1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Commit Graph

10345 Commits

Author SHA1 Message Date
Lennart Poettering
b12afc8c5c nspawn: mount most of the cgroup tree read-only in nspawn containers except for the container's own subtree in the name=systemd hierarchy
More specifically mount all other hierarchies in their entirety and the
name=systemd above the container's subtree read-only.
2015-01-05 01:40:51 +01:00
Lennart Poettering
714e2e1d56 cgroup: downgrade log messages when we cannot write to cgroup trees that are mounted read-only 2015-01-05 01:40:51 +01:00
Thomas Hindoe Paaboel Andersen
9a14fb6285 machinectl: Check type instead of path before printing the type
Looks like a typo when introduced in fefdc04b38
2015-01-02 21:38:22 +01:00
Zbigniew Jędrzejewski-Szmek
e86b3761c4 mount: do not use -n when running in --user mode
-n is only allowed for root. /etc/mtab is nowadays almost always a link to /proc/,
so in practice this does not really matter too much, but should allow .mount units
to work in --user mode.

https://bugs.freedesktop.org/show_bug.cgi?id=87602
2015-01-01 14:39:21 -05:00
Topi Miettinen
e65476622d Type of mount(2) flags is unsigned long 2015-01-01 14:39:17 -05:00
Robert Milasan
257e968d8c udev: improve help/usage for some more programs 2015-01-01 14:38:21 -05:00
Zbigniew Jędrzejewski-Szmek
ba52f15a58 networkctl: avoid potential use of unitialized variables
Those values are based on a file we read from disk, so we should
verify everything we receive, and make sure everything we print
is sensible.

Also, print fractional seconds for TTL.
2015-01-01 13:36:44 -05:00
Zbigniew Jędrzejewski-Szmek
1bf7dd6e7d networkctl: remove unused variable 2015-01-01 13:36:43 -05:00
Zbigniew Jędrzejewski-Szmek
ef75325319 network: fix scanf/printf format
usec_t is defined as 64 bit wide, but long is 32 bit on many archs.
2015-01-01 13:36:43 -05:00
Zbigniew Jędrzejewski-Szmek
e65ef51dee missing: add __NR_renameat2 2015-01-01 13:36:43 -05:00
Zbigniew Jędrzejewski-Szmek
2e219e5672 Remove "to allow" from policy messages
It carries no additional information and forces a passive sentence
structure which is longer and harder to parse.
2015-01-01 09:45:04 -05:00
Piotr Drąg
a4a57bb6ce machined: fix grammar in org.freedesktop.machine1.policy.in
[zj: change "in into" to "into".]

https://bugs.freedesktop.org/show_bug.cgi?id=87722
2015-01-01 09:45:04 -05:00
David Herrmann
ee14ebf211 lldp: fix sd_lldp_save()
Fix a bunch of needless memzero() calls, a bunch of use-after-free
regarding _cleanup_free_ and drop unused variables.

Hint: Do NOT use _cleanup_free_ for temporary strappend() helpers that are
freed multiple times. All you safe is the last free() call, which is
really not worth the trouble resetting it to NULL all the time.
2014-12-31 16:28:48 +01:00
David Herrmann
7d4866548d lldp: fix uninitialized cleanup var #2
Another uninitialized variable marked as _cleanup_. Set it to NULL to
avoid accessing uninitialized memory.
2014-12-31 16:07:17 +01:00
David Herrmann
e7a2419a2a lldp: fix uninitialized cleanup var
Make sure to set _cleanup_ variables to NULL. Otherwise, we free
uninitialized objects.
2014-12-31 16:04:55 +01:00
David Herrmann
c5285fbfce import: fix mem-leak in CurlGlue
Make sure to actually free the underlying object in CurlGlue unref.
2014-12-31 16:01:37 +01:00
David Herrmann
580e55da11 lldp: fix double free
'k' is marked as _cleanup_free_ so reset it to NULL if we free it
explicitly.
2014-12-31 15:58:27 +01:00
David Herrmann
fbee1d8587 networkctl: fix strappend() error checking
Make sure to test the right variable for NULL.
2014-12-31 15:56:11 +01:00
David Herrmann
889cec8d58 network: add malloc-assertion in test
Make sure malloc() really returns non-NULL in lldp test.
2014-12-31 15:55:10 +01:00
David Herrmann
06a079055a machinectl: remove dead code
'r' is not touched after the previous error-checking 100 lines above. Drop
that code.
2014-12-31 15:52:23 +01:00
David Herrmann
a38f05b7f7 Revert commit f131770b "tree-wide: spelling fixes"
This partially reverts:

    commit f131770b14
    Author: Veres Lajos <vlajos@gmail.com>
    Date:   Mon Dec 29 09:45:58 2014 +0000

        tree-wide: spelling fixes

The commit in question changed a binary file. I didn't look at the diff in
particular, so I have no idea what exactly was changed. However, the file
is generated and it looked highly suspiciuous. Therefore, I reverted that
part.

Note that this is generated by "make update-unifont" so really no reason
to touch at all.
2014-12-31 13:34:21 +01:00
Veres Lajos
f131770b14 tree-wide: spelling fixes
https://github.com/vlajos/misspell_fixer

b6fdeb618c
Thanks to Torstein Husebo <torstein@huseboe.net>.
2014-12-30 20:07:04 -05:00
Robert Milasan
fd51179d5c accelerometer: display short options too 2014-12-30 19:12:50 -05:00
Zbigniew Jędrzejewski-Szmek
a39b4bdd10 systemctl: do not repeat hibernate/sleep attempts
If some sleep operation was not possible (e.g. because swap is missing),
we would try twice: once through logind, which would result in a clean error:
  Failed to execute operation: Sleep verb not supported
and then second time by starting the appropriate unit directly, which is
more messy. If logind tells us that something is not possible (or already
in progress), report that to the user and quit. If logind is present and working
we should not try to work around it.

Loosely based on https://bugs.freedesktop.org/show_bug.cgi?id=87832.
2014-12-30 18:39:52 -05:00
Zbigniew Jędrzejewski-Szmek
caffa4ef70 bus: replace ENOSYS return codes with EBADR/ENOTSUP
ENOSYS is used to signify compiled-out functionality. Using it for
different kinds of error is misleading.

For BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, logind-action.c uses ENOTSUP
already, so changing it to ENOTSUP makes the dbus and action paths
behave the same.
2014-12-30 18:39:52 -05:00
Robert Milasan
7fcf5779b4 accelerometer: drop unused -x option 2014-12-30 22:05:39 +01:00
David Herrmann
d95eb43e90 bus: add sd_bus_emit_object_{added/removed}()
This implements two new helpers, discussed on systemd-devel about 1 year
ago:
    sd_bus_emit_object_added()
    sd_bus_emit_object_removed()

Both calls are equivalent to their respective counterpart
sd_bus_emit_interfaces_{added/removed}(), but can figure out the list of
interfaces themselves, instead of requiring the caller to provide them.
Furthermore, both calls properly deal with builtin interfaces provided via
org.freedesktop.DBus.* and alike.

Both calls simply traverse a node and all its parent nodes to figure out a
list of all interfaces registered as vtable or fallback. It then appends
each of them, similar to the interfaces_{added/removed}() helpers.

Note that interfaces_{added/removed}() runs a parent traversal for *each*
passed interface. Therefore, it can simply bail out, once it found a
parent node that implements a given interface.
With object_{added/removed}() we cannot know the registered interfaces in
advance, thus, we cannot run one traversal per node. Instead, we run a
single traversal and remember all interfaces that we added. Therefore, a
child-interface overrides all conflicting parent-interfaces. We keep a
"Set *s" context to track those while climbing up the tree.
2014-12-30 11:37:35 +01:00
David Herrmann
7d9fcc2bf6 bus: fix capabilities on big-endian
The kernel provides capabilities as a u32 array, sd-bus uses an u8 array.
This works fine on little-endian as both are encoded the same way.
However, this fails on big-endian if we do not perform sufficient
byte-swapping on each u32 entry.

This patch makes sd-bus use u32, too. We avoid changing any kernel
provided data so we can keep pointing into kdbus pool buffers which
contain u32 arrays.
2014-12-30 09:09:41 +01:00
David Herrmann
34a5d5e526 bus: drop creds->capability_size
The number of available caps can be read from
/proc/sys/kernel/cap_last_cap during runtime. Our helper cap_last_cap()
does that, so there's no reason to remember the size of any capability
cache. We can just pre-allocate arrays with a suitable size for all
available caps and reject any higher caps.

The kernel capability API uses u32 as base so make sure we do the same.
Note that this is specified by POSIX, so it's unlikely to change.
2014-12-30 08:42:53 +01:00
David Herrmann
180a60bc87 macro: add DIV_ROUND_UP()
This macro calculates A / B but rounds up instead of down. We explicitly
do *NOT* use:
        (A + B - 1) / A
as it suffers from an integer overflow, even though the passed values are
properly tested against overflow. Our test-cases show this behavior.

Instead, we use:
        A / B + !!(A % B)

Note that on "Real CPUs" this does *NOT* result in two divisions. Instead,
instructions like idivl@x86 provide both, the quotient and the remainder.
Therefore, both algorithms should perform equally well (I didn't verify
this, though).
2014-12-30 01:39:01 +01:00
Lennart Poettering
c00a4c8f55 Revert "machined: don't force terminate registered machines"
This reverts commit 206e7a5f7b.

