Lennart Poettering [Wed, 8 Feb 2017 19:13:58 +0000 (20:13 +0100)]
resolved: also synthesize records for the full local hostname
Previously, we'd only synthesize RRs for the LLMNR and mDNS versions of
the hostnames (i.e. the first label of the kernel hostname, as well as
the first label of the kernel hostname suffixed with .local). With this
change, we also synthesize an RR for the full hostname, which is
relevant in case it has more than one label.
Fixes: #5041
Lennart Poettering [Wed, 8 Feb 2017 19:00:07 +0000 (20:00 +0100)]
nss-myhostname: don't fill scopeid for non-link-local addresses
Inspired by #4465, we shouldn't do this for nss-myhostname either.
Lennart Poettering [Wed, 8 Feb 2017 18:55:16 +0000 (19:55 +0100)]
resolved: when a server response with REFUSED, try a different one
Fixes: #4264
Lennart Poettering [Wed, 8 Feb 2017 18:40:48 +0000 (19:40 +0100)]
nss-resolve: don't set scopeindex for non-link-local addresses
Apparently some apps don't like that. And given that this isn't
necessary for link-local addresses, let's suppress this information.
Fixes: #4465
Lennart Poettering [Wed, 8 Feb 2017 18:22:49 +0000 (19:22 +0100)]
resolved: when following a CNAME initialize authenticated bit by the weakest answer
When following a CNAME chain, don't set the authenticated bit, unless
all lookups in the chain could be authenticated.
Lennart Poettering [Wed, 8 Feb 2017 18:12:55 +0000 (19:12 +0100)]
resolved: follow CNAMES for DNS stub replies
Clients expect us to follow CNAMEs for them, hence do so. On the first
iteration start putting together a packet, and then keep adding data we
acquire through CNAMEs to it, until we finally send it off.
Fixes: #3826
Lennart Poettering [Wed, 8 Feb 2017 16:59:58 +0000 (17:59 +0100)]
tree-wide: make bus_map_all_properties return a proper sd_bus_error
And then show it, to make things a bit friendlier to the user if we fail
acquiring some props.
In fact, this fixes a number of actual bugs, where we used an error
structure for output that we actually never got an error in.
Lennart Poettering [Wed, 8 Feb 2017 16:59:18 +0000 (17:59 +0100)]
core: fix minor memory leak
Zbigniew Jędrzejewski-Szmek [Thu, 9 Feb 2017 14:42:43 +0000 (09:42 -0500)]
Merge pull request #5287 from poettering/exit-codes
rework WorkingDirectory= and RootDirectory= management for services
Zbigniew Jędrzejewski-Szmek [Thu, 9 Feb 2017 14:18:41 +0000 (09:18 -0500)]
Merge pull request #5255 from poettering/percent-escape
fstab-generator: Options= applies specifier expansion
Lennart Poettering [Thu, 9 Feb 2017 12:17:00 +0000 (13:17 +0100)]
execute: set the right exit status for CHDIR vs. CHROOT
Fixes: #5125
Lennart Poettering [Thu, 9 Feb 2017 12:16:51 +0000 (13:16 +0100)]
execute: use prefix_roota() where appropriate
Lennart Poettering [Thu, 9 Feb 2017 10:58:39 +0000 (11:58 +0100)]
execute: set working directory to /root if User= is not set, but WorkingDirectory=~ is
Or actually, try to to do the right thing depending on what is
available:
- If we know $HOME from User=, then use that.
- If the UID for the service is 0, hardcode that WorkingDirectory=~ means WorkingDirectory=/root
- In any other case (which will be the unprivileged --user case), use
get_home_dir() to find the $HOME of the user we are running as.
- Otherwise fail.
Fixes: #5246 #5124
Lennart Poettering [Thu, 9 Feb 2017 10:43:44 +0000 (11:43 +0100)]
Revert "core/execute: set HOME, USER also for root users"
This reverts commit
8b89628a10af3863bfc97872912e9da4076a5929.
