Lennart Poettering [Wed, 8 Nov 2017 16:35:56 +0000 (17:35 +0100)]
Merge pull request #7268 from yuwata/rfe-7262
timesync: make poll interval configurable
Lennart Poettering [Wed, 8 Nov 2017 16:34:39 +0000 (17:34 +0100)]
Merge pull request #7275 from yuwata/fix-7070-7260
core: fixes related to RuntimeDirectory=, ReadWritePaths= and DynamicUser=
NeilBrown [Wed, 8 Nov 2017 08:29:32 +0000 (19:29 +1100)]
umount: always use MNT_FORCE in umount_all() (#7213)
The linux umount2() systemcall accepts a MNT_FORCE flags
which some filesystems honor, particularly FUSE and various
network filesystems such as NFS.
These filesystems can sometimes wait for an indefinite period
for a response from an external service, and the wait if
sometimes "uninterruptible" meaning that the process cannot be
killed.
Using MNT_FORCE causes any such request that are outstanding to
be aborted. This normally allows the waiting process to
be killed. It will then realease and reference it has to the
filesytem, this allowing the filesystem to be unmounted.
If there remain active references to the filesystem, MNT_FORCE
is *not* forcefull enough to unmount the filesystem anyway.
By the time that umount_all() is run by systemd-shutdown, all
filesystems *should* be unmounted, and sync() will have been
called. Anything that remains cannot be unmounted in a
completely clean manner and just nees to be dealt with as firmly
as possible. So use MNT_FORCE and try to explain why in the
comment.
Also enhance an earlier comment to explain why umount2() is
safe even though mount(MNT_REMOUNT) isn't.
Yu Watanabe [Wed, 8 Nov 2017 06:52:08 +0000 (15:52 +0900)]
man: update documents for RuntimeDirectory= and friends
Yu Watanabe [Wed, 8 Nov 2017 06:50:58 +0000 (15:50 +0900)]
core/execute: do not create RuntimeDirectory= under private/ sub-directory
RuntimeDirectory= often used for sharing files or sockets with other
services. So, if creating them under private/ sub-directory, we cannot
set DynamicUser= to service units which want to share something through
RuntimeDirectory=.
This makes the directories given by RuntimeDirectory= are created under
/run/ even if DynamicUser= is set.
Fixes #7260.
Yu Watanabe [Wed, 8 Nov 2017 05:29:47 +0000 (14:29 +0900)]
core/load-fragment: fix alignment
Yu Watanabe [Wed, 8 Nov 2017 06:26:40 +0000 (15:26 +0900)]
core/execute: RuntimeDirectory= or friends requires mount namespace
Since #6940, RuntimeDirectory= or their friends imply BindPaths=.
So, if at least one of them are set, mount namespace is required.
Yu Watanabe [Sat, 28 Oct 2017 06:35:19 +0000 (15:35 +0900)]
test: add test for ReadOnlyPaths= with RuntimeDirectory=
Yu Watanabe [Fri, 13 Oct 2017 12:22:25 +0000 (21:22 +0900)]
core: ReadWritePaths= and friends assume '+' prefix when BindPaths= or freinds are set
When at least one of BindPaths=, BindReadOnlyPaths=, RootImage=,
RuntimeDirectory= or their friends are set, systemd prepares
a namespace under /run/systemd/unit-root. Thus, ReadWritePaths=
or their friends without '+' prefix is completely meaningless.
So, let's assume '+' prefix when one of them are set.
Fixes #7070 and #7080.
Yu Watanabe [Fri, 13 Oct 2017 12:13:25 +0000 (21:13 +0900)]
core: remove compile_read_write_paths()
From
6c47cd7d3bf35c8158a0737f34fe2c5dc95e72d6, RuntimeDirectory= and
their friends also imply BindPaths=. Thus, implying ReadWritePaths=
is meaningless.
Yu Watanabe [Tue, 7 Nov 2017 16:47:38 +0000 (01:47 +0900)]
timesync: make poll interval configurable
This adds PollIntervalMinSec= and PollIntervalMaxSec= to timesyncd.conf
Closes #7262.
