0xAX [Mon, 27 Jun 2016 21:26:07 +0000 (00:26 +0300)]
basic/strv: introduce STRV_IGNORE macro (#3601)
to hide casting of '-1' strings and make code cleaner.
Evgeny Vereshchagin [Mon, 27 Jun 2016 12:47:37 +0000 (15:47 +0300)]
basic: pass flags to the fnmatch (#3606)
Fixes:
```
$ systemctl list-unit-files 'hey\*'
0 unit files listed.
$ systemctl list-unit-files | grep hey
hey\x7eho.service static
```
Martin Pitt [Sun, 26 Jun 2016 15:46:23 +0000 (17:46 +0200)]
Merge pull request #3572 from poettering/machinectl-shell-fix
machinectl: interpret options placed between "shell" verb and machine name
Lennart Poettering [Sun, 26 Jun 2016 15:43:37 +0000 (17:43 +0200)]
catalog: make support URL to show in shipped catalog entries configurable (#3597)
Let's allow distros to change the support URL to expose in catalog entries by
default. It doesn't make sense to direct end-users to the upstream project for
common errors.
This adds a --with-support-url= switch to configure, which allows overriding
the default at build-time.
Fixes: #2516
Lennart Poettering [Sun, 26 Jun 2016 15:41:33 +0000 (17:41 +0200)]
machinectl: verify image existance on "start" and "enable" (#3579)
Let's make sure we catch early when a machine doesn't exist that is attempted
to be started or enabled as system service.
0xAX [Sun, 26 Jun 2016 15:37:24 +0000 (18:37 +0300)]
networkd: use strv_fnmatch() (#3605)
Lennart Poettering [Sun, 26 Jun 2016 15:35:22 +0000 (17:35 +0200)]
man: document what Authenticated: in the systemd-resolve output actually means (#3571)
My educated guess is that #3561 was filed due to confusion around the
systemd-resolve "Data Authenticated:" output. Let's try to clean up the
confusion a bit, and document what it means in the man page.
Martin Pitt [Sun, 26 Jun 2016 10:46:17 +0000 (12:46 +0200)]
Merge pull request #3600 from poettering/fstab-generator-fixes
Fstab generator fixes
0xAX [Sun, 26 Jun 2016 10:37:00 +0000 (13:37 +0300)]
basic/strv: use SWAP_TWO() macro (#3602)
Lennart Poettering [Sat, 25 Jun 2016 04:04:43 +0000 (06:04 +0200)]
nspawn: fix uid patching logic (#3599)
An incorrectly set if/else chain caused aus to apply the access mode of a
symlink to the directory it is located in. Yuck.
Fixes: #3547
Lennart Poettering [Fri, 24 Jun 2016 19:22:05 +0000 (21:22 +0200)]
fstab-generator: minor simplification
Lennart Poettering [Fri, 24 Jun 2016 19:07:18 +0000 (21:07 +0200)]
fstab-generator: skip fsck for /usr on non-device file systems
We do the same already for the root device, hence follow the scheme for /usr
too.
(Also add some explanatory comments.)
Lennart Poettering [Fri, 24 Jun 2016 19:04:48 +0000 (21:04 +0200)]
fstab-generator: don't skip /usr handling if root handling didn't work correctly
Let's follow the same logic for all mounts here: log errors, and exit the
process uncleanly ultimately, but do not skip further mounts if we encounter a
problem with an earlier one.
Fixes: #2344
Lennart Poettering [Fri, 24 Jun 2016 19:03:47 +0000 (21:03 +0200)]
systemctl: fix an error condition from "-1" to something meaningful
We really shouldn't make up errors like "-1", but use proper errno definitions.
Lennart Poettering [Fri, 24 Jun 2016 19:01:22 +0000 (21:01 +0200)]
fstab-generator: fix checking of fstab_node_to_udev_node() result
We have to check for OOM here, let's add that. There's really no point in
checking for path_is_absolute() on the result however, as there's no particular
reason why that should be refused. Also, we don't have similar checks for the
other mount devices the generator deals with, hence don't bother with it here
either. Let's remove that check.
(And it shouldn't return made-up errors like "-1" in this case anyway.)
