summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge pull request #8104 from keszybz/tmpfiles-allow-overridesLennart Poettering2018-02-076-52/+158
|\ \ \ | |_|/ |/| | tmpfiles allow overrides
| * | rpm macros: add %tmpfiles_create_packageZbigniew Jędrzejewski-Szmek2018-02-051-7/+24
| | | | | | | | | | | | | | | | | | | | | I expect that this will be mostly obsoleted by transfiletriggers that (I hope) we will soon add. But let's do this for completeness anyway. I'm keeping the description of the macro a bit vague, since I expect that it'll be changed when transfiletriggers are added.
| * | tmpfiles: allow admin/runtime overrides to runtime configZbigniew Jędrzejewski-Szmek2018-02-055-45/+134
| | | | | | | | | | | | | | | This is very similar to d16a1c1bb6. For tmpfiles this is much less useful compared to sysusers, but let's add this anyway for consistency.
* | | process-util: use raw_getpid() in getpid_cache() internally (#8115)Lennart Poettering2018-02-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | We have the raw_getpid() definition in place anyway, and it's certainly beneficial to expose the same semantics on pre glibc 2.24 and after it too, hence always bypass glibc for this, and always cache things on our side. Fixes: #8113
* | | core: Avoid empty directory warning when we are bind-mounting a file (#8069)Andrei Gherzan2018-02-061-1/+1
| | |
* | | Merge pull request #8044 from yuwata/fix-7790Zbigniew Jędrzejewski-Szmek2018-02-0610-210/+425
|\ \ \ | | | | | | | | core: make ExecRuntime be manager managed object
| * | | core/execute: make arguments constant if possibleYu Watanabe2018-02-063-42/+41
| | | | | | | | | | | | | | | | Also make functions static if possible.
| * | | core: make ExecRuntime be manager managed objectYu Watanabe2018-02-069-168/+384
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this, each ExecRuntime object is owned by a unit. However, it may be shared with other units which enable JoinsNamespaceOf=. Thus, by the serialization/deserialization process, its sharing information, more specifically, reference counter is lost, and causes issue #7790. This makes ExecRuntime objects be managed by manager, and changes the serialization/deserialization process. Fixes #7790.
* | | | Merge pull request #8107 from sourcejedi/pedantZbigniew Jędrzejewski-Szmek2018-02-064-23/+40
|\ \ \ \ | | | | | | | | | | core: a couple of tidyups to synthesized units
| * | | | slice: system.slice should be perpetual like -.mountAlan Jenkins2018-02-043-19/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `-.mount` is placed in `system.slice`, and hence depends on it. `-.mount` is always active and can never be stopped. Therefore the same should be true of `system.slice`. Synthesize it as perpetual (unless systemd is running as a user manager). Notice we also drop `Before=slices.target` as unnecessary. AFAICS the justification for `perpetual` is to provide extra protection against unintentionally stopping every single service. So adding system.slice to the perpetual units is perfectly consistent. I don't expect this will (or can) fix any other problem. And the `perpetual` protection probably isn't formal enough to spend much time thinking about. I've just noticed this a couple of times, as something that looks strange. Might be a bit surprising that we have user.slice on-disk but not system.slice, but I think it's ok. `systemctl status system.slice` will still point you towards `man systemd.special`. The only detail is that the system slice disables `DefaultDependencies`. If you're worrying about how system shutdown works when you read `man systemd.slice`, I think it is not too hard to guess that system.slice might do this: > Only slice units involved with early boot > or late system shutdown should disable this option (Docs are great. I really appreciate the systemd ones).
| * | | | slice, scope: IgnoreOnIsolate=yes is already the defaultAlan Jenkins2018-02-042-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `IgnoreOnIsolate=yes` is the default for slices and scopes. So it's not essential to set it on root.slice or init.scope. We don't need to worry about a bad unit file configuration. Any attempt to stop these unit should fail, since we mark them as `perpetual`. Also since init.scope cannot be stopped, there is no point setting `KillSignal=SIGRTMIN+14`. According to both documentation and testing, KillSignal= does not affect the behaviour of `systemctl kill`.
* | | | | Add more file triggers to handle more aspects of systemd (#8090)Neal Gompa (ニール・ゴンパ)2018-02-062-9/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For quite a while now, there have been file triggers to handle automatically setting up service units in upstream systemd. However, most of the actions being done by these macros upon files can be set up as RPM file triggers. In fact, in Mageia, we had been doing this for most of these. In particular, we have file triggers in place for sysusers, tmpfiles, hwdb, and the journal. This change adds Lua versions of the original file triggers used in Mageia, based on the existing Lua-based file triggers for service units. In addition, we can also have useful file triggers for udev rules, sysctl directives, and binfmt directives. These are based on the other existing file triggers.
