Zbigniew Jędrzejewski-Szmek [Thu, 11 May 2017 16:12:41 +0000 (12:12 -0400)]
pid1: improve logging when failing to remount / ro (#5940)
https://bugzilla.redhat.com/show_bug.cgi?id=1227736#c49
We counted how many filesystems could not be unmounted, but only for those
filesystems which we tried to unmount. Since we only remount / ro, without
attempting to unmount, we would emit a confusing error message:
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
All filesystems unmounted.
Warn when remount-ro fails, and for filesystems which we won't try to unmount,
include the failure to remount-ro in n_failed.
A few minor cleanups:
- remove unecessary goto which jumps to the next line anyway
- always calculate n_failed, even if log_error is false. This causes no change
in behaviour, but I think the code is easier to follow, since the log setting
cannot influence other logic.
Tom Gundersen [Thu, 11 May 2017 13:56:55 +0000 (15:56 +0200)]
busctl: monitor - only start printing messages once we have become a monitor (#5931)
A connection becomes a monitor the moment it loses its unique name, so any
messages received before that should not be dumped to the console.
Currently, we print NameAcquired and NameLost for the unique name of the
peer that becomes the monitor, simply discard all messages until we
receive our NameLost signal.
Zbigniew Jędrzejewski-Szmek [Thu, 11 May 2017 06:15:28 +0000 (02:15 -0400)]
core: fix warning about unsigned variable (#5935)
Fixup for
d8c92e8bc7351f553936b5235e1922c18ebd817a.
Peter Hutterer [Thu, 11 May 2017 02:29:15 +0000 (12:29 +1000)]
hwdb: add the X200/X201 to the existing X201s entry (#5934)
https://bugs.freedesktop.org/show_bug.cgi?id=100628
Ray Strode [Thu, 11 May 2017 02:23:54 +0000 (22:23 -0400)]
man: fix LD_LIBRARY_PATH example in environment.d (#5929)
The example for LD_LIBRARY_PATH in the environment.d man page is wrong.
When setting LD_LIBRARY_PATH, the new directory usually needs to be at
the front so it overrides old directories.
In the example, the colon delimiter is correctly prepended to the front, but
the actual new path is erroneously appended to the end.
This commit moves it to the front where it belongs.
Peter Hutterer [Wed, 10 May 2017 19:22:00 +0000 (05:22 +1000)]
udev: don't allow pointing stick sensitivities greater than 255 (#5927)
It gets truncated, so the result is that people mess with the const accel
because the sensitivity isn't the expected 300 but the too-low 45.
One example: https://bugs.freedesktop.org/show_bug.cgi?id=100965
Lennart Poettering [Wed, 10 May 2017 17:46:13 +0000 (19:46 +0200)]
Merge pull request #5920 from fbuihuu/sysusers-disable-gshadow
Sysusers disable group shadow support
Franck Bui [Wed, 10 May 2017 12:28:41 +0000 (14:28 +0200)]
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers
No functional changes.
Anchor Cat [Wed, 10 May 2017 11:23:58 +0000 (21:23 +1000)]
automount: ack automount requests even when already mounted (#5916)
If a process accesses an autofs filesystem while systemd is in the
middle of starting the mount unit on top of it, it is possible for the
autofs_ptype_missing_direct request from the kernel to be received after
the mount unit has been fully started:
systemd forks and execs mount ...
... access autofs, blocks
mount exits ...
systemd receives SIGCHLD ...
... kernel sends request
systemd receives request ...
systemd needs to respond to this request, otherwise the kernel will
continue to block access to the mount point.
Zbigniew Jędrzejewski-Szmek [Wed, 10 May 2017 11:09:52 +0000 (07:09 -0400)]
units: make descriptions of api filesystems less generic (#5914)
All those names were very generic. Fixes #5911.
Franck Bui [Tue, 9 May 2017 12:02:37 +0000 (14:02 +0200)]
sysusers: make group shadow support configurable
Some distros (openSUSE) don't have group shadow support enabled. This can lead
to the following error:
# systemd-sysusers
Creating group foofoo with gid 478.
# systemd-sysusers
# groupdel foofoo
# systemd-sysusers
Creating group foofoo with gid 478.
