chiark / gitweb /
7 years agoservice: when we complain about a notify message we cannot map to main pid because...
Lennart Poettering [Fri, 14 Feb 2014 01:05:40 +0000 (02:05 +0100)]
service: when we complain about a notify message we cannot map to main pid because we don't know anything about the main pid, do so at debug level

7 years agoservice: if we don't know the main pid of a service, we cannot accept any notificatio...
Lennart Poettering [Fri, 14 Feb 2014 01:04:09 +0000 (02:04 +0100)]
service: if we don't know the main pid of a service, we cannot accept any notification messages

7 years agobuild-sys: fix for "recipe for target 'dbus1-generator-install-hook' failed"
Simon Peeters [Fri, 14 Feb 2014 00:52:40 +0000 (01:52 +0100)]
build-sys: fix for "recipe for target 'dbus1-generator-install-hook' failed"

7 years agoman: systemd.service(5): clarify behavior of SuccessExitStatus
Dave Reisner [Fri, 14 Feb 2014 00:40:04 +0000 (01:40 +0100)]
man: systemd.service(5): clarify behavior of SuccessExitStatus

The behavior of this is a little cryptic in that $MAINPID must exit as
a direct result of receiving a signal in order for a listed signal to
be considered a success condition.

7 years agoshared: include root when canonicalizing conf paths
Michael Marineau [Fri, 31 Jan 2014 23:35:04 +0000 (15:35 -0800)]
shared: include root when canonicalizing conf paths

The conf_files_list family accepts an alternate root path to prefix all
directories in the list but path_strv_canonicalize_uniq doesn't use it.
This results in the suspicious behavior of resolving directory symlinks
based on the contents of / instead of the alternate root.

This adds a prefix argument to path_strv_canonicalize which will now
prepend the prefix, if given, to every path in the list. To avoid
answering what a relative path means when called with a root prefix
path_strv_canonicalize is now path_strv_canonicalize_absolute and only
considers absolute paths. Fortunately all users of already call
path_strv_canonicalize with a list of absolute paths.

7 years agologind: make sure to terminate systemd user on logouts
Djalal Harouni [Thu, 13 Feb 2014 17:31:43 +0000 (18:31 +0100)]
logind: make sure to terminate systemd user on logouts

Currently if the user logs out, the GC may never call user_stop(),
this will not terminate the systemd user and (sd-pam) of that user.

To fix this, remove the USER_CLOSING state check that is blocking the
GC from calling user_stop(). Since if user_check_gc() returns false
this means that all the sessions of the user were removed which will
make user_get_state() return USER_CLOSING.

Conclusion: that test will never be statisfied.

So we remove the USER_CLOSING check and replace it with a check inside
user_stop() this way we know that user_stop() has already queued stop
jobs, no need to redo.

This ensures that the GC will get its two steps correctly as pointed out
by Lennart:

Note: this also fixes another bug that prevents creating the user
private dbus socket which will break communications with the user

7 years agonspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in containers
Lennart Poettering [Thu, 13 Feb 2014 19:30:02 +0000 (20:30 +0100)]
nspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in containers

The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.

7 years agonspawn: add new --network-veth switch to add a virtual ethernet link to the host
Lennart Poettering [Thu, 13 Feb 2014 17:47:20 +0000 (18:47 +0100)]
nspawn: add new --network-veth switch to add a virtual ethernet link to the host

7 years agortnl: support adding VETH_INFO_PEER containers into rtnl messages
Lennart Poettering [Thu, 13 Feb 2014 17:46:48 +0000 (18:46 +0100)]
rtnl: support adding VETH_INFO_PEER containers into rtnl messages

7 years agosystemctl: fix exit statuses from is-active/is-failed
Dave Reisner [Thu, 13 Feb 2014 15:14:31 +0000 (10:14 -0500)]
systemctl: fix exit statuses from is-active/is-failed

This was inadvertantly disturbed in e3e0314b when glob support was

7 years agoeverywhere: always use O_CLOEXEC where it makes sense
Lennart Poettering [Thu, 13 Feb 2014 13:59:56 +0000 (14:59 +0100)]
everywhere: always use O_CLOEXEC where it makes sense

7 years agoeverywhere: make use of new0() and macro() macros, and stop using perror()
Lennart Poettering [Thu, 13 Feb 2014 13:45:51 +0000 (14:45 +0100)]
everywhere: make use of new0() and macro() macros, and stop using perror()

