platform/upstream/systemd.git
5 years agoMerge pull request #13895 from jsynacek/master
Anita Zhang [Thu, 31 Oct 2019 18:39:08 +0000 (11:39 -0700)]
Merge pull request #13895 from jsynacek/master

sd-dhcp: fix resource leak

5 years agoMerge pull request #13891 from yuwata/basic-drop-missing
Anita Zhang [Thu, 31 Oct 2019 18:35:58 +0000 (11:35 -0700)]
Merge pull request #13891 from yuwata/basic-drop-missing

tree-wide: drop missing.h

5 years agoMerge pull request #13892 from keur/mkosi_arch
Anita Zhang [Thu, 31 Oct 2019 18:22:37 +0000 (11:22 -0700)]
Merge pull request #13892 from keur/mkosi_arch

Fix mkosi on Arch Linux

5 years agoUpdate to Fedora31
Jóhann B. Guðmundsson [Thu, 31 Oct 2019 14:51:41 +0000 (14:51 +0000)]
Update to Fedora31

5 years agosd-dhcp: fix resource leak
Jan Synacek [Thu, 31 Oct 2019 13:37:43 +0000 (14:37 +0100)]
sd-dhcp: fix resource leak

CID#1406578

5 years agoFix mkosi on Arch Linux
Kevin Kuehler [Thu, 31 Oct 2019 09:32:23 +0000 (02:32 -0700)]
Fix mkosi on Arch Linux

/* test compression */
XZ compression finished (38280 -> 11756 bytes, 30.7%)
sh: diff: command not found
Assertion 'system(cmd) == 0' failed at src/journal/test-compress.c:198,
function test_compress_stream(). Aborting.

The journal compression test shells out to diff, so include diffutils as
a BuildPackage on Arch.

Remaining fixes in https://github.com/systemd/mkosi/pull/377

5 years agotree-wide: drop missing.h
Yu Watanabe [Thu, 31 Oct 2019 02:07:23 +0000 (11:07 +0900)]
tree-wide: drop missing.h

5 years agoMerge pull request #13510 from medhefgo/boot
Zbigniew Jędrzejewski-Szmek [Thu, 31 Oct 2019 08:21:13 +0000 (09:21 +0100)]
Merge pull request #13510 from medhefgo/boot

sd-boot: Be silent on regular boots

5 years agotest: move {test,fuzz}-fido-id-desc.c into src/udev/fido_id
Yu Watanabe [Thu, 31 Oct 2019 01:37:42 +0000 (10:37 +0900)]
test: move {test,fuzz}-fido-id-desc.c into src/udev/fido_id

5 years agomeson: correct man page deps
Lennart Poettering [Wed, 30 Oct 2019 17:55:45 +0000 (18:55 +0100)]
meson: correct man page deps

5 years agonetworkd: dhcp server Support Vendor specific 43
Susant Sahani [Fri, 20 Sep 2019 02:22:17 +0000 (04:22 +0200)]
networkd: dhcp server Support Vendor specific 43

Implementes https://tools.ietf.org/html/rfc2132

```
[DHCPServer]
SendRawOption=26:uint32:1400
SendRawOption=23:uint8:10

