1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

41139 Commits

Author SHA1 Message Date
Debarshi Ray
90ce7627df sysctl: Enable ping(8) inside rootless Podman containers
This makes ping(8) work without CAP_NET_ADMIN and CAP_NET_RAW because
those aren't effective inside rootless Podman containers.

It's quite useful when using OSTree based operating systems like Fedora
Silverblue, where development environments are often set up using
rootless Podman containers with helpers like Toolbox [1]. Not having
a basic network utility like ping(8) work inside the development
environment can be inconvenient.

See:
https://lwn.net/Articles/422330/
http://man7.org/linux/man-pages/man7/icmp.7.html
https://github.com/containers/libpod/issues/1550

The upper limit of the range of group identifiers is set to 2147483647,
which is 2^31-1. Values greater than that get rejected by the kernel
because of this definition in linux/include/net/ping.h:
  #define GID_T_MAX (((gid_t)~0U) >> 1)

That's not so bad because values between 2^31 and 2^32-1 are reserved
on systemd-based systems anyway [2].

[1] https://github.com/debarshiray/toolbox
[2] https://systemd.io/UIDS-GIDS.html#summary
2019-07-24 16:41:45 +02:00
Zbigniew Jędrzejewski-Szmek
181824e32c
Merge pull request #13145 from poettering/nss-gateway-fix
filter _gateway NSS resolving to only use main routing table
2019-07-24 12:00:30 +02:00
Lennart Poettering
f3d3a9ca07 man: highlight the different concepts behind h/H and t/T
Fixes: #13151
2019-07-24 11:41:35 +02:00
Lennart Poettering
544ad34257
Merge pull request #13118 from bluca/shutdown_watchdog_kexec
core: add KExecWatchdogSec and rename ShutdownWatchdogSec to RebootWatchdogSec
2019-07-24 11:11:03 +02:00
Yu Watanabe
d008aae97a
Merge pull request #13143 from poettering/logind-inhibit-restart
logind restart inhibition fixes
2019-07-24 16:50:39 +09:00
Lennart Poettering
dfadc1f203 meson: reorder alphabetically 2019-07-24 09:07:33 +02:00
Lennart Poettering
d1b014df9e local-addresses: filter out any routing tables but the main one
Fixes: #13132
2019-07-24 09:07:30 +02:00
Lennart Poettering
733cbd00b0 netlink: move local-addresses.[ch] to src/shared
This code is not part of the public API of sd-netlink, nor used by it
internally and hence should not be in the sd-netlink directory.

Also, move the test case for it to src/test/.
2019-07-24 09:06:50 +02:00
Anita Zhang
e5c8524447 [systemctl] Don't print ExecXYZEx= when doing 'systemctl status'
The info printed in this function is the same as the non-Ex version of the
property so there's no point double printing.

Other places that print ExecXYZEx= properties are left alone since the
displayed information is different.
2019-07-24 09:00:57 +02:00
Lennart Poettering
062666c7c4 factory: add default /etc/issue file
Booting up an image with --volatile=yes otherwise looks so naked, so
let's include this file in the default factory too. It's common and
simple and should be safe to ship.
2019-07-24 08:57:23 +09:00
Lennart Poettering
9c230b8f86 update TODO 2019-07-24 08:57:23 +09:00
Lennart Poettering
d90f2add54 bootctl: show correct error code 2019-07-24 08:56:54 +09:00
Lennart Poettering
b5fe7001ee efi: drop unused define 2019-07-24 08:56:32 +09:00
Lennart Poettering
67633c078c efi: remove trailing whitespace in string 2019-07-24 08:56:10 +09:00
Yu Watanabe
81f33199e7 fuzzit: ignore library version 2019-07-23 23:32:33 +03:00
Lennart Poettering
a37f062757 hwdb: run 'meson hwdb-update' 2019-07-24 05:16:05 +09:00
Bastien Nocera
64db4c3cbd libudev: Update list of possible actions
Add "move" action as per src/libsystemd/sd-device/device-private.c
2019-07-24 05:14:52 +09:00
Lennart Poettering
623f20fb41 core: add spdx header to all-units.h
The specific header file is probably not copyrightable anyway, since
it's so trivial, but let's still add the SPDX header line so that a
systematic check for the line does't spit out this header needlessly.
2019-07-24 05:06:21 +09:00
Luca Boccassi
65224c1d0e core: rename ShutdownWatchdogSec to RebootWatchdogSec
This option is only used on reboot, not on other types of shutdown
modes, so it is misleading.
Keep the old name working for backward compatibility, but remove it
from the documentation.
2019-07-23 20:29:03 +01:00
Luca Boccassi
acafd7d8a6 core: add KExecWatchdogSec option
Rather than always enabling the shutdown WD on kexec, which might be
dangerous in case the kernel driver and/or the hardware implementation
does not reset the wd on kexec, add a new timer, disabled by default,
to let users optionally enable the shutdown WD on kexec separately
from the runtime and reboot ones. Advise in the documentation to
also use the runtime WD in conjunction with it.

