chiark / gitweb /
elogind.git
5 years agounits: so far we defaulted to 90s as default timeout for most things, let's do so...
Lennart Poettering [Mon, 2 Feb 2015 20:34:32 +0000 (21:34 +0100)]
units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too

Fewer surprises, and stuff...

5 years agotmpfiles: let's always use DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING() instead...
Lennart Poettering [Mon, 2 Feb 2015 20:34:09 +0000 (21:34 +0100)]
tmpfiles: let's always use DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING() instead of defining our own string tables

5 years agotime-util: let's make xstrftime() useful for everybody, even if we only have a single...
Lennart Poettering [Mon, 2 Feb 2015 20:28:33 +0000 (21:28 +0100)]
time-util: let's make xstrftime() useful for everybody, even if we only have a single user so far.

5 years agomacro: document that DECIMAL_STR_MAX contains space for the trailing NUL byte
Lennart Poettering [Mon, 2 Feb 2015 20:28:19 +0000 (21:28 +0100)]
macro: document that DECIMAL_STR_MAX contains space for the trailing NUL byte

5 years agobootchart: Ensure that systemd is the init called after using bootchart
Sebastien Bacher [Mon, 2 Feb 2015 14:48:40 +0000 (15:48 +0100)]
bootchart: Ensure that systemd is the init called after using bootchart

When booting with systemd-bootchart, default to call the systemd binary
rather than the init binary on disk, which might be another init system.
Collecting data only works with booting systemd.

5 years agobacklight: let udev properties override clamping
Topi Miettinen [Sun, 1 Feb 2015 06:49:02 +0000 (08:49 +0200)]
backlight: let udev properties override clamping

On my computer, the minimum brightness enforced by clamping in
backlight is too bright.

Let udev property ID_BACKLIGHT_CLAMP control whether the brightness
is clamped or not.

5 years agocryptsetup: only warn on real key files
Martin Pitt [Mon, 2 Feb 2015 15:53:39 +0000 (16:53 +0100)]
cryptsetup: only warn on real key files

Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.

5 years agotmpfiles: Remove unnecessary blank line when configured with "--disable-resolved"
Sangjung Woo [Mon, 2 Feb 2015 11:25:02 +0000 (20:25 +0900)]
tmpfiles: Remove unnecessary blank line when configured with "--disable-resolved"

This patch removes unnecessary blank line in
/usr/lib/tmpfiles.d/etc.conf when configured with "--disable-resolved".
(i.e. ENABLE_RESOLVED is not defined)

5 years agoupdate TODO
Lennart Poettering [Mon, 2 Feb 2015 15:43:00 +0000 (16:43 +0100)]
update TODO

5 years agocryptsetup: Do not warn If the key is /dev/*random
Cristian Rodríguez [Mon, 2 Feb 2015 15:06:05 +0000 (12:06 -0300)]
cryptsetup: Do not warn If the key is /dev/*random

Using /dev/urandom as a key is valid for swap, do not
warn if this devices are world readable.

5 years agonetworkd: support socket activation
Tom Gundersen [Sun, 1 Feb 2015 21:13:26 +0000 (22:13 +0100)]
networkd: support socket activation

Still keep the non-socket activation code around for starting from the commandline, but
will likely drop that too in the future.

5 years agosd-rtnl: introduce sd_rtnl_new_from_netlink
Tom Gundersen [Sun, 1 Feb 2015 21:12:33 +0000 (22:12 +0100)]
sd-rtnl: introduce sd_rtnl_new_from_netlink

5 years agonetworkd-wait-online: add timeout
Tom Gundersen [Sun, 1 Feb 2015 20:04:35 +0000 (21:04 +0100)]
networkd-wait-online: add timeout

Default to timing out after 120 seconds without a network connection. Setting a
timeout of 0 disables the timeout.

5 years agosd-event: treat NULL callback for timer events like sig events
Tom Gundersen [Sun, 1 Feb 2015 17:06:40 +0000 (18:06 +0100)]
sd-event: treat NULL callback for timer events like sig events

In both cases exit the event loop.

