1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Commit Graph

1949 Commits

Author SHA1 Message Date
David Herrmann
e06cc7b074 terminal: add xkb-based keyboard devices to idev
The idev-keyboard object provides keyboard devices to the idev interface.
It uses libxkbcommon to provide proper keymap support.

So far, the keyboard implementation is pretty straightforward with one
keyboard device per matching evdev element. We feed everything into the
system keymap and provide proper high-level keyboard events to the
application. Compose-features and IM need to be added later.
2014-08-27 18:42:28 +02:00
David Herrmann
c93e5a62ff terminal: add evdev elements to idev
The evdev-element provides linux evdev interfaces as idev-elements. This
way, all real input hardware devices on linux can be used with the idev
interface.

We use libevdev to interface with the kernel. It's a simple wrapper
library around the kernel evdev API that takes care to resync devices
after kernel-queue overflows, which is a rather non-trivial task.
Furthermore, it's a well tested interface used by all other major input
users (Xorg, weston, libinput, ...).
Last but not least, it provides nice keycode to keyname lookup tables (and
vice versa), which is really nice for debugging input problems.
2014-08-27 18:42:28 +02:00
David Herrmann
e202fa31fb terminal: add input interface
The idev-interface provides input drivers for all libsystemd-terminal
based applications. It is split into 4 main objects:
    idev_context: The context object tracks global state of the input
                  interface. This will include data like system-keymaps,
                  xkb contexts and more.
    idev_session: A session serves as controller for a set of devices.
                  Each session on an idev-context is independent of each
                  other. The session is also the main notification object.
                  All events raised via idev are reported through the
                  session interface. Apart of that, the session is a
                  pretty dumb object that just contains devices.
    idev_element: Elements provide real hardware in the idev stack. For
                  each hardware device, one element is added. Elements
                  have no knowledge of higher-level device types, they
                  only provide raw input data to the upper levels. For
                  example, each evdev device is represented by a different
                  element in an idev session.
     idev_device: Devices are objects that the application deals with. An
                  application is usually not interested in elements (and
                  those are hidden to applications), instead, they want
                  high-level input devices like keyboard, touchpads, mice
                  and more. Device are the high-level interface provided
                  by idev. Each device might be fed by a set of elements.
                  Elements drive the device. If elements are removed,
                  devices are destroyed. If elements are added, suitable
                  devices are created.

Applications should monitor the system for sessions and hardware devices.
For each session they want to operate on, they create an idev_session
object and add hardware to that object. The idev interface requires the
application to monitor the system (preferably via sysview_*, but not
required) for hardware devices. Whenever hardware is added to the idev
session, new devices *might* be created. The relationship between hardware
and high-level idev-devices is hidden in the idev-session and not exposed.

Internally, the idev elements and devices are virtual objects. Each real
hardware and device type inherits those virtual objects and provides real
elements and devices. Those types will be added in follow-up commits.

Data flow from hardware to the application is done via idev_*_feed()
functions. Data flow from applications to hardware is done via
idev_*_feedback() functions. Feedback is usually used for LEDs, FF and
similar operations.
2014-08-27 18:42:28 +02:00
David Herrmann
7ed3a638b2 terminal: add system view interface
We're going to need multiple binaries that provide session-services via
logind device management. To avoid re-writing the seat/session/device
scan/monitor interface for each of them, this commit adds a generic helper
to libsystemd-terminal:

The sysview interface scans and tracks seats, sessions and devices on a
system. It basically mirrors the state of logind on the application side.
Now, each session-service can listen for matching sessions and
attach to them. On each session, managed device access is provided. This
way, it is pretty simple to write session-services that attach to multiple
sessions (even split across seats).
2014-08-27 18:42:28 +02:00
Tom Gundersen
aeb50ff0bd tmpfiles: make resolv.conf entry conditional on resolved support 2014-08-27 18:17:16 +02:00
Ivan Shapovalov
d2c68822c4 hibernate-resume-generator: add a generator for instantiating the resume unit.
hibernate-resume-generator understands resume= kernel command line parameter
and instantiates the systemd-resume@.service accordingly if it is passed.

This enables resume from hibernation using device specified on the kernel
command line, and it may be specified either as "/dev/disk/by-foo/bar"
or "FOO=bar", not only "/dev/sdXY" which is understood by the in-kernel
implementation.

So now resume= is brought on par with root= in terms of possible ways to
specify a device.
2014-08-26 22:19:56 +02:00
Ivan Shapovalov
42483a7474 hibernate-resume: add a tool to write a device node's major:minor to /sys/power/resume.
This can be used to initiate a resume from hibernation by path to a swap
device containing the hibernation image.

The respective templated unit is also added. It is instantiated using
path to the desired resume device.
2014-08-26 22:19:54 +02:00
Lennart Poettering
2928b0a863 core: add support for a configurable system-wide start-up timeout
When this system-wide start-up timeout is hit we execute one of the
failure actions already implemented for services that fail.

This should not only be useful on embedded devices, but also on laptops
which have the power-button reachable when the lid is closed. This
devices, when in a backpack might get powered on by accident due to the
easily reachable power button. We want to make sure that the system
turns itself off if it starts up due this after a while.

When the system manages to fully start-up logind will suspend the
machine by default if the lid is closed. However, in some cases we don't
even get as far as logind, and the boot hangs much earlier, for example
because we ask for a LUKS password that nobody ever enters.

Yeah, this is a real-life problem on my Yoga 13, which has one of those
easily accessible power buttons, even if the device is closed.
2014-08-22 18:10:31 +02:00
Lennart Poettering
d5a169aaee build-sys: update versions for upcoming release 2014-08-19 22:45:53 +02:00
Lennart Poettering
8530dc4467 tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from
This way we can guarantee a limited amount of compatibility with
login.defs, by generate an appopriate "r" line out of it, on package
installation.
2014-08-19 19:06:39 +02:00
Ronny Chevalier
b08f2be60a tests: add test-condition-util 2014-08-18 18:43:58 +02:00
Daniel Mack
43bde981cc memfd: move code from public library to src/shared
Don't expose generic kernel API via libsystemd, but keep the code internal
for our own usage.
2014-08-18 12:37:20 +02:00
Daniel Mack
93bd9b2ecf Makefile.am: test-bus-memfd went away. Kill its residues in Makefile.am 2014-08-18 12:37:19 +02:00
Daniel Mack
a6082d778e kdbus: switch over to generic memfd implementation (ABI+API break) 2014-08-17 21:47:00 +02:00
Lennart Poettering
51323288fc resolved: allow passing on which protocol, family and interface to look something up
Also, return on which protocol/family/interface we found something.
2014-08-14 01:01:43 +02:00
Umut Tezduyar Lindskog
12e34d9d58 ldconfig: add configure option to disable 2014-08-14 01:01:43 +02:00
Tom Gundersen
3c9b886068 networkd: link - split out dhcp4 handling 2014-08-12 20:42:59 +02:00
Tom Gundersen
b22d8a00f4 networkd: link - split out ipv4ll handling 2014-08-12 20:42:59 +02:00
Tom Gundersen
0b1831c20c networkd: split out networkd-link.h 2014-08-12 20:42:59 +02:00
Lennart Poettering
84e51726a3 timesyncd: split up into multiple source file
The source file got much too large, hence split up the sources into
multiple per-object files, similar in style to resolved.
2014-08-12 16:58:56 +02:00
Lennart Poettering
91d3efeddd networkd: fix build 2014-08-12 02:33:37 +02:00
Lennart Poettering
a903fd34c0 sd-network: move sd-network API into libsystemd proper
In contrast to the DHCP/IPv4LL/ICMP6 APIs sd-network is not a protocol
implementation but a client API for networkd, hence move it into
libsystemd proper.
2014-08-12 02:12:05 +02:00
Lennart Poettering
ee8c456895 networkd: add minimal client tool "networkd" to query network status
In the long run this should become a full fledged client to networkd
(but not before networkd learns bus support). For now, just pull
interesting data out of networkd, udev, and rtnl and present it to the
user, in a simple but useful output.
2014-08-12 01:54:40 +02:00
Zbigniew Jędrzejewski-Szmek
de292aa1dd resolve-host: make arg_type an int
We are using it also to store _DNS_TYPE_INVALID, so it should be signed.
2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek
7263f72499 resolve: add more record types and convert to gperf table
We are unlikely to evert support most of them, but we can at least
display the types properly.

The list is taken from the IANA list.

The table of number->name mappings is converted to a switch
statement. gcc does a nice job of optimizing lookup (when optimization
is enabled).

systemd-resolve-host -t is now case insensitive.
2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek
fd00a08821 build-sys: use a common rule for some gperf commands 2014-08-03 21:46:08 -04:00
Lennart Poettering
39d8db043b resolved: rename resolved.h to resolved-manager.h
After all it pretty much exlcusively containers definitions about the
"Manager" object, hence let's call this the most obvious way.
2014-08-01 16:14:59 +02:00
Lennart Poettering
4e945a6f79 resolved: beef up DNS server configuration logic
We now maintain two lists of DNS servers: system servers and fallback
servers.

system servers are used in combination with any per-link servers.

fallback servers are only used if there are no system servers or
per-link servers configured.

The system server list is supposed to be populated from a foreign tool's
/etc/resolv.conf (not implemented yet).

Also adds a configuration switch for LLMNR, that allows configuring
whether LLMNR shall be used simply for resolving or also for responding.
2014-08-01 16:06:39 +02:00
Lennart Poettering
bdf10b5b4d resolved: handle IDNA domains
Make sure we format UTF-8 labels as IDNA when writing them to DNS
packets, and as native UTF-8 when writing them to mDNS or LLMNR packets.

When comparing or processing labels always consider native UTF-8 and
IDNA formats equivalent.
2014-08-01 00:58:12 +02:00
Lennart Poettering
ec2c5e4398 resolved: implement LLMNR uniqueness verification 2014-07-31 17:47:19 +02:00
Zbigniew Jędrzejewski-Szmek
0dae31d468 resolved: LOC records
LOC records have a version field. So far only version 0 has been
published, but if a record with a different version was encountered,
our only recourse is to treat it as an unknown type. This is
implemented with the 'unparseable' flag, which causes the
serialization/deserialization and printing function to cause the
record as a blob. The flag can be used if other packet types cannot be
parsed for whatever reason.
2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek
a489205405 sysusers: split users for remote into separate file
This mirrors the setup for tmpfiles.d done in ad95fd1d2b.
2014-07-31 08:56:03 -04:00
Lennart Poettering
2d4c5cbc0e resolved: add API for resolving specific RRs 2014-07-30 19:24:13 +02:00
Zbigniew Jędrzejewski-Szmek
bdef7319e4 resolved: add tool to query resolved 2014-07-30 16:47:21 +02:00
Lennart Poettering
623a4c97b9 resolve: add llmnr responder side for UDP and TCP
Name defending is still missing.
2014-07-29 20:57:58 +02:00
Kay Sievers
f22bbd11db build-sys: add missing files for distcheck 2014-07-29 17:54:57 +02:00
Kay Sievers
ab6efe71f3 test: test_tables - fix missing symbols when --gc-sections are not available 2014-07-29 17:10:16 +02:00
Kay Sievers
94a15ffa14 factory: install minimal PAM and nsswitch config 2014-07-29 16:58:18 +02:00
Kay Sievers
51f1ec3bbe build-sys: remove systemd-coredumpctl symlink 2014-07-29 15:20:42 +02:00
Lennart Poettering
faa133f3aa resolved: rework logic so that we can share transactions between queries of different clients 2014-07-23 02:00:40 +02:00
Zbigniew Jędrzejewski-Szmek
2c12a402cb shell-completion: systemd-analyze verify, systemctl link
Some zsh completion helpers were not installed, so completion
was broken.