Fixes: a637d0f9ec ("core: set shutdown watchdog on kexec too")
2019-07-23 20:29:03 +01:00
Lennart Poettering
28fea36732
Merge pull request #12977 from yuwata/network-route-type-local-12975
network: do not touch kernel-created multicast route
2019-07-23 18:21:00 +02:00
Christian Kellner
7c53215635 hwdb: add HHKB Pro JP keyboard lack of LEDs
The HHKB Pro JP has no leds whatsoever,  record that. The sysfs
file "capabilities/led" says "1f".
2019-07-23 18:17:14 +02:00
Lennart Poettering
51f1928954
Merge pull request #13148 from poettering/v243-news-more
more v243 news preparation
2019-07-23 18:16:57 +02:00
Lennart Poettering
c20b8dad71 logind: don't unlink session fifo when exiting logind
Let's only close our fds, but not unlink it. That's done when the
session is stopped.

This should make sure the fd will survive daemon restarts.
2019-07-23 16:08:07 +02:00
Lennart Poettering
9f18eda8ff logind: make id const, since it points into another buffer 2019-07-23 16:08:07 +02:00
Lennart Poettering
11eae36d29 logind: at start-up automatically clean up orphaned inhibitors 2019-07-23 16:08:07 +02:00
Lennart Poettering
290320effa logind: un-export and voidify a few functions
Let's minimize scope of functions and make sure that functions that
semantically should never fail can't return errors.
2019-07-23 16:08:06 +02:00
Lennart Poettering
81280b2a6f logind: rework allocation/freeing of inhibitors
Let's follow our modern style (i.e. return proper errors, use structure
initialization and _cleanup_).

Most importantly: remove state file and FIFO removal from
inhibitor_free() and let's move it to inhibitor_stop().

This makes sure that state files/FIFOs are not removed when the we
terminate logind, i.e. that they can survive logind restarts.

Fixes: #11825
2019-07-23 16:08:06 +02:00
Lennart Poettering
09f300c4d0 logind: use free_and_replace() where that makes sense 2019-07-23 16:08:06 +02:00
Lennart Poettering
11b0dd0e30 logind: add logging to inhibitor_load()
Also make some parsing errors, fatals and others (that just care fore
'decoration') non-fatal.

