Yu Watanabe [Fri, 28 Jun 2019 19:08:18 +0000 (04:08 +0900)]
bash-completion: udevadm: list all possible values for --action option
Yu Watanabe [Fri, 28 Jun 2019 19:03:06 +0000 (04:03 +0900)]
udevadm: support special value 'help' for --action option
Yu Watanabe [Fri, 28 Jun 2019 18:49:20 +0000 (03:49 +0900)]
sd-device: introduce dump_device_action_table()
Will be used in later commits.
Yu Watanabe [Fri, 28 Jun 2019 18:35:12 +0000 (03:35 +0900)]
Merge pull request #12905 from keszybz/udev-warnings
Udev warnings
Zbigniew Jędrzejewski-Szmek [Fri, 28 Jun 2019 14:25:46 +0000 (16:25 +0200)]
Merge pull request #12887 from fbuihuu/coredump-cleanup-part-1
Coredump cleanup part 1
Zbigniew Jędrzejewski-Szmek [Fri, 28 Jun 2019 14:17:30 +0000 (16:17 +0200)]
udev-rules: add more info to errors about attr formats
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 08:47:56 +0000 (10:47 +0200)]
udev-rules: add precise information to rule failure logs
It is pretty hard to figure out what the problem actually is, esp. when the rule
is long.
On my machine:
systemd[1]: Starting udev Kernel Device Manager...
systemd-udevd[217399]: /usr/lib/udev/rules.d/11-dm-lvm.rules:40 Invalid value for OPTIONS key, ignoring: 'event_timeout=180'
systemd-udevd[217399]: /usr/lib/udev/rules.d/11-dm-lvm.rules:40 The line takes no effect, ignoring.
systemd-udevd[217399]: /etc/udev/rules.d/60-ipath.rules:4 Invalid value "kcopy/%02n" for NAME (char 7: invalid substitution type), ignoring, but please fix it.
systemd-udevd[217399]: /usr/lib/udev/rules.d/65-md-incremental.rules:28 Invalid value "/sbin/mdadm -I $env{DEVNAME} --export $devnode --offroot ${DEVLINKS}" for IMPORT (char 58: invalid substitution type), ignoring, but please fix it.
systemd-udevd[217399]: /etc/udev/rules.d/73-special-net-names.rules:14 Invalid value "/bin/sh -ec 'D=${DEVPATH#*/vio/}; D=${D%%%%/*}; D=${D#????}; D=${D#0}; D=${D#0}; D=${D#0}; D=${D#0}; echo ${D:-0}'" for PROGRAM (char 16: invalid substitution type), ignoring, but please fix it.
systemd-udevd[217399]: /usr/lib/udev/rules.d/84-nm-drivers.rules:10 Invalid value "/bin/sh -c 'ethtool -i $1 | sed -n s/^driver:\ //p' -- $env{INTERFACE}" for PROGRAM (char 24: invalid substitution type), ignoring, but please fix it.
systemd-udevd[217399]: /usr/lib/udev/rules.d/90-libgpod.rules:19 IMPORT key takes '==' or '!=' operator, assuming '==', but please fix it.
systemd-udevd[217399]: /usr/lib/udev/rules.d/90-libgpod.rules:23 IMPORT key takes '==' or '!=' operator, assuming '==', but please fix it.
systemd-udevd[217399]: /usr/lib/udev/rules.d/99-vmware-scsi-udev.rules:5 Invalid value "/bin/sh -c 'echo 180 >/sys$DEVPATH/device/timeout'" for RUN (char 27: invalid substitution type), ignoring, but please fix it.
systemd-udevd[217399]: /usr/lib/udev/rules.d/99-vmware-scsi-udev.rules:6 Invalid value "/bin/sh -c 'echo 180 >/sys$DEVPATH/device/timeout'" for RUN (char 27: invalid substitution type), ignoring, but please fix it.
systemd[1]: Started udev Kernel Device Manager.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 06:58:00 +0000 (08:58 +0200)]
udev-event: use normal pointer ops where appropriate
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 06:51:53 +0000 (08:51 +0200)]
udev: move rule structure definitions into the .c file
They are (and should) only be used there, no need to expose them.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 06:36:20 +0000 (08:36 +0200)]
udev: move rules logging functions into the .c file
They are (and can) only be used there, no need to expose them.
