1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-16 03:24:49 +03:00

15362 Commits

Author SHA1 Message Date
Tom Gundersen
682265d5e2 resolved: run as unpriviliged "systemd-resolve" user
This service is not yet network facing, but let's prepare nonetheless.
Currently all caps are dropped, but some may need to be kept in the
future.
2014-06-03 10:40:28 +02:00
Tom Gundersen
0bbea466dc configure: networkd no longer requires kmod
Reported by Samuli Suominen.
2014-06-03 01:05:13 +02:00
Tom Gundersen
bddfc8afd3 networkd: drop CAP_SYS_MODULE
Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.
2014-06-03 00:40:23 +02:00
Susant Sahani
a613382bbf networkd: introduce vti tunnel
This patch enables vti tunnel support.

example conf:

file : vti.netdev
[NetDev]
Name=vti-tun
Kind=vti
MTUBytes=1480

[Tunnel]
Local=X.X.X.X
Remote=X.X.X.X

file: vti.network
[Match]
Name=em1

[Network]
Tunnel=vti-tun

TODO:

Add more attributes for vti tunnel
IFLA_VTI_IKEY
IFLA_VTI_OKEY
2014-06-02 16:20:44 +02:00
Susant Sahani
a9f434cf00 networkd: sit-tunnel add support for pmtudisc
This patch adds path of mtu discovery for sit tunnel.
To enable/disable DiscoverPathMTU is introduced.

Example configuration

file: sit.netdev
[NetDev]
Name=sit-tun
Kind=sit
MTUBytes=1480

[Tunnel]
DiscoverPathMTU=1
Local=X.X.X.X
Remote=X.X.X.X

By default pmtudisc is turned on , if DiscoverPathMTU
is missing from the config. To turn it off
DiscoverPathMTU=0 needs to be set.
2014-06-02 16:16:02 +02:00
Susant Sahani
8bb088c5d4 networkd: introduce gre tunnel
This patch enables gre tunnel support.

example conf:

file : gre.netdev
[NetDev]
Name=gre-tun
Kind=gre
MTUBytes=1480

[Tunnel]
Local=X.X.X.X
Remote=X.X.X.X

file: gre.network
[Match]
Name=em1

[Network]
Tunnel=gre-tun

TODO:

Add more attributes for gre tunnel
IFLA_GRE_IFLAGS
IFLA_GRE_IFLAGS
IFLA_GRE_IKEY
IFLA_GRE_OKEY
2014-06-02 16:13:00 +02:00
Susant Sahani
4d7ec9fc36 networkd-netdev: fix white space 2014-06-02 16:09:46 +02:00
Susant Sahani
10142d75cc networkd: introduce veth device support
This patch adds veth device support to networkd.

Example conf:

File: veth.netdev

[NetDev]
Name=veth-test
Kind=veth

[Peer]
Name=veth-peer
2014-06-02 16:09:40 +02:00
Tom Gundersen
b686acb27e resolved: move resolv.conf to resolved's runtime dir 2014-06-02 15:14:32 +02:00
Tom Gundersen
01501939d5 tmpfiles: systemd.conf - fix ownership of network directories 2014-06-02 15:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
9e3dbf6b2b keyboard: add Plantronics .Audio mute button
https://bugs.freedesktop.org/show_bug.cgi?id=79495
2014-06-01 14:06:17 -04:00
Lennart Poettering
e15007bc0e README: document the new "systemd-network" user we require for systemd-networkd 2014-06-01 09:35:19 +02:00
Lennart Poettering
d3cf48f4bd networkd: run as unpriviliged "systemd-network" user
This allows us to run networkd mostly unpriviliged with the exception of
CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter
though...
2014-06-01 09:12:00 +02:00
Lennart Poettering
40393d5247 units: remove CAP_SYS_PTRACE capability from hostnamed/networkd
The ptrace capability was only necessary to detect virtualizations
environments. Since we changed the logic to determine this to not
require priviliges, there's no need to carry the CAP_SYS_PTRACE
capability anymore.
2014-06-01 08:54:09 +02:00
Lennart Poettering
966bff2660 timesyncd: split privilege dropping code out of timesyncd so that we can make use of it from other daemons too
This is preparation to make networkd work as unpriviliged user.
2014-06-01 08:49:33 +02:00
Cristian Rodríguez
267b3e41df tty-ask-password-agent: Do tell what directory we failed to open 2014-06-01 08:06:16 +02:00
Cristian Rodríguez
a52ec8ed88 udev-builtin-keyboard: do tell on which device EVIOCSKEYCODE failed.
I am getting

