chiark / gitweb /
elogind.git
4 years agoimport: support downloading .xz compressed images
Lennart Poettering [Fri, 16 Jan 2015 17:42:17 +0000 (18:42 +0100)]
import: support downloading .xz compressed images

That way we can download fedora cloud raw images as-is and decompress
them on-the-fly.

4 years agobuild-sys: add libsystemd-fw where needed
Kay Sievers [Fri, 16 Jan 2015 14:35:42 +0000 (15:35 +0100)]
build-sys: add libsystemd-fw where needed

4 years agobuild-sys: add missing HAVE_LIBIPTC
Kay Sievers [Fri, 16 Jan 2015 14:16:05 +0000 (15:16 +0100)]
build-sys: add missing HAVE_LIBIPTC

4 years agohwbd: add click angle for the Logitech M325
Peter Hutterer [Fri, 16 Jan 2015 01:11:10 +0000 (11:11 +1000)]
hwbd: add click angle for the Logitech M325

This device has 18 stops per rotation == 20 degree angle. Advertised as
"Micro-precise scrolling"

4 years agoos-release: Add PRIVACY_POLICY_URL
Bastien Nocera [Tue, 13 Jan 2015 16:20:24 +0000 (17:20 +0100)]
os-release: Add PRIVACY_POLICY_URL

4 years agoLLDP: Support locally assigned port subtype
Susant Sahani [Thu, 15 Jan 2015 07:11:28 +0000 (12:41 +0530)]
LLDP: Support locally assigned port subtype

The Zyxel switch sends port subtype as Locally assigned (7).
Add LLDP_PORT_SUBTYPE_LOCALLY_ASSIGNED as supported type

reported by Mantas Mikulėnas <grawity@gmail.com>

4 years agoTODO: update
David Herrmann [Thu, 15 Jan 2015 13:09:36 +0000 (14:09 +0100)]
TODO: update

4 years agoudev: merge evdev_id into input_id
David Herrmann [Thu, 15 Jan 2015 11:40:38 +0000 (12:40 +0100)]
udev: merge evdev_id into input_id

There is no reason to keep both separated. We want to avoid API specific
tools and instead keep generic terms like 'input'.

4 years agoudev: fix NULL-ptr deref
David Herrmann [Thu, 15 Jan 2015 11:38:57 +0000 (12:38 +0100)]
udev: fix NULL-ptr deref

Make sure we properly validate the return value of
udev_device_get_sysattr_value(). It might be NULL for several reasons.

4 years agobus-proxyd: move synthesize_name_acquired()
Daniel Mack [Thu, 15 Jan 2015 13:10:28 +0000 (14:10 +0100)]
bus-proxyd: move synthesize_name_acquired()

Move synthesize_name_acquired() to synthesize.c.

4 years agobus-proxy: factor out code for driver handling and message synthesis
Daniel Mack [Thu, 15 Jan 2015 12:56:44 +0000 (13:56 +0100)]
bus-proxy: factor out code for driver handling and message synthesis

Move synthesize_*() into synthesize.c and bus_proxy_process_driver() into
driver.c for better code separation.

4 years agonspawn: fix log typos
Jonathan Boulle [Thu, 15 Jan 2015 07:19:30 +0000 (08:19 +0100)]
nspawn: fix log typos

4 years agohwdb: add MOUSE_WHEEL_CLICK_ANGLE as property
Peter Hutterer [Thu, 8 Jan 2015 23:51:40 +0000 (09:51 +1000)]
hwdb: add MOUSE_WHEEL_CLICK_ANGLE as property

Most mice have a wheel click angle of 15 degrees, i.e. 24 clicks per full
wheel rotation. Some mice, like the Logitech M325 have a larger angle. To
allow userspace to make use of that knowledge, add a property to the hwdb.

This allows for better predictive scrolling. e.g. a mouse that has a smaller
click angle will scroll faster, with this value you can accommodate this
where needed. Likewise, using "half turn of the wheel" or "full turn of the
wheel" as a UI element becomes possible.

This addition is mainly driven by libinput 0.8, having the angle enables
libinput to provide an API that distinguishes between a physical distance
(like touchpad scrolling does) and discrete steps (wheel clicks).
Callers can choose what they prefer based on the device.