```
Frame 448: 350 bytes on wire (2800 bits), 350 bytes captured (2800 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.5.1, Dst: 192.168.5.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x71f8de9d
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.5.11
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (3600s) 1 hour
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (3) Router
        Length: 4
        Router: 192.168.5.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 192.168.5.1
    Option: (42) Network Time Protocol Servers
        Length: 4
        Network Time Protocol Server: 192.168.5.1
    Option: (101) TCode
        Length: 13
        TZ TCode: Europe/Berlin
    Option: (43) Vendor-Specific Information
        Length: 9
        Value: 1701311a0431343030
    Option: (54) DHCP Server Identifier (192.168.5.1)
        Length: 4
        DHCP Server Identifier: 192.168.5.1
    Option: (255) End
        Option End: 255

```

5 years agoadd other worthy news
Christian Rebischke [Wed, 30 Oct 2019 22:15:32 +0000 (23:15 +0100)]
add other worthy news

I think we can mention that systemd-resolved is able to validate IP
address certificates and prefer TLS 1.3 before TLS 1.2 now.

Also the `machinectl reboot` command actually works now.

Signed-off-by: Christian Rebischke <chris@nullday.de>
5 years agoMerge pull request #13884 from poettering/event-fd-close-fix
Anita Zhang [Wed, 30 Oct 2019 22:58:36 +0000 (15:58 -0700)]
Merge pull request #13884 from poettering/event-fd-close-fix

sd-event: don't invalidate source type on disconnect

5 years agoadd systemd logo to README.md
Christian Rebischke [Wed, 30 Oct 2019 22:04:36 +0000 (23:04 +0100)]
add systemd logo to README.md

The logo in the readme is hosted by github as the systemd group avatar.

Signed-off-by: Christian Rebischke <chris@nullday.de>
5 years agocalendarspec: fix calculation of timespec iterations that fall onto a DST change
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 21:14:39 +0000 (22:14 +0100)]
calendarspec: fix calculation of timespec iterations that fall onto a DST change

If we tested a candidate time that would fall onto the DST change, and we
realized that it is now a valid time ('cause the given "hour" is missing),
we would jump to to beginning of the next bigger time period, i.e. the next
day.

mktime_or_timegm() already tells us what the next valid time is, so let's reuse
this, and continue the calculations at this point. This should allow us to
correctly jump over DST changes, but also leap seconds and similar.  It should
be OK even multiple days were removed from calendar, similarly to the
Gregorian-Julian transition. By reusing the information from normalization, we
don't have to make assumptions what the next valid time is.

Fixes #13745.

$ TZ=Australia/Sydney faketime '2019-10-06 01:50' build/systemd-analyze calendar 0/1:0/1 --iterations 20 | grep Iter
       Iter. #2: Sun 2019-10-06 01:52:00 AEST
       Iter. #3: Sun 2019-10-06 01:53:00 AEST
       Iter. #4: Sun 2019-10-06 01:54:00 AEST
       Iter. #5: Sun 2019-10-06 01:55:00 AEST
       Iter. #6: Sun 2019-10-06 01:56:00 AEST
       Iter. #7: Sun 2019-10-06 01:57:00 AEST
       Iter. #8: Sun 2019-10-06 01:58:00 AEST
       Iter. #9: Sun 2019-10-06 01:59:00 AEST
      Iter. #10: Sun 2019-10-06 03:00:00 AEDT
      Iter. #11: Sun 2019-10-06 03:01:00 AEDT
      Iter. #12: Sun 2019-10-06 03:02:00 AEDT
      Iter. #13: Sun 2019-10-06 03:03:00 AEDT
      Iter. #14: Sun 2019-10-06 03:04:00 AEDT
      Iter. #15: Sun 2019-10-06 03:05:00 AEDT
      Iter. #16: Sun 2019-10-06 03:06:00 AEDT
      Iter. #17: Sun 2019-10-06 03:07:00 AEDT
      Iter. #18: Sun 2019-10-06 03:08:00 AEDT
      Iter. #19: Sun 2019-10-06 03:09:00 AEDT
      Iter. #20: Sun 2019-10-06 03:10:00 AEDT

$ TZ=Australia/Sydney faketime 2019-10-06 build/systemd-analyze calendar 2/4:30 --iterations=3
  Original form: 2/4:30
Normalized form: *-*-* 02/4:30:00
    Next elapse: Sun 2019-10-06 06:30:00 AEDT
       (in UTC): Sat 2019-10-05 19:30:00 UTC
       From now: 5h 29min left
       Iter. #2: Sun 2019-10-06 10:30:00 AEDT
       (in UTC): Sat 2019-10-05 23:30:00 UTC
       From now: 9h left
       Iter. #3: Sun 2019-10-06 14:30:00 AEDT
       (in UTC): Sun 2019-10-06 03:30:00 UTC
       From now: 13h left

5 years agosd-boot: Silence compiler warning when building with -O2
Jan Janssen [Wed, 30 Oct 2019 16:44:59 +0000 (17:44 +0100)]
sd-boot: Silence compiler warning when building with -O2

5 years agosd-boot: Don't loudly complain if RNG protocol isn't available
Jan Janssen [Sun, 15 Sep 2019 14:12:03 +0000 (16:12 +0200)]
sd-boot: Don't loudly complain if RNG protocol isn't available

Fixes #13503

