Evgeny Vereshchagin [Sat, 1 Dec 2018 03:28:50 +0000 (04:28 +0100)]
travis: use latest instead of rawhide
Lennart Poettering [Fri, 30 Nov 2018 23:47:22 +0000 (00:47 +0100)]
Merge pull request #11006 from poettering/conf-file-fix
minor fixes for conf-files.c
Lennart Poettering [Fri, 30 Nov 2018 23:44:58 +0000 (00:44 +0100)]
Merge pull request #11002 from keszybz/path_join-merging
Path join merging
Lennart Poettering [Fri, 30 Nov 2018 23:01:11 +0000 (00:01 +0100)]
Merge pull request #11004 from keszybz/remove-fixme-comment
socket-util: drop obsolete FIXME comment and add test
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 10:06:24 +0000 (11:06 +0100)]
path-util: allow NULLs in arguments to path_join()
This removes the need to remember to put strempty() in places, thus reducing
the likelihood of a stupid mistake.
Lennart Poettering [Fri, 30 Nov 2018 18:34:17 +0000 (19:34 +0100)]
networkd: refuse IPv6 RADV prefixes that lack Prefix= setting
Fixes: #9589
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 10:54:42 +0000 (11:54 +0100)]
basic/socket-util: use c-escaping to print unprintable socket paths
We are pretty careful to reject abstract sockets that are too long to fit in
the address structure as a NUL-terminated string. And since we parse sockets as
strings, it is not possible to embed a NUL in the the address either. But we
might receive an external socket (abstract or not), and we want to be able to
print its address in all cases. We would call socket_address_verify() and
refuse to print various sockets that the kernel considers legit.
Let's do the strict verification only in case of socket addresses we parse and
open ourselves, and do less strict verification when printing addresses of
existing sockets, and use c-escaping to print embedded NULs and such.
More tests are added.
This should make LGTM happier because on FIXME comment is removed.
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 14:17:25 +0000 (15:17 +0100)]
shared/socket-util: do not print empty CID
That's just ugly.
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 14:13:32 +0000 (15:13 +0100)]
test-socket-util: add test for socket_address_print
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 13:23:19 +0000 (14:23 +0100)]
test-socket-util: the usual modernization
Lennart Poettering [Fri, 30 Nov 2018 18:41:59 +0000 (19:41 +0100)]
Merge pull request #10701 from poettering/analyze-security
systemd-analyze: add a new "security" verb for analyzing unit sandboxing options
Lennart Poettering [Fri, 30 Nov 2018 15:56:35 +0000 (16:56 +0100)]
conf-files: remove unused function
Lennart Poettering [Fri, 30 Nov 2018 15:55:57 +0000 (16:55 +0100)]
conf-files: remove misplaced log_oom()
The caller should log in this case (and all callers in fact already do),
hence let's remove the duplicate logging here.
Lennart Poettering [Fri, 30 Nov 2018 15:55:33 +0000 (16:55 +0100)]
conf-files: improve algorithm O(n²) → O(n)
Lennart Poettering [Wed, 7 Nov 2018 16:41:55 +0000 (17:41 +0100)]
update TODO
Lennart Poettering [Fri, 9 Nov 2018 11:19:30 +0000 (12:19 +0100)]
man: document systemd-analyze security
Lennart Poettering [Thu, 8 Nov 2018 08:32:17 +0000 (09:32 +0100)]
analyze: add new security verb
Lennart Poettering [Wed, 14 Nov 2018 17:39:37 +0000 (18:39 +0100)]
format-table: make sure we never call memcmp() with NULL parameters
Lennart Poettering [Fri, 9 Nov 2018 10:38:12 +0000 (11:38 +0100)]
format-table: add calls to query the data in a specific cell
Lennart Poettering [Thu, 8 Nov 2018 20:39:28 +0000 (21:39 +0100)]
format-table: always underline header line
Lennart Poettering [Thu, 8 Nov 2018 20:21:09 +0000 (21:21 +0100)]
format-table: add an API for getting the cell at a specific row/column
Lennart Poettering [Thu, 8 Nov 2018 20:17:47 +0000 (21:17 +0100)]
format-table: add table_update() to update existing entries
Lennart Poettering [Wed, 7 Nov 2018 16:41:32 +0000 (17:41 +0100)]
format-table: optionally allow reversing the sort order for a column
Lennart Poettering [Wed, 7 Nov 2018 14:25:51 +0000 (15:25 +0100)]
format-table: add option to store/format percent and uint64_t values in cells
Lennart Poettering [Tue, 6 Nov 2018 17:37:21 +0000 (18:37 +0100)]
format-table: before outputting a color, check if colors are available
This is in many cases redundant, as a similar check is done by various
callers already, but in other cases (where we read the color from a
static table for example), it's nice to let the color check be done by
the table code itself, and since it doesn't hurt in the other cases just
do it again.
