From d9454c44bc1854a291f6c37dfce378c9b6067d0b Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Wed, 9 Nov 2016 08:00:26 -0500 Subject: disable RestrictAddressFamilies on i686 Shit's broke, yo. https://github.com/systemd/systemd/issues/4575 --- src/core/execute.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/execute.c b/src/core/execute.c index f13ca30395..85ee82c3e1 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) { Iterator i; int r; +#if defined(__i386__) + return 0; +#endif + assert(c); if (skip_seccomp_unavailable(u, "RestrictAddressFamilies=")) -- cgit v1.2.3 From 39d73c22eb6c47a01c97b2378d252dc498de4ff6 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Wed, 9 Nov 2016 11:14:03 -0500 Subject: Revert "nspawn: try to bind mount resolved's resolv.conf snippet into the container" This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6. --- src/nspawn/nspawn.c | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index c56af6e6f4..dea54c70b4 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) { /* Fix resolv.conf, if possible */ where = prefix_roota(dest, "/etc/resolv.conf"); - if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) { - /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the - * container, so that the container can use the host's resolver. Given that network namespacing is - * disabled it's only natural of the container also uses the host's resolver. It also has the big - * advantage that the container will be able to follow the host's DNS server configuration changes - * transparently. */ - - r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL); - if (r >= 0) - return mount_verbose(LOG_ERR, NULL, where, NULL, - MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL); - } - - /* If that didn't work, let's copy the file */ r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0); if (r < 0) { - /* If the file already exists as symlink, let's suppress the warning, under the assumption that - * resolved or something similar runs inside and the symlink points there. + /* If the file already exists as symlink, let's + * suppress the warning, under the assumption that + * resolved or something similar runs inside and the + * symlink points there. * - * If the disk image is read-only, there's also no point in complaining. + * If the disk image is read-only, there's also no + * point in complaining. */ log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r, - "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where); + "Failed to copy /etc/resolv.conf to %s: %m", where); return 0; } r = userns_lchown(where, 0, 0); if (r < 0) - log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m"); + log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m"); return 0; } -- cgit v1.2.3 From 04b9ff047f35372c05d07448661420d695ae034c Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Wed, 7 Dec 2016 13:45:48 -0500 Subject: nspawn: don't hide --bind=/tmp/* mounts This is a v232-applicable version of upstream c9fd987279a462e. --- src/nspawn/nspawn-mount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 115de64cf9..2dabe2ae5b 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -382,7 +382,7 @@ int mount_all(const char *dest, { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, false, false }, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, - { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, true, false }, + { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, false, false }, #ifdef HAVE_SELINUX { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, false, false, false }, /* Bind mount first */ { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, false, false, false }, /* Then, make it r/o */ -- cgit v1.2.3 From 032b2b99cbda624009866742e25b40e19479ca10 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 25 May 2016 12:19:20 -0400 Subject: FSDG: man/: Refer to the operating system as GNU/Linux. This is not a blind replacement of "Linux" with "GNU/Linux". In some cases, "Linux" is (correctly) used to refer to just the kernel. In others, it is in a string for which code must also be adjusted; these instances are not included in this commit. --- man/daemon.xml | 4 ++-- man/sd-bus-errors.xml | 2 +- man/sd_bus_error_add_map.xml | 2 +- man/systemd.xml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/man/daemon.xml b/man/daemon.xml index 485c66225e..a649749683 100644 --- a/man/daemon.xml +++ b/man/daemon.xml @@ -168,7 +168,7 @@ New-Style Daemons - Modern services for Linux should be implemented as + Modern services for GNU/Linux should be implemented as new-style daemons. This makes it easier to supervise and control them at runtime and simplifies their implementation. @@ -309,7 +309,7 @@ as detailed in the LSB Linux Standard Base Core