chiark / gitweb /
7 years agotests: add test-socket-util
Ronny Chevalier [Sat, 14 Jun 2014 20:10:44 +0000 (22:10 +0200)]
tests: add test-socket-util

7 years agonetworkd: unref tunnel
Susant Sahani [Mon, 16 Jun 2014 06:24:34 +0000 (11:54 +0530)]
networkd: unref tunnel

Unref tunnel while shutting down

7 years agonetworkd: introduce vxlan
Susant Sahani [Mon, 16 Jun 2014 06:24:33 +0000 (11:54 +0530)]
networkd: introduce vxlan

This patch enables netwokd to create vxlan

1. File networkd networkd-vxlan.c
2. to netdev
    bool learning
    struct in_addr group
    uint64_t vxlanid;
3. VXLAN subsection and config

7 years agonetworkd: rename netdev variables
Susant Sahani [Mon, 16 Jun 2014 06:24:32 +0000 (11:54 +0530)]
networkd: rename netdev variables

Rename the netdev variables. Remove tunnel_
so that it can be reused .

7 years agosd-rtnl: add support for vxlan rtnl attributes
Susant Sahani [Mon, 16 Jun 2014 06:24:31 +0000 (11:54 +0530)]
sd-rtnl: add support for vxlan rtnl attributes

This patch adds vxlan rtnl attributes to sd-rtnl

7 years agobus-proxy: policy - ignore unsupported tags and attributes
Kay Sievers [Mon, 16 Jun 2014 14:03:30 +0000 (16:03 +0200)]
bus-proxy: policy - ignore unsupported tags and attributes

7 years agoReset signal-mask on re-exec to init=..
Ruediger Oertel [Fri, 13 Jun 2014 14:41:06 +0000 (16:41 +0200)]
Reset signal-mask on re-exec to init=..

Process 1 (aka init) needs to be started with an empty signal mask.
That includes the process 1 that's started after the initrd is finished.
When the initrd is using systemd (as it does with dracut based initrds)
then it is systemd that calls the real init.  Normally this is systemd
again, except when the user uses for instance "init=/bin/bash" on the
kernel command line.

7 years agoutil: add realloc_multiply() helper
David Herrmann [Fri, 13 Jun 2014 16:43:22 +0000 (18:43 +0200)]
util: add realloc_multiply() helper

This is similar to malloc_multiply() and friends. It is realloc() with a
multiplication-overflow check.

7 years agoutil: fix multiply-alloc helpers with size==0
David Herrmann [Fri, 13 Jun 2014 16:38:15 +0000 (18:38 +0200)]
util: fix multiply-alloc helpers with size==0

Passing 0 to malloc() is not required to return NULL. Therefore, don't
bail out if "b" is 0. This is not of importance to the existing helpers,
but the upcoming realloc_multiply() requires this. To keep consistence, we
keep the same behavior for the other helpers.

7 years agomacro: add DISABLE_WARNING_SHADOW
David Herrmann [Thu, 12 Jun 2014 15:54:48 +0000 (17:54 +0200)]

As it turns out, we cannot use _Pragma in compound-statements. Therefore,
constructs like MIN(MAX(a, b), x) will warn due to shadowed variable
declarations. The DISABLE_WARNING_SHADOW macro can be used to suppress

Note that using UNIQUE(_var) does not work either as GCC uses the last
line of a macro-expansion for __LINE__, therefore, still causing both
macros to have the same variables. We could use different variable-names
for MIN and MAX, but that just hides the problem and still fails for
MIN(something(MIN(a, b)), c).

The only working solution is to use __COUNTER__ and pass it pre-evaluated
as extra argument to a macro to use as name-prefix. This, however, makes
all these macros much more complicated so I'll go with manual

7 years agotmpfiles: add new "L+" command as stronger version of "L", that removes the destinati...
Lennart Poettering [Mon, 16 Jun 2014 11:21:07 +0000 (13:21 +0200)]
tmpfiles: add new "L+" command as stronger version of "L", that removes the destination before creating a symlink

Also, make use of this for mtab as long as mount insists on creating it
even if we invoke it with "-n".

