1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Commit Graph

2341 Commits

Author SHA1 Message Date
Ronny Chevalier
c270684afd tests: move fs-util related tests to test-fs-util.c 2016-03-03 19:04:06 +01:00
Ronny Chevalier
0999c8ade8 tests: move fd-util related tests to test-fd-util.c 2016-03-03 19:04:06 +01:00
Ronny Chevalier
f4c13ad76f tests: move stat-util related tests to test-stat-util.c 2016-03-03 19:04:06 +01:00
Ronny Chevalier
7ba365a9b2 tests: move cpu-set-util related tests to test-cpu-set-util.c 2016-03-03 18:46:58 +01:00
Ronny Chevalier
cd3510707a tests: move web-util related tests to test-web-util.c 2016-03-03 18:46:58 +01:00
Ronny Chevalier
b66de1f9d4 tests: move alloc related tests to test-alloc-util.c 2016-03-03 18:46:58 +01:00
Ronny Chevalier
45e0b1f68c tests: move escape related tests to test-escape.c 2016-03-03 18:46:58 +01:00
Ronny Chevalier
134714368e tests: move hexdecoct tests to test-hexdecoct.c 2016-03-03 18:46:58 +01:00
Zbigniew Jędrzejewski-Szmek
fed527aa5b test-sizeof: add a helper which prints variable sizes and signedness
This helps to understand misleading gcc warnings about type mismatches.
2016-03-02 10:42:27 -05:00
Zbigniew Jędrzejewski-Szmek
ada94e69cd test-selinux: add some simple tests which call functions and print the results and timings 2016-03-02 10:42:27 -05:00
Ronny Chevalier
50f130c286 test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
Ronny Chevalier
19c0b0b9a5 core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.

Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
2016-02-28 14:44:26 +01:00
Martin Pitt
6369641d6f clock-util: make clock_is_localtime() testable and add initial tests
Add path argument to clock_is_localtime() and default to "/etc/adjtime" if it's
NULL. This makes the function testable.

Add test-clock: initial test cases for some scenarios, using a temporary file.
This also checks the behaviour with a NULL (i. e. the system's /etc/adjtime)
file.
2016-02-26 11:28:49 +01:00
Martin Pitt
77d9510adc Merge pull request #2719 from evverx/add-test-to-makefile
tests: various fixes
2016-02-24 08:06:53 +01:00
Evgeny Vereshchagin
bd3bc54620 tests: add exec-capabilityambientset* to Makefile.am
This is a follow-up to 70d7aea5c
2016-02-23 17:01:12 +00:00
Evgeny Vereshchagin
5a7c1eaedd tests: add exec-runtimedirectory* to Makefile.am
This is a follow-up to cc3ddc851
2016-02-23 17:01:12 +00:00
Evgeny Vereshchagin
dcf7860e11 tests: add exec-spec-interpolation.service to Makefile.am
This is a follow-up to 2525499
2016-02-23 17:01:12 +00:00
Daniel Mack
232c84b2d2 Remove systemd-bootchart
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
2016-02-23 13:30:09 +01:00
Lennart Poettering
0f9ae7d73d build-sys: move shared/architecture.[ch] into basic/
After all, it is pretty generic, has no external deps besides libc, and is very
similar to virt.[ch] which is also in basic/
2016-02-22 23:23:06 +01:00
Lennart Poettering
13b3cdb91f build-sys: add missing header file to Makefile.am
Fixes: #2700
2016-02-22 21:55:22 +01:00
Lennart Poettering
8e1ad1eaf7 networkd: add basic LLDP transmission support
Let's add some minimalistic LLDP sender support. The idea is that this is
either on or off, and all fields determined automatically rather than
configured explicitly.
2016-02-21 20:58:59 +01:00
Lennart Poettering
34437b4f9c sd-lldp: rework sd-lldp API
This reworks the sd-lldp substantially, simplifying things on one hand, and
extending the logic a bit on the other.

Specifically:

- Besides the sd_lldp object only one other object is maintained now,
  sd_lldp_neighbor. It's used both as storage for literal LLDP packets, and for
  maintainging info about peers in the database. Separation between packet, TLV
  and chassis data is not maintained anymore. This should be a major
  simplification.

- The sd-lldp API has been extended so that a couple of per-neighbor fields may
  be queried directly, without iterating through the object. Other fields that
  may appear multiple times, OTOH have to be iterated through.

- The maximum number of entries in the neighbor database is now configurable
  during runtime.

- The generation of callbacks from sd_lldp objects is more restricted:
  callbacks are only invoked when actual data changed.

- The TTL information is now hooked with a timer event, so that removals from
  the neighbor database due to TTLs now result in a callback event.

- Querying LLDP neighbor database will now return a strictly ordered array, to
  guarantee stability.

- A "capabilities" mask may now be configured, that selects what type of LLDP
  neighbor data is collected. This may be used to restrict collection of LLDP
  info about routers instead of all neighbors. This is now exposed via
  networkd's LLDP= setting.

- sd-lldp's API to serialize the collected data to text files has been removed.
  Instead, there's now an API to extract the raw binary data from LLDP neighbor
  objects, as well as one to convert this raw binary data back to an LLDP
  neighbor object. networkd will save this raw binary data to /run now, and the
  client side can simply parse the information.

- support for parsing the more exotic TLVs has been removed, since we are not
  using that. Instead there are now APIs to extract the raw data from TLVs.
  Given how easy it is to parse the TLVs clients should do so now directly
  instead of relying on our APIs for that.

- A lot of the APIs that parse out LLDP strings have been simplified so that
  they actually return strings, instead of char arrays with a length. To deal
  with possibly dangerous characters the strings are escaped if needed.

- APIs to extract and format the chassis and port IDs as strings has been
  added.

- lldp.h has been simplified a lot. The enums are anonymous now, since they
  were never used as enums, but simply as constants. Most definitions we don't
  actually use ourselves have eben removed.
2016-02-21 20:40:56 +01:00
Lennart Poettering
032b27f534 sd-lldp: drop "port" object
Let's just keep the few parts we actually need of it in the main sd_lldp
object, so that we can simplify things quite a bit.

