chiark / gitweb /
elogind.git
5 years agocore: don't include /boot in effect of ProtectSystem=
Lennart Poettering [Thu, 5 Jun 2014 08:03:26 +0000 (10:03 +0200)]
core: don't include /boot in effect of ProtectSystem=

This would otherwise unconditionally trigger any /boot autofs mount,
which we probably should avoid.

ProtectSystem= will now only cover /usr and (optionally) /etc, both of
which cannot be autofs anyway.

ProtectHome will continue to cover /run/user and /home. The former
cannot be autofs either. /home could be, however is frequently enough
used (unlikey /boot) so that it isn't too problematic to simply trigger
it unconditionally via ProtectHome=.

5 years agosocket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system
Lennart Poettering [Thu, 5 Jun 2014 07:55:53 +0000 (09:55 +0200)]
socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system

This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.

5 years agocore: make sure we properly parse ProtectHome= and ProtectSystem=
Lennart Poettering [Wed, 4 Jun 2014 21:03:37 +0000 (23:03 +0200)]
core: make sure we properly parse ProtectHome= and ProtectSystem=

5 years agoycm: update flag blacklist
Dave Reisner [Wed, 4 Jun 2014 19:03:08 +0000 (15:03 -0400)]
ycm: update flag blacklist

-Wdate-time isn't known to clang, and it seems to cause errors in
syntastic.

5 years agonetworkd: link - intialize mac address
Tom Gundersen [Wed, 4 Jun 2014 19:29:08 +0000 (21:29 +0200)]
networkd: link - intialize mac address

Otherwise .netwrok matching on MAC address will not work.

Based on patch by Dave Reisner, and bug originally reported by Max Pray.

5 years agoupdate TODO
Lennart Poettering [Wed, 4 Jun 2014 16:58:05 +0000 (18:58 +0200)]
update TODO

5 years agocore: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mountin...
Lennart Poettering [Wed, 4 Jun 2014 16:07:55 +0000 (18:07 +0200)]
core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only

Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.

With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.

5 years agohwdb: fix case-sensitive match
Kay Sievers [Wed, 4 Jun 2014 15:55:14 +0000 (17:55 +0200)]
hwdb: fix case-sensitive match

5 years agobuild-sys: accommodate gcc-4.9.0 link-time optimization (LTO) changes
John [Wed, 4 Jun 2014 15:45:42 +0000 (17:45 +0200)]
build-sys: accommodate gcc-4.9.0 link-time optimization (LTO) changes

systemd fails to build (symbols not found/resolved during cgls link step)
under gcc-4.9.0 due to link-time optimization (lto) changes, in particular
from gcc-4.9.0/NEWS:

  + When using a linker plugin, compiling with the -flto option
    now generates slim objects files (.o) which only contain
    intermediate language representation for LTO. Use
    -ffat-lto-objects to create files which contain additionally
    the object code. To generate static libraries suitable for LTO
    processing, use gcc-ar and gcc-ranlib; to list symbols from a
    slim object file use gcc-nm. (Requires that ar, ranlib and nm
    have been compiled with plugin support.)

Both -flto and -ffat-lto-objects are now needed when building and linking
against static libs w/LTO.

5 years agoupdate TODO
Lennart Poettering [Wed, 4 Jun 2014 15:31:31 +0000 (17:31 +0200)]
update TODO

5 years agocore: provide /dev/ptmx as symlink in PrivateDevices= execution environments
Lennart Poettering [Wed, 4 Jun 2014 15:21:18 +0000 (17:21 +0200)]
core: provide /dev/ptmx as symlink in PrivateDevices= execution environments

5 years agocore: make sure PrivateDevices= makes /dev/log available
Lennart Poettering [Wed, 4 Jun 2014 14:59:13 +0000 (16:59 +0200)]
core: make sure PrivateDevices= makes /dev/log available

Now that we moved the actual syslog socket to
/run/systemd/journal/dev-log we can actually make /dev/log a symlink to
it, when PrivateDevices= is used, thus making syslog available to
services using PrivateDevices=.

