1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 18:27:04 +03:00
Commit Graph

29026 Commits

Author SHA1 Message Date
Matthijs van Duin
cc9daff228 sd-bus: fix c++ compatibility (#5941)
g++ annoyingly requires a non-empty struct-initializer to initialize all
struct members, in order of declaration.

Signed-off-by: Matthijs van Duin <matthijsvanduin@gmail.com>
2017-05-11 18:55:26 -04:00
Zbigniew Jędrzejewski-Szmek
fc1b2dc395 Merge pull request #5936 from ssahani/net-route
networkd: route replace parse prefix with generic in_addr_prefix_from_string
2017-05-11 18:53:35 -04:00
Zbigniew Jędrzejewski-Szmek
d84ed2bd13 networkd: pretiffy message about invalid prefix
We know how the field we are parsing is called, let's put this information in
the error message:
"Route Source= prefix is invalid, ignoring assignment: ..."
"Route Destination= prefix is invalid, ignoring assignment: ..."
2017-05-11 14:01:14 -04:00
Lennart Poettering
271312e37b Merge pull request #5893 from keszybz/memorydenywriteexecute
Add support for more arches for MemoryDenyWriteExecute
2017-05-11 19:42:42 +02:00
Zbigniew Jędrzejewski-Szmek
c826cd3f7c pid1: improve logging when failing to remount / ro (#5940)
https://bugzilla.redhat.com/show_bug.cgi?id=1227736#c49

We counted how many filesystems could not be unmounted, but only for those
filesystems which we tried to unmount. Since we only remount / ro, without
attempting to unmount, we would emit a confusing error message:

Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
All filesystems unmounted.

Warn when remount-ro fails, and for filesystems which we won't try to unmount,
include the failure to remount-ro in n_failed.

A few minor cleanups:
- remove unecessary goto which jumps to the next line anyway
- always calculate n_failed, even if log_error is false. This causes no change
  in behaviour, but I think the code is easier to follow, since the log setting
  cannot influence other logic.
2017-05-11 18:12:41 +02:00
Tom Gundersen
f5938e8ff3 busctl: monitor - only start printing messages once we have become a monitor (#5931)
A connection becomes a monitor the moment it loses its unique name, so any
messages received before that should not be dumped to the console.

Currently, we print NameAcquired and NameLost for the unique name of the
peer that becomes the monitor, simply discard all messages until we
receive our NameLost signal.
2017-05-11 15:56:55 +02:00
Zbigniew Jędrzejewski-Szmek
52511fae7b core: fix warning about unsigned variable (#5935)
Fixup for d8c92e8bc7.
2017-05-11 08:15:28 +02:00
Susant Sahani
36423ff433 networkd: route replace parse prefix with generic in_addr_prefix_from_string 2017-05-11 10:12:54 +05:30
Peter Hutterer
5efd9f72ca hwdb: add the X200/X201 to the existing X201s entry (#5934)
https://bugs.freedesktop.org/show_bug.cgi?id=100628
2017-05-10 22:29:15 -04:00
Ray Strode
af92daebc5 man: fix LD_LIBRARY_PATH example in environment.d (#5929)
The example for LD_LIBRARY_PATH in the environment.d man page is wrong.

When setting LD_LIBRARY_PATH, the new directory usually needs to be at
the front so it overrides old directories.

In the example, the colon delimiter is correctly prepended to the front, but
the actual new path is erroneously appended to the end.

This commit moves it to the front where it belongs.
2017-05-10 22:23:54 -04:00
Peter Hutterer
61b2f1976c udev: don't allow pointing stick sensitivities greater than 255 (#5927)
It gets truncated, so the result is that people mess with the const accel
because the sensitivity isn't the expected 300 but the too-low 45.

One example: https://bugs.freedesktop.org/show_bug.cgi?id=100965
2017-05-10 21:22:00 +02:00
Lennart Poettering
554a080674 Merge pull request #5920 from fbuihuu/sysusers-disable-gshadow
Sysusers disable group shadow support
2017-05-10 19:46:13 +02:00
Zbigniew Jędrzejewski-Szmek
da1921a5c3 seccomp: enable RestrictAddressFamilies on ppc64, autodetect SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
We expect that if socket() syscall is available, seccomp works for that
architecture.  So instead of explicitly listing all architectures where we know
it is not available, just assume it is broken if the number is not defined.
This should have the same effect, except that other architectures where it is
also broken will pass tests without further changes. (Architectures where the
filter should work, but does not work because of missing entries in
seccomp-util.c, will still fail.)

i386, s390, s390x are the exception — setting the filter fails, even though
socket() is available, so it needs to be special-cased
(https://github.com/systemd/systemd/issues/5215#issuecomment-277241488).

This remove the last define in seccomp-util.h that was only used in test-seccomp.c. Porting
the seccomp filter to new architectures should be simpler because now only two places need
to be modified.