4 years agoupdate TODO
Lennart Poettering [Thu, 15 Jan 2015 00:44:03 +0000 (01:44 +0100)]
update TODO

4 years agonspawn,machined: change default container image location from /var/lib/container...
Lennart Poettering [Thu, 15 Jan 2015 00:40:02 +0000 (01:40 +0100)]
nspawn,machined: change default container image location from /var/lib/container to /var/lib/machines

Given that this is also the place to store raw disk images which are
very much bootable with qemu/kvm it sounds like a misnomer to call the
directory "container". Hence, let's change this sooner rather than
later, and use the generic name, in particular since we otherwise try to
use the generic "machine" preferably over the more specific "container"
or "vm".

4 years agoimport: rename "gpt" disk image type to "raw"
Lennart Poettering [Thu, 15 Jan 2015 00:03:33 +0000 (01:03 +0100)]
import: rename "gpt" disk image type to "raw"

After all, nspawn can now dissect MBR partition levels, too, hence
".gpt" appears a misnomer. Moreover, the the .raw suffix for these files
is already pretty popular (the Fedora disk images use it for example),
hence sounds like an OK scheme to adopt.

4 years agofix zsh completion typo
Moez Bouhlel [Wed, 14 Jan 2015 14:33:32 +0000 (14:33 +0000)]
fix zsh completion typo

json-see => json-sse

4 years agotest-path: do not skip tests if we are not root
Ronny Chevalier [Wed, 14 Jan 2015 23:07:15 +0000 (00:07 +0100)]
test-path: do not skip tests if we are not root

We can properly run the tests without being root

4 years agotest-exec: do not skip all the tests
Ronny Chevalier [Wed, 14 Jan 2015 23:07:11 +0000 (00:07 +0100)]
test-exec: do not skip all the tests

Only 5 tests cannot be executed if we are not root, so just skip them
but not the whole set.

4 years agospawn: downgrade loopback detach errors to debug
Lennart Poettering [Wed, 14 Jan 2015 23:51:54 +0000 (00:51 +0100)]
spawn: downgrade loopback detach errors to debug

Sometimes udev or some other background daemon might keep the loopback
devices busy while we already want to detach them. Downgrade the warning
about it.

Given that we use autodetach downgrading these messages should be with
little risk.

4 years agonspawn: add support for limited dissecting of MBR disk images with nspawn
Lennart Poettering [Wed, 14 Jan 2015 23:47:10 +0000 (00:47 +0100)]
nspawn: add support for limited dissecting of MBR disk images with nspawn

With this change nspawn's -i switch now can now make sense of MBR disk
images too - however only if there's only a single, bootable partition
of type 0x83 on the image. For all other cases we cannot really make
sense from the partition table alone.

The big benefit of this change is that upstream Fedora Cloud Images can
now be booted unmodified with systemd-nspawn:

 # wget http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz
 # unxz Fedora-Cloud-Base-20141203-21.x86_64.raw.xz
 # systemd-nspawn -i Fedora-Cloud-Base-20141203-21.x86_64.raw -b

Next stop: teach the import logic to automatically download these
images, uncompress and verify them.

4 years agonspawn: pass the container's init PID out via sd_notify()
Lennart Poettering [Wed, 14 Jan 2015 22:29:01 +0000 (23:29 +0100)]
nspawn: pass the container's init PID out via sd_notify()

This is useful for nspawn managers that want to learn when nspawn is
finished with initialiuzation, as well what the PID of the init system
in the container is.

4 years agoupdate TODO
Lennart Poettering [Wed, 14 Jan 2015 22:18:24 +0000 (23:18 +0100)]
update TODO

4 years agonspawn: fix an incorrect assert comparison
Lennart Poettering [Wed, 14 Jan 2015 22:17:07 +0000 (23:17 +0100)]
nspawn: fix an incorrect assert comparison

4 years agologinctl: fix misuse compound literals
Lennart Poettering [Wed, 14 Jan 2015 22:16:28 +0000 (23:16 +0100)]
loginctl: fix misuse compound literals

The lifetime of compound literals is bound to the local scope, we hence
cannot refernce them outside of it.

