1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

25850 Commits

Author SHA1 Message Date
Lennart Poettering
d31645adef tree-wide: port more code to use ifname_valid() 2016-05-09 15:45:31 +02:00
Lennart Poettering
938d257954 man: add documentation for the new --network-zone= concept of nspawn 2016-05-09 15:45:31 +02:00
Lennart Poettering
3af18d8eab network: add automatic configuration for the networks created by nspawn --network-zone=
This way, they "just work", similar to --network-veth behaves, as long as
networkd is enabled and running on all involved nodes.
2016-05-09 15:45:31 +02:00
Lennart Poettering
22b28dfdc7 nspawn: add new --network-zone= switch for automatically managed bridge devices
This adds a new concept of network "zones", which are little more than bridge
devices that are automatically managed by nspawn: when the first container
referencing a bridge is started, the bridge device is created, when the last
container referencing it is removed the bridge device is removed again. Besides
this logic --network-zone= is pretty much identical to --network-bridge=.

The usecase for this is to make it easy to run multiple related containers
(think MySQL in one and Apache in another) in a common, named virtual Ethernet
broadcast zone, that only exists as long as one of them is running, and fully
automatically managed otherwise.
2016-05-09 15:45:31 +02:00
Lennart Poettering
ef76dff225 util-lib: add new ifname_valid() call that validates interface names
Make use of this in nspawn at a couple of places. A later commit should port
more code over to this, including networkd.
2016-05-09 15:45:31 +02:00
Lennart Poettering
5e7423ff25 man: document that nspawn's host0 and ve-* interfaces have default config in networkd 2016-05-09 15:45:31 +02:00
Lennart Poettering
7be8fb7bfc Merge pull request #3222 from keszybz/tests-work
Some small fixes to make it easier to run tests and fix failure in TEST-{02,08}
2016-05-09 12:39:56 +02:00
Zbigniew Jędrzejewski-Szmek
62a992bed9 TEST-08: make sure / is remounted rw
In this test /etc/fstab is replaced by -.mount unit. This causes
systemd-remount-fs.service to not remount / rw, which in turn causes various
failures becuase /var is not writable. In particular
systemd-tmpfiles-setup.service reports many failures. This is something
to possibly fix on its own (see https://github.com/systemd/systemd/issues/791);
in the meanwhile let's fix this test so that it doesn't fail, since the
point of the test is to check aliases on mount units, and not a ro root.
2016-05-08 22:00:23 -04:00
Zbigniew Jędrzejewski-Szmek
61b480b68b tests: enable logging for pid1, disable for other systemd services
systemd-udev generated an insane amount of log output at debug level.
It would break TEST-02-CRYPTSETUP by filling the overflowing the disk
(which seems to be a bug in itself!).
2016-05-08 20:27:34 -04:00
Zbigniew Jędrzejewski-Szmek
e14b866bc1 tests: allow root to login with empty password to test images 2016-05-08 20:27:33 -04:00
Zbigniew Jędrzejewski-Szmek
ed1190498f tree-wide: remove uses of --failed
It has been replaced by --state=failed.
2016-05-08 20:27:33 -04:00
Zbigniew Jędrzejewski-Szmek
5b23cef0bb tests: specify format=raw for qemu to avoid warning
WARNING: Image format was not specified for
         '/var/tmp/systemd-test.tGi3od/rootdisk.img' and probing guessed raw.
         Automatically detecting the format is dangerous for raw images, write
         operations on block 0 will be restricted.  Specify the 'raw' format
         explicitly to remove the restrictions.