We actually want to allow shutting down containers that use
RegisterMachine() rather than CreateMachine() to register their own
unit. It should be safe to do so, since the primary usecase for
RegisterMachine() are container managers that run only a single
container within their own unit, such as systemd-nspawn.
2014-12-29 20:13:58 +01:00
Lennart Poettering
e5f5b5b9c9 machined: ignore spurious error 2014-12-29 19:08:50 +01:00
Lennart Poettering
814a3fdfdc nspawn: report back to systemd only very late whether we are OK
That way, systemd can actually figure out if everything is OK with
nspawn.
2014-12-29 17:54:33 +01:00
Lennart Poettering
d8f52ed25a machinectl: add "enable" and "disable" verbs for enabling/disabling systemd-nspawn for containers
This is basically just a shortcut for "systemctl enable
systemd-nspawn@<foobar>.service", but does escaping.
2014-12-29 17:00:05 +01:00
Lennart Poettering
ebd011d95b machinectl: add new "start" verb to start a container as a service in nspawn 2014-12-29 17:00:05 +01:00
David Herrmann
679bda6a73 bus-proxy: fix sd_bus_reply_*() usage
We *must* not use sd_bus_reply_*() as it does not set the sender field
correctly. Use the synthetic_reply_*() helpers instead!
2014-12-29 15:43:57 +01:00
David Herrmann
80b4378314 capability: use /proc/sys/kernel/cap_last_cap
This file was introduced with linux-3.2, use it instead of probing for it
via prctl(PR_CAPBSET_READ).

For now, keep the old code for backwards compat. We can drop it once 3.2
is our lowest requirement.

The test-cap-list code is extended to verify cap_last_cap() is the same as
we'd get via prctl probing and /proc.
2014-12-29 14:05:38 +01:00
Tom Gundersen
2f0af4e120 core: loopback - correctly fail the loopback_check if somehow the rtnl calls fail 2014-12-29 13:07:03 +01:00
David Herrmann
315a73d97f bus: fix typo
Drop spurious 'we'.
2014-12-29 12:55:28 +01:00
Tom Gundersen
09773ef446 rtnl: recv_message - don't enforce sender uid
All we care about is that the kernel (pid==0) sent the message. Verifying the sender uid
seems to break when using userns.

Reported by Stéphane Graber.
2014-12-29 02:20:04 +01:00
Tom Gundersen
2da780b976 test: loopback - parse logging env var 2014-12-29 01:59:49 +01:00
Tom Gundersen
b551ddd380 sd-rtnl: rtnl_call - don't dispatch wqueue after timeout has passed
Only a minor change as the timeout would be hit soon thereafetr at the next loop.
2014-12-29 01:59:49 +01:00
Tom Gundersen
f55dc7c96e sd-rtnl: rtnl_poll - fix typo
This caused rtnl_poll to always return true immediately in sd_rtnl_call().
2014-12-29 01:59:49 +01:00
Tom Gundersen
c7460cce79 sd-rtnl: recv_message - drop message when peeking fails
Read the message form the socket or we will loop trying to read the
same message repeatedly.
2014-12-29 01:59:49 +01:00
Tom Gundersen
0b2bbbdf2f sd-rtnl: recv_message - don't fail on interrupt
We should just try again instead.
2014-12-29 01:59:49 +01:00
Tom Gundersen
2263bb9a92 sd-rtnl: recv_message - log when dropping message
We drop messages received from the wrong uid/pid, log this at debug level.
2014-12-29 00:19:36 +01:00
Tom Gundersen
e95e909d82 core: loopback - simplify check_loopback()
We no longer configure the addresses on the loopback interface, but simply bring it up
and let the kernel do the rest. Also change the check to only check if the interface
is up, rather than checking for the IPv4 loopback address.
2014-12-28 15:58:27 +01:00
Sylvain Plantefève
94b5088c8d machined: Fix MarkReadOnly method's name on bus 2014-12-28 13:05:08 +01:00
Sylvain Plantefève
1517ab5d18 libsystemd: Fix minor typo in comment 2014-12-28 13:04:46 +01:00
Lennart Poettering
1ddb263d21 machined: don't look for images on each property get, but cache the image object inbetween 2014-12-28 02:44:37 +01:00
Lennart Poettering
f02ca52281 util: treat -1 as special size in format_bytes() 2014-12-28 02:08:40 +01:00
Lennart Poettering
b6b1849830 machined: add support for reporting image size via btrfs quota 2014-12-28 02:08:40 +01:00
Lennart Poettering
d7b8eec7dc tmpfiles: add new line type 'v' for creating btrfs subvolumes 2014-12-28 02:08:40 +01:00
Lennart Poettering
ebd93cb684 machinectl/machined: implement "rename", "clone", "read-only" verbs for machine images 2014-12-28 02:08:40 +01:00
Lennart Poettering
086821244b machined: add "machinectl remove" for removing images 2014-12-28 02:08:40 +01:00
Lennart Poettering
1b9cebf638 nspawn: use the same image discovery logic in nspawn as in machined 2014-12-28 02:08:40 +01:00
Lennart Poettering
003dffde2c machined: Move image discovery logic into src/shared, so that we can make use of it from nspawn 2014-12-28 02:08:40 +01:00
Stéphane Graber
58a489c2b3 Fix check_loopback()
Add missing htonl() so that check_loopback() actually tests for 127.0.0.1
instead of 1.0.0.127 on little-endian machines.
2014-12-27 19:17:39 +01:00
Lennart Poettering
01c51934cb loginctl: reindent --help text 2014-12-26 20:12:40 +01:00
Lennart Poettering
2520f939ba loginctl: add more --help sections 2014-12-26 20:12:40 +01:00
Lennart Poettering
fefdc04b38 machinectl: add status commands 2014-12-26 20:12:40 +01:00
Lennart Poettering
27c88c4e23 machined: fix search patch magic for '.host' image 2014-12-26 20:05:11 +01:00
Lennart Poettering
08ff5529df machined: make image read-only check indepenednt on own privs 2014-12-26 19:36:25 +01:00
Lennart Poettering
8937e7b689 machinectl: mark read-only images when listing in red 2014-12-26 19:33:15 +01:00
Lennart Poettering
087682d103 import: make image root directory configurable, instead of hardcoding /var/lib/container 2014-12-26 19:33:15 +01:00
Lennart Poettering
5fc7f35842 machined: when discovering images, implicitly add ".host" as pseudo image referring to the host's own directory tree 2014-12-26 19:33:15 +01:00
Lennart Poettering
a67a4c8cb7 machined: fix image search path iteration 2014-12-26 19:33:15 +01:00
Lennart Poettering
42c6f2c9b2 machined: let's also check machine directories in /usr and /usr/local 2014-12-26 19:33:15 +01:00
Lennart Poettering
f0be89eee9 import: properly remove pre-existing images if --force is used 2014-12-26 19:33:15 +01:00
Lennart Poettering
8620a9a323 import: beef up gpt importer to optionally make writable copy of read-only vendor image 2014-12-26 19:21:58 +01:00
Lennart Poettering
e9d7333468 import: minor improvements to dkr importer 2014-12-26 19:21:58 +01:00
Lennart Poettering
2c39ea529b util: always override crtime xattr 2014-12-26 19:21:58 +01:00
Lennart Poettering
6389e747d5 machinectl: left-align times 2014-12-26 19:21:58 +01:00
Lennart Poettering
e6bd041c97 copy: try top copy atime/time/xattrs when copying files 2014-12-26 19:21:58 +01:00
Lennart Poettering
c75f27ea2b test: improve btrfs test case 2014-12-26 19:21:58 +01:00
Lennart Poettering
86e339c884 machined: be more thorough when checking whether an image is writable or not 2014-12-26 19:21:58 +01:00
Zbigniew Jędrzejewski-Szmek
92ee6447b1 journald: always allocate space for object fields
If OBJECT_PID= came as the last field, we would not reallocate the iovec to bigger size,
and fail the assertion later on in dispatch_message_real().
2014-12-26 09:02:27 -05:00
Zbigniew Jędrzejewski-Szmek
12a717f834 journald: fix off by one in native transport
https://bugzilla.redhat.com/show_bug.cgi?id=1177184
2014-12-26 09:02:27 -05:00
Filipe Brandenburger
0289a5bcb5 test: wait for cloned thread to exit
In test_raw_clone, make sure the cloned thread calls _exit() and in the parent
thread call waitpid(..., __WCLONE) to wait for the child thread to terminate,
otherwise there is a race condition where the child thread will log to the
console after the test process has already exited and the assertion from the
child thread might not be enforced.

The absence of this patch might also create problems for other tests that would
be added after this one, since potentially both parent and child would run
those tests as the child would continue running.

Tested by confirming that the logs from the child are printed before the test
terminates and that a false assertion in the child aborts the test with a core
dump.

