Lennart Poettering [Thu, 21 Aug 2014 14:13:15 +0000 (16:13 +0200)]
util: simplify close_nointr() a bit
Lennart Poettering [Thu, 21 Aug 2014 14:10:59 +0000 (16:10 +0200)]
util: change return value of startswith() to non-const
This way we can use it on non-const strings, and don't end up with a
const'ified result.
This is similar to libc's strstr() which also takes a const string but
returns a non-const one.
Lennart Poettering [Thu, 21 Aug 2014 14:10:37 +0000 (16:10 +0200)]
CODING_STYLE: document that we don't break lines at 80ch
Harald Hoyer [Tue, 19 Aug 2014 09:27:34 +0000 (11:27 +0200)]
journalctl: add "-t --identifier=STRING" option
This turns journalctl to the counterpart of systemd-cat.
Messages sent with
systemd-cat --identifier foo --prioritiy debug
can now be shown with
journalctl --identifier foo --prioritiy debug
"--identifier" is not merged with "--unit" to make a clear
distinction between syslog and systemd units.
syslog identifiers can be chosen freely by anyone.
Tom Gundersen [Fri, 15 Aug 2014 19:04:07 +0000 (21:04 +0200)]
sd-event: add API to access epoll_fd
This is a prerequisite for integrating sd-event into an external
event loop.
Tom Gundersen [Wed, 20 Aug 2014 13:56:14 +0000 (15:56 +0200)]
resolved: write resolv.conf search - switch arguments
Found by Lukáš Nykrýn.
Lukas Nykryn [Wed, 20 Aug 2014 13:13:06 +0000 (15:13 +0200)]
journal-upload: make sure that 'r' is initialized
Lukas Nykryn [Wed, 20 Aug 2014 13:02:09 +0000 (15:02 +0200)]
util: return after freeing all members of array
Lukas Nykryn [Wed, 20 Aug 2014 12:51:27 +0000 (14:51 +0200)]
journal-remote: remove unreachable code
Lennart Poettering [Wed, 20 Aug 2014 12:47:35 +0000 (14:47 +0200)]
resolved: fix which return codes we check
Discovered by Lukas Nykryn
Lukas Nykryn [Wed, 20 Aug 2014 12:34:23 +0000 (14:34 +0200)]
resolved-dns-rr: fix typo
a->rrsig.type_covered != a->rrsig.type_covered" is always false
regardless of the values of its operands because those operands are identical.
Lennart Poettering [Wed, 20 Aug 2014 11:49:39 +0000 (13:49 +0200)]
machine-id-setup: don't try to read UUID from VM/container manager if we operate on a root directory that's not /
This should make sure no UUID from the host systemd-machine-id-setup is
running on leaks onto a disk image that is provisioned with the tool.
Tom Gundersen [Wed, 20 Aug 2014 09:25:23 +0000 (11:25 +0200)]
build: remove repeated KMOD section
Lukas Nykryn [Tue, 19 Aug 2014 18:53:29 +0000 (20:53 +0200)]
systemctl: fail in the case that no unit files were found
Previously systemctl died with message
-bash-4.2# systemctl --root /rawhi list-unit-files
(src/systemctl/systemctl.c:868) Out of memory.
in the case that no unit files were found in the --root
or the directory did not exist.
So lets return ENOENT in the case that --root does not exist
and empty list in the case that there are no unit files.
Lennart Poettering [Tue, 19 Aug 2014 22:57:17 +0000 (00:57 +0200)]
CONST_MAX breaks gcc on fedora 20 with optimiztation
Lennart Poettering [Tue, 19 Aug 2014 22:47:43 +0000 (00:47 +0200)]
build: include more optional modules in build string
Lennart Poettering [Tue, 19 Aug 2014 22:38:39 +0000 (00:38 +0200)]
update hwdb
Lennart Poettering [Tue, 19 Aug 2014 22:18:04 +0000 (00:18 +0200)]
indentation/spurious whitespace fixes
Lennart Poettering [Tue, 19 Aug 2014 22:17:46 +0000 (00:17 +0200)]
journal-upload: allow the tool to start
Lennart Poettering [Tue, 19 Aug 2014 22:15:05 +0000 (00:15 +0200)]
cmdline: for new tools avoid introduce new negative switches, and properly align --help texts
Negative switches are a bad un-normalized thing. We alerady have some,
but we should try harder to avoid intrdoucing new ones.
Hence, instead of adding two switches:
--foobar
--no-foobar
Let's instead use the syntax
--foobar
--foobar=yes
--foobar=no
Where the first two are equivalent. The boolean argument is parsed
following the usual rules.
Change all new negative switches this way.