"Error calling EVIOCSKEYCODE (scan code 0xc022d, key code 418): Invalid
argument", the error message does not tell on which specific device the
problem is, add that info.
2014-06-01 08:05:38 +02:00
Thomas Hindoe Paaboel Andersen
93f1a06374 util: ignore_file should not allow files ending with '~'
ignore_file currently allows any file ending with '~' while it
seems that the opposite was intended:
a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
2014-05-31 21:44:34 +02:00
Jonathan Liu
d8e40d62ab units: use KillMode=mixed for systemd-nspawn@.service
This causes the container to shut down cleanly when the service is
stopped.
2014-05-30 09:36:29 -04:00
Zbigniew Jędrzejewski-Szmek
8d2a614533 fsck: include device name in the message about missing fsck 2014-05-30 09:36:29 -04:00
Lennart Poettering
fdd2531170 virt: rework container detection logic
Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.

Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
2014-05-28 18:53:44 +08:00
Kay Sievers
d2edfae0f9 build-sys: use glibc's xattr support instead of requiring libattr 2014-05-28 17:36:40 +08:00
Lennart Poettering
c9679c652b NEWS: mention that we need a new user systemd-timesync v213 2014-05-28 09:43:43 +08:00
Lennart Poettering
8e7acf67b2 NEWS: update NEWS file according to most recent changes in git 2014-05-28 09:39:55 +08:00
Stef Walter
c779a44222 hostnamed: Fix the way that static and transient host names interact
It is almost always incorrect to allow DHCP or other sources of
transient host names to override an explicitly configured static host
name.

This commit changes things so that if a static host name is set, this
will override the transient host name (eg: provided via DHCP). Transient
host names can still be used to provide host names for machines that have
not been explicitly configured with a static host name.

The exception to this rule is if the static host name is set to
"localhost". In those cases we act as if no
static host name has been explicitly set.

As discussed elsewhere, systemd may want to have an fd based ownership
of the transient name. That part is not included in this commit.
2014-05-28 09:34:37 +08:00
Lennart Poettering
76d4bef384 build-sys: bump package and library version 2014-05-27 19:02:22 +08:00
Tom Gundersen
4eb20caa4d test-dhcp-option: fix memleak 2014-05-26 21:31:57 +02:00
Thomas Bächler
1f89214e6e analyze/run: use bus_open_transport_systemd instead of bus_open_transport
Both systemd-analyze and systemd-run only access org.freedesktop.systemd1
on the bus. This patch allows using systemd-run --user and systemd-analyze
--user even if the user session's bus is not properly integrated with the
systemd user unit.

https://bugs.freedesktop.org/show_bug.cgi?id=79252 and other reports...
2014-05-26 14:21:53 -04:00
Michal Sekletar
000f6e5667 Do not unescape unit names in [Install] section
https://bugs.freedesktop.org/show_bug.cgi?id=49316
2014-05-26 20:12:19 +02:00
Kay Sievers
49804365ea udev: keyboard - also hook into "change" events
Re-apply the keymaps when "udevadm trigger" is called. Hooking into
"add" only would just remove all keymap content from the udev database
instead of applying the new config.
2014-05-26 09:30:21 +08:00
Martin Pitt
e55edb22a7 keymap: Asus EeePC touchpad toggle key
Originally is KEY_TOUCHPAD_TOGGLE, but X.org can't handle the big key events,
so use the F21 convention.

https://bugs.freedesktop.org/show_bug.cgi?id=72807
2014-05-25 12:16:35 +02:00
Martin Pitt
d258d4967e keymap: Add Lenovo Enhanced USB Keyboard
https://bugs.freedesktop.org/show_bug.cgi?id=77234
2014-05-25 11:58:40 +02:00
Kay Sievers
4d40d39cdf timesysnc: reword network watching messages, and move resolver errors to debug 2014-05-25 13:46:43 +08:00
Djalal Harouni
e866af3acc nspawn: make nspawn robust to container failure
nspawn and the container child use eventfd to wait and notify each other
that they are ready so the container setup can be completed.

