Zbigniew Jędrzejewski-Szmek [Tue, 10 Oct 2017 19:50:17 +0000 (21:50 +0200)]
Merge pull request #7045 from poettering/namespace-casing
some super-trivial fixes to namespace.c
Zbigniew Jędrzejewski-Szmek [Tue, 10 Oct 2017 18:55:20 +0000 (20:55 +0200)]
tests: skip tests when cg_pid_get_path fails (#7033)
v2:
- cast the fstype_t type to ull, because it varies between arches.
Making it long long should be on the safe side.
Lennart Poettering [Tue, 10 Oct 2017 08:05:43 +0000 (10:05 +0200)]
Merge pull request #7003 from yuwata/enable-dynamic-user
timesyncd, journal-upload: Enable DynamicUser=
gwendalcr [Tue, 10 Oct 2017 08:03:38 +0000 (01:03 -0700)]
rules: Add MODEL_ID for NVMe device (#7037)
To mimic MODEL_ID variable built for ATA and SCSI devices, add rules
to add MODEL_ID variable for NVMe devices.
TEST: Check on a system with NVMe device that MODEL_ID variable is
present:
udevadm info --query=all -n /dev/nvme0n1p1 | grep ID_MODEL
and
udevadm info --query=all -n /dev/nvme0n1p1 | grep ID_MODEL
return:
E: ID_MODEL=SAMSUNG...
Lennart Poettering [Tue, 10 Oct 2017 07:50:23 +0000 (09:50 +0200)]
namespace: make ns_type_supported() a tiny bit shorter
namespace_type_to_string() already validates the type paramater, we can
use that, and shorten the function a bit.
Lennart Poettering [Tue, 10 Oct 2017 07:49:20 +0000 (09:49 +0200)]
namespace: change NameSpace → Namespace
We generally use the casing "Namespace" for the word, and that's visible
in a number of user-facing interfaces, including "RestrictNamespace=" or
"JoinsNamespaceOf=". Let's make sure to use the same casing internally
too.
As discussed in #7024
Michal Sekletar [Tue, 10 Oct 2017 07:46:13 +0000 (09:46 +0200)]
namespace: fall back gracefully when kernel doesn't support network namespaces (#7024)
Sergey Ptashnick [Tue, 10 Oct 2017 07:44:52 +0000 (10:44 +0300)]
catalog,po: update Russian translation (#7041)
Muhammet Kara [Mon, 9 Oct 2017 13:39:19 +0000 (15:39 +0200)]
Updated Turkish translation (#7017)
Lennart Poettering [Mon, 9 Oct 2017 13:38:30 +0000 (15:38 +0200)]
Merge pull request #7034 from keszybz/modules-load-downgrade-errors
Downgrade errors resulting from user configuration in modules-load
Lennart Poettering [Mon, 9 Oct 2017 13:22:22 +0000 (15:22 +0200)]
update TODO
Zbigniew Jędrzejewski-Szmek [Sun, 8 Oct 2017 14:21:06 +0000 (16:21 +0200)]
modules-load: downgrade error on ENODEV/ENOENT
Some kernel modules may be loaded if the hardware does not exist
(usually when the hardware is hot-pluggable), while others fail with
ENODEV. Let's make those two cases more similar, and simply log
modules which cannot be loaded because of missing hardware without
failing systemd-modules-load.service.
For modules which don't exist, let's warn, but not fail the whole
service. I think a warning is appropriate because it's likely that
a typo was made.
Zbigniew Jędrzejewski-Szmek [Sun, 8 Oct 2017 14:18:57 +0000 (16:18 +0200)]
kmod_module_probe_insert_module returns 0 on success, != 0 on failure
More specifically, it should return > 0 only for conditions specified in
probe_flags. We only set KMOD_PROBE_APPLY_BLACKLIST in probe_flags, so the
code was correct, but add an assert to clarify this.
Mike Gilbert [Sun, 8 Oct 2017 20:14:45 +0000 (16:14 -0400)]
test: skip hwdb and sysv-generator if the features are disabled (#7026)
Zbigniew Jędrzejewski-Szmek [Sun, 8 Oct 2017 13:55:24 +0000 (15:55 +0200)]
util-lib: introdude _cleanup_ macros for kmod objects
bleep_blop [Sun, 8 Oct 2017 20:01:08 +0000 (01:31 +0530)]
man: fix typo for !! in systemd.service (#7031)
!! must be very similar to !, not itself.
