Zbigniew Jędrzejewski-Szmek [Fri, 15 Jun 2018 09:34:44 +0000 (11:34 +0200)]
Merge pull request #8766 from poettering/syscall-filter-service
add a new `@system-service` syscall group that is good as a starting point for whitelisting syscalls
Yu Watanabe [Fri, 15 Jun 2018 03:29:29 +0000 (12:29 +0900)]
namespace: drop protect_{home,system}_or_bool_from_string()
The functions protect_{home,system}_from_string() are not used
except for defining protect_{home,system}_or_bool_from_string().
This makes protect_{home,system}_from_string() support boolean
strings, and drops protect_{home,system}_or_bool_from_string().
Yu Watanabe [Fri, 15 Jun 2018 03:11:44 +0000 (12:11 +0900)]
Merge pull request #9303 from poettering/busctl-fixlets
tiny busctl fixlets
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 07:18:02 +0000 (09:18 +0200)]
NEWS: rework the description of device naming changes
We really should try to be as precise as possible here. Saying
"your interfaces might be renamed" scares the shit of out people,
for obvious reasons. This change only touches some niche cases
fortunately, let's make this clear.
Lennart Poettering [Thu, 14 Jun 2018 13:22:45 +0000 (15:22 +0200)]
NEWS: update contributor list to current git
Iwan Timmer [Thu, 14 Jun 2018 15:00:50 +0000 (17:00 +0200)]
resolved: fix error handling in resolved-dns-stream
During the transition from system functions using errno to our own read and write functions with negative return codes some errors where introduced. This patch correctly convert errno to negative return codes for read and write and fix checks still using errno instead of the return code.
Closes #9283
Lennart Poettering [Thu, 19 Apr 2018 14:51:04 +0000 (16:51 +0200)]
update NEWS
Lennart Poettering [Thu, 7 Jun 2018 15:47:53 +0000 (17:47 +0200)]
portable: add SystemCallFilter=@system-service to the three main portable service profiles
… but leave the "trusted" profile unmodified, it shall have full access
to all system calls, as before.
Lennart Poettering [Thu, 19 Apr 2018 09:04:17 +0000 (11:04 +0200)]
units: switch from system call blacklist to whitelist
This is generally the safer approach, and is what container managers
(including nspawn) do, hence let's move to this too for our own
services. This is particularly useful as this this means the new
@system-service system call filter group will get serious real-life
testing quickly.
This also switches from firing SIGSYS on unexpected syscalls to
returning EPERM. This would have probably been a better default anyway,
but it's hard to change that these days. When whitelisting system calls
SIGSYS is highly problematic as system calls that are newly introduced
to Linux become minefields for services otherwise.
Note that this enables a system call filter for udev for the first time,
and will block @clock, @mount and @swap from it. Some downstream
distributions might want to revert this locally if they want to permit
unsafe operations on udev rules, but in general this shiuld be mostly
safe, as we already set MountFlags=shared for udevd, hence at least
@mount won't change anything.
Lennart Poettering [Wed, 18 Apr 2018 19:45:44 +0000 (21:45 +0200)]
seccomp: explain why we use setuid rather than @setuid in @privileged
Lennart Poettering [Wed, 18 Apr 2018 19:19:54 +0000 (21:19 +0200)]
seccomp: add new system call filter, suitable as default whitelist for system services
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.
The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
Lennart Poettering [Mon, 30 Apr 2018 17:38:41 +0000 (19:38 +0200)]
mkosi: add mkosi snippet for ubuntu, too
Lennart Poettering [Thu, 14 Jun 2018 13:29:24 +0000 (15:29 +0200)]
Merge pull request #9301 from keszybz/man-drop-authorgroup
man: drop unused <authorgroup> tags from man sources
Lennart Poettering [Thu, 14 Jun 2018 12:54:32 +0000 (14:54 +0200)]
busctl: make use of log_error_errno() where we can
Lennart Poettering [Thu, 14 Jun 2018 12:53:59 +0000 (14:53 +0200)]
busctl: add 'const' where we can
Lennart Poettering [Thu, 14 Jun 2018 12:53:46 +0000 (14:53 +0200)]
busctl: use fflush_and_check() where appropriate
Lennart Poettering [Thu, 14 Jun 2018 12:51:57 +0000 (14:51 +0200)]
Merge pull request #9302 from keszybz/drop-my-copyright-and-some-license-tags
Drop my copyright and some license tags
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 10:57:09 +0000 (12:57 +0200)]
Drop more license boilerplate
$ git grep -e 'This program is free software' -l |grep -v LICENSE | \
xargs perl -i -0pe 's/ \* This program.*?for more details.\s*\*\n( \* You should have.*licenses.>.\n)?//gms'
For some reason they were missed previously. All those files seem to
have proper SDPX tags.
