chiark / gitweb /
7 years agoAdd SELinux support to systemd-nspawn
Dan Walsh [Thu, 30 Jan 2014 21:28:02 +0000 (16:28 -0500)]
Add SELinux support to systemd-nspawn

This patch adds to new options:


This specifies the process label to run on processes run within the container.


The file label to assign to memory file systems created within the container.

For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following

chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh

7 years agojournal: Drop pkgconfig reference to libsystemd-id128.
Colin Guthrie [Thu, 30 Jan 2014 12:58:24 +0000 (13:58 +0100)]
journal: Drop pkgconfig reference to libsystemd-id128.

This is now part of libsystemd.

7 years agobus: when closing the bus don't end up in a recursive destruction deadlock
Lennart Poettering [Mon, 3 Feb 2014 12:26:24 +0000 (13:26 +0100)]
bus: when closing the bus don't end up in a recursive destruction deadlock

7 years agoconf-parser: warn when we open configuration files with weird access bits
Lennart Poettering [Mon, 3 Feb 2014 11:52:16 +0000 (12:52 +0100)]
conf-parser: warn when we open configuration files with weird access bits

7 years agobuild-sys: move -lresolv out of CFLAGS
Tom Gundersen [Mon, 3 Feb 2014 14:25:45 +0000 (15:25 +0100)]
build-sys: move -lresolv out of CFLAGS

Thomas H.P. Andersen <> wrote:
> Does -lresolv belong in libsystemd_la_CFLAGS? I would have thought
> that it should be in LIBADD for the lib and LDADD for the test.

7 years agobus: update kdbus.h (ABI break)
Kay Sievers [Sat, 1 Feb 2014 13:41:13 +0000 (14:41 +0100)]
bus: update kdbus.h (ABI break)

7 years agonetworkd: remove unused variable
Tom Gundersen [Sat, 1 Feb 2014 15:27:41 +0000 (16:27 +0100)]
networkd: remove unused variable

7 years agonetworkd: don't fail on DHCP errors
Tom Gundersen [Sat, 1 Feb 2014 15:27:13 +0000 (16:27 +0100)]
networkd: don't fail on DHCP errors

7 years agos390/getty-generator: initialize essential system terminals/consoles
Hendrik Brueckner [Fri, 31 Jan 2014 16:08:37 +0000 (17:08 +0100)]
s390/getty-generator: initialize essential system terminals/consoles

Ensure to start getty programs on all essential system consoles on Linux on
System z.  Add these essential devices to the list of virtualization_consoles
to always generate getty configurations.

For the sake of completion, the list of essential consoles is:

  /dev/sclp_line0 - Operating system messages applet (LPAR)
  /dev/ttysclp0 - Integrated ASCII console applet (z/VM and LPAR)
  /dev/ttyS0 - Already handled by systemd (3215 console on z/VM)
  /dev/hvc0  - Already handled by systemd (IUCV HVC terminal on z/VM)

Depending on the environment, z/VM or LPAR, only a subset of these terminals
are available.

See also RH BZ 860158[1] "Cannot login via Operating System Console into RHEL7
instance installed on a LPAR".  This bugzilla actually blocks the installation
of Linux on System z instances in LPAR mode.


7 years agorun: drop mistakenly committed test code
Lennart Poettering [Fri, 31 Jan 2014 17:03:15 +0000 (18:03 +0100)]
run: drop mistakenly committed test code

7 years agocore: fix oom check
Lennart Poettering [Fri, 31 Jan 2014 16:47:22 +0000 (17:47 +0100)]
core: fix oom check

7 years agocore: introduce new stop protocol for unit scopes
Lennart Poettering [Fri, 31 Jan 2014 16:45:13 +0000 (17:45 +0100)]
core: introduce new stop protocol for unit scopes

By specifiy a Controller property when creating the scope a client can
specify a bus name that will be notified with a RequestStop bus signal
when the scope has been asked to shut down, instead of sending SIGTERM
to the scope processes themselves.

