Susant Sahani [Sat, 26 Aug 2017 13:37:46 +0000 (19:07 +0530)]
Networkd Bond DOC: Move ActiveSlave and PrimarySlave to [Network] (#6610)
Fixes #6545
Lennart Poettering [Sat, 26 Aug 2017 13:19:26 +0000 (15:19 +0200)]
logind: make sure we don't process the same method call twice (#6583)
Tiny mistake, big effect.
Fixes: #6375
Yu Watanabe [Sat, 26 Aug 2017 13:12:48 +0000 (22:12 +0900)]
Merge pull request #6582 from poettering/logind-tty
various tty path parsing fixes
Lennart Poettering [Sat, 26 Aug 2017 13:07:23 +0000 (15:07 +0200)]
core: disable the effect of Restart= if there's a stop job pending for a service (#6581)
We shouldn't undo the job already enqueued, under any circumstances.
Fixes: #6504
Lennart Poettering [Sat, 26 Aug 2017 12:59:21 +0000 (14:59 +0200)]
man: fix example indentation in tmpfiles.d(5) (#6578)
docboc actually copies the indentation 1:1 into the final man page and
that makes the example really weirdly aligned. Let's fix that.
Yu Watanabe [Sat, 26 Aug 2017 12:49:05 +0000 (21:49 +0900)]
Merge pull request #6577 from poettering/more-exec-flags
add ! and !! ExecStart= flags to make ambient caps useful
Michal Sekletar [Fri, 25 Aug 2017 13:36:10 +0000 (15:36 +0200)]
service: attempt to execute next main command only for oneshot services (#6619)
This commit fixes crash described in
https://github.com/systemd/systemd/issues/6533
Multiple ExecStart lines are allowed only for oneshot services
anyway so it doesn't make sense to call service_run_next_main() with
services of type other than SERVICE_ONESHOT.
Referring back to reproducer from the issue, previously we didn't observe
this problem because s->main_command was reset after daemon-reload hence
we never reached the assert statement in service_run_next_main().
Fixes #6533
Yu Watanabe [Tue, 22 Aug 2017 11:19:19 +0000 (20:19 +0900)]
Merge pull request #6615 from ssahani/client-id
networkd: fix spell DCHPClientIdentifier (DCHP => DHCP)
Michael Biebl [Mon, 21 Aug 2017 07:47:07 +0000 (09:47 +0200)]
CONTRIBUTING: stop mentioning "make check"
Since the switch to meson this information is no longer valid. HACKING already documents how to run the test suite.
See #6642
Charles Huber [Thu, 17 Aug 2017 19:53:25 +0000 (14:53 -0500)]
hwdb: Add Logitech G100s Optical Gaming Mouse (#6570)
Susant Sahani [Tue, 15 Aug 2017 04:50:25 +0000 (10:20 +0530)]
networkd: fix spell DCHPClientIdentifier (DCHP => DHCP)
Evgeny Vereshchagin [Fri, 11 Aug 2017 04:02:02 +0000 (07:02 +0300)]
Merge pull request #6475 from martinpitt/test-set-e
test: Run qemu/nspawn tests with "set -e"
Lennart Poettering [Wed, 9 Aug 2017 14:15:07 +0000 (16:15 +0200)]
units: make use of the new !! ExecStart= prefix in systemd-resolved.service
Let's make use of !! to run resolved with ambient capabilities on
systems supporting them.
Lennart Poettering [Wed, 9 Aug 2017 14:09:04 +0000 (16:09 +0200)]
core: add two new special ExecStart= character prefixes
This patch adds two new special character prefixes to ExecStart= and
friends, in addition to the existing "-", "@" and "+":
"!" → much like "+", except with a much reduced effect as it only
disables the actual setresuid()/setresgid()/setgroups() calls, but
leaves all other security features on, including namespace
options. This is very useful in combination with
RuntimeDirectory= or DynamicUser= and similar option, as a user
is still allocated and used for the runtime directory, but the
actual UID/GID dropping is left to the daemon process itself.
This should make RuntimeDirectory= a lot more useful for daemons
which insist on doing their own privilege dropping.