5 years agoinitctl: move /dev/initctl fifo into /run, replace it by symlink
Lennart Poettering [Wed, 4 Jun 2014 14:53:15 +0000 (16:53 +0200)]
initctl: move /dev/initctl fifo into /run, replace it by symlink

With this change we have no fifos/sockets remaining in /dev.

5 years agojournald: move /dev/log socket to /run
Lennart Poettering [Wed, 4 Jun 2014 14:37:02 +0000 (16:37 +0200)]
journald: move /dev/log socket to /run

This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.

5 years agoudev: guard REREADPT by exclusive lock instead of O_EXCL
Kay Sievers [Wed, 4 Jun 2014 14:21:19 +0000 (16:21 +0200)]
udev: guard REREADPT by exclusive lock instead of O_EXCL

5 years agosocket: add new Symlinks= option for socket units
Lennart Poettering [Wed, 4 Jun 2014 14:19:00 +0000 (16:19 +0200)]
socket: add new Symlinks= option for socket units

With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO
nodes in the file system, with the same lifecycle as the socket itself.

This has two benefits: first, this allows us to remove /dev/log and
/dev/initctl from /dev, thus leaving only symlinks, device nodes and
directories in the /dev tree. More importantly however, this allows us
to move /dev/log out of /dev, while still making it accessible there, so
that PrivateDevices= can provide /dev/log too.

5 years agoudev: make sure we always get "change" for the disk
Kay Sievers [Wed, 4 Jun 2014 13:17:15 +0000 (15:17 +0200)]
udev: make sure we always get "change" for the disk

The kernel will return 0 for REREADPT when no partition table
is found, we have to send out "change" ourselves.

5 years agoudev: guard REREADP logic with open(O_ECXL)
Kay Sievers [Wed, 4 Jun 2014 12:09:31 +0000 (14:09 +0200)]
udev: guard REREADP logic with open(O_ECXL)

5 years agoudev: try first re-reading the partition table
Kay Sievers [Wed, 4 Jun 2014 11:30:24 +0000 (13:30 +0200)]
udev: try first re-reading the partition table

mounted partitions:
  # dd if=/dev/zero of=/dev/sda bs=1 count=1
  UDEV  [4157.369250] change   .../0:0:0:0/block/sda (block)
  UDEV  [4157.375059] change   .../0:0:0:0/block/sda/sda1 (block)
  UDEV  [4157.397088] change   .../0:0:0:0/block/sda/sda2 (block)
  UDEV  [4157.404842] change   .../0:0:0:0/block/sda/sda4 (block)

unmounted partitions:
  # dd if=/dev/zero of=/dev/sdb bs=1 count=1
  UDEV  [4163.450217] remove   .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block)
  UDEV  [4163.593167] change   .../target6:0:0/6:0:0:0/block/sdb (block)
  UDEV  [4163.713982] add      .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block)

5 years agosocket: optionally remove sockets/FIFOs in the file system after use
Lennart Poettering [Wed, 4 Jun 2014 11:10:43 +0000 (13:10 +0200)]
socket: optionally remove sockets/FIFOs in the file system after use

5 years agoudev: link-config - fix mem leak
Tom Gundersen [Wed, 4 Jun 2014 10:34:23 +0000 (12:34 +0200)]
udev: link-config - fix mem leak

Reported by Kay.

5 years agoudev: synthesize "change' events for partitions when tools change the disk
Kay Sievers [Wed, 4 Jun 2014 10:16:28 +0000 (12:16 +0200)]
udev: synthesize "change' events for partitions when tools change the disk

This should make sure that fdisk-like programs will automatically
cause an update of all partitions, just like mkfs-like programs cause
an update of the partition.

5 years agoREADME: mention new required user systemd-bus-proxy
Lennart Poettering [Wed, 4 Jun 2014 09:17:32 +0000 (11:17 +0200)]
README: mention new required user systemd-bus-proxy

5 years agofsck: disable "-l" option for now
Kay Sievers [Wed, 4 Jun 2014 09:14:48 +0000 (11:14 +0200)]
fsck: disable "-l" option for now

  https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5

5 years agoudevd: inotify - modernizations
Kay Sievers [Wed, 4 Jun 2014 09:05:45 +0000 (11:05 +0200)]
udevd: inotify - modernizations

5 years agobus-proxy: drop priviliges if we can
Lennart Poettering [Wed, 4 Jun 2014 07:55:40 +0000 (09:55 +0200)]
bus-proxy: drop priviliges if we can

Either become uid/gid of the client we have been forked for, or become
the "systemd-bus-proxy" user if the client was root. We retain
CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.

