket. This also mimics how the LLMNR UDP fd is named in the manager object.
2015-08-25bus-util: make more properties settable in --property=Lennart Poettering
Add a couple of new properties to the supported set we can pass in systemd-run's and systemd-nspawn's --property= switch.
2015-08-25core: drop spurious new lineLennart Poettering
2015-08-25machine: policykit string fixesLennart Poettering
2015-08-25Merge pull request #1022 from poettering/machinectl-shellTom Gundersen
Add new "machinectl shell" command for su(1)-like behaviour
2015-08-25Merge pull request #1029 from jsynacek/unprivileged-wall-message-v2Lennart Poettering
logind/systemctl: introduce SetWallMessage and --message
2015-08-25resolved: allow dns_cache_put() without a questionDaniel Mack
Currently, dns_cache_put() does a number of things: 1) It unconditionally removes all keys contained in the passed question before adding keys from the newly arrived answers. 2) It puts positive entries into the cache for all RRs contained in the answer. 3) It creates negative entries in the cache for all keys in the question that are not answered. Allow passing q = NULL in the parameters and skip 1) and 3), so we can use that function for mDNS responses. In this case, the question is irrelevant, we are interested in all answers we got.
2015-08-25sd-network: make LLMNR specific config parser genericDaniel Mack
Rename the enum, the lookup functions and the parser for LLMNRSupport so the type can be reused for mDNS.
2015-08-25resolved: move assertionDaniel Mack
Make a scope with invalid protocol state fail as soon as possible.
2015-08-25resolved: use switch-case statements for protocol detailsDaniel Mack
With more protocols to come, switch repetitive if-else blocks with a switch-case statements.
2015-08-25logind/systemctl: introduce SetWallMessage and --messageJan Synacek
Enable unprivileged users to set wall message on a shutdown operation. When the message is set via the --message option, it is logged together with the default shutdown message. $ systemctl reboot --message "Applied kernel updates." $ journalctl -b -1 ... systemd-logind[27]: System is rebooting. (Applied kernel updates.) ...
2015-08-25resolved: remove runtime check for previously asserted conditionDaniel Mack
2015-08-24resolved: change error code when trying to resolve direct LLMNR PTR RRsLennart Poettering
If we try to resoolve an LLMNR PTR RR we shall connect via TCP directly to the specified IP address. We already refuse to do this if the address to resolve is of a different address family as the transaction's scope. The error returned was EAFNOSUPPORT. Let's change this to ESRCH which is how we indicate "not server available" when connecting for LLMNR or DNS, since that's what this really is: we have no server we could connect to in this address family. This allows us to ensure that no server errors are always handled the same way.
2015-08-24resolve-host: support parsing numeric interface namesLennart Poettering
If the user specifies an interface by its ifindex we should handle this nicely. Hence let's try to parse the ifindex as a number before we try to resolve it as an interface name.
2015-08-24resolved: remove duplicate handling of "no servers" query resultLennart Poettering
So far we handled immediate "no server" query results differently from "no server" results we ran into during operation: the former would cause the dns_query_go() call to fail with ESRCH, the later would result in the query completion callback to be called. Remove the duplicate codepaths, by always going through the completion callback. This allows us to remove quite a number of lines for handling the ESRCH. This commit should not alter behaviour at all.
2015-08-24resolved: replace transaction list by hashmapLennart Poettering
Right now we keep track of ongoing transactions in a linked listed for each scope. Replace this by a hashmap that is indexed by the RR key. Given that all ongoing transactions will be placed in pretty much the same scopes usually this should optimize behaviour. We used to require a list here, since we wanted to do "superset" query checks, but this became obsolete since transactions are now single-key instead of multi-key.
2015-08-24machinectl: extend the "shell" syntax to take user@container namesLennart Poettering
In order to make "machinectl shell" more similar to ssh, allow the following syntax to connect to a container under a specific username: machinectl shell lennart@fedora Also beefs up related man page documentation.
2015-08-24machinectl: make machine name parameters for "shell" and "login" optionalLennart Poettering
If no machine name is specified, imply that we connect to ".host", i.e. the local host.