"!!" → Similar to "!", but on systems supporting ambient caps this
becomes a NOP. This makes it relatively straightforward to write
unit files that make use of ambient capabilities to let systemd
drop all privs while retaining compatibility with systems that
lack ambient caps, where priv dropping is the left to the daemon
codes themselves.
This is an alternative approach to #6564 and related PRs.
Lennart Poettering [Wed, 9 Aug 2017 13:07:15 +0000 (15:07 +0200)]
capability: add new ambient_capabilities_supported() helper
This new function reports whether ambient caps are available, and should
be quick because the result is cached.
Lennart Poettering [Wed, 9 Aug 2017 13:05:36 +0000 (15:05 +0200)]
capability: change capability_bounding_set_drop() to be work without privileges when executing a NOP
This way daemons which already dropped all caps may use the call to
drop priviliges again, which becomes a non-failing NOP.
Lennart Poettering [Wed, 9 Aug 2017 13:04:05 +0000 (15:04 +0200)]
seccomp: add new @setuid seccomp group
This new group lists all UID/GID credential changing syscalls (which are
quite a number these days). This will become particularly useful in a
later commit, which uses this group to optionally permit user credential
changing to daemons in case ambient capabilities are not available.
Lennart Poettering [Wed, 9 Aug 2017 10:46:09 +0000 (12:46 +0200)]
mkdir: chmod_and_chown() returns errors as "return -errno", not in errno itself
Lennart Poettering [Tue, 8 Aug 2017 17:49:04 +0000 (19:49 +0200)]
execute: needs_{selinux,apparmor,smack} → use_{selinux,apparmor,smack}
These booleans simply store whether selinux/apparmor/smack are supposed
ot be used, and chache the various mac_xyz_use() calls before we
transition into the namespace, hence let's use the same verb for the
variables and the functions: "use"
Lennart Poettering [Tue, 1 Aug 2017 09:52:36 +0000 (11:52 +0200)]
execute: make use of IN_SET() where we can
Lennart Poettering [Tue, 1 Aug 2017 09:44:37 +0000 (11:44 +0200)]
execute: simplify needs_sandboxing checking
Let's merge three if blocks that shall only run when sandboxing is applied
into one.
Note that this changes behaviour in one corner case: PrivateUsers=1 is
now honours both PermissionsStartOnly= and the "+" modifier in
ExecStart=, and not just the former, as before. This was an oversight,
so let's fix this now, at a point in time the option isn't used much
yet.
Lennart Poettering [Tue, 1 Aug 2017 09:30:44 +0000 (11:30 +0200)]
core: rename EXEC_APPLY_PERMISSIONS → EXEC_APPLY_SANDBOXING
"Permissions" was a bit of a misnomer, as it suggests that UNIX file
permission bits are adjusted, which aren't really changed here. Instead,
this is about UNIX credentials such as users or groups, as well as
namespacing, hence let's use a more generic term here, without any
misleading reference to UNIX file permissions: "sandboxing", which shall
refer to all kinds of sandboxing technologies, including UID/GID
dropping, selinux relabelling, namespacing, seccomp, and so on.
Lennart Poettering [Tue, 1 Aug 2017 09:02:30 +0000 (11:02 +0200)]
core: introduce unit_set_exec_params()
The new unit_set_exec_params() call is to units what
manager_set_exec_params() is to the manager object: it initializes the
various fields from the relevant generic properties set.
Lennart Poettering [Tue, 1 Aug 2017 08:53:46 +0000 (10:53 +0200)]
core: manager_set_exec_params() cannot fail, hence make it void
Let's simplify things a bit.
Lennart Poettering [Tue, 1 Aug 2017 08:51:18 +0000 (10:51 +0200)]
execute: also fold the cgroup delegate bit into ExecFlags
Lennart Poettering [Tue, 1 Aug 2017 08:43:04 +0000 (10:43 +0200)]
execute: also control the SYSTEMD_NSS_BYPASS_BUS through an ExecFlags field
Also, correct the logic while we are at it: the variable is only
required for system services, not user services.
Lennart Poettering [Tue, 1 Aug 2017 08:37:17 +0000 (10:37 +0200)]
service: let's set EXEC_NEW_KEYRING through SET_FLAG()
Not that it really matters, but it matches how we set the flags in
manager_set_exec_params() too.
