Lennart Poettering [Tue, 28 Oct 2014 00:49:39 +0000 (01:49 +0100)]
units: define appropriate job timeout actions when boot or shutdown timeouts are hit
Using the new JobTimeoutAction= setting make sure we power off the
machine after basic.target is queued for longer than 15min but not
executed. Similar, if poweroff.target is queued for longer than 30min
but does not complete, forcibly turn off the system. Similar, if
reboot.target is queued for longer than 30min but does not complete,
forcibly reboot the system.
Lennart Poettering [Tue, 28 Oct 2014 00:49:07 +0000 (01:49 +0100)]
job: optionally, when a job timeout is hit, also execute a failure action
Lennart Poettering [Tue, 28 Oct 2014 00:42:13 +0000 (01:42 +0100)]
core: remove system start timeout logic again
The system start timeout as previously implemented would get confused by
long-running services that are included in the initial system startup
transaction for example by being cron-job-like long-running services
triggered immediately at boot. Such long-running jobs would be subject
to the default 15min timeout, esily triggering it.
Hence, remove this again. In a subsequent commit, introduce per-target
job timeouts instead, that allow us to control these timeouts more
finegrained.
Lennart Poettering [Mon, 27 Oct 2014 23:52:48 +0000 (00:52 +0100)]
update TODO
Lennart Poettering [Mon, 27 Oct 2014 22:50:51 +0000 (23:50 +0100)]
journald: be nice to coverity, add an extra assert
coverity otherwise assumes that the chain object might be NULL.
Lennart Poettering [Mon, 27 Oct 2014 17:09:07 +0000 (18:09 +0100)]
CODING_STYLE: don't clobber arguments on failure
Lennart Poettering [Mon, 27 Oct 2014 17:08:46 +0000 (18:08 +0100)]
calendarspec: parse 'quarterly' and 'semi-annually' as shortcuts
Tom Gundersen [Mon, 27 Oct 2014 16:39:18 +0000 (17:39 +0100)]
networkd: network - if no prefixlength is given, try to deduce one from the address class
In case of a class E or F address, ignore the address.
Tom Gundersen [Mon, 27 Oct 2014 16:38:03 +0000 (17:38 +0100)]
shared: in-addr-utils - add default_subnet_mask and default_prefixlen methods
These use the (deprecated) IPv4 address classes to deduce the corresponding subnet masks. This is useful when addresses
without subnet masks and prefix lengths are given.
Make use of these new functions from sd-dhcp-lease.
Tom Gundersen [Mon, 27 Oct 2014 16:28:29 +0000 (17:28 +0100)]
man: tmpfiles.d - recommend using b! and c!
We should avoid creating static device nodes at runtime.
Tom Gundersen [Mon, 27 Oct 2014 16:15:42 +0000 (17:15 +0100)]
units: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot
This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot.
Daniel Mack [Mon, 27 Oct 2014 16:02:31 +0000 (17:02 +0100)]
sd-bus: sync kdbus.h (ABI break)
Some comment fixes and header cleanups in kdbus.h, and the task capability
meta information has been factored out to its own struct.
Lennart Poettering [Mon, 27 Oct 2014 12:54:19 +0000 (13:54 +0100)]
man: document what "minutely" now means
Daniele Medri [Mon, 27 Oct 2014 07:42:42 +0000 (08:42 +0100)]
calendar: new case 'minutely'
Lennart Poettering [Mon, 27 Oct 2014 12:32:04 +0000 (13:32 +0100)]
update TODO
Lennart Poettering [Mon, 27 Oct 2014 12:31:56 +0000 (13:31 +0100)]
update NEWS
Lennart Poettering [Mon, 27 Oct 2014 12:06:11 +0000 (13:06 +0100)]
sd-bus: explicitly cast asprintf() return value away we are not interested in
Let's give coverity a hint what's going on here.
Lennart Poettering [Mon, 27 Oct 2014 12:04:12 +0000 (13:04 +0100)]
Revert "sd-bus: check return value of asprintf()"
This reverts commit
b1543c4c93855b61b40118e9f14a0423dac2e078.
