platform/upstream/systemd.git
8 years agoMerge pull request #4546 from keszybz/xsprintf-revert
Lennart Poettering [Thu, 3 Nov 2016 04:44:36 +0000 (22:44 -0600)]
Merge pull request #4546 from keszybz/xsprintf-revert

xsprintf revert

8 years agoudev/udev-watch: calculate the real buffer sizes needed
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:05:48 +0000 (22:05 -0400)]
udev/udev-watch: calculate the real buffer sizes needed

8 years agoDo not raise in switch root if paths are too long
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:05:06 +0000 (22:05 -0400)]
Do not raise in switch root if paths are too long

If we encounter the (unlikely) situation where the combined path to the
new root and a path to a mount to be moved together exceed maximum path length,
we shouldn't crash, but fail this path instead.

8 years agosd-bus: use PRIu64 instead of casting
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:03:27 +0000 (22:03 -0400)]
sd-bus: use PRIu64 instead of casting

8 years agoRevert some uses of xsprintf
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 02:02:46 +0000 (22:02 -0400)]
Revert some uses of xsprintf

This reverts some changes introduced in d054f0a4d4.
xsprintf should be used in cases where we calculated the right buffer
size by hand (using DECIMAL_STRING_MAX and such), and never in cases where
we are printing externally specified strings of arbitrary length.

Fixes #4534.

8 years agoMerge pull request #4481 from poettering/perpetual
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 01:03:26 +0000 (21:03 -0400)]
Merge pull request #4481 from poettering/perpetual

Add "perpetual" unit concept, sysctl fixes, networkd fixes, systemctl color fixes, nspawn discard.

8 years agoMerge pull request #4542 from poettering/v232prep
Zbigniew Jędrzejewski-Szmek [Thu, 3 Nov 2016 00:13:27 +0000 (20:13 -0400)]
Merge pull request #4542 from poettering/v232prep

preparation for 232

8 years agocore: make a constant table actually constant
Lennart Poettering [Wed, 2 Nov 2016 18:05:22 +0000 (12:05 -0600)]
core: make a constant table actually constant

8 years agocore: don't hit an assert when printing status messages about units with overly long...
Lennart Poettering [Wed, 2 Nov 2016 18:02:53 +0000 (12:02 -0600)]
core: don't hit an assert when printing status messages about units with overly long description strings

This essentially reverts one part of d054f0a4d451120c26494263fc4dc175bfd405b1.

(We might also choose to use proper ellipsation here, but I wasn't sure the
memory allocation this requires wouöld be a good idea here...)

Fixes: #4534

8 years agoman: fix two typos (is → are) (#4544)
Lucas Werkmeister [Thu, 3 Nov 2016 00:10:29 +0000 (01:10 +0100)]
man: fix two typos (is → are) (#4544)

8 years agoMerge pull request #4456 from keszybz/stored-fds
Lennart Poettering [Wed, 2 Nov 2016 22:29:04 +0000 (16:29 -0600)]
Merge pull request #4456 from keszybz/stored-fds

Preserve stored fds over service restart

8 years agosystemctl: fix incorrect "need reload" on cat (#4535)
Lucas Werkmeister [Wed, 2 Nov 2016 22:12:03 +0000 (23:12 +0100)]
systemctl: fix incorrect "need reload" on cat (#4535)

Reported by @evverx in #4493.

8 years agoMerge pull request #4483 from poettering/exec-order
Lennart Poettering [Wed, 2 Nov 2016 22:09:59 +0000 (16:09 -0600)]
Merge pull request #4483 from poettering/exec-order

more seccomp fixes, and change of order of selinux/aa/smack and seccomp application on exec

8 years agobuild-sys: bump package and library version in preparation for v232
Lennart Poettering [Wed, 2 Nov 2016 22:04:40 +0000 (16:04 -0600)]
build-sys: bump package and library version in preparation for v232

8 years agoadd two additional entries to NEWS
Lennart Poettering [Wed, 2 Nov 2016 22:02:12 +0000 (16:02 -0600)]
add two additional entries to NEWS

8 years agoNEWS: add contributor list to news file
Lennart Poettering [Wed, 2 Nov 2016 21:52:57 +0000 (15:52 -0600)]
NEWS: add contributor list to news file

Unfortunately, github drops the original commiter when a PR is "squashed" (even
if it is only a single commit) and replaces it with some rubbish
github-specific user id. Thus, to make the contributors list somewhat useful,
update the .mailmap file and undo all the weirdness github applied there.