5 years agoremove ReadOnlySystem and ProtectedHome from udevd and logind
Kay Sievers [Tue, 3 Jun 2014 23:41:15 +0000 (01:41 +0200)]
remove ReadOnlySystem and ProtectedHome from udevd and logind

logind needs access to /run/user/, udevd fails during early boot
with these settings

5 years agocore: add new ReadOnlySystem= and ProtectedHome= settings for service units
Lennart Poettering [Tue, 3 Jun 2014 21:41:44 +0000 (23:41 +0200)]
core: add new ReadOnlySystem= and ProtectedHome= settings for service units

ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.

5 years agonetworkd: split runtime config dir from state dir
Tom Gundersen [Tue, 3 Jun 2014 16:57:47 +0000 (18:57 +0200)]
networkd: split runtime config dir from state dir

Configuration will be in

root:root /run/systemd/network

and state will be in

systemd-network:systemd-network /run/systemd/netif

This matches what we do for logind's seat/session state.

5 years agoudev: exclude device-mapper from block device ownership event locking
Kay Sievers [Tue, 3 Jun 2014 14:49:38 +0000 (16:49 +0200)]
udev: exclude device-mapper from block device ownership event locking

5 years agoshared: capability - don't loop over the cap bits if they are all unset
Tom Gundersen [Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)]
shared: capability - don't loop over the cap bits if they are all unset

5 years agoshared: allow drop_priviliges to drop all privs
Tom Gundersen [Tue, 3 Jun 2014 09:06:14 +0000 (11:06 +0200)]
shared: allow drop_priviliges to drop all privs

5 years agoudev: always close lock file descriptor
Kay Sievers [Tue, 3 Jun 2014 08:46:51 +0000 (10:46 +0200)]
udev: always close lock file descriptor

https://bugs.freedesktop.org/show_bug.cgi?id=79576

5 years agosd-dhcp-client: allways request broadcast
Camilo Aguilar [Wed, 28 May 2014 18:43:37 +0000 (14:43 -0400)]
sd-dhcp-client: allways request broadcast

On systems which cannot receive unicast packets until its IP stack has been configured
we need to request broadcast packets. We are currently not able to reliably detect when
this is necessary, so set it unconditionally for now.

This is set on all packets, but the DHCP server will only broadcast the packets that are
necessary, and unicast the rest.

For more information please refer to this thread in CoreOS: https://github.com/coreos/bugs/issues/12

[tomegun: rephrased commit message]

5 years agoresolved: run as unpriviliged "systemd-resolve" user
Tom Gundersen [Sun, 1 Jun 2014 21:01:20 +0000 (22:01 +0100)]
resolved: run as unpriviliged "systemd-resolve" user

This service is not yet network facing, but let's prepare nonetheless.
Currently all caps are dropped, but some may need to be kept in the
future.

5 years agoconfigure: networkd no longer requires kmod
Tom Gundersen [Mon, 2 Jun 2014 23:05:13 +0000 (01:05 +0200)]
configure: networkd no longer requires kmod

Reported by Samuli Suominen.

5 years agonetworkd: drop CAP_SYS_MODULE
Tom Gundersen [Mon, 2 Jun 2014 19:50:50 +0000 (21:50 +0200)]
networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.