Lennart Poettering [Tue, 6 Nov 2018 11:06:14 +0000 (12:06 +0100)]
format-table: optionally make specific cells clickable links
Lennart Poettering [Thu, 8 Nov 2018 20:16:23 +0000 (21:16 +0100)]
format-table: when duplicating a cell, also copy the color
Lennart Poettering [Wed, 7 Nov 2018 10:09:03 +0000 (11:09 +0100)]
terminal-util: split out file:// generation from terminal_urlify_path()
This way we can use it at other places, for example when preparing URLs
for format_table_set_url()
Lennart Poettering [Fri, 9 Nov 2018 10:37:21 +0000 (11:37 +0100)]
macro: update DIV_ROUND_UP() so that it can be called nested
Lennart Poettering [Tue, 6 Nov 2018 11:06:45 +0000 (12:06 +0100)]
parse-util: allow parse_boolean() to take a NULL argument
It's pretty useful to allow parse_boolean() to take a NULL argument and
return an error in that case, rather than abort. i.e. making this a
runtime rather than programming error allows us to shorten code
elsewhere.
Lennart Poettering [Tue, 6 Nov 2018 11:05:26 +0000 (12:05 +0100)]
analyze: use strv_skip() where appropriate
Lennart Poettering [Tue, 6 Nov 2018 11:04:23 +0000 (12:04 +0100)]
analyze: remove unnecessary negation of bus_error_message() error number parameter
Lennart Poettering [Tue, 6 Nov 2018 11:02:55 +0000 (12:02 +0100)]
analyze: fix include order
Lennart Poettering [Thu, 8 Nov 2018 19:13:54 +0000 (20:13 +0100)]
seccomp-util: drop process_vm_readv from @debug group
it's already part of @ipc, no need to have it in both. Given that @ipc
is much more popular (as it is part of @system-service for example),
let's not define it a second time.
Lennart Poettering [Tue, 6 Nov 2018 16:59:58 +0000 (17:59 +0100)]
locale-util: add logic to output smiley emojis at various happiness levels
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 09:43:57 +0000 (10:43 +0100)]
tree-wide: rename path_join_many() to path_join()
$ git grep -e path_join_many -l|xargs sed -r -i 's/path_join_many/path_join/g'
The two test functions are merged into one.
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 09:40:38 +0000 (10:40 +0100)]
tree-wide: replace path_join with path_join_many
Zbigniew Jędrzejewski-Szmek [Fri, 30 Nov 2018 09:09:00 +0000 (10:09 +0100)]
Merge pull request #10996 from poettering/oci-prep
Preparation for the nspawn-OCI work
Filipe Brandenburger [Fri, 30 Nov 2018 08:47:13 +0000 (00:47 -0800)]
docs: turn LGTM URL into a markdown link
Claudius Ellsel [Fri, 30 Nov 2018 08:14:30 +0000 (09:14 +0100)]
hwdb: Put Lenovo mouse under the correct category in 70-mouse.hwdb (#10995)
[zj: the entry for a Thinkpad mouse is moved to the end of Lenovo section, and a
Lenovo mouse is moved from Logitech section to Lenovo section.]