Add systemd-analyze verify. Make systemctl link complete only
unit names.
2014-07-21 22:33:51 -04:00
Zbigniew Jędrzejewski-Szmek
1d3bc0177a Merge systemd-verify with systemd-analyze 2014-07-21 21:42:28 -04:00
Zbigniew Jędrzejewski-Szmek
7dbb1d08f6 update-done: set proper selinux context for .updated
https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-21 20:57:39 -04:00
Zbigniew Jędrzejewski-Szmek
8b835fccda systemd-verify: a simple tool for offline unit verification
This tool will warn about misspelt directives, unknown sections, and
non-executable commands. It will also catch the common mistake of
using Accept=yes with a non-template unit and vice versa.

https://bugs.freedesktop.org/show_bug.cgi?id=56607
2014-07-20 19:48:16 -04:00
Zbigniew Jędrzejewski-Szmek
8328d8c633 test-cgroup-mask: fix masks in test and enable by default
Commit 637f421e5c ("cgroups: always propagate controller membership
to siblings") changed the mask propagation logic, but the test wasn't
updated.

Move to normal tests from manual tests, it should not touch the system
anymore.
2014-07-20 19:48:16 -04:00
Zbigniew Jędrzejewski-Szmek
0d8c31ff72 test-engine: fix access to unit load path
Also add a bit of debugging output to help diagnose problems,
add missing units, and simplify cppflags.

Move test-engine to normal tests from manual tests, it should now
work without destroying the system.
2014-07-20 19:48:16 -04:00
Michael Olbrich
e9b11a8457 install: systemd-timesyncd.service is enabled by sysinit.target
systemd-timesyncd.service has a "WantedBy=sysinit.target" so the
initially generated link should match that.
2014-07-19 17:32:28 -04:00
Zbigniew Jędrzejewski-Szmek
3fb97a58fa Nuke update-kbd-map
Our version has evolved independently of the original table
in systemd-config-keyboard, so it cannot be ever regenerated from
original upstream. Remove script to avoid confusion.
2014-07-18 21:44:59 -04:00
Zbigniew Jędrzejewski-Szmek
e091457e82 Makefile.am: tweaks to python commands 2014-07-18 21:44:58 -04:00
David Herrmann
86db5dfb6d terminal: add unifont font-handling
The unifont layer of libsystemd-terminal provides a fallback font for
situations where no system-fonts are available, or if you don't want to
deal with traditional font-formats for some reasons.

The unifont API mmaps a pre-compiled bitmap font that was generated out of
GNU-Unifont font-data. This guarantees, that all users of the font will
share the pages in memory. Furthermore, the layout of the binary file
allows accessing glyph data in O(1) without pre-rendering glyphs etc. That
is, the OS can skip loading pages for glyphs that we never access.

Note that this is currently a test-run and we want to include the binary
file in the GNU-Unifont package. However, until it was considered stable
and accepted by the maintainers, we will ship it as part of systemd. So
far it's only enabled with the experimental --enable-terminal, anyway.
2014-07-18 17:45:33 +02:00
David Herrmann
545149a2fc terminal: only build if --enable-terminal was specified
Whoopsy, I totally forgot adding the "if ENABLE_TERMINAL" markers. Do that
now that we know it builds fine everywhere.
2014-07-18 17:45:33 +02:00
David Herrmann
5ab887e98d terminal: add systemd-subterm example
The systemd-subterm example is a stacked terminal that shows how to
use sd-term. Instead of rendering images and displaying it via X11/etc.,
it uses its parent terminal to display the page (terminal-emulator inside
a terminal-emulator) (like GNU-screen and friends do).

This is only for testing and not installed system-wide!
2014-07-18 12:53:41 +02:00
David Herrmann
e432f9e8f9 terminal: add screen-handling
The screen-layer represents the terminal-side (compared to the host-side).
It connects term_parser with term_page and implements all the required
control sequences.

We do not implement all available control sequences. Even though our
parser recognizes them, there is no need to handle them. Most of them are
legacy or unused. We try to be as compatible to xterm, so if we missed
something, we can implement it later. However, all the VT510 / VT440 stuff
can safely be skipped (who needs terminal macros? WTF?).

The keyboard-handling is still missing. It will be added once
systemd-console is available and we pulled in the key-definitions.
2014-07-18 12:53:41 +02:00
David Herrmann
1c9633d669 terminal: add parser state-machine
The term-parser is used to parse any input from TTY-clients. It reads CSI,
DCS, OSC and ST control sequences and normal escape sequences. It doesn't
do anything with the parsed data besides detecting the sequence and
returning it. The caller has to react to them.

The parser also comes with its own UTF-8 helpers. The reason for that is
that we don't want to assert() or hard-fail on parsing errors. Instead,
we treat any invalid UTF-8 sequences as ISO-8859-1. This allows pasting
invalid data into a terminal (which cannot be controlled through the TTY,
anyway) and we still deal with it in a proper manner.
This is _required_ for 8-bit and 7-bit DEC modes (including the g0-g3
mappings), so it's not just an ugly fallback because we can (it's still
horribly ugly but at least we have an excuse).
2014-07-18 12:53:41 +02:00
Thomas Hindoe Paaboel Andersen
0204152684 test-tables: fix build-scan 2014-07-17 23:54:12 +02:00
Tom Gundersen
7de12ae764 networkd-wait-online: track links
Rather than refetching the link information on ever event, we liston to
rtnl to track them. Much code stolen from resolved.

This will allow us to simplify the sd-network api and don't expose
information available over rtnl.
2014-07-17 22:53:35 +02:00
Lennart Poettering
322345fdb9 resolved: add DNS cache 2014-07-17 19:39:50 +02:00
David Herrmann
84da4a3022 ui/term: add line/cell/char handling for terminal pages
This commit introduces libsystemd-ui, a systemd-internal helper library
that will contain all the UI related functionality. It is going to be used
by systemd-welcomed, systemd-consoled, systemd-greeter and systemd-er.
Further use-cases may follow.

For now, this commit only adds terminal-page handling based on lines only.
Follow-up commits will add more functionality.
2014-07-17 11:48:40 +02:00
David Herrmann
a47d1dfd08 shared: add PTY helper
This Pty API wraps the ugliness that is POSIX PTY. It takes care of:
  - edge-triggered HUP handling (avoid heavy CPU-usage on vhangup)
  - HUP vs. input-queue draining (handle HUP _after_ draining the whole
    input queue)
  - SIGCHLD vs. HUP (HUP is no reliable way to catch PTY deaths, always
    use SIGCHLD. Otherwise, vhangup() and friends will break.)
  - Output queue buffering (async EPOLLOUT handling)
  - synchronous setup (via Barrier API)

At the same time, the PTY API does not execve(). It simply fork()s and
leaves everything else to the caller. Usually, they execve() but we
support other setups, too.

This will be needed by multiple UI binaries (systemd-console, systemd-er,
...) so it's placed in src/shared/. It's not strictly related to
libsystemd-terminal, so it's not included there.
2014-07-17 11:39:48 +02:00
David Herrmann
a2da110b78 nspawn: use Barrier API instead of eventfd-util
The Barrier-API simplifies cross-fork() synchronization a lot. Replace the
hard-coded eventfd-util implementation and drop it.

Compared to the old API, Barriers also handle exit() of the remote side as
abortion. This way, segfaults will not cause the parent to deadlock.

EINTR handling is currently ignored for any barrier-waits. This can easily
be added, but it isn't needed so far so I dropped it. EINTR handling in
general is ugly, anyway. You need to deal with pselect/ppoll/... variants
and make sure not to unblock signals at the wrong times. So genrally,
there's little use in adding it.
2014-07-17 11:34:25 +02:00
David Herrmann
279da1e3f9 shared: add generic IPC barrier
The "Barrier" object is a simple inter-process barrier implementation. It
allows placing synchronization points and waiting for the other side to
reach it. Additionally, it has an abortion-mechanism as second-layer
synchronization to send abortion-events asynchronously to the other side.

The API is usually used to synchronize processes during fork(). However,
it can be extended to pass state through execve() so you could synchronize
beyond execve().

Usually, it's used like this (error-handling replaced by assert() for
simplicity):

    Barrier b;

    r = barrier_init(&b);
    assert_se(r >= 0);

    pid = fork();
    assert_se(pid >= 0);
    if (pid == 0) {
            barrier_set_role(&b, BARRIER_CHILD);

            ...do child post-setup...
            if (CHILD_SETUP_FAILED)
                       exit(1);
            ...child setup done...

            barrier_place(&b);
            if (!barrier_sync(&b)) {
                    /* parent setup failed */
                    exit(1);
            }

            barrier_destroy(&b); /* redundant as execve() and exit() imply this */

            /* parent & child setup successful */
            execve(...);
    }

    barrier_set_role(&b, BARRIER_PARENT);

    ...do parent post-setup...
    if (PARENT_SETUP_FAILED) {
            barrier_abort(&b);          /* send abortion event */
            barrier_wait_abortion(&b);  /* wait for child to abort (exit() implies abortion) */
            barrier_destroy(&b);
           ...bail out...
    }
    ...parent setup done...

    barrier_place(&b);
    if (!barrier_sync(&b)) {
            ...child setup failed... ;
            barrier_destroy(&b);
            ...bail out...
    }

    barrier_destroy(&b);

    ...child setup successfull...

This is the most basic API. Using barrier_place() to place barriers and
barrier_sync() to perform a full synchronization between both processes.
barrier_abort() places an abortion barrier which superceeds any other
barriers, exit() (or barrier_destroy()) places an abortion-barrier that
queues behind existing barriers (thus *not* replacing existing barriers
unlike barrier_abort()).

This example uses hard-synchronization with wait_abortion(), sync() and
friends. These are all optional. Barriers are highly dynamic and can be
used for one-way synchronization or even no synchronization at all
(postponing it for later). The sync() call performs a full two-way
synchronization.

The API is documented and should be fairly self-explanatory. A test-suite
shows some special semantics regarding abortion, wait_next() and exit().

Internally, barriers use two eventfds and a pipe. The pipe is used to
detect exit()s of the remote side as eventfds do not allow that. The
eventfds are used to place barriers, one for each side. Barriers itself
are numbered, but the numbers are reused once both sides reached the same
barrier, thus you cannot address barriers by the index. Moreover, the
numbering is implicit and we only store a counter. This makes the
implementation itself very lightweight, which is probably negligible
considering that we need 3 FDs for a barrier..

Last but not least: This barrier implementation is quite heavy. It's
definitely not meant for fast IPC synchronization. However, it's very easy
to use. And given the *HUGE* overhead of fork(), the barrier-overhead
should be negligible.
2014-07-17 11:34:00 +02:00
Zbigniew Jędrzejewski-Szmek
86bbe5bfbc test-tables: add new entries
One missing string found.

