1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

26945 Commits

Author SHA1 Message Date
HATAYAMA Daisuke
eeb084806b journald,ratelimit: fix wrong calculation of burst_modulate() (#4218)
This patch fixes wrong calculation of burst_modulate(), which now calculates
the values smaller than really expected ones if available disk space is
strictly more than 1MB.

In particular, if available disk space is strictly more than 1MB and strictly
less than 16MB, the resulted value becomes smaller than its original one.

>>> (math.log2(1*1024**2)-16) / 4
1.0
>>> (math.log2(16*1024**2)-16) / 4
2.0
>>> (math.log2(256*1024**2)-16) / 4
3.0
→ This matches the comment in the function.
2016-09-26 11:36:20 -04:00
Matej Habrnal
a5ca3649d3 coredump: initialize coredump_size in submit_coredump() (#4219)
If ulimit is smaller than page_size(), function save_external_coredump()
returns -EBADSLT and this causes skipping whole core dumping part in
submit_coredump(). Initializing coredump_size to UINT64_MAX prevents
evaluating a condition with uninitialized varialbe which leads to
calling allocate_journal_field() with coredump_fd = -1 which causes
aborting.

Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
2016-09-26 11:28:58 -04:00
Torstein Husebø
d23a0044a3 treewide: fix typos (#4217) 2016-09-26 11:32:47 +02:00
Zbigniew Jędrzejewski-Szmek
6c1e2427df Merge pull request #4194 from bboozzoo/bboozzoo/nss-rootlib 2016-09-24 11:40:15 -04:00
Zbigniew Jędrzejewski-Szmek
d11e656ace Merge pull request #4182 from jkoelker/routetable 2016-09-24 11:05:06 -04:00
Martin Pitt
f258e94843 networkd: do not drop config for pending interfaces (#4187)
While an interface is still being processed by udev, it is in state "pending",
instead of "unmanaged". We must not flush device configuration then.

Further fixes commit 3104883ddc after commit c436d55397.

Fixes #4186
2016-09-24 10:07:45 -04:00
Maciek Borzecki
082210c7a8 build-sys: get rid of move-to-rootlibdir
Replace move-to-rootlibdir calls in post-install hooks with explicitly
used ${rootlibdir} where needed.

Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
2016-09-24 15:15:01 +02:00
Zbigniew Jędrzejewski-Szmek
eb93312810 kernel-install: allow plugins to terminate the procedure (#4174)
Replaces #4103.
2016-09-24 09:03:54 -04:00
Zbigniew Jędrzejewski-Szmek
2541b135bf Merge pull request #4207 from fbuihuu/fix-journal-hmac-calculation
Fix journal hmac calculation.
2016-09-24 08:57:49 -04:00
HATAYAMA Daisuke
886cf982d3 sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (#4205)
Currently, systemd-sysctl command configures kernel parameters in each sysctl
configuration files in random order due to characteristics of iterator of
Hashmap.

However, kernel parameters need to be configured in the order they occur in
each sysctl configuration files.

- For example, consider fs.suid_coredump and kernel.core_pattern. If
  fs.suid_coredump=2 is configured before kernel.core_pattern= whose default
  value is "core", then kernel outputs the following message:

      Unsafe core_pattern used with suid_dumpable=2. Pipe handler or fully qualified core dump path required.

  Note that the security issue mentioned in this message has already been fixed
  on recent kernels, so this is just a warning message on such kernels. But
  it's still confusing to users that this message is output on some boot and
  not output on another boot.

- I don't know but there could be other kernel parameters that are significant
  in the order they are configured.

- The legacy sysctl command configures kernel parameters in the order they
  occur in each sysctl configuration files. Although I didn't find any official
  specification explaining this behavior of sysctl command, I don't think there
  is any meaningful reason to change this behavior, in particular, to the
  random one.

This commit does the change by simply using OrderedHashmap instead of Hashmap.
2016-09-24 08:56:07 -04:00
Luca Bruno
48a8d337a6 nspawn: decouple --boot from CLONE_NEWIPC (#4180)
This commit is a minor tweak after the split of `--share-system`, decoupling the `--boot`
option from IPC namespacing.

