Age | Commit message (Collapse) | Author |
|
If we downgrade from DNSSEC to non-DNSSEC mode, let's log about this in a recognizable way (i.e. with a message ID),
after all, this is of major importance.
|
|
This way the difference between lookups via NSS and our native bus API should become minimal.
|
|
When we synthesize A/AAAA for domains like "localhost", then make sure we generate ENODATA if the user asks for RR
types such a RP to be solved on the name. Previously, we'd pass the error back in that case that was generated from the
usual lookup procedure.
|
|
The LLMNR spec suggests to do do reverse address lookups by doing direct LLMNR/TCP connections to the indicated
address, instead of doing any LLMNR multicast queries. When we do this and the peer doesn't actually implement LLMNR
this will result in a TCP connection error, which we need to handle. In contrast to most LLMNR lookups this will give
us a quick response on whether we can find a suitable name. Report this as new transaction state, since this should
mostly be treated like an NXDOMAIN rcode, except that it's not one.
|
|
Assign errno-style errors to a variable called "r" when they happen, the same way we do this in most other calls. It's
bad enough that the error handling part of the function deals with two different error variables (pam_code and r) now,
but before this fix it was even three!
|
|
Since we honour the edns rcode extension we need more than 4 bits to format it. To avoid further confusion, derive the
right length from the type.
|
|
Now that we count both negative and positive validation results, we shouldn't claim we just counted RRsets.
|
|
Also, don't consider RRs that aren't primary to the lookups we do as relevant to the lookups.
|
|
When using NSEC/NSEC3 RRs from the cache to derive existance of arbitrary RRs, we should not get confused by the fact
that NSEC/NSEC3 RRs exist twice at zone cuts: once in the parent zone, and once in the child zone. For most RR types we
should only consult the latter since that's where the beef is. However, for DS lookups we have to check the former.
This change makes sure we never cache NSEC/NSEC3 RRs from any parent zone of a zone-cut. It also makes sure that when
we look for a DS RR in the cache we never consider any cached NSEC RR, as those are now always from the child zone.
|
|
an invalid packet event
|
|
We already maintain statistics about positive DNSSEC proofs, and count them up by 1 for each validated RRset. Now,
update the same counters each time we validated a negative query, so that the statistics are the combined result of all
validation checks, both positive and negative.
|
|
match, or just a covering enclosure
If we are looking for a DS RR we need to check the NSEC3 bitmap of the parent zone's NSEC3 RR, not the one from the
child. For any other RR we need to look at the child's however, hence enforce this with the bitmaps.
Note that not coverign checks only the lower zone's NSEC3 bitmaps matter, hence the existing check is fine.
|
|
|
|
The tool resolves way more than just hosts, hence give it a more generic name. This should be safe, as the tool is
currently undocumented. Before we add documentation for it, let's get the name right.
This also moves the C source into src/resolve/ (from src/resolve-host/), since the old name is a misnomer now. Also,
since it links directly to many of the C files of resolved it really belongs into resolved's directory anyway.
|
|
DNS_ANSWER_FOREACH() can deal with NULL answers anyway, let's simplify our code here.
|
|
Also, while we are at it, set the "authenticated" bit for everything we synthesize
|
|
|
|
the network is down
|
|
This mimics what networkd is doing to detect a carrier.
|
|
Noticed by @vcaputo
|
|
Fixes #2380.
|
|
Issue #2388 suggests the current TasksMax= setting for user processes is to low. Bump it to 12K. Also, bump the
container TasksMax= from 8K to 16K, so that it remains higher than the one for user processes.
(Compare: the kernel default limit for processes system-wide is 32K).
Fixes #2388
|
|
|
|
ZJS: remove unnecessary oom check after strdupa().
|
|
udevd: do not clean up fds in main
|
|
This commit fixes the following broken --getter option:
when systemd-journal-remote is called with --getter option,
it causes the error meesage "Zero sources specified" and
the getter command will not be called.
|
|
When --url option is specified, e.g. --url='http://some.host:19531/entries'
retrieved remote journal entries will be stored to
/var/log/journal/remote/remote-some.host.journal
|
|
Currently, --url option supports the only form like http(s)://some.host:19531.
This commit adds support to call systemd-journal-remote as follwos:
systemd-journal-remote --url='http://some.host:19531'
systemd-journal-remote --url='http://some.host:19531/'
systemd-journal-remote --url='http://some.host:19531/entries'
systemd-journal-remote --url='http://some.host:19531/entries?boot&follow'
The first three example result the same and retrieve all entries.
The last example retrieves only current boot entries and wait new events.
|
|
journal: coalesce ftruncate()s in 250ms windows
|
|
fds will also be closed during manager cleanup in run, leading
to an error when we try to close them again. It is now possible
to "leak" the fds on error, but it's an unlikely event and we
will exit immediately anyway.
Fixes #2418.
|
|
systemctl: Allow 'edit' and 'cat' on unloaded units
|
|
Device fixes
|
|
systemd automatically mounts device unless 'noauto' is part of the
mount options. This can happen during boot if the device is plugged at
that time or later when the system is already running (the latter case
is not documented AFAICS).
After the systemd booted, I plugged my USB device which had an entry
in /etc/fstab with the default options and systemd automatically
mounted it.
However I noticed that if I unplugged and re-plugged the device the
automatic mounting of the device didn't work anymore: systemd didn't
notice that the device was re-plugged.
This was due to the device unit which was not recycled by the GC
during the unplug event because in the case of automounting, the mount
unit still referenced it. When the device was re-plugged, the old
device unit was reused but it still had the old sysfs path (amongst
other useful information).
Systemd was confused by the stalled sysfs path and decided to ignore
the plug event.
This patch fixes this issue by simply not doing the sanity checking on
the sysfs path if the device is in unplugged state.
|
|
sysusers: use GID_FMT and UID_FMT instead of %d
|
|
chaloulo/split-mode-host-remove-port-from-journal-filename
journal-remote: split-mode=host, remove port from journal filename
|
|
core: Add flexible way to provide socket type
the socket type should be a diffrent argumet
in make_socket_fd . In this way we can set the socket
type like SOCK_STREAM SOCK_DGRAM in the address.
journal-remote: modify make_socket_fd
|
|
Don't fail if the unit has a LoadError; otherwise `systemctl edit` cannot be
used to correct the error (e.g. multiple "ExecStart=" lines).
Remove file changed warning so cat output isn't interspersed with log messages.
Fixes #829
|
|
|
|
sysusers: help useless error message
|
|
journal-upload : Ignore journal event when already in uploading state.
|
|
v4: sysv-generator: do not join dependencies on one line, split them
|
|
If there is a lot of initscripts and dependencies between them we might
end generating After= (and similar) lines which are longer then LINE_MAX
and thus rejected by parser in systemd.
Fixes #2099
|
|
core: add valgrind helper for daemon-reexec
|
|
Coverity inspired fixes
|
|
Fstab-generator fixes
|
|
Inspired by https://github.com/systemd/systemd/issues/2187#issuecomment-165587140
|
|
We only go to fail label if pam_pid <= 0.
CID #1306746.
|
|
This function is not supposed to fail, it only returns a boolean.
So add an assert in case anyone calls it without proper initialization
of *b.
|
|
CID #1325772.
|
|
CID #1327432.
|