Yu Watanabe [Sun, 31 Mar 2019 07:24:48 +0000 (16:24 +0900)]
network: add FooOverUDP support for SIT and GRE tunnels
Yu Watanabe [Sun, 31 Mar 2019 06:44:42 +0000 (15:44 +0900)]
test-network: add more tests for SerializeTunneledPackets=, Key=, and friends
Benjamin Berg [Mon, 1 Apr 2019 14:54:12 +0000 (16:54 +0200)]
hwdb: Fix micmute on ASUS FX503VD
The micmute key needs to be remapped to F20 for userspace to consume it.
See https://gitlab.gnome.org/GNOME/gnome-settings-daemon/issues/121
Yu Watanabe [Mon, 1 Apr 2019 12:26:26 +0000 (21:26 +0900)]
test: set longer StartLimitIntervalSec= and fewer StartLimitBurst=
Some test environment may be in heavy load. In that case, rate limit
never hit, and the test fails...
Lennart Poettering [Mon, 1 Apr 2019 16:33:10 +0000 (18:33 +0200)]
Merge pull request #12164 from keszybz/units-use-presets
Enable our units using presets in the usual fashion
Yu Watanabe [Sun, 31 Mar 2019 19:11:02 +0000 (04:11 +0900)]
udev: move udev_ctrl_cleanup() into manager_free()
Lennart Poettering [Mon, 1 Apr 2019 13:17:07 +0000 (15:17 +0200)]
Merge pull request #12157 from yuwata/network-netdev-name-conflict
network: handle NetDev.Name= conflict nicely
Zbigniew Jędrzejewski-Szmek [Mon, 1 Apr 2019 11:57:24 +0000 (13:57 +0200)]
meson: stop creating enablement symlinks in /etc during installation
This patch was initially prompted by a report on a Fedora update [1], that the
upgrade causes systemd-resolved.service and systemd-networkd.service to be
re-enabled. We generally want to preserve the enablement of all services during
upgrades, so a reset like this is not expected.
Both services declare two symlinks in their [Install] sections, for their dbus
names and for multi-user.target.wants/. It turns out that both services were
only partially enabled, because their dbus unit symlinks
/etc/systemd/system/dbus-org.freedesktop.{resolve1,network1}.service were
created, by the symlinks in /etc/systemd/system/multi-user.target.wants/ were
not. This means that the units could be activated by dbus, but not in usual
fashion using systemctl start. Our tools make it rather hard to figure out when
something like this happens, and it is definitely an area for improvement on its
own. The symlink in .wants/ was filtered out by during packaging, but the dbus
symlink was left in (I assume by mistake).
Let's simplify things by not creating the symlinks statically during 'ninja
install'. This means that the units shipped by systemd have to be enabled in
the usual fashion, which in turns means that [Install] section and presets
become the "single source of truth" and we don't have two sets of conflicting
configuration.
Let's consider a few cases:
- developer: a developer installs systemd from git on a running system, and they
don't want the installation to reset enablement of anything. So this change is
either positive for them, or has no effect (if they have everything at
defaults).
- package creation: we want to create symlinks using 'preset-all' and 'preset'
on upgraded packages, we don't want to have any static symlinks. This change
will remove the need to filter out symlinks in packaging and of course fix
the original report.
- installation of systemd from scratch: this change means that without
'preset-all' the system will not be functional. This case could be affected
negatively by this change, but I think it's enough of a corner case to accept
this. In practice I expect people to build a package, not installl directly
into the file system, so this might not even matter in practice.
Creating those symlinks was probably the right thing in the beginning, but
nowadays the preset system is very well established and people expect it to
be honoured. Ignoring the presets and doing static configuration is not welcome
anymore.
Note: during package installation, either 'preset-all' or 'preset getty@.service
machines.target remote-cryptsetup.target remote-fs.target
systemd-networkd.service systemd-resolved.service
systemd-networkd-wait-online.service systemd-timesyncd.service' should be called.