4 years agosd-bus: tell Coverity that it's OK not to care for return values in some cases
Lennart Poettering [Wed, 14 Jan 2015 22:16:11 +0000 (23:16 +0100)]
sd-bus: tell Coverity that it's OK not to care for return values in some cases

4 years agonspawn: add file system locks for controlling access to container images
Lennart Poettering [Wed, 14 Jan 2015 22:09:02 +0000 (23:09 +0100)]
nspawn: add file system locks for controlling access to container images

This adds three kinds of file system locks for container images:

a) a file system lock next to the actual image, in a .lck file in the
   same directory the image is located. This lock has the benefit of
   usually being located on the same NFS share as the image itself, and
   thus allows locking container images across NFS shares.

b) a file system lock in /run, named after st_dev and st_ino of the
   root of the image. This lock has the advantage that it is unique even
   if the same image is bind mounted to two different places at the same
   time, as the ino/dev stays constant for them.

c) a file system lock that is only taken when a new disk image is about
   to be created, that ensures that checking whether the name is already
   used across the search path, and actually placing the image is not
   interrupted by other code taking the name.

a + b are read-write locks. When a container is booted in read-only mode
a read lock is taken, otherwise a write lock.

Lock b is always taken after a, to avoid ABBA problems.

Lock c is mostly relevant when renaming or cloning images.

4 years agosysv-generator: always use fstatat() if we can
Lennart Poettering [Wed, 14 Jan 2015 21:37:56 +0000 (22:37 +0100)]
sysv-generator: always use fstatat() if we can

4 years agosysv-generator: fix memory leak on failure
Lennart Poettering [Wed, 14 Jan 2015 21:31:03 +0000 (22:31 +0100)]
sysv-generator: fix memory leak on failure

This fixes a memory leak introduced by
1ed0c19f81fd13cdf283c6def0168ce122a853a9

4 years agomachinectl: fix minor memory leak
Lennart Poettering [Wed, 14 Jan 2015 21:30:43 +0000 (22:30 +0100)]
machinectl: fix minor memory leak

4 years agopty: minor modernization
Lennart Poettering [Wed, 14 Jan 2015 01:22:27 +0000 (02:22 +0100)]
pty: minor modernization

We initialize structs during declartion if possible

4 years agomachined: use the FS_IMMUTABLE_FL file flag, if available, to implement a "read-only...
Lennart Poettering [Wed, 14 Jan 2015 01:21:51 +0000 (02:21 +0100)]
machined: use the FS_IMMUTABLE_FL file flag, if available, to implement a "read-only" concept for raw disk images, too

4 years agoutil: the chattr flags field is actually unsigned, judging by kernel sources
Lennart Poettering [Wed, 14 Jan 2015 01:04:17 +0000 (02:04 +0100)]
util: the chattr flags field is actually unsigned, judging by kernel sources

Unlike some client code suggests...

4 years agoptyfw: add missing error check
Lennart Poettering [Wed, 14 Jan 2015 01:01:42 +0000 (02:01 +0100)]
ptyfw: add missing error check

4 years agonspawn: remove the right propagation directory
Lennart Poettering [Wed, 14 Jan 2015 01:01:11 +0000 (02:01 +0100)]
nspawn: remove the right propagation directory

4 years agotest: hashmap_put behaviour for equal keys
Martin Pitt [Sat, 13 Dec 2014 03:22:28 +0000 (04:22 +0100)]
test: hashmap_put behaviour for equal keys

Check string ops hashmap_put() for keys with a different pointer but the same
value.

4 years agoman: remove "nofail" from systemd.swap(5)
Zbigniew Jędrzejewski-Szmek [Wed, 14 Jan 2015 01:05:42 +0000 (20:05 -0500)]
man: remove "nofail" from systemd.swap(5)

As suggested by Marcos Felipe Rasia de Mello <marcosfrm@gmail.com>.

4 years agomachinectl: use GNU basename, not the XPG version
Cristian Rodríguez [Sun, 11 Jan 2015 17:50:15 +0000 (14:50 -0300)]
machinectl: use GNU basename, not the XPG version

4 years agorefcnt: refcnt is unsigned, fix comparisons
Tom Gundersen [Tue, 13 Jan 2015 22:03:11 +0000 (23:03 +0100)]
refcnt: refcnt is unsigned, fix comparisons

This does not make a difference, but the code was confusing.