Also use unsafe caching mode, we don't care about data integrity here.
2016-05-08 20:27:33 -04:00
Martin Pitt
d75103d4c6 Merge pull request #3202 from poettering/socket-fixes
don't reopen socket fds when reloading the daemon
2016-05-08 21:09:35 +02:00
Thomas H. P. Andersen
977f2beaf2 NEWS: typo fix and american english (#3219) 2016-05-07 17:52:31 -04:00
Zbigniew Jędrzejewski-Szmek
03a037f338 Merge pull request #3205 from poettering/iaid
more dhcp fixes
2016-05-07 15:31:58 -04:00
Zbigniew Jędrzejewski-Szmek
74ad38ff0e Merge pull request #3160 from htejun/cgroup-fixes-rev2
Cgroup fixes.
2016-05-07 15:08:57 -04:00
Lennart Poettering
e76f4732f1 Merge pull request #3215 from keszybz/news-and-other-small-cleanups
News and other small cleanups
2016-05-07 18:40:57 +02:00
Evgeny Vereshchagin
5ab42bc85a Merge pull request #3191 from poettering/cgroups-agent-dgram
core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification
2016-05-07 19:17:44 +03:00
Zbigniew Jędrzejewski-Szmek
8951eaec50 NEWS: machinectl and loginctl also support --value 2016-05-07 11:43:39 -04:00
Zbigniew Jędrzejewski-Szmek
11690bcc50 systemctl: do not print header if no units will be listed
"0 units listed." is still printed.
2016-05-07 11:35:34 -04:00
Zbigniew Jędrzejewski-Szmek
0da999fada systemctl: rewrite code to explicitly take care of n_units==0 case
Coverity was complaing, but it was a false positive (CID #1354669).
Nevertheless, it's better to rewrite the code so that units is never
null.
2016-05-07 11:35:33 -04:00
Evgeny Vereshchagin
d2cc96a8e1 Merge pull request #3210 from evverx/expose-usec
core: expose TriggerLimitIntervalUSec, dump TriggerLimitIntervalSec and TriggerLimitBurst too
2016-05-07 17:21:29 +03:00
Lennart Poettering
021b450b5d Merge pull request #3212 from dmedri/master
Minor fixes and .po updates
2016-05-07 11:01:36 +02:00
Daniele Medri
030bd8397a NEWS: minor fixes 2016-05-07 05:00:12 +02:00
Daniele Medri
13581d151c italian: .po updates 2016-05-07 04:58:30 +02:00
Evgeny Vereshchagin
03ae6f7dee tests: add test for #3171 (#3206) 2016-05-06 23:05:59 +02:00
Evgeny Vereshchagin
1745fa70e7 core: dump TriggerLimitIntervalSec and TriggerLimitBurst too 2016-05-06 21:03:16 +00:00
Evgeny Vereshchagin
5d105c4a4f core: expose TriggerLimitIntervalUSec
Before:
$ systemctl show --property TriggerLimitIntervalSec test.socket
TriggerLimitIntervalSec=2000000

After:
$ systemctl show --property TriggerLimitIntervalUSec test.socket
TriggerLimitIntervalUSec=2s
2016-05-06 20:14:06 +00:00
Lennart Poettering
f76707da45 core: update the right mtime after finishing writing of transient units (#3203)
Fixes: #3194
2016-05-06 19:22:22 +03:00
Lennart Poettering
2ef322fc40 man: link the part about [DHCP] to the DHCP= explanation 2016-05-06 17:08:03 +02:00
Lennart Poettering
82ecb4c3ec man: move IPv6 note to the right section
Make the XML validate again.
2016-05-06 17:07:43 +02:00
Lennart Poettering
d05def163e networkd: move the IAID configuration option into the [DHCP] section
It's only relevant to DHCP, and it should be where the DUID is configured too.
2016-05-06 17:04:05 +02:00
Lennart Poettering
baa9ecc1ee systemctl: indentation fix 2016-05-06 16:58:01 +02:00
Lennart Poettering
e40a326cef NEWS: bring NEWS a bit up-to-date 2016-05-06 16:55:44 +02:00
Lennart Poettering
60d9771c59 core: rework how we flush incoming traffic when a socket unit goes down
Previously, we'd simply close and reopen the socket file descriptors. This is
problematic however, as we won't transition through the SOCKET_CHOWN state
then, and thus the file ownership won't be correct for the sockets.

