platform/upstream/systemd.git
5 years agoMerge pull request #12877 from poettering/dynamic-user-re-migrate2
Lennart Poettering [Tue, 25 Jun 2019 10:20:26 +0000 (12:20 +0200)]
Merge pull request #12877 from poettering/dynamic-user-re-migrate2

DynamicUser=1 → = 0 migration follow-up

5 years agosome CODING_STYLE additions
Lennart Poettering [Tue, 25 Jun 2019 07:59:24 +0000 (09:59 +0200)]
some CODING_STYLE additions

5 years agoman: say D-Bus, not dbus
Lennart Poettering [Tue, 25 Jun 2019 08:47:13 +0000 (10:47 +0200)]
man: say D-Bus, not dbus

5 years agoman: improve --test documentation
Lennart Poettering [Tue, 25 Jun 2019 08:44:59 +0000 (10:44 +0200)]
man: improve --test documentation

Incorporates some suggestions from:

https://github.com/systemd/systemd/pull/12868#discussion_r296738370
https://github.com/systemd/systemd/commit/cd69e88ba3a692618048117b26fc9ea339aa1845#commitcomment-34060775

5 years agotest: add test for DynamicUser=0 → =1 migration (and back)
Lennart Poettering [Tue, 25 Jun 2019 08:40:16 +0000 (10:40 +0200)]
test: add test for DynamicUser=0 → =1 migration (and back)

5 years agocore: mention why we do migration for everything but ConfigurationDirectory=
Lennart Poettering [Tue, 25 Jun 2019 08:39:52 +0000 (10:39 +0200)]
core: mention why we do migration for everything but ConfigurationDirectory=

5 years agocore: log when we convert from DynamicUser=1 to =0 or vice versa
Lennart Poettering [Tue, 25 Jun 2019 08:39:37 +0000 (10:39 +0200)]
core: log when we convert from DynamicUser=1 to =0 or vice versa

5 years agosystemd-nspawn(1): update example section
camoz [Tue, 25 Jun 2019 08:28:19 +0000 (10:28 +0200)]
systemd-nspawn(1): update example section

Remove the retired flag -d from Example 4. "Boot a minimal Arch Linux
distribution in a container". It has been retired here:
https://git.archlinux.org/arch-install-scripts.git/commit/pacstrap.in?id=0af6884aca68dcb7eed0b85fbc2960903df3d968

5 years agoMerge pull request #12869 from poettering/dynamic-user-re-migrate
Lennart Poettering [Tue, 25 Jun 2019 08:06:03 +0000 (10:06 +0200)]
Merge pull request #12869 from poettering/dynamic-user-re-migrate

DynamicUser=1 state directory back migration

5 years agobpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath=
Kai Lüke [Tue, 23 Apr 2019 10:14:20 +0000 (12:14 +0200)]
bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath=

Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes https://github.com/systemd/systemd/issues/10227

5 years agoMerge pull request #12874 from yuwata/ethtool-make-ubsan-quiet
Lennart Poettering [Tue, 25 Jun 2019 07:28:21 +0000 (09:28 +0200)]
Merge pull request #12874 from yuwata/ethtool-make-ubsan-quiet

ethtool: make UBSan quiet and add missing link modes

5 years agoMerge pull request #12870 from yuwata/tree-wide-further-path-join-cleanups
Lennart Poettering [Tue, 25 Jun 2019 07:27:01 +0000 (09:27 +0200)]
Merge pull request #12870 from yuwata/tree-wide-further-path-join-cleanups

tree-wide: further path_join() and path_joina() cleanups

5 years agoMerge pull request #12871 from keszybz/various-printing-fixes
Yu Watanabe [Tue, 25 Jun 2019 04:02:33 +0000 (13:02 +0900)]
Merge pull request #12871 from keszybz/various-printing-fixes

Various printing/logging fixes

5 years agoethtool: reindent link mode table
Yu Watanabe [Tue, 25 Jun 2019 02:55:59 +0000 (11:55 +0900)]
ethtool: reindent link mode table

