Zbigniew Jędrzejewski-Szmek [Thu, 28 Jan 2016 23:24:27 +0000 (18:24 -0500)]
resolved: log server type when switching servers
I'm not defining _DNS_SERVER_TYPE_MAX/INVALID as usual in the enum,
because it wouldn't be used, and then gcc would complain that
various enums don't test for _DNS_SERVER_TYPE_MAX. It seems better
to define the macro rather than add assert_not_reached() in multiple
places.
Zbigniew Jędrzejewski-Szmek [Thu, 28 Jan 2016 23:23:59 +0000 (18:23 -0500)]
resolved: add macro to compare sized fields
For consistency, generic.size is renamed to generic.data_size.
nsec3.next_hashed_name comparison was missing a size check.
Zbigniew Jędrzejewski-Szmek [Thu, 5 Feb 2015 02:06:36 +0000 (21:06 -0500)]
resolve-host: add option to list protocols
Zbigniew Jędrzejewski-Szmek [Mon, 2 Feb 2015 04:12:27 +0000 (23:12 -0500)]
resolve-host: allow specifying type as TYPEnn
This mirrors the behaviour of host and makes the conversion to and from
string symmetrical.
Zbigniew Jędrzejewski-Szmek [Mon, 2 Feb 2015 01:24:31 +0000 (20:24 -0500)]
test-tables: ellide boring parts of sparse mappings
Zbigniew Jędrzejewski-Szmek [Mon, 2 Feb 2015 01:12:46 +0000 (20:12 -0500)]
test-resolve-tables: new "test", useful to print mappings
Zbigniew Jędrzejewski-Szmek [Wed, 4 Feb 2015 22:06:33 +0000 (17:06 -0500)]
resolved: calculate and print tags for DNSKEY records
Zbigniew Jędrzejewski-Szmek [Tue, 3 Feb 2015 04:49:49 +0000 (23:49 -0500)]
resolved: expand flags field in DNSKEY records
Zbigniew Jędrzejewski-Szmek [Mon, 2 Feb 2015 04:50:50 +0000 (23:50 -0500)]
resolved: convert TLSA fields to string
Example output:
_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
-- Cert. usage: CA constraint
-- Selector: Full Certificate
-- Matching type: SHA-256
Zbigniew Jędrzejewski-Szmek [Mon, 2 Feb 2015 01:54:15 +0000 (20:54 -0500)]
resolved: OPENPGPKEY records
Zbigniew Jędrzejewski-Szmek [Mon, 2 Feb 2015 00:17:24 +0000 (19:17 -0500)]
resolved: TLSA records
Zbigniew Jędrzejewski-Szmek [Mon, 4 Aug 2014 22:59:31 +0000 (18:59 -0400)]
resolved: add alignment to base64
We try to fit the lengthy key data into available space. If the other
fields take less than half of the available columns, we use align everything
in the remaining columns. Otherwise, we put everything after a newline,
indented with 8 spaces.
This is similar to dig and other tools do.
$ COLUMNS=78 ./systemd-resolve -t any .
