1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Commit Graph

18563 Commits

Author SHA1 Message Date
Lennart Poettering
e624676dde update TODO 2014-12-29 20:18:04 +01:00
Lennart Poettering
c00a4c8f55 Revert "machined: don't force terminate registered machines"
This reverts commit 206e7a5f7b.

We actually want to allow shutting down containers that use
RegisterMachine() rather than CreateMachine() to register their own
unit. It should be safe to do so, since the primary usecase for
RegisterMachine() are container managers that run only a single
container within their own unit, such as systemd-nspawn.
2014-12-29 20:13:58 +01:00
Lennart Poettering
e5f5b5b9c9 machined: ignore spurious error 2014-12-29 19:08:50 +01:00
Lennart Poettering
814a3fdfdc nspawn: report back to systemd only very late whether we are OK
That way, systemd can actually figure out if everything is OK with
nspawn.
2014-12-29 17:54:33 +01:00
Lennart Poettering
f252d3fb2b preset: enable machines.target by default 2014-12-29 17:36:57 +01:00
Lennart Poettering
8ede9794fd Update TODO 2014-12-29 17:00:05 +01:00
Lennart Poettering
d8f52ed25a machinectl: add "enable" and "disable" verbs for enabling/disabling systemd-nspawn for containers
This is basically just a shortcut for "systemctl enable
systemd-nspawn@<foobar>.service", but does escaping.
2014-12-29 17:00:05 +01:00
Lennart Poettering
ebd011d95b machinectl: add new "start" verb to start a container as a service in nspawn 2014-12-29 17:00:05 +01:00
Lennart Poettering
6a140df004 units: rework systemd-nspawn@.service unit
- Unescape instance name so that we can take almost anything as instance
  name.

- Introduce "machines.target" which consists of all enabled nspawns and
  can be used to start/stop them altogether

- Look for container directory using -M instead of harcoding the path in
  /var/lib/container
2014-12-29 17:00:05 +01:00
Lennart Poettering
8fa844dccf units: make graphical.target dependencies more complete and similar to those of multi-user.target 2014-12-29 17:00:05 +01:00
David Herrmann
679bda6a73 bus-proxy: fix sd_bus_reply_*() usage
We *must* not use sd_bus_reply_*() as it does not set the sender field
correctly. Use the synthetic_reply_*() helpers instead!
2014-12-29 15:43:57 +01:00
David Herrmann
80b4378314 capability: use /proc/sys/kernel/cap_last_cap
This file was introduced with linux-3.2, use it instead of probing for it
via prctl(PR_CAPBSET_READ).

For now, keep the old code for backwards compat. We can drop it once 3.2
is our lowest requirement.

The test-cap-list code is extended to verify cap_last_cap() is the same as
we'd get via prctl probing and /proc.
2014-12-29 14:05:38 +01:00
Tom Gundersen
2f0af4e120 core: loopback - correctly fail the loopback_check if somehow the rtnl calls fail 2014-12-29 13:07:03 +01:00
David Herrmann
315a73d97f bus: fix typo
Drop spurious 'we'.
2014-12-29 12:55:28 +01:00
Tom Gundersen
09773ef446 rtnl: recv_message - don't enforce sender uid
All we care about is that the kernel (pid==0) sent the message. Verifying the sender uid
seems to break when using userns.