5 years agoethtool: add missing link mode
Yu Watanabe [Tue, 25 Jun 2019 02:55:04 +0000 (11:55 +0900)]
ethtool: add missing link mode

5 years agoethtool-util: fix returned value when ethtool_cmd_speed() is SPEED_UNKNOWN
Yu Watanabe [Tue, 25 Jun 2019 02:10:07 +0000 (11:10 +0900)]
ethtool-util: fix returned value when ethtool_cmd_speed() is SPEED_UNKNOWN

5 years agolinux: make UBSAN quiet
Yu Watanabe [Tue, 25 Jun 2019 02:36:51 +0000 (11:36 +0900)]
linux: make UBSAN quiet

5 years agolinux: update kernel headers
Yu Watanabe [Tue, 25 Jun 2019 02:16:57 +0000 (11:16 +0900)]
linux: update kernel headers

5 years agobootctl: fix display of options with embedeed newlines
Zbigniew Jędrzejewski-Szmek [Sat, 15 Jun 2019 14:37:55 +0000 (16:37 +0200)]
bootctl: fix display of options with embedeed newlines

I have an .efi image with embedded newlinews. Now I don't even remember if it
was created for testing or by accident, but it doesn't really matter. We should
display such files correctly.

(This isn't a problem with normal BLS entries, because input is split into lines
so newlines are consumed.)

5 years agosd-device: don't accept /sys as a device path
Lubomir Rintel [Mon, 24 Jun 2019 18:38:30 +0000 (20:38 +0200)]
sd-device: don't accept /sys as a device path

Because it's not a device path and (slightly) bad things happen if it
gets confused with one:

  $ udevadm info /sys/
  Assertion 'device->devpath[0] == '/'' failed at
      ../src/libsystemd/sd-device/sd-device.c:958,
      function sd_device_get_devpath(). Aborting.
  Aborted (core dumped)

5 years agoudevd: fix a reversed conditional on global property set
Lubomir Rintel [Mon, 24 Jun 2019 17:23:13 +0000 (19:23 +0200)]
udevd: fix a reversed conditional on global property set

  # udevadm control --property=HELLO=WORLD
  Received udev control message (ENV), unsetting 'HELLO'
  # udevadm control --property=HELLO=
  Received udev control message (ENV), setting 'HELLO='

Oh no, it's busted. Let's try removing this one little negation real quick
to see if it helps...

  # udevadm control --property=HELLO=WORLD
  Received udev control message (ENV), setting 'HELLO=WORLD'
  # udevadm control --property=HELLO=
  Received udev control message (ENV), unsetting 'HELLO'

Feels much better now.

5 years agoman: beef up systemd.exec(5)
Lennart Poettering [Tue, 28 May 2019 14:50:10 +0000 (16:50 +0200)]
man: beef up systemd.exec(5)

Prompted by:

https://lists.freedesktop.org/archives/systemd-devel/2019-May/042773.html

5 years agotree-wide: replace strjoina() with prefix_roota()
Yu Watanabe [Mon, 24 Jun 2019 15:24:23 +0000 (00:24 +0900)]
tree-wide: replace strjoina() with prefix_roota()

5 years agonetworkd: rework warning and debug messages about address addition and removal
Zbigniew Jędrzejewski-Szmek [Sat, 15 Jun 2019 11:19:58 +0000 (13:19 +0200)]
networkd: rework warning and debug messages about address addition and removal

Those messages were quite confusing. In particular "adding address" suggests
that we are assiging a new address to an interface, but in fact we're just
reacting to a notification about an addition. So let's call that "remembering"
and "forgetting". It's not fully gramatically correct, but I think it's much
clearer than "adding"/"removing" in this context.

And "received address without address" is too cryptic, let's say "address
message" to distinguish the message from its content.

Also, make failure to format address non-fatal, and print more details in
various places.

