1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

15009 Commits

Author SHA1 Message Date
Lennart Poettering
2ce97e2b04 sd-bus: if we got a message with fds attached even though we didn't negotiate it, refuse to take it
This makes sure we don't mishandle if developers specificy a different
AcceptFileDescriptors= setting in .busname units then they set for the
bus connection in the activated program.
2014-03-18 21:03:37 +01:00
Lennart Poettering
3f9da41645 core: add new AcceptFD= setting to .busname units
AcceptFD= defaults to true, thus making sure that by default fd passing
is enabled for all activatable names. Since for normal bus connections
fd passing is enabled too by default this makes sure fd passing works
correctly regardless whether a service is already activated or not.

Making this configurable on both busname units and in bus connections is
messy, but unavoidable since busnames are established and may queue
messages before the connection feature negotiation is done by the
service eventually activated. Conversely, feature negotiation on bus
connections takes place before the connection acquires its names.

Of course, this means developers really should make sure to keep the
settings in .busname units in sync with what they later intend to
negotiate.
2014-03-18 20:54:32 +01:00
Lennart Poettering
6340559506 test 2014-03-18 19:31:44 +01:00
Lennart Poettering
03e334a1c7 util: replace close_nointr_nofail() by a more useful safe_close()
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:

        fd = safe_close(fd);

Which will close an fd if it is open, and reset the fd variable
correctly.

By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
2014-03-18 19:31:34 +01:00
Lennart Poettering
9459781ee6 udate TODO 2014-03-18 17:59:11 +01:00
Lennart Poettering
f1660f96f5 core: drop CAP_MKNOD when PrivateDevices= is set 2014-03-18 17:58:19 +01:00
Kay Sievers
45aee6d67a timedated: update test address 2014-03-18 16:20:39 +01:00
Kay Sievers
6080625dc8 hwdb: update 2014-03-18 16:20:39 +01:00
Tom Gundersen
d23c45bfcc sd-dhcp-client: make sure timers fire immediately
The default slack caused there to be a delay before timers fired. Solve it
by setting timers that should trigger immediately to trigger far in the past.

This brings down the ideal-case dhcp lease acquisition time from about 500ms to
about 50ms (over a veth pair, so no network latency involved).

All the rest of the time (except for ~0.5ms) is spent in the bind() call in,
dhcp_network_bind_raw_socket(). I don't know if there is anything to be done
about that though...
2014-03-18 15:53:32 +01:00
Zbigniew Jędrzejewski-Szmek
4dd5da7f7d microhttpd-util: avoid double free on error
It seems that resources are properly deallocated by MHD_destroy_response,
even if enqueuing the request fails.

Also replace a trivial printf with alloca and fixup log message
(it'll now be something like "Connection from CN=some.host.name",
which seems clear enough.)
2014-03-18 00:03:14 -04:00
Zbigniew Jędrzejewski-Szmek
9786767a36 journal-remote: do not attempt to read from µhttpd connections
This chunk got lost in one of the rebases :(
2014-03-18 00:02:09 -04:00
Lennart Poettering
1dba654b27 machinectl: reimplement machinectl's "reboot" verb on top of "kill", and add new verb "poweroff"
There's really no point to send the reboot SIGINT from machinectl
directly, if machined can do that anyway. This saves code, and
makes machinectl network transparent for these verbs. And while we are
at it we can easily add a "poweroff" verb in addition to "reboot". Yay!
2014-03-18 04:48:26 +01:00
Lennart Poettering
de58a50e24 machined: fix Kill() bus call on machine objects when "what" is specified as "leader" 2014-03-18 04:48:26 +01:00
Lennart Poettering
df23374071 update TODO 2014-03-18 04:48:26 +01:00
Lennart Poettering
679142ce4a core: remount /sys/fs/cgroup/ read-only after we mounted all controllers
Given that glibc searches for /dev/shm by just looking for any tmpfs we
should be more careful with providing tmpfs instances arbitrary code
might end up writing to.
2014-03-18 04:48:26 +01:00
Lennart Poettering
a641dcd9bf cgroup: it's not OK to invoke alloca() in loops 2014-03-18 04:48:26 +01:00
Lennart Poettering
50933da01b systemctl: sort local host entry before container in list-machines output 2014-03-18 04:46:55 +01:00
Lennart Poettering
90c3f79dc7 systemctl: prefix list-units and list-machines output with a circle indicating a failure state
(Subject to --no-legend)
2014-03-18 04:46:55 +01:00
Kay Sievers
12c0d47c60 timedatectl: clear ADJ_MAXERROR to make sure we keep STA_SYNC set 2014-03-18 03:57:35 +01:00
Thomas Hindoe Paaboel Andersen
761a7c71b6 systemd-run: extend bash completion
--system
-H --host
-M --machine
--service-type (options: simple forking oneshot dbus notify idle)
--uid
--gid
--nice
--setenv
-p --property (options read from bus_append_unit_property_assignment)
2014-03-17 22:02:21 +01:00
Thomas Hindoe Paaboel Andersen
fd1e5b62e8 remove unused variable 2014-03-17 21:50:49 +01:00
poma
f47c5c47d1 man: networkd - additional examples related to bridging 2014-03-17 21:35:28 +01:00
Lennart Poettering
58dfc42ecf build-sys: move sd-login src/login → src/libsystemd/sd-login
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
2014-03-17 18:35:48 +01:00
Lennart Poettering
4c63a53ac5 update TODO 2014-03-17 18:15:57 +01:00
Lennart Poettering
bf34ab149f sd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers
This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.
2014-03-17 18:15:57 +01:00
Lennart Poettering
7366b080b3 update TODO 2014-03-17 15:18:11 +01:00
Miklos Vajna
6f285378aa core, libsystemd, systemd, timedate, udev: spelling fixes 2014-03-17 02:35:35 -04:00
Jason St. John
9029f64298 man: improve wording of systemctl's --after/--before
Commit 4a77ca7 was an attempt at fixing the wording of --after and --before,
but the new wording was unclear.

