From fe08a30b58bba0e04fb3e43122e0b157af5846a1 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 30 Sep 2015 23:35:10 +0200 Subject: update NEWS --- NEWS | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 70 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index e56a922d2b..fb16632626 100644 --- a/NEWS +++ b/NEWS @@ -20,11 +20,11 @@ CHANGES WITH 227: global option DefaultTasksAccounting=. * Support for the "net_cls" cgroup controller has been added. - It allows assigning a net class ID to each task in the cgroup, - which can then be used in firewall rules and traffic shaping - configurations. Note that the kernel netfilter code does not - currently work reliably for ingress packets on unestablished - sockets. + It allows assigning a net class ID to each task in the + cgroup, which can then be used in firewall rules and traffic + shaping configurations. Note that the kernel netfilter net + class code does not currently work reliably for ingress + packets on unestablished sockets. This adds a new config directive called NetClass= to CGroup enabled units. Allowed values are positive numbers for fixed @@ -49,6 +49,9 @@ CHANGES WITH 227: directory is set to the home directory of the user configured in User=. + * "machinectl shell" will now open the shell in the home + directory of the selected user by default. + * A new systemd.crash_reboot=1 kernel command line option has been added that triggers a reboot after crashing. This can also be set through CrashReboot= in systemd.conf. @@ -60,9 +63,68 @@ CHANGES WITH 227: between 1 and 63, or a boolean value. The formerly supported '-1' value for disabling stays around for compat reasons. - * The PrivateTmp, PrivateDevices, PrivateNetwork, - NoNewPrivileges, TTYPath, WorkingDirectory and RootDirectory - properties can now be set for transient units. + * The PrivateTmp=, PrivateDevices=, PrivateNetwork=, + NoNewPrivileges=, TTYPath, WorkingDirectory= and + RootDirectory= properties can now be set for transient + units. + + * The systemd-analyze tool gained a new "set-log-target" verb + to change the logging target the system manager logs to + dynamically during runtime. This is similar to how + "systemd-analyze set-log-level" already changes the log + level. + + * In nspawn /sys is now mounted as tmpfs, with only a selected + set of subdirectories mounted in from the real sysfs. This + enhances security slightly, and is useful for ensuring user + namespaces work correctly. + + * Support for USB FunctionFS activation has been added. This + allows implementation of USB gadget services that are + activated as soon as they are requested, so that they don't + have to run continously, similar to classic socket + activation. + + * The "systemctl exit" command now optionally takes an + additional parameter that sets the exit code to return from + the systemd manager when exiting. This is only relevant when + running the systemd user instance, or when running the + system instance in a container. + + * sd-bus gained the new API calls sd_bus_path_encode_many() + and sd_bus_path_decode_many() that allow easy encoding and + decoding of multiple identifier strings inside a D-Bus + object path. Another new call sd_bus_default_flush_close() + has been added to flush and close per-thread default + connections. + + * systemd-cgtop gained support for a -M/--machine= switch to + show the control groups within a certain container only. + + * "systemctl kill" gained support for an optional --fail + switch. If specified the requested operation will fail of no + processes have been killed, because the unit had no + processes attached, or similar. + + * A new (still internal) libary API sd-ipv4acd has been added, + that implements address conflict detection for IPv4. It's + based on code from sd-ipv4ll, and will be useful for + detecting DHCP address conflicts. + + * The RuntimeDirectory= setting now understands unit + specifiers like %i or %f. + + * networkd gained support for setting the IPv6 Router + Advertisment settings via IPv6AcceptRouterAdvertisements= in + .network files. + + * udev will now create /dev/disk/by-path links for ATA devices + on kernels where that is supported. + + * When downloading tar or raw images using "machinectl + pull-tar" or "machinectl pull-raw", a matching ".nspawn" + file is now also downloaded, if it is available and stored + next to the image file. * Galician, Turkish and Korean translations were added. -- cgit v1.2.3-54-g00ecf From e989fd9b67f5e19b115e940d397a83e260668763 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 30 Sep 2015 23:35:18 +0200 Subject: dhcp: make sure we can deal with a single trailing NUL byte in the hostname Fixes #1337 --- src/libsystemd-network/sd-dhcp-lease.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index aa07846693..df3d8e6e3c 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -314,10 +314,14 @@ static int lease_parse_string(const uint8_t *option, size_t len, char **ret) { else { char *string; - if (memchr(option, 0, len)) + /* + * One trailing NUL byte is OK, we don't mind. See: + * https://github.com/systemd/systemd/issues/1337 + */ + if (memchr(option, 0, len - 1)) return -EINVAL; - string = strndup((const char *)option, len); + string = strndup((const char *) option, len); if (!string) return -ENOMEM; -- cgit v1.2.3-54-g00ecf From ef08ced6b44d4f56477a6798e56ba5c5c9e0023f Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 30 Sep 2015 23:49:26 +0200 Subject: journal: make sure to set MHD_USE_PIPE_FOR_SHUTDOWN for libmicrohttpd servers This makes sure libmicrohttpd won't call shutdown() on our listening sockets, which make sure socket activation and re-activation will work cleanly. See: https://github.com/systemd/systemd/pull/1286 https://lists.gnu.org/archive/html/libmicrohttpd/2015-09/msg00014.html Fixes #1286 --- src/journal-remote/journal-gatewayd.c | 17 ++++++++++++++++- src/journal-remote/journal-remote.c | 5 +++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index 29df842277..b839e5979b 100644 --- a/src/journal-remote/journal-gatewayd.c +++ b/src/journal-remote/journal-gatewayd.c @@ -1010,7 +1010,22 @@ int main(int argc, char *argv[]) { { MHD_OPTION_END, 0, NULL }, { MHD_OPTION_END, 0, NULL }}; int opts_pos = 2; - int flags = MHD_USE_THREAD_PER_CONNECTION|MHD_USE_POLL|MHD_USE_DEBUG; + + /* We force MHD_USE_PIPE_FOR_SHUTDOWN here, in order + * to make sure libmicrohttpd doesn't use shutdown() + * on our listening socket, which would break socket + * re-activation. See + * + * https://lists.gnu.org/archive/html/libmicrohttpd/2015-09/msg00014.html + * https://github.com/systemd/systemd/pull/1286 + */ + + int flags = + MHD_USE_DEBUG | + MHD_USE_DUAL_STACK | + MHD_USE_PIPE_FOR_SHUTDOWN | + MHD_USE_POLL | + MHD_USE_THREAD_PER_CONNECTION; if (n > 0) opts[opts_pos++] = (struct MHD_OptionItem) diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index 50f41a575d..5354bf6e51 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -647,9 +647,10 @@ static int setup_microhttpd_server(RemoteServer *s, int opts_pos = 3; int flags = MHD_USE_DEBUG | - MHD_USE_PEDANTIC_CHECKS | + MHD_USE_DUAL_STACK | MHD_USE_EPOLL_LINUX_ONLY | - MHD_USE_DUAL_STACK; + MHD_USE_PEDANTIC_CHECKS | + MHD_USE_PIPE_FOR_SHUTDOWN; const union MHD_DaemonInfo *info; int r, epoll_fd; -- cgit v1.2.3-54-g00ecf