5 years agologind: log operation details when starting actions
Zbigniew Jędrzejewski-Szmek [Thu, 13 Jun 2019 16:11:56 +0000 (18:11 +0200)]
logind: log operation details when starting actions

For some reason, systemd-logind is trying to handle idle action in one of my containers:

Jun 07 10:28:08 rawhide systemd-logind[42]: System idle. Taking action.
Jun 07 10:28:08 rawhide systemd-logind[42]: Requested operation not supported, ignoring.

But we didn't log what exactly was being done. Let's put the name of the action in messages.

5 years agologind: remove unused check
Zbigniew Jędrzejewski-Szmek [Thu, 13 Jun 2019 16:03:14 +0000 (18:03 +0200)]
logind: remove unused check

All callers pass either a fixed action, or HANDLE_IGNORE is explicitly filtered
out. Let's remove this case here, because we cannot properly log what opreation
we are ignoring.

5 years agotree-wide: replace strjoin() with path_join()
Yu Watanabe [Mon, 24 Jun 2019 14:59:38 +0000 (23:59 +0900)]
tree-wide: replace strjoin() with path_join()

5 years agocore: introduce NUMAPolicy and NUMAMask options
Michal Sekletar [Tue, 12 Mar 2019 17:58:26 +0000 (18:58 +0100)]
core: introduce NUMAPolicy and NUMAMask options

Make possible to set NUMA allocation policy for manager. Manager's
policy is by default inherited to all forked off processes. However, it
is possible to override the policy on per-service basis. Currently we
support, these policies: default, prefer, bind, interleave, local.
See man 2 set_mempolicy for details on each policy.

Overall NUMA policy actually consists of two parts. Policy itself and
bitmask representing NUMA nodes where is policy effective. Node mask can
be specified using related option, NUMAMask. Default mask can be
overwritten on per-service level.

5 years agotest: add more testcases for prefix_roota()
Yu Watanabe [Mon, 24 Jun 2019 14:40:33 +0000 (23:40 +0900)]
test: add more testcases for prefix_roota()

5 years agopath-util: fix an issue when the path argument of prefix_roota() is not absolute
Yu Watanabe [Mon, 24 Jun 2019 14:36:38 +0000 (23:36 +0900)]
path-util: fix an issue when the path argument of prefix_roota() is not absolute

When the first argument is '/' and the second argument is not absolute,
the return value was not prefixed with '/'. This fixes the issue.

5 years agocore: migrate service directories back from private if needed
Lennart Poettering [Mon, 24 Jun 2019 14:18:49 +0000 (16:18 +0200)]
core: migrate service directories back from private if needed

Fixes: #12131

5 years agocore: add missing space to DynamicUser=1 directory comment
Lennart Poettering [Mon, 24 Jun 2019 14:02:02 +0000 (16:02 +0200)]
core: add missing space to DynamicUser=1 directory comment

(also line break again)

5 years agoMerge pull request #12868 from poettering/doc-243-fixes
Zbigniew Jędrzejewski-Szmek [Mon, 24 Jun 2019 14:07:16 +0000 (16:07 +0200)]
Merge pull request #12868 from poettering/doc-243-fixes

various man page fixes

5 years agoman: document that sd_bus_creds_get_exec() is not suitable for security decisions
Lennart Poettering [Mon, 24 Jun 2019 13:30:10 +0000 (15:30 +0200)]
man: document that sd_bus_creds_get_exec() is not suitable for security decisions

Fixes: #12704

5 years agoman: drop references to "syslog" and "syslog+console" from man page
Lennart Poettering [Mon, 24 Jun 2019 13:21:22 +0000 (15:21 +0200)]
man: drop references to "syslog" and "syslog+console" from man page

These options are pretty much equivalent to "journal" and
"journal+console" anyway, let's simplify things, and drop them from the
documentation hence.

For compat reasons let's keep them in the code.