We check b->address anyway, no need to check the return value,
especially given that the other #ifdef branch don't get the same
treatment.
Michal Sekletar [Tue, 21 Oct 2014 16:38:42 +0000 (18:38 +0200)]
shutdown: do final unmounting only if not running inside the container
If we run in the container then we run in a mount namespace. If namespace dies
then kernel should do unmounting for us, hence we skip unmounting in containers.
Also, it may be the case that we no longer have capability to do umount,
because we are running in the unprivileged container.
See: http://lists.freedesktop.org/archives/systemd-devel/2014-October/023536.html
Ivan Shapovalov [Mon, 27 Oct 2014 09:07:36 +0000 (12:07 +0300)]
man: fix typos in description of SELinuxContextFromNet=
Tom Gundersen [Sun, 26 Oct 2014 13:01:27 +0000 (14:01 +0100)]
networkd: don't stop the dhcp server when link goes down
Michal Sekletar [Mon, 27 Oct 2014 10:08:26 +0000 (11:08 +0100)]
util: fix copy-paste error and actually set the new hostname
Reported-by: sztanpet on irc
Michal Sekletar [Tue, 21 Oct 2014 16:17:54 +0000 (18:17 +0200)]
util: introduce sethostname_idempotent
Function queries system hostname and applies changes only when necessary. Also,
migrate all client of sethostname to sethostname_idempotent while at it.
Zbigniew Jędrzejewski-Szmek [Sun, 26 Oct 2014 04:14:30 +0000 (00:14 -0400)]
journald: fix flushing
Commit
74055aa762 'journalctl: add new --flush command and make use of
it in systemd-journal-flush.service' broke flushing because journald
checks for the /run/systemd/journal/flushed file before opening the
permanent journal. When the creation of this file was postponed,
flushing stoppage ensued.
Zbigniew Jędrzejewski-Szmek [Sat, 25 Oct 2014 19:15:28 +0000 (15:15 -0400)]
systemctl: do not ignore errors in symlink removal
On an ro fs, systemctl disable ... would fail silently.
Zbigniew Jędrzejewski-Szmek [Fri, 24 Oct 2014 20:09:35 +0000 (16:09 -0400)]
Rearrange Unit to make pahole happy
After all we have lots of those.
Zbigniew Jędrzejewski-Szmek [Sat, 25 Oct 2014 15:59:36 +0000 (11:59 -0400)]
calendarspec: fix typo in "annually"
https://bugs.freedesktop.org/show_bug.cgi?id=85447
Santiago Vila [Sat, 25 Oct 2014 14:40:30 +0000 (10:40 -0400)]
journalctl: correct help text for --until
http://bugs.debian.org/766598
Lennart Poettering [Fri, 24 Oct 2014 17:29:01 +0000 (19:29 +0200)]
bus-proxy: it's OK if getpeercred doesn't work
We should use the data if we can (if stdin/stdout is an AF_UNIX socket),
but still work if we can't (if stdin/stdout are pipes, like in the SSH
case).
This effectively reverts
55534fb5e4742b0db9ae5e1e0202c53804147697
Lennart Poettering [Fri, 24 Oct 2014 17:24:53 +0000 (19:24 +0200)]
sd-bus: if we don't manage to properly allocate the error message for an sd_bus_error, just go on
sd_bus_error_setfv() must initialize the sd_bus_error value to some
sensible value and then return a good errno code matching that. If it
cannot work at all it should set the error statically to the OOM error.
But if it can work half-way (i.e. initialize the name, but not the
message) it should do so and still return the correct errno number for
it.