8 years agopid1: fix fd memleak when we hit FileDescriptorStoreMax limit
Zbigniew Jędrzejewski-Szmek [Wed, 2 Nov 2016 19:00:54 +0000 (15:00 -0400)]
pid1: fix fd memleak when we hit FileDescriptorStoreMax limit

Since service_add_fd_store() already does the check, remove the redundant check
from service_add_fd_store_set().

Also, print a warning when repopulating FDStore after daemon-reexec and we hit
the limit. This is a user visible issue, so we should not discard fds silently.
(Note that service_deserialize_item is impacted by the return value from
service_add_fd_store(), but we rely on the general error message, so the caller
does not need to be modified, and does not show up in the diff.)

8 years agocore: change mount_synthesize_root() return to int
Lennart Poettering [Wed, 2 Nov 2016 17:38:12 +0000 (11:38 -0600)]
core: change mount_synthesize_root() return to int

Let's propagate the error here, instead of eating it up early.

In a later change we should probably also change mount_enumerate() to propagate
errors up, but that would mean we'd have to change the unit vtable, and thus
change all unit types, hence is quite an invasive change.

8 years agonetworkd: flush DNSSL/RDNSS lists when we lose carrier
Lennart Poettering [Tue, 25 Oct 2016 10:08:43 +0000 (12:08 +0200)]
networkd: flush DNSSL/RDNSS lists when we lose carrier

Fixes: #3870

8 years agonetword: minor memory leak fix
Lennart Poettering [Tue, 25 Oct 2016 10:08:24 +0000 (12:08 +0200)]
netword: minor memory leak fix

8 years agonspawn: if we set up a loopback device, try to mount it with "discard"
Lennart Poettering [Tue, 25 Oct 2016 09:39:09 +0000 (11:39 +0200)]
nspawn: if we set up a loopback device, try to mount it with "discard"

Let's make sure that our loopback files remain sparse, hence let's set
"discard" as mount option on file systems that support it if the backing device
is a loopback.

8 years agosystemctl: tweak the "systemctl list-units" output a bit
Lennart Poettering [Tue, 25 Oct 2016 09:06:47 +0000 (11:06 +0200)]
systemctl: tweak the "systemctl list-units" output a bit

Make the underlining between the header and the body and between the units of
different types span the whole width of the table.

Let's never make the table wider than necessary (which is relevant due the
above).

When space is limited and we can't show the full ID or description string
prefer showing the full ID over the full description. The ID is after all
something people might want to copy/paste, while the description is mostly just
helpful decoration.

8 years agosystemctl: properly turn off color after active column
Lennart Poettering [Tue, 25 Oct 2016 08:00:06 +0000 (10:00 +0200)]
systemctl: properly turn off color after active column

If we turn on red color for the active column and it is not combined with
underlining, then we need to turn it off explicitly afterwards. Do that.

8 years agosysctl: minor simplification
Lennart Poettering [Tue, 25 Oct 2016 07:27:39 +0000 (09:27 +0200)]
sysctl: minor simplification

Let's place only one ternary operator.

8 years agosysctl: no need to check for eof twice
Lennart Poettering [Tue, 25 Oct 2016 07:26:31 +0000 (09:26 +0200)]
sysctl: no need to check for eof twice

Let's only check for eof once after the fgets(). There's no point in checking
EOF before the first read, and twice in each loop.

8 years agosysctl: when failing to process a config line, show line nr
Lennart Poettering [Tue, 25 Oct 2016 07:26:10 +0000 (09:26 +0200)]
sysctl: when failing to process a config line, show line nr

8 years agosysctl: split out condition check into its own function
Lennart Poettering [Tue, 25 Oct 2016 07:25:21 +0000 (09:25 +0200)]
sysctl: split out condition check into its own function

This way, we can get rid of a label/goto.

8 years agosysctl: do not fail systemd-sysctl.service if /proc/sys is mounted read-only
Lennart Poettering [Tue, 25 Oct 2016 07:22:22 +0000 (09:22 +0200)]
sysctl: do not fail systemd-sysctl.service if /proc/sys is mounted read-only

Let's make missing write access to /proc/sys non-fatal to the sysctl service.