While we are at it, remove ifname and mac fields which we make no use of
whatsoever.
2016-02-20 22:42:29 +01:00
Martin Pitt
e4d86881d5 Merge pull request #2648 from keszybz/dnssec-work
Better support for DANE, shell completion
2016-02-19 07:50:50 +01:00
Zbigniew Jędrzejewski-Szmek
e81eb2874e systemd-resolve: initial shell completion
v2:
- use /sys/class/net to list interfaces,
  also copy the same code to systemd-nspawn
v3:
- do not propose "any" twice for --type
2016-02-18 11:50:53 -05:00
Zbigniew Jędrzejewski-Szmek
43a90c32c2 build-sys: remove duplicated entry in tests
test-dns-domain should be built and run even without ENABLE_RESOLVED.
2016-02-18 08:30:18 -05:00
Filipe Brandenburger
e49a8dcc29 build-sys: Do not build tests that depend on resolved when it has been disabled
If ./configure --disable-resolved has been used, do not try to build
test-dns-packet and test-resolve-tables which depend on it.

Previously, the SOURCES, LIBS and LDADDs for these tests were made conditional
while the main rules for them weren't, causing build failures trying to build a
binary with no sources.

This was uncovered when trying to build udeb for systemd in CI, which uses
--disable-resolved for a minimal build, which uncovered the issue.

Fixes #2651.
2016-02-18 00:39:38 -08:00
Lennart Poettering
61ecb465b1 resolved: turn on DNSSEC by default, unless configured otherwise
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.

DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
2016-02-16 15:22:05 +01:00
Lennart Poettering
8eff97a103 Merge pull request #2618 from zonque/busproxy-removal
remove bus-proxyd
2016-02-15 14:54:09 +01:00
Zbigniew Jędrzejewski-Szmek
7f6e804332 Promote systemd-activate to /usr/bin/systemd-socket-activate
It has fairly wide functionality now and the interface has been
stable for a while. It it a useful testing tool.

The name is changed to better indicate what it does.
2016-02-14 20:33:32 -05:00
Zbigniew Jędrzejewski-Szmek
06e948901a Merge pull request #2603 from poettering/drop-compat-libs
Some spring cleaning
2016-02-13 10:36:02 -05:00
Lennart Poettering
0655ef96fd build-sys: drop aufs-util.[ch]
Left over cruft from the dkr excercise.
2016-02-13 12:03:16 +01:00
Lennart Poettering
2621af5346 util-lib: drop json parser
This was used by the dkr logic, which is gone now, hence remove this too.
Should we need it one day again the git history never forgets...

Note that this only covers the JSON parser. The JSON generator used by
"journalctl -o json" remains, as its much much simpler and requires no
infrastructure except printf() and the most basic escaping.
2016-02-13 11:57:14 +01:00
Lennart Poettering
4de282cf93 build-sys: drop libsystemd-{id128,daemon,login,journal}.so compat libs
They have long been obsolete, and upstream distros and packages have mostly
switched over, let's get rid of it for good.
2016-02-13 11:57:14 +01:00
Lennart Poettering
91ba5ac7d0 Merge pull request #2589 from keszybz/resolve-tool-2
Better support of OPENPGPKEY, CAA, TLSA packets and tests
2016-02-13 11:15:41 +01:00
Zbigniew Jędrzejewski-Szmek
718af59e9a resolve: always align flags to 8th column and print CAA flags
Left-over unknown flags are printed numerically. Otherwise,
it wouldn't be known what bits are remaining without knowning
what the known bits are.

A test case is added to verify the flag printing code:
============== src/resolve/test-data/fake-caa.pkts ==============
google.com. IN CAA   0 issue "symantec.com"
google.com. IN CAA   128 issue "symantec.com"
        -- Flags: critical
google.com. IN CAA   129 issue "symantec.com"
        -- Flags: critical 1
google.com. IN CAA   22 issue "symantec.com"
        -- Flags: 22
2016-02-12 20:00:42 -05:00
Zbigniew Jędrzejewski-Szmek
fa45182ed6 Fix hashing of TLSA packets
Also add example files with TLSA and SSHFP records.
2016-02-12 20:00:42 -05:00
Zbigniew Jędrzejewski-Szmek
fff85dbe15 test-dns-packet: allow running without arguments 2016-02-12 20:00:42 -05:00
Zbigniew Jędrzejewski-Szmek
6d99904f5a test-dns-packet: add framework to read and dump packets
Packets are stored in a simple format:
<size> <packet-wire-format> <size> <packet-wire-format> ...

Packets for some example domains are dumped, to test rr code for various
record types. Currently:
A
AAAA
CAA
DNSKEY
LOC
MX
NS
NSEC
OPENPGPKEY
SOA
SPF
TXT

The hashing code is executed, but results are not checked.

Also build other tests in src/resolve only with --enable-resolve.
2016-02-12 20:00:42 -05:00
Daniel Mack
798c486fbc remove bus-proxyd
As kdbus won't land in the anticipated way, the bus-proxy is not needed in
its current form. It can be resurrected at any time thanks to the history,
but for now, let's remove it from the sources. If we'll have a similar tool
in the future, it will look quite differently anyway.

Note that stdio-bridge is still available. It was restored from a version
prior to f252ff17, and refactored to make use of the current APIs.
2016-02-12 19:10:01 +01:00
Daniel Mack
9ca6ff50ab Remove kdbus custom endpoint support
This feature will not be used anytime soon, so remove a bit of cruft.

The BusPolicy= config directive will stay around as compat noop.
2016-02-11 22:12:04 +01:00
Lennart Poettering
c8b166b3ea Merge pull request #2587 from haraldh/tpmv3
sd-boot: put hashed kernel command line in a PCR of the TPM
2016-02-11 20:38:03 +01:00
Zbigniew Jędrzejewski-Szmek
4ac2ca1bdb systemd-resolve: allow easy querying of openpgp keys
$ systemd-resolve --openpgp zbyszek@fedoraproject.org
d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY
        mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlM
        yfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAyn
        ...
2016-02-11 13:12:41 -05:00
Zbigniew Jędrzejewski-Szmek
91e023d896 Move initialize_libgcrypt to separate file
It's annoying to have the exact same function in three places.
It's stored in src/shared, but it's not added to the library to
avoid the dependency on libgcrypt.
2016-02-11 13:12:40 -05:00
Harald Hoyer
92ed3bb49e sd-boot: put hashed kernel command line in a PCR of the TPM
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.

Because manually added LoadOptions are not taken into account, these
should be recorded also.

This patch logs and extends a TPM PCR register with the LoadOptions.

This feature can be enabled with configure --enable-tpm

The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
2016-02-11 17:48:09 +01:00
Lennart Poettering
cf92d86020 build-sys: bump so version 2016-02-11 13:16:39 +01:00
Evgeny Vereshchagin
586bedd41a build-sys: add TEST-06-SELINUX to dist
This is a follow-up to https://github.com/systemd/systemd/pull/2493
2016-02-10 18:20:45 +00:00
Evgeny Vereshchagin
09f6f45a29 tests: add test for https://github.com/systemd/systemd/issues/1981 2016-02-10 18:19:08 +00:00
Lennart Poettering
888e378da2 coredump: dump priviliges when processing system coredumps
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system
user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump
was created under.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-10 16:09:24 +01:00
Lennart Poettering
3c171f0b1e coredump: rework coredumping logic
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data
about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a
stacktrace and writes the coredump to disk.

