Zbigniew Jędrzejewski-Szmek [Tue, 25 Sep 2018 09:34:52 +0000 (11:34 +0200)]
test-journal-syslog: initialize variable
The *priority argument to syslog_parse_priority() needs to be initialized
if the last argument (with_facility) is false.
CID #1394690.
Zbigniew Jędrzejewski-Szmek [Tue, 25 Sep 2018 09:29:54 +0000 (11:29 +0200)]
udev-builtin-net_id: do not assume "type" attribute exists
It *should*, but who knows, let's be more defensive here.
CID #1395805.
Zbigniew Jędrzejewski-Szmek [Tue, 25 Sep 2018 09:22:13 +0000 (11:22 +0200)]
journal-upload: fix off-by-one in assert()
CID #1394386.
Zbigniew Jędrzejewski-Szmek [Tue, 25 Sep 2018 09:15:27 +0000 (11:15 +0200)]
sd-event: use new cleanup function more
Zbigniew Jędrzejewski-Szmek [Tue, 25 Sep 2018 09:10:12 +0000 (11:10 +0200)]
sd-event: remove dead code and use _cleanup_
CID #1393250.
Zbigniew Jędrzejewski-Szmek [Tue, 25 Sep 2018 07:29:36 +0000 (09:29 +0200)]
DHCPv6: use unsigned for flags
Lennart Poettering [Mon, 24 Sep 2018 16:59:54 +0000 (18:59 +0200)]
udev: fix some type sloppiness
We use strtoul() which returns an "unsigned long", but then assign this
to int or unsigned in, i.e. drop 32bit silently on 64bit systems. Let's
clean this up a bit, and retain the right types.
Lennart Poettering [Mon, 24 Sep 2018 22:02:41 +0000 (01:02 +0300)]
logind: fix blacklist/whitelist confusion in comment (#10165)
Triggered by this:
https://github.com/systemd/systemd/commit/
602a41c22ac2df33b4b5e5083719c1cfaf58acf9#r30575293
Lennart Poettering [Mon, 24 Sep 2018 21:25:48 +0000 (00:25 +0300)]
docs: fix CONTRIBUTING path (#10160)
Yu Watanabe [Sun, 23 Sep 2018 07:17:03 +0000 (16:17 +0900)]
fs-util: make symlink_idempotent() optionally create relative link
Zbigniew Jędrzejewski-Szmek [Mon, 24 Sep 2018 15:27:49 +0000 (17:27 +0200)]
Merge pull request #9989 from yuwata/sd-device-enoent
sd-device: make sd_device_get_*() return -ENOENT if the values are not set
Zbigniew Jędrzejewski-Szmek [Mon, 24 Sep 2018 13:15:23 +0000 (15:15 +0200)]
Merge pull request #10087 from keszybz/xnox/fix-test-functions
test/test-functions: drop all prefixes
Zbigniew Jędrzejewski-Szmek [Mon, 24 Sep 2018 11:14:06 +0000 (13:14 +0200)]
Merge pull request #10082 from porrided/udev-ipoib
Introduce predictable naming for IP-over-InfiniBand NICs
Zbigniew Jędrzejewski-Szmek [Mon, 24 Sep 2018 11:02:24 +0000 (13:02 +0200)]
Merge pull request #9981 from pfl/dhcp6_pd_other_information_quirk
DHCPv6 PD other information quirk
Yu Watanabe [Sat, 1 Sep 2018 14:13:54 +0000 (23:13 +0900)]
tree-wide: drop unnecessary initializations
Yu Watanabe [Sat, 1 Sep 2018 14:12:47 +0000 (23:12 +0900)]
tree-wide: do not assign unused return values
Yu Watanabe [Sat, 1 Sep 2018 14:09:54 +0000 (23:09 +0900)]
logind-acl: replace strdup()+set_consume() by set_put_strdup()
Yu Watanabe [Sat, 1 Sep 2018 14:07:18 +0000 (23:07 +0900)]
gpt-auto-generator: do not assign '*ret' on error
Yu Watanabe [Sat, 1 Sep 2018 14:03:22 +0000 (23:03 +0900)]
tree-wide: use streq() instead of streq_ptr()
Yu Watanabe [Sat, 1 Sep 2018 09:05:27 +0000 (18:05 +0900)]
sd-device: make sd_device_get_*() return -ENOENT if the values are not set
Yu Watanabe [Fri, 21 Sep 2018 08:10:34 +0000 (17:10 +0900)]
test-udev: use LOG_REALM_UDEV
Otherwise, even if SYSTEMD_LOG_LEVEL=debug is specified, the test does
not show most debug messages.
