summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-09-06nspawn: detect SECCOMP availability, skip audit filter if unavailableFelipe Sateler
Fail hard if SECCOMP was detected but could not be installed
2016-09-06seccomp: also detect if seccomp filtering is enabledFelipe Sateler
In https://github.com/systemd/systemd/pull/4004 , a runtime detection method for seccomp was added. However, it does not detect the case where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible if the architecture does not support filtering yet. Add a check for that case too. While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl, as that should save a few system calls and (unnecessary) allocations. Previously, reading of /proc/self/stat was done as recommended by prctl(2) as safer. However, given that we need to do the prctl call anyway, lets skip opening, reading and parsing the file. Code for checking inspired by https://outflux.net/teach-seccomp/autodetect.html
2016-09-02Merge pull request #4084 from ssahani/netfixDaniel Mack
fix #4080
2016-09-02fix #4080Susant Sahani
ethtool_sset_info adding some extra space to it. also fix valgrind warning ``` Unloaded link configuration context. ==31690== ==31690== HEAP SUMMARY: ==31690== in use at exit: 8,192 bytes in 2 blocks ==31690== total heap usage: 431 allocs, 429 frees, 321,164 bytes allocated ==31690== ==31690== 4,096 bytes in 1 blocks are still reachable in loss record 1 of 2 ==31690== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==31690== by 0x166B32: mempool_alloc_tile (mempool.c:62) ==31690== by 0x166BBC: mempool_alloc0_tile (mempool.c:81) ==31690== by 0x15B8FC: hashmap_base_new (hashmap.c:732) ==31690== by 0x15B9F7: internal_hashmap_new (hashmap.c:766) ==31690== by 0x151291: conf_files_list_strv_internal (conf-files.c:103) ==31690== by 0x1514BA: conf_files_list_strv (conf-files.c:135) ==31690== by 0x13A1CF: link_config_load (link-config.c:227) ==31690== by 0x135B68: builtin_net_setup_link_init (udev-builtin-net_setup_link.c:77) ==31690== by 0x1306B3: udev_builtin_init (udev-builtin.c:57) ==31690== by 0x11E984: adm_builtin (udevadm-test-builtin.c:72) ==31690== by 0x117B4D: run_command (udevadm.c:75) ``` Fixes #4080
2016-09-01systemctl: usable status command for special units (#4072)Cireo
Prior to this commit, users could be given an unusable command to run if they attempted to stop or start special services. For example: $ systemctl stop -- -.mount Failed to stop -.mount: Operation refused, unit -.mount may be \ requested by dependency only. See system logs and 'systemctl status -.mount' for details. $ systemctl status -.mount systemctl: invalid option -- '.' This adds a '--' to the example command in these situations.
2016-08-31hostnamed: prefer more precise DMI info over ACPI OSPM infoLennart Poettering
(also: add comments about the used numbers) Fixes: #3930
2016-08-31resolved: include d.f.ip6.arpa in default NTA listLennart Poettering
Fixes: #4049
2016-08-31sd-bus: bump message queue sizeLennart Poettering
Let's bump it further, as this the current limit turns out to be problematic IRL. Let's bump it to more than twice what we know of is needed. Fixes: #4068
2016-08-31machinectl: split OS field in two; print ip addresses (#4058)Seraphime Kirkovski
This splits the OS field in two : one for the distribution name and one for the the version id. Dashes are written for missing fields. This also prints ip addresses of known machines. The `--max-addresses` option specifies how much ip addresses we want to see. The default is 1. When more than one address is written for a machine, a `,` follows it. If there are more ips than `--max-addresses`, `...` follows the last address.
2016-08-31networkd: add options to bridge (#4051)Tobias Jungel
This patch allows to configure AgeingTimeSec, Priority and DefaultPVID for bridge interfaces.
2016-08-31install: fix disable when /etc/systemd/system is a symlink (#4063)Lennart Poettering
2016-08-31networkd: do not drop config for unmanaged interfaces (#4033)Lennart Poettering
Flushing foreign configuration for unmanaged interfaces is outright evil, especially when it's a regular occurence with Wi-Fi. Fixes: 3104883ddc24 "networkd: remove route if carrier is lost" Ref: #3831
2016-08-31core: introduce MemorySwapMax= (#3659)Lennart Poettering
Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls controls "memory.swap.max" attribute in unified cgroup.
