| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Journald disk usage
|
| | |
| |
| |
| |
| | |
v2:
- use xsprintf
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The format of the journald disk usage log entry was changed back and
forth a few times. It is annoying to have a very verbose message, but
if it is short it is hard to understand. But we have a tool for this,
the catalogue.
$ journalctl -x -u systemd-journald
Jan 23 18:48:50 rawhide systemd-journald[891]: Runtime journal (/run/log/journal/) is 8.0M, max 196.2M, 188.2M free.
-- Subject: Disk space used by the journal
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Runtime journal (/run/log/journal/) is currently using 8.0M.
-- Maximum allowed usage is set to 196.2M.
-- Leaving at least 294.3M free (of currently available 1.9G of disk space).
-- Enforced usage limit is thus 196.2M, of which 188.2M are still available.
--
-- The limits controlling how much disk space is used by the journal may
-- be configured with SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=,
-- RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize= settings in
-- /etc/systemd/journald.conf. See journald.conf(5) for details.
Jan 23 18:48:50 rawhide systemd-journald[891]: System journal (/var/log/journal/) is 480.1M, max 1.6G, 1.2G free.
-- Subject: Disk space used by the journal
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- System journal (/var/log/journal/) is currently using 480.1M.
-- Maximum allowed usage is set to 1.6G.
-- Leaving at least 2.5G free (of currently available 5.8G of disk space).
-- Enforced usage limit is thus 1.6G, of which 1.2G are still available.
--
-- The limits controlling how much disk space is used by the journal may
-- be configured with SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=,
-- RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize= settings in
-- /etc/systemd/journald.conf. See journald.conf(5) for details.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The code to format the iovec is shared with log.c. All call sites to
server_driver_message are changed to include the additional "MESSAGE="
part, but the new functionality is not used and change in functionality
is not expected.
iovec is preallocated, so the maximum number of messages is limited.
In server_driver_message N_IOVEC_PAYLOAD_FIELDS is currently set to 1.
New code is not oom safe, it will fail if memory cannot be allocated.
This will be fixed in subsequent commit.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This should most likely be implemented as part of journal-netlogd
(https://github.com/systemd/systemd/pull/1890), which it seems
is not going to be merged.
systemctl edit was mentioned twice.
|
| |\ \
| | |
| | | |
logind: update documentation for cf7d1a30e44
|
| |/ / |
|
| |\ \
| | |
| | | |
Man pages
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have 126 broken links to sd-bus.html, it's nice to fix that.
Current version is mostly a stub, with a long list of links to other
pages. I think that's fine, especially that sd-bus might evolve
quite a bit before it is made public.
Not all of linked pages are written. Still missing:
sd_bus_can_send
sd_bus_get_name_creds
sd_bus_get_owner_creds
sd_bus_message_can_send
sd_bus_message_get_creds
sd_bus_message_set_allow_interactive_authorization
sd_bus_send
sd_bus_set_address
sd_bus_set_description
sd_bus_start
sd_event_set_prepare
sd-device
systemd.busname
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Noticed in pull request #2067.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit ab6f56debf made the change to allow building man pages even when disabled
with ./configure --disable-manpages. This works fine, as long as xsltproc is
present. If xsltproc is not present, the command to build a man page (obviously)
fails. Unfortnately it fails with a cryptic message '-o not found', because
$(XSLTPROC) is empty. Add a fallback, to use 'xsltproc' is $(XSLTPROC) is not
defined. This way we get a nice message:
make: xsltproc: Command not found
|
| |\ \ \
| |/ /
|/| | |
tests: add setup_selinux
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* pam_unix depends on unix_chkpwd
* selinux=1 -> pam_unix runs unix_chkpwd for root too
https://git.fedorahosted.org/cgit/linux-pam.git/tree/modules/pam_unix/passverify.c?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79#n202
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
eightteenth dnssec patch
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Let's not accept onboard interface indexes, that are so high that they are obviously non-sensical.
Fixes: #2407
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So far, abritrary NSEC and NSEC3 RRs were implicitly consider "primary" for any transaction, meaning we'd abort the
transaction immediately if we couldn't validate it. With this patch this logic is removed, and the NSEC/NSEC3 RRs will
not be considered primary anymore. This has the effect that they will be dropped from the message if they don't
validate, but processing continues. This is safe to do, as they are required anyway to validate positive wildcard and
negative responses, and if they are missing then, then message will be considered unsigned, which hence means the
outcome is effectively the same.
This is benefical in case the server sends us NSEC/NSEC3 RRs that are not directly related to the lookup we did, but
simply auxiliary information. Previously, if we couldn't authenticate those RRs we'd fail the entire lookup while with
this change we'll simply drop the auxiliary information and proceed without it.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
authenticated
In some cases we get NSEC3 RRs that have not been authenticated (because the chain of trust to the root is somewhere
broken). We can use these for checking negative replies, as long as we don't claim they were ultimately authenticated.