* | | | | Merge pull request #8112 from yuwata/gcc-warningZbigniew Jędrzejewski-Szmek2018-02-062-1/+3
|\ \ \ \ \ | |_|/ / / |/| | | | Fix gcc warnings
| * | | | nss-mymachines: add work-around to silence gcc warningYu Watanabe2018-02-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is similar to 3c3d384ae93700ef08545b078c37065fdb98eee7 and a workaround for the following warning. ``` In file included from ../src/basic/in-addr-util.h:28, from ../src/nss-mymachines/nss-mymachines.c:31: ../src/nss-mymachines/nss-mymachines.c: In function '_nss_mymachines_getgrnam_r': ../src/nss-mymachines/nss-mymachines.c:653:32: warning: argument to 'sizeof' in 'memset' call is the same pointer type 'char *' as the destination; expected 'char' or an explicit length [-Wsizeof-pointer-memaccess] memzero(buffer, sizeof(char*)); ^~~~ ../src/basic/util.h:118:39: note: in definition of macro 'memzero' #define memzero(x,l) (memset((x), 0, (l))) ^ ../src/nss-mymachines/nss-mymachines.c: In function '_nss_mymachines_getgrgid_r': ../src/nss-mymachines/nss-mymachines.c:730:32: warning: argument to 'sizeof' in 'memset' call is the same pointer type 'char *' as the destination; expected 'char' or an explicit length [-Wsizeof-pointer-memaccess] memzero(buffer, sizeof(char*)); ^~~~ ../src/basic/util.h:118:39: note: in definition of macro 'memzero' #define memzero(x,l) (memset((x), 0, (l))) ^ ```
| * | | | networkd: fix dhcp6_prefixes_compare_func()Yu Watanabe2018-02-061-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Found by the following warning by gcc. ``` ../src/network/networkd-manager.c: In function 'dhcp6_prefixes_compare_func': ../src/network/networkd-manager.c:1383:16: warning: 'memcmp' reading 16 bytes from a region of size 8 [-Wstringop-overflow=] return memcmp(&a, &b, sizeof(*a)); ^ ```
* | | | Merge pull request #8101 from keszybz/two-gcc-workaroundsLennart Poettering2018-02-053-2/+12
|\ \ \ \ | | | | | | | | | | Two gcc workarounds
| * | | | nss-systemd: add work-around to silence gcc warningZbigniew Jędrzejewski-Szmek2018-02-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In file included from ../src/basic/fs-util.h:32, from ../src/nss-systemd/nss-systemd.c:28: ../src/nss-systemd/nss-systemd.c: In function '_nss_systemd_getgrnam_r': ../src/nss-systemd/nss-systemd.c:416:32: warning: argument to 'sizeof' in 'memset' call is the same pointer type 'char *' as the destination; expected 'char' or an explicit length [-Wsizeof-pointer-memaccess] memzero(buffer, sizeof(char*)); ^~~~ ../src/basic/util.h:118:39: note: in definition of macro 'memzero' #define memzero(x,l) (memset((x), 0, (l))) ^ gcc is trying to be helpful, and it's not far from being right. It _looks_ like sizeof(char*) is an error, but in this case we're really leaving a space empty for a pointer, and our calculation is correct. Since this is a short file, let's just use simplest option and turn off the warning above the two functions that trigger it.
| * | | | basic/glob-util: add closedir wrapper to silence gccZbigniew Jędrzejewski-Szmek2018-02-052-2/+10
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | ../src/test/test-glob-util.c: In function 'test_glob_no_dot': ../src/test/test-glob-util.c:61:32: warning: cast between incompatible function types from 'int (*)(DIR *)' {aka 'int (*)(struct __dirstream *)'} to 'void (*)(void *)' [-Wcast-function-type] .gl_closedir = (void (*)(void *)) closedir, ^
* | | | journal: include kmsg lines from the systemd process which exec()d us (#8078)Alan Jenkins2018-02-051-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let the journal capture messages emitted by systemd, before it ran exec("/usr/lib/systemd/systemd-journald"). Usually such messages will only appear with `systemd.log_level=debug`. kmsg lines written after the exec() will be ignored as before. In other words, we are avoiding reading our own lines, which start "systemd-journald[100]: " assuming we are PID 100. But now we will start allowing ourself to read lines which start "systemd[100]: ", or any other prefix which is not "systemd-journald[100]: ". So this can't help you see messages when we fail to exec() journald :). But, it makes it easier to see what the pre-exec() messages look like in the successful case. Comparing messages like this can be useful when debugging. Noticing weird omissions of messages, otoh, makes me anxious.