Failed to write files: File exists
This patch adds --disable-gshadow option to configure. If used,
systemd-sysvusers won't consider /etc/gshadow.
Franck Bui [Tue, 9 May 2017 07:37:37 +0000 (09:37 +0200)]
sysusers: split make_files()
This patch extracts the code which is in charge to write the new users or
groups into temporary files and move it into 4 dedicated functions.
This part was previously inlined in makes_files() making this function quite
big and hard to read and maintain.
There should be no functional change.
Lennart Poettering [Tue, 9 May 2017 19:10:55 +0000 (21:10 +0200)]
50-udev-default.rules.in: set correct group for mediaX/cecX (#5921)
The /dev/mediaX and /dev/cecX devices belong to the video group.
Add two default rules for that.
The /dev/cecX devices were introduced in kernel 4.8 in staging and moved
out of staging in 4.10. These devices support the HDMI CEC bus.
The /dev/mediaX devices are much older, but because they are not used very
frequently nobody got around to adding this rule to systemd. They let the
user control complex media pipelines.
Max Resch [Tue, 9 May 2017 18:57:40 +0000 (20:57 +0200)]
sd-boot: added shim signature/MOK validation (#5702)
Adds support for booting in a SecureBoot environment with shim as a
preloader. Install an appropriate UEFI security policy to check PE
signature of a chained kernel or UEFI application (using LoadImage())
against the MOK database maintained by shim, using shim's installed
BootServices.
Implementation details for installing the security policy are based on
code from the LinuxFoundation's SecureBoot PreLoader, part of efitools
licensed under LGPL 2.1
Current signed (by Microsoft) versions of shim (Versions 0.8 & 0.9)
so not install a security policy by themselves, future Versions of
shim might (a compile time switch exists in rectent git versions),
so in the future this PR might become unnecessary.
Lennart Poettering [Tue, 9 May 2017 18:49:17 +0000 (20:49 +0200)]
Merge pull request #5619 from fbuihuu/fully-restore-unit-cgroup-state
core: when deserializing a unit, fully restore its cgroup state
Lennart Poettering [Tue, 9 May 2017 18:42:32 +0000 (20:42 +0200)]
Merge pull request #5420 from OpenDZ/tixxdz/namespace-fixes-v2
Namespace: RootImage= RootDirectory= and MountAPIVFS fixes
Susant Sahani [Tue, 9 May 2017 18:25:11 +0000 (18:25 +0000)]
network: add support for vlan confs(MVRP, reorder header, loose binding) (#5834)
Ted W [Tue, 9 May 2017 18:22:04 +0000 (13:22 -0500)]
man: Clarify Restart= exception for systemctl stop (#5891)
Lennart Poettering [Tue, 9 May 2017 18:12:52 +0000 (20:12 +0200)]
Merge pull request #5906 from keszybz/man-links
man page link fixes
Hristo Venev [Tue, 9 May 2017 18:04:55 +0000 (19:04 +0100)]
networkd: add IPv6ProxyNDP (#5913)
This allows enabling proxy_ndp even if no addresses are configured in
networkd, as well as disabling proxy_ndp from a drop-in.
Susant Sahani [Tue, 9 May 2017 18:01:25 +0000 (18:01 +0000)]
networkd: add support to configure route protocol. (#5890)
Closes: #5889
Lennart Poettering [Tue, 9 May 2017 17:32:25 +0000 (19:32 +0200)]
Merge pull request #5919 from glaubitz/suse
Fix meson build on openSUSE Tumbleweed
John Paul Adrian Glaubitz [Tue, 9 May 2017 17:31:38 +0000 (19:31 +0200)]
build: Add missing SECCOMP_CFLAGS to test-seccomp and test-execute targets (#5924)
John Paul Adrian Glaubitz [Tue, 9 May 2017 11:00:26 +0000 (13:00 +0200)]
meson: Add missing dependency on libkmod for libudev_core
John Paul Adrian Glaubitz [Tue, 9 May 2017 10:58:32 +0000 (12:58 +0200)]
meson: Add missing dependency on libseccomp for libcore
Aggelos Avgerinos [Mon, 8 May 2017 23:09:22 +0000 (02:09 +0300)]
execute: Properly log errors considering socket fds (#5910)
Till now if the params->n_fds was 0, systemd was logging that there were
more than one sockets.