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 10:50:49 +0000 (12:50 +0200)]
Fix SPDX license tags
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 10:47:16 +0000 (12:47 +0200)]
Drop my copyright headers
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 10:28:53 +0000 (12:28 +0200)]
Also drop <authorgroup> from autogenerated pages
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 10:02:53 +0000 (12:02 +0200)]
man: drop unused <authorgroup> tags from man sources
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Tested with F26-F29, debian unstable.
$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 09:26:50 +0000 (11:26 +0200)]
Merge pull request #9274 from poettering/comment-header-cleanup
drop "this file is part of systemd" and lennart's copyright from header
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 09:19:22 +0000 (11:19 +0200)]
Merge pull request #9199 from poettering/copy-file-atomic
make copy_file_atomic() use O_TMPFILE to create the destination file
Jan Synacek [Tue, 12 Jun 2018 08:03:08 +0000 (10:03 +0200)]
namespace: always use a root directory when setting up namespace
1) mv /var/tmp /var/tmp.old
2) mkdir /tmp/varrr
3) ln -s /tmp/varrr /var/tmp
Now, when a service has PrivateTmp=yes, during namespace setup,
/tmp is first mounted over with a new mount. Then, when /var/tmp
is being resolved, it points to /tmp/varrr, which by then doesn't
exist, because it had already been obscured.
Lennart Poettering [Thu, 14 Jun 2018 08:22:11 +0000 (10:22 +0200)]
Merge pull request #9297 from yuwata/rfe-9296
timesync: ignore any errors related to timestamp file
Lennart Poettering [Tue, 12 Jun 2018 17:00:24 +0000 (19:00 +0200)]
tree-wide: beautify remaining copyright statements
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
Lennart Poettering [Tue, 12 Jun 2018 16:23:39 +0000 (18:23 +0200)]
tree-wide: remove Lennart's copyright lines
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
Lennart Poettering [Tue, 12 Jun 2018 16:45:51 +0000 (18:45 +0200)]
grypt-util: drop two emacs modelines
No idea why they didn't get removed earlier...
Lennart Poettering [Tue, 12 Jun 2018 15:21:16 +0000 (17:21 +0200)]
po: drop copyright lines referencing COPYRIGHT HOLDER
These lines are template lines that never got filled in. Let's drop
them, as they carry zero information and are just useless.
Lennart Poettering [Tue, 12 Jun 2018 15:15:23 +0000 (17:15 +0200)]
tree-wide: use proper unicode © instead of (C) where we can
Let's use a proper unicode copyright symbol where we can, it's prettier.
This important patch is very important.
Lennart Poettering [Tue, 12 Jun 2018 15:04:27 +0000 (17:04 +0200)]
tree-wide: drop 'This file is part of systemd' blurb
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
Franck Bui [Wed, 13 Jun 2018 16:15:55 +0000 (18:15 +0200)]
locale-util: on overlayfs FTW_MOUNT causes nftw(3) to not list *any* files
On overlayfs, FTW_MOUNT causes nftw to not list *any* files because the
condition used by glibc to verify that it's on the same mountpoint doesn't work
on overlayfs, see https://bugzilla.suse.com/show_bug.cgi?id=1096807 for the
details.
However using FTW_MOUNT doesn't seem to be really needed when walking through
the keymap directorie tree. So until the glibc or the kernel is fixed (which
might take some time), let's make localectl works with overlayfs.
There's a small side effect here, by which regular (non-directory) files with
bind mounts will be parsed while they were skipped by the previous logic.
Yu Watanabe [Sun, 10 Jun 2018 08:17:34 +0000 (17:17 +0900)]
timedatectl: add 'show' command to display machine-readable output
Closes #9249.