Piotr Drąg [Fri, 6 Oct 2017 14:10:33 +0000 (16:10 +0200)]
po: update Polish translation (#7015)
Lennart Poettering [Fri, 6 Oct 2017 08:18:04 +0000 (10:18 +0200)]
NEWS: patch in today's date for the 235 release
Zbigniew Jędrzejewski-Szmek [Fri, 6 Oct 2017 08:04:49 +0000 (10:04 +0200)]
man: explain precedence for options which take a list (#7010)
Hopefully finally fixes #6639.
Yu Watanabe [Fri, 6 Oct 2017 07:33:21 +0000 (16:33 +0900)]
meson: fix feature list (#7011)
Yu Watanabe [Thu, 5 Oct 2017 01:21:50 +0000 (10:21 +0900)]
sysusers: do not create unneeded users
Yu Watanabe [Fri, 6 Oct 2017 07:06:21 +0000 (16:06 +0900)]
unit: enable DynamicUser= for journal-upload
Yu Watanabe [Fri, 6 Oct 2017 07:05:20 +0000 (16:05 +0900)]
timesyncd: enable DynamicUser=
Yu Watanabe [Fri, 6 Oct 2017 07:03:33 +0000 (16:03 +0900)]
mkdir: introduce follow_symlink flag to mkdir_safe{,_label}()
Frederic Crozat [Thu, 5 Oct 2017 23:28:19 +0000 (01:28 +0200)]
tmpfiles: remove old ICE and X11 sockets at boot (#6979)
tmpfiles: remove old ICE and X11 sockets at boot
When not using tmpfs based /tmp, leftover sockets
might prevent X startup. Ensure directory is clean at boot time.
g0tar [Thu, 5 Oct 2017 20:17:51 +0000 (22:17 +0200)]
pass currently completed word to systemctl list-unit-files/list-units (#6927)
This change noticeably increases completion performance at the expense
of preventing possible _correct, _approximate or any matcher-list rules.
Still, responsiveness increase so huge seems to make it worth the price.
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 20:06:39 +0000 (22:06 +0200)]
Merge pull request #6999 from poettering/seccomp-newgroups
add three new syscall groups, and port @privileged to make use of more existing ones
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 19:51:13 +0000 (21:51 +0200)]
Merge pull request #7008 from poettering/sorevision235
bump so revision for 235 and mailmap updates
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 19:24:36 +0000 (21:24 +0200)]
Merge pull request #6949 from poettering/restart-servers
Automatically forget learnt DNS server information when network config changes
Lennart Poettering [Thu, 5 Oct 2017 16:26:02 +0000 (18:26 +0200)]
Merge pull request #6909 from sourcejedi/units
Unit dependency fixes (and cleanups)
Lennart Poettering [Thu, 5 Oct 2017 15:38:40 +0000 (17:38 +0200)]
update .mailmap a bit more
Lennart Poettering [Thu, 5 Oct 2017 15:23:17 +0000 (17:23 +0200)]
NEWS: one more addition
Lennart Poettering [Thu, 5 Oct 2017 15:14:04 +0000 (17:14 +0200)]
build-sys: bump so revisions for prepation of 235
Lennart Poettering [Thu, 5 Oct 2017 14:53:32 +0000 (16:53 +0200)]
resolved: include DNS server feature level info in SIGUSR1 status dump
let's make the status dump more useful for tracking down server issues.
Lennart Poettering [Fri, 29 Sep 2017 19:19:54 +0000 (21:19 +0200)]
resolved: add support for explicitly forgetting everything we learnt about DNS server feature levels
This adds "systemd-resolve --reset-server-features" for explicitly
forgetting what we learnt. This might be useful for debugging
purposes, and to force systemd-resolved to restart its learning logic
for all DNS servers.
Lennart Poettering [Fri, 29 Sep 2017 19:18:29 +0000 (21:18 +0200)]
resolved: automatically forget all learnt DNS server information when the network configuration changes
When the network configuration changes we should relearn everything
there is to know about the configured DNS servers, because we might talk
to the same addresses, but there might be different servers behind them.
Lennart Poettering [Mon, 2 Oct 2017 07:16:50 +0000 (09:16 +0200)]
seccomp: port @privileged to use @reboot + @swap
Let's reuse two groups we already defined to make @privileged a bit
shorter.