This patch also properly aligns the --help table, so that single char
switches always get a column separate of the long switches.
Lennart Poettering [Tue, 19 Aug 2014 22:14:09 +0000 (00:14 +0200)]
README: mention the new optional libidn dependency
Lennart Poettering [Tue, 19 Aug 2014 21:37:16 +0000 (23:37 +0200)]
update NEWS
Ronny Chevalier [Tue, 19 Aug 2014 21:21:43 +0000 (23:21 +0200)]
man: fix typos
Tom Gundersen [Tue, 19 Aug 2014 21:44:17 +0000 (23:44 +0200)]
NEWS
Thomas Hindoe Paaboel Andersen [Tue, 19 Aug 2014 21:27:44 +0000 (23:27 +0200)]
sysusers: initialize r
Needed for the stdin case where it could otherwise end up being used
uninitialized.
Thomas Hindoe Paaboel Andersen [Tue, 19 Aug 2014 21:10:53 +0000 (23:10 +0200)]
NEWS: typo fixes
Thomas Hindoe Paaboel Andersen [Tue, 19 Aug 2014 20:55:06 +0000 (22:55 +0200)]
remove unused variables
Lennart Poettering [Tue, 19 Aug 2014 20:45:53 +0000 (22:45 +0200)]
build-sys: update versions for upcoming release
Lennart Poettering [Tue, 19 Aug 2014 20:35:04 +0000 (22:35 +0200)]
memfd: escape the comm field we get from PR_GET_NAME, but assume everything else is proper UTF8
Daniel Mack [Tue, 19 Aug 2014 20:23:43 +0000 (22:23 +0200)]
NEWS: fix minor nits
Daniel Mack [Tue, 19 Aug 2014 20:08:54 +0000 (22:08 +0200)]
memfd: skip utf-8 escaping if we use a name that was passed in
If a name was passed in as function argument, trust it, and don't do utf-8
encoding for them. Callers are obliged to check the names themselves, and
escape them in case they use anything they got from the outside world.
Lennart Poettering [Tue, 19 Aug 2014 19:57:37 +0000 (21:57 +0200)]
socket: suffix newly added TCP sockopt time properties with "Sec"
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit.
Lennart Poettering [Tue, 19 Aug 2014 19:55:10 +0000 (21:55 +0200)]
README: document what to do with the NSS modules
Lennart Poettering [Tue, 19 Aug 2014 19:53:43 +0000 (21:53 +0200)]
prepare NEWS for next release
Daniel Mack [Tue, 19 Aug 2014 19:09:16 +0000 (21:09 +0200)]
memfd: reduce name escaping logic to utf-8 checks
As memfds are now created by proper kernel API, and not by our functions, we
can't rely on names being escaped/unescaped according to our current logic.
Thus, the only safe way is to remove the escaping and when reading names,
just escape names that are not properly encoded in UTF-8.
Also, remove assert(name) lines from the memfd creation functions, as we
explictly allow name to be NULL.
Lennart Poettering [Tue, 19 Aug 2014 17:39:16 +0000 (19:39 +0200)]
memfd: simplify API
Now, that the memfd stuff is not exported anymore, we can simplify a few
things:
Use assert() instead of assert_return(), since this is used internally
only, and we should be less permissive then.
No need to pass an allocated fd back by call-by-reference, we can just
directly return it.
Lennart Poettering [Tue, 19 Aug 2014 17:22:40 +0000 (19:22 +0200)]
update TODO
Lennart Poettering [Tue, 19 Aug 2014 17:16:08 +0000 (19:16 +0200)]
Revert "socket: introduce SELinuxLabelViaNet option"
This reverts commit
cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list.
Lennart Poettering [Tue, 19 Aug 2014 17:05:11 +0000 (19:05 +0200)]
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from
This way we can guarantee a limited amount of compatibility with
login.defs, by generate an appopriate "r" line out of it, on package
installation.
Tom Gundersen [Tue, 19 Aug 2014 16:59:28 +0000 (18:59 +0200)]
networkd: don't consider deprecated or tentative addresses when determining operstate
https://bugs.freedesktop.org/show_bug.cgi?id=81287
Michal Sekletar [Thu, 24 Jul 2014 08:40:28 +0000 (10:40 +0200)]
socket: introduce SELinuxLabelViaNet option
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
Tom Gundersen [Tue, 19 Aug 2014 15:51:50 +0000 (17:51 +0200)]
networkd: netdev - add missing callback when adding stacked devices
As the comment says, the passed in callback must always be invoked, or the underlying link
will hang. This was missed when reworking the code, so add it back in.