The single caller of inhibitor_load() didn't log about any errors, hence
let's do this in our function, similar to how this is done in
session_load() already.
2019-07-23 16:08:06 +02:00
Lennart Poettering
fa39c2de5b logind: unify inhibitor signal generation in a single function 2019-07-23 16:08:06 +02:00
Lennart Poettering
07530d7065 logind: cast to (void) when we ignore a syscall return value that is potentially dangerous 2019-07-23 16:08:06 +02:00
Lennart Poettering
b71282efea logind: drop redundant session_id_valid() check
session_new() checks that as first step anyway, no need to do this
beforehand.
2019-07-23 16:08:06 +02:00
Lennart Poettering
20fff3de75 logind: use log_warning_errno() return value where we can
Also, change a couple of log error levels to LOG_WARNING, where we
encounter an error but then end up ignoring it.
2019-07-23 16:08:06 +02:00
Lennart Poettering
61c6e8e49c logind: don't claim we'd preallocate VTs when we shortcut it 2019-07-23 16:08:06 +02:00
Lennart Poettering
9fb2c8b8c1 logind: use gcc empty structure initialization 2019-07-23 16:08:06 +02:00
Lennart Poettering
2b695039bd logind: check return value of inhibitor_start() 2019-07-23 16:08:06 +02:00
Lennart Poettering
1b5e34fe96 logind: add missing OOM check in client tool 2019-07-23 16:08:06 +02:00
Lennart Poettering
1899985645 meson: bump version for package and .so 2019-07-23 15:56:41 +02:00
Lennart Poettering
4260384911 sd-daemon: don't mention strerror_safe() in examples in public headers
It's an internal function we define, noone else should bother.
2019-07-23 15:56:41 +02:00
Lennart Poettering
29db4c3a08 NEWS: more additions in preparation von v243 2019-07-23 15:56:41 +02:00
Lennart Poettering
0eebcd4c68
Merge pull request #13136 from keszybz/readd-ntp-units.d
ntp-units.d support
2019-07-23 15:49:37 +02:00
Yu Watanabe
e3cbaeab86 test-network: add tests for issue #6088 2019-07-23 22:08:58 +09:00
Yu Watanabe
bd7d6cec33 network: do not touch kernel-created multicast route
Fixes #6088.
2019-07-23 22:08:49 +09:00
Lennart Poettering
ad3f86e6a4
Merge pull request #13109 from poettering/revert-kbd-mode
Revert of #12378 ("VT kbd reset check")
2019-07-23 14:58:37 +02:00
Thomas Weißschuh
877aa0bdcc hwdb: add entry for Zowie FK2 mouse (#13139) 2019-07-23 17:02:43 +10:00
Lennart Poettering
cc79d85e92
Merge pull request #13133 from keszybz/pstore-return-value
pstore: refuse to run if arguments are specified
2019-07-22 18:29:52 +02:00
Zbigniew Jędrzejewski-Szmek
971a7a1526 timesyncd: add Conflicts for ntpd and chronyd
Users might end up with more than one of those service enabled, through
admin mistake, or broken installation scriptlets, or whatever. On my machine,
I had both chronyd and timesyncd happilly running at the same time. If
more than one is enabled, it's better to have just one running. Adding
Conflicts will make the issue more visible in logs too.
2019-07-22 15:58:08 +02:00
Zbigniew Jędrzejewski-Szmek
e5ea741c62 timesyncd: add ntp-units.d/ entry for timesync
Priority is 80. At least in Fedora, chrony uses 50, and ntpd 60.
timesyncd has lower priority, because if people install those other packages,
it's most likely on purpose. timesyncd is always installed and provides
less functionality.
2019-07-22 15:21:23 +02:00
Zbigniew Jędrzejewski-Szmek
afaae43bb1 timedated: add back support for ntp-units.d/
We removed support for foreign services (and ntp-units.d/) in b72ddf0f4.
Support for foreign services was added back in 5d280742, but through an
environment variable.

The problem with the env var approach is that it only works as a mechanism
to select one item, and doesn't work nicely as a mechinism to create a list
of items through drop-ins (because the env var can be easily overridden, but not
extended). Having a list of "ntp providers" is important to be able to reliably disable
all of them when that is requested.

Another problem is that nobody ever bothered to care about our new "standard".
ntp-units.d/ is a nice simple format that works and is already supported by
chrony and ntpd and timedatex. If we were to introduce and ask people to follow
a new standard, there should be some good reason for this. The idea with env
vars has lower functionality, requires systemd-specific syntax. We should just
re-adopt the format that we originally introduced and that seems to work for
everyone, and more on to more interesting problems.
2019-07-22 15:21:20 +02:00