. IN SOA a.root-servers.net nstld.verisign-grs.com
2016012701 1800 900 604800 86400
. IN RRSIG SOA RSASHA256 0 86400
20160206170000 20160127160000 54549
S1uhUoBAReAFi5wH/KczVDgwLb+B9Zp57dSYj9aX4XxBhKuzccIducpg0wWXhjCRAWuzY
fQ/J2anm4+C4BLUTdlytPIemd42SUffQk2WGuuukI8e67nkrNF3WFtoeXQ4OchsyO24t2
rxi682Zo9ViqmXZ+MSsjWKt1jdem4noaY=
. IN NS h.root-servers.net
. IN NS k.root-servers.net
. IN NS e.root-servers.net
. IN NS c.root-servers.net
. IN NS b.root-servers.net
. IN NS g.root-servers.net
. IN NS d.root-servers.net
. IN NS f.root-servers.net
. IN NS i.root-servers.net
. IN NS j.root-servers.net
. IN NS m.root-servers.net
. IN NS a.root-servers.net
. IN NS l.root-servers.net
. IN RRSIG NS RSASHA256 0 518400
20160206170000 20160127160000 54549
rxhmTVKUgs72G3VzL+1JRuD0nGLIrPM+ISfmUx0eYUH5wZD5XMu2X+8PfkAsEQT1dziPs
ac+zK1YZPbNgr3yGI5H/wEbK8S7DmlvO+/I9WKTLp/Zxn3yncvnTOdjFMZxkAqHbjVOm+
BFz7RjQuvCQlEJX4PQBFphgEnkiOnmMdI=
. IN NSEC aaa ( NS SOA RRSIG NSEC DNSKEY )
. IN RRSIG NSEC RSASHA256 0 86400
20160206170000 20160127160000 54549
HY49/nGkUJJP1zLmH33MIKnkNH33jQ7bsAHE9itEjvC4wfAzgq8+Oh9fjYav1R1GDeJ2Z
HOu3Z2uDRif10R8RsmZbxyZXJs7eHui9KcAMot1U4uKCCooC/5GImf+oUDbvaraUCMQRU
D3mUzoa0BGWfxgZEDqZ55raVFT/olEgG8=
. IN DNSKEY 257 3 RSASHA256 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0
O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0
NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL4
96M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1ap
AzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6
dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ2
5AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1
ihz0=
. IN DNSKEY 256 3 RSASHA256 AwEAAbr/RV0stAWYbmKOldjShp4AOQGOyY3ATI1NUpP4X1qBs
6lsXpc+1ABgv6zkg02IktjZrHnmD0HsElu3wqXMrT5KL1W7Sp
mg0Pou9WZ8QttdTKXwrVXrASsaGI2z/pLBSnK8EdzqUrTVxY4
TEGZtxV519isM06CCMihxTn5cfFBF
. IN RRSIG DNSKEY RSASHA256 0 172800
20160204235959 20160121000000 19036
XYewrVdYKRDfZptAATwT+W4zng04riExV36+z04kok09W0RmOtDlQrlrwHLlD2iN/zYpg
EqGgDF5T2xlrQdNpn+PFHhypHM7NQAgLTrwmiw6mGbV0bsZN3rhFxHwW7QVUFAvo9eNVu
INrjm+sArwxq3DnPkmA+3K4ikKD2iiT/jT91VYr9SHFqXXURccLjI+nmaE7m31hXcirX/
r5i3J+B4Fx4415IavSD72r7cmruocnCVjcp+ZAUKeMyW+RwigzevLz3oEcCZ4nrTpGLEj
wFaVePYoP+rfdmfLfTdmkkm4APRJa2My3XOdGFlgNS1pW1pH4az5LapLE2vMO7p1aQ==
-- Information acquired via protocol DNS in 14.4ms.
-- Data is authenticated: no
Zbigniew Jędrzejewski-Szmek [Wed, 27 Jan 2016 21:25:48 +0000 (16:25 -0500)]
man: force space in cmdsynopsis
Docbook renders the man page as "[OPTIONS]--type" without it.
Zbigniew Jędrzejewski-Szmek [Wed, 27 Jan 2016 21:15:05 +0000 (16:15 -0500)]
resolved: emit full path to file we failed to write
Otherwise it's unclear if it's /etc/resolv.conf or some
other file that is meant.
Daniel Mack [Thu, 28 Jan 2016 16:37:06 +0000 (17:37 +0100)]
Merge pull request #2463 from poettering/machined-tty-fix
Fixes for the service TTY reset logic and other stuff
Lennart Poettering [Thu, 28 Jan 2016 16:00:38 +0000 (17:00 +0100)]
basic: getauxval(AT_RANDOM) is apparently not necessarily aligned
Let's make sure we read it in a way compatible with non-aligned memory.
Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812928
Lennart Poettering [Thu, 28 Jan 2016 15:43:23 +0000 (16:43 +0100)]
systemctl: don't make up unit states, and don't eat up errors to eagerly
When checking a unit's state, don't ignore errors too eagerly, but generate proper error messages. Also, don't
synthesize an "unknown" state on error, but let the operation file. If a unit file isn't loaded treat this as
"inactive" as that's effectively what it means.