Thanks @gregoryp and @VFXcode who did the most work debugging this.
Mark Stosberg [Mon, 8 May 2017 23:05:34 +0000 (19:05 -0400)]
man: improve readability of time shorthands and their normalized forms. (#5912)
Pascal S. de Kloe [Mon, 8 May 2017 01:46:31 +0000 (03:46 +0200)]
hwdb: add axis range for Panasonic Toughbook CF-19, CF-30 and CF31 (#5908)
Michael Biebl [Mon, 8 May 2017 00:30:27 +0000 (02:30 +0200)]
Merge pull request #5907 from keszybz/mark-python-scripts-+x
Mark python scripts executable
Ian Wienand [Mon, 8 May 2017 00:23:49 +0000 (10:23 +1000)]
Add short-iso-precise for journalctl output (#5884)
This adds a short-iso-precise option for journalctl output. It is similar to
short-iso, but includes microseconds.
Zbigniew Jędrzejewski-Szmek [Sun, 7 May 2017 15:35:32 +0000 (11:35 -0400)]
Mark python scripts executable
Since all our python scripts have a proper python3 shebang, there is no benefit
to letting meson autodetect them. On linux, meson will just uses exec(), so the
shebang is used anyway. The only difference should be in how meson reports the
script and that the detection won't fail for (most likely misconfigured)
non-UTF8 locales.
Closes #5855.
Zbigniew Jędrzejewski-Szmek [Sun, 7 May 2017 15:29:55 +0000 (11:29 -0400)]
man: fix two references to our own binaries
Zbigniew Jędrzejewski-Szmek [Sun, 7 May 2017 15:29:40 +0000 (11:29 -0400)]
man: fix links to external man pages
linkchecker ftw!
Lennart Poettering [Sun, 7 May 2017 11:13:13 +0000 (07:13 -0400)]
Merge pull request #5901 from keszybz/mkosi-meson
Convert mkosi instructions to meson
Zbigniew Jędrzejewski-Szmek [Sun, 7 May 2017 11:03:28 +0000 (07:03 -0400)]
tree-wide: use SET_FLAG in more places (#5892)
Zbigniew Jędrzejewski-Szmek [Sat, 6 May 2017 01:19:04 +0000 (21:19 -0400)]
mkosi.build: set encoding
Otherwise python3 (via meson) complains.
Zbigniew Jędrzejewski-Szmek [Sat, 6 May 2017 01:18:54 +0000 (21:18 -0400)]
mkosi.fedora: we need lz4 for lz4cat
Zbigniew Jędrzejewski-Szmek [Sat, 6 May 2017 01:18:44 +0000 (21:18 -0400)]
mkosi: switch build to meson
For Fedora, the version is bumped to 26. In F25, ninja is still called ninja-build
(while the package with the rename is going through QA).
Susant Sahani [Sat, 6 May 2017 00:04:07 +0000 (00:04 +0000)]
socket-util: add parse_ip_prefix (#5867)
networkd: replace parse prefix with generic in_addr_prefix_from_string
Mark Stosberg [Fri, 5 May 2017 23:00:45 +0000 (19:00 -0400)]
man: document that OnCalendar may be specified more than once. (#5885)
It's helpful to know you can provide this more than once, rather than try
to make a more complicated / less clear single expression.
Zbigniew Jędrzejewski-Szmek [Fri, 5 May 2017 01:29:59 +0000 (21:29 -0400)]
man: fix URL for kernel-parameters doc
With the move to sphinx-generated docs, the old URL seems to have stopped
working and returns 404.
Franck Bui [Mon, 27 Mar 2017 16:00:54 +0000 (18:00 +0200)]
core: when deserializing a unit, fully restore its cgroup state
The state of a unit was not fully restored, especially the
"cgroup_realized_mask/cgroup_enabled_mask" fields were missing.
This could be seen with the following sequence:
$ systemctl show -p TasksCurrent sshd
TasksCurrent=1
$ systemctl daemon-reload
$ systemctl show -p TasksCurrent sshd
TasksCurrent=
18446744073709551615
This was also visible with the "status" command: "Tasks: " row wasn't
showed in status of a service after a "daemon-reload" command.