Alan Jenkins [Tue, 7 Nov 2017 16:18:10 +0000 (16:18 +0000)]
systemctl: remove extra space character in output (#7250)
> See "systemctl status fail-stop.service" and "journalctl -xe" for
> details.
John Lin [Tue, 7 Nov 2017 16:17:40 +0000 (00:17 +0800)]
mkosi: set locale to be en_US.UTF-8 (#7244)
Fixes: #7238
Alan Jenkins [Tue, 7 Nov 2017 16:14:15 +0000 (16:14 +0000)]
core: simplify - don't add jobs to dbus queue if we immediately remove them (#7251)
job_finish_and_invalidate() calls job_free() to destroy jobs (and remove
them from the dbus queue). So we don't need to add them to the dbus queue
first.
We only want to add jobs to the dbus queue if they're a restart job, which
we're transmogrifying into a start job and putting back into the system.
Alessandro Ghedini [Tue, 7 Nov 2017 16:13:15 +0000 (08:13 -0800)]
man: fix reference to gateway hostname (#7258)
Follow-up to commit
1dc92a06e210a978e54c72168aaaa7487bf2fd2a which didn't
catch all cases.
Shawn Landden [Tue, 7 Nov 2017 16:12:36 +0000 (08:12 -0800)]
condition: detect TOMOYO MAC (#7249)
TOMOYO is a Mandatory Access Control security module for Linux.
Rather than ship rules, TOMOYO features a learning mode.
http://tomoyo.osdn.jp/
http://tomoyo.osdn.jp/2.5/index.html.en
Dimitri John Ledkov [Tue, 7 Nov 2017 14:51:30 +0000 (09:51 -0500)]
test: switch to using ext4 instead of ext3 as default fallback fs (#7265)
Using ext3 is not representative anymore, and Ubuntu has stopped shipping
fsck.ext3 in the initramfs.
Lennart Poettering [Tue, 7 Nov 2017 14:47:57 +0000 (17:47 +0300)]
Merge pull request #7256 from keszybz/add-cii-badge
Add CII badge
Yu Watanabe [Tue, 7 Nov 2017 13:04:20 +0000 (22:04 +0900)]
tree-wide: do not work in assert() (#7271)
Fixes #7270.
macrothian [Mon, 6 Nov 2017 22:28:06 +0000 (22:28 +0000)]
Fix Dell E7570 hwdb dimensions #7252 (#7263)
Yu Watanabe [Sun, 5 Nov 2017 06:39:34 +0000 (15:39 +0900)]
timesync: add RootDistanceMaxSec= to timesyncd.conf (#7215)
Closes #7211.
Zbigniew Jędrzejewski-Szmek [Sat, 4 Nov 2017 20:02:35 +0000 (21:02 +0100)]
HACKING: add a short description of new unit tests
This is all "should" and "encouraged", since we are not strict with
this, for better or worse.
Zbigniew Jędrzejewski-Szmek [Sat, 4 Nov 2017 19:53:25 +0000 (20:53 +0100)]
README.md: add CII Best Practices badge
Lennart Poettering [Thu, 2 Nov 2017 18:21:10 +0000 (19:21 +0100)]
Merge pull request #7241 from keszybz/clang-warnings
Fixes for various clang warnings
Susant Sahani [Thu, 2 Nov 2017 12:36:03 +0000 (18:06 +0530)]
networkd: remove route - drop route type from netlink message. (#7240)
During startup of networkd we try to drop the configs. While droping
routes we filling ip route type and because of which message like
```
host: Could not drop route: Invalid argument
host: Could not drop route: Invalid argument
```
are shown.
Closed #6929
Zbigniew Jędrzejewski-Szmek [Thu, 2 Nov 2017 07:25:02 +0000 (08:25 +0100)]
Merge pull request #7217 from sourcejedi/stopfail-stop
2 small fixes, stopping mount and service units
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 22:06:27 +0000 (23:06 +0100)]
test-util: silence clang warning about unaligned access
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 22:01:24 +0000 (23:01 +0100)]
util-lib: mark variable with _unused_ to silence clang warning
_unused_ means "the variable is meant to be possible unused and gcc
will not generate a warning about it", which is exactly what we need here,
since we're only declaring it for the side effect of _cleanup_.
