chiark / gitweb /
Patrik Flykt [Wed, 19 Mar 2014 12:38:59 +0000 (14:38 +0200)]
libsystemd-network: Don't unnecessarily send too long packets
Since the length used by options is known, send packets with no
extra padding.
Patrik Flykt [Wed, 19 Mar 2014 11:53:02 +0000 (13:53 +0200)]
libsystemd-network: Prepend hardware type byte to client identifier
Even though client identifiers SHOULD be treated as opaque objects by
DHCP servers, follow the recommendation of a hardware type field with
value 0x01 (ethernet) followed by the hardware address as described in
RFC 2132.
Lennart Poettering [Thu, 20 Mar 2014 03:19:23 +0000 (04:19 +0100)]
update TODO
Lennart Poettering [Thu, 20 Mar 2014 03:16:39 +0000 (04:16 +0100)]
unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
Lennart Poettering [Wed, 19 Mar 2014 22:25:41 +0000 (23:25 +0100)]
update TODO
Lennart Poettering [Wed, 19 Mar 2014 22:08:39 +0000 (23:08 +0100)]
core: enable PrivateNetwork= for a number of our long running services where this is useful
Lennart Poettering [Wed, 19 Mar 2014 21:46:45 +0000 (22:46 +0100)]
core: move notify sockets to /run and $XDG_RUNTIME_DIR
A service with PrivateNetwork= cannot access abstract namespace sockets
of the host anymore, hence let's better not use abstract namespace
sockets for this, since we want to make sure that PrivateNetwork=
is useful and doesn't break sd_notify().
Lennart Poettering [Wed, 19 Mar 2014 21:26:08 +0000 (22:26 +0100)]
man: improve documentation of fs namespace related settings
Lennart Poettering [Wed, 19 Mar 2014 21:00:43 +0000 (22:00 +0100)]
core: make sure we can combine DevicePolicy=closed with PrivateDevices=yes
if PrivateDevices=yes is used we need to make sure we can still
create /dev/null and so on.
Lennart Poettering [Wed, 19 Mar 2014 20:41:21 +0000 (21:41 +0100)]
sd-bus: don't use assert_return() to check for disconnected bus connections
A terminated connection is a runtime error and not a developer mistake,
hence don't use assert_return() to check for it.
Lennart Poettering [Wed, 19 Mar 2014 19:40:05 +0000 (20:40 +0100)]
core: rework context initialization/destruction logic
Let's automatically initialize the kill, exec and cgroup contexts of the
various unit types when the object is constructed, instead of
invididually in type-specific code.
Also, when PrivateDevices= is set, set DevicePolicy= to closed.
Lennart Poettering [Wed, 19 Mar 2014 17:31:54 +0000 (18:31 +0100)]
sd-bus: properly translate high-level attach flags into kdbus attach flags
Lennart Poettering [Wed, 19 Mar 2014 15:56:16 +0000 (16:56 +0100)]
update TODO
Lennart Poettering [Wed, 19 Mar 2014 15:55:43 +0000 (16:55 +0100)]
core: when PrivateTmp= is set for a unit, make sure to order it after /tmp and /var/tmp are mounted
Lennart Poettering [Wed, 19 Mar 2014 15:45:28 +0000 (16:45 +0100)]
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons
Lennart Poettering [Wed, 19 Mar 2014 15:24:47 +0000 (16:24 +0100)]
update TODO
Lennart Poettering [Wed, 19 Mar 2014 15:23:32 +0000 (16:23 +0100)]
core: Beef up PrivateDevices=
Also mount /dev/kdbus, /dev/mqueue and /dev/hugepages into the /dev for
namespaced services.
Lennart Poettering [Wed, 19 Mar 2014 15:21:01 +0000 (16:21 +0100)]
busctl: when monitoring the bus, enable all credentials
Lennart Poettering [Wed, 19 Mar 2014 15:19:06 +0000 (16:19 +0100)]
core: expose missing busname properties on the bus
Tom Gundersen [Wed, 19 Mar 2014 09:41:29 +0000 (10:41 +0100)]
sd-dhcp-client: accept infinite lease lifetime
Otherwise we would fail with -EINVAL. Thanks to Brandon Philips
<brandon.philips@coreos.com>, for reporting the bug.
Patrik Flykt [Fri, 31 Jan 2014 09:31:22 +0000 (11:31 +0200)]
libsystemd-network: Add Init-Reboot support
Init-Reboot is tried if a client IP address has been given when
the DHCP client is started. In Init-Reboot, start by sending a
broadcast DHCP Request including the supplied client IP address
but without the server identifier. After sending the request,
enter Reboot state.