Yu Watanabe [Fri, 21 Sep 2018 08:45:26 +0000 (17:45 +0900)]
udevadm: show only version number for '--version' option
This effectively reverts
2bc54be485def3d1697a00209ff73ae21aa7f268
and relevant changes in #9920, as it is used to determine the version
of udev, e.g., dracut.
Fixes dracutdevs/dracut#468.
Zbigniew Jędrzejewski-Szmek [Thu, 20 Sep 2018 21:07:48 +0000 (23:07 +0200)]
Merge pull request #10135 from yuwata/log-skipped-tests
test: add log messages when some tests are skipped
Yu Watanabe [Fri, 14 Sep 2018 06:55:15 +0000 (15:55 +0900)]
test-seccomp: add log messages when skipping tests
Yu Watanabe [Thu, 20 Sep 2018 07:09:05 +0000 (16:09 +0900)]
test-process-util: logs something when skipping tests
Yu Watanabe [Thu, 20 Sep 2018 07:38:19 +0000 (16:38 +0900)]
sd-hwdb: initialize variable
The variable 'fn' was not initialized on compat mode.
Fixes CID#1395731.
João Paulo Rechi Vita [Tue, 18 Sep 2018 22:03:54 +0000 (15:03 -0700)]
tmpfiles: Order tmpfiles-setup after journald
systemd-tmpfiles-setup.service needs to be ordered after
systemd-journald.service, so entries in /run/log/journal are already
created when systemd-tmpfiles tries to adjust its permissions.
This is specially problematic for setups using a volatile journal where
the initrd does not ship a machine-id (i.e. OSTree-based systems), where
logs from the initrd will be inaccessible for users in the
systemd-journal group. It also has a side effect of `journalctl --user`
failing with "No journal files were opened due to insufficient
permissions".
Fixes #10128.
Zbigniew Jędrzejewski-Szmek [Thu, 20 Sep 2018 07:01:58 +0000 (09:01 +0200)]
meson: fix dirname/basename confusion in meson-and-wants.sh install helper (#10126)
We would create a useless empty directory under build/.
It seems we were lucky and all symlinks were installed into directories
which were alredy created because we installed something into the same
location earlier.
While at it, also add '-v' to 'mkdir -p'. This will print the names of
directories as they are created (just once), making it easier to see all of
what the install script is doing.
Patrik Flykt [Wed, 19 Sep 2018 00:32:30 +0000 (18:32 -0600)]
networkd-manager: Fix route removals on shutdown
In order to shut down networkd properly, the delegated routes added
need to be removed properly, and as error reporting is wanted, the
network link is needed in the debug output.
Solve this by calling manager_dhcp6_prefix_remove_all(), which will
remove each prefix stored in the Manager structure, and while doing
that reference each link so that it isn't freed before the route
removal callback is called. This in turn causes the network link to
be referenced once more, and an explicit hashmap_remove() must be
called to remove the network link from the m->links hashmap.
Also, since the registered callback is not called when the DHCPv6
client is stopped with sd_dhcp6_client_stop(), an explicit call
to dhcp6_lease_pd_prefix_lost() needs to be made to clean up any
unreachable routes set up for the delegated prefixes.
