1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

29046 Commits

Author SHA1 Message Date
Elias Probst
cf917c27b6
man: fix typo (--network-zones--network-zone) 2017-05-13 20:56:44 +02:00
Daniel Wang
b85bc551c3 network: Implement DHCP Option 119 (Domain Search List) (#5932)
This adds a modified version of dhcp6_option_parse_domainname() that is
able to parse compressed domain names, borrowing the idea from
dns_packet_read_name(). It also adds pieces in networkd-link and
networkd-manager to properly save/load the added option field.

Resolves #2710.
2017-05-13 10:19:32 -04:00
Lennart Poettering
6e4177315f Merge pull request #5432 from keszybz/udev-logging
udev logging separation
2017-05-12 15:22:46 +02:00
Zbigniew Jędrzejewski-Szmek
5486a31d28 nss-resolve: drop the internal fallback to libnss_dns (#5945)
If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:

   hosts: resolve [!UNAVAIL=return] dns myhostname

Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.

Tested with
   hosts: resolve [!UNAVAIL=return] myhostname
and
   hosts: resolve [!UNAVAIL=return] dns myhostname

Fixes #5742.
2017-05-12 14:31:46 +02:00
Lennart Poettering
3823da25cf Merge pull request #5928 from keszybz/libidn2
Use idn2 instead of idn
2017-05-12 12:01:40 +02:00
Lennart Poettering
2cfafe4d03 Merge pull request #5942 from keszybz/timestamp-writing
Allow timestamp to be set by the file writing utility functions
2017-05-12 12:00:24 +02:00
Lennart Poettering
77f0f0a5c7 Merge pull request #5946 from evverx/test-sigbus-fixes
test-sigbus: use posix_fallocate rather than fallocate
2017-05-12 11:58:13 +02:00
Zbigniew Jędrzejewski-Szmek
f089206caa README: update util-linux required compilation options (#5949)
Fixes #5563.
2017-05-12 10:49:48 +02:00
Zbigniew Jędrzejewski-Szmek
ca3bad6504 networkd: remove unused variables (#5948)
Fixup for 36423ff433.
2017-05-12 04:53:12 +03:00
Evgeny Vereshchagin
b8d79b4b68 tests: stop creating /TEST (#5943)
Closes #5856.
2017-05-11 18:56:39 -04:00
Matthijs van Duin
cc9daff228 sd-bus: fix c++ compatibility (#5941)
g++ annoyingly requires a non-empty struct-initializer to initialize all
struct members, in order of declaration.

Signed-off-by: Matthijs van Duin <matthijsvanduin@gmail.com>
2017-05-11 18:55:26 -04:00
Zbigniew Jędrzejewski-Szmek
fc1b2dc395 Merge pull request #5936 from ssahani/net-route
networkd: route replace parse prefix with generic in_addr_prefix_from_string
2017-05-11 18:53:35 -04:00
Zbigniew Jędrzejewski-Szmek
a8a2a0ed64 mkosi: switch over to libidn2 2017-05-11 14:27:01 -04:00
Zbigniew Jędrzejewski-Szmek
87057e244b resolved: support libidn2 in addition to libidn
libidn2 2.0.0 supports IDNA2008, in contrast to libidn which supports IDNA2003.

https://bugzilla.redhat.com/show_bug.cgi?id=1449145
From that bug report:

Internationalized domain names exist for quite some time (IDNA2003), although
the protocols describing them have evolved in an incompatible way (IDNA2008).
These incompatibilities will prevent applications written for IDNA2003 to
access certain problematic domain names defined with IDNA2008, e.g., faß.de is
translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is
translated to fass.de domain. That not only causes incompatibility problems,
but may be used as an attack vector to redirect users to different web sites.

v2:
- keep libidn support
- require libidn2 >= 2.0.0
v3:
- keep dns_name_apply_idna caller dumb, and keep the #ifdefs inside of the
  function.
- use both ±IDN and ±IDN2 in the version string
2017-05-11 14:25:01 -04:00
Zbigniew Jędrzejewski-Szmek
d84ed2bd13 networkd: pretiffy message about invalid prefix
We know how the field we are parsing is called, let's put this information in
the error message:
"Route Source= prefix is invalid, ignoring assignment: ..."
"Route Destination= prefix is invalid, ignoring assignment: ..."
2017-05-11 14:01:14 -04:00
Zbigniew Jędrzejewski-Szmek
872c403963 update-done: use newly added library function to write the file
Fixes #5861.
2017-05-11 13:43:53 -04:00
Lennart Poettering
271312e37b Merge pull request #5893 from keszybz/memorydenywriteexecute
Add support for more arches for MemoryDenyWriteExecute
2017-05-11 19:42:42 +02:00
Zbigniew Jędrzejewski-Szmek
c826cd3f7c pid1: improve logging when failing to remount / ro (#5940)
https://bugzilla.redhat.com/show_bug.cgi?id=1227736#c49

We counted how many filesystems could not be unmounted, but only for those
filesystems which we tried to unmount. Since we only remount / ro, without
attempting to unmount, we would emit a confusing error message:

Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
All filesystems unmounted.

