summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-01-29basic: fix touch() creating files with 07777 modeMantas Mikulėnas
mode_t is unsigned, so MODE_INVALID < 0 can never be true. This fixes a possible DoS where any user could fill /run by writing to a world-writable /run/systemd/show-status.
2016-01-29systemctl: actually honour the try-reload-or-restart verb aabf5d4243408 promisedLennart Poettering
The verb entry got lost in the ultimate commit.
2016-01-29systemctl: make most systemctl commands NOPs in a chroot() environmentLennart Poettering
Fixes #2015
2016-01-29systemctl: consider a chroot() environment always offlineLennart Poettering
2016-01-29basic: when parsing verb command lines, optionally shortcut them in chroot() ↵Lennart Poettering
environments This adds some basic infrastructure in order to fix #2015.
2016-01-28Merge pull request #2466 from poettering/nspawn-journalZbigniew Jędrzejewski-Szmek
Two small nspawn fixes
2016-01-28nspawn: make sure --link-journal=host may be used twice in a rowLennart Poettering
Fixes #2186 This fixes fall-out from 574edc90066c3faeadcf4666928ed9b0ac409c75.
2016-01-28nspawn: make journal linking non-fatal in try and auto modesLennart Poettering
Fixes #2091
2016-01-28systemctl: rename "reload-or-try-restart" verb to "try-reload-or-restart"Lennart Poettering
But also keep the old name as (undocumented) compatibility around. The reload-or-try-restart was documented to be a NOP if the unit is not running, since the previous commits this is also implemented. The old name suggests that the "try" logic only applies to restarting. Fix this, by moving the "try-" to the front, to indicate that the whole option is a NOP if the service isn't running.
2016-01-28systemctl: improve message when a job fails with a JOB_INVALID stateLennart Poettering
This result can only happen if the job was a reload job for an inactive unit. Make the error message actually say that.
2016-01-28core: when propagating reload jobs, downgrade them to try-reloadLennart Poettering
Otherwise we might end up generating jobs that fail immediately. This follows the same logic that restart propagation follows.
2016-01-28core: when determining system state, don't bother with JOB_TRY_RESTARTLennart Poettering
When we determine the current system state we check whether units like emergency.target are running or a job that results in them being run is queued. However, this is not the case for JOB_TRY_RESTART, since that's a NOP if the unit has not been running before. Hence, don't bother with checking for that job type.
2016-01-28core: make sure "systemctl reload-or-try-restart is actually a noop if a ↵Lennart Poettering
unit is not running This makes sure we follow the same basic logic for try-restart if we have a try-reload. Fixes #688
2016-01-28basic: getauxval(AT_RANDOM) is apparently not necessarily alignedLennart Poettering
Let's make sure we read it in a way compatible with non-aligned memory. Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812928
2016-01-28systemctl: don't make up unit states, and don't eat up errors to eagerlyLennart Poettering
When checking a unit's state, don't ignore errors too eagerly, but generate proper error messages. Also, don't synthesize an "unknown" state on error, but let the operation file. If a unit file isn't loaded treat this as "inactive" as that's effectively what it means.
2016-01-28systemctl: don't mangle unit names in check_unit_generic()Lennart Poettering
As it turns out all callers of check_unit_generic() already mangle unit names, or get the unit names directly from PID 1 (and hence arein normalized form anyway), hence there's no point in mangling then...
2016-01-28shared: meanor clean-ups for logs-show.cLennart Poettering
Some minor simplifications. Shouldn't change codepaths.
2016-01-28core: don't reset /dev/console if stdin/stdout/stderr as passed as fd in a ↵Lennart Poettering
transient service Otherwise we might end resetting /dev/console all the time when a transient service starts or stops. Fixes #2377 Fixes #2198 Fixes #2061
2016-01-27Merge pull request #2451 from zonque/pr-2162-rebasedLennart Poettering
utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, i…
2016-01-27utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, int16_tShawn Landden
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring to unicode chars, to make things more expressive. [ @zonque: * rebased to current master * use AC_CHECK_DECLS to detect availibility of char{16,32}_t * make utf8_encoded_to_unichar() return int ]
2016-01-27nss-resolve: also fall back to nss-dns if dbus doesn't workLennart Poettering
Fixes #1692
2016-01-27nss: block various signals while running NSS lookupsLennart Poettering
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be interrupted where they should (SIGINT, ...). Fixes #1965
2016-01-27basic: don't append suffixes to unit name glob expressionsLennart Poettering
When the user specifies "foo*" as unit name glob expression, we shouldn't turn this into "foo*.service". Hence: only append a suffix if the specified string isn't a glob expression. Fixes: #2397
2016-01-27systemctl: piece-meal strv extension is expensiveLennart Poettering
If we have many entries to add to an strv we really should try to be smarter than constantly realloc()ing the strv array. Instead, grow it exponentially.
2016-01-27tests: don't abbreviate function names needlesslyLennart Poettering
THis is otherwise really hard to read...
