1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Commit Graph

360 Commits

Author SHA1 Message Date
Djalal Harouni
09d3020b0a seccomp: remove '@credentials' syscall set (#6958)
This removes the '@credentials' syscall set that was added in commit
v234-468-gcd0ddf6f75.

Most of these syscalls are so simple that we do not want to filter them.
They work on the current calling process, doing only read operations,
they do not have a deep kernel path.

The problem may only be in 'capget' syscall since it can query arbitrary
processes, and used to discover processes, however sending signal 0 to
arbitrary processes can be used to discover if a process exists or not.
It is unfortunate that Linux allows to query processes of different
users. Lets put it now in '@process' syscall set, and later we may add
it to a new '@basic-process' set that allows most basic process
operations.
2017-10-03 07:20:05 +02:00
Lennart Poettering
fccf5419e8 prepare NEWS for 235 2017-09-28 11:26:02 +02:00
Dimitri John Ledkov
22043e4317 networkd: change UseMTU default to true. (#6837)
Typically when DHCP server sets MTU it is a lower one. And a lower than usual
MTU is then thus required on said network to have operational networking. This
makes networkd's dhcp client to work in more similar way to other dhcp-clients
(e.g. isc-dhcp). In particular, in a cloud setting, without this default
instances have resulted in timing out talking to cloud metadata source and
failing to provision.

This does not change this default for the Annonymize code path.
2017-09-19 10:26:17 +02:00
Lucas Werkmeister
ef5a8cb1a7 analyze: add get-log-level, get-log-target verbs
They’re counterparts to the existing set-log-level and set-log-target
verbs, simply printing the current value to stdout. This makes it
slightly easier to temporarily change the log level and/or target and
then restore the old value(s).
2017-09-07 23:55:59 +02:00
Jörg Thalheim
6b3c9ead19 NEWS: fix typo in v235 (#6731) 2017-09-04 03:12:12 +09:00
Mike Gilbert
8f968c7321 Revert "README: document that gperf 3.1 is required for building now" (#6541)
This reverts commit 4f5e972279.

Building with gperf 3.0 works just fine; we had an autoconf check to
determine the correct data types, and this check was ported to meson.
2017-08-05 18:30:37 -04:00
Dimitri John Ledkov
582faeb461 modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)
This allows networkd to correctly manage bond0 using networkd, when requested
by the user.

Fixes #5971 #6184
2017-08-02 08:41:18 -04:00
Zbigniew Jędrzejewski-Szmek
7f7ab22892 NEWS: say that libidn2 is experimental (#6335)
Handling of "_" and some other details requires more thought:
https://gitlab.com/libidn/libidn2/issues/30

Let's switch the default back to libidn and add a note in NEWS.
2017-07-12 09:25:59 +02:00
Lennart Poettering
ac172e52d3 update NEWS file, let's try to release this tomorrow 2017-07-11 19:17:58 +02:00
Thomas H. P. Andersen
38d9338588 NEWS: typo fixes (#6276) 2017-07-03 17:35:05 -04:00
Lennart Poettering
184d2c1576 NEWS: tweak contributors list a bit
Let's add more .mailmap entries to clean up GitHub's mess.
2017-07-03 11:19:20 +02:00
Zbigniew Jędrzejewski-Szmek
9f09a95a7e NEWS: mention that logind is restartable 2017-06-30 13:36:42 -04:00
Zbigniew Jędrzejewski-Szmek
44abc32307 mailmap: some additions for recent commits 2017-06-30 13:23:32 -04:00
Lennart Poettering
4b4da299a6 start preparing NEWS file for 234 2017-06-27 23:06:55 +02:00
Yu Watanabe
9d8813b3b4 kernel-install: support the case /etc/machine-id is missing or empty (#5975)
Some .install plugins does not require that machine ID is set such as
20-grubby.install for Fedora and 50-depmod.install.
To support such plugins to run without valid machine-id, this commit
makes the following change:
* if /etc/machine-id is missing or empty, create temporary directory
  and set its path to BOOT_DIR_ABS,
* run the .install helpers with KERNEL_INSTALL_MACHINE_ID environment
  variable that'd be empty if /etc/machine-id is missing or empty.
This may be useful for installing kernel for e.g. stateless systems
which initialize machine-id while booting the systems.
2017-05-30 09:45:10 -04:00
Zbigniew Jędrzejewski-Szmek
5486a31d28 nss-resolve: drop the internal fallback to libnss_dns (#5945)
If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:

   hosts: resolve [!UNAVAIL=return] dns myhostname

Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.

