1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-23 02:04:32 +03:00

29160 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
ce241a493f sulogin-shell: avoid heredocs
They require a writable /tmp dir (in the bash implementation).
Let's use echo, and not 'echo -e' since that doesn't seem to be completely
portable.

Fixes #6052.
2017-05-30 17:03:25 -04:00
Zbigniew Jędrzejewski-Szmek
03c3c52040 man: update MemoryDenyWriteExecute description for executable stacks
Without going into details, mention that libraries are also covered by the
filters, and that executable stacks are a no no.

Closes #5970.
2017-05-30 16:44:48 -04:00
Zbigniew Jędrzejewski-Szmek
0e3f51cf8d man: don't say that ExecStart syntax is "very shell"
Fixes #6035.
2017-05-30 16:33:42 -04:00
Franck Bui
5e354b2252 build: only install tmpfiles.d/systemd-remote.conf when necessary (#6051)
Also only include the relevant parts for systemd-journal-remote and
systemd-journal-upload when needed.
2017-05-30 13:27:26 -04:00
Yu Watanabe
9d8813b3b4 kernel-install: support the case /etc/machine-id is missing or empty (#5975)
Some .install plugins does not require that machine ID is set such as
20-grubby.install for Fedora and 50-depmod.install.
To support such plugins to run without valid machine-id, this commit
makes the following change:
* if /etc/machine-id is missing or empty, create temporary directory
  and set its path to BOOT_DIR_ABS,
* run the .install helpers with KERNEL_INSTALL_MACHINE_ID environment
  variable that'd be empty if /etc/machine-id is missing or empty.
This may be useful for installing kernel for e.g. stateless systems
which initialize machine-id while booting the systems.
2017-05-30 09:45:10 -04:00
kjackiewicz
e74d0a9a5c rules: watch metadata changes in mmcblk devices (#6050)
Formatting sd-cards does not trigger "change" uevents. As a result clients
using udev API don't get any updates afterwards and get outdated information
about the device.

Include mmcblk* in a match for watch option assignment.
2017-05-30 15:19:03 +02:00
Lennart Poettering
c4c069121c timesyncd: properly handle OOM errors when parsing fallback servers (#6047) 2017-05-30 14:49:35 +02:00
Lennart Poettering
4af273d149 Merge pull request #4512 from pfl/ndisc_exponential_backoff
Ndisc exponential backoff
2017-05-30 14:49:07 +02:00
Patrik Flykt
5a67ed2403 test-ndisc-rs.c: Test Router Solicitation timer computation
Test ICMPv6 Router Solicitation exponential backoff timer by
computing the minimum and maximum values according to RFC 7559,
Section 2 and the algorithm itself described in RFC 3315, Section
14. Reset the sd_ndisc timer to trigger after a zero second delay,
which causes the ndisc timeout to be triggered immediately once
the caller of the "sending" function returns to the main loop.
2017-05-30 10:34:15 +03:00
Patrik Flykt
e82a19cb18 sd-ndisc.c: Move Router Solicitation sending after timer computaion
Move ICMPv6 Router Solicitation sending after timer computation so
that timers are already set up when the packet is being sent. This
makes it possible to create a test that inspects Router
Solicitation timer values when the Router Solicitation is sent out
on the network.
2017-05-30 10:34:15 +03:00
Patrik Flykt
1bd6f8953d sd-ndisc: Implement Router Solicitation backoff method
Instead of sending a fixed amount of Router Solicitiations, implement
the backoff algorithm proposed in RFC 7559. The backoff algorithm is
the same as used by DHCPv6.

Time out after 12s as specified in RFC 4861 in order not to delay
setting up a link for too long while sending Router Solicitations
in the background. Notice that after this change the callback will
receive a SD_NDISC_EVENT_TIMEOUT timeout event, and at a later point
when a router appears, a received Router Advertisment will cause the
callback to be called again with the SD_NDISC_EVENT_ROUTER event.
2017-05-30 10:34:15 +03:00
Tobias Jungel
0d6c68eba3 network: bridge vlan without PVID (#5899)
this patch makes it possible to configure a vlan aware bridge without the
PVID. To configure no PVID set DefaultPVID=none in the [BridgeVLAN] section.

fixes #5716
2017-05-29 17:20:01 +02:00
Lennart Poettering
defdbbb6dc Merge pull request #5926 from fsateler/condition-uid
core: add ConditionUID and ConditionGID
2017-05-29 15:18:38 +02:00
Lennart Poettering
90b25159a6 Merge pull request #6031 from teg/monitor
busctl: fix up the monitor
2017-05-29 15:08:20 +02:00
Lucas Werkmeister
0f8158bd26 shell-completion: add systemctl revert (#6042)
The `systemctl revert` command was added in v230 (commit 344ca7556b),
but was missing from the shell completion specifications.

