1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

27065 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
38d78d1ee9 networkd-test: add a helper function to always clean up temporary config files 2016-09-16 10:30:34 -04:00
hi117
9ea78383e8 Updated formatting for printing the key for FSS (#4165)
The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption.

Before:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.

        /var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900

The sealing key is automatically changed every 15min.
```

After:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.

        d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900

The sealing key is automatically changed every 15min.
```
2016-09-16 10:14:55 -04:00
Stefan Schweter
96ee6ce3c9 man: Update example for downloading a Fedora image (#4166) 2016-09-16 08:22:12 -04:00
Stefan
734530b7b5 man: update url to openpgpkey rfc (#4156) 2016-09-15 22:55:22 -04:00
Zbigniew Jędrzejewski-Szmek
e77e0f51fe Merge pull request #4131 from intelfx/update-done-timestamps-precision
condition: ignore nanoseconds in timestamps for ConditionNeedsUpdate=

Fixes #4130.
2016-09-15 22:53:00 -04:00
Tomáš Janoušek
7dabbb55a8 logind: fix /run/user/$UID creation in apparmor-confined containers (#4154)
When a docker container is confined with AppArmor [1] and happens to run
on top of a kernel that supports mount mediation [2], e.g. any Ubuntu
kernel, mount(2) returns EACCES instead of EPERM.  This then leads to:

    systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied
    login[42]: pam_systemd(login:session): Failed to create session: Access denied

and user sessions don't start.

This also applies to selinux that too returns EACCES on mount denial.

[1] https://github.com/docker/docker/blob/master/docs/security/apparmor.md#understand-the-policies
[2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/kernel-patches/4.7/0025-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
2016-09-16 02:26:31 +03:00
Marcel Holtmann
390e020735 hwdb: Update database of Bluetooth company identifiers 2016-09-15 22:09:35 +02:00
Zbigniew Jędrzejewski-Szmek
2179fd109d test-execute: fix %n typo (#4153) 2016-09-15 14:21:42 +02:00
Martin Pitt
bfa91d65bb Merge pull request #4150 from ssahani/net1
networkd: trivial fixes
2016-09-15 12:20:09 +02:00
kristbaum
d903a89246 Update systemctl.xml (#4151) 2016-09-15 09:11:33 +02:00
Peter Hutterer
bbe7cdeb8f hwdb: add Lenovo *40 series resolution fixes (#4149) 2016-09-15 08:16:05 +02:00
Susant Sahani
a4820c463a networkd: network fix log message 2016-09-15 10:19:26 +05:30
Susant Sahani
9b53e12987 networkd: netdev fixup copy paste error 2016-09-15 10:18:59 +05:30
Susant Sahani
1bc7460bf2 TODO: update networkd TODO 2016-09-15 10:18:22 +05:30
Ivan Shapovalov
fb8b0869a7 update-done, condition: write the timestamp to the file as well and use it to prevent false-positives
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90192 and #4130
for real. Also, remove timestamp check in update-done.c altogether since
the whole operation is idempotent.
2016-09-15 06:36:42 +03:00
Ivan Shapovalov
3a730176b3 time-util: export timespec_load_nsec() 2016-09-15 05:21:09 +03:00
Davide Cavalca
c0f9116d6c shell-completion: add --wait to systemd-run completions (#4140) 2016-09-14 22:38:53 +02:00
Davide Cavalca
bf6585ce64 gitignore: ignore image.raw from mkosi (#4141) 2016-09-14 19:15:21 +02:00
Susant Sahani
92c918b06d networkd: add support to configure virtual CAN device (#4139)
1. add support for kind vcan
2. fixup indention netlink-types.c, networkd-netdev.c
2016-09-14 18:15:16 +02:00
Martin Pitt
2d88def959 Merge pull request #4133 from keszybz/strerror-removal
Strerror removal and other janitorial cleanups
2016-09-14 11:17:58 +02:00
Colin Walters
34210af7c6 kernel-install: Add KERNEL_INSTALL_NOOP (#4103)
Will be used by rpm-ostree (and likely lorax) to suppress
RPM->kernel->%posttrans->dracut runs, and basically everything
else this script is doing.

I'll also likely change the `kernel.spec` to respect this as well.
2016-09-14 07:57:43 +02:00
Zbigniew Jędrzejewski-Szmek
4ffe24797c NEWS: add a bunch of stuff for the 232 release (#4132)
This does not include the description of the mixed v1/v2 mode, but
everything important apart from that should be covered.
2016-09-14 07:40:02 +02:00
Zbigniew Jędrzejewski-Szmek
e031c227cb TODO: remove duplicated item 2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
481a2b02a3 Always use unicode ellipsis when ellipsizing
We were already unconditionally using the unicode character when the
input string was not pure ASCII, leading to different behaviour in
depending on the input string.