Lennart Poettering [Fri, 24 Jun 2016 19:00:11 +0000 (21:00 +0200)]
fstab-generator: document why we copy the root device into the usr device if unset
Let's a comment about this, to avoid questions popping up like in #2344.
Lennart Poettering [Fri, 24 Jun 2016 18:59:51 +0000 (20:59 +0200)]
fstab-generator: let's use path_equal() for comparing paths
Evgeny Vereshchagin [Fri, 24 Jun 2016 16:44:18 +0000 (19:44 +0300)]
Merge pull request #3587 from martinpitt/master
Fix some test issues
Martin Pitt [Fri, 24 Jun 2016 14:23:39 +0000 (16:23 +0200)]
test: merge check_nspawn() into run_nspawn()
This makes nspawn tests symmetric with run_qemu() which also exits with 1 if
QEMU is not available.
Franck Bui [Fri, 24 Jun 2016 14:08:43 +0000 (16:08 +0200)]
pid1: restore console color support for containers (#3595)
Commit
3a18b60489504056f9b0b1a139439cbfa60a87e1 introduced a regression that
disabled the color mode for container.
This patch fixes this.
Martin Pitt [Fri, 24 Jun 2016 10:11:19 +0000 (12:11 +0200)]
tests: track and check for timeouts
If run_qemu() exits with non-zero, this either meant that QEMU was not
available (which should be a SKIP) or that QEMU timed out if $QEMU_TIMEOUT was
set (which then should be a FAIL).
Limit the exit code of run_qemu() to QEMU availability only, and track timeouts
separately through the new $TIMED_OUT variable, which is then checked in
check_result_qemu().
Do the same for $NSPAWN_TIMEOUT and run_nspawn() so that nspawn and QEMU work
similarly.
Martin Pitt [Fri, 24 Jun 2016 10:07:18 +0000 (12:07 +0200)]
tests: make TEST-12-ISSUE-3171 nspawn invocation consistent with other tests
The result of check_nspawn does not mean much, and this forgot to ask
check_nspawn() whether nspawn can be used at all. This brings
TEST-12-ISSUE-3171 in line with other nspawn tests.
Lennart Poettering [Fri, 24 Jun 2016 09:45:06 +0000 (11:45 +0200)]
update
Martin Pitt [Thu, 23 Jun 2016 08:23:29 +0000 (10:23 +0200)]
tests: don't fail if QEMU is not available
Fix TEST-{08,09,10,11} to properly skip the test if QEMU is not available
instead of failing, like in the other tests.
Martin Pitt [Thu, 23 Jun 2016 08:25:44 +0000 (10:25 +0200)]
tests: force booting the kernel with SELinux
selinux=1 is not sufficient when running on a kernel which also has another LSM
(such as AppArmor) enabled and defaults to that.
Martin Pitt [Fri, 24 Jun 2016 06:01:49 +0000 (08:01 +0200)]
Merge pull request #3594 from poettering/resolved-servfail
resolved fixes for handling SERVFAIL errors from servers
Doug Christman [Fri, 24 Jun 2016 06:00:35 +0000 (02:00 -0400)]
systemctl: Create new unit files with "edit --force" (#3584)
Martin Pitt [Fri, 24 Jun 2016 05:54:28 +0000 (07:54 +0200)]
resolved: add option to disable caching (#3592)
In some cases, caching DNS results locally is not desirable, a it makes DNS
cache poisoning attacks a tad easier and also allows users on the system to
determine whether or not a particular domain got visited by another user. Thus
provide a new "Cache" resolved.conf option to disable it.
Tom Gundersen [Thu, 23 Jun 2016 23:26:25 +0000 (01:26 +0200)]
Merge pull request #3549 from poettering/resolved-more
resolved: more fixes, among them "systemctl-resolve --status" to see DNS configuration in effect, and a local DNS stub listener on 127.0.0.53
Lennart Poettering [Thu, 23 Jun 2016 21:46:56 +0000 (23:46 +0200)]
resolved: when processing auxiliary DNSSEC transactions, accept those with SERVFAIL
Some upstream DNS servers return SERVFAIL if we ask them for DNSSEC RRs, which
some forwarding DNS servers pass on to us as SERVFAIL (other though as
NOERROR...). This is should not be considered a problem, as long as the domain
in question didn't have DNSSEC enabled. Hence: when making use of auxiliary
transactions accept those that return SERVFAIL.
