1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

39466 Commits

Author SHA1 Message Date
Yu Watanabe
0ef830cf54 test-network: merge tests for [Route] section 2019-03-30 02:27:22 +09:00
Yu Watanabe
a15ff207df test-network: use wait_online() in test_sysctl_disable_ipv6() 2019-03-30 02:27:22 +09:00
Yu Watanabe
ba1e0d0612 test-network: use wait_online() in test_sysctl()
This also disables IPv6AcceptRA= to speed up the test.
2019-03-30 02:27:22 +09:00
Yu Watanabe
2dcfcc08d9 test-network: use wait_online() in test_link_local_addressing()
This also disables IPv6AcceptRA= to speed up the test.
2019-03-30 02:27:22 +09:00
Yu Watanabe
d06f30fc73 test-network: fix addr_gen_mode
If stable_secret is set, then networkd sets addr_gen_mode 2.
2019-03-30 02:27:22 +09:00
Yu Watanabe
c2990ec39a test-network: move tests related to bonding 2019-03-30 02:27:22 +09:00
Yu Watanabe
b810272594 test-network: merge tests about static addresses
And use wait_online()
2019-03-30 02:27:22 +09:00
Yu Watanabe
5aa58329d8 test-network: add wait_online() helper function 2019-03-30 02:27:16 +09:00
Zbigniew Jędrzejewski-Szmek
fc23e06baa
Merge pull request #12138 from poettering/doc-ip-allow-src-dst
man: expand IPAddressAllow= docs a bit
2019-03-29 16:44:48 +01:00
Lennart Poettering
8c73ed754a update TODO 2019-03-29 16:17:55 +01:00
Lennart Poettering
ef81ce6e80 man: clarify which addresses are affected by IPAddressAllow=/IPAddressDeny=
For ingress traffic it's the source address of IP packets we check, for
egress traffic it's the destination address. Mention that.
2019-03-29 16:17:55 +01:00
Piotr Drąg
276cf52fc0 po: update Polish translation 2019-03-29 15:25:07 +01:00
Zbigniew Jędrzejewski-Szmek
6ea07d4fb4
Merge pull request #12140 from poettering/copy-early
chattr/copy.c fixes
2019-03-29 15:02:50 +01:00
Zbigniew Jędrzejewski-Szmek
983616735e
Merge pull request #12137 from poettering/socket-var-run
warn about sockets in /var/run/ too
2019-03-29 15:00:25 +01:00
Zbigniew Jędrzejewski-Szmek
2818ddc8f4
Merge pull request #12133 from poettering/rseq-whitelist
whitelist rseq() system call in `@default` syscall group
2019-03-29 14:59:00 +01:00
Lennart Poettering
196f306795 analyze: check both possible mount points of tracefs
Let's try the new one first, the old one second.
2019-03-29 14:57:37 +01:00
Lennart Poettering
bd169c2be0 fsck: copy out device argument from argv[] before forking
We nowadays rename our child processes, hence argv[] will be clobbered,
let's hence copy the device path to dynamic memory before forking.

This is fall-out from 60ffa37a65 since we
now a lot more often end up overriding the argv[] buffer than before,
simple because we know what to override.

These kind of bugs kinda suck. THere are only two options here: stop
overriding argv[] for all cases (or just these cases) or explicitly
copying out everything we need in child processes before forking. With
this patch I opt for the latter, though I am not 100% convinced this is
a great solution. Just a better solution than everything else, i.e.
allowing argv[] to remain out of sync with what others see.

Fixes: #12135
2019-03-29 08:18:25 +01:00
Jörg Thalheim
7232c1f9da wireguard: fix exponential backoff when resolving hosts
It should stop at 25s, not start.
Fixes #12134
2019-03-28 20:00:19 +01:00
Zbigniew Jędrzejewski-Szmek
f2dc22b447 headers: add missing includes
Fixes #12125.
2019-03-28 19:59:56 +01:00
Lennart Poettering
b8a736d7a0 sd-bus: change "int" → "signed int" on bitfield
Apparently by the C standard "int" bitfields can have any signedness
(unlike non-bitfield declarations which are "signed" if the signedness
is not specified).

Let's fix the LGTM warning about this hence and be explicit that we mean
"signed" here.
2019-03-28 19:07:51 +01:00
Lennart Poettering
d629ba7045 tmpfiles: move full chattr flag set to chattr-util.h
It's a pretty generic concept and fits will there, hence let's move it.
2019-03-28 18:43:05 +01:00
Lennart Poettering
70d8401d74 update NEWS 2019-03-28 18:43:04 +01:00
Lennart Poettering
e19ba205ab update TODO 2019-03-28 18:43:04 +01:00
Lennart Poettering
75006470ce tmpfiles: support the FS_PROJINHERIT_FL chattr flag 2019-03-28 18:43:04 +01:00
Lennart Poettering
8a016c746e util-lib: when copying files make sure to apply some chattrs early, some late
Some chattrs only work sensible if you set them right after opening a
file for create (think: FS_NOCOW_FL). Others only work when they are
applied when the file is fully written (think: FS_IMMUTABLE_FL). Let's
take that into account when copying files and applying a chattr to them.
2019-03-28 18:43:04 +01:00
Lennart Poettering
c3272fd4df missing: add FS_PROJINHERIT_FL
It's available since kernel 4.5, but not in older kernels.
2019-03-28 18:43:04 +01:00
Lennart Poettering
da3d198563 update TODO 2019-03-28 17:00:46 +01:00
Lennart Poettering
4a66b5c9bf core: complain and correct /var/run/ → /run/ for listening sockets
We already do that for PIDFile= paths, and for tmpfiles.d/ snippets,
let's also do this for .socket paths.
2019-03-28 16:59:57 +01:00
Lennart Poettering
7d2c9c6b50 load-fragment: use TAKE_PTR() where we can 2019-03-28 16:46:27 +01:00
Michal Sekletar
48da47eeca cryptsetup-generator: set high OOM score for systemd-cryptsetup instances
With new LUKS2 header format it is possible to use Argon2 key derivation
function. This function is "memory-hard" hence keyslot unlocking can
potentially use a lot of RAM as this increases resistance to massively
parallel GPU based password cracking.

