From: Sven Eden Date: Mon, 12 Jun 2017 14:29:59 +0000 (+0200) Subject: Prep v231: Update build root files to upstream X-Git-Tag: v231.3~50 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=5d2803744e2a425ad476737fb3f812833a632f7d Prep v231: Update build root files to upstream --- diff --git a/.gitignore b/.gitignore index ff8b57798..00e474d9b 100644 --- a/.gitignore +++ b/.gitignore @@ -207,6 +207,7 @@ /test-journal-stream /test-journal-syslog /test-journal-verify +/test-keymap-util /test-libsystemd-sym* /test-libudev /test-libudev-sym* @@ -290,7 +291,6 @@ stamp-* /elogind-inhibit /test-libelogind* - # Local Helper Scripts and Tools - Not for distribution patches/ /check_*.* diff --git a/.mailmap b/.mailmap index 69060957d..d56fb6784 100644 --- a/.mailmap +++ b/.mailmap @@ -64,3 +64,13 @@ Tom Rini Paul Mundt Atul Sabharwal Daniel Machon +Thomas Blume +Pablo Lezaeta Reyes +Otto Wallenius +Tom Yan +Marty Plummer +Brian Boylston +Thomas H. P. Andersen +Michael Olbrich +Douglas Christman +Alexander Kuleshov <0xAX@users.noreply.github.com> diff --git a/CODING_STYLE b/CODING_STYLE index b689355c9..e89b3c67e 100644 --- a/CODING_STYLE +++ b/CODING_STYLE @@ -382,3 +382,50 @@ tools, and we should continue to do so, as it makes it easy to identify command line parameter variables, and makes it clear why it is OK that they are global variables. + +- When exposing public C APIs, be careful what function parameters you make + "const". For example, a parameter taking a context object should probably not + be "const", even if you are writing an other-wise read-only accessor function + for it. The reason is that making it "const" fixates the contract that your + call won't alter the object ever, as part of the API. However, that's often + quite a promise, given that this even prohibits object-internal caching or + lazy initialization of object variables. Moreover it's usually not too useful + for client applications. Hence: please be careful and avoid "const" on object + parameters, unless you are very sure "const" is appropriate. + +- Make sure to enforce limits on every user controllable resource. If the user + can allocate resources in your code, your code must enforce some form of + limits after which it will refuse operation. It's fine if it is hardcoded (at + least initially), but it needs to be there. This is particularly important + for objects that unprivileged users may allocate, but also matters for + everything else any user may allocated. + +- htonl()/ntohl() and htons()/ntohs() are weird. Please use htobe32() and + htobe16() instead, it's much more descriptive, and actually says what really + is happening, after all htonl() and htons() don't operation on longs and + shorts as their name would suggest, but on uint32_t and uint16_t. Also, + "network byte order" is just a weird name for "big endian", hence we might + want to call it "big endian" right-away. + +- You might wonder what kind of common code belongs in src/shared/ and what + belongs in src/basic/. The split is like this: anything that uses public APIs + we expose (i.e. any of the sd-bus, sd-login, sd-id128, ... APIs) must be + located in src/shared/. All stuff that only uses external libraries from + other projects (such as glibc's APIs), or APIs from src/basic/ itself should + be placed in src/basic/. Conversely, src/libsystemd/ may only use symbols + from src/basic, but not from src/shared/. To summarize: + + src/basic/ → may be used by all code in the tree + → may not use any code outside of src/basic/ + + src/libsystemd/ → may be used by all code in the tree, except for code in src/basic/ + → may not use any code outside of src/basic/, src/libsystemd/ + + src/shared/ → may be used by all code in the tree, except for code in src/basic/, src/libsystemd/ + → may not use any code outside of src/basic/, src/libsystemd/, src/shared/ + +- Our focus is on the GNU libc (glibc), not any other libcs. If other libcs are + incompatible with glibc it's on them. However, if there are equivalent POSIX + and Linux/GNU-specific APIs, we generally prefer the POSIX APIs. If there + aren't, we are happy to use GNU or Linux APIs, and expect non-GNU + implementations of libc to catch up with glibc. diff --git a/Makefile.am b/Makefile.am index 41a0f7752..c03e6fd47 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,9 +38,9 @@ SUBDIRS = . po # Keep the test-suite.log .PRECIOUS: $(TEST_SUITE_LOG) Makefile -LIBELOGIND_CURRENT=15 +LIBELOGIND_CURRENT=16 LIBELOGIND_REVISION=0 -LIBELOGIND_AGE=15 +LIBELOGIND_AGE=16 # Dirs of external packages dbuspolicydir=@dbuspolicydir@ @@ -83,6 +83,7 @@ CLEAN_LOCAL_HOOKS = pkginclude_HEADERS = noinst_LTLIBRARIES = lib_LTLIBRARIES = +rootlibexec_LTLIBRARIES = noinst_DATA = pkgconfiglib_DATA = polkitpolicy_in_files = @@ -95,6 +96,7 @@ dist_dbuspolicy_DATA = dist_dbussystemservice_DATA = check_PROGRAMS = check_DATA = +dist_rootlibexec_DATA = tests= manual_tests = if ENABLE_TESTS @@ -152,6 +154,7 @@ AM_CPPFLAGS = \ -I $(top_srcdir)/src/libelogind/sd-bus \ -I $(top_srcdir)/src/libelogind/sd-event \ -I $(top_srcdir)/src/libelogind/sd-login \ + -I $(top_srcdir)/src/libelogind/sd-id128 \ -I $(top_srcdir)/src/update-utmp \ $(OUR_CPPFLAGS) @@ -471,9 +474,47 @@ libshared_la_CFLAGS = \ libshared_la_LIBADD = \ libelogind-internal.la \ + libbasic.la \ $(UDEV_LIBS) \ $(ACL_LIBS) +rootlibexec_LTLIBRARIES += \ + libelogind-shared.la + +libelogind_shared_la_SOURCES = \ + $(libbasic_la_SOURCES) \ + $(libshared_la_SOURCES) \ + $(libelogind_internal_la_SOURCES) \ + $(libelogind_journal_internal_la_SOURCES) \ + $(libudev_internal_la_SOURCES) + +libelogind_shared_la_CFLAGS = \ + $(AM_CFLAGS) \ + $(libbasic_la_CFLAGS) \ + $(libshared_la_CFLAGS) \ + $(libelogind_internal_la_CFLAGS) \ + $(libelogind_journal_internal_la_CFLAGS) \ + $(libudev_internal_la_CFLAGS) \ + $(ACL_CFLAGS) \ + $(LIBIDN_CFLAGS) \ + $(SECCOMP_CFLAGS) \ + -fvisibility=default + +# We can't use libshared_la_LIBADD here because it would +# pull in libelogind*-internal.la +libelogind_shared_la_LIBADD = \ + $(libbasic_la_LIBADD) \ + $(libelogind_internal_la_LIBADD) \ + $(UDEV_LIBS) \ + $(ACL_LIBS) \ + $(LIBIDN_LIBS) \ + $(SECCOMP_LIBS) + +libelogind_shared_la_LDFLAGS = \ + $(AM_LDFLAGS) \ + -release $(PACKAGE_VERSION) + + # ----------------------------------------------------------------------------- gperf_txt_sources = \ src/basic/errno-list.txt @@ -529,7 +570,7 @@ elogind_cgroups_agent_SOURCES = \ src/cgroups-agent/cgroups-agent.c elogind_cgroups_agent_LDADD = \ - libshared.la + libelogind-shared.la # ------------------------------------------------------------------------------ libelogind_internal_la_SOURCES = \ @@ -582,11 +623,12 @@ libelogind_internal_la_SOURCES = \ src/libelogind/sd-bus/bus-protocol.h \ src/libelogind/sd-event/sd-event.c \ src/libelogind/sd-id128/sd-id128.c \ + src/libelogind/sd-id128/id128-util.h \ + src/libelogind/sd-id128/id128-util.c \ src/libelogind/sd-daemon/sd-daemon.c \ src/libelogind/sd-login/sd-login.c libelogind_internal_la_LIBADD = \ - libbasic.la \ -lresolv noinst_LTLIBRARIES += \ @@ -597,14 +639,7 @@ EXTRA_DIST += \ src/libelogind/sd-bus/DIFFERENCES \ src/libelogind/sd-bus/GVARIANT-SERIALIZATION -libelogind_la_SOURCES = \ - $(libelogind_internal_la_SOURCES) - -nodist_libelogind_la_SOURCES = \ - $(nodist_libelogind_internal_la_SOURCES) - -libelogind_la_CFLAGS = \ - $(libelogind_internal_la_CFLAGS) +libelogind_la_SOURCES = libelogind_la_LDFLAGS = \ $(AM_LDFLAGS) \ @@ -612,7 +647,8 @@ libelogind_la_LDFLAGS = \ -Wl,--version-script=$(top_srcdir)/src/libelogind/libelogind.sym libelogind_la_LIBADD = \ - $(libelogind_internal_la_LIBADD) + libelogind-internal.la \ + libbasic.la libelogind-install-hook: libname=libelogind.so && $(move-to-rootlibdir) @@ -692,7 +728,7 @@ libelogind_core_la_SOURCES = \ src/core/mount-setup.c libelogind_core_la_LIBADD = \ - libshared.la + libelogind-shared.la if HAVE_ACL libelogind_core_la_SOURCES += \ @@ -711,7 +747,7 @@ loginctl_SOURCES = \ src/login/sysfs-show.c loginctl_LDADD = \ - libshared.la + libelogind-shared.la rootbin_PROGRAMS += \ loginctl @@ -727,7 +763,7 @@ elogind_inhibit_SOURCES = \ src/login/inhibit.c elogind_inhibit_LDADD = \ - libshared.la + libelogind-shared.la rootbin_PROGRAMS += \ elogind-inhibit @@ -736,19 +772,19 @@ test_login_SOURCES = \ src/libelogind/sd-login/test-login.c test_login_LDADD = \ - libshared.la + libelogind-shared.la test_login_shared_SOURCES = \ src/login/test-login-shared.c test_login_shared_LDADD = \ - libshared.la + libelogind-shared.la test_inhibit_SOURCES = \ src/login/test-inhibit.c test_inhibit_LDADD = \ - libshared.la + libelogind-shared.la test_login_tables_SOURCES = \ src/login/test-login-tables.c @@ -782,7 +818,7 @@ pam_elogind_la_LDFLAGS = \ -Wl,--version-script=$(top_srcdir)/src/login/pam_elogind.sym pam_elogind_la_LIBADD = \ - libshared.la \ + libelogind-shared.la \ $(PAM_LIBS) pamlib_LTLIBRARIES = \ @@ -1065,7 +1101,7 @@ install-tree: all .PHONY: valgrind-tests valgrind-tests: $(TESTS) $(AM_V_GEN)for f in $(filter-out %.pl, $^); do \ - if file $$f | grep -q shell; then \ + if $(LIBTOOL) --mode=execute file $$f | grep -q shell; then \ echo -e "$${x}Skipping non-binary $$f"; else \ echo -e "$${x}Running $$f"; \ libtool --mode=execute valgrind -q --leak-check=full --max-stackframe=5242880 --error-exitcode=55 $(builddir)/$$f ; fi; \ diff --git a/NEWS b/NEWS index 7c3f99d31..ca5468587 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,243 @@ systemd System and Service Manager +CHANGES WITH 231: + + * In service units the various ExecXYZ= settings have been extended + with an additional special character as first argument of the + assigned value: if the character '+' is used the specified command + line it will be run with full privileges, regardless of User=, + Group=, CapabilityBoundingSet= and similar options. The effect is + similar to the existing PermissionsStartOnly= option, but allows + configuration of this concept for each executed command line + independently. + + * Services may now alter the service watchdog timeout at runtime by + sending a WATCHDOG_USEC= message via sd_notify(). + + * MemoryLimit= and related unit settings now optionally take percentage + specifications. The percentage is taken relative to the amount of + physical memory in the system (or in case of containers, the assigned + amount of memory). This allows scaling service resources neatly with + the amount of RAM available on the system. Similarly, systemd-logind's + RuntimeDirectorySize= option now also optionally takes percentage + values. + + * In similar fashion TasksMax= takes percentage values now, too. The + value is taken relative to the configured maximum number of processes + on the system. The per-service task maximum has been changed to 15% + using this functionality. (Effectively this is an increase of 512 → + 4915 for service units, given the kernel's default pid_max setting.) + + * Calendar time specifications in .timer units now understand a ".." + syntax for time ranges. Example: "4..7:10" may now be used for + defining a timer that is triggered at 4:10am, 5:10am, 6:10am and + 7:10am every day. + + * The InaccessableDirectories=, ReadOnlyDirectories= and + ReadWriteDirectories= unit file settings have been renamed to + InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be + applied to all kinds of file nodes, and not just directories, with + the exception of symlinks. Specifically these settings may now be + used on block and character device nodes, UNIX sockets and FIFOS as + well as regular files. The old names of these settings remain + available for compatibility. + + * systemd will now log about all service processes it kills forcibly + (using SIGKILL) because they remained after the clean shutdown phase + of the service completed. This should help identifying services that + shut down uncleanly. Moreover if KillUserProcesses= is enabled in + systemd-logind's configuration a similar log message is generated for + processes killed at the end of each session due to this setting. + + * systemd will now set the $JOURNAL_STREAM environment variable for all + services whose stdout/stderr are connected to the Journal (which + effectively means by default: all services). The variable contains + the device and inode number of the file descriptor used for + stdout/stderr. This may be used by invoked programs to detect whether + their stdout/stderr is connected to the Journal, in which case they + can switch over to direct Journal communication, thus being able to + pass extended, structured metadata along with their log messages. As + one example, this is now used by glib's logging primitives. + + * When using systemd's default tmp.mount unit for /tmp, the mount point + will now be established with the "nosuid" and "nodev" options. This + avoids privilege escalation attacks that put traps and exploits into + /tmp. However, this might cause problems if you e. g. put container + images or overlays into /tmp; if you need this, override tmp.mount's + "Options=" with a drop-in, or mount /tmp from /etc/fstab with your + desired options. + + * systemd now supports the "memory" cgroup controller also on + cgroupsv2. + + * The systemd-cgtop tool now optionally takes a control group path as + command line argument. If specified, the control group