7 years agotmpfiles: set up selinux label proeprly when creating fifos
Lennart Poettering [Mon, 16 Jun 2014 11:20:38 +0000 (13:20 +0200)]
tmpfiles: set up selinux label proeprly when creating fifos

7 years agoupdate TODO
Lennart Poettering [Mon, 16 Jun 2014 10:29:51 +0000 (12:29 +0200)]
update TODO

7 years agobuild-sys: add missing Makefile link
Lennart Poettering [Mon, 16 Jun 2014 10:29:35 +0000 (12:29 +0200)]
build-sys: add missing Makefile link

7 years agounits: add a service to invoke ldconfig on system updates at boot
Lennart Poettering [Mon, 16 Jun 2014 10:28:44 +0000 (12:28 +0200)]
units: add a service to invoke ldconfig on system updates at boot

7 years agounits: drop RefuseManualStart= from a couple of update services
Lennart Poettering [Mon, 16 Jun 2014 10:25:49 +0000 (12:25 +0200)]
units: drop RefuseManualStart= from a couple of update services

The only update service we really need to guard like this is
systemd-tmpfiles-setup.service since if invoked manually might create
/var/run/nologin and thus blocking the user from login. The other
services are pretty much idempotent and don't suffer by this problem,
hence let's simplify them.

7 years agoupdate TODO
Lennart Poettering [Sun, 15 Jun 2014 23:03:38 +0000 (01:03 +0200)]
update TODO

7 years agomount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s "-s...
Lennart Poettering [Sun, 15 Jun 2014 23:02:27 +0000 (01:02 +0200)]
mount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s "-s" switch

7 years agomount: tell /bin/mount to never touch /etc/mtab
Lennart Poettering [Sun, 15 Jun 2014 22:53:02 +0000 (00:53 +0200)]
mount: tell /bin/mount to never touch /etc/mtab

/etc/mtab should die die die. It's sad enough util-linux still contains
support for it, but we don't have to partake in that charade, so let's
turn this off.

This is in-line with the fact that since years we already have been
"tainting" systemd if we detect /etc/mtab not being a symlink...

Of course, util-linux is currently broken, and still touches /etc/mtab,
weven if we pass "--no-mtab" to it:

But hey, let's hope that gets fixed quickly, even if total removal of
/etc/mtab support from util-linux might not happen so quickly...

7 years agounits: bring systemd-tmpfiles-setup-dev.service closer to systemd-tmpfiles-setup...
Lennart Poettering [Sun, 15 Jun 2014 21:42:53 +0000 (23:42 +0200)]
units: bring systemd-tmpfiles-setup-dev.service closer to systemd-tmpfiles-setup.service

Among other things, order both services relative to
systemd-sysusers.service in the same direction.

7 years agotmpfiles: create /etc/resolv.conf as link to networkd's version, if it doesn't exist
Lennart Poettering [Sun, 15 Jun 2014 21:39:00 +0000 (23:39 +0200)]
tmpfiles: create /etc/resolv.conf as link to networkd's version, if it doesn't exist

If /etc/resolv.conf doesn't exist it's better than nothing to make it
point to networkd's version.

7 years agosysusers: order before tmpfiles which need the ids
Kay Sievers [Sat, 14 Jun 2014 20:16:46 +0000 (22:16 +0200)]
sysusers: order before tmpfiles which need the ids

7 years agonetworkd: link - flush all pending NEWLINK events before trying to match
Tom Gundersen [Sat, 14 Jun 2014 16:52:46 +0000 (18:52 +0200)]
networkd: link - flush all pending NEWLINK events before trying to match

We could still have an old interface name and/or mac address when libudev
tells us that the device is initialized, as the up-to-date info could still
be on its way from the kernel.