5 years agonetworkd: introduce vti tunnel
Susant Sahani [Fri, 23 May 2014 06:37:46 +0000 (12:07 +0530)]
networkd: introduce vti tunnel

This patch enables vti tunnel support.

example conf:

file : vti.netdev
[NetDev]
Name=vti-tun
Kind=vti
MTUBytes=1480

[Tunnel]
Local=X.X.X.X
Remote=X.X.X.X

file: vti.network
[Match]
Name=em1

[Network]
Tunnel=vti-tun

TODO:

Add more attributes for vti tunnel
IFLA_VTI_IKEY
IFLA_VTI_OKEY

5 years agonetworkd: sit-tunnel add support for pmtudisc
Susant Sahani [Thu, 22 May 2014 06:29:19 +0000 (11:59 +0530)]
networkd: sit-tunnel add support for pmtudisc

This patch adds path of mtu discovery for sit tunnel.
To enable/disable DiscoverPathMTU is introduced.

Example configuration

file: sit.netdev
[NetDev]
Name=sit-tun
Kind=sit
MTUBytes=1480

[Tunnel]
DiscoverPathMTU=1
Local=X.X.X.X
Remote=X.X.X.X

By default pmtudisc is turned on , if DiscoverPathMTU
is missing from the config. To turn it off
DiscoverPathMTU=0 needs to be set.

5 years agonetworkd: introduce gre tunnel
Susant Sahani [Thu, 22 May 2014 10:35:03 +0000 (16:05 +0530)]
networkd: introduce gre tunnel

This patch enables gre tunnel support.

example conf:

file : gre.netdev
[NetDev]
Name=gre-tun
Kind=gre
MTUBytes=1480

[Tunnel]
Local=X.X.X.X
Remote=X.X.X.X

file: gre.network
[Match]
Name=em1

[Network]
Tunnel=gre-tun

TODO:

Add more attributes for gre tunnel
IFLA_GRE_IFLAGS
IFLA_GRE_IFLAGS
IFLA_GRE_IKEY
IFLA_GRE_OKEY

5 years agonetworkd-netdev: fix white space
Susant Sahani [Wed, 21 May 2014 09:55:30 +0000 (15:25 +0530)]
networkd-netdev: fix white space

5 years agonetworkd: introduce veth device support
Susant Sahani [Wed, 21 May 2014 08:31:04 +0000 (14:01 +0530)]
networkd: introduce veth device support

This patch adds veth device support to networkd.

Example conf:

File: veth.netdev

[NetDev]
Name=veth-test
Kind=veth

[Peer]
Name=veth-peer

5 years agoresolved: move resolv.conf to resolved's runtime dir
Tom Gundersen [Mon, 2 Jun 2014 13:13:30 +0000 (15:13 +0200)]
resolved: move resolv.conf to resolved's runtime dir

5 years agotmpfiles: systemd.conf - fix ownership of network directories
Tom Gundersen [Mon, 2 Jun 2014 13:05:05 +0000 (15:05 +0200)]
tmpfiles: systemd.conf - fix ownership of network directories

5 years agokeyboard: add Plantronics .Audio mute button
Zbigniew Jędrzejewski-Szmek [Sun, 1 Jun 2014 18:01:23 +0000 (14:01 -0400)]
keyboard: add Plantronics .Audio mute button

https://bugs.freedesktop.org/show_bug.cgi?id=79495

5 years agoREADME: document the new "systemd-network" user we require for systemd-networkd
Lennart Poettering [Sun, 1 Jun 2014 07:35:19 +0000 (09:35 +0200)]
README: document the new "systemd-network" user we require for systemd-networkd

5 years agonetworkd: run as unpriviliged "systemd-network" user
Lennart Poettering [Sun, 1 Jun 2014 07:12:00 +0000 (09:12 +0200)]
networkd: run as unpriviliged "systemd-network" user

This allows us to run networkd mostly unpriviliged with the exception of
CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter
though...

5 years agounits: remove CAP_SYS_PTRACE capability from hostnamed/networkd
Lennart Poettering [Sun, 1 Jun 2014 06:54:09 +0000 (08:54 +0200)]
units: remove CAP_SYS_PTRACE capability from hostnamed/networkd

The ptrace capability was only necessary to detect virtualizations
environments. Since we changed the logic to determine this to not
require priviliges, there's no need to carry the CAP_SYS_PTRACE
capability anymore.

5 years agotimesyncd: split privilege dropping code out of timesyncd so that we can make use...
Lennart Poettering [Sun, 1 Jun 2014 06:49:33 +0000 (08:49 +0200)]
timesyncd: split privilege dropping code out of timesyncd so that we can make use of it from other daemons too

This is preparation to make networkd work as unpriviliged user.