5 years agonetworkd-wait-online: support globbing for ignored devices
Tom Gundersen [Sun, 1 Feb 2015 14:13:17 +0000 (15:13 +0100)]
networkd-wait-online: support globbing for ignored devices

5 years agohwdb: Update database of Bluetooth company identifiers
Marcel Holtmann [Mon, 2 Feb 2015 08:18:28 +0000 (09:18 +0100)]
hwdb: Update database of Bluetooth company identifiers

5 years agoman: switch yum to dnf for Fedora
Zbigniew Jędrzejewski-Szmek [Sun, 1 Feb 2015 21:05:56 +0000 (16:05 -0500)]
man: switch yum to dnf for Fedora

The dnf name is here to stay, we might as well adjust.

5 years agoshared/capability: go frugal on space for caps
Zbigniew Jędrzejewski-Szmek [Sun, 1 Feb 2015 20:26:46 +0000 (15:26 -0500)]
shared/capability: go frugal on space for caps

5 years agoFix dropping of all capabilities
Zbigniew Jędrzejewski-Szmek [Sun, 1 Feb 2015 19:33:10 +0000 (14:33 -0500)]
Fix dropping of all capabilities

From fd.o bug 88898:

systemd-resolved fails to start:
Failed to drop capabilities: Operation not permitted

Broken in f11943c53ec181829a821c6b27acf828bab71caa.

Drop all capabilities:
1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all
capabilities
2. setresuid() // bye bye capabilities
3. Add CAP_SETPCAP // fails because we have no capabilities
4. Reduce capability bounding set
5. Drop capabilities
6. prctl(PR_SET_KEEPCAPS, 0)

Capabilites should always be kept after setresuid() so that the capability
bounding set can be reduced.

Based-on-a-patch-by: mustrumr97@gmail.com
https://bugs.freedesktop.org/show_bug.cgi?id=88898

We must be careful not to leave PR_SET_KEEPCAPS on. We could use the
setresuid() call to drop capabilities, but the rules when capabilities
are dropped are fairly complex, since a transition to non-zero uid must
happen. Let's instead keep the capabilities during setresuid(), and drop
them later.

5 years agoconfig_parse_set_status: put signals in the correct set
Michael Olbrich [Fri, 30 Jan 2015 08:49:55 +0000 (09:49 +0100)]
config_parse_set_status: put signals in the correct set

This was broken when the code was rearranged in "1e2fd62d70ff
core/load-fragment.c: correct argument sign and split up long lines"

5 years agoAdd a snprinf wrapper which checks that the buffer was big enough
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 13:00:11 +0000 (08:00 -0500)]
Add a snprinf wrapper which checks that the buffer was big enough

If we scale our buffer to be wide enough for the format string, we
should expect that the calculation was correct.

char_array_0() invocations are removed, since snprintf nul-terminates
the output in any case.

A similar wrapper is used for strftime calls, but only in timedatectl.c.

5 years agotmpfiles: accurately report creation results
Zbigniew Jędrzejewski-Szmek [Sun, 1 Feb 2015 17:29:27 +0000 (12:29 -0500)]
tmpfiles: accurately report creation results

5 years agotmpfiles: remove dead branch
Zbigniew Jędrzejewski-Szmek [Sat, 31 Jan 2015 06:03:09 +0000 (01:03 -0500)]
tmpfiles: remove dead branch

In the test, p is a path to a directory, always absolute. dent->d_name
is a single path component, so they cannot be equal. The comparison
was wrong also for other reasons: D type supports globs, so direct
comparisons using streq are not enough.

5 years agounits: set TimeoutSec on some oneshot services
Zbigniew Jędrzejewski-Szmek [Sat, 31 Jan 2015 04:54:21 +0000 (23:54 -0500)]
units: set TimeoutSec on some oneshot services

Services which are not crucial to system bootup, and have Type=oneshot
can effectively "hang" the system if they fail to complete for whatever
reason. To allow the boot to continue, kill them after a timeout.

In case of systemd-journal-flush the flush will continue in the background,
and in the other two cases the job will be aborted, but this should not
result in any permanent problem.

