1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 18:27:04 +03:00
Commit Graph

23001 Commits

Author SHA1 Message Date
Tom Gundersen
ac691d4abe Merge pull request #1644 from reverendhomer/patch-1
networkd-manager: fix swapped arguments
2015-10-22 17:02:54 +02:00
Lennart Poettering
b2fe9deb4f Merge pull request #1642 from evverx/allow-unbalanced-double-quote-in-relax-mode
util: allow unbalanced double quote in EXTRACT_QUOTES|EXTRACT_RELAX mode
2015-10-22 12:20:12 +02:00
reverendhomer
58fda79c0b networkd-manager: fix swapped arguments
fixes Coverity #1328493
2015-10-22 10:36:07 +03:00
Evgeny Vereshchagin
9e44f56b4e util: allow unbalanced double quote in EXTRACT_QUOTES|EXTRACT_RELAX mode
extract_first_word understands "\'string" but doesn't understand "\"string"
fixed this inconsistency.
2015-10-22 00:37:32 +00:00
Lennart Poettering
b0830e21f4 core: check parsed bus msg in full before applying it 2015-10-22 02:02:17 +02:00
Lennart Poettering
16fb773ee3 nspawn: don't try to resolve passed binary before entering namespace
Othewise we might follow the symlinks on the host, instead of the
container.

Fixes #1400
2015-10-22 01:59:25 +02:00
Lennart Poettering
0e2656744f nspawn: rework how we determine private networking settings
Make sure we acquire CAP_NET_ADMIN if we require virtual networking.

Make sure we imply virtual ethernet correctly when bridge is request.

Fixes: #1511
Fixes: #1554
Fixes: #1590
2015-10-22 01:59:25 +02:00
Lennart Poettering
a2c90f05f1 units: also whitelist "blkext" block devices for nspawn service
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop,
hence whitelist this too.

Fixes #1446
2015-10-22 01:59:25 +02:00
Lennart Poettering
79b6198bb0 import: don't claim we moved .nspawn file into place when in fact we did not 2015-10-22 01:59:25 +02:00
Lennart Poettering
1f9aa80a59 import: correct handling if .nspawn file could not be downloaded 2015-10-22 01:59:25 +02:00
Lennart Poettering
7705a4053d machinectl: accept "none" and "infinity" as specifier when dropping quotas using "machinectl set-limit"
Previously, we already accepted "-" as special value for dropping
limits. Add "infinity", as that's what we support for RLIMITs and hence
should support here to. Also add "none" as that's what the btrfs tools
use.
2015-10-22 01:59:25 +02:00
Lennart Poettering
0d4c4b7141 update TODO 2015-10-22 01:59:25 +02:00
Lennart Poettering
822cd60135 tmpfiles.d: change all subvolumes to use quota
Let's make sure the subvolumes we create fit into a sensible definition
of a quota tree.
2015-10-22 01:59:25 +02:00
Lennart Poettering
5fb13eb51b tmpfiles: introduce "q" and "Q" for creating quota-enabled btrfs subvolumes
This allows us to set up the quota group hierarchy in a reasonable way
on btrfs file systems.
2015-10-22 01:59:25 +02:00
Lennart Poettering
8c9cfc2844 import: when downloading images, create a subtree quota group for them 2015-10-22 01:59:25 +02:00
Lennart Poettering
5bcd08db28 btrfs: beef-up btrfs support with a limited understanding of quota
With this change we understand more than just leaf quota groups for
btrfs file systems. Specifically:

- When we create a subvolume we can now optionally add the new subvolume
  to all qgroups its parent subvolume was member of too. Alternatively
  it is also possible to insert an intermediary quota group between the
  parent's qgroups and the subvolume's leaf qgroup, which is useful for
  a concept of "subtree" qgroups, that contain a subvolume and all its
  children.

- The remove logic for subvolumes has been updated to optionally remove
  any leaf qgroups or "subtree" qgroups, following the logic above.

- The snapshot logic for subvolumes has been updated to replicate the
  original qgroup setup of the source, if it follows the "subtree"
  design described above. It will not cover qgroup setups that introduce
  arbitrary qgroups, especially those orthogonal to the subvolume
  hierarchy.

This also tries to be more graceful when setting up /var/lib/machines as
btrfs. For example, if mkfs.btrfs is missing we don't even try to set it
up as loopback device.

Fixes #1559
Fixes #1129
2015-10-22 01:59:25 +02:00
Lennart Poettering
16597ac390 logind: minor clean-ups 2015-10-22 01:59:24 +02:00
Lennart Poettering
5b7481633f systemctl: the various list commands actually can take any number of arguments
I accidentally broke this a while back when I ported systemctl to the
verbs logic.

