Age | Commit message (Collapse) | Author |
|
seccomp setup
|
|
And make use of it where appropriate for executing services and for
nspawn.
|
|
Arch Linux uses nspawn as a container for building packages and needs
to be able to start a 32bit chroot from a 64bit host. 24fb11120756
disrupted this feature when seccomp handling was added.
|
|
This is the missing part of b857193b1def5172e3641ca1d5bc9e08ae81aac4.
|
|
|
|
|
|
Also enforce that we don't allow setting the Broadcast for IPv6 addresses.
|
|
Upon startup the DHCP library will immediately send a DHCP Discover.
Handle the additional DHCP Discover checking and DHCP Offer sending
in test_addr_acq_recv_discover(). Write a zero UDP checksum, the
received XID and the faked MAC address into place to create a DHCP
message the library can accept.
Follow exactly the same steps when receiving a DHCP Request in
test_addr_acq_recv_request() and send the Ack. Check that the proper
addresses have been found by the DHCP library before exiting the
main loop and finishing the test.
|
|
Add a callback function that will handle the test case specific checking.
|
|
|
|
This mimics the sd-bus api, as we may need it in the future.
|
|
|
|
|
|
Resolve spotted issues related to missing or extraneous commas, dashes.
|
|
In other parts of systemd, the code checks for " (deleted)",
but in one instance, it did not (yet). Make it do the same.
|
|
Interface could go down before acquiring a dhcp lease
|
|
If we put a closing bracket on its own line, gperf will complain about
empty lines. Only occurs if the option in question is disabled. So fix the
m4 macros to work properly in both cases.
|
|
|
|
|
|
|
|
Previously, we'd fixed show_state only after printing the welcome
message which had the effect that the welcome message was almost always
suppressed.
|
|
enabled when enabling/disabling cgroup controllers for units
|
|
|
|
|
|
After all, we want to allow userspace to get new privs...
|
|
|
|
Previously a cgroup setting down tree would result in cgroup membership
additions being propagated up the tree and to the siblings, however a
unit could never lose cgroup memberships again. With this change we'll
make sure that both cgroup additions and removals propagate properly.
|
|
If PID 1 debug logging is enabled, it is nice to keep those settings
when switching to systemd-shutdown binary, independently of whether
this was done through /proc/cmdline options, or through runtime
manipulations.
|
|
|
|
In cryptsetup-generator automatic cleanup had to be replaced
with manual cleanup, and the code gets a bit longer. But existing
code had the issue that it returned negative values from main(),
which was wrong, so should be reworked anyway.
|
|
At login there is a small race window where session_get_state() will
return SESSION_ACTIVE instead of SESSION_OPENING. This must be fixed
since during that time there are calls to session_save() to save
session states and we want to write the correct state.
When we queue the start scope and service jobs, we wait for both of them
to finish before calling and continue processing in:
"session_jobs_reply() => session_send_create_reply()"
to create the session fifo and notify clients.
However, in the match_job_removed() D-Bus signal, we may hit situations
where the scope job has successfully finished and we are still waiting
for the user service job to finish. During that time the
"session->scope_job" will be freed and set to NULL, this makes
session_get_state() return SESSION_ACTIVE before it is really active, it
should return SESSION_OPENING since we are still waiting for the service
job to finish in order to create the session fifo.
To fix this, we also check if the session fifo fd was created, if so then
the session has entered the SESSION_ACTIVE state, if not then it is still
in the SESSION_OPENING state and it is waiting for the scope and service
jobs to finish.
|
|
This fixes a regression introduced in e5002702.
|
|
The kernel will then look up the ifindex itself based on the name.
This should be used very carefully as it is racey.
[This was a left-over hunk from my previous nspawn patch.]
|
|
|
|
This adds the host side of the veth link to the given bridge.
Also refactor the creation of the veth interfaces a bit to set it up
from the host rather than the container. This simplifies the addition
to the bridge, but otherwise the behavior is unchanged.
|
|
|
|
|
|
Fix for commit e10c9985bb.
|
|
We want to reuse these functions for the server library too.
|
|
|
|
|
|
Split the recevie_message callback into _raw and _udp parts and a generic
DHCPMessage handler.
Also always verify the xid/MAC, rather than only for udp messages.
|
|
We can always know the size based on the type, so let's do this inside the library.
|
|
The kernel will happily treat 0x0 as 0xffffffff, but it is for backwards
compatibility only, so let's not perpetuate this.
|
|
|
|
|
|
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd
actually reaps the zombie. Which leads to service_load_pid_file accepting
zombie as a valid pid.
This fixes timeouts like:
[ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing.
[ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring.
[ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing.
[ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
|
|
|
|
When invoked without -D in an arbitrary directory we should not try to
execute anything, make some validity checks first.
|
|
|