Fixes #5978.
2017-05-29 15:01:01 +02:00
Lennart Poettering
24c4b00b38 Merge pull request #6029 from keszybz/vconsole-no-vga
Avoid systemd-vconsole-setup failure on machines w/o VGA
2017-05-26 18:09:57 +02:00
Felipe Sateler
534bab66ab core: add @system special value to ConditionUser=
It allows checking if the user is a system user or a normal user
2017-05-26 09:42:47 -04:00
Felipe Sateler
c465a29f24 core: add ConditionUser and ConditionGroup
This adds two options that are useful for user units. In particular, it
is useful to check ConditionUser=!0 to not start for the root user.

Closes: #5187
2017-05-26 09:42:44 -04:00
George McCollister
4e3f07029a rules: Handle MMC boot partitions by-path correctly (#6026)
Many eMMC devices have separate boot partitions that aren't part of the
normal partition table that show up as /dev/mmcblk[0-9]boot[0-9]. These
partitions are generally small (128KB to 16MB) and typically hold a boot
loader, boot loader data or a recovery image. Match these and create
-boot%n by-path symlinks.

Prior to this change by-path symlinks for the main device would be
incorrectly linked to one of the boot partitions.

For instance before:
/dev/disk/by-path/platform-219c000.usdhc linked to /dev/mmcblk1boot1

Now:
/dev/disk/by-path/platform-219c000.usdhc links to /dev/mmcblk1
/dev/disk/by-path/platform-219c000.usdhc-boot0 links to /dev/mmcblk1boot0
/dev/disk/by-path/platform-219c000.usdhc-boot1 links to /dev/mmcblk1boot1

On systems that support multiple SD/MMC devices it can be essential to
have by-path links to these devices since device names vary depending on
which other devices are connected.
2017-05-25 22:13:50 -04:00
Zbigniew Jędrzejewski-Szmek
2340bfbfcc Merge pull request #5999 from mbiebl/timesyncd-fallback-server
timesyncd: don't use compiled-in list if FallbackNTP has been configured
2017-05-25 18:51:08 -04:00
Tom Gundersen
d27d4637c8 busctl: monitor - ignore the final NameLost message
Commit f5938e8ff3cf5b6fadd6b440b3b10fc0e5a64733 started dropping all
messages before we become a monitor, but the last one was getting
through.

This drops also the last NameLost message, which indicatse the switch
from a regular peer to a monitor.
2017-05-25 17:37:50 +02:00
Tom Gundersen
0bf7d7cc88 logn: tests - don't compare signed with unsigned 2017-05-25 17:37:50 +02:00
Zbigniew Jędrzejewski-Szmek
c6c1ba8f64 test-timesync: add first test for timesyncd conf parsing
We parse the string supplied in NTP_SERVERS during configuration under an
assert_se(). Right now we will accept pretty much anything there, but in case
we are more picky in the future, add a simple test which checks that we can
actually parse whatever is in NTP_SERVERS so that we don't fail the assertion
at runtime.
2017-05-25 10:59:35 -04:00
Timothée Ravier
c090d74dd9 test: ensure 'InaccessiblePaths=/proc' option works (#6017)
Test case for PR #5985.
2017-05-25 07:47:08 +03:00
Zbigniew Jędrzejewski-Szmek
93c9a9d235 vconsole-setup: skip setting fonts when setfont returns EX_OSERR
On a machine without a VGA console, /dev/tty{0,1,…} exist, so
systemd-vconsole-setup is started, but all setfont operations fail.

setfont has a bunch of return codes for different failure modes. It uses
EX_OSERR when the communication with the kernel using ioctls fails. This isn't
too specific, but at least it's only used this general class of errors. Let's
swallow the error in this case to avoid systemd-vconsole-setup.service failing
on cloud vms.

On a machine from https://bugzilla.redhat.com/show_bug.cgi?id=1272686#c4:
$ build/systemd-vconsole-setup
setfont: putfont: 512,8x16:  failed: -1
putfont: PIO_FONT: Invalid argument
/usr/bin/setfont failed with error code 71.
Setting fonts failed with a "system error", ignoring.