list shown is + limited to subgroups of that group. + + * The SystemCallFilter= unit file setting gained support for + pre-defined, named system call filter sets. For example + SystemCallFilter=@clock is now an effective way to make all clock + changing-related system calls unavailable to a service. A number of + similar pre-defined groups are defined. Writing system call filters + for system services is simplified substantially with this new + concept. Accordingly, all of systemd's own, long-running services now + enable system call filtering based on this, by default. + + * A new service setting MemoryDenyWriteExecute= has been added, taking + a boolean value. If turned on, a service may no longer create memory + mappings that are writable and executable at the same time. This + enhances security for services where this is enabled as it becomes + harder to dynamically write and then execute memory in exploited + service processes. This option has been enabled for all of systemd's + own long-running services. + + * A new RestrictRealtime= service setting has been added, taking a + boolean argument. If set the service's processes may no longer + acquire realtime scheduling. This improves security as realtime + scheduling may otherwise be used to easily freeze the system. + + * systemd-nspawn gained a new switch --notify-ready= taking a boolean + value. This may be used for requesting that the system manager inside + of the container reports start-up completion to nspawn which then + propagates this notification further to the service manager + supervising nspawn itself. A related option NotifyReady= in .nspawn + files has been added too. This functionality allows ordering of the + start-up of multiple containers using the usual systemd ordering + primitives. + + * machinectl gained a new command "stop" that is an alias for + "terminate". + + * systemd-resolved gained support for contacting DNS servers on + link-local IPv6 addresses. + + * If systemd-resolved receives the SIGUSR2 signal it will now flush all + its caches. A method call for requesting the same operation has been + added to the bus API too, and is made available via "systemd-resolve + --flush-caches". + + * systemd-resolve gained a new --status switch. If passed a brief + summary of the used DNS configuration with per-interface information + is shown. + + * resolved.conf gained a new Cache= boolean option, defaulting to + on. If turned off local DNS caching is disabled. This comes with a + performance penalty in particular when DNSSEC is enabled. Note that + resolved disables its internal caching implicitly anyway, when the + configured DNS server is on a host-local IP address such as ::1 or + 127.0.0.1, thus automatically avoiding double local caching. + + * systemd-resolved now listens on the local IP address 127.0.0.53:53 + for DNS requests. This improves compatibility with local programs + that do not use the libc NSS or systemd-resolved's bus APIs for name + resolution. This minimal DNS service is only available to local + programs and does not implement the full DNS protocol, but enough to + cover local DNS clients. A new, static resolv.conf file, listing just + this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is + now recommended to make /etc/resolv.conf a symlink to this file in + order to route all DNS lookups to systemd-resolved, regardless if + done via NSS, the bus API or raw DNS packets. Note that this local + DNS service is not as fully featured as the libc NSS or + systemd-resolved's bus APIs. For example, as unicast DNS cannot be + used to deliver link-local address information (as this implies + sending a local interface index along), LLMNR/mDNS support via this + interface is severely restricted. It is thus strongly recommended for + all applications to use the libc NSS API or native systemd-resolved + bus API instead. + + * systemd-networkd's bridge support learned a new setting + VLANFiltering= for controlling VLAN filtering. Moreover a new section + in .network files has been added for configuring VLAN bridging in + more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN]. + + * systemd-networkd's IPv6 Router Advertisement code now makes use of + the DNSSL and RDNSS options. This means IPv6 DNS configuration may + now be acquired without relying on DHCPv6. Two new options + UseDomains= and UseDNS= have been added to configure this