Patrik Flykt [Wed, 19 Sep 2018 00:32:28 +0000 (18:32 -0600)]
networkd-manager: Update logging of route additions and removals
Log route additions and removals when the action is to be done, as
the reply rtnl message may contain only a success or failure.
Patrik Flykt [Wed, 19 Sep 2018 00:32:26 +0000 (18:32 -0600)]
sd-dhcp6-client: Reference and unreference a stored lease
In order to be able to properly free a DHCPv6 lease, unreference the
previous lease and reference the new one.
Patrik Flykt [Wed, 19 Sep 2018 00:32:23 +0000 (18:32 -0600)]
networkd-dhcp6: Remove functions whose output is not used
Remove dhcp6_reset_pd_prefix_network() that returns the network, but
whose output is not used anywhere.
Patrik Flykt [Wed, 19 Sep 2018 00:32:19 +0000 (18:32 -0600)]
networkd-dhcp6: Set one unreachable route per DHCPv6 delegated prefix
Instead of setting many small unreachable routes for each of the /64
subnets that were not distributed between the links requesting delegated
prefixes, set one unreachable route for the size of the delegated
prefix. Each subnet asssigned to a downstream link will add a routable
subnet for that link, and as the subnet assigned to the downstream link
has a longer prefix than the whole delegated prefix, the downstream
link subnet routes are preferred over the unroutable delegated one.
The unreachable route is not added when the delegated prefix is exactly
a /64 as the prefix size cannot be used to sort out the order of routing
into a bigger blocking subnet with the smaller /64 punching routable
"holes" into it.
When stopping the DHCPv6 client, the unroutable delegated prefix is
removed before the downstream link prefixes are unassigned.
Patrik Flykt [Tue, 11 Sep 2018 22:26:01 +0000 (16:26 -0600)]
dhcp6-client: Store lease timeouts T1 and T1 in client struct
Since we now have the possibility to request prefixes to be delegated
without corresponding IPv6 addresses, it does not make sense to store
lease T1 and T2 timeouts in the otherwise unused IA_NA structure.
Therefore lease timeouts T1 and T2 are moved to the DHCPv6 client
structure, as there will be only one set of stateful timeouts required
by RFC 7550, Section 4.3.
Patrik Flykt [Tue, 11 Sep 2018 17:55:38 +0000 (11:55 -0600)]
dhcp6-client: Select T1 and T2 timeouts from IA_NA and IA_PD
Select T1 and T2 timeouts based on whether addresses or prefixes were
requested and what the server offered. The address and prefix timeouts
values have been computed earlier when the relevant DHCPv6 options were
parsed.
Patrik Flykt [Fri, 7 Sep 2018 20:37:56 +0000 (14:37 -0600)]
dhcp6-lease: Add function to fetch the IAID for the prefix
Add function to fetch the IAID for the delegated IA_PD prefix. In
order to keep things simple in the implemntation, the same IAID
is used with IA_NA addresses and IA_PD prefixes. But the DHCPv6
server can choose to return only IA_PD prefixes, and the client
can nowadays omit requesting of IA_NA addresses. Since the function
fetching said IAID from the lease looks only for IA_NA ones, it
will return an empty IAID, which of course does not match the one
set for prefixes.
Fix this by adding a function returning the IAID for the prefix.
Patrik Flykt [Fri, 7 Sep 2018 20:15:55 +0000 (14:15 -0600)]
networkd-network: Introduce DHCPv6 PD knob for RFC 7084 WPD-4
RFC 7084, WPD-4, requires Customer Edge end routers to behave
according to the following:
"WPD-4: By default, the IPv6 CE router MUST initiate DHCPv6 prefix
delegation when either the M or O flags are set to 1 in a
received Router Advertisement (RA) message. Behavior of the
CE router to use DHCPv6 prefix delegation when the CE router
has not received any RA or received an RA with the M and the
O bits set to zero is out of scope for this document."