[zj: also add check for the return value.]
2014-12-25 11:55:12 -05:00
Filipe Brandenburger
e50221bf1a test: only use assert_se in test_raw_clone
The asserts used in the tests should never be allowed to be optimized away.
2014-12-25 11:55:12 -05:00
Zbigniew Jędrzejewski-Szmek
aa1aad74e6 run: uninitialized variable 2014-12-25 10:57:37 -05:00
Zbigniew Jędrzejewski-Szmek
3dd0bbeb15 ata_id: remove temp variable to kill warning
src/udev/ata_id/ata_id.c:503:24: warning: assignment from incompatible pointer type
         identify_words = &identify.wyde;
                        ^
2014-12-25 10:57:37 -05:00
Zbigniew Jędrzejewski-Szmek
11c6f693e9 ata_id: modernize 2014-12-25 10:57:37 -05:00
Filipe Brandenburger
f2c0b4f1b1 pam_systemd: remove spurious include of <sys/capability.h>
It does not use any functions or constants from libcap directly.

Tested that "pam_systemd.la" builds cleanly and works after this change.
2014-12-25 10:57:29 -05:00
Filipe Brandenburger
88c4911768 timedated: remove spurious include of <sys/capability.h>
It does not use any functions from libcap directly. The CAP_SYS_TIME constant
in use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-timedated" builds cleanly and works after this change.
2014-12-25 10:57:16 -05:00
Filipe Brandenburger
8ea763865f localed: remove spurious include of <sys/capability.h>
It does not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-localed" builds cleanly and works after this change.
2014-12-25 10:57:08 -05:00
Filipe Brandenburger
946be29c98 bus: remove spurious include of <sys/capability.h>
They do not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by bus-objects.c comes from <linux/capability.h> imported through
"missing.h". The "missing.h" header is imported through "util.h" which gets
imported in "bus-util.h".

Tested that everything builds cleanly after this change.
2014-12-25 10:56:42 -05:00
Filipe Brandenburger
9bb0c7cfbb machined: remove spurious include of <sys/capability.h>
They do not use any functions from libcap directly. The CAP_KILL constant in
use by these files comes from <linux/capability.h> imported through
"missing.h".

Tested that "systemd-machined" builds cleanly and works after this change.
2014-12-25 10:56:34 -05:00
Filipe Brandenburger
ffbc903f03 hostnamed: remove spurious include of <sys/capability.h>
It does not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-hostnamed" builds cleanly and works after this change.
2014-12-25 10:56:27 -05:00
Filipe Brandenburger
2395eb17eb tmpfiles: remove spurious include of <sys/capability.h>
It does not use any functions from libcap directly. The CAP_MKNOD constant in
use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-tmpfiles" builds cleanly and works after this change.
2014-12-25 10:56:21 -05:00
Filipe Brandenburger
d920e59c7d logind: remove spurious include of <sys/capability.h>
They do not use any functions from libcap directly. The CAP_* constants in use
through these files come from "missing.h" which will import <linux/capability.h>
and complement it with CAP_* constants not defined by the current kernel
headers. The "missing.h" header is imported through "util.h" which gets
imported in "logind.h".

Tested that "systemd-logind" builds cleanly and works after this change.
2014-12-25 10:56:13 -05:00
Filipe Brandenburger
f01ae8260d nspawn: remove spurious include of <sys/capability.h>
It does not use any functions from libcap directly. The CAP_* constants in use
through this file come from "missing.h" which will import <linux/capability.h>
and complement it with CAP_* constants not defined by the current kernel
headers.

Add an explicit import of our "capability.h" since it does use the function
capability_bounding_set_drop from that header file. Previously, that header was
implicitly imported through through "cap-list.h".

Tested that "systemd-nspawn" builds cleanly and works after this change.
2014-12-25 10:55:42 -05:00
Cristian Rodríguez
fa66b606b1 timesync: remove square(), use pow instead
In any case, the compiler generates the same code inline and never
actually calls the library function.
2014-12-25 10:55:41 -05:00
Filipe Brandenburger
097df453da test: do not use last cap from kernel in test-cap-list
The new test-cap-list introduced in commit 2822da4fb7 uses the included
table of capabilities. However, it uses cap_last_cap() which probes the kernel
for the last available capability. On an older kernel (e.g. 3.10 from RHEL 7)
that causes the test to fail with the following message:

    Assertion '!capability_to_name(cap_last_cap()+1)' failed at src/test/test-cap-list.c:30, function main(). Aborting.

Fix it by exporting the size of the static table and using it in the test
instead of the dynamic one from the current kernel.

Tested by successfully running ./test-cap-list and the whole `make check` test
suite with this patch on a RHEL 7 host.
2014-12-25 10:55:41 -05:00
Shawn Paul Landden
6024a6e302 udev: fix another strict aliasing issue 2014-12-25 10:55:41 -05:00
Shawn Paul Landden
bf3dd6b1a7 libudev: fix strict aliasing violation 2014-12-25 10:55:41 -05:00
Lennart Poettering
10f9c75519 machined: beef up machined image listing with creation/modification times of subvolumes
We make use of the btrfs subvol crtime for this, and for gpt images of a
manually managed xattr, if we can.
2014-12-25 03:19:19 +01:00
Lennart Poettering
5fa89b2cb3 import: prefer usec_t over time_t 2014-12-25 03:14:09 +01:00
Lennart Poettering
901992209e import: add a new "pull-gpt" verb for downloading GPT disk images from the internet 2014-12-24 16:53:05 +01:00
Lennart Poettering
0c7bf33a98 import: three minor fixes 2014-12-24 16:53:05 +01:00
Lennart Poettering
a36544cd45 import: print friendly error messages on errors 2014-12-24 16:53:05 +01:00
Lennart Poettering
14ed8b9273 import: remember when we were finished importing 2014-12-24 16:53:05 +01:00
Lennart Poettering
ea1ae8c38e import: make the dkr import URL a part of the import object, not the import name object 2014-12-24 16:53:05 +01:00
Lennart Poettering
51929718dd machined: fix writability check for GPT images 2014-12-24 16:53:05 +01:00
Lennart Poettering
4a4d89b682 util: make creation time xattr logic more generic 2014-12-24 16:53:04 +01:00
Lennart Poettering
de33fc6257 sd-bus: rename sd_bus_open_system_container() to sd_bus_open_system_machine()
Pretty much everywhere else we use the generic term "machine" when
referring to containers in API, so let's do though in sd-bus too. In
particular, since the concept of a "container" exists in sd-bus too, but
as part of the marshalling system.
2014-12-24 16:53:04 +01:00
Shawn Paul Landden
0254e9448f util: fix strict aliasing violations in use of struct inotify_event v5
There is alot of cleanup that will have to happen to turn on
-fstrict-aliasing, but I think our code should be "correct" to the rule.
2014-12-24 16:53:04 +01:00
Lennart Poettering
4f44c03eaa busctl: when introspecting objects, optionally limit output by interface name 2014-12-23 22:44:32 +01:00
Lennart Poettering
d04c1fb8e2 machined: introduce polkit for OpenLogin() call
This way "machinectl login" can be opened up to run without privileges.
2014-12-23 21:28:48 +01:00
Lennart Poettering
18d7038163 bus: add missing bus-policy.[ch]
Accidentally forgot to commit this. Sorry!
2014-12-23 21:06:01 +01:00
Lennart Poettering
8b169c0fc2 build-sys: move core/build.h → shared/build.h
After all, pretty much all our tools include it, and it should hence be
shared.

Also move sysfs-show.h from core/ to login/, since it has no point to
exist in core.
2014-12-23 21:05:28 +01:00
Lennart Poettering
bf441e3d93 machinectl: rework 'machinectl login' to use OpenMachineLogin() 2014-12-23 19:15:27 +01:00
Lennart Poettering
5f8cc96a03 machined: add new call OpenMachineLogin() that starts a getty in a container on a pty and returns the pty master fd to the client
This is a one-stop solution for "machinectl login", and should simplify
getting logins in containers.
2014-12-23 19:15:27 +01:00
Lennart Poettering
ee502e0c28 sd-bus: teach x-container-unix: bus protoocol to connect to the namespace of a PID instead of a container name 2014-12-23 19:15:27 +01:00
Lennart Poettering
080bfdbb8e condition: don't include files from src/core 2014-12-23 19:15:27 +01:00
Lennart Poettering
6eeeb84c96 import: fix compiler warning 2014-12-23 19:15:27 +01:00
Lennart Poettering
039f0e70a0 env-util: don't include files from src/core/ 2014-12-23 19:15:27 +01:00
Lennart Poettering
3c70e3bb02 core: rearrange code so that libsystemd/sd-bus/ does not include header files from core
Stuff in src/shared or src/libsystemd should *never* include code from
src/core or any of the tools, so don't do that here either. It's not OK!
2014-12-23 19:15:27 +01:00
Daniel Mack
3e0a204897 bus-proxyd: ignore errors from sd_bus_creds_get_well_known_names()
sd_bus_creds_get_well_known_names() fails with -ENODATA in case the
message has no names attached, which is intended behavior if the
remote connection didn't own any names at the time of sending.

The function already deals with 'sender_names' being an empty strv,
so we can just continue in such cases.
2014-12-23 18:41:26 +01:00
Daniel Mack
259ac5cd7e bus-proxyd: handle -ESRCH and -ENXIO gracefully
Messages to destinations that are not currently owned by any bus connection
will cause kdbus related function to return with either -ENXIO or -ESRCH.

