1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

25983 Commits

Author SHA1 Message Date
Iwan Timmer
ab8cd6c968 resolved: make no changes to OpenSSL BUF_MEM struct
Fix crash when using OpenSSL 1.1.1c
Fixes: #12763
2019-06-15 22:46:55 +02:00
Iwan Timmer
53d64ebb30 Revert "resolved: Fix incorrect use of OpenSSL BUF_MEM"
This reverts commit 18bddeaaf2.

Revert this because it does not take the OpenSSL internal read pointer
into considoration. Resulting in padding in packetdata and therefore
broken SSL connections.
2019-06-15 21:56:45 +02:00
Zbigniew Jędrzejewski-Szmek
4b381a9ef6
Merge pull request #12753 from jrouleau/fix/hibernate-resume-timeout
hibernate-resume: fix resume device timeout
2019-06-15 17:50:37 +02:00
Yu Watanabe
bafa964144 network: read link specific sysctl value
This introduce link_sysctl_ipv6_enabled() and replaces
manager_sysctl_ipv6_enabled() with it.
2019-06-15 14:56:42 +02:00
Zbigniew Jędrzejewski-Szmek
349a6b3534
Merge pull request #12794 from yuwata/network-configure-without-carrier
network: skip to check dynamic addresses when ConfigureWithoutCarrier=yes
2019-06-15 14:50:41 +02:00
Yu Watanabe
463797c104 network: skip to check dynamic addresses when ConfigureWithoutCarrier=yes
Otherwise, the interface cannot be in "configured" state, as ipv6 link local
addressing is enabled by default. Note that even if ConfigureWithoutCarrier=
is set, all dynamic configurations are checked when the interface has
carrier.
2019-06-14 05:25:35 +09:00
Yu Watanabe
5ca5048249 networkctl: fix use of uninitialized value 2019-06-13 10:13:57 +02:00
Yu Watanabe
9c5e1c24ad
Merge pull request #12777 from yuwata/libudev-enumerate-issue-12776
libudev: rescan devices when filter is updated
2019-06-13 07:45:01 +09:00
Zbigniew Jędrzejewski-Szmek
587694bcd5 journal: also disable memory tricks when hashing under msan
Might help with #11738.
2019-06-12 17:27:19 +02:00
Zbigniew Jędrzejewski-Szmek
e213e309fa test-bus-marshall: add a hopefully helpful comment 2019-06-12 17:27:19 +02:00
Zbigniew Jędrzejewski-Szmek
38928e3072 system-update-generator: do not emit bogus warning if no /system-update symlink
We only need to check for the kernel cmdline override our symlink is there.
2019-06-12 17:27:17 +02:00
Yu Watanabe
538bdb48d8 libudev: hide definition of struct udev_device 2019-06-12 23:59:08 +09:00
Yu Watanabe
56fa3682b9 libudev: rescan devices when filter is updated
Fixes #12776.
2019-06-12 23:59:08 +09:00
Yu Watanabe
c01130824f libudev: re-implement libudev-list with LIST and hashmap 2019-06-12 23:59:02 +09:00
Yu Watanabe
dcf557f7b0 libudev: hide definition of struct udev_list from other libudev components
In the later commit, udev_list will be just a wrapper of hashmap or LIST.
So, allocating udev_list does not increase much cost.
2019-06-12 23:55:26 +09:00
Zbigniew Jędrzejewski-Szmek
58cf79c224
Merge pull request #12424 from poettering/logind-brightness
logind: add SetBrightness() bus call as minimal API for setting "leds" and "backlight" kernel class device brightness
2019-06-12 14:28:09 +02:00
Philip Withnall
226a08f28f service: Fix typo in warning message
The directive is `RuntimeMaxSec=`, not `MaxRuntimeSec=`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-06-12 10:39:51 +01:00
Philip Withnall
de5e9096e2 pam_systemd: Fix some option names in error messages
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-06-12 10:39:50 +01:00
Yu Watanabe
337405d439 libudev: drop unused variable 2019-06-12 15:18:05 +09:00
Yu Watanabe
e5dd7bc25d
Merge pull request #12774 from yuwata/network-ignore-ipv6-settings-when-sysctl-disable-ipv6
network: ignore ipv6 settings when sysctl disable ipv6
2019-06-12 14:46:00 +09:00
Tomas Mraz
18bddeaaf2 resolved: Fix incorrect use of OpenSSL BUF_MEM
Fixes: #12763
2019-06-12 11:15:25 +09:00
Yu Watanabe
b0ab85a2e4 network: ignore requested ipv6 fdb entry when ipv6 is disabled by sysctl 2019-06-12 11:04:06 +09:00
Yu Watanabe
7ef7e5509b network: ignore requested ipv6 routing policy rule when ipv6 is disabled by sysctl 2019-06-12 11:03:37 +09:00
Yu Watanabe
c442331750 network: ignore requested ipv6 route when ipv6 is disabled by sysctl 2019-06-12 11:03:08 +09:00
Yu Watanabe
54a1a535bd network: ignore requested ipv6 addresses when ipv6 is disabled by sysctl 2019-06-12 11:02:33 +09:00
Zbigniew Jędrzejewski-Szmek
469b18d87d
Merge pull request #12685 from yuwata/network-dhcp-assign-adn-remove-12676
network: assign new DHCP address before removing old lease address
2019-06-11 09:52:26 +02:00
Karel Zak
08185cff19 systemd-mount: don't check for non-normalized WHAT for network FS
The WHAT string could be whatever for many filesystems. The common
example are network filesystems.