7 years agoutil: use alloca0() intead of alloca() + memzero()
Lennart Poettering [Fri, 31 Jan 2014 11:27:35 +0000 (12:27 +0100)]
util: use alloca0() intead of alloca() + memzero()

7 years agonetworkd: dhcp - refactor handler
Tom Gundersen [Fri, 31 Jan 2014 02:10:27 +0000 (03:10 +0100)]
networkd: dhcp - refactor handler

7 years agonetworkd: don't check for ifindex in answer to RTM_NEWLINK
Tom Gundersen [Fri, 31 Jan 2014 01:03:39 +0000 (02:03 +0100)]
networkd: don't check for ifindex in answer to RTM_NEWLINK

The kernel will not be changed to support this, so drop the code. Listening
for all RTM_NEWLINK messages and filtering on name is reliable, so it is not
a problem.

7 years agolibsystemd-dhcp: Update secs field only when sending Discover
Patrik Flykt [Fri, 31 Jan 2014 09:31:25 +0000 (11:31 +0200)]
libsystemd-dhcp: Update secs field only when sending Discover

Compute the 'secs' field as seconds since start of lease acquisition
procedure. Start off with a value of zero and increase it only for
each resent DHCP discover message. See the discussion before and
and Section 3.1 of RFC 2131.

7 years agolibsystemd-dhcp: Fix stopping of DHCP client
Patrik Flykt [Fri, 31 Jan 2014 09:31:24 +0000 (11:31 +0200)]
libsystemd-dhcp: Fix stopping of DHCP client

Go back to Init state independent of the current state the client
is in.

7 years agolibsystemd-dhcp: Compute UDP checksum only if set
Patrik Flykt [Fri, 31 Jan 2014 09:31:23 +0000 (11:31 +0200)]
libsystemd-dhcp: Compute UDP checksum only if set

A checksum field with value zero means no UDP checksum has been
computed for the packet.

7 years agolibsystemd-dhcp: Rename function to be clearer that options are parsed
Patrik Flykt [Fri, 31 Jan 2014 09:31:21 +0000 (11:31 +0200)]
libsystemd-dhcp: Rename function to be clearer that options are parsed

7 years agolibsystemd-dhcp: DNS name option must be a multiple of 4 bytes
Patrik Flykt [Fri, 31 Jan 2014 09:31:20 +0000 (11:31 +0200)]
libsystemd-dhcp: DNS name option must be a multiple of 4 bytes

7 years agouse memzero(foo, length); for all memset(foo, 0, length); calls
Greg KH [Fri, 31 Jan 2014 05:51:32 +0000 (06:51 +0100)]
use memzero(foo, length); for all memset(foo, 0, length); calls

In trying to track down a stupid linker bug, I noticed a bunch of
memset() calls that should be using memzero() to make it more "obvious"
that the options are correct (i.e. 0 is not the length, but the data to
set).  So fix up all current calls to memset(foo, 0, length) to
memzero(foo, length).

7 years agoanalyze: fix plot issues when using gummiboot
Thomas Hindoe Paaboel Andersen [Fri, 31 Jan 2014 06:07:20 +0000 (07:07 +0100)]
analyze: fix plot issues when using gummiboot

It would crash and the legend in the bottom followed the time 0.0.

7 years agotmpfiles: fix memory leak of exclude_prefixes
Zbigniew Jędrzejewski-Szmek [Fri, 31 Jan 2014 02:40:27 +0000 (21:40 -0500)]
tmpfiles: fix memory leak of exclude_prefixes

Missed in 5c795114.