5 years agosd-event: don't invalidate source type on disconnect
Lennart Poettering [Wed, 30 Oct 2019 15:37:42 +0000 (16:37 +0100)]
sd-event: don't invalidate source type on disconnect

This fixes fd closing if fd ownership is requested.

5 years agosd-boot: Only disable optimization on debug builds
Jan Janssen [Sun, 15 Sep 2019 13:56:30 +0000 (15:56 +0200)]
sd-boot: Only disable optimization on debug builds

5 years agoNEWS: fix two typos
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 14:58:39 +0000 (15:58 +0100)]
NEWS: fix two typos

5 years agoanalyze: fix minor memleak
Lennart Poettering [Fri, 25 Oct 2019 14:05:11 +0000 (16:05 +0200)]
analyze: fix minor memleak

5 years agoanalyze: sort list of unknown syscalls kernel implements
Lennart Poettering [Fri, 25 Oct 2019 14:05:35 +0000 (16:05 +0200)]
analyze: sort list of unknown syscalls kernel implements

5 years agoseccomp: add new Linux 5.3 syscalls to syscall filter lists
Lennart Poettering [Wed, 30 Oct 2019 10:11:05 +0000 (11:11 +0100)]
seccomp: add new Linux 5.3 syscalls to syscall filter lists

Many syscalls added and all fit nicely into existing groups, hence lets
add them there.

5 years agonetwork: cleanup header inclusion
Yu Watanabe [Wed, 30 Oct 2019 08:02:15 +0000 (17:02 +0900)]
network: cleanup header inclusion

5 years agoMerge pull request #13870 from irtimmer/check_ip_gnutls
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 13:08:26 +0000 (14:08 +0100)]
Merge pull request #13870 from irtimmer/check_ip_gnutls

resolved: validate IP address in certificate for DNS-over-TLS (GnuTLS)

5 years agoMerge pull request #13874 from keszybz/network-sendoption-cleanups
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 13:06:04 +0000 (14:06 +0100)]
Merge pull request #13874 from keszybz/network-sendoption-cleanups

Network SendOption cleanups

5 years agoNEWS: fix option name
Yu Watanabe [Wed, 30 Oct 2019 12:29:22 +0000 (21:29 +0900)]
NEWS: fix option name

5 years agoMerge pull request #13879 from keszybz/news-v244
Yu Watanabe [Wed, 30 Oct 2019 12:24:38 +0000 (21:24 +0900)]
Merge pull request #13879 from keszybz/news-v244

NEWS for v244

5 years agonetwork: install wifi-adhoc.network by default, make wifi-{ap,station} examples
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 10:21:41 +0000 (11:21 +0100)]
network: install wifi-adhoc.network by default, make wifi-{ap,station} examples

I think 80-wifi-adhoc.network is safe enough, since it just enables
the link-local addressing. But the other two enable DHCP in client
or server modes, and we should not do this by default.

5 years agoNEWS: start preparations for v244
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 10:16:38 +0000 (11:16 +0100)]
NEWS: start preparations for v244

5 years agoMerge pull request #13866 from keszybz/nspawn-restarts
Lennart Poettering [Wed, 30 Oct 2019 09:53:28 +0000 (10:53 +0100)]
Merge pull request #13866 from keszybz/nspawn-restarts

Make 'machinectl reboot' functional

5 years agocoverity: replace python with jq
Evgeny Vereshchagin [Tue, 29 Oct 2019 19:07:15 +0000 (19:07 +0000)]
coverity: replace python with jq

Judging by https://travis-ci.org/systemd/systemd/jobs/604425785
(where the script failed with "tools/coverity.sh: line 45: python: command not found")
python-unversioned-command is no longer installed by default with python2.
Given that it's not the first time python has vanished and it's not clear
what exactly should be installed to make sure it's there, let's just use jq instead.

5 years agonetwork: amend SendOption= to take a c-escaped string
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 08:13:38 +0000 (09:13 +0100)]
network: amend SendOption= to take a c-escaped string

No need to punish users by forcing them to do base64 encodings.

5 years agonetwork: rename SendOptions= to SendOption=
Zbigniew Jędrzejewski-Szmek [Wed, 30 Oct 2019 07:56:18 +0000 (08:56 +0100)]
network: rename SendOptions= to SendOption=

The name with plural made more sense where multiple options could be specified
in one line. After changes in the pull request, this option only accepts one
value, so from users' POV it should be singular.

(The field in the data structure remains plural, because it actually stores
multiple values.)

5 years agoMerge pull request #13747 from ssahani/tc-qdisc
Yu Watanabe [Wed, 30 Oct 2019 05:35:51 +0000 (14:35 +0900)]
Merge pull request #13747 from ssahani/tc-qdisc

network: introduce Traffic Control

5 years agoMerge pull request #13867 from keszybz/man-condition
Yu Watanabe [Wed, 30 Oct 2019 00:40:00 +0000 (09:40 +0900)]
Merge pull request #13867 from keszybz/man-condition

Refactor description of conditons

5 years agotest-network: add tests for qdisc
