1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

27080 Commits

Author SHA1 Message Date
Lennart Poettering
f767d3de65 Merge pull request #4304 from poettering/notify-nul-check
3 minor improvements for notification message handling
2016-10-07 18:30:53 +02:00
Zbigniew Jędrzejewski-Szmek
8f4d640135 core: only warn on short reads on signal fd 2016-10-07 10:05:04 -04:00
Susant Sahani
1644102735 networkd: remote checksum offload for vxlan (#4110)
This patch adds support to remote checksum checksum offload to VXLAN.
This patch adds RemoteCheckSumTx and RemoteCheckSumRx vxlan configuration
to enable remote checksum offload for transmit and receive on the VXLAN tunnel.
2016-10-07 09:46:18 -04:00
rwmjones
171b533800 architecture: Add support for the RISC-V architecture. (#4305)
RISC-V is an open source ISA in development since 2010 at UCB.
For more information, see https://riscv.org/

I am adding RISC-V support to Fedora:
https://fedoraproject.org/wiki/Architectures/RISC-V

There are three major variants of the architecture (32-, 64- and
128-bit).  The 128-bit variant is a paper exercise, but the other
two really exist in silicon.  RISC-V is always little endian.

On Linux, the default kernel uname(2) can return "riscv" for all
variants.  However a patch was added recently which makes the kernel
return one of "riscv32" or "riscv64" (or in future "riscv128").  So
systemd should be prepared to handle any of "riscv", "riscv32" or
"riscv64" (in future, "riscv128" but that is not included in the
current patch).  If the kernel returns "riscv" then you need to use
the pointer size in order to know the real variant.

The Fedora/RISC-V kernel only ever returns "riscv64" since we're
only doing Fedora for 64 bit at the moment, and we've patched the
kernel so it doesn't return "riscv".

As well as the major bitsize variants, there are also architecture
extensions.  However I'm trying to ensure that uname(2) does *not*
return any other information about those in utsname.machine, so that
we don't end up with "riscv64abcde" nonsense.  Instead those
extensions will be exposed in /proc/cpuinfo similar to how flags
work in x86.
2016-10-07 14:56:27 +02:00
Lennart Poettering
875ca88da5 manager: tighten incoming notification message checks
Let's not accept datagrams with embedded NUL bytes. Previously we'd simply
ignore everything after the first NUL byte. But given that sending us that is
pretty ugly let's instead complain and refuse.

With this change we'll only accept messages that have exactly zero or one NUL
bytes at the very end of the datagram.
2016-10-07 12:14:33 +02:00
Lennart Poettering
045a3d5989 manager: be stricter with incomining notifications, warn properly about too large ones
Let's make the kernel let us know the full, original datagram size of the
incoming message. If it's larger than the buffer space provided by us, drop the
whole message with a warning.

Before this change the kernel would truncate the message for us to the buffer
space provided, and we'd not complain about this, and simply process the
incomplete message as far as it made sense.
2016-10-07 12:12:10 +02:00
Lennart Poettering
c55ae51e77 manager: don't ever busy loop when we get a notification message we can't process
If the kernel doesn't permit us to dequeue/process an incoming notification
datagram message it's still better to stop processing the notification messages
altogether than to enter a busy loop where we keep getting notified but can't
do a thing about it.

With this change, manager_dispatch_notify_fd() behaviour is changed like this:

- if an error indicating a spurious wake-up is seen on recvmsg(), ignore it
  (EAGAIN/EINTR)

- if any other error is seen on recvmsg() propagate it, thus disabling
  processing of further wakeups

- if any error is seen on later code in the function, warn about it but do not
  propagate it, as in this cas we're not going to busy loop as the offending
  message is already dequeued.
2016-10-07 12:08:51 +02:00
Lennart Poettering
fd9b26c6f2 Merge pull request #4300 from keszybz/mkosi
Various mkosi bits
2016-10-07 09:58:25 +02:00
Lukáš Nykrýn
24dd31c19e core: add possibility to set action for ctrl-alt-del burst (#4105)
For some certification, it should not be possible to reboot the machine through ctrl-alt-delete. Currently we suggest our customers to mask the ctrl-alt-delete target, but that is obviously not enough.

Patching the keymaps to disable that is really not a way to go for them, because the settings need to be easily checked by some SCAP tools.
2016-10-06 21:08:21 -04:00
Evgeny Vereshchagin
36264e0de5 Merge pull request #4299 from poettering/variety
ioctl socket fixes, sd-bus error updates, resolved error addition, PAM stub process priv fix
2016-10-06 23:43:08 +03:00
Lennart Poettering
97f0e76f18 user-util: rework maybe_setgroups() a bit
Let's drop the caching of the setgroups /proc field for now. While there's a
strict regime in place when it changes states, let's better not cache it since
we cannot really be sure we follow that regime correctly.