* | | | hwdb: fix mute microphone button on TravelMate P645-S (#8105)CuBiC2018-02-051-1/+2
| | | |
* | | | Merge pull request #8077 from sourcejedi/seccomp_cosmeticLennart Poettering2018-02-052-9/+29
|\ \ \ \ | | | | | | | | | | seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)
| * | | | seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)Alan Jenkins2018-02-022-9/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The VDSO provided by the kernel for x32, uses x86-64 syscalls instead of x32 ones. I think we can safely allow this; the set of x86-64 syscalls should be very similar to the x32 ones. The real point is not to allow *x86* syscalls, because some of those are inconveniently multiplexed and we're apparently not able to block the specific actions we want to.
* | | | | Merge pull request #8100 from keszybz/free-gcrypt-contextLennart Poettering2018-02-055-39/+63
|\ \ \ \ \ | | | | | | | | | | | | Free gcrypt contexts properly
| * | | | | resolved: use _cleanup_ in one more placeZbigniew Jędrzejewski-Szmek2018-02-051-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | No functional change.
| * | | | | resolved: fix memleak of gcrypt context on errorZbigniew Jędrzejewski-Szmek2018-02-051-28/+13
| | | | | | | | | | | | | | | | | | | | | | | | Bug found by Stef Bon <stefbon@gmail.com>. Thanks!
| * | | | | gcrypt-util: fix memleakZbigniew Jędrzejewski-Szmek2018-02-052-1/+7
| | | | | |
| * | | | | test: add a simple smoke test for string_hashsum()Zbigniew Jędrzejewski-Szmek2018-02-052-0/+39
| | |/ / / | |/| | | | | | | | | | | | | This is enough to show memory leakages pointed out by Stef Bon <stefbon@gmail.com>.
* | | | | hwdb: added Cube i7 Book rotation info (#8103)Olof Mogren2018-02-051-0/+4
|/ / / /
* | | | Merge pull request #8058 from keszybz/sysusers-inlineYu Watanabe2018-02-0517-123/+480
|\ \ \ \ | | | | | | | | | | Extend sysusers for package installation scripts
| * | | | sysusers: use the usual comment styleZbigniew Jędrzejewski-Szmek2018-02-021-2/+5
| | | | |
| * | | | rpm macros: add %sysusers_create_packageZbigniew Jędrzejewski-Szmek2018-02-021-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is close to %sysusers_create_inline and %sysusers_create that we had already, but expects a file name and uses --replace= to implement proper priority. This is used like: %sysusers_create_package %{name} %SOURCE1 where %SOURCE1 is a file with called %{name}.conf that will be installed into /usr/lib/sysusers.d/. The tough part is that the file needs to be available before %prep, i.e. outside of the source tarball. This is because the spec file is parsed (and any macros expanded), before the sources are unpackaged. v2: - disallow the case case when --config-name= is given but there are no positional args. Most likely this would be a user error, so at least for now forbid it. v3: - replace --config-name= with --target= - drop quotes around %1 and %2 — if necessary, the caller should add those. v4: - replace --target with --replace - add a big comment
| * | | | test/TEST-21-SYSUSERS: add tests for new functionalityZbigniew Jędrzejewski-Szmek2018-02-026-14/+81
| | | | |
| * | | | sysusers: allow admin/runtime overrides to command-line configZbigniew Jędrzejewski-Szmek2018-02-024-38/+200
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
| * | | | basic/strv: add function to insert items at positionZbigniew Jędrzejewski-Szmek2018-02-023-4/+43
| | | | |
| * | | | sysusers: allow the shell to be specifiedZbigniew Jędrzejewski-Szmek2018-02-024-64/+111
| | | | | | | | | | | | | | | | | | | | | | | | | This is necessary for some system users where the "login shell" is set to a specific binary.
| * | | | sysusers: take configuration as positional argumentsZbigniew Jędrzejewski-Szmek2018-02-022-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
| * | | | sysusers: emit a bit more info at debug level when locking failsZbigniew Jędrzejewski-Szmek2018-02-023-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first error message when running unprivileged, and the message is unspecific, so let's at least add some logging at debug level to make this less confusing.