This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and
hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust=
and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally
priorized processes.

This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until
/var/systemd/coredump is mounted and writable.

Fixes: #2286
2016-02-10 16:08:32 +01:00
Lennart Poettering
f50cd2b2f5 build-sys: move coredump logic into subdir of its own 2016-02-10 14:32:27 +01:00
Daniel Mack
684d3dabef Makefile.am: remove some relicts 2016-02-10 13:27:24 +01:00
Lennart Poettering
14f4532026 Merge pull request #2543 from keszybz/build-sys-and-man-fixes
Build sys and man fixes
2016-02-08 12:52:39 +01:00
Zbigniew Jędrzejewski-Szmek
17163897d4 build-sys: simplify conditionals around shell completion files
Repeating those conditionals for every program is
annoying. Use a helper variable to avoid conditionals.

Also always add generated completion files to CLEANFILES.
2016-02-06 17:54:48 -05:00
Zbigniew Jędrzejewski-Szmek
4c32f2c96b build-sys: move CLEANFILES additions out from under HAVE_GNUEFI
It's better to always include them in 'make clean'.
It is also easier to read Makefile.am when less stuff is conditional.
2016-02-06 17:54:47 -05:00
Lennart Poettering
7732f92bad nspawn: optionally run a stub init process as PID 1
This adds a new switch --as-pid2, which allows running commands as PID 2, while a stub init process is run as PID 1.
This is useful in order to run arbitrary commands in a container, as PID1's semantics are different from all other
processes regarding reaping of unknown children or signal handling.
2016-02-03 23:58:24 +01:00
Lennart Poettering
c5c41f1e57 Merge pull request #2510 from msekletar/journalctl-dev-sda-v4
journalctl: make "journalctl /dev/sda" work
2016-02-02 19:34:39 +01:00
Michal Sekletar
795ab08f78 journalctl: make "journalctl /dev/sda" work
Currently when journalctl is called with path to block device node we
add following match _KERNEL_DEVICE=b$MAJOR:$MINOR.

That is not sufficient to actually obtain logs about the disk because
dev_printk() kernel helper puts to /dev/kmsg information about the
device in following format, +$SUBSYSTEM:$ADDRESS,
e.g. "+pci:pci:0000:00:14.0".

Now we will walk upward the syspath and add match for every device in
format produced by dev_printk() as well as match for its device node if
it exists.
2016-02-02 16:46:28 +01:00
Michael Olbrich
4709152273 resolved: allow building without libgcrypt 2016-01-31 23:54:12 +01:00
Lennart Poettering
dcabda4155 Merge pull request #2469 from keszybz/resolved-2
Resolved 2
2016-01-30 15:04:56 +01:00
Zbigniew Jędrzejewski-Szmek
c7472ce088 test-resolve-tables: new "test", useful to print mappings 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek
fc8eec10f6 resolved: calculate and print tags for DNSKEY records 2016-01-29 12:13:06 -05:00
Lennart Poettering
6c38b6c04e build-sys: install systemd-resolve in /usr/bin
The command has a man page now and is public, hence add it to /usr/bin.
2016-01-29 14:45:41 +01:00
Lennart Poettering
0c5eb0562a nss: block various signals while running NSS lookups
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be
interrupted where they should (SIGINT, ...).

Fixes #1965
2016-01-27 02:22:58 +01:00
Lennart Poettering
47889a8367 Merge pull request #2446 from keszybz/ask-password
Ask password unicode fix
2016-01-26 23:42:38 +01:00
Zbigniew Jędrzejewski-Szmek
8a1baa3ad1 test-ask-password-api: add a manual test for password reading 2016-01-26 17:07:14 -05:00
Lennart Poettering
0061695507 networkd: use an OrderedSet instead of Set to collect link domains
For the search domain logic the order is highly relevant, hence make sure when collecting the various search domains to
add them to an ordered set, so that the order between search domains of a specific link is retained.
2016-01-26 14:42:03 +01:00
Zbigniew Jędrzejewski-Szmek
ce245c842b build-sys: provide fallback value for xsltproc
Commit ab6f56debf made the change to allow building man pages even when disabled
with ./configure --disable-manpages. This works fine, as long as xsltproc is
present. If xsltproc is not present, the command to build a man page (obviously)
fails. Unfortnately it fails with a cryptic message '-o not found', because
$(XSLTPROC) is empty. Add a fallback, to use 'xsltproc' is $(XSLTPROC) is not
defined. This way we get a nice message:

make: xsltproc: Command not found
2016-01-25 19:10:46 -05:00
Lennart Poettering
dd0bc0f141 resolved: synthesize RRs for data from /etc/hosts
This way the difference between lookups via NSS and our native bus API should become minimal.
2016-01-25 17:19:19 +01:00
Lennart Poettering
b5eb973b39 resolve: rename "systemd-resolve-host" tool to simply "systemd-resolve"
The tool resolves way more than just hosts, hence give it a more generic name. This should be safe, as the tool is
currently undocumented. Before we add documentation for it, let's get the name right.

This also moves the C source into src/resolve/ (from src/resolve-host/), since the old name is a misnomer now. Also,
since it links directly to many of the C files of resolved it really belongs into resolved's directory anyway.
2016-01-25 16:00:28 +01:00
Lennart Poettering
839a4a20d8 resolved: split out RR synthesis logic into its own C file
Also, while we are at it, set the "authenticated" bit for everything we synthesize
2016-01-25 15:59:40 +01:00
Lennart Poettering
d90833c93c Merge pull request #2054 from keszybz/nss-link-less-2
Nss link less 2
2016-01-20 17:39:07 +01:00
Tom Gundersen
f7e29f72bf Merge pull request #2372 from poettering/dnssec17
resolved bus API improvements
2016-01-20 11:30:20 +01:00
Lennart Poettering
3abaabdab7 resolved: expose bus objects for each Link
The link objects expose as properties the current settings made with SetLinkDNS() and related calls, plus some more
information.
2016-01-19 21:56:54 +01:00
Daniel Mack
d619a0c4a5 Merge pull request #2373 from keszybz/man-api-build-3
Man page grammar and build tweaks v3
2016-01-19 20:44:58 +01:00
Zbigniew Jędrzejewski-Szmek
ab6f56debf build-sys: allow building man pages even if disabled in ./configure
This is purely for developer convenience: building man pages is slow
so people tend to disable them when not working on documentation. But
sometimes it is useful to build the man page to look something up,
especially when working on an older machine which has outdated
documentation, or to test some change to documentation. The rules to build
man pages are now outside of the ENABLE_MANPAGES conditional, but they
are not used unless manually invoked, and only the inclusion of man
pages in build and install targets is affected by the conditional.

