1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-15 07:24:00 +03:00
Commit Graph

14418 Commits

Author SHA1 Message Date
Lennart Poettering
262d10e6bd nspawn: if we don't find bash, try sh 2014-02-14 16:41:03 +01:00
Lennart Poettering
af1082b04a update TODO 2014-02-14 16:40:52 +01:00
Lennart Poettering
6b9132a9c4 nspawn: don't accept just any tree to execute
When invoked without -D in an arbitrary directory we should not try to
execute anything, make some validity checks first.
2014-02-14 16:35:18 +01:00
Lennart Poettering
9fccdb0f64 man: always place <programlisting> and </programlisting> in a line with actual sources, so that we don't get spurious newlines in the man page output 2014-02-14 15:56:19 +01:00
Djalal Harouni
6046278f40 localectl: log error if bus_map_all_properties() fails 2014-02-14 02:19:42 +01:00
Lennart Poettering
3a33e61d2d service: when we complain about a notify message we cannot map to main pid because we don't know anything about the main pid, do so at debug level 2014-02-14 02:05:40 +01:00
Lennart Poettering
336c6e4690 service: if we don't know the main pid of a service, we cannot accept any notification messages 2014-02-14 02:04:09 +01:00
Simon Peeters
9f137db070 build-sys: fix for "recipe for target 'dbus1-generator-install-hook' failed" 2014-02-14 01:52:40 +01:00
Dave Reisner
29e254f7f0 man: systemd.service(5): clarify behavior of SuccessExitStatus
The behavior of this is a little cryptic in that $MAINPID must exit as
a direct result of receiving a signal in order for a listed signal to
be considered a success condition.
2014-02-14 01:40:52 +01:00
Michael Marineau
112cfb1814 shared: include root when canonicalizing conf paths
The conf_files_list family accepts an alternate root path to prefix all
directories in the list but path_strv_canonicalize_uniq doesn't use it.
This results in the suspicious behavior of resolving directory symlinks
based on the contents of / instead of the alternate root.

This adds a prefix argument to path_strv_canonicalize which will now
prepend the prefix, if given, to every path in the list. To avoid
answering what a relative path means when called with a root prefix
path_strv_canonicalize is now path_strv_canonicalize_absolute and only
considers absolute paths. Fortunately all users of already call
path_strv_canonicalize with a list of absolute paths.
2014-02-14 00:58:00 +01:00
Djalal Harouni
b58b227a53 logind: make sure to terminate systemd user on logouts
Currently if the user logs out, the GC may never call user_stop(),
this will not terminate the systemd user and (sd-pam) of that user.

To fix this, remove the USER_CLOSING state check that is blocking the
GC from calling user_stop(). Since if user_check_gc() returns false
this means that all the sessions of the user were removed which will
make user_get_state() return USER_CLOSING.

Conclusion: that test will never be statisfied.

So we remove the USER_CLOSING check and replace it with a check inside
user_stop() this way we know that user_stop() has already queued stop
jobs, no need to redo.

This ensures that the GC will get its two steps correctly as pointed out
by Lennart:
http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html

Note: this also fixes another bug that prevents creating the user
private dbus socket which will break communications with the user
manager.
2014-02-13 21:07:13 +01:00
Lennart Poettering
24fb111207 nspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in containers
The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.
2014-02-13 20:30:02 +01:00
Lennart Poettering
69c79d3c32 nspawn: add new --network-veth switch to add a virtual ethernet link to the host 2014-02-13 18:47:53 +01:00
Lennart Poettering
31a4e15384 rtnl: support adding VETH_INFO_PEER containers into rtnl messages 2014-02-13 18:47:53 +01:00
Dave Reisner
5a1aece581 systemctl: fix exit statuses from is-active/is-failed
This was inadvertantly disturbed in e3e0314b when glob support was
added.
2014-02-13 10:14:31 -05:00
Lennart Poettering
c8a202b7d4 everywhere: always use O_CLOEXEC where it makes sense 2014-02-13 14:59:56 +01:00
Lennart Poettering
955d98c9c1 everywhere: make use of new0() and macro() macros, and stop using perror() 2014-02-13 14:45:51 +01:00
Lennart Poettering
7e2270246b nspawn: check with udev before we take possession of an interface 2014-02-13 14:38:02 +01:00
Lennart Poettering
b88eb17a7a nspawn: no need to subscribe to netlink messages if we just want to execute one operation 2014-02-13 14:08:16 +01:00
Lennart Poettering
a42c8b54b1 nspawn: --private-network should imply CAP_NET_ADMIN 2014-02-13 14:07:59 +01:00
Lennart Poettering
d595c5cc9e rtnl: rename constructors from the form sd_rtnl_xxx_yyy_new() to sd_rtnl_xxx_new_yyy()
So far we followed the rule to always indicate the "flavour" of
constructors after the "_new_" or "_open_" in the function name, so
let's keep things in sync here for rtnl and do the same.
2014-02-13 13:53:25 +01:00
Lennart Poettering
cf6a891173 rtnl: drop "sd_" prefix from cleanup macros
The "sd_" prefix is supposed to be used on exported symbols only, and
not in the middle of names. Let's drop it from the cleanup macros hence,
to make things simpler.