Such conditions should not make the proxyd terminate but send a sane
SD_BUS_ERROR_NAME_HAS_NO_OWNER error reply to the proxied connection.
2014-12-23 13:41:34 +01:00
Lennart Poettering
9d8c4979c0 util: add allocation loop to gettyname_malloc() 2014-12-23 03:26:24 +01:00
Lennart Poettering
611b312b7d nspawn,pty: port over to new ptsname_malloc() helper 2014-12-23 03:26:24 +01:00
Lennart Poettering
ee451d766a systemd-run: support -t mode when combined with -M
For that, ask machined for a container PTY and use that.
2014-12-23 03:26:24 +01:00
Lennart Poettering
40205d706e machined: add OpenMachinePTY() bus call for allocating a PTY device within a container
Then, port "machinectl" over to make use of it.
2014-12-23 03:26:24 +01:00
Lennart Poettering
095dc59660 systemd-run: add --quiet mode to suppress informational message on TTY usage 2014-12-23 03:26:24 +01:00
Lennart Poettering
c7b7d4493a machinectl,nspawn: don't print extra final newline if pty terminal output was newline-terinated anyway 2014-12-23 03:26:24 +01:00
Lennart Poettering
9b15b7846d run: add a new "-t" mode for invoking a binary on an allocated TTY 2014-12-23 03:26:24 +01:00
Lennart Poettering
91f4347ef7 import: rename 'poll-dck' to 'pull-dkr'
I figure "pull-dck" is not a good name, given that one could certainly
read the verb in a way that might be funny for 16year-olds. ;-)

Also, don't hardcode the index URL to use, make it runtime and configure
time configurable instead.
2014-12-23 03:25:36 +01:00
Tom Gundersen
9bae67d49b shared: json - support escaping utf16 surrogate pairs
We originally only supported escaping ucs2 encoded characters (as \uxxxx). This
only covers the BMP. Support escaping also utf16 surrogate pairs (on the form
\uxxxx\uyyyy) to cover all of unicode.
2014-12-22 20:27:20 +01:00
Tom Gundersen
04166cb7dd shared: utf8 - support decoding the full utf16
We originally only supported the BMP (i.e., we treated UTF-16 as UCS-2).
2014-12-22 20:26:53 +01:00
Tom Gundersen
2bb4c7e384 shared: utf8 - support ucs4 -> utf8
Originally we only supported ucs2, so move the ucs4 version from libsystemd-terminal to shared
and use that everywhere.
2014-12-22 20:26:53 +01:00
Daniel Mack
856d6e0988 sd-bus: ignore KDBUS_ITEM_TIMESTAMP in kernel messages
Kernel notifications carry a timestamp now, so make sure
bus_kernel_translate_message() doesn't complain when it stumbles across
them.
2014-12-22 19:59:53 +01:00
Daniel Mack
e24e415e5f busname: fix CMD_FREE ioctl
The KDBUS_CMD_FREE ioctl struct has a size field now, which needs to be set.
2014-12-22 16:51:15 +01:00
Dave Reisner
540d858183 verbs: fix typo in error message 2014-12-22 08:21:50 -05:00
Daniel Mack
6ad9bb71c2 sd-bus: sync kdbus.h (ABI break)
Sync kdbus.h with upstream changes:

  * Two optional cancellation points where added for synchronously
    blocking KDBUS_CMD_SEND commands: A sigmask to change the mask
    of accepted signals before the task is put to sleep, and a
    generic file descriptor that can be written to, in order to cancel
    the command. Both methods are currently unused.

  * The KDBUS_CMD_CANCEL ioctl was removed. sd-bus was never using
    that command, so there's no change needed.

  * Some kerneldoc fixes
2014-12-20 19:23:49 +01:00
Tom Gundersen
7a6f145746 sd-lldp: minor header cleanup
* (potentially) public headers must reside in src/systemd/ (not in
   src/libsystemd*)
 * some private (not prefixed with sd_) functions moved from sd-lldp.h to
   lldp-internal.h
 * introduce lldp-util.h for the cleanup macro, as these should not be public
 * rename the cleanup macro, we always name them _cleanup_foo_, never
   _cleanup_sd_foo_
 * mark some function arguments as 'const'
2014-12-19 22:42:03 +01:00
Lennart Poettering
ebeccf9eec machined: add a full bus object for images 2014-12-19 20:43:18 +01:00
Lennart Poettering
c2ce6a3d82 machined: add new GetImage() bus call for retrieving the bus path for an image 2014-12-19 20:07:23 +01:00
Lennart Poettering
821d4b6e06 sysv-generator: properly add Makefile symlink 2014-12-19 20:04:55 +01:00
Lennart Poettering
a34bf9db5d util: rename ignore_file() to hidden_file()
hidden_file() is a bit more precise, since dot files usually shouldn't
be ignored, but certainly be considered hidden.
2014-12-19 20:03:36 +01:00
Lennart Poettering
56159e0d91 machinectl: port machinectl to new verbs logic 2014-12-19 19:19:29 +01:00
Lennart Poettering
7eeeb28e45 import: Verb[] array can be static, too 2014-12-19 19:19:29 +01:00
Lennart Poettering
43343ee7c2 verbs: when invoking the default verb, pass a faked argv array, with just the verb in it
That way the dispatcher calls know how they got called.
2014-12-19 19:19:29 +01:00
Lennart Poettering
cd61c3bfd7 machined/machinectl: add logic to show list of available images
This adds a new bus call to machined that enumerates /var/lib/container
and returns all trees stored in it, distuingishing three types:

        - GPT disk images, which are files suffixed with ".gpt"
        - directory trees
        - btrfs subvolumes
2014-12-19 19:19:29 +01:00
Lennart Poettering
8eebf6ad55 util: when creating temporary filename for atomic creation of files, add an extra "#" to the name
That way, we have a simple, somewhat reliable way to detect such
temporary files, by simply checking if they start with ".#".
2014-12-19 19:19:29 +01:00
Michal Schmidt
668c965af4 journal: skipping of exhausted journal files is bad if direction changed
EOF is meaningless if the direction of iteration changes.
Move the EOF optimization under the direction check.

This fixes test-journal-interleaving for me.

Thanks to Filipe Brandenburger for telling me about the failure.
2014-12-19 17:14:11 +01:00
Michal Schmidt
b29ddfcb38 journal: make next_with_matches() always use f->current_offset
next_with_matches() is odd in that its "unit64_t *offset" parameter is
both input and output. In other it's purely for output.

The function is called from two places in next_beyond_location(). In
both of them "&cp" is used as the argument and in both cases cp is
guaranteed to equal f->current_offset.

Let's just have next_with_matches() ignore "*offset" on input and
operate with f->current_offset.

I did not investigate why it is, but it makes my usual benchmark run
reproducibly faster:

$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null

real    0m4.032s
user    0m3.896s
sys     0m0.135s

(Compare to preceding commit, where real was 4.4s.)
2014-12-19 16:15:21 +01:00
Michal Schmidt
487d37209b journal: fix skipping of duplicate entries in iteration
I accidentally broke the detection of duplicate entries in 7943f42275
"journal: optimize iteration by returning previously found candidate
entry".

When we have a known location of a candidate entry, we must not return
from next_beyond_location() immediately. We must go through the
duplicates detection to make sure the candidate differs from the
already iterated entry.

This fix slows down iteration a bit, but it's still faster than it
was before the rework.

$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null

real    0m4.448s
user    0m4.298s
sys     0m0.149s

(Compare with results from commit 7943f42275, where real was 5.3s before
the rework.)
2014-12-19 15:37:10 +01:00
Tom Gundersen
bfcdba8d56 networkd: link - plug leak 2014-12-19 08:34:04 +01:00
Tom Gundersen
19727828d2 networkctl: lldp - respect arg_legend 2014-12-19 08:33:46 +01:00
Susant Sahani
49699bac94 LLDP: Add support for networkctl 2014-12-19 08:15:05 +05:30
Susant Sahani
ce43e48446 networkd: integrate LLDP
This patch integrates LLDP with networkd.

Example conf:
file : lldp.network

[Match]
Name=em1

[Network]
LLDP=yes
2014-12-19 08:02:45 +05:30
Susant Sahani
ad1ad5c8e3 networkd: Introduce Link Layer Discovery Protocol (LLDP)
This patch introduces LLDP support to networkd. it implements the
receiver side of the protocol.

The Link Layer Discovery Protocol (LLDP) is an industry-standard,
vendor-neutral method to allow networked devices to advertise
capabilities, identity, and other information onto a LAN. The Layer 2
protocol, detailed in IEEE 802.1AB-2005.LLDP allows network devices
that operate at the lower layers of a protocol stack (such as
Layer 2 bridges and switches) to learn some of the capabilities
and characteristics of LAN devices available to higher
layer protocols.
2014-12-19 08:02:45 +05:30
Tom Gundersen
266b538958 networkctl: port to verbs helper 2014-12-19 03:16:45 +01:00
Tom Gundersen
caa8dab28f systemd-hwdb: port to new verbs helper 2014-12-19 03:02:55 +01:00
Tom Gundersen
eac8e8c6de import: dck - fix curl error handling 2014-12-19 03:00:56 +01:00
Lennart Poettering
72648326ea import: add new minimal tool "systemd-import" for pulling down foreign containers and install them locally
This adds a simply but powerful tool for downloading container images
from the most popular container solution used today. Use it like
this:

       # systemd-import pull-dck mattdm/fedora
       # systemd-nspawn -M fedora

This will donwload the layers for "mattdm/fedora", and make them
available locally as /var/lib/container/fedora.