Since it cannot be automatically detected whether DHCPv6 is to be
operated as an CE end router or whether to initiate an Informational
exchange to obtain other useful network information via DHCPv6 when the
Router Advertisement 'O' bit is set, a 'ForceDHCPv6PDOtherInformation'
boolean network configuration option in the '[DHCP]' section of a is
introduced. Setting this option causes DHCPv6 to be started in stateful
mode, although only the 'O' bit is seen in the Router Advertisement.
When 'ForceDHCPv6PDOtherInformation' is set and the Router Advertisement
has only the Other information 'O' bit set, disable requests for IA_NA
addresses.
Fixes #9745.
Patrik Flykt [Fri, 7 Sep 2018 15:24:15 +0000 (09:24 -0600)]
dhcp6-client: Add tests for address, information and prefix requests
Add simple test cases to ensure the request for addresses, prefixes
and information request are handled as expected.
Patrik Flykt [Fri, 7 Sep 2018 20:00:10 +0000 (14:00 -0600)]
dhcp6-client: Function for enabling/disabling IA_NA request
Add function to enable/disable IA_NA address requests. Internally
handle the request as a bit mask and add IA_PD prefix delegation
to the same bit mask instead of having a separate boolean. Thus
the calling code can set requests for prefix and address delegation
separately. This is handy when supporting RFC 7084.
Add a check in the code that at least something is requested from
the server in Managed mode. By default request IA_NA addresses from
the DHCPv6 server. Although a value has been defined for IA_TA,
temporay IA_TA addresses are not yet requested.
Patrik Flykt [Thu, 6 Sep 2018 17:31:48 +0000 (11:31 -0600)]
dhcp6_client: Add helper for fetching Prefix Delegation information
Add helper function for fetching enabled/disabled state of Prefix
Delegation for a DHCPv6 client. Update function setting prefix
delegation to use an int instead of a boolean.
Zbigniew Jędrzejewski-Szmek [Wed, 19 Sep 2018 11:34:01 +0000 (13:34 +0200)]
Merge pull request #10113 from yuwata/unify-hwdb
hwdb,udevadm: unify duplicated code and move it to hwdb-util.c
Yu Watanabe [Tue, 18 Sep 2018 14:14:18 +0000 (23:14 +0900)]
hwdb,udevadm: also unify hwdb_query() and hwdb_test()
Yu Watanabe [Tue, 18 Sep 2018 14:09:43 +0000 (23:09 +0900)]
sd-hwdb: use structured initializers
Yu Watanabe [Tue, 18 Sep 2018 13:57:45 +0000 (22:57 +0900)]
hwdb: unify duplicated code and move it to hwdb-util.c
Both 'systemd-hwdb update' and 'udevadm hwdb --update' creates hwdb
database. The database created by systemd-hwdb containes additional
information such that priority, line number, and source filename.
The unified function 'hwdb_update()' can take a flag 'compat' which
controls the format version of created database.
Yu Watanabe [Tue, 18 Sep 2018 04:37:51 +0000 (13:37 +0900)]
sd-hwdb: adjust included headers
Yu Watanabe [Tue, 18 Sep 2018 03:50:33 +0000 (12:50 +0900)]
hwdb: use _cleanup_ attribute at one more place
Yu Watanabe [Tue, 18 Sep 2018 03:49:51 +0000 (12:49 +0900)]
hwdb: make trie_node_cleanup() can take NULL
javitoom [Wed, 19 Sep 2018 07:29:25 +0000 (09:29 +0200)]
Remove trailing space
Remove trailing space
javitoom [Mon, 17 Sep 2018 14:48:41 +0000 (16:48 +0200)]
hwdb: Add accelerometer orientation quirk for the Teclast X98 Plus I (A5C6) tablet
Add accelerometer orientation quirk for the Teclast X98 Plus I (A5C6) tablet.
Yu Watanabe [Tue, 18 Sep 2018 23:42:01 +0000 (08:42 +0900)]
nspawn: suppress one more log message when --quiet is passed
Fixes #10119.