This effectively reverts
8bf13eb1e02b9977ae1cd331ae5dc7305a305a09
Lennart Poettering [Fri, 24 Oct 2014 17:10:09 +0000 (19:10 +0200)]
time: don't do comparison twice
Lennart Poettering [Fri, 24 Oct 2014 17:09:36 +0000 (19:09 +0200)]
time: minor simplification
Lennart Poettering [Fri, 24 Oct 2014 17:08:22 +0000 (19:08 +0200)]
time: earlier exit from format_timestamp_relative() on special times
Lennart Poettering [Fri, 24 Oct 2014 17:07:26 +0000 (19:07 +0200)]
time: also support 'infinity' syntax in parse_nsec()
Let's make parse_usec() and parse_nsec() work similar
Lennart Poettering [Fri, 24 Oct 2014 17:07:01 +0000 (19:07 +0200)]
update TODO
Lennart Poettering [Fri, 24 Oct 2014 17:06:23 +0000 (19:06 +0200)]
NEWS: more preparations for 217
Lennart Poettering [Fri, 24 Oct 2014 16:48:11 +0000 (18:48 +0200)]
delta: use wait_for_terminate_and_warn() to generate warnin when diff fails
Lennart Poettering [Fri, 24 Oct 2014 16:33:29 +0000 (18:33 +0200)]
calendar: make freeing a calendar spec object deal fine with NULL
In order to make object destruction easier (in particular in combination
with _cleanup_) we usually make destructors deal with NULL objects as
NOPs. Change the calendar spec destructor to follow the same scheme.
Lennart Poettering [Fri, 24 Oct 2014 16:32:30 +0000 (18:32 +0200)]
timesyncd: the IP_TOS sockopt is really just an optimization, we shouldn't fail if we can't set it
This partially undos
2f905e821e0342c36f5a5d3a51d53aabccc800bd
Lennart Poettering [Fri, 24 Oct 2014 14:52:55 +0000 (16:52 +0200)]
update TODO
Jan Janssen [Thu, 23 Oct 2014 17:37:29 +0000 (19:37 +0200)]
journalctl: Unify boot id lookup into common function get_boots
WaLyong Cho [Fri, 24 Oct 2014 04:51:09 +0000 (13:51 +0900)]
udev: do NOT re-label smack
If selinux is disabled and smack is only enabled, smack label is
relable-ed by label_fix. To avoid, make only be labeled for selinux.
Lennart Poettering [Fri, 24 Oct 2014 11:44:45 +0000 (13:44 +0200)]
manager: Linux on hppa has fewer rtsigs, hence avoid using the higher ones there
https://bugs.freedesktop.org/show_bug.cgi?id=84931
Klaus Purer [Fri, 24 Oct 2014 11:03:15 +0000 (13:03 +0200)]
man: remove another gendered pronoun
Klaus Purer [Fri, 24 Oct 2014 11:00:57 +0000 (13:00 +0200)]
journald: removed gendered pronouns in comment
Lennart Poettering [Fri, 24 Oct 2014 10:30:43 +0000 (12:30 +0200)]
man: fix minor typo
Lennart Poettering [Fri, 24 Oct 2014 10:07:05 +0000 (12:07 +0200)]
man: add a link to the XDG basedir spec from the pam_sytemd man page
Lennart Poettering [Fri, 24 Oct 2014 10:02:44 +0000 (12:02 +0200)]
man: avoid gendered singular pronouns
Using "their" as pronoun in these places is confusing since it is more
associated with plural rather than singular, and the sentence already
contains a plural. The word "her/his" apparently offends some people,
hence let's avoid the problem altogether and just name the noun again.
Lennart Poettering [Fri, 24 Oct 2014 00:22:57 +0000 (02:22 +0200)]
man: minor addition to coredumpctl example
Hugo Grostabussiat [Sun, 28 Sep 2014 01:05:41 +0000 (03:05 +0200)]
cryptsetup: Fix timeout on dm device.
Fix a bug in systemd-cryptsetup-generator which caused the drop-in
setting the job timeout for the dm device unit to be written with a
name different than the unit name.
https://bugs.freedesktop.org/show_bug.cgi?id=84409
Marius Tessmann [Fri, 29 Aug 2014 15:51:45 +0000 (17:51 +0200)]
shutdown: pass own argv to /run/initramfs/shutdown
Since commit
b1e90ec515408aec2702522f6f68c4920b56375b systemd passes
its log settings to systemd-shutdown via command line parameters.
However, systemd-shutdown doesn't pass these parameters to
/run/initramfs/shutdown, causing it to fall back to the default log
settings.
