summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-09-22Merge pull request #986 from karelzak/monitorLennart Poettering
mount: use libmount to monitor mountinfo & utab
2015-09-22nspawn, machined: fix comments and error messagesKrzesimir Nowak
A bunch of "Client -> Child" fixes and one barrier-enumerator fix. (David: rebased on master)
2015-09-22nspawn: close unneeded sockets in outer childKrzesimir Nowak
(David: Note, this is just a cleanup and doesn't fix any bugs)
2015-09-22util: introduce {send,receive}_one_fd()David Herrmann
Introduce two new helpers that send/receive a single fd via a unix transport. Also make nspawn use them instead of hard-coding it. Based on a patch by Krzesimir Nowak.
2015-09-22Merge pull request #1323 from dvdhrm/mount-propagateLennart Poettering
mount: propagate error codes correctly
2015-09-21Merge pull request #1317 from ronnychevalier/rc/ipv4ll_seedDaniel Mack
sd-ipv4ll: do not assert_return when seed == 0
2015-09-21mount: propagate error codes correctlyDavid Herrmann
Make sure to propagate error codes from mount-loops correctly. Right now, we return the return-code of the first mount that did _something_. This is not what we want. Make sure we return an error if _any_ mount fails (and then make sure to return the first error to not hide proper errors due to consequential errors like -ENOTDIR). Reported by cee1 <fykcee1@gmail.com>.
2015-09-21Merge pull request #1249 from lnykryn/sysv-symlinksLennart Poettering
sysv-generator: follow symlinks in /etc/rc.d/init.d
2015-09-21core: fix group ownership when Group is setRonny Chevalier
When Group is set in the unit, the runtime directories are owned by this group and not the default group of the user (same for cgroup paths and standard outputs) Fix #1231
2015-09-21test-execute: add tests for RuntimeDirectoryRonny Chevalier
2015-09-21Merge pull request #1315 from ↵Lennart Poettering
systemd-mailing-devs/1442692671-10134-1-git-send-email-dev@benjarobin.fr systemd-notify: Always pass a valid pid to sd_pid_notify
2015-09-21containers: systemd exits with non-zero codeAlban Crequy
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target and systemd-exit.service to the system instance. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes https://github.com/systemd/systemd/issues/1290
2015-09-21test-ipv4ll: use unsigned instead of an array for a seedRonny Chevalier
ipv4ll use an unsigned instead of an uint8_t array. Hence, use an unsigned seed instead of declaring an array and then dereferencing it later.
2015-09-21sd-ipv4ll: do not assert_return when seed == 0Ronny Chevalier
Now that seed is an unsigned and not an array, we do not need to assert on it.
2015-09-21Merge pull request #1288 from teg/ipv4acd-3Tom Gundersen
sd-ipv4acd: split out as separate library from sd-ipv4ll
2015-09-21Merge pull request #1311 from jsynacek/kill-errors-v2Lennart Poettering
core: extend KillUnit() to return error when no unit was killed
2015-09-21cgtop: add -M/--machineEvgeny Vereshchagin
2015-09-21core: extend KillUnit() to return error when no unit was killedJan Synacek
2015-09-20Merge pull request #1292 from gebi/resolve-specifier-in-runtime-directoryLennart Poettering
load-fragment: resolve specifiers in RuntimeDirectory
2015-09-20systemd-notify: Always pass a valid pid to sd_pid_notifyBenjamin Robin
If the option --pid was used, take the pid from this option, unless take the parend pid. Using 0 as pid (ucred of systemd-notify) will result 99% of the time in a failure with this error: "Cannot find unit for notify message of PID" Shouldn't we use always the ppid, since the MAINPID is something else ? Signed-off-by: Benjamin Robin <dev@benjarobin.fr>
2015-09-18cgls: show controller without args tooEvgeny Vereshchagin
2015-09-18sd-ipv4{acd,ll}: add simple test programsTom Gundersen
These programs should be run manually, typically two instances on a veth pair to check conflict detection. Both test programs take the ifname as input, the ACD also takes the IP address to check, whereas LL (optionally) takes the seed, which determines the sequence of IP addresses to try.
2015-09-18sd-ipv4acd: introduce new library split out from sd-ipv4llTom Gundersen
This splits the Address Conflict Detection out of the Link Local library so that we can reuse it for DHCP and static addresses in the future. Implements RFC5227.
2015-09-18sd-ipv4ll: simplify conflict handlingTom Gundersen
Use stop() and start() to drop some pulicate code.