2016-01-27machined: add early checks for unrealistically large image/pool sizesLennart Poettering
2016-01-27machined: when the pool limit is set to infinity don't resize backing ↵Lennart Poettering
loopback file An unlimited quota makes a lot of sense, but we really should try to propagate this onto the loopback file size, since an infinitely sized file makes no sense. Fixes: #2314 #2253
2016-01-27Merge pull request #1975 from ssahani/vxlan2Tom Gundersen
networkd: Add support to configure VXLAN Port
2016-01-26Merge pull request #2446 from keszybz/ask-passwordLennart Poettering
Ask password unicode fix
2016-01-26ask-password-api: only emit a star on valid unicode codepointZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1301984
2016-01-26test-ask-password-api: add a manual test for password readingZbigniew Jędrzejewski-Szmek
2016-01-26Merge pull request #2306 from walyong/exec_v01Lennart Poettering
[v1] core: resolve specifier in config_parse_exec()
2016-01-26resolve: fix compare function for EtcHostItemThomas Hindoe Paaboel Andersen
From dd0bc0f1
2016-01-26nss-resolve: fix gethostbyaddr h_aliasesSamu Kallio
Fix the comparison to include the first alias, which will otherwise be left as a bogus pointer.
2016-01-26Merge pull request #2440 from poettering/journal-fixTom Gundersen
journald: minor fixes
2016-01-26Merge pull request #2437 from poettering/dnssec19Tom Gundersen
nineteenth dnssec patch
2016-01-26Merge pull request #2441 from msekletar/killing-spree-excluded-log-v3Lennart Poettering
shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1 (v3)
2016-01-26journald: add a couple of static asserts checking logging constantsLennart Poettering
Whenever we include a log level or facility in a journal string field, make sure the compiler checks for us that that's actually the right thing to do.
2016-01-26journald: fix LOG_AUTH facility in audit codeLennart Poettering
Fixes: #2304
2016-01-26update TODOLennart Poettering
This gets rid of the private DNSSEC TODO and moves it in the main TODO dump site, as the DNSSEC implementation is pretty complete now, and the remaining bits are low-priority.
2016-01-26resolved: prorize rtnl and sd-network event sourcesLennart Poettering
Lets make sure we always take notice of network changes before answering client requests. This way, calls like SetLinkDNS() become race-free as the specified interface index is guarantee to have been processed if it exists before we make changes to it.
2016-01-26resolved: fix the rcode to SUCCESS if we find at least one matching RR in a ↵Lennart Poettering
DNS response If we encounter NXDOMAIN, but find at least one matching RR in a response, then patch it to become SUCCESS. This should clean up handling of CNAME/DNAMEs, and makes sure broken servers and those conforming to RFC 6604 are treated the same way. The new behaviour opposes the logic suggested in RFC 6604, but given that some servers don't implement it correctly, and given that in some ways the CNAME/DNAME chains will be incomplete anyway, and given that DNSSEC generally only allows us to prove the first element of a CNAME/DNAME chain, this should simplify things for us.
2016-01-26resolved: allow configuration of routing domains in Domains=Lennart Poettering
2016-01-26resolved: teach resolved the difference between "routing" and "search" domainsLennart Poettering
Following the changes to expose the "routing" and "search" domain concepts in networkd, actually make resolved use them. It will now use routing domains exclusively for making DNS routing decisions, and use search domains additionally for extending single-label names.
2016-01-26util: introduce fputs_with_space() and make use of it at various placesLennart Poettering
The call combines outputing a string with prefixing it with a space, optionally. This is useful to shorten the logic for outputing lists of strings, that are space separated.
2016-01-26networkd: optinally use DHCP lease domain info for routing onlyLennart Poettering
This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the boolean values. If set, the passed domain information is used for routing rules only, but not for the search path logic.
2016-01-26networkd: rename a few Network object properties to be more like the ↵Lennart Poettering
configuration settings All booleans called dhcp_xyz are now called ".dhcp_use_xyz", to match their respective configuration file settings. This should clarify things a bit, in particular as there is a DHCP hostname that was previously called just ".hostname" because ".dhcp_hostname" was already existing as a bool. Since this confusion is removed now because the bool is called ".dhcp_use_hostname", the string field is now renamed to ".dhcp_hostname".
2016-01-26shared: normalize the root domain to "." rather than ""Lennart Poettering
Let's make sure the root domain is normalized to ".", rather than then empty string, so that there's actually something to see on screen. Normally, we don't append a trailing dot to normalized domain names, but do so in the one exception of the root domain, taking inspiration from UNIX file system paths.
2016-01-26dhcp: make host/domain name validity checks stricterLennart Poettering
Also don't permit host/domain names that reference the root domain, and unify the codepaths for this.
2016-01-26networkd: when filtering out duplicate domain names use DNS comparisonLennart Poettering
When we collect the domain names of the various links and other sources in one ordered set, make sure to use proper DNS name comparison to filter out duplicates.