1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Commit Graph

34014 Commits

Author SHA1 Message Date
Yu Watanabe
b8da477eaf fs-util: introduce fchmod_and_chown()
The new function fchmod_and_chown() is almost same as chmod_and_chown()
except it takes file descriptor instead of file path.
2018-06-14 11:47:57 +09:00
Lennart Poettering
08ebe56b2e
Merge pull request #9291 from poettering/nspawn-fixlets
tiny nspawn fixlets
2018-06-13 19:16:34 +02:00
Lennart Poettering
f0d97606e9
Merge pull request #9290 from poettering/radv-fixlets
tiny sd-radv fixlets
2018-06-13 19:05:57 +02:00
Yu Watanabe
24f5a4c7c6 machine: ignore containers which disable private user namespace in MapToMachine{User,Group}
Fixes #9286.
2018-06-13 19:05:32 +02:00
Lennart Poettering
df1fac6dea nspawn: free global variables before exiting
This doesn't really matter much, but is prettier for valgrind
2018-06-13 17:51:40 +02:00
Lennart Poettering
97d7974b18 sd-radv: use strv_isempty() where we can 2018-06-13 17:48:15 +02:00
Lennart Poettering
f5a5706ace sd-radv: normalize function parameters a bit
Let's add "const" where we don't change structures passed.

Also, we generally use "unsigned char" for IP prefix length values, do
so here too. Previously different parts of the sd-radv.h API used
different types for this.
2018-06-13 17:48:15 +02:00
Lennart Poettering
c4b6dda07f sd-radv: close fd when destroying object 2018-06-13 17:48:15 +02:00
Lennart Poettering
2f14e52f08 nspawn: drop unused parameter from one call 2018-06-13 17:42:16 +02:00
Susant Sahani
6f8a8b84f2 networkd: Don't try to close fd in sd_radv_stop if fd is closed.
sd_radv_stop is called from two places. if sd_radv_stop is alrady
success then just don't try to close it .
```
systemd-networkd[604]: RADV: Stopping IPv6 Router Advertisement daemon
systemd-networkd[604]: RADV: Unable to send last Router Advertisement with router lifetime set to zero: Bad file descriptor <==================HERE
systemd-networkd[604]: RADV: Updated prefix 2a0a:*:*:fc::/64 preferred 1h valid 2h
systemd-networkd[604]: RADV: Started IPv6 Router Advertisement daemon
```

Closes one of the issue #8960
2018-06-13 17:14:47 +02:00
Lennart Poettering
cb8770ed21
Merge pull request #9261 from keszybz/drop-bool-casts
Drop bool casts
2018-06-13 16:19:24 +02:00
Lennart Poettering
d5ef342dfe hwdb-update: make sure it works when run from meson
let's make the argument optional again, so that the command line "ninja
-C build hwdb-update" runs works.
2018-06-13 14:20:03 +02:00
Lennart Poettering
38dd5600b3 hwdb: update from upstream 2018-06-13 14:20:03 +02:00
Lennart Poettering
9539a9d3db terminal-util: make file names in --cat-config output clickable links 2018-06-13 14:20:03 +02:00
Lennart Poettering
dcd5c891cb binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands
The output of these commands is really long, and already enriched with
color. Let's add auto-paging to make this easier to digest.
2018-06-13 14:20:03 +02:00
Lennart Poettering
ba1dc1a12b NEWS: add an example that actually applies 2018-06-13 14:20:03 +02:00
Lennart Poettering
75da262a13 NEWS: the tool is called resolvconf, without the inner e 2018-06-13 14:20:03 +02:00
Lennart Poettering
fe903cf420 NEWS: break lines with emacs once more
Let's follow the line break rules our .dir-locals.el file defines
2018-06-13 14:20:03 +02:00
Lennart Poettering
ec53d48c41 NEWS: some .mailmap work to clean up contributors list 2018-06-13 14:20:03 +02:00
Zbigniew Jędrzejewski-Szmek
23949111c0
Merge pull request #8863 from evelikov/shell-completion-fixes
Shell completion fixes/perf improvements
2018-06-13 14:09:14 +02:00
Zbigniew Jędrzejewski-Szmek
108ccae9e1 test-alloc-util: add casts to bools from p ointers
C++03: "An rvalue of arithmetic, enumeration, pointer, or pointer to member
type can be converted to an rvalue of type bool. A zero value, null pointer
value, or null member pointer value is converted to false; any other value is
converted to true"

C should behave the same because pointers are scalars in C, but let's verify
that.
2018-06-13 10:52:40 +02:00
Zbigniew Jędrzejewski-Szmek
5d904a6aaa tree-wide: drop !! casts to booleans
They are not needed, because anything that is non-zero is converted
to true.