5 years agotty-ask-password-agent: Do tell what directory we failed to open
Cristian Rodríguez [Thu, 29 May 2014 18:17:37 +0000 (14:17 -0400)]
tty-ask-password-agent: Do tell what directory we failed to open

5 years agoudev-builtin-keyboard: do tell on which device EVIOCSKEYCODE failed.
Cristian Rodríguez [Fri, 30 May 2014 17:16:56 +0000 (13:16 -0400)]
udev-builtin-keyboard: do tell on which device EVIOCSKEYCODE failed.

I am getting

"Error calling EVIOCSKEYCODE (scan code 0xc022d, key code 418): Invalid
argument", the error message does not tell on which specific device the
problem is, add that info.

5 years agoutil: ignore_file should not allow files ending with '~'
Thomas Hindoe Paaboel Andersen [Sat, 31 May 2014 19:36:23 +0000 (21:36 +0200)]
util: ignore_file should not allow files ending with '~'

ignore_file currently allows any file ending with '~' while it
seems that the opposite was intended:
a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08

5 years agounits: use KillMode=mixed for systemd-nspawn@.service
Jonathan Liu [Wed, 28 May 2014 15:17:25 +0000 (01:17 +1000)]
units: use KillMode=mixed for systemd-nspawn@.service

This causes the container to shut down cleanly when the service is
stopped.

5 years agofsck: include device name in the message about missing fsck
Zbigniew Jędrzejewski-Szmek [Tue, 27 May 2014 03:03:11 +0000 (23:03 -0400)]
fsck: include device name in the message about missing fsck

5 years agovirt: rework container detection logic
Lennart Poettering [Wed, 28 May 2014 10:37:11 +0000 (18:37 +0800)]
virt: rework container detection logic

Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.

Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.

5 years agobuild-sys: use glibc's xattr support instead of requiring libattr
Kay Sievers [Wed, 28 May 2014 09:36:40 +0000 (17:36 +0800)]
build-sys: use glibc's xattr support instead of requiring libattr

5 years agoNEWS: mention that we need a new user systemd-timesync v213
Lennart Poettering [Wed, 28 May 2014 01:43:43 +0000 (09:43 +0800)]
NEWS: mention that we need a new user systemd-timesync

5 years agoNEWS: update NEWS file according to most recent changes in git
Lennart Poettering [Wed, 28 May 2014 01:39:55 +0000 (09:39 +0800)]
NEWS: update NEWS file according to most recent changes in git

5 years agohostnamed: Fix the way that static and transient host names interact
Stef Walter [Wed, 12 Feb 2014 08:46:31 +0000 (09:46 +0100)]
hostnamed: Fix the way that static and transient host names interact

It is almost always incorrect to allow DHCP or other sources of
transient host names to override an explicitly configured static host
name.

This commit changes things so that if a static host name is set, this
will override the transient host name (eg: provided via DHCP). Transient
host names can still be used to provide host names for machines that have
not been explicitly configured with a static host name.

The exception to this rule is if the static host name is set to
"localhost". In those cases we act as if no
static host name has been explicitly set.

As discussed elsewhere, systemd may want to have an fd based ownership
of the transient name. That part is not included in this commit.

5 years agobuild-sys: bump package and library version
Lennart Poettering [Tue, 27 May 2014 11:02:22 +0000 (19:02 +0800)]
build-sys: bump package and library version

5 years agotest-dhcp-option: fix memleak
Tom Gundersen [Sun, 25 May 2014 15:34:17 +0000 (17:34 +0200)]
test-dhcp-option: fix memleak

5 years agoanalyze/run: use bus_open_transport_systemd instead of bus_open_transport
Thomas Bächler [Fri, 21 Feb 2014 10:55:24 +0000 (11:55 +0100)]
analyze/run: use bus_open_transport_systemd instead of bus_open_transport

Both systemd-analyze and systemd-run only access org.freedesktop.systemd1
on the bus. This patch allows using systemd-run --user and systemd-analyze
--user even if the user session's bus is not properly integrated with the
systemd user unit.

https://bugs.freedesktop.org/show_bug.cgi?id=79252 and other reports...