Lennart Poettering [Wed, 4 Oct 2017 19:09:52 +0000 (21:09 +0200)]
seccomp: there is no "kexec" syscall
it's called "kexec_load".
Lennart Poettering [Sat, 30 Sep 2017 12:34:50 +0000 (14:34 +0200)]
seccomp: add three more seccomp groups
@aio → asynchronous IO calls
@sync → msync/fsync/... and friends
@chown → changing file ownership
(Also, change @privileged to reference @chown now, instead of the
individual syscalls it contains)
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 13:41:33 +0000 (15:41 +0200)]
Update mailmap and contributor list (#7006)
Also fix typo (by using a word that is a better git anyway.)
Lennart Poettering [Thu, 5 Oct 2017 13:05:02 +0000 (15:05 +0200)]
units: restore User=systemd-journal-gateway in systemd-journal-gatewayd.service (#7005)
After the discussions around #7003 I think we should restore the
User=systemd-journal-gateway line for systemd-journal-gatewayd.service,
too, so that we continue to use the state user if it exists, and create
it as dynamic user only when it does not.
Note that undoes part of a change made after 234, i.e. a never released
change.
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 13:04:19 +0000 (15:04 +0200)]
core: make gc_marker unsigned (#7004)
This matches the definition in unit.h.
Djalal Harouni [Thu, 5 Oct 2017 12:46:41 +0000 (14:46 +0200)]
seccomp: remove 'gettid' syscall from '@process' syscall set (#6989)
The gettid syscall is one of the most basic syscalls, it never fails and
it operates on current thread. Most applications are not suposed to use
it, however even if it is used there is no much justification on blocking
it. This patch removes it from '@process' set so if users blacklist this
set to block setns or clone syscalls, the gettid syscall will still be
available. Of course they can always block gettid explicitly.
Note that the gettid is already in the '@default' set.
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 12:42:29 +0000 (14:42 +0200)]
Merge pull request #6931 from poettering/job-timeout-sec
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 11:16:31 +0000 (13:16 +0200)]
NEWS: some nitpicking and bike-shedding
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 11:22:03 +0000 (13:22 +0200)]
Merge pull request #6952 from poettering/seccomp-getrlimit
a seccomp fix regarding ugetrlimit/prlimit64
Lennart Poettering [Wed, 27 Sep 2017 15:33:09 +0000 (17:33 +0200)]
generator: when we insert a '\n', actually place a proper newline, too
Lennart Poettering [Wed, 27 Sep 2017 15:30:50 +0000 (17:30 +0200)]
unit: when JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too
We added JobRunningTimeoutSec= late, and Dracut configured only
JobTimeoutSec= to turn of root device timeouts before. With this change
we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=,
but only if the latter wasn't set explicitly.
This should restore compatibility with older systemd versions.
Fixes: #6402
Andrew Jeddeloh [Thu, 5 Oct 2017 10:58:02 +0000 (03:58 -0700)]
Revert "networkd: change UseMTU default to true. (#6837)" (#6950)
This reverts commit
22043e4317ecd2bc7834b48a6d364de76bb26d91.
UseMTU is broken on real hardware and should not be enabled by default.
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 10:35:24 +0000 (12:35 +0200)]
Merge pull request #6988 from poettering/dns-stub-truncate
rework how resolved's dns stub deals with truncation
Lennart Poettering [Wed, 4 Oct 2017 10:35:48 +0000 (12:35 +0200)]
resolved: rework how we handle truncation in the stub resolver
When we a reply message gets longer than the client supports we need to
truncate the response and set the TC bit, and we already do that.
However, we are not supposed to send incomplete RRs in that case, but
instead truncate right at a record boundary. Do that.
This fixes the "Message parser reports malformed message packet."
warning the venerable "host" tool outputs when a very large response is
requested.
See: #6520
Lennart Poettering [Wed, 4 Oct 2017 09:57:10 +0000 (11:57 +0200)]
resolved: take benefit of log_xyz_errno() returning the negative error code
Just some modernizations.
Lennart Poettering [Thu, 5 Oct 2017 09:26:09 +0000 (11:26 +0200)]
seccomp: ignore (and debug log) errors by all invocations of seccomp_rule_add_exact()
System calls might exist on some archs but not on others, or might be
multiplexed but not on others. Ignore such errors when putting together
a filter at this location like we already do it on all others.