Rework the flushing logic, and actually read any queued data from the sockets
for flushing, and accept any queued messages and disconnect them.
2016-05-06 13:29:26 +02:00
Lennart Poettering
01a8b46757 core: don't implicit open missing socket fds on daemon reload
Previously, when the daemon was reloaded and the configuration of a socket unit
file was changed so that a different set of socket ports was defined for the
socket we'd simply reopen the socket fds not yet open. This is problematic
however, as this means the SOCKET_CHOWN state is not run for them, and thus
their UID/GID is not corrected.

With this change, don't open the missing file descriptors, but log about this
issue, and ask the user to restart the socket explicit, to make sure all
missing fds are opened.

Fixes: #3171
2016-05-06 13:01:17 +02:00
Lennart Poettering
d24e561d96 core: split out selinux label retrieval logic into a function of its own
This should bring no behavioural change.
2016-05-06 12:16:58 +02:00
Lennart Poettering
b37bf74411 Merge pull request #3201 from ssahani/net-word
networkd lib: cleanup FOREACH_WORD
2016-05-06 11:57:12 +02:00
Susant Sahani
06976f5b2a networkd: route fix comment 2016-05-06 09:49:49 +05:30
Susant Sahani
93e2822684 networkd: cleanup FOREACH_WORD 2016-05-06 09:37:31 +05:30
Zbigniew Jędrzejewski-Szmek
b920500ef1 Merge pull request #3190 from poettering/logind-fixes 2016-05-05 20:28:23 -04:00
Evgeny Vereshchagin
43039e4f05 Merge pull request #3198 from poettering/trigger-timeout-defaults
change trigger timeout defaults
2016-05-06 02:11:11 +03:00
Lennart Poettering
64b5689647 logind: drop pointless UINT64_C() macro use 2016-05-05 22:50:09 +02:00
Lennart Poettering
c5a11ae268 logind: enforce a limit on inhibitors we hand out
For similar reasons as the recent addition of a limit on sessions.

Note that we don't enforce a limit on inhibitors per-user currently, but
there's an implicit one, since each inhibitor takes up one fd, and fds are
limited via RLIMIT_NOFILE, and the limit on the number of processes per user.
2016-05-05 22:50:09 +02:00
Lennart Poettering
6d97d3c648 logind: expose more configuration settings as bus properties 2016-05-05 22:50:09 +02:00
Lennart Poettering
91ab7b01f8 logind: don't include session lists in PropertyChanged messages
If we have a lot of simultaneous sessions we really shouldn't send the full
list of active sessions with each PropertyChanged message for user and seat
objects, as that can become quite substantial data, we probably shouldn't dump
on the bus on each login and logout.

Note that the global list of sessions doesn't send out changes like this
either, it only supports requesting the session list with ListSessions().

If cients want to get notified about sessions coming and going they should
subscribe to SessionNew and SessionRemoved signals, and clients generally do
that already.

This is kind of an API break, but then again the fact that this was included
was never documented.
2016-05-05 22:50:09 +02:00
Lennart Poettering
e11544a830 logind: process session/inhibitor fds at higher priority
Let's make sure we process session and inhibitor pipe fds (that signal
sessions/inhibtors going away) at a higher priority
than new bus calls that might create new sessions or inhibitors. This helps
ensuring that the number of open sessions stays minimal.
2016-05-05 22:50:09 +02:00
Lennart Poettering
89f193fac8 update TODO 2016-05-05 22:50:09 +02:00
Lennart Poettering
183e073842 logind: enforce a limit on current user sessions
We really should put limits on all resources we manage, hence add one to the
number of concurrent sessions, too. This was previously unbounded, hence set a
relatively high limit of 8K by default.

Note that most PAM setups will actually invoke pam_systemd prefixed with "-",
so that the return code of pam_systemd is ignored, and the login attempt
succeeds anyway. On systems like this the session will be created but is not
tracked by systemd.
2016-05-05 22:50:09 +02:00
Lennart Poettering
ed3902530e update TODO 2016-05-05 22:34:47 +02:00