Specification. This method of - activation is supported ubiquitously on Linux init systems, both + activation is supported ubiquitously on GNU/Linux init systems, both old-style and new-style systems. Among other issues, SysV init scripts have the disadvantage of involving shell scripts in the boot process. New-style init systems generally employ updated diff --git a/man/sd-bus-errors.xml b/man/sd-bus-errors.xml index 055af7a682..d2b81f4e4a 100644 --- a/man/sd-bus-errors.xml +++ b/man/sd-bus-errors.xml @@ -126,7 +126,7 @@ In addition to this list, in sd-bus, the special error namespace System.Error. is used to map - arbitrary Linux system errors (as defined by errno3) to D-Bus errors and back. For example, the error EUCLEAN is mapped to diff --git a/man/sd_bus_error_add_map.xml b/man/sd_bus_error_add_map.xml index 139bd77d8c..7dc1ef6c90 100644 --- a/man/sd_bus_error_add_map.xml +++ b/man/sd_bus_error_add_map.xml @@ -82,7 +82,7 @@ The sd_bus_error_add_map() call may be used to register additional mappings for converting D-Bus errors - to Linux errno-style errors. The mappings + to GNU/Linux errno-style errors. The mappings defined with this call are consulted by calls such as sd_bus_error_set3 or diff --git a/man/systemd.xml b/man/systemd.xml index 7f24a874ed..79d8aedbbc 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -61,7 +61,7 @@ Description - systemd is a system and service manager for Linux operating + systemd is a system and service manager for GNU/Linux operating systems. When run as first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. -- cgit v1.2.3 From c606bf6fffb0ae373dd71eaed9d0a82bf5e8a38f Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 25 May 2016 12:23:40 -0400 Subject: FSDG: os-release: Default to PRETTY_NAME "GNU/Linux" instead of "Linux". --- man/kernel-install.xml | 2 +- man/os-release.xml | 2 +- src/analyze/analyze.c | 2 +- src/core/main.c | 4 ++-- src/firstboot/firstboot.c | 2 +- src/kernel-install/90-loaderentry.install | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/man/kernel-install.xml b/man/kernel-install.xml index 4a8a46cef4..32e6169f63 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -109,7 +109,7 @@ PRETTY_NAME parameter specified in /etc/os-release or /usr/lib/os-release (if the former is - missing), or "Linux + missing), or "GNU/Linux KERNEL-VERSION", if unset. If the file initrd is found next to the linux file, the initrd will be added to diff --git a/man/os-release.xml b/man/os-release.xml index 99bbb61004..27d18749dc 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -210,7 +210,7 @@ suitable for presentation to the user. May or may not contain a release code name or OS version of some kind, as suitable. If not set, defaults to - PRETTY_NAME="Linux". Example: + PRETTY_NAME="GNU/Linux". Example: PRETTY_NAME="Fedora 17 (Beefy Miracle)". diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index cbf9354a7a..66830695f3 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -653,7 +653,7 @@ static int analyze_plot(sd_bus *bus) { svg("\n"); svg("%s", pretty_times); svg("%s %s (%s %s %s) %s %s", - isempty(host->os_pretty_name) ? "Linux" : host->os_pretty_name, + isempty(host->os_pretty_name) ? "GNU/Linux" : host->os_pretty_name, strempty(host->hostname), strempty(host->kernel_name), strempty(host->kernel_release), diff --git a/src/core/main.c b/src/core/main.c index 94602611a7..f07ed71b31 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1246,11 +1246,11 @@ static int status_welcome(void) { return status_printf(NULL, false, false, "\nWelcome to \x1B[%sm%s\x1B[0m!\n", isempty(ansi_color) ? "1" : ansi_color, - isempty(pretty_name) ? "Linux" : pretty_name); + isempty(pretty_name) ? "GNU/Linux" : pretty_name); else return status_printf(NULL, false, false, "\nWelcome to %s!\n", - isempty(pretty_name) ? "Linux" : pretty_name); + isempty(pretty_name) ? "GNU/Linux" : pretty_name); } static int write_container_id(void) { diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index c9e8e54ee3..83a21eaf0e 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -96,7 +96,7 @@ static void print_welcome(void) { log_warning_errno(r, "Failed to read os-release file: %m"); printf("\nWelcome to your new installation of %s!\nPlease configure a few basic system settings:\n\n", - isempty(pretty_name) ? "Linux" : pretty_name); + isempty(pretty_name) ? "GNU/Linux" : pretty_name); press_any_key(); diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install index a0bca05c9a..af9f0f9ccd 100644 --- a/src/kernel-install/90-loaderentry.install +++ b/src/kernel-install/90-loaderentry.install @@ -38,7 +38,7 @@ elif [[ -f /usr/lib/os-release ]]; then fi if ! [[ $PRETTY_NAME ]]; then - PRETTY_NAME="Linux $KERNEL_VERSION" + PRETTY_NAME="GNU/Linux $KERNEL_VERSION" fi declare -a BOOT_OPTIONS -- cgit v1.2.3 From b146c76b4023d2f9700dd60760e69df1b02852a7 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 25 May 2016 12:24:56 -0400 Subject: FSDG: os-release: Default to NAME "GNU/Linux" instead of "Linux". --- man/os-release.xml | 2 +- src/journal-remote/journal-gatewayd.