2015-08-24machined: beef up PolicyKit actionsLennart Poettering
Introduce separate actions for creating login or shell sessions for the local host or a local container. By default allow local unprivileged clients to create new login sessions (which is safe, since getty will ask for username and authentication). Also, imply login privs from shell privs, as well as shell and login privs from manage privs.
2015-08-24systemctl: properly handle empty control group paths in "status"Lennart Poettering
When showing the status of the "-.slice" slice root unit (whose reported cgroup path is ""), we suppressed the cgroup tree so far, because skipped it for all unit with an empty cgroup path. Let's fix that, and properly handle the empty cgroup path.
2015-08-24machined: userns is only supported for container-class machinesLennart Poettering
We do not support userns for VM machines or for the host itself.
2015-08-24machinectl: don't show ".host" pseudo-machine in list by defaultLennart Poettering
Let's hide all machines whose name begins with "." by default, thus hiding the ".host" pseudo-machine, unless --all is specified. This takes inspiration from the ".host" image handling in "machinectl list-images" which also hides all images whose name starts with ".".
2015-08-24machined: introduce pseudo-machine ".host" refererring to the host systemLennart Poettering
Some of the operations machined/machinectl implement are also very useful when applied to the host system (such as machinectl login, machinectl shell or machinectl status), hence introduce a pseudo-machine by the name of ".host" in machined that refers to the host system, and may be used top execute operations on the host system with. This copies the pseudo-image ".host" machined already implements for image related commands. (This commit also adds a PK privilege for opening a PTY in a container, which was previously not accessible for non-root.)
2015-08-24machined: validate machine names at more placesLennart Poettering
When enumerating machines from /run, and when accepting machine names for operations, be more strict and always validate. Note that these checks are strictly speaking unnecessary, since enumeration happens only on the trusted /run...
2015-08-24util: make machine_name_is_valid() a macro and move it to hostname-util.hLennart Poettering
As it turns out machine_name_is_valid() does the exact same thing as hostname_is_valid() these days, as it just invoked that and checked the name length was < 64. However, hostname_is_valid() checks the length against HOST_NAME_MAX anyway (which is 64 on Linux), hence any additional check is redundant. We hence replace machine_name_is_valid() by a macro that simply maps it to hostname_is_valid() but sets the allow_trailing_dot parameter to false. We also move this this call to hostname-util.h, to the same place as the hostname_is_valid() declaration.
2015-08-24util: make hostname_is_valid() easier to readLennart Poettering
Add more comments, and rename some parameters and variables to be more expressive.
2015-08-24machined: always look for leader PID firstLennart Poettering
When looking for the machine belonging to a PID, always look for the leader first, only then fall back to a cgroup check. We keep direct track of the leader PID, but only indirectly of the cgroup, hence prefer the PID.
2015-08-24machinectl: add new "machinectl shell" commandLennart Poettering
This makes use of machined's new OpenShell() command and allows opening a new interactive shell in any container.
2015-08-24machined: add new OpenShell() bus callLennart Poettering
This new bus call opens an interactive shell in a container. It works like the existing OpenLogin() call, but does not involve getty, and instead opens an arbitrary command line. This is similar to "systemd-run -t -M" but is controlled by a specific PolicyKit privilege.
2015-08-24core: open up more executable properties via the busLennart Poettering
This is preparation for a later commit that makes use of these properties for spawning an interactive shell in a container.
2015-08-24core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entriesLennart Poettering
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS and USER_PROCESS entries, instead of just a single INIT_PROCESS entry. With this change systemd may be used to not only invoke a getty directly in a SysV-compliant way but alternatively also a login(1) implementation or even forego getty and login entirely, and invoke arbitrary shells in a way that they appear in who(1) or w(1). This is preparation for a later commit that adds a "machinectl shell" operation to invoke a shell in a container, in a way that is compatible with who(1) and w(1).
2015-08-24Merge pull request #1012 from gentoo-root/masterTom Gundersen
sd-device: fix enumeration of devices without subsystem
2015-08-24sd-bus: don't list activators as proper peersDavid Herrmann
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the bus. Hence, we should not treat it as proper peer. To actually query it, you have to explicitly ask for activators. This makes kdbus in-line with what dbus-daemon does.