Fabrice Fontaine [Thu, 29 Nov 2018 12:22:08 +0000 (13:22 +0100)]
meson.build: fix detection of -Werror=shadow
Pass -Werror=shadow in args of cc.compiles otherwise test will always
succeed
This fix a build failure with gcc 4.7.3
Fixes:
- http://autobuild.buildroot.org/results/
ffd71c473d3b29618c18cd2e04705370266696f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 20:38:37 +0000 (21:38 +0100)]
Merge pull request #10990 from keszybz/link-libmount-less
Link libmount less
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 09:29:34 +0000 (10:29 +0100)]
Move mount-util.c to shared/
libmount dep is moved from libbasic to libshared, potentially removing
libmount from some build products.
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 09:24:39 +0000 (10:24 +0100)]
Split out part of mount-util.c into mountpoint-util.c
The idea is that anything which is related to actually manipulating mounts is
in mount-util.c, but functions for mountpoint introspection are moved to the
new file. Anything which requires libmount must be in mount-util.c.
This was supposed to be a preparation for further changes, with no functional
difference, but it results in a significant change in linkage:
$ ldd build/libnss_*.so.2
(before)
build/libnss_myhostname.so.2:
linux-vdso.so.1 (0x00007fff77bf5000)
librt.so.1 => /lib64/librt.so.1 (0x00007f4bbb7b2000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007f4bbb755000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4bbb734000)
libc.so.6 => /lib64/libc.so.6 (0x00007f4bbb56e000)
/lib64/ld-linux-x86-64.so.2 (0x00007f4bbb8c1000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f4bbb51b000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f4bbb512000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4bbb4e3000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f4bbb45e000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f4bbb458000)
build/libnss_mymachines.so.2:
linux-vdso.so.1 (0x00007ffc19cc0000)
librt.so.1 => /lib64/librt.so.1 (0x00007fdecb74b000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fdecb744000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fdecb6e7000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdecb6c6000)
libc.so.6 => /lib64/libc.so.6 (0x00007fdecb500000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdecb8a9000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fdecb4ad000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fdecb4a2000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdecb475000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fdecb3f0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fdecb3ea000)
build/libnss_resolve.so.2:
linux-vdso.so.1 (0x00007ffe8ef8e000)
librt.so.1 => /lib64/librt.so.1 (0x00007fcf314bd000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fcf314b6000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fcf31459000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf31438000)
libc.so.6 => /lib64/libc.so.6 (0x00007fcf31272000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcf31615000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fcf3121f000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcf31214000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fcf311e7000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fcf31162000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fcf3115c000)
build/libnss_systemd.so.2:
linux-vdso.so.1 (0x00007ffda6d17000)
librt.so.1 => /lib64/librt.so.1 (0x00007f610b83c000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f610b835000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007f610b7d8000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610b7b7000)
libc.so.6 => /lib64/libc.so.6 (0x00007f610b5f1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f610b995000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f610b59e000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f610b593000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f610b566000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f610b4e1000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f610b4db000)
(after)
build/libnss_myhostname.so.2:
linux-vdso.so.1 (0x00007fff0b5e2000)
librt.so.1 => /lib64/librt.so.1 (0x00007fde0c328000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fde0c307000)
libc.so.6 => /lib64/libc.so.6 (0x00007fde0c141000)
/lib64/ld-linux-x86-64.so.2 (0x00007fde0c435000)
build/libnss_mymachines.so.2:
linux-vdso.so.1 (0x00007ffdc30a7000)
librt.so.1 => /lib64/librt.so.1 (0x00007f06ecabb000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f06ecab4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f06eca93000)
libc.so.6 => /lib64/libc.so.6 (0x00007f06ec8cd000)
/lib64/ld-linux-x86-64.so.2 (0x00007f06ecc15000)
build/libnss_resolve.so.2:
linux-vdso.so.1 (0x00007ffe95747000)
librt.so.1 => /lib64/librt.so.1 (0x00007fa56a80f000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fa56a808000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa56a7e7000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa56a621000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa56a964000)
build/libnss_systemd.so.2:
linux-vdso.so.1 (0x00007ffe67b51000)
librt.so.1 => /lib64/librt.so.1 (0x00007ffb32113000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007ffb3210c000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffb320eb000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffb31f25000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffb3226a000)
I don't quite understand what is going on here, but let's not be too picky.