[1] https://bodhi.fedoraproject.org/updates/FEDORA-2019-
616045ca76
Zbigniew Jędrzejewski-Szmek [Mon, 1 Apr 2019 11:57:07 +0000 (13:57 +0200)]
meson: indentation
Lennart Poettering [Mon, 1 Apr 2019 10:46:37 +0000 (12:46 +0200)]
Merge pull request #12156 from yuwata/fix-bootspec-memleaks
bootspec: fix memleaks
Yu Watanabe [Mon, 1 Apr 2019 02:23:51 +0000 (11:23 +0900)]
po: update ja.po
Yu Watanabe [Sun, 31 Mar 2019 16:06:22 +0000 (01:06 +0900)]
test-network: add test for NetDev.Name= conflict
Yu Watanabe [Sun, 31 Mar 2019 15:55:22 +0000 (00:55 +0900)]
udev: shorten code a bit
Yu Watanabe [Sun, 31 Mar 2019 15:37:58 +0000 (00:37 +0900)]
network: add '=' to config key names in log
Also, long lines are wrapped.
Yu Watanabe [Sun, 31 Mar 2019 15:24:25 +0000 (00:24 +0900)]
network: do not abort execution when NetDev.Name= conflicts
This also changes that .netdev files are loaded in ascending order.
Otherwise, when NetDev.ifname= setting conflicts with other .netdev file,
then .netdev file with large prefix number wins.
Yu Watanabe [Sun, 31 Mar 2019 14:56:39 +0000 (23:56 +0900)]
test-network: add test for drop-in [WireGuardPeer] section
This also merges the two wireguard tests, and use wait_online()
to speed up the test.
Yu Watanabe [Sun, 31 Mar 2019 14:31:29 +0000 (23:31 +0900)]
bootspec: fix memleak caused by setting invalid cleanup function
Yu Watanabe [Sun, 31 Mar 2019 14:30:30 +0000 (23:30 +0900)]
bootspec: add missing free() in boot_config_free()
Yu Watanabe [Sun, 31 Mar 2019 13:12:34 +0000 (22:12 +0900)]
Merge pull request #12147 from yuwata/network-gre-key-12144
network: make GRE and GRETAP support Key= or friends
Yu Watanabe [Fri, 29 Mar 2019 18:50:11 +0000 (03:50 +0900)]
test-network: test stacked erspan tunnels
Yu Watanabe [Fri, 29 Mar 2019 18:49:11 +0000 (03:49 +0900)]
man: update Tunnel.Key= and friends
Yu Watanabe [Fri, 29 Mar 2019 18:43:19 +0000 (03:43 +0900)]
network: make GRE and GRETAP support Key=, InputKey=, OutputKey=, and SerializeTunneledPackets=
This also merge netdev_gre_fill_message_create() and netdev_erspan_fill_message_create().
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 21:27:31 +0000 (22:27 +0100)]
Merge pull request #12048 from jengelh/master
rpm: avoid hiding errors from systemd commands
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 21:23:38 +0000 (22:23 +0100)]
Merge pull request #12146 from yuwata/test-network-wait-online
test-network: use wait-online to speed up tests
Yu Watanabe [Fri, 29 Mar 2019 18:34:03 +0000 (03:34 +0900)]
network: make erspan netdev can be specified in Network.Tunnel=
Yu Watanabe [Fri, 29 Mar 2019 17:47:33 +0000 (02:47 +0900)]
network: do not continue when appending data to netlink message fails
Yu Watanabe [Wed, 27 Mar 2019 20:53:45 +0000 (05:53 +0900)]
test-network: merge tests for [Route] section
Yu Watanabe [Thu, 21 Mar 2019 20:56:52 +0000 (05:56 +0900)]
test-network: use wait_online() in test_sysctl_disable_ipv6()
Yu Watanabe [Thu, 21 Mar 2019 20:53:15 +0000 (05:53 +0900)]
test-network: use wait_online() in test_sysctl()
This also disables IPv6AcceptRA= to speed up the test.
Yu Watanabe [Thu, 21 Mar 2019 20:48:12 +0000 (05:48 +0900)]
test-network: use wait_online() in test_link_local_addressing()
This also disables IPv6AcceptRA= to speed up the test.