Tested with
   hosts: resolve [!UNAVAIL=return] myhostname
and
   hosts: resolve [!UNAVAIL=return] dns myhostname

Fixes #5742.
2017-05-12 14:31:46 +02:00
Philip Withnall
46ae28d8c3 man: Fix reference to timer-sync.target instead of time-sync.target (#5764)
Also fix an erroneous reference to it in the NEWS file, for posterity.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2017-04-20 12:34:26 +02:00
Lennart Poettering
4f5e972279 README: document that gperf 3.1 is required for building now 2017-03-30 11:54:23 +02:00
Lucas Werkmeister
c1ec34d1db NEWS: fix word (#5514) 2017-03-01 19:08:32 -05:00
Lennart Poettering
d60c527009 NEWS: 'systemd' is always spelt with a lowercase 's' 2017-03-01 22:43:06 +01:00
Zbigniew Jędrzejewski-Szmek
4dfe64f856 NEWS: add note about 'make install-tests' (#5512) 2017-03-01 22:29:38 +01:00
Zbigniew Jędrzejewski-Szmek
23eb30b33e NEWS: reorder entries by subject, fix some typos and descriptions (#5511)
This doesn't add anything major, but moves some stuff around.
In particular changes which might require updates to the build
environment (new kernel requirements, cgroup stuff, dbus, etc)
are moved to the top, where it's most likely that people will
read them. In particular cgroup hierarchy changes are moved to the
top because they're most likely to be problematic.

Various items are grouped by subject where it's easy.

The description of list-jobs --after/--before was reversed.
2017-03-01 22:14:12 +01:00
Lennart Poettering
a2b53448e4 update NEWS for v233 (#5503) 2017-03-01 11:21:29 -05:00
Thomas H. P. Andersen
3b31c46634 NEWS: fix typo (#5453) 2017-02-25 09:19:26 -05:00
Lennart Poettering
05f426d2b8 NEWS: add a comment about udev's MemoryDenyWriteExecute= setting (#5414)
Apparently if people are adventurous enought to run Go programs in udev
rules they might run into problems with MemoryDenyWriteExecute=.

I am pretty sure the best way out is for the toolchain generating
programs incompatible with W^X to be fixed, but this still deserves
documentation.

This was forgotten for the 232 release, hence add it now, retroactively.

See: #5400
2017-02-21 19:36:12 -05:00
Lennart Poettering
85266f9bba NEWS: document ExecStartPost change in NEWS (#5415)
Follow up for #4843.

Taking @joukewitteveen's suggestion into account:
https://github.com/systemd/systemd/pull/4843#issuecomment-280306811
2017-02-21 15:00:09 -05:00
AsciiWolf
c6749ba52c NEWS, README: use www prefix in freedesktop.org URLs 2017-02-21 18:26:23 +01:00
Zbigniew Jędrzejewski-Szmek
2e98288b15 Merge pull request #5410 from AsciiWolf/https-urls
Use https:// in URLs when possible.
2017-02-21 11:27:10 -05:00
AsciiWolf
56cadcb6e3 NEWS: use https:// in URLs 2017-02-21 16:03:04 +01:00
Martin Pitt
baf327864a NEWS: fix typos, grammar, and small errors (#5407) 2017-02-21 09:41:44 -05:00
Lennart Poettering
d08ee7cbea start putting together a NEWS entry for 233 2017-02-21 13:59:23 +01:00
Lennart Poettering
631b676bb7 core: explicitly verify that BindsTo= deps are in order before dispatch start operation of a unit
Let's make sure we verify that all BindsTo= are in order before we actually go
and dispatch a start operation to a unit. Normally the job queue should already
have made sure all deps are in order, but this might not have been sufficient
in two cases: a) when the user changes deps during runtime and reloads the
daemon, and b) when the user placed BindsTo= dependencies without matching
After= dependencies, so that we don't actually wait for the bound to unit to be
up before upping also the binding unit.