Yu Watanabe [Tue, 29 Oct 2019 15:33:19 +0000 (00:33 +0900)]
test-network: add tests for qdisc

5 years agonetwork: wait for QDiscs to be configured
Yu Watanabe [Tue, 29 Oct 2019 15:19:34 +0000 (00:19 +0900)]
network: wait for QDiscs to be configured

5 years agonetwork: introduce TrafficControl
Susant Sahani [Mon, 7 Oct 2019 14:19:00 +0000 (16:19 +0200)]
network: introduce TrafficControl

Add network delay to a interface

5 years agoresolved: check for IP in certificate when using DoT with GnuTLS
Iwan Timmer [Tue, 29 Oct 2019 19:32:18 +0000 (20:32 +0100)]
resolved: check for IP in certificate when using DoT with GnuTLS

Validate the IP address in the certificate for DNS-over-TLS in strict mode when GnuTLS is used. As this is not yet the case in contrast to the documentation.

5 years agoresolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS
Iwan Timmer [Tue, 29 Oct 2019 19:26:05 +0000 (20:26 +0100)]
resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS

Increase the required version to ensure TLS 1.3 is always supported when using GnuTLS for DNS-over-TLS and allow further changes to use recent API additions.

5 years agoMerge pull request #13676 from ClydeByrdIII/service-result-patch
Anita Zhang [Tue, 29 Oct 2019 18:35:41 +0000 (11:35 -0700)]
Merge pull request #13676 from ClydeByrdIII/service-result-patch

Update service result table

5 years agoman: reword description of triggering conditions
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 13:54:36 +0000 (14:54 +0100)]
man: reword description of triggering conditions

Fixes #13758.

5 years agoman: split out description of Conditions and Assert to new section
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 13:52:27 +0000 (14:52 +0100)]
man: split out description of Conditions and Assert to new section

We slowly added many many conditions over the years, and the text became
very hard to read, because all the terms were squished in one <termitem>.
This rearragnes the text into a new subsection, with minimal grammar changes
and removal of repetitions.

5 years agoboot-loader-spec: add devicetree-overlay key
Michael Tretter [Fri, 18 Oct 2019 13:14:35 +0000 (15:14 +0200)]
boot-loader-spec: add devicetree-overlay key

Device tree overlays are a convenient way to patch device trees, e.g.,
add new devices to a device tree or enable/disable devices. This is
useful for non-discoverable but configurable hardware. Device tree
overlays are commonly used for displays on the Raspberry Pi or for
describing the content of FPGA bitstreams.

Add the devicetree-overlay key to boot loader specification entries to
allow boot loaders to apply overlays.

See #13537

5 years agoMerge pull request #13864 from fbuihuu/no-more-swap-autoactivation
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 10:16:45 +0000 (11:16 +0100)]
Merge pull request #13864 from fbuihuu/no-more-swap-autoactivation

No more swap autoactivation

5 years agomachined: only Unref units that we AddRef'd
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 09:46:21 +0000 (10:46 +0100)]
machined: only Unref units that we AddRef'd

b92d0b4c5adef37e9de8f6cc22a0e27b97fcf3ad added AddRef to the StartTransientUnit
call in machine_start_scope()/manager_start_scope() and a corresponding Unref
call in machine_stop_scope(). But when we are running systemd-nspawn@ with
--keep unit, the unit is not created by machined so the AddRef never happens.
Then when trying to stop the unit, we'd get:

systemd-machined[1101]: Sent message type=method_call sender=n/a destination=org.freedesktop.systemd1 path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager member=UnrefUnit cookie=37 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-machined[1101]: Got message type=error sender=:1.1 destination=:1.13 path=n/a interface=n/a member=n/a cookie=2443 reply_cookie=37 signature=s error-name=org.freedesktop.systemd1.NotReferenced error-message=Unit has not been referenced yet.
systemd-machined[1101]: Failed to drop reference to machine scope, ignoring: Unit has not been referenced yet.

5 years agoshared/logs-show: strip trailing carriage returns at EOL/EOF
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 09:31:19 +0000 (10:31 +0100)]
shared/logs-show: strip trailing carriage returns at EOL/EOF

When showing logs from a container, we would fail to show various lines:
Oct 29 09:50:51 krowka systemd-nspawn[61376]: Detected architecture x86-64.
Oct 29 09:50:51 krowka systemd-nspawn[61376]: [1B blob data]
Oct 29 09:50:51 krowka systemd-nspawn[61376]: Welcome to Fedora 32 (Rawhide)!
Oct 29 09:50:51 krowka systemd-nspawn[61376]: [1B blob data]

Those are only harmless \r characters that trail the line. We already replace