This broke #5246
27o [Thu, 9 Feb 2017 09:36:13 +0000 (10:36 +0100)]
networkd: add multicast membership to lldp socket (#5282)
27o [Thu, 9 Feb 2017 09:15:21 +0000 (10:15 +0100)]
dhcp-server: always save the ACKed lease address (#5281)
Martin Pitt [Thu, 9 Feb 2017 07:35:28 +0000 (08:35 +0100)]
Merge pull request #5279 from keszybz/man-reverts
A revert and some other tweaks for the man pages
Zbigniew Jędrzejewski-Szmek [Thu, 9 Feb 2017 04:05:05 +0000 (23:05 -0500)]
Merge pull request #4962 from poettering/root-directory-2
Add new MountAPIVFS= boolean unit file setting + RootImage=
Zbigniew Jędrzejewski-Szmek [Thu, 9 Feb 2017 03:53:16 +0000 (22:53 -0500)]
man: add more commas for clarify and reword a few sentences
Zbigniew Jędrzejewski-Szmek [Thu, 9 Feb 2017 01:23:12 +0000 (20:23 -0500)]
man: revert documentation about RequiresMountsFor= honoring noauto
This effectively reverts commit
5d2abc04fc95f5c5f6d0eaf2f:
Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Wed Apr 16 22:15:42 2014 -0400
man: document relationship between RequiresMountsFor and noauto
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
Fixes #5249.
Zbigniew Jędrzejewski-Szmek [Thu, 9 Feb 2017 01:13:57 +0000 (20:13 -0500)]
man: break long lines and update Fedora versions
We should try to keep the unbreakable lines below 80 columns.
It's not always possible of course.
Also, use the dl.fp.o alias instead of a specific mirror.
Evgeny Vereshchagin [Thu, 9 Feb 2017 00:31:22 +0000 (03:31 +0300)]
Merge pull request #5270 from poettering/seccomp-namespace-fix
swap seccomp filter params on s390
David Glasser [Wed, 8 Feb 2017 23:12:36 +0000 (15:12 -0800)]
man: fix docs for swap's DefaultDependencies= (#5278)
There was a missing dependency and one with the wrong type. Additionally, refer
to DefaultDependencies= once instead of twice, without a vague reference in the
first one that doesn't mention that the value matters.
Fixes #5226.
Lennart Poettering [Wed, 8 Feb 2017 15:29:05 +0000 (16:29 +0100)]
update TODO
Lennart Poettering [Wed, 8 Feb 2017 15:21:11 +0000 (16:21 +0100)]
seccomp: on s390 the clone() parameters are reversed
Add a bit of code that tries to get the right parameter order in place
for some of the better known architectures, and skips
restrict_namespaces for other archs.
This also bypasses the test on archs where we don't know the right
order.
In this case I didn't bother with testing the case where no filter is
applied, since that is hopefully just an issue for now, as there's
nothing stopping us from supporting more archs, we just need to know
which order is right.
Fixes: #5241
Jan Synacek [Wed, 8 Feb 2017 19:57:08 +0000 (20:57 +0100)]
systemctl: make sure that --now is carried out (#5209)
When services are already enabled/disabled/masked, make sure
that --now still enforces start/stop.
Franck Bui [Wed, 8 Feb 2017 19:56:22 +0000 (20:56 +0100)]
sd-event: "when exiting no signal event are pending" is a wrong assertion (#5271)
The code make the following assertion: when freeing a event loop object
(usually it's done after exiting from the main event loop), no signal events
are still queued and are pending.
This assertion can be found in event_unmask_signal_data() with
"assert(!d->current);" assertion.
It appears that this assertion can be wrong at least in a specific case
described below.
Consider the following example which is inspired from udev: a process defines 3
source events: 2 are created by sd_event_add_signal() and 1 is created by
sd_event_add_post().