Yu Watanabe [Thu, 21 Mar 2019 20:41:51 +0000 (05:41 +0900)]
test-network: fix addr_gen_mode
If stable_secret is set, then networkd sets addr_gen_mode 2.
Yu Watanabe [Thu, 21 Mar 2019 20:20:04 +0000 (05:20 +0900)]
test-network: move tests related to bonding
Yu Watanabe [Thu, 21 Mar 2019 20:08:20 +0000 (05:08 +0900)]
test-network: merge tests about static addresses
And use wait_online()
Yu Watanabe [Thu, 21 Mar 2019 20:06:09 +0000 (05:06 +0900)]
test-network: add wait_online() helper function
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 15:44:48 +0000 (16:44 +0100)]
Merge pull request #12138 from poettering/doc-ip-allow-src-dst
man: expand IPAddressAllow= docs a bit
Lennart Poettering [Thu, 28 Mar 2019 16:15:40 +0000 (17:15 +0100)]
update TODO
Lennart Poettering [Thu, 28 Mar 2019 16:14:39 +0000 (17:14 +0100)]
man: clarify which addresses are affected by IPAddressAllow=/IPAddressDeny=
For ingress traffic it's the source address of IP packets we check, for
egress traffic it's the destination address. Mention that.
Piotr Drąg [Mon, 25 Mar 2019 09:40:57 +0000 (10:40 +0100)]
po: update Polish translation
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 14:02:50 +0000 (15:02 +0100)]
Merge pull request #12140 from poettering/copy-early
chattr/copy.c fixes
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 14:00:25 +0000 (15:00 +0100)]
Merge pull request #12137 from poettering/socket-var-run
warn about sockets in /var/run/ too
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 13:59:00 +0000 (14:59 +0100)]
Merge pull request #12133 from poettering/rseq-whitelist
whitelist rseq() system call in `@default` syscall group
Lennart Poettering [Thu, 28 Mar 2019 08:59:24 +0000 (09:59 +0100)]
analyze: check both possible mount points of tracefs
Let's try the new one first, the old one second.
Lennart Poettering [Thu, 28 Mar 2019 18:26:21 +0000 (19:26 +0100)]
fsck: copy out device argument from argv[] before forking
We nowadays rename our child processes, hence argv[] will be clobbered,
let's hence copy the device path to dynamic memory before forking.
This is fall-out from
60ffa37a65a96c3af857a3dfc4a6fd47b20cc90e since we
now a lot more often end up overriding the argv[] buffer than before,
simple because we know what to override.
These kind of bugs kinda suck. THere are only two options here: stop
overriding argv[] for all cases (or just these cases) or explicitly
copying out everything we need in child processes before forking. With
this patch I opt for the latter, though I am not 100% convinced this is
a great solution. Just a better solution than everything else, i.e.
allowing argv[] to remain out of sync with what others see.
Fixes: #12135
Jörg Thalheim [Thu, 28 Mar 2019 16:20:52 +0000 (16:20 +0000)]
wireguard: fix exponential backoff when resolving hosts
It should stop at 25s, not start.
Fixes #12134
Zbigniew Jędrzejewski-Szmek [Thu, 28 Mar 2019 14:55:09 +0000 (15:55 +0100)]
headers: add missing includes
Fixes #12125.
Lennart Poettering [Thu, 28 Mar 2019 08:26:50 +0000 (09:26 +0100)]
sd-bus: change "int" → "signed int" on bitfield
Apparently by the C standard "int" bitfields can have any signedness
(unlike non-bitfield declarations which are "signed" if the signedness
is not specified).
Let's fix the LGTM warning about this hence and be explicit that we mean
"signed" here.
Lennart Poettering [Thu, 28 Mar 2019 17:41:39 +0000 (18:41 +0100)]
tmpfiles: move full chattr flag set to chattr-util.h
It's a pretty generic concept and fits will there, hence let's move it.
