summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-11-11test-execute: Clarify interaction of PassEnvironment= and MANAGER_USERFilipe Brandenburger
@evverx brought up that test-execute runs under MANAGER_USER which forwards all its environment variables to the services. It turns out it only forwards those that were in the environment at the time of manager creation, so this test was still working. It was still possible to attack it by running something like: $ sudo VAR1=a VAR2=b VAR3=c ./test-execute Prevent that attack by unsetting the three variables explicitly before creating the manager for the test case. Also add comments explaining the interactions with MANAGER_USER and, while it has some caveats, this tests are still valid in that context. Tested by checking that the test running with the variables set from the external environment will still pass.
2015-11-11test-execute: Add tests for new PassEnvironment= directiveFilipe Brandenburger
Check the base case, plus erasing the list, listing the same variable name more than once and when variables are absent from the manager execution environment. Confirmed that `sudo ./test-execute` passes and that modifying the test cases (or the values of the set variables in test-execute.c) is enough to make the test cases fail.
2015-11-11tests: add test for config_parse_pass_environEvgeny Vereshchagin
2015-11-11execute: Add new PassEnvironment= directiveFilipe Brandenburger
This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-11-11networkd: improve loggingTom Gundersen
2015-11-11networkd: link - track state of IPv6LL addressTom Gundersen
This is managed by the kernel, but we should track whether or not we have a configured IPv6LL address. This fixes two issues: - we now wait for IPv6LL before considering the link ready - we now wait for IPv6LL before attempting to do NDisc or DHCPv6 these protocols relies on an LL address being available.
2015-11-11networkd: ndisc - handle router advertisement in userspaceTom Gundersen
Router Discovery is a core part of IPv6, which by default is handled by the kernel. However, the kernel implementation is meant as a fall-back, and to fully support the protocol a userspace implementation is desired. The protocol essentially listens for Router Advertisement packets from routers on the local link and use these to configure the client automatically. The four main pieces of information are: what kind (if any) of DHCPv6 configuration should be performed; a default gateway; the prefixes that should be considered to be on the local link; and the prefixes with which we can preform SLAAC in order to pick a global IPv6 address. A lot of additional information is also available, which we do not yet fully support, but which will eventually allow us to avoid the need for DHCPv6 in the common case. Short-term, the reason for wanting this is in userspace was the desire to fully track all the addresses on links we manage, and that is not possible for addresses managed by the kernel (as the kernel does not expose to us the fact that it manages these addresses). Moreover, we would like to support stable privacy addresses, which will soon be mandated and the legacy MAC-based global addresses deprecated, to do this well we need to handle the generation in userspace. Lastly, more long-term we wish to support more RA options than what the kernel exposes.
2015-11-11networkd: IPv6 router discovery - follow IPv6AcceptRouterAdvertisemnt=Tom Gundersen
The previous behavior: When DHCPv6 was enabled, router discover was performed first, and then DHCPv6 was enabled only if the relevant flags were passed in the Router Advertisement message. Moreover, router discovery was performed even if AcceptRouterAdvertisements=false, moreover, even if router advertisements were accepted (by the kernel) the flags indicating that DHCPv6 should be performed were ignored. New behavior: If RouterAdvertisements are accepted, and either no routers are found, or an advertisement is received indicating DHCPv6 should be performed, the DHCPv6 client is started. Moreover, the DHCP option now truly enables the DHCPv6 client regardless of router discovery (though it will probably not be very useful to get a lease withotu any routes, this seems the more consistent approach). The recommended default setting should be to set DHCP=ipv4 and to leave IPv6AcceptRouterAdvertisements unset.
2015-11-11networkd: dhcp6 - split up configure() methodTom Gundersen
Enabling address acquisition, configuring the client and starting the client are now split out. This to better handle the client being repeatedly enabled due to router advertisements.