Lennart Poettering [Tue, 1 Aug 2017 08:36:33 +0000 (10:36 +0200)]
core: don't chown() the configuration directory
The configuration directory is commonly not owned by a service, but
remains root-owned, hence don't change the owner automatically for it.
Lennart Poettering [Tue, 1 Aug 2017 08:35:10 +0000 (10:35 +0200)]
execute: add one more ExecFlags flag, for controlling unconditional directory chowning
Let's decouple the Manager object from the execution logic a bit more
here too, and simply pass along the fact whether we should
unconditionally chown the runtime/... directories via the ExecFlags
field too.
Lennart Poettering [Tue, 1 Aug 2017 08:28:20 +0000 (10:28 +0200)]
execute: let's decouple execute.c a bit from the unit logic
Let's try to decouple the execution engine a bit from the Unit/Manager
concept, and hence pass one more flag as part of the ExecParameters flags
field.
Lennart Poettering [Tue, 1 Aug 2017 08:16:42 +0000 (10:16 +0200)]
execute: replace command flag bools by a flags field
This way, we can extend it later on in an easier way, and can pass it
along nicely.
Justin Michaud [Thu, 10 Aug 2017 10:24:34 +0000 (06:24 -0400)]
Add hwdb fix for Lenovo Flex 3 15 inch touchpad resolution (#6558)
add hwdb fix for Lenovo Flex 3 1580
Lennart Poettering [Thu, 10 Aug 2017 10:05:21 +0000 (12:05 +0200)]
Merge pull request #6579 from sourcejedi/getty
getty nitpicks
Martin Pitt [Mon, 7 Aug 2017 19:09:21 +0000 (21:09 +0200)]
test: Run qemu/nspawn tests with "set -e"
This catches errors like "ninja not found", missing programs etc. early,
instead of silently ignoring them and trying to boot a broken VM.
In install_config_files(), allow some distro specific files to be absent
(such as /etc/sysconfig/init).
Martin Pitt [Mon, 7 Aug 2017 15:30:11 +0000 (17:30 +0200)]
test: Write state and log files into $BUILD_DIR
This avoids clobbering the source tree with .testdir/test.log files and
makes the tests work in situations where the source tree is read-only.
Lennart Poettering [Wed, 9 Aug 2017 19:12:55 +0000 (21:12 +0200)]
core: introduce a restart counter (#6495)
This adds a per-service restart counter. Each time an automatic
restart is scheduled (due to Restart=) it is increased by one. Its
current value is exposed over the bus as NRestarts=. It is also logged
(in a structured, recognizable way) on each restart.
Note that this really only counts automatic starts triggered by Restart=
(which it nicely complements). Manual restarts will reset the counter,
as will explicit calls to "systemctl reset-failed". It's supposed to be
a tool for measure the automatic restart feature, and nothing else.
Fixes: #4126
Lennart Poettering [Wed, 9 Aug 2017 19:09:13 +0000 (21:09 +0200)]
Merge pull request #6467 from yuwata/journal-remote-units
units: use {State,Logs}Directory= if they are applicable
Alan Jenkins [Wed, 9 Aug 2017 17:56:26 +0000 (18:56 +0100)]
units: console-getty.service: use the default RestartSec
> Note that console-getty.service as more uses than just containers. The
> idea is that it may be used as alternative to the whole VC/logind stuff,
> if all you need is a console on /dev/console, even on physical devices.
This means we want to remove RestartSec=0, for serial systems.
See 4bf0432 "units/serial-getty@.service: use the default RestartSec".
Alan Jenkins [Mon, 7 Aug 2017 18:24:32 +0000 (19:24 +0100)]
units: add Conflicts=rescue.service to container-getty@.service
The traditional runlevel 1 is "single user mode", and shuts down all but
the main console. In systemd, rescue.target provides runlevel1.target.
But it did not shut down logins on secondary consoles... if systemd was
running in a container.
I don't think we strictly need to change this. But when you look at both
container-getty@.service and getty@.service, you see that both have
IgnoreOnIsolate, but only the latter has Conflicts=rescue.service.
This also makes rescue.target in a container consistent with
emergency.target. In the latter case, the gettys were already stopped,
because they have a Requires dependency on sysinit.target.