A few things had to be moved around to make it possible to test them.
2014-07-16 19:00:03 -04:00
Michael Biebl
5c059d2ead build-sys: don't move libgudev to /lib
It depends on libgobject and libgmodule which are installed in /usr/lib.
2014-07-16 12:53:46 +02:00
Zbigniew Jędrzejewski-Szmek
29fc0ddcd7 journal-upload: add config file 2014-07-15 22:34:41 -04:00
Zbigniew Jędrzejewski-Szmek
9ff48d0982 journal-remote: rework fd and writer reference handling 2014-07-15 22:34:41 -04:00
Zbigniew Jędrzejewski-Szmek
ad95fd1d2b journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
Zbigniew Jędrzejewski-Szmek
eacbb4d33e journal-upload: use journal as the source 2014-07-15 22:23:48 -04:00
Zbigniew Jędrzejewski-Szmek
3d090cc6f3 journal-upload: a tool to push messages to systemd-journal-remote 2014-07-15 22:23:48 -04:00
Zbigniew Jędrzejewski-Szmek
1e4e7b71e1 Move network-related journal programs to src/journal-remote/
Directory src/journal has become one of the largest directories,
and since systemd-journal-gatewayd, systemd-journal-remote, and
forthcoming systemd-journal-upload are all closely related, create
a separate directory for them.
2014-07-15 22:23:47 -04:00
Kay Sievers
b7e6c03d3b resolved: add busname unit file 2014-07-16 04:12:03 +02:00
Kay Sievers
18641cb17e resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
Lennart Poettering
4d1cf1e229 resolved: add small NSS module that uses resolved to resolve DNS names 2014-07-16 03:31:30 +02:00
Lennart Poettering
74b2466e14 resolved: add a DNS client stub resolver
Let's turn resolved into a something truly useful: a fully asynchronous
DNS stub resolver that subscribes to network changes.

(More to come: caching, LLMNR, mDNS/DNS-SD, DNSSEC, IDN, NSS module)
2014-07-16 00:31:38 +02:00
Zbigniew Jędrzejewski-Szmek
c0a67aef31 shell-completion: restore completion for -p
It was broken since systemd was moved out of /bin.

For zsh it was never there.
2014-07-15 10:06:12 -04:00
Tom Gundersen
3be1d7e0c5 networkd: netdev - introduce vtable for netdev kinds
Split each netdev kind into its own .h/.c.
2014-07-14 16:49:41 +02:00
Tom Gundersen
6235b3def8 networkd: netdev - split out bridge creation 2014-07-14 16:47:04 +02:00
Jon Severinsson
3864c28549 build-sys: Do not distribute generated emergency.service
It is already in nodist_systemunit_DATA and if it is
shipped, it contains the hardcoded path to systemctl
which will cause it to fail to start when
rootprefix != prefix and rootbindir != bindir.
2014-07-11 16:10:53 -04:00
Mike Gilbert
3ce1424909 Revert "build-sys: include PolicyKit files as part of distribution"
This reverts commit 0c26bfc3d2.

src/core/org.freedesktop.systemd1.policy.in.in depends on values which
are specified at configure time, so we cannot ship the corresponding
policy file in the tarball.

Since we need to regenerate one policy file, we might as well generate
them all.
2014-07-11 16:10:53 -04:00
Zbigniew Jędrzejewski-Szmek
3b1a55e110 Fix build without any compression enabled 2014-07-11 10:42:27 -04:00
Lennart Poettering
cabb0bc6b1 nss-mymachines: add new NSS module for automatically resolving addresses of all local containers 2014-07-11 03:15:21 +02:00
Lennart Poettering
2de30868ed build-sys: export sd_path APIs 2014-07-11 03:13:24 +02:00
Lennart Poettering
c9fdc26e96 nss-myhostname: move NSS boilerplate to nss-util.h 2014-07-10 23:33:55 +02:00
Lennart Poettering
3b653205cf shared: split out in_addr related calls from socket-util.[ch] into its private in-addr-util.[ch]
These are enough calls for a new file, and they are sufficiently
different from the sockaddr-related calls, hence let's split this out.
2014-07-10 21:15:26 +02:00
Lennart Poettering
e80af1bddd nss-myhostname: move local address listing logic into shared, so that we can make use of it from machined 2014-07-10 21:01:25 +02:00
Lennart Poettering
947127ff62 nss-myhostname: only export the NSS entry point symbols, nothing else 2014-07-10 20:38:07 +02:00
Lennart Poettering
47efffc22b nss-myhostname: following the usual naming scheme for .c/.h files 2014-07-10 20:25:21 +02:00
Kay Sievers
b72ddf0f4f timedated: manage systemd-timesyncd directly instead of lists of alternatives
Alternative NTP implementations should add a:
  Conflicts=systemd-timesyncd.service
to take over the built-in NTP functionality of systemd.
2014-07-09 17:04:11 +02:00
Michael Biebl
2945a452b0 escape: move to rootbindir
The systemd-escape utility might be used during early boot (e.g. when
being triggered from udev rules), so move it to rootbindir to support
systems with a split /usr setup.
2014-07-08 21:06:07 +02:00
Michael Biebl
b1a5a9989a add new systemd-escape tool 2014-07-07 22:23:42 +02:00
Susant Sahani
fe8ac65b68 networkd: add support for mode
This patch adds supports networkd to configure bond mode
during creation via persistent conf. Mode can be configured
with conf param 'Mode'. A new section Bond is added to the
conf to support bond mode.

These modes can be configured now.

balance-rr
active-backup
balance-xor
broadcast
802.3ad
balance-tlb
balance-alb

Example conf file: test-bond.conf
[NetDev]
Name=bond1
Kind=bond

[Bond]
Mode=balance-xor

Test case:
1. start networkd service:

12: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN mode DEFAULT group default
link/ether 22:89:6c:47:23:d2 brd ff:ff:ff:ff:ff:ff

2. find bond mode:

cat /proc/net/bonding/bond1
    Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
    Bonding Mode: load balancing (xor)
    Transmit Hash Policy: layer2 (0)
    MII Status: up
    MII Polling Interval (ms): 0
    Up Delay (ms): 0
    Down Delay (ms): 0

Changes:
       1. Added file networkd-bond.c
       2. Bond mode enum BondMode
       3. conf section [Bond]

[tomegun: whitespace]
2014-07-07 21:52:01 +02:00
Lennart Poettering
e26807239b firstboot: get rid of firstboot generator again, introduce ConditionFirstBoot= instead
As Zbigniew pointed out a new ConditionFirstBoot= appears like the nicer
way to hook in systemd-firstboot.service on first boots (those with /etc
unpopulated), so let's do this, and get rid of the generator again.
2014-07-07 21:05:09 +02:00
Lennart Poettering
418b9be500 firstboot: add new component to query basic system settings on first boot, or when creating OS images offline
A new tool "systemd-firstboot" can be used either interactively on boot,
where it will query basic locale, timezone, hostname, root password
information and set it. Or it can be used non-interactively from the
command line when prepareing disk images for booting. When used
non-inertactively the tool can either copy settings from the host, or
take settings on the command line.

$ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi

The tool will be automatically invoked (interactively) now on first boot
if /etc is found unpopulated.

This also creates the infrastructure for generators to be notified via
an environment variable whether they are running on the first boot, or
not.
2014-07-07 15:25:55 +02:00
Lennart Poettering
7568345034 shared: make timezone and locale enumeration and validation generic
This way we can reuse it other code thatn just localectl/localed +
timedatectl/timedated.
2014-07-07 15:25:55 +02:00
Zbigniew Jędrzejewski-Szmek
fd53fee04b compress: add benchmark-style test
This is useful to test the behaviour of the compressor for various buffer
sizes.

Time is limited to a minute per compression, since otherwise, when LZ4
takes more than a second which is necessary to reduce the noise, XZ
takes more than 10 minutes.

% build/test-compress-benchmark (without time limit)
XZ: compressed & decompressed 2535300963 bytes in 794.57s (3.04MiB/s), mean compresion 99.95%, skipped 3570 bytes
LZ4: compressed & decompressed 2535303543 bytes in 1.56s (1550.07MiB/s), mean compresion 99.60%, skipped 990 bytes

% build/test-compress-benchmark (with time limit)
XZ: compressed & decompressed 174321481 bytes in 60.02s (2.77MiB/s), mean compresion 99.76%, skipped 3570 bytes
LZ4: compressed & decompressed 2535303543 bytes in 1.63s (1480.83MiB/s), mean compresion 99.60%, skipped 990 bytes

 It appears that there's a bug in lzma_end where it leaks 32 bytes.
2014-07-06 19:06:03 -04:00
Zbigniew Jędrzejewski-Szmek
d89c8fdf48 journal: add LZ4 as optional compressor
Add liblz4 as an optional dependency when requested with --enable-lz4,
and use it in preference to liblzma for journal blob and coredump
compression. To retain backwards compatibility, XZ is used to
decompress old blobs.

Things will function correctly only with lz4-119.

Based on the benchmarks found on the web, lz4 seems to be the best
choice for "quick" compressors atm.

For pkg-config status, see http://code.google.com/p/lz4/issues/detail?id=135.
2014-07-06 19:06:03 -04:00
Lennart Poettering
252ff40a38 build-sys: bump package and library versions 2014-07-03 20:48:40 +02:00
Susant Sahani
30ae9dfda3 networkd: Introduce tun/tap device
This patch introduces TUN/TAP device creation support
to networkd.

Example conf to create a tap device:

file: tap.netdev
------------------
[NetDev]
Name=tap-test
Kind=tap

[Tap]
OneQueue=true
MultiQueue=true
PacketInfo=true
User=sus
Group=sus
------------------

Test:
1. output of ip link
tap-test: tap pi one_queue UNKNOWN_FLAGS:900 user 1000 group 1000

id:
uid=1000(sus) gid=10(wheel) groups=10(wheel),1000(sus)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Modifications:

Added:
1. file networkd-tuntap.c
3. netdev kind NETDEV_KIND_TUN and NETDEV_KIND_TAP
2. Tun and Tap Sections and config params to parse
   conf and gperf conf parameters

[tomegun: tweak the 'kind' checking for received ifindex]
2014-07-03 11:00:02 +02:00
Tom Gundersen
0372cb2bd2 networkd: split out vlan and macvlan handling 2014-07-03 11:00:01 +02:00
Lennart Poettering
9a00f57a5b path: add new "systemd-path" utility for querying paths described in file-hierarchy(7)
This new tool is based on "sd-path", a new (so far unexported) API for
libsystemd, that can hopefully grow into a workable API covering /opt
and more one day.
2014-07-02 12:23:36 +02:00
Tom Gundersen
9e358851b4 networkd: netdev - add dummy support 2014-07-01 22:10:07 +02:00
Zbigniew Jędrzejewski-Szmek
2968644080 Move x-systemd-device.timeout handling from core to fstab-generator
Instead of adjusting job timeouts in the core, let fstab-generator
write out a dropin snippet with the appropriate JobTimeout.
x-systemd-device.timeout option is removed from Options= line
in the generated unit.

The functions to write dropins are moved from core/unit.c to
shared/dropin.c, to make them available outside of core.

generator.c is moved to libsystemd-label, because it now uses
functions defined in dropin.c, which are in libsystemd-label.
2014-06-30 18:39:45 -04:00
Lennart Poettering
d4e85aac0b pc: expose more drop-in dirs in the .pc file 2014-06-30 23:19:00 +02:00
Lennart Poettering
94655a1670 sysusers: split up default sysusers snippet
This ways, distributions have an easier way to replace the OS specific
generic groups/users while keeping systemd's own.
2014-06-29 22:27:07 +02:00
Lennart Poettering
0dc5d23c85 coredump: add simple coredump vacuuming
When disk space taken up by coredumps grows beyond a configured limit
start removing the oldest coredump of the user with the most coredumps,
until we get below the limit again.
2014-06-27 19:35:57 +02:00
Filipe Brandenburger
0c26bfc3d2 build-sys: include PolicyKit files as part of distribution
So that building from an archive works even if intltool is not present.
The README file already mentioned that intltool should only be required
when building from git.