This is a follow-up to 411e869f497c7c7bd0688f1e3500f9043bc56e48 which altered
the condition for running the sysctl service to check for /proc/sys/net being
writable, accepting that /proc/sys might be read-only. In order to ensure the
boot-up stays clean in containers lower the log level for the EROFS errors
generated due to this.

8 years agounit: unify some code with new unit_new_for_name() call
Lennart Poettering [Mon, 24 Oct 2016 22:29:05 +0000 (00:29 +0200)]
unit: unify some code with new unit_new_for_name() call

8 years agocore: make the root mount perpetual too
Lennart Poettering [Mon, 24 Oct 2016 22:04:55 +0000 (00:04 +0200)]
core: make the root mount perpetual too

Now that have a proper concept of "perpetual" units, let's make the root mount
one too, since it also cannot go away.

8 years agocore: rework the "no_gc" unit flag to become a more generic "perpetual" flag
Lennart Poettering [Mon, 24 Oct 2016 19:41:54 +0000 (21:41 +0200)]
core: rework the "no_gc" unit flag to become a more generic "perpetual" flag

So far "no_gc" was set on -.slice and init.scope, to units that are always
running, cannot be stopped and never exist in an "inactive" state. Since these
units are the only users of this flag, let's remodel it and rename it
"perpetual" and let's derive more funcitonality off it. Specifically, refuse
enqueing stop jobs for these units, and report that they are "unstoppable" in
the CanStop bus property.

8 years agocore: initialize groups list before checking SupplementaryGroups= of a unit (#4533)
Djalal Harouni [Wed, 2 Nov 2016 16:51:35 +0000 (17:51 +0100)]
core: initialize groups list before checking SupplementaryGroups= of a unit (#4533)

Always initialize the supplementary groups of caller before checking the
unit SupplementaryGroups= option.

Fixes https://github.com/systemd/systemd/issues/4531

8 years agotests: make sure tests pass when invoked in "sudo"
Lennart Poettering [Wed, 2 Nov 2016 02:30:11 +0000 (20:30 -0600)]
tests: make sure tests pass when invoked in "sudo"

This is a follow-up for 6309e51ea32d64524431ee65c49eecd44390da8f and makes sure
we compare test results with the right user identifier.

8 years agoman: document that too strict system call filters may affect the service manager
Lennart Poettering [Tue, 25 Oct 2016 14:08:38 +0000 (16:08 +0200)]
man: document that too strict system call filters may affect the service manager

If execve() or socket() is filtered the service manager might get into trouble
executing the service binary, or handling any failures when this fails. Mention
this in the documentation.

The other option would be to implicitly whitelist all system calls that are
required for these codepaths. However, that appears less than desirable as this
would mean socket() and many related calls have to be whitelisted
unconditionally. As writing system call filters requires a certain level of
expertise anyway it sounds like the better option to simply document these
issues and suggest that the user disables system call filters in the service
temporarily in order to debug any such failures.

See: #3993.

8 years agoexecute: apply seccomp filters after changing selinux/aa/smack contexts
Lennart Poettering [Tue, 25 Oct 2016 13:52:54 +0000 (15:52 +0200)]
execute: apply seccomp filters after changing selinux/aa/smack contexts

Seccomp is generally an unprivileged operation, changing security contexts is
most likely associated with some form of policy. Moreover, while seccomp may
influence our own flow of code quite a bit (much more than the security context
change) make sure to apply the seccomp filters immediately before executing the
binary to invoke.

This also moves enforcement of NNP after the security context change, so that
NNP cannot affect it anymore. (However, the security policy now has to permit
the NNP change).

This change has a good chance of breaking current SELinux/AA/SMACK setups, because
the policy might not expect this change of behaviour. However, it's technically
the better choice I think and should hence be applied.

Fixes: #3993

8 years agoseccomp: add two new syscall groups
Lennart Poettering [Wed, 2 Nov 2016 14:46:18 +0000 (08:46 -0600)]
seccomp: add two new syscall groups

@resources contains various syscalls that alter resource limits and memory and
scheduling parameters of processes. As such they are good candidates to block
for most services.