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 21:54:39 +0000 (22:54 +0100)]
journal: disable -Waddress-of-packed-member under clang
clang warns about a few sites like this:
../src/journal/journal-file.c:1780:48: warning: taking address of packed member 'entry_offset' of class or structure 'DataObject' may result in an unaligned pointer value [-Waddress-of-packed-member]
&o->data.entry_offset,
^~~~~~~~~~~~~~~~~~~~
but DataObject.entry_offset will always be 8-byte aligned as long as
the DataObject structure is aligned. Similarly in other cases, the
field is always aligned. Let's just silence the warning to avoid noise.
gcc does not know -Waddress-of-packed-member, and would warn about an unknown
warning, so we need to conditionalize on __clang__.
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 21:43:32 +0000 (22:43 +0100)]
networkd: fix two format string mismatches
../src/network/networkd-link.c:3577:84: warning: format specifies type 'unsigned char' but the argument has type 'uint32_t' (aka 'unsigned int') [-Wformat]
route->dst_prefixlen, route->tos, route->priority, route->table, route->lifetime);
^~~~~~~~~~~~
../src/network/networkd-manager.c:1146:132: warning: format specifies type 'unsigned char' but the argument has type 'uint32_t' (aka 'unsigned int') [-Wformat]
rule->from_prefixlen, space ? " " : "", to_str, rule->to_prefixlen, rule->tos, rule->fwmark, rule->fwmask, rule->table);
^~~~~~~~~~~
Also add some line breaks to make it easier to see which argument is for which
part of the format string.
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 21:36:02 +0000 (22:36 +0100)]
importd: remove IN_SET to avoid ambiguity
clang warns:
../src/import/importd.c:254:70: warning: 'break' is bound to current loop, GCC binds it to the enclosing loop [-Wgcc-compat]
while ((e < t->log_message + t->log_message_size) && IN_SET(*e, 0, '\n'))
^
Let's just play it safe and not use IN_SET here.
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 21:33:26 +0000 (22:33 +0100)]
journald: unitialized variable access
../src/journal/journald-native.c:341:13: warning: variable 'context' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
if (ucred && pid_is_valid(ucred->pid)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/journal/journald-native.c:350:42: note: uninitialized use occurs here
context, ucred, tv, label, label_len);
^~~~~~~
../src/journal/journald-native.c:335:31: note: initialize the variable 'context' to silence this warning
ClientContext *context;
^
= NULL
Very nice reporting!
Functions that we call can handle context == NULL, so it's enough to simply
initialize the variable.
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 21:32:22 +0000 (22:32 +0100)]
Remove a bunch of unused variables
gcc does not warn about those, because of the _cleanup_ usage.
clang is smarter here.
Alan Jenkins [Mon, 14 Aug 2017 10:15:38 +0000 (11:15 +0100)]
core: failure to spawn ExecStartPost should not run ExecStop
Failure to spawn ExecStartPost was being handled differently to e.g.
EXIT_FAILURE returned by ExecStartPost. It looks like this was an
oversight. Fix to match documented behaviour.
`man systemd.service`:
> Note that if any of the commands specified in ExecStartPre=, ExecStart=,
> or ExecStartPost= fail (and are not prefixed with "-", see above) or time
> out before the service is fully up, execution continues with commands
> specified in ExecStopPost=, the commands in ExecStop= are skipped.
Alan Jenkins [Mon, 2 Oct 2017 13:40:15 +0000 (14:40 +0100)]
core: distinguish "Killing"/"Terminating"/"Stopping" for mount unit timeout
Update the timeout warnings for remount and unmount. For consistency with
mount, for accuracy, and for consistency with their equivalents in
service.c.
Michal Sekletar [Wed, 1 Nov 2017 09:25:48 +0000 (02:25 -0700)]
manager: fix connecting to bus when dbus is actually around (#7205)
manager_connect_bus() is called *before* manager_coldplug(). As a last
thing in service_coldplug() we set service state to
s->deserialized_state, and thus before we do that all services are
inactive and try_connect always evaluates to false. To fix that we must
look at deserialized state instead of current unit state.
