summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-09-17nspawn: clarify log warning for /etc/localtime not being a symbolic link (#4163)Michael Pope
2016-09-16Updated formatting for printing the key for FSS (#4165)hi117
The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption. Before: ``` Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. /var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900 The sealing key is automatically changed every 15min. ``` After: ``` Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900 The sealing key is automatically changed every 15min. ```
2016-09-15Merge pull request #4131 from intelfx/update-done-timestamps-precisionZbigniew Jędrzejewski-Szmek
condition: ignore nanoseconds in timestamps for ConditionNeedsUpdate= Fixes #4130.
2016-09-16logind: fix /run/user/$UID creation in apparmor-confined containers (#4154)Tomáš Janoušek
When a docker container is confined with AppArmor [1] and happens to run on top of a kernel that supports mount mediation [2], e.g. any Ubuntu kernel, mount(2) returns EACCES instead of EPERM. This then leads to: systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied login[42]: pam_systemd(login:session): Failed to create session: Access denied and user sessions don't start. This also applies to selinux that too returns EACCES on mount denial. [1] https://github.com/docker/docker/blob/master/docs/security/apparmor.md#understand-the-policies [2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/kernel-patches/4.7/0025-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
2016-09-15test-execute: fix %n typo (#4153)Zbigniew Jędrzejewski-Szmek
2016-09-15networkd: network fix log messageSusant Sahani
2016-09-15networkd: netdev fixup copy paste errorSusant Sahani
2016-09-15update-done, condition: write the timestamp to the file as well and use it ↵Ivan Shapovalov
to prevent false-positives This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90192 and #4130 for real. Also, remove timestamp check in update-done.c altogether since the whole operation is idempotent.
2016-09-15time-util: export timespec_load_nsec()Ivan Shapovalov
2016-09-14networkd: add support to configure virtual CAN device (#4139)Susant Sahani
1. add support for kind vcan 2. fixup indention netlink-types.c, networkd-netdev.c
2016-09-14Merge pull request #4133 from keszybz/strerror-removalMartin Pitt
Strerror removal and other janitorial cleanups
2016-09-14kernel-install: Add KERNEL_INSTALL_NOOP (#4103)Colin Walters
Will be used by rpm-ostree (and likely lorax) to suppress RPM->kernel->%posttrans->dracut runs, and basically everything else this script is doing. I'll also likely change the `kernel.spec` to respect this as well.
2016-09-13Always use unicode ellipsis when ellipsizingZbigniew Jędrzejewski-Szmek
We were already unconditionally using the unicode character when the input string was not pure ASCII, leading to different behaviour in depending on the input string. systemd[1]: Starting printit.service. python3[19962]: foooooooooooooooooooooooooooooooooooo…oooo python3[19964]: fooąęoooooooooooooooooooooooooooooooo…oooo python3[19966]: fooąęoooooooooooooooooooooooooooooooo…ąęąę python3[19968]: fooąęoooooooooooooooooąęąęąęąęąęąęąęą…ąęąę systemd[1]: Started printit.service.
2016-09-13tests: get rid of strerrorZbigniew Jędrzejewski-Szmek
2016-09-13tree-wide: use %m in calls to sd_bus_error_set_errnofZbigniew Jędrzejewski-Szmek
sd_bus_error_set_errnof supports %m, so there's no need to call strerror manually.
2016-09-13journal-verify: get rid of strerrorZbigniew Jędrzejewski-Szmek
2016-09-13microhttpd-util: add the trailing newline automaticallyZbigniew Jędrzejewski-Szmek
It's prone to error and annoying to have to add it manually. It was missing from a few places.
2016-09-13journal-remote: implement %m support in mhd_respondfZbigniew Jędrzejewski-Szmek
errno value is not protected (it is undefined after this function returns). Various mhd_* functions are not documented to protect errno, so this could not guaranteed anyway.