If a DHCP Ack is received, proceed to Bound state as usual. If a
DHCP Nak is received or the first timeout triggers, start the
address acquisition over from DHCP Init state.
See RFC 2131, sections 4.3.2, 4.4, 4.4.1 and 4.4.2 for details.
Patrik Flykt [Wed, 12 Mar 2014 09:46:40 +0000 (11:46 +0200)]
libsystemd-network: Restart DHCP acquisition if the lease expires
This causes the DHCP client struct initialization and DHCP client
starting to be factored out into functions of their own.
Patrik Flykt [Wed, 12 Mar 2014 10:52:00 +0000 (12:52 +0200)]
libsystemd-network: Add hangcheck timer for DHCP client test
Patrik Flykt [Tue, 25 Feb 2014 11:33:24 +0000 (13:33 +0200)]
libsystemd-network: Export checksum function to test case
Remove identical checksum function implementation from the test
case code.
Lennart Poettering [Wed, 19 Mar 2014 03:17:37 +0000 (04:17 +0100)]
update TODO
Lennart Poettering [Wed, 19 Mar 2014 03:17:00 +0000 (04:17 +0100)]
sd-bus: add proper monitoring API
Lennart Poettering [Wed, 19 Mar 2014 02:09:51 +0000 (03:09 +0100)]
core: by default .busname units should be activating
Lennart Poettering [Wed, 19 Mar 2014 01:28:03 +0000 (02:28 +0100)]
update TODO
Daniel Mack [Mon, 17 Mar 2014 10:41:21 +0000 (11:41 +0100)]
busname: introduce Activating directive
Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.
If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running.
Lennart Poettering [Wed, 19 Mar 2014 00:48:23 +0000 (01:48 +0100)]
update TODO
Lennart Poettering [Wed, 19 Mar 2014 00:36:03 +0000 (01:36 +0100)]
core: when creating an activating busname attach all metadata fields to the messages queued for it
This way we can be sure that the service the messages are ultimately
intended for finds all fields it might need.
Lennart Poettering [Wed, 19 Mar 2014 00:35:52 +0000 (01:35 +0100)]
update kdbus.h
Lennart Poettering [Wed, 19 Mar 2014 00:10:14 +0000 (01:10 +0100)]
missing: define LO_FLAGS_PARTSCAN if it is missing
https://bugs.freedesktop.org/show_bug.cgi?id=76335
Lennart Poettering [Tue, 18 Mar 2014 23:54:41 +0000 (00:54 +0100)]
util: add new FOREACH_STRING() macro as syntactic sugar to iterate through a number of fixed strings
Lennart Poettering [Tue, 18 Mar 2014 20:06:08 +0000 (21:06 +0100)]
update TODO
Lennart Poettering [Tue, 18 Mar 2014 20:05:16 +0000 (21:05 +0100)]
man: dcument sd_bus_negotiate_fds() and friends
Lennart Poettering [Tue, 18 Mar 2014 20:03:37 +0000 (21:03 +0100)]
sd-bus: if we got a message with fds attached even though we didn't negotiate it, refuse to take it
This makes sure we don't mishandle if developers specificy a different
AcceptFileDescriptors= setting in .busname units then they set for the
bus connection in the activated program.
Lennart Poettering [Tue, 18 Mar 2014 19:54:32 +0000 (20:54 +0100)]
core: add new AcceptFD= setting to .busname units
AcceptFD= defaults to true, thus making sure that by default fd passing
is enabled for all activatable names. Since for normal bus connections
fd passing is enabled too by default this makes sure fd passing works
correctly regardless whether a service is already activated or not.
Making this configurable on both busname units and in bus connections is
messy, but unavoidable since busnames are established and may queue
messages before the connection feature negotiation is done by the
service eventually activated. Conversely, feature negotiation on bus
connections takes place before the connection acquires its names.
Of course, this means developers really should make sure to keep the
settings in .busname units in sync with what they later intend to
negotiate.
Lennart Poettering [Tue, 18 Mar 2014 18:31:44 +0000 (19:31 +0100)]
test
Lennart Poettering [Tue, 18 Mar 2014 18:22:43 +0000 (19:22 +0100)]
util: replace close_nointr_nofail() by a more useful safe_close()
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:
fd = safe_close(fd);
Which will close an fd if it is open, and reset the fd variable
correctly.