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/os-release.xml b/man/os-release.xml index 27d18749dc..a88d16b171 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -121,7 +121,7 @@ A string identifying the operating system, without a version component, and suitable for presentation to the user. If not set, defaults to - NAME=Linux. Example: + NAME=GNU/Linux. Example: NAME=Fedora or NAME="Debian GNU/Linux". diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index 7325adee8f..6611a355d4 100644 --- a/src/journal-remote/journal-gatewayd.c +++ b/src/journal-remote/journal-gatewayd.c @@ -805,7 +805,7 @@ static int request_handler_machine( SD_ID128_FORMAT_VAL(mid), SD_ID128_FORMAT_VAL(bid), hostname_cleanup(hostname), - os_name ? os_name : "Linux", + os_name ? os_name : "GNU/Linux", v ? v : "bare", usage, cutoff_from, -- cgit v1.2.3 From 363b82700faa7b3fddf08a9716bc4406824a7ccc Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 25 May 2016 12:28:30 -0400 Subject: FSDG: os-release: Default ID to "gnu-linux" instead of "linux". As far as I can tell, no code in this repository actually uses the ID field, so this is just a man page change. --- man/os-release.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/os-release.xml b/man/os-release.xml index a88d16b171..caf60f41a3 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -145,7 +145,7 @@ the operating system, excluding any version information and suitable for processing by scripts or usage in generated filenames. If not set, defaults to - ID=linux. Example: + ID=gnu-linux. Example: ID=fedora or ID=debian. -- cgit v1.2.3 From 9f42173b5fc6a5e33d4bad8a7f4b03d95f7053a6 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 25 May 2016 12:31:20 -0400 Subject: FSDG: systemd-resolved: Default to hostname "gnu-linux" instead of "linux" --- src/resolve/resolved-manager.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 0954641c20..6630585d13 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -430,12 +430,12 @@ static int manager_watch_hostname(Manager *m) { r = determine_hostname(&m->llmnr_hostname, &m->mdns_hostname); if (r < 0) { - log_info("Defaulting to hostname 'linux'."); - m->llmnr_hostname = strdup("linux"); + log_info("Defaulting to hostname 'gnu-linux'."); + m->llmnr_hostname = strdup("gnu-linux"); if (!m->llmnr_hostname) return log_oom(); - m->mdns_hostname = strdup("linux.local"); + m->mdns_hostname = strdup("gnu-linux.local"); if (!m->mdns_hostname) return log_oom(); } else -- cgit v1.2.3 From a98d2b41cac62e054f4740d4aae085ba07cb95d3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 25 May 2016 12:32:21 -0400 Subject: FSDG: man/: Use FSDG operating systems as examples. --- man/os-release.xml | 49 +++++++++++++++++++++++++------------------------ man/systemd-nspawn.xml | 37 +++++++++++++------------------------ 2 files changed, 38 insertions(+), 48 deletions(-) diff --git a/man/os-release.xml b/man/os-release.xml index caf60f41a3..2811f434c5 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -122,7 +122,7 @@ without a version component, and suitable for presentation to the user. If not set, defaults to NAME=GNU/Linux. Example: - NAME=Fedora or NAME="Debian + NAME=BLAG or NAME="gNewSense GNU/Linux". @@ -133,8 +133,8 @@ version, excluding any OS name information, possibly including a release code name, and suitable for presentation to the user. This field is optional. Example: - VERSION=17 or VERSION="17 (Beefy - Miracle)". + VERSION=210k or VERSION="210k + (Spartakus)". @@ -146,8 +146,8 @@ suitable for processing by scripts or usage in generated filenames. If not set, defaults to ID=gnu-linux. Example: - ID=fedora or - ID=debian. + ID=blag or + ID=gnewsense. @@ -168,9 +168,9 @@ should be listed in order of how closely the local operating system relates to the listed ones, starting with the closest. This field is optional. Example: for an operating system with - ID=centos, an assignment of + ID=blag, an assignment of ID_LIKE="rhel fedora" would be appropriate. - For an operating system with ID=ubuntu, an + For an operating system with ID=gnewsense, an assignment of ID_LIKE=debian is appropriate. @@ -199,8 +199,8 @@ identifying the operating system version, excluding any OS name information or release code name, and suitable for processing by scripts or usage in generated filenames. This - field is optional. Example: VERSION_ID=17 - or VERSION_ID=11.04. + field is optional. Example: VERSION_ID=210k + or VERSION_ID=7.0. @@ -211,8 +211,8 @@ a