Franck Bui [Tue, 2 May 2017 07:59:17 +0000 (09:59 +0200)]
core: introduce cg_mask_from_string()/cg_mask_to_string()
James Cowgill [Wed, 3 May 2017 16:35:45 +0000 (17:35 +0100)]
seccomp: add clone syscall definitions for mips (#5880)
Also updates the documentation and adds a mention of ppc64 support
which was enabled by #5325.
Tested on Debian mipsel and mips64el. The other 4 mips architectures
should have an identical user <-> kernel ABI to one of the 2 tested
systems.
Michael Biebl [Wed, 3 May 2017 14:45:31 +0000 (16:45 +0200)]
Merge pull request #5842 from keszybz/meson-status-and-conditionals
Meson status and conditional simplification
Zbigniew Jędrzejewski-Szmek [Fri, 28 Apr 2017 01:13:08 +0000 (21:13 -0400)]
meson: use booleans for conf.set and drop unecessary conditionals
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.
Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
Zbigniew Jędrzejewski-Szmek [Fri, 28 Apr 2017 00:54:52 +0000 (20:54 -0400)]
meson: add status report
This is similar to what ./configure prints. Instead of a long list of yes/no lines,
I added two lines at the end with "enabled features" and "disabled features".
This is what the mplayer/mencoder ./configure script did back in the day.
The advantage is that it's easy to look at the list of disabled features
and check for any unexpected entries.
Zbigniew Jędrzejewski-Szmek [Fri, 28 Apr 2017 00:51:34 +0000 (20:51 -0400)]
meson: add forgotten debug options
v2:
-rename -Dextra-debug to -Ddebug to match ./configure --debug
Patrik Flykt [Tue, 2 May 2017 19:36:24 +0000 (22:36 +0300)]
sd-ndisc: Reset counter for sent Router Solicitations (#5874)
Reset also the counter for number of Router Solicitations sent when
the associated file descriptor is closed and the event source
unreferenced. With this change the router discovery can now be
stopped and restarted arbitrary many times.
Dimitri John Ledkov [Tue, 2 May 2017 19:32:42 +0000 (20:32 +0100)]
network: reject bridge port priorities above kernel's max value. (#5877)
Bridge port priority in the kernel can only be between 0 and 63. Therefore
reject values above maximum.
Fixes: #5729
Michael Biebl [Tue, 2 May 2017 19:30:14 +0000 (21:30 +0200)]
build-sys: re-add systemd.directives and systemd.index to MANPAGES (#5876)
Those were dropped accidentally in commit
19fe49f62cc916f1237ea92a04fc80ee75285dde, most likely by running
make update-man-list. This is a known limitation of the autotools build:
the man pages must be built before update-man-list is called.
Peter Hutterer [Tue, 2 May 2017 06:53:08 +0000 (16:53 +1000)]
hwdb: update axis ranges for the Asus UX301LAA touchpad (#5872)
https://bugs.freedesktop.org/show_bug.cgi?id=100873
Michael Biebl [Mon, 1 May 2017 17:18:02 +0000 (19:18 +0200)]
Merge pull request #5871 from keszybz/meson-html-2
meson: make sure html symlinks are also created in build directory
Zbigniew Jędrzejewski-Szmek [Mon, 1 May 2017 04:17:20 +0000 (00:17 -0400)]
meson: make sure html symlinks are also created in build directory
The symlinks should be created in the build directory in two cases: when
configuration specifies -Dhtml=true, or when ninja html target is built.
Normally install : {true,false} is used to decide if a target should be built,
but in this case, we cannot use install : true, because, as described in
488477d101, that results in the target file being copied into the
installation directory instead of a symlink. So we need a work-around. To
achieve the first end, the commands to create the symlinks are added as
dependencies of the command to create the html page. To the second end, they
are added as dependencies of the html target.
Follow-up for
488477d101 and
064d9ef0d7.
Michael Biebl [Mon, 1 May 2017 15:02:17 +0000 (17:02 +0200)]
meson: create index.html symlink pointing at systemd.index.html (#5870)
Re-use bits from
488477d1011559078dbebfea18e22dcc1c9ca7ea to create the
index.html symlink.