5 years agoDo not unescape unit names in [Install] section
Michal Sekletar [Mon, 26 May 2014 18:09:45 +0000 (20:09 +0200)]
Do not unescape unit names in [Install] section

https://bugs.freedesktop.org/show_bug.cgi?id=49316

5 years agoudev: keyboard - also hook into "change" events
Kay Sievers [Mon, 26 May 2014 01:30:21 +0000 (09:30 +0800)]
udev: keyboard - also hook into "change" events

Re-apply the keymaps when "udevadm trigger" is called. Hooking into
"add" only would just remove all keymap content from the udev database
instead of applying the new config.

5 years agokeymap: Asus EeePC touchpad toggle key
Martin Pitt [Sun, 25 May 2014 10:16:35 +0000 (12:16 +0200)]
keymap: Asus EeePC touchpad toggle key

Originally is KEY_TOUCHPAD_TOGGLE, but X.org can't handle the big key events,
so use the F21 convention.

https://bugs.freedesktop.org/show_bug.cgi?id=72807

5 years agokeymap: Add Lenovo Enhanced USB Keyboard
Martin Pitt [Sun, 25 May 2014 09:57:22 +0000 (11:57 +0200)]
keymap: Add Lenovo Enhanced USB Keyboard

https://bugs.freedesktop.org/show_bug.cgi?id=77234

5 years agotimesysnc: reword network watching messages, and move resolver errors to debug
Kay Sievers [Sun, 25 May 2014 05:40:17 +0000 (13:40 +0800)]
timesysnc: reword network watching messages, and move resolver errors to debug

5 years agonspawn: make nspawn robust to container failure
Djalal Harouni [Sat, 24 May 2014 13:58:55 +0000 (14:58 +0100)]
nspawn: make nspawn robust to container failure

nspawn and the container child use eventfd to wait and notify each other
that they are ready so the container setup can be completed.

However in its current form the wait/notify event ignore errors that
may especially affect the child (container).

On errors the child will jump to the "child_fail" label and terminate
with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd
is created without the "EFD_NONBLOCK" flag, this leaves the parent
blocking on the eventfd_read() call. The container can also be killed
at any moment before execv() and the parent will not receive
notifications.

We can fix this by using cheap mechanisms, the new high level eventfd
API and handle SIGCHLD signals:

* Keep the cheap eventfd and EFD_NONBLOCK flag.

* Introduce eventfd states for parent and child to sync.
Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or
EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the
parent from waiting on an event that will never come.

* If the child is killed before execv() or before notifying the parent,
we install a NOP handler for SIGCHLD which will interrupt blocking calls
with EINTR. This gives a chance to the parent to call wait() and
terminate in main().

* If there are no errors, parent will block SIGCHLD, restore default
handler and notify child which will do execv(), then parent will pass
control to process_pty() to do its magic.

This was exposed in part by:
https://bugs.freedesktop.org/show_bug.cgi?id=76193

Reported-by: Tobias Hunger tobias.hunger@gmail.com
5 years agonspawn: move container wait logic into wait_for_container()
Djalal Harouni [Sat, 24 May 2014 13:58:54 +0000 (14:58 +0100)]
nspawn: move container wait logic into wait_for_container()

Move the container wait logic into its own wait_for_container() function
and add two status codes: CONTAINER_TERMINATED or CONTAINER_REBOOTED.
The status will be stored in its argument, this way we handle:
a) Return negative on failures.
b) Return zero on success and set the status to either
   CONTAINER_REBOOTED or CONTAINER_TERMINATED.

These status codes are used to terminate nspawn or loop again in case of
CONTAINER_REBOOTED.

5 years agotest-path-util: add tests for path_make_relative()
Tanu Kaskinen [Sat, 24 May 2014 09:01:13 +0000 (12:01 +0300)]
test-path-util: add tests for path_make_relative()

5 years agopath-util: fix missing terminating zero
Tanu Kaskinen [Sat, 24 May 2014 09:01:12 +0000 (12:01 +0300)]
path-util: fix missing terminating zero

There was this code:

        if (to_path_len > 0)
                memcpy(p, to_path, to_path_len);

That didn't add the terminating zero, so the resulting string was
corrupt if this code path was taken.