@basic-io contains a number of basic syscalls for I/O, similar to the list
seccomp v1 permitted but slightly more complete. It should be useful for
building basic whitelisting for minimal sandboxes

8 years agoman: two minor fixes
Lennart Poettering [Tue, 25 Oct 2016 13:44:54 +0000 (15:44 +0200)]
man: two minor fixes

8 years agoseccomp: include pipes and memfd in @ipc
Lennart Poettering [Tue, 25 Oct 2016 13:43:31 +0000 (15:43 +0200)]
seccomp: include pipes and memfd in @ipc

These system calls clearly fall in the @ipc category, hence should be listed
there, simply to avoid confusion and surprise by the user.

8 years agoseccomp: drop execve() from @process list
Lennart Poettering [Tue, 25 Oct 2016 13:42:10 +0000 (15:42 +0200)]
seccomp: drop execve() from @process list

The system call is already part in @default hence implicitly allowed anyway.
Also, if it is actually blocked then systemd couldn't execute the service in
question anymore, since the application of seccomp is immediately followed by
it.

8 years agoseccomp: add clock query and sleeping syscalls to "@default" group
Lennart Poettering [Tue, 25 Oct 2016 13:38:36 +0000 (15:38 +0200)]
seccomp: add clock query and sleeping syscalls to "@default" group

Timing and sleep are so basic operations, it makes very little sense to ever
block them, hence don't.

8 years agoupdate TODO
Lennart Poettering [Tue, 25 Oct 2016 10:43:53 +0000 (12:43 +0200)]
update TODO

8 years agoudev: net_id: add support for phys_port_name attribute (#4506)
Jiří Pírko [Wed, 2 Nov 2016 02:46:01 +0000 (03:46 +0100)]
udev: net_id: add support for phys_port_name attribute (#4506)

Switch drivers uses phys_port_name attribute to pass front panel port
name to user. Use it to generate netdev names.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
8 years agotests: add test that journald keeps fds over termination by signal
Evgeny Vereshchagin [Thu, 20 Oct 2016 13:18:12 +0000 (13:18 +0000)]
tests: add test that journald keeps fds over termination by signal

This test fails before previous commit, and passes with it.

8 years agocore: when restarting services, don't close fds
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 02:16:02 +0000 (22:16 -0400)]
core: when restarting services, don't close fds

We would close all the stored fds in service_release_resources(), which of
course broke the whole concept of storing fds over service restart.

Fixes #4408.

8 years agoseccomp: allow specifying arm64, mips, ppc (#4491)
Zbigniew Jędrzejewski-Szmek [Tue, 1 Nov 2016 15:33:18 +0000 (11:33 -0400)]
seccomp: allow specifying arm64, mips, ppc (#4491)

"Secondary arch" table for mips is entirely speculative…

8 years agoRecognise Lustre as a remote file system (#4530)
Brian J. Murrell [Tue, 1 Nov 2016 03:48:00 +0000 (23:48 -0400)]
Recognise Lustre as a remote file system (#4530)

Lustre is also a remote file system that wants the network to be up before it is mounted.

8 years agoman: fix typos (#4527)
Jakub Wilk [Mon, 31 Oct 2016 12:08:08 +0000 (13:08 +0100)]
man: fix typos (#4527)

8 years agoImplement VeraCrypt volume handling in crypttab (#4501)
George Hilliard [Sun, 30 Oct 2016 14:25:31 +0000 (09:25 -0500)]
Implement VeraCrypt volume handling in crypttab (#4501)

This introduces a new option, `tcrypt-veracrypt`, that sets the
corresponding VeraCrypt flag in the flags passed to cryptsetup.

8 years agotests: clarify test_path_startswith return value (#4508)
Zbigniew Jędrzejewski-Szmek [Sun, 30 Oct 2016 14:21:29 +0000 (10:21 -0400)]
tests: clarify test_path_startswith return value (#4508)

A pendant for #4481.

8 years agoMerge pull request #4520 from lucaswerkmeister/systemd-escape-man
Zbigniew Jędrzejewski-Szmek [Sun, 30 Oct 2016 01:11:05 +0000 (21:11 -0400)]
Merge pull request #4520 from lucaswerkmeister/systemd-escape-man

systemd-escape manpage improvements

8 years agoman: make systemd-escape examples more consistent
Lucas Werkmeister [Sun, 30 Oct 2016 00:44:07 +0000 (02:44 +0200)]
man: make systemd-escape examples more consistent

The first example wasn't phrased with "To ..." as the other three are,
and the last example was lacking the colon.