RestrictAddressFamilies seems to work on ppc64[bl]e, so enable it (the tests pass).
2017-05-10 09:21:16 -04:00
Franck Bui
1dd98a71e5 sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers
No functional changes.
2017-05-10 14:29:21 +02:00
Anchor Cat
e7d54bf587 automount: ack automount requests even when already mounted (#5916)
If a process accesses an autofs filesystem while systemd is in the
middle of starting the mount unit on top of it, it is possible for the
autofs_ptype_missing_direct request from the kernel to be received after
the mount unit has been fully started:

  systemd forks and execs mount             ...
            ...                     access autofs, blocks
  mount exits                               ...
  systemd receives SIGCHLD                  ...
            ...                     kernel sends request
  systemd receives request                  ...

systemd needs to respond to this request, otherwise the kernel will
continue to block access to the mount point.
2017-05-10 13:23:58 +02:00
Zbigniew Jędrzejewski-Szmek
9a4eeb4a0c units: make descriptions of api filesystems less generic (#5914)
All those names were very generic. Fixes #5911.
2017-05-10 13:09:52 +02:00
Franck Bui
b14e1b4394 sysusers: make group shadow support configurable
Some distros (openSUSE) don't have group shadow support enabled. This can lead
to the following error:

  # systemd-sysusers
  Creating group foofoo with gid 478.
  # systemd-sysusers
  # groupdel foofoo
  # systemd-sysusers
  Creating group foofoo with gid 478.
  Failed to write files: File exists

This patch adds --disable-gshadow option to configure. If used,
systemd-sysvusers won't consider /etc/gshadow.
2017-05-10 10:19:37 +02:00
Franck Bui
b20b0b6606 sysusers: split make_files()
This patch extracts the code which is in charge to write the new users or
groups into temporary files and move it into 4 dedicated functions.

This part was previously inlined in makes_files() making this function quite
big and hard to read and maintain.

There should be no functional change.
2017-05-10 10:06:20 +02:00
Lennart Poettering
9bfc0df113 50-udev-default.rules.in: set correct group for mediaX/cecX (#5921)
The /dev/mediaX and /dev/cecX devices belong to the video group.
Add two default rules for that.

The /dev/cecX devices were introduced in kernel 4.8 in staging and moved
out of staging in 4.10. These devices support the HDMI CEC bus.

The /dev/mediaX devices are much older, but because they are not used very
frequently nobody got around to adding this rule to systemd. They let the
user control complex media pipelines.
2017-05-09 21:10:55 +02:00
Max Resch
b2bb40ce9a sd-boot: added shim signature/MOK validation (#5702)
Adds support for booting in a SecureBoot environment with shim as a
preloader. Install an appropriate UEFI security policy to check PE
signature of a chained kernel or UEFI application (using LoadImage())
against the MOK database maintained by shim, using shim's installed
BootServices.

Implementation details for installing the security policy are based on
code from the LinuxFoundation's SecureBoot PreLoader, part of efitools
licensed under LGPL 2.1

Current signed (by Microsoft) versions of shim (Versions 0.8 & 0.9)
so not install a security policy by themselves, future Versions of
shim might (a compile time switch exists in rectent git versions),
so in the future this PR might become unnecessary.
2017-05-09 20:57:40 +02:00
Lennart Poettering
7ce63d7c9b Merge pull request #5619 from fbuihuu/fully-restore-unit-cgroup-state
core: when deserializing a unit, fully restore its cgroup state
2017-05-09 20:49:17 +02:00
Lennart Poettering
4e168f4606 Merge pull request #5420 from OpenDZ/tixxdz/namespace-fixes-v2
Namespace: RootImage= RootDirectory= and MountAPIVFS fixes
2017-05-09 20:42:32 +02:00
Susant Sahani
6c1ff21b00 network: add support for vlan confs(MVRP, reorder header, loose binding) (#5834) 2017-05-09 20:25:11 +02:00
Ted W
09b69d68fa man: Clarify Restart= exception for systemctl stop (#5891) 2017-05-09 20:22:04 +02:00
Lennart Poettering
a91a43765b Merge pull request #5906 from keszybz/man-links
man page link fixes
2017-05-09 20:12:52 +02:00
Hristo Venev
465dfe59fc networkd: add IPv6ProxyNDP (#5913)
This allows enabling proxy_ndp even if no addresses are configured in
networkd, as well as disabling proxy_ndp from a drop-in.
2017-05-09 20:04:55 +02:00
Susant Sahani
c83ecc04d9 networkd: add support to configure route protocol. (#5890)
Closes: #5889
2017-05-09 20:01:25 +02:00
Lennart Poettering
2f64b5d043 Merge pull request #5919 from glaubitz/suse
Fix meson build on openSUSE Tumbleweed
2017-05-09 19:32:25 +02:00
John Paul Adrian Glaubitz
15f82677a6 build: Add missing SECCOMP_CFLAGS to test-seccomp and test-execute targets (#5924) 2017-05-09 19:31:38 +02:00
John Paul Adrian Glaubitz
eb8124f6d5 meson: Add missing dependency on libkmod for libudev_core 2017-05-09 13:13:49 +02:00
John Paul Adrian Glaubitz
849c09c4dd meson: Add missing dependency on libseccomp for libcore 2017-05-09 13:13:43 +02:00
Aggelos Avgerinos
488ab41cb8 execute: Properly log errors considering socket fds (#5910)
Till now if the params->n_fds was 0, systemd was logging that there were
more than one sockets.