7 years agonspawn: check with udev before we take possession of an interface
Lennart Poettering [Thu, 13 Feb 2014 13:38:02 +0000 (14:38 +0100)]
nspawn: check with udev before we take possession of an interface

7 years agonspawn: no need to subscribe to netlink messages if we just want to execute one operation
Lennart Poettering [Thu, 13 Feb 2014 13:08:16 +0000 (14:08 +0100)]
nspawn: no need to subscribe to netlink messages if we just want to execute one operation

7 years agonspawn: --private-network should imply CAP_NET_ADMIN
Lennart Poettering [Thu, 13 Feb 2014 13:07:59 +0000 (14:07 +0100)]
nspawn: --private-network should imply CAP_NET_ADMIN

7 years agortnl: rename constructors from the form sd_rtnl_xxx_yyy_new() to sd_rtnl_xxx_new_yyy()
Lennart Poettering [Thu, 13 Feb 2014 12:53:25 +0000 (13:53 +0100)]
rtnl: rename constructors from the form sd_rtnl_xxx_yyy_new() to sd_rtnl_xxx_new_yyy()

So far we followed the rule to always indicate the "flavour" of
constructors after the "_new_" or "_open_" in the function name, so
let's keep things in sync here for rtnl and do the same.

7 years agortnl: drop "sd_" prefix from cleanup macros
Lennart Poettering [Thu, 13 Feb 2014 02:44:14 +0000 (03:44 +0100)]
rtnl: drop "sd_" prefix from cleanup macros

The "sd_" prefix is supposed to be used on exported symbols only, and
not in the middle of names. Let's drop it from the cleanup macros hence,
to make things simpler.

The bus cleanup macros don't carry the "sd_" either, so this brings the
APIs a bit nearer.

7 years agonspawn: add new --network-interface= switch to move an existing interface into the...
Lennart Poettering [Thu, 13 Feb 2014 02:27:39 +0000 (03:27 +0100)]
nspawn: add new --network-interface= switch to move an existing interface into the container

7 years agonspawn: introduce --capability=all for retaining all capabilities
Lennart Poettering [Thu, 13 Feb 2014 01:45:11 +0000 (02:45 +0100)]
nspawn: introduce --capability=all for retaining all capabilities

7 years agoseccomp: fix build again if libseccomp is missing
Lennart Poettering [Thu, 13 Feb 2014 01:25:45 +0000 (02:25 +0100)]
seccomp: fix build again if libseccomp is missing

7 years agoupdate TODO
Lennart Poettering [Thu, 13 Feb 2014 01:13:50 +0000 (02:13 +0100)]
update TODO

7 years agocore: make StopWhenUnneeded work in conjunction with units that fail
Lennart Poettering [Thu, 13 Feb 2014 01:12:27 +0000 (02:12 +0100)]
core: make StopWhenUnneeded work in conjunction with units that fail
during their start job

7 years agoupdate TODO
Lennart Poettering [Thu, 13 Feb 2014 00:41:24 +0000 (01:41 +0100)]
update TODO

7 years agocore: add a system-wide SystemCallArchitectures= setting
Lennart Poettering [Thu, 13 Feb 2014 00:35:27 +0000 (01:35 +0100)]
core: add a system-wide SystemCallArchitectures= setting

This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings.

7 years agonetworkd: correctly handle manager_free(NULL)
Tom Gundersen [Thu, 13 Feb 2014 00:38:53 +0000 (01:38 +0100)]
networkd: correctly handle manager_free(NULL)

7 years agocore: add SystemCallArchitectures= unit setting to allow disabling of non-native
Lennart Poettering [Wed, 12 Feb 2014 23:24:00 +0000 (00:24 +0100)]
core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls

Also, turn system call filter bus properties into complex types instead
of concatenated strings.

7 years agocore: fix build without libseccomp
Lennart Poettering [Wed, 12 Feb 2014 17:44:40 +0000 (18:44 +0100)]
core: fix build without libseccomp

7 years agocore: rework syscall filter
Lennart Poettering [Wed, 12 Feb 2014 17:28:21 +0000 (18:28 +0100)]
core: rework syscall filter

- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.