2015-09-18sd-ipv4ll: rework callbacksTom Gundersen
Firstly, no longer distinguish between STOP and INIT states. Secondly, do not trigger STOP events when calls to sd_ipv4ll_*() fail. The caller is the one who would receive the event and will already know that the call to sd_ipv4ll_*() has failed, so it is redundant. STOP events will now only be triggered by calling sd_ipv4ll_stop() explicitly or by some internal error in the library triggered by receiving a packet or an expiring timeout (i.e., any error that would otherwise not be reported back to the consumer of the library). Lastly, follow CODING_STYLE and always return NULL on unref. Protect from objects being destroyed in callbacks accordingly.
2015-09-18sd-ipv4ll: don't allow changing MAC address whilst runningTom Gundersen
This requires the caller to stop and restart the statemachine if they want to change the MAC address.
2015-09-18sd-ipv4ll: code cleanupsTom Gundersen
Simplify timeout handling.
2015-09-18sd-ipv4ll: remove duplicate packet verificationTom Gundersen
Most packets are filtered out by the BPF, so only check for the parts that may actually differ.
2015-09-18sd-ipv4ll: minor cleanupsTom Gundersen
2015-09-18sd-ipv4ll: split out on_conflict() from on_packet()Tom Gundersen
2015-09-18sd-ipv4ll: split run_state_machine() into on_packet() and on_timeout()Tom Gundersen
Simplify the code a bit, no functional change.
2015-09-18sd-ipv4ll: filter out unwanted ARP packets in the kernelTom Gundersen
We currently process every ARP packet, but we should only care about the ones relating to our IP address. Also rename ipv4ll helpers to apr-utils.[ch], and rework the helpers a bit.
2015-09-18Merge pull request #1241 from ssahani/netLennart Poettering
networkd: add support for accept ra
2015-09-18load-fragment: resolve specifiers in RuntimeDirectoryMichael Gebetsroither
2015-09-16sd-bus: correct size calculation in DBus fd receiveMichal Schmidt
The size of the allocated array for received file descriptors was incorrectly calculated. This did not matter when a single file descriptor was received, but for more descriptors the allocation was insufficient.
2015-09-16Merge pull request #1269 from zonque/netclsLennart Poettering
cgroup: add support for net_cls controllers
2015-09-16resolved: cache - cache what we can of negative redirect chainsTom Gundersen
When a NXDATA or a NODATA response is received for an alias it may include CNAME records from the redirect chain. We should cache the response for each of these names to avoid needless roundtrips in the future. It is not sufficient to do the negative caching only for the canonical name, as the included redirection chain is not guaranteed to be complete. In fact, only the final CNAME record from the chain is guaranteed to be included. We take care not to cache entries that redirects outside the current zone, as the SOA will then not be valid.
2015-09-16resolved: cache - handle CNAME redirectionTom Gundersen
CNAME records are special in the way they are treated by DNS servers, and our cache should mimic that behavior: In case a domain name has an alias, its CNAME record is returned in place of any other. Our cache was not doing this despite caching the CNAME records, this entailed needless lookups to re-resolve the CNAME.
2015-09-16resolved: cache - only allow putting a single question key at a timeTom Gundersen
Only one key is allowed per transaction now, so let's simplify things and only allow putting one question key into the cache at a time.
2015-09-16resolved: rr - introduce dns_resource_key_new_redirect()Tom Gundersen
Takes a key and CNAME RR and returns the canonical RR of the right type. Make use of this in dns_question_redirect().
2015-09-16resolved: rr - introduce dns_resource_key_new_cname()Tom Gundersen
Creates a new CNAME RR key with the same class and name as an existing key.
2015-09-16resolved: cache - clarify loggingTom Gundersen
2015-09-16basic: nicer xsprintf and xstrftime assert messagesMichal Schmidt
It's nicer if the assertion failure message from a bad use of xsprintf actually mentions xsprintf instead of the expression the macro is implemented as. The assert_message_se macro was added in the previous commit as an internal helper, but it can also be used for customizing assertion failure messages like in this case. Example: char buf[10]; xsprintf(buf, "This is a %s message.\n", "long"); Before: Assertion '(size_t) snprintf(buf, ELEMENTSOF(buf), "This is a %s message.\n", "long") < ELEMENTSOF(buf)' failed at foo.c:6, function main(). Aborting. After: Assertion 'xsprintf: buf[] must be big enough' failed at foo.c:6, function main(). Aborting.