The tool is pretty complete, as long as it's only about pulling down
images, or updating them. Pushing or searching is not supported yet.
2014-12-19 02:08:14 +01:00
Lennart Poettering
dca59f6266 util: add generalization of verb parsing for command line tools
We should move loginctl, timedatectl, machinectl over to use this new
API instead of a manual one.
2014-12-19 02:07:42 +01:00
Lennart Poettering
e02d225b1e util: make sure rm_rf() can be called on symlinks (with the effect of deleting it) 2014-12-19 02:07:42 +01:00
Lennart Poettering
e1dd6790e4 strv: ass new strv_is_uniq() and strv_reverse() calls 2014-12-19 02:07:42 +01:00
Lennart Poettering
24167f3db8 execute: the runtime directory can only be on tmpfs, hence don't use rm_rf_dangerous() needlessly 2014-12-19 02:07:42 +01:00
Lennart Poettering
b7d1319393 nss-myhostname: introduce is_gateway() similar to the existing is_hostname() 2014-12-19 02:07:42 +01:00
Zbigniew Jędrzejewski-Szmek
c853953658 load-fragment: allow quoting in command name and document allowed escapes
The handling of the command name and other arguments is unified. This
simplifies things and should make them more predictable for users.
Incidentally, this makes ExecStart handling match the .desktop file
specification, apart for the requirment for an absolute path.

https://bugs.freedesktop.org/show_bug.cgi?id=86171
2014-12-18 19:26:21 -05:00
Zbigniew Jędrzejewski-Szmek
ba774317ac Treat a trailing backslash as an error
Commit a2a5291b3f changed the parser to reject unfinished quoted
strings. Unfortunately it introduced an error where a trailing
backslash would case an infinite loop. Of course this must fixed, but
the question is what to to instead. Allowing trailing backslashes and
treating them as normal characters would be one option, but this seems
suboptimal. First, there would be inconsistency between handling of
quoting and of backslashes. Second, a trailing backslash is most
likely an error, at it seems better to point it out to the user than
to try to continue.

Updated rules:
ExecStart=/bin/echo \\ → OK, prints a backslash
ExecStart=/bin/echo \ → error
ExecStart=/bin/echo "x → error
ExecStart=/bin/echo "x"y → error
2014-12-18 19:26:21 -05:00
Zbigniew Jędrzejewski-Szmek
30bcc05295 test-strv: use STRV_MAKE 2014-12-18 19:26:21 -05:00
Zbigniew Jędrzejewski-Szmek
447021aafd tree-wide: make condition_free_list return NULL 2014-12-18 19:26:21 -05:00
Zbigniew Jędrzejewski-Szmek
f1acf85a36 core: make exec_command_free_list return NULL 2014-12-18 19:26:21 -05:00
Zbigniew Jędrzejewski-Szmek
dbf1f77bf7 test-cap-list: allow mismatch in case 2014-12-18 18:54:00 -05:00
Dave Reisner
e40872fc53 path-util: fix breakage in path_is_mount_point
This fixes 2 problems introduced by 6feeeab0bc:

1) If name_to_handle_at returns ENOSYS for the child, we'll wrongly
return -ENOSYS when it returns the same for the parent. Immediately
jump to the fallback logic when we get ENOSYS.

2) If name_to_handle_at returns EOPNOTSUPP for the child but suceeds
for the parent, we'll be comparing an uninitialized value (mount_id) to
an initialized value (mount_id_parent). Initialize the mount_id
variables to invalid mount_ids to avoid this.
2014-12-18 18:34:12 -05:00
Tom Gundersen
65eb4378c3 systemd-hwdb: introduce new tool
This pulls out the hwdb managment from udevadm into an independent tool.

The old code is left in place for backwards compatibility, and easy of
testing, but all documentation is dropped to encourage use of the new
tool instead.
2014-12-18 15:37:27 +01:00
Alin Rauta
b98b483bac networkd: add FDB support 2014-12-18 15:28:16 +01:00
Michal Schmidt
c2551e7105 journal: next_with_matches() now does not need a mapped object as input
Now that journal_file_next_entry() does not need a pointer to the
current object, next_with_matches() does not need it either.
2014-12-18 14:44:34 +01:00
Michal Schmidt
f534928ad7 journal: journal_file_next_entry() does not need pointer to current Object
The current offset is sufficient information.
2014-12-18 14:41:22 +01:00
Michal Schmidt
7943f42275 journal: optimize iteration by returning previously found candidate entry
In next_beyond_location() when the JournalFile's location type is
LOCATION_SEEK, it means there's nothing to do, because we already have
the location of the candidate entry. Do an early return. Note that now
next_beyond_location() does not anymore guarantee on return that the
entry is mapped, but previous patches made sure the caller does not
care.

This optimization is at least as good as "journal: optimize iteration:
skip files that cannot improve current candidate entry" was.

Timing results on my workstation, using:
$ time ./journalctl -q --since=2014-06-01 --until=2014-07-01 > /dev/null

Before "Revert "journal: optimize iteration: skip files that cannot
improve current candidate entry":

real    0m5.349s
user    0m5.166s
sys     0m0.181s

Now:

real    0m3.901s
user    0m3.724s
sys     0m0.176s
2014-12-18 14:35:30 +01:00
Michal Schmidt
6e693b42dc journal: optimize iteration by skipping exhausted files
If from a previous iteration we know we are at the end of a journal
file, don't bother looking into the file again. This is complicated by
the fact that the EOF does not have to be permanent (think of
"journalctl -f"). So we also check if the number of entries in the
journal file changed.

This optimization has a similar effect as "journal: optimize iteration:
skip whole files behind current location" had.
2014-12-18 14:29:46 +01:00
Michal Schmidt
58439db4cc journal: drop unnecessary parameters of next_beyond_location()
offset is redundant, because the caller can rely on f->current_offset.
The object pointer the function saves in *ret is thrown away by the caller.
2014-12-18 12:44:16 +01:00
Michal Schmidt
e499c9998b journal: remove redundant variable new_offset
The file's current_offset is already updated at this point, so let's use
it.
2014-12-18 12:28:24 +01:00
Michal Schmidt
d8ae66d7fa journal: compare candidate entries using JournalFiles' locations
When comparing the locations of candidate entries, we can rely on the
location information stored in struct JournalFile.
2014-12-18 12:26:00 +01:00
Michal Schmidt
1eb6332d55 journal: simplify set_location()
set_location() is called from real_journal_next() when a winning entry
has been picked from among the candidates in journal files.

The location type is always set to LOCATION_DISCRETE. No need to pass
it as a parameter.
The per-JournalFile location information is already updated at this
point. No need for having the direction and offset here.
2014-12-18 12:20:25 +01:00
Michal Schmidt
6573ef05a3 journal: keep per-JournalFile location info during iteration
In next_beyond_location() when we find a candidate entry in a journal
file, save its location information in struct JournalFile.

The purpose of remembering the locations of candidate entries is to be
able to save work in the next iteration. This patch does only the
remembering part.

LOCATION_SEEK means the location identifies a candidate entry.
When a winner is picked from among candidates, it becomes
LOCATION_DISCRETE.
LOCATION_TAIL here signifies we've iterated the file to the end (or the
beginning in the case of reversed direction).
2014-12-18 12:17:20 +01:00
Michal Schmidt
1fc605b0e1 journal: abstract the resetting of JournalFile's location 2014-12-18 11:56:19 +01:00
Michal Schmidt
99cc7653a8 journal: move definition of LocationType to journal-file.h
In preparation for individual JournalFiles maintaining a location
of their own.
2014-12-18 11:53:39 +01:00
Michal Schmidt
8a2bd0a365 Revert "journal: optimize iteration: skip whole files behind current location"
This reverts commit b7c88ab8cc.

This optimization will be made redundant by the following patches.
2014-12-18 11:53:39 +01:00
Michal Schmidt
0633cb5206 Revert "journal: optimize iteration: skip files that cannot improve current candidate entry"
This reverts commit f8b5a3b75f.

This optimization will be made redundant by the following patches.
2014-12-18 11:53:39 +01:00
Michal Schmidt
14499361a5 journal: delete unused function journal_file_skip_entry()
Its only caller is a test.
2014-12-18 11:53:08 +01:00
Michal Schmidt
ae2adbcd09 journal: delete unused function journal_file_move_to_entry_by_offset() 2014-12-18 11:47:13 +01:00
Zbigniew Jędrzejewski-Szmek
ee05e7795b core: use raw_clone instead of fork in signal handler
fork() is not async-signal-safe and calling it from the signal handler
could result in a deadlock when at_fork() handlers are called. Using
the raw clone() syscall sidesteps that problem.

The tricky part is that raise() does not work, since getpid() does not
work. Add raw_getpid() to get the real pid, and use kill() instead of
raise().

https://bugs.freedesktop.org/show_bug.cgi?id=86604
2014-12-18 00:52:41 -05:00
Zbigniew Jędrzejewski-Szmek
503dbda6d9 test-unit-file: add test for semicolon escaping
https://bugs.freedesktop.org/show_bug.cgi?id=87393
2014-12-18 00:52:41 -05:00
tomsod-m ya ru
3851c51ad1 load-fragment: properly unescape \;
https://bugs.freedesktop.org/show_bug.cgi?id=87393
2014-12-17 23:01:38 -05:00
Zbigniew Jędrzejewski-Szmek
6feeeab0bc path: make the check for unsupported name_to_handle_at symmetric
If child supports, but the parent does not, or when the child does
not support, but the parent does, assume the child is a mount point.

