platform/upstream/systemd.git
7 years agoMerge pull request #6029 from keszybz/vconsole-no-vga
Lennart Poettering [Fri, 26 May 2017 16:09:57 +0000 (18:09 +0200)]
Merge pull request #6029 from keszybz/vconsole-no-vga

Avoid systemd-vconsole-setup failure on machines w/o VGA

7 years agorules: Handle MMC boot partitions by-path correctly (#6026)
George McCollister [Fri, 26 May 2017 02:13:50 +0000 (21:13 -0500)]
rules: Handle MMC boot partitions by-path correctly (#6026)

Many eMMC devices have separate boot partitions that aren't part of the
normal partition table that show up as /dev/mmcblk[0-9]boot[0-9]. These
partitions are generally small (128KB to 16MB) and typically hold a boot
loader, boot loader data or a recovery image. Match these and create
-boot%n by-path symlinks.

Prior to this change by-path symlinks for the main device would be
incorrectly linked to one of the boot partitions.

For instance before:
/dev/disk/by-path/platform-219c000.usdhc linked to /dev/mmcblk1boot1

Now:
/dev/disk/by-path/platform-219c000.usdhc links to /dev/mmcblk1
/dev/disk/by-path/platform-219c000.usdhc-boot0 links to /dev/mmcblk1boot0
/dev/disk/by-path/platform-219c000.usdhc-boot1 links to /dev/mmcblk1boot1

On systems that support multiple SD/MMC devices it can be essential to
have by-path links to these devices since device names vary depending on
which other devices are connected.

7 years agoMerge pull request #5999 from mbiebl/timesyncd-fallback-server
Zbigniew Jędrzejewski-Szmek [Thu, 25 May 2017 22:51:08 +0000 (18:51 -0400)]
Merge pull request #5999 from mbiebl/timesyncd-fallback-server

timesyncd: don't use compiled-in list if FallbackNTP has been configured

7 years agotest-timesync: add first test for timesyncd conf parsing
Zbigniew Jędrzejewski-Szmek [Thu, 25 May 2017 14:26:29 +0000 (10:26 -0400)]
test-timesync: add first test for timesyncd conf parsing

We parse the string supplied in NTP_SERVERS during configuration under an
assert_se(). Right now we will accept pretty much anything there, but in case
we are more picky in the future, add a simple test which checks that we can
actually parse whatever is in NTP_SERVERS so that we don't fail the assertion
at runtime.

7 years agotest: ensure 'InaccessiblePaths=/proc' option works (#6017)
Timothée Ravier [Thu, 25 May 2017 04:47:08 +0000 (06:47 +0200)]
test: ensure 'InaccessiblePaths=/proc' option works (#6017)

Test case for PR #5985.

7 years agovconsole-setup: skip setting fonts when setfont returns EX_OSERR
Zbigniew Jędrzejewski-Szmek [Thu, 25 May 2017 03:25:44 +0000 (23:25 -0400)]
vconsole-setup: skip setting fonts when setfont returns EX_OSERR

On a machine without a VGA console, /dev/tty{0,1,…} exist, so
systemd-vconsole-setup is started, but all setfont operations fail.

setfont has a bunch of return codes for different failure modes. It uses
EX_OSERR when the communication with the kernel using ioctls fails. This isn't
too specific, but at least it's only used this general class of errors. Let's
swallow the error in this case to avoid systemd-vconsole-setup.service failing
on cloud vms.

On a machine from https://bugzilla.redhat.com/show_bug.cgi?id=1272686#c4:
$ build/systemd-vconsole-setup
setfont: putfont: 512,8x16:  failed: -1
putfont: PIO_FONT: Invalid argument
/usr/bin/setfont failed with error code 71.
Setting fonts failed with a "system error", ignoring.

$ SYSTEMD_LOG_LEVEL=debug build/systemd-vconsole-setup
Found container virtualization none.
Sysfs UTF-8 flag enabled
UTF-8 kbdmode enabled on /dev/tty0
Executing "/usr/bin/setfont -C /dev/tty0 eurlatgr"...
setfont: putfont: 512,8x16:  failed: -1
putfont: PIO_FONT: Invalid argument
/usr/bin/setfont failed with error code 71.
Executing "/usr/bin/loadkeys -q -C /dev/tty0 -u us"...
/usr/bin/loadkeys succeeded.
Setting fonts failed with a "system error", ignoring.

$ lspci | grep -i vga

$ ls /dev/tty?
/dev/tty0  /dev/tty2  /dev/tty4  /dev/tty6  /dev/tty8
/dev/tty1  /dev/tty3  /dev/tty5  /dev/tty7  /dev/tty9

If we have a better test for /dev/tty? being connected to something that has a
font, we could avoid running setfont at all… ATM, I'm not aware of a simple
test like that.

7 years agovconsole-setup: add more log messages
Zbigniew Jędrzejewski-Szmek [Thu, 25 May 2017 03:25:10 +0000 (23:25 -0400)]
vconsole-setup: add more log messages

This makes it quite a bit easier to see what failed.

strv_join is called inline in log_debug so that it is under the conditional
that kills the whole thing if debugging is disabled.

7 years agotimesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly
Michael Biebl [Sun, 21 May 2017 01:22:43 +0000 (03:22 +0200)]
timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly

Parse the config files first and only apply the compiled-in list of
fallback servers if no NTP server was configured via FallbackNTP.