7 years agoRevert "Revert "networkd: netdev - set predictable mac address when creating netdev""
Tom Gundersen [Sat, 14 Jun 2014 13:48:16 +0000 (15:48 +0200)]
Revert "Revert "networkd: netdev - set predictable mac address when creating netdev""

This reverts (and rewrites) commit 7d95c772cba1836545459760273b13f2e01dd2a8.

The issue blocking this feature has now been fixed in the kernel, and backported
to the various stable kernels.

Our netdevs will now have stable MAC addresses, even if one is not specified.

7 years agonetworkd: netdev - allow setting MACAddress in .netdev files
Tom Gundersen [Sat, 14 Jun 2014 13:38:35 +0000 (15:38 +0200)]
networkd: netdev - allow setting MACAddress in .netdev files

It may sometimes be necessary to specify the MAC address of a netdev.
Let us set the correct one from the get-go, rather than having the
kernel generate a random one, and then change it after.

7 years agonetworkd: add assert
Tom Gundersen [Sat, 14 Jun 2014 13:03:56 +0000 (15:03 +0200)]
networkd: add assert

It should not be possible to have a DHCP lease on a link without also having
an associated network. Add assert() to avoid compiler warnings.

Reported by Thomas H. P. Andersen

7 years agonetworkd: link - check returned value from set_lease_pool
Thomas Hindoe Paaboel Andersen [Fri, 13 Jun 2014 20:00:55 +0000 (22:00 +0200)]
networkd: link - check returned value from set_lease_pool

7 years agoFix spelling mistake, scirpt --> script
Colin Ian King [Thu, 12 Jun 2014 15:41:41 +0000 (16:41 +0100)]
Fix spelling mistake, scirpt --> script

7 years agocore: don't complain at early boot if /etc/mtab is not the right symlink
Lennart Poettering [Fri, 13 Jun 2014 18:04:31 +0000 (20:04 +0200)]
core: don't complain at early boot if /etc/mtab is not the right symlink

When we boot up with an empty /etc it's ok if the symlink doesn't exist.
We will create it later with tmpfiles.

7 years agotmpfiles: always use relative symlinks from tmpfiles snippets
Lennart Poettering [Fri, 13 Jun 2014 17:56:12 +0000 (19:56 +0200)]
tmpfiles: always use relative symlinks from tmpfiles snippets

7 years agoos-release: define /usr/lib/os-release as fallback for /etc/os-release
Lennart Poettering [Fri, 13 Jun 2014 17:45:52 +0000 (19:45 +0200)]
os-release: define /usr/lib/os-release as fallback for /etc/os-release

The file should have been in /usr/lib/ in the first place, since it
describes the OS container in /usr (and not the configuration in /etc),
hence, let's support os-release files in /usr/lib as fallback if no
version in /etc exists, following the usual override logic.

A prior commit already enabled tmpfiles to create /etc/os-release as a
symlink to /usr/lib/os-release should it be missing, thus providing nice
compatibility with applications only checking in /etc.

While it's probably a good idea if all apps check both locations via a
fallback logic, it is only necessary in the early boot process, as long
as the /etc/os-release symlink has not been restored, in case we boot
with an empty /etc.

7 years agosysusers: always treat ENOENT as entry-not-found when doing NSS calls
Lennart Poettering [Fri, 13 Jun 2014 17:24:11 +0000 (19:24 +0200)]
sysusers: always treat ENOENT as entry-not-found when doing NSS calls

For most NSS calls it is documented that they return NULL + errno=0 when
an entry is not found. However, in reality it appears to be common to
return NULL + errno=ENOENT, instead. Handle that correctly, and don't
consider ENOENT a systematic error.

7 years agorpm: add RPM macros to apply sysusers, sysctl, and binfmt drop-ins
Lennart Poettering [Fri, 13 Jun 2014 17:18:55 +0000 (19:18 +0200)]
rpm: add RPM macros to apply sysusers, sysctl, and binfmt drop-ins

With this in place RPMs can make sure that whatever they drop in is
immeidately applied, and not delayed until next reboot.