Lennart Poettering [Thu, 28 Jan 2016 15:33:31 +0000 (16:33 +0100)]
systemctl: don't mangle unit names in check_unit_generic()
As it turns out all callers of check_unit_generic() already mangle unit names, or get the unit names directly from PID
1 (and hence arein normalized form anyway), hence there's no point in mangling then...
Lennart Poettering [Thu, 28 Jan 2016 15:28:01 +0000 (16:28 +0100)]
shared: meanor clean-ups for logs-show.c
Some minor simplifications. Shouldn't change codepaths.
Lennart Poettering [Thu, 28 Jan 2016 15:25:39 +0000 (16:25 +0100)]
core: don't reset /dev/console if stdin/stdout/stderr as passed as fd in a transient service
Otherwise we might end resetting /dev/console all the time when a transient service starts or stops.
Fixes #2377
Fixes #2198
Fixes #2061
Jan Engelhardt [Mon, 26 Oct 2015 15:10:17 +0000 (16:10 +0100)]
doc: improved wording in some places
Avoid "mountpoint mounted" (word repetition),
"queriable" (no match in m-w.com and dict.cc).
Jan Engelhardt [Thu, 5 Nov 2015 11:55:25 +0000 (12:55 +0100)]
man: try to repair some nonsensical paragraph
Jan Engelhardt [Mon, 2 Nov 2015 09:47:42 +0000 (10:47 +0100)]
man: top-align cell text for large tables
Jan Engelhardt [Mon, 2 Nov 2015 09:36:56 +0000 (10:36 +0100)]
man: avoid double virtualization
"VM virtualization" <=> "virtual machine virtualization", and double
virtualization is just incorrect in this context.
Daniel Mack [Thu, 28 Jan 2016 09:06:57 +0000 (10:06 +0100)]
Merge pull request #2455 from keszybz/man-pages
man: fix reference to an external man page
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jan 2016 22:56:42 +0000 (17:56 -0500)]
man: fix references to a few external man pages
Noticed in pull request #2067.
Zbigniew Jędrzejewski-Szmek [Wed, 27 Jan 2016 22:25:37 +0000 (17:25 -0500)]
Merge pull request #2454 from splantefeve/master
.gitignore: add test-ask-password-api
Sylvain Plantefève [Wed, 27 Jan 2016 21:56:31 +0000 (22:56 +0100)]
.gitignore: add test-ask-password-api
Daniel Mack [Wed, 27 Jan 2016 16:57:49 +0000 (17:57 +0100)]
Merge branch 'pr/980'
Andrei Borzenkov [Mon, 17 Aug 2015 17:28:56 +0000 (20:28 +0300)]
man: make systemctl is-enabled description match enable.
systemctl is-enabled is not limited to wants.d - it also checks for
requires.d and alias links.
Lennart Poettering [Wed, 27 Jan 2016 15:53:11 +0000 (16:53 +0100)]
CONTRIBUTING.md: Minor typo fix
Lennart Poettering [Wed, 27 Jan 2016 13:25:47 +0000 (14:25 +0100)]
Merge pull request #2451 from zonque/pr-2162-rebased
utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, i…
Shawn Landden [Sun, 13 Dec 2015 22:26:43 +0000 (14:26 -0800)]
utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, int16_t
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.
[
@zonque:
* rebased to current master
* use AC_CHECK_DECLS to detect availibility of char{16,32}_t
* make utf8_encoded_to_unichar() return int
]
Daniel Mack [Wed, 27 Jan 2016 12:35:18 +0000 (13:35 +0100)]
Merge pull request #2445 from poettering/various-fixes
A number of fixes
Lennart Poettering [Tue, 26 Jan 2016 22:40:59 +0000 (23:40 +0100)]
nss-resolve: also fall back to nss-dns if dbus doesn't work
Fixes #1692
Lennart Poettering [Tue, 26 Jan 2016 21:34:46 +0000 (22:34 +0100)]
nss: block various signals while running NSS lookups
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be
interrupted where they should (SIGINT, ...).