Only if neither supports use the fallback.
2014-12-17 21:08:16 -05:00
Umut Tezduyar Lindskog
b890bf6a81 path: follow symbolic link for parent path (2)
c0e57ba9e2 fixed the fallback path.
We should do the same for name_to_handle_at().
2014-12-17 21:08:16 -05:00
Lennart Poettering
f2cbe59e11 machinectl: add new commands for copying files from/to containers 2014-12-18 01:36:28 +01:00
Lennart Poettering
20b63d12b5 util: in make_stdio() use dup2() rather than dup3()
dup3() allows setting O_CLOEXEC which we are not interested in. However,
it also fails if called with the same fd as input and output, which is
something we don't want. Hence use dup2().

Also, we need to explicitly turn off O_CLOEXEC for the fds, in case the
input fd was O_CLOEXEC and < 3.
2014-12-18 01:36:28 +01:00
Lennart Poettering
785890acf6 machinectl: implement "bind" command to create additional bind mounts from host to container during runtime 2014-12-18 01:36:28 +01:00
Ken Werner
60e1651a31 nspawn: fix invocation of the raw clone() system call on s390 and cris
Since the order of the first and second arguments of the raw clone() system
call is reversed on s390 and cris it needs to be invoked differently.
2014-12-17 00:20:56 -05:00
Umut Tezduyar Lindskog
c0e57ba9e2 path: follow symbolic link for parent path
[zj: When we lstat the target path, symlinks above the last component
     will be followed by both stat and lstat. So when we look at the
     parent, we should follow symlinks.]
2014-12-16 21:19:19 -05:00
Tom Gundersen
dd9c7723fa shared: strv - add strv_clear()
This frees the elements of the strv without freeing the strv itself.
2014-12-17 01:09:16 +01:00
Tom Gundersen
3542eac7f9 shared: path-util - memory leak 2014-12-16 22:54:04 +01:00
Tom Gundersen
c487c9cec0 udev: net_setup - fix warning 2014-12-16 22:54:04 +01:00
Thomas Hindoe Paaboel Andersen
30c873fbfb test-json: use fabs 2014-12-16 20:38:03 +01:00
Susant Sahani
b0ceb53a7d fix compiler warning
src/shared/utf8.c:268:13: warning: unused variable 'd'
[-Wunused-variable]
         int d;
2014-12-16 00:30:34 -05:00
Jan Synacek
75836b9d20 systemctl: fix argument handling when invoked as "shutdown" 2014-12-16 00:30:34 -05:00
Harald Hoyer
df17ddee08 nss-myhostname: also recognize "gateway."
"gateway." skips adding the domain search path and saves some queries to
the nameserver.
2014-12-16 00:30:34 -05:00
Zbigniew Jędrzejewski-Szmek
bc854dc7cd systemctl: refuse to edit runtime dropins when they already exist in /etc
The check for existing unit files and dropins is unified.

path_join() is updated to not insert duplicate separators.
2014-12-16 00:30:34 -05:00
Zbigniew Jędrzejewski-Szmek
ad2a035820 systemctl: share path lookup between 'cat' and 'edit'
'systemctl cat' now works for templates too.

'systemctl edit' does not refuse to edit units that have changed on
disk. That restriction didn't seem useful, actually editing units that
have changed on disk before they are started is very reasonable.

'edit' with instances and templates works again:

Now:

$ build/systemctl edit getty@
Failed to copy /etc/systemd/system/getty@.service.d/override.conf to /etc/systemd/system/getty@.service.d/.override.confdff6290408c86369: Permission denied
$ build/systemctl edit getty@tty3
Failed to create directories for /etc/systemd/system/getty@tty3.service.d/override.conf: Permission denied
$ build/systemctl edit --full getty@tty3
Failed to copy /usr/lib/systemd/system/getty@.service to /etc/systemd/system/.getty@tty3.serviced3d175087e7e439b: Permission denied
Failed to create temporary file for /etc/systemd/system/getty@tty3.service: Permission denied
$ build/systemctl edit --full getty@
Failed to copy /usr/lib/systemd/system/getty@.service to /etc/systemd/system/.getty@.servicea3caad491c0f2f3d: Permission denied
Failed to create temporary file for /etc/systemd/system/getty@.service: Permission denied
2014-12-16 00:30:34 -05:00
Zbigniew Jędrzejewski-Szmek
8df1850740 systemctl: split out LookupPaths initialization 2014-12-16 00:30:34 -05:00
Zbigniew Jędrzejewski-Szmek
33f6c497f3 systemctl: move two functions up
No functional change.
2014-12-16 00:30:33 -05:00
Zbigniew Jędrzejewski-Szmek
3f36991e00 systemctl: unify warning about unit files changed on disk 2014-12-16 00:30:33 -05:00
Zbigniew Jędrzejewski-Szmek
5b013a2f67 systemctl: do not use -1 for return code
Also make the error messages more specific to give a hint to the user
how to solve the problem.
2014-12-16 00:30:33 -05:00
Zbigniew Jędrzejewski-Szmek
1a7f1b385c Move dropin listing to shared
No functional change. This is in preparation for using this in
systemctl in the future.
2014-12-16 00:30:33 -05:00
Lennart Poettering
e7eebcfc42 shared: add minimal JSON tokenizer 2014-12-15 22:27:15 +01:00
Tom Gundersen
c532d8a00c udev: builtin-hwdb - port to sd-hwdb 2014-12-15 20:40:09 +01:00
Tom Gundersen
d640c07d97 udevadm: port to sd-hwdb 2014-12-15 20:40:09 +01:00
Tom Gundersen
81fd1dd3a2 networkctl: port from libudev to sd-hwdb 2014-12-15 20:40:09 +01:00
Lennart Poettering
0faacd470d unit: handle nicely of certain unit types are not supported on specific systems
Containers do not really support .device, .automount or .swap units;
Systems compiled without support for swap do not support .swap units;
Systems without kdbus do not support .busname units.

With this change attempts to start a unsupported unit types will result
in an immediate "unsupported" job result, which is a lot more
descriptive then before. Also, attempts to start device units in
containers will now immediately fail instead of causing jobs to be
enqueued that never go away.
2014-12-15 19:02:17 +01:00
Tom Gundersen
17d1f37d0d networkd: failing to track links is a serious problem so log at warning level rather than debug 2014-12-15 17:57:51 +01:00
Martin Pitt
e17fb3c1dd shared: time-dst: Avoid buffer overflow
Commit 681f9718 introduced an additional null terminator for the zone names.
Increase the allocation of "transitions" to actually make room for this.
2014-12-15 13:50:11 +01:00
Gabriel de Perthuis
d47f6ca5f9 blkid: Warn when rejecting a superblock with a bad csum
Bump libblkid requirement from 2.20 to 2.24.
util-linux 2.25 is actually required since fdbbad981c
2014-12-14 12:54:17 -05:00
Ivan Shapovalov
9b6e0ce5ac delta: fix output alignment of [REDIRECTED] entries 2014-12-14 12:54:17 -05:00
Ronny Chevalier
e9e310f8e9 systemctl: handle correctly template units for edit verb
Previously, if we provided getty@.service to systemctl edit it would
have failed when using the bus because it is an invalid unit name.
But it would have succeeded when searching in the filesystem.

Now, we check if we have a template, if we do we search in the
filesystem, if we don't have a templae and we can use the bus, we do.

Furthermore, if we provided getty@tty1.service it would not have worked
when searching the filesystem, but it would have worked with the bus.
So now, when using the filesystem we use the template name and not the
unit name, and the same when logging errors.

(Also did a refactoring to avoid a long function)
2014-12-13 15:29:47 +01:00
Ronny Chevalier
fee0a92183 test-unit-name: add more tests
Add more test cases for:
- unit_name_is_instance
- unit_name_to_instance

Add tests for:
- unit_name_template
- unit_name_is_template
2014-12-13 15:12:38 +01:00
Michal Schmidt
69adae5168 journal: replace contexts hashmap with a plain array
try_context() is such a hot path that the hashmap lookup is expensive.

The number of contexts is small - it is the number of object types.
Using a hashmap is overkill. A plain array will do.

Before:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null

real    0m9.445s
user    0m9.228s
sys     0m0.213s

After:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real    0m5.438s
user    0m5.266s
sys     0m0.170s
2014-12-13 00:47:23 +01:00
Michal Schmidt
634ed0ee34 journal: delete unused function mmap_cache_close_context
This never had any callers. Contexts are freed when the MMapCache is
freed.
2014-12-13 00:47:23 +01:00
Michal Schmidt
7a9dabea7e journal: push type_to_context conversion down to journal_file_move_to() 2014-12-13 00:47:23 +01:00
Michal Schmidt
7851983162 journal: have a named enum ObjectType 2014-12-13 00:47:23 +01:00
Michal Schmidt
d05089d86e journal: consistently use OBJECT_<type> names instead of numbers
Note that numbers 0 and -1 are both replaced with OBJECT_UNUSED,
because they are treated the same everywhere (e.g. type_to_context()
translates them both to 0).
2014-12-13 00:47:23 +01:00
Michal Schmidt
2df65e7d96 journal: consistently allow type==0 to mean "any type"
If type==0 and a non-NULL object were given as arguments to
journal_file_hmac_put_object(), its object type check would fail and it
would return -EBADMSG.