Tony Novak [Tue, 18 Sep 2018 20:17:08 +0000 (16:17 -0400)]
Support for Kensington Expert Mouse in hwdb
Fixes #10120.
Zbigniew Jędrzejewski-Szmek [Wed, 19 Sep 2018 06:15:58 +0000 (08:15 +0200)]
Merge pull request #10112 from yuwata/typesafe-qsort
tree-wide: use typesafe_qsort() or friends
Yu Watanabe [Tue, 18 Sep 2018 23:28:50 +0000 (08:28 +0900)]
busctl,sd-lldp: explicitly specify type of argument in compare function
Several functions are shared by qsort and hash_ops or Prioq.
This makes these functions explicitly specify argument type,
and cast to __compar_fn_t where necessary.
Yu Watanabe [Tue, 18 Sep 2018 02:08:23 +0000 (11:08 +0900)]
tree-wide: use typesafe_bsearch() or typesafe_bsearch_r()
Yu Watanabe [Tue, 18 Sep 2018 02:05:20 +0000 (11:05 +0900)]
util: introduce typesafe_bsearch() and typesafe_bsearch_r()
Yu Watanabe [Mon, 17 Sep 2018 23:58:42 +0000 (08:58 +0900)]
tree-wide: use typesafe_qsort_r()
Yu Watanabe [Mon, 17 Sep 2018 23:58:21 +0000 (08:58 +0900)]
util: introduce typesafe_qsort_r()
Yu Watanabe [Mon, 17 Sep 2018 23:39:24 +0000 (08:39 +0900)]
tree-wide: use typesafe_qsort()
Arseny Maslennikov [Tue, 18 Sep 2018 10:01:46 +0000 (13:01 +0300)]
udev: Fix "strtol" -> "strtoul" for unsigned source values
Arseny Maslennikov [Tue, 18 Sep 2018 09:47:20 +0000 (12:47 +0300)]
udev: Provide a fallback for IPoIB device port numbers
In older kernels IPoIB network devices expose the port number via
the sysfs attribute 'dev_id', which is not intended to be used this way.
Let's support both options for a while.
Arseny Maslennikov [Wed, 29 Aug 2018 01:20:43 +0000 (04:20 +0300)]
udev: Disable HW-address-based naming for IB NICs
An InfiniBand network address is 20 bytes long. Only the least
significant 8 bytes can be interpreted as a persistent hardware unit
identifier; the other 12 are transiently derived at runtime from metadata
specific to the protocol stack.
However, since the network interface name length is hard-capped by
IFNAMSIZ at 16 chars and the 2-byte type prefix with '\0' at the end
leave us only at 13, we cannot squeeze a descriptive representation of a
HW address into an interface name. Thus, it makes the most sense to drop
the scheme for IPoIB interfaces entirely.
Currently udev just gets confused and does what it has been taught
to do: fetches the first six bytes and puts them into a permanent
device attribute.
Arseny Maslennikov [Wed, 29 Aug 2018 01:07:55 +0000 (04:07 +0300)]
udev: Introduce predictable naming for InfiniBand NICs
We've long neglected IP-over-InfiniBand network interfaces, let's treat
them the same way we treat anyone else.
IPoIB interfaces will retain the 'ib' prefix; otherwise the naming scheme
is the same one we use for other network interfaces. E.g. a IPoIB network
device provided by a PCI card at bus 21 slot 0 function 6 will be named
'ibp21s0f6'.
Zbigniew Jędrzejewski-Szmek [Thu, 13 Sep 2018 07:24:36 +0000 (09:24 +0200)]
detect-virt: do not try to read all of /proc/cpuinfo
Quoting https://github.com/systemd/systemd/issues/10074:
> detect_vm_uml() reads /proc/cpuinfo with read_full_file()
> read_full_file() has a file max limit size of READ_FULL_BYTES_MAX=(4U*1024U*1024U)
> Unfortunately, the size of my /proc/cpuinfo is bigger, approximately:
> echo $(( 4* $(cat /proc/cpuinfo | wc -c)))
> 9918072
> This causes read_full_file() to fail and the Condition test fallout.