Lennart Poettering [Thu, 14 Jun 2018 07:59:58 +0000 (09:59 +0200)]
Merge pull request #9193 from keszybz/coverity
Coverity support for glibc-2.27
Iwan Timmer [Wed, 13 Jun 2018 18:26:24 +0000 (20:26 +0200)]
resolve: rename PrivateDNS to DNSOverTLS
PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
Zbigniew Jędrzejewski-Szmek [Thu, 14 Jun 2018 07:57:15 +0000 (09:57 +0200)]
Merge pull request #9263 from poettering/log-serialize
save/restore log level across daemon reexec
Yu Watanabe [Thu, 14 Jun 2018 02:29:08 +0000 (11:29 +0900)]
timesync: ignore any errors related to timestamp file
Yu Watanabe [Thu, 14 Jun 2018 02:39:55 +0000 (11:39 +0900)]
sysusers: use fchmod_and_chown()
Yu Watanabe [Thu, 14 Jun 2018 02:26:29 +0000 (11:26 +0900)]
fs-util: introduce fchmod_and_chown()
The new function fchmod_and_chown() is almost same as chmod_and_chown()
except it takes file descriptor instead of file path.
Lennart Poettering [Wed, 13 Jun 2018 17:16:34 +0000 (19:16 +0200)]
Merge pull request #9291 from poettering/nspawn-fixlets
tiny nspawn fixlets
Lennart Poettering [Wed, 13 Jun 2018 17:05:57 +0000 (19:05 +0200)]
Merge pull request #9290 from poettering/radv-fixlets
tiny sd-radv fixlets
Yu Watanabe [Wed, 13 Jun 2018 14:59:35 +0000 (23:59 +0900)]
machine: ignore containers which disable private user namespace in MapToMachine{User,Group}
Fixes #9286.
Lennart Poettering [Wed, 13 Jun 2018 16:47:13 +0000 (18:47 +0200)]
main: simplify arg_system initialization a bit
For both branches of the if check it's the first line, hence let's just
do it before.
Franck Bui [Fri, 1 Jun 2018 16:21:03 +0000 (18:21 +0200)]
pid1: preserve current value of log target across re-{load,execution}
To make debugging easier, this patches allows one to change the log target and
do reload/reexec without modifying configuration permanently, which makes
debugging easier.
Indeed if one changed the log target at runtime (via the bus or via signals),
the change was lost on the next reload/reexecution.
In order to restore back the default value (set via system.conf, environment
variables or any other means ), the empty string in the "LogTarget" property is
now supported as well as sending SIGTRMIN+26 signal.
Franck Bui [Wed, 30 May 2018 15:57:23 +0000 (17:57 +0200)]
pid1: preserve current value of log level across re-{load,execution}
To make debugging easier, this patches allows one to change the log level and
do reload/reexec without modifying configuration permanently, which makes
debugging easier.
Indeed if one changed the log max level at runtime (via the bus or via
signals), the change was lost on the next daemon reload/reexecution.
In order to restore the original value back (set via system.conf, environment
variables or any other means), the empty string in the "LogLevel" property is
now supported as well as sending SIGRTMIN+23 signal.
Lennart Poettering [Wed, 13 Jun 2018 15:40:34 +0000 (17:40 +0200)]
nspawn: free global variables before exiting
This doesn't really matter much, but is prettier for valgrind
Lennart Poettering [Wed, 13 Jun 2018 15:35:54 +0000 (17:35 +0200)]
sd-radv: use strv_isempty() where we can
Lennart Poettering [Wed, 13 Jun 2018 15:34:41 +0000 (17:34 +0200)]
sd-radv: normalize function parameters a bit
Let's add "const" where we don't change structures passed.
Also, we generally use "unsigned char" for IP prefix length values, do
so here too. Previously different parts of the sd-radv.h API used
different types for this.
Lennart Poettering [Wed, 13 Jun 2018 15:34:09 +0000 (17:34 +0200)]
sd-radv: close fd when destroying object
Lennart Poettering [Wed, 13 Jun 2018 15:36:54 +0000 (17:36 +0200)]
nspawn: drop unused parameter from one call
Susant Sahani [Wed, 13 Jun 2018 13:52:34 +0000 (19:22 +0530)]
networkd: Don't try to close fd in sd_radv_stop if fd is closed.
sd_radv_stop is called from two places. if sd_radv_stop is alrady
success then just don't try to close it .