C11:
> 6.3.1.2: When any scalar value is converted to _Bool, the result is 0 if the
> value compares equal to 0; otherwise, the result is 1.

https://stackoverflow.com/questions/31551888/casting-int-to-bool-in-c-c
2018-06-13 10:52:40 +02:00
Zbigniew Jędrzejewski-Szmek
37e744e866 test-alloc-util: add a "test" for bool casts
Just in case ;)

There is no good place, test-alloc-util.c is as good as any, and it's quite
short so far, so let's add this there.
2018-06-13 10:52:40 +02:00
Zbigniew Jędrzejewski-Szmek
3b253ad689 cocinelle: use GNU parallel to run spatch
spatch is single-threaded, i.e. slow. On my machine it allocates 5 GB of memory
and starts swapping, which makes it even slower. Using parallel makes the whole
thing pleasantly fast.
2018-06-13 10:52:33 +02:00
Zbigniew Jędrzejewski-Szmek
fbbe6d65b4 basic/parse-util: remove unnecessary parentheses 2018-06-13 10:43:38 +02:00
Zbigniew Jędrzejewski-Szmek
b961fbd4ee
Merge pull request #9172 from yuwata/timesync-ntp-parser
timesync: check validity of NTP server name or address
2018-06-13 08:52:58 +02:00
Zbigniew Jędrzejewski-Szmek
6f534ceb95
Merge pull request #9280 from yuwata/follow-ups-8849
Several follow-ups for #8849
2018-06-13 08:46:07 +02:00
Yu Watanabe
73c718a9e5 NEWS: add more news 2018-06-13 08:27:14 +02:00
Zbigniew Jędrzejewski-Szmek
70127be805
Merge pull request #9153 from poettering/private-mounts
introduce PrivateMounts= setting and clean up documentation for MountFlags=
2018-06-13 08:20:18 +02:00
Lennart Poettering
c086ce8c2e NEWS: announce DNS-over-TLS too 2018-06-13 14:39:53 +09:00
Yu Watanabe
87cbe069e6 man: drop unnecessary '=' after nta 2018-06-13 14:34:26 +09:00
Yu Watanabe
92936883d5 resolvectl: fix indentation 2018-06-13 14:30:51 +09:00
Yu Watanabe
ba0c011eee timesync: add more log messages in manager_network_read_link_servers() 2018-06-13 14:05:26 +09:00
Yu Watanabe
dcb37458cb timesync: check validity of NTP server name or address 2018-06-13 13:51:17 +09:00
Yu Watanabe
8e7b5bd047 conf-parser: simplify conf_parse_path()
Follow-up for 97651797e83d0548aef9f808657d3518d89e5aee.
2018-06-13 13:50:35 +09:00
Yu Watanabe
daab72ea44 resolve: do not complete stream transaction when it is under retrying 2018-06-13 13:43:36 +09:00
Yu Watanabe
3da3cdd592 resolve: drop unused argument of dns_server_packet_lost() 2018-06-13 13:20:23 +09:00
Yu Watanabe
eab39da1fa resolve: correctly count TCP transaction failures
Fixes #9281.
2018-06-13 13:13:40 +09:00
Yu Watanabe
3c0dcbcf4f resolve: fix log message 2018-06-13 12:21:54 +09:00
Yu Watanabe
1a363edad1 bash-completion/resolvectl: support privatedns command 2018-06-13 11:16:26 +09:00
Yu Watanabe
ddf1a95301 resolve: reject PrivateDNS=yes 2018-06-13 11:00:52 +09:00
Yu Watanabe
8adbd86586 resolve: make manager_get_private_dns_mode() always return valid setting 2018-06-13 11:00:28 +09:00
Yu Watanabe
b761a10797 resolve: add missing bus property and method
Follow-up for #8849.
2018-06-13 10:50:34 +09:00
Matthias-Christian Ott
dbc4661a2c resolve: do not derive query timeout from RTT
DNS queries need timeout values to detect whether a DNS server is
unresponsive or, if the query is sent over UDP, whether a DNS message
was lost and has to be resent. The total time that it takes to answer a
query to arrive is t + RTT, where t is the maximum time that the DNS
server that is being queried needs to answer the query.