(Note that they are not 100% identical to 'journal', but I doubt the
distinction in behaviour is really relevant to keep this in the docs.
And we should probably should drop 'syslog' entirely from our codebase
eventually, but it's problematic as long as we semi-support udev on
non-systemd systems still.)

5 years agodoc: make clear that --system and --user only make sense with --test
Lennart Poettering [Mon, 24 Jun 2019 12:51:52 +0000 (14:51 +0200)]
doc: make clear that --system and --user only make sense with --test

Fixes: #12843

5 years agoman: correct that Sockets= may not be undone
Lennart Poettering [Mon, 24 Jun 2019 12:22:43 +0000 (14:22 +0200)]
man: correct that Sockets= may not be undone

Fixes: #12415

5 years agoman: document that DynamicUser=1 implied sandboxing cannot be turned off
Lennart Poettering [Mon, 24 Jun 2019 12:20:36 +0000 (14:20 +0200)]
man: document that DynamicUser=1 implied sandboxing cannot be turned off

Fixes: #12476

5 years agoMerge pull request #12866 from yuwata/strv_consume_cleanups
Lennart Poettering [Mon, 24 Jun 2019 07:54:36 +0000 (09:54 +0200)]
Merge pull request #12866 from yuwata/strv_consume_cleanups

tree-wide: use _cleanup_ attributes

5 years agotree-wide: use _cleanup_ attribute and strv_consume() + TAKE_PTR()
Yu Watanabe [Mon, 24 Jun 2019 05:57:58 +0000 (14:57 +0900)]
tree-wide: use _cleanup_ attribute and strv_consume() + TAKE_PTR()

5 years agosd-path: use _cleanup_strv_free_ attribute
Yu Watanabe [Mon, 24 Jun 2019 05:57:50 +0000 (14:57 +0900)]
sd-path: use _cleanup_strv_free_ attribute

5 years agoupdate TODO
Lennart Poettering [Sun, 23 Jun 2019 14:13:26 +0000 (16:13 +0200)]
update TODO

5 years agoman: fix references to VTABLE property flags
Peter A. Bigot [Sat, 22 Jun 2019 17:43:49 +0000 (12:43 -0500)]
man: fix references to VTABLE property flags

5 years agoupdate TODO
Lennart Poettering [Sat, 22 Jun 2019 18:12:44 +0000 (20:12 +0200)]
update TODO

5 years agoMerge pull request #12836 from yuwata/tree-wide-replace-strjoin
Lennart Poettering [Sat, 22 Jun 2019 18:02:46 +0000 (20:02 +0200)]
Merge pull request #12836 from yuwata/tree-wide-replace-strjoin

tree-wide: replace strjoin() with path_join()

5 years agobpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users)
Anita Zhang [Mon, 20 May 2019 21:43:53 +0000 (14:43 -0700)]
bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users)

This is a workaround to make IPAddressDeny=any/IPAddressAllow=any work
for non-root users that have CAP_NET_ADMIN. "any" was chosen since
all or nothing network access is one of the most common use cases for
isolation.

Allocating BPF LPM TRIE maps require CAP_SYS_ADMIN while BPF_PROG_TYPE_CGROUP_SKB
only needs CAP_NET_ADMIN. In the case of IPAddressXYZ="any" we can just
consistently return false/true to avoid allocating the map and limit the user
to having CAP_NET_ADMIN.

5 years agocgroup-util: kill also threads
Topi Miettinen [Mon, 20 May 2019 09:20:58 +0000 (12:20 +0300)]
cgroup-util: kill also threads

It's possible for a zombie process to have live threads. These are not listed
in /sys in "cgroup.procs" for cgroupsv2, but they show up in
"cgroup.threads" (cgroupv2) or "tasks" (cgroupv1) nodes. When killing a
cgroup (v2 only) with SIGKILL, let's also kill threads after killing processes,
so the live threads of a zombie get killed too.

Closes #12262.

