chiark / gitweb /
6 years agocompile-unifont: Python 2 compatibility
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 04:19:14 +0000 (23:19 -0500)]
compile-unifont: Python 2 compatibility

Under Python 2, sys.stdout.buffer is missing.

6 years agobuild-sys: unbundle unifont
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jan 2015 00:12:56 +0000 (19:12 -0500)]
build-sys: unbundle unifont

We should prefer the unifont.hex file from the system, instead of our
own. Upstream has made a few releases since our version was included,
and we should follow upstream changes. But adding 2.6MB to our source
repo every time upstream releases is not nice.

6 years agoTODO: remove laccess conversion
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 23:12:45 +0000 (18:12 -0500)]
TODO: remove laccess conversion

I looked over all access invocations, and I think are using access()
correctly. Accepting dangling symlinks makes sense only in special

So far we do not allow "flag" files like "/fastboot" to be dangling
symlinks. We could, but I don't see a reason to.

6 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 01:36:40 +0000 (02:36 +0100)]
update TODO

6 years agotimesyncd: set RLIMIT_NPROC to 2
Lennart Poettering [Tue, 27 Jan 2015 01:33:46 +0000 (02:33 +0100)]
timesyncd: set RLIMIT_NPROC to 2

This way timesyncd cannot be used to fork().

Note that it generally is not safe to use RLIMIT_NPROC, since it breaks
running the same daemon in multiple containers if they do not use user
namespacing. However, timesyncd is excepted from running in a container
anyway, hence it is safe in this case.

6 years agoman: document that ProtectSystem= also covers /boot
Lennart Poettering [Tue, 27 Jan 2015 01:19:33 +0000 (02:19 +0100)]
man: document that ProtectSystem= also covers /boot

6 years agocore: explain why failing to set up the crash handler is not a real problem
Lennart Poettering [Tue, 27 Jan 2015 00:47:37 +0000 (01:47 +0100)]
core: explain why failing to set up the crash handler is not a real problem

6 years agoupdate TODO
Lennart Poettering [Tue, 27 Jan 2015 00:28:53 +0000 (01:28 +0100)]
update TODO

6 years agosystem-update-generator: accept a dangling symlink
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 06:34:32 +0000 (07:34 +0100)]
system-update-generator: accept a dangling symlink

The offline update mechanism is explicitly designed to work with a
separate /var. systemd-update-generator is supposed to run early,
before filesystems are mounted, so it cannot check if the
/system-update symlink actually points to anything.

The update is run *after* filesystems are mounted, so it should be
able to access the target of the symlink without trouble.

6 years agomissing: define correct syscall numbers for memfd_create() and getrandom() on aarch64
Michael Olbrich [Mon, 26 Jan 2015 15:51:17 +0000 (16:51 +0100)]
missing: define correct syscall numbers for memfd_create() and getrandom() on aarch64

6 years agoupdate TODO
Lennart Poettering [Mon, 26 Jan 2015 20:51:57 +0000 (21:51 +0100)]
update TODO

6 years agosd-bus: change serialization of kdbus messages to qualify in their entirety as gvaria...
Lennart Poettering [Mon, 26 Jan 2015 20:48:08 +0000 (21:48 +0100)]
sd-bus: change serialization of kdbus messages to qualify in their entirety as gvariant objects

Previously, we only minimally altered the dbus1 framing for kdbus, and
while the header and its fields where compliant Gvariant objects, and so
was the body, the entire message together was not.

As result of discussions with Ryan Lortie this is now changed, so that
the messages in there entirely are fully compliant GVariants. This
follows the framing description described here:

Note that this change changes the framing of *all* messages sent via
kdbus, this means you have to reboot your kdbus system, after compiling
and installing this new version.