4 years agonspawn: --help typo fix
Lennart Poettering [Tue, 13 Jan 2015 19:59:07 +0000 (20:59 +0100)]
nspawn: --help typo fix

4 years agoupdate TODO
Lennart Poettering [Tue, 13 Jan 2015 19:07:54 +0000 (20:07 +0100)]
update TODO

4 years agonetworkd: propagate IPFoward= per-interface setting also to /proc/sys/net/ipv4/ip_forward
Lennart Poettering [Tue, 13 Jan 2015 19:50:46 +0000 (20:50 +0100)]
networkd: propagate IPFoward= per-interface setting also to /proc/sys/net/ipv4/ip_forward

We need to turn on /proc/sys/net/ipv4/ip_forward before the
per-interface forwarding setting is useful, hence let's propagate the
per-interface setting once to the system-wide setting.

Due to the unclear ownership rules of that flag, and the fact that
turning it on also has effects on other sysctl flags we try to minimize
changes to the flag, and only turn it on once. There's no logic to
turning it off again, but this should be fairly unproblematic as the
per-interface setting defaults to off anyway.

4 years agoudev: make use of new one_zero() helper where appropriate
Lennart Poettering [Tue, 13 Jan 2015 19:16:39 +0000 (20:16 +0100)]
udev: make use of new one_zero() helper where appropriate

4 years agonetworkd: make IP forwarding for IPv4 and IPv6 individually configurable
Lennart Poettering [Tue, 13 Jan 2015 19:07:13 +0000 (20:07 +0100)]
networkd: make IP forwarding for IPv4 and IPv6 individually configurable

4 years agonetwork: IPMasquerade= implies IPForward=, hence remove it
Lennart Poettering [Tue, 13 Jan 2015 19:03:44 +0000 (20:03 +0100)]
network: IPMasquerade= implies IPForward=, hence remove it

4 years agonetworkd: rename misnamed boolean
Lennart Poettering [Tue, 13 Jan 2015 18:56:13 +0000 (19:56 +0100)]
networkd: rename misnamed boolean

4 years agonetworkd: introduce an AddressFamilyBoolean enum type
Lennart Poettering [Tue, 13 Jan 2015 18:48:19 +0000 (19:48 +0100)]
networkd: introduce an AddressFamilyBoolean enum type

This introduces am AddressFamilyBoolean type that works more or less
like a booleaan, but can optionally turn on/off things for ipv4 and ipv6
independently. THis also ports the DHCP field over to it.

4 years agojournald: allow zero length datagrams again
Lennart Poettering [Tue, 13 Jan 2015 18:43:16 +0000 (19:43 +0100)]
journald: allow zero length datagrams again

This undoes a small part of 13790add4bf648fed816361794d8277a75253410
which was erroneously added, given that zero length datagrams are OK,
and hence zero length reads on a SOCK_DGRAM be no means mean EOF.

4 years agonspawn: add "-n" shortcut for "--network-veth"
Lennart Poettering [Tue, 13 Jan 2015 18:42:02 +0000 (19:42 +0100)]
nspawn: add "-n" shortcut for "--network-veth"

Now that networkd's IP masquerading support means that running
containers with "--network-veth" will provide network access out of the
box for the container, let's add a shortcut "-n" for it, to make it
easily accessible.

4 years agodoc: add cross-references between systemd.{link, netdev, network}
Jan Engelhardt [Mon, 12 Jan 2015 19:43:14 +0000 (20:43 +0100)]
doc: add cross-references between systemd.{link, netdev, network}

4 years agodoc: network - add comment about default prefix size
Tom Gundersen [Tue, 13 Jan 2015 17:23:53 +0000 (18:23 +0100)]
doc: network - add comment about default prefix size

Should hopefully make it clear that this is not some magic value, just the default we picked.

Suggested by Jan Engelhardt.