Fixes #7146
martingh [Wed, 1 Nov 2017 09:15:38 +0000 (10:15 +0100)]
Reverting erroneous changes made of the course of adding a timeout to journal-remote event handling (#7219)
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 09:14:01 +0000 (10:14 +0100)]
Merge pull request #7233 from yuwata/meson-fixes
Meson fixes
Yu Watanabe [Wed, 1 Nov 2017 09:13:00 +0000 (18:13 +0900)]
journal-remote: set description to timer_event (#7234)
Follow-up for
5e38eb931f9207f577e7e8b752be5a522e5f9b87.
Alan Jenkins [Tue, 31 Oct 2017 10:05:02 +0000 (10:05 +0000)]
Merge pull request #7226 from sourcejedi/shutdown-misuse-commment
core: remove "misuse" of getpgid() in systemd-shutdown
Yu Watanabe [Tue, 31 Oct 2017 07:20:53 +0000 (16:20 +0900)]
meson: do not create systemd-user-sessions.service if PAM is disabled
Fixes #7227.
Yu Watanabe [Tue, 31 Oct 2017 08:12:13 +0000 (17:12 +0900)]
meson: do not include man/meson.build if xsltproc not found
Fixes #7232.
Alan Jenkins [Mon, 30 Oct 2017 17:42:33 +0000 (17:42 +0000)]
Merge pull request #7218 from matijaskala/patch-4
fix compile errors on musl
Alan Jenkins [Mon, 30 Oct 2017 16:10:37 +0000 (16:10 +0000)]
core: remove "misuse" of getpgid() in systemd-shutdown
Using `kill()` with a signal of 0 is a slightly more documented idiom for
checking whether a process still exists. It is mentioned explicitly in
man pages. This avoids the need to comment the call as "misuse".
A comment is still necessary - in fact this idiom is even more confusing if
you don't know how it works. But it's easy enough to explain.
aeywalee [Mon, 30 Oct 2017 15:08:46 +0000 (16:08 +0100)]
Add sd_bus_message_new and sd_bus_message_seal as public functions (#6609)
Zbigniew Jędrzejewski-Szmek [Mon, 30 Oct 2017 15:05:20 +0000 (16:05 +0100)]
Merge pull request #6996 from poettering/discover-block-device
add nspawn image discovery on block devices
Hans de Goede [Mon, 30 Oct 2017 13:33:54 +0000 (14:33 +0100)]
hwdb: Update GP-electronic T701 accel mount settings (#7220)
The GP-electronic T701 has its LCD panel mounted upside-down, initially
my plan was to fix this by transparently rotating the image in the i915
driver (my "drm/i915: Deal with upside-down mounted LCD" patch), but
that approach has been rejected instead the kernel will now export
a "panel orientation" property on the drm-connector for the panel and
let userspace deal with it.
Since the upside-down-ness of the panel is now no longer transparently
hidden from userspace, the current accel mount quirk for the T701 needs
to be updated to take the upside-down-ness into account.
Yu Watanabe [Mon, 30 Oct 2017 09:34:41 +0000 (18:34 +0900)]
resolved: change newline position in stub-resolv.conf (#7216)
Follow-up for
e6b2d948f8f5aabf6cdede8bd39256fe83db205e.
Matija Skala [Mon, 30 Oct 2017 09:32:45 +0000 (10:32 +0100)]
fix includes
sys/wait.h is needed for WEXITED macro
poll.h is more portable than sys/poll.h
Matija Skala [Mon, 30 Oct 2017 09:15:31 +0000 (10:15 +0100)]
fix compile error on musl
name '__in6_u.__u6_addr32' is specific to glibc
use 's6_addr32' macro instead
Lennart Poettering [Mon, 30 Oct 2017 09:12:12 +0000 (10:12 +0100)]
Merge pull request #7212 from whot/master
hwdb: add a hwdb for custom ID_INPUT_* overrides
Maciej S. Szmigiero [Mon, 30 Oct 2017 08:59:31 +0000 (09:59 +0100)]
rules: add Freescale IMX serial ports name to serial port udev rule (#7203)
Freescale IMX SoCs serial ports driven by kernel "imx-uart" driver have
names of "ttymxcN", let's add this pattern to an udev rule for serial
ports so they will have proper ownership applied.