Lennart Poettering [Thu, 28 Mar 2019 17:38:59 +0000 (18:38 +0100)]
update NEWS
Lennart Poettering [Thu, 28 Mar 2019 17:10:17 +0000 (18:10 +0100)]
update TODO
Lennart Poettering [Thu, 28 Mar 2019 17:35:03 +0000 (18:35 +0100)]
tmpfiles: support the FS_PROJINHERIT_FL chattr flag
Lennart Poettering [Thu, 28 Mar 2019 16:54:04 +0000 (17:54 +0100)]
util-lib: when copying files make sure to apply some chattrs early, some late
Some chattrs only work sensible if you set them right after opening a
file for create (think: FS_NOCOW_FL). Others only work when they are
applied when the file is fully written (think: FS_IMMUTABLE_FL). Let's
take that into account when copying files and applying a chattr to them.
Lennart Poettering [Thu, 28 Mar 2019 17:34:33 +0000 (18:34 +0100)]
missing: add FS_PROJINHERIT_FL
It's available since kernel 4.5, but not in older kernels.
Lennart Poettering [Thu, 28 Mar 2019 16:00:46 +0000 (17:00 +0100)]
update TODO
Lennart Poettering [Thu, 28 Mar 2019 15:59:57 +0000 (16:59 +0100)]
core: complain and correct /var/run/ → /run/ for listening sockets
We already do that for PIDFile= paths, and for tmpfiles.d/ snippets,
let's also do this for .socket paths.
Lennart Poettering [Thu, 28 Mar 2019 15:46:27 +0000 (16:46 +0100)]
load-fragment: use TAKE_PTR() where we can
Michal Sekletar [Wed, 27 Mar 2019 08:27:21 +0000 (09:27 +0100)]
cryptsetup-generator: set high OOM score for systemd-cryptsetup instances
With new LUKS2 header format it is possible to use Argon2 key derivation
function. This function is "memory-hard" hence keyslot unlocking can
potentially use a lot of RAM as this increases resistance to massively
parallel GPU based password cracking.
However, when multiple systemd-cryptsetup binaries run at the same
time it is very likely that system using Argon2 (e.g. Fedora 30)
will encounter memory-pressure during early boot, following OOM killing
spree.
This patch aims to lower the damage done by OOM killer and sets OOMScore
for systemd-cryptsetup units to 500. Hopefully OOM killer will then
shoot us down and leave rest of the system services alone.
Lennart Poettering [Thu, 28 Mar 2019 14:52:27 +0000 (15:52 +0100)]
Merge pull request #12130 from keszybz/fix-ndebug-builds
Fix ndebug builds
Lennart Poettering [Thu, 28 Mar 2019 11:00:28 +0000 (12:00 +0100)]
update TODO
Lennart Poettering [Thu, 28 Mar 2019 09:01:09 +0000 (10:01 +0100)]
seccomp: add rseq() to default list of syscalls to whitelist
Apparently glibc is going to call this implicitly soon, hence let's
whitelist this by default.
Fixes: #12127
Lennart Poettering [Thu, 28 Mar 2019 11:09:23 +0000 (12:09 +0100)]
core: break overly long line
Lennart Poettering [Thu, 28 Mar 2019 11:00:56 +0000 (12:00 +0100)]
core: parse '@default' seccomp group permissively
We are about to add system calls (rseq()) not available on old
libseccomp/old kernels, and hence we need to be permissive when parsing
our definitions.
Zbigniew Jędrzejewski-Szmek [Thu, 28 Mar 2019 10:04:26 +0000 (11:04 +0100)]
Merge pull request #12115 from poettering/verbose-job-enqueue
add "systemctl --show-transaction start" as a more verbose "systemctl start" that shows enqueued jobs
Zbigniew Jędrzejewski-Szmek [Thu, 28 Mar 2019 08:44:02 +0000 (09:44 +0100)]
meson: disable warnings about unused variables for NDEBUG builds
With assertions disabled, we'd get a bunch of warnings that really bring no
value. With this change, a default meson build with -Db_ndebug=true generates
no warnings.
