chiark / gitweb /
6 years agologind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM
Christian Seiler [Tue, 27 Jan 2015 17:58:40 +0000 (18:58 +0100)]
logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM

In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs
(or any filesystem for that matter) on top of /run/user/$UID.
Previously, logind just failed in such a situation.

Now, logind will resort to chown+chmod of the directory instead. This
allows logind still to work in those environments, although without the
guarantees it provides (i.e. users not being able to DOS /run or other
users' /run/user/$UID space) when CAP_SYS_ADMIN is available.

6 years agologind: remove per-user runtime dir again if setup fails
Christian Seiler [Fri, 23 Jan 2015 14:26:18 +0000 (15:26 +0100)]
logind: remove per-user runtime dir again if setup fails

If setup of per-user runtime dir fails, clean up afterwards by removing
the directory before returning from the function, so we don't leave the
directory behind.

If this is not done, the second time the user logs in logind would
assume that the directory is already set up, even though it isn't.

6 years agoman: mention that is shipped by default, and users hence need to...
Lennart Poettering [Tue, 27 Jan 2015 17:29:33 +0000 (18:29 +0100)]
man: mention that is shipped by default, and users hence need to install a lexically earlier .link file for it to be honoured

6 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 13:31:29 +0000 (14:31 +0100)]
update TODO

6 years agobuild-sys: make bzip2 really optional
Lennart Poettering [Tue, 27 Jan 2015 16:24:11 +0000 (17:24 +0100)]
build-sys: make bzip2 really optional

6 years agounits: turn on watchdog for resolved
Lennart Poettering [Tue, 27 Jan 2015 13:30:52 +0000 (14:30 +0100)]
units: turn on watchdog for resolved

6 years agounits: fix all TTY paths for container gettys
Lennart Poettering [Tue, 27 Jan 2015 13:28:45 +0000 (14:28 +0100)]
units: fix all TTY paths for container gettys

Spotted by Christian Seiler:

6 years agonetworkd-dhcp6: Assign DHCPv6 addresses and prefix lengths
Patrik Flykt [Tue, 20 Jan 2015 17:36:04 +0000 (19:36 +0200)]
networkd-dhcp6: Assign DHCPv6 addresses and prefix lengths

Once IPv6 addresses have been acquired, assign these to the interface
with the prefix lengths taken from the ICMPv6 Router Advertisement
handling code. The preferred and valid IPv6 address lifetimes are
handed to the kernel which will clean up them if not renewed in time.

When a prefix announced via Router Advertisements expires, find all
addresses that match that prefix and update the address to have a
prefix length of 128 causing the prefix to be off-link.

6 years agosd-icmp6-nd: Add support for fetching the latest expired prefix
Patrik Flykt [Tue, 20 Jan 2015 17:36:03 +0000 (19:36 +0200)]
sd-icmp6-nd: Add support for fetching the latest expired prefix

Keep the expired prefix for the duration of the prefix expiration event
and remove it afterwards.

6 years agotest-icmp6-nd: Add test cases for prefixes
Patrik Flykt [Tue, 20 Jan 2015 17:36:02 +0000 (19:36 +0200)]
test-icmp6-nd: Add test cases for prefixes

Add test cases that feeds an Router Advertisement to the ICMPv6 code
and verify that the correct prefix lengths are returned given an IPv6

Enhance the prefix verification test by adding a shorter prefix and
check that the intended prefix lengths are now updated.

6 years agosd-icmp6-nd: Parse ICMPv6 prefix information
Patrik Flykt [Tue, 20 Jan 2015 17:36:01 +0000 (19:36 +0200)]
sd-icmp6-nd: Parse ICMPv6 prefix information

Save each new onlink IPv6 prefix and attach an expiry timer to it.
If the prefixes overlap, take the shorter prefix and write a debug
message about the event. Once the prefix is resent in a Router
Advertisement, update the timer. Add a new event for the expiring

Add two helper functions, one for returning a prefix length given a
Router Advertisement and the other for generic prefix matching given
an IPv6 prefix and address.