6 years agobus-dump: fix two minor memory leaks
Lennart Poettering [Mon, 26 Jan 2015 19:03:25 +0000 (20:03 +0100)]
bus-dump: fix two minor memory leaks

6 years agoman: fix minor type in man page
Lennart Poettering [Mon, 26 Jan 2015 16:48:58 +0000 (17:48 +0100)]
man: fix minor type in man page

6 years agosd-bus: reuse the KDBUS_CMD_FREE wrapper wherever appropriate
Lennart Poettering [Mon, 26 Jan 2015 16:48:14 +0000 (17:48 +0100)]
sd-bus: reuse the KDBUS_CMD_FREE wrapper wherever appropriate

6 years agotreewide: fix multiple typos
Torstein Husebø [Mon, 26 Jan 2015 14:29:14 +0000 (15:29 +0100)]
treewide: fix multiple typos

6 years agotmpfiles: use casts instead of warning suppression
Zbigniew Jędrzejewski-Szmek [Mon, 26 Jan 2015 15:39:03 +0000 (10:39 -0500)]
tmpfiles: use casts instead of warning suppression

This warning got its own name only in gcc5, so the suppression does
not work in gcc4, and generates a warning of its own. Use a cast,
which is ugly too, but less so.

6 years agoman: minor typo fix
Lennart Poettering [Mon, 26 Jan 2015 14:28:18 +0000 (15:28 +0100)]
man: minor typo fix

Spotted by John Paul Adrian Glaubitz

6 years agolibudev: private - drop some functions from the internal API
Tom Gundersen [Mon, 26 Jan 2015 13:48:04 +0000 (14:48 +0100)]
libudev: private - drop some functions from the internal API

6 years agolibudev: monitor - move nulstr parsing to libudev-device
Tom Gundersen [Mon, 26 Jan 2015 13:45:12 +0000 (14:45 +0100)]
libudev: monitor - move nulstr parsing to libudev-device

Hide the details a bit.

6 years agoudev: event - minor nit
Tom Gundersen [Mon, 26 Jan 2015 13:13:31 +0000 (14:13 +0100)]
udev: event - minor nit

Stay uniform and use 'dev' rather than 'event->dev', as these are aliases (and event->dev looks
like it may be a typo for event->dev_db).

6 years agoudev: event - introduce and use internal udev_device_shallow_clone()
Tom Gundersen [Mon, 26 Jan 2015 13:12:45 +0000 (14:12 +0100)]
udev: event - introduce and use internal udev_device_shallow_clone()

6 years agoudev: event - move renaming of udev_device to libudev
Tom Gundersen [Mon, 26 Jan 2015 12:33:00 +0000 (13:33 +0100)]
udev: event - move renaming of udev_device to libudev

This is not exposed in the public API. We want to simplify the internal libudev-device API as much as possible
so that it will be simpler to rip the whole thing out in the future.

6 years agotmpfiles: do not bump access times of directories we are cleaning up
Zbigniew Jędrzejewski-Szmek [Thu, 2 Jan 2014 05:02:31 +0000 (00:02 -0500)]
tmpfiles: do not bump access times of directories we are cleaning up

Both plain opendir() and glob() will bump access time. Privileged
option O_NOATIME can be used to prevent the access time from being
updated. We already used it for subdirectories of the directories
which we were cleaning up. But for the directories specified directly
in the config files, we wouldn't do that. This means that,
paradoxically, our own temporary directories for PrivateTmp would stay
around forever, as long as one let systemd-tmpfiles-clean.service run
regularly, because they had their own glob patterns specified.

6 years agotmpfiles: add debug statements for all actions
Zbigniew Jędrzejewski-Szmek [Sat, 24 Jan 2015 06:54:05 +0000 (01:54 -0500)]
tmpfiles: add debug statements for all actions

systemd-tmpfiles can be used by users, but it can be quite hard to
figure out the logic it follows, especially since the logic is in some
places rather torturous. Hopefuly this will make it easier for users
to understand what is happening.

6 years agopo: update Russian translation
Sergey Ptashnick [Fri, 23 Jan 2015 17:56:36 +0000 (20:56 +0300)]
po: update Russian translation

Add strings for importd.