Fixes #1965
Lennart Poettering [Tue, 26 Jan 2016 19:36:54 +0000 (20:36 +0100)]
man: document slices.target
Fixes: #2438
Lennart Poettering [Tue, 26 Jan 2016 19:25:10 +0000 (20:25 +0100)]
basic: don't append suffixes to unit name glob expressions
When the user specifies "foo*" as unit name glob expression, we shouldn't turn this into "foo*.service". Hence: only
append a suffix if the specified string isn't a glob expression.
Fixes: #2397
Lennart Poettering [Tue, 26 Jan 2016 18:50:04 +0000 (19:50 +0100)]
man: document that unit file globbing only operates on primary unit names
See: #2397
Lennart Poettering [Tue, 26 Jan 2016 18:49:08 +0000 (19:49 +0100)]
systemctl: piece-meal strv extension is expensive
If we have many entries to add to an strv we really should try to be smarter than constantly realloc()ing the strv
array. Instead, grow it exponentially.
Lennart Poettering [Tue, 26 Jan 2016 18:48:29 +0000 (19:48 +0100)]
tests: don't abbreviate function names needlessly
THis is otherwise really hard to read...
Lennart Poettering [Tue, 26 Jan 2016 18:02:12 +0000 (19:02 +0100)]
machined: add early checks for unrealistically large image/pool sizes
Lennart Poettering [Tue, 26 Jan 2016 18:00:56 +0000 (19:00 +0100)]
machined: when the pool limit is set to infinity don't resize backing loopback file
An unlimited quota makes a lot of sense, but we really should try to propagate this onto the loopback file size, since
an infinitely sized file makes no sense.
Fixes: #2314 #2253
Tom Gundersen [Wed, 27 Jan 2016 00:17:52 +0000 (01:17 +0100)]
Merge pull request #1975 from ssahani/vxlan2
networkd: Add support to configure VXLAN Port
Lennart Poettering [Tue, 26 Jan 2016 22:42:38 +0000 (23:42 +0100)]
Merge pull request #2446 from keszybz/ask-password
Ask password unicode fix
Zbigniew Jędrzejewski-Szmek [Tue, 26 Jan 2016 22:05:38 +0000 (17:05 -0500)]
ask-password-api: only emit a star on valid unicode codepoint
https://bugzilla.redhat.com/show_bug.cgi?id=1301984
Zbigniew Jędrzejewski-Szmek [Tue, 26 Jan 2016 14:02:31 +0000 (09:02 -0500)]
test-ask-password-api: add a manual test for password reading
Lennart Poettering [Tue, 26 Jan 2016 20:52:30 +0000 (21:52 +0100)]
Merge pull request #2306 from walyong/exec_v01
[v1] core: resolve specifier in config_parse_exec()
Lennart Poettering [Tue, 26 Jan 2016 19:39:33 +0000 (20:39 +0100)]
Merge pull request #2444 from phomes/resolve-compare-function
resolve: fix compare function for EtcHostItem
Thomas Hindoe Paaboel Andersen [Tue, 26 Jan 2016 19:13:34 +0000 (20:13 +0100)]
resolve: fix compare function for EtcHostItem
From
dd0bc0f1
Lennart Poettering [Tue, 26 Jan 2016 19:27:25 +0000 (20:27 +0100)]
Merge pull request #2442 from samukallio/nss-resolve-fix-aliases
nss-resolve: fix gethostbyaddr h_aliases
Samu Kallio [Tue, 26 Jan 2016 17:26:48 +0000 (19:26 +0200)]
nss-resolve: fix gethostbyaddr h_aliases
Fix the comparison to include the first alias, which will
otherwise be left as a bogus pointer.