7 years agosyscallfilter: port to libseccomp
Ronny Chevalier [Wed, 12 Feb 2014 00:29:54 +0000 (01:29 +0100)]
syscallfilter: port to libseccomp

7 years agosd-dhcp: make sure client->secs > 0
Tom Gundersen [Wed, 12 Feb 2014 15:59:52 +0000 (16:59 +0100)]
sd-dhcp: make sure client->secs > 0

Some DHCP servers will not work correctly if secs == 0, so round up
to at least 1.

7 years agonetworkd: work inside containers
Tom Gundersen [Wed, 12 Feb 2014 15:40:24 +0000 (16:40 +0100)]
networkd: work inside containers

Udev does not run in containers, so instead of relying on it to tell us when a
network device is ready to be used by networkd, we simply assume that any
device was fully initialized before being added to the container.

7 years agoupdate TODO (add section for things to fix before 209)
Lennart Poettering [Wed, 12 Feb 2014 11:59:31 +0000 (12:59 +0100)]
update TODO (add section for things to fix before 209)

7 years agobuild-sys: make lxml required when generating indices
Zbigniew Jędrzejewski-Szmek [Wed, 12 Feb 2014 07:58:41 +0000 (02:58 -0500)]
build-sys: make lxml required when generating indices

Since the manpage indices generated without lxml would be missing some
parts, it doesn't make sense to keep lxml optional anymore.

7 years agobuild-sys: add less-variables.xml to EXTRA_DIST
Zbigniew Jędrzejewski-Szmek [Wed, 12 Feb 2014 07:05:06 +0000 (02:05 -0500)]
build-sys: add less-variables.xml to EXTRA_DIST

7 years agoman: use xinclude to de-deduplicate common text
Zbigniew Jędrzejewski-Szmek [Wed, 12 Feb 2014 05:55:38 +0000 (00:55 -0500)]
man: use xinclude to de-deduplicate common text

I only tested with python-lxml. I'm not sure if xml.etree should be

7 years agopager: support SYSTEMD_LESS environment variable
Jason A. Donenfeld [Wed, 12 Feb 2014 02:30:10 +0000 (03:30 +0100)]
pager: support SYSTEMD_LESS environment variable

This allows customization of the arguments used by less. The main
motivation is that some folks might not like having --no-init on every
invocation of less.

7 years agonspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use of this
Lennart Poettering [Wed, 12 Feb 2014 01:52:39 +0000 (02:52 +0100)]
nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use of this

7 years agotest: fix "make check"
Lennart Poettering [Wed, 12 Feb 2014 01:09:32 +0000 (02:09 +0100)]
test: fix "make check"

Let's remove the tests for cg_path_get_machine_name(), since they no
longer operate solely on the cgroup path, but actually look up data in
/run. Since we have a test for cg_pid_get_machine_name() this shouldn't
be too much of a loss.

7 years agomachinectl: add new "machinectl reboot" call
Lennart Poettering [Wed, 12 Feb 2014 01:07:57 +0000 (02:07 +0100)]
machinectl: add new "machinectl reboot" call

7 years agologind: ignore PropertiesChanged signals for jobs
Zbigniew Jędrzejewski-Szmek [Sat, 8 Feb 2014 22:22:13 +0000 (17:22 -0500)]
logind: ignore PropertiesChanged signals for jobs

Otherwise we get a (harmless) message like:
systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument

7 years agologind: always kill session when termination is requested
Zbigniew Jędrzejewski-Szmek [Sun, 9 Feb 2014 01:29:56 +0000 (20:29 -0500)]
logind: always kill session when termination is requested

KillUserProcesses=yes/no should be ignored when termination is
explicitly requested.

7 years agojournald: log provenience of signals
Zbigniew Jędrzejewski-Szmek [Mon, 10 Feb 2014 01:08:55 +0000 (20:08 -0500)]
journald: log provenience of signals

7 years agounits: make use of nspawn's --keep-unit switch in systemd-nspawn@.service
Lennart Poettering [Tue, 11 Feb 2014 20:07:09 +0000 (21:07 +0100)]
units: make use of nspawn's --keep-unit switch in systemd-nspawn@.service

7 years agomachined: fix enumeration of existing machines on restart
Lennart Poettering [Tue, 11 Feb 2014 20:06:51 +0000 (21:06 +0100)]
machined: fix enumeration of existing machines on restart

7 years agoupdate TODO
Lennart Poettering [Tue, 11 Feb 2014 19:31:37 +0000 (20:31 +0100)]
update TODO

7 years agologind: use session_get_state() to get sessions state of the user
Djalal Harouni [Sat, 8 Feb 2014 19:51:57 +0000 (20:51 +0100)]
logind: use session_get_state() to get sessions state of the user

In function user_get_state() remove the session_is_active() check, just
count on the session_get_state() function to get the correct session

session_is_active() may return true before starting the session scope
and user service, this means it will return true even before the creation
of the session fifo_fd which will produce incorrect states.