Lennart Poettering [Thu, 23 Jun 2016 21:36:10 +0000 (23:36 +0200)]
resolved: when caching replies, check rcode earlier
This way we don't log complaints about packets without SOA in case we are not
caching it anyway because the rcode is not SUCCESS or NXDOMAIN...
Lennart Poettering [Thu, 23 Jun 2016 21:24:38 +0000 (23:24 +0200)]
resolved: rework SERVFAIL handling
There might be two reasons why we get a SERVFAIL response from our selected DNS
server: because this DNS server itself is bad, or because the DNS server
actually serving the zone upstream is bad. So far we immediately downgraded our
server feature level when getting SERVFAIL, under the assumption that the first
case is the only possible case. However, this meant we'd downgrade immediately
even if we encountered the second case described above.
With this commit handling of SERVFAIL is reworked. As soon as we get a SERVFAIL
on a transaction we retry the transaction with a lower feature level, without
changing the feature level tracked for the DNS server itself. If that fails
too, we downgrade further, and so on. If during this downgrading the SERVFAIL
goes away we assume that the DNS server we are talking to is bad, but the zone
is fine and propagate the detected feature level to the information we track
about the DNS server. Should the SERVFAIL not go away this way we let the
transaction fail and accept the SERVFAIL.
Franck Bui [Thu, 23 Jun 2016 20:31:01 +0000 (22:31 +0200)]
udev: bump TasksMax to inifinity (#3593)
udevd already limits its number of workers/children: the max number is actually
twice the number of CPUs the system is using.
(The limit can also be raised with udev.children-max= kernel command line
option BTW).
On some servers, this limit can easily exceed the maximum number of tasks that
systemd put on all services, which is 512 by default.
Since udevd has already its limitation logic, simply disable the static
limitation done by TasksMax.
Harald Hoyer [Thu, 23 Jun 2016 16:47:03 +0000 (17:47 +0100)]
fstab-generator: ignore root=/dev/nfs (#3591)
root=/dev/nfs is a legacy option for the kernel to handle root on NFS.
Documentation for this kernel command line option
can be found in the kernel source tree:
Documentation/filesystems/nfs/nfsroot.txt
Ronny Chevalier [Thu, 23 Jun 2016 12:11:58 +0000 (13:11 +0100)]
Merge pull request #3583 from poettering/restrict-realtime
add new RestrictRealtime= option to services (and other fixes)
Ronny Chevalier [Thu, 23 Jun 2016 09:15:40 +0000 (10:15 +0100)]
Merge pull request #3581 from dobyrch/master
systemctl: Add missing "/" to files created by 'edit --runtime'
Lennart Poettering [Thu, 23 Jun 2016 02:10:53 +0000 (04:10 +0200)]
build-sys: move fdset.[ch] src/basic → src/shared (#3580)
It makes use of the sd_listen_fds() call, and as such should live in
src/shared, as the distinction between src/basic and src/shared is that the
latter may use libsystemd APIs, the former does not.
Note that btrfs-util.[ch] and log.[ch] also include header files from
libsystemd, but they only need definitions, they do not invoke any function
from it. Hence they may stay in src/basic.
Lennart Poettering [Wed, 22 Jun 2016 23:45:45 +0000 (01:45 +0200)]
execute: add a new easy-to-use RestrictRealtime= option to units
It takes a boolean value. If true, access to SCHED_RR, SCHED_FIFO and
SCHED_DEADLINE is blocked, which my be used to lock up the system.
Lennart Poettering [Wed, 22 Jun 2016 23:35:04 +0000 (01:35 +0200)]
execute: be a little less drastic when MemoryDenyWriteExecute= hits
Let's politely refuse with EPERM rather than kill the whole thing right-away.
Lennart Poettering [Wed, 22 Jun 2016 23:33:07 +0000 (01:33 +0200)]
execute: set PR_SET_NO_NEW_PRIVS also in case the exec memory protection is used
This was forgotten when MemoryDenyWriteExecute= was added: we should set NNP in
all cases when we set seccomp filters.