Tested: Built it from the distribution archive on a host without intltool.
  $ ./configure --enable-polkit
  $ make
2014-06-26 01:41:05 -04:00
Michael Olbrich
3210412576 install: enable timesyncd by default
This treats it similarly to networkd, resolved and others and it matches
what 90-systemd.preset does.
2014-06-26 01:41:05 -04:00
Ronny Chevalier
843fecc076 tests: add test-compress 2014-06-25 02:04:42 +02:00
Kay Sievers
3577de7ac3 nspawn: create essential base directories at system bootup
This allows us to bootup a rootfs with a /usr directory only.
2014-06-24 15:41:03 +02:00
Ronny Chevalier
5549f483d0 build-sys: do not run coverage if build failed 2014-06-24 02:40:51 +02:00
Ronny Chevalier
e80cde5e96 tests: add test-ratelimit 2014-06-24 02:40:50 +02:00
Zbigniew Jędrzejewski-Szmek
dfdd0e0730 Add systemd-coredumpctl as an alias for coredumpctl
Should make the transition easier for exisiting users.
2014-06-22 15:30:19 -04:00
Ronny Chevalier
e6b5c5d03c tests: add test-async 2014-06-22 00:36:19 +02:00
Ronny Chevalier
6160e473fc tests: add test-capability 2014-06-22 00:36:19 +02:00
Ronny Chevalier
8e75477abd build-sys: add -pthread flag for libsystemd-shared
src/shared/async.c uses pthread so it will fail at link time if we link
only to libsystemd-shared and use async
2014-06-22 00:36:19 +02:00
Kay Sievers
aac5ad0d25 build-sys: replace nm with $(NM) 2014-06-21 16:50:11 +02:00
Kay Sievers
706b7936d0 gudev: replace regex with sym file 2014-06-21 16:25:15 +02:00
Kay Sievers
e09c69d9fd pam_systemd: replace regex with sym file 2014-06-21 15:45:49 +02:00
Kay Sievers
dfb0c6cc3b pam_systemd: rename source file to match the module 2014-06-21 15:44:14 +02:00
Filipe Brandenburger
65adc982db build-sys: check that compat-libs are enabled for "make dist"
Running "make dist" requires --enable-compat-libs since DIST_SOURCES will list
generated files such as libsystemd-daemon.c.

Tested:
  $ ./configure && make && make dist
  *** compat-libs must be enabled in order to make dist
  make: *** [dist-check-compat-libs] Error 1
2014-06-20 18:44:40 -04:00
Filipe Brandenburger
279419b379 build-sys: check that python is enabled for "make dist"
Running "make dist" requires Python support since some of the man page sources
(such as man/systemd.index.xml and man/systemd.directives.xml) are generated by
Python scripts, so break "make dist" and give an useful error message when
Python or the Python lxml module is not available.

Tested:
  $ ./configure --without-python && make && make dist
  *** python and python-lxml module must be installed and enabled in order to make dist
  make: *** [dist-check-python] Error 1
2014-06-20 18:44:40 -04:00
Filipe Brandenburger
b9d5b4c30d build-sys: configure --with-python when running distcheck
Python support is pretty much essential to create man pages, so we should make
sure that distcheck will request it during configure.

Tested: Successfully ran "make distcheck" and confirmed --with-python was
present in the ./configure run inside the unpacked distribution directory.
2014-06-20 18:44:40 -04:00
Filipe Brandenburger
49100d2abd build-sys: do not include id128-constants.h in the dist archive
File src/python-systemd/id128-constants.h is auto generated and its generation
does not require special tools, only sed.  There is no point in bundling it in
the distribution archive, so let's mark it as nodist_ to have it excluded.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=80006

Tested: Successfully ran "make dist" after ./configure --without-python.
2014-06-20 18:44:40 -04:00
Filipe Brandenburger
61b5c82d91 build-sys: add sysusers.d/systemd.conf to CLEANFILES
The sysusers.d/systemd.conf configuration file was originally introduced in
commit 1b99214789, but it was not marked for cleanup.  This caused distcheck
to complain about the file not being removed by distcleam.

Tested: Successfully ran "make distcheck" with this patchset.
2014-06-20 14:27:25 +02:00
Michael Marineau
09e00c524f test: ensure conf_files_list returns absolute paths 2014-06-20 00:10:47 -04:00
Filipe Brandenburger
228b2a1277 sd-dhcp6-client: include dhcp6-protocol.h in the list of sources
If the file is not listed, then "make dist" will not include it.

Tested: "make distcheck" works after this fix is applied.

Fixes: 139b011ab8
2014-06-20 00:25:08 +02:00
Filipe Brandenburger
ab2bc6feee sd-dhcp6-client: fix path of sd-icmp6-nd.h in Makefile.am
It was incorrectly looking for a file in src/libsystemd-network/ when the file was actually deployed to src/systemd/ instead.  This broke "make dist".

Tested: "make dist" works again after this patchset is applied.

Fixes: f20a35cc0d
2014-06-20 00:25:04 +02:00
Filipe Brandenburger
302c9d6c8b sd-dhcp6-client: remove bogus dependency on dhcp6-icmp6.h
Makefile.am had a reference to it but it none of the sources included it.

Tested: "make dist" works again after this patchset is applied.

Fixes: 2ea8857eff
2014-06-20 00:25:00 +02:00
Lennart Poettering
326bb68c40 debug-generator: add new generator
debug-generator can mask specific units if they are specified on the
kernel command line with systemd.mask=.

debug-generator can pull in debug-shell.service is systemd.debug-shell
is passed on the kernel command line.
2014-06-19 16:33:01 +02:00
Patrik Flykt
3fb2c57038 sd-dhcp6-lease: Add DHCPv6 lease handling
Create a structure describing a DHCPv6 lease. Add internal functions
for creating a new lease and accessing the server ID, preference and
IAID. Provide functions for clearing addresses and associated timers.

External users are initially given only the capabilities of
referencing and unreferencing the lease structure.
2014-06-19 15:44:44 +03:00
Patrik Flykt
2ea8857eff sd-dhcp6-client: Add DHCPv6 Solicit test case
Verify the Solicit message created by the DHCPv6 client code.

Provide local variants for detect_vm(), detect_container() and
detect_virtualization() defined in virt.h. This makes the DHCPv6
library believe it is run in a container and does not try to request
interface information from udev for the non-existing interface index
used by the test case code.
2014-06-19 15:44:44 +03:00
Patrik Flykt
f12ed3bf0b sd-dhcp6-client: Add basic DHCPv6 option handling
Add option appending and parsing. DHCPv6 options are not aligned, thus
the option handling code must be able to handle options starting at
any byte boundary.

Add a test case for the basic option handling.
2014-06-19 15:44:43 +03:00
Patrik Flykt
813e3a6ffc sd-dhcp6-client: Add basic DHCPv6 test cases
Add test cases for basic DHCPv6 client handling, e.g. setting
interface index, mac address and attaching event loop.
2014-06-19 15:44:43 +03:00
Patrik Flykt
f20a35cc0d sd-icmp6-nd: Add initial Router Advertisement test case
Feed a Router Advertisement to the code and expect proper events
each time. The sending part is ignored, as all of it is static code
in the real dhcp_network_icmp6_send_rs() function.
2014-06-19 15:44:43 +03:00
Patrik Flykt
e316912679 sd-icmp6-nd: Add Router Solicitation and Advertisement support
Provide functions to bind the ICMPv6 socket to the approriate interface
and set multicast sending and receiving according to RFC 3493, section
5.2. and RFC 3542, sections 3. and 3.3. Filter out all ICMPv6 messages
except Router Advertisements for the socket in question according to
RFC 3542, section 3.2.

Send Router Solicitations to the all routers multicast group as
described in RFC 4861, section 6. and act on the received Router
Advertisments according to section 6.3.7.

Implement a similar API for ICMPv6 handling as is done for DHCPv4 and
DHCPv6.
2014-06-19 15:44:43 +03:00
Lennart Poettering
f4bab1690e coredump: coredumpctl is so useful now, make it a first-class citizen
Drop the "systemd-" prefix, renaming it from "systemd-coredumpctl" to
"coredumpctl".
2014-06-19 13:46:01 +02:00
Lennart Poettering
8d4e028f18 coredump: include stacktrace of coredumps in the log message
elfutils' libdw is maintained, can read DWARF debug data and appears to
be the library of choice for generating backtraces today.
2014-06-19 12:38:45 +02:00
Lennart Poettering
34c10968cb coredump: optionally store coredumps on disk, not in the journal
Introduce a new configuration file /etc/systemd/coredump.conf to
configure when to place coredumps in the journal and when on disk.

Since the coredumps are quite large, default to storing them only on
disk.
2014-06-19 00:00:24 +02:00
Lennart Poettering
11bf3cced1 networkd: add address pool support
When an address is configured to be all zeroes, networkd will now
automatically find a locally unused network of the right size from a
list of pre-configured pools. Currently those pools are 10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16 and fc00::/7, i.e. the network ranges for
private networks. They are compiled in, but should be configurable
eventually.

This allows applying the same configuration to a large number of
interfaces with each time a different IP range block, and management of
these IP ranges is fully automatic.

When allocating an address range from the pool it is made sure the range
is not used otherwise.
2014-06-18 18:28:29 +02:00
Lennart Poettering
9542239eaf cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup
https://bugzilla.redhat.com/show_bug.cgi?id=1097938
2014-06-18 00:09:46 +02:00
Ronny Chevalier
fe582db94b build-sys: add missing backslash 2014-06-17 17:29:47 -04:00
Lennart Poettering
a1259e0a14 build-sys: touch /usr on "make install"
this way, the "make install" will be detected as offline update on next
boot.
2014-06-17 03:09:27 +02:00
Lennart Poettering
1713703c96 preset: ship a minimal preset file upstream
This is useful so that distros have something to base their own policy
of. It also useful to make sure that minimal installs always get useful
configuration in place.
2014-06-17 02:43:44 +02:00
Ronny Chevalier
106ecd769d tests: add test-fdset 2014-06-16 20:38:22 +02:00
Ronny Chevalier
c182135d3a tests: add test-socket-util 2014-06-16 20:38:22 +02:00
Susant Sahani
326cb4061a networkd: introduce vxlan
This patch enables netwokd to create vxlan

Changes:
Added:
	1. File networkd networkd-vxlan.c
	2. to netdev
	    bool learning
	    struct in_addr group
	    uint64_t vxlanid;
	3. VXLAN subsection and config
	   parameters
2014-06-16 20:38:22 +02:00
Lennart Poettering
137243fd13 units: add a service to invoke ldconfig on system updates at boot 2014-06-16 12:33:22 +02:00
Lennart Poettering
b532bdeae9 rpm: add RPM macros to apply sysusers, sysctl, and binfmt drop-ins
With this in place RPMs can make sure that whatever they drop in is
immeidately applied, and not delayed until next reboot.

This also moves systemd-sysusers back to /usr/bin, since hardcoding the
path to /usr/lib in the macros would mean compatibility breaks in
future, should we turn sysusers into a command that is actually OK for
people to call directly. And given that that is quite likely to happen
(since it is useful to prepare images with its --root= switch), let's
just prepare for it.
2014-06-13 20:11:59 +02:00
Tom Gundersen
b44cd88210 sd-dhcp-server: add basic functionality for creating/destroying server instance 2014-06-13 16:53:13 +02:00
Lennart Poettering
55745f2054 tmpfiles: add minimal tmpfiles snippet to rebuild the most essential stuff from /etc 2014-06-13 13:29:25 +02:00
Lennart Poettering
ecde7065f7 units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on boot
Only when necessary of course, nicely guarded with the new
ConditionNeedsUpdate= condition we added.
2014-06-13 13:26:32 +02:00
Lennart Poettering
8ea48dfcd3 update-done: add minimal tool to manage system updates for /etc and /var, if /usr has changed
In order to support offline updates to /usr, we need to be able to run
certain tasks on next boot-up to bring /etc and /var in line with the
updated /usr. Hence, let's devise a mechanism how we can detect whether
/etc or /var are not up-to-date with /usr anymore: we keep "touch
files" in /etc/.updated and /var/.updated that are mtime-compared with
/usr. This means:

Whenever the vendor OS tree in /usr is updated, and any services that
shall be executed at next boot shall be triggered, it is sufficient to
update the mtime of /usr itself. At next boot, if /etc/.updated and/or
/var/.updated is older than than /usr (or missing), we know we have to
run the update tools once. After that is completed we need to update the
mtime of these files to the one of /usr, to keep track that we made the
necessary updates, and won't repeat them on next reboot.

