| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
socket (#6508)"
This reverts commit d2a1ba103b4ea22764953d795c36db3d492d50c9.
|
| |
|
|
| |
This reverts commit 582faeb461aa0dd01b55bf6c9b1433532fc927d3.
|
| |
|
|
|
| |
(#6508)
It fails to start in an unprivileged container as audit is not namespace aware.
|
| | |
|
| |
|
|
|
|
|
| |
This work allows to configure address Scope to
host | link | global or a number.
Closes #6446
|
| |\
| |
| | |
Rename "gateway" to "_gateway" and other resolved changes
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This changes the symbolic name for the default gateway from "gateway" to
"_gateway". A new configuration option -Dcompat-gateway-hostname=true|false
is added. If it is set, the old name is also supported, but the new name
is used as the canonical name in either case. This is intended as a temporary
measure to make the transition easier, and the option should be removed
after a few releases, at which point only the new name will be used.
The old "gateway" name mostly works OK, but hasn't gained widespread acceptance
because of the following (potential) conflicts:
- it is completely legal to have a host called "gateway"
- there is no guarantee that "gateway" will not be registered as a TLD, even
though this currently seems unlikely. (Even then, there would be no
conflict except for the case when the top-level domain itself was being resolved.
The "gateway" or "_gateway" labels have only special meaning when the
whole name consists of a single label, so resolution of any subdomain
of the hypothetical gateway. TLD would still work OK. )
Moving to "_gateway" avoids those issues because underscores are not allowed
in host names (RFC 1123, §2.1) and avoids potential conflicts with local or
global names.
v2:
- simplify the logic to hardcode "_gateway" and allow
-Dcompat-gateway-hostname=true as a temporary measure.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While working on the gateway→_gateway conversion, I noticed that
libidn2 strips the leading underscore in some names.
https://gitlab.com/libidn/libidn2/issues/30 was resolved in
https://gitlab.com/libidn/libidn2/commit/05d753ea69e2308cd02436d0511f4b844071dc79,
which disabled "STD3 ASCII rules" by default, i.e. disabled stripping
of underscores. So the situation is that with previously released libidn2
versions we would get incorrect behaviour, and once new libidn2 is released,
we should be OK.
Let's implement a simple test which checks that the name survives the
roundtrip, and if it doesn't, skip IDN resolution. Under old libidn2 this will
fail in more cases, and under new libidn2 in fewer, but should be the right
thing to do also under new libidn2.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
/sys is not guaranteed to exist when a new mount namespace is created.
It is only mounted under conditions specified by
`namespace_info_mount_apivfs`.
Checking if the three available MAC LSMs are enabled requires a sysfs
mounted at /sys, so the checks are moved to before a new mount ns is
created.
|
| |\ \
| | |
| | | |
add limited metadata caching to journald and other journal improvements
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Cache client metadata, in order to be improve runtime behaviour under
pressure.
This is inspired by @vcaputo's work, specifically:
https://github.com/systemd/systemd/pull/2280
That code implements related but different semantics.
For a longer explanation what this change implements please have a look
at the long source comment this patch adds to journald-context.c.
After this commit:
# time bash -c 'dd bs=$((1024*1024)) count=$((1*1024)) if=/dev/urandom | systemd-cat'
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 11.2783 s, 95.2 MB/s
real 0m11.283s
user 0m0.007s
sys 0m6.216s
Before this commit:
# time bash -c 'dd bs=$((1024*1024)) count=$((1*1024)) if=/dev/urandom | systemd-cat'
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 52.0788 s, 20.6 MB/s
real 0m52.099s
user 0m0.014s
sys 0m7.170s
As side effect, this corrects the journal's rate limiter feature: we now
always use the unit name as key for the ratelimiter.
|
| | | |
| | |
| | |
| | |
| | | |
There's no reason to determine the full length of the string, it's
sufficient to know whether it is larger than the intended size...
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
These are similar to memdup() and newdup(), but reserve one extra NUL
byte at the end of the new allocation and initialize it. It's useful
when copying out data from fixed size character arrays where NUL
termination can't be assumed.
|
| | | |
| | |
| | |
| | |
| | | |
strlen_ptr() is to strlen() what streq_ptr() is to streq(): i.e. it
handles NULL strings in a smart way.
|
| | | |
| | |
| | |
| | | |
When we are checking our own data, we can optimize things a bit.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's be a bit stricter in what we end up logging: ignore invalid unit
name specifications. Let's validate all input!
As we ignore unit names passed in from unprivileged clients anyway the
effect of this additional check is minimal.
(Also, no need to initialize the identifier/unit_id fields of stream
objects to NULL if empty strings are passed, the default is NULL
anyway...)
|
| | | |
| | |
| | |
| | | |
This is not obvious, hence let's add a comment.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we create a log stream connection to journald, we pass along the
unit ID. With this change we do this only when we run as system
instance, not as user instance, to remove the ambiguity whether a user
or system unit is specified. The effect of this change is minor:
journald ignores the field anyway from clients with UID != 0. This patch
hence only fixes the unit attribution for the --user instance of the
root user.
|
| | | |
| | |
| | |
| | | |
Let's simplify some lines to make it shorter.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Checking for validity of a PID is relatively easy, but let's add a
helper cal for this too, in order to make things more readable and more
similar to uid_is_valid(), gid_is_valid() and friends.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's add a proper validation function, since validation isn't entirely
trivial. Make use of it where applicable. Also make use of
AUDIT_SESSION_INVALID where we need a marker for an invalid audit
session.