Tom Gundersen [Tue, 19 Aug 2014 15:50:38 +0000 (17:50 +0200)]
networkd: link - don't enforce ENSLAVING state
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not
when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured
in parallel), so drop these asserts.
Lennart Poettering [Tue, 19 Aug 2014 14:47:37 +0000 (16:47 +0200)]
update TODO
Lennart Poettering [Tue, 19 Aug 2014 14:46:43 +0000 (16:46 +0200)]
util: remove unused FOREACH_WORD_SEPARATOR_QUOTED
Lennart Poettering [Tue, 19 Aug 2014 14:40:02 +0000 (16:40 +0200)]
sysusers: realign sysusers snippets
Lennart Poettering [Tue, 19 Aug 2014 14:38:43 +0000 (16:38 +0200)]
sysusers: set home directory for root to /root
Lennart Poettering [Tue, 19 Aug 2014 14:34:06 +0000 (16:34 +0200)]
sysusers: add another column to sysusers files for the home directory
Tom Gundersen [Tue, 19 Aug 2014 13:41:23 +0000 (15:41 +0200)]
networkd: fix use-after-free
Elements must be removed from the hashtable before they are freed.
Lennart Poettering [Tue, 19 Aug 2014 00:19:10 +0000 (02:19 +0200)]
update TODO
Lennart Poettering [Tue, 19 Aug 2014 00:16:27 +0000 (02:16 +0200)]
sysusers: add a new RPM macro for creating users directly from data passed in via stdin
This allows encoding users to create directly in %pre, which is
necessary so that files owned by the RPM can be assigned to the right
users/groups.
This new macro does create a redundancy, as user definitions for all
users that shall own files need to to be listed twice, once with this
new macro, and then secondly, in the sysusers file shipped with the
package. But there's little way around that, as the users of this type
need to exist before we install the first file, but we actually want to
ship the user information in a file.
Lennart Poettering [Tue, 19 Aug 2014 00:14:32 +0000 (02:14 +0200)]
sysusers: optionally, read sysuers configuration from standard input
Lennart Poettering [Tue, 19 Aug 2014 00:09:14 +0000 (02:09 +0200)]
update TODO
Lennart Poettering [Mon, 18 Aug 2014 23:57:24 +0000 (01:57 +0200)]
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users
This should resolve problems with tools like "grpck" and suchlike.
Lennart Poettering [Mon, 18 Aug 2014 22:04:46 +0000 (00:04 +0200)]
hashmap: try to use the existing 64bit hash functions for dev_t if it is 64bit
David Herrmann [Mon, 18 Aug 2014 21:54:10 +0000 (23:54 +0200)]
bus: map sealed memfds as MAP_PRIVATE
Mapping files as MAP_SHARED is handled by the kernel as 'writable'
mapping. Always! Even with PROT_READ. Reason for that is,
mprotect(PROT_WRITE) could change the mapping underneath and currently
there is no kernel infrastructure to add protection there. This might
change in the future, but until then, map sealed files as MAP_PRIVATE so
we don't get EPERM.
Lennart Poettering [Mon, 18 Aug 2014 21:16:18 +0000 (23:16 +0200)]
Update TODO
Lennart Poettering [Mon, 18 Aug 2014 21:15:51 +0000 (23:15 +0200)]
util: try to be a bit more NFS compatible when checking whether an FS is writable
https://bugs.freedesktop.org/show_bug.cgi?id=81169
Lennart Poettering [Mon, 18 Aug 2014 20:25:24 +0000 (22:25 +0200)]
core: minor modernizations
Lennart Poettering [Mon, 18 Aug 2014 20:21:42 +0000 (22:21 +0200)]
units: fix BindsTo= logic when applied relative to services with Type=oneshot
Start jobs for Type=oneshot units are successful when the unit state
transition activating → inactive took place. In such a case all units
that BindsTo= on it previously would continue to run, even though the unit
they dependet on was actually already gone.
Ronny Chevalier [Mon, 18 Aug 2014 19:00:23 +0000 (21:00 +0200)]
man: fix typo
Ronny Chevalier [Mon, 18 Aug 2014 18:59:11 +0000 (20:59 +0200)]
bootchart: use NSEC_PER_SEC
Denis Kenzior [Mon, 18 Aug 2014 18:21:55 +0000 (13:21 -0500)]
bus-control: Fix cgroup handling
On systems without properly setup systemd, cg_get_root_path returns
-ENOENT. This means that busctl doesn't display much information.
busctl monitor also fails whenever it intercepts messages.
This fix fakes creates a fake "/" root cgroup which lets busctl work
on such systems.