Fixes #5862
Michael Biebl [Mon, 1 May 2017 13:21:51 +0000 (15:21 +0200)]
Merge pull request #5869 from keszybz/meson-html
meson: fix creation of html symlinks
Zbigniew Jędrzejewski-Szmek [Mon, 1 May 2017 04:17:20 +0000 (00:17 -0400)]
meson: fix creation of html symlinks
This adds two somewhat independent rules:
1. to create symlinks to html pages in the build directory
2. to create symlinks in the installation directory
The second part needs to be coded separately, because telling meson to install
the symlinks created in step 1. results in a copy of the target, instead of a
symlink. So step 2. needs to ignore the result of 1. and create the symlink again.
Fixes #5863.
Jörg Thalheim [Mon, 1 May 2017 00:26:56 +0000 (02:26 +0200)]
more portable python shebangs (#5816)
This is useful on systems like NixOS, where python3 is not in
/usr/bin/python3 as well as for people using alternative ways to
install python such as virtualenv/pyenv.
Michael Biebl [Sun, 30 Apr 2017 16:21:59 +0000 (18:21 +0200)]
build-sys: don't generate index.html with --disable-manpages (#5865)
Don't generate man/index.html and the dependent man/systemd.index.html
if man pages have been disabled.
Closes #5854
Roelf Wichertjes [Sun, 30 Apr 2017 11:12:32 +0000 (13:12 +0200)]
networkd: Add check to ensure link is down before attempting to enslave (#5853)
netdev to bond.
There are situations where a link can be in an "UP" state when
systemd-networkd attempts to add the link to a bond device.
This is a problem because the bonding driver will refuse to
enslave a link if it is in the "UP" state.
This check ensures systemd-networkd sets the link to "DOWN"
before attempting to add the link to the bond.
Fixes #5838.
Lennart Poettering [Sun, 30 Apr 2017 09:36:12 +0000 (11:36 +0200)]
Merge pull request #5808 from ssahani/util
conf parser: add config_parse_ip_port
Max Resch [Sun, 30 Apr 2017 02:11:34 +0000 (04:11 +0200)]
sd-boot: remove compiler warning (#5860)
This small fixup removes a compiler warning when passing tcg (a const
arg type) to the uefi call wapper, which does not define it as const.
All other source files in sd-boot do this cast except measure.c, so
let's fix that.
Martin Pitt [Sat, 29 Apr 2017 19:19:24 +0000 (21:19 +0200)]
Merge pull request #5809 from keszybz/glob-safe
Implement `safe_glob` that ignores "." and ".."
Susant Sahani [Sat, 29 Apr 2017 18:04:17 +0000 (23:34 +0530)]
conf parser: add config_parse_ip_port
Yusuke Nojima [Sat, 29 Apr 2017 17:37:53 +0000 (02:37 +0900)]
journald: fix assertion failure on journal_file_link_data. (#5843)
When some error occurs during the initialization of JournalFile,
the JournalFile can be left without hash tables created. When later
trying to append an entry to that file, the assertion in
journal_file_link_data() fails, and journald crashes.
This patch fix this issue by checking *_hash_table_size in
journal_file_verify_header().
Susant Sahani [Thu, 27 Apr 2017 05:14:22 +0000 (10:44 +0530)]
networkd: replace geneve/vxlan port parsing with generic config_parse_ip_port
Susant Sahani [Thu, 27 Apr 2017 05:11:46 +0000 (10:41 +0530)]
config parser: Introduce config_parse_ip_port
Lennart Poettering [Sat, 29 Apr 2017 16:40:19 +0000 (18:40 +0200)]
Merge pull request #5164 from Werkov/ordering-for-_netdev-devices
Ordering for _netdev devices
Lennart Poettering [Sat, 29 Apr 2017 16:35:56 +0000 (18:35 +0200)]
Merge pull request #5783 from keszybz/compiler-warning-fixes
shared/extract-word: replace enum with int to avoid undefined behaviour
Lennart Poettering [Sat, 29 Apr 2017 11:42:09 +0000 (13:42 +0200)]
Merge pull request #5529 from ssahani/label
networkd / sd-netlink: add support for address label
Martin Pitt [Sat, 29 Apr 2017 11:39:47 +0000 (13:39 +0200)]
Merge pull request #5852 from phomes/trivial
Trivial cleanups
Lennart Poettering [Sat, 29 Apr 2017 10:30:29 +0000 (12:30 +0200)]
Merge pull request #5801 from keszybz/help-error
nspawn,cgtop: make sure --version, --help always work
Max Resch [Sat, 29 Apr 2017 10:24:25 +0000 (12:24 +0200)]
sd-boot: remove unnecessary defines (#5848)
As discussed in #5829 `#define` is not necessary, meson and autotools
set the correct compiler flags and the default value is provided by them.
