summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-11networkd: create "kernel" setting for IPForwardingNick Owens
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report.
2015-06-11Merge pull request #6 from xnox/drop-nameLennart Poettering
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
2015-06-10Merge pull request #148 from teg/sd-network-raceLennart Poettering
sd-network: allow the state dir to be created after the monitor
2015-06-10Merge pull request #151 from mischief/dns-shared-3Lennart Poettering
move dns code from resolve to shared v3
2015-06-10bus: we now support path_namespace=/David Herrmann
Our bloom-filters support root-path matching. Make sure we properly add the path_namespace= tag.
2015-06-10bus: fix pattern matchingDavid Herrmann
DBus-spec defines two different pattern matchings: 1) Path and namespace prefix matching. In this case, A matches B either if both are equal, or if B is fully included in the namespace of A. In other words, A has to be a prefix of B, but end with a separator character (or the following character in B must be one). This is used for path_namespace= and arg0namespace= 2) The other pattern matching is used for arg0path= which does a two-way matching. That is, A must be a prefix of B, or B a prefix of A. Furthermore, the prefix must end with a separator. Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_' prefixes don't make any sense now, but.. eh..
2015-06-10bus: fix test-bus-kerne-bloom.c to match properlyDavid Herrmann
Make sure we actually verify our match-rules are executed properly. Right now all we test is the bloom-matches, which are non-reliable as they leave through false-positives.
2015-06-10bus: fix arg0path= two-way matchingDavid Herrmann
DBus spec clearly defines arg0path= to be a two-way matching. That is, either the matcher or the matchee can be a prefix of the other to match. This is not possible to implement with bloom-filters. Instead, we'd have to add a separate filter for each prefix. This is non-trivial, though. Hence, just skip the match for now and match locally.
2015-06-10bus: fix bloom_add_prefixes() to add all required dataDavid Herrmann
Lets look at an example where we add arg0="/foo/bar/waldo" to a bloom-filter. The following strings are added: "arg0:/foo/bar/waldo" "arg0-slash-prefix:/foo/bar" "arg0-slash-prefix:/foo" Two problems arise: 1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly states that equal strings are also considered prefixes. However, in the bloom-match, we can only provide a single match-filter. Therefore, we have to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in the bloom-mask of the message. Hence, this patch makes sure bloom_add_prefixes() adds the full path as prefix, too. 2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path does prefix-matching with the trailing slash _included_, unlike path_namespace= matches, which does *not* include them. This is inconsistent, but we have to support the specs. Therefore, we must add prefixes with _and_ without trailing separators. Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with the trailing slash included. The final set of strings added therefore is: "arg0:/foo/bar/waldo" "arg0-slash-prefix:/foo/bar/waldo" "arg0-slash-prefix:/foo/bar/" "arg0-slash-prefix:/foo/bar" "arg0-slash-prefix:/foo/" "arg0-slash-prefix:/foo" "arg0-slash-prefix:/"
2015-06-10libsystemd-network: use domain validation instead of hostname validation for ↵Nick Owens
dhcp domain option previously hostname_is_valid was used to validate domain names, which would silently drop perfectly valid dns names that were longer than a single dns label.
2015-06-10shared: add convenience function for validating dns namesNick Owens
2015-06-10resolve: move dns routines into sharedNick Owens
2015-06-10sd-network: allow the state dir to be created after the monitorTom Gundersen
We now listen for new subdirs of /run/systemd, and /run/systemd/netif in case /run/systemd/netif/links does not exist.
2015-06-10Merge pull request #147 from poettering/cmsgDaniel Mack
util: introduce CMSG_FOREACH() macro and make use of it everywhere
2015-06-10util: introduce CMSG_FOREACH() macro and make use of it everywhereLennart Poettering
It's only marginally shorter then the usual for() loop, but certainly more readable.
2015-06-10Fix typoZbigniew Jędrzejewski-Szmek
Follow up for 7c918141ed.
2015-06-10Merge pull request #142 from teg/sd-network-unref-NULLLennart Poettering
sd-network: allow NULL in sd_network_monitor_unref
2015-06-10sd-network: allow NULL in sd_network_monitor_unrefTom Gundersen
Match rest of codebase, we always allow unref'ing NULL.