Alan Jenkins [Wed, 9 Aug 2017 13:43:41 +0000 (14:43 +0100)]
units/console-getty.service: comment reason for ConditionPathExists
Currently we have 4 getty services. 1 has a BindsTo dependency on a
device unit. 3 have ConditionPathExists, but the reason is different in
every single one.
* Add comment to console-getty@.service (see commit
1b41981d)
* getty@.service is already commented
* container-getty.service is not strictly correct, as I realized while
trying to compose a comment. Reported as #6584.
Lennart Poettering [Wed, 9 Aug 2017 17:04:36 +0000 (19:04 +0200)]
pam_logind: skip leading /dev/ from PAM_TTY field before passing it on
Apparently, PAM documents that the PAM_TTY should come with a /dev
prefix, but we don't expect it so far, except that Wayland ends up
setting it after all, the way the docs suggest. Hence, let's simply drop
the /dev prefix if it is there.
Fixes: #6516
Lennart Poettering [Wed, 9 Aug 2017 17:03:39 +0000 (19:03 +0200)]
tree-wide: use path_startswith() rather than startswith() where ever that's appropriate
When checking path prefixes we really should use the right APIs, just in
case people add multiple slashes to their paths...
Lennart Poettering [Wed, 9 Aug 2017 17:01:18 +0000 (19:01 +0200)]
util-lib: add a new skip_dev_prefix() helper
This new helper removes a leading /dev if there is one. We have code
doing this all over the place, let's unify this, and correct it while
we are at it, by using path_startswith() rather than startswith() to
drop the prefix.
William Douglas [Wed, 9 Aug 2017 15:53:03 +0000 (08:53 -0700)]
tmpfiles: Allow create symlink on directories (#6039)
Currently if tmpfiles is run with force on symlink creation but there already
exists a directory at that location, the creation will fail. This change
updates the behavior to remove the directory with rm_fr and then attempts to
create the symlink again.
Lennart Poettering [Wed, 9 Aug 2017 15:06:26 +0000 (17:06 +0200)]
Merge pull request #6497 from yuwata/bus-prop
core: add missing properties in bus_exec_context_set_transient_property()
Alan Jenkins [Mon, 7 Aug 2017 17:30:56 +0000 (18:30 +0100)]
man/systemd-getty-generator fix/update
* Containers don't use serial-getty@console.service,
they use console-getty.service instead, and suppress
scanning for kernel or virtualizer consoles.
* Nowadays gettys are started on *all* configured kernel consoles.
* except for the line printer console, because that's not a tty.
(Seriously. Search CONFIG_LP_CONSOLE).
Lennart Poettering [Wed, 9 Aug 2017 13:42:49 +0000 (15:42 +0200)]
tests: when running a manager object in a test, migrate to private cgroup subroot first (#6576)
Without this "meson test" will end up running all tests in the same
cgroup root, and they all will try to manage it. Which usually isn't too
bad, except when they end up clearing up each other's cgroups. This race
is hard to trigger but has caused various CI runs to fail spuriously.
With this change we simply move every test that runs a manager object
into their own private cgroup. Note that we don't clean up the cgroup at
the end, we leave that to the cgroup manager around it.
This fixes races that become visible by test runs throwing out errors
like this:
```
exec-systemcallfilter-failing.service: Passing 0 fds to service
exec-systemcallfilter-failing.service: About to execute: /bin/echo 'This should not be seen'
exec-systemcallfilter-failing.service: Forked /bin/echo as 5693
exec-systemcallfilter-failing.service: Changed dead -> start
exec-systemcallfilter-failing.service: Failed to attach to cgroup /exec-systemcallfilter-failing.service: No such file or directory
Received SIGCHLD from PID 5693 ((echo)).
Child 5693 ((echo)) died (code=exited, status=219/CGROUP)
exec-systemcallfilter-failing.service: Child 5693 belongs to exec-systemcallfilter-failing.service
exec-systemcallfilter-failing.service: Main process exited, code=exited, status=219/CGROUP
exec-systemcallfilter-failing.service: Changed start -> failed
exec-systemcallfilter-failing.service: Unit entered failed state.
exec-systemcallfilter-failing.service: Failed with result 'exit-code'.
exec-systemcallfilter-failing.service: cgroup is empty
Assertion 'service->main_exec_status.status == status_expected' failed at ../src/src/test/test-execute.c:71, function check(). Aborting.
