platform/upstream/systemd.git
7 years agocpu-set-util: add parse_cpu_set()
Yu Watanabe [Wed, 2 Aug 2017 04:42:13 +0000 (13:42 +0900)]
cpu-set-util: add parse_cpu_set()

7 years agosecurebits-util: add secure_bits_{from_string,to_string_alloc}()
Yu Watanabe [Mon, 7 Aug 2017 14:40:25 +0000 (23:40 +0900)]
securebits-util: add secure_bits_{from_string,to_string_alloc}()

7 years agocap-list: add capability_set_{from_string,to_string_alloc}()
Yu Watanabe [Mon, 7 Aug 2017 14:25:11 +0000 (23:25 +0900)]
cap-list: add capability_set_{from_string,to_string_alloc}()

7 years agobuild-sys: Fix Makefile wrapper for install target (#6548)
Benjamin Robin [Mon, 7 Aug 2017 09:29:20 +0000 (11:29 +0200)]
build-sys: Fix Makefile wrapper for install target (#6548)

7 years agocore: propagate reload from RELOADING=1 notification (#6550)
Jouke Witteveen [Mon, 7 Aug 2017 09:27:24 +0000 (11:27 +0200)]
core: propagate reload from RELOADING=1 notification (#6550)

7 years agotests: use ninja-build if ninja is not available (#6544)
Evgeny Vereshchagin [Mon, 7 Aug 2017 09:06:07 +0000 (12:06 +0300)]
tests: use ninja-build if ninja is not available (#6544)

This makes the tests work on CentOS, which currently has ninja-build
only.

7 years agoman: DynamicUser= does not imply PrivateDevices= (#6510)
Yu Watanabe [Mon, 7 Aug 2017 09:02:47 +0000 (18:02 +0900)]
man: DynamicUser= does not imply PrivateDevices= (#6510)

Follow-up for effbd6d2eadb61bd236d118afc7901940c4c6b37.

7 years agoMerge pull request #6549 from yuwata/pedantic-checks
Lennart Poettering [Mon, 7 Aug 2017 08:52:27 +0000 (10:52 +0200)]
Merge pull request #6549 from yuwata/pedantic-checks

journal-remote: remove MHD_USE_PEDANTIC_CHECKS from the default flags

7 years agomicrohttpd-util: add comment
Yu Watanabe [Mon, 7 Aug 2017 01:35:05 +0000 (10:35 +0900)]
microhttpd-util: add comment

7 years agoMerge pull request #6536 from yuwata/fix-warning
Zbigniew Jędrzejewski-Szmek [Sun, 6 Aug 2017 20:19:49 +0000 (16:19 -0400)]
Merge pull request #6536 from yuwata/fix-warning

Core: cleanups

7 years agocore: do not ignore returned values
Yu Watanabe [Sun, 6 Aug 2017 14:34:55 +0000 (23:34 +0900)]
core: do not ignore returned values

7 years agojournal-remote: remove MHD_USE_PEDANTIC_CHECKS from the default flags
Yu Watanabe [Sun, 6 Aug 2017 14:25:41 +0000 (23:25 +0900)]
journal-remote: remove MHD_USE_PEDANTIC_CHECKS from the default flags

Follow-up for 010585873454d07625ee962ffa2ef2823624bfbe.

7 years agocore: evaluate presets after generators have run (#6526)
Luca Bruno [Sun, 6 Aug 2017 13:24:24 +0000 (13:24 +0000)]
core: evaluate presets after generators have run (#6526)

This commit moves the first-boot system preset-settings evaluation out
of main and into the manager startup logic itself. Notably, it reverses
the order between generators and presets evaluation, so that any changes
performed by first-boot generators are taken into the account by presets
logic.

After this change, units created by a generator can be enabled as part
of a preset.

7 years agocore: replace strcmp() == 0 with streq()
Yu Watanabe [Mon, 31 Jul 2017 23:55:15 +0000 (08:55 +0900)]
core: replace strcmp() == 0 with streq()

7 years agocore: fix typo
Yu Watanabe [Fri, 21 Jul 2017 12:29:59 +0000 (21:29 +0900)]
core: fix typo

7 years agocore: define variables only when they are required
Yu Watanabe [Wed, 2 Aug 2017 05:38:08 +0000 (14:38 +0900)]
core: define variables only when they are required

Follow-up for 7f18ef0a555a3c3cef08e0965dc453fe5954b5a7.

7 years agobus-util: do not print (uint64_t) -1 as is (#6522)
Yu Watanabe [Sun, 6 Aug 2017 00:37:25 +0000 (09:37 +0900)]
bus-util: do not print (uint64_t) -1 as is (#6522)

Closes #4295 and #6511.

7 years agotest-condition: fix test_condition_test_group() (#6531)
Alan Jenkins [Sat, 5 Aug 2017 23:25:19 +0000 (00:25 +0100)]
test-condition: fix test_condition_test_group() (#6531)

I hit a test failure with the `max_gid+1` test.  Problem is that we loop
over 0..r, but set `r` again within the loop (to 1).  So max_gid is only
set based on the first supplementary GID.