This also moves systemd-sysusers back to /usr/bin, since hardcoding the
path to /usr/lib in the macros would mean compatibility breaks in
future, should we turn sysusers into a command that is actually OK for
people to call directly. And given that that is quite likely to happen
(since it is useful to prepare images with its --root= switch), let's
just prepare for it.

7 years agorpm: don't hardcode the binary paths in the macros, rely on $PATH
Lennart Poettering [Fri, 13 Jun 2014 17:05:22 +0000 (19:05 +0200)]
rpm: don't hardcode the binary paths in the macros, rely on $PATH

this gives us a little bit more freedom to move things around later on,
as we don't hardcode the systemd paths in old RPMs that shall work with
new systemds.

7 years agosd-dhcp-server: test - skip when lacking perms
Tom Gundersen [Fri, 13 Jun 2014 17:11:31 +0000 (19:11 +0200)]
sd-dhcp-server: test - skip when lacking perms

7 years agoinstall: fix invalid free() in unit_file_mask()
Andreas Henriksson [Fri, 13 Jun 2014 16:48:18 +0000 (18:48 +0200)]
install: fix invalid free() in unit_file_mask()

int unit_file_mask(...) in ./src/shared/install.c calls
get_config_path(...) which can in 4 error cases return without setting
"ret", and thus "prefix" can be uninitialized when unit_file_mask(...)
finishes (which it does directly after the error is returned from

7 years agoudev: fix invalid free() in enable_name_policy()
Andreas Henriksson [Fri, 13 Jun 2014 16:48:21 +0000 (18:48 +0200)]
udev: fix invalid free() in enable_name_policy()

static bool enable_name_policy(...) in ./src/udev/net/link-config.c
calls proc_cmdline(...) to get "line" initialized, but
proc_cmdline(...) does not guarantee that atleast when both
conditions (detect_container(NULL) > 0) and
read_full_file(...) returned < 0.

7 years agocore: fix invalid free() in killall()
Andreas Henriksson [Fri, 13 Jun 2014 16:48:19 +0000 (18:48 +0200)]
core: fix invalid free() in killall()

static int killall(....) in ./src/core/killall.c tries to get "s"
initialized by calling get_process_comm(...) which calls
read_one_line_file(...) which if it fails will mean it is left
It is then used in argument to strna(s) call where it is
dereferenced(!), in addition to nothing else initializing it before
the scope it is in finishes.

7 years agosd-dhcp-client: fix invalid free() in client_send_request()
Andreas Henriksson [Fri, 13 Jun 2014 16:48:20 +0000 (18:48 +0200)]
sd-dhcp-client: fix invalid free() in client_send_request()

static int client_send_request(...) in
./src/libsystemd-network/sd-dhcp-client.c tries to initialize
"request" by calling client_message_init(...), which has atleast
5 error cases where it can return without that happening.
This leads to the function finishing without "request" being initialized.

7 years agonetworkd: link - left-align debug messages
Tom Gundersen [Fri, 13 Jun 2014 16:34:34 +0000 (18:34 +0200)]
networkd: link - left-align debug messages

Still add some whitespace betwen ifname and the message to get the
messages aligned (as I find it easier to spot specific messages this way).

7 years agonetworkd: add dhcp server support
Tom Gundersen [Wed, 5 Mar 2014 07:13:30 +0000 (08:13 +0100)]
networkd: add dhcp server support

When enabled in [Network] it will set up a dhcp server on the interface, listening
on one of its statically configured IPv4 addresses and with a fixed size pool of
leases determined from it.





In this case we will configure ve-arch-tree with the address and
hand out addresses in the range -

In the future, we should (as suggested by Lennart) introduce a syntax to pick the
server address automatically.