6 years agocatalog,po: update Polish translation
Piotr Drąg [Thu, 22 Jan 2015 14:28:04 +0000 (15:28 +0100)]
catalog,po: update Polish translation

Patch updates Polish translation with new strings from, as well as incorporates updates in
catalog and po files to accommodate recent changes in the original
strings (commits 2e219e5672689dad60e110f0b3366765506c4c58 and

6 years agomachinectl: fix typo
Zbigniew Jędrzejewski-Szmek [Sun, 25 Jan 2015 02:07:27 +0000 (21:07 -0500)]
machinectl: fix typo

6 years agomount-setup: Do not bother with /proc/bus/usb
Cristian Rodríguez [Fri, 23 Jan 2015 16:25:30 +0000 (13:25 -0300)]
mount-setup: Do not bother with /proc/bus/usb

Current systemd requires kernel >= 3.7 per the README file
but CONFIG_USB_DEVICEFS disappeared from the kernel in
upstream commit fb28d58b72aa9215b26f1d5478462af394a4d253
(kernel 3.5-rc1)

6 years agobuild-sys: lookup for sulogin, it might not be in /sbin
Cristian Rodríguez [Fri, 23 Jan 2015 17:35:20 +0000 (14:35 -0300)]
build-sys: lookup for sulogin, it might not be in /sbin

6 years agoresolved: when rereading /etc/resolv.conf, always start using first DNS server again
Lennart Poettering [Fri, 23 Jan 2015 17:57:29 +0000 (18:57 +0100)]
resolved: when rereading /etc/resolv.conf, always start using first DNS server again

Previously we tried to stick to a DNS server as long as it is available.
When /etc/resolv.conf changed, and the old DNS server we used was still
in there we'd continue to use it, even if it was at the end of the list.

With this change we'll now always start with the first DNS server in the
list again.

Rationale: certain network managing implementations (notably
NetworkManager) when connected to a VPN place both the VPN DNS server as
well as the local DNS server in /etc/resolv.conf. If we used the local
one before we would thus continue to use the local one, making VPN names
unresolvable. NetworkManager really should be fixed to only place the
VPN DNS servers in the file, but with this commit things are at least
similarly bad as they used to be...

6 years ago#pragma once here and there
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 14:20:59 +0000 (09:20 -0500)]
#pragma once here and there

6 years agobuild-sys: fix build on compilers without static_assert
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 14:06:00 +0000 (09:06 -0500)]
build-sys: fix build on compilers without static_assert

Build would fail when assert was used on the same line in
different files #included together.

6 years agosystemctl: bugfix for systemctl reboot command with argument
Sangjung Woo [Fri, 23 Jan 2015 11:21:57 +0000 (20:21 +0900)]
systemctl: bugfix for systemctl reboot command with argument

According to systemctl man page, 'systemctl reboot [arg]' should work
without any errors. However, it does not work because of 'Invalid number
of arguments' error, except for 'reboot [arg]'. This patch fixes the bug
so that both of commands work in exactly the same way.

6 years agocore,shutdown: don't bother with unmounting any mounts below /sys, /proc, /dev when...
Lennart Poettering [Fri, 23 Jan 2015 12:44:44 +0000 (13:44 +0100)]
core,shutdown: don't bother with unmounting any mounts below /sys, /proc, /dev when shutting down

After all, mounts below these directories are pretty much guaranteed to
be virtual, and it's hence unnecessary to unmount them during shutdown.
Moreover, in less-priviliged containers we might lack the rights to
unmount them, hence don't even try.

6 years agomount-setup: /selinux, /cgroup, /dev/cgroup are sooo old, don't bother with them...
Lennart Poettering [Fri, 23 Jan 2015 12:44:27 +0000 (13:44 +0100)]
mount-setup: /selinux, /cgroup, /dev/cgroup are sooo old, don't bother with them anymore

6 years agotmpfiles: minor simplification
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 04:35:34 +0000 (23:35 -0500)]
tmpfiles: minor simplification

6 years agoman: bring tmpfiles.d(5) in line with code
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 04:32:19 +0000 (23:32 -0500)]
man: bring tmpfiles.d(5) in line with code

6 years agoupdate TODO
Lennart Poettering [Fri, 23 Jan 2015 01:59:58 +0000 (02:59 +0100)]
update TODO

6 years agosd-bus: fix typo
Lennart Poettering [Fri, 23 Jan 2015 01:59:30 +0000 (02:59 +0100)]
sd-bus: fix typo

6 years agocore: add a property that shows the current memory usage of a unit
Lennart Poettering [Fri, 23 Jan 2015 01:58:02 +0000 (02:58 +0100)]
core: add a property that shows the current memory usage of a unit

This is exposed the memory.usage_in_bytes cgroup property on the bus,
and makes "systemctl status" show it in its default output.