7 years agoshared: net - use u32ctz to compute prefixlen
Tom Gundersen [Thu, 30 Jan 2014 16:23:34 +0000 (17:23 +0100)]
shared: net - use u32ctz to compute prefixlen

7 years agoTODO: update sd-rtnl section
Tom Gundersen [Thu, 30 Jan 2014 15:46:27 +0000 (16:46 +0100)]
TODO: update sd-rtnl section

7 years agoutil: add u32ctz() call for determining ctz of uint32_t
Lennart Poettering [Thu, 30 Jan 2014 15:46:48 +0000 (16:46 +0100)]
util: add u32ctz() call for determining ctz of uint32_t

7 years agonetworkd: netdev - reduce chance of race when receiving netdev's ifindex
Tom Gundersen [Wed, 29 Jan 2014 20:24:44 +0000 (21:24 +0100)]
networkd: netdev - reduce chance of race when receiving netdev's ifindex

When creating a new link, the kernel will not inform us about the new ifindex
in its ack. We have to listen for newly created devices and deduce the new
ifindex by matching on the ifname.

We used to do this by waiting for a new device from libudev, but that is asking
for trouble, as udev will happily rename the device before handing it to us.
Listen on rtnl instead, the chance of the name being changed before reaching us
is much smaller (if not nil).

Kernel patch in the works to make this unneccessary.

7 years agosd-rtnl: beef up rtnl-util a bit
Tom Gundersen [Wed, 29 Jan 2014 20:20:30 +0000 (21:20 +0100)]
sd-rtnl: beef up rtnl-util a bit

7 years agosd-dhcp-client/net-util: make netmask_to_prefixlen generic
Tom Gundersen [Tue, 28 Jan 2014 22:23:31 +0000 (23:23 +0100)]
sd-dhcp-client/net-util: make netmask_to_prefixlen generic

This was originally included in the dhcp-client at my request, but it is not
really dhcp-specific and useful outside of it, so let's pull it out.

7 years agonetworkd: address - add support for broadcast
Tom Gundersen [Tue, 28 Jan 2014 19:01:37 +0000 (20:01 +0100)]
networkd: address - add support for broadcast

7 years agonet-util: verify the address family
Tom Gundersen [Tue, 28 Jan 2014 19:00:47 +0000 (20:00 +0100)]
net-util: verify the address family

Error out if the address family is already set to something incompatible with the
address being parsed.

7 years agonetworkd: dhcpv4 - add notion of 'CriticalConnection'
Tom Gundersen [Mon, 27 Jan 2014 19:52:07 +0000 (20:52 +0100)]
networkd: dhcpv4 - add notion of 'CriticalConnection'

These connections are never torn down, even when the DHCP specifications say that
they should be. This is useful/necessary when the rootfs (or another critical fs)
is mounted over this network connection, and dataloss would result if the connection
is lost.

This option defaults to off, but our initrd generator (TBD) will enable it when

7 years agoutmp: make sure we don't write the utmp reboot record twice on each boot
Lennart Poettering [Thu, 30 Jan 2014 13:18:46 +0000 (14:18 +0100)]
utmp: make sure we don't write the utmp reboot record twice on each boot

(Also, only send the audit msg once, too)

7 years agoupdate-utmp: code modernizations
Lennart Poettering [Thu, 30 Jan 2014 12:28:56 +0000 (13:28 +0100)]
update-utmp: code modernizations

7 years agoupdate TODO
Lennart Poettering [Wed, 29 Jan 2014 20:10:41 +0000 (21:10 +0100)]
update TODO

7 years agobus: when proxying messages from the bus driver patch the driver's well-known name...
Lennart Poettering [Wed, 29 Jan 2014 20:23:41 +0000 (21:23 +0100)]
bus: when proxying messages from the bus driver patch the driver's well-known name into the sender

7 years agobus: the owner of the bus driver name as reported by the driver's
Lennart Poettering [Wed, 29 Jan 2014 20:07:50 +0000 (21:07 +0100)]
bus: the owner of the bus driver name as reported by the driver's
GetNameOwner() bus call is the bus driver name itself, for compatibility
with dbus1

7 years agonspawn: fix reboot event fd reuse
Lennart Poettering [Wed, 29 Jan 2014 19:58:50 +0000 (20:58 +0100)]
nspawn: fix reboot event fd reuse

7 years agocore: in containers, don't wait for cgroup empty notifications which will never come
Lennart Poettering [Wed, 29 Jan 2014 19:12:18 +0000 (20:12 +0100)]
core: in containers, don't wait for cgroup empty notifications which will never come