```
systemd-networkd[604]: RADV: Stopping IPv6 Router Advertisement daemon
systemd-networkd[604]: RADV: Unable to send last Router Advertisement with router lifetime set to zero: Bad file descriptor <==================HERE
systemd-networkd[604]: RADV: Updated prefix 2a0a:*:*:fc::/64 preferred 1h valid 2h
systemd-networkd[604]: RADV: Started IPv6 Router Advertisement daemon
```
Closes one of the issue #8960
Lennart Poettering [Wed, 13 Jun 2018 14:19:24 +0000 (16:19 +0200)]
Merge pull request #9261 from keszybz/drop-bool-casts
Drop bool casts
Lennart Poettering [Tue, 12 Jun 2018 13:57:51 +0000 (15:57 +0200)]
hwdb-update: make sure it works when run from meson
let's make the argument optional again, so that the command line "ninja
-C build hwdb-update" runs works.
Lennart Poettering [Tue, 12 Jun 2018 13:57:47 +0000 (15:57 +0200)]
hwdb: update from upstream
Lennart Poettering [Tue, 12 Jun 2018 13:43:59 +0000 (15:43 +0200)]
terminal-util: make file names in --cat-config output clickable links
Lennart Poettering [Tue, 12 Jun 2018 13:37:53 +0000 (15:37 +0200)]
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands
The output of these commands is really long, and already enriched with
color. Let's add auto-paging to make this easier to digest.
Lennart Poettering [Tue, 12 Jun 2018 13:20:05 +0000 (15:20 +0200)]
NEWS: add an example that actually applies
Lennart Poettering [Tue, 12 Jun 2018 13:19:54 +0000 (15:19 +0200)]
NEWS: the tool is called resolvconf, without the inner e
Lennart Poettering [Tue, 12 Jun 2018 13:18:50 +0000 (15:18 +0200)]
NEWS: break lines with emacs once more
Let's follow the line break rules our .dir-locals.el file defines
Lennart Poettering [Tue, 12 Jun 2018 13:18:25 +0000 (15:18 +0200)]
NEWS: some .mailmap work to clean up contributors list
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 12:09:14 +0000 (14:09 +0200)]
Merge pull request #8863 from evelikov/shell-completion-fixes
Shell completion fixes/perf improvements
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 08:34:30 +0000 (10:34 +0200)]
test-alloc-util: add casts to bools from p ointers
C++03: "An rvalue of arithmetic, enumeration, pointer, or pointer to member
type can be converted to an rvalue of type bool. A zero value, null pointer
value, or null member pointer value is converted to false; any other value is
converted to true"
C should behave the same because pointers are scalars in C, but let's verify
that.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 14:02:03 +0000 (16:02 +0200)]
tree-wide: drop !! casts to booleans
They are not needed, because anything that is non-zero is converted
to true.
C11:
> 6.3.1.2: When any scalar value is converted to _Bool, the result is 0 if the
> value compares equal to 0; otherwise, the result is 1.
https://stackoverflow.com/questions/
31551888/casting-int-to-bool-in-c-c
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 14:07:45 +0000 (16:07 +0200)]
test-alloc-util: add a "test" for bool casts
Just in case ;)
There is no good place, test-alloc-util.c is as good as any, and it's quite
short so far, so let's add this there.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 13:58:09 +0000 (15:58 +0200)]
cocinelle: use GNU parallel to run spatch
spatch is single-threaded, i.e. slow. On my machine it allocates 5 GB of memory
and starts swapping, which makes it even slower. Using parallel makes the whole
thing pleasantly fast.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 11:47:25 +0000 (13:47 +0200)]
basic/parse-util: remove unnecessary parentheses
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 06:52:58 +0000 (08:52 +0200)]
Merge pull request #9172 from yuwata/timesync-ntp-parser
timesync: check validity of NTP server name or address
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 06:46:07 +0000 (08:46 +0200)]
Merge pull request #9280 from yuwata/follow-ups-8849
Several follow-ups for #8849
Yu Watanabe [Wed, 13 Jun 2018 05:52:57 +0000 (14:52 +0900)]
NEWS: add more news
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 06:20:18 +0000 (08:20 +0200)]
Merge pull request #9153 from poettering/private-mounts
introduce PrivateMounts= setting and clean up documentation for MountFlags=
Lennart Poettering [Tue, 12 Jun 2018 18:50:15 +0000 (20:50 +0200)]
NEWS: announce DNS-over-TLS too
Yu Watanabe [Wed, 13 Jun 2018 05:34:26 +0000 (14:34 +0900)]
man: drop unnecessary '=' after nta
Yu Watanabe [Wed, 13 Jun 2018 05:30:51 +0000 (14:30 +0900)]
resolvectl: fix indentation
Yu Watanabe [Mon, 4 Jun 2018 13:32:45 +0000 (22:32 +0900)]
timesync: add more log messages in manager_network_read_link_servers()
Yu Watanabe [Sun, 3 Jun 2018 09:54:29 +0000 (18:54 +0900)]
timesync: check validity of NTP server name or address
Yu Watanabe [Mon, 4 Jun 2018 12:27:57 +0000 (21:27 +0900)]
conf-parser: simplify conf_parse_path()
Follow-up for
97651797e83d0548aef9f808657d3518d89e5aee.