This fixes the following bugs about the shutdown not being quiet
despite "quiet" being in the kernel parameters:
https://bugs.freedesktop.org/show_bug.cgi?id=79582
https://bugs.freedesktop.org/show_bug.cgi?id=57216
Lennart Poettering [Thu, 23 Oct 2014 23:15:53 +0000 (01:15 +0200)]
selinux: fix handling of relative paths when setting up create label
Lennart Poettering [Thu, 23 Oct 2014 23:14:38 +0000 (01:14 +0200)]
man: in pam_systemd, it must be "his" (or "her"), not their
Lennart Poettering [Thu, 23 Oct 2014 21:58:01 +0000 (23:58 +0200)]
socket: properly label socket symlinks
Lennart Poettering [Thu, 23 Oct 2014 21:57:50 +0000 (23:57 +0200)]
socket: fix error comparison
Lennart Poettering [Thu, 23 Oct 2014 19:36:38 +0000 (21:36 +0200)]
label: move is_dir() to util.c
Lennart Poettering [Thu, 23 Oct 2014 17:58:45 +0000 (19:58 +0200)]
label: unify code to make directories, symlinks
Lennart Poettering [Thu, 23 Oct 2014 17:41:56 +0000 (19:41 +0200)]
label: don't try to create labelled directories more than once
Lennart Poettering [Thu, 23 Oct 2014 17:41:27 +0000 (19:41 +0200)]
selinux: clean up selinux label function naming
Lennart Poettering [Thu, 23 Oct 2014 17:07:02 +0000 (19:07 +0200)]
selinux: simplify and unify logging
Normally we shouldn#t log from "library" functions, but SELinux is
weird, hence upgrade security messages uniformly to LOG_ERR when in
enforcing mode.
Lennart Poettering [Thu, 23 Oct 2014 16:58:18 +0000 (18:58 +0200)]
selinux: rework label query APIs
APIs that query and return something cannot silently fail, they must
either return something useful, or an error. Fix that.
Also, properly rollback socket unit fd creation when something goes
wrong with the security framework.
Lennart Poettering [Thu, 23 Oct 2014 16:40:03 +0000 (18:40 +0200)]
smack: we don't need the special labels exported, hence don't
Lennart Poettering [Thu, 23 Oct 2014 16:38:01 +0000 (18:38 +0200)]
selinux: drop 3 unused function prototypes
Lennart Poettering [Thu, 23 Oct 2014 16:34:58 +0000 (18:34 +0200)]
smack: rework SMACK label fixing code to follow more closely the semantics of the matching selinux code
Lennart Poettering [Thu, 23 Oct 2014 16:32:22 +0000 (18:32 +0200)]
smack: never follow symlinks when relabelling
previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.
Lennart Poettering [Thu, 23 Oct 2014 16:06:51 +0000 (18:06 +0200)]
smack: rework smack APIs a bit
a) always return negative errno error codes
b) always become a noop if smack is off
c) always take a NULL label as a request to remove it
Lennart Poettering [Thu, 23 Oct 2014 15:49:29 +0000 (17:49 +0200)]
mac: rename all calls that apply a label mac_{selinux|smack}_apply_xyz(), and all that reset it to defaults mac_{selinux|smack}_fix()
Let's clean up the naming schemes a bit and use the same one for SMACK
and for SELINUX.
Lennart Poettering [Thu, 23 Oct 2014 15:40:11 +0000 (17:40 +0200)]
selinux: make use of cleanup gcc magic
Tom Gundersen [Thu, 23 Oct 2014 18:14:38 +0000 (20:14 +0200)]
TODO
Daniel Mack [Thu, 23 Oct 2014 17:17:19 +0000 (19:17 +0200)]
man: pam_systemd: some typos fixed, some info added
Just some minor nits that I stumbled over when reading the man page.
Michal Schmidt [Tue, 14 Oct 2014 22:23:21 +0000 (00:23 +0200)]
unit: adjust for the possibility of set_move() failing
Michal Schmidt [Tue, 14 Oct 2014 22:17:51 +0000 (00:17 +0200)]
hashmap: allow hashmap_move() to fail
It cannot fail in the current hashmap implementation, but it may fail in
alternative implementations (unless a sufficiently large reservation has
been placed beforehand).