Using strcpy() instead of memcpy() solves this issue, and also
simplifies the code.

Previously there was special handling for shortening "../../" to
"../..", but that has now been replaced by a path_kill_slashes() call,
which also makes the result prettier in case the input contains
redundant slashes that would otherwise be copied to the result.

5 years agoUse %m instead of strerror(errno) where appropiate
Cristian Rodríguez [Sat, 24 May 2014 04:10:36 +0000 (00:10 -0400)]
Use %m instead of strerror(errno) where appropiate

5 years agotest-unit-file: skip if unit_file_get_list returns permission denied
Cristian Rodríguez [Sat, 24 May 2014 16:16:42 +0000 (12:16 -0400)]
test-unit-file: skip if unit_file_get_list returns permission denied

5 years agoFix several small typos
Jonathan Boulle [Fri, 23 May 2014 18:56:42 +0000 (11:56 -0700)]
Fix several small typos

5 years agoman: describe sd_uid_get_display
Zbigniew Jędrzejewski-Szmek [Sat, 24 May 2014 22:49:45 +0000 (18:49 -0400)]
man: describe sd_uid_get_display

5 years agoNEWS: mention that systemd-analyze uses new kernel release info
Zbigniew Jędrzejewski-Szmek [Sat, 24 May 2014 22:45:04 +0000 (18:45 -0400)]
NEWS: mention that systemd-analyze uses new kernel release info

Also some small grammar updates.

5 years agobuild-sys: fix typo in variable name
Zbigniew Jędrzejewski-Szmek [Sat, 24 May 2014 22:23:06 +0000 (18:23 -0400)]
build-sys: fix typo in variable name

5 years agoman: reword StartupCPUShares= description
Zbigniew Jędrzejewski-Szmek [Sat, 24 May 2014 22:02:16 +0000 (18:02 -0400)]
man: reword StartupCPUShares= description

Now that we have two options described in the same paragraph, we cannot
use singular anymore.

5 years agoNEWS
Tom Gundersen [Sat, 24 May 2014 10:28:47 +0000 (12:28 +0200)]
NEWS

5 years agoNEWS: update
Kay Sievers [Sat, 24 May 2014 06:50:17 +0000 (14:50 +0800)]
NEWS: update

5 years agodetect-virt: Remove string for Microsoft virtualization detection in DMI vendor strin...
Reyad Attiyat [Mon, 5 May 2014 21:29:57 +0000 (16:29 -0500)]
detect-virt: Remove string for Microsoft virtualization detection in DMI vendor string array.

The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID.

https://bugs.freedesktop.org/show_bug.cgi?id=78312

5 years agoNEWS: prepare NEWS update for 213
Lennart Poettering [Sat, 24 May 2014 06:25:28 +0000 (14:25 +0800)]
NEWS: prepare NEWS update for 213

5 years agocore: timer - switch to touch_file()
Kay Sievers [Sat, 24 May 2014 03:39:47 +0000 (11:39 +0800)]
core: timer - switch to touch_file()

5 years agotimedated: refuse manual system time updates when automatic timesync is enabled
Kay Sievers [Sat, 24 May 2014 02:38:32 +0000 (10:38 +0800)]
timedated: refuse manual system time updates when automatic timesync is enabled

5 years agoclock-util: clock_[sg]et_time() -> clock_[sg]et_hwclock()
Kay Sievers [Sat, 24 May 2014 02:26:33 +0000 (10:26 +0800)]
clock-util: clock_[sg]et_time() -> clock_[sg]et_hwclock()

5 years agotimesyncd: only update stamp file when we are synchronized
Kay Sievers [Thu, 22 May 2014 12:31:46 +0000 (21:31 +0900)]
timesyncd: only update stamp file when we are synchronized

Create initial stamp file with compiled-in time to prevent bootups
with clocks in the future from storing invalid timestamps.

At shutdown, only update the timestamp if we got an authoritative
time to store.