A subsequent commit adds a new ConditionNeedsUpdate= condition that
allows checking on boot whether /etc or /var are outdated and need
updating.

This is an early step to allow booting up with an empty /etc, with
automatic rebuilding of the necessary cache files or user databases
therein, as well as supporting later updates of /usr that then propagate
to /etc and /var again.
2014-06-13 13:26:32 +02:00
Lennart Poettering
48e93f88ff sysusers: move systemd-sysusers to libexec for now 2014-06-13 13:26:32 +02:00
Lennart Poettering
f8b5d99408 sysuser: generate default snippet incorporating TTY_GID properly
When the user specifies --with-tty-gid= then we should honour that and
write it to the snippet, too.
2014-06-12 23:22:27 +02:00
Lennart Poettering
1b99214789 sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.

The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.

This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.

The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.

The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.

This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
2014-06-12 23:07:33 +02:00
Lennart Poettering
42a04ee69c build-sys: update library versions 2014-06-11 15:30:28 +02:00
Lennart Poettering
a4a878d040 units: introduce network-pre.target as place to hook in firewalls
network-pre.target is a passive target that should be pulled in by
services that want to be executed before any network is configured (for
example: firewall scrips).

network-pre.target should be ordered before all network managemet
services (but not be pulled in by them).

network-pre.target should be order after all services that want to be
executed before any network is configured (and be pulled in by them).
2014-06-11 12:14:55 +02:00
Lennart Poettering
9339db7187 tmpfiles: always recreate the most basic directory structure in /var
Let's allow booting up with /var empty. Only create the most basic
directories to get to a working directory structure and symlink set in
/var.
2014-06-11 00:12:21 +02:00
Lennart Poettering
849958d1ba tmpfiles: add new "C" line for copying files or directories 2014-06-10 23:02:40 +02:00
Dave Reisner
bfa501e150 build: fix copypaste error in networkd-wait-online symlink 2014-06-09 08:48:21 -04:00
Thomas Hindoe Paaboel Andersen
95ed3294c6 Move handling of sysv initscripts to a generator
Reuses logic from service.c and the rc-local generator.

Note that this drops reading of chkconfig entirely. It also drops reading
runlevels from the LSB headers. The runlevels were only used to check for
runlevels outside of the normal 1-5 range and then add special dependencies
and settings. Special runlevels were dropped in the past so it seemed to be
unused code.

The generator does not know about non-generated units with a value set with
SysVStartPriority=. These are therefor not taken into account when converting
start priority to before/after.
2014-06-07 00:59:32 +02:00
Lennart Poettering
bcf3295d2b bus: add basic dbus1 policy parser
Enforcement is still missing, but at least we can parse it now.
2014-06-06 19:41:24 +02:00
Lennart Poettering
fb69d7096d socket-proxyd: port to asynchronous name resolution using sd-resolve 2014-06-05 16:12:48 +02:00
Lennart Poettering
03ee5c38cb journald: move /dev/log socket to /run
This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.
2014-06-04 16:53:58 +02:00
Lennart Poettering
6a010ac9e5 bus-proxy: drop priviliges if we can
Either become uid/gid of the client we have been forked for, or become
the "systemd-bus-proxy" user if the client was root. We retain
CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-04 11:13:08 +02:00
Tom Gundersen
682265d5e2 resolved: run as unpriviliged "systemd-resolve" user
This service is not yet network facing, but let's prepare nonetheless.
Currently all caps are dropped, but some may need to be kept in the
future.
2014-06-03 10:40:28 +02:00
Tom Gundersen
bddfc8afd3 networkd: drop CAP_SYS_MODULE
Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.
2014-06-03 00:40:23 +02:00
Susant Sahani
10142d75cc networkd: introduce veth device support
This patch adds veth device support to networkd.

Example conf:

File: veth.netdev

[NetDev]
Name=veth-test
Kind=veth

[Peer]
Name=veth-peer
2014-06-02 16:09:40 +02:00
Lennart Poettering
d3cf48f4bd networkd: run as unpriviliged "systemd-network" user
This allows us to run networkd mostly unpriviliged with the exception of
CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter
though...
2014-06-01 09:12:00 +02:00
Lennart Poettering
fdd2531170 virt: rework container detection logic
Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.

Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
2014-05-28 18:53:44 +08:00
Lennart Poettering
76d4bef384 build-sys: bump package and library version 2014-05-27 19:02:22 +08:00
Djalal Harouni
e866af3acc nspawn: make nspawn robust to container failure
nspawn and the container child use eventfd to wait and notify each other
that they are ready so the container setup can be completed.

However in its current form the wait/notify event ignore errors that
may especially affect the child (container).

On errors the child will jump to the "child_fail" label and terminate
with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd
is created without the "EFD_NONBLOCK" flag, this leaves the parent
blocking on the eventfd_read() call. The container can also be killed
at any moment before execv() and the parent will not receive
notifications.

We can fix this by using cheap mechanisms, the new high level eventfd
API and handle SIGCHLD signals:

* Keep the cheap eventfd and EFD_NONBLOCK flag.

* Introduce eventfd states for parent and child to sync.
Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or
EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the
parent from waiting on an event that will never come.

* If the child is killed before execv() or before notifying the parent,
we install a NOP handler for SIGCHLD which will interrupt blocking calls
with EINTR. This gives a chance to the parent to call wait() and
terminate in main().

* If there are no errors, parent will block SIGCHLD, restore default
handler and notify child which will do execv(), then parent will pass
control to process_pty() to do its magic.

This was exposed in part by:
https://bugs.freedesktop.org/show_bug.cgi?id=76193

Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-25 11:23:35 +08:00
Kay Sievers
24efb11245 shared: rename hwclock.[ch] to clock-util.[ch] 2014-05-24 07:56:20 +09:00
Kay Sievers
5052e3996d build-sys: let libsystemd_network pull in libudev-internal.la
On Thu, May 22, 2014 at 9:53 AM, Jan Engelhardt <jengelh@inai.de> wrote:
>
> If libsystemd-network.la is relying on that udev function, it ought
> to specify libudev(-internal).la in libsystemd_network_la_LIBADD.
2014-05-22 10:19:07 +09:00
Kay Sievers
2f14583f47 build-sys: do not run symbol list export test for compat-only libs
The verbose link-time deprecation warnings are annoying. These libs
will never change or be extended; there is no need to test the list
of exported symbols.
2014-05-22 09:46:09 +09:00
Kay Sievers
ffcf82d250 build-sys: fix linking order
./.libs/libsystemd-network.a(libsystemd_network_la-network-internal.o):
  network-internal.c:function net_get_unique_predictable_data:
  error: undefined reference to 'udev_device_get_property_value'
collect2: error: ld returned 1 exit status
2014-05-22 09:46:09 +09:00
Kay Sievers
5590bbe529 Makefile.am: fix whitespace 2014-05-22 09:46:09 +09:00
Jan Engelhardt
f884afb206 build: put missing KMOD_CFLAGS into Makefile
The build fails if kmod is not in a default location.
2014-05-22 09:27:26 +09:00
Lennart Poettering
f7dc3ab9f4 logind: don't apply RemoveIPC= to system users
We shouldn't destroy IPC objects of system users on logout.

http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html

This introduces SYSTEM_UID_MAX defined to the maximum UID of system
users. This value is determined compile-time, either as configure switch
or from /etc/login.defs. (We don't read that file at runtime, since this
is really a choice for a system builder, not the end user.)

While we are at it we then also update journald to use SYSTEM_UID_MAX
when we decide whether to split out log data for a specific client.
2014-05-21 09:36:49 +09:00
Tom Gundersen
091a364c80 resolved: add daemon to manage resolv.conf
Also remove the equivalent functionality from networkd.
2014-05-19 18:14:56 +02:00
Lennart Poettering
4eaea66423 network: always take possession of host side of nspawn veth tunnels and do IPv4LL on them 2014-05-18 20:52:49 +09:00
Lennart Poettering
a349eb10d3 timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still with CAP_SYS_TIME) 2014-05-18 20:52:49 +09:00
Tom Gundersen
2dcf7ec6ec networkd: manager - read fallback DNS servers from config file
We will still use the compiled-in defaults if no DNS entry exists in the config file.
2014-05-16 19:48:25 +02:00
Cristian Rodríguez
679be2a742 network: fix build failure, missing KMOD_XXX flags
- Add KMOD_CFLAGS and KMOD_LIBS where appropiate
- networkd now requires kmod. make --disable-kmod --enable-networkd
to raise an error.
2014-05-15 18:51:54 +02:00
Zbigniew Jędrzejewski-Szmek
058fb31996 readahead: add test to show fs_on_ssd() result 2014-05-15 15:29:59 +02:00
Lennart Poettering
19befb2d5f sd-bus: introduce sd_bus_slot objects encapsulating callbacks or vtables attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.

Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
2014-05-15 01:15:30 +02:00
David Herrmann
e0dd92729e shared: add ring buffer
New "struct ring" object that implements a basic ring buffer for arbitrary
byte-streams. A new basic runtime test is also added.

This will be needed for our pty helpers for systemd-console and friends.
2014-05-13 22:08:13 +02:00
Susant Sahani
7951dea209 networkd: introduce ipip tunnel
This patch enables basic ipip tunnel support.
It works with kernel module ipip

example conf:

file: ipip.netdev

[NetDev]
Name=ipip-tun
Kind=ipip
MTUBytes=1480

[Tunnel]
Local=192.168.223.238
Remote=192.169.224.239
TTL=64

file: ipip.network

[Match]
Name=em1

[Network]
Tunnel=ipip-tun

[tomegun:
         - drop unused variable
         - take ref when enslaving]
2014-05-12 17:37:12 +02:00
Tom Gundersen
e0e5ce237b timesyncd: only run when the system has a carrier on a network interface
As the operational state detection in sd-network is still too primitive, timesyncd
will likely try to connect a bit early, so the first attempt will fail.
2014-05-08 15:28:19 +02:00
Lennart Poettering
7b8b9686e0 timesyncd: hook up systemd-timesyncd with systemd-timedated
Later on we will probably remove support for controlling any other NTP
implementations but systemd-timesyncd, but for now, let's keep things
generic
2014-05-06 18:20:49 +02:00
Lennart Poettering
e8af69739a timesyncd: read server settings from a configuration file
Also, allow compiling in a default server list via a configure command
line item.
2014-05-06 17:02:11 +02:00
Lennart Poettering
856a5a7d76 timesyncd: lookup name server via sd-resolve, support IPv6, react to SIGINT/SITERM 2014-05-05 23:53:17 +02:00
Lennart Poettering
76cf10dab7 build-sys: move async.[ch] to src/shared
So that we can use it at multiple places.
2014-05-05 21:19:06 +02:00
Kay Sievers
d38cbe1bb7 build-sys: fix linking order for networkd-wait-only 2014-04-29 16:26:51 +02:00
Lennart Poettering
93f1bcf400 sd-resolve: rework sd-resolve to be callback based, similar in style to sd-bus and sd-event 2014-04-29 15:45:16 +02:00
Tom Gundersen
4c06153f7b networkd: fix distcheck 2014-04-29 15:42:05 +02:00
Kay Sievers
a91df40e69 timesyncd: add unit and man page 2014-04-29 09:51:53 +02:00
Kay Sievers
687ed1237b rename timedate-sntp to timesync 2014-04-28 17:08:52 +02:00
Umut Tezduyar Lindskog
d9bf4f8c6c libnetworkd: add link local tests
- Also only allow positive ifindex on both dhcp and ipv4ll

[tomegun: the kernel always sets a positive ifindex, but some APIs accept
          ifindex=0 with various meanings, so we should protect against
          accidentally passing ifindex=0 along.]
2014-04-27 23:39:13 +02:00
Tom Gundersen
cef8b07358 networkd-wait-online: drop config file and add commandline options instead 2014-04-26 01:20:12 +02:00
Lennart Poettering
0d522a7a05 errno: make sure to handle the 3 errnos that are aliases for others properly 2014-04-24 08:12:20 +02:00
Tom Gundersen
3a67e927e3 networkd-wait-online: improve interoptability and enable by default
To make sure we don't delay boot on systems where (some) network links are managed by someone else
we don't block if something else has successfully brought up a link.