```
BTW, I tracked this race down by using perf:
```
# perf record -e cgroup:cgroup_mkdir,cgroup_rmdir
…
# perf script
```
Thanks a lot @iaguis, @alban for helping me how to use perf for this.
Fixes #5895.
userwithuid [Wed, 9 Aug 2017 13:41:44 +0000 (13:41 +0000)]
build-sys: fix invalid args detected by meson 0.42 (#6561)
some run_target() calls were using params from custom_target()
example message:
WARNING: Passed invalid keyword argument "input". This will become a hard error in the future.
New way to call targets:
ninja man/man
ninja man/html
ninja man/update-man-rules
Yu Watanabe [Wed, 9 Aug 2017 13:13:41 +0000 (22:13 +0900)]
units: do not perform m4 if not necessary (#6575)
Xiang Fan [Wed, 9 Aug 2017 10:51:53 +0000 (05:51 -0500)]
rfkill: fix typo (#6574)
Lennart Poettering [Wed, 9 Aug 2017 07:47:33 +0000 (09:47 +0200)]
Merge pull request #6568 from sourcejedi/test
sd-login: test - fix failure when run from non-graphical seat
Zbigniew Jędrzejewski-Szmek [Wed, 9 Aug 2017 07:45:02 +0000 (03:45 -0400)]
Add rpm macro %_userpresetdir (#6571)
https://bugzilla.redhat.com/show_bug.cgi?id=1479580
bengal [Tue, 8 Aug 2017 16:55:31 +0000 (18:55 +0200)]
dhcp-network: adjust sockaddr length for addresses longer than 8 bytes (#6527)
An infiniband hardware address is 20 bytes, but sockaddr_ll.sll_addr is only 8
bytes. Explicitly ensure that sockaddr_union has enough space for infiniband
addresses, even if they run over sockaddr_ll and add a macro to compute the
proper size to pass to kernel.
Alan Jenkins [Tue, 8 Aug 2017 15:13:52 +0000 (16:13 +0100)]
sd-login: test - fix failure when run from non-graphical seat
Observed when running from the console of a systemd nspawn container
(see failure below).
The value of r was tested, when r was last set by
sd_session_can_graphical(). This did not correspond to the value expected.
Fix the code, so we compare relevant values now. Hopefully :).
Test failure
------------
/* Information printed is from the live system */
sd_pid_get_unit(0, …) → "session-13.scope"
sd_pid_get_user_unit(0, …) → "n/a"
sd_pid_get_slice(0, …) → "user-1000.slice"
sd_pid_get_session(0, …) → "13"
sd_pid_get_owner_uid(0, …) → 1000
sd_pid_get_cgroup(0, …) → "/user.slice/user-1000.slice/session-13.scope"
sd_uid_get_display(1000, …) → "13"
sd_uid_get_sessions(1000, …) → [2] "15 13"
sd_uid_get_seats(1000, …) → [1] "seat0"
sd_session_is_active("13") → yes
sd_session_is_remote("13") → no
sd_session_get_state("13") → "active"
sd_session_get_uid("13") → 1000
sd_session_get_type("13") → "tty"
sd_session_get_class("13") → "user"
sd_session_get_display("13") → "n/a"
sd_session_get_remote_user("13") → "n/a"
sd_session_get_remote_host("13") → "n/a"
sd_session_get_seat("13") → "seat0"
sd_session_can_multi_seat("seat0") → no
sd_session_can_tty("seat0") → no
sd_session_can_graphical("seat0") → no
sd_uid_get_state(1000, …) → active
Assertion '!!k == !!r' failed at ../src/libsystemd/sd-login/test-login.c:191, function test_login(). Aborting.
Alan Jenkins [Tue, 8 Aug 2017 14:54:15 +0000 (15:54 +0100)]
sd-login: test - fix function name in output
Torstein Husebø [Tue, 8 Aug 2017 14:05:29 +0000 (16:05 +0200)]
treewide: fix typos (#6566)
Evgeny Vereshchagin [Tue, 8 Aug 2017 06:42:51 +0000 (09:42 +0300)]
sd-bus: free everything when bus_set_address_user fails (#6552)
Fixes:
```
$ env -i valgrind --leak-check=full ./build/test-bus-chat
...