Zbigniew Jędrzejewski-Szmek [Mon, 30 Oct 2017 08:57:53 +0000 (09:57 +0100)]
treewide: unify identical definitions of polkit_agent_open_if_enabled() (#7187)
Follows the same pattern as pager_open() now.
Peter Hutterer [Mon, 30 Oct 2017 00:58:00 +0000 (10:58 +1000)]
hwdb: add UC-Logic 20160N pad to the ID_INPUT hwdb
Missing the x/y axes usually exported for pad devices (for historical reaons)
and thus not recognised as tablet (pad).
Fixes #7197
See also https://bugs.freedesktop.org/show_bug.cgi?id=103395
Peter Hutterer [Mon, 30 Oct 2017 00:42:29 +0000 (10:42 +1000)]
hwdb: add a hwdb file to override ID_INPUT assignments
The input_id builtin assigns the various ID_INPUT based on the exported evdev
bits. In some cases, the device may not have the properties required to label
a device as one specific type but the physical form factor is clear.
e.g. in the case of #7197 it's a tablet pad that does not have x/y axes which
the kernel exports for pads for historical reasons.
A custom override is needed, best to be solved with a hwdb entry.
Related #7197
Alan Jenkins [Fri, 27 Oct 2017 08:15:40 +0000 (09:15 +0100)]
man: systemd.offline-updates: remove link to the doc it obsoletes (#7189)
https://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/
> This document has been replaced by systemd.offline-updates(7) man page.
It's weird to visit the first "see also", and find that it is what the manpage replaces (and looks very similar). Surely we should remove this link.
Lars Karlitski [Fri, 27 Oct 2017 03:10:47 +0000 (05:10 +0200)]
journalctl: add --output-fields= (#7181)
This option allows restricting the shown fields in the output modes that
would normally show all fields. It allows clients that are only
interested in a subset of the fields to access those more efficiently.
Also, it makes the resulting size of the output more predictable.
It has no effect on the various `short` output modes, because those
already only show a subset of the fields.
Yu Watanabe [Fri, 27 Oct 2017 03:09:26 +0000 (12:09 +0900)]
Merge pull request #7066 from poettering/specifier-update
extend unit file specifier expansion a bit + add a test for it
Lennart Poettering [Wed, 11 Oct 2017 12:09:10 +0000 (14:09 +0200)]
update TODO
Lennart Poettering [Wed, 11 Oct 2017 12:07:51 +0000 (14:07 +0200)]
test: add simple test for validating some of the unit specifiers we support
(Also, sort list of test unit files in meson.build alphabetically, to
make future additions more systematic)
Lennart Poettering [Wed, 11 Oct 2017 12:02:36 +0000 (14:02 +0200)]
core: add support for expanding state/cache/log directory root in unit files
This augments %t which already resolves to the runtime directory root, and
should be useful for units that want to pass any of these paths in
command line arguments.
Example:
ExecStart=/usr/bin/mydaemon --datadir=%S/mydaemon
Why not expose a specifier resolving directly to the configured
state/runtime/cache/log dir? Three reasons:
1. Specifiers should be independent of configuration of the unit itself,
and StateDirectory= and friends are unit configuration. See
03fc9c723cfc59467a7fccc305f34273f8564b25 and related work.
2. We permit multiple StateDirectory= values per unit, and it hence
wouldn't be clear which one is passed.
3. We already have %t for the runtime directory root, and we should
continue with the same scheme.
Lennart Poettering [Wed, 4 Oct 2017 15:44:14 +0000 (17:44 +0200)]
update TODO
Lennart Poettering [Wed, 4 Oct 2017 15:42:23 +0000 (17:42 +0200)]
machine-image: handle nicely if the user asks us to remove a symlinked image
Much like for dirs/raw images lets remove the symlink and not the
destination.