2015-09-16basic: nicer assert messagesMichal Schmidt
Make sure the assert expression is not macro-expanded before stringification. This makes several assertion failure messages more readable. As an example: assert(streq("foo", "bar")); I'd rather see this: Assertion 'streq("foo", "bar")' failed at foo.c:5, function main(). Aborting. ...than this, though awesome, incomprehensible truncated mess: Assertion '(__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (( "foo")) && __builtin_constant_p (("bar")) && (__s1_len = strlen (("foo")), __s2_ len = strlen (("bar")), (!((size_t)(const void *)((("foo")) + 1) - (size_t)(cons t void *)(("foo")) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((("bar") ) + 1) - (size_t)(const void *)(("bar")) == 1) || __s2_len >= 4)) ? __builtin_st rcmp (("foo"), ("bar")) : (__builtin_constant_p (("foo")) && ((size_t)(const voi d *)((("foo")) + 1) - (size_t)(const void *)(("foo")) == 1) && (__s1_len = strle n (("foo")), __s1_len < 4) ? (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) ? __builtin_strcm p (("foo"), ("bar")) : (__extension__ ({ const unsigned char *__s2 = (const unsi gned char *) (const char *) (("bar")); int __result = (((const unsigned char *) (const char *) (("foo")))[0] - __s2[0]); if (__s1_len > 0 && __result == 0) { __ result = (((const unsigned char *) (const char *) (("foo")))[1] - __s2[1]); if ( __s1_len > 1 && __result == 0) { __result = (((const unsigned char *) (const cha r *) (("foo")))[2] - __s2[2]); if (__s1_len > 2 && __result == 0) __result = ((( const unsigned char *) (const char *) (("foo")))[3] - __s2[3]); } } __result; }) )) : (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) && (__s2_len = strlen (("bar")), __s2_len < 4) ? (__builtin_constant_p (("foo")) && ((size_t)(const void *)((("foo")) + 1 ) - (size_t)(const void *)(("foo")) == 1) ? __builtin_strcmp (("foo"), ("bar")) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (cons t char *) (("foo")); int __result = (((const unsigned char *) (const char *) ((" bar")))[0] - __s2[0]); if (__s2_len > 0 && __result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[1] - __s2[1]); if (__s2_len > 1 && __ result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[2] - __s2[2]); if (__s2_len > 2 && __result == 0)
2015-09-16basic: make sure argument of ELEMENTSOF is an arrayMichal Schmidt
Using ELEMENTSOF on a pointer will result in a compilation error.
2015-09-16cgroup: add support for net_cls controllersDaniel Mack
Add a new config directive called NetClass= to CGroup enabled units. Allowed values are positive numbers for fix assignments and "auto" for picking a free value automatically, for which we need to keep track of dynamically assigned net class IDs of units. Introduce a hash table for this, and also record the last ID that was given out, so the allocator can start its search for the next 'hole' from there. This could eventually be optimized with something like an irb. The class IDs up to 65536 are considered reserved and won't be assigned automatically by systemd. This barrier can be made a config directive in the future. Values set in unit files are stored in the CGroupContext of the unit and considered read-only. The actually assigned number (which may have been chosen dynamically) is stored in the unit itself and is guaranteed to remain stable as long as the unit is active. In the CGroup controller, set the configured CGroup net class to net_cls.classid. Multiple unit may share the same net class ID, and those which do are linked together.
2015-09-14Merge pull request #1250 from g2p/masterLennart Poettering
Hook more properties for transient units
2015-09-14mount: use libmount to monitor mountinfo & utabKarel Zak
The current implementation directly monitor /proc/self/mountinfo and /run/mount/utab files. It's really not optimal because utab file is private libmount stuff without any official guaranteed semantic. The libmount since v2.26 provides API to monitor mount kernel & userspace changes and since v2.27 the monitor is usable for non-root users too. This patch replaces the current implementation with libmount based solution. Signed-off-by: Karel Zak <kzak@redhat.com>
2015-09-12networkd:add support to configure ipv6 acceprt raSusant Sahani
This patch support to configure the ipv6 acceprt ra option. for more information see http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html
2015-09-11cgroup: unify how we invalidate cgroup controller settingsLennart Poettering
Let's make sure that we follow the same codepaths when adjusting a cgroup property via the dbus SetProperty() call, and when we execute the StartupCPUShares= effect.