summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-11-02systemctl: tweak the "systemctl list-units" output a bitLennart Poettering
Make the underlining between the header and the body and between the units of different types span the whole width of the table. Let's never make the table wider than necessary (which is relevant due the above). When space is limited and we can't show the full ID or description string prefer showing the full ID over the full description. The ID is after all something people might want to copy/paste, while the description is mostly just helpful decoration.
2016-11-02systemctl: properly turn off color after active columnLennart Poettering
If we turn on red color for the active column and it is not combined with underlining, then we need to turn it off explicitly afterwards. Do that.
2016-11-02sysctl: minor simplificationLennart Poettering
Let's place only one ternary operator.
2016-11-02sysctl: no need to check for eof twiceLennart Poettering
Let's only check for eof once after the fgets(). There's no point in checking EOF before the first read, and twice in each loop.
2016-11-02sysctl: when failing to process a config line, show line nrLennart Poettering
2016-11-02sysctl: split out condition check into its own functionLennart Poettering
This way, we can get rid of a label/goto.
2016-11-02sysctl: do not fail systemd-sysctl.service if /proc/sys is mounted read-onlyLennart Poettering
Let's make missing write access to /proc/sys non-fatal to the sysctl service. This is a follow-up to 411e869f497c7c7bd0688f1e3500f9043bc56e48 which altered the condition for running the sysctl service to check for /proc/sys/net being writable, accepting that /proc/sys might be read-only. In order to ensure the boot-up stays clean in containers lower the log level for the EROFS errors generated due to this.
2016-11-02unit: unify some code with new unit_new_for_name() callLennart Poettering
2016-11-02core: make the root mount perpetual tooLennart Poettering
Now that have a proper concept of "perpetual" units, let's make the root mount one too, since it also cannot go away.
2016-11-02core: rework the "no_gc" unit flag to become a more generic "perpetual" flagLennart Poettering
So far "no_gc" was set on -.slice and init.scope, to units that are always running, cannot be stopped and never exist in an "inactive" state. Since these units are the only users of this flag, let's remodel it and rename it "perpetual" and let's derive more funcitonality off it. Specifically, refuse enqueing stop jobs for these units, and report that they are "unstoppable" in the CanStop bus property.
2016-11-02core: initialize groups list before checking SupplementaryGroups= of a unit ↵Djalal Harouni
(#4533) Always initialize the supplementary groups of caller before checking the unit SupplementaryGroups= option. Fixes https://github.com/systemd/systemd/issues/4531
2016-11-01udev: net_id: add support for phys_port_name attribute (#4506)Jiří Pírko
Switch drivers uses phys_port_name attribute to pass front panel port name to user. Use it to generate netdev names. Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…
2016-11-01Recognise Lustre as a remote file system (#4530)Brian J. Murrell
Lustre is also a remote file system that wants the network to be up before it is mounted.
2016-10-30Implement VeraCrypt volume handling in crypttab (#4501)George Hilliard
This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30tests: clarify test_path_startswith return value (#4508)Zbigniew Jędrzejewski-Szmek
A pendant for #4481.
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
2016-10-28Merge pull request #4458 from keszybz/man-nonewprivilegesMartin Pitt
Document NoNewPrivileges default value
2016-10-28udev: allow substitutions for SECLABEL key (#4505)Michal Sekletar
2016-10-27systemctl: warn when cat shows changed unit files (#4493)Lucas Werkmeister
Suggested by @keszybz in #4488.
2016-10-27Merge pull request #4485 from endocode/djalal/portable-branch-v1Zbigniew Jędrzejewski-Szmek
core: improve mount namespace and working directory setup
2016-10-27Merge pull request #4442 from keszybz/detect-virt-usernsEvgeny Vereshchagin
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
2016-10-27core: make unit argument const for apply seccomp functionsDjalal Harouni
2016-10-27core: lets apply working directory just after mount namespacesDjalal Harouni
This makes applying groups after applying the working directory, this may allow some flexibility but at same it is not a big deal since we don't execute or do anything between applying working directory and droping groups.
2016-10-27core: get the working directory value inside apply_working_directory()Djalal Harouni
Improve apply_working_directory() and lets get the current working directory inside of it.
2016-10-27core: move apply working directory code into its own apply_working_directory()Djalal Harouni
2016-10-27core: move the code that setups namespaces on its own functionDjalal Harouni
2016-10-26hwdb: fix error check of wrong variable (#4499)Thomas H. P. Andersen
We updated 'fn' but checked 'v' instead. From 698c5a17 Spotted with PVS
2016-10-26Merge pull request #4448 from msoltyspl/vcfixZbigniew Jędrzejewski-Szmek
Fix some formatting details in the merge.
2016-10-26condition: simplify condition_test_virtualizationZbigniew Jędrzejewski-Szmek
Rewrite the function to be slightly simpler. In particular, if a specific match is found (like ConditionVirtualization=yes), simply return an answer immediately, instead of relying that "yes" will not be matched by any of the virtualization names below. No functional change.
2016-10-26test-tables: test ConditionVirtualizationZbigniew Jędrzejewski-Szmek
2016-10-26shared/condition: add ConditionVirtualization=[!]private-usersZbigniew Jędrzejewski-Szmek
This can be useful to silence warnings about units which fail in userns container.