Historically there has been a single `--share-system` option for sharing IPC/PID/UTS with the
host, which was incompatible with boot/pid1 mode. After the split, it is now possible to express
the requirements with better granularity.

For reference, this is a followup to #4023 which contains references to previous discussions.
I realized too late that CLONE_NEWIPC is not strictly needed for boot mode.
2016-09-24 08:30:42 -04:00
Franck Bui
33685a5a3a journal: fix HMAC calculation when appending a data object
Since commit 5996c7c295 (v190 !), the
calculation of the HMAC is broken because the hash for a data object
including a field is done in the wrong order: the field object is
hashed before the data object is.

However during verification, the hash is done in the opposite order as
objects are scanned sequentially.
2016-09-23 14:59:51 +02:00
Franck Bui
43cd879483 journal: warn when we fail to append a tag to a journal
We shouldn't silently fail when appending the tag to a journal file
since FSS protection will simply be disabled in this case.
2016-09-23 14:59:00 +02:00
AsciiWolf
a4d373452d l10n: update Czech translation (#4203) 2016-09-23 07:11:26 +02:00
Wilhelm Schuster
fbdec7923f machine: Disable more output when quiet flag is set (#4196) 2016-09-22 15:49:22 -04:00
Daniel Maixner
86c2fc21f9 l10n: add Czech Translation (#4195) 2016-09-21 14:42:35 +02:00
Maciek Borzecki
af0a10bfa1 nss: install nss modules to ${rootlibdir}
NSS modules (libnss_*.so.*) need to be installed into
${rootlibdir} (typically /lib) in order to be used. Previously, the
modules were installed into ${libdir}, thus usually ending up in
/usr/lib, even on systems where split usr is enabled, or ${libdir} is
passed explicitly.

Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
2016-09-21 09:00:11 +02:00
Michael Pope
21dc02277d nspawn: fix comment typo in setup_timezone example (#4183) 2016-09-20 07:30:48 +02:00
Jason Kölker
2ba31d29a5 networkd: Allow specifying RouteTable for RAs 2016-09-19 03:27:46 +00:00
Jason Kölker
f594276b86 networkd: Allow specifying RouteTable for DHCP 2016-09-19 03:27:42 +00:00
Felix Zhang
dd8352659c journal: fix typo in comment (#4176) 2016-09-18 11:14:50 +02:00
Martin Pitt
7ce9cc1545 Revert "kernel-install: Add KERNEL_INSTALL_NOOP (#4103)"
Further discussion showed that this better gets addressed at the packaging
level.

This reverts commit 34210af7c6.
2016-09-17 16:39:00 +02:00
Martin Pitt
6ac288a990 Merge pull request #4123 from keszybz/network-file-dropins
Network file dropins
2016-09-17 10:00:19 +02:00
Michael Pope
0b493a0263 nspawn: clarify log warning for /etc/localtime not being a symbolic link (#4163) 2016-09-17 09:59:28 +02:00
Zbigniew Jędrzejewski-Szmek
881e6b5edf networkd: change message about missing Kind
If Kind is not specied, the message about "Invalid Kind" was misleading.
If Kind was specified in an invalid way, we get a message in the parsing
phase anyway. Reword the message to cover both cases better.
2016-09-16 10:32:03 -04:00
Zbigniew Jędrzejewski-Szmek
bac150e9d1 man: mention that netdev,network files support dropins
Also update the description of drop-ins in systemd.unit(5) to say that .d
directories, not .conf files, are in /etc/system/system, /run/systemd/system,
etc.
2016-09-16 10:32:03 -04:00
Zbigniew Jędrzejewski-Szmek
2cc34d5b91 networkd: support drop-in dirs for .network files 2016-09-16 10:32:03 -04:00
Zbigniew Jędrzejewski-Szmek
23bb31aa0a shared/conf-parser: add config_parse_many which takes strv with dirs
This way we don't have to create a nulstr just to unpack it in a moment.
2016-09-16 10:32:03 -04:00
Zbigniew Jędrzejewski-Szmek
43688c49d1 tree-wide: rename config_parse_many to …_nulstr
In preparation for adding a version which takes a strv.
2016-09-16 10:32:03 -04:00
Jean-Sébastien Bour
047a0dacde networkd: support drop-in directories for .network files
Fixes #3655.