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1708996
2019-06-11 09:19:16 +02:00
Yu Watanabe
d03073ddcd network: assign new DHCP address before removing old lease address
Closes #12676.
2019-06-07 16:22:00 +09:00
Yu Watanabe
3ab7ed3f12 network: ignore callback calls when link is in failed state 2019-06-07 16:22:00 +09:00
Yu Watanabe
a2f684904c network: drop unnecessary link_enter_failed() calls
As the function called soon later anyway.
2019-06-07 16:22:00 +09:00
Yu Watanabe
448aaf9f43 network: check earlier the existence of lifetime in lease 2019-06-07 16:22:00 +09:00
Yu Watanabe
1590dfa4a0 network: make all failures in route configuration fatal 2019-06-07 16:22:00 +09:00
Chris Down
c710d3b430 cgroup: Prevent theoretical nullptr deref in unit mask calculation 2019-06-07 06:33:53 +01:00
Chris Down
aa91d5925a systemctl: Prevent state_missing from being used uninit 2019-06-07 06:33:35 +01:00
Zbigniew Jędrzejewski-Szmek
2db18cdd46
Merge pull request #12738 from yuwata/network-routing-policy-cleanup
network: several cleanups for routing policy rule
2019-06-06 18:53:20 +02:00
Yu Watanabe
db51778f85 network: make KeepConfiguration=static drop DHCP addresses and routes
Also, KeepConfiguration=dhcp drops static foreign addresses and routes.
2019-06-06 22:50:29 +09:00
Yu Watanabe
95355a281c network: add KeepConfiguration=dhcp-on-stop
The option prevents to drop lease address on stop.
By setting this, we can safely restart networkd.
2019-06-06 22:50:29 +09:00
Susant Sahani
7da377ef16 networkd: add support to keep configuration 2019-06-06 22:50:29 +09:00
Yu Watanabe
042526868a
Merge pull request #12508 from keszybz/no-root-checks
Drop many root checks
2019-06-06 21:31:19 +09:00
Jonathan Rouleau
8b6805a25b hibernate-resume: add resumeflags= kernel option
Adds the resumeflags= kernel command line option to allow setting a
custom device timeout for the resume device (defaults to the same as the
root device).
2019-06-05 18:59:05 -06:00
Jonathan Rouleau
70e843fe92 hibernate-resume: fix resume device timeout
Fixes #7242

Sets the systemd device timeout for the resume device to the same as
the root device. This prevents systemd-hibernate-resume@.service from
silently timing out and booting into a fresh session instead of the
saved hibernation state when the user is using luks, has set
rootflags=x-systemd.device-timeout=X to longer than the default timeout,
and the luks password is entered after the default timeout.
2019-06-05 18:31:14 -06:00
Yu Watanabe
9ee92e7ed8 network: check stored object is euivalent to what we want to remove
When object A is stored in Manager::rules and B is in ::rules_foreign,
and compare function for the object cannot distinguish them,
then freeing A causes B to be removed from rules_foreign or vice versa.

Hopefully fixes #12731.
2019-06-06 00:45:46 +09:00
Chris Down
eab5049520
Merge pull request #11778 from anitazha/rfe_11654_dbus
core: add ExecStartXYZEx= with dbus support for executable prefixes
2019-06-05 10:02:00 +01:00
Yu Watanabe
99058cd66a udev: propagate errors in udev_event_execute_rules()
And do not set initialized flag to the device.
2019-06-05 10:44:17 +02:00
Zbigniew Jędrzejewski-Szmek
97afc0351a udevadm trigger: log errors and return first failure
When udevadm trigger is called, the list of devices to trigger is always
generated through enumeration, and devices can come and go, so we should not
treat -ENOENT as a failure. But other types of failure should be logged.
It seems they were logged until baa30fbc2c.

Also, return the first error. (I'm not sure if there are other failure modes
which we want to ignore. If they are, they'll need to be whitelisted like
-ENOENT.).
2019-06-05 09:54:54 +02:00
Yu Watanabe
277cb7631e
Merge pull request #12741 from keszybz/bpf-firewall-warning
Silence BPF firewall warning when not useful
2019-06-05 04:01:44 +09:00
Yu Watanabe
56dacb8d2e
Merge pull request #12661 from mrc0mmand/debug-journalctl-flush
journal: disable varlink timeout for journalctl --flush or friends
2019-06-05 00:46:29 +09:00
Zbigniew Jędrzejewski-Szmek
f140ed02f7 Silence warning about BPF firewall in containers
We'd get a warning on every nspawn invocation:
dev-hugepages.mount: unit configures an IP firewall, but the local system does not support BPF/cgroup firewalling.
(This warning is only shown for the first unit using IP firewalling.)

Before the previous commit, I'd generally get a warning about systemd-udev.service, even though that service is
not started in containers. But are still many other units which that declare a
firewall, which is currently unsupported in containers. Let's stop warning
about this.

The warning is still emitted e.g. if legacy cgroups are used. This is something
that can be configured, so it makes more sense to emit the warning.
2019-06-04 17:22:37 +02:00
Zbigniew Jędrzejewski-Szmek
84d2744bc5 Move warning about unsupported BPF firewall right before the firewall would be created
There's no need to warn about the firewall when parsing, because the unit might
not be started at all. Let's warn only when we're actually preparing to start
the firewall.

This changes behaviour:
- the warning is printed just once for all unit types, and not once
  for normal units and once for transient units.
- on repeat warnings, the message is not printed at all. There's already
  detailed debug info from bpf_firewall_compile(), so we don't need to repeat
  ourselves.
- when we are not root, let's say precisely that, not "lack of necessary privileges"
  and "the local system does not support BPF/cgroup firewalling".

Fixes #12673.
2019-06-04 17:22:37 +02:00
Yu Watanabe
0bd3c2102f journalctl: make 'journalctl --flush' or friends not fail with varlink timeout
Closes #12570.
2019-06-04 23:27:26 +09:00