5 years agocore/cgroup: fix embarrassing typo
Zbigniew Jędrzejewski-Szmek [Sun, 1 Feb 2015 04:03:25 +0000 (23:03 -0500)]
core/cgroup: fix embarrassing typo

https://github.com/docker/docker/issues/10280

5 years agotest-dhcp-client: remove linebreak
Zbigniew Jędrzejewski-Szmek [Sat, 31 Jan 2015 17:25:12 +0000 (12:25 -0500)]
test-dhcp-client: remove linebreak

5 years agoTODO
Tom Gundersen [Sat, 31 Jan 2015 14:27:49 +0000 (15:27 +0100)]
TODO

5 years agonetworkd: dhcp-server - start as soon as addresses have been set
Tom Gundersen [Fri, 30 Jan 2015 18:54:01 +0000 (19:54 +0100)]
networkd: dhcp-server - start as soon as addresses have been set

We would otherwise wait for the interface to be completely configured, which
could take considerable time with IPv4LL. As a result nspawn was very slow
at obtaining IP addresses.

5 years agonetworkd-wait-online: allow specific devices to be ignored
Tom Gundersen [Thu, 29 Jan 2015 06:34:34 +0000 (07:34 +0100)]
networkd-wait-online: allow specific devices to be ignored

In addition to the loopback device, also explicitly configured devices to be ignored.

Suggested by Charles Devereaux <systemd@guylhem.net>.

5 years agosd-rtnl: don't fail event handler when callback fails
Tom Gundersen [Thu, 29 Jan 2015 06:26:58 +0000 (07:26 +0100)]
sd-rtnl: don't fail event handler when callback fails

As in sd-bus, simply log at debug level when a callback fails, but don't fail the event handler.
Otherwise any error returned by any callback will disable the rtnl event handler. We should
only do that on serious internal errors in sd-rtnl that we know cannot be recovered from.

5 years agocore: make setting the shutdown watchdog configuration via dbus work
Maxim Mikityanskiy [Thu, 29 Jan 2015 00:23:07 +0000 (01:23 +0100)]
core: make setting the shutdown watchdog configuration via dbus work

https://bugs.freedesktop.org/show_bug.cgi?id=88284

5 years agoRevert "sd-bus: change serialization of kdbus messages to qualify in their entirety...
Kay Sievers [Fri, 30 Jan 2015 12:53:45 +0000 (13:53 +0100)]
Revert "sd-bus: change serialization of kdbus messages to qualify in their entirety as gvariant objects"

This breaks booting with kdbus.

This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.

5 years agoRevert "core: make setting the shutdown watchdog configuration via dbus work"
Kay Sievers [Fri, 30 Jan 2015 09:59:47 +0000 (10:59 +0100)]
Revert "core: make setting the shutdown watchdog configuration via dbus work"

This reverts commit df6e44c4affced590b0d19c594d9301ffd436591.

systemd --version segfaults.

Starting program: /usr/lib/systemd/systemd --version
Missing separate debuginfos, use: debuginfo-install systemd-216-16.fc21.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
systemd 218
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

Program received signal SIGSEGV, Segmentation fault.
0x000055555557c9be in main (argc=2, argv=0x7fffffffe4d8) at src/core/main.c:1832
1832            arg_shutdown_watchdog = m->shutdown_watchdog;
(gdb) bt
(gdb) bt full
        m = 0x0

5 years agoUpdates in bash autocompletions
Carlos Morata Castillo [Sat, 10 Jan 2015 01:08:21 +0000 (02:08 +0100)]
Updates in bash autocompletions

Hi,

I did ./check-undocumented.sh -b (my script just submitted) and checked
the results.

Cheers.

5 years agohwdb: add a touchpad hwdb
Peter Hutterer [Wed, 28 Jan 2015 04:05:01 +0000 (14:05 +1000)]
hwdb: add a touchpad hwdb

Currently used to tag devices in the new Lenovo *50 series and the X1 Carbon
3rd. These laptops re-introduced the physical trackpoint buttons that were
missing from the *40 series but those buttons are now wired up to the
touchpad.

The touchpad now sends BTN_0, BTN_1 and BTN_2 for the trackpoint. The same
button codes were used in older touchpads that had dedicated scroll up/down
buttons. Input drivers need to work around this and thus know what they're
dealing with.

For the previous gen we introduced INPUT_PROP_TOPBUTTONPAD in the kernel, but
the resulting mess showed that these per-device quirks should really live in
userspace.

The list currently includes the X1 Carbon 3rd PNPID, others will be added as
get to know which PNPID they have.