Lennart Poettering [Wed, 4 Oct 2017 15:40:46 +0000 (17:40 +0200)]
dissect: when we invoke dissection on a loop device with partscan help the user
This adds some simply detection logic for cases where dissection is
invoked on an externally created loop device, and partitions have been
detected on it, but partition scanning so far was off. If this is
detected we now print a brief message indicating what the issue is,
instead of failing with a useless EINVAL message the kernel passed to
us.
Lennart Poettering [Wed, 4 Oct 2017 15:36:58 +0000 (17:36 +0200)]
machine-image: add partial discovery of block devices as images
This adds some basic discovery of block device images for nspawn and
friends. Note that this doesn't add searching for block devices using
udev, but instead expects users to symlink relevant block devices into
/var/lib/machines. Discovery is hence done exactly like for
dir/subvol/raw file images, except that what is found may be a (symlink
to) a block device.
For now, we do not support cloning these images, but removal, renaming
and read-only flags are supported to the point where that makes sense.
Fixe: #6990
Lennart Poettering [Wed, 4 Oct 2017 15:34:03 +0000 (17:34 +0200)]
fs-util: small tweak in chase_symlinks()
If we follow an absolute symlink there's no need to prefix the path with
a "/", since by definition it already has one.
This helps suppressing double "/" in resolved paths containing absolute
symlinks.
Lennart Poettering [Wed, 4 Oct 2017 11:48:51 +0000 (13:48 +0200)]
btrfs-util: when opening subvolume fds, always set O_NOFOLLOW
Some of the btrfs utility functions already used O_NOFOLLOW others
didn't. Let's streamline this, and refuse operation when we are called
for symlinks on "remove" and "snapshot" too.
In particular in the "remove" case following symlinks is a bad idea, and
is quite different from how unlink() and friends work, which always
remove the symlink, and not the destination, a logic we should follow
here too.
Razvan Cojocaru [Thu, 26 Oct 2017 14:59:04 +0000 (17:59 +0300)]
systemd-detect-virt: refine hypervisor detection (#7171)
Continue to try to get more details about the actual underlying
hypervisor with successive tests until none are available.
This fixes issue #7165.
Zbigniew Jędrzejewski-Szmek [Thu, 26 Oct 2017 13:29:03 +0000 (15:29 +0200)]
Merge pull request #7184 from keszybz/resolved-loop
resolved: fix loop on packets with pseudo dns types
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351,
CVE-2017-15908.
Lennart Poettering [Thu, 26 Oct 2017 08:57:00 +0000 (10:57 +0200)]
Merge pull request #7127 from keszybz/sundry-tweaks
Various unrelated small patches
Lennart Poettering [Thu, 26 Oct 2017 08:56:44 +0000 (10:56 +0200)]
Merge pull request #7142 from sourcejedi/systemd-shutdown
systemd-shutdown: avoid confusingly redundant messages
martingh [Thu, 26 Oct 2017 08:54:30 +0000 (10:54 +0200)]
Adding timer_event to wakeup as suggested by MHD_get_timeout (#7152)
Lars Kellogg-Stedman [Wed, 25 Oct 2017 11:23:51 +0000 (07:23 -0400)]
hwdb: Add ACCEL_MOUNT_MATRIX for ThinkPad Yoga 11e (#7174)
Accelerometer readings from the screen accelerometer on the Yoga 11e
need to be rotated 90 degrees around the Z axis.
Zbigniew Jędrzejewski-Szmek [Wed, 25 Oct 2017 09:19:19 +0000 (11:19 +0200)]
resolved: fix loop on packets with pseudo dns types
Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
Hans de Goede [Wed, 25 Oct 2017 07:47:27 +0000 (09:47 +0200)]
hwdb: Document expected MOUNT_MATRIX on devices with non upright display (#7177)
On some devices the display (LCD panel) is mounted non upright
in the device's casing, e.g. mounted upside-down or 90 degree rotated.
Document the expected ACCEL_MOUNT_MATRIX settings for such devices.