6 years agotest-icmp6-rs: Add trivial test case for an MTU that is not present
Patrik Flykt [Tue, 20 Jan 2015 17:36:00 +0000 (19:36 +0200)]
test-icmp6-rs: Add trivial test case for an MTU that is not present

6 years agosd-icmp6-nd: Add helper function to get the IPv6 link MTU
Patrik Flykt [Tue, 20 Jan 2015 17:35:59 +0000 (19:35 +0200)]
sd-icmp6-nd: Add helper function to get the IPv6 link MTU

Update MTU according to the latest value received.

6 years agosd-icmp6-nd: Add link and prefix structures for ICMPv6
Patrik Flykt [Tue, 20 Jan 2015 17:35:58 +0000 (19:35 +0200)]
sd-icmp6-nd: Add link and prefix structures for ICMPv6

Each ICMPv6 structure has an interface index and will therefore be
associated with an IPv6 link containing a list of of prefixes.

6 years agosd-icmp6-nd: Update Router Advertisement handling
Patrik Flykt [Tue, 20 Jan 2015 17:35:57 +0000 (19:35 +0200)]
sd-icmp6-nd: Update Router Advertisement handling

As the IPv6 prefixes are needed, update the ICMPv6 Router Advertisement
code to dynamically allocate a suitably sized buffer. Iterate through
the ICMPv6 options one by one returning error if the option length is
too big to fit the buffer.

6 years agosd-dhcp6-lease: Revise address iteration functions
Patrik Flykt [Tue, 20 Jan 2015 17:35:56 +0000 (19:35 +0200)]
sd-dhcp6-lease: Revise address iteration functions

Revise the address iteration functions so that one helper function
resets the iterator to the start of the address list while the
second one fetches addresses one by one.

The test case is also updated.

6 years agocompile-unifont: Python 2 compatibility
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 04:19:14 +0000 (23:19 -0500)]
compile-unifont: Python 2 compatibility

Under Python 2, sys.stdout.buffer is missing.

6 years agobuild-sys: unbundle unifont
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 00:12:56 +0000 (19:12 -0500)]
build-sys: unbundle unifont

We should prefer the unifont.hex file from the system, instead of our
own. Upstream has made a few releases since our version was included,
and we should follow upstream changes. But adding 2.6MB to our source
repo every time upstream releases is not nice.

6 years agoTODO: remove laccess conversion
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 23:12:45 +0000 (18:12 -0500)]
TODO: remove laccess conversion

I looked over all access invocations, and I think are using access()
correctly. Accepting dangling symlinks makes sense only in special

So far we do not allow "flag" files like "/fastboot" to be dangling
symlinks. We could, but I don't see a reason to.

6 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 01:36:40 +0000 (02:36 +0100)]
update TODO

6 years agotimesyncd: set RLIMIT_NPROC to 2
Lennart Poettering [Tue, 27 Jan 2015 01:33:46 +0000 (02:33 +0100)]
timesyncd: set RLIMIT_NPROC to 2

This way timesyncd cannot be used to fork().

Note that it generally is not safe to use RLIMIT_NPROC, since it breaks
running the same daemon in multiple containers if they do not use user
namespacing. However, timesyncd is excepted from running in a container
anyway, hence it is safe in this case.

6 years agoman: document that ProtectSystem= also covers /boot
Lennart Poettering [Tue, 27 Jan 2015 01:19:33 +0000 (02:19 +0100)]
man: document that ProtectSystem= also covers /boot

6 years agocore: explain why failing to set up the crash handler is not a real problem
Lennart Poettering [Tue, 27 Jan 2015 00:47:37 +0000 (01:47 +0100)]
core: explain why failing to set up the crash handler is not a real problem

6 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 00:28:53 +0000 (01:28 +0100)]
update TODO

6 years agosystem-update-generator: accept a dangling symlink
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 06:34:32 +0000 (07:34 +0100)]
system-update-generator: accept a dangling symlink

The offline update mechanism is explicitly designed to work with a
separate /var. systemd-update-generator is supposed to run early,
before filesystems are mounted, so it cannot check if the
/system-update symlink actually points to anything.

The update is run *after* filesystems are mounted, so it should be
able to access the target of the symlink without trouble.