Chris Lamb [Sat, 29 Apr 2017 06:23:13 +0000 (07:23 +0100)]
test: explain why we explicitly make all despite test/Makefile's check target calling it (#5830)
Michael Biebl [Sat, 29 Apr 2017 06:21:07 +0000 (08:21 +0200)]
meson: do not link libshared dynamically against libudev (#5850)
Linking dynamically against libudev will fail once
https://github.com/mesonbuild/meson/pull/1545 is merged and apparently
already triggers a link failure on s390x.
Make libshared provide the udev symbols by including libudev_sources
into libshared. This will cause those files to be compiled twice, but it
actually reduces the installed size and is closer to what the autotools
build system is doing.
Closes #5828
Thomas Hindoe Paaboel Andersen [Fri, 28 Apr 2017 21:49:50 +0000 (23:49 +0200)]
tree-wide: remove unused variables
Thomas Hindoe Paaboel Andersen [Fri, 28 Apr 2017 21:44:57 +0000 (23:44 +0200)]
networkd: remove duplicated include
Thomas Hindoe Paaboel Andersen [Fri, 28 Apr 2017 21:37:35 +0000 (23:37 +0200)]
shared: assert the source for memcpy
userwithuid [Fri, 28 Apr 2017 12:22:17 +0000 (12:22 +0000)]
build-sys: do not install manpages from disabled features (#5844)
A few of the manpages where missing the "conditional" attribute.
Peter Hutterer [Fri, 28 Apr 2017 06:19:31 +0000 (16:19 +1000)]
hwdb: add Samsung 880Z5E series touchpad overrides (#5825)
https://bugs.freedesktop.org/show_bug.cgi?id=100631
Max Resch [Fri, 28 Apr 2017 00:59:37 +0000 (02:59 +0200)]
meson: add compiler flags for "--tpm" in EFI apps (#5829)
Readds boot log tpm feature that was missing in meson by readding a
defines in efi_conf.h
Martin Pitt [Thu, 27 Apr 2017 20:12:28 +0000 (22:12 +0200)]
Merge pull request #5827 from keszybz/meson-libcap
meson: fixes to allow meson builds on Ubuntu Trusty
userwithuid [Thu, 27 Apr 2017 17:47:04 +0000 (17:47 +0000)]
meson: do not install files from disabled features (#5811)
Mirror conditions from Makefile.am.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Apr 2017 17:40:15 +0000 (13:40 -0400)]
Merge pull request #5818 from mbiebl/meson-no-libudev
meson: drop implicit libudev link dependencies
Zbigniew Jędrzejewski-Szmek [Thu, 27 Apr 2017 17:39:54 +0000 (13:39 -0400)]
Merge branch 'master' into meson-no-libudev
Zbigniew Jędrzejewski-Szmek [Thu, 27 Apr 2017 17:37:01 +0000 (13:37 -0400)]
Merge pull request #5821 from mbiebl/meson-no-libiptc
Merge libfirewall into libshared, and link libshared to libip[46]tc directly.
userwithuid [Thu, 27 Apr 2017 17:22:40 +0000 (17:22 +0000)]
build-sys: only install libexecdir/resolv.conf if resolved is enabled (#5826)
as mentioned in https://github.com/systemd/systemd/pull/5811
Zbigniew Jędrzejewski-Szmek [Wed, 26 Apr 2017 02:54:50 +0000 (22:54 -0400)]
execute: filter out "." for ".." in EnvironmentFile= globs too
This doesn't really matter much, only in case somebody would use
something strange like
EnvironmentFile=/etc/something/.*
Make sure that "." and ".." is not returned by that glob. This makes
all our globbing patterns behave the same.