6 years agocgroup-show: remove duplicated check
Zbigniew Jędrzejewski-Szmek [Fri, 23 Jan 2015 01:03:58 +0000 (20:03 -0500)]
cgroup-show: remove duplicated check

After 3637713a20 it is not necessary anymore.

6 years agoupdate TODO
Lennart Poettering [Fri, 23 Jan 2015 00:44:14 +0000 (01:44 +0100)]
update TODO

6 years agonspawn: when mounting the cgroup hierarchies, use the exact same mount options for...
Lennart Poettering [Fri, 23 Jan 2015 00:43:16 +0000 (01:43 +0100)]
nspawn: when mounting the cgroup hierarchies, use the exact same mount options for the superblock as the host

Otherwise we'll generate kernel runtime warnings about non-matching
mount options.

6 years agonspawn: mount /tmp in the container, don't leave this to the container's init
Lennart Poettering [Fri, 23 Jan 2015 00:27:06 +0000 (01:27 +0100)]
nspawn: mount /tmp in the container, don't leave this to the container's init

We really want /tmp to be properly mounted, especially in containers
that lack CAP_SYS_ADMIN or that are not fully booted up and only get a
shell, hence let's do so in nspawn already.

6 years agonspawn: allow bind-mounting char and block files
Alban Crequy [Thu, 22 Jan 2015 15:47:07 +0000 (16:47 +0100)]
nspawn: allow bind-mounting char and block files

6 years agoupdate TODO
Lennart Poettering [Fri, 23 Jan 2015 00:20:16 +0000 (01:20 +0100)]
update TODO

6 years agoimportd: when listing transfers, show progress percentage
Lennart Poettering [Fri, 23 Jan 2015 00:16:31 +0000 (01:16 +0100)]
importd: when listing transfers, show progress percentage

With this change the pull protocol implementation processes will pass
progress data to importd which then passes this information on via the
bus. We use sd_notify() as generic transport for this communication,
making importd listen to them, while matching the incoming messages to
the right transfer.

6 years agoimportd: fix bus policy
Lennart Poettering [Fri, 23 Jan 2015 00:16:07 +0000 (01:16 +0100)]
importd: fix bus policy

6 years agomachinectl: fix handling of --verify= argument for dkr downloads
Lennart Poettering [Fri, 23 Jan 2015 00:15:08 +0000 (01:15 +0100)]
machinectl: fix handling of --verify= argument for dkr downloads

6 years agosd-bus: fix handling of double parameters in sd_bus_message_append()
Lennart Poettering [Fri, 23 Jan 2015 00:13:09 +0000 (01:13 +0100)]
sd-bus: fix handling of double parameters in sd_bus_message_append()

We really need to use va_arg() with the right type here as uint64_t and
double might have the same size, but are passed differently as

6 years agoimport: we need CAP_DAC_OVERRIDE for untarring systems after all
Lennart Poettering [Fri, 23 Jan 2015 00:12:10 +0000 (01:12 +0100)]
import: we need CAP_DAC_OVERRIDE for untarring systems after all

6 years agocore: zero size notify messages are OK
Lennart Poettering [Fri, 23 Jan 2015 00:11:46 +0000 (01:11 +0100)]
core: zero size notify messages are OK

6 years agotests: use assert_se instead of assert
Ronny Chevalier [Thu, 22 Jan 2015 21:53:42 +0000 (22:53 +0100)]
tests: use assert_se instead of assert

Otherwise they can be optimized away with -DNDEBUG

6 years agopo: update french translation
Sylvain Plantefève [Thu, 22 Jan 2015 20:51:46 +0000 (21:51 +0100)]
po: update french translation

6 years agocatalog: update french translation
Sylvain Plantefève [Thu, 22 Jan 2015 20:51:45 +0000 (21:51 +0100)]
catalog: update french translation

6 years agoman: fix typos
Ronny Chevalier [Sun, 18 Jan 2015 22:23:38 +0000 (23:23 +0100)]
man: fix typos

6 years agosd-dhcp-client: use RFC4361-complient ClientID by default
Tom Gundersen [Wed, 21 Jan 2015 23:53:16 +0000 (00:53 +0100)]
sd-dhcp-client: use RFC4361-complient ClientID by default

In addition to the benefits listed in the RFC, this allows DHCP to work also in
case several interfaces share the same MAC address on the same link (IPVLAN).