So be consistent and just use session_get_state().

7 years agoefi: fix Undefined reference efi_loader_get_boot_usec when EFI support is disabled
Cristian Rodríguez [Tue, 11 Feb 2014 12:54:49 +0000 (09:54 -0300)]
efi: fix Undefined reference efi_loader_get_boot_usec when EFI support is disabled

7 years agomachined: optionally, allow registration of pre-existing units (scopes
Lennart Poettering [Tue, 11 Feb 2014 16:15:38 +0000 (17:15 +0100)]
machined: optionally, allow registration of pre-existing units (scopes
or services) as machine with machined

7 years agoutil: modernize readlink_malloc() a bit
Lennart Poettering [Tue, 11 Feb 2014 15:45:35 +0000 (16:45 +0100)]
util: modernize readlink_malloc() a bit

7 years agoutil: drop parse_user_at_host() since its unused now
Lennart Poettering [Tue, 11 Feb 2014 15:45:15 +0000 (16:45 +0100)]
util: drop parse_user_at_host() since its unused now

7 years agonspawn: add --register=yes|no switch to optionally disable registration of the contai...
Lennart Poettering [Mon, 10 Feb 2014 14:36:32 +0000 (15:36 +0100)]
nspawn: add --register=yes|no switch to optionally disable registration of the container with machined

7 years agosd-dhcp: split out packet handling from client
Tom Gundersen [Tue, 11 Feb 2014 12:11:18 +0000 (13:11 +0100)]
sd-dhcp: split out packet handling from client

7 years agosd-bus: export sd_bus_call{,_async,_async_cancel}
David Herrmann [Mon, 10 Feb 2014 15:42:52 +0000 (16:42 +0100)]
sd-bus: export sd_bus_call{,_async,_async_cancel}

The .sym file somehow lacks these declarations, so add these. You have to
run "make clean" to make sure the sym-test runs fine afterwards.

7 years agonetworkd: link - correctly skip state ENSLAVING when no vlans configured
Tom Gundersen [Mon, 10 Feb 2014 22:01:47 +0000 (23:01 +0100)]
networkd: link - correctly skip state ENSLAVING when no vlans configured

This fixes a regression introduced in 672682a6b

7 years agonetworkd: VLAN - allow multiple vlans to be created on a link
Tom Gundersen [Mon, 10 Feb 2014 17:41:54 +0000 (18:41 +0100)]
networkd: VLAN - allow multiple vlans to be created on a link

Also limit the range of vlan ids. Other implementations and
documentation use the ranges {0,1}-{4094,4095}, but we use
the one accepted by the kernel: 0-4094.

Reported-by: Oleksii Shevchuk <>
7 years agopam: use correct log level
Michal Sekletar [Mon, 10 Feb 2014 15:37:09 +0000 (16:37 +0100)]
pam: use correct log level

7 years agosd-rtnl: added support for a few more attributes
Susant Sahani [Fri, 7 Feb 2014 17:06:25 +0000 (22:36 +0530)]
sd-rtnl: added support for a few more attributes

7 years agosd-rtnl: test - improve test of MTU a bit
Tom Gundersen [Mon, 10 Feb 2014 12:28:39 +0000 (13:28 +0100)]
sd-rtnl: test - improve test of MTU a bit

We are more likely to catch errors if we don't use '0' as test value.