Also, more generated files are removed in clean, which seems to be
good thing, and Makefile.am is simplified.
2016-01-18 16:19:13 -05:00
Lennart Poettering
412577e3c8 resolved: add complex test case
This new test case tries to resolve a couple of known domains, to verify the validation results. It talks to resolved
via the bus, thus comprehensively testing the whole shebang.

Of course, it requires network connectivity and a DNSSEC capable DNS server, hence this is a manual test.
2016-01-17 20:47:46 +01:00
Lennart Poettering
7e48712407 Merge pull request #2131 from evverx/regenerate-m4-on-reconfigure
build-sys: regenerate %.m4 -> % on reconfigure
2016-01-12 20:35:55 +01:00
Lennart Poettering
758dd67e8d basic: split hash functions into their own header files
The hash operations are not really that specific to hashmaps, hence split them into a .c module of their own.
2016-01-11 19:39:59 +01:00
Tom Gundersen
4b4310db94 Merge pull request #2276 from poettering/dnssec12
Twelfth DNSSEC PR
2016-01-07 15:05:58 +01:00
Evgeny Vereshchagin
70fd79177f build-sys: valgrind-tests: exclude python scripts too 2016-01-07 10:01:45 +00:00
Lennart Poettering
af49ca27ff resolved,networkd: unify ResolveSupport enum
networkd previously knew an enum "ResolveSupport" for configuring
per-interface LLMNR support, resolved had a similar enum just called
"Support", with the same value and similar pasers.

Unify this, call the enum ResolveSupport, and port both daemons to it.
2016-01-05 17:30:51 +01:00
Evgeny Vereshchagin
4854dc589f build-sys: fix valgrind-tests
Fixes:
```
$ make valgrind-tests TESTS=test-acl-util
  GEN      valgrind-tests
  Running test-acl-util
  /bin/bash: line 4: libtool: command not found
```
2015-12-29 07:44:56 +00:00
Evgeny Vereshchagin
5433c3e1a3 build-sys: fix --disable-tests
Fixes:
$ ./configure ... --disable-tests
$ make
$ sudo make check
FAIL: test/udev-test.pl
PASS: test/rule-syntax-check.py
PASS: test/sysv-generator-test.py
...
2015-12-13 07:50:11 +00:00
Lennart Poettering
b43d75c378 importd: drop dkr support
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
2015-12-10 16:54:41 +01:00
Lennart Poettering
312501458d Merge pull request #2086 from evverx/fix-journal-upload-installation
build: fix systemd-journal-upload installation
2015-12-10 12:05:26 +01:00
Lennart Poettering
e4b0e86225 Merge pull request #2056 from evverx/expose-soft-limits-on-the-bus
Expose soft limits on the bus
2015-12-10 11:20:03 +01:00
Evgeny Vereshchagin
f39675846a build-sys: regenerate %.m4 -> % on reconfigure
Fixes:
```
$ ./configure ... --enable-resolved
$ make
$ cat tmpfiles.d/etc.conf
...
L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
...
$ ./configure ... --disable-resolved
$ make
$ cat tmpfiles.d/etc.conf
...
L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
...
```
2015-12-10 02:41:08 +00:00
Evgeny Vereshchagin
e400d4b3f5 build: fix systemd-journal-upload installation
Fixes:

$ ./configure ... --disable-microhttpd --enable-libcurl
--enable-sysusers
$ make && make install DESTDIR=$(pwd)/INST
$ ls INST/usr/lib/sysusers.d/
basic.conf  systemd.conf

There is no a file with `systemd-journald-upload`
2015-12-09 03:48:56 +00:00
Evgeny Vereshchagin
955c5010c1 build-sys: move "dist" parts out of conditionals
This is a follow-up for commit f47477332f
2015-12-08 21:39:42 +00:00
Tom Gundersen
319c29920c Merge pull request #2115 from dvdhrm/rbtree
basic: add RB-Tree implementation
2015-12-08 17:31:09 +01:00
Daniel Mack
bc7702b098 resolved: add infrastructure for mDNS related sockets
Just hook up mDNS listeners with an empty packet dispather function,
introduce a config directive, man page updates etc.
2015-12-08 16:37:40 +01:00
Zbigniew Jędrzejewski-Szmek
2af917de2d Merge pull request #2104 from evverx/rlimit-util-test
tests: add test-rlimit-util
2015-12-07 23:47:45 -05:00
Evgeny Vereshchagin
7118d2f795 build-sys: remove dist-check-python
added: 279419b379
obsoleted: 2c8849add4
2015-12-08 02:33:52 +00:00
David Herrmann
a0e4cae820 basic: add RB-Tree implementation
This adds an self-standing RB-Tree implementation to src/basic/. This
will be needed for NSEC RR lookups, since we need "close lookups", which
hashmaps (not even ordered-hashmaps) can give us in reasonable time.
2015-12-07 18:34:05 +01:00
Evgeny Vereshchagin
5414b34c4b tests: disable hard errors
we don't use it
https://www.gnu.org/software/automake/manual/automake.html#Scripts_002dbased-Testsuites
2015-12-07 09:43:43 +00:00
Evgeny Vereshchagin
fe39daf2c1 tests: add test-rlimit-util 2015-12-07 09:41:15 +00:00
Evgeny Vereshchagin
abd544d576 build-sys: remove unnecessary check
added: 65adc982d
obsoleted: 2c8849add
2015-12-07 07:05:42 +00:00
Lennart Poettering
1fbcad80f0 Merge pull request #2095 from evverx/fix-distcheck-for-disable-timesync
build-sys: move "dist" parts out of conditional
2015-12-06 20:58:11 +01:00
Evgeny Vereshchagin
f47477332f build-sys: move "dist" parts out of conditional
Fixes:
$ ./autogen.sh
$ ./configure ... --disable-timesyncd
$ make distcheck
...
make[1]: *** No rule to make target 'src/timesync/timesyncd-gperf.gperf', needed by 'src/timesync/timesyncd-gperf.c'.  Stop.
2015-12-04 06:26:34 +00:00
Lennart Poettering
0d2cd47617 resolved: add a simple trust anchor database as additional RR source
When doing DNSSEC lookups we need to know one or more DS or DNSKEY RRs
as trust anchors to validate lookups. With this change we add a
compiled-in trust anchor database, serving the root DS key as of today,
retrieved from:

https://data.iana.org/root-anchors/root-anchors.xml

The interface is kept generic, so that additional DS or DNSKEY RRs may
be served via the same interface, for example by provisioning them
locally in external files to support "islands" of security.