==7763== 1,888 (1,824 direct, 64 indirect) bytes in 1 blocks are
definitely lost in loss record 2 of 2
==7763== at 0x4C2FA50: calloc (vg_replace_malloc.c:711)
==7763== by 0x4F8FF9A: sd_bus_new (sd-bus.c:175)
==7763== by 0x4F938BF: sd_bus_open_user (sd-bus.c:1138)
==7763== by 0x109ACD: server_init (test-bus-chat.c:70)
==7763== by 0x10BCF8: main (test-bus-chat.c:526)
==7763==
```
Closes #6481
Xiang Fan [Tue, 8 Aug 2017 06:41:15 +0000 (01:41 -0500)]
rules: split the rfkill subsystem rule (#6556)
This patch makes sure both rules are applied to rfkill devices.
Otherwise the ENV rule may be skipped if path_id fails.
Fixes: #6528
Yu Watanabe [Wed, 2 Aug 2017 09:06:47 +0000 (18:06 +0900)]
unit: remove redundant options
Yu Watanabe [Thu, 27 Jul 2017 09:05:29 +0000 (18:05 +0900)]
tmpfiles: drop systemd-remote.conf
The directories are only used by the specific services, and
created before the services are started. So, it is not necessary
to create them by systemd-tmpfiles.
Yu Watanabe [Wed, 2 Aug 2017 08:35:11 +0000 (17:35 +0900)]
units: use {State,Logs}Directory= if they are applicable
Alan Jenkins [Mon, 7 Aug 2017 16:23:41 +0000 (17:23 +0100)]
getty-generator: shift relevant comment to above tty_is_vc()
Comments typically go immediately above the code to implement the
described behaviour. Putting it below confused me for a moment.
Yu Watanabe [Mon, 7 Aug 2017 15:37:02 +0000 (00:37 +0900)]
core: add missing properties in D-Bus API
Closes #6466.
Yu Watanabe [Wed, 2 Aug 2017 04:46:45 +0000 (13:46 +0900)]
seccomp-util: add parse_syscall_archs()
Yu Watanabe [Wed, 2 Aug 2017 04:43:44 +0000 (13:43 +0900)]
process-util: add sched_{policy,priority}_is_valid()
Yu Watanabe [Wed, 2 Aug 2017 04:42:13 +0000 (13:42 +0900)]
cpu-set-util: add parse_cpu_set()
Yu Watanabe [Mon, 7 Aug 2017 14:40:25 +0000 (23:40 +0900)]
securebits-util: add secure_bits_{from_string,to_string_alloc}()
Yu Watanabe [Mon, 7 Aug 2017 14:25:11 +0000 (23:25 +0900)]
cap-list: add capability_set_{from_string,to_string_alloc}()
Benjamin Robin [Mon, 7 Aug 2017 09:29:20 +0000 (11:29 +0200)]
build-sys: Fix Makefile wrapper for install target (#6548)
Jouke Witteveen [Mon, 7 Aug 2017 09:27:24 +0000 (11:27 +0200)]
core: propagate reload from RELOADING=1 notification (#6550)
Evgeny Vereshchagin [Mon, 7 Aug 2017 09:06:07 +0000 (12:06 +0300)]
tests: use ninja-build if ninja is not available (#6544)
This makes the tests work on CentOS, which currently has ninja-build
only.
Yu Watanabe [Mon, 7 Aug 2017 09:02:47 +0000 (18:02 +0900)]
man: DynamicUser= does not imply PrivateDevices= (#6510)
Follow-up for
effbd6d2eadb61bd236d118afc7901940c4c6b37.
Lennart Poettering [Mon, 7 Aug 2017 08:52:27 +0000 (10:52 +0200)]
Merge pull request #6549 from yuwata/pedantic-checks
journal-remote: remove MHD_USE_PEDANTIC_CHECKS from the default flags
Yu Watanabe [Mon, 7 Aug 2017 01:35:05 +0000 (10:35 +0900)]
microhttpd-util: add comment
Zbigniew Jędrzejewski-Szmek [Sun, 6 Aug 2017 20:19:49 +0000 (16:19 -0400)]
Merge pull request #6536 from yuwata/fix-warning
Core: cleanups
Yu Watanabe [Sun, 6 Aug 2017 14:34:55 +0000 (23:34 +0900)]
core: do not ignore returned values
Yu Watanabe [Sun, 6 Aug 2017 14:25:41 +0000 (23:25 +0900)]
journal-remote: remove MHD_USE_PEDANTIC_CHECKS from the default flags
Follow-up for
010585873454d07625ee962ffa2ef2823624bfbe.