Note that this will make the ClientID (so probably the assigned IP address)
change on upgrades. If it is desired to avoid that we would have to remember and
write back the ID (which the library supports, but networkd currently does not).

6 years agodhcp-identifier: create IAID even if no udev device can be found
Tom Gundersen [Thu, 22 Jan 2015 20:18:30 +0000 (21:18 +0100)]
dhcp-identifier: create IAID even if no udev device can be found

This is useful for testing.

6 years agonetworkd: Introduce ip6gre and ip6gretap
Susant Sahani [Sun, 18 Jan 2015 17:54:24 +0000 (23:24 +0530)]
networkd: Introduce ip6gre and ip6gretap

This patch introduces ipv6 gre and gretap.





ip link

6: ip6gre@eno16777736: <POINTOPOINT,NOARP> mtu 1448 qdisc noop state
DOWN mode DEFAULT group default
    link/gre6 2a:00:ff:de:45:67:ed:de:00:00:00:00:00:00:49:87 peer

6 years agonetworkd: Introduce IP6 tunnel
Susant Sahani [Fri, 16 Jan 2015 19:09:10 +0000 (00:39 +0530)]
networkd: Introduce IP6 tunnel

This patch enables networkd to create IP6 tunnels

example conf:




23: ipip6-tunnel@wlan0: <POINTOPOINT,NOARP> mtu 1452 qdisc noop state
DOWN mode DEFAULT group default
    link/tunnel6 2a00:ffde:4567:edde::4987 peer 2001:473:fece:cafe::5179

6 years agonetworkd: introduce gretap
Susant Sahani [Sat, 20 Dec 2014 08:05:06 +0000 (13:35 +0530)]
networkd: introduce gretap

This patch introdeces gretap to networkd

6 years agoupdate TODO
Lennart Poettering [Thu, 22 Jan 2015 17:55:30 +0000 (18:55 +0100)]
update TODO

6 years agoimportd: run daemon at minimal capabilities
Lennart Poettering [Thu, 22 Jan 2015 17:55:08 +0000 (18:55 +0100)]
importd: run daemon at minimal capabilities

6 years agocgroup-show: don't hit assert, when the extra pids array is empty
Lennart Poettering [Thu, 22 Jan 2015 17:54:48 +0000 (18:54 +0100)]
cgroup-show: don't hit assert, when the extra pids array is empty

6 years agoimportd: fix path to download binary
Lennart Poettering [Thu, 22 Jan 2015 17:38:51 +0000 (18:38 +0100)]
importd: fix path to download binary

6 years agoimport: lock tar into its own private network namespace
Lennart Poettering [Thu, 22 Jan 2015 17:19:58 +0000 (18:19 +0100)]
import: lock tar into its own private network namespace

That way it cannot get access to the network

6 years agoimport: drop all capabilities when invoking tar
Lennart Poettering [Thu, 22 Jan 2015 17:12:31 +0000 (18:12 +0100)]
import: drop all capabilities when invoking tar

6 years agoupdate TODO
Lennart Poettering [Thu, 22 Jan 2015 16:50:26 +0000 (17:50 +0100)]
update TODO

6 years agoimport: only define the _to_string() enum mapping function, thus making gcc shut up
Lennart Poettering [Thu, 22 Jan 2015 16:49:28 +0000 (17:49 +0100)]
import: only define the _to_string() enum mapping function, thus making gcc shut up

6 years agoimport: now that the worker binary is called "systemd-pull" we can shorten the verbs
Lennart Poettering [Thu, 22 Jan 2015 16:38:10 +0000 (17:38 +0100)]
import: now that the worker binary is called "systemd-pull" we can shorten the verbs

Atfer all "systemd-pull pull-tar" is unnecessarily redundant, over
"systemd-pull tar"...