1. the process receives the 2 signals consecutively so that signal 'A' source
event is queued and pending. Consequently the post source event is also
queued and pending. This is done by sd_event_wait().
2. The callback for signal 'A' is called by sd_event_dispatch().
3. The next call to sd_event_wait() will queue signal 'B' source event.
4. The callback for the post source event is called and calls sd_event_exit().
5. the event loop is exited.
6. freeing the event loop object will lead to the assertion failure in
event_unmask_signal_data().
This patch simply removes this assertion as it doesn't seem to be a
bug if the signal data still reference a signal source at this point.
Peter Körner [Wed, 8 Feb 2017 18:42:43 +0000 (19:42 +0100)]
sysctl.d: replace URL of SysRq key documentation (#5274)
The kernel documentation page is not distribution specific and also more
likely to be up to date than the Fedora wiki page referenced previously.
Lennart Poettering [Wed, 8 Feb 2017 16:14:58 +0000 (17:14 +0100)]
fstab-generator: also convert % → %% for What=
Same reasons as the previous patch.
Lennart Poettering [Tue, 7 Feb 2017 12:08:56 +0000 (13:08 +0100)]
fstab-generator: Options= applies specifier expansion
Let's document that this is the case, and properly escape % when we
generate Options= in the generator.
Fixes: #5086
Philip Withnall [Wed, 8 Feb 2017 15:54:31 +0000 (15:54 +0000)]
nspawn: Add support for sysroot pivoting (#5258)
Add a new --pivot-root argument to systemd-nspawn, which specifies a
directory to pivot to / inside the container; while the original / is
pivoted to another specified directory (if provided). This adds
support for booting container images which may contain several bootable
sysroots, as is common with OSTree disk images. When these disk images
are booted on real hardware, ostree-prepare-root is run in conjunction
with sysroot.mount in the initramfs to achieve the same results.
Philip Withnall [Wed, 8 Feb 2017 15:53:01 +0000 (15:53 +0000)]
test: Fix a maybe-uninitialised compiler warning (#5269)
The compiler warning is a false positive, since n_addresses is always
initialised on the success path from parse_argv(), but the compiler
obviously can’t work that out.
Fixes:
src/test/test-nss.c:426:9: warning: 'n_addresses' may be used uninitialized in this function [-Wmaybe-uninitialized]
Lennart Poettering [Wed, 8 Feb 2017 14:14:02 +0000 (15:14 +0100)]
seccomp: MemoryDenyWriteExecute= should affect both mmap() and mmap2() (#5254)
On i386 we block the old mmap() call entirely, since we cannot properly
filter it. Thankfully it hasn't been used by glibc since quite some
time.
Fixes: #5240
Lennart Poettering [Wed, 8 Feb 2017 13:50:56 +0000 (14:50 +0100)]
Merge pull request #5231 from keszybz/mask-wants
Mask individual .wants/.requires symlinks
Lennart Poettering [Wed, 8 Feb 2017 03:10:48 +0000 (04:10 +0100)]
dissect: don't honour NOAUTO flags when looking for ESP (#5224)
The flag is originally defined for "basic data partitions", but not for the
ESP. We reuse it for the various partitions defined by the Discoverable
Partitions Spec, but it isn't defined for the ESP, hence don't check for
it. Instead, do check for GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as that flag
actually is defined for all partition types, and recommended to use by
the UEFI spec.
Fixes: #5218
Franck Bui [Fri, 27 Jan 2017 15:02:22 +0000 (16:02 +0100)]
tests: add dropin dependency tests
[zj: tests assertions adjusted to the different logic in which masking
of a dependency through one name, does not forbid the dependency
being added through another name.]