Tom Gundersen [Tue, 26 Jan 2016 17:16:48 +0000 (18:16 +0100)]
Merge pull request #2440 from poettering/journal-fix
journald: minor fixes
Tom Gundersen [Tue, 26 Jan 2016 17:07:19 +0000 (18:07 +0100)]
Merge pull request #2437 from poettering/dnssec19
nineteenth dnssec patch
Lennart Poettering [Tue, 26 Jan 2016 15:14:11 +0000 (16:14 +0100)]
Merge pull request #2433 from dobyrch/master
zsh-completion: Escape results for `journalctl --unit`
Lennart Poettering [Tue, 26 Jan 2016 13:50:43 +0000 (14:50 +0100)]
Merge pull request #2441 from msekletar/killing-spree-excluded-log-v3
shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1 (v3)
Lennart Poettering [Tue, 26 Jan 2016 12:48:57 +0000 (13:48 +0100)]
journald: add a couple of static asserts checking logging constants
Whenever we include a log level or facility in a journal string field, make sure the compiler checks for us that that's
actually the right thing to do.
Lennart Poettering [Tue, 26 Jan 2016 12:48:32 +0000 (13:48 +0100)]
journald: fix LOG_AUTH facility in audit code
Fixes: #2304
Lennart Poettering [Tue, 26 Jan 2016 12:42:04 +0000 (13:42 +0100)]
man: document that logind's RemoveIPC= option excepts all system users
Fixes #2324.
Lennart Poettering [Tue, 26 Jan 2016 12:37:42 +0000 (13:37 +0100)]
update TODO
This gets rid of the private DNSSEC TODO and moves it in the main TODO dump site, as the DNSSEC implementation is
pretty complete now, and the remaining bits are low-priority.
Lennart Poettering [Tue, 26 Jan 2016 12:36:33 +0000 (13:36 +0100)]
resolved: prorize rtnl and sd-network event sources
Lets make sure we always take notice of network changes before answering client requests.
This way, calls like SetLinkDNS() become race-free as the specified interface index is guarantee to have been processed
if it exists before we make changes to it.
Lennart Poettering [Tue, 26 Jan 2016 12:22:12 +0000 (13:22 +0100)]
resolved: fix the rcode to SUCCESS if we find at least one matching RR in a DNS response
If we encounter NXDOMAIN, but find at least one matching RR in a response, then patch it to become SUCCESS. This should
clean up handling of CNAME/DNAMEs, and makes sure broken servers and those conforming to RFC 6604 are treated the same
way. The new behaviour opposes the logic suggested in RFC 6604, but given that some servers don't implement it
correctly, and given that in some ways the CNAME/DNAME chains will be incomplete anyway, and given that DNSSEC
generally only allows us to prove the first element of a CNAME/DNAME chain, this should simplify things for us.
Lennart Poettering [Mon, 25 Jan 2016 22:48:32 +0000 (23:48 +0100)]
CONTRIBUTING: fix markdown layout
Lennart Poettering [Mon, 25 Jan 2016 22:40:02 +0000 (23:40 +0100)]
resolved: allow configuration of routing domains in Domains=
Lennart Poettering [Mon, 25 Jan 2016 22:19:49 +0000 (23:19 +0100)]
resolved: teach resolved the difference between "routing" and "search" domains
Following the changes to expose the "routing" and "search" domain concepts in networkd, actually make resolved use
them. It will now use routing domains exclusively for making DNS routing decisions, and use search domains additionally
for extending single-label names.
Lennart Poettering [Mon, 25 Jan 2016 21:42:36 +0000 (22:42 +0100)]
util: introduce fputs_with_space() and make use of it at various places
The call combines outputing a string with prefixing it with a space, optionally. This is useful to shorten the logic
for outputing lists of strings, that are space separated.
Lennart Poettering [Mon, 25 Jan 2016 21:27:01 +0000 (22:27 +0100)]
networkd: optinally use DHCP lease domain info for routing only
This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the
boolean values. If set, the passed domain information is used for routing rules only, but not for the search path
logic.