4 years agofw-util: fix errno typo for !HAVE_LIBIPTC
Daniel Mack [Tue, 13 Jan 2015 14:50:15 +0000 (15:50 +0100)]
fw-util: fix errno typo for !HAVE_LIBIPTC

4 years agoTODO: DHCPv6 Information Request has been implemented
Patrik Flykt [Tue, 13 Jan 2015 12:27:48 +0000 (14:27 +0200)]
TODO: DHCPv6 Information Request has been implemented

4 years agoupdate TODO
Lennart Poettering [Tue, 13 Jan 2015 12:54:19 +0000 (13:54 +0100)]
update TODO

4 years agomachined: refuse certain operation on non-container machines, since they cannot work...
Lennart Poettering [Tue, 13 Jan 2015 12:53:32 +0000 (13:53 +0100)]
machined: refuse certain operation on non-container machines, since they cannot work elsewhere

4 years agoimport: make sure we don't mangle file ownerships with the local passwd database...
Lennart Poettering [Tue, 13 Jan 2015 12:52:49 +0000 (13:52 +0100)]
import: make sure we don't mangle file ownerships with the local passwd database when untarring

4 years agonspawn: add new option "--port=" for exposing container ports on the local host
Lennart Poettering [Tue, 13 Jan 2015 12:51:51 +0000 (13:51 +0100)]
nspawn: add new option "--port=" for exposing container ports on the local host

This exposes an IP port on the container as local port using DNAT.

4 years agonetworkd: add minimal IP forwarding and masquerading support to .network files
Lennart Poettering [Tue, 13 Jan 2015 12:47:08 +0000 (13:47 +0100)]
networkd: add minimal IP forwarding and masquerading support to .network files

This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.

This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.

4 years agoshared: add minimal firewall manipulation helpers for establishing NAT rules, using...
Lennart Poettering [Tue, 13 Jan 2015 12:44:30 +0000 (13:44 +0100)]
shared: add minimal firewall manipulation helpers for establishing NAT rules, using libiptc

4 years agocore: Fix EACCES check for OOM adjustments
Martin Pitt [Tue, 13 Jan 2015 06:06:31 +0000 (07:06 +0100)]
core: Fix EACCES check for OOM adjustments

Commit 3bd5c3 added a check for EACCES, but missed the minus sign.

4 years agoRemove some fixed items from TODO
Zbigniew Jędrzejewski-Szmek [Tue, 13 Jan 2015 00:15:02 +0000 (19:15 -0500)]
Remove some fixed items from TODO

4 years agozsh-completion: add missing completions for systemd-tmpfiles
Ronny Chevalier [Mon, 12 Jan 2015 21:19:34 +0000 (22:19 +0100)]
zsh-completion: add missing completions for systemd-tmpfiles

4 years agozsh-completion: add missing completions for systemd-run
Ronny Chevalier [Mon, 12 Jan 2015 21:09:29 +0000 (22:09 +0100)]
zsh-completion: add missing completions for systemd-run

4 years agozsh-completion: add missing completions for systemd-analyze
Ronny Chevalier [Mon, 12 Jan 2015 20:43:45 +0000 (21:43 +0100)]
zsh-completion: add missing completions for systemd-analyze

4 years agozsh-completion: add missing -M completion for timedatectl
Ronny Chevalier [Mon, 12 Jan 2015 20:31:45 +0000 (21:31 +0100)]
zsh-completion: add missing -M completion for timedatectl

4 years agozsh-completion: add missing completions for coredumpctl
Ronny Chevalier [Mon, 12 Jan 2015 20:26:27 +0000 (21:26 +0100)]
zsh-completion: add missing completions for coredumpctl

4 years agoTODO: update
David Herrmann [Mon, 12 Jan 2015 17:25:11 +0000 (18:25 +0100)]
TODO: update

4 years agoudev: link_config - modernize a bit and fix leakes
Tom Gundersen [Sat, 10 Jan 2015 00:11:54 +0000 (01:11 +0100)]
udev: link_config - modernize a bit and fix leakes

Not all of the link_config struct was getting freed.

4 years agonetwork-intenal: user _cleanup_ macro in parse_ifname
Tom Gundersen [Fri, 9 Jan 2015 23:33:46 +0000 (00:33 +0100)]
network-intenal: user _cleanup_ macro in parse_ifname

4 years agocore/mount: remove "fail" again
Zbigniew Jędrzejewski-Szmek [Mon, 12 Jan 2015 17:14:59 +0000 (12:14 -0500)]
core/mount: remove "fail" again

deb6120920 'man: there's actually no "fail" fstab option, but only
"nofail" removed it from our documentation, which I missed.
fstab(5) only mentions "auto", "noauto", and "nofail". Stick to
those three.