Reported by Stéphane Graber.
2014-12-29 02:20:04 +01:00
Tom Gundersen
2da780b976 test: loopback - parse logging env var 2014-12-29 01:59:49 +01:00
Tom Gundersen
b551ddd380 sd-rtnl: rtnl_call - don't dispatch wqueue after timeout has passed
Only a minor change as the timeout would be hit soon thereafetr at the next loop.
2014-12-29 01:59:49 +01:00
Tom Gundersen
f55dc7c96e sd-rtnl: rtnl_poll - fix typo
This caused rtnl_poll to always return true immediately in sd_rtnl_call().
2014-12-29 01:59:49 +01:00
Tom Gundersen
c7460cce79 sd-rtnl: recv_message - drop message when peeking fails
Read the message form the socket or we will loop trying to read the
same message repeatedly.
2014-12-29 01:59:49 +01:00
Tom Gundersen
0b2bbbdf2f sd-rtnl: recv_message - don't fail on interrupt
We should just try again instead.
2014-12-29 01:59:49 +01:00
Tom Gundersen
2263bb9a92 sd-rtnl: recv_message - log when dropping message
We drop messages received from the wrong uid/pid, log this at debug level.
2014-12-29 00:19:36 +01:00
Tom Gundersen
e95e909d82 core: loopback - simplify check_loopback()
We no longer configure the addresses on the loopback interface, but simply bring it up
and let the kernel do the rest. Also change the check to only check if the interface
is up, rather than checking for the IPv4 loopback address.
2014-12-28 15:58:27 +01:00
Sylvain Plantefève
94b5088c8d machined: Fix MarkReadOnly method's name on bus 2014-12-28 13:05:08 +01:00
Sylvain Plantefève
1517ab5d18 libsystemd: Fix minor typo in comment 2014-12-28 13:04:46 +01:00
Lennart Poettering
1ddb263d21 machined: don't look for images on each property get, but cache the image object inbetween 2014-12-28 02:44:37 +01:00
Lennart Poettering
3b9c7d955d update TODO 2014-12-28 02:08:40 +01:00
Lennart Poettering
f02ca52281 util: treat -1 as special size in format_bytes() 2014-12-28 02:08:40 +01:00
Lennart Poettering
b6b1849830 machined: add support for reporting image size via btrfs quota 2014-12-28 02:08:40 +01:00
Lennart Poettering
814f000872 tmpfiles.d: upgrade a couple of directories we create at boot to subvolumes
In particular we upgrade /var/lib/container, /var/tmp and /tmp to
subvolumes.
2014-12-28 02:08:40 +01:00
Lennart Poettering
d7b8eec7dc tmpfiles: add new line type 'v' for creating btrfs subvolumes 2014-12-28 02:08:40 +01:00
Lennart Poettering
ebd93cb684 machinectl/machined: implement "rename", "clone", "read-only" verbs for machine images 2014-12-28 02:08:40 +01:00
Lennart Poettering
086821244b machined: add "machinectl remove" for removing images 2014-12-28 02:08:40 +01:00
Lennart Poettering
1b9cebf638 nspawn: use the same image discovery logic in nspawn as in machined 2014-12-28 02:08:40 +01:00
Lennart Poettering
003dffde2c machined: Move image discovery logic into src/shared, so that we can make use of it from nspawn 2014-12-28 02:08:40 +01:00
Stéphane Graber
58a489c2b3 Fix check_loopback()
Add missing htonl() so that check_loopback() actually tests for 127.0.0.1
instead of 1.0.0.127 on little-endian machines.
2014-12-27 19:17:39 +01:00
Lennart Poettering
01c51934cb loginctl: reindent --help text 2014-12-26 20:12:40 +01:00
Lennart Poettering
2520f939ba loginctl: add more --help sections 2014-12-26 20:12:40 +01:00
Lennart Poettering
fefdc04b38 machinectl: add status commands 2014-12-26 20:12:40 +01:00
Lennart Poettering
27c88c4e23 machined: fix search patch magic for '.host' image 2014-12-26 20:05:11 +01:00
Lennart Poettering
08ff5529df machined: make image read-only check indepenednt on own privs 2014-12-26 19:36:25 +01:00
Lennart Poettering
8937e7b689 machinectl: mark read-only images when listing in red 2014-12-26 19:33:15 +01:00
Lennart Poettering
679829e4aa update TODO 2014-12-26 19:33:15 +01:00
Lennart Poettering
087682d103 import: make image root directory configurable, instead of hardcoding /var/lib/container 2014-12-26 19:33:15 +01:00
Lennart Poettering
5fc7f35842 machined: when discovering images, implicitly add ".host" as pseudo image referring to the host's own directory tree 2014-12-26 19:33:15 +01:00
Lennart Poettering
a67a4c8cb7 machined: fix image search path iteration 2014-12-26 19:33:15 +01:00
Lennart Poettering
42c6f2c9b2 machined: let's also check machine directories in /usr and /usr/local 2014-12-26 19:33:15 +01:00
Lennart Poettering
f0be89eee9 import: properly remove pre-existing images if --force is used 2014-12-26 19:33:15 +01:00
Lennart Poettering
8620a9a323 import: beef up gpt importer to optionally make writable copy of read-only vendor image 2014-12-26 19:21:58 +01:00
Lennart Poettering
e9d7333468 import: minor improvements to dkr importer 2014-12-26 19:21:58 +01:00
Lennart Poettering
2c39ea529b util: always override crtime xattr 2014-12-26 19:21:58 +01:00