7 years agocore: use a bit more PID_FMT
Lennart Poettering [Wed, 29 Jan 2014 13:59:45 +0000 (14:59 +0100)]
core: use a bit more PID_FMT

7 years agocore: make sure to always go through both SIGTERM and SIGKILL states of units
Lennart Poettering [Wed, 29 Jan 2014 13:58:04 +0000 (14:58 +0100)]
core: make sure to always go through both SIGTERM and SIGKILL states of units

Given that we now have KillMode=mixed where SIGTERM might kill a smaller
set than SIGKILL we need to make sure to always go explicitly throught
the SIGKILL state to get the right end result.

7 years agokeymap: Add Toshiba EQUIUM
Martin Pitt [Wed, 29 Jan 2014 15:13:22 +0000 (16:13 +0100)]
keymap: Add Toshiba EQUIUM

Thanks Aleksander Kowalski <>!

7 years agoservice: allow KillMode=mixed in conjunction with PAMName=
Lennart Poettering [Wed, 29 Jan 2014 12:49:54 +0000 (13:49 +0100)]
service: allow KillMode=mixed in conjunction with PAMName=

7 years agocore: introduce new KillMode=mixed which sends SIGTERM only to the main process,...
Lennart Poettering [Wed, 29 Jan 2014 12:38:55 +0000 (13:38 +0100)]
core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes

This should fix some race with terminating systemd --user, where the
system systemd instance might race against the user systemd instance
when sending SIGTERM.

7 years agobus: fake security labels again
Lennart Poettering [Tue, 28 Jan 2014 20:38:14 +0000 (21:38 +0100)]
bus: fake security labels again

(The kernel module got fixed, so let's reenable this again)

7 years agoman: remove erroneous history section
Zbigniew Jędrzejewski-Szmek [Wed, 29 Jan 2014 03:02:12 +0000 (22:02 -0500)]
man: remove erroneous history section

7 years agomanager: remove "debugging" "feature"
Zbigniew Jędrzejewski-Szmek [Wed, 29 Jan 2014 02:57:31 +0000 (21:57 -0500)]
manager: remove "debugging" "feature"

7 years agomanager: requeue the cylon eye for 5s later when a job finishes
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 23:26:06 +0000 (18:26 -0500)]
manager: requeue the cylon eye for 5s later when a job finishes

We'd reqeue the next status update very soon after. Change it so that we wait
for full 5s without any job status changes until we print anything.

7 years agomanager: print ephemeral information about running jobs' timeouts (v2)
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 23:25:39 +0000 (18:25 -0500)]
manager: print ephemeral information about running jobs' timeouts (v2)

This reverts commit 28c758de94bc8ba97b89d9dab3f517cf466978d0
but makes job_coldplug smarter.

In (v1) I changed the job start timestamp to be always set, so the
start time can be reported in the cylon eye message.  The bug was that
when deserializing jobs, they would be ignored if their start
timestamp was unset which was synonymous with no timeout. But after
the change, jobs would have a start timestamp set despite having no
timeout. After deserialization they would be considered immediately
expired. Fix this by checking if the timeout is not zero when
considering jobs for expiration.

7 years agoBase mkostemp_safe on mkostemp
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 23:25:31 +0000 (18:25 -0500)]
Base mkostemp_safe on mkostemp

It is nice to wrap umask handling and return convention,
but glibc's mkostemp is async-signal-safe already.

7 years agoGet rid of write_safe
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 23:23:38 +0000 (18:23 -0500)]
Get rid of write_safe

Current glibc implementation is safe. Kernel does this atomically,
and write is actually implemented through writev. So if write is
async-signal-safe, than writev pretty much must be too.