Warn when remount-ro fails, and for filesystems which we won't try to unmount,
include the failure to remount-ro in n_failed.

A few minor cleanups:
- remove unecessary goto which jumps to the next line anyway
- always calculate n_failed, even if log_error is false. This causes no change
  in behaviour, but I think the code is easier to follow, since the log setting
  cannot influence other logic.
2017-05-11 18:12:41 +02:00
Zbigniew Jędrzejewski-Szmek
39c38d773f basic/fileio: extend atomic file writing with timestamp setting
There should be no functional change.
2017-05-11 10:23:36 -04:00
Tom Gundersen
f5938e8ff3 busctl: monitor - only start printing messages once we have become a monitor (#5931)
A connection becomes a monitor the moment it loses its unique name, so any
messages received before that should not be dumped to the console.

Currently, we print NameAcquired and NameLost for the unique name of the
peer that becomes the monitor, simply discard all messages until we
receive our NameLost signal.
2017-05-11 15:56:55 +02:00
Zbigniew Jędrzejewski-Szmek
52511fae7b core: fix warning about unsigned variable (#5935)
Fixup for d8c92e8bc7.
2017-05-11 08:15:28 +02:00
Susant Sahani
36423ff433 networkd: route replace parse prefix with generic in_addr_prefix_from_string 2017-05-11 10:12:54 +05:30
Peter Hutterer
5efd9f72ca hwdb: add the X200/X201 to the existing X201s entry (#5934)
https://bugs.freedesktop.org/show_bug.cgi?id=100628
2017-05-10 22:29:15 -04:00
Ray Strode
af92daebc5 man: fix LD_LIBRARY_PATH example in environment.d (#5929)
The example for LD_LIBRARY_PATH in the environment.d man page is wrong.

When setting LD_LIBRARY_PATH, the new directory usually needs to be at
the front so it overrides old directories.

In the example, the colon delimiter is correctly prepended to the front, but
the actual new path is erroneously appended to the end.

This commit moves it to the front where it belongs.
2017-05-10 22:23:54 -04:00
Peter Hutterer
61b2f1976c udev: don't allow pointing stick sensitivities greater than 255 (#5927)
It gets truncated, so the result is that people mess with the const accel
because the sensitivity isn't the expected 300 but the too-low 45.

One example: https://bugs.freedesktop.org/show_bug.cgi?id=100965
2017-05-10 21:22:00 +02:00
Lennart Poettering
554a080674 Merge pull request #5920 from fbuihuu/sysusers-disable-gshadow
Sysusers disable group shadow support
2017-05-10 19:46:13 +02:00
Zbigniew Jędrzejewski-Szmek
da1921a5c3 seccomp: enable RestrictAddressFamilies on ppc64, autodetect SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
We expect that if socket() syscall is available, seccomp works for that
architecture.  So instead of explicitly listing all architectures where we know
it is not available, just assume it is broken if the number is not defined.
This should have the same effect, except that other architectures where it is
also broken will pass tests without further changes. (Architectures where the
filter should work, but does not work because of missing entries in
seccomp-util.c, will still fail.)

i386, s390, s390x are the exception — setting the filter fails, even though
socket() is available, so it needs to be special-cased
(https://github.com/systemd/systemd/issues/5215#issuecomment-277241488).

This remove the last define in seccomp-util.h that was only used in test-seccomp.c. Porting
the seccomp filter to new architectures should be simpler because now only two places need
to be modified.

RestrictAddressFamilies seems to work on ppc64[bl]e, so enable it (the tests pass).
2017-05-10 09:21:16 -04:00
Franck Bui
1dd98a71e5 sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers
No functional changes.
2017-05-10 14:29:21 +02:00
Anchor Cat
e7d54bf587 automount: ack automount requests even when already mounted (#5916)
If a process accesses an autofs filesystem while systemd is in the
middle of starting the mount unit on top of it, it is possible for the
autofs_ptype_missing_direct request from the kernel to be received after
the mount unit has been fully started:

  systemd forks and execs mount             ...
            ...                     access autofs, blocks
  mount exits                               ...
  systemd receives SIGCHLD                  ...
            ...                     kernel sends request
  systemd receives request                  ...

systemd needs to respond to this request, otherwise the kernel will
continue to block access to the mount point.
2017-05-10 13:23:58 +02:00
Zbigniew Jędrzejewski-Szmek
9a4eeb4a0c units: make descriptions of api filesystems less generic (#5914)
All those names were very generic. Fixes #5911.
2017-05-10 13:09:52 +02:00
Evgeny Vereshchagin
af02b15a9d test-sigbus: skip the test under valgrind 2017-05-10 11:05:57 +00:00
Evgeny Vereshchagin
aab7037de4 test-sigbus: use posix_fallocate rather than fallocate
Some filesystems do not support fallocate, so we need to fall back on
something like posix_fallocate.