2015-11-11sd-ndisc: introduce separate callbacksTom Gundersen
As the data passed is very different, we introduce four different callbacks: - Generic - router discovery timed out or state machine stopped - Router - router and link configuration received - Prefix onlink - configuration for an onlink prefix received - Prefix autonomous - configuration for to configure a SLAAC address for a prefix received
2015-11-11sd-ndisc: notify user on STOPTom Gundersen
Also, stop the state machine when we get into a broken state, rather than just notify the user.
2015-11-11sd-netlink: add support for RTA_PREFTom Gundersen
2015-11-11sd-netlink: types - let tables be sized implicitlyTom Gundersen
This way we do not rely on the size MAX* constants from the kernel headers, as these will be out-of-sync in case we have old headers and new defines in missing.h.
2015-11-11sd-netlink: add sd_rtnl_message_route_{s,g}et_flags()Tom Gundersen
2015-11-11sd-dhcp6-client: add is_running() methodTom Gundersen
2015-11-11networkd: address - drop the 'added' flagTom Gundersen
Instead instantiate the kernel flags to TENTATIVE until the kernel updates us with the real value.
2015-11-11networkd: dhcp4 - style fixesTom Gundersen
2015-11-11systemctl: make sure list-jobs doesn't return failure on successLennart Poettering
2015-11-11journalctl: make --rotate synchronous, tooLennart Poettering
Of course, ideally we'd just use normal synchronous bus calls, but this is out of the question as long as we rely on dbus-daemon (which logs to journald, and thus cannot use to avoid cyclic sync loops). Hence, instead, reuse the wait logic already implemented for --sync, and use a signal in one direction, and a mtime watch file for the reply.
2015-11-11journalctl: add new --sync switch for syncing the journal to diskLennart Poettering
With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-11systemctl: add a comment that clarifies why we do "return r" at the end of ↵Lennart Poettering
main() To avoid confusion as outlined in #1845.
2015-11-11sd-bus: don't try to acquire connection selinux label unless selinux is ↵Lennart Poettering
actually enabled Otherwise we might end up mistaking a SMACK label for an selinux label. Also, fixes unexpect debug messages: http://lists.freedesktop.org/archives/systemd-devel/2015-November/034913.html
2015-11-11Revert "systemctl: return EXIT_SUCCESS on success"Lennart Poettering
This reverts commit 6a32563caa883bd11da1b255c38358e481c42ad7.
2015-11-11test-parse-util: cover negative numbers, leading spaces, and more range errorsMartin Pitt
Motivated by https://github.com/systemd/systemd/issues/1829 where negative numbers were mis-handled on 32 bit platforms by safe_atou*().
2015-11-11Merge pull request #1837 from poettering/grabbag2Tom Gundersen
variety of fixes
2015-11-11Merge pull request #1839 from evverx/fix-systemctl-cancelTom Gundersen
systemctl: fix cancel
2015-11-11Merge pull request #1841 from keszybz/remove-snapshotTom Gundersen
Remove snapshot unit type
2015-11-11Merge pull request #1655 from ssahani/netTom Gundersen
network: port to extract_first_word
2015-11-11systemctl: return EXIT_SUCCESS on successEvgeny Vereshchagin
2015-11-10Remove snapshot unit typeZbigniew Jędrzejewski-Szmek
Snapshots were never useful or used for anything. Many systemd developers that I spoke to at systemd.conf2015, didn't even know they existed, so it is fairly safe to assume that this type can be deleted without harm. The fundamental problem with snapshots is that the state of the system is dynamic, devices come and go, users log in and out, timers fire... and restoring all units to some state from the past would "undo" those changes, which isn't really possible. Tested by creating a snapshot, running the new binary, and checking that the transition did not cause errors, and the snapshot is gone, and snapshots cannot be created anymore. New systemctl says: Unknown operation snapshot. Old systemctl says: Failed to create snapshot: Support for snapshots has been removed. IgnoreOnSnaphost settings are warned about and ignored: Support for option IgnoreOnSnapshot= has been removed and it is ignored http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
2015-11-11systemctl: fix cancelEvgeny Vereshchagin
http://www.freedesktop.org/software/systemd/man/systemctl.html#cancel%20JOB... > If no job ID is specified, cancel all pending jobs
2015-11-10tmpfiles: don't consider it a problem if quota is not enabled on btrfsLennart Poettering
If quota is not enabled on a btrfs file system, accept that, and only log a debug message, but do not consider this a reason for failure. Fixes: #1809
2015-11-10btrfs: when querying quota, make sure we don't choke if quota is disabledLennart Poettering
When quota is disabled there's no quota tree on the fs, which results in the SEARCH ioctl to return ENOENT. Handle this nicely: treat this the same way as the case where the quota tree is around but doesn't carry the searched for fields.