Lennart Poettering [Thu, 5 Oct 2017 09:24:51 +0000 (11:24 +0200)]
seccomp: always handle seccomp_load() failing the same way
Unfortunately libseccomp doesn't return (nor document) clean error
codes, hence until then only check for specific error codes that we
propagate, but ignore (but debug log) all others. Do this at one more
place, we are already doing that at all others.
Lennart Poettering [Thu, 5 Oct 2017 09:23:07 +0000 (11:23 +0200)]
seccomp: react gracefully if we can't translate a syscall name
When a libseccomp implementation doesn't know a syscall yet, that's no
reason for us to fail completely. Instead, debug log, and proceed.
This hopefully fixes the preadv2/pwritev2 issues pointed out here:
https://github.com/systemd/systemd/pull/6952#issuecomment-
334302923
Lennart Poettering [Sat, 30 Sep 2017 12:08:26 +0000 (14:08 +0200)]
seccomp: include prlimit64 and ugetrlimit in @default
Also, move prlimit64() out of @resources.
prlimit64() may be used both for getting and setting resource limits, and
is implicitly called by glibc at various places, on some archs, the same
was as getrlimit(). SImilar, igetrlimit() is an arch-specific
replacement for getrlimit(), and hence should be whitelisted at the same
place as getrlimit() and prlimit64().
Also see: https://lists.freedesktop.org/archives/systemd-devel/2017-September/039543.html
Zbigniew Jędrzejewski-Szmek [Thu, 5 Oct 2017 09:26:44 +0000 (11:26 +0200)]
Merge pull request #6944 from poettering/suspend-fix
systemctl reboot/suspend tweaks
Hans de Goede [Wed, 4 Oct 2017 23:06:55 +0000 (01:06 +0200)]
hwdb: Add accelerometer orientation entry for Chuwi Hi8 Pro tablet (#6998)
Add an accelerometer orientation entry for the Chuwi Hi8 Pro tablet.
Lennart Poettering [Wed, 4 Oct 2017 19:44:29 +0000 (21:44 +0200)]
tmpfiles: change btmp mode 0600 → 0660 (#6997)
As discussed in #6994.
Fixes: #6994
Lennart Poettering [Wed, 4 Oct 2017 19:40:01 +0000 (21:40 +0200)]
dynamic-user: don't use a UID that currently owns IPC objects (#6962)
This fixes a mostly theoretical potential security hole: if for some
reason we failed to remove IPC objects created for a dynamic user (maybe
because a MAC/SElinux erronously prohibited), then we should not hand
out the same UID again until they are successfully removed.
With this commit we'll enumerate the IPC objects currently existing, and
step away from using a UID for the dynamic UID logic if there are any
matching it.
Zbigniew Jędrzejewski-Szmek [Wed, 4 Oct 2017 19:33:52 +0000 (21:33 +0200)]
Merge pull request #6975 from sourcejedi/logind_pid_0_v2
Selectively revert "tree-wide: use pid_is_valid() at more places"
Lennart Poettering [Mon, 2 Oct 2017 14:30:01 +0000 (16:30 +0200)]
NEWS: add comment about change sync/async behaviour for shutdown commands
Lennart Poettering [Fri, 29 Sep 2017 14:10:27 +0000 (16:10 +0200)]
man: document which special "systemctl" commands are synchronous and which asynchronous.
This documents the status quo, clarifying when we are synchronous and
when asynchronous by default and when --no-block is support to force
asynchronous operation.
See: #6479
Lennart Poettering [Mon, 2 Oct 2017 14:09:24 +0000 (16:09 +0200)]
logind: don's change dry-run boolean before we actually enqueue the operation
Let's not affect change before the PK check.
Lennart Poettering [Mon, 2 Oct 2017 14:08:49 +0000 (16:08 +0200)]
logind: reorder things a bit
Let's keep the three sleep method implementations close to each other.
Lennart Poettering [Fri, 29 Sep 2017 14:07:11 +0000 (16:07 +0200)]
systemctl: make sure "reboot", "suspend" and friends are always asynchronous
Currently, "systemctl reboot" behaves differently in setups with and
without logind. If logind is used (which is probably the more common
case) the operation is asynchronous, and otherwise synchronous (though
subject to --no-block in this case). Let's clean this up, and always
expose the same behaviour, regardless if logind is used or not: let's
always make it asynchronous.
It might make sense to add a "--block" mode in a future PR that makes
these operations synchronous, but this requires non-trivial work in
logind, and is outside of the scope of this change.