7 years agosd-rtnl: add test cases for link
Susant Sahani [Fri, 7 Feb 2014 04:57:41 +0000 (10:27 +0530)]
sd-rtnl: add test cases for link

7 years agonspawn: add new --share-system switch to run a container without PID/UTS/IPC namespacing
Lennart Poettering [Mon, 10 Feb 2014 12:15:42 +0000 (13:15 +0100)]
nspawn: add new --share-system switch to run a container without PID/UTS/IPC namespacing

7 years agoupdate TODO
Lennart Poettering [Mon, 10 Feb 2014 12:05:28 +0000 (13:05 +0100)]
update TODO

7 years agonspawn,man: use a common vocabulary when referring to selinux security contexts
Lennart Poettering [Mon, 10 Feb 2014 11:32:03 +0000 (12:32 +0100)]
nspawn,man: use a common vocabulary when referring to selinux security contexts

Let's always call the security labels the same way:

  SMACK: "Smack Label"
  SELINUX: "SELinux Security Context"

And the low-level encapsulation is called "seclabel". Now let's hope we
stick to this vocabulary in future, too, and don't mix "label"s and
"security contexts" and so on wildly.

7 years agoexec: Add support for ignoring errors on SELinuxContext by prefixing it with -, like...
Michael Scherer [Thu, 6 Feb 2014 09:05:18 +0000 (10:05 +0100)]
exec: Add support for ignoring errors on SELinuxContext by prefixing it with -, like for others settings.

Also remove call to security_check_context, as this doesn't serve anything, since
setexeccon will fail anyway.

7 years agoexec: Ignore the setting SELinuxContext if selinux is not enabled
Michael Scherer [Thu, 6 Feb 2014 09:05:17 +0000 (10:05 +0100)]
exec: Ignore the setting SELinuxContext if selinux is not enabled

7 years agoexec: Add SELinuxContext configuration item
Michael Scherer [Thu, 6 Feb 2014 09:05:16 +0000 (10:05 +0100)]
exec: Add SELinuxContext configuration item

This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.

7 years agoincludes: remove duplicate includes
Tom Gundersen [Mon, 10 Feb 2014 12:06:09 +0000 (13:06 +0100)]
includes: remove duplicate includes

Found by the new check-includes make target.

7 years agobuild-sys: move python helpers to tools directory
Karel Zak [Mon, 10 Feb 2014 09:37:10 +0000 (10:37 +0100)]
build-sys: move python helpers to tools directory

Note that is missing in EXTRA_DIST=, this patch
fixes this mistake too.

7 years agobuild-sys: add check-includes build target and script
Karel Zak [Mon, 10 Feb 2014 09:37:11 +0000 (10:37 +0100)]
build-sys: add check-includes build target and script

7 years agofstab-generator: Create fsck-root symlink with correct path
Colin Guthrie [Sun, 9 Feb 2014 12:07:11 +0000 (12:07 +0000)]
fstab-generator: Create fsck-root symlink with correct path

This was noticed in Brussels at the hackfest. The fstab-generator currently
creates a broken symlink pointing to itself in
/run/systemd/generator/ for systemd-fsck-root.service

7 years agonspawn: require /etc/os-release only for init
Vincent Batts [Mon, 10 Feb 2014 10:57:53 +0000 (11:57 +0100)]
nspawn: require /etc/os-release only for init

/etc/os-release is expected for the case for booting a full system, and
need not be required for thin container execution.

7 years agonetworkd: fix setting dns from dhcp
Tom Gundersen [Mon, 10 Feb 2014 10:53:16 +0000 (11:53 +0100)]
networkd: fix setting dns from dhcp

7 years agoman: fix another reference in systemd-inhibit(1)
Zbigniew Jędrzejewski-Szmek [Sun, 9 Feb 2014 06:34:20 +0000 (01:34 -0500)]
man: fix another reference in systemd-inhibit(1)

7 years agoman: fix reference in systemd-inhibit(1)
Zbigniew Jędrzejewski-Szmek [Sun, 9 Feb 2014 06:34:20 +0000 (01:34 -0500)]
man: fix reference in systemd-inhibit(1)

7 years agomanager: fix initialization of plymouth socket
Zbigniew Jędrzejewski-Szmek [Sat, 8 Feb 2014 20:09:55 +0000 (15:09 -0500)]
manager: fix initialization of plymouth socket

I'm not sure why this makes a difference...

7 years agocryptsetup-generator: auto add deps for device as password
Dave Reisner [Sat, 8 Feb 2014 17:54:58 +0000 (12:54 -0500)]
cryptsetup-generator: auto add deps for device as password

If the password is a device file, we can add Requires/After dependencies
on the device rather than requiring the user to do so.