release code name or OS version of some kind, as suitable. If not set, defaults to PRETTY_NAME="GNU/Linux". Example: - PRETTY_NAME="Fedora 17 (Beefy - Miracle)". + PRETTY_NAME="BLAG 210k + (Spartakus)". @@ -235,7 +235,7 @@ Common Platform Enumeration Specification as proposed by the NIST. This field is optional. Example: - CPE_NAME="cpe:/o:fedoraproject:fedora:17" + CPE_NAME="cpe:/o:blagblagblag:blag:210k" @@ -270,8 +270,8 @@ one URL shall be listed in each setting. If multiple resources need to be referenced, it is recommended to provide an online landing page linking all available resources. Examples: - HOME_URL="https://fedoraproject.org/" and - BUG_REPORT_URL="https://bugzilla.redhat.com/" + HOME_URL="https://www.blagblagblag.org/" and + BUG_REPORT_URL="https://blag.fsf.org/" @@ -346,21 +346,22 @@ recommended to prefix new fields with an OS specific name in order to avoid name clashes. Applications reading this file must ignore unknown fields. Example: - DEBIAN_BTS="debbugs://bugs.debian.org/" + DEBIAN_BTS="debbugs://bugs.gnewsense.org/" Example - NAME=Fedora -VERSION="17 (Beefy Miracle)" -ID=fedora -VERSION_ID=17 -PRETTY_NAME="Fedora 17 (Beefy Miracle)" -ANSI_COLOR="0;34" -CPE_NAME="cpe:/o:fedoraproject:fedora:17" -HOME_URL="https://fedoraproject.org/" -BUG_REPORT_URL="https://bugzilla.redhat.com/" + NAME=Parabola +VERSION="rolling-release" +ID=parabola +ID_LIKE=arch +VERSION_ID=rolling-release +PRETTY_NAME="Parabola GNU/Linux-libre" +ANSI_COLOR="1;35" +CPE_NAME="cpe:/o:parabola:parabola:rolling-release" +HOME_URL="https://www.parabola.nu/" +BUG_REPORT_URL="https://labs.parabola.nu/" diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index f153034296..c449edee89 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -1012,46 +1012,35 @@ Examples - Download a Fedora image and start a shell in it + Build and boot a minimal BLAG distribution in a container - # machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.raw.xz -# systemd-nspawn -M Fedora-Cloud-Base-24-1.2.x86_64.raw - - This downloads an image using - machinectl1 - and opens a shell in it. - - - - Build and boot a minimal Fedora distribution in a container - - # dnf -y --releasever=23 --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora --enablerepo=updates install systemd passwd dnf fedora-release vim-minimal + # dnf -y --releasever=210k --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=blag --enablerepo=updates install systemd passwd dnf blag-release vim-minimal # systemd-nspawn -bD /srv/mycontainer - This installs a minimal Fedora distribution into the + This installs a minimal BLAG distribution into the directory /srv/mycontainer/ and then boots an OS in a namespace container in it. - Spawn a shell in a container of a minimal Debian unstable distribution + Spawn a shell in a container of a minimal gNewSense Ucclia distribution - # debootstrap --arch=amd64 unstable ~/debian-tree/ -# systemd-nspawn -D ~/debian-tree/ + # debootstrap --arch=amd64 ucclia ~/gnewsense-tree/ +# systemd-nspawn -D ~/gnewsense-tree/ - This installs a minimal Debian unstable distribution into - the directory ~/debian-tree/ and then + This installs a minimal gNewSense unstable distribution into + the directory ~/gnewsense-tree/ and then spawns a shell in a namespace container in it. - Boot a minimal Arch Linux distribution in a container + Boot a minimal Parabola distribution in a container - # pacstrap -c -d ~/arch-tree/ base -# systemd-nspawn -bD ~/arch-tree/ + # pacstrap -c -d ~/parabola-tree/ base +# systemd-nspawn -bD ~/parabola-tree/ - This installs a minimal Arch Linux distribution into the - directory ~/arch-tree/ and then boots an OS + This installs a minimal Parabola distribution into the + directory ~/parabola-tree/ and then boots an OS in a namespace container in it. -- cgit v1.2.3 From 98cad0ba37f0123763df77c3f51a6a222026d08b Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 17 Dec 2016 00:56:43 -0500 Subject: # Rename "Linux Boot Manager" -> "Systemd Boot Manager" sed -i 's|Linux Boot Manager|Systemd Boot Manager|' src/boot/bootctl.c --- src/boot/bootctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index dc11b0d9db..d53f8b2a6f 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -835,13 +835,13 @@ static int install_variables(const char *esp_path, "Failed to determine current boot order: %m"); if (first || r == 0) { - r = efi_add_boot_option(slot, "Linux Boot Manager", + r = efi_add_boot_option(slot, "Systemd Boot Manager", part, pstart, psize, uuid, path); if (r < 0) return log_error_errno(r, "Failed to create EFI Boot variable entry: %m"); - log_info("Created EFI boot entry \"Linux Boot Manager\"."); + log_info("Created EFI boot entry \"Systemd Boot Manager\"."); } return insert_into_order(slot, first); -- cgit v1.2.3