6 years agoimportd: try to minimize confusion by renaming "systemd-import" binary to "systemd...
Lennart Poettering [Thu, 22 Jan 2015 16:34:54 +0000 (17:34 +0100)]
importd: try to minimize confusion by renaming "systemd-import" binary to "systemd-pull"

This way "systemd-importd" is the daemon that uses "systemd-pull" as
backend worker.

6 years agomachinectl: when downloading an image, clarify that C-c will not cancel the download...
Lennart Poettering [Thu, 22 Jan 2015 16:31:59 +0000 (17:31 +0100)]
machinectl: when downloading an image, clarify that C-c will not cancel the download, but continue it in the background

6 years agomachinectl: minor simplification
Lennart Poettering [Thu, 22 Jan 2015 16:30:58 +0000 (17:30 +0100)]
machinectl: minor simplification

6 years agomachinectl: parse verify setting client-side
Lennart Poettering [Thu, 22 Jan 2015 16:30:40 +0000 (17:30 +0100)]
machinectl: parse verify setting client-side

6 years agoimportd: minor log improvements
Lennart Poettering [Thu, 22 Jan 2015 16:30:02 +0000 (17:30 +0100)]
importd: minor log improvements

6 years agoimport: make the user verficiation keyring override the vendor keyring, instead of...
Lennart Poettering [Thu, 22 Jan 2015 16:07:27 +0000 (17:07 +0100)]
import: make the user verficiation keyring override the vendor keyring, instead of extending it

This way the user has the ability to remove keys from the
vendor-supplied keyring if he intends so.

6 years agologind: fix sd_eviocrevoke ioctl call
Peter Hutterer [Thu, 22 Jan 2015 01:36:02 +0000 (11:36 +1000)]
logind: fix sd_eviocrevoke ioctl call

If the third argument is non-null, the kernel will always error out with
EINVAL and devices won't get revoked.

Reported-by: Benjamin Tissoires <>
Signed-off-by: Peter Hutterer <>
6 years agomachinectl: various minor updates to the --help text
Lennart Poettering [Thu, 22 Jan 2015 14:14:23 +0000 (15:14 +0100)]
machinectl: various minor updates to the --help text

6 years agoimport: rename --verify=sum to --verify=checksum
Lennart Poettering [Thu, 22 Jan 2015 14:13:53 +0000 (15:13 +0100)]
import: rename --verify=sum to --verify=checksum

This is how we call it internally, and also a bit more descriptive.

6 years agoman: document new download magic
Lennart Poettering [Thu, 22 Jan 2015 14:12:11 +0000 (15:12 +0100)]
man: document new download magic

6 years agoimport: add to
Piotr Drąg [Thu, 22 Jan 2015 13:56:45 +0000 (14:56 +0100)]
import: add to

6 years agokbd-model-map: add more mappings for Slovak, Lithuanian, and Khmer
Mindaugas Baranauskas [Thu, 22 Jan 2015 06:07:24 +0000 (01:07 -0500)]
kbd-model-map: add more mappings for Slovak, Lithuanian, and Khmer

6 years agoUse eurlatgr as the example console font
Marko Myllynen [Thu, 15 Jan 2015 12:44:17 +0000 (14:44 +0200)]
Use eurlatgr as the example console font


6 years agosysv-generator: only allow regular files in enumerate_sysv()
Cristian Rodríguez [Wed, 14 Jan 2015 05:51:41 +0000 (02:51 -0300)]
sysv-generator: only allow regular files in enumerate_sysv()

Otherwise, if the directory contains other directories we fail
at fopen in load_sysv() with EISDIR.

6 years agobuild: export symbols to integrate mainloops
Lucas De Marchi [Thu, 22 Jan 2015 00:59:45 +0000 (22:59 -0200)]
build: export symbols to integrate mainloops

6 years agoTODO: tmpfiles
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 23:28:17 +0000 (18:28 -0500)]
TODO: tmpfiles

6 years agoshared/acl-util: add mask only when needed, always add base ACLs
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 23:22:27 +0000 (18:22 -0500)]
shared/acl-util: add mask only when needed, always add base ACLs

For ACLs to be valid, a set of entries for user, group, and other
must be always present. Always add those entries.