systemd[1]: Starting printit.service.
python3[19962]: foooooooooooooooooooooooooooooooooooo…oooo
python3[19964]: fooąęoooooooooooooooooooooooooooooooo…oooo
python3[19966]: fooąęoooooooooooooooooooooooooooooooo…ąęąę
python3[19968]: fooąęoooooooooooooooooąęąęąęąęąęąęąęą…ąęąę
systemd[1]: Started printit.service.
2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
432b5c8a4d TODO: remove strerror entry
I believe the remaining call sites are legitimate uses which cannot be
easily replaced with %m.
2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
9eec7d12ed tests: get rid of strerror 2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
048c386eee tree-wide: use %m in calls to sd_bus_error_set_errnof
sd_bus_error_set_errnof supports %m, so there's no need to call
strerror manually.
2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
581fc868be journal-verify: get rid of strerror 2016-09-13 20:10:56 -04:00
Zbigniew Jędrzejewski-Szmek
f5e757f1ce microhttpd-util: add the trailing newline automatically
It's prone to error and annoying to have to add it manually. It was
missing from a few places.
2016-09-13 20:10:56 -04:00
Zbigniew Jędrzejewski-Szmek
1b4cd64683 journal-remote: implement %m support in mhd_respondf
errno value is not protected (it is undefined after this function returns).
Various mhd_* functions are not documented to protect errno, so this could not
guaranteed anyway.
2016-09-13 20:10:56 -04:00
Zbigniew Jędrzejewski-Szmek
303a2ebcb6 udev: use get_proc_cmdline_key instead of FOREACH_WORD_QUOTED 2016-09-13 20:10:54 -04:00
Zbigniew Jędrzejewski-Szmek
e788ef482f man: "disabled on" does not sound right 2016-09-13 09:05:48 -04:00
Topi Miettinen
646853bdd8 fileio: simplify mkostemp_safe() (#4090)
According to its manual page, flags given to mkostemp(3) shouldn't include
O_RDWR, O_CREAT or O_EXCL flags as these are always included. Beyond
those, the only flag that all callers (except a few tests where it
probably doesn't matter) use is O_CLOEXEC, so set that unconditionally.
2016-09-13 08:20:38 +02:00
Zbigniew Jędrzejewski-Szmek
acb986015d Relicense hwdb/parse_hwdb.py as MIT (#4129)
This parser will also be used in libinput, which uses the MIT license, so
relicense this file to the more permissive license to make bidirectional code
flow easier. parse_hwdb.py is only useful during building of the project, and
is not part of the installation, so effectively both licenses are very similar.
In particular, the licensing of binary packages produced by systemd is not
influenced in any way, because the MIT licensed part is not installed.
2016-09-13 08:18:13 +02:00
dwassenberg
f5b15d1b94 hwdb: add Lenovo X1 Tablet pointing stick speed fix (#4128)
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.

This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X1 Tablet models.

Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
2016-09-12 13:29:55 +01:00
Zbigniew Jędrzejewski-Szmek
ae9efab711 shared/install: fix set-default with empty root (#4118)
https://bugzilla.redhat.com/show_bug.cgi?id=1374371

When root was empty or equal to "/", chroot_symlinks_same was called with
root==NULL, and strjoina returned "", so the code thought both paths are equal
even if they were not. Fix that by always providing a non-null first argument
to strjoina.
2016-09-10 13:07:51 +02:00
Marc-Antoine Perennou
4245eb5072 test-fs-util: also empty TEMP and TMP env vars (#4121)
A follow-up for #3818 (992e8f2).
2016-09-10 08:38:04 +01:00
Evgeny Vereshchagin
47af450af0 Merge pull request #4119 from keszybz/drop-more-kdbus
Drop more kdbus functionality
2016-09-10 09:26:43 +03:00
Kyle Russell
7dd736abec service: fixup ExecStop for socket-activated shutdown (#4120)
Previous fix didn't consider handling multiple ExecStop commands.
2016-09-10 08:55:36 +03:00
Martin Pitt
f35c467db3 shared: recognize DNS names with more than one trailing dot as invalid (#4111)
One trailing dot is valid, but more than one isn't. This also fixes glibc's
posix/tst-getaddrinfo5 test.

Fixes #3978.
2016-09-09 16:11:54 +01:00
Michael Olbrich
0dd99f86ad unit: sent change signal before removing the unit if necessary (#4106)
If the unit is in the dbus queue when it is removed then the last change
signal is never sent. Fix this by checking the dbus queue and explicitly
send the change signal before sending the remove signal.
2016-09-09 16:05:06 +01:00
Zbigniew Jędrzejewski-Szmek
232f6754f6 pid1: drop kdbus_fd and all associated logic 2016-09-09 15:16:26 +01:00
Zbigniew Jędrzejewski-Szmek
ba612f4204 man: drop kdbus descriptions from sd_b_negotiate_fds(3) 2016-09-09 15:06:06 +01:00
Zbigniew Jędrzejewski-Szmek
2acaa3789a build-sys: drop last reference to --have-kdbus 2016-09-09 15:03:11 +01:00
Kyle Russell
f2dbd059a6 service: Continue shutdown on socket activated unit on termination (#4108)
ENOTCONN may be a legitimate return code if the endpoint disappeared,
but the service should still attempt to shutdown cleanly.
2016-09-09 05:34:43 +03:00
Lucas Werkmeister
de737be0a8 man: add missing <constant> tag (#4109) 2016-09-08 10:18:16 +02:00
Evgeny Vereshchagin
c5d5fc91eb Merge pull request #4087 from fsateler/detect-seccomp-filter
seccomp: also detect if seccomp filtering is available
2016-09-07 06:44:06 +03:00
Felipe Sateler
fd74fa791f README: document that CONFIG_SECCOMP_FILTER is required for SECCOMP support 2016-09-06 20:25:49 -03:00
Felipe Sateler
1cec406d62 nspawn: detect SECCOMP availability, skip audit filter if unavailable
Fail hard if SECCOMP was detected but could not be installed
2016-09-06 20:25:49 -03:00
Felipe Sateler
d347d9029c seccomp: also detect if seccomp filtering is enabled
In https://github.com/systemd/systemd/pull/4004 , a runtime detection
method for seccomp was added. However, it does not detect the case
where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible
if the architecture does not support filtering yet.
Add a check for that case too.

While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl,
as that should save a few system calls and (unnecessary) allocations.
Previously, reading of /proc/self/stat was done as recommended by
prctl(2) as safer. However, given that we need to do the prctl call
anyway, lets skip opening, reading and parsing the file.

Code for checking inspired by
https://outflux.net/teach-seccomp/autodetect.html
2016-09-06 20:25:49 -03:00