The trust anchor database becomes the fourth source of RRs we maintain,
besides, the network, the local cache, and the local zone.
2015-12-03 21:17:49 +01:00
Tom Gundersen
5fa3be82e5 Merge pull request #1934 from martinpitt/master
tests: add networkd integration test
2015-12-03 18:22:06 +01:00
Lennart Poettering
2b442ac878 resolved: add basic DNSSEC support
This adds most basic operation for doing DNSSEC validation on the
client side. However, it does not actually add the verification logic to
the resolver. Specifically, this patch only includes:

- Verifying DNSKEY RRs against a DS RRs
- Verifying RRSets against a combination of RRSIG and DNSKEY RRs
- Matching up RRSIG RRs and DNSKEY RRs
- Matching up RR keys and RRSIG RRs
- Calculating the DNSSEC key tag from a DNSKEY RR

All currently used DNSSEC combinations of SHA and RSA are implemented. Support
for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably
obsolete, and shouldn't be added. EC should probably be added
eventually, if it actually is deployed on the Internet.
2015-12-02 22:50:11 +01:00
Zbigniew Jędrzejewski-Szmek
5bb5b236fe test-acl-util: add new test
For now, only add_acls_for_user is tested. When run under root, it
actually sets the acls. When run under non-root, it sets the acls for
the user, which does nothing, but at least calls the functions.
2015-11-28 18:47:34 -05:00
Evgeny Vereshchagin
68a8f17775 tests: add basic rlimits test 2015-11-28 16:47:56 +00:00
Zbigniew Jędrzejewski-Szmek
8c78165d43 nss-resolve: link less
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp.
2015-11-27 21:00:44 -05:00
Zbigniew Jędrzejewski-Szmek
d6ce77dbc2 nss-mymachines: link less
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp.
2015-11-27 21:00:44 -05:00
Zbigniew Jędrzejewski-Szmek
b4a4417ca8 nss-myhostname: link less
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp.
2015-11-27 20:53:35 -05:00
Lennart Poettering
6b25959dfa util-lib: move nss-util.h from shared/ to basic/
The header file defines some helpers for GLIBC NSS and doesn't include
anything else but glibc headers, hence there's little reason to keep it
in shared/.

See: #2008
2015-11-27 19:23:29 +01:00
Lennart Poettering
4afd3348c7 tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.

With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.

The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).

This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.

Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:

       #define _cleanup_(function) __attribute__((cleanup(function)))

Or similar, to make the gcc feature easier to use.

Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.

See #2008.
2015-11-27 19:19:36 +01:00
Lennart Poettering
d353a16d1f Merge pull request #1937 from evverx/fix-stdout-parsing
Fix stdout stream parsing
2015-11-27 14:03:49 +01:00
Martin Pitt
4ddb85b18b tests: add networkd integration test
This uses temporary configuration in /run and temporary veth devices, and does
not write anything on disk or change any system configuration; but it assumes
(and checks at the beginning) that networkd is not currently running.

This can be run on a normal installation, in QEMU, nspawn, or LXC.

As this requires root privileges, this is not integrated into "make check".
2015-11-27 11:53:07 +01:00
Lennart Poettering
a51c10485a resolved: add a generic DnsSearchDomain concept
With this change, we add a new object to resolved, "DnsSearchDomain="
which wraps a search domain. This is then used to introduce a global
search domain list, in addition to the existing per-link search domain
list which is reword to make use of this new object too.

This is preparation for implement proper unicast DNS search domain
support.
2015-11-25 21:58:38 +01:00
Lennart Poettering
f8dc7e343d resolved: split out all code dealing with /etc/resolv.conf into its own .c file
No functional changes.
2015-11-25 21:58:37 +01:00
Daniel Mack
9e6a4d57b6 Merge pull request #1996 from eworm-de/editorconfig
add editorconfig configuration
2015-11-23 18:17:57 +01:00
Christian Hesse
db787e7926 add editorconfig configuration
We want indention with spaces, so specify in editorconfig.
http://editorconfig.org/
2015-11-23 12:32:59 +01:00
Evgeny Vereshchagin
ceb2840951 build: install bash completion for systemd-path
This is a follow-up for commit e50e53876f
2015-11-21 07:19:12 +00:00
Tom Gundersen
c665ffa9b1 Merge pull request #1962 from mbiebl/install-completion-networkctl
build: install bash completion for networkctl
2015-11-20 04:04:24 +01:00
Michael Biebl
e7035a4779 build: install bash completion for networkctl
This is a follow-up for commit e4f246b1b5.
2015-11-19 17:41:41 +01:00
David Herrmann
dd050decb6 build: bump version numbers
Prepare for v228 release and bump version numbers.
2015-11-18 08:59:06 +01:00
Evgeny Vereshchagin
1c36b4a73b tests: add basic journal test 2015-11-17 23:46:31 +00:00
Lennart Poettering
233f353a22 Merge pull request #1909 from keszybz/filetriggers-v2
Move daemon-reload from package %post scripts to file triggers
2015-11-17 12:30:44 +01:00
Zbigniew Jędrzejewski-Szmek
873e413323 Move daemon-reload from package %post scripts to file triggers
This uses new functionality added in rpm 4.13. Instead of doing
one daemon-reload per packages, we do just one or two
(When both installing and uninstalling packages, we do
two. Unfortunately this also includes the common case of upgrades.
When only installing or when only installing, we do just one.)

New file triggers.systemd can be built, but the contents have
to be copied into the rpm spec file by hand. Using %{load} does
not seem to work. It can serve as documentation.
2015-11-15 18:38:37 -05:00
Kay Sievers
eee15abcdb hwdb: update 2015-11-14 09:54:17 +01:00
Lennart Poettering
0ec0deaa30 install: follow unit file symlinks in /usr, but not /etc when looking for [Install] data
Some distributions use alias unit files via symlinks in /usr to cover
for legacy service names. With this change we'll allow "systemctl
enable" on such aliases.

Previously, our rule was that symlinks are user configuration that
"systemctl enable" + "systemctl disable" creates and removes, while unit
files is where the instructions to do so are store. As a result of the
rule we'd never read install information through symlinks, since that
would mix enablement state with installation instructions.