[zj: Fix the tests.]
2016-09-16 10:31:58 -04:00
Zbigniew Jędrzejewski-Szmek
38d78d1ee9 networkd-test: add a helper function to always clean up temporary config files 2016-09-16 10:30:34 -04:00
hi117
9ea78383e8 Updated formatting for printing the key for FSS (#4165)
The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption.

Before:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.

        /var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900

The sealing key is automatically changed every 15min.
```

After:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.

        d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900

The sealing key is automatically changed every 15min.
```
2016-09-16 10:14:55 -04:00
Stefan Schweter
96ee6ce3c9 man: Update example for downloading a Fedora image (#4166) 2016-09-16 08:22:12 -04:00
Stefan
734530b7b5 man: update url to openpgpkey rfc (#4156) 2016-09-15 22:55:22 -04:00
Zbigniew Jędrzejewski-Szmek
e77e0f51fe Merge pull request #4131 from intelfx/update-done-timestamps-precision
condition: ignore nanoseconds in timestamps for ConditionNeedsUpdate=

Fixes #4130.
2016-09-15 22:53:00 -04:00
Tomáš Janoušek
7dabbb55a8 logind: fix /run/user/$UID creation in apparmor-confined containers (#4154)
When a docker container is confined with AppArmor [1] and happens to run
on top of a kernel that supports mount mediation [2], e.g. any Ubuntu
kernel, mount(2) returns EACCES instead of EPERM.  This then leads to:

    systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied
    login[42]: pam_systemd(login:session): Failed to create session: Access denied

and user sessions don't start.

This also applies to selinux that too returns EACCES on mount denial.

[1] https://github.com/docker/docker/blob/master/docs/security/apparmor.md#understand-the-policies
[2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/kernel-patches/4.7/0025-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
2016-09-16 02:26:31 +03:00
Marcel Holtmann
390e020735 hwdb: Update database of Bluetooth company identifiers 2016-09-15 22:09:35 +02:00
Zbigniew Jędrzejewski-Szmek
2179fd109d test-execute: fix %n typo (#4153) 2016-09-15 14:21:42 +02:00
Martin Pitt
bfa91d65bb Merge pull request #4150 from ssahani/net1
networkd: trivial fixes
2016-09-15 12:20:09 +02:00
kristbaum
d903a89246 Update systemctl.xml (#4151) 2016-09-15 09:11:33 +02:00
Peter Hutterer
bbe7cdeb8f hwdb: add Lenovo *40 series resolution fixes (#4149) 2016-09-15 08:16:05 +02:00
Susant Sahani
a4820c463a networkd: network fix log message 2016-09-15 10:19:26 +05:30
Susant Sahani
9b53e12987 networkd: netdev fixup copy paste error 2016-09-15 10:18:59 +05:30
Susant Sahani
1bc7460bf2 TODO: update networkd TODO 2016-09-15 10:18:22 +05:30
Ivan Shapovalov
fb8b0869a7 update-done, condition: write the timestamp to the file as well and use it to prevent false-positives
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90192 and #4130
for real. Also, remove timestamp check in update-done.c altogether since
the whole operation is idempotent.
2016-09-15 06:36:42 +03:00
Ivan Shapovalov
3a730176b3 time-util: export timespec_load_nsec() 2016-09-15 05:21:09 +03:00
Davide Cavalca
c0f9116d6c shell-completion: add --wait to systemd-run completions (#4140) 2016-09-14 22:38:53 +02:00
Davide Cavalca
bf6585ce64 gitignore: ignore image.raw from mkosi (#4141) 2016-09-14 19:15:21 +02:00
Susant Sahani
92c918b06d networkd: add support to configure virtual CAN device (#4139)
1. add support for kind vcan
2. fixup indention netlink-types.c, networkd-netdev.c
2016-09-14 18:15:16 +02:00
Martin Pitt
2d88def959 Merge pull request #4133 from keszybz/strerror-removal
Strerror removal and other janitorial cleanups
2016-09-14 11:17:58 +02:00