We will still block until all links we are aware of that are  managed by networkd have been
configured, but if no such links exist, and someone else have configured a link sufficiently
that it has a carrier, it may be that the link is ready so we should no longer block.

Note that in all likelyhood the link is not ready (no addresses/routes configured),
so whatever network managment daemon configured it should provide a similar wait-online
service to block network-online.target until it is ready.

The aim is to block as long as we know networking is not fully configured, but no longer. This
will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't
know whether networkd is the main/only network manager.

Even in the case networking is fully configured by networkd, the default behavior may not be
sufficient: if two links need to be configured, but the first is fully configured before the
second one appears we will assume the network is up. To work around that, we allow specifying
specific devices to wait for before considering the network up.

This unit is enabled by default, just like systemd-networkd, but will only be pulled in if
anyone pulls in network-online.target.
2014-04-24 00:23:07 +02:00
Kay Sievers
0fbedd1fdc remove bus-driverd, the interface is now handled natively by bus-proxyd 2014-04-22 19:31:26 +02:00
Tom Gundersen
d1ca51b153 nss-myhostname: port to sd-rtnl 2014-04-19 18:39:24 +02:00
Zbigniew Jędrzejewski-Szmek
1dd5aa56d1 build-sys: do not try to build test-rtnl-manual w/o kmod 2014-04-17 23:39:54 -04:00
Łukasz Stelmach
7c4e5e4db8 build-sys: add libkmod flags for test_rtnl_manual 2014-04-17 23:39:54 -04:00
Kay Sievers
9ea28c55a2 udev: remove seqnum API and all assumptions about seqnums
The way the kernel namespaces have been implemented breaks assumptions
udev made regarding uevent sequence numbers. Creating devices in a
namespace "steals" uevents and its sequence numbers from the host. It
confuses the "udevadmin settle" logic, which might block until util a
timeout is reached, even when no uevent is pending.

Remove any assumptions about sequence numbers and deprecate libudev's
API exposing these numbers; none of that can reliably be used anymore
when namespaces are involved.
2014-04-13 17:12:14 -07:00
Kay Sievers
dec51b29f9 bus: update kdbus.h 2014-04-10 13:02:35 -07:00
Lukas Nykryn
13be49798c cgls: fix running with -M option
systemd-machined doesn't store cgroup path in a state file anymore.
Let's figure it out from the scope.
2014-04-10 11:46:51 +02:00
Kay Sievers
b6b20d1d36 build-sys: remove no longer needed user/org.freedesktop.DBus.busname 2014-04-02 11:34:59 +02:00
Tom Gundersen
d8e538ecd9 sd-rtnl: rework rtnl type system
Use a static table with all the typing information, rather than repeated
switch statements. This should make it a lot simpler to add new types.

We need to keep all the type info to be able to create containers
without exposing their implementation details to the users of the library.

As a freebee we verify the types of appended/read attributes.

The API is extended to nicely deal with unions of container types.
2014-03-28 19:11:59 +01:00
Kay Sievers
e57e4e2be3 build-sys: update "linkcheck"
<kay> ssuominen: and drop --no-as-needed from the linkcheck?
<kay> ssuominen: i expect it all triggers without the gc-sections thing alone
<ssuominen> if the intention is to make it strict as possible,
  to catch undefined references caused by missing -lfoo in linker line, then
  LDFLAGS="-Wl,-fuse-ld=gold -Wl,--as-needed -Wl,--no-gc-sections"
2014-03-26 19:22:17 +01:00
Kay Sievers
bc61d6ac01 build-sys: rename "check-broken" to "linkcheck" 2014-03-26 13:12:47 +01:00
Kay Sievers
381a662a90 build-sys: split "make upload" and "make tango" 2014-03-26 13:07:58 +01:00
Kay Sievers
4851ac4526 bus: provide org.freedesktop.systemd1.busname for systemd --user 2014-03-26 03:38:48 +01:00
Kay Sievers
0afee06b26 build-sys: disable test-cgroup-mask, it mangles valid user data in /run/user/$UID/
$ ./test-cgroup-mask
  ...
  rmdir("/run/user/2702/systemd/generator") = 0
  open("/run/user/2702/systemd/generator.late", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_NOFOLLOW|O_NOATIME|O_CLOEXEC) = 5
  fstat(5, {st_mode=S_IFDIR|0755, st_size=3200, ...}) = 0
  fcntl(5, F_GETFL)                       = 0x78800 (flags O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_NOFOLLOW|O_NOATIME)
  fcntl(5, F_SETFD, FD_CLOEXEC)           = 0
  getdents(5, /* 160 entries */, 32768)   = 10072
  unlinkat(5, "org.gnome.Weather.Application.busname", 0) = 0
  unlinkat(5, "dbus-org.gnome.Weather.Application.service", 0) = 0
  ...
2014-03-26 02:54:34 +01:00
Kay Sievers
5870f79a0b build-sys: add "make check-broken" to find limited-toolchain link errors 2014-03-26 01:36:57 +01:00
Kay Sievers
2fa495c8a4 build-sys: fix library link order 2014-03-25 23:29:43 +01:00
Kay Sievers
307e6d8304 build-sys: split-off internal libsystemd-resolve 2014-03-25 23:29:43 +01:00
Lennart Poettering
3b5b000fbc build-sys: prepare 212 2014-03-25 20:22:41 +01:00
Susant Sahani
9a6704a81f sd-rtnl: add support for tunnel attributes
Added support for tunneling netlink attrributes (ipip, gre, sit).
These works with kernel module ipip, gre and sit . The test cases are
moved to a separate file and manual test as well because they require
respective kernel modules as well.
2014-03-25 14:44:33 +01:00
Lennart Poettering
7f8aa67131 core: remove tcpwrap support
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.

Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
2014-03-24 20:07:42 +01:00
Tom Gundersen
c6f7c917a1 libsystemd-network: move network-utils from src/shared
This does not belong in shared as it is mostly a detail of our networking subsystem.

Moreover, now we can use libudev here, which will simplify things.
2014-03-21 21:54:37 +01:00
Daniel Mack
5892a914d1 busname: introduce Activating directive
Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.

If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running.
2014-03-19 02:25:36 +01:00
Lennart Poettering
58dfc42ecf build-sys: move sd-login src/login → src/libsystemd/sd-login
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
2014-03-17 18:35:48 +01:00
Zbigniew Jędrzejewski-Szmek
cc64d0175a journal-remote: HTTP(s) support
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.

Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.

The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
fdfccdbc98 journal-remote: tool to receive messages over the network 2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
cafc7f9130 journal-gatewayd: log to journal from gnutls
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
2014-03-17 01:55:48 -04:00
Wieland Hoffmann
d895500c47 zsh completion: Install _sd_machines with _machinectl
_machinectl uses _sd_machines to provide a list of all available
machines.
2014-03-15 00:32:06 -04:00
Sebastian Thorarensen
40b71e89ba journald: add support for wall forwarding
This will let journald forward logs as messages sent to all logged in
users (like wall).

Two options are added:
 * ForwardToWall (default yes)
 * MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.

This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
2014-03-14 22:05:25 +01:00
Lennart Poettering
66cdd0f2d0 logind: automatically remove SysV + POSIX IPC objects when the users owning them fully log out 2014-03-14 01:49:44 +01:00
Kay Sievers
bcdbbd7ee1 timedated: add SNTP client/query hookup (unused for now) 2014-03-14 00:38:03 +01:00
Zbigniew Jędrzejewski-Szmek
a878789268 build-sys: make sure we rebuild manpages when doing releases
https://bugs.freedesktop.org/show_bug.cgi?id=76056
2014-03-12 21:39:35 -04:00
Mike Gilbert
0ce91e4e3b build-sys: Fix move-to-rootlibdir
Since we now use ln -s --relative, using this sed statement is redundant
and causes broken symlinks to be installed.
2014-03-11 23:58:00 +01:00
Kay Sievers
4ef0809c22 build-sys: add libsystemd-label to network/dhcp users 2014-03-11 22:11:39 +01:00
Lennart Poettering
223763f580 build-sys: we still want to rebuild the tarball though on upload 2014-03-11 20:57:17 +01:00
Lennart Poettering
9f19a44770 build-sys: when I upload the tarball, don't run the whole distcheck thing again
I run this anyway, and given how slow it is now due to -flto, let's make
my workflow a bit faster...
2014-03-11 20:45:47 +01:00
Lennart Poettering
6bf6f402b6 build-sys: prepare release 211 2014-03-11 20:25:00 +01:00
Zbigniew Jędrzejewski-Szmek
7a249d0c1b build-sys: sign releases 2014-03-11 12:55:17 -04:00
Lennart Poettering
1b9e5b1263 nspawn: add --image= switch to boot GPT disk images that follow the Discoverable Partitions Specification 2014-03-10 20:35:52 +01:00
Armin K
e2eb18d56b build-sys: Don't distribute generated udev rule
It contains hardcoded path to systemd-sysctl executable which
is /usr/lib/systemd/systemd-sysctl on latest stable release and
as such it will complain at runtime if rootprefix != prefix

[zj: readd the file to nodist_udevrules_DATA]
2014-03-07 00:17:18 -05:00
Lennart Poettering
e48fdd8443 generators: rework mount generators
- Add support for finding and mounting /srv based on GPT data, similar
  to how we already handly /home.

- Share the fsck logic between GPT, EFI and fstab generators

- Make sure we never run the EFI generator inside containers

- Drop DefaultDependencies=no from EFI mount units

- Other fixes
2014-03-06 04:00:41 +01:00
Thomas Hindoe Paaboel Andersen
207017017d add bash completion for systemd-cat 2014-03-04 23:17:07 +01:00
Lennart Poettering
5e11d962c0 build-sys: work around broken ln --relative -s -f
As it appears "ln -s --relative" in conjunction with "-f" is broken,
let's work around that by explicitly remove the destination of the
symlink before we create it.

https://bugzilla.redhat.com/show_bug.cgi?id=1072103
2014-03-03 23:48:57 +01:00
Umut Tezduyar Lindskog
5c1d3fc93d sd-network: IPv4 link-local support [v2]
Implements IPv4LL with respect to RFC 3927
(http://tools.ietf.org/rfc/rfc3927.txt) and integrates it
with networkd. Majority of the IPv4LL state machine is
taken from avahi (http://avahi.org/) project's autoip.