7 years agokeymap: Add Sony Vaio VGN-FW250
Martin Pitt [Tue, 28 Jan 2014 17:14:18 +0000 (18:14 +0100)]
keymap: Add Sony Vaio VGN-FW250

7 years agokeymap: Add release quirk for Acer AOA switchvideomode key
Martin Pitt [Tue, 28 Jan 2014 17:10:12 +0000 (18:10 +0100)]
keymap: Add release quirk for Acer AOA switchvideomode key

7 years agobuild-sys: disable lto also for libsystemd-id128
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 15:36:11 +0000 (10:36 -0500)]
build-sys: disable lto also for libsystemd-id128

Another instance of

7 years agoalways use the same code for creating temporary files
Lennart Poettering [Tue, 28 Jan 2014 12:47:35 +0000 (13:47 +0100)]
always use the same code for creating temporary files

Let's unify our code here, and also always specifiy O_CLOEXEC.

7 years agoutil: pick slightly safer open() flags when creating temporary files
Lennart Poettering [Tue, 28 Jan 2014 12:26:48 +0000 (13:26 +0100)]
util: pick slightly safer open() flags when creating temporary files

7 years agoutil: define O_TMPFILE on x86/x86-64, where the generic value is used
Lennart Poettering [Tue, 28 Jan 2014 12:25:51 +0000 (13:25 +0100)]
util: define O_TMPFILE on x86/x86-64, where the generic value is used

On other archs we'll not define it so that open_tmpfile() falls back to
unguessable name + unlink.

7 years agoutil: pass original flags value to mkostemp(), in open_tmpfile()
Lennart Poettering [Tue, 28 Jan 2014 12:09:14 +0000 (13:09 +0100)]
util: pass original flags value to mkostemp(), in open_tmpfile()

7 years agoutil: simplify mkostemp_safe()
Lennart Poettering [Tue, 28 Jan 2014 12:08:34 +0000 (13:08 +0100)]
util: simplify mkostemp_safe()

Make it use dev_urandom() and endswith().

7 years agoutil: introduce new dev_urandom() call that is like random_bytes() but doesn't fall...
Lennart Poettering [Tue, 28 Jan 2014 12:07:28 +0000 (13:07 +0100)]
util: introduce new dev_urandom() call that is like random_bytes() but doesn't fall back to PRNG

7 years agoutil: modernize loop_read() and loop_write() a bit
Lennart Poettering [Tue, 28 Jan 2014 12:06:44 +0000 (13:06 +0100)]
util: modernize loop_read() and loop_write() a bit

Let's make use of fd_wait_for_event() here, instead of rolling our own.

7 years agobus: reorder a few things
Lennart Poettering [Tue, 28 Jan 2014 11:33:32 +0000 (12:33 +0100)]
bus: reorder a few things

7 years agobus: update kdbus.h (ABI break)
Kay Sievers [Tue, 28 Jan 2014 11:07:20 +0000 (12:07 +0100)]
bus: update kdbus.h (ABI break)

7 years agoRevert "manager: print ephemeral information about running jobs' timeouts"
Kay Sievers [Tue, 28 Jan 2014 11:03:23 +0000 (12:03 +0100)]
Revert "manager: print ephemeral information about running jobs' timeouts"

This reverts commit 2cba2e03524ec0922ddc70f933e8a89b7d23b4ec.

It breaks bootup with dracut, the transition to the real rootfs fails.

7 years agomanager: also turn on output on unit failure
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 03:48:18 +0000 (22:48 -0500)]
manager: also turn on output on unit failure

7 years agomanager: add systemd.show_status=auto mode
Zbigniew Jędrzejewski-Szmek [Tue, 28 Jan 2014 03:27:07 +0000 (22:27 -0500)]
manager: add systemd.show_status=auto mode

When set to auto, status will shown when the first ephemeral message
is shown (a job has been running for five seconds). Then until the
boot or shutdown ends, status messages will be shown.

No indication about the switch is done: I think it should be clear
for the user that first the cylon eye and the ephemeral messages appear,
and afterwards messages are displayed.

The initial arming of the event source was still wrong, but now should
really be fixed.

7 years agojournal: guarantee async-signal-safety in sd_journald_sendv
Zbigniew Jędrzejewski-Szmek [Sun, 26 Jan 2014 04:35:28 +0000 (23:35 -0500)]
journal: guarantee async-signal-safety in sd_journald_sendv

signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.

Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.

Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.

7 years agoReplace mkostemp+unlink with open(O_TMPFILE)
Zbigniew Jędrzejewski-Szmek [Sun, 26 Jan 2014 01:48:01 +0000 (20:48 -0500)]
Replace mkostemp+unlink with open(O_TMPFILE)

This will only work on Linux >= 3.11, and probably not on all
filesystems. Fallback code is provided.

7 years agobus: update bloom filter description a bit
Lennart Poettering [Tue, 28 Jan 2014 00:05:32 +0000 (01:05 +0100)]
bus: update bloom filter description a bit

7 years agobus: rework bloom filter logic to operate with variable bloom filter
Lennart Poettering [Mon, 27 Jan 2014 23:57:38 +0000 (00:57 +0100)]
bus: rework bloom filter logic to operate with variable bloom filter
sizes and numbers of hash functions

In order to make the bloom filter logic more future proof communicate
bloom filter parameters from the original bus creator to the clients,
and allow them to be variable within certain ranges.

7 years agobus: add API calls for connecting to starter bus
Lennart Poettering [Mon, 27 Jan 2014 20:34:54 +0000 (21:34 +0100)]
bus: add API calls for connecting to starter bus

Add new calls sd_bus_open() and sd_bus_default() for connecting to the
starter bus a service was invoked for, or -- if the process is not a
bus-activated service -- the appropriate bus for the scope the process
has been started in.

7 years agoresolve: update sd-resolve to match the other APIs in style and functionality
Lennart Poettering [Mon, 27 Jan 2014 19:12:14 +0000 (20:12 +0100)]
resolve: update sd-resolve to match the other APIs in style and functionality

7 years agobus: when we cannot bus activate a service because we go down, drop one
Lennart Poettering [Wed, 22 Jan 2014 22:36:06 +0000 (23:36 +0100)]
bus: when we cannot bus activate a service because we go down, drop one
message from the queue

7 years agokeymap: Add HP Chromebook 14 (Falco)
Martin Pitt [Mon, 27 Jan 2014 08:04:22 +0000 (09:04 +0100)]
keymap: Add HP Chromebook 14 (Falco)

Thanks to Stefan Nagy <>.

7 years agocore: require mounts for the root and working directories
Zbigniew Jędrzejewski-Szmek [Mon, 27 Jan 2014 06:23:20 +0000 (01:23 -0500)]
core: require mounts for the root and working directories

We know that launching a unit will fail if some required directories
haven't been mounted yet. There's no point in starting it just to
have it fail even before it gets a chance to run.

7 years agocore: simplify check for path absoluteness
Zbigniew Jędrzejewski-Szmek [Mon, 27 Jan 2014 06:23:16 +0000 (01:23 -0500)]
core: simplify check for path absoluteness

Just a microopt.

7 years agomanager: rearm jobs timer
Zbigniew Jędrzejewski-Szmek [Mon, 27 Jan 2014 06:15:27 +0000 (01:15 -0500)]
manager: rearm jobs timer

It would fire just once.

Also fix units from sec to usec as appropriate.

Decrease the switching interval to 1/3 s, so that when the time
remaining is displayed with 1s precision, it doesn't jump by 2s every
once in a while. Also, the system is feels noticably faster when the
status changes couple of times per second instead of every few

7 years agomanager: print ephemeral information about running jobs' timeouts
Zbigniew Jędrzejewski-Szmek [Mon, 27 Jan 2014 05:59:08 +0000 (00:59 -0500)]
manager: print ephemeral information about running jobs' timeouts

Produces output like:
[  *** ] (1 of 2) A start job is running for slow.service (33s / 1min 30s)

The first nubmer is the time since job start, the second is the job timeout.

7 years agocore: add function to tell when job will time out
Zbigniew Jędrzejewski-Szmek [Mon, 27 Jan 2014 05:57:34 +0000 (00:57 -0500)]
core: add function to tell when job will time out

Things will continue when either the job timeout
or the unit timeout is reached. Add functionality to
access that info.

