chiark / gitweb /
7 years agosd-rtnl: fix self-reference leaks
David Herrmann [Sat, 22 Mar 2014 16:43:30 +0000 (17:43 +0100)]
sd-rtnl: fix self-reference leaks

Like sd-bus, sd-rtnl can have self-references through queued messages. In
particular, each queued message has the following self-ref loop:
  rtnl->wqueue[i]->rtnl == rtnl
Same is true for "rqueue".

When sd_rtnl_unref() gets called, we must therefore make sure we correctly
consider each self-reference when deciding to destroy the object. For each
queued message, there _might_ be one ref. However, rtnl-messages can be
created _without_ a bus-reference, therefore we need to verify the
actually required ref-count.

Once we know exactly how many self-refs exist, and we verified none of the
queued messages has external references, we can destruct the object.
We must immediately drop our own reference, then flush all queues and
destroy the bus object. Otherwise, each sd_rtnl_message_unref() call would
recurse into the same destruction logic as they enter with the same

Note: We really should verify _all_ queued messages have m->rtnl set to
      the bus they're queued on. If that's given, we can change:
        if (REFCNT_GET(rtnl->n_ref) <= refs)
        if (REFCNT_GET(rtnl->n_ref) == refs)
      and thus avoid recalculating the required refs for each message we
      remove from the queue during destruction.

7 years agosd-dhcp-client: test - don't close socket twice
Tom Gundersen [Sat, 22 Mar 2014 09:52:49 +0000 (10:52 +0100)]
sd-dhcp-client: test - don't close socket twice

One end of the socketpair is closed by the library, so only close our end. Also switch to
the safe_close() so we get notified about problems with closing.

7 years agolibsystemd-network: move network-utils from src/shared
Tom Gundersen [Fri, 21 Mar 2014 20:38:14 +0000 (21:38 +0100)]
libsystemd-network: move network-utils from src/shared

This does not belong in shared as it is mostly a detail of our networking subsystem.

Moreover, now we can use libudev here, which will simplify things.

7 years agosd-ipv4ll/networkd: generate predictable addresses
Umut Tezduyar Lindskog [Fri, 21 Mar 2014 18:23:35 +0000 (19:23 +0100)]
sd-ipv4ll/networkd: generate predictable addresses

Increase the chance of using the same link local address between reboots. The
pseudo random sequence of addresses we attempt is now seeded with data that is
very likely to stay the same between reboots, but at the same time be unique
to the specific machine/nic.

First we try to use the ID_NET_NAME_* data from the udev db combined with the
machin-id, which is guaranteed to be unique and persistent, if available. If
that is not possible (e.g., in containers where we don't have access to the
udev db) we fallback to using the MAC address of the interface, which is
guaranteed to be unique, and likely to be persistent.

[tomegun: three minor changes:

 - don't expose HASH_KEY in the siphash24 header
 - get rid of some compile-warnings (and some casts at the same time),
   by using uint8_t[8] rather than uint64_t in the api
 - added commit message]

7 years agotimedated: do not reset poll interval with a spike
Kay Sievers [Fri, 21 Mar 2014 16:49:50 +0000 (17:49 +0100)]
timedated: do not reset poll interval with a spike

7 years agosd-dhcp-client/sd-ipv4ll: allow mac address to be updated at any time
Tom Gundersen [Fri, 21 Mar 2014 17:36:32 +0000 (18:36 +0100)]
sd-dhcp-client/sd-ipv4ll: allow mac address to be updated at any time

If necessary, restart the clients to deal with a changing mac address
at runtime. This will solve the problem of starting clients on bridges
before they have received their final MAC address.

7 years agonetwork: dhcp: create explicit host route to gateway
Brandon Philips [Thu, 20 Mar 2014 18:28:12 +0000 (11:28 -0700)]
network: dhcp: create explicit host route to gateway

Some DHCP servers gives you a netmask of so the gateway is not
routable. Other DHCP client implementations look through the existing routes to
figure out if they should add an explicit host route. See below for a link.

However, it makes sense to just create the route explicitly whether it is
needed or not since it is explicit, makes the dhcp route entries independent of
other entries and saves us from knowing the state of the kernel tables.

After patch route table on a machine with a network (common case):

default via dev ens3 dev ens3  proto kernel  scope link  src dev ens3  scope link

After patch route table on a machine without a network (this case):

default via dev ens4v1 dev ens4v1  scope link

The code from dhcpcd that works around this issue is on line 637.