Lubomir Rintel [Thu, 27 Jun 2019 11:02:28 +0000 (13:02 +0200)]
cryptsetup-generator: fix luks-* entry parsing from crypttab
This reverts a part of commit
49fe5c099639 ('tree-wide: port various places
over to STARTSWITH_SET()') that replaced a pair of startswith() calls
with STARTSWITH_SET().
They were in fact for a different strings (device vs. name), botching
the crypttap parsing.
Yu Watanabe [Thu, 27 Jun 2019 17:48:53 +0000 (02:48 +0900)]
bash-completion: support systemd-analyze condition
Franck Bui [Wed, 26 Jun 2019 09:38:44 +0000 (11:38 +0200)]
coredump: make use of the iovec-array helpers
Previous code was allocating an array of iovecs big enough to store all the
fields added later by various functions.
This forced us to calculate the size of the array in advance which is too error
prone if for example one wants to add new fields or simply rework the
code. Various assertions were added to make sure there's no overflow but it's
still more code for no good reasons.
Instead, this patch switches to the new iovec array handling interface so the
array is grown dynamically when needed.
The other contraint was that some iovecs were supposed to be freed whereas some
others were not. This makes the code hard to (re)organize. The new code always
allocates fields so it becomes easier to rework the code.
Yu Watanabe [Thu, 27 Jun 2019 17:37:20 +0000 (02:37 +0900)]
Merge pull request #12889 from keszybz/analyze-condition
Add systemd-analyze condition
Franck Bui [Tue, 25 Jun 2019 14:57:06 +0000 (16:57 +0200)]
io-util: introduce iovw_put_string_field() helper
Franck Bui [Tue, 25 Jun 2019 13:54:44 +0000 (15:54 +0200)]
journal-import: extract helpers for handling arrays of iovec and make them available for others
Franck Bui [Tue, 25 Jun 2019 12:08:16 +0000 (14:08 +0200)]
coredump: drop 2 useless assertions
Franck Bui [Tue, 25 Jun 2019 12:04:46 +0000 (14:04 +0200)]
coredump: slighlty simplify stack trace generation logic
The main advantage is to avoid the code duplication used to build MESSAGE=
field.
No functional changes.
Franck Bui [Fri, 21 Jun 2019 14:18:39 +0000 (16:18 +0200)]
coredump: fix the check on the number of passed args in backtrace mode
In backtrace mode, '--backtrace' option should also be counted.
Franck Bui [Fri, 21 Jun 2019 13:34:01 +0000 (15:34 +0200)]
coredump: gather_pid_metadata() doesn't return 1 anymore
Since commit
92e92d71faea0f107312f296b7756cc04281ba99, gather_pid_metadata()
returns only 0 or a negative value.
Franck Bui [Fri, 21 Jun 2019 12:48:02 +0000 (14:48 +0200)]
coredump: rename set_iovec_field_free() into set_iovec_string_field_free()
It's more in line with its counterpart set_iovec_string_field().
Also move the definition to io-util next to set_iovec_string_field().
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 11:37:27 +0000 (13:37 +0200)]
Merge pull request #12760 from zachsmith/systemd-sleep_resume_offset
systemd-sleep: use resume_offset value if set
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jun 2019 14:23:18 +0000 (16:23 +0200)]
core: skip whitespace after "|" and "!" in the condition parser
We'd skip any whitespace immediately after "=", but then we'd treat whitespace
that is between "|" or "!" and the value as significant. This is rather
confusing, let's ignore it too.
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jun 2019 14:21:34 +0000 (16:21 +0200)]
shared/condition: fix printing of ConditionNull=
ConditionNull= is the only condition where parameter==NULL is allowed,
and we'd print ConditionNull=(null) or ConditionNull=!(null).
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jun 2019 12:58:45 +0000 (14:58 +0200)]
analyze: add 'condition' verb
We didn't have a straightforward way to parse and evaluate those strings.