2016-09-13udev: use get_proc_cmdline_key instead of FOREACH_WORD_QUOTEDZbigniew Jędrzejewski-Szmek
2016-09-13fileio: simplify mkostemp_safe() (#4090)Topi Miettinen
According to its manual page, flags given to mkostemp(3) shouldn't include O_RDWR, O_CREAT or O_EXCL flags as these are always included. Beyond those, the only flag that all callers (except a few tests where it probably doesn't matter) use is O_CLOEXEC, so set that unconditionally.
2016-09-10shared/install: fix set-default with empty root (#4118)Zbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1374371 When root was empty or equal to "/", chroot_symlinks_same was called with root==NULL, and strjoina returned "", so the code thought both paths are equal even if they were not. Fix that by always providing a non-null first argument to strjoina.
2016-09-10test-fs-util: also empty TEMP and TMP env vars (#4121)Marc-Antoine Perennou
A follow-up for #3818 (992e8f2).
2016-09-10Merge pull request #4119 from keszybz/drop-more-kdbusEvgeny Vereshchagin
Drop more kdbus functionality
2016-09-10service: fixup ExecStop for socket-activated shutdown (#4120)Kyle Russell
Previous fix didn't consider handling multiple ExecStop commands.
2016-09-09shared: recognize DNS names with more than one trailing dot as invalid (#4111)Martin Pitt
One trailing dot is valid, but more than one isn't. This also fixes glibc's posix/tst-getaddrinfo5 test. Fixes #3978.
2016-09-09unit: sent change signal before removing the unit if necessary (#4106)Michael Olbrich
If the unit is in the dbus queue when it is removed then the last change signal is never sent. Fix this by checking the dbus queue and explicitly send the change signal before sending the remove signal.
2016-09-09pid1: drop kdbus_fd and all associated logicZbigniew Jędrzejewski-Szmek
2016-09-09service: Continue shutdown on socket activated unit on termination (#4108)Kyle Russell
ENOTCONN may be a legitimate return code if the endpoint disappeared, but the service should still attempt to shutdown cleanly.
2016-09-06nspawn: detect SECCOMP availability, skip audit filter if unavailableFelipe Sateler
Fail hard if SECCOMP was detected but could not be installed
2016-09-06seccomp: also detect if seccomp filtering is enabledFelipe Sateler
In https://github.com/systemd/systemd/pull/4004 , a runtime detection method for seccomp was added. However, it does not detect the case where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible if the architecture does not support filtering yet. Add a check for that case too. While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl, as that should save a few system calls and (unnecessary) allocations. Previously, reading of /proc/self/stat was done as recommended by prctl(2) as safer. However, given that we need to do the prctl call anyway, lets skip opening, reading and parsing the file. Code for checking inspired by https://outflux.net/teach-seccomp/autodetect.html
2016-09-02Merge pull request #4084 from ssahani/netfixDaniel Mack
fix #4080
2016-09-02fix #4080Susant Sahani
ethtool_sset_info adding some extra space to it. also fix valgrind warning ``` Unloaded link configuration context. ==31690== ==31690== HEAP SUMMARY: ==31690== in use at exit: 8,192 bytes in 2 blocks ==31690== total heap usage: 431 allocs, 429 frees, 321,164 bytes allocated ==31690== ==31690== 4,096 bytes in 1 blocks are still reachable in loss record 1 of 2 ==31690== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==31690== by 0x166B32: mempool_alloc_tile (mempool.c:62) ==31690== by 0x166BBC: mempool_alloc0_tile (mempool.c:81) ==31690== by 0x15B8FC: hashmap_base_new (hashmap.c:732) ==31690== by 0x15B9F7: internal_hashmap_new (hashmap.c:766) ==31690== by 0x151291: conf_files_list_strv_internal (conf-files.c:103) ==31690== by 0x1514BA: conf_files_list_strv (conf-files.c:135) ==31690== by 0x13A1CF: link_config_load (link-config.c:227) ==31690== by 0x135B68: builtin_net_setup_link_init (udev-builtin-net_setup_link.c:77) ==31690== by 0x1306B3: udev_builtin_init (udev-builtin.c:57) ==31690== by 0x11E984: adm_builtin (udevadm-test-builtin.c:72) ==31690== by 0x117B4D: run_command (udevadm.c:75) ``` Fixes #4080
2016-09-01systemctl: usable status command for special units (#4072)Cireo
Prior to this commit, users could be given an unusable command to run if they attempted to stop or start special services. For example: $ systemctl stop -- -.mount Failed to stop -.mount: Operation refused, unit -.mount may be \ requested by dependency only. See system logs and 'systemctl status -.mount' for details. $ systemctl status -.mount systemctl: invalid option -- '.' This adds a '--' to the example command in these situations.