7 years agosd-dhcp-server: add RELEASE support
Tom Gundersen [Mon, 26 May 2014 13:18:47 +0000 (15:18 +0200)]
sd-dhcp-server: add RELEASE support

7 years agosd-dhcp-server: add dummy DECLINE support
Tom Gundersen [Mon, 26 May 2014 13:06:42 +0000 (15:06 +0200)]
sd-dhcp-server: add dummy DECLINE support

7 years agosd-dhcp-server: track bound leases
Tom Gundersen [Sun, 25 May 2014 20:07:53 +0000 (22:07 +0200)]
sd-dhcp-server: track bound leases

Make sure we don't hand out the same IP twice. We still don't
handle lease expiry.

7 years agosd-dhcp-server: add support for clients requesting lease lifetime
Tom Gundersen [Sun, 25 May 2014 19:47:38 +0000 (21:47 +0200)]
sd-dhcp-server: add support for clients requesting lease lifetime

7 years agosd-dhcp-server: add basic NAK support
Tom Gundersen [Sun, 25 May 2014 18:39:02 +0000 (20:39 +0200)]
sd-dhcp-server: add basic NAK support

7 years agosd-dhcp-server: add basic REQUEST/ACK support
Tom Gundersen [Sun, 25 May 2014 16:28:03 +0000 (18:28 +0200)]
sd-dhcp-server: add basic REQUEST/ACK support

7 years agosd-dhcp-server: add basic DISCOVER/OFFER support
Tom Gundersen [Sun, 25 May 2014 15:31:17 +0000 (17:31 +0200)]
sd-dhcp-server: add basic DISCOVER/OFFER support

7 years agosd-dhcp-server: add support for sending messages
Tom Gundersen [Sun, 25 May 2014 15:20:57 +0000 (17:20 +0200)]
sd-dhcp-server: add support for sending messages

7 years agosd-dhcp-server: add support for setting the server address
Tom Gundersen [Sat, 24 May 2014 22:29:13 +0000 (00:29 +0200)]
sd-dhcp-server: add support for setting the server address

7 years agosd-dhcp-server: bind to raw socket for sending
Tom Gundersen [Sat, 24 May 2014 21:03:49 +0000 (23:03 +0200)]
sd-dhcp-server: bind to raw socket for sending

We would like to use the UDP socket, but we cannot as we need to specify
the MAC address manually.

7 years agosd-dhcp-server: add basic message parsing
Tom Gundersen [Sat, 24 May 2014 20:14:32 +0000 (22:14 +0200)]
sd-dhcp-server: add basic message parsing

Parse the maximum message size the client can accept and the client id, falling back to
sane defaults if they are not set.

7 years agosd-dhcp-server: add basic message handling and verification
Tom Gundersen [Sat, 24 May 2014 19:04:27 +0000 (21:04 +0200)]
sd-dhcp-server: add basic message handling and verification

7 years agosd-dhcp-server: bind to a given interface
Tom Gundersen [Sat, 24 May 2014 17:38:17 +0000 (19:38 +0200)]
sd-dhcp-server: bind to a given interface

We will (at least at first), restrict our focus to running the server
on at most one interface.

7 years agosd-dhcp-server: add basic functionality for starting/stopping server
Tom Gundersen [Sat, 24 May 2014 17:27:20 +0000 (19:27 +0200)]
sd-dhcp-server: add basic functionality for starting/stopping server

Bind to UDP socket and listen for messages, discarding anything we receive.

7 years agosd-dhcp-server: add basic functionality for creating/destroying server instance
Tom Gundersen [Sat, 24 May 2014 16:48:41 +0000 (18:48 +0200)]
sd-dhcp-server: add basic functionality for creating/destroying server instance

7 years agodhcp-network: allow UDP socket to listen on any address
Tom Gundersen [Sat, 24 May 2014 13:48:47 +0000 (15:48 +0200)]
dhcp-network: allow UDP socket to listen on any address

For this to work nicely we need to use REUSEADDR so that more than one socket
can be open at the same time. Also, we request the ifindex to be appended
to incoming messages, so we know whence it came.