5 years agosystemctl: refuse --host with cat
Zbigniew Jędrzejewski-Szmek [Thu, 29 Jan 2015 02:30:06 +0000 (21:30 -0500)]
systemctl: refuse --host with cat

This might be fixed one day, but for now it's better to fail.

https://bugzilla.redhat.com/show_bug.cgi?id=1186952

5 years agoupdate TODO
Lennart Poettering [Thu, 29 Jan 2015 02:43:34 +0000 (03:43 +0100)]
update TODO

5 years agoFix ordering of the 70-mouse.rule in the Makefile
Peter Hutterer [Thu, 29 Jan 2015 01:51:05 +0000 (11:51 +1000)]
Fix ordering of the 70-mouse.rule in the Makefile

5 years agocoredump: drop caps while we are processing the coredump
Lennart Poettering [Thu, 29 Jan 2015 01:47:29 +0000 (02:47 +0100)]
coredump: drop caps while we are processing the coredump

https://bugs.freedesktop.org/show_bug.cgi?id=87354

5 years agoRevert "journal: do not check for number of files"
Lennart Poettering [Thu, 29 Jan 2015 01:10:15 +0000 (02:10 +0100)]
Revert "journal: do not check for number of files"

This reverts commit b914ea8d379b446c4c9fac4ba181771676ef38cd.

We really need to put a limit on all our resources, everywhere, and in
particular if we operate on external data.

Hence, let's reintroduce the limit, but bump it substantially, so that
it is guaranteed to be higher than any realistic RLIMIT_NOFILE setting.

5 years agoman: turn new netdev table into a proper table
Lennart Poettering [Thu, 29 Jan 2015 00:40:48 +0000 (01:40 +0100)]
man: turn new netdev table into a proper table

5 years agocore: make setting the shutdown watchdog configuration via dbus work
Maxim Mikityanskiy [Thu, 29 Jan 2015 00:23:07 +0000 (01:23 +0100)]
core: make setting the shutdown watchdog configuration via dbus work

https://bugs.freedesktop.org/show_bug.cgi?id=88284

5 years agoman: netdev - add some minimal explanation to the different netdev kinds and modes
Tom Gundersen [Wed, 28 Jan 2015 20:31:47 +0000 (21:31 +0100)]
man: netdev - add some minimal explanation to the different netdev kinds and modes

Would be awesome to expand on this a lot, as there is currently no decent documentation for most of these things.

5 years agonetworkd: tunnel - call tunnel modes ipip6, not ip4ipv6 to match ip(8)
Tom Gundersen [Wed, 28 Jan 2015 16:32:50 +0000 (17:32 +0100)]
networkd: tunnel - call tunnel modes ipip6, not ip4ipv6 to match ip(8)

5 years agologind: handle closing sessions over daemon restarts
Martin Pitt [Wed, 28 Jan 2015 17:14:01 +0000 (18:14 +0100)]
logind: handle closing sessions over daemon restarts

It may happen that you have several sessions with the same VT:

 - Open a session c1 which leaves some processes around, and log out. The
   session will stay in State=closing and become Active=no.
 - Log back in on the same VT, get a new session "c2" which is State=active and
   Active=yes.

When restarting logind after that, the first session that matches the current
VT becomes Active=yes, which will be c1; c2 thus is Active=no and does not get
the usual polkit/device ACL privileges.

Restore the "closing" state in session_load(), to avoid treating all restored
sessions as State=active. In seat_active_vt_changed(), prefer active sessions
over closing ones if more than one session matches the current VT.

Finally, fix the confusing comment in session_load() and explain it a bit
better.

https://launchpad.net/bugs/1415104

5 years agoutil: add comment explaining hostname_is_valid()
Lennart Poettering [Wed, 28 Jan 2015 16:48:05 +0000 (17:48 +0100)]
util: add comment explaining hostname_is_valid()

5 years agoupdate TODO
Lennart Poettering [Wed, 28 Jan 2015 16:48:01 +0000 (17:48 +0100)]
update TODO

5 years agosd-dhcp: chop of trailing dot of DHCP supplied host and domain nams
Lennart Poettering [Wed, 28 Jan 2015 16:47:37 +0000 (17:47 +0100)]
sd-dhcp: chop of trailing dot of DHCP supplied host and domain nams

5 years agorules: clean up stale CD drive mounts after ejection
Martin Pitt [Wed, 28 Jan 2015 12:57:47 +0000 (13:57 +0100)]
rules: clean up stale CD drive mounts after ejection

Ejecting a CD with the hardware drive button only causes a change uevent, but
the device node stays around (just without a medium). Pick up these uevents and
mark the device as SYSTEMD_READY=0 on ejection, so that systemd stops the
device unit and consequently all mount units on it.

