platform/upstream/systemd.git
6 years agoresolved: tweak domain routing logic a bit
Lennart Poettering [Fri, 8 Dec 2017 16:21:42 +0000 (17:21 +0100)]
resolved: tweak domain routing logic a bit

This makes sure that a classic DNS scope that has no DNS servers
assigned is never considered for routing requests to even if it has
matching search/routing domains associated.

This is inspired by #7544, where lookup requests are refused since a
scope with no DNS server is configured. This change does not deliver
what the reporter intended, but is generally useful in general, as it
makes us mor robust to misconfiguration.

6 years agoresolved: synchronize introduction blurbs in all three resolv.conf files we provide
Lennart Poettering [Fri, 8 Dec 2017 16:19:27 +0000 (17:19 +0100)]
resolved: synchronize introduction blurbs in all three resolv.conf files we provide

Let's use the same wording and same contents in all three versions.

6 years agoresolved: beef up logic to detect our own configuration files
Lennart Poettering [Fri, 8 Dec 2017 16:01:47 +0000 (17:01 +0100)]
resolved: beef up logic to detect our own configuration files

Let's also check for the static resolv.conf, so that we filter all three
of our own files out.

6 years agoresolved: don't make defines needlessly public
Lennart Poettering [Fri, 8 Dec 2017 15:55:00 +0000 (16:55 +0100)]
resolved: don't make defines needlessly public

6 years agoresolved: store the mtime of the file we read
Lennart Poettering [Fri, 8 Dec 2017 15:53:36 +0000 (16:53 +0100)]
resolved: store the mtime of the file we read

Let's make sure we use the mtime of the current fstat() data, rather
than the mtime of the old stat(), fixing a theoretical race.

6 years agoresolved: fix a minimal race, when reading /etc/resolv.conf
Lennart Poettering [Fri, 8 Dec 2017 15:51:46 +0000 (16:51 +0100)]
resolved: fix a minimal race, when reading /etc/resolv.conf

The user might replace a foreign /etc/resolv.conf with a symlink to one
of ours between the time we did stat() and open the file. Hence, let's
check the fstat() data right after opening the file, a second time.

6 years agoacl: fix typo in comment (#7580)
Yu Watanabe [Fri, 8 Dec 2017 12:34:25 +0000 (21:34 +0900)]
acl: fix typo in comment (#7580)

6 years agonetworkd: Ignore DNS information when uplink is not managed (#7571)
Patrik Flykt [Fri, 8 Dec 2017 12:33:40 +0000 (14:33 +0200)]
networkd: Ignore DNS information when uplink is not managed (#7571)

When another networking daemon or configuration is handling the
uplink connection, systemd-networkd won't have a network configuration
associated with the link, and therefore link->network will be NULL.
An assert will be triggered later on in the code when link->network is
NULL.

6 years agoMerge pull request #7570 from keszybz/sulogin-shell-reload-manager
Lennart Poettering [Fri, 8 Dec 2017 12:09:45 +0000 (13:09 +0100)]
Merge pull request #7570 from keszybz/sulogin-shell-reload-manager

Reload manager before exit from sulogin shell

6 years agoman: missing whitespace (#7579)
Clinton Roy [Fri, 8 Dec 2017 02:44:20 +0000 (15:44 +1300)]
man: missing whitespace (#7579)

6 years agovirt: propagate errors in detect_vm_xen_dom0 (#7553)
Olaf Hering [Thu, 7 Dec 2017 20:09:32 +0000 (21:09 +0100)]
virt: propagate errors in detect_vm_xen_dom0 (#7553)

Update detect_vm_xen_dom0 to propagate errors in case reading
/proc/xen/capabilites fails. This does not fix any bugs, it just makes
it consistent with other functions called by detect_vm.

6 years agoboot/efi: fixup TPM V2 measuring and logging (#7568)
Harald Hoyer [Thu, 7 Dec 2017 20:07:53 +0000 (21:07 +0100)]
boot/efi: fixup TPM V2 measuring and logging (#7568)

Honor the log format and use packed event structures.

Fixes https://github.com/systemd/systemd/issues/7118

6 years agoMerge pull request #7572 from poettering/taint-manager
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 20:06:28 +0000 (21:06 +0100)]
Merge pull request #7572 from poettering/taint-manager

"taint" logic improvements and other minor fixes

6 years agoMerge pull request #7573 from poettering/empty-to-null
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 20:04:53 +0000 (21:04 +0100)]
Merge pull request #7573 from poettering/empty-to-null

use empty_to_null() where we can

6 years agoNEWS: mention systemd-tmpfiles --user (#7574)
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 20:03:32 +0000 (21:03 +0100)]
NEWS: mention systemd-tmpfiles --user (#7574)

6 years agoMerge pull request #7562 from poettering/fix-manager-test-mkdir
Lennart Poettering [Thu, 7 Dec 2017 16:31:34 +0000 (17:31 +0100)]
Merge pull request #7562 from poettering/fix-manager-test-mkdir

fix --test mode

6 years agosulogin-shell: replace "^D" by "exit"
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 11:42:06 +0000 (12:42 +0100)]
sulogin-shell: replace "^D" by "exit"

^D is a bit cryptic, and advanced users will know that they can use ^D instead
of typing exit anyway.