The bus cleanup macros don't carry the "sd_" either, so this brings the
APIs a bit nearer.
2014-02-13 03:44:14 +01:00
Lennart Poettering
aa28aefe61 nspawn: add new --network-interface= switch to move an existing interface into the container 2014-02-13 03:27:39 +01:00
Lennart Poettering
39ed67d146 nspawn: introduce --capability=all for retaining all capabilities 2014-02-13 02:45:11 +01:00
Lennart Poettering
89fffa2735 seccomp: fix build again if libseccomp is missing 2014-02-13 02:25:45 +01:00
Lennart Poettering
513a78c1aa update TODO 2014-02-13 02:13:50 +01:00
Lennart Poettering
b33918c210 core: make StopWhenUnneeded work in conjunction with units that fail
during their start job

https://bugzilla.redhat.com/show_bug.cgi?id=997031
2014-02-13 02:13:14 +01:00
Lennart Poettering
bcd02123e1 update TODO 2014-02-13 01:41:24 +01:00
Lennart Poettering
d3b1c50833 core: add a system-wide SystemCallArchitectures= setting
This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:40:50 +01:00
Tom Gundersen
624b5a636f networkd: correctly handle manager_free(NULL) 2014-02-13 01:41:32 +01:00
Lennart Poettering
57183d117a core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls

Also, turn system call filter bus properties into complex types instead
of concatenated strings.
2014-02-13 00:24:00 +01:00
Lennart Poettering
351a19b17d core: fix build without libseccomp 2014-02-12 18:44:40 +01:00
Lennart Poettering
17df7223be core: rework syscall filter
- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.
2014-02-12 18:30:36 +01:00
Ronny Chevalier
c0467cf387 syscallfilter: port to libseccomp 2014-02-12 18:30:36 +01:00
Tom Gundersen
c6f7b693fe sd-dhcp: make sure client->secs > 0
Some DHCP servers will not work correctly if secs == 0, so round up
to at least 1.
2014-02-12 17:07:31 +01:00
Tom Gundersen
60ad0c85e5 networkd: work inside containers
Udev does not run in containers, so instead of relying on it to tell us when a
network device is ready to be used by networkd, we simply assume that any
device was fully initialized before being added to the container.
2014-02-12 17:04:35 +01:00
Lennart Poettering
86d0d51942 update TODO (add section for things to fix before 209) 2014-02-12 12:59:56 +01:00
Zbigniew Jędrzejewski-Szmek
32dcef3ab1 build-sys: make lxml required when generating indices
Since the manpage indices generated without lxml would be missing some
parts, it doesn't make sense to keep lxml optional anymore.
2014-02-12 03:04:57 -05:00
Zbigniew Jędrzejewski-Szmek
feef0842cf build-sys: add less-variables.xml to EXTRA_DIST 2014-02-12 03:01:59 -05:00
Zbigniew Jędrzejewski-Szmek
21ac6ff143 man: use xinclude to de-deduplicate common text
I only tested with python-lxml. I'm not sure if xml.etree should be
deprecated.
2014-02-12 01:10:31 -05:00
Jason A. Donenfeld
f366d58dc1 pager: support SYSTEMD_LESS environment variable
This allows customization of the arguments used by less. The main
motivation is that some folks might not like having --no-init on every
invocation of less.
2014-02-12 01:10:31 -05:00
Lennart Poettering
db999e0f92 nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use of this 2014-02-12 03:02:09 +01:00
Lennart Poettering
dd513a5dbf test: fix "make check"
Let's remove the tests for cg_path_get_machine_name(), since they no
longer operate solely on the cgroup path, but actually look up data in
/run. Since we have a test for cg_pid_get_machine_name() this shouldn't
be too much of a loss.
2014-02-12 02:11:00 +01:00
Lennart Poettering
923d8fd381 machinectl: add new "machinectl reboot" call 2014-02-12 02:11:00 +01:00
Zbigniew Jędrzejewski-Szmek
a87105a386 logind: ignore PropertiesChanged signals for jobs
Otherwise we get a (harmless) message like:
systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument
2014-02-11 19:14:47 -05:00
Zbigniew Jędrzejewski-Szmek
9bb69af4f2 logind: always kill session when termination is requested
KillUserProcesses=yes/no should be ignored when termination is
explicitly requested.
2014-02-11 19:14:47 -05:00
Zbigniew Jędrzejewski-Szmek
4daf54a851 journald: log provenience of signals 2014-02-11 19:14:47 -05:00
Lennart Poettering
c480d2f8bc units: make use of nspawn's --keep-unit switch in systemd-nspawn@.service 2014-02-11 21:13:51 +01:00
Lennart Poettering
b87633c4b2 machined: fix enumeration of existing machines on restart 2014-02-11 21:06:51 +01:00
Lennart Poettering
2fcb3af6a2 update TODO 2014-02-11 20:31:37 +01:00