1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

43347 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
61c3e2c8bf presets: "disable" all passive targets by default
Officially we default to a "enable *", even though pretty much everybody
overrides this with "disable *". We have a bunch of targets and services which
should not be enabled by default. In case the default policy is not overriden,
our passive units would be enabled by presets, which is generally not useful at
all. So let's explicitly mark them as disabled.

Note that this effectively changes very little. E.g. on Fedora, all the units
listed in this patch were "disabled" already.

Fixes #14648.
2020-02-04 13:59:31 +09:00
Zbigniew Jędrzejewski-Szmek
2f1fc899ce
Merge pull request #14589 from keszybz/sysctl-downgrade-messages
sysctl: add glob patterns to set network settings more flexibly
2020-02-04 00:04:28 +01:00
Zbigniew Jędrzejewski-Szmek
5d4fc0e665 sysctl: set ipv4 settings in a race-free way
Fixes #6282.

This solution is a bit busy, but we close the race without setting *.all.*, so
it is still possible to set a different setting for particular interfaces.
Setting just "default" is not very useful because any interfaces present before
systemd-sysctl is invoked are not affected. Setting "all" is too harsh, because
the kernel takes the stronger of the device-specific setting and the "all" value,
so effectively having a weaker setting for specific interfaces is not possible.
2020-02-04 00:01:50 +01:00
Zbigniew Jędrzejewski-Szmek
e0f424790d sysctl: add glob syntax to sysctl.d files
This is intended for net.*.conf.*.foo files. Setting just "default" is not very
useful because any interfaces present before systemd-sysctl is invoked are not
affected. Setting "all" is too harsh, because the kernel takes the stronger of
the device-specific setting and the "all" value, so effectively having a weaker
setting for specific interfaces is not possible. Let's add a way in which can
set "default" first and then all the others without "all".
2020-02-04 00:01:50 +01:00
AsciiWolf
5e9c08f377 l10n: update Czech Translation 2020-02-03 21:54:09 +01:00
Anita Zhang
d383613872
Merge pull request #14747 from yuwata/core-dynamic-user-14733
core: call dynamic_user_acquire() only when 'group' is non-null
2020-02-03 10:38:27 -08:00
Yu Watanabe
50152bb1c5 core: call dynamic_user_acquire() only when 'group' is non-null
When unit is reloaded, and the reloaded unit has bad-setting, then
unit_patch_contexts() is not called and exec_context::user and group
may not be configured.

A minimum reproducer for the case is:
- step 1.
$ sudo systemctl edit --full hoge.service
[Service]
oneshot
ExecStart=sleep 1h

- step 2.
$ sudo systemctl start hoge.service

- step 3.
$ sudo systemctl edit --full hoge.service
[Service]
Type=oneshot
ExecStart=@bindir@/sleep 1h
DynamicUser=yes

Then pid1 crashed.

Fixes #14733.
2020-02-03 21:51:07 +09:00
Yu Watanabe
4c1dea42b5 journal: drop unreachable path 2020-02-03 10:00:50 +01:00
splantefeve
e362d6eeba po: update French translation 2020-02-03 10:00:30 +01:00
Yu Watanabe
bf2334c054 udev: add {Receive,Transmit}ChecksumOffload= settings
Closes #14661.
2020-02-03 12:31:31 +09:00
Naïm Favier
53e1ba280f
network: add SuppressPrefixLength option to RoutingPolicyRule (#14736)
Closes #14724.
2020-02-03 08:25:48 +09:00
Yu Watanabe
e06d7d0fb0 po: update Japanese translation 2020-02-02 20:48:17 +01:00
Piotr Drąg
10f58ad015 po: update Polish translation 2020-02-02 20:46:57 +01:00
Lennart Poettering
9a4940bf92 update NEWS 2020-02-02 18:17:24 +01:00
Lennart Poettering
d58f31793a
Merge pull request #14645 from keszybz/sd-bus-message-dump
sd_bus_message_dump
2020-02-02 17:27:50 +01:00
Lennart Poettering
ddb10d8ccd
Merge pull request #14699 from yuwata/dhcp6-fix-t1-t2
dhcp6: do not use T1 and T2 longer than one provided by the lease
2020-02-02 17:16:31 +01:00
Yu Watanabe
60d0a5098b util: uid_t, gid_t, and pid_t must be 32bit
We already have assert_cc(sizeof(uid_t) == sizeof(uint32_t)) or friends
at various places.
2020-02-02 17:13:08 +01:00
Yu Watanabe
c757517d98 meson: fix feature list 2020-02-02 17:09:28 +01:00
Lennart Poettering
a754993d9c
Merge pull request #14719 from yuwata/sd-boot-fix-warnings
sd-boot: fix warnings
2020-02-02 16:57:17 +01:00
David Michael
649916d356 sysusers: support creating users with a specific primary group
This extends the "uid:gid" syntax for "u" lines so that a group
name can be given instead of a GID.  This requires that the group
is either queued for creation by sysusers, or it is already defined
on the system.