Lauri Tirkkonen [Tue, 24 Oct 2017 17:40:50 +0000 (20:40 +0300)]
nspawn: EROFS for chowning mount points is not fatal (#7122)
This fixes --read-only with --private-users. mkdir_userns_p may return
-EROFS if either mkdir or lchown fails; lchown failing is fine as the
mount point will just be overmounted, and if mkdir fails then the
following mount() will also fail (with ENOENT).
Alan Jenkins [Thu, 19 Oct 2017 14:02:12 +0000 (15:02 +0100)]
core: systemd-shutdown: avoid confusingly redundant messages
After previous output from systemd-shutdown indicated a bug, my attention
was drawn to redundant output lines. Did they indicate an anomaly?
It turns out to be an expected, harmless result of the current code. But
we don't have much justification to run such redundant operations. Let's
remove the confusing redundant message.
We can stop trying to remount a directory read-only once its mount entry
has successfully been changed to "ro". We can simply let the kernel keep
track of this for us. I don't bother to try and avoid re-parsing the
mountinfo. I appreciate snappy shutdowns, but this code is already
intricate and buggy enough (see issue 7131).
(Disclaimer: At least for the moment, you can't _rely_ on always seeing
suspicious output from systemd-shutdown. By default, you can expect the
kernel to truncate the log output of systemd-shutdown. Ick ick ick!
Because /dev/kmsg is rate-limited by default. Normally it prints a message
"X lines supressed", but we tend to shut down before the timer expires
in this case).
Before:
systemd-shutdown[1]: Remounting '/' read-only with options 'seclabel...
EXT4-fs (vda3): re-mounted. Opts: data=ordered
systemd-shutdown[1]: Remounting '/' read-only with options 'seclabel, ...
EXT4-fs (vda3): re-mounted. Opts: data=ordered
After:
systemd-shutdown[1]: Remounting '/' read-only with options 'seclabel, ...
EXT4-fs (vda3): re-mounted. Opts: data=ordered
I also tested with `systemctl reboot --force`, plus a loopback mount to
cause one of the umounts to fail initially. In this case another 2 lines
of output are removed (out of a larger number of lines).
Dimitri John Ledkov [Tue, 24 Oct 2017 13:28:41 +0000 (09:28 -0400)]
resolved: create private stub resolve file for /etc/resolv.conf integration (#7014)
This creates a second private resolve.conf file which lists the stub resolver
and the resolved acquired search domains.
This runtime file should be used as a symlink target for /etc/resolv.conf such
that non-nss based applications can resolve search domains.
Fixes: #7009
Lennart Poettering [Tue, 24 Oct 2017 13:25:12 +0000 (15:25 +0200)]
Merge pull request #7141 from yuwata/fix-7129
core: fix D-Bus API
Zbigniew Jędrzejewski-Szmek [Tue, 24 Oct 2017 12:48:54 +0000 (14:48 +0200)]
core: in --user mode, report READY=1 as soon as basic.target is reached (#7102)
When a user logs in, systemd-pam will wait for the user manager instance to
report readiness. We don't need to wait for all the jobs to finish, it
is enough if the basic startup is done and the user manager is responsive.
systemd --user will now send out a READY=1 notification when either of two
conditions becomes true:
- basic.target/start job is gone,
- the initial transaction is done.
Also fixes #2863.
Lennart Poettering [Tue, 24 Oct 2017 10:24:09 +0000 (12:24 +0200)]
Merge pull request #7123 from keszybz/date-formatting
Fix for time stamp formatting in timedatectl
Yu Watanabe [Thu, 19 Oct 2017 13:40:04 +0000 (22:40 +0900)]
core: fix D-Bus API
This fixes bugs introduced by
cffaed83e87bde81378b2be74192193850d0e03a.
Closes #7129.
myrkr [Tue, 24 Oct 2017 07:56:40 +0000 (09:56 +0200)]
nspawn: Fix calculation of capabilities for configuration file (#7087)
The current code shifting an integer 1 failed for capabilities like
CAP_MAC_ADMIN (numerical value 33). This caused issues when specifying
them in the nspawn configuration file. Using an uint64_t 1 instead.
The similar code for processing the --capability command line option
was already correctly working.