Luca Bruno [Sun, 6 Aug 2017 13:24:24 +0000 (13:24 +0000)]
core: evaluate presets after generators have run (#6526)
This commit moves the first-boot system preset-settings evaluation out
of main and into the manager startup logic itself. Notably, it reverses
the order between generators and presets evaluation, so that any changes
performed by first-boot generators are taken into the account by presets
logic.
After this change, units created by a generator can be enabled as part
of a preset.
Yu Watanabe [Mon, 31 Jul 2017 23:55:15 +0000 (08:55 +0900)]
core: replace strcmp() == 0 with streq()
Yu Watanabe [Fri, 21 Jul 2017 12:29:59 +0000 (21:29 +0900)]
core: fix typo
Yu Watanabe [Wed, 2 Aug 2017 05:38:08 +0000 (14:38 +0900)]
core: define variables only when they are required
Follow-up for
7f18ef0a555a3c3cef08e0965dc453fe5954b5a7.
Yu Watanabe [Sun, 6 Aug 2017 00:37:25 +0000 (09:37 +0900)]
bus-util: do not print (uint64_t) -1 as is (#6522)
Closes #4295 and #6511.
Alan Jenkins [Sat, 5 Aug 2017 23:25:19 +0000 (00:25 +0100)]
test-condition: fix test_condition_test_group() (#6531)
I hit a test failure with the `max_gid+1` test. Problem is that we loop
over 0..r, but set `r` again within the loop (to 1). So max_gid is only
set based on the first supplementary GID.
ConditionGroup=1000 → 1
ConditionGroup=4 → 1
ConditionGroup=adm → 1
ConditionGroup=1001 → 1
Assertion 'r == 0' failed at ../src/test/test-condition.c:462, function
test_condition_test_group(). Aborting.
$ id
uid=1000(alan-sysop) gid=1000(alan-sysop) groups=1000(alan-sysop),4(adm),
10(wheel),1001(sshlogin)
dkg [Sat, 5 Aug 2017 23:19:09 +0000 (19:19 -0400)]
man: document socket requirement for systemd-socket-proxyd (#6535)
Without this requirement, if proxy-to-nginx.socket was down, and the sysadmin
were to do:
systemctl start proxy-to-nginx.service
then the service would come up without a configured socket, which doesn't make
sense. Normally this isn't how we expect a socket-activated service to start,
but it's possible for an admin to do this (if the .socket were already running,
the systemd-socket-proxyd process will start effectively idle). But the
.service shouldn't end up in a broken state if the .socket isn't already
listening.
Adding the explicit Requires: should ensure that an admin with this
configuration state can't accidentally break their system.
Mike Gilbert [Sat, 5 Aug 2017 22:30:37 +0000 (18:30 -0400)]
Revert "README: document that gperf 3.1 is required for building now" (#6541)
This reverts commit
4f5e972279d9ee6192930a0392f49cae9ad45daa.
Building with gperf 3.0 works just fine; we had an autoconf check to
determine the correct data types, and this check was ported to meson.
Martin Pitt [Fri, 4 Aug 2017 12:34:14 +0000 (14:34 +0200)]
test: Factorize common integration test functions (#6540)
All test/TEST* but TEST-02-CRYPTSETUP share the same check_result_qemu()
and test_cleanup(), so move them into test_functions and only override
them in TEST-02-CRYPTSETUP.
Also provide a common test_run() which by default assumes that both QEMU
and nspawn tests are run. Particular tests which don't support either
need to explicitly opt out by setting $TEST_NO_{QEMU,NSPAWN}. Do it this
way around to avoid accidentally forgetting to opt in, and to encourage
test authors to at least always support nspawn.