Zbigniew Jędrzejewski-Szmek [Sun, 5 Feb 2017 03:36:17 +0000 (22:36 -0500)]
core/load-dropin: add more sanity checks on .wants/.requires symlinks
Feb 04 22:35:42 systemd[1462]: foo.service: Wants dependency dropin /home/zbyszek/.config/systemd/user/foo.service.wants/diffname.service target ../barbar.service has different name
Feb 04 22:35:42 systemd[1462]: foo.service: Wants dependency dropin /home/zbyszek/.config/systemd/user/foo.service.wants/wrongname is not a valid unit name, ignoring
Zbigniew Jędrzejewski-Szmek [Sun, 5 Feb 2017 02:32:08 +0000 (21:32 -0500)]
core: drop code that is now unused
Zbigniew Jędrzejewski-Szmek [Sun, 5 Feb 2017 01:50:44 +0000 (20:50 -0500)]
core: implement masking of .wants/.requires symlinks
Fixes #1169.
Fixes #4830.
Example log errors:
Feb 04 22:13:28 systemd[1462]: foo.service: Wants dependency on empty_file.service is masked by /home/zbyszek/.config/systemd/user/foo.service.wants/empty_file.service, ignoring
Feb 04 22:13:28 systemd[1462]: foo.service: Wants dependency on masked.service is masked by /home/zbyszek/.config/systemd/user/foo.service.wants/masked.service, ignoring
Zbigniew Jędrzejewski-Szmek [Sun, 5 Feb 2017 01:50:44 +0000 (20:50 -0500)]
core: when loading .wants and .requires, follow the same logic as .d conf dropins
Essentially, instead of sequentially adding deps based on all symlinks
encountered in .wants and .requires dirs for each name and each unit file load
path, iteratate over the load paths and unit names gathering symlinks, then
order them based on priority, and then iterate over the final list, adding
dependencies.
This patch doesn't change the logic too much, except that the order in which
dependencies are applied might be different. It wasn't defined before, so that
not really a change. Adding filtering on the symlinks is left for later
patches.
Zbigniew Jędrzejewski-Szmek [Wed, 8 Feb 2017 02:06:38 +0000 (21:06 -0500)]
basic/dirent-util: allow suffix to be omitted for dirent_is_file_with_suffix
Lennart Poettering [Wed, 8 Feb 2017 00:54:37 +0000 (01:54 +0100)]
man: s/--unmount/--umount/g (#5243)
The --help text currently uses the "--umount" spelling, hence to the
same in the man page too.
And let's settle on "umount" instead of "unmount" here, since most folks
probably expect that when typing in a command, as util-linux' tool is
called "umount" after all, and so is the symlink "systemd-umount" we
install.
Zbigniew Jędrzejewski-Szmek [Wed, 8 Feb 2017 00:50:20 +0000 (19:50 -0500)]
Merge pull request #5263 from poettering/install-alias
Zbigniew Jędrzejewski-Szmek [Wed, 8 Feb 2017 00:49:47 +0000 (19:49 -0500)]
Revert "fix handling of templates instantiated in /usr/lib (#5263)"
This reverts commit
0698b674920aa8a56dbd6a625729a35e5ae9c5df.
It was supposed to be merged, not squashed.
Lennart Poettering [Wed, 8 Feb 2017 00:48:56 +0000 (01:48 +0100)]
fix handling of templates instantiated in /usr/lib (#5263)
Fix handling of templates instantiated in /usr/lib.
All work to fix #5136.
Lucas Werkmeister [Tue, 7 Feb 2017 23:58:02 +0000 (00:58 +0100)]
man: document *.d/ drop-in file order (#5262)
lewo [Tue, 7 Feb 2017 23:56:55 +0000 (00:56 +0100)]
tmpfiles.d: set primary group rights to r-w (#5265)
If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.
This patch explicitly sets the primary group to avoid this problem.
Fixes #5264.