ConditionGroup=1000 → 1
ConditionGroup=4 → 1
ConditionGroup=adm → 1
ConditionGroup=1001 → 1
Assertion 'r == 0' failed at ../src/test/test-condition.c:462, function
test_condition_test_group(). Aborting.

$ id
uid=1000(alan-sysop) gid=1000(alan-sysop) groups=1000(alan-sysop),4(adm),
10(wheel),1001(sshlogin)

7 years agoman: document socket requirement for systemd-socket-proxyd (#6535)
dkg [Sat, 5 Aug 2017 23:19:09 +0000 (19:19 -0400)]
man: document socket requirement for systemd-socket-proxyd (#6535)

Without this requirement, if proxy-to-nginx.socket was down, and the sysadmin
were to do:

    systemctl start proxy-to-nginx.service

then the service would come up without a configured socket, which doesn't make
sense.  Normally this isn't how we expect a socket-activated service to start,
but it's possible for an admin to do this (if the .socket were already running,
the systemd-socket-proxyd process will start effectively idle).  But the
.service shouldn't end up in a broken state if the .socket isn't already
listening.

Adding the explicit Requires: should ensure that an admin with this
configuration state can't accidentally break their system.

7 years agoRevert "README: document that gperf 3.1 is required for building now" (#6541)
Mike Gilbert [Sat, 5 Aug 2017 22:30:37 +0000 (18:30 -0400)]
Revert "README: document that gperf 3.1 is required for building now" (#6541)

This reverts commit 4f5e972279d9ee6192930a0392f49cae9ad45daa.

Building with gperf 3.0 works just fine; we had an autoconf check to
determine the correct data types, and this check was ported to meson.

7 years agotest: Factorize common integration test functions (#6540)
Martin Pitt [Fri, 4 Aug 2017 12:34:14 +0000 (14:34 +0200)]
test: Factorize common integration test functions (#6540)

All test/TEST* but TEST-02-CRYPTSETUP share the same check_result_qemu()
and test_cleanup(), so move them into test_functions and only override
them in TEST-02-CRYPTSETUP.

Also provide a common test_run() which by default assumes that both QEMU
and nspawn tests are run. Particular tests which don't support either
need to explicitly opt out by setting $TEST_NO_{QEMU,NSPAWN}. Do it this
way around to avoid accidentally forgetting to opt in, and to encourage
test authors to at least always support nspawn.

7 years agoMerge pull request #6518 from joukewitteveen/process-rename
Evgeny Vereshchagin [Fri, 4 Aug 2017 11:54:47 +0000 (14:54 +0300)]
Merge pull request #6518 from joukewitteveen/process-rename

process-util: update the end pointer of the process name on rename

7 years agotest-process-util: test multiple invocations of rename_process
Jouke Witteveen [Thu, 3 Aug 2017 20:31:46 +0000 (22:31 +0200)]
test-process-util: test multiple invocations of rename_process

7 years agoprocess-util: update the end pointer of the process name on rename (#6492)
Jouke Witteveen [Wed, 2 Aug 2017 15:08:31 +0000 (17:08 +0200)]
process-util: update the end pointer of the process name on rename (#6492)

We only updated the end pointer when allocating new memory, i.e. on the first
call to rename_process.

7 years agoman: fix typos (#6532)
Jakub Wilk [Thu, 3 Aug 2017 21:36:21 +0000 (23:36 +0200)]
man: fix typos (#6532)

7 years agomeson: fix modprobedir (#6523)
Yu Watanabe [Thu, 3 Aug 2017 12:01:38 +0000 (21:01 +0900)]
meson: fix modprobedir (#6523)

Follow-up for 582faeb461aa0dd01b55bf6c9b1433532fc927d3.

7 years agoRevert "units: set ConditionVirtualization=!private-users on journald audit socket...
Lennart Poettering [Wed, 2 Aug 2017 14:39:54 +0000 (16:39 +0200)]
Revert "units: set ConditionVirtualization=!private-users on journald audit socket" (#6513)

* Revert "modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)"

This reverts commit 582faeb461aa0dd01b55bf6c9b1433532fc927d3.

* Revert "units: set ConditionVirtualization=!private-users on journald audit socket (#6508)"

This reverts commit d2a1ba103b4ea22764953d795c36db3d492d50c9.

7 years agomodprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)
Dimitri John Ledkov [Wed, 2 Aug 2017 12:41:18 +0000 (13:41 +0100)]
modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)

This allows networkd to correctly manage bond0 using networkd, when requested
by the user.

Fixes #5971 #6184

7 years agounits: set ConditionVirtualization=!private-users on journald audit socket (#6508)
Dimitri John Ledkov [Wed, 2 Aug 2017 08:15:26 +0000 (09:15 +0100)]
units: set ConditionVirtualization=!private-users on journald audit socket (#6508)

It fails to start in an unprivileged container as audit is not namespace aware.

7 years agoscsi_id: add missing options to getopt_long() (#6501)
Jan Synacek [Wed, 2 Aug 2017 08:12:33 +0000 (10:12 +0200)]
scsi_id: add missing options to getopt_long() (#6501)

7 years agonetworkd: add scope to address section (#6449)
Susant Sahani [Tue, 1 Aug 2017 07:44:08 +0000 (07:44 +0000)]
networkd: add scope to address section (#6449)

This work allows to configure address Scope to

host | link | global or a number.