By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
Lennart Poettering [Tue, 18 Mar 2014 16:59:11 +0000 (17:59 +0100)]
udate TODO
Lennart Poettering [Tue, 18 Mar 2014 16:58:19 +0000 (17:58 +0100)]
core: drop CAP_MKNOD when PrivateDevices= is set
Kay Sievers [Tue, 18 Mar 2014 15:20:15 +0000 (16:20 +0100)]
timedated: update test address
Kay Sievers [Tue, 18 Mar 2014 15:17:51 +0000 (16:17 +0100)]
hwdb: update
Tom Gundersen [Tue, 18 Mar 2014 13:13:01 +0000 (14:13 +0100)]
sd-dhcp-client: make sure timers fire immediately
The default slack caused there to be a delay before timers fired. Solve it
by setting timers that should trigger immediately to trigger far in the past.
This brings down the ideal-case dhcp lease acquisition time from about 500ms to
about 50ms (over a veth pair, so no network latency involved).
All the rest of the time (except for ~0.5ms) is spent in the bind() call in,
dhcp_network_bind_raw_socket(). I don't know if there is anything to be done
about that though...
Zbigniew Jędrzejewski-Szmek [Tue, 18 Mar 2014 02:13:47 +0000 (22:13 -0400)]
microhttpd-util: avoid double free on error
It seems that resources are properly deallocated by MHD_destroy_response,
even if enqueuing the request fails.
Also replace a trivial printf with alloca and fixup log message
(it'll now be something like "Connection from CN=some.host.name",
which seems clear enough.)
Zbigniew Jędrzejewski-Szmek [Tue, 18 Mar 2014 02:11:18 +0000 (22:11 -0400)]
journal-remote: do not attempt to read from µhttpd connections
This chunk got lost in one of the rebases :(
Lennart Poettering [Tue, 18 Mar 2014 03:44:39 +0000 (04:44 +0100)]
machinectl: reimplement machinectl's "reboot" verb on top of "kill", and add new verb "poweroff"
There's really no point to send the reboot SIGINT from machinectl
directly, if machined can do that anyway. This saves code, and
makes machinectl network transparent for these verbs. And while we are
at it we can easily add a "poweroff" verb in addition to "reboot". Yay!
Lennart Poettering [Tue, 18 Mar 2014 03:43:08 +0000 (04:43 +0100)]
machined: fix Kill() bus call on machine objects when "what" is specified as "leader"
Lennart Poettering [Tue, 18 Mar 2014 02:53:59 +0000 (03:53 +0100)]
update TODO
Lennart Poettering [Tue, 18 Mar 2014 03:06:54 +0000 (04:06 +0100)]
core: remount /sys/fs/cgroup/ read-only after we mounted all controllers
Given that glibc searches for /dev/shm by just looking for any tmpfs we
should be more careful with providing tmpfs instances arbitrary code
might end up writing to.
Lennart Poettering [Tue, 18 Mar 2014 03:06:36 +0000 (04:06 +0100)]
cgroup: it's not OK to invoke alloca() in loops
Lennart Poettering [Tue, 18 Mar 2014 02:53:02 +0000 (03:53 +0100)]
systemctl: sort local host entry before container in list-machines output
Lennart Poettering [Tue, 18 Mar 2014 02:51:24 +0000 (03:51 +0100)]
systemctl: prefix list-units and list-machines output with a circle indicating a failure state
(Subject to --no-legend)
Kay Sievers [Tue, 18 Mar 2014 02:57:35 +0000 (03:57 +0100)]
timedatectl: clear ADJ_MAXERROR to make sure we keep STA_SYNC set
Thomas Hindoe Paaboel Andersen [Mon, 17 Mar 2014 20:59:43 +0000 (21:59 +0100)]
systemd-run: extend bash completion
--system
-H --host
-M --machine
--service-type (options: simple forking oneshot dbus notify idle)
--uid
--gid
--nice
--setenv
-p --property (options read from bus_append_unit_property_assignment)
Thomas Hindoe Paaboel Andersen [Mon, 17 Mar 2014 20:50:49 +0000 (21:50 +0100)]
remove unused variable
poma [Mon, 17 Mar 2014 20:08:40 +0000 (21:08 +0100)]
man: networkd - additional examples related to bridging
Lennart Poettering [Mon, 17 Mar 2014 17:28:30 +0000 (18:28 +0100)]
build-sys: move sd-login src/login → src/libsystemd/sd-login
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
Lennart Poettering [Mon, 17 Mar 2014 17:15:38 +0000 (18:15 +0100)]
update TODO
Lennart Poettering [Mon, 17 Mar 2014 17:14:26 +0000 (18:14 +0100)]
sd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers
This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.