On media insertion, mark the device as SYSTEMD_READY=1 again.

https://bugs.freedesktop.org/show_bug.cgi?id=72206
https://bugzilla.opensuse.org/show_bug.cgi?id=909418
https://bugs.archlinux.org/task/42071
https://bugs.launchpad.net/bugs/1168742

5 years agocore/mount: add dependencies to dynamically mounted mounts too
Martin Pitt [Wed, 28 Jan 2015 12:53:25 +0000 (13:53 +0100)]
core/mount: add dependencies to dynamically mounted mounts too

Add unit dependencies for dynamic (i. e. not from fstab) mounts. With that,
mount units properly bind to their underlying device, and thus get
automatically stopped/unmounted when the underlying device goes away.

This cleans up stale mounts from unplugged devices.

Thanks to Lennart Poettering for pointing out the fix!

5 years agosysv-generator: no need to check for identical symlinks source and target twice
Lennart Poettering [Wed, 28 Jan 2015 14:11:49 +0000 (15:11 +0100)]
sysv-generator: no need to check for identical symlinks source and target twice

http://lists.freedesktop.org/archives/systemd-devel/2015-January/027594.html

5 years agocore: output unit status output strings to console, only if we actually are changing...
Lennart Poettering [Wed, 28 Jan 2015 14:07:13 +0000 (15:07 +0100)]
core: output unit status output strings to console, only if we actually are changing unit state

Unit _start() and _stop() implementations can fail with -EAGAIN to delay
execution temporarily. Thus, we should not output status messages before
invoking these calls, but after, and only when we know that the
invocation actually made a change.

5 years agotest: duplicate LIST_FOREACH_OTHERS test to check for corner cases of end and start...
Lennart Poettering [Wed, 28 Jan 2015 13:22:13 +0000 (14:22 +0100)]
test: duplicate LIST_FOREACH_OTHERS test to check for corner cases of end and start of list

5 years agolist: properly skip over first item in LIST_FOREACH_OTHERS
Lennart Poettering [Wed, 28 Jan 2015 13:03:31 +0000 (14:03 +0100)]
list: properly skip over first item in LIST_FOREACH_OTHERS

5 years agomanager: fix minor typo
Lennart Poettering [Wed, 28 Jan 2015 13:03:24 +0000 (14:03 +0100)]
manager: fix minor typo

5 years agosysv-generator: Re-fix .sh suffix handling
Martin Pitt [Wed, 28 Jan 2015 07:00:28 +0000 (08:00 +0100)]
sysv-generator: Re-fix .sh suffix handling

Commit 4e48855534 caused the .sh suffix to be stripped from the original
"filename", which caused the generated units to call the wrong init.d script.
Only use the .sh stripped file name for comparing with Provides:, not for
generating the Exec*= lines.

Spotted by sysv-generator-test.

5 years agobuild-sys: add check for --help width
Zbigniew Jędrzejewski-Szmek [Wed, 28 Jan 2015 02:22:26 +0000 (21:22 -0500)]
build-sys: add check for --help width

5 years agonotify,firstboot,analyze,run: trim --help output to 80 lines
Zbigniew Jędrzejewski-Szmek [Wed, 28 Jan 2015 02:22:57 +0000 (21:22 -0500)]
notify,firstboot,analyze,run: trim --help output to 80 lines

5 years agotmpfiles: fix help text
Zbigniew Jędrzejewski-Szmek [Wed, 28 Jan 2015 02:22:08 +0000 (21:22 -0500)]
tmpfiles: fix help text

The help text, apart from being too long, did not describe what the options
really do.