Lennart Poettering [Mon, 2 Jul 2018 16:22:07 +0000 (18:22 +0200)]
update TODO
Lennart Poettering [Fri, 27 Jul 2018 16:04:11 +0000 (18:04 +0200)]
dev-setup: generalize logic we use to create "inaccessible" device nodes
Let's generalize this, so that we can use this in nspawn later on, which
is pretty useful as we need to be able to mask files from the inner
child of nspawn too, where the host's /run/systemd/inaccessible
directory is not visible anymore. Moreover, if nspawn can create these
nodes on its own before the payload this means the payload can run with
fewer privileges.
Lennart Poettering [Thu, 26 Jul 2018 15:24:51 +0000 (17:24 +0200)]
nspawn: let's also pre-mount /dev/mqueue
Lennart Poettering [Tue, 24 Jul 2018 15:15:33 +0000 (17:15 +0200)]
ptyfwd: optionally override terminal width/height
Lennart Poettering [Tue, 24 Jul 2018 15:12:27 +0000 (17:12 +0200)]
fs-util: beef up chmod_and_chown() a bit
Lennart Poettering [Tue, 24 Jul 2018 15:00:58 +0000 (17:00 +0200)]
capability: add new type for maintaining all five cap sets as one
Lennart Poettering [Mon, 2 Jul 2018 16:20:03 +0000 (18:20 +0200)]
cgroup: use device_path_parse_major_minor() also for block device paths
Not only when we populate the "devices" cgroup controller we need
major/minor numbers, but for the io/blkio one it's the same, hence let's
use the same logic for both.
Lennart Poettering [Fri, 29 Jun 2018 14:49:23 +0000 (16:49 +0200)]
tree-wide: port various parts of the code over to the new device_major_minor_path() calls
Lennart Poettering [Fri, 29 Jun 2018 13:57:49 +0000 (15:57 +0200)]
stat-util: add new APIs device_path_make_{major_minor|canonical}() and device_path_parse_major_minor()
device_path_make_{major_minor|canonical) generate device node paths
given a mode_t and a dev_t. We have similar code all over the place,
let's unify this in one place. The former will generate a "/dev/char/"
or "/dev/block" path, and never go to disk. The latter then goes to disk
and resolves that path to the actual path of the device node.
device_path_parse_major_minor() reverses device_path_make_major_minor(),
also withozut going to disk.
We have similar code doing something like this at various places, let's
unify this in a single set of functions. This also allows us to teach
them special tricks, for example handling of the
/run/systemd/inaccessible/{blk|chr} device nodes, which we use for
masking device nodes, and which do not exist in /dev/char/* and
/dev/block/*
Lennart Poettering [Fri, 29 Jun 2018 10:09:29 +0000 (12:09 +0200)]
cgroups: beef up DeviceAllow= syntax a bit
Previously we'd allow pattern expressions such as "char-input" to match
all input devices. Internally, this would look up the right major to
test in /proc/devices. With this commit the syntax is slightly extended:
- "char-*" can be used to match any kind of character device, and
similar "block-*. This expression would work previously already, but
instead of actually installing a wildcard match it would install many
individual matches for everything listed in /proc/devices.
- "char-<MAJOR>" with "<MAJOR>" being a numerical parameter works now
too. This allows clients to install whitelist items by specifying the
major directly.
The main reason to add these is to provide limited compat support for
clients that for some reason contain whitelists with major/minor numbers
(such as OCI containers).