Let's just read line by line until we find an intersting line. This also
helps if not running under UML, because we avoid reading as much data.
Yu Watanabe [Tue, 18 Sep 2018 14:24:58 +0000 (23:24 +0900)]
verbs: reset optind (#10116)
optind may be used in each verb, e.g., udevadm. So, let's initialize
optind before calling verbs.
Without this, e.g., udevadm -d hwdb --update causes error in parsing arguments.
Alexander Filippov [Mon, 17 Sep 2018 09:49:40 +0000 (12:49 +0300)]
core: fix the check if CONFIG_CGROUP_BPF is on
Since the commit torvalds/linux@
fdb5c4531c1e0e50e609df83f736b6f3a02896e2
the syscall BPF_PROG_ATTACH return EBADF when CONFIG_CGROUP_BPF is
turned off and as result the bpf_firewall_supported() returns the
incorrect value.
This commmit replaces the syscall BPF_PROG_ATTACH with BPF_PROG_DETACH
which is still work as expected.
Resolves openbmc/linux#159
See also systemd/systemd#7054
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
Zbigniew Jędrzejewski-Szmek [Tue, 18 Sep 2018 09:21:59 +0000 (11:21 +0200)]
Merge pull request #10114 from yuwata/namespace-logs
namespace: log message cleanups
Yu Watanabe [Wed, 5 Sep 2018 06:12:37 +0000 (15:12 +0900)]
core/execute: do not use the negative errno when setup_namespace() returns -ENOANO
Without this, log shows meaningless error message 'No anode', e.g.,
===
Failed to unshare the mount namespace: Operation not permitted
foo.service: Failed to set up mount namespacing: No anode
foo.service: Failed at step NAMESPACE spawning /usr/bin/test: No anode
===
Follow-up for
1beab8b0d0ff2d7d1436b52d4a0c3d56dc908962.
Yu Watanabe [Mon, 3 Sep 2018 15:31:05 +0000 (00:31 +0900)]
core/namespace: add more log messages
Jon Ringle [Tue, 18 Sep 2018 03:29:36 +0000 (23:29 -0400)]
doc: Fix link to CONTRIBUTING.md (#10109)
Evgeny Vereshchagin [Sat, 15 Sep 2018 14:21:33 +0000 (14:21 +0000)]
tests: make UBSan print full backtraces
This should make it easier to get backtraces that can be
pasted into issues like https://github.com/systemd/systemd/issues/10096.
Yu Watanabe [Sun, 16 Sep 2018 14:46:58 +0000 (23:46 +0900)]
sd-device: use qsort_safe() (#10099)
The number of found devices may be zero. So, let's use qsort_safe().
Follow-up for
0a1665890cec06032a17c16206e9f519ca88446e.
Fixes #10096.
Zbigniew Jędrzejewski-Szmek [Sat, 15 Sep 2018 20:36:38 +0000 (22:36 +0200)]
Merge pull request #9928 from yuwata/libudev-cleanups
libudev: coding style updates
Zbigniew Jędrzejewski-Szmek [Sat, 15 Sep 2018 16:33:18 +0000 (18:33 +0200)]
Merge pull request #9958 from yuwata/sd-device-enum-set
sd-device: make sd_device_enumerator_get_*_next() not destroy the list
Zbigniew Jędrzejewski-Szmek [Sat, 15 Sep 2018 08:12:18 +0000 (10:12 +0200)]
test/test-functions: adjust to Exec*= paths not being absolute
Dimitri John Ledkov [Mon, 6 Nov 2017 16:00:13 +0000 (16:00 +0000)]
test/test-functions: drop all prefixes
When parsing and installing binaries mentioned in Exec*= lines the
5ed0dcf4d552271115d96d8d22b1a25494b85277 commit added parsing logic to drop
prefixes, including handling duplicate exclamation marks. But this did not
handle arbitrary combination of multiple prefixes, ie. StartExec=+-/bin/sh was
parsed as -/bin/sh which then would fail to install.