behaviour. + + * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been + renamed IPv6AcceptRA=, without altering its behaviour. The old + setting name remains available for compatibility reasons. + + * The systemd-networkd VTI/VTI6 tunneling support gained new options + Key=, InputKey= and OutputKey=. + + * systemd-networkd gained support for VRF ("Virtual Routing Function") + interface configuration. + + * "systemctl edit" may now be used to create new unit files by + specifying the --force switch. + + * sd-event gained a new function sd_event_get_iteration() for + requesting the current iteration counter of the event loop. It starts + at zero and is increased by one with each event loop iteration. + + * A new rpm macro %systemd_ordering is provided by the macros.systemd + file. It can be used in lieu of %systemd_requires in packages which + don't use any systemd functionality and are intended to be installed + in minimal containers without systemd present. This macro provides + ordering dependecies to ensure that if the package is installed in + the same rpm transaction as systemd, systemd will be installed before + the scriptlets for the package are executed, allowing unit presets + to be handled. + + New macros %_systemdgeneratordir and %_systemdusergeneratordir have + been added to simplify packaging of generators. + + * The os-release file gained VERSION_CODENAME field for the + distribution nickname (e.g. VERSION_CODENAME=woody). + + * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1 + can be set to disable parsing of metadata and the creation + of persistent symlinks for that device. + + * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess" + to make them available to logged-in users has been reverted. + + * Much of the common code of the various systemd components is now + built into an internal shared library libsystemd-shared-231.so + (incorporating the systemd version number in the name, to be updated + with future releases) that the components link to. This should + decrease systemd footprint both in memory during runtime and on + disk. Note that the shared library is not for public use, and is + neither API not ABI stable, but is likely to change with every new + released update. Packagers need to make sure that binaries + linking to libsystemd-shared.so are updated in step with the + library. + + * Configuration for "mkosi" is now part of the systemd + repository. mkosi is a tool to easily build legacy-free OS images, + and is available on github: https://github.com/systemd/mkosi. If + "mkosi" is invoked in the build tree a new raw OS image is generated + incorporating the systemd sources currently being worked on and a + clean, fresh distribution installation. The generated OS image may be + booted up with "systemd-nspawn -b -i", qemu-kvm or on any physcial + UEFI PC. This functionality is particularly useful to easily test + local changes made to systemd in a pristine, defined environment. See + HACKING for details. + + Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor + Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika + Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar + Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse, + Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David + Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias + Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler, + Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan + Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke + Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart + Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel + Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov, + Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz, + Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran, + Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier, + Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas + Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan, + Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič, + WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek + + — Berlin, 2016-07-25 + CHANGES WITH 230: * DNSSEC is now turned on by default in systemd-resolved (in @@ -152,7 +390,7 @@ CHANGES WITH 230: container, via the new --private-users=pick setting (which implies --private-user-chown). Together, these options for the first time make user namespacing for nspawn containers fully automatic and thus - deployable. The