$ SYSTEMD_LOG_LEVEL=debug build/systemd-vconsole-setup
Found container virtualization none.
Sysfs UTF-8 flag enabled
UTF-8 kbdmode enabled on /dev/tty0
Executing "/usr/bin/setfont -C /dev/tty0 eurlatgr"...
setfont: putfont: 512,8x16:  failed: -1
putfont: PIO_FONT: Invalid argument
/usr/bin/setfont failed with error code 71.
Executing "/usr/bin/loadkeys -q -C /dev/tty0 -u us"...
/usr/bin/loadkeys succeeded.
Setting fonts failed with a "system error", ignoring.

$ lspci | grep -i vga

$ ls /dev/tty?
/dev/tty0  /dev/tty2  /dev/tty4  /dev/tty6  /dev/tty8
/dev/tty1  /dev/tty3  /dev/tty5  /dev/tty7  /dev/tty9

If we have a better test for /dev/tty? being connected to something that has a
font, we could avoid running setfont at all… ATM, I'm not aware of a simple
test like that.
2017-05-24 23:25:44 -04:00
Zbigniew Jędrzejewski-Szmek
3d62378088 vconsole-setup: add more log messages
This makes it quite a bit easier to see what failed.

strv_join is called inline in log_debug so that it is under the conditional
that kills the whole thing if debugging is disabled.
2017-05-24 23:25:10 -04:00
Michael Biebl
3745770ae4 timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly
Parse the config files first and only apply the compiled-in list of
fallback servers if no NTP server was configured via FallbackNTP.

Closes: #5091
2017-05-24 17:45:46 +02:00
Daniel Wang
b23aec0d6b DHCP: Fail link_dhcp_set_routes promotely if no address is assigned from lease (#6009)
Currently the local variable `address` is unintialized if the DHCP lease
doesn't provide a router address (when r == -ENODATA). Thus the
subsequent call to route_scope_from_address will result in accessing an
unintialized variable.

As a matter of fact, sd-dhcp-client ignores DHCP leases without an
address so link_dhcp_set_routes probably will never be called without a
valid address.
2017-05-24 14:05:49 +02:00
codekipper
a083537e5d tmpfiles: Remove unnecessary utmp file creation (#6006)
If utmp is disabled (--disable-utmp) then there is no need to create
the wtmp and btmp files.
2017-05-24 11:10:59 +02:00
Evgeny Vereshchagin
a924f43f30 resolved: bugfix of null pointer p->question dereferencing (#6020)
See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
2017-05-24 08:56:48 +03:00
John Paul Adrian Glaubitz
d82c4b9a7b mailmap: add entry for John Paul Adrian Glaubitz (#6015) 2017-05-23 09:22:44 -04:00
NeilBrown
2d79a0bbb9 Allow TimeoutSec=0 to work as documented in mount units and elsewhere (#6013)
Since commit 36c16a7cdd6c ("core: rework unit timeout handling, and add
new setting RuntimeMaxSec=") TimeoutSec=0 in mount units has
cause the mount to timeout immediately instead of never as documented.

There is a similar problem with Socket.TimeoutSec and Swap.TimeoutSec.

These are easily fixed using config_parse_sec_fix_0().

Automount.TimeoutIdleSec looks like it could have the same problem,
but doesn't because the kernel treats '0' as 'no timeout'.
It handle USEC_INFINITY correctly only because that constant has
the value '-1', and when round up, it becomes zero.
To avoid possible confusion, use config_parse_sec_fix_0() as well, and
explicitly handle USEC_INFINITY.
2017-05-23 09:42:26 +02:00
tomty89
e8a94ce83e nspawn: add nosuid and nodev to /tmp mount (#6004)
When automatic /tmp mount was introduced to nspawn in v219, it was done without having the nosuid and nodev mount options, which was the same case as systemd's default tmp.mount unit back then.

nosuid and nodev was added to tmp.mount(.m4) in v231 for security reasons. matching the nspawn /tmp mount entry against that.

Ref.:
2f9df7c96a
bbb99c30d0
2017-05-23 09:41:36 +02:00
sjoerd-ccu
764febc23e networkd-link: Receive LLDP on Bridge slaves not master (#5995)
LLDP should be received on bridge slaves as they're the entities
directly connected to a peer. Receiving LLDP on the bridge device makes
little sense, Linux by default even filters out LLDP going onto the
bridge device.