While at it, only add the mask ACL if it is actually required, i.e.
when at least on ACL for non-owner group or user exists.

6 years agotmpfiles: use ACL magic on journal directories
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 20:05:40 +0000 (15:05 -0500)]
tmpfiles: use ACL magic on journal directories

6 years agotmpfiles: implement augmenting of existing ACLs
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 10:02:47 +0000 (05:02 -0500)]
tmpfiles: implement augmenting of existing ACLs

This is much more useful in practice (equivalent to setfacl -m).

6 years agotmpfiles: make t and a globby, add their recursive versions T and A
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 07:10:00 +0000 (02:10 -0500)]
tmpfiles: make t and a globby, add their recursive versions T and A

For types which adapt existing files it is generally more useful to accept

In analogy to z and Z, add recursive versions using uppercase letters.

Technically, making a accept globs is backwards incompatible, but in
practice it probably isn't yet widely used and we can assume that most
people don't create files with wildcards in names.

Functions which are used as callbacks, but not directly on items, are
renamed not to have "item_" prefix.

6 years agotmpfiles: make recursive operation generic
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 06:33:39 +0000 (01:33 -0500)]
tmpfiles: make recursive operation generic

6 years agotmpfiles: add 'a' type to set ACLs
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jan 2015 04:27:39 +0000 (23:27 -0500)]
tmpfiles: add 'a' type to set ACLs

6 years agotmpfiles: attach an array of items to each path
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 07:00:37 +0000 (02:00 -0500)]
tmpfiles: attach an array of items to each path

The data structure used by tmpfiles is changed: instead of hashmaps
mapping {path → Item*} we now have hashmaps containing
{path -> ItemArray}, where ItemArray contains a pointer
to an array of Items.

For current code it doesn't matter much, but when we add new types it
is easier to simply add a new Item for a given path, then to coalesce
multiple lines into one Item.

In the future, this change will also make it possible to remember the
file and line where each Item originates, and use that in reporting
errors. Currently this is not possible, since each Item can be created
from multiple lines.

6 years agotmpfiles: make sure not to concatenate non-absolute path
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 06:27:31 +0000 (01:27 -0500)]
tmpfiles: make sure not to concatenate non-absolute path

If the path is absolute was only checked later.
Also do not check if path if absolute if we just
specified it starting with a slash.

6 years agotmpfiles: detect all combinations of + and !
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 06:11:01 +0000 (01:11 -0500)]
tmpfiles: detect all combinations of + and !

The same algorithm as with - and @ in ExecStart= is used.

6 years agotmpfiles: simplification
Zbigniew Jędrzejewski-Szmek [Fri, 9 Jan 2015 06:10:02 +0000 (01:10 -0500)]
tmpfiles: simplification

Certain conditions were checked more than once. Warning message
is improved.

6 years agocatalog: update pt_BR translation
Rafael Ferreira [Mon, 19 Jan 2015 14:39:43 +0000 (12:39 -0200)]
catalog: update pt_BR translation

Brazilian Portuguese update for CATALOG patch, according to commit
2057124e7910c4cab7e53d26e0c3749d326ae2bb ("Grammar changes to catalog")

6 years agoshared/cgroup-show: simplify show_pid_array()
Zbigniew Jędrzejewski-Szmek [Wed, 21 Jan 2015 04:09:58 +0000 (23:09 -0500)]
shared/cgroup-show: simplify show_pid_array()

int[] should not be used as pid_t[], even if happens to be same thing.
Also deduplicating in a quadratic loop right before sorting is unnecessary.
Remove custom greedy_realloc implementation.

6 years agoAssorted format fixes
Zbigniew Jędrzejewski-Szmek [Wed, 21 Jan 2015 03:22:15 +0000 (22:22 -0500)]
Assorted format fixes

Types used for pids and uids in various interfaces are unpredictable.
Too bad.