Lennart Poettering [Fri, 29 Jun 2018 10:03:33 +0000 (12:03 +0200)]
core: add special handling for devices cgroup allow lists for /dev/block/* and /dev/char/* device nodes
This adds some code to hanlde /dev/block/* and /dev/char/* device node
paths specially: instead of actually stat()ing them we'll just parse the
major/minor name from the name. This is useful 'hack' to allow clients
to install whitelists for devices that don't actually have to exist.
Also, let's similarly handle /run/systemd/inaccessible/{blk|chr}. This
allows us to simplify our built-in default whitelist to not require a
"ignore_enoent" mode for these nodes.
In general we should be careful with hardcoding major/minor numbers, but
in this case this should safe.
Lennart Poettering [Fri, 29 Jun 2018 10:01:02 +0000 (12:01 +0200)]
tree-wide: port various parts of the code to use parse_dev()
Lennart Poettering [Mon, 30 Jul 2018 19:29:34 +0000 (21:29 +0200)]
path-util: port path_join() over to path_join_many()
We should probably drop path_join() entirely in the long run (and
then rename path_join_many() to it?), but for now let's make one a
wrapper for the other.
Lennart Poettering [Thu, 28 Jun 2018 20:28:40 +0000 (22:28 +0200)]
path-util: add new path_join_many() API
Lennart Poettering [Fri, 29 Jun 2018 09:58:24 +0000 (11:58 +0200)]
parse-util: rework parse_dev() based on safe_atou() and DEVICE_MAJOR_VALID()/DEVICE_MINOR_VALID()
Let's be a bit more careful when parsing major/minor pairs, and filter
out more corner cases. This also means using safe_atou() rather than
sscanf() to avoid weird negative unsigned handling and such.
Lennart Poettering [Fri, 29 Jun 2018 10:13:33 +0000 (12:13 +0200)]
logind: validate majors/minors we receieve via the bus
Lennart Poettering [Thu, 28 Jun 2018 18:57:15 +0000 (20:57 +0200)]
stat-util: add macros for checking whether major and minor values are in range
As it turns out glibc and the Linux kernel have different ideas about
the size of dev_t and how many bits exist for the major and the minor.
When validating major/minor numbers we should check against the kernel's
actual sizes, hence add macros for this.
Lennart Poettering [Thu, 29 Nov 2018 18:29:02 +0000 (19:29 +0100)]
Merge pull request #10987 from poettering/index-md-work-around
docs: work around GitHub pages weirdness
Lennart Poettering [Thu, 29 Nov 2018 18:28:39 +0000 (19:28 +0100)]
Merge pull request #10989 from keszybz/nss-man
Add example to nss-mymachines(8)
Lennart Poettering [Thu, 29 Nov 2018 10:40:23 +0000 (11:40 +0100)]
docs: work around GitHub pages weirdness
Fixes: #10546
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 15:38:46 +0000 (16:38 +0100)]
Merge pull request #10357 from poettering/import-fs
machinectl import-fs command and other fixes
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 11:28:02 +0000 (12:28 +0100)]
man: add an extensive example to nss-mymachines(8)
The man page didn't really say what we are mapping and with what
patterns. Let's fix that.
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 14:35:07 +0000 (15:35 +0100)]
Merge pull request #10959 from poettering/systemctl-edit-fixo
Fix "systemctl edit" for non-loadable units
Lennart Poettering [Thu, 29 Nov 2018 10:17:36 +0000 (11:17 +0100)]
docs: fix typo
Lennart Poettering [Thu, 29 Nov 2018 10:09:09 +0000 (11:09 +0100)]
docs: uppercase the title of our Markdown docs
Susant Sahani [Thu, 29 Nov 2018 09:47:49 +0000 (15:17 +0530)]
networkd: vxlan make use of parse_ip_port_range
Use parse_ip_port_range
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 11:50:22 +0000 (12:50 +0100)]
machinectl: fix printing of multiple addresses
We'd print everything jumbled together:
$ machinectl --max-addresses=3
MACHINE CLASS SERVICE OS VERSION ADDRESSES
rawhide container systemd-nspawn fedora 30 169.254.40.164fe80::94aa:3aff:fe7b:d4b9
Zbigniew Jędrzejewski-Szmek [Thu, 29 Nov 2018 11:47:43 +0000 (12:47 +0100)]
machinectl: drop helper function
It only serves to forward some arguments without modification and is only
used in one place anyway.