5 years agocoverity: stop setting _Float*
Evgeny Vereshchagin [Fri, 21 Jun 2019 00:21:09 +0000 (02:21 +0200)]
coverity: stop setting _Float*

Should address https://github.com/systemd/systemd/issues/12854

5 years agoman: drop my copyright
Jan Synacek [Fri, 21 Jun 2019 05:53:15 +0000 (07:53 +0200)]
man: drop my copyright

5 years agopath-util: get rid of prefix_root()
Lennart Poettering [Wed, 19 Jun 2019 13:20:13 +0000 (15:20 +0200)]
path-util: get rid of prefix_root()

prefix_root() is equivalent to path_join() in almost all ways, hence
let's remove it.

There are subtle differences though: prefix_root() will try shorten
multiple "/" before and after the prefix. path_join() doesn't do that.
This means prefix_root() might return a string shorter than both its
inputs combined, while path_join() never does that. I like the
path_join() semantics better, hence I think dropping prefix_root() is
totally OK. In the end the strings generated by both functon should
always be identical in terms of path_equal() if not streq().

This leaves prefix_roota() in place. Ideally we'd have path_joina(), but
I don't think we can reasonably implement that as a macro. or maybe we
can? (if so, sounds like something for a later PR)

Also add in a few missing OOM checks

5 years agonspawn: don't hard fail when setting capabilities
Anita Zhang [Mon, 3 Jun 2019 23:25:43 +0000 (16:25 -0700)]
nspawn: don't hard fail when setting capabilities

The OCI changes in #9762 broke a use case in which we use nspawn from
inside a container that has dropped capabilities from the bounding set
that nspawn expected to retain. In an attempt to keep OCI compliance
and support our use case, I made hard failing on setting capabilities
not in the bounding set optional (hard fail if using OCI and log only
if using nspawn cmdline).

Fixes #12539

5 years agoMerge pull request #12846 from poettering/cap-last-cap-fix
Yu Watanabe [Thu, 20 Jun 2019 18:31:49 +0000 (03:31 +0900)]
Merge pull request #12846 from poettering/cap-last-cap-fix

cap_last_cap() off by one fixes

5 years agobpf: use more TAKE_FD()
Lennart Poettering [Thu, 20 Jun 2019 12:41:09 +0000 (14:41 +0200)]
bpf: use more TAKE_FD()

5 years agosd-path: use _cleanup_ attribute
Yu Watanabe [Thu, 20 Jun 2019 18:14:05 +0000 (03:14 +0900)]
sd-path: use _cleanup_ attribute

5 years agotree-wide: replace strjoin() with path_join()
Yu Watanabe [Thu, 20 Jun 2019 18:07:01 +0000 (03:07 +0900)]
tree-wide: replace strjoin() with path_join()

5 years agobus-creds: fix size calculation for storing caps data
Lennart Poettering [Thu, 20 Jun 2019 12:54:40 +0000 (14:54 +0200)]
bus-creds: fix size calculation for storing caps data

This is a bit confusing, hence let's at an example comment.

5 years agocapability: fix loops for cap_last_cap()
Lennart Poettering [Thu, 20 Jun 2019 12:44:47 +0000 (14:44 +0200)]
capability: fix loops for cap_last_cap()

cap_last_cap() returns the last valid cap (instead of the number of
valid caps). to iterate through all known caps we hence need to use a <=
check, and not a < check like for all other cases. We got this right
usually, but in three cases we did not.

5 years agounits: deny access to block devices
Topi Miettinen [Wed, 1 May 2019 12:28:36 +0000 (15:28 +0300)]
units: deny access to block devices

While the need for access to character devices can be tricky to determine for
the general case, it's obvious that most of our services have no need to access
block devices. For logind and timedated this can be tightened further.