More importantly however, this is not in performance sensitive code, and
there's no indication the cache is really beneficial, hence let's drop the
caching and make things a bit simpler.

Also, while we are at it, rework the error handling a bit, and always return
negative errno-style error codes, following our usual coding style. This has
the benefit that we can sensible hanld read_one_line_file() errors, without
having to updat errno explicitly.
2016-10-06 19:04:10 +02:00
Lennart Poettering
7429b2eb83 tree-wide: drop some misleading compiler warnings
gcc at some optimization levels thinks thes variables were used without
initialization. it's wrong, but let's make the message go anyway.
2016-10-06 19:04:10 +02:00
Lennart Poettering
2d6fce8d7c core: leave PAM stub process around with GIDs updated
In the process execution code of PID 1, before
096424d123 the GID settings where changed before
invoking PAM, and the UID settings after. After the change both changes are
made after the PAM session hooks are run. When invoking PAM we fork once, and
leave a stub process around which will invoke the PAM session end hooks when
the session goes away. This code previously was dropping the remaining privs
(which were precisely the UID). Fix this code to do this correctly again, by
really dropping them else (i.e. the GID as well).

While we are at it, also fix error logging of this code.

Fixes: #4238
2016-10-06 19:04:10 +02:00
Lennart Poettering
729c6467df sd-bus: add DNS errors to the errno translation table
We generate these, hence we should also add errno translations for them.
2016-10-06 19:04:10 +02:00
Lennart Poettering
6f21e066f6 resolved: properly handle BADCOOKIE DNS error
Add this new error code (documented in RFC7873) to our list of known errors.
2016-10-06 19:04:09 +02:00
Lennart Poettering
19526c6679 sd-bus: add a few missing entries to the error translation tables
These were forgotten, let's add some useful mappings for all errors we define.
2016-10-06 19:04:09 +02:00
Lennart Poettering
429b435026 sd-device/networkd: unify code to get a socket for issuing netdev ioctls on
As suggested here:

https://github.com/systemd/systemd/pull/4296#issuecomment-251911349

Let's try AF_INET first as socket, but let's fall back to AF_NETLINK, so that
we can use a protocol-independent socket here if possible. This has the benefit
that our code will still work even if AF_INET/AF_INET6 is made unavailable (for
exmple via seccomp), at least on current kernels.
2016-10-06 19:04:01 +02:00
Zbigniew Jędrzejewski-Szmek
cd35d461be mkosi: install Fedora 25
No need to look back at the past. Fedora 25 is here (almost).
2016-10-06 11:54:24 -04:00
Zbigniew Jędrzejewski-Szmek
a10744be42 mkosi: drop git clean
This is required after systemd/mkosi#25.
2016-10-06 11:54:24 -04:00
Zbigniew Jędrzejewski-Szmek
be9bc687d8 mkosi: disable our own cache
No point in spamming the fs.
2016-10-06 11:54:24 -04:00
Zbigniew Jędrzejewski-Szmek
fef05f7ae9 mkosi: create .mkosi directory
Since it looks like we'll wind up with a bunch of mkosi files for different
distros, it's probably better to keep them in a subdirectory.
2016-10-06 11:53:58 -04:00
Lennart Poettering
d21494ea25 update TODO 2016-10-06 17:27:23 +02:00
Lennart Poettering
e057995bb1 Merge pull request #4280 from giuseppe/unprivileged-user
[RFC] run systemd in an unprivileged container
2016-10-06 15:44:27 +02:00
Yu Watanabe
94f42fe3a6 units: systemd-udevd: add AF_INET and AF_INET6 to RestrictAddressFamilies= (#4296)
The udev builtin command `net_setup_link` requires AF_INET and AF_INET6.

Fixes #4293.
2016-10-06 15:40:53 +02:00
Lennart Poettering
8ffce876de Merge pull request #4199 from dvdhrm/hwdb-order
hwdb: return conflicts in a well-defined order
2016-10-06 11:58:13 +02:00
Giuseppe Scrivano
36d854780c core: do not fail in a container if we can't use setgroups
It might be blocked through /proc/PID/setgroups
2016-10-06 11:49:00 +02:00
Giuseppe Scrivano
f006b30bd5 audit: disable if cannot create NETLINK_AUDIT socket 2016-10-06 11:49:00 +02:00
Susant Sahani
197e280932 networkd: fix coding style (#4294) 2016-10-06 11:45:07 +02:00
Yuki Inoguchi
d2665e0866 journald, ratelimit: fix inaccurate message suppression in journal_rate_limit_test() (#4291)
Currently, the ratelimit does not handle the number of suppressed messages accurately.
Even though the number of messages reaches the limit, it still allows to add one extra messages to journal.