5 years agobuild-sys: make xz and zlib build-time optional again
Lennart Poettering [Wed, 28 Jan 2015 02:21:56 +0000 (03:21 +0100)]
build-sys: make xz and zlib build-time optional again

5 years agoman: document the new Ctrl-Alt-Del magic
Lennart Poettering [Wed, 28 Jan 2015 01:33:22 +0000 (02:33 +0100)]
man: document the new Ctrl-Alt-Del magic

5 years agomanager: when we immediately reboot due to 7x C-A-D within 2s, mention this on the...
Lennart Poettering [Wed, 28 Jan 2015 01:26:03 +0000 (02:26 +0100)]
manager: when we immediately reboot due to 7x C-A-D within 2s, mention this on the console too

5 years agoupdate TODO
Lennart Poettering [Wed, 28 Jan 2015 01:22:19 +0000 (02:22 +0100)]
update TODO

5 years agocore: when the user hits Ctrl-Alt-Del more than 7x per 2s, reboot immediately
Lennart Poettering [Wed, 28 Jan 2015 01:18:59 +0000 (02:18 +0100)]
core: when the user hits Ctrl-Alt-Del more than 7x per 2s, reboot immediately

This should be useful for cases where clean rebooting doesn't work, and
the user wants to hurry up the reboot.

5 years agosysv-generator: there's really no need to invoke fstatat() multiple times on the...
Lennart Poettering [Wed, 28 Jan 2015 00:36:40 +0000 (01:36 +0100)]
sysv-generator: there's really no need to invoke fstatat() multiple times on the same sysv script

It's sufficient to check once if something is a regular file, hence,
let's do that.

5 years agoupdate TODO
Lennart Poettering [Wed, 28 Jan 2015 00:02:36 +0000 (01:02 +0100)]
update TODO

5 years agocore: if two start jobs for the same swap device node are queued, only dispatch one...
Lennart Poettering [Tue, 27 Jan 2015 23:38:38 +0000 (00:38 +0100)]
core: if two start jobs for the same swap device node are queued, only dispatch one of them at a time

If two start jobs for two seperate .swap device nodes are queued, which
then turns out to be referring to the same device node, refuse
dispatching more than one of them at the same time.

This should solve an issue when the same swap partition is found via GPT
auto-discovery and via /etc/fstab, where one uses a symlink path, and
the other the raw devce node. So far we might have ended up invoking
mkswap on the same node at the very same time with the two device node
names.

With this change only one mkswap should be executed at a time. THis
mkswap should have immediate effect on the other swap unit, due to the
state in /proc/swaps changing, and thus suppressing actual invocation of
the second mkswap.

http://lists.freedesktop.org/archives/systemd-devel/2015-January/027314.html

5 years agoswap: simplify a few things by making use of new LIST_FOREACH_OTHERS macro
Lennart Poettering [Tue, 27 Jan 2015 23:37:11 +0000 (00:37 +0100)]
swap: simplify a few things by making use of new LIST_FOREACH_OTHERS macro

5 years agolist: add macro for iterating through a list an item is in, skipping the item
Lennart Poettering [Tue, 27 Jan 2015 23:34:58 +0000 (00:34 +0100)]
list: add macro for iterating through a list an item is in, skipping the item

5 years agoswap: properly specify errno when logging
Lennart Poettering [Tue, 27 Jan 2015 23:04:47 +0000 (00:04 +0100)]
swap: properly specify errno when logging

5 years agosysv-generator: use is_symlink() utility call where appropriate
Lennart Poettering [Tue, 27 Jan 2015 22:13:28 +0000 (23:13 +0100)]
sysv-generator: use is_symlink() utility call where appropriate

5 years agosysv-generator: minor simplifications
Lennart Poettering [Tue, 27 Jan 2015 22:11:01 +0000 (23:11 +0100)]
sysv-generator: minor simplifications

5 years agoman: systemd.service(5): add some simple examples
Christian Seiler [Tue, 27 Jan 2015 16:38:02 +0000 (17:38 +0100)]
man: systemd.service(5): add some simple examples

Add a couple of exampels, at least one for each service type that
include some explanations and pointers to various relevant options.

5 years agoman: systemd.unit(5): add examples for common tasks
Christian Seiler [Sat, 24 Jan 2015 13:04:03 +0000 (14:04 +0100)]
man: systemd.unit(5): add examples for common tasks

Add examples for (a) how to allow units to be enabled and (b)
overriding vendor settings to the man page.

5 years agologind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM
Christian Seiler [Tue, 27 Jan 2015 17:58:40 +0000 (18:58 +0100)]
logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM

In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs
(or any filesystem for that matter) on top of /run/user/$UID.
Previously, logind just failed in such a situation.