IPv4LL can be enabled by IPv4LL=yes under [Network]
section of .network file.

IPv4LL works independent of DHCP but if DHCP lease is
aquired, then LL address will be dropped.

[tomegun: removed a trailing newline and a compiler warning]
2014-03-03 23:24:34 +01:00
Thomas Hindoe Paaboel Andersen
3bfe58cbd4 add bash completion for systemd-detect-virt 2014-03-03 22:18:37 +01:00
Lennart Poettering
4d7213b274 core: move ShowStatus type into the core
Let's make the scope of the show-status stuff a bit smaller, and make it
private to the core, rather than shared API in shared/.
2014-03-03 21:23:12 +01:00
Lennart Poettering
e2438b7a32 build-sys: prefer using ln --relative -s where appropriate
By using --relative symlinks look nicer when dealing with OS image trees
that are placed in arbitrary places of the OS.
2014-03-03 17:55:32 +01:00
Mike Gilbert
8100c1a8f5 Fix systemd-stdio-bridge symlink
The symlink is created in bindir (/usr/bin), and points to a binary
which lives in rootlibexecdir (/lib/systemd or /usr/lib/systemd). A
relative symlink does not work here.
2014-03-03 06:27:10 +01:00
Lennart Poettering
8f8f05a919 bus: add sd_bus_track object for tracking peers, and port core over to it
This is primarily useful for services that need to track clients which
reference certain objects they maintain, or which explicitly want to
subscribe to certain events. Something like this is done in a large
number of services, and not trivial to do. Hence, let's unify this at
one place.

This also ports over PID 1 to use this to ensure that subscriptions to
job and manager events are correctly tracked. As a side-effect this
makes sure we properly serialize and restore the track list across
daemon reexec/reload, which didn't work correctly before.

This also simplifies how we distribute messages to broadcast to the
direct busses: we only track subscriptions for the API bus and
implicitly assume that all direct busses are subscribed. This should be
a pretty OK simplification since clients connected via direct bus
connections are shortlived anyway.
2014-03-03 02:34:13 +01:00
Thomas Hindoe Paaboel Andersen
d9256bac4d add bash completion for systemd-cgtop 2014-03-02 23:07:35 +01:00
Zbigniew Jędrzejewski-Szmek
5f8fd969bd build-sys: fix location of network-util.h 2014-03-01 21:45:48 -05:00
Thomas Hindoe Paaboel Andersen
e1528e085c networkd-wait-online: use automatic cleanup 2014-03-01 23:16:55 +01:00
Thomas Hindoe Paaboel Andersen
abdab4f602 add bash completion for systemd-cgls 2014-03-01 23:10:38 +01:00
Zbigniew Jędrzejewski-Szmek
88ce2902ca build-sys: distribute kdbus documentation 2014-03-01 07:45:07 -05:00
Thomas Andersen
0d6883b6a8 bash: add completion for systemd-nspawn 2014-03-01 03:30:41 +01:00
Tom Gundersen
020d59000f networkd: add networkd-wait-online
This is mostly a proof of concept to try sd-network, so we don't
hook it up with a .service file quite yet. We probably want it to
be more clever about deciding when we are 'online'.

The binary  will wait for at least one network managed by networkd,
and until all networks managed by networkd are configured.
2014-02-28 01:17:38 +01:00
Tom Gundersen
fe8db0c5ee sd-network: add new library
This is similar to sd-login, but exposes the state of networkd rather than logind.

Include it in libsystemd-dhcp and rename it to libsystemd-network.
2014-02-28 01:01:13 +01:00
Armin K
2141e47892 build-sys: Do not distribute generated udev service files
They are already in nodist_systemunit_DATA and if they are
shipped, they contain hardcoded paths to udevadm and
systemd-udevd which will cause them to fail to start when
rootprefix != prefix and rootlibdir != libdir.
2014-02-27 01:11:59 -05:00
Tom Gundersen
911f4d4d60 build-sys: networkd - simplify makefile fragment 2014-02-26 23:16:34 +01:00
Lennart Poettering
4298d0b512 core: add new RestrictAddressFamilies= switch
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.

This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
2014-02-26 02:19:28 +01:00
Lennart Poettering
62ca29b81b build-sys: bump revisions and version 2014-02-24 19:25:00 +01:00
Lennart Poettering
43c71255b3 NEWS: prepare for release of 210 2014-02-24 18:34:12 +01:00
Kay Sievers
f01de9656d src/shared/ cannot reference symbols from libraries
../src/shared/unit-name.c:462: error: undefined reference to 'sd_bus_label_escape'
../src/shared/unit-name.c:477: error: undefined reference to 'sd_bus_label_unescape'
collect2: error: ld returned 1 exit status
2014-02-23 01:53:40 +01:00
Kay Sievers
03e37dd767 build-sys: build compat libs from sources, avoiding the not generally available ifunc wrapping 2014-02-22 21:28:55 +01:00
Kay Sievers
41fd4c4c15 build-sys: add seccomp includes where needed 2014-02-22 18:48:01 +01:00
Tom Gundersen
dd4d2c1cd1 networkd/nspawn: enable dhcp client on veth device created in guest
When starting systemd-nspawn with --network-veth, we create a veth device called
host0 in the guest. Pick up on this and start a dhcp client on it. We will also
pick up host0 netdevs created by other containers should they chose to use the
same name.
2014-02-22 18:29:43 +01:00
Kay Sievers
0031ccd306 build-sys: create /var/log/journal/ in journald section 2014-02-22 18:12:39 +01:00
Armin K
df40be6a14 build-sys: Also move libsystemd-journal to rootlibdir 2014-02-22 17:12:46 +01:00
Thomas Hindoe Paaboel Andersen
f0329635f8 Makefile: fix build on clang
needed after libsystemd-daemon was merged into libsystemd in
0ebee88184
2014-02-21 22:24:47 +01:00
Jason A. Donenfeld
a2fef7701b install: networkd.service depend on !--disable
It doesn't make any sense to symlink this unit file into /etc when the
unit file itself isn't even installed, with --disable-networkd. This
moves the GENERAL_ALIASES logic into the right "if" block.
2014-02-21 19:24:17 +01:00
Samuli Suominen
74fae4240f build-sys: make network files respect --rootprefix
With --rootprefix= systemd-udevd gets installed to /lib/systemd, and since
the network configuration is also required during early boot, it should be
available there with it. Using --prefix= is not an option since it would
put everything, including pkg-config files, man pages, documentation, to /
which is not wanted. This commit puts 99-default.link to
/lib/systemd/network/ when required.
2014-02-21 16:05:02 +01:00
Tom Gundersen
ca1a384769 install: enable networkd by default
This treats it similarly to getty@tty1.service and remote-fs.target, which can be
enabled/disabled, but defaults to enabled.
2014-02-21 14:38:04 +01:00
Jason A. Donenfeld
c4a0b20c7a install: do not statically enable systemd-networkd
[tomegun: pruned the commit message as not to contradict the follow-up commit]
2014-02-21 14:37:53 +01:00
Zbigniew Jędrzejewski-Szmek
7c071fda94 build-sys: add conditionals and regenerate manpage list
The list of man pages is auto generated, based on conditonal='...'
attributes in the man page itself.
2014-02-20 22:43:27 -05:00
Michael Scherer
eef65bf3ee core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
2014-02-21 03:44:20 +01:00
Michael Scherer
8eea53dd45 build-sys: Fix compilation of nspawn when seccomp is not enabled 2014-02-21 03:10:09 +01:00
Lennart Poettering
099524d7b0 core: add new ConditionArchitecture() that checks the architecture returned by uname()'s machine field. 2014-02-21 02:43:14 +01:00
Thomas Hindoe Paaboel Andersen
95fe27d930 bootctl: add bash completion 2014-02-20 23:13:11 +01:00
Tom Gundersen
c0dda18697 networkd: netdev - allow filtering on kernel cmdline, host and virt 2014-02-20 22:12:25 +01:00
Tom Gundersen
b77c08e06b condition: split out most of condition handling into libsystemd-shard
The parts that require linknig to libcap, libselinux and friends stays in libsystemd-core.
2014-02-20 20:14:33 +01:00
Lennart Poettering
f0f2e63bb2 macro: introduce nice macro for disabling -Wmissing-prototypes warnigs 2014-02-20 18:47:33 +01:00
Dave Reisner
e288d6a81a readd journald.so install hooks under libsystemd.so
Inadvertently removed in add00dfd1f.
2014-02-20 09:05:59 -05:00
Lennart Poettering
24442f3b25 build-sys: missing EXTRA_DIST 2014-02-20 01:22:12 +01:00
Lennart Poettering
3d3143b44f build-sys: install compat .pc file 2014-02-20 00:54:42 +01:00
Lennart Poettering
62ae6dd4fa build-sys: add linkwarning.h to tarball 2014-02-20 00:25:37 +01:00
Tom Gundersen
e51660ae56 udev: net-config - allow interface names to be set from the hwdb 2014-02-19 23:29:51 +01:00
Kay Sievers
b20e61f436 build-sys: enable compat-libs for distcheck 2014-02-19 20:53:18 +01:00
Kay Sievers
2b0a23e864 build-sys: export experimental symbols only with --enable-kdbus 2014-02-19 20:53:18 +01:00
Kay Sievers
4a8cf55467 build-sys: add gcrypt CFLAGS 2014-02-19 18:46:27 +01:00
Kay Sievers
add00dfd1f build-sys: merge libsystemd-journal into libsystemd 2014-02-19 18:12:58 +01:00
Thomas Hindoe Paaboel Andersen
51f6888bfc busctl: install bash completion 2014-02-19 18:05:07 +01:00
Zbigniew Jędrzejewski-Szmek
49a356c258 build-sys: fixups for libsystemd-daemon merge 2014-02-18 20:32:40 -05:00
Kay Sievers
be4b47cb52 build-sys: install headers with --enable-kdbus 2014-02-19 02:24:57 +01:00
Kay Sievers
0ebee88184 build-sys: merge libsystemd-daemon into libsystemd 2014-02-19 01:09:19 +01:00
Thomas Hindoe Paaboel Andersen
0bc8e31b35 delta: add bash completion 2014-02-18 22:34:59 +01:00
Lennart Poettering
e9642be2cc seccomp: add helper call to add all secondary archs to a seccomp filter
And make use of it where appropriate for executing services and for
nspawn.
2014-02-18 22:14:00 +01:00
Thomas Hindoe Paaboel Andersen
e56056e93d machinectl: add bash completion 2014-02-18 21:14:30 +01:00
Cristian Rodríguez
0b7005eb0a fix SECCOMP_CFLAGS usage
SECCOMP_CFLAGS must be in the global CFLAGS as <seccomp.h> is
included in core/execute.h. when seccomp.h is not in the standard
path.(i.e openSUSE has it in /usr/include/pkg/libseccomp/, precisely to
catch this kind of bugs) compiling systemd fails.
2014-02-18 09:27:19 -05:00
Simon Peeters
9f137db070 build-sys: fix for "recipe for target 'dbus1-generator-install-hook' failed" 2014-02-14 01:52:40 +01:00
Lennart Poettering
24fb111207 nspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in containers
The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.
2014-02-13 20:30:02 +01:00
Lennart Poettering
7e2270246b nspawn: check with udev before we take possession of an interface 2014-02-13 14:38:02 +01:00
Lennart Poettering
57183d117a core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls

Also, turn system call filter bus properties into complex types instead
of concatenated strings.
2014-02-13 00:24:00 +01:00
Ronny Chevalier
c0467cf387 syscallfilter: port to libseccomp 2014-02-12 18:30:36 +01:00
Zbigniew Jędrzejewski-Szmek
feef0842cf build-sys: add less-variables.xml to EXTRA_DIST 2014-02-12 03:01:59 -05:00
Zbigniew Jędrzejewski-Szmek
21ac6ff143 man: use xinclude to de-deduplicate common text
I only tested with python-lxml. I'm not sure if xml.etree should be
deprecated.
2014-02-12 01:10:31 -05:00
Tom Gundersen
cf597f650a sd-dhcp: split out packet handling from client 2014-02-11 16:24:23 +01:00
Karel Zak
3c3e5f4276 build-sys: move python helpers to tools directory
Note that make-man-rules.py is missing in EXTRA_DIST=, this patch
fixes this mistake too.
2014-02-10 13:02:34 +01:00
Karel Zak
bfb35cfda1 build-sys: add check-includes build target and script 2014-02-10 13:00:19 +01:00
Tom Gundersen
a6cc569e33 sd-dhcp-client: split sd_dhcp_lease from sd_dhcp_client
This allows us users of the library to keep copies of old leases. This is
used by networkd to know what addresses to drop (if any) when the lease
expires.