Closes: #5091

7 years agoDHCP: Fail link_dhcp_set_routes promotely if no address is assigned from lease (...
Daniel Wang [Wed, 24 May 2017 12:05:49 +0000 (05:05 -0700)]
DHCP: Fail link_dhcp_set_routes promotely if no address is assigned from lease (#6009)

Currently the local variable `address` is unintialized if the DHCP lease
doesn't provide a router address (when r == -ENODATA). Thus the
subsequent call to route_scope_from_address will result in accessing an
unintialized variable.

As a matter of fact, sd-dhcp-client ignores DHCP leases without an
address so link_dhcp_set_routes probably will never be called without a
valid address.

7 years agotmpfiles: Remove unnecessary utmp file creation (#6006)
codekipper [Wed, 24 May 2017 09:10:59 +0000 (11:10 +0200)]
tmpfiles: Remove unnecessary utmp file creation (#6006)

If utmp is disabled (--disable-utmp) then there is no need to create
the wtmp and btmp files.

7 years agoresolved: bugfix of null pointer p->question dereferencing (#6020)
Evgeny Vereshchagin [Wed, 24 May 2017 05:56:48 +0000 (08:56 +0300)]
resolved: bugfix of null pointer p->question dereferencing (#6020)

See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396

7 years agomailmap: add entry for John Paul Adrian Glaubitz (#6015)
John Paul Adrian Glaubitz [Tue, 23 May 2017 13:22:44 +0000 (15:22 +0200)]
mailmap: add entry for John Paul Adrian Glaubitz (#6015)

7 years agoAllow TimeoutSec=0 to work as documented in mount units and elsewhere (#6013)
NeilBrown [Tue, 23 May 2017 07:42:26 +0000 (17:42 +1000)]
Allow TimeoutSec=0 to work as documented in mount units and elsewhere (#6013)

Since commit 36c16a7cdd6c ("core: rework unit timeout handling, and add
new setting RuntimeMaxSec=") TimeoutSec=0 in mount units has
cause the mount to timeout immediately instead of never as documented.

There is a similar problem with Socket.TimeoutSec and Swap.TimeoutSec.

These are easily fixed using config_parse_sec_fix_0().

Automount.TimeoutIdleSec looks like it could have the same problem,
but doesn't because the kernel treats '0' as 'no timeout'.
It handle USEC_INFINITY correctly only because that constant has
the value '-1', and when round up, it becomes zero.
To avoid possible confusion, use config_parse_sec_fix_0() as well, and
explicitly handle USEC_INFINITY.

7 years agonspawn: add nosuid and nodev to /tmp mount (#6004)
tomty89 [Tue, 23 May 2017 07:41:36 +0000 (15:41 +0800)]
nspawn: add nosuid and nodev to /tmp mount (#6004)

When automatic /tmp mount was introduced to nspawn in v219, it was done without having the nosuid and nodev mount options, which was the same case as systemd's default tmp.mount unit back then.

nosuid and nodev was added to tmp.mount(.m4) in v231 for security reasons. matching the nspawn /tmp mount entry against that.

Ref.:
https://github.com/systemd/systemd/commit/2f9df7c96a25adb42093ee3ee201577f3e01da42
https://github.com/systemd/systemd/commit/bbb99c30d01a8bcdc27fb151cc6376a7877a6b07

7 years agonetworkd-link: Receive LLDP on Bridge slaves not master (#5995)
sjoerd-ccu [Tue, 23 May 2017 07:10:59 +0000 (09:10 +0200)]
networkd-link: Receive LLDP on Bridge slaves not master (#5995)

LLDP should be received on bridge slaves as they're the entities
directly connected to a peer. Receiving LLDP on the bridge device makes
little sense, Linux by default even filters out LLDP going onto the
bridge device.

Flip the current logic, receive LLDP on bridge slaves don't listen for
them on the bridge itself.

7 years agoMerge pull request #6005 from grawity/github
Lennart Poettering [Mon, 22 May 2017 13:47:50 +0000 (15:47 +0200)]
Merge pull request #6005 from grawity/github

doc: update GitHub ISSUE_TEMPLATE

7 years agoload-dropin: propagate errors properly from unit_name_compatible() (#6002)
Lennart Poettering [Mon, 22 May 2017 13:18:00 +0000 (15:18 +0200)]
load-dropin: propagate errors properly from unit_name_compatible() (#6002)

Let's log about this in the caller.

Doesn't really matter, but let's do something about my OCD, and
propagate errors properly, so that the caller can log about them.

7 years agogithub: comment out submitter note in ISSUE_TEMPLATE
Mantas Mikulėnas [Mon, 22 May 2017 13:07:28 +0000 (16:07 +0300)]
github: comment out submitter note in ISSUE_TEMPLATE

It's for the person filling in the form, not for people reading it later.

7 years agogithub: remove checkboxes from ISSUE_TEMPLATE
Mantas Mikulėnas [Mon, 22 May 2017 13:06:50 +0000 (16:06 +0300)]
github: remove checkboxes from ISSUE_TEMPLATE

The issue list page thinks those are in fact todo items.

7 years agosd-dhcp: library code shouldn't log above LOG_DEBUG (#6001)
Lennart Poettering [Mon, 22 May 2017 12:38:01 +0000 (14:38 +0200)]
sd-dhcp: library code shouldn't log above LOG_DEBUG (#6001)

Let's downgrade the warning introduced by
955d99edc7991386a36e3d33924cc584931fde91 to debug, as we really
shouldn't log at more than debug level from library code.