However in its current form the wait/notify event ignore errors that
may especially affect the child (container).

On errors the child will jump to the "child_fail" label and terminate
with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd
is created without the "EFD_NONBLOCK" flag, this leaves the parent
blocking on the eventfd_read() call. The container can also be killed
at any moment before execv() and the parent will not receive
notifications.

We can fix this by using cheap mechanisms, the new high level eventfd
API and handle SIGCHLD signals:

* Keep the cheap eventfd and EFD_NONBLOCK flag.

* Introduce eventfd states for parent and child to sync.
Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or
EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the
parent from waiting on an event that will never come.

* If the child is killed before execv() or before notifying the parent,
we install a NOP handler for SIGCHLD which will interrupt blocking calls
with EINTR. This gives a chance to the parent to call wait() and
terminate in main().

* If there are no errors, parent will block SIGCHLD, restore default
handler and notify child which will do execv(), then parent will pass
control to process_pty() to do its magic.

This was exposed in part by:
https://bugs.freedesktop.org/show_bug.cgi?id=76193

Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-25 11:23:35 +08:00
Djalal Harouni
113cea802d nspawn: move container wait logic into wait_for_container()
Move the container wait logic into its own wait_for_container() function
and add two status codes: CONTAINER_TERMINATED or CONTAINER_REBOOTED.
The status will be stored in its argument, this way we handle:
a) Return negative on failures.
b) Return zero on success and set the status to either
   CONTAINER_REBOOTED or CONTAINER_TERMINATED.

These status codes are used to terminate nspawn or loop again in case of
CONTAINER_REBOOTED.
2014-05-25 11:23:30 +08:00
Tanu Kaskinen
6b56a65123 test-path-util: add tests for path_make_relative() 2014-05-25 11:21:24 +08:00
Tanu Kaskinen
5216f599ff path-util: fix missing terminating zero
There was this code:

        if (to_path_len > 0)
                memcpy(p, to_path, to_path_len);

That didn't add the terminating zero, so the resulting string was
corrupt if this code path was taken.

Using strcpy() instead of memcpy() solves this issue, and also
simplifies the code.

Previously there was special handling for shortening "../../" to
"../..", but that has now been replaced by a path_kill_slashes() call,
which also makes the result prettier in case the input contains
redundant slashes that would otherwise be copied to the result.
2014-05-25 11:21:19 +08:00
Cristian Rodríguez
590b6b9188 Use %m instead of strerror(errno) where appropiate 2014-05-25 11:18:28 +08:00
Cristian Rodríguez
552c693eea test-unit-file: skip if unit_file_get_list returns permission denied 2014-05-25 11:17:01 +08:00
Jonathan Boulle
865cc19a34 Fix several small typos 2014-05-24 19:01:03 -04:00
Zbigniew Jędrzejewski-Szmek
623538c312 man: describe sd_uid_get_display 2014-05-24 18:50:21 -04:00
Zbigniew Jędrzejewski-Szmek
499b604b21 NEWS: mention that systemd-analyze uses new kernel release info
Also some small grammar updates.
2014-05-24 18:50:21 -04:00
Zbigniew Jędrzejewski-Szmek
49e5c2b26a build-sys: fix typo in variable name 2014-05-24 18:50:21 -04:00
Zbigniew Jędrzejewski-Szmek
b9acccb3c9 man: reword StartupCPUShares= description
Now that we have two options described in the same paragraph, we cannot
use singular anymore.
2014-05-24 18:50:21 -04:00
Tom Gundersen
68dd0956ef NEWS 2014-05-24 12:28:47 +02:00
Kay Sievers
69beda1f75 NEWS: update 2014-05-24 14:50:58 +08:00
Reyad Attiyat
f31faa119f detect-virt: Remove string for Microsoft virtualization detection in DMI vendor string array.
The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID.

https://bugs.freedesktop.org/show_bug.cgi?id=78312
2014-05-24 14:39:34 +08:00
Lennart Poettering
6936cd8926 NEWS: prepare NEWS update for 213 2014-05-24 14:26:59 +08:00
Kay Sievers
359efc59fd core: timer - switch to touch_file() 2014-05-24 11:39:47 +08:00
Kay Sievers
82d115d9ab timedated: refuse manual system time updates when automatic timesync is enabled 2014-05-24 10:45:44 +08:00