Lennart Poettering [Wed, 22 Jun 2016 23:31:24 +0000 (01:31 +0200)]
execute: use the return value of setrlimit_closest() properly
It's a function defined by us, hence we should look for the error in its return
value, not in "errno".
Lennart Poettering [Wed, 22 Jun 2016 23:29:33 +0000 (01:29 +0200)]
core: when writing transient unit files, make sure all lines end with a newline
This is a fix-up for
2a9a6f8ac04a69ca36d645f9305a33645f22a22b which covered
non-transient units, but missed the case for transient units.
Lennart Poettering [Wed, 22 Jun 2016 21:30:36 +0000 (23:30 +0200)]
nspawn: improve man page (#3577)
This change documents the existance of the systemd-nspawn@.service template
unit file, which was previously not mentioned at all. Since the unit file uses
slightly different default than nspawn invoked from the command line, these
defaults are now explicitly documented too.
A couple of further additions and changes are made, too.
Replaces: #3497
Lennart Poettering [Wed, 22 Jun 2016 21:28:12 +0000 (23:28 +0200)]
man: document that %f in units always unescapes (#3578)
Douglas Christman [Wed, 22 Jun 2016 19:09:33 +0000 (15:09 -0400)]
systemctl: Add missing "/" to files created by 'edit --runtime'
Elias Probst [Wed, 22 Jun 2016 15:10:52 +0000 (17:10 +0200)]
machinectl: do not escape the unit name (#3554)
Otherwise starting a machine named `foo-bar-baz` will end up in
machinectl attempting to start the service unit
`systemd-nspawn@foo\x2dbar\x2dbaz` instead of
`systemd-nspawn@foo-bar-baz`.
Minkyung [Wed, 22 Jun 2016 11:26:05 +0000 (20:26 +0900)]
watchdog: Support changing watchdog_usec during runtime (#3492)
Add sd_notify() parameter to change watchdog_usec during runtime.
Application can change watchdog_usec value by
sd_notify like this. Example. sd_notify(0, "WATCHDOG_USEC=
20000000").
To reset watchdog_usec as configured value in service file,
restart service.
Notice.
sd_event is not currently supported. If application uses
sd_event_set_watchdog, or sd_watchdog_enabled, do not use
"WATCHDOG_USEC" option through sd_notify.
Martin Pitt [Wed, 22 Jun 2016 11:22:47 +0000 (13:22 +0200)]
NEWS: start section for 231, with tmpfs.mount option changes (#3576)
This documents the "add nosuid and nodev options to tmp.mount" change from
commit
2f9df7c96a2.
Lennart Poettering [Wed, 22 Jun 2016 10:34:25 +0000 (12:34 +0200)]
Merge pull request #3526 from fbuihuu/fix-console-log-color
Fix console log color
Martin Pitt [Wed, 22 Jun 2016 10:32:59 +0000 (12:32 +0200)]
units: add nosuid and nodev options to tmp.mount (#3575)
This makes privilege escalation attacks harder by putting traps and exploits
into /tmp.
https://bugs.debian.org/826377
Franck Bui [Mon, 20 Jun 2016 19:45:28 +0000 (21:45 +0200)]
pid1: initialize status color mode after setting up TERM
Also we had to connect PID's stdio to null later since colors_enabled()
assume that stdout is connected to the console.
Franck Bui [Mon, 20 Jun 2016 16:54:21 +0000 (18:54 +0200)]
pid1: initialize TERM environment variable correctly
When systemd is started by the kernel, the kernel set the TERM
environment variable unconditionnally to "linux" no matter the console
device used. This might be an issue for dumb devices with no colors
support.
This patch uses default_term_for_tty() for getting a more accurate
value. But it makes sure to keep the user preferences (if any) which
might be passed via the kernel command line. For that purpose /proc
should be mounted.
Lennart Poettering [Tue, 21 Jun 2016 19:32:17 +0000 (21:32 +0200)]
units: machined needs mount-related syscalls for its namespacing operations
Specifically "machinectl shell" (or its OpenShell() bus call) is implemented by
entering the file system namespace of the container and opening a TTY there.