(And while we are at it, print the MTU as the right (unsigned) type in
the format string.)

7 years agoMerge pull request #5958 from keszybz/explicit-log-errno
Lennart Poettering [Mon, 22 May 2017 08:12:18 +0000 (10:12 +0200)]
Merge pull request #5958 from keszybz/explicit-log-errno

Use explicit errno in log calls

7 years agomkosi: update Debian config for mkosi (#5997)
AsciiWolf [Mon, 22 May 2017 02:24:30 +0000 (04:24 +0200)]
mkosi: update Debian config for mkosi (#5997)

* mkosi.debian: fix libidn2 package name
* mkosi.debian: drop duplicate diffutils package
* mkosi.debian: add missing g++ package

7 years agoAllow bad MTU values with warning to be able to connect to the machine. (#5954)
Matthias Greiner [Mon, 22 May 2017 01:11:25 +0000 (03:11 +0200)]
Allow bad MTU values with warning to be able to connect to the machine. (#5954)

Ensure the MTU value is valid. Emit a warning and ignore otherwise.

7 years agoMerge pull request #5990 from keszybz/logind
Djalal Harouni [Sun, 21 May 2017 05:14:21 +0000 (07:14 +0200)]
Merge pull request #5990 from keszybz/logind

A bunch of sd-login improvements

7 years agoMerge pull request #6000 from keszybz/fix-oom-warning
Djalal Harouni [Sun, 21 May 2017 05:11:33 +0000 (07:11 +0200)]
Merge pull request #6000 from keszybz/fix-oom-warning

core/load-droping: avoid oom warning when the unit symlink is not a template

7 years agocore/load-droping: avoid oom warning when the unit symlink is not a template
Zbigniew Jędrzejewski-Szmek [Sat, 20 May 2017 23:34:50 +0000 (19:34 -0400)]
core/load-droping: avoid oom warning when the unit symlink is not a template

unit_name_template returns -EINVAL if the unit name is not a template, but
the code assumed that OOM is the only failure mode. Fix that to emit the warning
if a non-template unit is encountered (because in this case we expect the name
to match exactly), and just skip the warning on other errors (presumably oom).

Fixes #5543.

7 years agoMerge pull request #5960 from keszybz/journald-memleak
Evgeny Vereshchagin [Sat, 20 May 2017 22:41:48 +0000 (01:41 +0300)]
Merge pull request #5960 from keszybz/journald-memleak

Journald and journal-remote memleak fixes

7 years agoDHCP: when adding static routes set scopes properly (#5982)
Daniel Wang [Sat, 20 May 2017 11:05:18 +0000 (04:05 -0700)]
DHCP: when adding static routes set scopes properly (#5982)

DHCP responses could include static routes, but unfortunately not an
option to tell what scope to use. So it's important that the client sets
it properly.

This mimics what the `ip route add` command does when adding a static
route without an explicit scope:

* If the destination IP is on the local host, use scope `host`
* Otherwise if the gateway IP is null (direct route), use scope `link`
* If anything else, use the current default `global`.

Fixes #5979.

7 years agojournald: fix trivial memleak
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 16:52:05 +0000 (12:52 -0400)]
journald: fix trivial memleak

Fixes #5516.

7 years agoudev-rules: add helper function for logging
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 20:23:30 +0000 (16:23 -0400)]
udev-rules: add helper function for logging

Avoid repeating the same conditional four times. Error messages are
capitalized.

7 years agobasic/time-util: make parsing of dual_timestamp more strict
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 18:49:06 +0000 (14:49 -0400)]
basic/time-util: make parsing of dual_timestamp more strict

*scanf functions set errno on i/o error. For sscanf, this doesn't really apply,
so (based on the man page), it seems that errno is unlikely to be ever set to a
useful value. So just ignore errno. The error message includes the string that
was parsed, so it should be always pretty clear why parsing failed.

On the other hand, detect trailing characters and minus prefix that weren't
converted properly. This matches what our safe_ato* functions do. Add tests to
elucidate various edge cases.

7 years agotest-parse-util: verify that ato[ui] actually rejects trailing garbage
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 18:37:48 +0000 (14:37 -0400)]
test-parse-util: verify that ato[ui] actually rejects trailing garbage

7 years agotree-wide: when %m is used in log_*, always specify errno explicitly
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 15:26:55 +0000 (11:26 -0400)]
tree-wide: when %m is used in log_*, always specify errno explicitly

All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.

Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'

7 years agoMerge pull request #5624 from glaubitz/x32
Lennart Poettering [Fri, 19 May 2017 17:17:57 +0000 (19:17 +0200)]
Merge pull request #5624 from glaubitz/x32

Fix multiple issues with incorrect usage of format specifiers

7 years agojournald: process "binary" fields the same as text fields
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 15:59:47 +0000 (11:59 -0400)]
journald: process "binary" fields the same as text fields

MESSAGE=data\n and MESSAGE\n40000000data\n are both valid serializations, so
they should be stored in the journal. Before, MESSAGE, SYSLOG_FACILITY,
SYSLOG_IDENTIFIER, PRIORITY, and OBJECT_PID would be only honoured if they were
given in the first form.

Fixed #5973.

7 years agojournald: properly process multiple entries in the same native packet
Zbigniew Jędrzejewski-Szmek [Sun, 14 May 2017 02:34:40 +0000 (22:34 -0400)]
journald: properly process multiple entries in the same native packet

For all except the last entry in a single packet, we would dispatch the
message to the journal, but not forward it, nor perform proper cleanup.
Rewrite the code to process each entry in a helper function, and make
server_process_native_message() just call this function in a loop.