6 years agomissing: define correct syscall numbers for memfd_create() and getrandom() on aarch64
Michael Olbrich [Mon, 26 Jan 2015 15:51:17 +0000 (16:51 +0100)]
missing: define correct syscall numbers for memfd_create() and getrandom() on aarch64

6 years agoupdate TODO
Lennart Poettering [Mon, 26 Jan 2015 20:51:57 +0000 (21:51 +0100)]
update TODO

6 years agosd-bus: change serialization of kdbus messages to qualify in their entirety as gvaria...
Lennart Poettering [Mon, 26 Jan 2015 20:48:08 +0000 (21:48 +0100)]
sd-bus: change serialization of kdbus messages to qualify in their entirety as gvariant objects

Previously, we only minimally altered the dbus1 framing for kdbus, and
while the header and its fields where compliant Gvariant objects, and so
was the body, the entire message together was not.

As result of discussions with Ryan Lortie this is now changed, so that
the messages in there entirely are fully compliant GVariants. This
follows the framing description described here:

Note that this change changes the framing of *all* messages sent via
kdbus, this means you have to reboot your kdbus system, after compiling
and installing this new version.

6 years agobus-dump: fix two minor memory leaks
Lennart Poettering [Mon, 26 Jan 2015 19:03:25 +0000 (20:03 +0100)]
bus-dump: fix two minor memory leaks

6 years agoman: fix minor type in man page
Lennart Poettering [Mon, 26 Jan 2015 16:48:58 +0000 (17:48 +0100)]
man: fix minor type in man page

6 years agosd-bus: reuse the KDBUS_CMD_FREE wrapper wherever appropriate
Lennart Poettering [Mon, 26 Jan 2015 16:48:14 +0000 (17:48 +0100)]
sd-bus: reuse the KDBUS_CMD_FREE wrapper wherever appropriate

6 years agotreewide: fix multiple typos
Torstein Husebø [Mon, 26 Jan 2015 14:29:14 +0000 (15:29 +0100)]
treewide: fix multiple typos

6 years agotmpfiles: use casts instead of warning suppression
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 15:39:03 +0000 (10:39 -0500)]
tmpfiles: use casts instead of warning suppression

This warning got its own name only in gcc5, so the suppression does
not work in gcc4, and generates a warning of its own. Use a cast,
which is ugly too, but less so.

6 years agoman: minor typo fix
Lennart Poettering [Mon, 26 Jan 2015 14:28:18 +0000 (15:28 +0100)]
man: minor typo fix

Spotted by John Paul Adrian Glaubitz

6 years agolibudev: private - drop some functions from the internal API
Tom Gundersen [Mon, 26 Jan 2015 13:48:04 +0000 (14:48 +0100)]
libudev: private - drop some functions from the internal API

6 years agolibudev: monitor - move nulstr parsing to libudev-device
Tom Gundersen [Mon, 26 Jan 2015 13:45:12 +0000 (14:45 +0100)]
libudev: monitor - move nulstr parsing to libudev-device

Hide the details a bit.

6 years agoudev: event - minor nit
Tom Gundersen [Mon, 26 Jan 2015 13:13:31 +0000 (14:13 +0100)]
udev: event - minor nit

Stay uniform and use 'dev' rather than 'event->dev', as these are aliases (and event->dev looks
like it may be a typo for event->dev_db).

6 years agoudev: event - introduce and use internal udev_device_shallow_clone()
Tom Gundersen [Mon, 26 Jan 2015 13:12:45 +0000 (14:12 +0100)]
udev: event - introduce and use internal udev_device_shallow_clone()

6 years agoudev: event - move renaming of udev_device to libudev
Tom Gundersen [Mon, 26 Jan 2015 12:33:00 +0000 (13:33 +0100)]
udev: event - move renaming of udev_device to libudev

This is not exposed in the public API. We want to simplify the internal libudev-device API as much as possible
so that it will be simpler to rip the whole thing out in the future.

6 years agotmpfiles: do not bump access times of directories we are cleaning up
Zbigniew Jędrzejewski-Szmek [Thu, 2 Jan 2014 05:02:31 +0000 (00:02 -0500)]
tmpfiles: do not bump access times of directories we are cleaning up

Both plain opendir() and glob() will bump access time. Privileged
option O_NOATIME can be used to prevent the access time from being
updated. We already used it for subdirectories of the directories
which we were cleaning up. But for the directories specified directly
in the config files, we wouldn't do that. This means that,
paradoxically, our own temporary directories for PrivateTmp would stay
around forever, as long as one let systemd-tmpfiles-clean.service run
regularly, because they had their own glob patterns specified.