7 years agosd-dhcp-client: add fallback subnet masks
Tom Gundersen [Wed, 19 Mar 2014 15:05:44 +0000 (16:05 +0100)]
sd-dhcp-client: add fallback subnet masks

The DHCP RFC does not require the DHCP server to send a subnet mask, so if it
is missing, let's try to use the default subnet masks based on address class.
In case the class the address belongs to does not have a default subnet mask,
we fail as before.

Also improve logging when handling invalid dhcp messages, and simply ignore them
rather than stop the whole dhcp client.

7 years agosd-dhcp-client: make timeout handling a bit more robust
Tom Gundersen [Wed, 19 Mar 2014 16:19:22 +0000 (17:19 +0100)]
sd-dhcp-client: make timeout handling a bit more robust

Accept any lease lifetime greater than one second. Server should not
hand out extremely short leases, but let's not be the ones to fail.

Do not fail when arming a timer in the past, but also only arm one such

Avoid rounding errors when computing the default timeouts, this may be
an issue if we are handed a very short lease.

Also, don't pass 'time_now' around, as that can be found in the event
object when needed.

7 years agomissing: add more compat for old kernels and loop devices
Lennart Poettering [Fri, 21 Mar 2014 02:42:49 +0000 (03:42 +0100)]
missing: add more compat for old kernels and loop devices

7 years agoman: document ARM root partition types
Lennart Poettering [Fri, 21 Mar 2014 02:35:28 +0000 (03:35 +0100)]
man: document ARM root partition types

7 years agoupdate TODO
Lennart Poettering [Fri, 21 Mar 2014 02:27:17 +0000 (03:27 +0100)]
update TODO

7 years agotimer: add timer persistance (aka anacron-like behaviour)
Lennart Poettering [Fri, 21 Mar 2014 02:25:28 +0000 (03:25 +0100)]
timer: add timer persistance (aka anacron-like behaviour)

7 years agoTODO
Tom Gundersen [Thu, 20 Mar 2014 19:19:59 +0000 (20:19 +0100)]

7 years agonetworkd: link - create dhcp and ipv4ll eagerly
Tom Gundersen [Thu, 20 Mar 2014 18:57:19 +0000 (19:57 +0100)]
networkd: link - create dhcp and ipv4ll eagerly

Make sure the client objects exist for the lifetime of the Link.

7 years agonetworkd: update mac address in clients when it changes
Tom Gundersen [Thu, 20 Mar 2014 18:20:55 +0000 (19:20 +0100)]
networkd: update mac address in clients when it changes

Pass the mac address on to ipv4ll and dhcp clients so they always have
up-to-date information, and may react appropriately to the change.

Also drop setting the mac address from uevent, and only log when the
address actually changes.

7 years agosd-dhcp-client: do not reset 'secs' when entering INIT-REBOOT
Tom Gundersen [Thu, 20 Mar 2014 15:21:43 +0000 (16:21 +0100)]
sd-dhcp-client: do not reset 'secs' when entering INIT-REBOOT

Also keep start_time in sync, but that shouldn't matter.

7 years agosd-dhcp-client: don't pass around 'secs'
Tom Gundersen [Wed, 19 Mar 2014 13:45:35 +0000 (14:45 +0100)]
sd-dhcp-client: don't pass around 'secs'

The value is stored in the client object, so get it there when needed.

7 years agolibsystemd-dhcp: Update client test case for client id and end option
Patrik Flykt [Thu, 20 Mar 2014 08:31:49 +0000 (10:31 +0200)]
libsystemd-dhcp: Update client test case for client id and end option

Check that the client identifier is formatted as suggested in the
RFC and that the messages sent ends with an end option.

7 years agolibsystemd-network: Don't unnecessarily send too long packets
Patrik Flykt [Wed, 19 Mar 2014 12:38:59 +0000 (14:38 +0200)]
libsystemd-network: Don't unnecessarily send too long packets

Since the length used by options is known, send packets with no
extra padding.

7 years agolibsystemd-network: Prepend hardware type byte to client identifier
Patrik Flykt [Wed, 19 Mar 2014 11:53:02 +0000 (13:53 +0200)]
libsystemd-network: Prepend hardware type byte to client identifier

Even though client identifiers SHOULD be treated as opaque objects by
DHCP servers, follow the recommendation of a hardware type field with
value 0x01 (ethernet) followed by the hardware address as described in
RFC 2132.