Zbigniew Jędrzejewski-Szmek [Tue, 7 Feb 2017 23:37:04 +0000 (18:37 -0500)]
Merge pull request #5219 from poettering/run-size-check
before reloading, check that /run/systemd has enough space
Lennart Poettering [Tue, 7 Feb 2017 19:24:43 +0000 (20:24 +0100)]
Merge pull request #5259 from lucaswerkmeister/man
Manpage improvements
Lennart Poettering [Tue, 7 Feb 2017 19:24:05 +0000 (20:24 +0100)]
Merge pull request #5261 from AsciiWolf/master
l10n: various fixes
Lennart Poettering [Tue, 7 Feb 2017 19:22:09 +0000 (20:22 +0100)]
install: remove some unused parameters from various functions in install.c
No need to pass what we don't use.
Lennart Poettering [Tue, 7 Feb 2017 19:16:12 +0000 (20:16 +0100)]
install: when a template unit is instantiated via a /usr symlink, consider it enabled
If a unit foobar@.service stored below /usr is instantiated via a
symlink foobar@quux.service also below /usr, then we should consider the
instance statically enabled, while the template itself should continue
to be considered enabled/disabled/static depending on its [Install]
section.
In order to implement this we'll now look for enablement symlinks in all
unit search paths, not just in the config and runtime dirs.
Fixes: #5136
AsciiWolf [Tue, 7 Feb 2017 18:02:01 +0000 (19:02 +0100)]
l10n: fix file permissions of Indonesian translation
AsciiWolf [Tue, 7 Feb 2017 18:00:24 +0000 (19:00 +0100)]
l10n: fix strings formatting in Czech translation
Lucas Werkmeister [Tue, 7 Feb 2017 15:25:17 +0000 (16:25 +0100)]
man: document that systemd-run --on-* cannot be used with --pty
Lennart Poettering [Tue, 7 Feb 2017 15:22:49 +0000 (16:22 +0100)]
install: don't enter loop when traversing a template symlinks
Before this patch, if we'd encounter an instance or template symlink
while traversing a chain of symlinks we'd fill in the instance name and
retry the iteration. This makes no sense if the resulting name is
actually the same as we are coming from, as we'd just spin a couple of
times in the loop, until the UNIT_FILE_FOLLOW_SYMLINK_MAX iteration
limit is hit.
Fix this, by accepted the symlink as it is, if it identical to what we
filled in.
Lucas Werkmeister [Thu, 26 Jan 2017 10:03:09 +0000 (11:03 +0100)]
man: use systemctl enable --now
Lucas Werkmeister [Thu, 26 Jan 2017 10:01:28 +0000 (11:01 +0100)]
man: add cross-reference
The third paragraph of the Description already linked to
systemd.resource-control(5), but it was missing from the list of
additional options for the [Service] section.
Lennart Poettering [Fri, 23 Dec 2016 16:43:58 +0000 (17:43 +0100)]
update TODO
Lennart Poettering [Fri, 23 Dec 2016 16:38:12 +0000 (17:38 +0100)]
dissect: try to read roothash value off user.verity.roothash xattr of image file
This slightly extends the roothash loading logic to first check for a
user.verity.roothash extended attribute on the image file. If it exists,
it is used as Verity root hash and the ".roothash" file is not used.
This should improve the chance that the roothash is retained when the
file is moved around, as the data snippet is attached directly to the
image file. The field is still detached from the file payload however,
in order to make sure it may be trusted independently.
This does not replace the ".roothash" file loading, it simply adds a
second way to retrieve the data.
Extended attributes are often a poor choice for storing metadata like
this as it is usually difficult to discover for admins and users, and
hard to fix if it ever gets out of sync. However, in this case I think
it's safe as verity implies read-only access, and thus there's little
chance of it to get out of sync.
Lennart Poettering [Fri, 23 Dec 2016 16:10:42 +0000 (17:10 +0100)]
core,nspawn,dissect: make nspawn's .roothash file search reusable
This makes nspawn's logic of automatically discovering the root hash of
an image file generic, and then reuses it in systemd-dissect and in
PID1's RootImage= logic, so that verity is automatically set up whenever
we can.