Michal Schmidt [Tue, 14 Oct 2014 22:00:30 +0000 (00:00 +0200)]
unit: place reservations before merging other's dependencies
With the hashmap implementation that uses chaining the reservations
merely ensure that the merging won't result in long bucket chains.
With a future alternative implementation it will additionally reserve
memory to make sure the merging won't fail.
Michal Schmidt [Sat, 4 Oct 2014 19:29:10 +0000 (21:29 +0200)]
install, cgtop: adjust hashmap_move_one() callers for -ENOMEM possibility
That hashmap_move_one() currently cannot fail with -ENOMEM is an
implementation detail, which is not possible to guarantee in general.
Hashmap implementations based on anything else than chaining of
individual entries may have to allocate.
hashmap_move_one will not fail with -ENOMEM if a proper reservation has
been made beforehand. Use reservations in install.c.
In cgtop.c simply propagate the error instead of asserting.
Michal Schmidt [Tue, 14 Oct 2014 22:30:54 +0000 (00:30 +0200)]
test: add test for hashmap_reserve()
Michal Schmidt [Tue, 14 Oct 2014 21:35:24 +0000 (23:35 +0200)]
hashmap: introduce hashmap_reserve()
With the current hashmap implementation that uses chaining, placing a
reservation can serve two purposes:
- To optimize putting of entries if the number of entries to put is
known. The reservation allocates buckets, so later resizing can be
avoided.
- To avoid having very long bucket chains after using
hashmap_move(_one).
In an alternative hashmap implementation it will serve an additional
purpose:
- To guarantee a subsequent hashmap_move(_one) will not fail with
-ENOMEM (this never happens in the current implementation).
Michal Schmidt [Tue, 14 Oct 2014 22:36:45 +0000 (00:36 +0200)]
hashmap: return more information from resize_buckets()
Return 0 if no resize was needed, 1 if successfully resized and
negative on error.
Michal Schmidt [Tue, 12 Aug 2014 21:35:23 +0000 (23:35 +0200)]
shared: split mempool implementation from hashmaps
Michal Schmidt [Fri, 22 Aug 2014 11:56:51 +0000 (13:56 +0200)]
resolve: make DnsScope::conflict_queue an OrderedHashmap
on_conflict_dispatch() uses hashmap_steal_first() and then does
something non-trivial with it. It may care about the order.
Michal Schmidt [Tue, 14 Oct 2014 16:27:55 +0000 (18:27 +0200)]
sd-bus: make sd_bus::reply_callbacks a OrderedHashmap
The way process_closing() picks the first entry from reply_callbacks
and works with it makes it likely that it cares about the order.
Michal Schmidt [Tue, 19 Aug 2014 11:38:53 +0000 (13:38 +0200)]
journal: make sd_journal::files a OrderedHashmap
Anything that uses hashmap_next() almost certainly cares about the order
and needs to be an OrderedHashmap.
Michal Schmidt [Fri, 22 Aug 2014 11:44:14 +0000 (13:44 +0200)]
journal: make Server::user_journals an OrderedHashmap
Order matters here. It replaces oldest entries first when
USER_JOURNALS_MAX is reached.
Michal Schmidt [Tue, 14 Oct 2014 15:58:13 +0000 (17:58 +0200)]
journal: make JournalFile::chain_cache an OrderedHashmap
The order of entries may matter here. Oldest entries are evicted first
when the cache is full.
(Though I don't see anything to rejuvenate entries on cache hits.)
Michal Schmidt [Fri, 22 Aug 2014 08:35:59 +0000 (10:35 +0200)]
install: make InstallContext::{will_install,have_installed} OrderedHashmaps
It appears order may matter here. Use OrderedHashmaps to be safe.
Michal Schmidt [Fri, 10 Oct 2014 21:30:21 +0000 (23:30 +0200)]
hashmap: drop assert(h) from hashmap_next()
It's handled just fine by returning NULL.