7 years agoupdate TODO
Lennart Poettering [Thu, 20 Mar 2014 03:19:23 +0000 (04:19 +0100)]
update TODO

7 years agounit: turn off mount propagation for udevd
Lennart Poettering [Thu, 20 Mar 2014 03:16:39 +0000 (04:16 +0100)]
unit: turn off mount propagation for udevd

Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.

7 years agoupdate TODO
Lennart Poettering [Wed, 19 Mar 2014 22:25:41 +0000 (23:25 +0100)]
update TODO

7 years agocore: enable PrivateNetwork= for a number of our long running services where this...
Lennart Poettering [Wed, 19 Mar 2014 22:08:39 +0000 (23:08 +0100)]
core: enable PrivateNetwork= for a number of our long running services where this is useful

7 years agocore: move notify sockets to /run and $XDG_RUNTIME_DIR
Lennart Poettering [Wed, 19 Mar 2014 21:46:45 +0000 (22:46 +0100)]
core: move notify sockets to /run and $XDG_RUNTIME_DIR

A service with PrivateNetwork= cannot access abstract namespace sockets
of the host anymore, hence let's better not use abstract namespace
sockets for this, since we want to make sure that PrivateNetwork=
is useful and doesn't break sd_notify().

7 years agoman: improve documentation of fs namespace related settings
Lennart Poettering [Wed, 19 Mar 2014 21:26:08 +0000 (22:26 +0100)]
man: improve documentation of fs namespace related settings

7 years agocore: make sure we can combine DevicePolicy=closed with PrivateDevices=yes
Lennart Poettering [Wed, 19 Mar 2014 21:00:43 +0000 (22:00 +0100)]
core: make sure we can combine DevicePolicy=closed with PrivateDevices=yes

if PrivateDevices=yes is used we need to make sure we can still
create /dev/null and so on.

7 years agosd-bus: don't use assert_return() to check for disconnected bus connections
Lennart Poettering [Wed, 19 Mar 2014 20:41:21 +0000 (21:41 +0100)]
sd-bus: don't use assert_return() to check for disconnected bus connections

A terminated connection is a runtime error and not a developer mistake,
hence don't use assert_return() to check for it.

7 years agocore: rework context initialization/destruction logic
Lennart Poettering [Wed, 19 Mar 2014 19:40:05 +0000 (20:40 +0100)]
core: rework context initialization/destruction logic

Let's automatically initialize the kill, exec and cgroup contexts of the
various unit types when the object is constructed, instead of
invididually in type-specific code.

Also, when PrivateDevices= is set, set DevicePolicy= to closed.

7 years agosd-bus: properly translate high-level attach flags into kdbus attach flags
Lennart Poettering [Wed, 19 Mar 2014 17:31:54 +0000 (18:31 +0100)]
sd-bus: properly translate high-level attach flags into kdbus attach flags

7 years agoupdate TODO
Lennart Poettering [Wed, 19 Mar 2014 15:56:16 +0000 (16:56 +0100)]
update TODO

7 years agocore: when PrivateTmp= is set for a unit, make sure to order it after /tmp and /var...
Lennart Poettering [Wed, 19 Mar 2014 15:55:43 +0000 (16:55 +0100)]
core: when PrivateTmp= is set for a unit, make sure to order it after /tmp and /var/tmp are mounted

7 years agounits: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running...
Lennart Poettering [Wed, 19 Mar 2014 15:45:28 +0000 (16:45 +0100)]
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons

7 years agoupdate TODO
Lennart Poettering [Wed, 19 Mar 2014 15:24:47 +0000 (16:24 +0100)]
update TODO

7 years agocore: Beef up PrivateDevices=
Lennart Poettering [Wed, 19 Mar 2014 15:23:32 +0000 (16:23 +0100)]
core: Beef up PrivateDevices=

Also mount /dev/kdbus, /dev/mqueue and /dev/hugepages into the /dev for
namespaced services.