Thanks @gregoryp and @VFXcode who did the most work debugging this.
2017-05-08 19:09:22 -04:00
Mark Stosberg
6d892bd19e man: improve readability of time shorthands and their normalized forms. (#5912) 2017-05-08 19:05:34 -04:00
Pascal S. de Kloe
48a0715ed4 hwdb: add axis range for Panasonic Toughbook CF-19, CF-30 and CF31 (#5908) 2017-05-08 11:46:31 +10:00
Michael Biebl
3e4a040c94 Merge pull request #5907 from keszybz/mark-python-scripts-+x
Mark python scripts executable
2017-05-08 02:30:27 +02:00
Ian Wienand
7e563bfc97 Add short-iso-precise for journalctl output (#5884)
This adds a short-iso-precise option for journalctl output.  It is similar to
short-iso, but includes microseconds.
2017-05-07 20:23:49 -04:00
Zbigniew Jędrzejewski-Szmek
6b0c49e036 Mark python scripts executable
Since all our python scripts have a proper python3 shebang, there is no benefit
to letting meson autodetect them. On linux, meson will just uses exec(), so the
shebang is used anyway. The only difference should be in how meson reports the
script and that the detection won't fail for (most likely misconfigured)
non-UTF8 locales.

Closes #5855.
2017-05-07 20:16:47 -04:00
Zbigniew Jędrzejewski-Szmek
9631518895 test-af-list: drop unnecessary backslash 2017-05-07 20:01:04 -04:00
Zbigniew Jędrzejewski-Szmek
511ceb1f8d seccomp: assume clone() arg order is known on all architectures
While adding the defines for arm, I realized that we have pretty much all
known architectures covered, so SECCOMP_RESTRICT_NAMESPACES_BROKEN is not
necessary anymore. clone(2) is adamant that the order of the first two
arguments is only reversed on s390/s390x. So let's simplify things and remove
the #if.
2017-05-07 20:01:04 -04:00
Zbigniew Jędrzejewski-Szmek
4278d1f531 seccomp: add mmap/shmat defines for arm and arm64 2017-05-07 20:01:04 -04:00
Zbigniew Jędrzejewski-Szmek
2a8d6e6395 seccomp: add mmap/shmat defines for ppc64 2017-05-07 20:01:04 -04:00
Zbigniew Jędrzejewski-Szmek
6dc666886a seccomp: factor out seccomp_rule_add_exact to a helper function 2017-05-07 19:01:11 -04:00
Zbigniew Jędrzejewski-Szmek
2a65bd94e4 seccomp: drop SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN, add test for shmat
SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN was conflating two separate things:
1. whether shmat/shmdt/shmget can be filtered (if ipc multiplexer is used, they can not)
2. whether we know this for the current architecture

For i386, shmat is implemented as ipc, so seccomp filter is "broken" for shmat,
but not for mmap, and SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN cannot be used
to cover both cases. The define was only used for tests — not in the implementation
in seccomp-util.c. So let's get rid of SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN
and encode the right condition directly in tests.
2017-05-07 18:59:37 -04:00
Zbigniew Jędrzejewski-Szmek
3f1dc090d6 man: fix two references to our own binaries 2017-05-07 11:29:55 -04:00
Zbigniew Jędrzejewski-Szmek
98e9d71022 man: fix links to external man pages
linkchecker ftw!
2017-05-07 11:29:40 -04:00
Lennart Poettering
51cf831304 Merge pull request #5901 from keszybz/mkosi-meson
Convert mkosi instructions to meson
2017-05-07 07:13:13 -04:00
Zbigniew Jędrzejewski-Szmek
ab8ee0f259 tree-wide: use SET_FLAG in more places (#5892) 2017-05-07 07:03:28 -04:00
Zbigniew Jędrzejewski-Szmek
848d875fde mkosi.build: set encoding
Otherwise python3 (via meson) complains.
2017-05-05 21:19:04 -04:00
Zbigniew Jędrzejewski-Szmek
b35320cf63 mkosi.fedora: we need lz4 for lz4cat 2017-05-05 21:18:54 -04:00
Zbigniew Jędrzejewski-Szmek
6c3444cb03 mkosi: switch build to meson
For Fedora, the version is bumped to 26. In F25, ninja is still called ninja-build
(while the package with the rename is going through QA).
2017-05-05 21:18:44 -04:00