Fixes #5643.

v2:
- properly decrement *remaining when processing entry separator

7 years agoshared/logs-show: avoid printing "(null)" when timestamp is not specified
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 20:40:09 +0000 (16:40 -0400)]
shared/logs-show: avoid printing "(null)" when timestamp is not specified

$ perl -e 'print("MESSAGE\n", pack("q<", 1), "A\n\nMESSAGE=test2\n")' > message.bin
$ systemd-journal-remote -o /tmp/out.journal message.bin
$ journalctl -o export --file /tmp/out.journal
__CURSOR=s=b16c464c2db44384b29e75a564d8388e;i=1;b=6b0be47627bd4932913dc126012c21c0;m=0;t=0;x=b04263a253e357a
__REALTIME_TIMESTAMP=0
__MONOTONIC_TIMESTAMP=0
_BOOT_ID=6b0be47627bd4932913dc126012c21c0
MESSAGE=A

$ journalctl -o verbose --file /tmp/out.journal
(null) [s=b16c464c2db44384b29e75a564d8388e;i=1;b=6b0be47627bd4932913dc126012c21c0;m=0;t=0;x=b04263a253e357a]
    MESSAGE=A

This is changed to
$ build/journalctl -o verbose --file /tmp/out.journal
(no timestamp) [s=b16c464c2db44384b29e75a564d8388e;i=1;b=6b0be47627bd4932913dc126012c21c0;m=0;t=0;x=b04263a253e357a]
    MESSAGE=A

We should deal gracefully with unexpected input.

7 years agojournal-remote: fix memleak of the name of the remote source
Zbigniew Jędrzejewski-Szmek [Sun, 14 May 2017 02:42:14 +0000 (22:42 -0400)]
journal-remote: fix memleak of the name of the remote source

7 years agojournald: use unaligned_read instead of memcpy
Zbigniew Jędrzejewski-Szmek [Sun, 14 May 2017 02:42:08 +0000 (22:42 -0400)]
journald: use unaligned_read instead of memcpy

7 years agoarchitecture: add Synopsys DesignWare ARC cores support (#5992)
Alexey Brodkin [Fri, 19 May 2017 14:55:24 +0000 (16:55 +0200)]
architecture: add Synopsys DesignWare ARC cores support (#5992)

DesignWare ARC Processors are a family of 32-bit CPUs from Synopsys
used extensively in SoCs of different vendors.

7 years agohwdb: Fix mapping for home-key on Cube iWork8 air (#5994)
Hans de Goede [Fri, 19 May 2017 14:05:27 +0000 (16:05 +0200)]
hwdb: Fix mapping for home-key on Cube iWork8 air (#5994)

The intent of the hwdb entry for the Cube iWork8 air tablet buttons is
to fix them being swapped. The kernel is using left-meta for the
home key (it is being treated as the windows key on keyboards, as it has
a windows logo on most x86 tablets).

Fix the hwdb entry to only swap the buttons and not change the keycode
emitted by the home key.

7 years agoFix includes (#5980)
Matija Skala [Fri, 19 May 2017 14:01:35 +0000 (16:01 +0200)]
Fix includes (#5980)

Needed on musl.

7 years agotimesync/timesyncd-manager: fix format-specifier issue
Matija Skala [Fri, 19 May 2017 12:36:40 +0000 (14:36 +0200)]
timesync/timesyncd-manager: fix format-specifier issue

timex::time::tv_sec can have different sizes depending on the
host architecture. On x32 in particular, it is 8 bytes
long while the long int type is only 4 bytes  long. Hence,
using li as a format specifier will trigger a format
error. Thus, better use PRI_TIME instead of li which is
actually the right format specifier to use for time_t.

7 years agocore: open /proc/self/mountinfo early to allow mounts over /proc (#5985)
Timothée Ravier [Fri, 19 May 2017 12:38:40 +0000 (14:38 +0200)]
core: open /proc/self/mountinfo early to allow mounts over /proc (#5985)

Enable masking the /proc folder using the 'InaccessiblePaths' unit
option.

This also slightly simplify mounts setup as the bind_remount_recursive
function will only open /proc/self/mountinfo once.

This is based on the suggestion at:
https://lists.freedesktop.org/archives/systemd-devel/2017-April/038634.html

7 years agotimesync/timesyncd-manager: fix format-specifier issues
Matija Skala [Fri, 19 May 2017 12:36:12 +0000 (14:36 +0200)]
timesync/timesyncd-manager: fix format-specifier issues

timex::time::tv_usec and timex::freq can have different sizes
depending on the host architecture. On x32 in particular,
it is 8 bytes long while the long int type is only 4 bytes
long. Hence, using li as a format specifier will trigger
a format error. Thus, introduce a new format specifier
PRI_TIMEX which is defined as PRIi64 on x32 and li
everywhere else.

7 years agoudev/udevadm-monitor: fix format-specifier issue
John Paul Adrian Glaubitz [Wed, 22 Mar 2017 20:40:51 +0000 (21:40 +0100)]
udev/udevadm-monitor: fix format-specifier issue

timespec::tv_nsec can have different sizes depending on the
host architecture. On x32 in particular, it is 8 bytes long
while the long int type is only 4 bytes long. Hence, using
ld as a format specifier will trigger a format error. Thus,
explicitly cast timespec::tv_nsec to nsec_t and use PRI_NSEC
as the format specifier to make sure the sizes for both match.