All existing callers use either a positive type or -1. Still, for
behavior consistency with journal_file_move_to_object() let's allow
type 0 to pass.
2014-12-13 00:47:23 +01:00
Michal Schmidt
d3d3208f60 journal: move type_to_context() to journal-file.c
It has no other callers. It does not need to be in the header file.
2014-12-13 00:47:23 +01:00
Michal Schmidt
1b8951e5bd journal: remove journal_file_object_keep/release functions
The only user is sd_journal_enumerate_unique() and, as explained in
the previous commit (fed67c38e3 "journal: map objects to context set by
caller, not by actual object type"), the use of them there is now
superfluous. Let's remove them.

This reverts major parts of commits:
  ae97089d49 journal: fix access to munmapped memory in
             sd_journal_enumerate_unique
  06cc69d44c sd-journal: fix sd_journal_enumerate_unique skipping values

Tested with an "--enable-debug" build and "journalctl --list-boots".
It gives the expected number of results. Additionally, if I then revert
the previous commit ("journal: map objects to context set by caller, not
to actual object type"), it crashes with SIGSEGV, as expected.
2014-12-13 00:46:40 +01:00
Michal Schmidt
fed67c38e3 journal: map objects to context set by caller, not by actual object type
When the caller of journal_file_move_to_object() specifies type==0,
the object header is at first mapped in context 0. Then after the header
is checked, the whole object is mapped in a context determined by
the actual object type (which is not even range-checked using
type_to_context()). This looks wrong. It should map in the
caller-specified context.

An old comment in sd_journal_enumerate_unique() supports this view:
    /* We do not use the type context here, but 0 instead,
     * so that we can look at this data object at the same
     * time as one on another file */
Clearly the expectation was that the data object will remain mapped
in context 0 without being pushed away by mapping other objects in
context OBJECT_DATA.

I suspect that this was the real bug that got fixed by ae97089d49
"journal: fix access to munmapped memory in sd_journal_enumerate_unique".
In other words, journal_file_object_keep/release are superfluous after
applying this patch.
2014-12-13 00:46:16 +01:00
Michal Schmidt
fad5a6c66e journal: add debug mode for mmap-cache (--enable-debug=mmap-cache)
This is useful for exposing unsafe access to mmapped objects after
the context that they were mapped in was already moved.

For example:
journal_file_move_to_object(f1, OBJECT_DATA, p1, &o1);
journal_file_move_to_object(f2, OBJECT_DATA, p2, &o2);
t = o1->object.type; /* this usually works, but is unsafe */
2014-12-13 00:46:16 +01:00
Michal Schmidt
fc86aa0ed2 configure.ac: add a generic --enable-debug, replace --enable-hashmap-debug
There will be more debugging options later.
 --enable-debug will enable them all.
 --enable-debug=hashmap will enable only hashmap debugging.

Also rename the C #define to ENABLE_DEBUG_* pattern.
2014-12-13 00:46:16 +01:00
Michal Schmidt
90df619ef5 shared/hashmap.h: fix comment
An early version used underscore prefixes for internal functions, but
the current version uses the prefix "internal_".
2014-12-13 00:46:16 +01:00
Thomas Hindoe Paaboel Andersen
b7378b89d2 networkctl: remove unused variable 2014-12-12 21:57:44 +01:00
Thomas Hindoe Paaboel Andersen
abc08d4d08 wrap a few *_FOREACH macros in curly braces
cppcheck would give up with "syntax error" without them. This led
to reports of syntax errors in unrelated locations and potentially
hid other errors
2014-12-12 21:57:44 +01:00
Lennart Poettering
7d54a03a87 core: retry unmounting until we are done, in case of stacked mounts 2014-12-12 20:12:35 +01:00
Lennart Poettering
b1acce80cd networkctl: also draw a nice unicode cirlce when "networkctl status" is run without parameters 2014-12-12 19:11:35 +01:00
Lennart Poettering
1693a943ca networkctl: show interface names next to IP addresses if we dump adresses from all interfaces 2014-12-12 19:07:26 +01:00
Lennart Poettering
69fb1176c4 networkctl: also show gateway address when "networkctl status" without further arguments is passed 2014-12-12 18:57:15 +01:00
Lennart Poettering
888943fc62 networkctl: show MAC address OUI vendor next to MAC addresses 2014-12-12 18:56:35 +01:00
Lennart Poettering
4b7c1d5d6a test-cap-list: always check libcap comes to the same names as we do, for the names it knows 2014-12-12 18:42:19 +01:00
Lennart Poettering
34a3e4ecad cap-list: return lower-case capability names, similar to libcap's cap_to_name(), for compat reasons 2014-12-12 18:37:25 +01:00
Lennart Poettering
b9ba4dabba nspawn: when booting in ephemeral mode, append random token to machine name
Also, when booting up an ephemeral container of / use the system
hostname as default machine name.

This way specifiyng -M is unnecessary when booting up an ephemeral
container, while allowing any number of ephemeral containers to run from
the same tree.
2014-12-12 17:30:25 +01:00
Lennart Poettering
c4e34a612c nspawn: allow spawning ephemeral nspawn containers based on the root file system of the OS
This works now:

        # systemd-nspawn -xb -D / -M foobar

Which boots up an ephemeral container, based on the host's root file
system. Or in other words: you can now run the very same host OS you
booted your system with also in a container, on top of it, without
having it interfere. Great for testing whether the init system you are
hacking on still boots without reboot the system!
2014-12-12 17:30:25 +01:00
Lennart Poettering
df9a75e480 nspawn: don't link journals in ephemeral mode 2014-12-12 17:30:25 +01:00
Lennart Poettering
53e438e301 nspawn: properly unset arg_link_journal_try, when --link-journal= is specified 2014-12-12 17:30:25 +01:00
Lennart Poettering
7430ec6ac0 copy: use btrfs reflinking only whe we know we copy full files 2014-12-12 17:30:25 +01:00
David Herrmann
19ee32dc4d bus: send attach flags on BUS_MAKE
Make sure to set send-attach-flags on BUS_MAKE. These control which
information is revealed about the bus-owner.
2014-12-12 14:02:57 +01:00
David Herrmann
18ee085c15 bus: fix assert() on HELLO error-path
Make sure we don't call into any bus_kernel_*() functions before
b->is_kernel is set to true. Hard-code the CMD_FREE just like the other
helpers do.
2014-12-12 14:02:05 +01:00
Lennart Poettering
ec16945ebf nspawn: beef up nspawn with some btrfs magic
This adds --template= to duplicate an OS tree as btrfs snpashot and run
it

This also adds --ephemeral or -x to create a snapshot of an OS tree and
boot that, removing it after exit.
2014-12-12 13:35:32 +01:00
Lennart Poettering
0254b455e9 copy: teach copy_bytes() btrfs reflink magic 2014-12-12 13:35:32 +01:00
Lennart Poettering
f9ac15442e gpt-auto-generator: make use of new btrfs-util.h APIs 2014-12-12 13:35:32 +01:00
Lennart Poettering
d7c7c334f5 shared: add new btrfs-util.[ch] helpers for doing common btrfs operation 2014-12-12 13:35:32 +01:00
Lennart Poettering
700c6087eb shared: missing.h should include btrfs.h, before redefining some of its definitions 2014-12-12 13:35:32 +01:00
Lennart Poettering
6ce830fa61 util: minor simplification for loop_write() and loop_read() 2014-12-12 13:35:32 +01:00
Lennart Poettering
0c3c42847d nspawn: properly validate machine names 2014-12-12 13:35:32 +01:00
Lennart Poettering
a60e9f7fc8 seccomp-util.h: make sure seccomp-util.h can be included alone 2014-12-12 13:35:32 +01:00
Lennart Poettering
db594aef54 path-util: no need to check whether p is absolute twice 2014-12-12 13:35:32 +01:00
Lennart Poettering
a2e22d07c6 udev-builtin-btrfs: properly initialize ioctl struct to zeroes 2014-12-12 13:35:32 +01:00
Lennart Poettering
257224b0cd util: document why we have alloca_align() 2014-12-12 13:35:32 +01:00
Lennart Poettering
ae6c3cc009 util: when using basename() for creating temporary files, verify the resulting name is actually valid
Also, rename filename_is_safe() to filename_is_valid(), since it
actually does a full validation for what the kernel will accept as file
name, it's not just a heuristic.
2014-12-12 13:35:32 +01:00
David Herrmann
8d1c8bd746 journal: fix dangling 'else' ambiguity
Rework the sd-journal iterators to avoid dangling 'else' ambiguity. For a
detailed explanation, see:

    commit bff686e2a9
    Author: David Herrmann <dh.herrmann@gmail.com>
    Date:   Fri Dec 12 09:43:54 2014 +0100

        hwdb: fix dangling 'else' ambuguity
2014-12-12 09:52:06 +01:00
David Herrmann
bff686e2a9 hwdb: fix dangling 'else' ambuguity
Imagine the following use of hwdb:

    if (condition_A)
        SD_HWDB_FOREACH_PROPERTY(hwdb, modalias, key, value)
            operation_A(key, value);
    else
        log_error("...");

This should work just fine, but but definitely does not what you would
expect. Due to how SD_HWDB_FOREACH_PROPERTY is defined, the dangling
'else' is linked to the hidden 'if' statement in the macro instead of the
outer 'if (condition_A)'. This is unexpected and really annoying to debug.