8 years agoman: add missing period
Lucas Werkmeister [Sun, 30 Oct 2016 00:43:17 +0000 (02:43 +0200)]
man: add missing period

8 years agoman: improve systemd-escape --path description
Lucas Werkmeister [Sun, 30 Oct 2016 00:42:22 +0000 (02:42 +0200)]
man: improve systemd-escape --path description

The option does more than the documentation gave it credit for.

8 years agoman: add a note that FDSTORE=1 requires epoll-compatible fds
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 00:32:59 +0000 (20:32 -0400)]
man: add a note that FDSTORE=1 requires epoll-compatible fds

Let's say that this was not obvious from our man page.

8 years agopid1: nicely log when doing operation on stored fds
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 00:01:37 +0000 (20:01 -0400)]
pid1: nicely log when doing operation on stored fds

Should help with debugging #4408.

8 years agopid1: only log about added fd if it was really added
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 22:53:24 +0000 (18:53 -0400)]
pid1: only log about added fd if it was really added

If it was a duplicate, log nothing.

8 years ago.gitignore: ignore precompiled GCC headers (#4516)
Daniel Mack [Fri, 28 Oct 2016 17:03:01 +0000 (19:03 +0200)]
.gitignore: ignore precompiled GCC headers (#4516)

Not sure since when this is the default behavior, but my local tree is full
of such files. Let's ignore them for clarity.

8 years agoMerge pull request #4495 from topimiettinen/block-shmat-exec
Djalal Harouni [Fri, 28 Oct 2016 13:41:07 +0000 (15:41 +0200)]
Merge pull request #4495 from topimiettinen/block-shmat-exec

seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute

8 years agoMerge pull request #4458 from keszybz/man-nonewprivileges
Martin Pitt [Fri, 28 Oct 2016 13:35:29 +0000 (15:35 +0200)]
Merge pull request #4458 from keszybz/man-nonewprivileges

Document NoNewPrivileges default value

8 years agoudev: allow substitutions for SECLABEL key (#4505)
Michal Sekletar [Fri, 28 Oct 2016 10:09:14 +0000 (12:09 +0200)]
udev: allow substitutions for SECLABEL key (#4505)

8 years agosystemctl: warn when cat shows changed unit files (#4493)
Lucas Werkmeister [Thu, 27 Oct 2016 13:28:10 +0000 (15:28 +0200)]
systemctl: warn when cat shows changed unit files (#4493)

Suggested by @keszybz in #4488.

8 years agoMerge pull request #4485 from endocode/djalal/portable-branch-v1
Zbigniew Jędrzejewski-Szmek [Thu, 27 Oct 2016 13:17:14 +0000 (09:17 -0400)]
Merge pull request #4485 from endocode/djalal/portable-branch-v1

core: improve mount namespace and working directory setup

8 years agoMerge pull request #4442 from keszybz/detect-virt-userns
Evgeny Vereshchagin [Thu, 27 Oct 2016 10:16:16 +0000 (13:16 +0300)]
Merge pull request #4442 from keszybz/detect-virt-userns

detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users

8 years agocore: make unit argument const for apply seccomp functions
Djalal Harouni [Thu, 27 Oct 2016 07:39:20 +0000 (09:39 +0200)]
core: make unit argument const for apply seccomp functions

8 years agocore: lets apply working directory just after mount namespaces
Djalal Harouni [Tue, 25 Oct 2016 14:24:35 +0000 (16:24 +0200)]
core: lets apply working directory just after mount namespaces

This makes applying groups after applying the working directory, this
may allow some flexibility but at same it is not a big deal since we
don't execute or do anything between applying working directory and
droping groups.

8 years agocore: get the working directory value inside apply_working_directory()
Djalal Harouni [Thu, 27 Oct 2016 07:28:54 +0000 (09:28 +0200)]
core: get the working directory value inside apply_working_directory()

Improve apply_working_directory() and lets get the current working directory
inside of it.