Zbigniew Jędrzejewski-Szmek [Tue, 24 Oct 2017 07:41:52 +0000 (09:41 +0200)]
man: update the description of interval limiting (#7128)
Fixes #7125.
Lennart Poettering [Tue, 24 Oct 2017 07:38:01 +0000 (09:38 +0200)]
Merge pull request #7148 from keszybz/dynamic-user-use-gid
Use gid for static dynamic users
Mantas Mikulėnas [Mon, 23 Oct 2017 20:56:01 +0000 (23:56 +0300)]
NEWS: start adding 236 (#7159)
Lennart Poettering [Mon, 23 Oct 2017 16:39:07 +0000 (18:39 +0200)]
Merge pull request #6948 from pfl/radv_emit_dns
Add EmitDNS= and EmitDomains= network file configuration options
Zbigniew Jędrzejewski-Szmek [Fri, 20 Oct 2017 11:00:12 +0000 (13:00 +0200)]
core/dynamic-user: use gid from pwnam if a static user was found
Fixes #7133.
v2:
- update based on review
Peter Hutterer [Mon, 23 Oct 2017 08:20:16 +0000 (18:20 +1000)]
hwdb: invert the USB touchpad integration assumption (#7161)
The vast majority of touchpads are internal, so let's assume that any USB
touchpad is internal by default (exception: bluetooth) and manually mark the
ones that are external. That's a lot more future-proof than having to mark all
internal touchpads that use USB as internal - that number is only going to
increase.
Related to #7068
Michael Biebl [Sat, 21 Oct 2017 06:32:50 +0000 (08:32 +0200)]
modprobe.d: fix directory of modprobe configuration file (#7149)
kmod upstream uses /lib/modprobe.d which means we need to use rootprefix
instead of prefix for installing the modprobe configuration file as
otherwise split-usr systems are broken.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879191
Zbigniew Jędrzejewski-Szmek [Fri, 20 Oct 2017 10:41:04 +0000 (12:41 +0200)]
core/dynamic-user: use _cleanup_ in dynamic user locking
This makes the code a bit easier to read.
Patrik Flykt [Fri, 20 Oct 2017 08:59:15 +0000 (11:59 +0300)]
sd-radv: Allocate space also for DNSSL iov option (#7144)
The iov array needs to hold five entries in addition to the number
of prefixes.
Alan Jenkins [Thu, 19 Oct 2017 14:00:57 +0000 (15:00 +0100)]
core: systemd-shutdown: add missing check for umount_changed
The assumption was that nothing changes in the final attempt. This
would be confusing if a filesystem with a process in uninterruptible
sleep suddenly became un-stuck for the final attempt, but we still give
up and don't try to e.g. unmount any parent mounts.
I don't know how possible that is. But the code will be easier to read
without an assumption that it does not attempt to justify.
Zbigniew Jędrzejewski-Szmek [Thu, 19 Oct 2017 06:29:37 +0000 (08:29 +0200)]
Merge pull request #7132 from splantefeve/fr-translation
Update French translation
Sylvain Plantefève [Wed, 18 Oct 2017 22:26:52 +0000 (00:26 +0200)]
po: update french translation
Sylvain Plantefève [Wed, 18 Oct 2017 22:26:27 +0000 (00:26 +0200)]
catalog: update french translation
Zbigniew Jędrzejewski-Szmek [Wed, 18 Oct 2017 16:47:34 +0000 (18:47 +0200)]
man: describe how machine-id should be initialized (#7051)
Zbigniew Jędrzejewski-Szmek [Wed, 18 Oct 2017 15:31:51 +0000 (17:31 +0200)]
rfkill: include the device name in error message
Zbigniew Jędrzejewski-Szmek [Wed, 18 Oct 2017 07:39:30 +0000 (09:39 +0200)]
man: recommend using /var/lib/machines in systemd-nspawn(1)
Also update the instruction to latest Fedora version.
Zbigniew Jędrzejewski-Szmek [Sun, 15 Oct 2017 21:00:54 +0000 (23:00 +0200)]
util-lib: simplify kexec_loaded()