Lennart Poettering [Mon, 17 Mar 2014 14:18:11 +0000 (15:18 +0100)]
update TODO
Miklos Vajna [Fri, 14 Mar 2014 20:13:38 +0000 (21:13 +0100)]
core, libsystemd, systemd, timedate, udev: spelling fixes
Jason St. John [Mon, 17 Mar 2014 04:03:46 +0000 (00:03 -0400)]
man: improve wording of systemctl's --after/--before
Commit
4a77ca7 was an attempt at fixing the wording of --after and --before,
but the new wording was unclear.
Split the combined --after/--before section into a separate section for
each, explicitly state what each option does, and add information about
how these lists are generated.
Reported-by: Andrey Borzenkov <arvidjaar@gmail.com>
Reported-by: Lennart Poettering <lennart@poettering.net>
Zbigniew Jędrzejewski-Szmek [Mon, 17 Mar 2014 04:13:48 +0000 (00:13 -0400)]
build-sys: bump required µhttpd version
MHD_USE_EPOLL_LINUX_ONLY, MHD_USE_DUAL_STACK are only available in
next-but-last release.
Zbigniew Jędrzejewski-Szmek [Mon, 17 Mar 2014 02:33:35 +0000 (22:33 -0400)]
journal-remote: implement inheriting http(s) sockets
Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd
server on those two ports, in http and https modes respectively.
As before, --listen-http=3 --listen-https=4 will launch µhttpd servers
on ports 3 and 4.
Zbigniew Jędrzejewski-Szmek [Mon, 17 Mar 2014 00:05:50 +0000 (20:05 -0400)]
microhttpd-util: use static buffer for static messages
Most of the messages we send do not require a allocating and
freeing a buffer, to optimize this by using const strings.
Also, rename respond_error to mhd_respond*, since it is used
not only for errors.
Make use of information from printf to avoid one extra call to
strlen.
Zbigniew Jędrzejewski-Szmek [Sat, 15 Mar 2014 19:58:03 +0000 (15:58 -0400)]
journal-remote: HTTP(s) support
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.
Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.
The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
Zbigniew Jędrzejewski-Szmek [Thu, 1 Nov 2012 22:08:03 +0000 (23:08 +0100)]
journal-remote: tool to receive messages over the network
Zbigniew Jędrzejewski-Szmek [Sat, 1 Dec 2012 10:12:05 +0000 (11:12 +0100)]
journal-gatewayd: check if certificate is signed by CA
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.
Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
Zbigniew Jędrzejewski-Szmek [Wed, 28 Nov 2012 22:08:35 +0000 (23:08 +0100)]
journal-gatewayd: log to journal from gnutls
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
Zbigniew Jędrzejewski-Szmek [Wed, 28 Nov 2012 11:45:31 +0000 (12:45 +0100)]
build-sys: add check on gnutls
Zbigniew Jędrzejewski-Szmek [Mon, 26 Nov 2012 22:02:14 +0000 (23:02 +0100)]
journal-gatewayd: ask clients to provide certificates
A certificate authority certificate will be presented to clients,
causing them to present their client certificate, if it is signed by
this authority (default behaviour of most clients). No certificate
checking is actually performed.
Zbigniew Jędrzejewski-Szmek [Mon, 10 Mar 2014 01:33:04 +0000 (21:33 -0400)]
activate: export make_socket_fd
Also improve logging to print out the parsed address on error.
Zbigniew Jędrzejewski-Szmek [Fri, 2 Nov 2012 14:05:31 +0000 (15:05 +0100)]
shared: export is_dir
Zbigniew Jędrzejewski-Szmek [Sat, 3 Nov 2012 19:13:46 +0000 (20:13 +0100)]
journal: export valid_user_field and size defines
In preparation for use elsewhere.