6 years agoupdate TODO
Lennart Poettering [Thu, 7 Dec 2017 10:58:58 +0000 (11:58 +0100)]
update TODO

6 years agonspawn: turn on watchdog logic for nspawn too
Lennart Poettering [Thu, 7 Dec 2017 10:58:25 +0000 (11:58 +0100)]
nspawn: turn on watchdog logic for nspawn too

It's a long-running daemon, and it's easy to enable, hence do it.

6 years agomanager: taint the manager if the overflowuid/overflowgid aren't set to 65534
Lennart Poettering [Thu, 7 Dec 2017 10:35:02 +0000 (11:35 +0100)]
manager: taint the manager if the overflowuid/overflowgid aren't set to 65534

6 years agosulogin-shell: do daemon-reload before starting default target
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 09:33:11 +0000 (10:33 +0100)]
sulogin-shell: do daemon-reload before starting default target

If the user modifies configuration, e.g. /etc/fstab, they might forget to tell
systemd about the changes. Let's do a reload for them.

Note that doing a reload should be safe, because emergency and rescue modes are
"single threaded" and nothing should be doing changes at the point where we are
exiting from the sushell. Also, daemon-reload can be implicitly called at
various moments, so we can ignore the case where the user did some incompatible
changes on disk and is counting on systemd never reloading and picking them up.

C.f. #7565.

6 years agosulogin-shell: simplify returns from a function
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 09:51:03 +0000 (10:51 +0100)]
sulogin-shell: simplify returns from a function

This is actually slightly safer because it allows gcc to make sure that all code
paths either call return or are noreturn. But the real motivation is just to
follow the usual style and make it a bit shorter.

6 years agomeson: place systemd-sulogin-shell in build/
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 09:44:43 +0000 (10:44 +0100)]
meson: place systemd-sulogin-shell in build/

We do that will all executables so that it's easy to call them.

6 years agocore: use empty_to_null() where we can
Lennart Poettering [Thu, 7 Dec 2017 11:13:00 +0000 (12:13 +0100)]
core: use empty_to_null() where we can

6 years agococcinelle: improve run-coccinelle.sh to take list of scripts to run
Lennart Poettering [Thu, 7 Dec 2017 11:11:13 +0000 (12:11 +0100)]
coccinelle: improve run-coccinelle.sh to take list of scripts to run

Let's tweak run-coccinelle.sh to optionally take a list of scripts to
run. If not specified, run all scripts, as before.

6 years agocore: add console error message if manager_startup() fails
Lennart Poettering [Thu, 7 Dec 2017 10:28:00 +0000 (11:28 +0100)]
core: add console error message if manager_startup() fails

6 years agocore: make "taint" string logic a bit more generic and output it at boot
Lennart Poettering [Thu, 7 Dec 2017 10:27:07 +0000 (11:27 +0100)]
core: make "taint" string logic a bit more generic and output it at boot

The tainting logic existed for a long time, but was hidden inside the
bus interfaces. Let's give it a small bit more coverage, by logging its
value early at boot during initialization.

6 years agomanager: don't check /usr state of initrd to determine "taint-usr" taint
Lennart Poettering [Thu, 7 Dec 2017 10:09:09 +0000 (11:09 +0100)]
manager: don't check /usr state of initrd to determine "taint-usr" taint

6 years agomanager: don't bother with creating /run/systemd/units/ in test mode
Lennart Poettering [Wed, 6 Dec 2017 22:24:29 +0000 (23:24 +0100)]
manager: don't bother with creating /run/systemd/units/ in test mode

This makes sure running "systemd --test" works again on systems running
older systemd versions where the dir doesn't exist yet.

6 years agoMerge pull request #7567 from yuwata/fix-nobody
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 10:07:02 +0000 (11:07 +0100)]
Merge pull request #7567 from yuwata/fix-nobody

nobody related fixes

6 years agomanager: split out code that sets up run_queue event source into function of its own
Lennart Poettering [Wed, 6 Dec 2017 22:24:00 +0000 (23:24 +0100)]
manager: split out code that sets up run_queue event source into function of its own

Let's shorten manager_new() a bit.