Now, the new rule is that only symlinks inside of /etc are
configuration. Unit files, and symlinks in /usr are now valid for
installation instructions.

This patch is quite a rework of the whole install logic, and makes the
following addional changes:

- Adds a complete test "test-instal-root" that tests the install logic
  pretty comprehensively.

- Never uses canonicalize_file_name(), because that's incompatible with
  operation relative to a specific root directory.

- unit_file_get_state() is reworked to return a proper error, and
  returns the state in a call-by-ref parameter. This cleans up confusion
  between the enum type and errno-like errors.

- The new logic puts a limit on how long to follow unit file symlinks:
  it will do so only for 64 steps at max.

- The InstallContext object's fields are renamed to will_process and
  has_processed (will_install and has_installed) since they are also
  used for deinstallation and all kinds of other operations.

- The root directory is always verified before use.

- install.c is reordered to place the exported functions together.

- Stricter rules are followed when traversing symlinks: the unit suffix
  must say identical, and it's not allowed to link between regular units
  and templated units.

- Various modernizations

- The "invalid" unit file state has been renamed to "bad", in order to
  avoid confusion between UNIT_FILE_INVALID and
  _UNIT_FILE_STATE_INVALID. Given that the state should normally not be
  seen and is not documented this should not be a problematic change.
  The new name is now documented however.

Fixes #1375, #1718, #1706
2015-11-12 17:57:04 +01:00
Michal Sekletar
100582b8cc build-sys: fix dependencies
update-man-list needs man/custom-entities.ent. Bug is nicely reproducible when
running make update-man-list.
2015-11-12 14:07:41 +01:00
Filipe Brandenburger
4c80d201ac test-execute: Add tests for new PassEnvironment= directive
Check the base case, plus erasing the list, listing the same variable
name more than once and when variables are absent from the manager
execution environment.

Confirmed that `sudo ./test-execute` passes and that modifying the test
cases (or the values of the set variables in test-execute.c) is enough
to make the test cases fail.
2015-11-11 07:55:23 -08:00
Zbigniew Jędrzejewski-Szmek
36b4a7ba55 Remove snapshot unit type
Snapshots were never useful or used for anything. Many systemd
developers that I spoke to at systemd.conf2015, didn't even know they
existed, so it is fairly safe to assume that this type can be deleted
without harm.

The fundamental problem with snapshots is that the state of the system
is dynamic, devices come and go, users log in and out, timers fire...
and restoring all units to some state from the past would "undo"
those changes, which isn't really possible.

Tested by creating a snapshot, running the new binary, and checking
that the transition did not cause errors, and the snapshot is gone,
and snapshots cannot be created anymore.

New systemctl says:
Unknown operation snapshot.
Old systemctl says:
Failed to create snapshot: Support for snapshots has been removed.

IgnoreOnSnaphost settings are warned about and ignored:
Support for option IgnoreOnSnapshot= has been removed and it is ignored

http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
2015-11-10 19:33:06 -05:00
Evgeny Vereshchagin
5c404f1ab8 tests: various fixes
* remove journal flushing (systemd-journal-flush.service runs journalctl --flush on boot)
* use sh -c and PATH instead of @SYSTEMCTL@ expansion
* remove unnecessary semicolons etc
2015-11-10 18:01:15 +00:00
Tom Gundersen
0f8980e48b sd-pppoe: drop
It is really unclear if we want to / have the resources to support this fully, so drop it
for now. It can easily be brought back if a killer usecase emerges.

Note that this code was never hooked up, so this does not remove any features.
2015-11-03 16:14:12 +01:00
Lennart Poettering
9fe4ea21be string-util: rework memory_erase() so that it cannot be optimized away
memory_erase() so far just called memset(), which the compiler might
optimize away under certain conditions if it feels there's benefit in
it. C11 knows a new memset_s() call that is like memset(), but may not
be optimized away. Ideally, we'd just use that call, but glibc currently
does not support it. Hence, implement our own simplistic version of it.

We use a GCC pragma to turn off optimization for this call, and also use
the "volatile" keyword on the pointers to ensure that gcc will use the
pointers as-is. According to a variety of internet sources, either one
does the trick. However, there are also reports that at least the
volatile thing isn't fully correct, hence let's add some snake oil and
employ both techniques.

https://news.ycombinator.com/item?id=4711346
2015-11-02 23:07:20 +01:00
Ronny Chevalier
aa8e00da54 test-path: move all related test files to a specific directory
To avoid polluting test/
2015-10-31 15:07:19 +01:00
Ronny Chevalier
ac40081621 test-execute: move all files related to a specific directory
To avoid polluting test/
2015-10-31 15:07:19 +01:00
Ronny Chevalier
7d0f09a932 build-sys: add missing test files to EXTRA_DIST 2015-10-31 15:07:19 +01:00
Ronny Chevalier
a622675862 test-execute: add tests for IOSchedulingClass 2015-10-31 15:07:19 +01:00
Ronny Chevalier
c388dfea5a test-execute: add tests for OOMScoreAdjust 2015-10-31 15:07:19 +01:00
Ronny Chevalier
03bd70dd01 test-execute: add test for EnvironmentFile 2015-10-31 15:07:19 +01:00
Ronny Chevalier
63447f1153 test-execute: add test for PrivateNetwork 2015-10-31 15:07:19 +01:00
Filipe Brandenburger
bb269eed0e test-parse-util: Move parse-util tests into their own test case
Tests for the functions defined in src/basic/parse-util.c. Reorder them
to match the order in which the functions are defined in the source
file. Adjusted the list of include files to remove the ones no longer
needed in test-util.c.

Tested that `make check` still passes as expected. Also checked the
number of lines removed from test-util.c matches the expected, as an
additional verification that no tests were dropped or duplicated in the
move.
2015-10-28 08:17:10 -07:00
Filipe Brandenburger
23a3c91617 test-extract-word: Move extract-word tests into their own test case
Tests for the functions defined in src/basic/extract-word.c.