Closes #6446

7 years agoMerge pull request #6420 from keszybz/gateway-name
Lennart Poettering [Tue, 1 Aug 2017 07:43:41 +0000 (09:43 +0200)]
Merge pull request #6420 from keszybz/gateway-name

Rename "gateway" to "_gateway" and other resolved changes

7 years agocore: check which MACs to use before a new mount ns is created (#6498)
Fabio Kung [Tue, 1 Aug 2017 07:15:18 +0000 (00:15 -0700)]
core: check which MACs to use before a new mount ns is created (#6498)

/sys is not guaranteed to exist when a new mount namespace is created.
It is only mounted under conditions specified by
`namespace_info_mount_apivfs`.

Checking if the three available MAC LSMs are enabled requires a sysfs
mounted at /sys, so the checks are moved to before a new mount ns is
created.

7 years agoresolved: add debug message about stub listener
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 12:50:56 +0000 (08:50 -0400)]
resolved: add debug message about stub listener

7 years agoresolved,nss-myhostname: use _gateway for the gateway
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 06:15:08 +0000 (02:15 -0400)]
resolved,nss-myhostname: use _gateway for the gateway

This changes the symbolic name for the default gateway from "gateway" to
"_gateway". A new configuration option -Dcompat-gateway-hostname=true|false
is added. If it is set, the old name is also supported, but the new name
is used as the canonical name in either case. This is intended as a temporary
measure to make the transition easier, and the option should be removed
after a few releases, at which point only the new name will be used.

The old "gateway" name mostly works OK, but hasn't gained widespread acceptance
because of the following (potential) conflicts:
- it is completely legal to have a host called "gateway"
- there is no guarantee that "gateway" will not be registered as a TLD, even
  though this currently seems unlikely. (Even then, there would be no
  conflict except for the case when the top-level domain itself was being resolved.
  The "gateway" or "_gateway" labels have only special meaning when the
  whole name consists of a single label, so resolution of any subdomain
  of the hypothetical gateway. TLD would still work OK. )
Moving to "_gateway" avoids those issues because underscores are not allowed
in host names (RFC 1123, §2.1) and avoids potential conflicts with local or
global names.

v2:
- simplify the logic to hardcode "_gateway" and allow
  -Dcompat-gateway-hostname=true as a temporary measure.

7 years agoMerge pull request #6392 from poettering/journal-cache
Lennart Poettering [Mon, 31 Jul 2017 18:01:05 +0000 (20:01 +0200)]
Merge pull request #6392 from poettering/journal-cache

add limited metadata caching to journald and other journal improvements

7 years agojournald: add minimal client metadata caching
Lennart Poettering [Mon, 17 Jul 2017 21:36:35 +0000 (23:36 +0200)]
journald: add minimal client metadata caching

Cache client metadata, in order to be improve runtime behaviour under
pressure.

This is inspired by @vcaputo's work, specifically:

https://github.com/systemd/systemd/pull/2280

That code implements related but different semantics.

For a longer explanation what this change implements please have a look
at the long source comment this patch adds to journald-context.c.

After this commit:

        # time bash -c 'dd bs=$((1024*1024)) count=$((1*1024)) if=/dev/urandom | systemd-cat'
        1024+0 records in
        1024+0 records out
        1073741824 bytes (1.1 GB, 1.0 GiB) copied, 11.2783 s, 95.2 MB/s

        real 0m11.283s
        user 0m0.007s
        sys 0m6.216s

Before this commit:

        # time bash -c 'dd bs=$((1024*1024)) count=$((1*1024)) if=/dev/urandom | systemd-cat'
        1024+0 records in
        1024+0 records out
        1073741824 bytes (1.1 GB, 1.0 GiB) copied, 52.0788 s, 20.6 MB/s

        real 0m52.099s
        user 0m0.014s
        sys 0m7.170s

As side effect, this corrects the journal's rate limiter feature: we now
always use the unit name as key for the ratelimiter.

7 years agostring-util: optimize strshorten() a bit
Lennart Poettering [Thu, 20 Jul 2017 12:17:30 +0000 (14:17 +0200)]
string-util: optimize strshorten() a bit

There's no reason to determine the full length of the string, it's
sufficient to know whether it is larger than the intended size...

7 years agoalloc-util: add new helpers memdup_suffix0() and newdup_suffix0()
Lennart Poettering [Thu, 20 Jul 2017 12:14:55 +0000 (14:14 +0200)]
alloc-util: add new helpers memdup_suffix0() and newdup_suffix0()

These are similar to memdup() and newdup(), but reserve one extra NUL
byte at the end of the new allocation and initialize it. It's useful
when copying out data from fixed size character arrays where NUL
termination can't be assumed.

7 years agostring-util: add strlen_ptr() helper
Lennart Poettering [Thu, 20 Jul 2017 09:38:15 +0000 (11:38 +0200)]
string-util: add strlen_ptr() helper

strlen_ptr() is to strlen() what streq_ptr() is to streq(): i.e. it
handles NULL strings in a smart way.