See: #6479
Lennart Poettering [Mon, 2 Oct 2017 14:03:55 +0000 (16:03 +0200)]
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
Lennart Poettering [Wed, 4 Oct 2017 18:00:14 +0000 (20:00 +0200)]
Merge pull request #6992 from keszybz/fix-test-copy
test-copy: fix operation when test-copy is too small
Zbigniew Jędrzejewski-Szmek [Wed, 4 Oct 2017 17:32:59 +0000 (19:32 +0200)]
hwdb: switch meson to use ids_parser.py (#6964)
Also drop the now-unused perl implementation (that doesn't do sorting),
so it's incompatible anyway.
Zbigniew Jędrzejewski-Szmek [Wed, 4 Oct 2017 17:32:12 +0000 (19:32 +0200)]
udevadm,basic: replace nulstr_contains with STR_IN_SET (#6965)
STR_IN_SET is a newer approach which is easier to write and read, and which
seems to result in space savings too:
before:
4949848 build/src/shared/libsystemd-shared-234.so
350704 build/systemctl
4967184 build/systemd
826216 build/udevadm
after:
4949848 build/src/shared/libsystemd-shared-234.so
350704 build/systemctl
4966888 build/systemd
826168 build/udevadm
Yu Watanabe [Wed, 4 Oct 2017 17:29:36 +0000 (02:29 +0900)]
nss-systemd: if cannot open bus, then try to read user info directly (#6971)
If sd_bus_open_system() fail, then try to read information about
dynamic users from /run/systemd/dynamic-uid.
This makes services can successfully call getpwuid() or their friends
even if dbus.service is not started yet.
Fixes #6967.
Lennart Poettering [Wed, 4 Oct 2017 17:25:30 +0000 (19:25 +0200)]
Merge pull request #6974 from keszybz/clean-up-defines
Clean up define definitions
Lennart Poettering [Wed, 4 Oct 2017 15:54:35 +0000 (17:54 +0200)]
Merge pull request #6985 from yuwata/empty
load-fragment: do not create empty array
Alan Jenkins [Tue, 3 Oct 2017 11:26:02 +0000 (12:26 +0100)]
logind: use pid_is_valid() where appropriate
These two sites _do_ match the definition of pid_is_valid(); they don't
provide any special handling for the invalid PID value 0. (They're used
by dbus methods, so the PID value 0 is handled with reference to the dbus
client creds, outside of these functions).
Alan Jenkins [Tue, 3 Oct 2017 11:13:06 +0000 (12:13 +0100)]
systemctl: use pid_is_valid() where appropriate
This was the one valid site in commit
ee043777be58251e7441b4f04594e9e3792d7fb2.
The second part of this hunk, avoiding using `%m`
when we didn't actually have `errno` set, seems
like a nice enough cleanup to be worthwhile on
it's own.
Also use PID_FMT to improve the error message we print
(pid_t is signed).
Yu Watanabe [Wed, 4 Oct 2017 14:01:32 +0000 (23:01 +0900)]
tree-wide: use IN_SET macro (#6977)
Zbigniew Jędrzejewski-Szmek [Wed, 4 Oct 2017 13:22:07 +0000 (15:22 +0200)]
test-sizeof: add pid_t and gid_t
C.f. #6975.
Zbigniew Jędrzejewski-Szmek [Wed, 4 Oct 2017 13:17:09 +0000 (15:17 +0200)]
test-copy: fix operation when test-copy is too small
Fixes #6981.
Djalal Harouni [Wed, 4 Oct 2017 13:01:21 +0000 (15:01 +0200)]
Merge pull request #6986 from OpenDZ/tixxdz/seccomp-more-default-syscalls-v1
seccomp: add sched_yield syscall to the @default syscall set
Yu Watanabe [Wed, 4 Oct 2017 12:43:00 +0000 (21:43 +0900)]
man: fix that the same option is listed twice (#6991)
Lennart Poettering [Wed, 4 Oct 2017 12:16:28 +0000 (14:16 +0200)]
units: prohibit all IP traffic on all our long-running services (#6921)
Let's lock things down further.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 11:15:27 +0000 (13:15 +0200)]
meson: generate ENABLE_* names automatically
After previous changes, the naming of configuration options and internal
defines is consistent.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 11:12:29 +0000 (13:12 +0200)]
build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/
The configuration option was called -Dresolve, but the internal define
was …RESOLVED. This options governs more than just resolved itself, so
let's settle on the version without "d".