8 years agocore: move apply working directory code into its own apply_working_directory()
Djalal Harouni [Thu, 27 Oct 2016 07:21:44 +0000 (09:21 +0200)]
core: move apply working directory code into its own apply_working_directory()

8 years agocore: move the code that setups namespaces on its own function
Djalal Harouni [Thu, 27 Oct 2016 07:20:18 +0000 (09:20 +0200)]
core: move the code that setups namespaces on its own function

8 years agohwdb: fix error check of wrong variable (#4499)
Thomas H. P. Andersen [Thu, 27 Oct 2016 01:22:26 +0000 (03:22 +0200)]
hwdb: fix error check of wrong variable (#4499)

We updated 'fn' but checked 'v' instead.

From 698c5a17

Spotted with PVS

8 years agoMerge pull request #4448 from msoltyspl/vcfix
Zbigniew Jędrzejewski-Szmek [Thu, 27 Oct 2016 00:26:32 +0000 (20:26 -0400)]
Merge pull request #4448 from msoltyspl/vcfix

Fix some formatting details in the merge.

8 years agounits: disable /dev/hugepages in private user namespaces
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 03:00:38 +0000 (23:00 -0400)]
units: disable /dev/hugepages in private user namespaces

The mount fails, even though CAP_SYS_ADMIN is granted.

8 years agocondition: simplify condition_test_virtualization
Zbigniew Jędrzejewski-Szmek [Tue, 25 Oct 2016 02:53:07 +0000 (22:53 -0400)]
condition: simplify condition_test_virtualization

Rewrite the function to be slightly simpler. In particular, if a specific
match is found (like ConditionVirtualization=yes), simply return an answer
immediately, instead of relying that "yes" will not be matched by any of
the virtualization names below.

No functional change.

8 years agotest-tables: test ConditionVirtualization
Zbigniew Jędrzejewski-Szmek [Mon, 24 Oct 2016 23:17:50 +0000 (19:17 -0400)]
test-tables: test ConditionVirtualization

8 years agoshared/condition: add ConditionVirtualization=[!]private-users
Zbigniew Jędrzejewski-Szmek [Sat, 22 Oct 2016 02:56:58 +0000 (22:56 -0400)]
shared/condition: add ConditionVirtualization=[!]private-users

This can be useful to silence warnings about units which fail in userns
container.

8 years agodetect-virt: add --private-users switch to check if a userns is active
Zbigniew Jędrzejewski-Szmek [Fri, 21 Oct 2016 03:41:21 +0000 (23:41 -0400)]
detect-virt: add --private-users switch to check if a userns is active

Various things don't work when we're running in a user namespace, but it's
pretty hard to reliably detect if that is true.

A function is added which looks at /proc/self/uid_map and returns false
if the default "0 0 UINT32_MAX" is found, and true if it finds anything else.
This misses the case where an 1:1 mapping with the full range was used, but
I don't know how to distinguish this case.

'systemd-detect-virt --private-users' is very similar to
'systemd-detect-virt --chroot', but we check for a user namespace instead.

8 years agogitignore: add test-seccomp (#4498)
Thomas H. P. Andersen [Wed, 26 Oct 2016 23:40:25 +0000 (01:40 +0200)]
gitignore: add test-seccomp (#4498)

8 years agonetworkd : verify dns ip address when parsing configuration (#4492)
Susant Sahani [Wed, 26 Oct 2016 23:31:04 +0000 (05:01 +0530)]
networkd : verify dns ip address when parsing configuration (#4492)

Invalid IP addresses would be passed through as-is:
$ networkctl status wlp3s0:
● 2: wlp3s0
       Link File: /usr/lib/systemd/network/99-default.link
    Network File: /etc/systemd/network/wlp3s0.network
            Type: wlan
           State: routable (configured)
            Path: pci-0000:03:00.0
          Driver: iwlwifi
          Vendor: Intel Corporation
           Model: Centrino Advanced-N 6205 [Taylor Peak] (Centrino Advanced-N 6205 AGN)
      HW Address: XXXXXXXXXX (Intel Corporate)
         Address: 192.168.2.103
                  XXXXXXXXXXX
         Gateway: 192.168.2.1 (Arcadyan Technology Corporation)
             DNS: 127.0.0.5553

Instead verify that DNS= has a valid list of addresses when parsing configuration.

Fixes #4462.

8 years agovconsole: manual update (#4021)
Michal Soltys [Wed, 26 Oct 2016 23:21:02 +0000 (01:21 +0200)]
vconsole: manual update (#4021)

To more correctly reflect current behaviour as well as to provide
a few more details.