7 years agopam_systemd: Ignore vtnr when seat != seat0
Matthew Monaco [Fri, 24 Jan 2014 18:23:01 +0000 (11:23 -0700)]
pam_systemd: Ignore vtnr when seat != seat0

logind considers it an error for a seat other than seat0 to have a
non-zero vtnr for CreateSession

7 years agodbus1-generator: use XDG_RUNTIME_DIR instead of /run/user/%lu/
Kay Sievers [Sun, 26 Jan 2014 16:51:53 +0000 (17:51 +0100)]
dbus1-generator: use XDG_RUNTIME_DIR instead of /run/user/%lu/

7 years agobuild-sys: expose more phony targets
Zbigniew Jędrzejewski-Szmek [Sun, 26 Jan 2014 16:36:04 +0000 (11:36 -0500)]
build-sys: expose more phony targets

7 years agobuild-sys: add a phony target for cppcheck
Elia Pinto [Wed, 22 Jan 2014 11:28:43 +0000 (03:28 -0800)]
build-sys: add a phony target for cppcheck

The cppcheck target was introduced by commit 16f4efb4150c65e3c61adaa8ea512489de49f532
"build-sys: add cppcheck target". But it is preferable to use a make phony target
for it, as this patch does.

There are two general reasons to use a phony target: to avoid a
conflict with a file of the same name, and to improve performance. In
this case the first reason is obvious, and the second is that make
skips the implicit rule search for phony targets, since it knows that
phony targets do not name actual files that could be remade from other
files (as described in the "Gnu Make" Manual).

7 years agocryptsetup: Support key-slot option
Christian Seiler [Sun, 26 Jan 2014 11:02:49 +0000 (12:02 +0100)]
cryptsetup: Support key-slot option

Debian recently introduced the option key-slot to /etc/crypttab to
specify the LUKS key slot to be used for decrypting the device. On
systems where a keyfile is used and the key is not in the first slot,
this can speed up the boot process quite a bit, since cryptsetup does
not need to try all of the slots sequentially. (Unsuccessfully testing
a key slot typically takes up to about 1 second.)

This patch makes systemd aware of this option.

Debian bug that introduced the feature:

7 years agobuild-sys: update files
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jan 2014 23:55:50 +0000 (18:55 -0500)]
build-sys: update files

7 years agobuild-sys: merge libsystemd-id128 into libsystemd
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jan 2014 21:05:08 +0000 (16:05 -0500)]
build-sys: merge libsystemd-id128 into libsystemd

7 years agobuild-sys: create "compatibility libraries" section
Zbigniew Jędrzejewski-Szmek [Sun, 19 Jan 2014 13:50:02 +0000 (08:50 -0500)]
build-sys: create "compatibility libraries" section

Compat stuff is moved to src/compat-libs/.
Warnings are issued when programs are linked with the deprecated library.

7 years agobuild-sys: disable lto for compatibility libraries
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jan 2014 22:24:19 +0000 (17:24 -0500)]
build-sys: disable lto for compatibility libraries

7 years agobuild-sys: merge libsystemd-login into libsystemd
Zbigniew Jędrzejewski-Szmek [Sun, 19 Jan 2014 05:12:20 +0000 (00:12 -0500)]
build-sys: merge libsystemd-login into libsystemd

A compatibility libsystemd-login library is created which uses
.symver and ifunc magic proposed by Lennart to make programs linked
to the old library name continue to work seamlessly.

Unfortunately the bfd linker crashes:
This will be fixed in binutils 2.25.

As a work-around, gold can be used:

Unfortunately the switch to pick the linker appeared in gcc 4.8.