tabs and strip various ansi characters that we deem inconsequential, so let's
also strip trailing carriage returns. Non-trailing ones are different, because
they change what would be displayed.

5 years agonspawn: when stopping the machine, just deregister the machine
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 08:47:57 +0000 (09:47 +0100)]
nspawn: when stopping the machine, just deregister the machine

We already shut the machine down ourselves (and pid1 will also do
cleanup for us after we exit if anything was left behind). No need for
systemd-machined to try to stop the unit too.

(This calls the new machined method. If we are running against an older
machined, we will not deregister the machine. If we are simply exiting,
machined should notice that the unit is gone on its own. If we are restarting,
we will fail to register the machine after restart and fail. But this case
was already broken, because machined would create a stop job, breaking the
restart. So not doing anything with old machined should not make anything
more broken than it already is.)

Fixes #13766.

5 years agomachined: add UnregisterMachine method
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 08:43:07 +0000 (09:43 +0100)]
machined: add UnregisterMachine method

This is the opposite of RegisterMachine: machined knows that the machine is
"gone", but doesn't do anything on its own. We already had TerminateMachine,
but that would stop the unit, which isn't always wanted.

5 years agopid1: log the reason why restart will or will not happen
Zbigniew Jędrzejewski-Szmek [Tue, 29 Oct 2019 08:39:25 +0000 (09:39 +0100)]
pid1: log the reason why restart will or will not happen

I was trying to figure out why the restart was not happening, and it wasn't
at all obvious. Let's add a nice debug message.

5 years agonetwork-generator: Add missing help for --root
David Pedersen [Mon, 28 Oct 2019 17:47:14 +0000 (18:47 +0100)]
network-generator: Add missing help for --root

5 years agoshared: small typo
Zbigniew Jędrzejewski-Szmek [Mon, 28 Oct 2019 20:39:55 +0000 (21:39 +0100)]
shared: small typo

5 years agocore: drop 'wants' parameter from unit_add_node_dependency()
Franck Bui [Mon, 28 Oct 2019 17:50:43 +0000 (18:50 +0100)]
core: drop 'wants' parameter from unit_add_node_dependency()

Since Wants dependency is no more automagically added to swap and mount units,
this parameter is no more used hence this patch drops it.

5 years agoswap: do not make swap units wanted by its device unit anymore
Franck Bui [Mon, 28 Oct 2019 17:41:59 +0000 (18:41 +0100)]
swap: do not make swap units wanted by its device unit anymore

It was done for mount units already (see commit 142b8142d7bb84f07). For the
same reasons and for consistency we should also stop activating automagically
swaps when their device is hot-plugged.

5 years agoMerge pull request #13423 from pwithnall/12035-session-time-limits
Zbigniew Jędrzejewski-Szmek [Mon, 28 Oct 2019 13:57:00 +0000 (14:57 +0100)]
Merge pull request #13423 from pwithnall/12035-session-time-limits

Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)

5 years agomodules-load: do not fail service if modules are not present
Zbigniew Jędrzejewski-Szmek [Sun, 27 Oct 2019 09:00:31 +0000 (10:00 +0100)]
modules-load: do not fail service if modules are not present

It is pretty common for the service to fail in the initramfs (for example
because certain modules have not been copied over or haven't been built yet in
case of dkms modules). This seems to be more trouble than it is worth. Let's
change the service to simply log any missing modules at error level, but not
fail the whole service.

https://bugzilla.redhat.com/show_bug.cgi?id=1254340

5 years agoMerge pull request #13844 from keszybz/resolved-proprties
Yu Watanabe [Mon, 28 Oct 2019 13:52:16 +0000 (22:52 +0900)]
Merge pull request #13844 from keszybz/resolved-proprties

Emit dbus PropertyChanged notifications for systemd-resolved

5 years agopid1: order .automount units after local-fs-pre.target
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 14:57:37 +0000 (16:57 +0200)]
pid1: order .automount units after local-fs-pre.target

From the bug:
> According to the documentation of systemd.automount if the automoint point is
> automagically created if it doesn't exist yet. This ofcourse means the
> filesystem underneath has to be writable, which for / means not only does
> -.mount need to be started but also systemd-remount-fs.service has to be run,
> which isn't guaranteed by the default automount dependencies.
>
> For .mount units there is an automatic default After= dependency on
> local-fs-pre.target, would probably make sense to do the same for automount