6 years agotmpfiles: add debug statements for all actions
Zbigniew Jędrzejewski-Szmek [Sat, 24 Jan 2015 06:54:05 +0000 (01:54 -0500)]
tmpfiles: add debug statements for all actions

systemd-tmpfiles can be used by users, but it can be quite hard to
figure out the logic it follows, especially since the logic is in some
places rather torturous. Hopefuly this will make it easier for users
to understand what is happening.

6 years agopo: update Russian translation
Sergey Ptashnick [Fri, 23 Jan 2015 17:56:36 +0000 (20:56 +0300)]
po: update Russian translation

Add strings for importd.

6 years agocatalog,po: update Polish translation
Piotr Drąg [Thu, 22 Jan 2015 14:28:04 +0000 (15:28 +0100)]
catalog,po: update Polish translation

Patch updates Polish translation with new strings from, as well as incorporates updates in
catalog and po files to accommodate recent changes in the original
strings (commits 2e219e5672689dad60e110f0b3366765506c4c58 and

6 years agomachinectl: fix typo
Zbigniew Jędrzejewski-Szmek [Sun, 25 Jan 2015 02:07:27 +0000 (21:07 -0500)]
machinectl: fix typo

6 years agomount-setup: Do not bother with /proc/bus/usb
Cristian Rodríguez [Fri, 23 Jan 2015 16:25:30 +0000 (13:25 -0300)]
mount-setup: Do not bother with /proc/bus/usb

Current systemd requires kernel >= 3.7 per the README file
but CONFIG_USB_DEVICEFS disappeared from the kernel in
upstream commit fb28d58b72aa9215b26f1d5478462af394a4d253
(kernel 3.5-rc1)

6 years agobuild-sys: lookup for sulogin, it might not be in /sbin
Cristian Rodríguez [Fri, 23 Jan 2015 17:35:20 +0000 (14:35 -0300)]
build-sys: lookup for sulogin, it might not be in /sbin

6 years agoresolved: when rereading /etc/resolv.conf, always start using first DNS server again
Lennart Poettering [Fri, 23 Jan 2015 17:57:29 +0000 (18:57 +0100)]
resolved: when rereading /etc/resolv.conf, always start using first DNS server again

Previously we tried to stick to a DNS server as long as it is available.
When /etc/resolv.conf changed, and the old DNS server we used was still
in there we'd continue to use it, even if it was at the end of the list.

With this change we'll now always start with the first DNS server in the
list again.

Rationale: certain network managing implementations (notably
NetworkManager) when connected to a VPN place both the VPN DNS server as
well as the local DNS server in /etc/resolv.conf. If we used the local
one before we would thus continue to use the local one, making VPN names
unresolvable. NetworkManager really should be fixed to only place the
VPN DNS servers in the file, but with this commit things are at least
similarly bad as they used to be...

6 years ago#pragma once here and there
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 14:20:59 +0000 (09:20 -0500)]
#pragma once here and there

6 years agobuild-sys: fix build on compilers without static_assert
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 14:06:00 +0000 (09:06 -0500)]
build-sys: fix build on compilers without static_assert

Build would fail when assert was used on the same line in
different files #included together.

6 years agosystemctl: bugfix for systemctl reboot command with argument
Sangjung Woo [Fri, 23 Jan 2015 11:21:57 +0000 (20:21 +0900)]
systemctl: bugfix for systemctl reboot command with argument

According to systemctl man page, 'systemctl reboot [arg]' should work
without any errors. However, it does not work because of 'Invalid number
of arguments' error, except for 'reboot [arg]'. This patch fixes the bug
so that both of commands work in exactly the same way.

6 years agocore,shutdown: don't bother with unmounting any mounts below /sys, /proc, /dev when...
Lennart Poettering [Fri, 23 Jan 2015 12:44:44 +0000 (13:44 +0100)]
core,shutdown: don't bother with unmounting any mounts below /sys, /proc, /dev when shutting down

After all, mounts below these directories are pretty much guaranteed to
be virtual, and it's hence unnecessary to unmount them during shutdown.
Moreover, in less-priviliged containers we might lack the rights to
unmount them, hence don't even try.