Lennart Poettering [Mon, 18 Aug 2014 17:08:03 +0000 (19:08 +0200)]
man: mention that "units" are commonly system services
Also, provide an example for -u.
Lennart Poettering [Mon, 18 Aug 2014 16:59:48 +0000 (18:59 +0200)]
networkd: fix how we generate lists in link_save()
https://bugs.freedesktop.org/show_bug.cgi?id=82721
Ronny Chevalier [Sat, 16 Aug 2014 12:19:12 +0000 (14:19 +0200)]
tests: add missing entry to test-tables
Ronny Chevalier [Sat, 16 Aug 2014 12:19:11 +0000 (14:19 +0200)]
tests: add tests for time-util.c
add tests for:
- timezone_is_valid
- get_timezones
Ronny Chevalier [Sat, 16 Aug 2014 12:19:10 +0000 (14:19 +0200)]
tests: add test-condition-util
Ronny Chevalier [Sat, 16 Aug 2014 12:19:09 +0000 (14:19 +0200)]
tests: add tests for util.c
add tests for:
- is_symlink
- pid_is_unwaited
- pid_is_alive
- search_and_fopen
- search_and_fopen_nulstr
- glob_exists
- execute_directory
Ronny Chevalier [Sat, 16 Aug 2014 12:19:08 +0000 (14:19 +0200)]
tests: add test for fdset_iterate
Ronny Chevalier [Sat, 16 Aug 2014 12:19:07 +0000 (14:19 +0200)]
tests: add tests for fileio.c
add tests for:
- write_string_stream
- write_string_file
- sendfile_full
Ronny Chevalier [Sat, 16 Aug 2014 12:19:06 +0000 (14:19 +0200)]
tests: add missing unlink
Ronny Chevalier [Sat, 16 Aug 2014 12:19:05 +0000 (14:19 +0200)]
tests: add tests for socket-util.c
add tests for:
- socket_address_is
- socket_address_is_netlink
- sockaddr_equal
Ronny Chevalier [Sat, 16 Aug 2014 12:24:27 +0000 (14:24 +0200)]
man: fix typo
Michael Olbrich [Sun, 17 Aug 2014 07:45:00 +0000 (09:45 +0200)]
tmpfiles: only execute chmod()/chown() when needed
This avoids errors like this, when the paths are already there with the
correct permissions and owner:
chmod(/var/spool) failed: Read-only file system
Lennart Poettering [Mon, 18 Aug 2014 16:12:55 +0000 (18:12 +0200)]
Merge remote-tracking branch 'origin/master'
Tom Gundersen [Mon, 18 Aug 2014 10:29:45 +0000 (12:29 +0200)]
networkd: warn when ignoring unsupported tuntap options
The interface for creating tuntap devices should be ported to rtnl so it would support the same settings
as other kinds. In the meantime, the best one can do is to drop in a .link file to set the desired options.
Stef Walter [Wed, 6 Aug 2014 09:45:36 +0000 (11:45 +0200)]
core: Verify systemd1 DBus method callers via polkit
DBus methods that retrieve information can be called by anyone.
DBus methods that modify state of units are verified via polkit
action: org.freedesktop.systemd1.manage-units
DBus methods that modify state of unit files are verified via polkit
action: org.freedesktop.systemd1.manage-unit-files
DBus methods that reload the entire daemon state are verified via polkit
action: org.freedesktop.systemd1.reload-daemon
DBus methods that modify job state are callable from the clients
that started the job.
root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property
access etc. There are several DBus methods that can only be
called by root.
Open up the dbus1 policy for the above methods.
(Heavily modified by Lennart, making use of the new
bus_verify_polkit_async() version that doesn't force us to always
pass the original callback around. Also, interactive auhentication must
be opt-in, not unconditional, hence I turned this off.)
Lennart Poettering [Mon, 18 Aug 2014 15:44:17 +0000 (17:44 +0200)]
bus-util: simplify bus_verify_polkit_async() a bit
First, let's drop the "bus" argument, we can determine it from the
message anyway.
Secondly, determine the right callback/userdata pair automatically from
what is currently is being dispatched. This should simplify things a lot
for us, since it makes it unnecessary to pass pointers through the
original handlers through all functions when we process messages, which
might require authentication.
Lennart Poettering [Mon, 18 Aug 2014 15:41:56 +0000 (17:41 +0200)]
sd-bus: add API to query which handler/callback is currently being dispatched
Daniel Mack [Mon, 18 Aug 2014 11:28:43 +0000 (13:28 +0200)]
memfd: internalize functions, drop sd_memfd type
Remove the sd_ prefix from internal functions and get rid of the sd_memfd
type. As a memfd is now just a native file descriptor, we can get rid of our
own wrapper type, and also use close() and dup() on them directly.