Prompted by #12881.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 08:43:48 +0000 (10:43 +0200)]
Merge pull request #12894 from stapelberg/patch-1
cryptsetup: comment: crypt_setup → crypt_format
Michael Prokop [Thu, 27 Jun 2019 07:54:20 +0000 (09:54 +0200)]
docs: fix typos and duplicate words
s/and and/and/
s/explicity/explicitly/
s/that that/that/
s/the the/the/
s/is is/it is/
s/overriden/overridden/
Michael Stapelberg [Thu, 27 Jun 2019 07:38:30 +0000 (09:38 +0200)]
cryptsetup: comment: crypt_setup → crypt_format
Zbigniew Jędrzejewski-Szmek [Thu, 27 Jun 2019 06:13:14 +0000 (08:13 +0200)]
Merge pull request #12890 from yuwata/fix-conf-parser-12883
conf-parse: fix continuation handling
Zach Smith [Wed, 26 Jun 2019 13:55:37 +0000 (06:55 -0700)]
systemd-sleep: refuse to calculate swapfile offset on Btrfs
If hibernation is requested but /sys/power/resume and
/sys/power/resume_offset are not configured correctly, systemd-sleep
attempts to calculate swapfile offset using fstat and fiemap.
Btrfs returns virtual device number for stat and a virtual offset
for fiemap which results in incorrect offset calculations. In the
case where offset would be calculated and the user is using Btrfs,
log a debug message and fail to write device and offset values.
Zach Smith [Sun, 9 Jun 2019 03:44:34 +0000 (20:44 -0700)]
systemd-sleep: (bug) use resume_offset value if set
Use hibernation configuration as defined in
/sys/power/resume and /sys/power/resume_offset
if present before inspecting /proc/swaps and
attempting to calculate swapfile offset
Evgeny Vereshchagin [Thu, 27 Jun 2019 04:56:59 +0000 (07:56 +0300)]
Merge pull request #12892 from yuwata/fix-test-format-util-12891
test: fix argument type of test_format_bytes_one()
Yu Watanabe [Thu, 27 Jun 2019 01:20:18 +0000 (10:20 +0900)]
test: fix argument type of test_format_bytes_one()
Closes #12891.
Yu Watanabe [Thu, 27 Jun 2019 01:17:20 +0000 (10:17 +0900)]
util,test: rename variable non_iec -> si
Yu Watanabe [Wed, 26 Jun 2019 18:03:45 +0000 (03:03 +0900)]
test: add testcase for issue #12883
Yu Watanabe [Wed, 26 Jun 2019 18:00:22 +0000 (03:00 +0900)]
conf-parser: fix continuation handling
Before this commit, empty lines cannot break continuation.
The bug was introduced by
9adbfeb38ac101d6f73a033bb120d63513ffb240.
Closes #12883.
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jun 2019 12:56:59 +0000 (14:56 +0200)]
core: do not enumerate units in MANAGER_TEST_RUN_MINIMAL mode
In this mode we are not supposed to "interact with the environment", so loading
all units and printing warnings about syntax errors and /var/run usage seems
inappropriate.
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jun 2019 12:56:04 +0000 (14:56 +0200)]
man: move description of how conditions are combined to the beginning
Originally the description of conditions was brief, so it was acceptable
to put this part at the end. But now we have a myriad conditions, and
this crucial bit of information is easy to miss.
Zbigniew Jędrzejewski-Szmek [Wed, 26 Jun 2019 09:52:57 +0000 (11:52 +0200)]
core: move assert before actual use of the variable
No point in using u->id first, and doing assert(u) later.
-std=c89 strikes again.
Franck Bui [Fri, 21 Jun 2019 11:12:41 +0000 (13:12 +0200)]
coredump: rely on /proc exclusively to get the name of the crashing process
I couldn't see any reason why the kernel could provide COMM to the coredump
handler via the core_pattern command line but could not make it available in
/proc. So let's assume that this info is always available in /proc.
For "backtrace" mode (when --backtrace option is passed), I assumed that the
crashing process still exists at the time systemd-coredump is called.