Lennart Poettering [Fri, 23 Dec 2016 13:26:05 +0000 (14:26 +0100)]
core: add RootImage= setting for using a specific image file as root directory for a service
This is similar to RootDirectory= but mounts the root file system from a
block device or loopback file instead of another directory.
This reuses the image dissector code now used by nspawn and
gpt-auto-discovery.
Lennart Poettering [Fri, 23 Dec 2016 10:09:47 +0000 (11:09 +0100)]
dissect: make sure to manually follow symlinks when mounting dissected image
If the dissected image contains symlinks for the mount points we need we
need to make sure to follow this with chase_symlinks() so that we don't
leave the image.
Lennart Poettering [Fri, 23 Dec 2016 00:16:43 +0000 (01:16 +0100)]
core: actually make "+" prefix in ReadOnlyPaths=, InaccessiblePaths=, ReadWritablePaths= work
5327c910d2fc1ae91bd0b891be92b30379c7467b claimed to add support for "+"
for prefixing paths with the configured RootDirectory=. But actually it
only implemented it in the backend, it did not add support for it to the
configuration file parsers. Fix that now.
Lennart Poettering [Thu, 22 Dec 2016 22:34:35 +0000 (23:34 +0100)]
core: add a per-unit setting MountAPIVFS= for mounting /dev, /proc, /sys in conjunction with RootDirectory=
This adds a boolean unit file setting MountAPIVFS=. If set, the three
main API VFS mounts will be mounted for the service. This only has an
effect on RootDirectory=, which it makes a ton times more useful.
(This is basically the /dev + /proc + /sys mounting code posted in the
original #4727, but rebased on current git, and with the automatic logic
replaced by explicit logic controlled by a unit file setting)
Lennart Poettering [Thu, 22 Dec 2016 16:11:06 +0000 (17:11 +0100)]
core: fix minor memleak in namespace.c
The source_malloc field wants to be freed, too.
Evgeny Vereshchagin [Tue, 7 Feb 2017 02:06:54 +0000 (05:06 +0300)]
Merge pull request #5225 from poettering/seccomp-socket
make RestrictAddressFamilies= officially a NOP on i386
Evgeny Vereshchagin [Mon, 6 Feb 2017 20:59:33 +0000 (23:59 +0300)]
Merge pull request #5239 from poettering/notify-access-all
man: document that sd_notify() is racy in some cases
Lennart Poettering [Mon, 6 Feb 2017 20:14:31 +0000 (21:14 +0100)]
update TODO
Lennart Poettering [Mon, 6 Feb 2017 20:13:21 +0000 (21:13 +0100)]
README: suffix unit file options with "="
Lennart Poettering [Mon, 6 Feb 2017 19:26:33 +0000 (20:26 +0100)]
update TODO
Lennart Poettering [Mon, 6 Feb 2017 19:01:24 +0000 (20:01 +0100)]
notify: document that we fake the PID when sending sd_notify()
Lennart Poettering [Mon, 6 Feb 2017 17:37:28 +0000 (18:37 +0100)]
update TODO
Lennart Poettering [Mon, 6 Feb 2017 12:49:44 +0000 (13:49 +0100)]
man: document that sd_notify() is racy in some cases
Lennart Poettering [Fri, 3 Feb 2017 15:30:00 +0000 (16:30 +0100)]
core: use a memfd for serialization
If we can, use a memfd for serializing state during a daemon reload or
reexec. Fall back to a file in /run/systemd or /tmp only if memfds are
not available.
See: #5016
Lennart Poettering [Fri, 3 Feb 2017 11:12:54 +0000 (12:12 +0100)]
manager: refuse reloading/reexecing when /run is overly full
Let's add an extra safety check: before entering a reload/reexec, let's
verify that there's enough room in /run for it.
Fixes: #5016
Lukas Rusak [Mon, 6 Feb 2017 13:25:15 +0000 (05:25 -0800)]
systemd-mount: add missing fsck argument (#5238)
Lennart Poettering [Fri, 3 Feb 2017 17:33:04 +0000 (18:33 +0100)]
man: Document that RestrictAddressFamilies= doesn't work on s390/s390x/...