2015-06-10Merge pull request #85 from keszybz/selinux-contextZbigniew Jędrzejewski-Szmek
2015-06-10test-copy: test copy_bytes()Zbigniew Jędrzejewski-Szmek
2015-06-10sd-bus: remove ucred parameter from bus_message_from_header() since we don't ↵Lennart Poettering
use it anymore
2015-06-10sd-bus: fix early exit when we lack all data in bus_get_owner_creds_dbus1()Lennart Poettering
2015-06-10bus-message: remove shadow warning with log_debug_bus_message()Lennart Poettering
2015-06-10journald: simplify context handlingZbigniew Jędrzejewski-Szmek
By using our homegrown function we can dispense with all the iffdefery.
2015-06-10sd-bus: store selinux context at connection timeZbigniew Jędrzejewski-Szmek
This appears to be the right time to do it for SOCK_STREAM unix sockets. Also: condition bus_get_owner_creds_dbus1 was reversed. Split it out to a separate variable for clarity and fix. https://bugzilla.redhat.com/show_bug.cgi?id=1224211
2015-06-10Merge pull request #132 from ssahani/bondLennart Poettering
networkd: bond improve logging
2015-06-10Merge pull request #138 from ↵Lennart Poettering
utezduyar/use-async-convenience-function-on-setting-hostname networkd: use async convenience call to set hostname
2015-06-10Merge pull request #133 from ssahani/netLennart Poettering
networkd: vxlan improve logging
2015-06-10sd-bus: do not use per-datagram auxiliary informationZbigniew Jędrzejewski-Szmek
SELinux information cannot be retrieved this way, since we are using stream unix sockets and SCM_SECURITY does not work for them. SCM_CREDENTIALS use dropped to be consistent. We also should get this information at connection time. https://bugzilla.redhat.com/show_bug.cgi?id=1224211 "SCM_SECURITY was only added for datagram sockets."
2015-06-10networkd: use async convenience call to set hostnameUmut Tezduyar Lindskog
2015-06-10sd-bus: Correct typoTorstein Husebø
2015-06-10Merge pull request #117 from ↵Lennart Poettering
utezduyar/feat/dump-sync-dbus-message-with-logging-on sd-bus: dump sync messages in debug mode
2015-06-10sd-bus: dump sync messages in debug modeUmut Tezduyar Lindskog
2015-06-10network: veth imprve loggingSusant Sahani
Replaces a lof of strerror() usage with log_netdev_error_errno()
2015-06-10networkd: vxlan improve loggingSusant Sahani
Replaces a lof of strerror() usage with log_netdev_error_errno()
2015-06-10networkd: bond improve loggingSusant Sahani
Replaces a lof of strerror() usage with log_netdev_error_errno()
2015-06-10logind,sd-event: drop spurious new-linesLennart Poettering
2015-06-10tree-wide: whenever we fork off a foreign child process reset signal ↵Lennart Poettering
mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
2015-06-10signal-util: modernize and share more codeLennart Poettering
2015-06-09core: log oom during killing spreeThomas Hindoe Paaboel Andersen
but don't do anything else. We still want to kill as much as possible. Coverity CID#996306
2015-06-09path-util: Fix path_is_mount_point for parent mount points in symlink modeMartin Pitt
When we have a structure like this: /bin -> /usr/bin /usr is a mount point Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair /usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different mount IDs. But we only want to consider the base name, not any parent. Thus we have to resolve the given path first to get the real parent when allowing symlinks. Bug: https://github.com/systemd/systemd/issues/61
2015-06-09bus-creds: always set SD_BUS_CREDS_PID when we set pid in the maskZbigniew Jędrzejewski-Szmek
Also reorder the code a bit to be easier to parse.
2015-06-09Revert "hwdb: actually search /run/udev/hwdb.d"Lennart Poettering
2015-06-09Merge pull request #118 from haraldh/set_consume2Lennart Poettering
util:bind_remount_recursive() fix "use after free" - 2
2015-06-09Merge pull request #77 from haraldh/cryptsetupLennart Poettering
cryptsetup: craft a unique ID with the source device
2015-06-09Merge pull request #116 from utezduyar/feat/async-api-for-method-callLennart Poettering
sd-bus: add async convenience method call API
2015-06-09Merge pull request #113 from mezcalero/address-familyLennart Poettering
networkd: actually always use AddressFamilyBoolean as the bit mask it is
2015-06-09util:bind_remount_recursive(): handle return 0 of set_consume()Harald Hoyer
set_consume() does not return -EEXIST, but 0, in case the key is already in the Set.
2015-06-09Revert "util:bind_remount_recursive() fix "use after free""Harald Hoyer
This reverts commit 46be6129d3e52556eb0f2ae4d07818f9f3f7af7a.
2015-06-09cryptsetup: craft a unique ID with the source deviceHarald Hoyer
If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera