Age | Commit message (Collapse) | Author |
|
Adds support to core for systemd D-Bus clients to send the
`SELinuxContext` property . This means `systemd-run -p
SELinuxContext=foo` should now work.
|
|
rm_rf_physical_and_freep in tests (#3292)
Some distros don't mount /tmp as tmpfs.
For example:
https://lists.ubuntu.com/archives/ubuntu-cloud/2016-January/001009.html
Some tests:
* print 'Attempted to remove disk file system, and we can't allow that.'
* don't really cleanup /tmp
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1336960
|
|
After enabling/disabling a unit, the daemon configuration is expected
to be unless '--no-reload' option is passed.
However this is not done when enabling a sysv units. This can lead to
the following scenario:
$ cp /etc/init.d/named /etc/init.d/foo
$ systemctl enable foo
foo.service is not a native service, redirecting to systemd-sysv-install
Executing /usr/lib/systemd/systemd-sysv-install enable foo
$ systemctl start foo
Failed to start foo.service: Unit foo.service failed to load: No such file or directory.
This can also be seen after installing a package providing a sysv
service: the service can't be started unless 'daemon-reload' is called
manually. This shouldn't be needed and this patch will fix this case
too since during package installation, the service is expected to be
enabled/disabled.
|
|
The sync() call on shutdown had been removed with commit 57371e5829a61e5ee6c9f98404dfc729d6c62608
together with the no-sync option for the shutdown commands.
The sync call was restored in commit 4a3ad39957399c4a30fc472a804e72907ecaa4f9 but the no-sync option
wasn't re-added.
I think we should restore this option at least for the legacy halt command.
|
|
free_and_strdup already handles the NULL case for us, so we can remove
an extraneous conditional check.
As noted in https://github.com/systemd/systemd/pull/3279/files#r63687717
|
|
This is partial fix for #2228 and #2977, #3204.
bridge-test: netdev ready
docker0: Gained IPv6LL
wlan0: Gained IPv6LL
eth0: Gained IPv6LL
Enumeration completed
bridge-test: netdev exists, using existing without changing its
parameters
vboxnet0: IPv6 enabled for interface: Success
lo: Configured
docker0: Could not drop address: No such process
vboxnet0: Gained carrier
wlan0: Could not drop address: No such process
eth0: Could not drop address: No such process
eth0: Could not drop address: No such process
eth0: Could not drop address: No such process
vboxnet0: Gained IPv6LL
vboxnet0: Could not set NDisc route or address: Invalid argument
vboxnet0: Failed
[New Thread 0x7ffff6505700 (LWP 1111)]
[Thread 0x7ffff6505700 (LWP 1111) exited]
Assertion 'link->state == LINK_STATE_SETTING_ROUTES' failed at
src/network/networkd-link.c:672, function link_enter_configured().
Aborting.
Program received signal SIGABRT, Aborted.
0x00007ffff6dc6a98 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install
iptables-1.4.21-15.fc23.x86_64 libattr-2.4.47-14.fc23.x86_64
libidn-1.32-1.fc23.x86_64 pcre-8.38-7.fc23.x86_64
Debugging
(gdb) bt
"link->state == LINK_STATE_SETTING_ROUTES", file=0x5555556a34c8
"src/network/networkd-link.c", line=672,
func=0x5555556a56d0 <__PRETTY_FUNCTION__.14850>
"link_enter_configured") at src/basic/log.c:788
src/network/networkd-link.c:672
src/network/networkd-link.c:720
flags=0 '\000', scope=0 '\000', cinfo=0x7fffffffe020) at
src/network/networkd-address.c:344
(rtnl=0x5555556eded0, message=0x55555570ff20, userdata=0x5555556ec590)
at src/network/networkd-manager.c:604
m=0x55555570ff20) at src/libsystemd/sd-netlink/sd-netlink.c:365
at src/libsystemd/sd-netlink/sd-netlink.c:395
ret=0x0) at src/libsystemd/sd-netlink/sd-netlink.c:429
revents=1, userdata=0x5555556eded0) at
src/libsystemd/sd-netlink/sd-netlink.c:723
src/libsystemd/sd-event/sd-event.c:2268
src/libsystemd/sd-event/sd-event.c:2629
timeout=18446744073709551615) at src/libsystemd/sd-event/sd-event.c:2688
bus=0x5555556eeba0, name=0x55555568a2f5 "org.freedesktop.network1",
timeout=30000000,
check_idle=0x55555556adb6 <manager_check_idle>,
userdata=0x5555556ec590) at src/shared/bus-util.c:134
src/network/networkd-manager.c:1130
src/network/networkd.c:127
(gdb) f 3
src/network/networkd-link.c:672
672 assert(link->state == LINK_STATE_SETTING_ROUTES);
(gdb) p link->state
$1 = LINK_STATE_FAILED
We should not be in this state .
even if vboxnet0 failed we went into this state.
vboxnet0: Could not set NDisc route or address: Invalid argument
vboxnet0: Failed
|
|
Fix for #3232.
|
|
Add an option to disable appending DHCP option 3 (Router) to the DHCP
OFFER and ACK packets.
This commit adds the boolean option EmitRouter= for the [DHCPServer]
section in .network files.
Rationale: On embedded devices, it is very useful to have a DHCP server
running on an USB OTG ethernet gadget interface to avoid manual setup on
the client PCs, but it should only serve IP addresses, no route(r)s.
Otherwise, Windows clients experience network connectivity issues, due
to them using the address set in DHCP option 3 as default gateway.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
|
|
Makes it consistent with the other branches here.
|
|
|
|
Small networkd cleanup
|
|
core: add io controller support on the unified hierarchy
|
|
|
|
We currently generate log message about unit being started even when
unit was started already and job didn't do anything. This is because job
was requested explicitly and hence became anchor job of the transaction
thus we could not eliminate it. That is fine but, let's not pollute
journal with useless log messages.
$ systemctl start systemd-resolved
$ systemctl start systemd-resolved
$ systemctl start systemd-resolved
Current state:
$ journalctl -u systemd-resolved | grep Started
May 05 15:31:42 rawhide systemd[1]: Started Network Name Resolution.
May 05 15:31:59 rawhide systemd[1]: Started Network Name Resolution.
May 05 15:32:01 rawhide systemd[1]: Started Network Name Resolution.
After patch applied:
$ journalctl -u systemd-resolved | grep Started
May 05 16:42:12 rawhide systemd[1]: Started Network Name Resolution.
Fixes #1723
|
|
|
|
More friendly to the stack.
|
|
Private /dev will not be managed by udev or others, so we can make it
noexec and readonly after we have made all device nodes. As /dev/shm
needs to be writable, we can't use bind_remount_recursive().
|
|
|
|
Also adjust indentation in various places.
|
|
While creating a VLAN the mac address should be copied from the parent interface, so that
the VLANs inherit the MAC address of the physical interface.
Before:
```
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:26:c6:85:a3:c2 brd ff:ff:ff:ff:ff:ff
...
6: vlan1@wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 22:07:73:9d:43:59 brd ff:ff:ff:ff:ff:ff
7: vlan2@wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 46:30:76:33:35:d4 brd ff:ff:ff:ff:ff:ff
```
After:
```
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:26:c6:85:a3:c2 brd ff:ff:ff:ff:ff:ff
...
11: vlan1@wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:26:c6:85:a3:c2 brd ff:ff:ff:ff:ff:ff
12: vlan2@wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:26:c6:85:a3:c2 brd ff:ff:ff:ff:ff:ff
```
v2 of #1573, with fixed commit message.
|
|
This patch implements support for the IFLA_BR_MCAST_SNOOPING attribute
it can change the multicast snooping value.
IGMP snooping monitors the Internet Group Management Protocol (IGMP)
traffic between hosts and multicast routers.
|
|
|
|
It is just an alias for route_free which requires that route is not null,
but it was only used in one place where it was checked that route is not
null anyway. Let's just call route_free instead.
|
|
This is now the recommended way to do monitoring by upstream D-Bus.
It's also allowed in the default policy, whereas eavesdrop is not
anymore, which effectively broke busctl on many systems.
|
|
unit_set_slice() fails with -EBUSY if the unit already has a slice associated
with it. This makes it impossible to override slice through dropin config or
over dbus. There's no reason to disallow slice changes as long as cgroups
aren't realized. Fix it.