An authoritative server stores a copy of the zone that it serves in main
memory or secondary storage, so t is very small and therefore the time
that it takes to answer a query is almost entirely determined by the
RTT. Modern authoritative server software keeps its zones in main memory
and, for example, Knot DNS and NSD are able to answer in less than
100 µs [1]. So iterative resolvers continuously measure the RTT to
optimize their query timeouts and to resend queries more quickly if they
are lost.

systemd-resolved is a stub resolver: it forwards DNS queries to an
upstream resolver and waits for an answer. So the time that it takes for
systemd-resolved to answer a query is determined by the RTT and the time
that it takes the upstream resolver to answer the query.

It seems common for iterative resolver software to set a total timeout
for the query. Such total timeout subsumes the timeout of all queries
that the iterative has to make to answer a query. For example, BIND
seems to use a default timeout of 10 s.

At the moment systemd-resolved derives its query timeout entirely from
the RTT and does not consider the query timeout of the upstream
resolver. Therefore it often mistakenly degrades the feature set of its
upstream resolvers if it takes them longer than usual to answer a query.
It has been reported to be a considerable problem in practice, in
particular if DNSSEC=yes. So the query timeout systemd-resolved should
be derived from the timeout of the upstream resolved and the RTT to the
upstream resolver.

At the moment systemd-resolved measures the RTT as the time that it
takes the upstream resolver to answer a query. This clearly leads to
incorrect measurements. In order to correctly measure the RTT
systemd-resolved would have to measure RTT separately and continuously,
for example with a query with an empty question section or a query for
the SOA RR of the root zone so that the upstream resolver would be able
to answer to query without querying another server. However, this
requires significant changes to systemd-resolved. So it seems best to
postpone them until other issues have been addressed and to set the
resend timeout to a fixed value for now.

As mentioned, BIND seems to use a timeout of 10 s, so perhaps 12 s is a
reasonable value that also accounts for common RTT values. If we assume
that the we are going to retry, it could be less. So it should be enough
to set the resend timeout to DNS_TIMEOUT_MAX_USEC as
DNS_SERVER_FEATURE_RETRY_ATTEMPTS * DNS_TIMEOUT_MAX_USEC = 15 s.
However, this will not solve the incorrect feature set degradation and
should be seen as a temporary change until systemd-resolved does
probe the feature set of an upstream resolver independently from the
actual queries.

[1] https://www.knot-dns.cz/benchmark/
2018-06-12 23:21:18 +02:00
Lennart Poettering
17ae278097 core: when applying io/blkio per-device rules, don't remove them if they fail
These devices might show up later, hence leave the rules as they are.
Applying the limits should not alter configuration.
2018-06-12 22:52:36 +02:00
Lennart Poettering
ef31828d06 tree-wide: unify how we define bit mak enums
Let's always write "1 << 0", "1 << 1" and so on, except where we need
more than 31 flag bits, where we write "UINT64(1) << 0", and so on to force
64bit values.
2018-06-12 21:44:00 +02:00
Lennart Poettering
401e860cb8
Merge pull request #8849 from irtimmer/feature/dns-over-tls
resolve: Support for DNS-over-TLS
2018-06-12 20:45:39 +02:00
Iwan Timmer
30e59c84d7 man: document DNS-over-TLS options 2018-06-12 18:50:30 +02:00
Michael Biebl
1b2ad5d9a5 doc: more spelling fixes 2018-06-12 16:31:30 +02:00
Lennart Poettering
c49a7cbd63 update NEWS with new PrivateMounts= blurb 2018-06-12 16:27:37 +02:00