In order to enter the file system namespace, chroot() is required, which is
filtered by SystemCallFilter='s @mount group. Hence, let's make this work again
and drop @mount from the filter list.
Lennart Poettering [Tue, 21 Jun 2016 19:30:20 +0000 (21:30 +0200)]
machinectl: interpret options placed between "shell" verb and machine name
Previously, we'd stop processing of the argument list immediately when hitting
the "shell" verb. However, we really should continue processing options then,
until we hit the machine name.
Fixes: #3472
mahkoh [Tue, 21 Jun 2016 15:52:32 +0000 (17:52 +0200)]
man: document some sd-bus functions (#3567)
* sd_bus_add_match
* sd_bus_get_fd
* sd_bus_message_read_basic
* sd_bus_process
Ian Lee [Tue, 21 Jun 2016 14:10:31 +0000 (15:10 +0100)]
Do not ellipsize cgroups when showing slices in --full mode (#3560)
Do not ellipsize cgroups when showing slices in --full mode
Lennart Poettering [Tue, 21 Jun 2016 14:09:47 +0000 (16:09 +0200)]
emergency.service: Don't say "Welcome" when it's an emergency (#3569)
Quoting @cgwalters:
Just uploading this as an RFC. Now I know reading the code that systemd says
`Welcome to $OS` as a generic thing, but my initial impression on seeing this
was that it was almost sarcastic =)
Let's say "You are in emergency mode" as a more neutral/less excited phrase.
This patch is based on #3556, but makes the same change for rescue mode.
Lennart Poettering [Tue, 21 Jun 2016 11:20:23 +0000 (13:20 +0200)]
tmpfiles: make sure to always initialize "r" correctly.
Lennart Poettering [Tue, 21 Jun 2016 11:20:02 +0000 (13:20 +0200)]
tree-wide: some work-arounds for gcc false positives regarding uninitialized variables
Lennart Poettering [Tue, 21 Jun 2016 11:19:21 +0000 (13:19 +0200)]
man: beef up resolved man page
Let's explain the various APIs and various ways to handle /etc/resolv.conf.
Lennart Poettering [Mon, 20 Jun 2016 22:58:47 +0000 (00:58 +0200)]
resolved: respond to local resolver requests on 127.0.0.53:53
In order to improve compatibility with local clients that speak DNS directly
(and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process
any queries made that way.
Note that resolved does not implement a full DNS server on this port, but
simply enough to allow normal, local clients to resolve RRs through resolved.
Specifically it does not implement queries without the RD bit set (these are
requests where recursive lookups are explicitly disabled), and neither queries
with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with
validation turned off). It also refuses zone transfers and obsolete RR types.
All lookups done this way will be rejected with a clean error code, so that the
client side can repeat the query with a reduced feature set.
The code will set the DNSSEC AD flag however, depending on whether the data
resolved has been validated (or comes from a local, trusted source).
Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary,
but this is only partially useful as DNS packets cannot carry IP scope data
(i.e. the ifindex), and hence link-local addresses returned cannot be used
properly (and given that LLMNR/mDNS are mostly about link-local communication
this is quite a limitation). Also, given that DNS tends to use IDNA for
non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1.
In general this should improve compatibility with clients bypassing NSS but
it is highly recommended for clients to instead use NSS or our native bus API.
This patch also beefs up the DnsStream logic, as it reuses the code for local
TCP listening. DnsStream now provides proper reference counting for its
objects.
In order to avoid feedback loops resolved will no silently ignore 127.0.0.53
specified as DNS server when reading configuration.
resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave
the latter free for local, external DNS servers or forwarders.
This also changes the "etc.conf" tmpfiles snippet to create a symlink from
/etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this
stub the default mode of operation if /etc is not populated.
Lennart Poettering [Mon, 20 Jun 2016 19:59:17 +0000 (21:59 +0200)]
resolved: use DNS_{QUESTION|ANSWER}_FOREACH macros at two more places
Lennart Poettering [Mon, 20 Jun 2016 19:57:57 +0000 (21:57 +0200)]
resolved: extend dns_packet_append_opt() so that it can set the extended rcode
We don't make use of this yet, but later work will.