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:23:55 +0000 (12:23 +0200)]
build-sys: s/HAVE_MYHOSTNAME/ENABLE_MYHOSTNAME/
Same justification as for HAVE_UTMP. HAVE_MYHOSTNAME was used before mysthostname
was merged into systemd.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:22:40 +0000 (12:22 +0200)]
build-sys: s/HAVE_SMACK/ENABLE_SMACK/
Same justification as for HAVE_UTMP.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:20:49 +0000 (12:20 +0200)]
build-sys: s/HAVE_IMA/ENABLE_IMA/
Same justification as for HAVE_UTMP.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:19:30 +0000 (12:19 +0200)]
build-sys: s/HAVE_UTMP/ENABLE_UTMP/
"Have" should be about the external environment and dependencies. Anything
which is a pure yes/no choice should be "enable".
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:11:49 +0000 (12:11 +0200)]
build-sys: require all defines under #if to be present
This should help to catch any errors with typos and HAVE/ENABLE mismatches.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:10:57 +0000 (12:10 +0200)]
test-nss: fix names of two defines
That's another bug fixed (sys/auxv.h was the first).
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 08:41:51 +0000 (10:41 +0200)]
build-sys: use #if Y instead of #ifdef Y everywhere
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
Djalal Harouni [Wed, 4 Oct 2017 09:41:42 +0000 (10:41 +0100)]
seccomp: add sched_yield syscall to the @default syscall set
Zbigniew Jędrzejewski-Szmek [Wed, 4 Oct 2017 09:33:30 +0000 (11:33 +0200)]
core: use strv_isempty to check if supplementary_groups is empty
With the previous commit, we know that it will be NULL if empty, but
it's safe to always use strv_isempty() in case the code changes
in the future.
Yu Watanabe [Wed, 4 Oct 2017 06:21:12 +0000 (15:21 +0900)]
Yu Watanabe [Wed, 4 Oct 2017 09:09:32 +0000 (18:09 +0900)]
man: empty string resets the list of NTP servers (#6984)
Alan Jenkins [Tue, 3 Oct 2017 11:05:24 +0000 (12:05 +0100)]
Revert "tree-wide: use pid_is_valid() at more places"
This reverts commit
ee043777be58251e7441b4f04594e9e3792d7fb2.
It broke almost everywhere it touched. The places that
handn't been converted, were mostly followed by special
handling for the invalid PID `0`. That explains why they
tested for `pid < 0` instead of `pid <= 0`.
I think that one was the first commit I reviewed, heh.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 10:09:40 +0000 (12:09 +0200)]
meson: check for sys/auxv.h
This check was present in configure.ac, but was never added under meson.
The code under HAVE_SYS_AUX_H has been dead ever since :(.
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 08:32:34 +0000 (10:32 +0200)]
build-sys: change all HAVE_DECL_ macros to HAVE_
This is a legacy of autotools, where one detection routine used a different
prefix then the others.
$ git grep -e HAVE_DECL_ -l|xargs sed -i s/HAVE_DECL_/HAVE_/g
Zbigniew Jędrzejewski-Szmek [Tue, 3 Oct 2017 08:26:53 +0000 (10:26 +0200)]
Merge pull request #6946 from poettering/synthesize-dns
Some DNS RR synthesizing fixes
Djalal Harouni [Tue, 3 Oct 2017 05:20:05 +0000 (07:20 +0200)]
seccomp: remove '@credentials' syscall set (#6958)
This removes the '@credentials' syscall set that was added in commit
v234-468-gcd0ddf6f75.
Most of these syscalls are so simple that we do not want to filter them.
They work on the current calling process, doing only read operations,
they do not have a deep kernel path.
The problem may only be in 'capget' syscall since it can query arbitrary
processes, and used to discover processes, however sending signal 0 to
arbitrary processes can be used to discover if a process exists or not.
It is unfortunate that Linux allows to query processes of different
users. Lets put it now in '@process' syscall set, and later we may add
it to a new '@basic-process' set that allows most basic process
operations.
Yu Watanabe [Tue, 3 Oct 2017 04:28:48 +0000 (13:28 +0900)]
Merge pull request #6940 from poettering/magic-dirs
make sure StateDirectory= and friends play nicely with DynamicUser= and RootImage=/RootDirectory=