systemd-nspaw@.service template unit file has been + deployable. The systemd-nspawn@.service template unit file has been changed to use this functionality by default. * systemd-nspawn gained a new --network-zone= switch, that allows @@ -207,6 +445,11 @@ CHANGES WITH 230: for backwards compatibility). AmbientCapabilities= and CapabilityBoundingSet= should be used instead. + * A new special target has been added, initrd-root-device.target, + which creates a synchronization point for dependencies of the root + device in early userspace. Initramfs builders must ensure that this + target is now included in early userspace. + Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov, Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens @@ -542,7 +785,7 @@ CHANGES WITH 228: the service. * Timer units gained support for a new RemainAfterElapse= - setting which takes a boolean argument. It defaults on on, + setting which takes a boolean argument. It defaults to on, exposing behaviour unchanged to previous releases. If set to off, timer units are unloaded after they elapsed if they cannot elapse again. This is particularly useful for @@ -733,7 +976,7 @@ CHANGES WITH 227: * Support for USB FunctionFS activation has been added. This allows implementation of USB gadget services that are activated as soon as they are requested, so that they don't - have to run continously, similar to classic socket + have to run continuously, similar to classic socket activation. * The "systemctl exit" command now optionally takes an @@ -778,7 +1021,7 @@ CHANGES WITH 227: * systemd-networkd gained support for: - - Setting the IPv6 Router Advertisment settings via + - Setting the IPv6 Router Advertisement settings via IPv6AcceptRouterAdvertisements= in .network files. - Configuring the HelloTimeSec=, MaxAgeSec= and @@ -824,7 +1067,7 @@ CHANGES WITH 227: files controlled by the number of files that shall remain, in addition to the already existing control by size and by date. This is useful as journal interleaving performance - degrades with too many seperate journal files, and allows + degrades with too many separate journal files, and allows putting an effective limit on them. The new setting defaults to 100, but this may be changed by setting SystemMaxFiles= and RuntimeMaxFiles= in journald.conf. Also, the @@ -911,7 +1154,7 @@ CHANGES WITH 226: available, systemd will fall back to the legacy cgroup hierarchy setup, as before. Host system and containers can mix and match legacy and unified hierarchies as they - wish. nspawn understands the $UNIFIED_CROUP_HIERARCHY + wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY environment variable to individually select the hierarchy to use for executed containers. By default, nspawn will use the unified hierarchy for the containers if the host uses the @@ -5209,7 +5452,7 @@ CHANGES WITH 192: * We do not mount the "cpuset" controller anymore together with "cpu" and "cpuacct", as "cpuset" groups generally cannot be started if no parameters are assigned to it. "cpuset" hence - broke code that assumed it it could create "cpu" groups and + broke code that assumed it could create "cpu" groups and just start them. * journalctl -f will now subscribe to terminal size changes, diff --git a/TODO b/TODO index fac9ccf0e..ef25ef578 100644 --- a/TODO +++ b/TODO @@ -33,10 +33,6 @@ Janitorial Clean-ups: Features: -* make sure bash completion uses journalctl --fields to get fields list - -* use phyical_memory() to allow MemoryLimit= configuration based on available system memory - * ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files * ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc @@ -47,14 +43,34 @@ Features: * ProtectKeyRing= to take keyring calls away +* PrivateUsers= which maps the all user ids except root and the one specified + in User= to nobody + +* Add AllocateUser= for allowing dynamic user ids per-service + +* Add DataDirectory=, CacheDirectory= and LogDirectory= to match + RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user. + +* Add BindDirectory= for allowing arbitrary, private bind mounts for services + +* Beef up RootDirectory= to use namespacing/bind mounts as soon as fs + namespaces are enabled by the service + +* Add RootImage= for mounting a disk image or file as root directory + * RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) -* IAID field must move from [Link] to [DHCP] section in .network files +* nspawn: make /proc/sys/net writable? * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * journalctl: make sure -f ends when the container indicated by -M terminates +* expose the "privileged" flag of ExecCommand on the bus, and open it up to + transient units + +* allow attaching additional journald log fields to cgroups + * rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the kernel doesn't support linkat() that replaces existing files, currently) @@ -63,8 +79,6 @@ Features: * transient units: don't bother with actually setting unit properties, we reload the unit file anyway -* make sure resolved can be restarted without losing pushed-in dns config - * journald: sigbus API via a signal-handler safe function that people may call from the SIGBUS handler @@ -74,8 +88,7 @@ Features: * optionally, also require WATCHDOG=1 notifications during service start-up and shutdown -* resolved: maybe, after all, implement local listening for DNS packets on port - 127.0.0.53:53. +* resolved: when routing queries, make sure only look for the *longest* suffix... * delay activation of logind until somebody logs in, or when /dev/tty0 pulls it in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle @@ -110,14 +123,12 @@ Features: * man: document that unless you use StandardError=null the shell >/dev/stderr won't work in shell scripts in services -* install: include generator dirs in unit file search paths - * fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline * docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date * mounting and unmounting mount points manually with different source - devices will result in collected collected on all devices used. + devices will result in collected on all devices used. http://lists.freedesktop.org/archives/systemd-devel/2015-April/030225.html * add a job mode that will fail if a transaction would mean stopping @@ -192,9 +203,7 @@ Features: * systemctl: if some operation fails, show log output? -* systemctl edit: -- allow creation of units from scratch -- use equvalent of cat() to insert existing config as a comment, prepended with #. +* systemctl edit: use equvalent of cat() to insert existing config as a comment, prepended with #. Upon editor exit, lines with one # are removed, lines with two # are left with one #, etc. * exponential backoff in timesyncd when we cannot reach a server @@ -222,8 +231,8 @@ Features: - resolved should optionally register additional per-interface LLMNR names, so that for the container case we can establish the same name (maybe "host") for referencing the server, everywhere. - - enable DNSSEC by default - allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?) + - hook up resolved with machined-based address resolution * refcounting in sd-resolve is borked @@ -547,7 +556,7 @@ Features: - systemctl enable: fail if target to alias into does not exist? maybe show how many units are enabled afterwards? - systemctl: "Journal has been rotated since unit was started." message is misleading - better error message if you run systemctl without systemd running - - systemctl status output should should include list of triggering units and their status + - systemctl status output should include list of triggering units and their status * unit install: - "systemctl mask" should find all names by which a unit is accessible @@ -558,7 +567,6 @@ Features: o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET) o DST changes - Support 2012-02~4 as syntax for specifying the fourth to last day of the month. - - calendarspec: support value ranges with ".." notation. Example: 2013-4..8-1 - Modulate timer frequency based on battery state * add libsystemd-password or so to query passwords during boot using the password agent logic diff --git a/configure.ac b/configure.ac index 8450bbcd5..8cf6b9e8b 100644 --- a/configure.ac +++ b/configure.ac @@ -20,7 +20,7 @@ AC_PREREQ([2.64]) AC_INIT([elogind], - [230], + [231], [https://github.com/elogind/elogind/issues], [elogind], [https://github.com/elogind/elogind]) @@ -267,6 +267,7 @@ AC_CHECK_SIZEOF(uid_t) AC_CHECK_SIZEOF(gid_t) AC_CHECK_SIZEOF(time_t) AC_CHECK_SIZEOF(dev_t) +AC_CHECK_SIZEOF(ino_t) AC_CHECK_SIZEOF(rlim_t,,[ #include #include @@ -372,6 +373,8 @@ AC_CHECK_TYPES([char16_t, char32_t, key_serial_t], ]]) AC_CHECK_DECLS([IFLA_INET6_ADDR_GEN_MODE, + IN6_ADDR_GEN_MODE_STABLE_PRIVACY, + IFLA_VRF_TABLE, IFLA_MACVLAN_FLAGS, IFLA_IPVLAN_MODE, IFLA_VTI_REMOTE,