Lennart Poettering [Mon, 20 Jun 2016 19:39:02 +0000 (21:39 +0200)]
resolved: add dns_packet_add_{question,answer}() helper
And make use of it at a couple of places.
Lennart Poettering [Mon, 20 Jun 2016 19:28:53 +0000 (21:28 +0200)]
resolved: add dns_answer_is_empty() and dns_question_is_empty() helpers
And make use of them at a few places.
Lennart Poettering [Mon, 20 Jun 2016 19:24:46 +0000 (21:24 +0200)]
resolved: when using the ResolveRecord() bus call, adjust TTL for caching time
When we return the full RR wire data, let's make sure the TTL included in it is
adjusted by the time the RR sat in the cache.
As an optimization we do this only for ResolveRecord() and not for
ResolveHostname() and friends, since adjusting the TTL means copying the RR
object, and we don#t want to do that if there's no reason to.
(ResolveHostname() and friends don't return the TTL hence there's no reason to
in that case)
Lennart Poettering [Mon, 20 Jun 2016 17:32:51 +0000 (19:32 +0200)]
resolved: explicitly refuse zone transfers using the bus API
Lennart Poettering [Thu, 16 Jun 2016 16:50:14 +0000 (18:50 +0200)]
resolved: drop unused permit_domain_search variable from Manager object
Lennart Poettering [Wed, 15 Jun 2016 20:41:56 +0000 (22:41 +0200)]
sd-bus: make sure bus_map_all_properties() handle booleans right
sd-bus generally exposes bools as "int" instead of "bool" in the public API.
This is relevant when unmarshaling booleans, as the relevant functions expect
an int* pointer and no bool* pointer. Since sizeof(bool) is not necessarily the
same as sizeof(int) this is problematic and might result in memory corruption.
Let's fix this, and make sure bus_map_all_properties() handles booleans as
ints, as the rest of sd-bus, and make all users of it expect the right thing.
Lennart Poettering [Wed, 15 Jun 2016 20:38:23 +0000 (22:38 +0200)]
resolved: make sure DNS configuration pushed in by the user stays around on restarts
Let's make sure that all settings pushed in stay around when systemd-resolved
is restarted.
Lennart Poettering [Wed, 15 Jun 2016 20:36:58 +0000 (22:36 +0200)]
set: add new set_put_strsplit() call
It's like set_put_strdup(), but splits up a string via an extract_first_word()
loop.
Lennart Poettering [Wed, 15 Jun 2016 20:35:23 +0000 (22:35 +0200)]
resolved: fix negated boolean function
It's weird having a "negative" function link_is_unmanaged(), let's invert it
and get rid of the negation this way, by renaming it to link_is_managed().
Internally we stored this as a positive boolean already, hence let's do this
for the function too.
Lennart Poettering [Wed, 15 Jun 2016 20:33:27 +0000 (22:33 +0200)]
resolved: rework link_update_dns_servers() a bit
Let's split the code from the inner loop out, into its own function
link_update_dns_server_one(). This matches how things are already handled for
the search domain logic. Also, this is preparation for a later commit that
persists DNS server data pushed in via the bus.
Lennart Poettering [Wed, 15 Jun 2016 20:32:33 +0000 (22:32 +0200)]
resolved: make use of set_put_strdupv() where appropriate
Lennart Poettering [Wed, 15 Jun 2016 20:30:11 +0000 (22:30 +0200)]
resolved: make sure that route-only domains are never added to /etc/resolv.conf
After all, /etc/resolv.conf doesn't know the concept of "route-only domains",
hence the domains should really not appear there.
Lennart Poettering [Wed, 15 Jun 2016 20:25:48 +0000 (22:25 +0200)]
string-table: make sure DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN() handles NULL strings nicely
xyz_from_string() functions defined with DEFINE_STRING_TABLE_LOOKUP() properly
handle NULL strings already. make sure the equivalent functions defined with
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN() do the same.
Lennart Poettering [Wed, 15 Jun 2016 19:43:36 +0000 (21:43 +0200)]
resolve: add "systemd-resolve --status" command
The new command shows the per-link and global DNS configuration currently in
effect. This is useful to quickly see the DNS settings resolved acquired from
networkd and that was pushed into it via the bus APIs.