This means we need to be able to deal with NSEC3 RRs that lack RRSIG metadata.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
We already properly propagate errors from transactions to queries. Make sure that errors that happened during handling
of query candidates are propagated to the query, too.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Whenever we encounter an OS error we did not expect, we so far put the transaction into DNS_TRANSACTION_RESOURCES
state. Rename this state to DNS_TRANSACTION_ERRNO, and save + propagate the actual system error to the caller. This
should make error messages triggered by system errors much more readable by the user.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Line breaks default to 119 characters for systemd sources now, configured through the .vimrc and .dir-local.el files.
However, for the catalog files we really should stick to 79 chars, as they are regularly shown on terminal screens.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
If we downgrade from DNSSEC to non-DNSSEC mode, let's log about this in a recognizable way (i.e. with a message ID),
after all, this is of major importance.
|
| | | | |
| | | |
| | | |
| | | | |
This way the difference between lookups via NSS and our native bus API should become minimal.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we synthesize A/AAAA for domains like "localhost", then make sure we generate ENODATA if the user asks for RR
types such a RP to be solved on the name. Previously, we'd pass the error back in that case that was generated from the
usual lookup procedure.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The LLMNR spec suggests to do do reverse address lookups by doing direct LLMNR/TCP connections to the indicated
address, instead of doing any LLMNR multicast queries. When we do this and the peer doesn't actually implement LLMNR
this will result in a TCP connection error, which we need to handle. In contrast to most LLMNR lookups this will give
us a quick response on whether we can find a suitable name. Report this as new transaction state, since this should
mostly be treated like an NXDOMAIN rcode, except that it's not one.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Assign errno-style errors to a variable called "r" when they happen, the same way we do this in most other calls. It's
bad enough that the error handling part of the function deals with two different error variables (pam_code and r) now,
but before this fix it was even three!
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Since we honour the edns rcode extension we need more than 4 bits to format it. To avoid further confusion, derive the
right length from the type.
|
| | | | |
| | | |
| | | |
| | | | |
Link up more stuff on the GitHub landing page.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
github links up CONTRIBUTING.md if it exists from the issue/PR filing form. Let's add one, in the hope that people have
a look before filing a PR.
|
| | | | |
| | | |
| | | |
| | | | |
Since we moved to github the commits ML is basically dead, hence don't advertise it anymore.
|
| | | | |
| | | |
| | | |
| | | | |
In the .vimrc and .dir-locals.el we suggest a line width of 119. We should recommend the same in CODING_STYLE.
|
| | | | |
| | | |
| | | |
| | | | |
Now that we count both negative and positive validation results, we shouldn't claim we just counted RRsets.
|
| | | | |
| | | |
| | | |
| | | | |
Also, don't consider RRs that aren't primary to the lookups we do as relevant to the lookups.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When using NSEC/NSEC3 RRs from the cache to derive existance of arbitrary RRs, we should not get confused by the fact
that NSEC/NSEC3 RRs exist twice at zone cuts: once in the parent zone, and once in the child zone. For most RR types we
should only consult the latter since that's where the beef is. However, for DS lookups we have to check the former.
This change makes sure we never cache NSEC/NSEC3 RRs from any parent zone of a zone-cut. It also makes sure that when
we look for a DS RR in the cache we never consider any cached NSEC RR, as those are now always from the child zone.
|
| | | | |
| | | |
| | | |
| | | | |
an invalid packet event
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We already maintain statistics about positive DNSSEC proofs, and count them up by 1 for each validated RRset. Now,
update the same counters each time we validated a negative query, so that the statistics are the combined result of all
validation checks, both positive and negative.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
match, or just a covering enclosure
If we are looking for a DS RR we need to check the NSEC3 bitmap of the parent zone's NSEC3 RR, not the one from the
child. For any other RR we need to look at the child's however, hence enforce this with the bitmaps.
Note that not coverign checks only the lower zone's NSEC3 bitmaps matter, hence the existing check is fine.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
This also links up the new manpage from systemd-resolved.service(8), and makes a couple of unrelated additions.
|
| | | | |
| | | |
| | | |
| | | | |
We configure the parameters we use for the docbook XML.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The tool resolves way more than just hosts, hence give it a more generic name. This should be safe, as the tool is
currently undocumented. Before we add documentation for it, let's get the name right.
This also moves the C source into src/resolve/ (from src/resolve-host/), since the old name is a misnomer now. Also,
since it links directly to many of the C files of resolved it really belongs into resolved's directory anyway.
|
| | | | |
| | | |
| | | |
| | | | |
DNS_ANSWER_FOREACH() can deal with NULL answers anyway, let's simplify our code here.
|
| | | | |
| | | |
| | | |
| | | | |
Also, while we are at it, set the "authenticated" bit for everything we synthesize
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
the network is down
|
| | | | |
| | | |
| | | |
| | | | |
This mimics what networkd is doing to detect a carrier.
|