4 years agosd-bus: sync kdbus.h (API break)
Daniel Mack [Mon, 12 Jan 2015 17:15:18 +0000 (18:15 +0100)]
sd-bus: sync kdbus.h (API break)

Just a simple variable rename, and a dropped flag that sd-bus didn't make
use of.

4 years agocore/mount: use isempty() to check for empty strings
Daniel Mack [Mon, 12 Jan 2015 12:46:39 +0000 (13:46 +0100)]
core/mount: use isempty() to check for empty strings

strempty() will return an empty string in case the input parameter is
a NULL pointer. The correct test to check for an empty string is
isempty(), so use that instead.

This fixes a regression from commit 17a1c59 ("core/mount: filter out
noauto,auto,nofail,fail options").

4 years agoudev: Add builtin/rule to export evdev information as udev properties
Carlos Garnacho [Sun, 11 Jan 2015 19:47:19 +0000 (20:47 +0100)]
udev: Add builtin/rule to export evdev information as udev properties

This rule is only run on tablet/touchscreen devices, and extracts their size
in millimeters, as it can be found out through their struct input_absinfo.

The first usecase is exporting device size from tablets/touchscreens. This
may be useful to separate policy and application at the time of mapping
these devices to the available outputs in windowing environments that don't
offer that information as readily (eg. Wayland). This way the compositor can
stay deterministic, and the mix-and-match heuristics are performed outside.

Conceivably, size/resolution information can be changed through EVIOCSABS
anywhere else, but we're only interested in values prior to any calibration,
this rule is thus only run on "add", and no tracking of changes is performed.
This should only remain a problem if calibration were automatically applied
by an earlier udev rule (read: don't).

  v2: Folded rationale into commit log, made a builtin, set properties
      on device nodes themselves
  v3: Use inline function instead of macro for mm. size calculation,
      use DECIMAL_STR_MAX, other code style issues
  v4: Made rule more selective
  v5: Minor style issues, renamed to a more generic builtin, refined
      rule further.

4 years agocatalog: add pt_BR translation
Rafael Ferreira [Sun, 11 Jan 2015 23:11:42 +0000 (18:11 -0500)]
catalog: add pt_BR translation

https://bugs.freedesktop.org/show_bug.cgi?id=88271

4 years agopo: add Brazilian Portuguese translation
Rafael Ferreira [Sat, 10 Jan 2015 15:33:13 +0000 (13:33 -0200)]
po: add Brazilian Portuguese translation

https://bugs.freedesktop.org/show_bug.cgi?id=88271

4 years agofstab-util: fix priority parsing and add test
Zbigniew Jędrzejewski-Szmek [Mon, 12 Jan 2015 04:40:46 +0000 (23:40 -0500)]
fstab-util: fix priority parsing and add test

4 years agoshared/util: respect buffer boundary on incomplete escape sequences
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 22:21:17 +0000 (17:21 -0500)]
shared/util: respect buffer boundary on incomplete escape sequences

cunescape_length_with_prefix() is called with the length as an
argument, so it cannot rely on the buffer being NUL terminated.
Move the length check before accessing the memory.

When an incomplete escape sequence was given at the end of the
buffer, c_l_w_p() would read past the end of the buffer. Fix this
and add a test.

4 years agocore/load-fragment: avoid allocating 0 bytes when given an invalid command
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 21:57:02 +0000 (16:57 -0500)]
core/load-fragment: avoid allocating 0 bytes when given an invalid command

With a command line like "@/something" we would allocate an array with
0 elements. Avoid that, and add a test too.

4 years agotest-unit-file: don't access out-of-bounds memory
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 21:52:50 +0000 (16:52 -0500)]
test-unit-file: don't access out-of-bounds memory

Fixes an error introduced by me when the test was added.

4 years agocore/mount: filter out noauto,auto,nofail,fail options
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 05:27:37 +0000 (00:27 -0500)]
core/mount: filter out noauto,auto,nofail,fail options

We passed the full option string from fstab to /bin/mount. It would in
turn pass the full option string to its helper, if it needed to invoke
one. Some helpers would ignore things like "nofail", but others would
be confused. We could try to get all helpers to ignore those
"meta-options", but it seems better to simply filter them out.