7 years agoprocess-util: slightly optimize querying of our own process metadata
Lennart Poettering [Mon, 17 Jul 2017 21:35:25 +0000 (23:35 +0200)]
process-util: slightly optimize querying of our own process metadata

When we are checking our own data, we can optimize things a bit.

7 years agojournald: only accept valid unit names for log streams
Lennart Poettering [Fri, 14 Jul 2017 17:03:32 +0000 (19:03 +0200)]
journald: only accept valid unit names for log streams

Let's be a bit stricter in what we end up logging: ignore invalid unit
name specifications. Let's validate all input!

As we ignore unit names passed in from unprivileged clients anyway the
effect of this additional check is minimal.

(Also, no need to initialize the identifier/unit_id fields of stream
objects to NULL if empty strings are passed, the default is NULL
anyway...)

7 years agojournald: add comment explaining journal rate limit return codes
Lennart Poettering [Fri, 14 Jul 2017 17:01:25 +0000 (19:01 +0200)]
journald: add comment explaining journal rate limit return codes

This is not obvious, hence let's add a comment.

7 years agoexecute: don't pass unit ID in --user mode to journald for stream logging
Lennart Poettering [Fri, 14 Jul 2017 16:59:41 +0000 (18:59 +0200)]
execute: don't pass unit ID in --user mode to journald for stream logging

When we create a log stream connection to journald, we pass along the
unit ID. With this change we do this only when we run as system
instance, not as user instance, to remove the ambiguity whether a user
or system unit is specified. The effect of this change is minor:
journald ignores the field anyway from clients with UID != 0. This patch
hence only fixes the unit attribution for the --user instance of the
root user.

7 years agoexecute: make some code shorter
Lennart Poettering [Fri, 14 Jul 2017 16:58:57 +0000 (18:58 +0200)]
execute: make some code shorter

Let's simplify some lines to make it shorter.

7 years agoparse-util: introduce pid_is_valid()
Lennart Poettering [Fri, 14 Jul 2017 16:57:54 +0000 (18:57 +0200)]
parse-util: introduce pid_is_valid()

Checking for validity of a PID is relatively easy, but let's add a
helper cal for this too, in order to make things more readable and more
similar to uid_is_valid(), gid_is_valid() and friends.

7 years agocore, sd-bus, logind: make use of uid_is_valid() in more places
Lennart Poettering [Fri, 14 Jul 2017 16:57:04 +0000 (18:57 +0200)]
core, sd-bus, logind: make use of uid_is_valid() in more places

7 years agoaudit: introduce audit_session_is_valid() and make use of it everywhere
Lennart Poettering [Fri, 14 Jul 2017 16:42:17 +0000 (18:42 +0200)]
audit: introduce audit_session_is_valid() and make use of it everywhere

Let's add a proper validation function, since validation isn't entirely
trivial. Make use of it where applicable. Also make use of
AUDIT_SESSION_INVALID where we need a marker for an invalid audit
session.

7 years agoescape: fix systemd-escape description text
Lennart Poettering [Fri, 14 Jul 2017 16:39:18 +0000 (18:39 +0200)]
escape: fix systemd-escape description text

The long man page paragraph got it right: the tool is for escaping systemd unit
names, not just system unit names. Also fix the short man page paragraph
and the --help text.

Follow-up for 303608c1bcf9568371625fbbd9442946cadba422

7 years agonamespace: keep selinuxfs mounted read-write with ProtectKernelTunables (#5741)
Nicolas Iooss [Mon, 31 Jul 2017 15:45:33 +0000 (17:45 +0200)]
namespace: keep selinuxfs mounted read-write with ProtectKernelTunables (#5741)

When a service unit uses "ProtectKernelTunables=yes", it currently
remounts /sys/fs/selinux read-only. This makes libselinux report SELinux
state as "disabled", because most SELinux features are not usable. For
example it is not possible to validate security contexts (with
security_check_context_raw() or /sys/fs/selinux/context). This behavior
of libselinux has been described in
http://danwalsh.livejournal.com/73099.html and confirmed in a recent
email, https://marc.info/?l=selinux&m=149220233032594&w=2 .

Since commit 0c28d51ac849 ("units: further lock down our long-running
services"), systemd-localed unit uses ProtectKernelTunables=yes.
Nevertheless this service needs to use libselinux API in order to create
/etc/vconsole.conf, /etc/locale.conf... with the right SELinux contexts.
This is broken when /sys/fs/selinux is mounted read-only in the mount
namespace of the service.

Make SELinux-aware systemd services work again when they are using
ProtectKernelTunables=yes by keeping selinuxfs mounted read-write.

7 years agomount-setup: mount xenfs filesystem (#6491)
vliaskov [Mon, 31 Jul 2017 13:59:02 +0000 (15:59 +0200)]
mount-setup: mount xenfs filesystem (#6491)

7 years agocore: Do not fail perpetual mount units without fragment (#6459)
Abdó Roig-Maranges [Mon, 31 Jul 2017 10:32:09 +0000 (12:32 +0200)]
core: Do not fail perpetual mount units without fragment (#6459)

mount_load does not require fragment files to be present in order to
load mount units which are perpetual, or come from /proc/self/mountinfo.

mount_verify should do the same, otherwise a synthesized '-.mount' would
be marked as failed with "No such file or directory", as it is perpetual
but not marked to come from /proc/self/mountinfo at this point.