Zbigniew Jędrzejewski-Szmek [Thu, 1 Nov 2012 21:36:52 +0000 (22:36 +0100)]
journal: extract duplicated code to a function
Zbigniew Jędrzejewski-Szmek [Thu, 1 Nov 2012 21:26:22 +0000 (22:26 +0100)]
journal: extract duplicated code to a function
Zbigniew Jędrzejewski-Szmek [Tue, 11 Mar 2014 01:19:23 +0000 (21:19 -0400)]
journald: remove stray reset of error return value
Lennart Poettering [Mon, 17 Mar 2014 02:31:38 +0000 (03:31 +0100)]
systemctl: introduce -r switch to show units running in local containers in addition to the host
Kay Sievers [Sun, 16 Mar 2014 23:18:55 +0000 (00:18 +0100)]
timedated: move test logging to test program
Kay Sievers [Sun, 16 Mar 2014 22:51:50 +0000 (23:51 +0100)]
timedated: update spike handling
Kay Sievers [Sun, 16 Mar 2014 21:57:42 +0000 (22:57 +0100)]
timedated: update spike handling
Kay Sievers [Sun, 16 Mar 2014 16:45:06 +0000 (17:45 +0100)]
timedated: handle external system time changes
Josh Triplett [Sat, 15 Mar 2014 18:40:07 +0000 (11:40 -0700)]
Use strlen even for constant strings
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often makes it clearer that the expression counts the
trailing '\0' exactly once, by putting the +1 for the '\0' at the end of
the expression, rather than hidden in a sizeof in the middle of the
expression.
Tom Gundersen [Sun, 16 Mar 2014 12:55:41 +0000 (13:55 +0100)]
nspawn: UP the host side of the veth pair after adding it to a bridge
Tom Gundersen [Sun, 16 Mar 2014 12:02:16 +0000 (13:02 +0100)]
sd-rtnl: never treat broadcasts as replies
Otherwise the sequence number of a broadcast may match the sequence number of a
pending unicast message and cause confusion.
Tom Gundersen [Sat, 15 Mar 2014 19:03:34 +0000 (20:03 +0100)]
networkd: netdev - support joining already existing netdevs
Tom Gundersen [Sat, 15 Mar 2014 19:02:24 +0000 (20:02 +0100)]
sd-rtnl: make RTM_NEWLINK report EEXIST by default
Use RTM_SETLINK to update an existing link.
Kay Sievers [Sat, 15 Mar 2014 15:57:51 +0000 (16:57 +0100)]
timedated: print delay and jitter in debug output
Wieland Hoffmann [Mon, 10 Mar 2014 14:17:32 +0000 (15:17 +0100)]
_sd_machines: Use machinectl --no-legend
Otherwise bogus entries from the header and footer would show up in the
completion list.
Wieland Hoffmann [Mon, 10 Mar 2014 14:17:31 +0000 (15:17 +0100)]
zsh completion: Install _sd_machines with _machinectl
_machinectl uses _sd_machines to provide a list of all available
machines.
Zbigniew Jędrzejewski-Szmek [Sat, 15 Mar 2014 01:43:56 +0000 (21:43 -0400)]
timedated: use builtins for integer log and exp
Sebastian Thorarensen [Thu, 13 Mar 2014 23:38:15 +0000 (00:38 +0100)]
journald: add support for wall forwarding
This will let journald forward logs as messages sent to all logged in
users (like wall).
Two options are added:
* ForwardToWall (default yes)
* MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.
This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
Sebastian Thorarensen [Thu, 13 Mar 2014 23:38:05 +0000 (00:38 +0100)]
utmp-wtmp: allow overriding username on wall
utmp_wall() now takes an optional argument 'username_override' which
allows the caller to override the username shown on wall messages.
journald will use this to inform users that its wall messages comes from
'systemd-journald'.
Lennart Poettering [Fri, 14 Mar 2014 20:15:32 +0000 (21:15 +0100)]
sd-bus: don't choke if somebody sends us a message with a unix fd count of 0
It's kinda pointless to include a unix fd header field in messages if it
carries the value 0, but let's do this anyway...
Lennart Poettering [Fri, 14 Mar 2014 20:12:36 +0000 (21:12 +0100)]
sd-bus: don't access invalid memory if a signal matcher was freed from its own callback
Lennart Poettering [Fri, 14 Mar 2014 20:11:31 +0000 (21:11 +0100)]
util: add hexdump() call to create pretty hexdumps of data
This is very useful when debugging sd-bus to look at messages.
Lennart Poettering [Fri, 14 Mar 2014 20:10:55 +0000 (21:10 +0100)]
update TODO
Michael Olbrich [Fri, 14 Mar 2014 17:19:29 +0000 (18:19 +0100)]
networkd: fix typo
It's HAVE_SPLIT_USR not HAVE_SPLIT_USER