2016-08-31link : add support to configure LRO and GRO Offload features (#4064)Lennart Poettering
The patch supports to configure GenericReceiveOffload LargeReceiveOffload
2016-08-31load-fragment: Resolve specifiers in OnCalendar and On*Sec (#4045)Lennart Poettering
Resolves #3534
2016-08-31link : add support to configure LRO and GRO Offload featuresSusant Sahani
The patch supports to configure GenericReceiveOffload LargeReceiveOffload
2016-08-30link : add support to configure Offload features (#4017)Susant Sahani
This patch supports these features to be on or off Generic Segmentation Offload TCP Segmentation Offload UDP Segmentation Offload fixes #432
2016-08-30bootctl: properly skip duplicate entries (#4048)Mantas Mikulėnas
'continue' is a fancy no-op here – it only skips through the inner loop, not the outer one, so entries already in BootOrder get printed twice. This partially reverts f939cff71577 "bootctl: various coding style updates".
2016-08-30Merge pull request #4053 from brulon/force-unmountLennart Poettering
add ForceUnmount= setting for mount units
2016-08-30install: fix disable when /etc/systemd/system is a symlinkLukas Nykryn
2016-08-30core: introduce MemorySwapMax=WaLyong Cho
Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls controls "memory.swap.max" attribute in unified cgroup.
2016-08-29basic/fileio: we always have O_TMPFILE nowYann E. MORIN
fileio makes use of O_TMPFILE when it is available. We now always have O_TMPFILE, defined in missing.h if missing from the toolchain headers. Have fileio include missing.h and drop the guards around the use of O_TMPFILE.
2016-08-29missing.h: add missing definitions for __O_TMPFILEYann E. MORIN
Currently, a missing __O_TMPFILE was only defined for i386 and x86_64, leaving any other architectures with an "old" toolchain fail miserably at build time: src/import/export-raw.c: In function 'reflink_snapshot': src/import/export-raw.c:271:26: error: 'O_TMPFILE' undeclared (first use in this function) new_fd = open(d, O_TMPFILE|O_CLOEXEC|O_NOCTTY|O_RDWR, 0600); ^ __O_TMPFILE (and O_TMPFILE) are available since glibc 2.19. However, a lot of existing toolchains are still using glibc-2.18, and some even before that, and it is not really possible to update those toolchains. Instead of defining it only for i386 and x86_64, define __O_TMPFILE with the specific values for those archs where it is different from the generic value. Use the values as found in the Linux kernel (v4.8-rc3, current as of time of commit). --- Note: tested on ARM (build+run), with glibc-2.18 and linux headers 3.12. Untested on other archs, though (I have no board to test this). Changes v1 -> v2: - add a comment specifying some are hexa, others are octal.
2016-08-29importd/export-raw: needs missing.h for O_TMPFILEYann E. MORIN
O_TMPFILE may be missing from the system headers, so use our fallback definition. --- Changes v1 -> v2: - move include with local includes
2016-08-27mount: add SloppyOptions= to mount_dump()Barron Rulon
2016-08-27mount: add new ForceUnmount= setting for mount units, mapping to umount(8)'s ↵Barron Rulon
"-f" switch
2016-08-26load-fragment: Resolve specifiers in OnCalendar and On*SecDouglas Christman
Resolves #3534
2016-08-26mount: add new LazyUnmount= setting for mount units, mapping to umount(8)'s ↵brulon
"-l" switch (#3827)
2016-08-26journal: add/use flushed_flag_is_set() helper (#4041)Vito Caputo
Minor cleanup suggested by Lennart.
2016-08-26Merge pull request #3984 from poettering/refcntEvgeny Vereshchagin
permit bus clients to pin units to avoid automatic GC
2016-08-26nspawn: split down SYSTEMD_NSPAWN_SHARE_SYSTEM (#4023)Luca Bruno
This commit follows further on the deprecation path for --share-system, by splitting and gating each share-able namespace behind its own environment flag.
2016-08-25journal: implicitly flush to var on recovery (#4028)Vito Caputo
When the system journal becomes re-opened post-flush with the runtime journal open, it implies we've recovered from something like an ENOSPC situation where the system journal rotate had failed, leaving the system journal closed, causing the runtime journal to be opened post-flush. For the duration of the unavailable system journal, we log to the runtime journal. But when the system journal gets opened (space made available, for example), we need to close the runtime journal before new journal writes will go to the system journal. Calling server_flush_to_var() after opening the system journal with a runtime journal present, post-flush, achieves this while preserving the runtime journal's contents in the system journal. The combination of the present flushed flag file and the runtime journal being open is a state where we should be logging to the system journal, so it's appropriate to resume doing so once we've successfully opened the system journal.