Lennart Poettering [Tue, 27 Nov 2018 16:26:53 +0000 (17:26 +0100)]
systemctl: if service manager couldn't load unit file, don't rely on it to tell us the fragment path
Previously, "systemctl edit" exclusively used the service manager's
per-unit FragmentPath property to figure out which file to edit, when
operating on a non-template unit. If for some reason loading the unit
file failed entirely though (LoadState=error), then FragmentPath would
be empty, and thus the unit not editable.
Let's fix this, by falling back to client-side unit file searching in
this case.
(Also, various other clean-ups to make the relevant functions follow our
coding style)
Fixes: #9561
Lennart Poettering [Tue, 27 Nov 2018 16:10:47 +0000 (17:10 +0100)]
systemctl: rework message suggesting how to create a new unit file
We need to specifiy --full for creating full unit files.
Also, this is an explanatory hint, hence shouldn't be logged on LOG_ERR
level.
Lennart Poettering [Tue, 27 Nov 2018 16:09:25 +0000 (17:09 +0100)]
systemctl: shorten code a bit
Lennart Poettering [Thu, 29 Nov 2018 10:10:24 +0000 (11:10 +0100)]
systemctl: improve message when we skip a unit for editing a bit
Lennart Poettering [Tue, 27 Nov 2018 16:08:30 +0000 (17:08 +0100)]
systemctl: use _cleanup_ logic for error paths in unit_file_create_copy(), too
Lennart Poettering [Tue, 27 Nov 2018 16:07:32 +0000 (17:07 +0100)]
systemctl: rework error paths in unit_file_create_new()
Let's use _cleanup_ to clean up stuff for us.
Lennart Poettering [Tue, 27 Nov 2018 16:06:03 +0000 (17:06 +0100)]
systemctl: rework unit_find_template_path() to follow coding style
This makes sure that we don't clobber return values on failure and reset
all return values on success.
Lennart Poettering [Thu, 29 Nov 2018 10:10:37 +0000 (11:10 +0100)]
systemctl: make sure we initialize return parameters in unit_file_find_path() on success
According to our coding style return values should be initialized when
we return any form of success, do so here too.
Lennart Poettering [Tue, 27 Nov 2018 16:05:27 +0000 (17:05 +0100)]
systemctl: rename unit_file_find_path()'s return paramete to indicate that it is one
Lennart Poettering [Wed, 28 Nov 2018 20:26:36 +0000 (21:26 +0100)]
docs: add brief docs explaing udev's flock() block device node synchronization
Lennart Poettering [Wed, 28 Nov 2018 20:58:51 +0000 (21:58 +0100)]
NEWS: extend docs on RLIMIT_NOFILE
We now settled on 512K, and forgot to update NEWS.
Moreover, explain why 512K was chosen.
Evgeny Vereshchagin [Thu, 29 Nov 2018 02:05:20 +0000 (03:05 +0100)]
catalog: reject entries where the language is too short early
Closes https://oss-fuzz.com/testcase-detail/
5674475278827520
Lennart Poettering [Wed, 28 Nov 2018 20:25:47 +0000 (21:25 +0100)]
networkd: slightly rework route establishment logic
Use a for() loop to merge the two very similar loops into one, and add
more comments explaining the logic behing this.
Follow-up for
0d34228fc03f9dc47d1024268b66a23df1914914
Yu Watanabe [Thu, 29 Nov 2018 04:38:08 +0000 (13:38 +0900)]
Merge pull request #10977 from yuwata/test-network-remove-state-file
test-network: optionally remove state file of networkd
Zbigniew Jędrzejewski-Szmek [Wed, 28 Nov 2018 21:40:55 +0000 (22:40 +0100)]
Merge pull request #10797 from poettering/run-generator
add new "systemd-run-generator" for running arbitrary commands from the kernel command line as system services using the "systemd.run=" kernel command line switch
Yu Watanabe [Wed, 28 Nov 2018 21:00:19 +0000 (22:00 +0100)]
test-network: stop systemd-networkd.socket during testing
To suppress noisy warning messages.