6 years agomeson: warn if nobody-user and nobody-group are set to different name
Yu Watanabe [Thu, 7 Dec 2017 08:19:11 +0000 (17:19 +0900)]
meson: warn if nobody-user and nobody-group are set to different name

It may work, but is very strange. So, let's warn about that.

v2:
Debian uses nobody and nogroup. Do not warn such case.

6 years agosysusers: use NOBODY_USER_NAME
Yu Watanabe [Thu, 7 Dec 2017 06:49:16 +0000 (15:49 +0900)]
sysusers: use NOBODY_USER_NAME

6 years agotest: use NOBODY_USER_NAME instead of hard-coded string "noody"
Yu Watanabe [Thu, 7 Dec 2017 06:48:44 +0000 (15:48 +0900)]
test: use NOBODY_USER_NAME instead of hard-coded string "noody"

6 years agoMerge pull request #7554 from keszybz/autodetect-build
Lennart Poettering [Thu, 7 Dec 2017 08:07:40 +0000 (09:07 +0100)]
Merge pull request #7554 from keszybz/autodetect-build

Autodetect build directory ignoring mkosi artefacts

6 years agoMerge pull request #7560 from poettering/refactor-main
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 07:51:04 +0000 (08:51 +0100)]
Merge pull request #7560 from poettering/refactor-main

reduce main() size a bit

6 years agoMerge pull request #7566 from yuwata/fix-bootspec-default-entry
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 07:49:11 +0000 (08:49 +0100)]
Merge pull request #7566 from yuwata/fix-bootspec-default-entry

bootspec: fix debug message about default entry

6 years agounits: delegate only "cpu" and "pids" controllers by default (#7564)
Lennart Poettering [Thu, 7 Dec 2017 07:48:08 +0000 (08:48 +0100)]
units: delegate only "cpu" and "pids" controllers by default (#7564)

Now that we can configure which controllers to delegate precisely, let's
limit wht we delegate to the user session: only "cpu" and "pids" as a
minimal baseline.

Fixes: #1715

6 years agobootspec: make boot_entries_select_default() static
Yu Watanabe [Thu, 7 Dec 2017 05:23:11 +0000 (14:23 +0900)]
bootspec: make boot_entries_select_default() static

The function is used only in bootspec.c.
So, let's make the function static.

6 years agobootspec: fix debug message about default entry
Yu Watanabe [Thu, 7 Dec 2017 05:21:13 +0000 (14:21 +0900)]
bootspec: fix debug message about default entry

When no entries matches with entry_oneshot, entry_default and
default_pattern, then log message shows a wrong entry.
Moreover, if none of entry_oneshot, entry_default and default_pattern
are set, then the index `i` is uninitialized.
This fixes such problem.

6 years agoNEWS: add missing whitespace (#7561)
Christian Hesse [Wed, 6 Dec 2017 22:49:01 +0000 (23:49 +0100)]
NEWS: add missing whitespace (#7561)

6 years agoMerge pull request #7551 from poettering/resolved-unknown-scope
Zbigniew Jędrzejewski-Szmek [Wed, 6 Dec 2017 22:30:51 +0000 (23:30 +0100)]
Merge pull request #7551 from poettering/resolved-unknown-scope

downgrade resolved log messages about incoming packets from unknown scopes

6 years agoMerge pull request #7559 from evverx/incorrect-spec-memleak
Zbigniew Jędrzejewski-Szmek [Wed, 6 Dec 2017 21:56:02 +0000 (22:56 +0100)]
Merge pull request #7559 from evverx/incorrect-spec-memleak

shared: fix a memory leak

6 years agocore: split out execution context logging from main()
Lennart Poettering [Wed, 6 Dec 2017 20:50:18 +0000 (21:50 +0100)]
core: split out execution context logging from main()

Again, no functional changes, let's just shorten main() a bit, by
splitting out more code into a separate functions.

6 years agocore: move write_container_id() invocation into initialize_runtime()
Lennart Poettering [Wed, 6 Dec 2017 20:42:36 +0000 (21:42 +0100)]
core: move write_container_id() invocation into initialize_runtime()

This moves the invocation a bit later, but that shoudln't matter. By
moving it we gain two things: first of all, its closer to other code
where it belongs, secondly its naturally conditioned properly, as we no
longer will rewrite the container ID file on every reexecution again,
and not in test mode either.

6 years agocore: split out various system/process initialization steps into its own function
Lennart Poettering [Wed, 6 Dec 2017 20:31:35 +0000 (21:31 +0100)]
core: split out various system/process initialization steps into its own function

Again, no changes in behaviour, just some refactoring to make main() a
bit more digestable.