* | | | | man: document meaning of age in tmpfiles.d (#8092)Lucas Werkmeister2018-02-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This documents how the age of a file is determined, which previously was only alluded to in other parts of the documentation. Fixes #8091. The phrasings of “last modification timestamp” etc. are taken from man:inode(7) (as of man-pages 4.14). The debug messages in tmpfiles.c use different messages (“modify time”), which according to a code comment follow man:stat(1); however, my copy of that manpage (from GNU coreutils 8.29) documents %y as “time of last data modification” instead.
* | | | | Merge pull request #8065 from yuwata/fix-8064Zbigniew Jędrzejewski-Szmek2018-02-051-8/+28
|\ \ \ \ \ | | | | | | | | | | | | systemctl: update 'show' command formats
| * | | | | systemctl: show: use EnvironmentFiles= instead of EnvironmentFile=Yu Watanabe2018-02-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | EnvironmentFile= is used in the unit file, but in the dbus, the related field name is EnvironmentFiles=. As the other variables, let's use the field name instead of the name used in the unit file setting.
| * | | | | systemctl: update 'show' format for path unitsYu Watanabe2018-02-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this. ``` $ systemctl show cups.path | grep ^Path PathExistsGlob=/var/spool/cups/d* $ systemctl show --property PathExistsGlob cups.path $ systemctl show --property Paths cups.path PathExistsGlob=/var/spool/cups/d* ``` After this. ``` $ systemctl show cups.path | grep ^Path Paths=/var/spool/cups/d* (PathExistsGlob) $ systemctl show --property Paths cups.path Paths=/var/spool/cups/d* (PathExistsGlob) ```
| * | | | | systemctl: update 'show' format for socket unitsYu Watanabe2018-02-051-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this. ``` $ systemctl show systemd-journald.socket | grep Listen ListenStream=/run/systemd/journal/stdout ListenDatagram=/run/systemd/journal/socket $ systemctl show --property ListenStream systemd-journald.socket $ systemctl show --property ListenDatagram systemd-journald.socket $ systemctl show --property Listen systemd-journald.socket ListenStream=/run/systemd/journal/stdout ListenDatagram=/run/systemd/journal/socket ``` After this. ``` $ systemctl show systemd-journald.socket | grep Listen Listen=/run/systemd/journal/stdout (Stream) Listen=/run/systemd/journal/socket (Datagram) $ systemctl show --property Listen systemd-journald.socket ListenStream=/run/systemd/journal/stdout ListenDatagram=/run/systemd/journal/socket ``` Fixes #8064.
| * | | | | systemctl: show Timers{Monotonic,Calendar}=Yu Watanabe2018-02-051-2/+25
| | | | | |
* | | | | | test: sort imports and use "new" string formattingBatuhan Osman Taşkaya2018-02-052-44/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followed PEP8 and PEP3101 rules (#8079) Imports re-ordered by Alphabetical Standarts for following PEP8 Old type string formattings (" example %s " % exampleVar ) re-writed as new type string formattings ( " example {} ".format(exampleVar) ) for following PEP3101
* | | | | | kernel 3.10 compat: RTAX_QUICKACK not added until 3.11.0 (#8094)MilhouseVH2018-02-051-0/+4
| | | | | |
* | | | | | Merge pull request #8073 from keszybz/two-fixesYu Watanabe2018-02-032-8/+7
|\ \ \ \ \ \ | | | | | | | | | | | | | | Two fixes
| * | | | | | man: fix awkward sentence in systemd-analyze(8)Zbigniew Jędrzejewski-Szmek2018-02-021-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #8070.
| * | | | | | basic/hashmap: tweak code to avoid pointless gcc warningZbigniew Jędrzejewski-Szmek2018-02-021-5/+5
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gcc says: [196/1142] Compiling C object 'src/basic/basic@sta/hashmap.c.o'. ../src/basic/hashmap.c: In function ‘cachemem_maintain’: ../src/basic/hashmap.c:1913:17: warning: suggest parentheses around assignment used as truth value [-Wparentheses] mem->active = r = true; ^~~ which conflates two things: the first is transitive assignent a = b = c = d; the second is assignment of the value of an expression, which happens to be a an assignment expression here, and boolean. While the second _should_ be parenthesized, the first should _not_, and it's more natural to understand our code as the first, and gcc should treat this as an exception and not emit the warning. But since it's a while until this will be fixed, let's update our code too.
* | | | | | socket-util: fix getpeergroups() assert(fd) (#8080)Vito Caputo2018-02-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't assert on zero-value fds. Fixes #8075.
* | | | | | Merge pull request #8041 from zx2c4-forks/jd/doc-fixupsZbigniew Jędrzejewski-Szmek2018-02-021-3/+9
|\ \ \ \ \ \ | | | | | | | | | | | | | | WireGuard documentation fixes