5 years agoMerge pull request #12762 from yuwata/network-introduce-carrier-and-network-state...
Lennart Poettering [Thu, 20 Jun 2019 11:36:30 +0000 (13:36 +0200)]
Merge pull request #12762 from yuwata/network-introduce-carrier-and-network-state-12752

network: introduce carrier and address state to fix network_is_online()

5 years agoMerge pull request #12837 from yuwata/tree-wide-lgtm-fixes
Lennart Poettering [Thu, 20 Jun 2019 10:35:34 +0000 (12:35 +0200)]
Merge pull request #12837 from yuwata/tree-wide-lgtm-fixes

tree-wide: fix issues found by lgtm

5 years agocgroup: Continue unit reset if cgroup is busy
Donald Buczek [Thu, 25 Apr 2019 07:39:41 +0000 (09:39 +0200)]
cgroup: Continue unit reset if cgroup is busy

When part of the cgroup hierarchy cannot be deleted (e.g. because there
are still processes in it), do not exit unit_prune_cgroup early, but
continue so that u->cgroup_realized is reset.

Log the known case of non-empty cgroups at debug level and other errors
at warning level.

Fixes https://github.com/systemd/systemd/issues/12386

5 years agoMerge pull request #12806 from yuwata/networkctl-ethtool-12657
Yu Watanabe [Wed, 19 Jun 2019 21:56:37 +0000 (06:56 +0900)]
Merge pull request #12806 from yuwata/networkctl-ethtool-12657

networkctl: show speed, duplex, auto negotiation, and port

5 years agoutil: use extract_first_word() instead of strsep()
Yu Watanabe [Wed, 19 Jun 2019 21:51:34 +0000 (06:51 +0900)]
util: use extract_first_word() instead of strsep()

5 years agotree-wide: use htobe{32,16}() instead of hton{l,s}()
Yu Watanabe [Wed, 19 Jun 2019 21:34:05 +0000 (06:34 +0900)]
tree-wide: use htobe{32,16}() instead of hton{l,s}()

5 years agotree-wide: drop alloca() in loop
Yu Watanabe [Wed, 19 Jun 2019 21:29:19 +0000 (06:29 +0900)]
tree-wide: drop alloca() in loop

5 years agonetworkctl: show link speed, duplex, auto negotiation, and port
Yu Watanabe [Mon, 17 Jun 2019 07:12:06 +0000 (16:12 +0900)]
networkctl: show link speed, duplex, auto negotiation, and port

5 years agonetwork: change type of BitRates= bus property
Yu Watanabe [Wed, 19 Jun 2019 13:18:54 +0000 (22:18 +0900)]
network: change type of BitRates= bus property

5 years agotable: introduce FORMAT_BPS type
Yu Watanabe [Wed, 19 Jun 2019 13:03:42 +0000 (22:03 +0900)]
table: introduce FORMAT_BPS type

5 years agotest: add tests for format_bytes()
Yu Watanabe [Wed, 19 Jun 2019 00:52:45 +0000 (09:52 +0900)]
test: add tests for format_bytes()

5 years agoutil: make format_bytes() support e.g. 3.0E
Yu Watanabe [Wed, 19 Jun 2019 01:05:30 +0000 (10:05 +0900)]
util: make format_bytes() support e.g. 3.0E

5 years agoutil: introduce format_bytes_full()
Yu Watanabe [Mon, 17 Jun 2019 07:08:24 +0000 (16:08 +0900)]
util: introduce format_bytes_full()

And move it into format-util.c.

5 years agoethtool-util: introduce ethtool_get_link_info()
Yu Watanabe [Mon, 17 Jun 2019 06:31:20 +0000 (15:31 +0900)]
ethtool-util: introduce ethtool_get_link_info()

Will be used in later commits.

5 years agoethtool-util: make ethtool_connect() warn on failure
Yu Watanabe [Wed, 19 Jun 2019 00:09:58 +0000 (09:09 +0900)]
ethtool-util: make ethtool_connect() warn on failure

5 years agoethtool-util: use structured initializers
Yu Watanabe [Mon, 17 Jun 2019 05:57:54 +0000 (14:57 +0900)]
ethtool-util: use structured initializers

5 years agosd-resolve: suppress false positive MSan warnings
Frantisek Sumsal [Wed, 19 Jun 2019 12:16:15 +0000 (21:16 +0900)]
sd-resolve: suppress false positive MSan warnings

MSan dislikes structured initializers for nested structures.