7 years agotmpfiles: add minimal tmpfiles snippet to rebuild the most essential stuff from /etc
Lennart Poettering [Fri, 13 Jun 2014 11:29:25 +0000 (13:29 +0200)]
tmpfiles: add minimal tmpfiles snippet to rebuild the most essential stuff from /etc

7 years agounits: rebuild /etc/passwd, the udev hwdb and the journal catalog files on boot
Lennart Poettering [Fri, 13 Jun 2014 11:10:30 +0000 (13:10 +0200)]
units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on boot

Only when necessary of course, nicely guarded with the new
ConditionNeedsUpdate= condition we added.

7 years agocore: add new ConditionNeedsUpdate= unit condition
Lennart Poettering [Fri, 13 Jun 2014 10:52:31 +0000 (12:52 +0200)]
core: add new ConditionNeedsUpdate= unit condition

This new condition allows checking whether /etc or /var are out-of-date
relative to /usr. This is the counterpart for the update flag managed by
systemd-update-done.service. Services that want to be started once after
/usr got updated should use:


This makes sure that they are only run if /etc is out-of-date relative
to /usr. And that it will be executed after systemd-update-done.service
which is responsible for marking /etc up-to-date relative to the current

ConditionNeedsUpdate= will also checks whether /etc is actually
writable, and not trigger if it isn't, since no update is possible then.

7 years agoupdate-done: add minimal tool to manage system updates for /etc and /var, if /usr...
Lennart Poettering [Fri, 13 Jun 2014 10:43:49 +0000 (12:43 +0200)]
update-done: add minimal tool to manage system updates for /etc and /var, if /usr has changed

In order to support offline updates to /usr, we need to be able to run
certain tasks on next boot-up to bring /etc and /var in line with the
updated /usr. Hence, let's devise a mechanism how we can detect whether
/etc or /var are not up-to-date with /usr anymore: we keep "touch
files" in /etc/.updated and /var/.updated that are mtime-compared with
/usr. This means:

Whenever the vendor OS tree in /usr is updated, and any services that
shall be executed at next boot shall be triggered, it is sufficient to
update the mtime of /usr itself. At next boot, if /etc/.updated and/or
/var/.updated is older than than /usr (or missing), we know we have to
run the update tools once. After that is completed we need to update the
mtime of these files to the one of /usr, to keep track that we made the
necessary updates, and won't repeat them on next reboot.

A subsequent commit adds a new ConditionNeedsUpdate= condition that
allows checking on boot whether /etc or /var are outdated and need

This is an early step to allow booting up with an empty /etc, with
automatic rebuilding of the necessary cache files or user databases
therein, as well as supporting later updates of /usr that then propagate
to /etc and /var again.

7 years agocondition: minor modernizations
Lennart Poettering [Fri, 13 Jun 2014 10:39:58 +0000 (12:39 +0200)]
condition: minor modernizations

7 years agounits: don't conditionalize sysctl service
Lennart Poettering [Fri, 13 Jun 2014 10:25:12 +0000 (12:25 +0200)]
units: don't conditionalize sysctl service

We install two sysctl snippets ourselves, hence the condition will
always trigger, so no point in tryng to optimize things with this, it
just will make things slower, if anything.

7 years agounits: remove conditions from systemd-tmpfiles-setup
Lennart Poettering [Fri, 13 Jun 2014 10:22:04 +0000 (12:22 +0200)]
units: remove conditions from systemd-tmpfiles-setup

There's no point in conditionalizing systemd-tmpfiles at boot, since we
ship tmpfiles snippets ourselves, hence they will always trigger anyway.

Also, there's no reason to pull in from the service,
hence drop that.