Lennart Poettering [Mon, 25 Jan 2016 20:47:02 +0000 (21:47 +0100)]
networkd: rename a few Network object properties to be more like the configuration settings
All booleans called dhcp_xyz are now called ".dhcp_use_xyz", to match their respective configuration file settings. This
should clarify things a bit, in particular as there is a DHCP hostname that was previously called just ".hostname"
because ".dhcp_hostname" was already existing as a bool. Since this confusion is removed now because the bool is called
".dhcp_use_hostname", the string field is now renamed to ".dhcp_hostname".
Lennart Poettering [Mon, 25 Jan 2016 20:32:14 +0000 (21:32 +0100)]
shared: normalize the root domain to "." rather than ""
Let's make sure the root domain is normalized to ".", rather than then empty string, so that there's actually something
to see on screen. Normally, we don't append a trailing dot to normalized domain names, but do so in the one exception
of the root domain, taking inspiration from UNIX file system paths.
Lennart Poettering [Mon, 25 Jan 2016 19:48:07 +0000 (20:48 +0100)]
dhcp: make host/domain name validity checks stricter
Also don't permit host/domain names that reference the root domain, and unify the codepaths for this.
Lennart Poettering [Mon, 25 Jan 2016 19:33:47 +0000 (20:33 +0100)]
networkd: when filtering out duplicate domain names use DNS comparison
When we collect the domain names of the various links and other sources in one ordered set, make sure to use proper DNS
name comparison to filter out duplicates.
Lennart Poettering [Mon, 25 Jan 2016 19:31:11 +0000 (20:31 +0100)]
networkd: use an OrderedSet instead of Set to collect link domains
For the search domain logic the order is highly relevant, hence make sure when collecting the various search domains to
add them to an ordered set, so that the order between search domains of a specific link is retained.
Lennart Poettering [Mon, 25 Jan 2016 19:14:58 +0000 (20:14 +0100)]
networkctl: move strv_isempty() check into dump_list()
Previously, each invocation of dump_list() was prefixed with a call to strv_isempty() to suppress invocation of the
function when the list is empty anyway. Move the check into the function itself, so that we can reduce the code a bit
in size.
(Also, prefix a couple of invocations we knowingly ignore return errors with a (void) cast).
Lennart Poettering [Mon, 25 Jan 2016 18:46:00 +0000 (19:46 +0100)]
networkd: rework Domains= setting
Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was
the "DNS domain" for the network connection, without specifying what that means.
With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are
to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching
single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains="
setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups),
while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the
routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already
implemented before using the "wildcard" domain concept.
This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not
used by resolved yet, this will be added in a later commit.
Lennart Poettering [Tue, 26 Jan 2016 13:20:45 +0000 (14:20 +0100)]
Merge pull request #2424 from keszybz/journald-disk-usage
Journald disk usage
Lennart Poettering [Tue, 26 Jan 2016 13:06:35 +0000 (14:06 +0100)]
journald: minor fixes
This primarily contains some minor coding style fixups for
7a24f3bf2fb181243a1957a0cdd54cd919396793 and earlier changes. Specifically:
* Don't log at log levels above LOG_DEBUG from "library" code like journal-file.c
* Don't negate errno values before passing them to log_debug_errno(), as the call can handle this fine anyway
* Cast some calls we knowingly ignore the return values of to (void)
* Don't clobber function call-by-ref return values on failure
* Don't mix function calls and variable declarations in one line
There's also one more relevant change: when failing to enqueue a journal change fs event, we'll run it immediately.
Michal Sekletar [Sun, 24 Jan 2016 15:08:36 +0000 (16:08 +0100)]
shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1
Daniel Mack [Tue, 26 Jan 2016 12:36:30 +0000 (13:36 +0100)]
Merge pull request #2436 from grawity/fix/tasks-max
logind: update documentation for
cf7d1a30e44
Mantas Mikulėnas [Tue, 26 Jan 2016 12:24:06 +0000 (14:24 +0200)]
logind: update documentation for
cf7d1a30e44
Daniel Mack [Tue, 26 Jan 2016 08:39:56 +0000 (09:39 +0100)]
Merge pull request #2434 from keszybz/man-pages
Man pages
Daniel Mack [Tue, 26 Jan 2016 08:12:38 +0000 (09:12 +0100)]
Merge pull request #2435 from evverx/tests-setup-selinux
tests: add setup_selinux
Zbigniew Jędrzejewski-Szmek [Tue, 26 Jan 2016 01:20:58 +0000 (20:20 -0500)]
man: add stub sd-bus(3)
We have 126 broken links to sd-bus.html, it's nice to fix that.