This happens for the user instance, and I suspect it was the cause of #5375
for the system instance, without gpt-generator.

7 years agoMerge pull request #6472 from yuwata/journal-gateway-fix
Lennart Poettering [Mon, 31 Jul 2017 10:11:48 +0000 (12:11 +0200)]
Merge pull request #6472 from yuwata/journal-gateway-fix

Some journal-gateway and journal-remote related fixes

7 years agorfkill: fix erroneous behavior when polling the udev monitor (#6489)
S. Fan [Mon, 31 Jul 2017 10:10:10 +0000 (05:10 -0500)]
rfkill: fix erroneous behavior when polling the udev monitor (#6489)

Comparing udev_device_get_sysname(device) and sysname will always return
true. We need to check the device received from udev monitor instead.

Also, fd_wait_for_event() sometimes never exits. Better set a timeout
here.

7 years agocryptsetup: fix infinite timeout (#6486)
Andrew Soutar [Mon, 31 Jul 2017 06:19:16 +0000 (02:19 -0400)]
cryptsetup: fix infinite timeout (#6486)

0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
logic here now matches this change.

Fixes #6381

7 years agocore: properly handle deserialization of unknown unit types (#6476)
Zbigniew Jędrzejewski-Szmek [Mon, 31 Jul 2017 06:05:35 +0000 (02:05 -0400)]
core: properly handle deserialization of unknown unit types (#6476)

We just abort startup, without printing any error. Make sure we always
print something, and when we cannot deserialize some unit, just ignore it and
continue.

Fixup for 4bc5d27b942afa83cc3d95debd2ad48d42ac07a8. Without this, we would hang
in daemon-reexec after upgrade.

7 years agoMerge pull request #6462 from keszybz/man-tweaks
Martin Pitt [Fri, 28 Jul 2017 09:49:44 +0000 (11:49 +0200)]
Merge pull request #6462 from keszybz/man-tweaks

Some small man page fixes

7 years agoman: do not recommend rescue.target for alt-↑
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 20:04:52 +0000 (16:04 -0400)]
man: do not recommend rescue.target for alt-↑

rescue.target does not work well, and we don't have a suitable emergency
shell unit that can be started on existing systems right now. So let's just
remove the recommendation for now.

Fixes #6451.

7 years agoman: do not encourgage starting of poweroff/halt/reboot/kexec targets directly
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 19:53:30 +0000 (15:53 -0400)]
man: do not encourgage starting of poweroff/halt/reboot/kexec targets directly

Going through logind and systemd allows polkit to be used,
the job mode will be set properly, and is generally easier
to get correct.

Fixes #6452.

7 years agoman: describe which units types are stopped on isolate
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 19:25:50 +0000 (15:25 -0400)]
man: describe which units types are stopped on isolate

Fixes #6455.

7 years agoMerge pull request #6365 from keszybz/fast-tests
Martin Pitt [Fri, 28 Jul 2017 09:09:50 +0000 (11:09 +0200)]
Merge pull request #6365 from keszybz/fast-tests

Make tests faster by default

7 years agoMerge pull request #6461 from keszybz/meson-options-fix
Martin Pitt [Fri, 28 Jul 2017 07:51:29 +0000 (09:51 +0200)]
Merge pull request #6461 from keszybz/meson-options-fix

Meson options fix

7 years agoboot/efi: don't hard fail on error for tpm measure (#6473)
Harald Hoyer [Fri, 28 Jul 2017 07:46:05 +0000 (09:46 +0200)]
boot/efi: don't hard fail on error for tpm measure (#6473)

Display the error for a small amount of time, but don't fail hard.

In case of a faulty BIOS, a TPM error should not prevent the boot.
If something cares about the PCM measurement, it will be noticed
anyway later on.

Especially important now, that TPM measurement is the default now on
some distribution builds.

https://bugzilla.redhat.com/show_bug.cgi?id=1411156

7 years agotest-timesync: ignore failure to listen on /run/systemd/netif/links/ (#6463)
Zbigniew Jędrzejewski-Szmek [Fri, 28 Jul 2017 07:33:43 +0000 (03:33 -0400)]
test-timesync: ignore failure to listen on /run/systemd/netif/links/ (#6463)

Fixes #6353.