7 years agobusctl: when monitoring the bus, enable all credentials
Lennart Poettering [Wed, 19 Mar 2014 15:21:01 +0000 (16:21 +0100)]
busctl: when monitoring the bus, enable all credentials

7 years agocore: expose missing busname properties on the bus
Lennart Poettering [Wed, 19 Mar 2014 15:19:06 +0000 (16:19 +0100)]
core: expose missing busname properties on the bus

7 years agosd-dhcp-client: accept infinite lease lifetime
Tom Gundersen [Wed, 19 Mar 2014 09:41:29 +0000 (10:41 +0100)]
sd-dhcp-client: accept infinite lease lifetime

Otherwise we would fail with -EINVAL. Thanks to Brandon Philips
<>, for reporting the bug.

7 years agolibsystemd-network: Add Init-Reboot support
Patrik Flykt [Fri, 31 Jan 2014 09:31:22 +0000 (11:31 +0200)]
libsystemd-network: Add Init-Reboot support

Init-Reboot is tried if a client IP address has been given when
the DHCP client is started. In Init-Reboot, start by sending a
broadcast DHCP Request including the supplied client IP address
but without the server identifier. After sending the request,
enter Reboot state.

If a DHCP Ack is received, proceed to Bound state as usual. If a
DHCP Nak is received or the first timeout triggers, start the
address acquisition over from DHCP Init state.

See RFC 2131, sections 4.3.2, 4.4, 4.4.1 and 4.4.2 for details.

7 years agolibsystemd-network: Restart DHCP acquisition if the lease expires
Patrik Flykt [Wed, 12 Mar 2014 09:46:40 +0000 (11:46 +0200)]
libsystemd-network: Restart DHCP acquisition if the lease expires

This causes the DHCP client struct initialization and DHCP client
starting to be factored out into functions of their own.

7 years agolibsystemd-network: Add hangcheck timer for DHCP client test
Patrik Flykt [Wed, 12 Mar 2014 10:52:00 +0000 (12:52 +0200)]
libsystemd-network: Add hangcheck timer for DHCP client test

7 years agolibsystemd-network: Export checksum function to test case
Patrik Flykt [Tue, 25 Feb 2014 11:33:24 +0000 (13:33 +0200)]
libsystemd-network: Export checksum function to test case

Remove identical checksum function implementation from the test
case code.

7 years agoupdate TODO
Lennart Poettering [Wed, 19 Mar 2014 03:17:37 +0000 (04:17 +0100)]
update TODO

7 years agosd-bus: add proper monitoring API
Lennart Poettering [Wed, 19 Mar 2014 03:17:00 +0000 (04:17 +0100)]
sd-bus: add proper monitoring API

7 years agocore: by default .busname units should be activating
Lennart Poettering [Wed, 19 Mar 2014 02:09:51 +0000 (03:09 +0100)]
core: by default .busname units should be activating

7 years agoupdate TODO
Lennart Poettering [Wed, 19 Mar 2014 01:28:03 +0000 (02:28 +0100)]
update TODO

7 years agobusname: introduce Activating directive
Daniel Mack [Mon, 17 Mar 2014 10:41:21 +0000 (11:41 +0100)]
busname: introduce Activating directive

Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.

If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running.

7 years agoupdate TODO
Lennart Poettering [Wed, 19 Mar 2014 00:48:23 +0000 (01:48 +0100)]
update TODO

7 years agocore: when creating an activating busname attach all metadata fields to the messages...
Lennart Poettering [Wed, 19 Mar 2014 00:36:03 +0000 (01:36 +0100)]
core: when creating an activating busname attach all metadata fields to the messages queued for it

This way we can be sure that the service the messages are ultimately
intended for finds all fields it might need.

7 years agoupdate kdbus.h
Lennart Poettering [Wed, 19 Mar 2014 00:35:52 +0000 (01:35 +0100)]
update kdbus.h

7 years agomissing: define LO_FLAGS_PARTSCAN if it is missing
Lennart Poettering [Wed, 19 Mar 2014 00:10:14 +0000 (01:10 +0100)]
missing: define LO_FLAGS_PARTSCAN if it is missing

7 years agoutil: add new FOREACH_STRING() macro as syntactic sugar to iterate through a number...
Lennart Poettering [Tue, 18 Mar 2014 23:54:41 +0000 (00:54 +0100)]
util: add new FOREACH_STRING() macro as syntactic sugar to iterate through a number of fixed strings

7 years agoupdate TODO
Lennart Poettering [Tue, 18 Mar 2014 20:06:08 +0000 (21:06 +0100)]
update TODO

7 years agoman: dcument sd_bus_negotiate_fds() and friends
Lennart Poettering [Tue, 18 Mar 2014 20:05:16 +0000 (21:05 +0100)]
man: dcument sd_bus_negotiate_fds() and friends

7 years agosd-bus: if we got a message with fds attached even though we didn't negotiate it...
Lennart Poettering [Tue, 18 Mar 2014 20:03:37 +0000 (21:03 +0100)]
sd-bus: if we got a message with fds attached even though we didn't negotiate it, refuse to take it

This makes sure we don't mishandle if developers specificy a different
AcceptFileDescriptors= setting in .busname units then they set for the
bus connection in the activated program.