7 years agojournal/journald-console: fix format-specifier issue
John Paul Adrian Glaubitz [Wed, 22 Mar 2017 20:34:32 +0000 (21:34 +0100)]
journal/journald-console: fix format-specifier issue

timespec::tv_nsec can have different sizes depending on the
host architecture. On x32 in particular, it is 8 bytes long
while the long int type is only 4 bytes long. Hence, using
ld as a format specifier will trigger a format error. Thus,
explicitly cast timespec::tv_nsec to nsec_t and use PRI_NSEC
as the format specifier to make sure the sizes for both match.

7 years agosd-login: fix querying machines when machined is not running
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 11:52:00 +0000 (07:52 -0400)]
sd-login: fix querying machines when machined is not running

We should not leak the internal error from missing directory and treat
that case the same as no machines.

7 years agoman: fix typo m86k → m68k (#5993)
Lennart Poettering [Fri, 19 May 2017 09:37:30 +0000 (11:37 +0200)]
man: fix typo m86k → m68k (#5993)

7 years agoMerge pull request #5598 from pfl/ndisc_prefix_delegation
Lennart Poettering [Fri, 19 May 2017 09:17:07 +0000 (11:17 +0200)]
Merge pull request #5598 from pfl/ndisc_prefix_delegation

Initial Router Advertisment implementation

7 years agoudev: skip EVDEV_ABS override on devices without EV_ABS (#5984)
Peter Hutterer [Fri, 19 May 2017 08:56:29 +0000 (18:56 +1000)]
udev: skip EVDEV_ABS override on devices without EV_ABS (#5984)

When we first handle a device with an EVDEV_ABS override, check if it has
EV_ABS bits. If not, print a warning and continue. This is required on devices
where the match string applies to multiple device nodes, not all of which may
have absolute axes.

Fixes https://github.com/systemd/systemd/issues/5079

7 years agoMerge pull request #5988 from poettering/man-and-gcc
Evgeny Vereshchagin [Fri, 19 May 2017 06:34:39 +0000 (09:34 +0300)]
Merge pull request #5988 from poettering/man-and-gcc

minor man page and gcc fixes

7 years agosd-login,test-login: return -ENODATA from sd_pid_get_unit too
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 02:32:19 +0000 (22:32 -0400)]
sd-login,test-login: return -ENODATA from sd_pid_get_unit too

After all, we might be running on a non-systemd system.

7 years agoudev: turn off -Wformat-nonliteral for one safe case
Lennart Poettering [Thu, 18 May 2017 16:25:02 +0000 (18:25 +0200)]
udev: turn off -Wformat-nonliteral for one safe case

c20e6de897b2378bc3f936e1e265d2d2e2450a73 introduced a format string as
variable, but didn't turn off -Wformat-nonliteral warnings on it, thus
breaking the build. Let's fix that, by simply turning off the warning in
this case, as we know it's safe.

7 years agoman: extend documentation on sd_bus_add_match a bit()
Lennart Poettering [Thu, 18 May 2017 16:24:17 +0000 (18:24 +0200)]
man: extend documentation on sd_bus_add_match a bit()

Explain briefly how the concept of "sd_bus_slot" works.

This recently came up on the mailing list, hence let's document this for
the next time.

7 years agotest-login: make the test non-manual
Zbigniew Jędrzejewski-Szmek [Fri, 12 May 2017 18:25:17 +0000 (14:25 -0400)]
test-login: make the test non-manual

test-login.c is largely rewritten to use _cleanup_ and give more meaningful
messages (function names are used instead of creative terms like "active
session", so that when something unexpected is returned, it's much easier to
see what function is responsible).

The monitoring part is only activated if '-m' is passed on the command line.

It runs against the information from /run/systemd/ in the live system, but that
should be OK: logind/sd-login interface is supposed to be stable and both
backwards and forwards compatible.

If not running in a login session, some tests are skipped.

Those two changes together mean that it's possible to run test-login in the
test suite.

Tests for sd_pid_get_{unit,user_unit,slice} are added.

7 years agosd-login: fix return value of sd_pid_get_user_unit
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 02:11:08 +0000 (22:11 -0400)]
sd-login: fix return value of sd_pid_get_user_unit

E.g. "/user.slice/user-1000.slice/session-15.scope" would cause -ENXIO to be
returned.

7 years agosd-login: fix return value of sd_pid_get_session
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 01:55:44 +0000 (21:55 -0400)]
sd-login: fix return value of sd_pid_get_session

We'd return -ENXIO, even thoug -ENODATA is documented.

7 years agosd-login: always return two arrays of same length from sd_seat_get_sessions
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 00:48:09 +0000 (20:48 -0400)]
sd-login: always return two arrays of same length from sd_seat_get_sessions

sd_seat_get_sessions returns two arrays, that in principle should always match:
the session names and corresponding uids. The second array could be shorter only
if parsing or uid conversion fails. But in that case there is no way to tell
*which* uid is wrong, so they are *all* useless. It's better to simplify things and
just return an error if parsing fails.