2015-11-10journald: be less picky when receiving epoll eventsLennart Poettering
The event might be flagged with stuff we don't expect, hence don't be needlessly picky, just rely on the kernel passing us sensible events.
2015-11-10core: change type of distribute_fds() prototype to return voidLennart Poettering
We can't handle errors of thisc all sanely anyway, and we never actually return any errors from the unit type that implements the call. Hence, let's make this void, in order to simplify things.
2015-11-10core: try to continue if coldplugging of a unit failsLennart Poettering
2015-11-10core: change return value of the unit's enumerate() call to voidLennart Poettering
We cannot handle enumeration failures in a sensible way, hence let's try hard to continue without making such failures fatal, and log about it with precise error messages.
2015-11-10journald: never accept fds from file systems with mandatory locking enabledLennart Poettering
This is pretty much a work-around for a security vulnerability in kernels that allow unprivileged user namespaces. Fixes #1822.
2015-11-10Merge pull request #1835 from poettering/grabbag-of-stuffDaniel Mack
Lots of small fixes
2015-11-10Merge pull request #1785 from ssahani/wordLennart Poettering
core: unit deps port to extract_first_word
2015-11-10Merge pull request #1793 from filbranden/extract1Lennart Poettering
More refactorings in extract_first_word
2015-11-10Merge pull request #1783 from vcaputo/still_make_progress_when_throttlingLennart Poettering
core: still make progress when throttling the manager loop
2015-11-10core: unit deps port to extract_first_wordSusant Sahani
2015-11-10networkctl: lldp port to extract_first_wordSusant Sahani
2015-11-10bond: port to extract_first_wordSusant Sahani
2015-11-10parse-util: really refuse parsing negative values as positive ones, even on ↵Lennart Poettering
x86-32 strtoull() doesn't make it particularly easy to detect passed-in negative numbers, as it silently converts them to positive ones without generating any error. Since we are not interested in negative values we should hence explicitly filter them out by looking at the string directly and returning ERANGE if we see a leading "-". Fixes: #1829
2015-11-10journald: dispatch SIGTERM/SIGINT with a low priorityLennart Poettering
Let's make sure to process all queued log data before exiting, so that we don't unnecessary lose messages when shutting down. https://github.com/systemd/systemd/pull/1812#issuecomment-155149871
2015-11-10core: accept time units for time-based resource limitsLennart Poettering
Let's make sure "LimitCPU=30min" can be parsed properly, following the usual logic how we parse time values. Similar for LimitRTTIME=. While we are at it, extend a bit on the man page section about resource limits. Fixes: #1772
2015-11-10core: when parsing resource limits, be more careful with types and corner casesLennart Poettering
Let's not convert RLIM_INFINITY to "unsigned long long" and then back to rlim_t, but let's leave it in the right type right-away. Parse resource limits as 64 bit in all cases, as according to the man page that's what libc does anyway. Make sure setting a resource limit to (uint64_t) -1 results in a parsing error, and isn't implicitly converted to RLIM_INFINITY.
2015-11-10core: simplify parsing of capability bounding set settingsLennart Poettering
Let's generate a simple error, and that's it. Let's not try to be smart and record the last word that failed. Also, let's make sure we don't compare numeric values with 0 by relying on C's downgrade-to-bool feature, as suggested in CODING_STYLE.