Lennart Poettering [Wed, 15 Jun 2016 19:38:41 +0000 (21:38 +0200)]
resolved: export the effective per-link DNSSEC setting, not the internal one
Internally, we store the per-link DNSSEC setting as -1 (invalid) if there's no
link-specific setting configured, and the global setting should be used. When
exporting this one the bus we really should export the effective DNSSEC
setting however, i.e. return the global one if there's non set per-link.
Lennart Poettering [Wed, 15 Jun 2016 19:37:51 +0000 (21:37 +0200)]
resolved: export global NTAs on the bus
We export them per-link, hence let's export the global NTAs too.
Lennart Poettering [Wed, 15 Jun 2016 19:36:57 +0000 (21:36 +0200)]
networkd: fix bad memory access when parsing DNSSECNegativeTrustAnchors=
Evgeny Vereshchagin [Mon, 20 Jun 2016 18:40:46 +0000 (21:40 +0300)]
core: log the right set of the supported controllers (#3558)
Jun 16 05:12:08 systemd[1]: Controller 'io' supported: yes
Jun 16 05:12:08 systemd[1]: Controller 'memory' supported: yes
Jun 16 05:12:08 systemd[1]: Controller 'pids' supported: yes
instead of
Jun 16 04:06:50 systemd[1]: Controller 'memory' supported: yes
Jun 16 04:06:50 systemd[1]: Controller 'devices' supported: yes
Jun 16 04:06:50 systemd[1]: Controller 'pids' supported: yes
Franck Bui [Mon, 20 Jun 2016 16:54:21 +0000 (18:54 +0200)]
Revert "do not pass-along the environment from the kernel or initrd"
This reverts commit
ce8aba568156f2b9d0d3b023e960cda3d9d7db81.
We should pass an environment as close as possible to what we originally
got.
Franck Bui [Mon, 13 Jun 2016 14:10:06 +0000 (16:10 +0200)]
pid1: reconnect to the console before being re-executed
When re-executed, reconnect the console to PID1's stdios as it was the case
when PID1 was initially started by the kernel.
Ronny Chevalier [Mon, 20 Jun 2016 07:41:06 +0000 (08:41 +0100)]
Merge pull request #3564 from evverx/valgrind-tests-fixes
tests: fix memory leak, don't run test_get_process_cmdline_harder under valgrind
Evgeny Vereshchagin [Sun, 19 Jun 2016 23:43:35 +0000 (23:43 +0000)]
tests: don't run test_get_process_cmdline_harder under valgrind
See https://github.com/systemd/systemd/pull/3555#issuecomment-
226564908
Lukáš Nykrýn [Sun, 19 Jun 2016 17:22:46 +0000 (19:22 +0200)]
man: match runlevel symlinks recommendation with our makefile (#3563)
In makefile we create symlinks runlevel5.target to graphical.target and
runlevel2-4.target to multi-user.target. Let's say the same thing in
systemd.special manpage.
Evgeny Vereshchagin [Sun, 19 Jun 2016 15:02:51 +0000 (15:02 +0000)]
tests: fix memory leak in test-keymap-util
Fixes:
==27917== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1
==27917== at 0x4C28BF6: malloc (vg_replace_malloc.c:299)
==27917== by 0x55083D9: strdup (in /usr/lib64/libc-2.22.so)
==27917== by 0x1140DA: find_converted_keymap (keymap-util.c:524)
==27917== by 0x110844: test_find_converted_keymap (test-keymap-util.c:52)
==27917== by 0x1124FE: main (test-keymap-util.c:213)
==27917==
Dave Reisner [Fri, 10 Jun 2016 13:50:16 +0000 (09:50 -0400)]
Ensure kdbus isn't used (#3501)
Delete the dbus1 generator and some critical wiring. This prevents
kdbus from being loaded or detected. As such, it will never be used,
even if the user still has a useful kdbus module loaded on their system.
Sort of fixes #3480. Not really, but it's better than the current state.