We already say that it doesn't work on i386, but there are more archs
like that apparently.
Lennart Poettering [Fri, 3 Feb 2017 17:31:05 +0000 (18:31 +0100)]
seccomp: RestrictAddressFamilies= is not supported on i386/s390/s390x, make it a NOP
See: #5215
Lennart Poettering [Mon, 6 Feb 2017 12:49:40 +0000 (13:49 +0100)]
update TODO
Lennart Poettering [Mon, 6 Feb 2017 12:35:56 +0000 (13:35 +0100)]
Merge pull request #5237 from keszybz/explicit-bzero
Use `explicit_bzero`
Zbigniew Jędrzejewski-Szmek [Mon, 6 Feb 2017 12:34:01 +0000 (07:34 -0500)]
cgls: look at the right variable in error path (#5234)
CID #1370779.
Zbigniew Jędrzejewski-Szmek [Mon, 6 Feb 2017 01:09:41 +0000 (20:09 -0500)]
journalctl: replace string_erase with memset('x')
The compiler should not be able to optimize out the memset, because optarg is global
memory. In this case, not making the argument an empty string is nicer, so just use
an open-coded version of string_erase from before the explicit_bzero change.
Zbigniew Jędrzejewski-Szmek [Mon, 6 Feb 2017 01:05:27 +0000 (20:05 -0500)]
treewide: replace homegrown memory_erase with explicit_bzero
explicit_bzero was added in glibc 2.25. Make use of it.
explicit_bzero is hardcoded to zero the memory, so string erase now
truncates the string, instead of overwriting it with 'x'. This causes
a visible difference only in the journalctl case.
Felipe Sateler [Sun, 5 Feb 2017 22:17:50 +0000 (19:17 -0300)]
resolved: downgrade "processing query..." message to debug (#5233)
It doesn't really add much value in normal operation and just spams the log.
Martin Pitt [Sun, 5 Feb 2017 21:31:02 +0000 (22:31 +0100)]
Merge pull request #5223 from keszybz/root-workdir
Fix WorkDir=~ with empty User=
Zbigniew Jędrzejewski-Szmek [Sun, 5 Feb 2017 21:27:38 +0000 (16:27 -0500)]
build-sys,man: describe systemd-umount and hook it up to installation (#5227)
Evgeny Vereshchagin [Sun, 5 Feb 2017 16:58:19 +0000 (19:58 +0300)]
seccomp: don't ever try to add an ABI before removing the default native ABI (#5230)
https://github.com/systemd/systemd/issues/5215#issuecomment-
277156262
libseccomp does not allow you to add architectures to a filter that
doesn't match the byte ordering of the architectures already added to
the filter (it would be a mess, not to mention largely pointless) and
since systemd attempts to add an ABI before removing the default native
ABI, you will always fail on Power (either due to ppc or ppc64le). The
fix is to remove the native ABI before adding a new ABI so you don't run
into problems with byte ordering.
You would likely see the same failure on a MIPS system.
Thanks @pcmoore!
Sergey Ptashnick [Sun, 5 Feb 2017 16:56:47 +0000 (20:56 +0400)]
catalog: update Russian translation (#5232)
Zbigniew Jędrzejewski-Szmek [Sun, 5 Feb 2017 08:37:46 +0000 (03:37 -0500)]
core/timer: downgrade message about random time addition (#5229)
This seems like something that shouldn't be higher then debug level, even
if it does not get emitted too often.
Fixes #5228.
Zbigniew Jędrzejewski-Szmek [Sat, 4 Feb 2017 15:25:20 +0000 (10:25 -0500)]
Silence two "unused function af_lookup" warnings (#5222)
Gcc7 is smarter about detecting unused functions and detects those two functions
which are unused in tests. But gperf generates them for us, so let's instead of removing
tell gcc that we know they might be unused in the test code.