Fix this by never leaving un-finished if-statements in
SD_HWDB_FOREACH_PROPERTY(). We simply inverse the if() statement and
explicitly add an 'else'-branch. This way, the statement is closed and all
ambuguities are resolved.
2014-12-12 09:43:54 +01:00
David Herrmann
0b93157191 hwdb: FOREACH_HWDB_PROPERTY -> SD_HWDB_FOREACH_PROPERTY
Lets not pollute the global namespace. Prefix all our exported names and
macros with SD_HWDB_*.
2014-12-12 09:30:50 +01:00
Thomas Hindoe Paaboel Andersen
c4ef05484d use correct format types 2014-12-11 21:47:06 +01:00
Ronny Chevalier
015df1f78f test-condition: add more test cases 2014-12-11 18:32:57 +01:00
Ronny Chevalier
e74aa253e9 test-strv: add test for strv_equal 2014-12-11 18:32:57 +01:00
Ronny Chevalier
27c5347c8c test-execute: add tests for UMask directive 2014-12-11 18:32:57 +01:00
Ronny Chevalier
14b0295f91 test-unit-name: add tests for %f 2014-12-11 18:32:57 +01:00
David Herrmann
d31f486b83 bus: sync with kdbus.git
Changes:
 * bloom parameters are returned in an offset via HELLO
 * FREE now takes items just like any other ioctl
2014-12-11 17:26:03 +01:00
Lennart Poettering
eccaf89933 tree-wide: use our memset() macros instead of memset() itself 2014-12-11 16:58:45 +01:00
Torstein Husebø
f7340ab269 treewide: correct spacing near eol in code comments 2014-12-11 15:10:03 +01:00
Torstein Husebø
ee33e53a70 core: correct spacing near eol in code comments 2014-12-11 15:09:51 +01:00
Torstein Husebø
cc13b32729 shared: correct spacing near eol in code comments 2014-12-11 15:08:35 +01:00
Torstein Husebø
7517e17443 journald: correct spacing near eol code comments 2014-12-11 15:08:26 +01:00
Torstein Husebø
ad67ef274e sd-bus: correct spacing near eol in code comments 2014-12-11 15:04:56 +01:00
Torstein Husebø
d076c6f9e4 networkd/resolved: correct spacing near eol in code comments 2014-12-11 15:04:43 +01:00
Tom Gundersen
0411760af1 sd-dhcp-client: log if we fail to set up lease timers 2014-12-11 14:43:09 +01:00
Tom Gundersen
8b516fdea7 libudev: make libudev-hwdb a wrapper around sd-hwdb 2014-12-11 13:54:35 +01:00
Tom Gundersen
23fbe14f50 libsystemd: add sd-hwdb library
This is libudev-hwdb, but decoupled from libudev and in the libsystemd style.

The core code is unchanged, apart from the following minor changes:

 - hwdb.bin located in /**/systemd/hwdb/ take preference over the ones located
   in /**/udev/
 - properties are stored internally in an OrderedHashmap, rather than a
   linked list.
 - a new API call allows individual properties to be queried directly, rather
   than iterating over them all
 - the iteration over properties have been moved inside the library, rather than
   exposing a list directly
 - the unused 'flags' parameter was dropped
2014-12-11 13:54:35 +01:00
David Herrmann
94e15fdc4d bus: sync with kdbus.git
Sync up with recent kdbus changed:
 * several ioctls gained .size and .items members (but still unused)
 * CMD_SEND gained its own ioctl structure
 * several members of kdbus_msg were dropped as they were only used during
   SEND, not during RECV etc.
 * CMD_RECV and CMD_SEND now share a kdbus_reply member which contains the
   offset and size of the returned message.
2014-12-11 13:19:41 +01:00
David Herrmann
055b27f294 bus: zero cmd_free before passing to ioctl
Make sure the whole cmd_free object is zeroed before passing it into the
kernel. This makes valgrind happy and makes us future proof.
2014-12-11 10:45:58 +01:00
David Herrmann
becb1a6e9d bus: fix memfd-cache regarding memfd offsets
We must restore part->mmap_begin when poping memfds from the memfd-cache.
We rely on the memfds to be unsealed, so we can be sure that we own the
whole FD. Therefore, simply set part->mmap_begin to the same as
part->data.

This fixes test-bus-kernel-benchmark.
2014-12-11 10:44:41 +01:00
Zbigniew Jędrzejewski-Szmek
2ebcf93670 localectl,man: make it obvious that set-*-keymaps sets both keymaps
https://bugs.freedesktop.org/show_bug.cgi?id=85411
2014-12-11 00:02:54 -05:00
Lennart Poettering
7b3fd6313c scope: make attachment of initial PIDs a bit more robust 2014-12-10 22:06:44 +01:00
Lennart Poettering
0cd385d318 core: don't migrate PIDs for units that may contain subcgroups, do this only for leaf units
Otherwise a slice or delegation unit might move PIDs around ignoring the
fact that it is attached to a subcgroup.
2014-12-10 20:38:24 +01:00
Lennart Poettering
764458325e core: properly pass unit file state to clients via the bus 2014-12-10 19:58:50 +01:00
Lennart Poettering
1776fff917 sd-bus: make BUS_ERROR_MAP_ELF_USE() use a const variable 2014-12-10 19:07:48 +01:00
Lennart Poettering
7303ec8f30 networkd: rename section [BridgePort] → [Bridge]
Let's stick to generic sections that describe the general technology,
instead of specific per-object sections, unless we really have a reason
to do that otherwise.
2014-12-10 19:07:48 +01:00
Lennart Poettering
96aad8d15a sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h
Stuff in src/shared/ should not use stuff from src/libsystemd/ really.
2014-12-10 19:07:48 +01:00
Patrik Flykt
85bd849f09 networkd-dhcp6: Support ICMPv6 Other information
When ICMPv6 Other information is received, enable Information request
in DHCPv6. If the DHCPv6 client already exists, only update the client
if there is a transition from Other to Managed state.
2014-12-10 18:31:21 +01:00
Patrik Flykt
5c79bd7983 networkd-dhcp6: Move ICMPv6 and DHCPv6 configuration to new file
Handle all aspects of ICMPv6 and DHCPv6 in a file of its own as is done
with DHCPv4 and IPv4LL.
2014-12-10 18:31:21 +01:00
Patrik Flykt
c4e8ceddcc test-dhcp6-client: Add a simple Information Request test case
Start the DHCPv6 test case by sending an Information Request, verifying
the reply and continuing at once with the normal address acquisition
procedure. Reuse the DHCPv6 Solicit Reply so that the client code is
verified to ignore any erroneously added IPv6 address information.
2014-12-10 18:31:21 +01:00
Patrik Flykt
bbfa43ca37 sd-dhcp6-client: Implement Information Request message
Implement Information Request message according to RFC 3315, section
18.1.5. with the excepion that the first message is not delayed by a
random amount. Instead systemd-networkd is supposed to take care of
desynchronizing between other clients.

Initialize the DHCPv6 client structure in sd_dhcp6_client_start()
as this allows toggling between information request and normal
DHCPv6 address aquisition modes.
2014-12-10 18:31:21 +01:00
Patrik Flykt
fab15fec24 sd-dhcp6-lease: Return only -EINVAL when a NULL lease is supplied
Suppyling a NULL lease is not a condition that needs to be asserted,
returning -EINVAL is informative enough to the caller. This simplifies
calling code and doesn't falsely indicate that something erroneous was
attempted.
2014-12-10 18:31:21 +01:00
Patrik Flykt
c47e8936a4 sd-dhcp6-client: Make end of successfull option parsing explicit
When all DHCPv6 options have been parsed, dhcp6_option_parse() returns
-ENOMSG. Explicitely set the return value to indicate success so that
later code does not need to take this special value into account.
2014-12-10 18:31:21 +01:00
Jan Synacek
0eb3cc8850 test: fix some tests when running inside a container 2014-12-10 13:36:10 +01:00
Lennart Poettering
536bfdab4c virt: when detecting containers and /run/systemd/container cannot be read, check /proc/1/environ
This way, we should be in a slightly better situation if a container is
booted up with only a shell as PID 1. In that case
/run/systemd/container will not be populated, and a check for it hence
be ineffective.

Checking /proc/1/environ doesn't fully fix the problem though, as the
file is only accessible with privileges. This means if PID 1 is not
systemd, and if privileges have been dropped the container detection
will continue to fail.
2014-12-10 13:36:10 +01:00
Zbigniew Jędrzejewski-Szmek
a644abed54 systemctl: fix invalid free when enabling sysv services fails
The error was introduced in v215-343-g60731f32f1 'systemctl: do not
bother to mutate state on error', by causing strv_free to attempt to
free a static string. Simplify the whole thing by always keeping the
array in valid state.
2014-12-09 21:47:53 -05:00
Zbigniew Jędrzejewski-Szmek
4dfb18922d ima-setup: simplify 2014-12-09 21:47:53 -05:00