Yu Watanabe [Wed, 13 Jun 2018 04:43:36 +0000 (13:43 +0900)]
resolve: do not complete stream transaction when it is under retrying
Yu Watanabe [Wed, 13 Jun 2018 04:20:23 +0000 (13:20 +0900)]
resolve: drop unused argument of dns_server_packet_lost()
Yu Watanabe [Wed, 13 Jun 2018 04:13:34 +0000 (13:13 +0900)]
resolve: correctly count TCP transaction failures
Fixes #9281.
Yu Watanabe [Wed, 13 Jun 2018 03:21:54 +0000 (12:21 +0900)]
resolve: fix log message
Yu Watanabe [Wed, 13 Jun 2018 02:16:26 +0000 (11:16 +0900)]
bash-completion/resolvectl: support privatedns command
Yu Watanabe [Wed, 13 Jun 2018 02:00:52 +0000 (11:00 +0900)]
resolve: reject PrivateDNS=yes
Yu Watanabe [Wed, 13 Jun 2018 01:56:02 +0000 (10:56 +0900)]
resolve: make manager_get_private_dns_mode() always return valid setting
Yu Watanabe [Wed, 13 Jun 2018 01:50:30 +0000 (10:50 +0900)]
resolve: add missing bus property and method
Follow-up for #8849.
Matthias-Christian Ott [Mon, 11 Jun 2018 18:07:36 +0000 (20:07 +0200)]
resolve: do not derive query timeout from RTT
DNS queries need timeout values to detect whether a DNS server is
unresponsive or, if the query is sent over UDP, whether a DNS message
was lost and has to be resent. The total time that it takes to answer a
query to arrive is t + RTT, where t is the maximum time that the DNS
server that is being queried needs to answer the query.
An authoritative server stores a copy of the zone that it serves in main
memory or secondary storage, so t is very small and therefore the time
that it takes to answer a query is almost entirely determined by the
RTT. Modern authoritative server software keeps its zones in main memory
and, for example, Knot DNS and NSD are able to answer in less than
100 µs [1]. So iterative resolvers continuously measure the RTT to
optimize their query timeouts and to resend queries more quickly if they
are lost.
systemd-resolved is a stub resolver: it forwards DNS queries to an
upstream resolver and waits for an answer. So the time that it takes for
systemd-resolved to answer a query is determined by the RTT and the time
that it takes the upstream resolver to answer the query.
It seems common for iterative resolver software to set a total timeout
for the query. Such total timeout subsumes the timeout of all queries
that the iterative has to make to answer a query. For example, BIND
seems to use a default timeout of 10 s.
At the moment systemd-resolved derives its query timeout entirely from
the RTT and does not consider the query timeout of the upstream
resolver. Therefore it often mistakenly degrades the feature set of its
upstream resolvers if it takes them longer than usual to answer a query.
It has been reported to be a considerable problem in practice, in
particular if DNSSEC=yes. So the query timeout systemd-resolved should
be derived from the timeout of the upstream resolved and the RTT to the
upstream resolver.
At the moment systemd-resolved measures the RTT as the time that it
takes the upstream resolver to answer a query. This clearly leads to
incorrect measurements. In order to correctly measure the RTT
systemd-resolved would have to measure RTT separately and continuously,
for example with a query with an empty question section or a query for
the SOA RR of the root zone so that the upstream resolver would be able
to answer to query without querying another server. However, this
requires significant changes to systemd-resolved. So it seems best to
postpone them until other issues have been addressed and to set the
resend timeout to a fixed value for now.
As mentioned, BIND seems to use a timeout of 10 s, so perhaps 12 s is a
reasonable value that also accounts for common RTT values. If we assume
that the we are going to retry, it could be less. So it should be enough
to set the resend timeout to DNS_TIMEOUT_MAX_USEC as
DNS_SERVER_FEATURE_RETRY_ATTEMPTS * DNS_TIMEOUT_MAX_USEC = 15 s.