7 years agocore: use automatic cleanup in two functions
Zbigniew Jędrzejewski-Szmek [Sun, 12 Jan 2014 20:55:10 +0000 (15:55 -0500)]
core: use automatic cleanup in two functions

7 years agocore: do not print invalid utf-8 in error messages
Zbigniew Jędrzejewski-Szmek [Sat, 18 Jan 2014 02:28:41 +0000 (21:28 -0500)]
core: do not print invalid utf-8 in error messages

7 years agopam-module: avoid (null) in debug message
Zbigniew Jędrzejewski-Szmek [Sat, 8 Feb 2014 17:12:20 +0000 (12:12 -0500)]
pam-module: avoid (null) in debug message

7 years agocore: fix crashes if locale.conf contains invalid utf-8 string
Goffredo Baroncelli [Thu, 6 Feb 2014 18:09:59 +0000 (19:09 +0100)]
core: fix crashes if locale.conf contains invalid utf-8 string

In the parse_env_file_push() and load_env_file_push() functions, there
are two assert() call to check if the key or value parameters are utf8 valid.

If the strings aren't utf8 valid, assert does abort.

These function are used early by systemd to parse some files. For
example '/etc/locale.conf'. In my case this file contained a not utf8
sequence, which is bad, but systemd crashed during the boot, which
is even worse!

The enclosed patch removes the assert and return -EINVAL if the
sequence is invalid. This is possible because the caller of these
function [1] checks the errors.
So the check of an invalid utf8 sequence is still performed, but
systemd doesn't crash anymore and logs the error.

[1] parse_env_file_internal(), invoked by load_env_file() and

7 years agoremove unused variables
Thomas Hindoe Paaboel Andersen [Fri, 7 Feb 2014 22:09:40 +0000 (23:09 +0100)]
remove unused variables

7 years agonspawn: rename --file-label to --apifs-label since it's really just about the API...
Lennart Poettering [Fri, 7 Feb 2014 18:29:28 +0000 (19:29 +0100)]
nspawn: rename --file-label to --apifs-label since it's really just about the API file systems, nothing else

7 years agocore: when an already abandoned unit gets abandoned again generate a clean error
Lennart Poettering [Fri, 7 Feb 2014 16:59:27 +0000 (17:59 +0100)]
core: when an already abandoned unit gets abandoned again generate a clean error

7 years agologind: order all scopes after both systemd-logind.service and
Lennart Poettering [Fri, 7 Feb 2014 15:42:03 +0000 (16:42 +0100)]
logind: order all scopes after both systemd-logind.service and

This way at shutdown we can be sure that the sessions go away before the

7 years agonetworkd: netdev - rename Netdev to NetDev
Tom Gundersen [Fri, 7 Feb 2014 16:03:23 +0000 (17:03 +0100)]
networkd: netdev - rename Netdev to NetDev

Both in the configuration file format and everywhere else in the code.

7 years agologind: add function session_jobs_reply() to unify the create reply
Djalal Harouni [Thu, 6 Feb 2014 20:37:14 +0000 (21:37 +0100)]
logind: add function session_jobs_reply() to unify the create reply

The session_send_create_reply() function which notifies clients about
session creation is used for both session and user units. Unify the
shared code in a new function session_jobs_reply().

The session_save() will be called unconditionally on sessions since it
does not make sense to only call it if '!session->started', this will
also allow to update the session state as soon as possible.

7 years agocore: one step back again, for nspawn we actually can't wait for cgroups running...
Lennart Poettering [Fri, 7 Feb 2014 15:12:09 +0000 (16:12 +0100)]
core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it

7 years agomachined: since we can now somewhat reliable get notifications for dying
Lennart Poettering [Fri, 7 Feb 2014 14:44:10 +0000 (15:44 +0100)]
machined: since we can now somewhat reliable get notifications for dying
scopes we don't need to lower the stop timeout anymore

7 years agoman: cryptsetup-1.6.3 now allows partition device file in system mode
Jan Janssen [Fri, 7 Feb 2014 11:47:20 +0000 (12:47 +0100)]
man: cryptsetup-1.6.3 now allows partition device file in system mode

7 years agobuild-sys: autogen - enable compat libs by default
Tom Gundersen [Fri, 7 Feb 2014 14:48:07 +0000 (15:48 +0100)]
build-sys: autogen - enable compat libs by default

7 years agosd-dhcp-client: split sd_dhcp_lease from sd_dhcp_client
Tom Gundersen [Tue, 4 Feb 2014 22:13:52 +0000 (23:13 +0100)]
sd-dhcp-client: split sd_dhcp_lease from sd_dhcp_client

This allows us users of the library to keep copies of old leases. This is
used by networkd to know what addresses to drop (if any) when the lease

In the future this may be used by DNAv4 and sd-dhcp-server.