> units to avoid it failing on the corner-case where it has to create directory.

Fixes #13306.

5 years agopam_systemd: Forward systemd.runtime_max_sec setting to session scope
Philip Withnall [Wed, 12 Jun 2019 08:41:45 +0000 (09:41 +0100)]
pam_systemd: Forward systemd.runtime_max_sec setting to session scope

Allow earlier PAM modules to set `systemd.runtime_max_sec`. If they do,
parse it and set it as the `RuntimeMaxUSec=` property of the session
scope, to limit the maximum lifetime of the session. This could be
useful for time-limiting login sessions, for example.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035

5 years agoscope: Support RuntimeMaxSec= directive in scope units
Philip Withnall [Wed, 12 Jun 2019 07:45:26 +0000 (08:45 +0100)]
scope: Support RuntimeMaxSec= directive in scope units

Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.

This could be used for time-limited login sessions, for example.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035

5 years agoMerge pull request #13635 from fbuihuu/no-aliases-with-enable
Zbigniew Jędrzejewski-Szmek [Mon, 28 Oct 2019 08:23:08 +0000 (09:23 +0100)]
Merge pull request #13635 from fbuihuu/no-aliases-with-enable

man: alias names can't be used with enable command

5 years agopo: update Polish translation
Piotr Drąg [Sat, 26 Oct 2019 14:07:01 +0000 (16:07 +0200)]
po: update Polish translation

5 years agomeson: expand ternary in functions to if statements
Anita Zhang [Fri, 25 Oct 2019 22:46:21 +0000 (15:46 -0700)]
meson: expand ternary in functions to if statements

Per https://github.com/mesonbuild/meson/issues/5003, ternary doesn't
always work as function args with older versions of meson.
Expand out ternary statements to stay compatible with older versions (< 0.49).

5 years agoMerge pull request #13846 from keszybz/sleep-config-fixups
Anita Zhang [Fri, 25 Oct 2019 22:33:46 +0000 (15:33 -0700)]
Merge pull request #13846 from keszybz/sleep-config-fixups

Sleep config fixups

5 years agomeson: allow WatchdogSec= in services to be configured
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 10:17:24 +0000 (12:17 +0200)]
meson: allow WatchdogSec= in services to be configured

As discussed on systemd-devel [1], in Fedora we get lots of abrt reports
about the watchdog firing [2], but 100% of them seem to be caused by resource
starvation in the machine, and never actual deadlocks in the services being
monitored. Killing the services not only does not improve anything, but it
makes the resource starvation worse, because the service needs cycles to restart,
and coredump processing is also fairly expensive. This adds a configuration option
to allow the value to be changed. If the setting is not set, there is no change.

My plan is to set it to some ridiculusly high value, maybe 1h, to catch cases
where a service is actually hanging.

[1] https://lists.freedesktop.org/archives/systemd-devel/2019-October/043618.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1300212

5 years agoshared/sleep-config: two more error handling fixes, use structured initialization
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 15:10:47 +0000 (17:10 +0200)]
shared/sleep-config: two more error handling fixes, use structured initialization

CID#1406472.

5 years agoshared/sleep-config: fix error handling for open
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 15:02:58 +0000 (17:02 +0200)]
shared/sleep-config: fix error handling for open

CID#1406472.

5 years agoresolved: emit change for CurrentDNSServer
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 14:36:19 +0000 (16:36 +0200)]
resolved: emit change for CurrentDNSServer

5 years agoresolved: emit change for LLMNRHostname
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 14:29:42 +0000 (16:29 +0200)]
resolved: emit change for LLMNRHostname

5 years agoresolved: send out notifications about DNS property
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 13:19:36 +0000 (15:19 +0200)]
resolved: send out notifications about DNS property

Notifications are only sent for the top object, and not for individual
links. This should be enough for the most obvious cases where somebody
just cares about the effective set of servers.

Fixes #13721.

5 years agoresolved: make two functions static
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 05:54:58 +0000 (07:54 +0200)]
resolved: make two functions static

5 years agoresolved: one less {}
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 13:24:00 +0000 (15:24 +0200)]
resolved: one less {}

5 years agoresolved: avoid allocation
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 13:14:09 +0000 (15:14 +0200)]