2016-08-25networkd: do not drop config for unmanaged interfacesMantas Mikulėnas
Flushing foreign configuration for unmanaged interfaces is outright evil, especially when it's a regular occurence with Wi-Fi. Fixes: 3104883ddc24 "networkd: remove route if carrier is lost" Ref: #3831
2016-08-25udev: inform systemd how many workers we can potentially spawn (#4036)Michal Sekletar
2016-08-24run: respect quiet when starting timer (#4029)Nick Owens
2016-08-23core,network: Use const qualifiers for block-local variables in macro ↵Felipe Sateler
functions (#4019) Prevents discard-qualifiers warnings when the passed variable was const
2016-08-22core: do not fail at step SECCOMP if there is no kernel support (#4004)Felipe Sateler
Fixes #3882
2016-08-22bus-util: turn on exit-on-disconnect for all command line toolsLennart Poettering
bus_connect_transport() is exclusively used from our command line tools, hence let's set exit-on-disconnect for all of them, making behaviour a bit nicer in case dbus-daemon goes down.
2016-08-22sd-bus: optionally, exit process or event loop on disconnectLennart Poettering
Old libdbus has a feature that the process is terminated whenever the the bus connection receives a disconnect. This is pretty useful on desktop apps (where a disconnect indicates session termination), as well as on command line apps (where we really shouldn't stay hanging in most cases if dbus daemon goes down). Add a similar feature to sd-bus, but make it opt-in rather than opt-out, like it is on libdbus. Also, if the bus is attached to an event loop just exit the event loop rather than the the whole process.
2016-08-22sd-bus: add a small test case for sd_bus_trackLennart Poettering
This tests in particular that disconnecting results in the tracking object's handlers to be called.
2016-08-22sd-bus: when the server-side disconnects, make sure to dispatch all tracking ↵Lennart Poettering
objects immediately If the server side kicks us from the bus, from our view no names are on the bus anymore, hence let's make sure to dispatch all tracking objects immediately.
2016-08-22sd-bus: ensure we don't dispatch track objects while we are adding names to themLennart Poettering
In order to add a name to a bus tracking object we need to do some bus operations: we need to check if the name already exists and add match for it. Both are synchronous bus calls. While processing those we need to make sure that the tracking object is not dispatched yet, as it might still be empty, but is not going to be empty for very long. hence, block dispatching by removing the object from the dispatch queue while adding it, and readding it on error.
2016-08-22sd-bus: split out handling of reply callbacks on close into its own functionLennart Poettering
When a bus connection is closed we dispatch all reply callbacks. Do so in a new function if its own. No behaviour changes.
2016-08-22core: let's use set_contains() where appropriateLennart Poettering
2016-08-22run: optionally, wait for the service to finish and show its resultLennart Poettering
2016-08-22core: cache last CPU usage counter, before destorying a cgroupLennart Poettering
It is useful for clients to be able to read the last CPU usage counter value of a unit even if the unit is already terminated. Hence, before destroying a cgroup's cgroup cache the last CPU usage counter and return it if the cgroup is gone.
2016-08-22bus-util: make sure map_basic() returns EOPNOTSUPP if called for an unknown typeLennart Poettering
Make sure we return proper errors for types not understood yet.
2016-08-22bus-util: treat an empty string as a NULLLennart Poettering
Instead of ignoring empty strings retrieved via the bus, treat them as NULL, as it's customary in systemd.
2016-08-22bus-util: support mapping signed integers with bus_map_properties()Lennart Poettering
Let's make sure we can read the exit code/status properties exposed by PID 1 properly. Let's reuse the existing code for unsigned fields, as we just use it to copy words around, and don't calculate it.
2016-08-22core: add Ref()/Unref() bus calls for unitsLennart Poettering
This adds two (privileged) bus calls Ref() and Unref() to the Unit interface. The two calls may be used by clients to pin a unit into memory, so that various runtime properties aren't flushed out by the automatic GC. This is necessary to permit clients to race-freely acquire runtime results (such as process exit status/code or accumulated CPU time) on successful service termination. Ref() and Unref() are fully recursive, hence act like the usual reference counting concept in C. Taking a reference is a privileged operation, as this allows pinning units into memory which consumes resources. Transient units may also gain a reference at the time of creation, via the new AddRef property (that is only defined for transient units at the time of creation).