Now, logind will resort to chown+chmod of the directory instead. This
allows logind still to work in those environments, although without the
guarantees it provides (i.e. users not being able to DOS /run or other
users' /run/user/$UID space) when CAP_SYS_ADMIN is available.

5 years agologind: remove per-user runtime dir again if setup fails
Christian Seiler [Fri, 23 Jan 2015 14:26:18 +0000 (15:26 +0100)]
logind: remove per-user runtime dir again if setup fails

If setup of per-user runtime dir fails, clean up afterwards by removing
the directory before returning from the function, so we don't leave the
directory behind.

If this is not done, the second time the user logs in logind would
assume that the directory is already set up, even though it isn't.

5 years agoman: mention that 99-default.link is shipped by default, and users hence need to...
Lennart Poettering [Tue, 27 Jan 2015 17:29:33 +0000 (18:29 +0100)]
man: mention that 99-default.link is shipped by default, and users hence need to install a lexically earlier .link file for it to be honoured

5 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 13:31:29 +0000 (14:31 +0100)]
update TODO

5 years agobuild-sys: make bzip2 really optional
Lennart Poettering [Tue, 27 Jan 2015 16:24:11 +0000 (17:24 +0100)]
build-sys: make bzip2 really optional

5 years agounits: turn on watchdog for resolved
Lennart Poettering [Tue, 27 Jan 2015 13:30:52 +0000 (14:30 +0100)]
units: turn on watchdog for resolved

5 years agounits: fix all TTY paths for container gettys
Lennart Poettering [Tue, 27 Jan 2015 13:28:45 +0000 (14:28 +0100)]
units: fix all TTY paths for container gettys

Spotted by Christian Seiler:

http://lists.freedesktop.org/archives/systemd-devel/2015-January/027441.html

5 years agonetworkd-dhcp6: Assign DHCPv6 addresses and prefix lengths
Patrik Flykt [Tue, 20 Jan 2015 17:36:04 +0000 (19:36 +0200)]
networkd-dhcp6: Assign DHCPv6 addresses and prefix lengths

Once IPv6 addresses have been acquired, assign these to the interface
with the prefix lengths taken from the ICMPv6 Router Advertisement
handling code. The preferred and valid IPv6 address lifetimes are
handed to the kernel which will clean up them if not renewed in time.

When a prefix announced via Router Advertisements expires, find all
addresses that match that prefix and update the address to have a
prefix length of 128 causing the prefix to be off-link.

5 years agosd-icmp6-nd: Add support for fetching the latest expired prefix
Patrik Flykt [Tue, 20 Jan 2015 17:36:03 +0000 (19:36 +0200)]
sd-icmp6-nd: Add support for fetching the latest expired prefix

Keep the expired prefix for the duration of the prefix expiration event
and remove it afterwards.

5 years agotest-icmp6-nd: Add test cases for prefixes
Patrik Flykt [Tue, 20 Jan 2015 17:36:02 +0000 (19:36 +0200)]
test-icmp6-nd: Add test cases for prefixes

Add test cases that feeds an Router Advertisement to the ICMPv6 code
and verify that the correct prefix lengths are returned given an IPv6
address.

Enhance the prefix verification test by adding a shorter prefix and
check that the intended prefix lengths are now updated.

5 years agosd-icmp6-nd: Parse ICMPv6 prefix information
Patrik Flykt [Tue, 20 Jan 2015 17:36:01 +0000 (19:36 +0200)]
sd-icmp6-nd: Parse ICMPv6 prefix information

Save each new onlink IPv6 prefix and attach an expiry timer to it.
If the prefixes overlap, take the shorter prefix and write a debug
message about the event. Once the prefix is resent in a Router
Advertisement, update the timer. Add a new event for the expiring
prefix.

Add two helper functions, one for returning a prefix length given a
Router Advertisement and the other for generic prefix matching given
an IPv6 prefix and address.

5 years agotest-icmp6-rs: Add trivial test case for an MTU that is not present
Patrik Flykt [Tue, 20 Jan 2015 17:36:00 +0000 (19:36 +0200)]
test-icmp6-rs: Add trivial test case for an MTU that is not present

5 years agosd-icmp6-nd: Add helper function to get the IPv6 link MTU
Patrik Flykt [Tue, 20 Jan 2015 17:35:59 +0000 (19:35 +0200)]
sd-icmp6-nd: Add helper function to get the IPv6 link MTU

Update MTU according to the latest value received.