Michal Schmidt [Mon, 13 Oct 2014 16:14:07 +0000 (18:14 +0200)]
hashmap: hashmap_move_one() should return -ENOENT when 'other' is NULL
-ENOENT is the same return value as if 'other' were an allocated hashmap
that does not contain the key. A NULL hashmap is a possible way of
expressing a hashmap that contains no key.
Michal Schmidt [Wed, 15 Oct 2014 09:06:08 +0000 (11:06 +0200)]
test: add and improve hashmap tests
Test more corner cases and error states in several tests.
Add new tests for:
hashmap_move
hashmap_remove
hashmap_remove2
hashmap_remove_value
hashmap_remove_and_replace
hashmap_get2
hashmap_first
In test_hashmap_many additionally test with an intentionally bad hash
function.
Michal Schmidt [Wed, 15 Oct 2014 09:00:46 +0000 (11:00 +0200)]
test: generate tests for OrderedHashmap from Hashmap tests
test-hashmap-ordered.c is generated from test-hashmap-plain.c simply by
substituting "ordered_hashmap" for "hashmap" etc.
In the cases where tests rely on the order of entries, a distinction
between plain and ordered hashmaps is made using the ORDERED macro,
which is defined only for test-hashmap-ordered.c.
Michal Schmidt [Mon, 13 Oct 2014 16:11:16 +0000 (18:11 +0200)]
hashmap: add OrderedHashmap as a distinct type
Few Hashmaps/Sets need to remember the insertion order. Most don't care
about the order when iterating. It would be possible to use more compact
hashmap storage in the latter cases.
Add OrderedHashmap as a distinct type from Hashmap, with functions
prefixed with "ordered_". For now, the functions are nothing more than
inline wrappers for plain Hashmap functions.
Lennart Poettering [Thu, 23 Oct 2014 15:34:30 +0000 (17:34 +0200)]
mac: also rename use_{smack,selinux,apparmor}() calls so that they share the new mac_{smack,selinux,apparmor}_xyz() convention
WaLyong Cho [Thu, 23 Oct 2014 08:23:46 +0000 (17:23 +0900)]
mac: rename apis with mac_{selinux/smack}_ prefix
WaLyong Cho [Thu, 23 Oct 2014 08:23:45 +0000 (17:23 +0900)]
label: rearrange mandatory access control(MAC) apis
move label apis to selinux-util.ch or smack-util.ch appropriately.
Zbigniew Jędrzejewski-Szmek [Thu, 23 Oct 2014 04:43:49 +0000 (00:43 -0400)]
man: add example how to generate certificates with openssl
Zbigniew Jędrzejewski-Szmek [Thu, 23 Oct 2014 04:31:56 +0000 (23:31 -0500)]
journal-upload: return proper exit code
Even when termninated normally, systemd-journal-upload would return
something positive which would be interpreted as failure.
Zbigniew Jędrzejewski-Szmek [Thu, 23 Oct 2014 04:27:57 +0000 (23:27 -0500)]
shared/log: add log_trace as compile-time optional debugging
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
Zbigniew Jędrzejewski-Szmek [Wed, 22 Oct 2014 02:32:17 +0000 (22:32 -0400)]
journal-upload: fix --trust=all option
Zbigniew Jędrzejewski-Szmek [Thu, 23 Oct 2014 04:27:25 +0000 (23:27 -0500)]
journal-upload: avoid calling printf with maximum precision
Precision of INT_MAX does not work as I expected it to.
https://bugzilla.redhat.com/show_bug.cgi?id=1154334
Zbigniew Jędrzejewski-Szmek [Wed, 22 Oct 2014 03:34:29 +0000 (23:34 -0400)]
journal-upload: verify state file can be saved before uploading
Do our best verify that we can actually write the state file
before upload commences to avoid duplicate messages on the server.
Zbigniew Jędrzejewski-Szmek [Wed, 22 Oct 2014 03:20:59 +0000 (23:20 -0400)]
socket-util: use IP address when hostname is not found
socknameinfo_pretty() would fail for addresses without reverse DNS,
but we do not want that to happen.
Zbigniew Jędrzejewski-Szmek [Wed, 22 Oct 2014 01:05:04 +0000 (21:05 -0400)]
journal-remote: add --split-mode to help