Tested that `make check` still passes as expected.
2015-10-28 08:16:00 -07:00
Boyuan Yang
e0c7a4e07d l10n: add zh_CN translation. 2015-10-28 16:40:41 +08:00
Lennart Poettering
b5efdb8af4 util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
Lennart Poettering
7d50b32a12 util-lib: split out globbing related calls into glob-util.[ch] 2015-10-27 13:25:58 +01:00
Lennart Poettering
15a5e95075 util-lib: split out printf() helpers to stdio-util.h 2015-10-27 13:25:57 +01:00
Lennart Poettering
49cf4170d0 util-lib: move web-related calls into web-util.[ch] 2015-10-27 13:25:57 +01:00
Lennart Poettering
7ccbd1ae84 util-lib: split out syslog-related calls into syslog-util.[ch] 2015-10-27 13:25:57 +01:00
Lennart Poettering
4e731273ed util-lib: move /proc/cmdline parsing code to proc-cmdline.[ch] 2015-10-27 13:25:57 +01:00
Lennart Poettering
430f0182b7 src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → capability-util.[ch]
The files are named too generically, so that they might conflict with
the upstream project headers. Hence, let's add a "-util" suffix, to
clarify that this are just our utility headers and not any official
upstream headers.
2015-10-27 13:25:57 +01:00
Lennart Poettering
affb60b1ef util-lib: split out umask-related code to umask-util.h 2015-10-27 13:25:56 +01:00
Lennart Poettering
8b43440b7e util-lib: move string table stuff into its own string-table.[ch] 2015-10-27 13:25:56 +01:00
Lennart Poettering
8fcde01280 util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch] 2015-10-27 13:25:56 +01:00
Lennart Poettering
f4f15635ec util-lib: move a number of fs operations into fs-util.[ch] 2015-10-27 13:25:56 +01:00
Lennart Poettering
c8b3094de5 util-lib: split out file attribute calls to chattr-util.[ch] 2015-10-27 13:25:56 +01:00
Lennart Poettering
89a5a90cb0 util-lib: split xattr-related calls into xattr-util.[ch] 2015-10-27 13:25:56 +01:00
Lennart Poettering
a09561746f util-lib: introduce dirent-util.[ch] for directory entry calls
Also, move a couple of more path-related functions to path-util.c.
2015-10-27 13:25:56 +01:00
Lennart Poettering
78f22b973f util-lib: split out resource limits related calls into rlimit-util.[ch] 2015-10-27 13:25:56 +01:00
Lennart Poettering
4349cd7c1d util-lib: move mount related utility calls to mount-util.[ch] 2015-10-27 13:25:55 +01:00
Lennart Poettering
e4e73a6325 util-lib: split out hex/dec/oct encoding/decoding into its own file 2015-10-27 13:25:55 +01:00
Lennart Poettering
6bedfcbb29 util-lib: split string parsing related calls from util.[ch] into parse-util.[ch] 2015-10-27 13:25:55 +01:00
Lennart Poettering
81a56d6f42 util-lib: move ether_addr_to_string() into ether-addr-util.c 2015-10-26 01:24:39 +01:00
Lennart Poettering
d02608170e util: remove lookup_uid(), replace by uid_to_name()
So far we had two pretty much identical calls in user-util.[ch]:
lookup_uid() and uid_to_name(). Get rid of the former, in favour of the
latter, and while we are at it, rewrite it, to use getpwuid_r()
correctly, inside an allocation loop, as POSIX intended.
2015-10-26 01:24:38 +01:00
Lennart Poettering
b1d4f8e154 util-lib: split out user/group/uid/gid calls into user-util.[ch] 2015-10-26 01:24:38 +01:00
Lennart Poettering
c004493cde util-lib: split out IO related calls to io-util.[ch] 2015-10-26 01:24:38 +01:00
Lennart Poettering
f00022dd12 util-lib: move formats-util.h from shared/ to basic/
It's only a header file, definining format strings for basic system
types, hence it should be in src/basic/, not src/shared/.
2015-10-25 13:19:18 +01:00
Lennart Poettering
3ffd4af220 util-lib: split out fd-related operations into fd-util.[ch]
There are more than enough to deserve their own .c file, hence move them
over.
2015-10-25 13:19:18 +01:00
Lennart Poettering
07630cea1f util-lib: split our string related calls from util.[ch] into its own file string-util.[ch]
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.

This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.

Also touches a few unrelated include files.
2015-10-24 23:05:02 +02:00
Lennart Poettering
4f5dd3943b util: split out escaping code into escape.[ch]
This really deserves its own file, given how much code this is now.
2015-10-24 23:04:42 +02:00
Lennart Poettering
84ac7bea36 util: split out extract_first_word() and related calls into extract-word.[ch]
This is quite a lot of code these days, hence move it to its own source
file.
2015-10-24 23:03:49 +02:00
Sangjung Woo
5dfcb8d200 units: add 'SmackFileSystemRoot=*' option into tmp.mount
If SMACK is enabled, 'smackfsroot=*' option should be specified when
/tmp is mounted since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.

In order to do that, 'SmackFileSystemRoot=*' is newly added into
tmp.mount.
2015-10-24 20:54:21 +09:00
Tom Gundersen
a13c50e7a3 networkd: ndisc - split out from dhcp6 code 2015-10-22 17:19:54 +02:00
Tom Gundersen
940367a0ab libsystemd-network: split icm6-util.[ch] out of dhcp6 code 2015-10-22 17:19:54 +02:00
Tom Gundersen
3ad0c5d8a4 sd-icmp6-nd: rename files to sd-ndisc
The actual code rename will follow. The reason for the change of name is to make it
simpler and more uniform with how we name other libraries (we don't include the
underlying protocol). The new name also matches the naming in the kernel (which
is particularly relevent here as we expect to let the kernel do some parts of
the protocol and we do others).
2015-10-22 17:19:54 +02:00
Lennart Poettering
bf1ae29f21 Merge pull request #1584 from mischief/journal-remote-no-gnutls
build: install journal-remote units and directory regardless of GNUTLS
2015-10-19 19:16:15 +02:00
Kay Sievers
29a3f0d4c5 Revert "units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled"
This reverts commit 409c2a13fd.

It breaks the bootup of systems which enable smack at compile time, but have no
smack enabled in the kernel. This needs a different solution.
2015-10-18 12:21:21 +02:00
Nick Owens
08b62a9a13 build: install journal-remote units and directory regardless of GNUTLS 2015-10-15 16:24:47 -07:00
Lennart Poettering
2ac3f19a51 Merge pull request #1572 from again4you/devel/tmp-smack
units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
2015-10-15 13:09:57 +02:00
Sangjung Woo
409c2a13fd units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
2015-10-15 14:02:44 +09:00
Lennart Poettering
6777e2ad72 Merge pull request #1562 from michich/overlinking
build: fix overlinking
2015-10-14 17:29:24 +02:00
Michal Schmidt
e97379dea2 build: libdl is needed only for libnss_resolve
Not everything needs to link to libdl. dlopen+dlsym are used only by
libnss_resolve.
2015-10-14 14:49:18 +02:00
Martin Pitt
1d3f8fa747 keymap: Drop keyboard-keys-to-name.h
We don't use that anywhere any more. With the introduction of alias names it
also is not a proper mapping any more as several keys (e. g. KEY_COFFEE and
KEY_SCREENLOCK) have the same numerical mapping.
2015-10-14 07:15:58 +02:00
Martin Pitt
4c14822029 keymap: Recognize KEY_* aliases
linux/input.h contains alias definitions like

  #define KEY_COFFEE              152
  #define KEY_SCREENLOCK          KEY_COFFEE
  #define KEY_ROTATE_DISPLAY      153
  #define KEY_DIRECTION           KEY_ROTATE_DISPLAY

But we ignored these when building keyboard-keys-list.txt. Also allow the value
to start with "K" now (for KEY_*), and drop the hardcoded COFFEE →  SCREENLOCK
aliasing.