Also changing the core_pattern line is an API breakage for any users of the
backtrace mode but given that systemd-coredump is installed in
/usr/lib/systemd, it's a private tool which has no internal users. At least no
one complained when the hostname was added to the core_pattern line
(
f45b8015513)...
Indeed it's much easier to get it from /proc since the kernel substitutes '%e'
specifier with multiple strings if the process name contains spaces (!).
Franck Bui [Wed, 26 Jun 2019 05:23:10 +0000 (07:23 +0200)]
coredump: fix one memleak in backtrace mode
Journal importer internal structures need to be freed.
Franck Bui [Thu, 20 Jun 2019 14:09:51 +0000 (16:09 +0200)]
coredump: make use of STRINGIFY
Michal Sekletar [Tue, 25 Jun 2019 10:57:01 +0000 (12:57 +0200)]
execute: drop SYNTHETIC_ERRNO because error code was received from the apply_numa_policy()
Yu Watanabe [Tue, 25 Jun 2019 07:42:34 +0000 (16:42 +0900)]
network: further log message update
Follow-up for
44e891bbf6908e494856fcf3011e88a70a12e087.
Joerg Behrmann [Fri, 21 Jun 2019 11:51:53 +0000 (13:51 +0200)]
core: factor root_directory application out of apply_working_directory
Fixes: #12498
Frantisek Sumsal [Thu, 20 Jun 2019 16:51:42 +0000 (18:51 +0200)]
core: move config_parse_* functions to a shared module
Apart from making the code a little bit more clean, it should allow us
to write a fuzzer around the config-parsing functions in the future
INSUN PYO [Tue, 25 Jun 2019 11:38:02 +0000 (20:38 +0900)]
man: change true/false to yes/no for DefaultDependencies.
Lennart Poettering [Tue, 25 Jun 2019 10:20:26 +0000 (12:20 +0200)]
Merge pull request #12877 from poettering/dynamic-user-re-migrate2
DynamicUser=1 → = 0 migration follow-up
Lennart Poettering [Tue, 25 Jun 2019 07:59:24 +0000 (09:59 +0200)]
some CODING_STYLE additions
Lennart Poettering [Tue, 25 Jun 2019 08:47:13 +0000 (10:47 +0200)]
man: say D-Bus, not dbus
Lennart Poettering [Tue, 25 Jun 2019 08:44:59 +0000 (10:44 +0200)]
man: improve --test documentation
Incorporates some suggestions from:
https://github.com/systemd/systemd/pull/12868#discussion_r296738370
https://github.com/systemd/systemd/commit/
cd69e88ba3a692618048117b26fc9ea339aa1845#commitcomment-
34060775
Lennart Poettering [Tue, 25 Jun 2019 08:40:16 +0000 (10:40 +0200)]
test: add test for DynamicUser=0 → =1 migration (and back)
Lennart Poettering [Tue, 25 Jun 2019 08:39:52 +0000 (10:39 +0200)]
core: mention why we do migration for everything but ConfigurationDirectory=
Lennart Poettering [Tue, 25 Jun 2019 08:39:37 +0000 (10:39 +0200)]
core: log when we convert from DynamicUser=1 to =0 or vice versa
camoz [Tue, 25 Jun 2019 08:28:19 +0000 (10:28 +0200)]
systemd-nspawn(1): update example section
Remove the retired flag -d from Example 4. "Boot a minimal Arch Linux
distribution in a container". It has been retired here:
https://git.archlinux.org/arch-install-scripts.git/commit/pacstrap.in?id=
0af6884aca68dcb7eed0b85fbc2960903df3d968
Lennart Poettering [Tue, 25 Jun 2019 08:06:03 +0000 (10:06 +0200)]
Merge pull request #12869 from poettering/dynamic-user-re-migrate
DynamicUser=1 state directory back migration
Kai Lüke [Tue, 23 Apr 2019 10:14:20 +0000 (12:14 +0200)]
bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath=
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.