See: #4725
2017-02-14 13:38:24 +01:00
Dmitry Rozhkov
fa8b449994 resolve: mention added mDNS support in NEWS
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
2017-01-19 11:51:21 +02:00
Zbigniew Jędrzejewski-Szmek
6b3d378331 Merge pull request #4879 from poettering/systemd 2017-01-14 21:29:27 -05:00
Mike Gilbert
fb7c4eff7b NEWS: describe DBus policy move (#4999)
Text as provided by zbyszek in 52b2f6b3.
2016-12-30 14:52:36 +01:00
Lennart Poettering
5cfc0a8461 build-sys: don't mke use of "sushell" automatically
"sushell" is a Fedora-specific concept, shipped as part of
"initscripts". We shouldn't actively search for it if we can avoid it.
Hence, lets now default to /bin/sh as debug shell on all systems, and
permit Fedora to override that for their RPMs via --with-debug-shell= at
configure time.
2016-12-20 20:23:40 +01:00
Jouke Witteveen
8e458bfe4e NEWS: mention more aggressive failing of notify services 2016-11-29 23:20:04 +01:00
Franck Bui
b0eb29449e core: add 'c' in confirmation_spawn to resume the boot process 2016-11-17 18:16:50 +01:00
Franck Bui
56fde33af1 core: add 'j' in confirmation_spawn to list the jobs that are in progress 2016-11-17 18:16:50 +01:00
Franck Bui
dd6f9ac0d0 core: add 'D' in confirmat spawn to show a full dump of the unit to spawn 2016-11-17 18:16:50 +01:00
Franck Bui
eedf223a30 core: add 'i' in confirm spawn to give a short summary of the unit to spawn 2016-11-17 18:16:50 +01:00
Franck Bui
d172b175f6 core: rework the confirmation spawn prompt
Previously it was "[Yes, Fail, Skip]" which is pretty misleading because it
suggests that the whole word needs to be entered instead of a single char.

Also this won't fit well when we'll extend the number of choices.

This patch addresses this by changing the choice hint with "[y, f, s – h for help]"
so it's now clear that a single letter has to be entered.

It also introduces a new choice 'h' which describes all possible choices since
a single letter can be not descriptive enough for new users.

It also allow to stick with the same hint string regardless of how
many choices we will support.
2016-11-17 18:16:50 +01:00
Franck Bui
2bcc330942 core: in confirm_spawn, the meaning of 'n' and 's' choices are confusing
Before this patch we had:

 - "no" which gives "failing execution" but the command is actually assumed as
   succeed.

 - "skip" which gives "skipping", but the command is assumed to have failed,
   which ends up with "Failed to start ..." on the console.

Now we have:

 - "fail" which gives "failing execution" and the command is indeed assumed as
   failed.

 - "skip" which gives "skipping execution" and the command is assumed as
   succeed.
2016-11-17 18:16:49 +01:00
Lennart Poettering
54b24597b8 final NEWS update for 232 (#4558)
let's get this out today!
2016-11-03 08:56:26 -06:00
Lennart Poettering
b4eed568b9 add two additional entries to NEWS 2016-11-02 16:02:12 -06:00
Lennart Poettering
07393b6ea9 NEWS: add contributor list to news file
Unfortunately, github drops the original commiter when a PR is "squashed" (even
if it is only a single commit) and replaces it with some rubbish
github-specific user id. Thus, to make the contributors list somewhat useful,
update the .mailmap file and undo all the weirdness github applied there.
2016-11-02 15:52:57 -06:00
Lennart Poettering
4c37970d77 update NEWS file a bit more 2016-10-25 12:19:13 +02:00
Lennart Poettering
171ae2cd86 Various additions to NEWS 2016-10-24 17:41:52 +02:00
Jakub Wilk
ce830873f0 NEWS: fix typos 2016-10-22 13:18:17 +02:00
Djalal Harouni
e49e2c25f3 NEWS: option is ProtectKernelTunables not ProtectedKernelTunables (#4451) 2016-10-21 18:43:36 -04:00