6 years agocore: split out code that frees arg_xyz variables
Lennart Poettering [Wed, 6 Dec 2017 20:17:58 +0000 (21:17 +0100)]
core: split out code that frees arg_xyz variables

No change in behaviour, just some refactoring to shorten main() a bit.

6 years agocore: split out code that queues default job from main()
Lennart Poettering [Wed, 6 Dec 2017 20:13:10 +0000 (21:13 +0100)]
core: split out code that queues default job from main()

No functional changes really, just some refactoring to shorten main() a
bit

6 years agocore: split out the core loop out of main()
Lennart Poettering [Wed, 6 Dec 2017 19:47:28 +0000 (20:47 +0100)]
core: split out the core loop out of main()

No real functional changes, just some rearranging to shorten the overly
long main() function a bit.

This gets rid of the arm_reboot_watchdog variable, as it can be directly
derived from shutdown_verb, and we need it only one time. By dropping it
we can reduce the number of arguments we need to pass around.

6 years agocore: split out reexecution code of main() into its own function
Lennart Poettering [Wed, 6 Dec 2017 19:16:35 +0000 (20:16 +0100)]
core: split out reexecution code of main() into its own function

No functional changes, just an attempt to shorten main() a bit.

6 years agovirt: remove triple spurious newline
Lennart Poettering [Wed, 6 Dec 2017 19:16:30 +0000 (20:16 +0100)]
virt: remove triple spurious newline

6 years agoshared: fix a memory leak
Evgeny Vereshchagin [Wed, 6 Dec 2017 19:12:05 +0000 (19:12 +0000)]
shared: fix a memory leak

```
$ ./src/test/test-systemd-tmpfiles.py valgrind --leak-check=full --error-exitcode=1 ./build/systemd-tmpfiles
...
Running valgrind --leak-check=full --error-exitcode=1 ./build/systemd-tmpfiles on 'w /unresolved/argument - - - - "%Y"'
...
[<stdin>:1] Failed to substitute specifiers in argument: Invalid slot
...
==22602== 5 bytes in 1 blocks are definitely lost in loss record 1 of 2
==22602==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22602==    by 0x4ECA7D4: malloc_multiply (alloc-util.h:74)
==22602==    by 0x4ECA909: specifier_printf (specifier.c:59)
==22602==    by 0x113490: specifier_expansion_from_arg (tmpfiles.c:1923)
==22602==    by 0x1144E7: parse_line (tmpfiles.c:2159)
==22602==    by 0x11551C: read_config_file (tmpfiles.c:2425)
==22602==    by 0x115AB0: main (tmpfiles.c:2529)
```

6 years agotests: allow passing more than one argument to test-systemd-tmpfiles.py
Evgeny Vereshchagin [Wed, 6 Dec 2017 19:04:45 +0000 (19:04 +0000)]
tests: allow passing more than one argument to test-systemd-tmpfiles.py

This makes it easier to run `systemd-tmpfiles` under valgrind.

6 years agovirt: use /proc/xen as indicator for a Xen domain (#6442, #6662) (#7555)
Olaf Hering [Wed, 6 Dec 2017 18:59:30 +0000 (19:59 +0100)]
virt: use /proc/xen as indicator for a Xen domain (#6442, #6662) (#7555)

The file /proc/xen/capabilities is only available if xenfs is mounted.

With a classic xenlinux based kernel that file is available
unconditionally. But with a modern pvops based kernel, xenfs must be
mounted before the "capabilities" may appear. xenfs is mounted very late
via .services files provided by the Xen toolstack. Other units may be
scheduled before xenfs is mounted, which will confuse the detection of
VIRTUALIZATION_XEN.

In all Xen enabled kernels, and if that kernel is actually running on
the Xen hypervisor, the "/proc/xen" directory is the reliable indicator
that this instance runs in a "Xen guest".

Adjust the code to check for /proc/xen instead of
/proc/xen/capabilities.

Fixes commit 3f61278b5 ("basic: Bugfix Detect XEN Dom0 as no virtualization")

6 years agoMerge pull request #7419 from keszybz/tmpfiles-fixes
Lennart Poettering [Wed, 6 Dec 2017 18:50:26 +0000 (19:50 +0100)]
Merge pull request #7419 from keszybz/tmpfiles-fixes

Tmpfiles --user mode and various fixes

6 years agoSet secure_boot flag in Kernel Zero-Page (#7482)
Max Resch [Wed, 6 Dec 2017 14:29:52 +0000 (15:29 +0100)]
Set secure_boot flag in Kernel Zero-Page (#7482)

Setting the secure_boot flag, avoids getting the printout
"EFI stub: UEFI Secure Boot is enabled." when booting
a Linux kernel with linuxx64.efi.stub and EFI SecureBoot enabled.