Zbigniew Jędrzejewski-Szmek [Wed, 26 Apr 2017 03:50:35 +0000 (23:50 -0400)]
tmpfiles: use safe_glob()
This filters out "." and ".." from glob results. Fixes #5655 and #5644.
Any judgements on whether the path is "safe" are removed. We will not remove
"/" under any name (including "/../" and such), but we will remove stuff that
is specified using paths that include "//", "/./" and "/../". Such paths can be
created when joining strings automatically, or for other reasons, and people
generally know what ".." and "." is.
Tests are added to make sure that the helper functions behave as expected.
Zbigniew Jędrzejewski-Szmek [Wed, 26 Apr 2017 03:44:34 +0000 (23:44 -0400)]
basic: add readdir_no_dot and safe_glob functions
safe_glob filters out "." and "..".
This converts all users of glob_extend() and glob_exists() to safe_glob.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Apr 2017 14:05:41 +0000 (10:05 -0400)]
meson: fix detection of "-Wno-" options
Zbigniew Jędrzejewski-Szmek [Thu, 27 Apr 2017 14:05:18 +0000 (10:05 -0400)]
meson: add version check for libseccomp
Compilation fails because of the missing arm64 bits with old seccomp versions.
Zbigniew Jędrzejewski-Szmek [Thu, 27 Apr 2017 05:30:30 +0000 (01:30 -0400)]
meson: also search for libcap directly
Matija Skala [Thu, 27 Apr 2017 00:08:52 +0000 (02:08 +0200)]
improve readability (#5814)
codekipper [Wed, 26 Apr 2017 23:49:06 +0000 (01:49 +0200)]
update-done: Create using a temporary file (#5789)
'/etc/.updated' is created without using a temporary file, this can be
problematic with filesystems that cache writes. Modify so that the
timestamp is written to a temporary file and then use an atomic move
to move it to its correct place.
Michael Biebl [Wed, 26 Apr 2017 20:14:23 +0000 (22:14 +0200)]
meson: get rid of libfirewall
Michael Biebl [Wed, 26 Apr 2017 16:57:18 +0000 (18:57 +0200)]
meson: drop libiptc link dependencies from libshared
The only place where libiptc is needed is in libfirewall, which already
takes care of linking against libiptc.
Michael Biebl [Tue, 25 Apr 2017 18:19:54 +0000 (20:19 +0200)]
meson: drop implicit libudev link dependencies
Executables which link against libshared do not need an explicit
dependency on libudev, as libshared will make sure that those symbols
are available.
Susant Sahani [Wed, 26 Apr 2017 10:29:46 +0000 (15:59 +0530)]
meson: add address label to build system
Susant Sahani [Tue, 25 Apr 2017 10:36:50 +0000 (16:06 +0530)]
networkd: add support for address label
IPv6 address labels are used for address selection; they are described in RFC 3484.
Precedence is managed by userspace, and only the label itself is stored in the kernel.
enp0s25.network
[Match]
Name=enp0s25
[Network]
DHCP=yes
Address = 2001:db8:f00:baa::b
[AddressLabel]
Label=199
Prefix=2001:db8:41::/64
[AddressLabel]
Label=11
Prefix=2001:db8:31::/64
[AddressLabel]
Label=123
Prefix=2001:db8:21::/64
[AddressLabel]
Label=124
Prefix=2001:db8:11::/64
[sus@maximus label]$ ip addrlabel list
prefix ::1/128 label 0
prefix ::/96 label 3
prefix ::ffff:0.0.0.0/96 label 4
prefix 2001:db8:41::/64 dev enp0s25 label 199
prefix 2001:db8:31::/64 dev enp0s25 label 11
prefix 2001:db8:21::/64 dev enp0s25 label 123
prefix 2001:db8:11::/64 dev enp0s25 label 124
prefix 2001::/32 label 6
prefix 2001:10::/28 label 7
prefix 3ffe::/16 label 12
prefix 2002::/16 label 2
prefix fec0::/10 label 11
prefix fc00::/7 label 5
prefix ::/0 label 1