2016-10-26detect-virt: add --private-users switch to check if a userns is activeZbigniew Jędrzejewski-Szmek
Various things don't work when we're running in a user namespace, but it's pretty hard to reliably detect if that is true. A function is added which looks at /proc/self/uid_map and returns false if the default "0 0 UINT32_MAX" is found, and true if it finds anything else. This misses the case where an 1:1 mapping with the full range was used, but I don't know how to distinguish this case. 'systemd-detect-virt --private-users' is very similar to 'systemd-detect-virt --chroot', but we check for a user namespace instead.
2016-10-26networkd : verify dns ip address when parsing configuration (#4492)Susant Sahani
Invalid IP addresses would be passed through as-is: $ networkctl status wlp3s0: ● 2: wlp3s0 Link File: /usr/lib/systemd/network/99-default.link Network File: /etc/systemd/network/wlp3s0.network Type: wlan State: routable (configured) Path: pci-0000:03:00.0 Driver: iwlwifi Vendor: Intel Corporation Model: Centrino Advanced-N 6205 [Taylor Peak] (Centrino Advanced-N 6205 AGN) HW Address: XXXXXXXXXX (Intel Corporate) Address: 192.168.2.103 XXXXXXXXXXX Gateway: 192.168.2.1 (Arcadyan Technology Corporation) DNS: 127.0.0.5553 Instead verify that DNS= has a valid list of addresses when parsing configuration. Fixes #4462.
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
shmat(..., SHM_EXEC) can be used to create writable and executable memory, so let's block it when MemoryDenyWriteExecute is set.
2016-10-26vconsole: setup_remaining_vcs() - more sanity checksMichal Soltys
Check if values filled up by KD_FONT_OP_GET ioctl make sense - dummy driver for example doesn't implement required functionality at all.
2016-10-25Merge pull request #4476 from poettering/systemctl-freeMartin Pitt
two minor systemctl memleak fixes
2016-10-25test: skip exec tests when inaccessible dir is unavailableDongsu Park
In case of running test-execute on systems with systemd < v232, several tests like privatedevices or protectkernelmodules fail because /run/systemd/inaccessible/ doesn't exist. In these cases, we should skip tests to avoid unnecessary errors. See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566
2016-10-25systemctl: fix two minor memory leaks in --wait handlingLennart Poettering
(Also, let's not use the binary |= operator on "bool" variables). Fix-up for 93a0884126146361ca078ec627da2cf766205a1c.
2016-10-25Merge pull request #4474 from poettering/nsswitchMartin Pitt
various nss module/resolved fixes
2016-10-24Merge pull request #4450 from poettering/seccompfixesZbigniew Jędrzejewski-Szmek
Various seccomp fixes and NEWS update.
2016-10-24Merge pull request #4477 from poettering/enumerate-load-fixLennart Poettering
Properly synthesize -.slice and init.scope
2016-10-24networkd: fix mixup of bond options (#4470)Benjamin Richter
2016-10-24core: move initialization of -.slice and init.scope into the unit_load() ↵Lennart Poettering
callbacks Previously, we'd synthesize the root slice unit and the init scope unit in the enumerator callbacks for the unit type. This is problematic if either of them is already referenced from a unit that is loaded as result of another unit type's enumerator logic. Let's clean this up and simply create the two objects from the enumerator callbacks, if they are not around yet. Do the actual filling in of the settings from the unit_load() callbacks, to match how other units are loaded. Fixes: #4322
2016-10-24nss-resolve: be a bit more careful with returning NSS_STATUS_NOTFOUNDLennart Poettering
Let's tighten the cases when our module returns NSS_STATUS_NOTFOUND. Let's do so only if we actually managed to talk to resolved. In all other cases stick to NSS_STATUS_UNAVAIL as before, as it clearly indicates that our module or the system is borked, and the "dns" fallback should really take place. In particular this fixes the 2nd-level fallback from our own dlopen() based fallback handling. In this case we really should return UNAVAIL so that the caller can apply its own fallback still. Fix-up for d7247512a904f1dd74125859d8da66166c2a6933. Note that our own dlopen() based fallback is pretty much redundant now if nsswitch.conf is configured like this: hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname In a future release we should probably drop our internal fallback then, in favour of this nsswitch.conf-based one.
2016-10-24resolved: properly check for the root domainLennart Poettering
Fix-up for #4164
2016-10-24seccomp: add test-seccomp test toolLennart Poettering
This validates the system call set table and many of our seccomp-util.c APIs.
2016-10-24seccomp: add new helper call seccomp_load_filter_set()Lennart Poettering
This allows us to unify most of the code in apply_protect_kernel_modules() and apply_private_devices().
2016-10-24seccomp: two fixes for the syscall set tablesLennart Poettering
"oldumount()" is not a syscall, but simply a wrapper for it, the actual syscall nr is called "umount" (and the nr of umount() is called umount2 internally). "sysctl()" is not a syscall, but "_syscall()" is. Fix this in the table. Without these changes libseccomp cannot actually translate the tables in full. This wasn't noticed before as the code was written defensively for this case.
2016-10-24seccomp: add new seccomp_init_conservative() helperLennart Poettering
This adds a new seccomp_init_conservative() helper call that is mostly just a wrapper around seccomp_init(), but turns off NNP and adds in all secondary archs, for best compatibility with everything else. Pretty much all of our code used the very same constructs for these three steps, hence unifying this in one small function makes things a lot shorter. This also changes incorrect usage of the "scmp_filter_ctx" type at various places. libseccomp defines it as typedef to "void*", i.e. it is a pointer type (pretty poor choice already!) that casts implicitly to and from all other pointer types (even poorer choice: you defined a confusing type now, and don't even gain any bit of type safety through it...). A lot of the code assumed the type would refer to a structure, and hence aded additional "*" here and there. Remove that.