7 years agocore: add new AcceptFD= setting to .busname units
Lennart Poettering [Tue, 18 Mar 2014 19:54:32 +0000 (20:54 +0100)]
core: add new AcceptFD= setting to .busname units

AcceptFD= defaults to true, thus making sure that by default fd passing
is enabled for all activatable names. Since for normal bus connections
fd passing is enabled too by default this makes sure fd passing works
correctly regardless whether a service is already activated or not.

Making this configurable on both busname units and in bus connections is
messy, but unavoidable since busnames are established and may queue
messages before the connection feature negotiation is done by the
service eventually activated. Conversely, feature negotiation on bus
connections takes place before the connection acquires its names.

Of course, this means developers really should make sure to keep the
settings in .busname units in sync with what they later intend to

7 years agotest
Lennart Poettering [Tue, 18 Mar 2014 18:31:44 +0000 (19:31 +0100)]

7 years agoutil: replace close_nointr_nofail() by a more useful safe_close()
Lennart Poettering [Tue, 18 Mar 2014 18:22:43 +0000 (19:22 +0100)]
util: replace close_nointr_nofail() by a more useful safe_close()

safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like

        fd = safe_close(fd);

Which will close an fd if it is open, and reset the fd variable

By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.

7 years agoudate TODO
Lennart Poettering [Tue, 18 Mar 2014 16:59:11 +0000 (17:59 +0100)]
udate TODO

7 years agocore: drop CAP_MKNOD when PrivateDevices= is set
Lennart Poettering [Tue, 18 Mar 2014 16:58:19 +0000 (17:58 +0100)]
core: drop CAP_MKNOD when PrivateDevices= is set

7 years agotimedated: update test address
Kay Sievers [Tue, 18 Mar 2014 15:20:15 +0000 (16:20 +0100)]
timedated: update test address

7 years agohwdb: update
Kay Sievers [Tue, 18 Mar 2014 15:17:51 +0000 (16:17 +0100)]
hwdb: update

7 years agosd-dhcp-client: make sure timers fire immediately
Tom Gundersen [Tue, 18 Mar 2014 13:13:01 +0000 (14:13 +0100)]
sd-dhcp-client: make sure timers fire immediately

The default slack caused there to be a delay before timers fired. Solve it
by setting timers that should trigger immediately to trigger far in the past.

This brings down the ideal-case dhcp lease acquisition time from about 500ms to
about 50ms (over a veth pair, so no network latency involved).

All the rest of the time (except for ~0.5ms) is spent in the bind() call in,
dhcp_network_bind_raw_socket(). I don't know if there is anything to be done
about that though...

7 years agomicrohttpd-util: avoid double free on error
Zbigniew Jędrzejewski-Szmek [Tue, 18 Mar 2014 02:13:47 +0000 (22:13 -0400)]
microhttpd-util: avoid double free on error

It seems that resources are properly deallocated by MHD_destroy_response,
even if enqueuing the request fails.

Also replace a trivial printf with alloca and fixup log message
(it'll now be something like "Connection from",
which seems clear enough.)

7 years agojournal-remote: do not attempt to read from µhttpd connections
Zbigniew Jędrzejewski-Szmek [Tue, 18 Mar 2014 02:11:18 +0000 (22:11 -0400)]
journal-remote: do not attempt to read from µhttpd connections

This chunk got lost in one of the rebases :(

7 years agomachinectl: reimplement machinectl's "reboot" verb on top of "kill", and add new...
Lennart Poettering [Tue, 18 Mar 2014 03:44:39 +0000 (04:44 +0100)]
machinectl: reimplement machinectl's "reboot" verb on top of "kill", and add new verb "poweroff"

There's really no point to send the reboot SIGINT from machinectl
directly, if machined can do that anyway. This saves code, and
makes machinectl network transparent for these verbs. And while we are
at it we can easily add a "poweroff" verb in addition to "reboot". Yay!