Fixes #3240.
Signed-off-by: Tejun Heo <htejun@fb.com>
Reported-by: Davide Cavalca <dcavalca@fb.com>
|
|
Drop all dangling old /dev mounts before mounting a new private /dev tree.
|
|
|
|
This new method returns information by unit names. Instead of ListUnitsByPatterns
this method returns information of inactive and even unexisting units.
Moved dbus unit reply logic into a separate shared function.
Resolves https://github.com/coreos/fleet/pull/1418
|
|
Add a synchronization point so that custom initramfs units can run
after the root device becomes available, before it is fsck'd and
mounted.
This is useful for custom initramfs units that may modify the
root disk partition table, where the root device is not known in
advance (it's dynamically selected by the generators).
|
|
Desktop environments can keep this property up to date to allow
applications to easily track session's Lock status.
|
|
We need to be sure that the size returned here actually matches what we will read with recvmsg() next
Fixes #2984
|
|
Fix "preset-all" with dangling symlinks and install-section hint emitted too eagerly
|
|
_const_ means that the caller can assume that the function will return the same
result every time (and will not modify global memory). special_glyph() meets
this: even though it depends on global memory, that part of global memory is
not expected to change. This allows the calls to special_glyph() to be
optimized, even if -flto is not used.
|
|
That function doesn't draw anything on it's own, just returns a string, which
sometimes is more than one character. Also remove "DRAW_" prefix from character
names, TREE_* and ARROW and BLACK_CIRCLE are unambigous on their own, don't
draw anything, and are always used as an argument to special_glyph().
Rename "DASH" to "MDASH", as there's more than one type of dash.
|
|
It's quite a bit shorter and just as readable.
(The full sentence with "pointing to" was added to replace a text that used
"ln -s %s %s". Using the "ln" syntax is indeed unclear, because it's not
obvious which is the source and which is the target, and because symlink(2)
uses the opposite order to ln(1). But with the unicode arrow there should
be no ambiguity.)
|
|
Executing 'systemctl enable' on the same unit twice would cause
a warning about a missing [Install] section to be printed. To avoid
this, count all symlinks that "would" be created, and return 1
no matter if we actually created a symlink or skipped creation because
it already exists.
|
|
This fixes 'preset-all' with a unit that is a dangling symlink.
$ systemctl --root=/ preset-all
Unit syslog.service is an alias to a unit that is not present, ignoring.
Unit auditd.service is masked, ignoring.
Unit NetworkManager.service is masked, ignoring.
|
|
$ systemctl --root=/ preset foobar.service
Cannot find unit foobar.service.
Failed to preset: No such file or directory.
$ systemctl --root=/ preset foobar@.service
Cannot find unit foobar@.service.
Failed to preset: No such file or directory.
$ systemctl --root=/ preset foobar@blah.service
Cannot find unit foobar@blah.service or foobar@.service.
Failed to preset: No such file or directory.
|
|
Let's make sure we don't remove veth links that existed before nspawn was
invoked.
https://github.com/systemd/systemd/pull/3209#discussion_r62439999
|
|
Fix-up for 93e2822684b37a4eeef03775a7a1f44a3055d7b2
|
|
This allows selecting the propagation level of emitted LLDP packets
(specifically: the destination MAC address of the packets). This is useful
because it allows generating LLDP packets that optionally cross certain types
of bridges.
See 802.11ab-2009, Table 7-1 for details.
|
|
|
|
This adds a new concept of network "zones", which are little more than bridge
devices that are automatically managed by nspawn: when the first container
referencing a bridge is started, the bridge device is created, when the last
container referencing it is removed the bridge device is removed again. Besides
this logic --network-zone= is pretty much identical to --network-bridge=.
The usecase for this is to make it easy to run multiple related containers
(think MySQL in one and Apache in another) in a common, named virtual Ethernet
broadcast zone, that only exists as long as one of them is running, and fully
automatically managed otherwise.
|
|
Make use of this in nspawn at a couple of places. A later commit should port
more code over to this, including networkd.
|
|
don't reopen socket fds when reloading the daemon
|
|
|
|
|
|
more dhcp fixes
|