6 years agomount-setup: /selinux, /cgroup, /dev/cgroup are sooo old, don't bother with them...
Lennart Poettering [Fri, 23 Jan 2015 12:44:27 +0000 (13:44 +0100)]
mount-setup: /selinux, /cgroup, /dev/cgroup are sooo old, don't bother with them anymore

6 years agotmpfiles: minor simplification
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 04:35:34 +0000 (23:35 -0500)]
tmpfiles: minor simplification

6 years agoman: bring tmpfiles.d(5) in line with code
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 04:32:19 +0000 (23:32 -0500)]
man: bring tmpfiles.d(5) in line with code

6 years agoupdate TODO
Lennart Poettering [Fri, 23 Jan 2015 01:59:58 +0000 (02:59 +0100)]
update TODO

6 years agosd-bus: fix typo
Lennart Poettering [Fri, 23 Jan 2015 01:59:30 +0000 (02:59 +0100)]
sd-bus: fix typo

6 years agocore: add a property that shows the current memory usage of a unit
Lennart Poettering [Fri, 23 Jan 2015 01:58:02 +0000 (02:58 +0100)]
core: add a property that shows the current memory usage of a unit

This is exposed the memory.usage_in_bytes cgroup property on the bus,
and makes "systemctl status" show it in its default output.

6 years agocgroup-show: remove duplicated check
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 01:03:58 +0000 (20:03 -0500)]
cgroup-show: remove duplicated check

After 3637713a20 it is not necessary anymore.

6 years agoupdate TODO
Lennart Poettering [Fri, 23 Jan 2015 00:44:14 +0000 (01:44 +0100)]
update TODO

6 years agonspawn: when mounting the cgroup hierarchies, use the exact same mount options for...
Lennart Poettering [Fri, 23 Jan 2015 00:43:16 +0000 (01:43 +0100)]
nspawn: when mounting the cgroup hierarchies, use the exact same mount options for the superblock as the host

Otherwise we'll generate kernel runtime warnings about non-matching
mount options.

6 years agonspawn: mount /tmp in the container, don't leave this to the container's init
Lennart Poettering [Fri, 23 Jan 2015 00:27:06 +0000 (01:27 +0100)]
nspawn: mount /tmp in the container, don't leave this to the container's init

We really want /tmp to be properly mounted, especially in containers
that lack CAP_SYS_ADMIN or that are not fully booted up and only get a
shell, hence let's do so in nspawn already.

6 years agonspawn: allow bind-mounting char and block files
Alban Crequy [Thu, 22 Jan 2015 15:47:07 +0000 (16:47 +0100)]
nspawn: allow bind-mounting char and block files

6 years agoupdate TODO
Lennart Poettering [Fri, 23 Jan 2015 00:20:16 +0000 (01:20 +0100)]
update TODO

6 years agoimportd: when listing transfers, show progress percentage
Lennart Poettering [Fri, 23 Jan 2015 00:16:31 +0000 (01:16 +0100)]
importd: when listing transfers, show progress percentage

With this change the pull protocol implementation processes will pass
progress data to importd which then passes this information on via the
bus. We use sd_notify() as generic transport for this communication,
making importd listen to them, while matching the incoming messages to
the right transfer.

6 years agoimportd: fix bus policy
Lennart Poettering [Fri, 23 Jan 2015 00:16:07 +0000 (01:16 +0100)]
importd: fix bus policy

6 years agomachinectl: fix handling of --verify= argument for dkr downloads
Lennart Poettering [Fri, 23 Jan 2015 00:15:08 +0000 (01:15 +0100)]
machinectl: fix handling of --verify= argument for dkr downloads

6 years agosd-bus: fix handling of double parameters in sd_bus_message_append()
Lennart Poettering [Fri, 23 Jan 2015 00:13:09 +0000 (01:13 +0100)]
sd-bus: fix handling of double parameters in sd_bus_message_append()

We really need to use va_arg() with the right type here as uint64_t and
double might have the same size, but are passed differently as

6 years agoimport: we need CAP_DAC_OVERRIDE for untarring systems after all
Lennart Poettering [Fri, 23 Jan 2015 00:12:10 +0000 (01:12 +0100)]
import: we need CAP_DAC_OVERRIDE for untarring systems after all