However, this will not solve the incorrect feature set degradation and
should be seen as a temporary change until systemd-resolved does
probe the feature set of an upstream resolver independently from the
actual queries.
[1] https://www.knot-dns.cz/benchmark/
Lennart Poettering [Tue, 12 Jun 2018 17:37:22 +0000 (19:37 +0200)]
core: when applying io/blkio per-device rules, don't remove them if they fail
These devices might show up later, hence leave the rules as they are.
Applying the limits should not alter configuration.
Lennart Poettering [Thu, 7 Jun 2018 14:03:43 +0000 (16:03 +0200)]
tree-wide: unify how we define bit mak enums
Let's always write "1 << 0", "1 << 1" and so on, except where we need
more than 31 flag bits, where we write "UINT64(1) << 0", and so on to force
64bit values.
Lennart Poettering [Tue, 12 Jun 2018 18:45:39 +0000 (20:45 +0200)]
Merge pull request #8849 from irtimmer/feature/dns-over-tls
resolve: Support for DNS-over-TLS
Iwan Timmer [Mon, 11 Jun 2018 19:33:57 +0000 (21:33 +0200)]
man: document DNS-over-TLS options
Michael Biebl [Tue, 12 Jun 2018 14:19:21 +0000 (16:19 +0200)]
doc: more spelling fixes
Lennart Poettering [Tue, 12 Jun 2018 14:26:36 +0000 (16:26 +0200)]
update NEWS with new PrivateMounts= blurb
Lennart Poettering [Fri, 1 Jun 2018 09:24:40 +0000 (11:24 +0200)]
units: switch udev service to use PrivateMounts=yes
Given that PrivateMounts=yes is the "successor" to MountFlags=slave in
unit files, let's make use of it for udevd.
Lennart Poettering [Fri, 1 Jun 2018 09:23:51 +0000 (11:23 +0200)]
man: document the new PrivateMounts= setting
Also, extend the documentation on MountFlags= substantially, hopefully
addressing all the questions of #4393
Fixes: #4393
Lennart Poettering [Fri, 1 Jun 2018 09:10:49 +0000 (11:10 +0200)]
core: add new PrivateMounts= unit setting
This new setting is supposed to be useful in most cases where
"MountFlags=slave" is currently used, i.e. as an explicit way to run a
service in its own mount namespace and decouple propagation from all
mounts of the new mount namespace towards the host.
The effect of MountFlags=slave and PrivateMounts=yes is mostly the same,
as both cause a CLONE_NEWNS namespace to be opened, and both will result
in all mounts within it to be mounted MS_SLAVE. The difference is mostly
on the conceptual/philosophical level: configuring the propagation mode
is nothing people should have to think about, in particular as the
matter is not precisely easyto grok. Moreover, MountFlags= allows configuration
of "private" and "slave" modes which don't really make much sense to use
in real-life and are quite confusing. In particular PrivateMounts=private means
mounts made on the host stay pinned for good by the service which is
particularly nasty for removable media mount. And PrivateMounts=shared
is in most ways a NOP when used a alone...
The main technical difference between setting only MountFlags=slave or
only PrivateMounts=yes in a unit file is that the former remounts all
mounts to MS_SLAVE and leaves them there, while that latter remounts
them to MS_SHARED again right after. The latter is generally a nicer
approach, since it disables propagation, while MS_SHARED is afterwards
in effect, which is really nice as that means further namespacing down
the tree will get MS_SHARED logic by default and we unify how
applications see our mounts as we always pass them as MS_SHARED
regardless whether any mount namespacing is used or not.
The effect of PrivateMounts=yes was implied already by all the other
mount namespacing options. With this new option we add an explicit knob
for it, to request it without any other option used as well.
See: #4393
Lennart Poettering [Tue, 12 Jun 2018 14:00:37 +0000 (16:00 +0200)]
Merge pull request #9270 from mbiebl/typo-fixes
NEWS: typo fixes
Michael Biebl [Tue, 12 Jun 2018 13:49:37 +0000 (15:49 +0200)]
doc: typo fixes, mostly duplicated words
Michael Biebl [Tue, 12 Jun 2018 13:41:38 +0000 (15:41 +0200)]
NEWS: typo fixes
Lennart Poettering [Tue, 12 Jun 2018 12:58:13 +0000 (14:58 +0200)]
Merge pull request #9268 from keszybz/news
NEWS followup and a small man addition
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 12:06:47 +0000 (14:06 +0200)]
NEWS: mention "bad-setting" load state and other small additions