In our model, /bin/mount simply has no business in knowing whether the
mount was configured as fail or nofail, auto or noauto, in the
fstab. If systemd tells invokes a command to mount something, and it
fails, it should always return an error. It seems cleaner to filter
out the option, since then there's no doubt how the command should
behave.

https://bugzilla.redhat.com/show_bug.cgi?id=1177823

4 years agoSupport negated fstab options
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 05:04:00 +0000 (00:04 -0500)]
Support negated fstab options

We would ignore options like "fail" and "auto", and for any option
which takes a value the first assignment would win. Repeated and
options equivalent to the default are rarely used, but they have been
documented forever, and people might use them. Especially on the
kernel command line it is easier to append a repeated or negated
option at the end.

4 years agocryptsetup-generator: remove duplicated function
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 04:06:52 +0000 (23:06 -0500)]
cryptsetup-generator: remove duplicated function

4 years agofstab-util: detect out-of-range pri= assignments
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 03:59:44 +0000 (22:59 -0500)]
fstab-util: detect out-of-range pri= assignments

We would silently ignore them. One would have to be crazy
to do assign an out of range value, but simply ignoring it
bothers me.

4 years ago.gitignore: add new tests and sort tests alphabetically
Zbigniew Jędrzejewski-Szmek [Sun, 11 Jan 2015 22:35:31 +0000 (17:35 -0500)]
.gitignore: add new tests and sort tests alphabetically

4 years agoAdd new function to filter fstab options
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 21:58:29 +0000 (16:58 -0500)]
Add new function to filter fstab options

This fixes parsing of options in shared/generator.c. Existing code
had some issues:

- it would treate whitespace and semicolons as seperators. fstab(5)
  is pretty clear that only commas matter. And the syntax does
  not allow for spaces to be inserted in the field in fstab.
  Whitespace might be escaped, but then it should not seperate
  options. Treat whitespace and semicolons as any other character.
- it assumed that x-systemd.device-timeout would always be followed
  by "=". But this is not guaranteed, hasmntopt will return this
  option even if there's no value. Uninitialized memory could be read.
- some error paths would log, and inconsistently, some would just
  return an error code.

Filtering is split out to a separate function and tests are added.

Similar code paths in other places are adjusted to use the new function.

4 years agonetwork: apply static addresses in specified order
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 18:34:37 +0000 (13:34 -0500)]
network: apply static addresses in specified order

https://bugs.freedesktop.org/show_bug.cgi?id=83270

4 years agoshared/list: add LIST_APPEND
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 18:34:01 +0000 (13:34 -0500)]
shared/list: add LIST_APPEND

4 years agopath-lookup: allow /run to override /etc in generator search
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 04:34:21 +0000 (23:34 -0500)]
path-lookup: allow /run to override /etc in generator search

Generators are different than unit files: they are never automatically
generated, so there's no point in allowing /etc to override /run. On
the other hand, overriding /etc might be useful in some cases.

4 years agotest-path-lookup: add simple test for path lookup functions
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 04:29:33 +0000 (23:29 -0500)]
test-path-lookup: add simple test for path lookup functions

4 years agotest-util: make sure that masking and overriding works
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 02:21:12 +0000 (21:21 -0500)]
test-util: make sure that masking and overriding works

4 years agoImplement masking and overriding of generators
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 01:47:25 +0000 (20:47 -0500)]
Implement masking and overriding of generators

Sometimes it is necessary to stop a generator from running. Either
because of a bug, or for testing, or some other reason. The only way
to do that would be to rename or chmod the generator binary, which is
inconvenient and does not survive upgrades. Allow masking and
overriding generators similarly to units and other configuration
files.

For the systemd instance, masking would be more common, rather than
overriding generators. For the user instances, it may also be useful
for users to have generators in $XDG_CONFIG_HOME to augment or
override system-wide generators.