This patch fixes the problem.
2016-10-06 11:44:51 +02:00
Piotr Drąg
100a5f579d catalog,po: update Polish translation (#4290) 2016-10-05 22:59:37 +02:00
Giuseppe Scrivano
77531863ca Fix typo 2016-10-05 18:36:48 +02:00
Tobias Jungel
f6bb7ac5c6 networkd: use BridgeFDB as well on bridge ports (#4253)
[BridgeFDB] did not apply to bridge ports so far. This patch adds the proper
handling. In case of a bridge interface the correct flag NTF_MASTER is now set
in the netlink call. FDB MAC addresses are now applied in
link_enter_set_addresses to make sure the link is setup.
2016-10-05 17:06:40 +02:00
Zeal Jagannatha
110b7e909a Added ArchLinux config for mkosi (#4274) 2016-10-05 14:00:06 +02:00
hbrueckner
6abfd30372 seccomp: add support for the s390 architecture (#4287)
Add seccomp support for the s390 architecture (31-bit and 64-bit)
to systemd.

This requires libseccomp >= 2.3.1.
2016-10-05 13:58:55 +02:00
Djalal Harouni
41eb436265 nspawn: add log message to let users know that nspawn needs an empty /dev directory (#4226)
Fixes https://github.com/systemd/systemd/issues/3695

At the same time it adds a protection against userns chown of inodes of
a shared mount point.
2016-10-05 06:57:02 +02:00
Thomas H. P. Andersen
d4c08299f2 NEWS: typo fixes (#4285) 2016-10-04 20:41:46 +02:00
Stefan Schweter
629ff674ac tree-wide: remove consecutive duplicate words in comments 2016-10-04 17:06:25 +02:00
Michael Olbrich
5076f4219e list: LIST_INSERT_BEFORE: update head if necessary (#4261)
If the new item is inserted before the first item in the list, then the
head must be updated as well.
Add a test to the list unit test to check for this.
2016-10-04 16:15:37 +02:00
Michael Olbrich
c080fbce9c automount: make sure the expire event is restarted after a daemon-reload (#4265)
If the corresponding mount unit is deserialized after the automount unit
then the expire event is set up in automount_trigger_notify(). However, if
the mount unit is deserialized first then the automount unit is still in
state AUTOMOUNT_DEAD and automount_trigger_notify() aborts without setting
up the expire event.
Explicitly call automount_start_expire() during coldplug to make sure that
the expire event is set up as necessary.

Fixes #4249.
2016-10-04 16:13:27 +02:00
Lucas Werkmeister
1f4f4cf76c Typo (mathesmatches) (#4283) 2016-10-04 15:53:16 +02:00
andhe
20b8e666d3 po: updated Swedish translation (#4241)
* po: updated Swedish translation

* po: swedish: fix login vs write logs to confusion

Since previous commit (updated messages) there's now a mix of
different translation meanings for the same thing.
While both translations are technically correct I think the
meaning of the original messages are probably "to login" rather
than "to write log messages to". This commit switches all
translations to the "login" meaning.
2016-10-04 15:36:03 +02:00
Martin Pitt
bbe4743ba7 Merge pull request #4273 from keszybz/docs
Routing-domains-manpage tweak and NEWS update
2016-10-04 15:34:08 +02:00
Elias Probst
05ecf467ee Typo (virtiualizationvirtualization) (#4281) 2016-10-04 14:37:28 +02:00
Stefan Schweter
cfaf4b75e0 man: remove consecutive duplicate words (#4268)
This PR removes consecutive duplicate words from the man pages of:

* `resolved.conf.xml`
* `systemd.exec.xml`
* `systemd.socket.xml`
2016-10-03 17:09:54 +02:00
Alban Crequy
19caffac75 nspawn: set shared propagation mode for the container 2016-10-03 14:19:27 +02:00
Zbigniew Jędrzejewski-Szmek
1ef11fb628 build-sys: use non-breaking spaces in contributor list
I think it's easier to read peoples' names with this change.
2016-10-03 07:36:59 -04:00
Zbigniew Jędrzejewski-Szmek
4a77c53d64 NEWS: add another batch of entries 2016-10-03 07:36:59 -04:00
Zbigniew Jędrzejewski-Szmek
2df225294f man: rework the explanation of Domains=
Put more emphasis on the routing part. This is the more interesting
thing, and also more complicated and novel.

Explain "search domains" as the special case. Also explain the effect of
~. in more detail.
2016-10-03 07:36:59 -04:00
Zbigniew Jędrzejewski-Szmek
ba9fa3bc48 man: fix indentation in table
<entry>-ies must be a single line of text. Otherwise docbook does strange
things to the indentation.
2016-10-03 07:36:59 -04:00
Zbigniew Jędrzejewski-Szmek
a63ee40751 core: do not try to create /run/systemd/transient in test mode
This prevented systemd-analyze from unprivileged operation on older systemd
installations, which should be possible.
Also, we shouldn't touch the file system in test mode even if we can.
2016-10-01 22:53:17 +02:00