6 years agocore: zero size notify messages are OK
Lennart Poettering [Fri, 23 Jan 2015 00:11:46 +0000 (01:11 +0100)]
core: zero size notify messages are OK

6 years agotests: use assert_se instead of assert
Ronny Chevalier [Thu, 22 Jan 2015 21:53:42 +0000 (22:53 +0100)]
tests: use assert_se instead of assert

Otherwise they can be optimized away with -DNDEBUG

6 years agopo: update french translation
Sylvain Plantefève [Thu, 22 Jan 2015 20:51:46 +0000 (21:51 +0100)]
po: update french translation

6 years agocatalog: update french translation
Sylvain Plantefève [Thu, 22 Jan 2015 20:51:45 +0000 (21:51 +0100)]
catalog: update french translation

6 years agoman: fix typos
Ronny Chevalier [Sun, 18 Jan 2015 22:23:38 +0000 (23:23 +0100)]
man: fix typos

6 years agosd-dhcp-client: use RFC4361-complient ClientID by default
Tom Gundersen [Wed, 21 Jan 2015 23:53:16 +0000 (00:53 +0100)]
sd-dhcp-client: use RFC4361-complient ClientID by default

In addition to the benefits listed in the RFC, this allows DHCP to work also in
case several interfaces share the same MAC address on the same link (IPVLAN).

Note that this will make the ClientID (so probably the assigned IP address)
change on upgrades. If it is desired to avoid that we would have to remember and
write back the ID (which the library supports, but networkd currently does not).

6 years agodhcp-identifier: create IAID even if no udev device can be found
Tom Gundersen [Thu, 22 Jan 2015 20:18:30 +0000 (21:18 +0100)]
dhcp-identifier: create IAID even if no udev device can be found

This is useful for testing.

6 years agonetworkd: Introduce ip6gre and ip6gretap
Susant Sahani [Sun, 18 Jan 2015 17:54:24 +0000 (23:24 +0530)]
networkd: Introduce ip6gre and ip6gretap

This patch introduces ipv6 gre and gretap.





ip link

6: ip6gre@eno16777736: <POINTOPOINT,NOARP> mtu 1448 qdisc noop state
DOWN mode DEFAULT group default
    link/gre6 2a:00:ff:de:45:67:ed:de:00:00:00:00:00:00:49:87 peer

6 years agonetworkd: Introduce IP6 tunnel
Susant Sahani [Fri, 16 Jan 2015 19:09:10 +0000 (00:39 +0530)]
networkd: Introduce IP6 tunnel

This patch enables networkd to create IP6 tunnels

example conf:




23: ipip6-tunnel@wlan0: <POINTOPOINT,NOARP> mtu 1452 qdisc noop state
DOWN mode DEFAULT group default
    link/tunnel6 2a00:ffde:4567:edde::4987 peer 2001:473:fece:cafe::5179

6 years agonetworkd: introduce gretap
Susant Sahani [Sat, 20 Dec 2014 08:05:06 +0000 (13:35 +0530)]
networkd: introduce gretap

This patch introdeces gretap to networkd

6 years agoupdate TODO
Lennart Poettering [Thu, 22 Jan 2015 17:55:30 +0000 (18:55 +0100)]
update TODO

6 years agoimportd: run daemon at minimal capabilities
Lennart Poettering [Thu, 22 Jan 2015 17:55:08 +0000 (18:55 +0100)]
importd: run daemon at minimal capabilities

6 years agocgroup-show: don't hit assert, when the extra pids array is empty
Lennart Poettering [Thu, 22 Jan 2015 17:54:48 +0000 (18:54 +0100)]
cgroup-show: don't hit assert, when the extra pids array is empty

6 years agoimportd: fix path to download binary
Lennart Poettering [Thu, 22 Jan 2015 17:38:51 +0000 (18:38 +0100)]
importd: fix path to download binary

6 years agoimport: lock tar into its own private network namespace
Lennart Poettering [Thu, 22 Jan 2015 17:19:58 +0000 (18:19 +0100)]
import: lock tar into its own private network namespace