Instead of using egrep and shell replacements, replace both with sed command
that does it all. This sed script extract a group of characters starting with a
/ up to the first space (if any) after the equals sign. This correctly handles
existing non-prefixed, prefixed, multiple-prefixed commands.
About half commands seem to repeat themself, thus sort -u cuts the list of
binaries to install about in half.
To validate change of behaviour both old and new functions were modified to
echo parsed binaries into separate files, and then diffed. The incorrect
-/bin/sh was missing in the new output.
Without this patch tests fail on default Ubuntu installs.
Yu Watanabe [Sat, 15 Sep 2018 06:55:15 +0000 (15:55 +0900)]
Merge pull request #10070 from keszybz/test-reporting
Test reporting improvements
Evgeny Vereshchagin [Sat, 15 Sep 2018 02:36:44 +0000 (05:36 +0300)]
Merge pull request #10089 from yuwata/fix-oss-fuzz-10350
bus-util: use _printf_ attribute
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10350.
Yu Watanabe [Fri, 14 Sep 2018 16:58:50 +0000 (01:58 +0900)]
test-catalog: drop unused variable
Follow-up for
49cdae63d168b2fe0e19f9f090b90d79de3c39bb.
Yu Watanabe [Fri, 14 Sep 2018 16:49:29 +0000 (01:49 +0900)]
bus-util: use _printf_ attribute
Follow-up for
eda193578effbc3cee0f6d56ade52434778737c9.
Fixes oss-fuzz#10350.
Franck Bui [Fri, 14 Sep 2018 07:24:08 +0000 (09:24 +0200)]
socket-util: attempt SO_RCVBUFFORCE/SO_SNDBUFFORCE only if SO_RCVBUF/SO_SNDBUF fails
Both SO_SNDBUFFORCE and SO_RCVBUFFORCE requires capability 'net_admin'.
If this capability is not granted to the service the first attempt to increase
the recv/snd buffers (via sd_notify()) with SO_RCVBUFFORCE/SO_SNDBUFFORCE will
fail, even if the requested size is lower than the limit enforced by the
kernel.
If apparmor is used, the DENIED logs for net_admin will show up. These log
entries are seen as red warning light, because they could indicate that a
program has been hacked and tries to compromise the system.
It would be nicer if they can be avoided without giving services (relying on
sd_notify) net_admin capability or dropping DENIED logs for all such services
via their apparmor profile.
I'm not sure if sd_notify really needs to forcibly increase the buffer sizes,
but at least if the requested size is below the kernel limit, the capability
(hence the log entries) should be avoided.
Hence let's first ask politely for increasing the buffers and only if it fails
then ignore the kernel limit if we have sufficient privileges.
Zbigniew Jędrzejewski-Szmek [Fri, 14 Sep 2018 08:05:59 +0000 (10:05 +0200)]
Merge pull request #9920 from yuwata/udev-cleanup-4
udev: drop unused udev structs and use verbs in udevadm
Zbigniew Jędrzejewski-Szmek [Thu, 13 Sep 2018 14:11:16 +0000 (16:11 +0200)]
tests: add a helper function to skip with errno
Zbigniew Jędrzejewski-Szmek [Thu, 13 Sep 2018 12:31:13 +0000 (14:31 +0200)]
tests: use a helper function to parse environment and open logging
The advantages are that we save a few lines, and that we can override
logging using environment variables in more test executables.
Zbigniew Jędrzejewski-Szmek [Thu, 13 Sep 2018 11:35:03 +0000 (13:35 +0200)]
test-condition: make function return void
We don't look at the result anyway.