7 years agosd-login: read list of uids of sessions from UIDS not ACTIVE_SESSIONS
Zbigniew Jędrzejewski-Szmek [Fri, 19 May 2017 00:58:23 +0000 (20:58 -0400)]
sd-login: read list of uids of sessions from UIDS not ACTIVE_SESSIONS

As described by Luke Shumaker:

  sd_seat_get_sessions looks at /run/systemd/seats/${seat_name}:SESSIONS to get
  the list of sessions (which I believe is correct), and at
  /run/systemd/seats/${seat_name}:ACTIVE_SESSIONS for the list of users (which
  I believe is incorrect); I believe that it should look at the UIDS field for
  the list of users. As far as I can tell, the ACTIVE_SESSIONS field is never
  even present in the seats file. I also believe that this has been broken
  since the function was first committed almost 6 years ago.

Fixes #5743.

7 years agosd-netlink: Make use of IN_SET (#5977)
Susant Sahani [Thu, 18 May 2017 10:56:36 +0000 (10:56 +0000)]
sd-netlink: Make use of IN_SET (#5977)

7 years agogitignore: ignore /test-sd-dhcp-lease (#5983)
Daniel Wang [Thu, 18 May 2017 00:14:58 +0000 (17:14 -0700)]
gitignore: ignore /test-sd-dhcp-lease (#5983)

7 years agoMerge pull request #5957 from keszybz/test-c++
Lennart Poettering [Wed, 17 May 2017 15:02:55 +0000 (17:02 +0200)]
Merge pull request #5957 from keszybz/test-c++

Test compilation under C++

7 years agoudev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933)
Dimitri John Ledkov [Wed, 17 May 2017 13:28:35 +0000 (14:28 +0100)]
udev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933)

Fixes: #5894

7 years agocalendarspec: parse unix timestamps (@...) (#5947)
Zbigniew Jędrzejewski-Szmek [Wed, 17 May 2017 09:40:49 +0000 (05:40 -0400)]
calendarspec: parse unix timestamps (@...) (#5947)

Fixes #5810.

7 years agoMerge pull request #5883 from garyttierney/fix-selinux
Lennart Poettering [Wed, 17 May 2017 09:39:44 +0000 (11:39 +0200)]
Merge pull request #5883 from garyttierney/fix-selinux

selinux: enable labeling and access checks for unprivileged users

7 years agomeson: do not use generate_gperfs.py for keyboard-keys-from-name.gperf (#5968)
Yu Watanabe [Tue, 16 May 2017 00:51:22 +0000 (09:51 +0900)]
meson: do not use generate_gperfs.py for keyboard-keys-from-name.gperf (#5968)

Fixes #5967.

7 years agoAdd Lenovo UltraNav SK-8845 (#5963)
Charles Plessy [Mon, 15 May 2017 12:16:16 +0000 (21:16 +0900)]
Add Lenovo UltraNav SK-8845 (#5963)

Closes #5952.

7 years agomeson: add rules for RA sources
Zbigniew Jędrzejewski-Szmek [Thu, 11 May 2017 13:19:21 +0000 (09:19 -0400)]
meson: add rules for RA sources

7 years agotest-ndisc-ra: Add Router Advertisement test cases
Patrik Flykt [Fri, 12 May 2017 13:48:39 +0000 (16:48 +0300)]
test-ndisc-ra: Add Router Advertisement test cases

Add tests for prefix creation, router variable setting and finally
verify that a Router Advertisement is properly formatted when sending.
Also check that there is a Router Advertisment with zero lifetime
when Router Advertisement sending is stopped.

7 years agosd-radv: Receive Router Solicitations
Patrik Flykt [Fri, 12 May 2017 13:48:38 +0000 (16:48 +0300)]
sd-radv: Receive Router Solicitations

Receive Router Solicitations and send a unicast Router Advertisment
in response. Refactor ICMPv6 packet handling code so that the common
ICMPv6 validation parts are reused between the existing router
discovery and the new functionality adding reception of Router
Solicitation messages.

7 years agosd-radv: Send Router Advertisments
Patrik Flykt [Fri, 12 May 2017 13:48:37 +0000 (16:48 +0300)]
sd-radv: Send Router Advertisments

Create and remove the ICMPv6 Router Advertisement socket file
descriptor and implement Router Advertisment sending. As not
all options are mandatory, use IO vectors to point to the included
options and the prefix information.

7 years agoicmp6-util: Move multicast address definitions
Patrik Flykt [Fri, 12 May 2017 13:48:36 +0000 (16:48 +0300)]
icmp6-util: Move multicast address definitions

As the Router Advertisment sending code needs these multicast
address definitions, move them to the header file.

7 years agoicmp6-util: Bind Router Advertisement socket
Patrik Flykt [Fri, 12 May 2017 13:48:35 +0000 (16:48 +0300)]
icmp6-util: Bind Router Advertisement socket

Reuse and refactor the functionality already present for Router
Solicitations in order to create a socket for sending Router
Advertisements. Anticipate reception of incoming Router
Solicitations by setting the ICMPv6 filter accordingly. Also set
the unicast hop limit to 255 for ICMPv6 sockets as unicast Router
Advertisments are to be sent in response to Router Solicitations.

Update the Router Solicitation test case code with a function
definition in order to keep the test case working.

7 years agosd-radv: Implement Router Advertisement timeout handling
Patrik Flykt [Fri, 12 May 2017 13:48:34 +0000 (16:48 +0300)]
sd-radv: Implement Router Advertisement timeout handling

Router Advertisements are sent uniformly distributed between a
minimum and maximum time according to RFC 4861, Section 6.2.4.
Default values from RFC 4861 are for now used as minimum and
maximum Router Advertisement timeouts.