7 years agomachined: fix Kill() bus call on machine objects when "what" is specified as "leader"
Lennart Poettering [Tue, 18 Mar 2014 03:43:08 +0000 (04:43 +0100)]
machined: fix Kill() bus call on machine objects when "what" is specified as "leader"

7 years agoupdate TODO
Lennart Poettering [Tue, 18 Mar 2014 02:53:59 +0000 (03:53 +0100)]
update TODO

7 years agocore: remount /sys/fs/cgroup/ read-only after we mounted all controllers
Lennart Poettering [Tue, 18 Mar 2014 03:06:54 +0000 (04:06 +0100)]
core: remount /sys/fs/cgroup/ read-only after we mounted all controllers

Given that glibc searches for /dev/shm by just looking for any tmpfs we
should be more careful with providing tmpfs instances arbitrary code
might end up writing to.

7 years agocgroup: it's not OK to invoke alloca() in loops
Lennart Poettering [Tue, 18 Mar 2014 03:06:36 +0000 (04:06 +0100)]
cgroup: it's not OK to invoke alloca() in loops

7 years agosystemctl: sort local host entry before container in list-machines output
Lennart Poettering [Tue, 18 Mar 2014 02:53:02 +0000 (03:53 +0100)]
systemctl: sort local host entry before container in list-machines output

7 years agosystemctl: prefix list-units and list-machines output with a circle indicating a...
Lennart Poettering [Tue, 18 Mar 2014 02:51:24 +0000 (03:51 +0100)]
systemctl: prefix list-units and list-machines output with a circle indicating a failure state

(Subject to --no-legend)

7 years agotimedatectl: clear ADJ_MAXERROR to make sure we keep STA_SYNC set
Kay Sievers [Tue, 18 Mar 2014 02:57:35 +0000 (03:57 +0100)]
timedatectl: clear ADJ_MAXERROR to make sure we keep STA_SYNC set

7 years agosystemd-run: extend bash completion
Thomas Hindoe Paaboel Andersen [Mon, 17 Mar 2014 20:59:43 +0000 (21:59 +0100)]
systemd-run: extend bash completion

-H --host
-M --machine
--service-type (options: simple forking oneshot dbus notify idle)
-p --property (options read from bus_append_unit_property_assignment)

7 years agoremove unused variable
Thomas Hindoe Paaboel Andersen [Mon, 17 Mar 2014 20:50:49 +0000 (21:50 +0100)]
remove unused variable

7 years agoman: networkd - additional examples related to bridging
poma [Mon, 17 Mar 2014 20:08:40 +0000 (21:08 +0100)]
man: networkd - additional examples related to bridging

7 years agobuild-sys: move sd-login src/login → src/libsystemd/sd-login
Lennart Poettering [Mon, 17 Mar 2014 17:28:30 +0000 (18:28 +0100)]
build-sys: move sd-login src/login → src/libsystemd/sd-login

After all, it is ultimately linked to anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.

7 years agoupdate TODO
Lennart Poettering [Mon, 17 Mar 2014 17:15:38 +0000 (18:15 +0100)]
update TODO

7 years agosd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers
Lennart Poettering [Mon, 17 Mar 2014 17:14:26 +0000 (18:14 +0100)]
sd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers

This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.

7 years agoupdate TODO
Lennart Poettering [Mon, 17 Mar 2014 14:18:11 +0000 (15:18 +0100)]
update TODO

7 years agocore, libsystemd, systemd, timedate, udev: spelling fixes
Miklos Vajna [Fri, 14 Mar 2014 20:13:38 +0000 (21:13 +0100)]
core, libsystemd, systemd, timedate, udev: spelling fixes

7 years agoman: improve wording of systemctl's --after/--before
Jason St. John [Mon, 17 Mar 2014 04:03:46 +0000 (00:03 -0400)]
man: improve wording of systemctl's --after/--before

Commit 4a77ca7 was an attempt at fixing the wording of --after and --before,
but the new wording was unclear.

Split the combined --after/--before section into a separate section for
each, explicitly state what each option does, and add information about
how these lists are generated.

Reported-by: Andrey Borzenkov <>
Reported-by: Lennart Poettering <>
7 years agobuild-sys: bump required µhttpd version
Zbigniew Jędrzejewski-Szmek [Mon, 17 Mar 2014 04:13:48 +0000 (00:13 -0400)]
build-sys: bump required µhttpd version

next-but-last release.