Zbigniew Jędrzejewski-Szmek [Thu, 13 Sep 2018 11:34:12 +0000 (13:34 +0200)]
tests: add helper to unify skipping a test and exiting
Harshit Jain [Fri, 14 Sep 2018 07:04:10 +0000 (12:34 +0530)]
man: fix typo (#10084)
fixes #10083
Alan Jenkins [Fri, 14 Sep 2018 03:11:57 +0000 (04:11 +0100)]
user-runtime-dir@.service: don't stop on runlevel switch (#10079)
Followup to commit
13cf422e04b7 ("user@.service: don't kill user manager at runlevel switch")
I think there's a general rule that units with `StopWhenUnneeded=yes` need
`IgnoreOnIsolate=yes`... But it doesn't apply to `suspend.target` and friends.
`printer.target` and friends break on isolate even if we apply the rule[1].
That just leaves `graphical-session.target`, which is a user service.
"isolate" is *mostly* a weird attempt to emulate runlevels, so I decided
not to worry about it for user services.
[1] https://github.com/systemd/systemd/issues/6505#issuecomment-
320644819
killermoehre [Thu, 13 Sep 2018 11:53:03 +0000 (13:53 +0200)]
replace https://github.com/systemd/systemd/blob/master/doc/* with https://github.com/systemd/systemd/blob/master/docs/* to point to proper documentation
Thomas Blume [Wed, 12 Sep 2018 13:10:58 +0000 (15:10 +0200)]
user@.service: don't kill user manager at runlevel switch
Loggin in as root user and then switching the runlevel results in a
stop of the user manager, even though the user ist still logged in.
That leaves a broken user session.
Adding "IgnoreOnIsolate=true" to user@.service fixes this.
Yu Watanabe [Thu, 13 Sep 2018 07:37:33 +0000 (16:37 +0900)]
test: unset $XDG_{CONFIG,DATA}_DIRS
When $XDG_DATA_DIRS is unset, then, the default value
'/usr/local/share:/usr/share' is used.
When $XDG_DATA_DIRS contain the default paths but the order
is inverted: '/usr/share:/usr/local/share', then test-path-lookup fails.
Fixes #10002.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 14:57:06 +0000 (16:57 +0200)]
meson: drop some unneeded parens
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 14:52:08 +0000 (16:52 +0200)]
meson: always allow compilation of tests binaries
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 14:11:15 +0000 (16:11 +0200)]
NEWS: remove repeated "slightly"
Yu Watanabe [Wed, 12 Sep 2018 12:47:56 +0000 (21:47 +0900)]
meson: do not build tests by default when '-Dtests=false'
[zj: it is still possible to build tests explicitly by calling
ninja -C build test-name. This way we have full flexibility.]
Yu Watanabe [Wed, 12 Sep 2018 12:52:31 +0000 (21:52 +0900)]
test: log when skipping tests in more cases
Follow-up for the previous commit.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 11:25:45 +0000 (13:25 +0200)]
test: when skipping tests, always print something
It is quite confusing if the test "fails" without printing anything at all.
A typo in an 'if' statement is also fixed.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 09:08:49 +0000 (11:08 +0200)]
meson: disable _all_ tests when -Dtests=false
Back in
08318a2c5acb3d0e4243c36461e69a3e45482441, value "false" was enabled for
'-Dtests=', but various tests were not conditionalized properly. So even with
-Dtests=false -Dslow-tests=false we'd run 120 tests. Let's make this consistent.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 09:02:58 +0000 (11:02 +0200)]
meson: disable "slow tests" too when tests are generally disabled
We would have a strange situation where after setting -Dslow-tests=true -Dtests=false
we'd get mostly the slow tests (plus some other ones which I'll fix in
subsequent commit). Let's simplify things by making -Dtests=false just
disable those tests too.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 07:55:39 +0000 (09:55 +0200)]
test-barrier: just make this a slow test
test-barrier was using a custom mechanism to skip itself. Let's
just follow the normal scheme.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Sep 2018 07:45:17 +0000 (09:45 +0200)]
tests: centralize check for slow tests