8 years agoseccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
Topi Miettinen [Wed, 26 Oct 2016 15:52:53 +0000 (18:52 +0300)]
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute

shmat(..., SHM_EXEC) can be used to create writable and executable
memory, so let's block it when MemoryDenyWriteExecute is set.

8 years agovconsole: setup_remaining_vcs() - more sanity checks
Michal Soltys [Wed, 12 Oct 2016 16:20:50 +0000 (18:20 +0200)]
vconsole: setup_remaining_vcs() - more sanity checks

Check if values filled up by KD_FONT_OP_GET ioctl make sense -
dummy driver for example doesn't implement required functionality
at all.

8 years agoman: document that systemctl cat shows file content (#4488)
Lucas Werkmeister [Wed, 26 Oct 2016 00:40:21 +0000 (02:40 +0200)]
man: document that systemctl cat shows file content (#4488)

... and that that content might be outdated.

8 years agobuild-sys/autogen: don't use bashisms (#4489)
Evgeny Vereshchagin [Tue, 25 Oct 2016 23:39:48 +0000 (02:39 +0300)]
build-sys/autogen: don't use bashisms (#4489)

Fixes:
$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Feb 17  2016 /bin/sh -> dash

$ ./autogen.sh c
./autogen.sh: 22: ./autogen.sh: [[: not found
...
checking whether make supports nested variables... (cached) yes
checking build system type... Invalid configuration `c': machine `c' not
recognized
configure: error: /bin/bash build-aux/config.sub c failed

this is a follow-up for a5e739a570081231

8 years agoMerge pull request #4476 from poettering/systemctl-free
Martin Pitt [Tue, 25 Oct 2016 18:59:24 +0000 (20:59 +0200)]
Merge pull request #4476 from poettering/systemctl-free

two minor systemctl memleak fixes

8 years agotest: skip exec tests when inaccessible dir is unavailable
Dongsu Park [Tue, 25 Oct 2016 12:51:01 +0000 (14:51 +0200)]
test: skip exec tests when inaccessible dir is unavailable

In case of running test-execute on systems with systemd < v232, several
tests like privatedevices or protectkernelmodules fail because
/run/systemd/inaccessible/ doesn't exist. In these cases, we should skip
tests to avoid unnecessary errors.

See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566

8 years agosystemctl: fix two minor memory leaks in --wait handling
Lennart Poettering [Mon, 24 Oct 2016 18:06:22 +0000 (20:06 +0200)]
systemctl: fix two minor memory leaks in --wait handling

(Also, let's not use the binary |= operator on "bool" variables).

Fix-up for 93a0884126146361ca078ec627da2cf766205a1c.

8 years agoupdate NEWS file a bit more
Lennart Poettering [Mon, 24 Oct 2016 18:06:03 +0000 (20:06 +0200)]
update NEWS file a bit more

8 years agoMerge pull request #4474 from poettering/nsswitch
Martin Pitt [Tue, 25 Oct 2016 06:13:07 +0000 (08:13 +0200)]
Merge pull request #4474 from poettering/nsswitch

various nss module/resolved fixes

8 years agoman: document the default value of NoNewPrivileges=
Zbigniew Jędrzejewski-Szmek [Sun, 23 Oct 2016 03:41:45 +0000 (23:41 -0400)]
man: document the default value of NoNewPrivileges=

Fixes #4329.

8 years agoMerge pull request #4450 from poettering/seccompfixes
Zbigniew Jędrzejewski-Szmek [Tue, 25 Oct 2016 00:23:21 +0000 (20:23 -0400)]
Merge pull request #4450 from poettering/seccompfixes

Various seccomp fixes and NEWS update.

8 years agoman: Fix event source priority enum names in synopsis (#4478)
Martin Ejdestig [Mon, 24 Oct 2016 22:30:26 +0000 (00:30 +0200)]
man: Fix event source priority enum names in synopsis (#4478)

8 years agoMerge pull request #4477 from poettering/enumerate-load-fix
Lennart Poettering [Mon, 24 Oct 2016 21:48:48 +0000 (23:48 +0200)]
Merge pull request #4477 from poettering/enumerate-load-fix

Properly synthesize -.slice and init.scope

8 years agonetworkd: fix mixup of bond options (#4470)
Benjamin Richter [Mon, 24 Oct 2016 19:24:47 +0000 (21:24 +0200)]
networkd: fix mixup of bond options (#4470)

8 years agocore: drop -.slice from shipped units
Lennart Poettering [Mon, 24 Oct 2016 18:49:48 +0000 (20:49 +0200)]
core: drop -.slice from shipped units

Since this unit is synthesized anyway there's no point in actually shipping it
on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *"
won't be confused by the leading dash of the file name anymore.