Zbigniew Jędrzejewski-Szmek [Thu, 28 Mar 2019 08:43:56 +0000 (09:43 +0100)]
core: avoid unnecessary cast
Zbigniew Jędrzejewski-Szmek [Thu, 28 Mar 2019 08:35:26 +0000 (09:35 +0100)]
test-terminal-util: fix sigsegv when compiled without asserts
I couldn't figure out what is going on here, because LTO inlines everything and
then the backtrace reported a different spot. But when compiled with NDEBUG but
no LTO, it's fairly obvious ;)
C.f. #12008.
Zbigniew Jędrzejewski-Szmek [Wed, 27 Mar 2019 13:28:24 +0000 (14:28 +0100)]
Remove variable only used for an assert
When compiled with -DNDEBUG, we get warnings about set-but-unused variables.
In general, it's not something we care about, but since removing those
variables arguably makes the code nicer, let's just to it in this case.
Zbigniew Jędrzejewski-Szmek [Wed, 27 Mar 2019 12:25:57 +0000 (13:25 +0100)]
test-terminal-util: add function logging
Lennart Poettering [Tue, 26 Mar 2019 19:11:30 +0000 (20:11 +0100)]
tree-wide: reorder various structures to make them smaller and use fewer cache lines
Some "pahole" spelunking.
Lennart Poettering [Wed, 27 Mar 2019 13:36:36 +0000 (14:36 +0100)]
tree-wide: (void)ify a few unlink() and rmdir()
Let's be helpful to static analyzers which care about whether we
knowingly ignore return values. We do in these cases, since they are
usually part of error paths.
Lennart Poettering [Wed, 27 Mar 2019 14:05:51 +0000 (15:05 +0100)]
Merge pull request #12119 from keszybz/voidify-mkdir-p
Voidify mkdir_p() and normalize util.h includes
Lennart Poettering [Wed, 27 Mar 2019 13:15:59 +0000 (14:15 +0100)]
Merge pull request #12113 from poettering/terminal-util-fixlets
tiny terminal-util.c fixlets
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 06:58:40 +0000 (07:58 +0100)]
man: clarify the role of OnBootSec= in containers
https://github.com/systemd/systemd/pull/12104#pullrequestreview-
218627236
Zbigniew Jędrzejewski-Szmek [Wed, 27 Mar 2019 08:30:35 +0000 (09:30 +0100)]
journalctl: voidify mkdir_p() call and unify two similar code paths
Let's unify the two similar code paths to watch /run/systemd/journal.
The code in manager.c is similar, but it uses mkdir_p_label(), and unifying
that would be too much trouble, so let's just adjust the error messages to
be the same.
CID #1400224.
Lennart Poettering [Tue, 26 Mar 2019 16:22:18 +0000 (17:22 +0100)]
terminal-util: add paranoid overflow check
Lennart Poettering [Tue, 26 Mar 2019 16:19:47 +0000 (17:19 +0100)]
terminal-util: modernize things with TAKE_PTR a bit
Lennart Poettering [Tue, 26 Mar 2019 17:02:49 +0000 (18:02 +0100)]
man: document the new systemctl --show-transaction option
Lennart Poettering [Tue, 26 Mar 2019 16:39:36 +0000 (17:39 +0100)]
test: add some basic testing that "systemctl start -T" does something
Lennart Poettering [Fri, 22 Mar 2019 19:58:13 +0000 (20:58 +0100)]
systemctl: add new --show-transaction switch
This new switch uses the new method call EnqueueUnitJob() for enqueuing
a job and showing the jobs it enqueued.