Yu Watanabe [Wed, 28 Nov 2018 19:03:56 +0000 (20:03 +0100)]
test-network: clear state file before starting networkd
Otherwise, some tests may disturb others, e.g.,
NetworkdNetWorkTests.test_routing_policy_rule_port_range and
NetworkdNetWorkTests.test_routing_policy_rule.
Yu Watanabe [Wed, 28 Nov 2018 18:55:01 +0000 (19:55 +0100)]
test-network: use /run instead of legacy /var/run
Yu Watanabe [Wed, 28 Nov 2018 18:18:03 +0000 (03:18 +0900)]
Merge pull request #10970 from yuwata/from-name-return-negative-errno
util: make *_from_name() returns negative errno on error
Yu Watanabe [Wed, 28 Nov 2018 18:17:36 +0000 (03:17 +0900)]
Merge pull request #10948 from ssahani/iprule-port-proto
networkd: add support to configure ip rule port range and protocol.
Lennart Poettering [Thu, 15 Nov 2018 08:50:42 +0000 (09:50 +0100)]
meson: let's bump RLIMIT_NOFILE hard limit to 512K
Prompted by:
https://lists.freedesktop.org/archives/systemd-devel/2018-October/041578.html
Lubomir Rintel [Wed, 28 Nov 2018 10:44:20 +0000 (11:44 +0100)]
sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2
This switches the RFC3704 Reverse Path filtering from Strict mode to Loose
mode. The Strict mode breaks some pretty common and reasonable use cases,
such as keeping connections via one default route alive after another one
appears (e.g. plugging an Ethernet cable when connected via Wi-Fi).
The strict filter also makes it impossible for NetworkManager to do
connectivity check on a newly arriving default route (it starts with a
higher metric and is bumped lower if there's connectivity).
Kernel's default is 0 (no filter), but a Loose filter is good enough. The
few use cases where a Strict mode could make sense can easily override
this.
The distributions that don't care about the client use cases and prefer a
strict filter could just ship a custom configuration in
/usr/lib/sysctl.d/ to override this.
Susant Sahani [Tue, 27 Nov 2018 05:28:54 +0000 (10:58 +0530)]
networkd: add support to configure ip rule port range and protocol.
Please see:
iprule: support for ip_proto, sport and dport match options
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=
f686f764682745daf6a93b0a6330ba42a961f858
Closes 10622
Susant Sahani [Mon, 26 Nov 2018 17:13:17 +0000 (22:43 +0530)]
fix: systemd-networkd reverse route ordering
We missing a default route. Add gateway first.
This fixes https://github.com/systemd/systemd/issues/5430
Victor Tapia [Wed, 21 Nov 2018 13:01:04 +0000 (14:01 +0100)]
resolved: Increase size of TCP stub replies
DNS_PACKET_PAYLOAD_SIZE_MAX is limiting the size of the stub replies to
512 with EDNS off or 4096 with EDNS on, without checking the protocol
used. This makes TCP replies for clients without EDNS support to be
limited to 512, making the truncate flag useless if the query result is
bigger than 512 bytes.
This commit increases the size of TCP replies to DNS_PACKET_SIZE_MAX
Fixes: #10816
Yu Watanabe [Wed, 28 Nov 2018 08:54:04 +0000 (17:54 +0900)]
util: make *_from_name() returns negative errno on error
Yu Watanabe [Wed, 28 Nov 2018 11:20:29 +0000 (20:20 +0900)]
util: also move scripts related to socket-protocol-list.[ch] to shared/
The source files were moved to shared/. Let's also move the relevant scripts.
Yu Watanabe [Wed, 28 Nov 2018 11:19:41 +0000 (20:19 +0900)]
tools: move generate-gperfs.py to tools/