This also doesn't work with LLVM:

7 years agobuild-sys: default to gold linker
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jan 2014 01:38:49 +0000 (20:38 -0500)]
build-sys: default to gold linker

gold doesn't exhibit the problems with linking of compatibility

It is also slightly faster:

make clean && make -j5   bfd       gold

real                   34.885s     33.707s
user                   34.486s     32.189s
sys                    9.929s      10.845s

real                   35.128s     33.508s
user                   34.660s     31.858s
sys                    10.798s     10.341s

real                   35.405s     33.748s
user                   34.765s     32.384s
sys                    11.635s     10.998s

real                   35.250s     33.795s
user                   34.704s     32.253s
sys                    11.220s     11.469s

touch src/libsystemd/sd-bus.c && make -j5
                        bfd        gold

real                   10.224s      9.030s
user                   11.664s      9.877s
sys                    3.431s       2.878s

real                   10.021s      9.165s
user                   11.526s      9.990s
sys                    3.061s       3.015s

real                   10.233s      8.961s
user                   11.657s      9.973s
sys                    3.467s       2.202s

real                   10.160s      9.086s
user                   11.637s      9.950s
sys                    3.188s       2.859s

7 years agodbus1-generator: add missing "path=" and "unix:*" to DBUS environment variables
Kay Sievers [Sat, 25 Jan 2014 20:04:39 +0000 (21:04 +0100)]
dbus1-generator: add missing "path=" and "unix:*" to DBUS environment variables

This works around the goa daemon crash:
  Jan 25 20:54:24 lon goa[1363]: goa-daemon version 3.10.2 starting [main.c:117, main()]
  Jan 25 20:54:24 lon systemd[424]: Starting Legacy D-Bus Protocol Compatibility Daemon (PID 1363/UID 2702)...
  Jan 25 20:54:24 lon systemd[424]: Started Legacy D-Bus Protocol Compatibility Daemon (PID 1363/UID 2702).
  Jan 25 20:54:24 lon kernel: goa-daemon[1363]: segfault at 20 ip 00007f46914b26d5 sp 00007fff1ae6d9a0 error 4 in[7f469144f000+228000]
  Jan 25 20:54:24 lon systemd-coredump[1368]: Process 1363 (goa-daemon) dumped core.
  Jan 25 20:54:32 lon goa[1375]: goa-daemon version 3.10.2 starting [main.c:117, main()]

7 years agonetworkd: improve logging a bit
Tom Gundersen [Sat, 25 Jan 2014 10:39:22 +0000 (11:39 +0100)]
networkd: improve logging a bit

Fix/add some structured logging messages, and be uniform about when we WARN and ERR.

7 years agonetworkd: add basic VLAN support
Tom Gundersen [Wed, 22 Jan 2014 13:49:24 +0000 (14:49 +0100)]
networkd: add basic VLAN support

7 years agosd-rtnl: extend tests a bit
Tom Gundersen [Sat, 25 Jan 2014 00:22:54 +0000 (01:22 +0100)]
sd-rtnl: extend tests a bit

7 years agosd-rtnl: add support for reading containers
Tom Gundersen [Fri, 24 Jan 2014 20:04:05 +0000 (21:04 +0100)]
sd-rtnl: add support for reading containers

Also insist on messages being sealed before reading them. In other
words we don't allow interleaving of reading and appending to messages.

7 years agobus: bump memfd vs. copy limit to 512k to reflect recent benchmarks
Kay Sievers [Fri, 24 Jan 2014 20:15:34 +0000 (21:15 +0100)]
bus: bump memfd vs. copy limit to 512k to reflect recent benchmarks

7 years agosd-rtnl: add support for nested containers
Tom Gundersen [Fri, 24 Jan 2014 17:44:03 +0000 (18:44 +0100)]
sd-rtnl: add support for nested containers

7 years agobus: update kdbus.h (ABI break)
Kay Sievers [Fri, 24 Jan 2014 18:25:51 +0000 (19:25 +0100)]
bus: update kdbus.h (ABI break)

7 years agoTODO: update
Michal Sekletar [Fri, 24 Jan 2014 16:45:49 +0000 (17:45 +0100)]
TODO: update

ps can display slice unit for a process.

7 years agobus: update kdbus.h (ABI break)
Kay Sievers [Fri, 24 Jan 2014 16:06:36 +0000 (17:06 +0100)]
bus: update kdbus.h (ABI break)