Fixes: #2297
Lennart Poettering [Tue, 26 Mar 2019 15:19:35 +0000 (16:19 +0100)]
systemctl: split out extra args generation into helper function of its own
Lennart Poettering [Tue, 26 Mar 2019 14:49:52 +0000 (15:49 +0100)]
systemctl: reindent table
Lennart Poettering [Tue, 26 Mar 2019 14:25:48 +0000 (15:25 +0100)]
systemctl: more SYNTHETIC_ERRNO() conversion
Lennart Poettering [Tue, 26 Mar 2019 14:20:26 +0000 (15:20 +0100)]
systemctl: replace switch statement by table of structures
Lennart Poettering [Fri, 22 Mar 2019 19:57:30 +0000 (20:57 +0100)]
core: add new API for enqueing a job with returning the transaction data
Zbigniew Jędrzejewski-Szmek [Wed, 27 Mar 2019 10:33:50 +0000 (11:33 +0100)]
Voidify more mkdir_p calls
Zbigniew Jędrzejewski-Szmek [Wed, 27 Mar 2019 10:32:41 +0000 (11:32 +0100)]
headers: remove unneeded includes from util.h
This means we need to include many more headers in various files that simply
included util.h before, but it seems cleaner to do it this way.
Zbigniew Jędrzejewski-Szmek [Wed, 27 Mar 2019 08:18:50 +0000 (09:18 +0100)]
test-fileio: do not use variable before checking return value
Coverity is unhappy because we use "line" in the assert that checks
the return value. It doesn't matter much, but let's clean this up.
Also, let's not assume that /proc/cmdline contains anything.
CID #1400219.
Lennart Poettering [Wed, 27 Mar 2019 08:29:13 +0000 (09:29 +0100)]
Merge pull request #12110 from keszybz/sysv-compat-fix
Sysv-compat compilation fix
Lennart Poettering [Wed, 27 Mar 2019 08:27:20 +0000 (09:27 +0100)]
Merge pull request #12116 from keszybz/mock-compilation-fixes
Fixes for compilation in Fedora 30 mock
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 11:46:02 +0000 (12:46 +0100)]
shared/install: try even harder to make sure variable is initalized
Apparently the fix in
a05294ff05923563087b53c1db64816130be3b34 was
not sufficient. Let's declare the two arrays as static variables.
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 18:26:11 +0000 (19:26 +0100)]
Merge pull request #12109 from poettering/sleep-minifixes
tiny fixes to sleep.c
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 09:20:57 +0000 (10:20 +0100)]
util-lib: fix sentence in comment
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 09:19:19 +0000 (10:19 +0100)]
systemctl: define less stuff when !HAVE_SYSV_COMPAT
We'd translate our action to sysv runlevel action, only to discard the result
in talk_initctl(). Let's just ifdef the whole thing away.
Fixes #12103.
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 11:01:00 +0000 (12:01 +0100)]
test-execute: skip flaky test when we can't unshare namespaces
When running in Fedora "mock", / is a tmpfs and /home is not mounted. The test
assumes that /home will be a tmpfs only and only if we can unshare. Obviously,
this does not hold in this case, because unsharing is not possible, but /home
is still a tmpfs. Let's just skip the test, since it's fully legitimate to
mount either or both of / and /home as tmpfs.
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 10:38:55 +0000 (11:38 +0100)]
test-execute: provide custom failure message
test_exec_ambientcapabilities: exec-ambientcapabilities-nobody.service: exit status 0, expected 1
Sometimes we get just the last line, for example from the failure summary,
so make it as useful as possible.
Lennart Poettering [Tue, 26 Mar 2019 08:59:32 +0000 (09:59 +0100)]
update TODO
Lennart Poettering [Tue, 26 Mar 2019 08:59:11 +0000 (09:59 +0100)]
sleep: (void)ify some call
Lennart Poettering [Tue, 26 Mar 2019 08:57:53 +0000 (09:57 +0100)]
sleep: use negative_errno() where appropriate
Lennart Poettering [Tue, 26 Mar 2019 09:05:29 +0000 (10:05 +0100)]
Merge pull request #12044 from keszybz/ttyname-malloc-simplification
util-lib: use a fixed buffer size for terminal path
Lennart Poettering [Fri, 22 Mar 2019 12:23:45 +0000 (13:23 +0100)]
tests: add simple testcase for getttyname_malloc()
Zbigniew Jędrzejewski-Szmek [Tue, 26 Mar 2019 07:58:00 +0000 (08:58 +0100)]
Merge pull request #12106 from poettering/nosuidns
add "nosuid" flag to exec directory mounts of DynamicUser=1 services