Current version is mostly a stub, with a long list of links to other
pages. I think that's fine, especially that sd-bus might evolve
quite a bit before it is made public.
Not all of linked pages are written. Still missing:
sd_bus_can_send
sd_bus_get_name_creds
sd_bus_get_owner_creds
sd_bus_message_can_send
sd_bus_message_get_creds
sd_bus_message_set_allow_interactive_authorization
sd_bus_send
sd_bus_set_address
sd_bus_set_description
sd_bus_start
sd_event_set_prepare
sd-device
systemd.busname
Zbigniew Jędrzejewski-Szmek [Tue, 26 Jan 2016 00:05:47 +0000 (19:05 -0500)]
man: fix reference to sd_event_source_get_io_revents
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jan 2016 22:56:42 +0000 (17:56 -0500)]
man: fix references to a few external man pages
Noticed in pull request #2067.
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jan 2016 23:54:31 +0000 (18:54 -0500)]
build-sys: provide fallback value for xsltproc
Commit
ab6f56debf made the change to allow building man pages even when disabled
with ./configure --disable-manpages. This works fine, as long as xsltproc is
present. If xsltproc is not present, the command to build a man page (obviously)
fails. Unfortnately it fails with a cryptic message '-o not found', because
$(XSLTPROC) is empty. Add a fallback, to use 'xsltproc' is $(XSLTPROC) is not
defined. This way we get a nice message:
make: xsltproc: Command not found
Douglas Christman [Mon, 25 Jan 2016 23:10:31 +0000 (18:10 -0500)]
zsh-completion: Escape results for `journalctl --unit`
Escape colons and backslashes in unit names.
This gives correct completions for units with names like
systemd-backlight@backlight:acpi_video0.service
and
systemd-fsck@dev-disk-by\x2duuid-...
Tom Gundersen [Mon, 25 Jan 2016 19:28:38 +0000 (20:28 +0100)]
Merge pull request #2392 from poettering/dnssec18
eightteenth dnssec patch
Lennart Poettering [Mon, 25 Jan 2016 18:34:52 +0000 (19:34 +0100)]
Merge pull request #2240 from hgwalles/coredump-delete-bug
coredump: fix bug that loses core dump files when core dumps are compressed and disk space is low.
Hayden Walles [Wed, 23 Dec 2015 18:59:31 +0000 (13:59 -0500)]
coredump: fix bug that loses core dump files when core dumps are compressed and disk space is low.
Previously the save_external_coredump function returned a file
descriptor corresponding to the dumped file. This descriptor was used
for two different purposes by calling code: a) access to the raw core
dump data; b) testing candidate files (via inode comparisons) while
vacuuming to protect the current core dump from vacuuming.
The descriptor returned always corresponded to a file containing the raw
core dump data. However if compresson was used and the core dump was
compressed then the descriptor returned did not correspond to the file
that would eventually be left on disk (ie the compressed file). Thus
the file was never protected by vacuuming. When disk space was low all
core dumps including the current one would be vacuumed and the
corresponding log message referred to a file that no longer existed.
This resulted in the following error message from coredumpctl if the
missing core dump was requested:
Cannot retrieve coredump from journal nor disk.
Failed to retrieve core: No such file or directory
save_external_coredump now returns two descriptors, one to be used for
inode comparisons to prevent overzealous vacuuming and one to be used
for raw data access. When compression is not used the returned inode
comparison descriptor will be invalid, indicating that the raw data
access descriptor should be used for inode comparisons as well.
Corresponding use of save_external_coredump and the returned
descriptors also updated.