8 years agocore: move initialization of -.slice and init.scope into the unit_load() callbacks
Lennart Poettering [Mon, 24 Oct 2016 18:37:54 +0000 (20:37 +0200)]
core: move initialization of -.slice and init.scope into the unit_load() callbacks

Previously, we'd synthesize the root slice unit and the init scope unit in the
enumerator callbacks for the unit type. This is problematic if either of them
is already referenced from a unit that is loaded as result of another unit
type's enumerator logic.

Let's clean this up and simply create the two objects from the enumerator
callbacks, if they are not around yet. Do the actual filling in of the settings
from the unit_load() callbacks, to match how other units are loaded.

Fixes: #4322

8 years agoman: sync up the suggested nsswitch.conf configuration for our four NSS modules
Lennart Poettering [Mon, 24 Oct 2016 16:58:03 +0000 (18:58 +0200)]
man: sync up the suggested nsswitch.conf configuration for our four NSS modules

This unifies the suggested nsswitch.conf configuration for our four NSS modules to this:

    hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

Note that this restores "myhostname" to the suggested configuration of
nss-resolve for the time being, undoing 4484e1792b64b01614f04b7bde97bf019f601bf9.

"myhostname" should probably be dropped eventually, but when we do this we
should do it in full, and not only drop it from the suggested nsswitch.conf
for one of the modules, but also drop it in source and stop referring to it
altogether.

Note that nss-resolve doesn't replace nss-myhostname in full: the former only
works if D-Bus/resolved is available for resolving the local hostname, the
latter works in all cases even if D-Bus or resolved are not in operation, hence
there's some value in keeping the line as it is right now. Note that neither
dns nor myhostname are considered at all with the above configuration unless
the resolve module actually returns UNAVAIL. Thus, even though handling of
local hostname resolving is implemented twice this way it is only executed once
for each lookup.

8 years agonss-resolve: be a bit more careful with returning NSS_STATUS_NOTFOUND
Lennart Poettering [Mon, 24 Oct 2016 16:50:43 +0000 (18:50 +0200)]
nss-resolve: be a bit more careful with returning NSS_STATUS_NOTFOUND

Let's tighten the cases when our module returns NSS_STATUS_NOTFOUND. Let's do
so only if we actually managed to talk to resolved. In all other cases stick to
NSS_STATUS_UNAVAIL as before, as it clearly indicates that our module or the
system is borked, and the "dns" fallback should really take place.

In particular this fixes the 2nd-level fallback from our own dlopen() based
fallback handling. In this case we really should return UNAVAIL so that the
caller can apply its own fallback still.

Fix-up for d7247512a904f1dd74125859d8da66166c2a6933.

Note that our own dlopen() based fallback is pretty much redundant now if
nsswitch.conf is configured like this:

   hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

In a future release we should probably drop our internal fallback then, in
favour of this nsswitch.conf-based one.

8 years agoresolved: properly check for the root domain
Lennart Poettering [Mon, 24 Oct 2016 16:49:27 +0000 (18:49 +0200)]
resolved: properly check for the root domain

Fix-up for #4164

8 years agoVarious additions to NEWS
Lennart Poettering [Fri, 21 Oct 2016 18:15:18 +0000 (20:15 +0200)]
Various additions to NEWS

8 years agoseccomp: add test-seccomp test tool
Lennart Poettering [Fri, 21 Oct 2016 19:48:10 +0000 (21:48 +0200)]
seccomp: add test-seccomp test tool

This validates the system call set table and many of our seccomp-util.c APIs.

8 years agoseccomp: add new helper call seccomp_load_filter_set()
Lennart Poettering [Fri, 21 Oct 2016 19:18:46 +0000 (21:18 +0200)]
seccomp: add new helper call seccomp_load_filter_set()

This allows us to unify most of the code in apply_protect_kernel_modules() and
apply_private_devices().