However, when multiple systemd-cryptsetup binaries run at the same
time it is very likely that system using Argon2 (e.g. Fedora 30)
will encounter memory-pressure during early boot, following OOM killing
spree.

This patch aims to lower the damage done by OOM killer and sets OOMScore
for systemd-cryptsetup units to 500. Hopefully OOM killer will then
shoot us down and leave rest of the system services alone.
2019-03-28 15:52:41 +01:00
Lennart Poettering
e8413b651b
Merge pull request #12130 from keszybz/fix-ndebug-builds
Fix ndebug builds
2019-03-28 15:52:27 +01:00
Lennart Poettering
d84520e9d9 update TODO 2019-03-28 12:09:38 +01:00
Lennart Poettering
6fee3be0b4 seccomp: add rseq() to default list of syscalls to whitelist
Apparently glibc is going to call this implicitly soon, hence let's
whitelist this by default.

Fixes: #12127
2019-03-28 12:09:38 +01:00
Lennart Poettering
acd142af79 core: break overly long line 2019-03-28 12:09:38 +01:00
Lennart Poettering
2f6b9110fc core: parse '@default' seccomp group permissively
We are about to add system calls (rseq()) not available on old
libseccomp/old kernels, and hence we need to be permissive when parsing
our definitions.
2019-03-28 12:09:38 +01:00
Zbigniew Jędrzejewski-Szmek
c6335c3b51
Merge pull request #12115 from poettering/verbose-job-enqueue
add "systemctl --show-transaction start" as a more verbose "systemctl start" that shows enqueued jobs
2019-03-28 11:04:26 +01:00
Zbigniew Jędrzejewski-Szmek
a73f621384 meson: disable warnings about unused variables for NDEBUG builds
With assertions disabled, we'd get a bunch of warnings that really bring no
value. With this change, a default meson build with -Db_ndebug=true generates
no warnings.
2019-03-28 09:45:19 +01:00
Zbigniew Jędrzejewski-Szmek
ee36fed438 core: avoid unnecessary cast 2019-03-28 09:45:19 +01:00
Zbigniew Jędrzejewski-Szmek
3b1e405f36 test-terminal-util: fix sigsegv when compiled without asserts
I couldn't figure out what is going on here, because LTO inlines everything and
then the backtrace reported a different spot. But when compiled with NDEBUG but
no LTO, it's fairly obvious ;)

C.f. #12008.
2019-03-28 09:45:19 +01:00
Zbigniew Jędrzejewski-Szmek
10c353e1c5 Remove variable only used for an assert
When compiled with -DNDEBUG, we get warnings about set-but-unused variables.
In general, it's not something we care about, but since removing those
variables arguably makes the code nicer, let's just to it in this case.
2019-03-28 09:03:06 +01:00
Zbigniew Jędrzejewski-Szmek
4e494d17db test-terminal-util: add function logging 2019-03-28 09:03:06 +01:00
Lennart Poettering
0a6991e0bb tree-wide: reorder various structures to make them smaller and use fewer cache lines
Some "pahole" spelunking.
2019-03-27 18:11:11 +01:00
Lennart Poettering
6990fb6bc6 tree-wide: (void)ify a few unlink() and rmdir()
Let's be helpful to static analyzers which care about whether we
knowingly ignore return values. We do in these cases, since they are
usually part of error paths.
2019-03-27 18:09:56 +01:00
Lennart Poettering
36dbf97170
Merge pull request #12119 from keszybz/voidify-mkdir-p
Voidify mkdir_p() and normalize util.h includes
2019-03-27 15:05:51 +01:00
Lennart Poettering
93ba507d66
Merge pull request #12113 from poettering/terminal-util-fixlets
tiny terminal-util.c fixlets
2019-03-27 14:15:59 +01:00
Zbigniew Jędrzejewski-Szmek
65aeb9d4ab man: clarify the role of OnBootSec= in containers
https://github.com/systemd/systemd/pull/12104#pullrequestreview-218627236
2019-03-27 14:03:37 +01:00
Zbigniew Jędrzejewski-Szmek
330b8fb379 journalctl: voidify mkdir_p() call and unify two similar code paths
Let's unify the two similar code paths to watch /run/systemd/journal.
The code in manager.c is similar, but it uses mkdir_p_label(), and unifying
that would be too much trouble, so let's just adjust the error messages to
be the same.

CID #1400224.
2019-03-27 13:01:44 +01:00
Lennart Poettering
1fd4c4edce terminal-util: add paranoid overflow check 2019-03-27 12:43:34 +01:00
Lennart Poettering
f171decd3f terminal-util: modernize things with TAKE_PTR a bit 2019-03-27 12:43:34 +01:00
Lennart Poettering
df4a7cb732 man: document the new systemctl --show-transaction option 2019-03-27 12:37:37 +01:00