Closes https://github.com/systemd/systemd/issues/10227
Lennart Poettering [Tue, 25 Jun 2019 07:28:21 +0000 (09:28 +0200)]
Merge pull request #12874 from yuwata/ethtool-make-ubsan-quiet
ethtool: make UBSan quiet and add missing link modes
Lennart Poettering [Tue, 25 Jun 2019 07:27:01 +0000 (09:27 +0200)]
Merge pull request #12870 from yuwata/tree-wide-further-path-join-cleanups
tree-wide: further path_join() and path_joina() cleanups
Yu Watanabe [Tue, 25 Jun 2019 04:02:33 +0000 (13:02 +0900)]
Merge pull request #12871 from keszybz/various-printing-fixes
Various printing/logging fixes
Yu Watanabe [Tue, 25 Jun 2019 02:55:59 +0000 (11:55 +0900)]
ethtool: reindent link mode table
Yu Watanabe [Tue, 25 Jun 2019 02:55:04 +0000 (11:55 +0900)]
ethtool: add missing link mode
Yu Watanabe [Tue, 25 Jun 2019 02:10:07 +0000 (11:10 +0900)]
ethtool-util: fix returned value when ethtool_cmd_speed() is SPEED_UNKNOWN
Yu Watanabe [Tue, 25 Jun 2019 02:36:51 +0000 (11:36 +0900)]
linux: make UBSAN quiet
Yu Watanabe [Tue, 25 Jun 2019 02:16:57 +0000 (11:16 +0900)]
linux: update kernel headers
Zbigniew Jędrzejewski-Szmek [Sat, 15 Jun 2019 14:37:55 +0000 (16:37 +0200)]
bootctl: fix display of options with embedeed newlines
I have an .efi image with embedded newlinews. Now I don't even remember if it
was created for testing or by accident, but it doesn't really matter. We should
display such files correctly.
(This isn't a problem with normal BLS entries, because input is split into lines
so newlines are consumed.)
Lubomir Rintel [Mon, 24 Jun 2019 18:38:30 +0000 (20:38 +0200)]
sd-device: don't accept /sys as a device path
Because it's not a device path and (slightly) bad things happen if it
gets confused with one:
$ udevadm info /sys/
Assertion 'device->devpath[0] == '/'' failed at
../src/libsystemd/sd-device/sd-device.c:958,
function sd_device_get_devpath(). Aborting.
Aborted (core dumped)
Lubomir Rintel [Mon, 24 Jun 2019 17:23:13 +0000 (19:23 +0200)]
udevd: fix a reversed conditional on global property set
# udevadm control --property=HELLO=WORLD
Received udev control message (ENV), unsetting 'HELLO'
# udevadm control --property=HELLO=
Received udev control message (ENV), setting 'HELLO='
Oh no, it's busted. Let's try removing this one little negation real quick
to see if it helps...
# udevadm control --property=HELLO=WORLD
Received udev control message (ENV), setting 'HELLO=WORLD'
# udevadm control --property=HELLO=
Received udev control message (ENV), unsetting 'HELLO'
Feels much better now.
Lennart Poettering [Tue, 28 May 2019 14:50:10 +0000 (16:50 +0200)]
man: beef up systemd.exec(5)
Prompted by:
https://lists.freedesktop.org/archives/systemd-devel/2019-May/042773.html
Yu Watanabe [Mon, 24 Jun 2019 15:24:23 +0000 (00:24 +0900)]
tree-wide: replace strjoina() with prefix_roota()
Zbigniew Jędrzejewski-Szmek [Sat, 15 Jun 2019 11:19:58 +0000 (13:19 +0200)]
networkd: rework warning and debug messages about address addition and removal
Those messages were quite confusing. In particular "adding address" suggests
that we are assiging a new address to an interface, but in fact we're just
reacting to a notification about an addition. So let's call that "remembering"
and "forgetting". It's not fully gramatically correct, but I think it's much
clearer than "adding"/"removing" in this context.
And "received address without address" is too cryptic, let's say "address
message" to distinguish the message from its content.
Also, make failure to format address non-fatal, and print more details in
various places.
Zbigniew Jędrzejewski-Szmek [Thu, 13 Jun 2019 16:11:56 +0000 (18:11 +0200)]
logind: log operation details when starting actions
For some reason, systemd-logind is trying to handle idle action in one of my containers:
Jun 07 10:28:08 rawhide systemd-logind[42]: System idle. Taking action.