That way it cannot get access to the network

6 years agoimport: drop all capabilities when invoking tar
Lennart Poettering [Thu, 22 Jan 2015 17:12:31 +0000 (18:12 +0100)]
import: drop all capabilities when invoking tar

6 years agoupdate TODO
Lennart Poettering [Thu, 22 Jan 2015 16:50:26 +0000 (17:50 +0100)]
update TODO

6 years agoimport: only define the _to_string() enum mapping function, thus making gcc shut up
Lennart Poettering [Thu, 22 Jan 2015 16:49:28 +0000 (17:49 +0100)]
import: only define the _to_string() enum mapping function, thus making gcc shut up

6 years agoimport: now that the worker binary is called "systemd-pull" we can shorten the verbs
Lennart Poettering [Thu, 22 Jan 2015 16:38:10 +0000 (17:38 +0100)]
import: now that the worker binary is called "systemd-pull" we can shorten the verbs

Atfer all "systemd-pull pull-tar" is unnecessarily redundant, over
"systemd-pull tar"...

6 years agoimportd: try to minimize confusion by renaming "systemd-import" binary to "systemd...
Lennart Poettering [Thu, 22 Jan 2015 16:34:54 +0000 (17:34 +0100)]
importd: try to minimize confusion by renaming "systemd-import" binary to "systemd-pull"

This way "systemd-importd" is the daemon that uses "systemd-pull" as
backend worker.

6 years agomachinectl: when downloading an image, clarify that C-c will not cancel the download...
Lennart Poettering [Thu, 22 Jan 2015 16:31:59 +0000 (17:31 +0100)]
machinectl: when downloading an image, clarify that C-c will not cancel the download, but continue it in the background

6 years agomachinectl: minor simplification
Lennart Poettering [Thu, 22 Jan 2015 16:30:58 +0000 (17:30 +0100)]
machinectl: minor simplification

6 years agomachinectl: parse verify setting client-side
Lennart Poettering [Thu, 22 Jan 2015 16:30:40 +0000 (17:30 +0100)]
machinectl: parse verify setting client-side

6 years agoimportd: minor log improvements
Lennart Poettering [Thu, 22 Jan 2015 16:30:02 +0000 (17:30 +0100)]
importd: minor log improvements

6 years agoimport: make the user verficiation keyring override the vendor keyring, instead of...
Lennart Poettering [Thu, 22 Jan 2015 16:07:27 +0000 (17:07 +0100)]
import: make the user verficiation keyring override the vendor keyring, instead of extending it

This way the user has the ability to remove keys from the
vendor-supplied keyring if he intends so.

6 years agologind: fix sd_eviocrevoke ioctl call
Peter Hutterer [Thu, 22 Jan 2015 01:36:02 +0000 (11:36 +1000)]
logind: fix sd_eviocrevoke ioctl call

If the third argument is non-null, the kernel will always error out with
EINVAL and devices won't get revoked.

Reported-by: Benjamin Tissoires <>
Signed-off-by: Peter Hutterer <>
6 years agomachinectl: various minor updates to the --help text
Lennart Poettering [Thu, 22 Jan 2015 14:14:23 +0000 (15:14 +0100)]
machinectl: various minor updates to the --help text

6 years agoimport: rename --verify=sum to --verify=checksum
Lennart Poettering [Thu, 22 Jan 2015 14:13:53 +0000 (15:13 +0100)]
import: rename --verify=sum to --verify=checksum

This is how we call it internally, and also a bit more descriptive.

6 years agoman: document new download magic
Lennart Poettering [Thu, 22 Jan 2015 14:12:11 +0000 (15:12 +0100)]
man: document new download magic

6 years agoimport: add to
Piotr Drąg [Thu, 22 Jan 2015 13:56:45 +0000 (14:56 +0100)]
import: add to

6 years agokbd-model-map: add more mappings for Slovak, Lithuanian, and Khmer
Mindaugas Baranauskas [Thu, 22 Jan 2015 06:07:24 +0000 (01:07 -0500)]
kbd-model-map: add more mappings for Slovak, Lithuanian, and Khmer

6 years agoUse eurlatgr as the example console font
Marko Myllynen [Thu, 15 Jan 2015 12:44:17 +0000 (14:44 +0200)]
Use eurlatgr as the example console font