7 years agosystem-update-generator: modernizations
Lennart Poettering [Fri, 13 Jun 2014 10:21:45 +0000 (12:21 +0200)]
system-update-generator: modernizations

7 years agosysusers: hide generate .conf file
Lennart Poettering [Fri, 13 Jun 2014 10:18:18 +0000 (12:18 +0200)]
sysusers: hide generate .conf file

7 years agoupdate TODO
Lennart Poettering [Fri, 13 Jun 2014 10:17:30 +0000 (12:17 +0200)]
update TODO

7 years agosysusers: move systemd-sysusers to libexec for now
Lennart Poettering [Fri, 13 Jun 2014 10:17:11 +0000 (12:17 +0200)]
sysusers: move systemd-sysusers to libexec for now

7 years agotmpfiles: skip mknod() on -EPERM (device cgroup)
Kay Sievers [Fri, 13 Jun 2014 02:11:11 +0000 (04:11 +0200)]
tmpfiles: skip mknod() on -EPERM (device cgroup)

7 years agosysusers: do not set todo to create a user when we only need a group
Kay Sievers [Fri, 13 Jun 2014 01:26:41 +0000 (03:26 +0200)]
sysusers: do not set todo to create a user when we only need a group

7 years agocryptsetup: check that password is not null
Thomas Hindoe Paaboel Andersen [Thu, 12 Jun 2014 20:50:04 +0000 (22:50 +0200)]
cryptsetup: check that password is not null

Beef up the assert to protect against passing null to strlen.

Found with scan-build.

7 years agosysuser: generate default snippet incorporating TTY_GID properly
Lennart Poettering [Thu, 12 Jun 2014 21:22:27 +0000 (23:22 +0200)]
sysuser: generate default snippet incorporating TTY_GID properly

When the user specifies --with-tty-gid= then we should honour that and
write it to the snippet, too.

7 years agosysusers: add new input group to default snippet
Lennart Poettering [Thu, 12 Jun 2014 21:08:51 +0000 (23:08 +0200)]
sysusers: add new input group to default snippet

7 years agotmpfiles: minor modernizations
Lennart Poettering [Thu, 12 Jun 2014 21:07:17 +0000 (23:07 +0200)]
tmpfiles: minor modernizations

7 years agomachine: minor modernizations
Lennart Poettering [Thu, 12 Jun 2014 21:06:56 +0000 (23:06 +0200)]
machine: minor modernizations

7 years agosysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static...
Lennart Poettering [Thu, 12 Jun 2014 20:54:02 +0000 (22:54 +0200)]
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files

systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.

The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.

This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.

The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.

The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.

This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.

7 years agodebug-shell: add condition for tty device to run on
Kay Sievers [Thu, 12 Jun 2014 20:26:43 +0000 (22:26 +0200)]
debug-shell: add condition for tty device to run on

7 years agoudev: assign group "input" to all input devices
Kay Sievers [Thu, 12 Jun 2014 12:59:53 +0000 (14:59 +0200)]
udev: assign group "input" to all input devices

7 years agoNEWS: fix directory name
Mantas Mikul─Śnas [Wed, 11 Jun 2014 14:09:11 +0000 (17:09 +0300)]
NEWS: fix directory name

7 years agoNEWS: add missing comment about the "floppy" group
Lennart Poettering [Wed, 11 Jun 2014 16:42:38 +0000 (18:42 +0200)]
NEWS: add missing comment about the "floppy" group

7 years agoNEWS: mention that resolved's resolv.conf fragment moved v214
Lennart Poettering [Wed, 11 Jun 2014 13:32:20 +0000 (15:32 +0200)]
NEWS: mention that resolved's resolv.conf fragment moved

7 years agobuild-sys: update library versions
Lennart Poettering [Wed, 11 Jun 2014 13:30:28 +0000 (15:30 +0200)]
build-sys: update library versions

7 years agoNEWS: add contributor list for 214
Lennart Poettering [Wed, 11 Jun 2014 13:04:59 +0000 (15:04 +0200)]
NEWS: add contributor list for 214

7 years agounits: order after
Lennart Poettering [Wed, 11 Jun 2014 12:58:32 +0000 (14:58 +0200)]
units: order after

There might be implementations around where the network-online logic
might not talk to any network configuration service (and thus not have
to wait for it), hence let's explicitly order
after to avoid any ambiguities.