7 years agozsh-completions: kernel-install - only show existing kernels for 'remove'
Tom Gundersen [Thu, 6 Feb 2014 17:15:47 +0000 (18:15 +0100)]
zsh-completions: kernel-install - only show existing kernels for 'remove'

When we remove a kernel, we don't remove the modules, so don't look at the modules directory to find installed kernels.

7 years agologind: given that we can now relatively safely shutdown sessions copes
Lennart Poettering [Thu, 6 Feb 2014 18:04:51 +0000 (19:04 +0100)]
logind: given that we can now relatively safely shutdown sessions copes
without working cgroup empty notifications there's no need to set the
stop timeout of sessions scopes low

7 years agocore: allow PIDs to be watched by two units at the same time
Lennart Poettering [Fri, 7 Feb 2014 10:58:25 +0000 (11:58 +0100)]
core: allow PIDs to be watched by two units at the same time

In some cases it is interesting to map a PID to two units at the same
time. For example, when a user logs in via a getty, which is reexeced to
/sbin/login that binary will be explicitly referenced as main pid of the
getty service, as well as implicitly referenced as part of the session

7 years agocore: don't send duplicate SIGCONT when killing units
Lennart Poettering [Thu, 6 Feb 2014 18:46:46 +0000 (19:46 +0100)]
core: don't send duplicate SIGCONT when killing units

7 years agocgroup: make sure to properly send SIGCONT to all processes of a cgroup if that's...
Lennart Poettering [Thu, 6 Feb 2014 18:27:59 +0000 (19:27 +0100)]
cgroup: make sure to properly send SIGCONT to all processes of a cgroup if that's requested

7 years agologind: rework session shutdown logic
Lennart Poettering [Thu, 6 Feb 2014 17:32:14 +0000 (18:32 +0100)]
logind: rework session shutdown logic

Simplify the shutdown logic a bit:

- Keep the session FIFO around in the PAM module, even after the session
  shutdown hook has been finished. This allows logind to track precisely
  when the PAM handler goes away.

- In the ReleaseSession() call start a timer, that will stop terminate
  the session when elapsed.

- Never fiddle with the KillMode of scopes to configure whether user
  processes should be killed or not. Instead, simply leave the scope
  units around when we terminate a session whose processes should not be

- When killing is enabled, stop the session scope on FIFO EOF or after
  the ReleaseSession() timeout. When killing is disabled, simply tell
  PID 1 to abandon the scope.

Because the scopes stay around and hence all processes are always member
of a scope, the system shutdown logic should be more robust, as the
scopes can be shutdown as part of the usual shutdown logic.

7 years agocore: watch SIGCHLD more closely to track processes of units with no reliable cgroup...
Lennart Poettering [Thu, 6 Feb 2014 16:17:51 +0000 (17:17 +0100)]
core: watch SIGCHLD more closely to track processes of units with no reliable cgroup empty notifier

When a process dies that we can associate with a specific unit, start
watching all other processes of that unit, so that we can associate
those processes with the unit too.

Also, for service units start doing this as soon as we get the first
SIGCHLD for either control or main process, so that we can follow the
processes of the service from one to the other, as long as process that
remain are processes of the ones we watched that died and got reassigned
to us as parent.

Similar, for scope units start doing this as soon as the scope
controller abandons the unit, and thus management entirely reverts to
systemd. To abandon a unit introduce a new Abandon() scope unit method

7 years agocore: fix warning
Thomas Hindoe Paaboel Andersen [Thu, 6 Feb 2014 23:01:19 +0000 (00:01 +0100)]
core: fix warning

introduced in c7040b5d1c2c148f12b6a5eef3dfce1661805131

7 years agoshell-completion: fix completion of localectl set-locale
Zbigniew Jędrzejewski-Szmek [Thu, 6 Feb 2014 16:59:33 +0000 (11:59 -0500)]
shell-completion: fix completion of localectl set-locale

7 years agonspawn: fix HAVE_SELINUX ifdef
Tom Gundersen [Wed, 5 Feb 2014 16:07:20 +0000 (17:07 +0100)]
nspawn: fix HAVE_SELINUX ifdef