David Herrmann [Mon, 18 Aug 2014 11:07:43 +0000 (13:07 +0200)]
memfd: use _cleanup_ if applicable
We now have a sd_memfd_freep helper, use it if applicable.
David Herrmann [Mon, 18 Aug 2014 11:05:48 +0000 (13:05 +0200)]
memfd: map unsealed files as MAP_SHARED
We need to map sealed files as MAP_PRIVATE so far as the kernel treats
MAP_SHARED as writable mapping (you can run mprotect(PROT_WRITE) at any
time on those). However, unsealed files must be mapped as MAP_SHARED.
Otherwise, we never end up writing to the real file.
David Herrmann [Mon, 18 Aug 2014 11:03:09 +0000 (13:03 +0200)]
memfd: disallow importing memfds without sealing
We use memfds for sealing. Lets not bother with memfds created without
MFD_ALLOW_SEALING for now. They're equivalent to random shmem files, so
don't bother treating them as sealable memfds.
David Herrmann [Mon, 18 Aug 2014 10:57:55 +0000 (12:57 +0200)]
memfd: don't open kdbus for memfd
No reason to open /dev/kdbus/control if we want memfds. memfd_create() is
always available.
David Herrmann [Mon, 18 Aug 2014 10:57:03 +0000 (12:57 +0200)]
memfd: internalize header
Fix the memfd.h header to use handy features like #pragma, cleanup-funcs
and util.h. Also drop the EXTERN-C macros.
Daniel Mack [Mon, 18 Aug 2014 10:24:04 +0000 (12:24 +0200)]
memfd: fix memfd_create() syscall wrapper
Unlike earlier versions, the syscall only takes 2 arguments in its
final version, not 3.
Daniel Mack [Mon, 18 Aug 2014 08:55:49 +0000 (10:55 +0200)]
memfd: move code from public library to src/shared
Don't expose generic kernel API via libsystemd, but keep the code internal
for our own usage.
Daniel Mack [Mon, 18 Aug 2014 08:45:49 +0000 (10:45 +0200)]
Makefile.am: test-bus-memfd went away. Kill its residues in Makefile.am
Daniel Mack [Mon, 12 May 2014 23:28:09 +0000 (01:28 +0200)]
kdbus: switch over to generic memfd implementation (ABI+API break)
Thomas Hindoe Paaboel Andersen [Sat, 16 Aug 2014 21:18:32 +0000 (23:18 +0200)]
networkctl: use safe_qsort in case no links are present
Unlikely to happen but still...
Thomas Hindoe Paaboel Andersen [Fri, 15 Aug 2014 22:31:23 +0000 (00:31 +0200)]
sd-bus,log: remove unused variables
Tom Gundersen [Fri, 15 Aug 2014 17:15:30 +0000 (19:15 +0200)]
sd-event: return 'r' rather than '-errno'
Lennart Poettering [Fri, 15 Aug 2014 18:25:10 +0000 (20:25 +0200)]
Tom Gundersen [Fri, 15 Aug 2014 16:21:18 +0000 (18:21 +0200)]
sd-event: fix missing needs_rearm
Lennart Poettering [Fri, 15 Aug 2014 18:08:51 +0000 (20:08 +0200)]
sd-bus: add API to check if a client has privileges
This is a generalization of the vtable privilege check we already have,
but exported, and hence useful when preparing for a polkit change.
This will deal with the complexity that on dbus1 one cannot trust the
capability field we retrieve via the bus, since it is read via
/proc/$$/stat (and thus might be out-of-date) rather than directly from
the message (like on kdbus) or bus connection (as for uid creds on
dbus1).
Also, port over all code to this new API.
Lennart Poettering [Fri, 15 Aug 2014 16:29:21 +0000 (18:29 +0200)]
update TODO
Lennart Poettering [Fri, 15 Aug 2014 16:14:37 +0000 (18:14 +0200)]
cgroup: only generate warnings if actually writing to cgroup attributes failed
Lennart Poettering [Fri, 15 Aug 2014 16:07:36 +0000 (18:07 +0200)]
main,log: parse the log related kernel command line parameters at one place only, and for all tools
Previously, we ended up parsing some of them three times: in main.c when
processing the kernel cmdline, in main.c when processing the process
cmdline (only for containers), and in log.c again.
Let's streamline this, and only parse them in log.c
In PID 1 also make sure we parse "quiet" first, and then override this
with the more specific checks in log.c
Lennart Poettering [Fri, 15 Aug 2014 16:01:52 +0000 (18:01 +0200)]
main: minor code modernization for initializing the console