Flip the current logic, receive LLDP on bridge slaves don't listen for
them on the bridge itself.
2017-05-23 09:10:59 +02:00
Lennart Poettering
09d97dfb75 Merge pull request #6005 from grawity/github
doc: update GitHub ISSUE_TEMPLATE
2017-05-22 15:47:50 +02:00
Lennart Poettering
45f4238a1f load-dropin: propagate errors properly from unit_name_compatible() (#6002)
Let's log about this in the caller.

Doesn't really matter, but let's do something about my OCD, and
propagate errors properly, so that the caller can log about them.
2017-05-22 09:18:00 -04:00
Mantas Mikulėnas
582c53d785
github: comment out submitter note in ISSUE_TEMPLATE
It's for the person filling in the form, not for people reading it later.
2017-05-22 16:07:28 +03:00
Mantas Mikulėnas
52c2abed4b
github: remove checkboxes from ISSUE_TEMPLATE
The issue list page thinks those are in fact todo items.
2017-05-22 16:06:50 +03:00
Lennart Poettering
4dd53da97d sd-dhcp: library code shouldn't log above LOG_DEBUG (#6001)
Let's downgrade the warning introduced by
955d99edc7991386a36e3d33924cc584931fde91 to debug, as we really
shouldn't log at more than debug level from library code.

(And while we are at it, print the MTU as the right (unsigned) type in
the format string.)
2017-05-22 08:38:01 -04:00
Lennart Poettering
401a38e770 Merge pull request #5958 from keszybz/explicit-log-errno
Use explicit errno in log calls
2017-05-22 10:12:18 +02:00
AsciiWolf
c63b01c6f2 mkosi: update Debian config for mkosi (#5997)
* mkosi.debian: fix libidn2 package name
* mkosi.debian: drop duplicate diffutils package
* mkosi.debian: add missing g++ package
2017-05-21 22:24:30 -04:00
Matthias Greiner
955d99edc7 Allow bad MTU values with warning to be able to connect to the machine. (#5954)
Ensure the MTU value is valid. Emit a warning and ignore otherwise.
2017-05-21 21:11:25 -04:00
Djalal Harouni
7a093ea246 Merge pull request #5990 from keszybz/logind
A bunch of sd-login improvements
2017-05-21 07:14:21 +02:00
Djalal Harouni
a1f4d73b7c Merge pull request #6000 from keszybz/fix-oom-warning
core/load-droping: avoid oom warning when the unit symlink is not a template
2017-05-21 07:11:33 +02:00
Zbigniew Jędrzejewski-Szmek
e450032f09 core/load-droping: avoid oom warning when the unit symlink is not a template
unit_name_template returns -EINVAL if the unit name is not a template, but
the code assumed that OOM is the only failure mode. Fix that to emit the warning
if a non-template unit is encountered (because in this case we expect the name
to match exactly), and just skip the warning on other errors (presumably oom).

Fixes #5543.
2017-05-20 19:34:50 -04:00
Evgeny Vereshchagin
4417e1a33d Merge pull request #5960 from keszybz/journald-memleak
Journald and journal-remote memleak fixes
2017-05-21 01:41:48 +03:00
Daniel Wang
d6eac9bd06 DHCP: when adding static routes set scopes properly (#5982)
DHCP responses could include static routes, but unfortunately not an
option to tell what scope to use. So it's important that the client sets
it properly.

This mimics what the `ip route add` command does when adding a static
route without an explicit scope:

* If the destination IP is on the local host, use scope `host`
* Otherwise if the gateway IP is null (direct route), use scope `link`
* If anything else, use the current default `global`.

Fixes #5979.
2017-05-20 07:05:18 -04:00
Zbigniew Jędrzejewski-Szmek
c6e9e16f77 journald: fix trivial memleak
Fixes #5516.
2017-05-19 19:15:26 -04:00
Zbigniew Jędrzejewski-Szmek
2da03cbf9d udev-rules: add helper function for logging
Avoid repeating the same conditional four times. Error messages are
capitalized.
2017-05-19 15:03:14 -04:00
Zbigniew Jędrzejewski-Szmek
9c0565b2c3 basic/time-util: make parsing of dual_timestamp more strict
*scanf functions set errno on i/o error. For sscanf, this doesn't really apply,
so (based on the man page), it seems that errno is unlikely to be ever set to a
useful value. So just ignore errno. The error message includes the string that
was parsed, so it should be always pretty clear why parsing failed.

On the other hand, detect trailing characters and minus prefix that weren't
converted properly. This matches what our safe_ato* functions do. Add tests to
elucidate various edge cases.
2017-05-19 15:01:20 -04:00