5 years agoshared: add touch_file() and let touch() always update timestamp
Kay Sievers [Thu, 22 May 2014 12:10:50 +0000 (21:10 +0900)]
shared: add touch_file() and let touch() always update timestamp

5 years agoshared: rename hwclock.[ch] to clock-util.[ch]
Kay Sievers [Thu, 22 May 2014 12:21:38 +0000 (21:21 +0900)]
shared: rename hwclock.[ch] to clock-util.[ch]

5 years agosd-network: avoid false positive compiler warning caused by LTO
Tom Gundersen [Fri, 23 May 2014 22:46:30 +0000 (00:46 +0200)]
sd-network: avoid false positive compiler warning caused by LTO

Djalal Harouni <tixxdz@opendz.org>:
There is also this one genrated by LTO, IMO it's a false positive since
we do *check* for "lease" but the code is not consistent since in that
code path, "lease" is initialized to NULL in other places, except for
this one:

src/resolve/resolved-manager.c: In function 'manager_update_resolv_conf':
src/libsystemd-network/sd-dhcp-lease.c:67:18: warning: 'lease' may be used uninitialized in this function [-Wmaybe-uninitialized]
        if (lease->dns_size) {
                 ^
src/network/sd-network.c:146:24: note: 'lease' was declared here
        sd_dhcp_lease *lease;
                       ^

5 years agosocket: properly handle if our service vanished during runtime
Lennart Poettering [Thu, 22 May 2014 07:56:21 +0000 (16:56 +0900)]
socket: properly handle if our service vanished during runtime

5 years agocore: remove unused vars
Lennart Poettering [Thu, 22 May 2014 07:52:53 +0000 (16:52 +0900)]
core: remove unused vars

5 years agocore: never consider failure when reading drop-ins fatal
Lennart Poettering [Thu, 22 May 2014 07:49:12 +0000 (16:49 +0900)]
core: never consider failure when reading drop-ins fatal

drop-ins don't carry the main configuration of a unit, hence read them
if we can't, complain if we cannot, but don't fail.

5 years agoconf-parser: never consider it an error if we cannot load a drop-in file because...
Lennart Poettering [Thu, 22 May 2014 07:47:46 +0000 (16:47 +0900)]
conf-parser: never consider it an error if we cannot load a drop-in file because it is missing

After all, we want to be able to boot with /etc empty one day...

5 years agoman: update URL refernce in daemon(7)
Lennart Poettering [Thu, 22 May 2014 07:22:48 +0000 (16:22 +0900)]
man: update URL refernce in daemon(7)

http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html

5 years agoman: drop reference to file locking for PID file creation from daemon(7)
Lennart Poettering [Thu, 22 May 2014 07:15:56 +0000 (16:15 +0900)]
man: drop reference to file locking for PID file creation from daemon(7)

File locking is usually a bad idea, don't suggest using it.

5 years agoupdate TODO
Lennart Poettering [Thu, 22 May 2014 07:14:50 +0000 (16:14 +0900)]
update TODO

5 years agonspawn: restore journal directory is empty check
Lennart Poettering [Thu, 22 May 2014 06:19:46 +0000 (15:19 +0900)]
nspawn: restore journal directory is empty check

This undoes part of commit e6a4a517befe559adf6d1dbbadf425c3538849c9.

Instead of removing the error message about non-empty journal bind mount
directories, simply downgrade the message to a warning and proceed.

5 years agoupdate TODO
Lennart Poettering [Thu, 22 May 2014 03:16:25 +0000 (12:16 +0900)]
update TODO

5 years agocgroups: simplify CPUQuota= logic
Lennart Poettering [Thu, 22 May 2014 02:53:12 +0000 (11:53 +0900)]
cgroups: simplify CPUQuota= logic

Only accept cpu quota values in percentages, get rid of period
definition.

It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values.

5 years agotime-util: make sure USEC_PER_SEC and friends are actually of type usec_t
Lennart Poettering [Thu, 22 May 2014 02:44:03 +0000 (11:44 +0900)]
time-util: make sure USEC_PER_SEC and friends are actually of type usec_t