7 years agoMerge pull request #6465 from keszybz/drop-kdbus
Martin Pitt [Fri, 28 Jul 2017 07:29:07 +0000 (09:29 +0200)]
Merge pull request #6465 from keszybz/drop-kdbus

Drop kdbus-dependent code

7 years agomkosi.arch: fix comment (#6470)
AsciiWolf [Fri, 28 Jul 2017 07:24:12 +0000 (09:24 +0200)]
mkosi.arch: fix comment (#6470)

libidn -> libidn2

7 years agojournal-remote: use MHD_OPTION_STRICT_FOR_CLIENT if MHD_USE_PEDANTIC_CHECKS is deprecated
Yu Watanabe [Fri, 28 Jul 2017 07:22:14 +0000 (16:22 +0900)]
journal-remote: use MHD_OPTION_STRICT_FOR_CLIENT if MHD_USE_PEDANTIC_CHECKS is deprecated

The option MHD_OPTION_STRICT_FOR_CLIENT is provided since libmicrohttpd-0.9.54, and
MHD_USE_PEDANTIC_CHECKS will be deprecated in future.
This makes support both option.

7 years agojournal-gateway: use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL
Yu Watanabe [Fri, 28 Jul 2017 04:21:34 +0000 (13:21 +0900)]
journal-gateway: use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL

The option MHD_USE_THREAD_PER_CONNECTION requires MHD_USE_POLL_INTERNAL_THREAD
since libmicrohttpd-0.9.53.
If MHD_USE_POLL is used instead of MHD_USE_POLL_INTERNAL_THREAD, then
the library outputs the following warning:
```
Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with
MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added.
Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
```
The option MHD_USE_POLL_INTERNAL_THREAD is defined as
`MHD_USE_POLL_INTERNAL_THREAD = MHD_USE_POLL | MHD_USE_INTERNAL_POLLING_THREAD,`
So, let's use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL.

7 years agojournal-remote,gateway: use MHD_USE_TLS instead of MHD_USE_SSL
Yu Watanabe [Fri, 28 Jul 2017 04:19:52 +0000 (13:19 +0900)]
journal-remote,gateway: use MHD_USE_TLS instead of MHD_USE_SSL

The option is renamed in libmicrohttpd-0.9.52.

7 years agounits,sysusers: use DynamicUser= for journal-gatewayd and drop user systemd-journal...
Yu Watanabe [Fri, 28 Jul 2017 03:28:17 +0000 (12:28 +0900)]
units,sysusers: use DynamicUser= for journal-gatewayd and drop user systemd-journal-gateway from sysusers

7 years agobash-completion: use the first argument instead of the global variable (#6457)
Yu Watanabe [Thu, 27 Jul 2017 11:22:54 +0000 (20:22 +0900)]
bash-completion: use the first argument instead of the global variable (#6457)

Without this fix:

$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
224

the number of the suggestions are quite different, as __get_startable_units --system does
not filter already started units. With this fix,

$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
123
$ __get_template_names --system | wc -l
12

the number of the suggestions matches one the function returns.
For consistency with the other internal functions, it should use the first argument
instead of the global variable $mode.

[zj: add commit message to make it sound like we know what we're doing]

7 years agomeson: add empty lines before enabled/disabled status
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 18:14:44 +0000 (14:14 -0400)]
meson: add empty lines before enabled/disabled status

Those line are long enough to wrap around a few times, and they are
much more legible with some whitespace.

7 years agomeson: -D remote and -D importd should be "combo" options
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 18:11:15 +0000 (14:11 -0400)]
meson: -D remote and -D importd should be "combo" options

The default should be 'auto', and we allow 'true'
and 'false' too.

Fixes #6445.

7 years agomeson: drop unnecesary default value setting
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 18:09:22 +0000 (14:09 -0400)]
meson: drop unnecesary default value setting

'true' is the default.
Follow-up for 7d77b8880d571447825bb6b0d61683d2e9d58895.

7 years agomeson.build: reorder tests to match order in meson_options.txt
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jul 2017 18:08:46 +0000 (14:08 -0400)]
meson.build: reorder tests to match order in meson_options.txt

This makes it easier to edit both files.

7 years agohwdb: Add axis range for System76 Galago Pro (galp2) (#6439)
Benjamin Berg [Tue, 25 Jul 2017 01:35:58 +0000 (03:35 +0200)]
hwdb: Add axis range for System76 Galago Pro (galp2) (#6439)

7 years agobasic: cosmetic changes (#6440)
Yu Watanabe [Mon, 24 Jul 2017 23:32:34 +0000 (08:32 +0900)]
basic: cosmetic changes (#6440)

7 years agoMerge pull request #6438 from poettering/distro-porting-more
Zbigniew Jędrzejewski-Szmek [Mon, 24 Jul 2017 12:15:45 +0000 (08:15 -0400)]
Merge pull request #6438 from poettering/distro-porting-more

extend README and DISTRO_PORTING a bit

7 years agoMerge pull request #6429 from keszybz/dropins-and-ordering-cycles
Lennart Poettering [Mon, 24 Jul 2017 09:58:21 +0000 (11:58 +0200)]
Merge pull request #6429 from keszybz/dropins-and-ordering-cycles

Dropin loading and ordering cycle logging improvements

7 years agoREADME: document that max_bonds=0 is the way to go for bonding.ko
Lennart Poettering [Mon, 24 Jul 2017 09:28:04 +0000 (11:28 +0200)]
README: document that max_bonds=0 is the way to go for bonding.ko

Everything else just is annoying, hence let's list this among the
requirements we make on the kernel in order to minimize confusion
leading to #6184 and suchlike.