When stopping, a Router Advertisement with a router lifetime set
to zero is sent in order to inform any nodes that the interface
on this host no longer is a router.

7 years agonetworkd-link.c: Add Router Advertisement starting and stopping
Patrik Flykt [Fri, 12 May 2017 13:48:33 +0000 (16:48 +0300)]
networkd-link.c: Add Router Advertisement starting and stopping

Start and stop Router Advertisement sending once the link has acquired
a link-local IPv6 address.

7 years agonetworkd-radv: Helper function for Router Advertisement initialization
Patrik Flykt [Fri, 12 May 2017 13:48:32 +0000 (16:48 +0300)]
networkd-radv: Helper function for Router Advertisement initialization

Add a helper function for configuring Router Advertisement on a
specific network link. Add the prefixes that are going to be advertised.

7 years agosd-radv: Add Router Advertisement functionality
Patrik Flykt [Fri, 12 May 2017 13:48:31 +0000 (16:48 +0300)]
sd-radv: Add Router Advertisement functionality

Add Router Advertisement header files, data structures and core
functionality that is quite similar to other parts of networkd.

7 years agonetworkd: Add Router Advertisement variables
Patrik Flykt [Fri, 12 May 2017 13:48:30 +0000 (16:48 +0300)]
networkd: Add Router Advertisement variables

Add variables for enabling Router Advertisements, router lifetime as
well as managed and other information flags indicating use of DHCPv6.
Add configuration of default router preferences as defined in RFC 4191.

IPv6PrefixDelegation in the [Network] section has to be set in order
to enable prefix delegation. The rest of the prefix delegation values
are stored in the [IPv6PrefixDelegation] section. The host will act as
a default router if it is given a non-zero lifetime with
RouterLifetimeSec. Managed and OtherInformation booleans set the level
of DHCPv6 support, and the RouterPreference configures the router's
preference between low, medium and high. Words 'normal' and 'default'
are added as synonyms for 'medium' just to make configuration simpler.

This adds a section like the following to .network configuration files:
[Network]
IPv6PrefixDelegation=true

[IPv6PrefixDelegation]
RouterLifetimeSec=2000
Managed=false
OtherInformation=true
RouterPreference=medium

7 years agonetworkd: Add IPv6Prefix sections to the network configuration files
Patrik Flykt [Fri, 12 May 2017 13:48:29 +0000 (16:48 +0300)]
networkd: Add IPv6Prefix sections to the network configuration files

Support zero or more [IPv6Prefix] sections in the network configuration
files. Each section can have one Prefix=<subnet>[/<prefixlength>]
option, with the preferred and valid lifetimes specified by
ValidLifetimeSec and PreferredLifetimeSec measured in seconds, and
with onlink and address autoconfiguration booleans specified by
OnLink and AddressAutoconfiguration variables.

This adds a section like the following to .network configuration files:
[IPv6Prefix]
Prefix=2001:db8:dead:beef::/64
OnLink=true
AddressAutoconfiguration=true
ValidLifetimeSec=1500
PreferredLifetimeSec=1000

7 years agonetworkd: Add initial prefix handling for network configuration
Patrik Flykt [Fri, 12 May 2017 13:48:28 +0000 (16:48 +0300)]
networkd: Add initial prefix handling for network configuration

Add initial code for handling prefixes in network configuration files.
Add hash map and list storing the information in systemd-networkd.

7 years agosd-radv: Add Router Advertisement prefix handling
Patrik Flykt [Fri, 12 May 2017 13:48:27 +0000 (16:48 +0300)]
sd-radv: Add Router Advertisement prefix handling

Define Router Advertisement prefix structure. Add the Prefix
Information ICMPv6 option defined in RFC 4861 to the prefix
information structure, as it will simplify sending a Prefix
Information option later on. In order to handle endianness
correctly, the structure is redefined here instead of using
the one in netinet/icmp6.h.

Add functions to create and modify prefix information and set
default values as defined in RFC 4861, Section 6.2.1.

7 years agotest-bus-vtable: add SD_BUS_PROPERTY
Zbigniew Jędrzejewski-Szmek [Sun, 14 May 2017 19:09:29 +0000 (15:09 -0400)]
test-bus-vtable: add SD_BUS_PROPERTY

Without cc9daff228, this results in:

src/libsystemd/sd-bus/test-bus-vtable-cc.cc:56:1: sorry, unimplemented: non-trivial designated initializers not supported
 };
 ^

7 years agoMerge pull request #5961 from ronnychevalier/rc/conf-parser-strv-typo
Zbigniew Jędrzejewski-Szmek [Sun, 14 May 2017 14:31:12 +0000 (10:31 -0400)]
Merge pull request #5961 from ronnychevalier/rc/conf-parser-strv-typo

conf-parser: fix wrong argument given to log_syntax_invalid_utf8

7 years agoenv-util: fix memory leak (#5962)
Ronny Chevalier [Sun, 14 May 2017 14:30:40 +0000 (16:30 +0200)]
env-util: fix memory leak (#5962)

If cunescape succeeds, but the assignment is not valid, uce is not freed.

7 years agotest-conf-parser: add valid and invalid utf8 test for config_parse_path
Ronny Chevalier [Sun, 14 May 2017 11:19:11 +0000 (13:19 +0200)]
test-conf-parser: add valid and invalid utf8 test for config_parse_path

7 years agoconf-parser: fix wrong argument given to log_syntax_invalid_utf8
Ronny Chevalier [Sun, 14 May 2017 11:19:11 +0000 (13:19 +0200)]
conf-parser: fix wrong argument given to log_syntax_invalid_utf8

The condition is on "word", hence we give word instead of rvalue.