Add support for this back.
2015-10-22 01:59:24 +02:00
Lennart Poettering
ac7edd9167 util: improve dir_is_empty() call
Simplify the call, and add dir_is_populated() as inverse call, in order
to make some checks easier to read.
2015-10-22 01:59:24 +02:00
Lennart Poettering
2dcc3c69a1 Merge pull request #1639 from alkino/master
core dbus: Check that flush works with memstream
2015-10-21 21:01:21 +02:00
Nicolas Cornu
1f2f874c3c core dbus: Check that flush works with memstream 2015-10-21 18:17:12 +02:00
Lennart Poettering
91839b49dd Merge pull request #1637 from alkino/master
shell-completion: systemd-run: add new property EnvironmentFile
2015-10-21 16:38:35 +02:00
Nicolas Cornu
7e7cd2526d shell-completion: systemd-run: add new property EnvironmentFile 2015-10-21 16:18:59 +02:00
Lennart Poettering
8b5f5c27fe Merge pull request #1632 from evverx/fix-namespace-parsing
core: fix namespace parsing
2015-10-21 15:56:48 +02:00
Lennart Poettering
1930cadcd6 Merge pull request #1636 from alkino/master
Add zsh completion on systemd-run's properties
2015-10-21 15:55:31 +02:00
Nicolas Cornu
5ffd7671cc Add zsh completion on systemd-run's properties 2015-10-21 15:51:09 +02:00
Evgeny Vereshchagin
5268dcef5a core: fix namespace parsing
ReadOnlyDirectories=-/ works fine
2015-10-21 11:49:36 +00:00
Lennart Poettering
5e4cecfb67 Merge pull request #1623 from evverx/run-rw-ro-ia-dirs
systemd-run can launch units with ReadWriteDirectories, ReadOnlyDirectories, InaccessibleDirectories
2015-10-21 12:08:44 +02:00
Lennart Poettering
27f9eda40a Merge pull request #1626 from teg/networkd
networkd: assorted fixes
2015-10-21 12:07:08 +02:00
Tom Gundersen
84de38c569 networkd: manager/link - only serialize once per event-loop iteration
Every time the state is written out we may trigger third-party apps, so
let's be a bit more careful about writing this out unnecessarily.
2015-10-21 03:24:23 +02:00
Tom Gundersen
e7780c8d44 networkd: link - serialize addresses 2015-10-21 03:24:23 +02:00
Tom Gundersen
bb7ae737a3 networkd: route - add hash_ops 2015-10-21 03:24:23 +02:00
Tom Gundersen
ed9e361a8a networkd: route - simplify route_new() 2015-10-21 03:24:23 +02:00
Tom Gundersen
adda1ed94a networkd: address - distinguish between addresses added by us and by others
We only keep the addresses that we added ourselves in link->addresses, and
introduce a new set link->addresses_foreign to keep addresses of unknown
origin.

Only functional change is that "foreign" addresses no longer prevent a link
from entering "configured" state.
2015-10-21 02:35:31 +02:00
Tom Gundersen
fcf50cff12 networkd: address - rework firewall rules lifetime
Establish the firewall rule before creating the address, and do not create the address
if the firewall rule could not be created. Also, only drop the firewall rule once
the address has been removed from the kernel.
2015-10-21 02:35:31 +02:00
Tom Gundersen
6666907869 networkd: address - merge _change() into _configure()
These functions are almost entirely the same, so avoid duplication.
2015-10-21 02:35:31 +02:00
Tom Gundersen
36c32f6120 networkd: address - factor out address_update()
Call back into link_check_ready() whenever an address state change may have
made a link ready.
2015-10-21 02:35:31 +02:00
Tom Gundersen
8012cd3919 networkd: link - only consider configured when all addresses are ready
We were considering a link configured whilst its IPv6 addresses were still
tentative.

Fixes issue #650.
2015-10-21 02:35:31 +02:00
Evgeny Vereshchagin
64a713d94d shell-completion: systemd-run: add new properties
"ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories"
2015-10-20 22:03:49 +00:00
Evgeny Vereshchagin
08596068d7 run: can launch units with ReadWriteDirectories, ReadOnlyDirectories, InaccessibleDirectories 2015-10-20 22:03:43 +00:00
Ronny Chevalier
bf3ee9cdc9 Merge pull request #1622 from phomes/unused-variable
dbus-execute: remove unused variable
2015-10-20 19:48:27 +02:00
Thomas Hindoe Paaboel Andersen
9ecc70db1e dbus-execute: remove unused variable
from ceb728cf
2015-10-20 19:39:31 +02:00
Lennart Poettering
f73e8b9caf Merge pull request #1616 from evverx/run-fix-environment-parsing
run: fix Environment parsing
2015-10-20 15:26:19 +02:00
Tom Gundersen
14a081a0ff Merge pull request #1538 from ssahani/ipv62
networkd: add support to configure IPv6 DAD
2015-10-20 14:59:27 +02:00
Evgeny Vereshchagin
e9876fc9c5 run: fix Environment parsing
* `Environment=` resets previous assignments
* `Environment='a=1 b=2'` sets `a` to `1` and `b` to `2`
* `Environment='"a=1 2" b=2"'` sets `a` to `1 2` and `b` to `2`
2015-10-20 12:55:07 +00:00
Lennart Poettering
c91960c5a0 Merge pull request #1619 from iaguis/nspawn-sysfs-netns-3
nspawn: skip /sys-as-tmpfs if we don't use private-network
2015-10-20 12:22:32 +02:00
Daniel Mack
824b35c385 Merge pull request #1568 from poettering/netclass
various fixes, for various things
2015-10-20 10:31:38 +02:00
Iago López Galeiras
d167824896 nspawn: skip /sys-as-tmpfs if we don't use private-network
Since v3.11/7dc5dbc ("sysfs: Restrict mounting sysfs"), the kernel
doesn't allow mounting sysfs if you don't have CAP_SYS_ADMIN rights over
the network namespace.

So the mounting /sys as a tmpfs code introduced in
d8fc6a000f doesn't work with user
namespaces if we don't use private-net. The reason is that we mount
sysfs inside the container and we're in the network namespace of the host
but we don't have CAP_SYS_ADMIN over that namespace.

To fix that, we mount /sys as a sysfs (instead of tmpfs) if we don't use
private network and ignore the /sys-as-a-tmpfs code if we find that /sys
is already mounted as sysfs.

Fixes #1555
2015-10-20 10:19:23 +02:00
Lennart Poettering
2229f65667 dbus-execute: some cleanups when parsing EnvironmentFiles= for transient units 2015-10-19 23:43:19 +02:00
Zbigniew Jędrzejewski-Szmek
ab84f5b95e strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_ 2015-10-19 23:13:07 +02:00