Evgeny Vereshchagin [Fri, 4 Aug 2017 11:54:47 +0000 (14:54 +0300)]
Merge pull request #6518 from joukewitteveen/process-rename
process-util: update the end pointer of the process name on rename
Jouke Witteveen [Thu, 3 Aug 2017 20:31:46 +0000 (22:31 +0200)]
test-process-util: test multiple invocations of rename_process
Jouke Witteveen [Wed, 2 Aug 2017 15:08:31 +0000 (17:08 +0200)]
process-util: update the end pointer of the process name on rename (#6492)
We only updated the end pointer when allocating new memory, i.e. on the first
call to rename_process.
Jakub Wilk [Thu, 3 Aug 2017 21:36:21 +0000 (23:36 +0200)]
man: fix typos (#6532)
Yu Watanabe [Thu, 3 Aug 2017 12:01:38 +0000 (21:01 +0900)]
meson: fix modprobedir (#6523)
Follow-up for
582faeb461aa0dd01b55bf6c9b1433532fc927d3.
Lennart Poettering [Wed, 2 Aug 2017 14:39:54 +0000 (16:39 +0200)]
Revert "units: set ConditionVirtualization=!private-users on journald audit socket" (#6513)
* Revert "modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)"
This reverts commit
582faeb461aa0dd01b55bf6c9b1433532fc927d3.
* Revert "units: set ConditionVirtualization=!private-users on journald audit socket (#6508)"
This reverts commit
d2a1ba103b4ea22764953d795c36db3d492d50c9.
Dimitri John Ledkov [Wed, 2 Aug 2017 12:41:18 +0000 (13:41 +0100)]
modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)
This allows networkd to correctly manage bond0 using networkd, when requested
by the user.
Fixes #5971 #6184
Dimitri John Ledkov [Wed, 2 Aug 2017 08:15:26 +0000 (09:15 +0100)]
units: set ConditionVirtualization=!private-users on journald audit socket (#6508)
It fails to start in an unprivileged container as audit is not namespace aware.
Jan Synacek [Wed, 2 Aug 2017 08:12:33 +0000 (10:12 +0200)]
scsi_id: add missing options to getopt_long() (#6501)
Susant Sahani [Tue, 1 Aug 2017 07:44:08 +0000 (07:44 +0000)]
networkd: add scope to address section (#6449)
This work allows to configure address Scope to
host | link | global or a number.
Closes #6446
Lennart Poettering [Tue, 1 Aug 2017 07:43:41 +0000 (09:43 +0200)]
Merge pull request #6420 from keszybz/gateway-name
Rename "gateway" to "_gateway" and other resolved changes
Fabio Kung [Tue, 1 Aug 2017 07:15:18 +0000 (00:15 -0700)]
core: check which MACs to use before a new mount ns is created (#6498)
/sys is not guaranteed to exist when a new mount namespace is created.
It is only mounted under conditions specified by
`namespace_info_mount_apivfs`.
Checking if the three available MAC LSMs are enabled requires a sysfs
mounted at /sys, so the checks are moved to before a new mount ns is
created.
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 12:50:56 +0000 (08:50 -0400)]
resolved: add debug message about stub listener
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 06:15:08 +0000 (02:15 -0400)]
resolved,nss-myhostname: use _gateway for the gateway
This changes the symbolic name for the default gateway from "gateway" to
"_gateway". A new configuration option -Dcompat-gateway-hostname=true|false
is added. If it is set, the old name is also supported, but the new name
is used as the canonical name in either case. This is intended as a temporary
measure to make the transition easier, and the option should be removed
after a few releases, at which point only the new name will be used.
The old "gateway" name mostly works OK, but hasn't gained widespread acceptance
because of the following (potential) conflicts:
- it is completely legal to have a host called "gateway"
- there is no guarantee that "gateway" will not be registered as a TLD, even
though this currently seems unlikely. (Even then, there would be no
conflict except for the case when the top-level domain itself was being resolved.
The "gateway" or "_gateway" labels have only special meaning when the
whole name consists of a single label, so resolution of any subdomain
of the hypothetical gateway. TLD would still work OK. )
Moving to "_gateway" avoids those issues because underscores are not allowed
in host names (RFC 1123, §2.1) and avoids potential conflicts with local or
global names.
v2:
- simplify the logic to hardcode "_gateway" and allow
-Dcompat-gateway-hostname=true as a temporary measure.