Directories are searched according to the usual scheme (/usr/lib,
/usr/local/lib, /run, /etc), and files with the same name in higher
priority directories override files with the same name in lower
priority directories. Empty files and links to /dev/null mask a given
name.

https://bugs.freedesktop.org/show_bug.cgi?id=87230

4 years agoSimplify execute_directory()
Zbigniew Jędrzejewski-Szmek [Thu, 8 Jan 2015 22:30:07 +0000 (17:30 -0500)]
Simplify execute_directory()

Remove the optional sepearate opening of the directory,
it would be just too complicated with the change to
multiple directories.

Move the middle of execute_directory() to a seperate
function to make it easier to grok.

4 years agobus-proxy: implement 'at_console'
David Herrmann [Sun, 11 Jan 2015 16:23:24 +0000 (17:23 +0100)]
bus-proxy: implement 'at_console'

The 'at_console' policy-category allows to apply policy-items to clients
depending on whether they're run from within a valid user-session or not.
We use sd_uid_get_seats() to check whether a user has a valid seat (which
excludes remote-sessions like ssh).

4 years agobus-proxy: print message direction in policy logs
David Herrmann [Sun, 11 Jan 2015 14:27:18 +0000 (15:27 +0100)]
bus-proxy: print message direction in policy logs

Make sure to print "dbus-1 to kernel" or "kernel to dbus-1" in policy logs
to better diagnose the situation.

4 years agobus-proxy: fix receiver policy on dbus-1 to kdbus signals
David Herrmann [Sun, 11 Jan 2015 14:14:14 +0000 (15:14 +0100)]
bus-proxy: fix receiver policy on dbus-1 to kdbus signals

If a dbus-1 client sends a broadcasted signal via the bus-proxy to kdbus,
the bus-proxy has no idea who the receiver is. Classic dbus-daemon has
bus-access and can perform policy checks for each receiver, but we cant.
Instead, we know the kernel will perform receiver policy checks for
broadcasts, so we can skip the policy check and just push it into the
kernel.

This fixes wpa_supplicant which has DENY rules on receive_type=signal for
non-root. As we never know the target, we always DENY all broadcasts from
wpa_supplicant.

Note that will still perform receiver-policy checks for signals that we
get from the kernel back to us. In those cases, we know the receiver
(which is us).

4 years agobus-proxy: fix swapped path/interface debug messages
David Herrmann [Sun, 11 Jan 2015 13:54:33 +0000 (14:54 +0100)]
bus-proxy: fix swapped path/interface debug messages

The policy debug messages swapped "path=" and "interface=", fix this.

4 years agobus-proxy: fix policy for expected/non-expected reply tags
David Herrmann [Sun, 11 Jan 2015 13:13:19 +0000 (14:13 +0100)]
bus-proxy: fix policy for expected/non-expected reply tags

dbus-1 distinguishes expected and non-expected replies. An expected reply
is a reply that is sent as answer to a previously forwarded method-call
before the timeout fires. Those replies are, by default, forwarded and
DENY policy tags are ignored on them (unless explicitly stated otherwise).

We don't track reply-windows in the bus-proxy as the kernel already does
this. Furthermore, the kernel prohibits any non-expected replies (which
breaks dbus-1, but it was an odd feature, anyway).

Therefore, skip policy checks on replies and always let the kernel deal
with it!

To be correct, we should still process DENY tags marked as
send_expected_reply=true (which is *NOT* the default!). However, so far we
don't parse those attributes, and no-one really uses it, so lets not
implement it for now. It's marked as TODO if anyone feels like fixing it.

4 years agolog: fix log_full_errno() with custom facilities
David Herrmann [Sun, 11 Jan 2015 02:13:46 +0000 (03:13 +0100)]
log: fix log_full_errno() with custom facilities

Make sure to extract the log-priority when comparing against
max-log-level, otherwise, we will always drop those messages.

This fixes bus-proxyd to properly send warnings on policy blocks.

4 years agobuild-sys: fix link-order and avoid "label" functions in libsystemd-shared
Kay Sievers [Sat, 10 Jan 2015 23:25:31 +0000 (00:25 +0100)]
build-sys: fix link-order and avoid "label" functions in libsystemd-shared

4 years agokdbus.h: update
Kay Sievers [Sat, 10 Jan 2015 03:16:18 +0000 (04:16 +0100)]
kdbus.h: update