Jun 07 10:28:08 rawhide systemd-logind[42]: Requested operation not supported, ignoring.
But we didn't log what exactly was being done. Let's put the name of the action in messages.
Zbigniew Jędrzejewski-Szmek [Thu, 13 Jun 2019 16:03:14 +0000 (18:03 +0200)]
logind: remove unused check
All callers pass either a fixed action, or HANDLE_IGNORE is explicitly filtered
out. Let's remove this case here, because we cannot properly log what opreation
we are ignoring.
Yu Watanabe [Mon, 24 Jun 2019 14:59:38 +0000 (23:59 +0900)]
tree-wide: replace strjoin() with path_join()
Michal Sekletar [Tue, 12 Mar 2019 17:58:26 +0000 (18:58 +0100)]
core: introduce NUMAPolicy and NUMAMask options
Make possible to set NUMA allocation policy for manager. Manager's
policy is by default inherited to all forked off processes. However, it
is possible to override the policy on per-service basis. Currently we
support, these policies: default, prefer, bind, interleave, local.
See man 2 set_mempolicy for details on each policy.
Overall NUMA policy actually consists of two parts. Policy itself and
bitmask representing NUMA nodes where is policy effective. Node mask can
be specified using related option, NUMAMask. Default mask can be
overwritten on per-service level.
Yu Watanabe [Mon, 24 Jun 2019 14:40:33 +0000 (23:40 +0900)]
test: add more testcases for prefix_roota()
Yu Watanabe [Mon, 24 Jun 2019 14:36:38 +0000 (23:36 +0900)]
path-util: fix an issue when the path argument of prefix_roota() is not absolute
When the first argument is '/' and the second argument is not absolute,
the return value was not prefixed with '/'. This fixes the issue.
Lennart Poettering [Mon, 24 Jun 2019 14:18:49 +0000 (16:18 +0200)]
core: migrate service directories back from private if needed
Fixes: #12131
Lennart Poettering [Mon, 24 Jun 2019 14:02:02 +0000 (16:02 +0200)]
core: add missing space to DynamicUser=1 directory comment
(also line break again)
Zbigniew Jędrzejewski-Szmek [Mon, 24 Jun 2019 14:07:16 +0000 (16:07 +0200)]
Merge pull request #12868 from poettering/doc-243-fixes
various man page fixes
Lennart Poettering [Mon, 24 Jun 2019 13:30:10 +0000 (15:30 +0200)]
man: document that sd_bus_creds_get_exec() is not suitable for security decisions
Fixes: #12704
Lennart Poettering [Mon, 24 Jun 2019 13:21:22 +0000 (15:21 +0200)]
man: drop references to "syslog" and "syslog+console" from man page
These options are pretty much equivalent to "journal" and
"journal+console" anyway, let's simplify things, and drop them from the
documentation hence.
For compat reasons let's keep them in the code.
(Note that they are not 100% identical to 'journal', but I doubt the
distinction in behaviour is really relevant to keep this in the docs.
And we should probably should drop 'syslog' entirely from our codebase
eventually, but it's problematic as long as we semi-support udev on
non-systemd systems still.)