5 years agosd-icmp6-nd: Add link and prefix structures for ICMPv6
Patrik Flykt [Tue, 20 Jan 2015 17:35:58 +0000 (19:35 +0200)]
sd-icmp6-nd: Add link and prefix structures for ICMPv6

Each ICMPv6 structure has an interface index and will therefore be
associated with an IPv6 link containing a list of of prefixes.

5 years agosd-icmp6-nd: Update Router Advertisement handling
Patrik Flykt [Tue, 20 Jan 2015 17:35:57 +0000 (19:35 +0200)]
sd-icmp6-nd: Update Router Advertisement handling

As the IPv6 prefixes are needed, update the ICMPv6 Router Advertisement
code to dynamically allocate a suitably sized buffer. Iterate through
the ICMPv6 options one by one returning error if the option length is
too big to fit the buffer.

5 years agosd-dhcp6-lease: Revise address iteration functions
Patrik Flykt [Tue, 20 Jan 2015 17:35:56 +0000 (19:35 +0200)]
sd-dhcp6-lease: Revise address iteration functions

Revise the address iteration functions so that one helper function
resets the iterator to the start of the address list while the
second one fetches addresses one by one.

The test case is also updated.

5 years agocompile-unifont: Python 2 compatibility
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 04:19:14 +0000 (23:19 -0500)]
compile-unifont: Python 2 compatibility

Under Python 2, sys.stdout.buffer is missing.

5 years agobuild-sys: unbundle unifont
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 00:12:56 +0000 (19:12 -0500)]
build-sys: unbundle unifont

We should prefer the unifont.hex file from the system, instead of our
own. Upstream has made a few releases since our version was included,
and we should follow upstream changes. But adding 2.6MB to our source
repo every time upstream releases is not nice.

5 years agoTODO: remove laccess conversion
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 23:12:45 +0000 (18:12 -0500)]
TODO: remove laccess conversion

I looked over all access invocations, and I think are using access()
correctly. Accepting dangling symlinks makes sense only in special
circumstances.

So far we do not allow "flag" files like "/fastboot" to be dangling
symlinks. We could, but I don't see a reason to.

5 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 01:36:40 +0000 (02:36 +0100)]
update TODO

5 years agotimesyncd: set RLIMIT_NPROC to 2
Lennart Poettering [Tue, 27 Jan 2015 01:33:46 +0000 (02:33 +0100)]
timesyncd: set RLIMIT_NPROC to 2

This way timesyncd cannot be used to fork().

Note that it generally is not safe to use RLIMIT_NPROC, since it breaks
running the same daemon in multiple containers if they do not use user
namespacing. However, timesyncd is excepted from running in a container
anyway, hence it is safe in this case.

5 years agoman: document that ProtectSystem= also covers /boot
Lennart Poettering [Tue, 27 Jan 2015 01:19:33 +0000 (02:19 +0100)]
man: document that ProtectSystem= also covers /boot

5 years agocore: explain why failing to set up the crash handler is not a real problem
Lennart Poettering [Tue, 27 Jan 2015 00:47:37 +0000 (01:47 +0100)]
core: explain why failing to set up the crash handler is not a real problem

http://lists.freedesktop.org/archives/systemd-devel/2015-January/027428.html

5 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 00:28:53 +0000 (01:28 +0100)]
update TODO

5 years agosystem-update-generator: accept a dangling symlink
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 06:34:32 +0000 (07:34 +0100)]
system-update-generator: accept a dangling symlink

The offline update mechanism is explicitly designed to work with a
separate /var. systemd-update-generator is supposed to run early,
before filesystems are mounted, so it cannot check if the
/system-update symlink actually points to anything.

The update is run *after* filesystems are mounted, so it should be
able to access the target of the symlink without trouble.

https://bugzilla.redhat.com/show_bug.cgi?id=1178978

5 years agomissing: define correct syscall numbers for memfd_create() and getrandom() on aarch64
Michael Olbrich [Mon, 26 Jan 2015 15:51:17 +0000 (16:51 +0100)]
missing: define correct syscall numbers for memfd_create() and getrandom() on aarch64