In file included from ../src/test/test-af-list.c:29:0:
./src/basic/af-from-name.h:140:1: warning: ‘lookup_af’ defined but not used [-Wunused-function]
lookup_af (register const char *str, register size_t len)
^~~~~~~~~
In file included from ../src/test/test-arphrd-list.c:29:0:
./src/basic/arphrd-from-name.h:125:1: warning: ‘lookup_arphrd’ defined but not used [-Wunused-function]
lookup_arphrd (register const char *str, register size_t len)
^~~~~~~~~~~~~
Lukas Rusak [Sat, 4 Feb 2017 15:21:49 +0000 (07:21 -0800)]
systemd-mount features and improvements (#5067)
systemd-mount --unmount /some/path
systemd-mount --umount /some/path
systemd-mount -u /some/path
systemd-unmount /some/path
all do the same thing that one could expect from the name.
Martin Pitt [Fri, 3 Feb 2017 17:44:42 +0000 (18:44 +0100)]
Merge pull request #4973 from poettering/run-race
run: fix race for "systemd-run --wait"
Martin Pitt [Fri, 3 Feb 2017 17:11:37 +0000 (18:11 +0100)]
man: clarify interface for suspend/resume integration (#5220)
Fixes #4916.
Zbigniew Jędrzejewski-Szmek [Fri, 3 Feb 2017 16:32:42 +0000 (11:32 -0500)]
core/execute: pass the username to utmp/wtmp database
Before previous commit, username would be NULL for root, and set only
for other users. So the argument passed to utmp_put_init_process()
would be "root" for other users and NULL for root. Seems strange.
Instead, always pass the username if available.
Zbigniew Jędrzejewski-Szmek [Fri, 3 Feb 2017 14:41:53 +0000 (09:41 -0500)]
core/execute: set HOME, USER also for root users
This changes the environment for services running as root from:
LANG=C.utf8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
INVOCATION_ID=
ffbdec203c69499a9b83199333e31555
JOURNAL_STREAM=8:1614518
to
LANG=C.utf8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
HOME=/root
LOGNAME=root
USER=root
SHELL=/bin/sh
INVOCATION_ID=
15a077963d7b4ca0b82c91dc6519f87c
JOURNAL_STREAM=8:1616718
Making the environment special for the root user complicates things
unnecessarily. This change simplifies both our logic (by making the setting
of the variables unconditional), and should also simplify the logic in
services (particularly scripts).
Fixes #5124.
Benjamin Robin [Fri, 3 Feb 2017 15:13:55 +0000 (16:13 +0100)]
time-util: Fix overflow check introduce in commit f977849 (#5216)
Lennart Poettering [Fri, 23 Dec 2016 23:35:58 +0000 (00:35 +0100)]
run: exit early in --pty if service failed
This reworks systemd-run so that in --pty mode we watch the unit state
the way we do it in --wait mode. Whenever we notice that the service is
in failed or inactive state finish right-away, but first write all
unwritten characters we can read from the master TTY device.
This makes sure that when the TTY service fails before it opens the
slave PTY device we properly notice that and exit early, so that borked
start parameters result in immediate systemd-run failure. Previously,
we'd not notice this at all, as a PTY slave that never was opened won't
result in POLLHUP events, and we'd hence simply keep reading from it
forever.
In essence, --pty now enables the same unit watching logic that --wait
enables. However, unless --wait is specified we won#t show the final
summary, hence the effective difference should be pretty minimal.
Fixes: #3915
Lennart Poettering [Fri, 23 Dec 2016 23:34:34 +0000 (00:34 +0100)]
run: explicitly close pty forwarder before printing summary
If the PTY forwarder is still around our TTY will have borked settings,
regarding newlines, hence explicitly close it before showing the
summary, so that it looks pretty.
Lennart Poettering [Fri, 23 Dec 2016 23:30:49 +0000 (00:30 +0100)]
run: complain when --pty is used together with --no-block, which makes no sense