This is mainly a cosmetic fixup, as the "quiet" kernel parameter does
not silence pr_efi printouts in the linux kernel (this only works using
the efi stub from the linux source tree)

6 years agoMerge pull request #7530 from poettering/uid-gid-fixes
Zbigniew Jędrzejewski-Szmek [Wed, 6 Dec 2017 14:28:31 +0000 (15:28 +0100)]
Merge pull request #7530 from poettering/uid-gid-fixes

various uid/gid fixes

6 years agorun-integration-test: allow argument to be overriden
Zbigniew Jędrzejewski-Szmek [Wed, 6 Dec 2017 14:13:02 +0000 (15:13 +0100)]
run-integration-test: allow argument to be overriden

This is useful for "sudo test/run-integration-tests.sh clean".

6 years agotests: try to autodetect directory better
Zbigniew Jędrzejewski-Szmek [Wed, 6 Dec 2017 14:09:54 +0000 (15:09 +0100)]
tests: try to autodetect directory better

Ignore mkosi.builddir. In the future we can also add other patterns
if necessary.

run-intergration-tests.sh is updated to use the new script, and modified
to work from arbitrary directory.

Follow-up for #7494.

6 years agomkosi.build: add code to determine the right nobody user/group name
Lennart Poettering [Wed, 6 Dec 2017 12:53:39 +0000 (13:53 +0100)]
mkosi.build: add code to determine the right nobody user/group name

6 years agoAdded some missing Swedish Strings (#7552)
hanklank [Wed, 6 Dec 2017 12:52:25 +0000 (13:52 +0100)]
Added some missing Swedish Strings (#7552)

6 years agoupdate TODO
Lennart Poettering [Sat, 2 Dec 2017 12:11:25 +0000 (13:11 +0100)]
update TODO

6 years agomeson: print warnings if the "nobody" user/group name is not compatible with the...
Lennart Poettering [Tue, 5 Dec 2017 10:00:24 +0000 (11:00 +0100)]
meson: print warnings if the "nobody" user/group name is not compatible with the local system

At least on Fedora and Debian systems this not obvious to get right,
hence warn.

6 years agotest-execute: use the "nogroup" group if it exists for testing
Lennart Poettering [Tue, 5 Dec 2017 09:59:44 +0000 (10:59 +0100)]
test-execute: use the "nogroup" group if it exists for testing

We currently look for "nobody" and "nfsnobody" when testing groups, both
of which do not exist on Ubuntu, our main testing environment. Let's
extend the tests slightly to also use "nogroup" if it exists.

6 years agojournal,coredump: do not do ACL magic for "nobody" user either
Lennart Poettering [Mon, 4 Dec 2017 16:09:27 +0000 (17:09 +0100)]
journal,coredump: do not do ACL magic for "nobody" user either

The "nobody" user might possibly be seen by the journal or coredumping
code if unmapped userns-using processes are somehow visible to them.
Let's make sure we don't do the ACL magic for this user either, since
this is a special system user that might be backed by different real
users in different contexts.

6 years agouser-util: synthesize user records for "nobody" the same way as for "root"
Lennart Poettering [Mon, 4 Dec 2017 16:07:48 +0000 (17:07 +0100)]
user-util: synthesize user records for "nobody" the same way as for "root"

We already synthesize records for both "root" and "nobody" in
nss-systemd. Let's do the same in our own NSS wrappers that are supposed
to bypass NSS if possible. Previously this was done for "root" only, but
let's clean this up, and do the same for "nobody" too, so that we
synthesize records the same way everywhere, regardless whether in NSS or
internally.

6 years agouser-util: add UID_NOBODY defines that resolve to (uid_t) 65534
Lennart Poettering [Mon, 4 Dec 2017 16:06:56 +0000 (17:06 +0100)]
user-util: add UID_NOBODY defines that resolve to (uid_t) 65534

We use it all over the place, let's add a #define for it. Makes things
easier greppable, and more explanatory I think.

6 years agonss-systemd: tweak checks when we consult PID 1 for dynamic UID/GID lookups
Lennart Poettering [Sat, 2 Dec 2017 12:07:18 +0000 (13:07 +0100)]
nss-systemd: tweak checks when we consult PID 1 for dynamic UID/GID lookups

Instead of contacting PID 1 for dynamic UID/GID lookups for all
UIDs/GIDs that do not qualify as "system" do the more precise check
instead: check if they actually qualify for the "dynamic" range.