7 years agoDISTRO_PORTING: document that distros may/should change fallback DNS as well as fallb...
Lennart Poettering [Mon, 24 Jul 2017 09:26:54 +0000 (11:26 +0200)]
DISTRO_PORTING: document that distros may/should change fallback DNS as well as fallback NTP if they wish

The DNS and NTP fallback server situation is pretty similar, and
downstream distros might want to change both to whatever they need,
hence mention them both.

7 years agomeson: install the git hook (#6425)
Zbigniew Jędrzejewski-Szmek [Mon, 24 Jul 2017 08:41:45 +0000 (04:41 -0400)]
meson: install the git hook (#6425)

This was done autogen.sh previously and was dropped in
72cdb3e783174dcf9223a49f03e3b0e2ca95ddb8. Let's add it back.
The meson configuration step is the only reasonable place.

Note that this only works for the most standard git dirs, e.g.
the hook will not be installed if git worktree is used or if
$GIT_DIR is specified, etc. I think that's OK because most of
the time meson will be run at least once in the original cloned
dir.

7 years agonspawn: do not mount /sys/fs/kdbus
Zbigniew Jędrzejewski-Szmek [Sun, 23 Jul 2017 16:03:00 +0000 (12:03 -0400)]
nspawn: do not mount /sys/fs/kdbus

7 years agoDrop kdbus bits
Zbigniew Jędrzejewski-Szmek [Sun, 23 Jul 2017 15:45:57 +0000 (11:45 -0400)]
Drop kdbus bits

Some kdbus_flag and memfd related parts are left behind, because they
are entangled with the "legacy" dbus support.

test-bus-benchmark is switched to "manual". It was already broken before
(in the non-kdbus mode) but apparently nobody noticed. Hopefully it can
be fixed later.

7 years agoDrop bus-policy bits
Zbigniew Jędrzejewski-Szmek [Sun, 23 Jul 2017 13:28:45 +0000 (09:28 -0400)]
Drop bus-policy bits

7 years agoDrop busname unit type
Zbigniew Jędrzejewski-Szmek [Sun, 23 Jul 2017 13:24:39 +0000 (09:24 -0400)]
Drop busname unit type

Since busname units are only useful with kdbus, they weren't actively
used. This was dead code, only compile-tested. If busname units are
ever added back, it'll be cleaner to start from scratch (possibly reverting
parts of this patch).

7 years agocore: when logging about dependency cycles, add UNIT= entries for all involved units
Zbigniew Jędrzejewski-Szmek [Sat, 22 Jul 2017 19:52:20 +0000 (15:52 -0400)]
core: when logging about dependency cycles, add UNIT= entries for all involved units

Example log:
Jul 22 15:55:21 fedora systemd[1]: a1.service: Found ordering cycle on a2.service/start
Jul 22 15:55:21 fedora systemd[1]: a1.service: Found dependency on a3.service/start
Jul 22 15:55:21 fedora systemd[1]: a1.service: Found dependency on a1.service/start
Jul 22 15:55:21 fedora systemd[1]: a1.service: Job a2.service/start deleted to break ordering cycle starting with a1.service/start
Jul 22 15:55:21 fedora systemd[1]: Starting a1.service...
Jul 22 15:55:21 fedora systemd[1]: Started a1.service.

Example log entry:

Sat 2017-07-22 15:55:21.372389 EDT [s=0004bb6302d94ac3aa69987fb6157338;i=9ae;b=a96eb6153d4f4f3686c7b4
    _BOOT_ID=a96eb6153d4f4f3686c7b4db8a432908
    _MACHINE_ID=ad18f69b80264b52bb3b766240742383
    _HOSTNAME=fedora
    PRIORITY=3
    SYSLOG_FACILITY=3
    SYSLOG_IDENTIFIER=systemd
    _UID=0
    _GID=0
    _PID=1
    _TRANSPORT=journal
    _CAP_EFFECTIVE=3fffffffff
    _COMM=systemd
    _EXE=/usr/lib/systemd/systemd
    _SYSTEMD_CGROUP=/init.scope
    _SYSTEMD_UNIT=init.scope
    _SYSTEMD_SLICE=-.slice
    _SELINUX_CONTEXT=system_u:system_r:kernel_t:s0
    CODE_FILE=../src/core/transaction.c
    CODE_FUNC=transaction_verify_order_one
    UNIT=a3.service
    UNIT=a1.service
    UNIT=a2.service
    CODE_LINE=430
    MESSAGE=a1.service: Job a2.service/start deleted to break ordering cycle starting with a1.service
    _CMDLINE=/usr/lib/systemd/systemd --system --deserialize 28
    _SOURCE_REALTIME_TIMESTAMP=1500753321372389

This should make it easier to see when any of the units are involved in an
ordering cycle.

Fixes #6336.

v2:
- also update the "Unable to break cycle" message.

7 years agoshared/dropin: improve error message
Zbigniew Jędrzejewski-Szmek [Sat, 22 Jul 2017 12:54:27 +0000 (08:54 -0400)]
shared/dropin: improve error message

We're not just sorting, but actually creating the list. We can
also use the output parameter directly, without a temporary variable.