5 years agoMerge pull request #12828 from yuwata/network-routing-policy-rule-add-missing-entries
Zbigniew Jędrzejewski-Szmek [Wed, 19 Jun 2019 13:25:31 +0000 (15:25 +0200)]
Merge pull request #12828 from yuwata/network-routing-policy-rule-add-missing-entries

network: add missing entries in routing_policy_rule_{hash,compare}_func()

5 years agoMerge pull request #12815 from irtimmer/dot-strict
Lennart Poettering [Wed, 19 Jun 2019 12:56:36 +0000 (14:56 +0200)]
Merge pull request #12815 from irtimmer/dot-strict

resolved: strict mode for DNS-over-TLS

5 years agonetwork: add missing entries in routing_policy_rule_{hash,compare}_func()
Yu Watanabe [Wed, 19 Jun 2019 04:04:24 +0000 (13:04 +0900)]
network: add missing entries in routing_policy_rule_{hash,compare}_func()

This also makes routing_policy_rule_get() or friends take
a RoutingPolicyRule object as an input.

5 years agoutil: introduce siphash24_compress_boolean()
Yu Watanabe [Wed, 19 Jun 2019 12:02:47 +0000 (21:02 +0900)]
util: introduce siphash24_compress_boolean()

5 years agoresolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS
Iwan Timmer [Mon, 17 Jun 2019 19:24:05 +0000 (21:24 +0200)]
resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS

5 years agoresolved: add strict mode for DNS-over-TLS
Iwan Timmer [Mon, 18 Feb 2019 19:41:46 +0000 (20:41 +0100)]
resolved: add strict mode for DNS-over-TLS

Add strict mode for DNS-over-TLS, which will require TLS support from the server. Closes #10755

5 years agoresolved: don't require check when importing resolved-dnstls.h
Iwan Timmer [Tue, 18 Jun 2019 16:54:55 +0000 (18:54 +0200)]
resolved: don't require check when importing resolved-dnstls.h

5 years agoMerge pull request #12829 from yuwata/dhcp-memdup_suffix0
Lennart Poettering [Wed, 19 Jun 2019 07:00:52 +0000 (09:00 +0200)]
Merge pull request #12829 from yuwata/dhcp-memdup_suffix0

sd-bus,dhcp: use memdup_suffix0() instead of strndup()

5 years agosd-bus: use memdup_suffix0() instead of strndup()
Yu Watanabe [Wed, 19 Jun 2019 05:29:00 +0000 (14:29 +0900)]
sd-bus: use memdup_suffix0() instead of strndup()

5 years agodhcp: use memdup_suffix0() instead of strndup()
Yu Watanabe [Wed, 19 Jun 2019 05:15:06 +0000 (14:15 +0900)]
dhcp: use memdup_suffix0() instead of strndup()

5 years agoMerge pull request #12822 from poettering/tmpfiles-is-mount-point
Yu Watanabe [Wed, 19 Jun 2019 02:11:06 +0000 (11:11 +0900)]
Merge pull request #12822 from poettering/tmpfiles-is-mount-point

tmpfiles: use common fd_is_mount_point() implementation

5 years agoethtool-util: move from src/udev/net/ to src/shared/
Yu Watanabe [Mon, 17 Jun 2019 05:52:55 +0000 (14:52 +0900)]
ethtool-util: move from src/udev/net/ to src/shared/

5 years agojournald: use memdup_suffix0() when copying string from potentially binary data
Lennart Poettering [Tue, 18 Jun 2019 13:56:07 +0000 (15:56 +0200)]
journald: use memdup_suffix0() when copying string from potentially binary data

Fixes: #12484

5 years agoresolved: add missing error code check when initializing DNS-over-TLS
Iwan Timmer [Mon, 17 Jun 2019 20:33:50 +0000 (22:33 +0200)]
resolved: add missing error code check when initializing DNS-over-TLS

5 years agoresolved: move TLS data shared by all servers to manager
Iwan Timmer [Sat, 15 Jun 2019 20:54:41 +0000 (22:54 +0200)]
resolved: move TLS data shared by all servers to manager

Instead of having a context and/or trusted CA list per server this is now moved to the server. Ensures future TLS configuration options are global instead of per server.