Lennart Poettering [Fri, 17 Jun 2016 09:38:56 +0000 (11:38 +0200)]
Merge pull request #3557 from whot/hwdb-updates
Hwdb updates
Peter Hutterer [Fri, 17 Jun 2016 01:00:45 +0000 (11:00 +1000)]
Revert "hwdb: change the Logitech MX500 to 1100 dpi (#3517)"
Likely bad measurement and all other websites refer to it being 1000dpi.
See https://bugs.freedesktop.org/show_bug.cgi?id=96225#c13
This reverts commit
e7b90ddc345d1817ca48bfcc4e3e73836c8051af.
Peter Hutterer [Thu, 16 Jun 2016 00:24:51 +0000 (10:24 +1000)]
hwdb: touchpad ranges for Dell Precision M4700
From https://bugs.freedesktop.org/show_bug.cgi?id=95417
Lennart Poettering [Thu, 16 Jun 2016 20:46:44 +0000 (22:46 +0200)]
process-util: fix two bugs in get_process_cmdline() (#3555)
See:
https://github.com/systemd/systemd/pull/3529#issuecomment-
226421007
Lennart Poettering [Thu, 16 Jun 2016 16:40:53 +0000 (18:40 +0200)]
Merge pull request #3546 from keszybz/systemctl-fixes
Systemctl fixes
Lennart Poettering [Thu, 16 Jun 2016 16:37:11 +0000 (18:37 +0200)]
resolved: when restarting a transaction make sure to not touch it anymore (#3553)
dns_transaction_maybe_restart() is supposed to return 1 if the the transaction
has been restarted and 0 otherwise. dns_transaction_process_dnssec() relies on
this behaviour. Before this change in case of restart we'd call
dns_transaction_go() when restarting the lookup, returning its return value
unmodified. This is wrong however, as that function returns 1 if the
transaction is pending, and 0 if it completed immediately, which is a very
different set of return values. Fix this, by always returning 1 on redirection.
The wrong return value resulted in all kinds of bad memory accesses as we might
continue processing a transaction that was redirected and completed immediately
(and thus freed).
This patch also adds comments to the two functions to clarify the return values
for the future.
Most likely fixes: #2942 #3475 #3484
Lennart Poettering [Thu, 16 Jun 2016 14:48:16 +0000 (16:48 +0200)]
update TODO
Zbigniew Jędrzejewski-Szmek [Wed, 15 Jun 2016 13:11:32 +0000 (09:11 -0400)]
systemctl: delay pager/polkit agent opening as much as possible
In https://github.com/systemd/systemd/issues/3543, we would open the pager
before starting ssh, and the pipe fd was "leaked" into the ssh child as the
stderr fd. Previous commit fixes bus-socket to nullify stderr before launching
the child, but it seems reasonable to also delay starting the pager.
If we are going to croak when trying to open the transport, it seems better
to do this before starting the pager.
This commit would also fix #3543 on its own.
Lennart Poettering [Thu, 16 Jun 2016 13:29:16 +0000 (15:29 +0200)]
systemctl: make sure we terminate the bus connection first, and then close the pager (#3550)
If "systemctl -H" is used, let's make sure we first terminate the bus
connection, and only then close the pager. If done in this order ssh will get
an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
terminate. This makes sure the standard error we were invoked on is released by
ssh, and only that makes sure we don't deadlock on the pager which waits for
all clients closing its input pipe.
(Similar fixes for the various other xyzctl tools that support both pagers and
-H)
Fixes: #3543
Zbigniew Jędrzejewski-Szmek [Thu, 16 Jun 2016 13:15:45 +0000 (09:15 -0400)]
Merge pull request #3511 from andir/networkd-vrf
networkd: add support for vrf interfaces (#3316)
Lennart Poettering [Thu, 16 Jun 2016 11:56:23 +0000 (13:56 +0200)]
Merge pull request #3481 from poettering/relative-memcg
various changes, most importantly regarding memory metrics
Zbigniew Jędrzejewski-Szmek [Thu, 16 Jun 2016 01:30:59 +0000 (21:30 -0400)]
Merge pull request #3537 from poettering/journal-stream-env
Permit services to detect whether their stdout/stderr is connected to the journal.