7 years agoRevert "core: don't load dropin data multiple times for the same unit (#5139)"
Zbigniew Jędrzejewski-Szmek [Sat, 22 Jul 2017 12:39:49 +0000 (08:39 -0400)]
Revert "core: don't load dropin data multiple times for the same unit (#5139)"

This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244.

When we add another name to a unit (by following an alias), we need to
reload all drop-ins. This is necessary to load any additional dropins
found in the dirs created from the alias name.

Fixes #6334.

7 years agoman/systemd.network: DHCP defaults to "no" (#6423)
Lion Yang [Fri, 21 Jul 2017 20:21:30 +0000 (15:21 -0500)]
man/systemd.network: DHCP defaults to "no" (#6423)

Code at: /src/network/networkd-network.c#L160

7 years agodoc/systemd-resolved.service: fix typo (#6422)
Lion Yang [Fri, 21 Jul 2017 20:20:49 +0000 (15:20 -0500)]
doc/systemd-resolved.service: fix typo (#6422)

DNS sever => DNS server

7 years agoresolved: make sure idn2 conversions are roundtrippable
Zbigniew Jędrzejewski-Szmek [Fri, 21 Jul 2017 11:51:07 +0000 (07:51 -0400)]
resolved: make sure idn2 conversions are roundtrippable

While working on the gateway→_gateway conversion, I noticed that
libidn2 strips the leading underscore in some names.
https://gitlab.com/libidn/libidn2/issues/30 was resolved in
https://gitlab.com/libidn/libidn2/commit/05d753ea69e2308cd02436d0511f4b844071dc79,
which disabled "STD3 ASCII rules" by default, i.e. disabled stripping
of underscores. So the situation is that with previously released libidn2
versions we would get incorrect behaviour, and once new libidn2 is released,
we should be OK.

Let's implement a simple test which checks that the name survives the
roundtrip, and if it doesn't, skip IDN resolution. Under old libidn2 this will
fail in more cases, and under new libidn2 in fewer, but should be the right
thing to do also under new libidn2.

7 years agocore: fix typo (#6417)
Yu Watanabe [Fri, 21 Jul 2017 08:36:39 +0000 (17:36 +0900)]
core: fix typo (#6417)

7 years agotree-wide: fput[cs]() → fput[cs]_unlocked() wherever that makes sense (#6396)
Lennart Poettering [Fri, 21 Jul 2017 08:35:45 +0000 (10:35 +0200)]
tree-wide: fput[cs]() → fput[cs]_unlocked() wherever that makes sense (#6396)

As a follow-up for db3f45e2d2586d78f942a43e661415bc50716d11 let's do the
same for all other cases where we create a FILE* with local scope and
know that no other threads hence can have access to it.

For most cases this shouldn't change much really, but this should speed
dbus introspection and calender time formatting up a bit.

7 years agoMerge pull request #6413 from poettering/getpid
Zbigniew Jędrzejewski-Szmek [Thu, 20 Jul 2017 19:14:13 +0000 (15:14 -0400)]
Merge pull request #6413 from poettering/getpid

speed up getpid() again

7 years agonspawn: downgrade warning when we get sd_notify() message from unexpected process...
Lennart Poettering [Thu, 20 Jul 2017 18:46:58 +0000 (20:46 +0200)]
nspawn: downgrade warning when we get sd_notify() message from unexpected process (#6416)

Given that we set NOTIFY_SOCKET unconditionally it's not surprising that
processes way down the process tree think it's smart to send us a
notification message.

It's still useful to keep this message, for debugging things, but it
shouldn't be generated by default.

7 years agotree-wide: make use of getpid_cached() wherever we can
Lennart Poettering [Thu, 20 Jul 2017 14:19:18 +0000 (16:19 +0200)]
tree-wide: make use of getpid_cached() wherever we can

This moves pretty much all uses of getpid() over to getpid_raw(). I
didn't specifically check whether the optimization is worth it for each
replacement, but in order to keep things simple and systematic I
switched over everything at once.

7 years agoprocess-util: add getpid_cached() as a caching wrapper for getpid()
Lennart Poettering [Thu, 20 Jul 2017 13:46:05 +0000 (15:46 +0200)]
process-util: add getpid_cached() as a caching wrapper for getpid()

Let's make getpid() fast again.

7 years agoMerge pull request #6266 from keszybz/drop-autotools
Lennart Poettering [Thu, 20 Jul 2017 17:56:07 +0000 (19:56 +0200)]
Merge pull request #6266 from keszybz/drop-autotools

Drop support for autotools / automake / make

7 years agocall chase_symlinks without the /sysroot prefix (#6411)
Harald Hoyer [Thu, 20 Jul 2017 17:13:09 +0000 (19:13 +0200)]
call chase_symlinks without the /sysroot prefix (#6411)

In case fstab-generator is called in the initrd, chase_symlinks()
returns with a canonical path "/sysroot/sysroot/<mountpoint>", if the
"/sysroot" prefix is present in the path.

This patch skips the "/sysroot" prefix for the chase_symlinks() call,
because "/sysroot" is already the root directory and chase_symlinks()
prepends the root directory in the canonical path returned.