5 years agofix(journal-gatewayd): use relative urls (not starting with '/')
Markus Felten [Tue, 18 Jun 2019 08:11:28 +0000 (10:11 +0200)]
fix(journal-gatewayd): use relative urls (not starting with '/')

if journal-gatewayd http is not mounted at '/' (proxy request)
the request lose their initial path component

5 years agohashmap: avoid using TLS in a destructor
Frantisek Sumsal [Tue, 18 Jun 2019 09:25:16 +0000 (11:25 +0200)]
hashmap: avoid using TLS in a destructor

Using C11 thread-local storage in destructors causes uninitialized
read. Let's avoid that using a direct comparison instead of using
the cached values. As this code path is taken only when compiled
with -DVALGRIND=1, the performance cost shouldn't matter too much.

Fixes #12814

5 years agoMerge pull request #12758 from fbuihuu/nspawn-console-tty
Lennart Poettering [Tue, 18 Jun 2019 11:17:14 +0000 (13:17 +0200)]
Merge pull request #12758 from fbuihuu/nspawn-console-tty

Create nspawn console tty in the child

5 years agotmpfiles: use common fd_is_mount_point() implementation in tmpfiles.c
Lennart Poettering [Tue, 18 Jun 2019 10:42:30 +0000 (12:42 +0200)]
tmpfiles: use common fd_is_mount_point() implementation in tmpfiles.c

No need to have a private reimplementation here. Let's just use the
common one, which supports "fdinfo" as fallback.

5 years agotmpfiles: merge two nested if checks into one
Lennart Poettering [Tue, 18 Jun 2019 10:41:31 +0000 (12:41 +0200)]
tmpfiles: merge two nested if checks into one

5 years agotmpfiles: use path_join() where we can
Lennart Poettering [Tue, 18 Jun 2019 10:41:02 +0000 (12:41 +0200)]
tmpfiles: use path_join() where we can

5 years agodhcp: fix comparison with previous lease
Yu Watanabe [Tue, 18 Jun 2019 02:18:46 +0000 (11:18 +0900)]
dhcp: fix comparison with previous lease

Follow-up for f8862395e8f802e4106a07ceaaf02b6a1faa5a6d.

Fixes #12816.

5 years agonspawn: make use of openpt_allocate()
Franck Bui [Fri, 7 Jun 2019 08:27:18 +0000 (10:27 +0200)]
nspawn: make use of openpt_allocate()

5 years agoterminal-util: introduce openpt_allocate()
Franck Bui [Fri, 7 Jun 2019 08:17:11 +0000 (10:17 +0200)]
terminal-util: introduce openpt_allocate()

Allocating a pty is done in a couple of places so let's introduce a new helper
which does the job.

Also the new function, as well as openpt_in_namespace(), returns both pty
master and slave so the callers don't need to know about the pty slave
allocation details.

For the same reasons machine_openpt() prototype has also been changed to return
both pty master and slave so callers don't need to allocate a pty slave which
might be in a different namespace.

Finally openpt_in_namespace() has been renamed into
openpt_allocate_in_namespace().

5 years agoMerge pull request #12805 from yuwata/test-network-cleanups
Zbigniew Jędrzejewski-Szmek [Tue, 18 Jun 2019 06:57:26 +0000 (08:57 +0200)]
Merge pull request #12805 from yuwata/test-network-cleanups

test: further test-network cleanups