7 years agojournal-remote: implement inheriting http(s) sockets
Zbigniew Jędrzejewski-Szmek [Mon, 17 Mar 2014 02:33:35 +0000 (22:33 -0400)]
journal-remote: implement inheriting http(s) sockets

Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd
server on those two ports, in http and https modes respectively.
As before, --listen-http=3 --listen-https=4 will launch µhttpd servers
on ports 3 and 4.

7 years agomicrohttpd-util: use static buffer for static messages
Zbigniew Jędrzejewski-Szmek [Mon, 17 Mar 2014 00:05:50 +0000 (20:05 -0400)]
microhttpd-util: use static buffer for static messages

Most of the messages we send do not require a allocating and
freeing a buffer, to optimize this by using const strings.

Also, rename respond_error to mhd_respond*, since it is used
not only for errors.

Make use of information from printf to avoid one extra call to

7 years agojournal-remote: HTTP(s) support
Zbigniew Jędrzejewski-Szmek [Sat, 15 Mar 2014 19:58:03 +0000 (15:58 -0400)]
journal-remote: HTTP(s) support

The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.

Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.

The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.

7 years agojournal-remote: tool to receive messages over the network
Zbigniew Jędrzejewski-Szmek [Thu, 1 Nov 2012 22:08:03 +0000 (23:08 +0100)]
journal-remote: tool to receive messages over the network

7 years agojournal-gatewayd: check if certificate is signed by CA
Zbigniew Jędrzejewski-Szmek [Sat, 1 Dec 2012 10:12:05 +0000 (11:12 +0100)]
journal-gatewayd: check if certificate is signed by CA

If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be

Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.

7 years agojournal-gatewayd: log to journal from gnutls
Zbigniew Jędrzejewski-Szmek [Wed, 28 Nov 2012 22:08:35 +0000 (23:08 +0100)]
journal-gatewayd: log to journal from gnutls

Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.

7 years agobuild-sys: add check on gnutls
Zbigniew Jędrzejewski-Szmek [Wed, 28 Nov 2012 11:45:31 +0000 (12:45 +0100)]
build-sys: add check on gnutls

7 years agojournal-gatewayd: ask clients to provide certificates
Zbigniew Jędrzejewski-Szmek [Mon, 26 Nov 2012 22:02:14 +0000 (23:02 +0100)]
journal-gatewayd: ask clients to provide certificates

A certificate authority certificate will be presented to clients,
causing them to present their client certificate, if it is signed by
this authority (default behaviour of most clients). No certificate
checking is actually performed.

7 years agoactivate: export make_socket_fd
Zbigniew Jędrzejewski-Szmek [Mon, 10 Mar 2014 01:33:04 +0000 (21:33 -0400)]
activate: export make_socket_fd

Also improve logging to print out the parsed address on error.

7 years agoshared: export is_dir
Zbigniew Jędrzejewski-Szmek [Fri, 2 Nov 2012 14:05:31 +0000 (15:05 +0100)]
shared: export is_dir

7 years agojournal: export valid_user_field and size defines
Zbigniew Jędrzejewski-Szmek [Sat, 3 Nov 2012 19:13:46 +0000 (20:13 +0100)]
journal: export valid_user_field and size defines

In preparation for use elsewhere.

7 years agojournal: extract duplicated code to a function
Zbigniew Jędrzejewski-Szmek [Thu, 1 Nov 2012 21:36:52 +0000 (22:36 +0100)]
journal: extract duplicated code to a function

7 years agojournal: extract duplicated code to a function
Zbigniew Jędrzejewski-Szmek [Thu, 1 Nov 2012 21:26:22 +0000 (22:26 +0100)]
journal: extract duplicated code to a function

7 years agojournald: remove stray reset of error return value
Zbigniew Jędrzejewski-Szmek [Tue, 11 Mar 2014 01:19:23 +0000 (21:19 -0400)]
journald: remove stray reset of error return value

7 years agosystemctl: introduce -r switch to show units running in local containers in addition...
Lennart Poettering [Mon, 17 Mar 2014 02:31:38 +0000 (03:31 +0100)]
systemctl: introduce -r switch to show units running in local containers in addition to the host

7 years agotimedated: move test logging to test program
Kay Sievers [Sun, 16 Mar 2014 23:18:55 +0000 (00:18 +0100)]
timedated: move test logging to test program