6 years agocoredump,journal: do not do ACL magic for processes of dynamic UIDs
Lennart Poettering [Sat, 2 Dec 2017 12:02:44 +0000 (13:02 +0100)]
coredump,journal: do not do ACL magic for processes of dynamic UIDs

Dynamic UIDs should be treated like system users in this regard.

6 years agouser-util: add new uid_is_system() helper
Lennart Poettering [Sat, 2 Dec 2017 11:59:21 +0000 (12:59 +0100)]
user-util: add new uid_is_system() helper

This adds uid_is_system() and gid_is_system(), similar in style to
uid_is_dynamic(). That a helper like this is useful is illustrated by
the fact that test-condition.c didn't get the check right so far, which
this patch fixes.

6 years agodoc: add a document briefly explaining UID/GID range assumptions we make
Lennart Poettering [Sat, 2 Dec 2017 11:49:22 +0000 (12:49 +0100)]
doc: add a document briefly explaining UID/GID range assumptions we make

6 years agobuild-sys: make the dynamic UID range, and the container UID range configurable
Lennart Poettering [Sat, 2 Dec 2017 11:48:31 +0000 (12:48 +0100)]
build-sys: make the dynamic UID range, and the container UID range configurable

Also, export these ranges in our pkg-config files.

6 years agoresolved: ignore our own LLMNR packets, the same way we ignore mDNS packets already
Lennart Poettering [Wed, 6 Dec 2017 11:45:39 +0000 (12:45 +0100)]
resolved: ignore our own LLMNR packets, the same way we ignore mDNS packets already

Let's minimize our traffic a bit. And for local names we bypass the
packet generation anyway.

6 years agoresolved: downgrade log messages about incoming LLMNR/mDNS packets on unexpected...
Lennart Poettering [Wed, 6 Dec 2017 11:44:05 +0000 (12:44 +0100)]
resolved: downgrade log messages about incoming LLMNR/mDNS packets on unexpected scopes

This might very well happen due to races between joining multicast
groups and network configuration and such, let's not complain, but just
drop the messages at debug level.

Fixes: #7527

6 years agotest-systemd-tmpfiles: respect $HOME in test for %h expansion
Zbigniew Jędrzejewski-Szmek [Mon, 4 Dec 2017 08:05:05 +0000 (09:05 +0100)]
test-systemd-tmpfiles: respect $HOME in test for %h expansion

%h is a special specifier because we look at $HOME (unless running suid, but
let's say that this case does not apply to tmpfiles, since the code is
completely unready to be run suid). For all other specifiers we query the user
db and use those values directly. I'm not sure if this exception is good, but
let's just "document" status quo for now. If this is changes, it should be in
a separate PR.

6 years agotest-systemd-tmpfiles: ignore result of %m test
Zbigniew Jędrzejewski-Szmek [Sat, 2 Dec 2017 14:40:30 +0000 (15:40 +0100)]
test-systemd-tmpfiles: ignore result of %m test

It's failing on artful s390x and i386:
Running /tmp/autopkgtest.Pexzdu/build.lfO/debian/build-deb/systemd-tmpfiles  on 'f /tmp/test-systemd-tmpfiles.c236s1uq/arg - - - - %m'
expect: '01234567890123456789012345678901'
actual: 'e84bc78d162e472a8ac9759f5f1e4e0e'
--- stderr ---
Traceback (most recent call last):
  File "/tmp/autopkgtest.Pexzdu/build.lfO/debian/src/test/test-systemd-tmpfiles.py", line 129, in <module>
    test_valid_specifiers(user=False)
  File "/tmp/autopkgtest.Pexzdu/build.lfO/debian/src/test/test-systemd-tmpfiles.py", line 89, in test_valid_specifiers
    test_content('f {} - - - - %m', '{}'.format(id128.get_machine().hex), user=user)
  File "/tmp/autopkgtest.Pexzdu/build.lfO/debian/src/test/test-systemd-tmpfiles.py", line 84, in test_content
    assert content == expected
AssertionError
-------

Let's skip the test for now until this is resolved properly on the autopkgtest
side.

6 years agotest-systemd-tmpfiles: skip on python3.4
Zbigniew Jędrzejewski-Szmek [Sat, 2 Dec 2017 13:00:58 +0000 (14:00 +0100)]
test-systemd-tmpfiles: skip on python3.4

python3.4 is used by our CI.
Let's revert this when we stop supporting python < 3.5.