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
The long man page paragraph got it right: the tool is for escaping systemd unit
names, not just system unit names. Also fix the short man page paragraph
and the --help text.
Follow-up for 303608c1bcf9568371625fbbd9442946cadba422
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a service unit uses "ProtectKernelTunables=yes", it currently
remounts /sys/fs/selinux read-only. This makes libselinux report SELinux
state as "disabled", because most SELinux features are not usable. For
example it is not possible to validate security contexts (with
security_check_context_raw() or /sys/fs/selinux/context). This behavior
of libselinux has been described in
http://danwalsh.livejournal.com/73099.html and confirmed in a recent
email, https://marc.info/?l=selinux&m=149220233032594&w=2 .
Since commit 0c28d51ac849 ("units: further lock down our long-running
services"), systemd-localed unit uses ProtectKernelTunables=yes.
Nevertheless this service needs to use libselinux API in order to create
/etc/vconsole.conf, /etc/locale.conf... with the right SELinux contexts.
This is broken when /sys/fs/selinux is mounted read-only in the mount
namespace of the service.
Make SELinux-aware systemd services work again when they are using
ProtectKernelTunables=yes by keeping selinuxfs mounted read-write.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mount_load does not require fragment files to be present in order to
load mount units which are perpetual, or come from /proc/self/mountinfo.
mount_verify should do the same, otherwise a synthesized '-.mount' would
be marked as failed with "No such file or directory", as it is perpetual
but not marked to come from /proc/self/mountinfo at this point.
This happens for the user instance, and I suspect it was the cause of #5375
for the system instance, without gpt-generator.
|
| |\ \
| | |
| | | |
Some journal-gateway and journal-remote related fixes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
is deprecated
The option MHD_OPTION_STRICT_FOR_CLIENT is provided since libmicrohttpd-0.9.54, and
MHD_USE_PEDANTIC_CHECKS will be deprecated in future.
This makes support both option.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The option MHD_USE_THREAD_PER_CONNECTION requires MHD_USE_POLL_INTERNAL_THREAD
since libmicrohttpd-0.9.53.
If MHD_USE_POLL is used instead of MHD_USE_POLL_INTERNAL_THREAD, then
the library outputs the following warning:
```
Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with
MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added.
Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
```
The option MHD_USE_POLL_INTERNAL_THREAD is defined as
`MHD_USE_POLL_INTERNAL_THREAD = MHD_USE_POLL | MHD_USE_INTERNAL_POLLING_THREAD,`
So, let's use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL.
|
| | | |
| | |
| | |
| | | |
The option is renamed in libmicrohttpd-0.9.52.
|
| | | |
| | |
| | |
| | | |
systemd-journal-gateway from sysusers
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Comparing udev_device_get_sysname(device) and sysname will always return
true. We need to check the device received from udev monitor instead.
Also, fd_wait_for_event() sometimes never exits. Better set a timeout
here.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
logic here now matches this change.
Fixes #6381
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We just abort startup, without printing any error. Make sure we always
print something, and when we cannot deserialize some unit, just ignore it and
continue.
Fixup for 4bc5d27b942afa83cc3d95debd2ad48d42ac07a8. Without this, we would hang
in daemon-reexec after upgrade.
|
| |\ \ \
| | | |
| | | | |
Some small man page fixes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
rescue.target does not work well, and we don't have a suitable emergency
shell unit that can be started on existing systems right now. So let's just
remove the recommendation for now.
Fixes #6451.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Going through logind and systemd allows polkit to be used,
the job mode will be set properly, and is generally easier
to get correct.
Fixes #6452.
|
| | | | |
| | | |
| | | |
| | | | |
Fixes #6455.
|
| |\ \ \ \
| | | | |
| | | | | |
Make tests faster by default
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With previous commits, test-daemon is one of the slowest tests.
Under normal circumstances, the notifications go nowhere anyway,
because the test process does not have privileges.
The timeout can be specified as an argument. This is useful to
e.g. test handling of the notifications, which is much easier
with a longer timeout.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We want to test the edge cases, but testing all the values in between
is mostly pointless and slow on slow architectures (>1s on rpi).
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also, if we fail to set the watchdog, run through the rest of the test
without waiting. I think it's useful to still start the commands to
test the error paths, but we can do it quickly.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
test-hashmap is a very good test, but it gets in the way when one wants to
compile and quickly test changes.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is just the meson part, no functional change.
Use meson -D slow-tests=yes to set the default,
or SYSTEMD_SLOW_TESTS=yes build/test-foobar for just one test.
Setting the default is more useful for installed tests.
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Meson options fix
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Those line are long enough to wrap around a few times, and they are
much more legible with some whitespace.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The default should be 'auto', and we allow 'true'
and 'false' too.
Fixes #6445.
|