Closes #5833
2017-05-10 08:47:39 +00:00
Franck Bui
b14e1b4394 sysusers: make group shadow support configurable
Some distros (openSUSE) don't have group shadow support enabled. This can lead
to the following error:

  # systemd-sysusers
  Creating group foofoo with gid 478.
  # systemd-sysusers
  # groupdel foofoo
  # systemd-sysusers
  Creating group foofoo with gid 478.
  Failed to write files: File exists

This patch adds --disable-gshadow option to configure. If used,
systemd-sysvusers won't consider /etc/gshadow.
2017-05-10 10:19:37 +02:00
Franck Bui
b20b0b6606 sysusers: split make_files()
This patch extracts the code which is in charge to write the new users or
groups into temporary files and move it into 4 dedicated functions.

This part was previously inlined in makes_files() making this function quite
big and hard to read and maintain.

There should be no functional change.
2017-05-10 10:06:20 +02:00
Lennart Poettering
9bfc0df113 50-udev-default.rules.in: set correct group for mediaX/cecX (#5921)
The /dev/mediaX and /dev/cecX devices belong to the video group.
Add two default rules for that.

The /dev/cecX devices were introduced in kernel 4.8 in staging and moved
out of staging in 4.10. These devices support the HDMI CEC bus.

The /dev/mediaX devices are much older, but because they are not used very
frequently nobody got around to adding this rule to systemd. They let the
user control complex media pipelines.
2017-05-09 21:10:55 +02:00
Max Resch
b2bb40ce9a sd-boot: added shim signature/MOK validation (#5702)
Adds support for booting in a SecureBoot environment with shim as a
preloader. Install an appropriate UEFI security policy to check PE
signature of a chained kernel or UEFI application (using LoadImage())
against the MOK database maintained by shim, using shim's installed
BootServices.

Implementation details for installing the security policy are based on
code from the LinuxFoundation's SecureBoot PreLoader, part of efitools
licensed under LGPL 2.1

Current signed (by Microsoft) versions of shim (Versions 0.8 & 0.9)
so not install a security policy by themselves, future Versions of
shim might (a compile time switch exists in rectent git versions),
so in the future this PR might become unnecessary.
2017-05-09 20:57:40 +02:00
Lennart Poettering
7ce63d7c9b Merge pull request #5619 from fbuihuu/fully-restore-unit-cgroup-state
core: when deserializing a unit, fully restore its cgroup state
2017-05-09 20:49:17 +02:00
Lennart Poettering
4e168f4606 Merge pull request #5420 from OpenDZ/tixxdz/namespace-fixes-v2
Namespace: RootImage= RootDirectory= and MountAPIVFS fixes
2017-05-09 20:42:32 +02:00
Susant Sahani
6c1ff21b00 network: add support for vlan confs(MVRP, reorder header, loose binding) (#5834) 2017-05-09 20:25:11 +02:00
Ted W
09b69d68fa man: Clarify Restart= exception for systemctl stop (#5891) 2017-05-09 20:22:04 +02:00
Lennart Poettering
a91a43765b Merge pull request #5906 from keszybz/man-links
man page link fixes
2017-05-09 20:12:52 +02:00
Hristo Venev
465dfe59fc networkd: add IPv6ProxyNDP (#5913)
This allows enabling proxy_ndp even if no addresses are configured in
networkd, as well as disabling proxy_ndp from a drop-in.
2017-05-09 20:04:55 +02:00
Susant Sahani
c83ecc04d9 networkd: add support to configure route protocol. (#5890)
Closes: #5889
2017-05-09 20:01:25 +02:00
Lennart Poettering
2f64b5d043 Merge pull request #5919 from glaubitz/suse
Fix meson build on openSUSE Tumbleweed
2017-05-09 19:32:25 +02:00
John Paul Adrian Glaubitz
15f82677a6 build: Add missing SECCOMP_CFLAGS to test-seccomp and test-execute targets (#5924) 2017-05-09 19:31:38 +02:00
John Paul Adrian Glaubitz
eb8124f6d5 meson: Add missing dependency on libkmod for libudev_core 2017-05-09 13:13:49 +02:00
John Paul Adrian Glaubitz
849c09c4dd meson: Add missing dependency on libseccomp for libcore 2017-05-09 13:13:43 +02:00
Aggelos Avgerinos
488ab41cb8 execute: Properly log errors considering socket fds (#5910)
Till now if the params->n_fds was 0, systemd was logging that there were
more than one sockets.

Thanks @gregoryp and @VFXcode who did the most work debugging this.
2017-05-08 19:09:22 -04:00
Mark Stosberg
6d892bd19e man: improve readability of time shorthands and their normalized forms. (#5912) 2017-05-08 19:05:34 -04:00
Zbigniew Jędrzejewski-Szmek
3cf3392364 udev/collect: remove now-unused struct udev 2017-05-07 22:49:12 -04:00