6 years agotest-systemd-tmpfiles: add tests for specifiers
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2017 20:15:51 +0000 (21:15 +0100)]
test-systemd-tmpfiles: add tests for specifiers

6 years agoFix typo
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2017 17:53:24 +0000 (18:53 +0100)]
Fix typo

6 years agoman: improve formatting in systemd.unit.xml
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2017 17:53:10 +0000 (18:53 +0100)]
man: improve formatting in systemd.unit.xml

6 years agotmpfiles: also add %t/%S/%C/%L specifiers
Zbigniew Jędrzejewski-Szmek [Thu, 23 Nov 2017 12:56:32 +0000 (13:56 +0100)]
tmpfiles: also add %t/%S/%C/%L specifiers

sd_path_home() returns ENXIO when a variable (such as $XDG_RUNTIME_DIR) is not
defined. Previously we used ENOKEY for unresolvable specifiers. To avoid having
two codes, or translating ENXIO to ENOKEY, I replaced ENOKEY use with ENXIO.

v2:
- use sd_path_home and change to ENXIO everywhere

6 years agoHook up systemd-tmpfiles as user units
Zbigniew Jędrzejewski-Szmek [Thu, 23 Nov 2017 09:54:29 +0000 (10:54 +0100)]
Hook up systemd-tmpfiles as user units

An explicit --user switch is necessary because for the user@0.service instance
systemd-tmpfiles is running as root, and we need to distinguish that from
systemd-tmpfiles running in systemd-tmpfiles*.service.

Fixes #2208.

v2:
- restore "systemd-" prefix
- add systemd-tmpfiles-clean.{service,timer}, systemd-setup.service to
  systemd-tmpfiles(8)

6 years agotmpfiles: add --user switch
Zbigniew Jędrzejewski-Szmek [Thu, 23 Nov 2017 10:20:29 +0000 (11:20 +0100)]
tmpfiles: add --user switch

6 years agotmpfiles: Add specifiers to allow running as user instance
ayekat [Fri, 24 Nov 2017 11:44:08 +0000 (12:44 +0100)]
tmpfiles: Add specifiers to allow running as user instance

This commit adds specifiers %U, %u and %h for the user UID, name and
home directory, respectively.

[zj: drop untrue copy-pasted comments and move the next text
     to the new "Specifiers" section.
     Now that #7444 has been merged, also drop the specifier functions.]

6 years agoRename "system-preset" source dir to "presets"
Zbigniew Jędrzejewski-Szmek [Thu, 23 Nov 2017 12:23:42 +0000 (13:23 +0100)]
Rename "system-preset" source dir to "presets"

I want to add presets/user/ later. This mirrors the layout for units:
we have units/ and units/user. The advantage is that we avoid having yet
another directory at the top level.

6 years agoutil-lib: kill duplicate slashes in lookup paths
Zbigniew Jędrzejewski-Szmek [Thu, 23 Nov 2017 12:02:21 +0000 (13:02 +0100)]
util-lib: kill duplicate slashes in lookup paths

Since we're munging the array anyway, we can make the output a bit
nicer too.

6 years agoshared: export xdg_user_dirs() and xdg_user_*_dir()
Zbigniew Jędrzejewski-Szmek [Thu, 23 Nov 2017 10:41:28 +0000 (11:41 +0100)]
shared: export xdg_user_dirs() and xdg_user_*_dir()

6 years agotmpfiles: "e" takes globs
Zbigniew Jędrzejewski-Szmek [Wed, 22 Nov 2017 14:16:48 +0000 (15:16 +0100)]
tmpfiles: "e" takes globs

Fixes #7369.

6 years agotmpfiles: fix typo in error message
Zbigniew Jędrzejewski-Szmek [Wed, 22 Nov 2017 13:55:14 +0000 (14:55 +0100)]
tmpfiles: fix typo in error message

Fixes #4097.

As of current master, systemd-tmpfiles behaves correctly, apart from a trivial
typo. So let's tell github to close the bug.

With current git:

$ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-tmpfiles --create `pwd`/test/tmpfiles.d/link-loop.conf
Successfully loaded SELinux database in 2.385ms, size on heap is 321K.
Reading config file "/home/zbyszek/src/systemd-work/test/tmpfiles.d/link-loop.conf".
Running create action for entry D /run/hello2
Found existing directory "/run/hello2".
"/run/hello2" has right mode 41777
Running create action for entry f /run/hello2/hello2.test
"/run/hello2/hello2.test" has been created.
"/run/hello2/hello2.test" has right mode 101777
chown "/run/hello2/hello2.test" to 0.84
Running create action for entry L /run/hello2/hello2.link
Found existing symlink "/run/hello2/hello2.link".
Running create action for entry z /run/hello2/hello2.test
"/run/hello2/hello2.test" has right mode 101777
chown "/run/hello2/hello2.test" to 0.0
Running create action for entry z /run/hello2/hello2.link
Skipping mode an owner fix for symlink /run/hello2/hello2.link.

and the permissions are:
$ ls -dl /run/hello2/ /run/hello2/*
drwxrwxrwt. 2 foo   bar    80 Nov 22 14:40 /run/hello2/
lrwxrwxrwx. 1 root  root   23 Nov 22 14:40 /run/hello2/hello2.link -> /run/hello2/hello2.test
-rwxrwxrwt. 1 root  root    0 Nov 22 14:40 /run/hello2/hello2.test

Everything seems correct.