Lennart Poettering [Mon, 24 Jun 2019 12:51:52 +0000 (14:51 +0200)]
doc: make clear that --system and --user only make sense with --test
Fixes: #12843
Lennart Poettering [Mon, 24 Jun 2019 12:22:43 +0000 (14:22 +0200)]
man: correct that Sockets= may not be undone
Fixes: #12415
Lennart Poettering [Mon, 24 Jun 2019 12:20:36 +0000 (14:20 +0200)]
man: document that DynamicUser=1 implied sandboxing cannot be turned off
Fixes: #12476
Lennart Poettering [Mon, 24 Jun 2019 07:54:36 +0000 (09:54 +0200)]
Merge pull request #12866 from yuwata/strv_consume_cleanups
tree-wide: use _cleanup_ attributes
Yu Watanabe [Mon, 24 Jun 2019 05:57:58 +0000 (14:57 +0900)]
tree-wide: use _cleanup_ attribute and strv_consume() + TAKE_PTR()
Yu Watanabe [Mon, 24 Jun 2019 05:57:50 +0000 (14:57 +0900)]
sd-path: use _cleanup_strv_free_ attribute
Lennart Poettering [Sun, 23 Jun 2019 14:13:26 +0000 (16:13 +0200)]
update TODO
Peter A. Bigot [Sat, 22 Jun 2019 17:43:49 +0000 (12:43 -0500)]
man: fix references to VTABLE property flags
Lennart Poettering [Sat, 22 Jun 2019 18:12:44 +0000 (20:12 +0200)]
update TODO
Lennart Poettering [Sat, 22 Jun 2019 18:02:46 +0000 (20:02 +0200)]
Merge pull request #12836 from yuwata/tree-wide-replace-strjoin
tree-wide: replace strjoin() with path_join()
Anita Zhang [Mon, 20 May 2019 21:43:53 +0000 (14:43 -0700)]
bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users)
This is a workaround to make IPAddressDeny=any/IPAddressAllow=any work
for non-root users that have CAP_NET_ADMIN. "any" was chosen since
all or nothing network access is one of the most common use cases for
isolation.
Allocating BPF LPM TRIE maps require CAP_SYS_ADMIN while BPF_PROG_TYPE_CGROUP_SKB
only needs CAP_NET_ADMIN. In the case of IPAddressXYZ="any" we can just
consistently return false/true to avoid allocating the map and limit the user
to having CAP_NET_ADMIN.
Topi Miettinen [Mon, 20 May 2019 09:20:58 +0000 (12:20 +0300)]
cgroup-util: kill also threads
It's possible for a zombie process to have live threads. These are not listed
in /sys in "cgroup.procs" for cgroupsv2, but they show up in
"cgroup.threads" (cgroupv2) or "tasks" (cgroupv1) nodes. When killing a
cgroup (v2 only) with SIGKILL, let's also kill threads after killing processes,
so the live threads of a zombie get killed too.
Closes #12262.
Evgeny Vereshchagin [Fri, 21 Jun 2019 00:21:09 +0000 (02:21 +0200)]
coverity: stop setting _Float*
Should address https://github.com/systemd/systemd/issues/12854
Jan Synacek [Fri, 21 Jun 2019 05:53:15 +0000 (07:53 +0200)]
man: drop my copyright
Lennart Poettering [Wed, 19 Jun 2019 13:20:13 +0000 (15:20 +0200)]
path-util: get rid of prefix_root()
prefix_root() is equivalent to path_join() in almost all ways, hence
let's remove it.
There are subtle differences though: prefix_root() will try shorten
multiple "/" before and after the prefix. path_join() doesn't do that.
This means prefix_root() might return a string shorter than both its
inputs combined, while path_join() never does that. I like the
path_join() semantics better, hence I think dropping prefix_root() is
totally OK. In the end the strings generated by both functon should
always be identical in terms of path_equal() if not streq().
This leaves prefix_roota() in place. Ideally we'd have path_joina(), but
I don't think we can reasonably implement that as a macro. or maybe we
can? (if so, sounds like something for a later PR)
Also add in a few missing OOM checks
Anita Zhang [Mon, 3 Jun 2019 23:25:43 +0000 (16:25 -0700)]
nspawn: don't hard fail when setting capabilities
The OCI changes in #9762 broke a use case in which we use nspawn from
inside a container that has dropped capabilities from the bounding set
that nspawn expected to retain. In an attempt to keep OCI compliance
and support our use case, I made hard failing on setting capabilities
not in the bounding set optional (hard fail if using OCI and log only
if using nspawn cmdline).
Fixes #12539
Yu Watanabe [Thu, 20 Jun 2019 18:31:49 +0000 (03:31 +0900)]
Merge pull request #12846 from poettering/cap-last-cap-fix
cap_last_cap() off by one fixes
Lennart Poettering [Thu, 20 Jun 2019 12:41:09 +0000 (14:41 +0200)]
bpf: use more TAKE_FD()