resolved: avoid allocation

While at it, constify the argument.

5 years agofileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs
Franck Bui [Tue, 22 Oct 2019 14:09:21 +0000 (16:09 +0200)]
fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs

Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
with two sorts of virtual files.

One sort uses "seq_file", and the results of the first read are buffered for
the second read. The other sort uses "raw" reads which always go direct to the
device.

In the later case, the content of the virtual file must be retrieved with a
single read otherwise subsequent read might get the new value instead of
finding EOF immediately. That's the reason why the usage of fread(3) is
prohibited in this case as it always performs a second call to read(2) looking
for EOF which is subject to the race described previously.

Fixes: #13585.

5 years agoMerge pull request #13682 from zachsmith/systemd-sleep-prefer-resume-over-priority
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 12:48:12 +0000 (14:48 +0200)]
Merge pull request #13682 from zachsmith/systemd-sleep-prefer-resume-over-priority

systemd-sleep: prefer resume device or file

5 years agoMerge pull request #13623 from yuwata/network-wifi-iftype
Zbigniew Jędrzejewski-Szmek [Fri, 25 Oct 2019 12:18:23 +0000 (14:18 +0200)]
Merge pull request #13623 from yuwata/network-wifi-iftype

5 years agonetwork: add default configurations for wireless interfaces
Yu Watanabe [Sun, 22 Sep 2019 17:34:52 +0000 (02:34 +0900)]
network: add default configurations for wireless interfaces

5 years agonetwork: support matching based on wifi interfece type
Yu Watanabe [Fri, 25 Oct 2019 07:29:23 +0000 (16:29 +0900)]
network: support matching based on wifi interfece type

5 years agovarious tools: be more explicit when a glob is passed when not supported
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 12:09:11 +0000 (14:09 +0200)]
various tools: be more explicit when a glob is passed when not supported

See https://bugzilla.redhat.com/show_bug.cgi?id=1763488: when we say that
'foo@*.service' is not a valid unit name, this is not clear enough. Let's
include the name of the operation that does not support globbing in the
error message:

$ build/systemctl enable 'foo@*.service'
Glob pattern passed to enable, but globs are not supported for this.
Invalid unit name "foo@*.service" escaped as "foo@\x2a.service".
...

5 years agoresolved: set stream type during DnsStream creation
Dan Streetman [Wed, 23 Oct 2019 18:47:59 +0000 (14:47 -0400)]
resolved: set stream type during DnsStream creation

The DnsStreamType was added to track different types of DNS TCP streams,
instead of refcounting all of them together.  However, the stream type was
not actually set into the stream->type field, so while the reference count
was correctly incremented per-stream-type, the reference count was always
decremented in the cleanup function for stream type 0, leading to
underflow for the type 0 stream (unsigned) refcount, and preventing new
type 0 streams from being created.

Since type 0 is DNS_STREAM_LOOKUP, which is used to communicate with
upstream nameservers, once the refcount underflows the stub resolver
no longer is able to successfully fall back to TCP upstream lookups
for any truncated UDP packets.

This was found because lookups of A records with a large number of
addresses, too much to fit into a single 512 byte DNS UDP reply,
were causing getaddrinfo() to fall back to TCP and trigger this bug,
which then caused the TCP fallback for later large record lookups
to fail with 'connection timed out; no servers could be reached'.

The stream type was introduced in commit:
652ba568c6624bf40d735645f029d83d21bdeaa6

5 years agoMerge pull request #13836 from systemd/assert-cleanups-and-constification
Yu Watanabe [Fri, 25 Oct 2019 04:36:00 +0000 (13:36 +0900)]
Merge pull request #13836 from systemd/assert-cleanups-and-constification

Assert cleanups and constification

5 years agomachine-id-setup: avoid unexpected aborting
Chen Qi [Thu, 24 Oct 2019 09:40:05 +0000 (17:40 +0800)]
machine-id-setup: avoid unexpected aborting

Code should not be reached 'Unhandled option' at src/machine-id-setup/machine-id-setup-main.c:97, function parse_argv(). Aborting.
Aborted

This behaviour is not good and will confuse user.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
5 years agosystemd-sleep: improve /proc/swaps open fail message
Zach Smith [Tue, 22 Oct 2019 04:36:27 +0000 (21:36 -0700)]
systemd-sleep: improve /proc/swaps open fail message

5 years agosystemd-sleep: always prefer resume device or file
Zach Smith [Fri, 27 Sep 2019 04:02:28 +0000 (21:02 -0700)]