In the future this may be used by DNAv4 and sd-dhcp-server.
2014-02-07 15:48:35 +01:00
Tom Gundersen
e59749b1f8 build-sys: move -lresolv out of CFLAGS
Thomas H.P. Andersen <phomes@gmail.com> wrote:
> Does -lresolv belong in libsystemd_la_CFLAGS? I would have thought
> that it should be in LIBADD for the lib and LDADD for the test.
2014-02-03 15:25:45 +01:00
Zbigniew Jędrzejewski-Szmek
3320e22a5d build-sys: disable lto also for libsystemd-id128
Another instance of https://sourceware.org/bugzilla/show_bug.cgi?id=16504.
2014-01-28 10:40:41 -05:00
Zbigniew Jędrzejewski-Szmek
65b3903ff5 journal: guarantee async-signal-safety in sd_journald_sendv
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.

Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.

Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.

https://bugzilla.gnome.org/show_bug.cgi?id=722889
2014-01-27 23:17:02 -05:00
Zbigniew Jędrzejewski-Szmek
9f70075586 build-sys: expose more phony targets 2014-01-26 11:44:09 -05:00
Elia Pinto
bd390ae7c7 build-sys: add a phony target for cppcheck
The cppcheck target was introduced by commit 16f4efb415
"build-sys: add cppcheck target". But it is preferable to use a make phony target
for it, as this patch does.

There are two general reasons to use a phony target: to avoid a
conflict with a file of the same name, and to improve performance. In
this case the first reason is obvious, and the second is that make
skips the implicit rule search for phony targets, since it knows that
phony targets do not name actual files that could be remade from other
files (as described in the "Gnu Make" Manual).
2014-01-26 11:44:09 -05:00
Zbigniew Jędrzejewski-Szmek
be12791331 build-sys: merge libsystemd-id128 into libsystemd 2014-01-25 18:10:08 -05:00
Zbigniew Jędrzejewski-Szmek
53e856e16a build-sys: create "compatibility libraries" section
Compat stuff is moved to src/compat-libs/.
Warnings are issued when programs are linked with the deprecated library.
2014-01-25 18:10:08 -05:00
Zbigniew Jędrzejewski-Szmek
242465b5bf build-sys: disable lto for compatibility libraries
https://sourceware.org/bugzilla/show_bug.cgi?id=16504
2014-01-25 18:10:08 -05:00
Zbigniew Jędrzejewski-Szmek
0bba8d6eb7 build-sys: merge libsystemd-login into libsystemd
A compatibility libsystemd-login library is created which uses
.symver and ifunc magic proposed by Lennart to make programs linked
to the old library name continue to work seamlessly.

Unfortunately the bfd linker crashes:
  https://sourceware.org/bugzilla/show_bug.cgi?id=16467
This will be fixed in binutils 2.25.

As a work-around, gold can be used:
  LDFLAGS=-Wl,-fuse-ld=gold

Unfortunately the switch to pick the linker appeared in gcc 4.8.

This also doesn't work with LLVM:
  http://llvm.org/bugs/show_bug.cgi?id=11897
2014-01-25 18:10:08 -05:00
Tom Gundersen
52433f6b65 networkd: add basic bonding support
Refactor bridging support to be generic netdev support and extend it to
cover bonding as well.
2014-01-22 17:56:49 +01:00
Tom Gundersen
607553f930 libsystemd: split up into subdirs
We still only produce on .so, but let's keep the sources separate to make things a bit
less messy.
2014-01-21 14:41:35 +01:00
Tom Gundersen
c61be55d23 libsystemd-dhcp: revert merge into libsystemd
Unlike the other merged libs, the rest of libsystemd will never depend on
sd-dhcp-client, so there is no reason not to keep it separate.
2014-01-21 00:04:53 +01:00
Umut Tezduyar Lindskog
fece63b86e build: Skip .busname generator when kdbus is off 2014-01-17 19:17:38 +01:00
Tom Gundersen
b4b5212d31 libsystemd: rename LIBSYSTEMD_BUS to LIBSYSTEMD 2014-01-17 13:53:05 +01:00
Zbigniew Jędrzejewski-Szmek
235ee2134f build-sys: increase valgrind stack limit so all tests pass again 2014-01-16 00:16:02 -05:00
Zbigniew Jędrzejewski-Szmek
b7fc42e03a bus: break reference cycle between bus and messages
Previously (6ee4f99 bus: break reference cycle between bus and
messages) I committed the test code, but not the actual fix :)
2014-01-16 00:16:02 -05:00
Tom Gundersen
3bedba4ae1 sd-resolv: rename to sd-resolve
Lennart pointed out that we were misspelling 'resolve'. Let's not repeat the mistakes of 'umount'
and 'resolv.conf'.
2014-01-14 18:25:16 +01:00
Tom Gundersen
5681d7fb8b libsystemd-dns: merge into libsystemd
Also rename sd-dns -> sd-resolv.
2014-01-13 21:06:13 +01:00
Tom Gundersen
0b54473e9b libsystemd-rtnl: merge into libsystemd 2014-01-13 21:06:13 +01:00
Tom Gundersen
c813ca40c8 libsystemd-dhcp: merge into libsystemd 2014-01-13 21:06:08 +01:00
Tom Gundersen
6bb648a16a libsystemd-bus: rename to libsystemd
Documentation was updated to refer to either 'libsystemd' or 'sd-bus' in place
of libsystemd-bus.
2014-01-13 18:54:19 +01:00
Tom Gundersen
3bef724f7e networkd: generate resolv.conf
This adds support to generate a basic resolv.conf in /run/systemd/network.
This file will not take any effect unless a symlink is created from
/etc/resolv.conf.

Nameservers received over DHCP takes precedence over statically configured ones.

Note: /etc/resolv.conf is severely limited, so in the future we will likely
rather provide a much more powerfull nss plugin (or something to that effect),
but this should allow current users to function without any loss of
functionality.
2014-01-12 15:37:21 +01:00
Dave Reisner
0d8efe3535 ycm: autocompose flags from the Makefile
This should hopefully be self-maintaining.
2014-01-11 13:35:43 -05:00
Daniel Buch
e963e3ada1 sd-dns: initial commit
Origin: <http://0pointer.de/lennart/projects/libasyncns/>

[tomegun: renamed some more files asyncns -> sd-dns and moved to libsystemd-bus as
requested by Lennart]
2014-01-11 15:03:25 +00:00
Zbigniew Jędrzejewski-Szmek
58742b06bd build-sys: fix distcheck 2014-01-08 22:34:59 -05:00
Kay Sievers
2b197ae21c dbus1-generator: install user version 2014-01-08 18:11:37 +08:00
Kay Sievers
8b255ecd99 pam_systemd: export DBUS_SESSION_BUS_ADDRESS 2014-01-08 18:11:37 +08:00
Kay Sievers
54142c6af1 bus-driverd: support user mode 2014-01-08 08:38:39 +08:00
Kay Sievers
7ca7b61f70 bus-proxyd: support --user bus address 2014-01-08 08:38:39 +08:00
Kay Sievers
fccd44ec3a core: --user -- add basic.target an sort against it like --system does 2014-01-07 01:35:25 +08:00
Zbigniew Jędrzejewski-Szmek
a0846368c8 build-sys: make valgrind-tests target output nicer 2014-01-02 19:45:47 -05:00
Tom Gundersen
f5be560181 networkd: add DHCPv4 support
This adds basic DHCPv4 support. Link-sense is enabled unconditionally,
but the plan is to make that configurable.

I tested this in a VM with lots of NICs and over wifi in the various
coffee shops I found this Christmas, but more testing would definitely
be appreciated.
2014-01-01 16:26:27 +01:00
Zbigniew Jędrzejewski-Szmek
9b55cd5665 build-sys: make test output a bit nicer 2013-12-31 13:00:57 -05:00
Zbigniew Jędrzejewski-Szmek
aa9ed65389 build-sys: make test-dhcp-* statically linked
This makes them behave like everything else following
48d7417d3 'build-sys: link most internal libraries statically'.
2013-12-31 13:00:57 -05:00
Zbigniew Jędrzejewski-Szmek
8f8770706e build-sys: fix systemd-stdio-bridge link to work with split /usr
shumski> there seems to be slight error in systemd git master Makefile.am
2013-12-30 12:11:13 -05:00
Lennart Poettering
08bcebf36e shared: add simplistic XML parser for usage in the D-Bus policy language compat parser 2013-12-28 03:04:29 +01:00
Zbigniew Jędrzejewski-Szmek
4acbce7979 build-sys: fix generation of user@.service 2013-12-27 12:12:41 -05:00
Lennart Poettering
43a99a7afe build-sys: minor fixes found with cppcheck 2013-12-25 19:00:38 +01:00
Zbigniew Jędrzejewski-Szmek
c4708f1323 tmpfiles: introduce the concept of unsafe operations
Various operations done by systemd-tmpfiles may only be safely done at
boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin).
Other operations may be done at any point in time (e.g. setting the
ownership on /{run,var}/log/journal). This distinction is largely
orthogonal to the type of operation.

A new switch --unsafe is added, and operations which should only be
executed during bootup are marked with an exclamation mark in the
configuration files. systemd-tmpfiles.service is modified to use this
switch, and guards are added so it is hard to re-start it by mistake.

If we install a new version of systemd, we actually want to enforce
some changes to tmpfiles configuration immediately. This should now be
possible to do safely, so distribution packages can be modified to
execute the "safe" subset at package installation time.

/run/nologin creation is split out into a separate service, to make it
easy to override.

https://bugzilla.redhat.com/show_bug.cgi?id=1043212
https://bugzilla.redhat.com/show_bug.cgi?id=1045849
2013-12-24 15:48:06 -05:00
Lennart Poettering
b67f541f13 bus: switch kdbus bloom filter over to SipHash (from MurmurHash3)
Let's try to standardize on a single non-cryptographic hash algorithm,
and for that SipHash appears to be the best answer.

With this change there are two other hash functions left in systemd: an
older version of MurmurHash embedded into libudev for the bloom filters
in udev messages (which is hard to update, given that the we probably
should stay compatible with older versions of the library). And lookup3
in the journal files (which we could replace for new files, but which is
probably not worth the work).
2013-12-23 04:20:55 +01:00
Kay Sievers
57d0e6b273 libudev: ship the original MurmurHash2.[ch] file 2013-12-23 02:55:06 +01:00