6 years agotmpfiles: downgrade warning about duplicate line
Zbigniew Jędrzejewski-Szmek [Wed, 22 Nov 2017 13:19:13 +0000 (14:19 +0100)]
tmpfiles: downgrade warning about duplicate line

This happens occasionally, especially when moving lines between configuration files
in different packages, and usually is not a big deal.

6 years agoFail on unknown (alphanumerical) specifiers
Zbigniew Jędrzejewski-Szmek [Fri, 24 Nov 2017 11:19:40 +0000 (12:19 +0100)]
Fail on unknown (alphanumerical) specifiers

The code intentionally ignored unknown specifiers, treating them as text. This
needs to change because otherwise we can never add a new specifier in a backwards
compatible way. So just treat an unknown (potential) specifier as an error.

In principle this is a break of backwards compatibility, but the previous
behaviour was pretty much useless, since the expanded value could change every
time we add new specifiers, which we do all the time.

As a compromise for backwards compatibility, only fail on alphanumerical
characters. This should cover the most cases where an unescaped percent
character is used, like size=5% and such, which behave the same as before with
this patch. OTOH, this means that we will not be able to use non-alphanumerical
specifiers without breaking backwards compatibility again. I think that's an
acceptable compromise.

v2:
- add NEWS entry

v3:
- only fail on alphanumerical

6 years agoMerge pull request #7497 from yuwata/fix-cpu-set
Yu Watanabe [Wed, 6 Dec 2017 04:32:06 +0000 (13:32 +0900)]
Merge pull request #7497 from yuwata/fix-cpu-set

fixes related to cpu_set

6 years agoMerge pull request #7547 from hvenev/sysctl-no-net-default
Yu Watanabe [Wed, 6 Dec 2017 04:28:23 +0000 (13:28 +0900)]
Merge pull request #7547 from hvenev/sysctl-no-net-default

Do not set `net.ipv4.conf.default.*`

6 years agomount-util: shorten the loop a bit (#7545)
Lennart Poettering [Wed, 6 Dec 2017 04:19:03 +0000 (05:19 +0100)]
mount-util: shorten the loop a bit (#7545)

The loop preparation and part of the loop contents are actually the
same, let's merge this.

Also, it's so much fun tweaking around in the name_to_handle_at() code,
let's do more of it with this patch!

(This also adds two NULL assignments, that aren't strictly necessary.
However, I figured its safer to place them in there, just in case the
for() condition is changed later. After all the freeing of the handle
and the invalidation of the cleanup-controller pointer to it are
otherwise really far away from each other...)

6 years agoMerge pull request #7549 from poettering/ptyfwd-fixes
Yu Watanabe [Wed, 6 Dec 2017 04:16:27 +0000 (13:16 +0900)]
Merge pull request #7549 from poettering/ptyfwd-fixes

pty forwarder fixes

6 years agotest-execute: add tests for CPUAffinity=
Yu Watanabe [Wed, 6 Dec 2017 01:44:20 +0000 (10:44 +0900)]
test-execute: add tests for CPUAffinity=

6 years agorun: Allows the user to reset CPUAffinity= back to an empty list
Yu Watanabe [Thu, 30 Nov 2017 07:29:48 +0000 (16:29 +0900)]
run: Allows the user to reset CPUAffinity= back to an empty list

Before this CPUAffinity= requires a valid cpu set, and the setting
cannot be reset. Moreover, if CPUAffinity= with empty string is passed,
then message container is closed without no values appended, thus
we get error.
This makes CPUAffinity= accepts empty string to reset the setting
and avoid error.

6 years agocore: merge multiple CPUAffinity= settings
Yu Watanabe [Thu, 30 Nov 2017 14:16:58 +0000 (23:16 +0900)]
core: merge multiple CPUAffinity= settings

6 years agotree-wide: use cpu_set_mfree()
Yu Watanabe [Thu, 30 Nov 2017 14:23:16 +0000 (23:23 +0900)]
tree-wide: use cpu_set_mfree()

6 years agocpu-set-util: introduce cpu_set_mfree()
Yu Watanabe [Sat, 2 Dec 2017 15:40:38 +0000 (00:40 +0900)]
cpu-set-util: introduce cpu_set_mfree()