systemd-sleep: always prefer resume device or file

This change checks each swap partition or file reported in /proc/swaps
to see if it matches the values configured with resume= and
resume_offset= kernel parameters. If a match is found, the matching swap
entry is used as the hibernation location regardless of swap priority.

5 years agobasic/fs-util: change CHASE_OPEN flag into a separate output parameter
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 08:33:20 +0000 (10:33 +0200)]
basic/fs-util: change CHASE_OPEN flag into a separate output parameter

chase_symlinks() would return negative on error, and either a non-negative status
or a non-negative fd when CHASE_OPEN was given. This made the interface quite
complicated, because dependning on the flags used, we would get two different
"types" of return object. Coverity was always confused by this, and flagged
every use of chase_symlinks() without CHASE_OPEN as a resource leak (because it
would this that an fd is returned). This patch uses a saparate output parameter,
so there is no confusion.

(I think it is OK to have functions which return either an error or an fd. It's
only returning *either* an fd or a non-fd that is confusing.)

5 years agotest-socket-util: avoid writing past the defined buffer
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 07:15:29 +0000 (09:15 +0200)]
test-socket-util: avoid writing past the defined buffer

.sun_path has 108 bytes, and we'd write a string of 108 bytes + NUL.
I added this test, but I don't know what it was supposed to test. Let's
just remove.

Fixes #13713. CID#1405854.

5 years agosd-dhcp-client: do not call assert in public functions
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 10:04:48 +0000 (12:04 +0200)]
sd-dhcp-client: do not call assert in public functions

5 years agosd-dhcp-client: remove unnecessary cleanup function
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 10:00:07 +0000 (12:00 +0200)]
sd-dhcp-client: remove unnecessary cleanup function

https://github.com/systemd/systemd/pull/13663#discussion_r335327099

5 years agosd-netlink: constify object pointers passed to getters
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 09:40:44 +0000 (11:40 +0200)]
sd-netlink: constify object pointers passed to getters

sd-netlink is not public yet, so we can change the interface.

I did not touch interfaces of functions like sd_netlink_wait() and
sd_rtnl_message_new_link() which do not modify the object that is passed in,
because in the future we might want to change the code to e.g. take a
reference to the parent object or otherwise require a non-const reference.

5 years agosd-device: allow sd_device_get_devtype to be called with NULL arg and do not assert
Zbigniew Jędrzejewski-Szmek [Wed, 23 Oct 2019 15:49:03 +0000 (17:49 +0200)]
sd-device: allow sd_device_get_devtype to be called with NULL arg and do not assert

We shouldn't call assert() on user-specified arguments in public functions.
While at it, let's return 1 if the type exists, and 0 otherwise.

5 years agoMove PLYMOUTH_SOCKET define to def.h and nuke plymouth-util.h
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 09:18:35 +0000 (11:18 +0200)]
Move PLYMOUTH_SOCKET define to def.h and nuke plymouth-util.h

Let's not have a file with a single define.

5 years agoRemove unused plymouth_running() function
Zbigniew Jędrzejewski-Szmek [Wed, 23 Oct 2019 20:56:24 +0000 (22:56 +0200)]
Remove unused plymouth_running() function

5 years agoMerge pull request #13452 from yuwata/network-reload
Zbigniew Jędrzejewski-Szmek [Thu, 24 Oct 2019 09:07:24 +0000 (11:07 +0200)]
Merge pull request #13452 from yuwata/network-reload

network: add networkctl reload and reconfigure

5 years agotest: drop duplicated 's'
Yu Watanabe [Thu, 24 Oct 2019 02:08:48 +0000 (11:08 +0900)]
test: drop duplicated 's'

This fixes the following log message
```
Container TEST-07-ISSUE-1981 terminated by signal KILL.
E: test timed out after 30s s
```

5 years agonetwork: add tests for "networkctl reconfigure"
Yu Watanabe [Sun, 8 Sep 2019 11:35:05 +0000 (20:35 +0900)]
network: add tests for "networkctl reconfigure"

5 years agonetworkctl: introduce reconfigure method
Yu Watanabe [Wed, 23 Oct 2019 13:36:04 +0000 (22:36 +0900)]
networkctl: introduce reconfigure method

5 years agonetworkctl: use format_ifname_full()
Yu Watanabe [Sun, 8 Sep 2019 10:45:58 +0000 (19:45 +0900)]
networkctl: use format_ifname_full()

5 years agonetworkctl: fix error message
Yu Watanabe [Sun, 8 Sep 2019 09:32:54 +0000 (18:32 +0900)]
networkctl: fix error message

5 years agoformat-util: introduce format_ifname_full()
Yu Watanabe [Sun, 8 Sep 2019 10:42:32 +0000 (19:42 +0900)]
format-util: introduce format_ifname_full()