An assert would be triggered if !utf8_is_valid(word) is true and
rvalue == NULL, since log_syntax_invalid_utf8 calls utf8_escape_invalid
which calls assert(str).

A test case has been added to test with valid and invalid utf8.

7 years agotests,meson: add test-bus-vtable, compiled as C and C++
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 17:23:28 +0000 (13:23 -0400)]
tests,meson: add test-bus-vtable, compiled as C and C++

This test is mostly a compilation test that checks that various defines in
sd-bus-vtable.h are valid C++. The code is executed, but the results are not
checked (apart from sd-bus functions not returning an error). test-bus-objects
contains pretty extensive tests for this functionality.

The C++ version is only added to meson, since it's simpler there.
Because of the .cc extension, meson will compile the executable with c++.

This test is necessary to properly check the macros in sd-bus-vtable.h. Just
running the headers through g++ is not enough, because the macros are not
exercised.

Follow-up for #5941.

7 years agotest-ipv4ll: use assert_se consistently
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 15:47:36 +0000 (11:47 -0400)]
test-ipv4ll: use assert_se consistently

We use assert_se in tests so that the asserts get evaluated even if compiled with NDEBUG.

7 years agotree-wide: drop assert.h includes
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 15:44:51 +0000 (11:44 -0400)]
tree-wide: drop assert.h includes

We provide an independent reimplementation in macro.h, and that's the one
we want to use. Including the system header is unnecessary and confusing.

7 years agotests: make sure that our headers are valid c++
Zbigniew Jędrzejewski-Szmek [Fri, 12 May 2017 19:20:54 +0000 (15:20 -0400)]
tests: make sure that our headers are valid c++

This adds a meson test because it fits nicely into the existing framework.
It should be enough to run this test once in a while, so I don't think it's
crucial to also have it under autotools.

7 years agotree-wide: fix incorrect uses of %m
Zbigniew Jędrzejewski-Szmek [Sat, 13 May 2017 15:24:37 +0000 (11:24 -0400)]
tree-wide: fix incorrect uses of %m

In those cases errno was not set, so we would be logging some unrelated error
or "Success".

7 years agoMerge pull request #5956 from eliasp/fix-typo-network-zones
Michael Biebl [Sat, 13 May 2017 19:07:04 +0000 (21:07 +0200)]
Merge pull request #5956 from eliasp/fix-typo-network-zones

man: fix typo (`--network-zones` → `--network-zone`)

7 years agoman: fix typo (`--network-zones` → `--network-zone`)
Elias Probst [Sat, 13 May 2017 18:55:03 +0000 (20:55 +0200)]
man: fix typo (`--network-zones` → `--network-zone`)

7 years agonetwork: Implement DHCP Option 119 (Domain Search List) (#5932)
Daniel Wang [Sat, 13 May 2017 14:19:32 +0000 (07:19 -0700)]
network: Implement DHCP Option 119 (Domain Search List) (#5932)

This adds a modified version of dhcp6_option_parse_domainname() that is
able to parse compressed domain names, borrowing the idea from
dns_packet_read_name(). It also adds pieces in networkd-link and
networkd-manager to properly save/load the added option field.

Resolves #2710.

7 years agoaudit-fd: check for CAP_AUDIT_WRITE before opening an audit socket
Gary Tierney [Tue, 2 May 2017 20:05:32 +0000 (21:05 +0100)]
audit-fd: check for CAP_AUDIT_WRITE before opening an audit socket

Adds a check to audit-fd.c to ensure that CAP_AUDIT_WRITE is present in
the set of effective capabilities before opening an audit netlink
socket.  This ensures that unprivileged systemd instances (MANAGER_USER)
don't try to log AVC permission checks with the audit subsystem when
CAP_AUDIT_WRITE is not present.

7 years agoRevert "selinux: split up mac_selinux_have() from mac_selinux_use()"
Gary Tierney [Tue, 2 May 2017 16:42:19 +0000 (17:42 +0100)]
Revert "selinux: split up mac_selinux_have() from mac_selinux_use()"

This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.

The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and systemd instances running as
MANAGER_USER.  In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID.  Additionally, it causes activated socket units to
be mislabeled for systemd --user processes since setsockcreatecon() would never
be called.

Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.

7 years agoMerge pull request #5432 from keszybz/udev-logging
Lennart Poettering [Fri, 12 May 2017 13:22:46 +0000 (15:22 +0200)]
Merge pull request #5432 from keszybz/udev-logging

udev logging separation

7 years agonss-resolve: drop the internal fallback to libnss_dns (#5945)
Zbigniew Jędrzejewski-Szmek [Fri, 12 May 2017 12:31:46 +0000 (08:31 -0400)]
nss-resolve: drop the internal fallback to libnss_dns (#5945)

If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:

   hosts: resolve [!UNAVAIL=return] dns myhostname

Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.

Tested with
   hosts: resolve [!UNAVAIL=return] myhostname
and
   hosts: resolve [!UNAVAIL=return] dns myhostname

Fixes #5742.

7 years agoMerge pull request #5928 from keszybz/libidn2
Lennart Poettering [Fri, 12 May 2017 10:01:40 +0000 (12:01 +0200)]
Merge pull request #5928 from keszybz/libidn2

Use idn2 instead of idn