Closes #14340
2020-02-02 16:53:22 +01:00
Yu Watanabe
4e3132d6d6
Merge pull request #14672 from yuwata/network-routing-policy-uidrange
network: support UID based routing policy
2020-02-02 22:46:04 +09:00
Yu Watanabe
6be8e78e32 test-network: add test for UID based routing policy 2020-02-02 22:43:38 +09:00
Yu Watanabe
ea471a4695 network: support UID based routing policy
Closes #14666.
2020-02-02 22:43:38 +09:00
Yu Watanabe
03de302a31 util: add parse_uid_range() helper function 2020-02-02 22:43:38 +09:00
Yu Watanabe
af06ddf51a meson, man: do not install pam_systemd_home(8) when pam or homed is disabled
Fixes #14725.
2020-02-01 12:13:45 +01:00
Frantisek Sumsal
2273ecfeda test: don't install /etc/securetty
Having /etc/securetty in test containers prevents root from logging into
them:

```
Jan 31 10:15:11 systemd-testsuite login[69]: pam_securetty(login:auth): access denied: tty 'pts/0' is not secure !
Jan 31 10:15:11 systemd-testsuite login[69]: FAILED LOGIN 1 FROM pts/0 FOR root, Authentication failure
```
2020-02-01 11:55:17 +01:00
Lennart Poettering
5ee69e144e
Merge pull request #14178 from poettering/journal-namespace
journal: add concept of "journal namespaces"
2020-02-01 11:25:48 +01:00
Anita Zhang
279be556f8
Merge pull request #14721 from yuwata/home-tiny-fixes
homed,nspawn,userdb: trivial tiny fixes
2020-01-31 12:02:51 -08:00
Yu Watanabe
020313b213 test: also check the result of merge_gid_lists()
Fixes CID#1412354.
2020-01-31 23:31:23 +09:00
Yu Watanabe
4af8ab2cab user-util: fix use after free() on error path
Fixes CID#1412356.
2020-01-31 23:23:44 +09:00
Yu Watanabe
b44b735a78 userdbd: fix memleak
Fixes CID#1412416.
2020-01-31 23:20:52 +09:00
Lennart Poettering
ad23785246 update TODO 2020-01-31 15:10:40 +01:00
Lennart Poettering
2b6b8bd3f7 man: document --namespace= switch of journalctl 2020-01-31 15:10:40 +01:00
Lennart Poettering
241c8f67f6 man: document the new sd_journal_open_namespace() API 2020-01-31 15:10:40 +01:00
Lennart Poettering
5b0a76d107 man: document LogNamespace= unit setting 2020-01-31 15:10:40 +01:00
Lennart Poettering
7d8155b3df man: document new _NAMESPACE= journal field 2020-01-31 15:10:40 +01:00
Lennart Poettering
6bc4361997 man: document journald@NAMESPACE.conf 2020-01-31 15:10:40 +01:00
Lennart Poettering
efcbcd0d04 man: document journald namespaces 2020-01-31 15:10:40 +01:00
Lennart Poettering
23d8c56046 journalctl: underline sections in --help 2020-01-31 15:10:40 +01:00
Yu Watanabe
9610210d32 nspawn: voidify umount_verbose()
Fixes CID#1415122.
2020-01-31 23:10:29 +09:00
Yu Watanabe
02cec15629 user-record-util: add missing error check
Fixes CID#1415123.
2020-01-31 23:08:59 +09:00
Yu Watanabe
00c7b071ac homework: fix errno in log_error_errno()
Fixes CID#1415124.
2020-01-31 23:07:15 +09:00
Yu Watanabe
852640f8a2 home: add missing variable initialization
Fixes CID#1415126.
2020-01-31 23:04:43 +09:00
Lennart Poettering
340cb115b3 units: define RuntimeDirectory= in systemd-journald.service
It doesn't get us much, but makes the differences between the templated
and non-templated versions a bit smaller.
2020-01-31 15:04:24 +01:00
Lennart Poettering
5591cd4e20 units: sort settings in systemd-journald.service again 2020-01-31 15:04:15 +01:00
Lennart Poettering
fb38a7beb8 tmpfiles: apply ACLs to top-level journal directory in /run, too
We already apply them to the directory in /var. Let's do the same in
/run too. That's because due to the log namespace logic we nowadays can
gain additional subdirs there during regular operation.
2020-01-31 15:04:12 +01:00
Lennart Poettering
0f5a4f9cd9 tmpfiles: merge lines for the same inodes 2020-01-31 15:04:08 +01:00
Lennart Poettering
db23d83bd4 test: add simple test for log namespaces 2020-01-31 15:04:05 +01:00
Lennart Poettering
dc5437c78b journald: add ability to activate by varlink socket
If we have exit on idle, then operations such as "journalctl
--namespace=foo --rotate" should work even if the journal daemon is
currently not running.

(Note that we don't do activation by varlink for the main instance of
journald, I am not sure the deadlocks it might introduce are worth it)
2020-01-31 15:03:55 +01:00
Lennart Poettering
65c398c031 journald: add exit on idle 2020-01-31 15:03:44 +01:00