2016-08-31hostnamed: prefer more precise DMI info over ACPI OSPM infoLennart Poettering
(also: add comments about the used numbers) Fixes: #3930
2016-08-31resolved: include d.f.ip6.arpa in default NTA listLennart Poettering
Fixes: #4049
2016-08-31sd-bus: bump message queue sizeLennart Poettering
Let's bump it further, as this the current limit turns out to be problematic IRL. Let's bump it to more than twice what we know of is needed. Fixes: #4068
2016-08-31machinectl: split OS field in two; print ip addresses (#4058)Seraphime Kirkovski
This splits the OS field in two : one for the distribution name and one for the the version id. Dashes are written for missing fields. This also prints ip addresses of known machines. The `--max-addresses` option specifies how much ip addresses we want to see. The default is 1. When more than one address is written for a machine, a `,` follows it. If there are more ips than `--max-addresses`, `...` follows the last address.
2016-08-31networkd: add options to bridge (#4051)Tobias Jungel
This patch allows to configure AgeingTimeSec, Priority and DefaultPVID for bridge interfaces.
2016-08-31install: fix disable when /etc/systemd/system is a symlink (#4063)Lennart Poettering
2016-08-31networkd: do not drop config for unmanaged interfaces (#4033)Lennart Poettering
Flushing foreign configuration for unmanaged interfaces is outright evil, especially when it's a regular occurence with Wi-Fi. Fixes: 3104883ddc24 "networkd: remove route if carrier is lost" Ref: #3831
2016-08-31core: introduce MemorySwapMax= (#3659)Lennart Poettering
Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls controls "memory.swap.max" attribute in unified cgroup.
2016-08-31link : add support to configure LRO and GRO Offload features (#4064)Lennart Poettering
The patch supports to configure GenericReceiveOffload LargeReceiveOffload
2016-08-31load-fragment: Resolve specifiers in OnCalendar and On*Sec (#4045)Lennart Poettering
Resolves #3534
2016-08-31link : add support to configure LRO and GRO Offload featuresSusant Sahani
The patch supports to configure GenericReceiveOffload LargeReceiveOffload
2016-08-30link : add support to configure Offload features (#4017)Susant Sahani
This patch supports these features to be on or off Generic Segmentation Offload TCP Segmentation Offload UDP Segmentation Offload fixes #432
2016-08-30bootctl: properly skip duplicate entries (#4048)Mantas Mikulėnas
'continue' is a fancy no-op here – it only skips through the inner loop, not the outer one, so entries already in BootOrder get printed twice. This partially reverts f939cff71577 "bootctl: various coding style updates".
2016-08-30Merge pull request #4053 from brulon/force-unmountLennart Poettering
add ForceUnmount= setting for mount units
2016-08-30install: fix disable when /etc/systemd/system is a symlinkLukas Nykryn
2016-08-30core: introduce MemorySwapMax=WaLyong Cho
Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls controls "memory.swap.max" attribute in unified cgroup.
2016-08-29basic/fileio: we always have O_TMPFILE nowYann E. MORIN
fileio makes use of O_TMPFILE when it is available. We now always have O_TMPFILE, defined in missing.h if missing from the toolchain headers. Have fileio include missing.h and drop the guards around the use of O_TMPFILE.