7 years agoNEWS: update
Kay Sievers [Wed, 11 Jun 2014 12:04:28 +0000 (14:04 +0200)]
NEWS: update

7 years agoNEWS: prepare NEWS for 214
Lennart Poettering [Wed, 11 Jun 2014 11:31:51 +0000 (13:31 +0200)]
NEWS: prepare NEWS for 214

7 years agodoc: specify kernel configs for cpushares
Umut Tezduyar Lindskog [Tue, 10 Jun 2014 21:29:30 +0000 (23:29 +0200)]
doc: specify kernel configs for cpushares

7 years agounits: probably makes sense, is not just sysv compat
Lennart Poettering [Wed, 11 Jun 2014 09:35:42 +0000 (11:35 +0200)]
units: probably makes sense, is not just sysv compat

7 years agounits: introduce as place to hook in firewalls
Lennart Poettering [Wed, 11 Jun 2014 09:33:02 +0000 (11:33 +0200)]
units: introduce as place to hook in firewalls is a passive target that should be pulled in by
services that want to be executed before any network is configured (for
example: firewall scrips). should be ordered before all network managemet
services (but not be pulled in by them). should be order after all services that want to be
executed before any network is configured (and be pulled in by them).

7 years agoNEWS: add section about udev locking
Kay Sievers [Wed, 11 Jun 2014 10:00:47 +0000 (12:00 +0200)]
NEWS: add section about udev locking

7 years agoudev: stop using "floppy" group
Kay Sievers [Wed, 11 Jun 2014 09:20:55 +0000 (11:20 +0200)]
udev: stop using "floppy" group

7 years agojournald: create /run/log/journal with the correct access modes
Lennart Poettering [Wed, 11 Jun 2014 08:36:13 +0000 (10:36 +0200)]
journald: create /run/log/journal with the correct access modes

7 years agotmpfiles: don't allow read access to journal files to users not in systemd-journal
Lennart Poettering [Wed, 11 Jun 2014 08:23:16 +0000 (10:23 +0200)]
tmpfiles: don't allow read access to journal files to users not in systemd-journal

Also, don't apply access mode recursively to /var/log/journal/*/, since
that might be quite large, and should be correct anyway.

7 years agoupdate TODO
Lennart Poettering [Wed, 11 Jun 2014 08:15:51 +0000 (10:15 +0200)]
update TODO

7 years agotmpfiles: don't apply sgid and executable bit to journal files, only the directories...
Lennart Poettering [Wed, 11 Jun 2014 08:15:07 +0000 (10:15 +0200)]
tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in

7 years agotmpfiles: add ability to mask access mode by pre-existing access mode on files/direct...
Lennart Poettering [Wed, 11 Jun 2014 08:14:07 +0000 (10:14 +0200)]
tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories

This way it makes a lot more sense to specify an access mode for "Z"

7 years agotmpfiles: if /var is mounted from tmpfs, we should adjust its access mode
Lennart Poettering [Wed, 11 Jun 2014 07:20:17 +0000 (09:20 +0200)]
tmpfiles: if /var is mounted from tmpfs, we should adjust its access mode

7 years agotmpfiles: remove unnecessary function
Lennart Poettering [Wed, 11 Jun 2014 07:19:57 +0000 (09:19 +0200)]
tmpfiles: remove unnecessary function

7 years agotmpfiles: when processing lines, always process prefixes before suffixes
Lennart Poettering [Tue, 10 Jun 2014 23:37:35 +0000 (01:37 +0200)]
tmpfiles: when processing lines, always process prefixes before suffixes

If two lines refer to paths that are suffix and prefix of each other,
then always process the prefix first, the suffix second. In all other
cases strictly process rules in the order they appear in the files.

This makes creating /var/run as symlink to /run a lot more fun, since it
is automatically created first.

7 years agotmpfiles: static variables populated immediately from the command line should be...
Lennart Poettering [Tue, 10 Jun 2014 23:26:28 +0000 (01:26 +0200)]
tmpfiles: static variables populated immediately from the command line should be prefixed with arg_