Split the combined --after/--before section into a separate section for
each, explicitly state what each option does, and add information about
how these lists are generated.

Reported-by: Andrey Borzenkov <arvidjaar@gmail.com>
Reported-by: Lennart Poettering <lennart@poettering.net>
2014-03-17 01:57:37 -04:00
Zbigniew Jędrzejewski-Szmek
3f57309664 build-sys: bump required µhttpd version
MHD_USE_EPOLL_LINUX_ONLY, MHD_USE_DUAL_STACK are only available in
next-but-last release.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
8a8d55f2c1 journal-remote: implement inheriting http(s) sockets
Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd
server on those two ports, in http and https modes respectively.
As before, --listen-http=3 --listen-https=4 will launch µhttpd servers
on ports 3 and 4.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
e7216d112a microhttpd-util: use static buffer for static messages
Most of the messages we send do not require a allocating and
freeing a buffer, to optimize this by using const strings.

Also, rename respond_error to mhd_respond*, since it is used
not only for errors.

Make use of information from printf to avoid one extra call to
strlen.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
cc64d0175a journal-remote: HTTP(s) support
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.

Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.

The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
fdfccdbc98 journal-remote: tool to receive messages over the network 2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
f12be7e8ca journal-gatewayd: check if certificate is signed by CA
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.

Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
cafc7f9130 journal-gatewayd: log to journal from gnutls
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
6031319956 build-sys: add check on gnutls 2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
e5ebe12b77 journal-gatewayd: ask clients to provide certificates
A certificate authority certificate will be presented to clients,
causing them to present their client certificate, if it is signed by
this authority (default behaviour of most clients). No certificate
checking is actually performed.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
e0aa372610 activate: export make_socket_fd
Also improve logging to print out the parsed address on error.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
6cf487afad shared: export is_dir 2014-03-17 01:55:47 -04:00
Zbigniew Jędrzejewski-Szmek
d18d46ecea journal: export valid_user_field and size defines
In preparation for use elsewhere.
2014-03-17 01:55:47 -04:00
Zbigniew Jędrzejewski-Szmek
63c8666b82 journal: extract duplicated code to a function 2014-03-17 01:55:47 -04:00
Zbigniew Jędrzejewski-Szmek
fc55baee99 journal: extract duplicated code to a function 2014-03-17 01:55:47 -04:00
Zbigniew Jędrzejewski-Szmek
2fc74bf433 journald: remove stray reset of error return value 2014-03-17 01:55:47 -04:00
Lennart Poettering
1238ee09b7 systemctl: introduce -r switch to show units running in local containers in addition to the host 2014-03-17 04:00:44 +01:00
Kay Sievers
9ec6586866 timedated: move test logging to test program 2014-03-17 00:18:55 +01:00
Kay Sievers
a47b9e6283 timedated: update spike handling 2014-03-16 23:51:50 +01:00
Kay Sievers
3dbc762003 timedated: update spike handling 2014-03-16 23:22:21 +01:00
Kay Sievers
7b41586761 timedated: handle external system time changes 2014-03-16 19:20:50 +01:00
Josh Triplett
f8294e4175 Use strlen even for constant strings
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity.  In particular,
for expressions intended to add up the lengths of components going into
a string, this often makes it clearer that the expression counts the
trailing '\0' exactly once, by putting the +1 for the '\0' at the end of
the expression, rather than hidden in a sizeof in the middle of the
expression.
2014-03-16 09:52:56 -04:00
Tom Gundersen
039dd4afd6 nspawn: UP the host side of the veth pair after adding it to a bridge 2014-03-16 13:55:41 +01:00