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jan 2016 16:52:22 +0000 (11:52 -0500)]
Merge pull request #2430 from lnykryn/is-active-failed
systemctl: is-active/failed should return 0 if at least one unit is in given state
Previously:
[lnykryn@notas lnykryn-systemd(is-active-failed)]$ systemctl is-failed fail cups; echo $?
failed
active
1
now:
[lnykryn@notas lnykryn-systemd(is-active-failed)]$ ./systemctl is-failed fail cups; echo $?
failed
active
0
Lennart Poettering [Mon, 25 Jan 2016 16:16:27 +0000 (17:16 +0100)]
udev: filter out non-sensically high onboard indexes reported by the kernel
Let's not accept onboard interface indexes, that are so high that they are obviously non-sensical.
Fixes: #2407
Lennart Poettering [Mon, 25 Jan 2016 14:48:36 +0000 (15:48 +0100)]
resolved: don't consider NSEC/NSEC3 RRs as "pimary" for transactions
So far, abritrary NSEC and NSEC3 RRs were implicitly consider "primary" for any transaction, meaning we'd abort the
transaction immediately if we couldn't validate it. With this patch this logic is removed, and the NSEC/NSEC3 RRs will
not be considered primary anymore. This has the effect that they will be dropped from the message if they don't
validate, but processing continues. This is safe to do, as they are required anyway to validate positive wildcard and
negative responses, and if they are missing then, then message will be considered unsigned, which hence means the
outcome is effectively the same.
This is benefical in case the server sends us NSEC/NSEC3 RRs that are not directly related to the lookup we did, but
simply auxiliary information. Previously, if we couldn't authenticate those RRs we'd fail the entire lookup while with
this change we'll simply drop the auxiliary information and proceed without it.
Lennart Poettering [Fri, 22 Jan 2016 17:43:41 +0000 (18:43 +0100)]
resolved: don't insist in RRSIG metadata for NSEC3 RRs that have not been authenticated
In some cases we get NSEC3 RRs that have not been authenticated (because the chain of trust to the root is somewhere
broken). We can use these for checking negative replies, as long as we don't claim they were ultimately authenticated.
This means we need to be able to deal with NSEC3 RRs that lack RRSIG metadata.
Lennart Poettering [Fri, 22 Jan 2016 16:34:10 +0000 (17:34 +0100)]
resolved: use dns_query_reset_answer() where we can
Lennart Poettering [Fri, 22 Jan 2016 16:25:28 +0000 (17:25 +0100)]
update DNSSEC TODO
Lennart Poettering [Fri, 22 Jan 2016 16:24:05 +0000 (17:24 +0100)]
resolved: properly propagate query candidate error
We already properly propagate errors from transactions to queries. Make sure that errors that happened during handling
of query candidates are propagated to the query, too.
Lennart Poettering [Fri, 22 Jan 2016 16:22:23 +0000 (17:22 +0100)]
resolved: replace DNS_TRANSACTION_RESOURCES by DNS_TRANSACTION_ERRNO
Whenever we encounter an OS error we did not expect, we so far put the transaction into DNS_TRANSACTION_RESOURCES
state. Rename this state to DNS_TRANSACTION_ERRNO, and save + propagate the actual system error to the caller. This
should make error messages triggered by system errors much more readable by the user.
Lennart Poettering [Fri, 22 Jan 2016 15:20:25 +0000 (16:20 +0100)]
catalog: add DNSSEC log messages to message catalog
Lennart Poettering [Fri, 22 Jan 2016 15:16:33 +0000 (16:16 +0100)]
catalog: fix line width to 79 chars
Line breaks default to 119 characters for systemd sources now, configured through the .vimrc and .dir-local.el files.
However, for the catalog files we really should stick to 79 chars, as they are regularly shown on terminal screens.
Lennart Poettering [Fri, 22 Jan 2016 12:39:31 +0000 (13:39 +0100)]
resolved: log recognizably about DNSSEC downgrades
If we downgrade from DNSSEC to non-DNSSEC mode, let's log about this in a recognizable way (i.e. with a message ID),
after all, this is of major importance.