This fixes assignments to key "direction".

Fixes #1151
2015-10-14 07:15:54 +02:00
Lennart Poettering
c379f143a5 build-sys: bump library version 2015-10-07 17:06:22 +02:00
Tom Gundersen
a245d90a89 test: siphash24 - add regression test 2015-10-05 17:33:58 +02:00
Lennart Poettering
d35c1bb1f4 rfkill: rework and make it listen on /dev/rfkill
With this rework we introduce systemd-rfkill.service as singleton that
is activated via systemd-rfkill.socket that listens on /dev/rfkill. That
way, we get notified each time a new rfkill device shows up or changes
state, in which case we restore and save its current setting to disk.

This is nicer than the previous logic, as this means we save/restore
state even of rfkill devices that are around only intermittently, and
save/restore the state even if the system is shutdown abruptly instead
of cleanly.

This implements what I suggested in #1019 and obsoletes it.
2015-10-01 16:21:09 +02:00
Lennart Poettering
618234a525 basic: split out cpu set specific APIs into cpu-set-util.[ch] 2015-09-30 22:26:16 +02:00
Lennart Poettering
4a9b1dd4ad machine-id-commit: merge machine-id-commit functionality into machine-id-setup
And remove machine-id-commit as separate binary.

There's really no point in keeping this separate, as the sources are
pretty much identical, and have pretty identical interfaces. Let's unify
this in one binary.

Given that machine-id-commit was a private binary of systemd (shipped in
/usr/lib/) removing the tool is not an API break.

While we are at it, improve the documentation of the command substantially.
2015-09-29 21:55:51 +02:00
Hendrik Brueckner
7517f51ef9 s390: add personality support
Introduce personality support for Linux on z Systems to run
particular services with a 64-bit or 31-bit personality.
2015-09-24 13:03:18 +02:00
Kay Sievers
a13cff19ce pam: systemd-user - call selinux module
https://bugzilla.redhat.com/show_bug.cgi?id=1262933
2015-09-22 17:54:13 +02:00
Lennart Poettering
85fade1edb Merge pull request #986 from karelzak/monitor
mount: use libmount to monitor mountinfo & utab
2015-09-22 14:31:58 +02:00
Alban Crequy
287419c119 containers: systemd exits with non-zero code
When a systemd service running in a container exits with a non-zero
code, it can be useful to terminate the container immediately and get
the exit code back to the host, when systemd-nspawn returns. This was
not possible to do. This patch adds the following to make it possible:

- Add a read-only "ExitCode" property on PID 1's "Manager" bus object.
  By default, it is 0 so the behaviour stays the same as previously.
- Add a method "SetExitCode" on the same object. The method fails when
  called on baremetal: it is only allowed in containers or in user
  session.
- Add support in systemctl to call "systemctl exit 42". It reuses the
  existing code for user session.
- Add exit.target and systemd-exit.service to the system instance.
- Change main() to actually call systemd-shutdown to exit() with the
  correct value.
- Add verb 'exit' in systemd-shutdown with parameter --exit-code
- Update systemctl manpage.

I used the following to test it:

| $ sudo rkt --debug --insecure-skip-verify run \
|            --mds-register=false --local docker://busybox \
|            --exec=/bin/chroot -- /proc/1/root \
|            systemctl --force exit 42
| ...
| Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42.
| $ echo $?
| 42

Fixes https://github.com/systemd/systemd/issues/1290
2015-09-21 17:32:45 +02:00
Tom Gundersen
7b713b81c2 sd-ipv4{acd,ll}: add simple test programs
These programs should be run manually, typically two instances on a
veth pair to check conflict detection.

Both test programs take the ifname as input, the ACD also takes the
IP address to check, whereas LL (optionally) takes the seed, which
determines the sequence of IP addresses to try.
2015-09-18 15:14:43 +02:00
Tom Gundersen
e3dca0089b sd-ipv4acd: introduce new library split out from sd-ipv4ll
This splits the Address Conflict Detection out of the Link Local
library so that we can reuse it for DHCP and static addresses in
the future.

Implements RFC5227.
2015-09-18 15:14:43 +02:00
Tom Gundersen
996d16975b sd-ipv4ll: filter out unwanted ARP packets in the kernel
We currently process every ARP packet, but we should only care about the ones
relating to our IP address.

Also rename ipv4ll helpers to apr-utils.[ch], and rework the helpers a bit.
2015-09-18 15:14:42 +02:00
Karel Zak
d379d44255 mount: use libmount to monitor mountinfo & utab
The current implementation directly monitor /proc/self/mountinfo and
/run/mount/utab files. It's really not optimal because utab file is
private libmount stuff without any official guaranteed semantic.

The libmount since v2.26 provides API to monitor mount kernel &
userspace changes and since v2.27 the monitor is usable for
non-root users too.

This patch replaces the current implementation with libmount based
solution.

Signed-off-by: Karel Zak <kzak@redhat.com>
2015-09-14 09:12:31 +02:00
Lennart Poettering
afc966e288 util: remove ring.[ch] + pty.[ch] and tests
This was used by consoled, which was removed, let's remove this too now.
2015-09-11 18:28:29 +02:00
Lennart Poettering
1d1423257a Makefile: fix gardel target 2015-09-09 23:05:46 +02:00
David Herrmann
23d08d1b2b build: prepare for v226
Bump version info and update NEWS for the upcoming release.
2015-09-08 13:31:57 +02:00
Lennart Poettering
2b5c04d59c nspawn: remove nspawn.h, it's empty now 2015-09-07 18:47:34 +02:00
Lennart Poettering
ee64508006 nspawn: split out --uid= logic into nspawn-setuid.[ch] 2015-09-07 18:44:31 +02:00
Lennart Poettering
b7103bc5f4 nspawn: split out machined registration code to nspawn-register.[ch] 2015-09-07 18:44:31 +02:00