summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* core: provide /dev/ptmx as symlink in PrivateDevices= execution environmentsLennart Poettering2014-06-041-1/+4
|
* core: make sure PrivateDevices= makes /dev/log availableLennart Poettering2014-06-042-2/+6
| | | | | | | Now that we moved the actual syslog socket to /run/systemd/journal/dev-log we can actually make /dev/log a symlink to it, when PrivateDevices= is used, thus making syslog available to services using PrivateDevices=.
* journald: move /dev/log socket to /runLennart Poettering2014-06-042-2/+3
| | | | | | This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
* udev: guard REREADPT by exclusive lock instead of O_EXCLKay Sievers2014-06-041-2/+5
|
* socket: add new Symlinks= option for socket unitsLennart Poettering2014-06-046-8/+134
| | | | | | | | | | | With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
* udev: make sure we always get "change" for the diskKay Sievers2014-06-041-14/+39
| | | | | The kernel will return 0 for REREADPT when no partition table is found, we have to send out "change" ourselves.
* udev: guard REREADP logic with open(O_ECXL)Kay Sievers2014-06-041-1/+1
|
* udev: try first re-reading the partition tableKay Sievers2014-06-041-6/+33
| | | | | | | | | | | | | | | mounted partitions: # dd if=/dev/zero of=/dev/sda bs=1 count=1 UDEV [4157.369250] change .../0:0:0:0/block/sda (block) UDEV [4157.375059] change .../0:0:0:0/block/sda/sda1 (block) UDEV [4157.397088] change .../0:0:0:0/block/sda/sda2 (block) UDEV [4157.404842] change .../0:0:0:0/block/sda/sda4 (block) unmounted partitions: # dd if=/dev/zero of=/dev/sdb bs=1 count=1 UDEV [4163.450217] remove .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block) UDEV [4163.593167] change .../target6:0:0/6:0:0:0/block/sdb (block) UDEV [4163.713982] add .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block)
* socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering2014-06-046-29/+70
|
* udev: link-config - fix mem leakTom Gundersen2014-06-041-1/+3
| | | | Reported by Kay.
* udev: synthesize "change' events for partitions when tools change the diskKay Sievers2014-06-041-2/+42
| | | | | | This should make sure that fdisk-like programs will automatically cause an update of all partitions, just like mkfs-like programs cause an update of the partition.
* fsck: disable "-l" option for nowKay Sievers2014-06-041-1/+12
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
* udevd: inotify - modernizationsKay Sievers2014-06-041-23/+22
|
* bus-proxy: drop priviliges if we canLennart Poettering2014-06-042-9/+35
| | | | | | Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
* core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering2014-06-039-3/+105
| | | | | | | | | | | | | | ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
* networkd: split runtime config dir from state dirTom Gundersen2014-06-034-17/+17
| | | | | | | | | | | | Configuration will be in root:root /run/systemd/network and state will be in systemd-network:systemd-network /run/systemd/netif This matches what we do for logind's seat/session state.
* udev: exclude device-mapper from block device ownership event lockingKay Sievers2014-06-031-1/+13
|
* shared: capability - don't loop over the cap bits if they are all unsetTom Gundersen2014-06-031-4/+4
|
* shared: allow drop_priviliges to drop all privsTom Gundersen2014-06-031-9/+11
|
* udev: always close lock file descriptorKay Sievers2014-06-031-6/+4
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=79576
* sd-dhcp-client: allways request broadcastCamilo Aguilar2014-06-031-0/+9
| | | | | | | | | | | | | On systems which cannot receive unicast packets until its IP stack has been configured we need to request broadcast packets. We are currently not able to reliably detect when this is necessary, so set it unconditionally for now. This is set on all packets, but the DHCP server will only broadcast the packets that are necessary, and unicast the rest. For more information please refer to this thread in CoreOS: https://github.com/coreos/bugs/issues/12 [tomegun: rephrased commit message]
* resolved: run as unpriviliged "systemd-resolve" userTom Gundersen2014-06-031-2/+18
| | | | | | This service is not yet network facing, but let's prepare nonetheless. Currently all caps are dropped, but some may need to be kept in the future.
* networkd: drop CAP_SYS_MODULETom Gundersen2014-06-036-69/+1
| | | | | | | | | | | | | | | | | | | Rely on modules being built-in or autoloaded on-demand. As networkd is a network facing service, we want to limits its capabilities, as much as possible. Also, we may not have CAP_SYS_MODULE in a container, and we want networkd to work the same there. Module autoloading does not always work, but should be fixed by the kernel patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which is currently in net-next and which people may consider backporting if they want tunneling support without compiling in the modules. Early adopters may also use a module-load.d snippet and order systemd-modules-load.service before networkd to force the module loading of tunneling modules. This sholud fix the various build issues people have reported.
* networkd: introduce vti tunnelSusant Sahani2014-06-025-3/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch enables vti tunnel support. example conf: file : vti.netdev [NetDev] Name=vti-tun Kind=vti MTUBytes=1480 [Tunnel] Local=X.X.X.X Remote=X.X.X.X file: vti.network [Match] Name=em1 [Network] Tunnel=vti-tun TODO: Add more attributes for vti tunnel IFLA_VTI_IKEY IFLA_VTI_OKEY
* networkd: sit-tunnel add support for pmtudiscSusant Sahani2014-06-024-0/+11
| | | | | | | | | | | | | | | | | | | | | | This patch adds path of mtu discovery for sit tunnel. To enable/disable DiscoverPathMTU is introduced. Example configuration file: sit.netdev [NetDev] Name=sit-tun Kind=sit MTUBytes=1480 [Tunnel] DiscoverPathMTU=1 Local=X.X.X.X Remote=X.X.X.X By default pmtudisc is turned on , if DiscoverPathMTU is missing from the config. To turn it off DiscoverPathMTU=0 needs to be set.
* networkd: introduce gre tunnelSusant Sahani2014-06-022-0/+127
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch enables gre tunnel support. example conf: file : gre.netdev [NetDev] Name=gre-tun Kind=gre MTUBytes=1480 [Tunnel] Local=X.X.X.X Remote=X.X.X.X file: gre.network [Match] Name=em1 [Network] Tunnel=gre-tun TODO: Add more attributes for gre tunnel IFLA_GRE_IFLAGS IFLA_GRE_IFLAGS IFLA_GRE_IKEY IFLA_GRE_OKEY
* networkd-netdev: fix white spaceSusant Sahani2014-06-021-1/+0
|
* networkd: introduce veth device supportSusant Sahani2014-06-024-1/+143
| | | | | | | | | | | | | | | This patch adds veth device support to networkd. Example conf: File: veth.netdev [NetDev] Name=veth-test Kind=veth [Peer] Name=veth-peer
* resolved: move resolv.conf to resolved's runtime dirTom Gundersen2014-06-022-5/+5
|
* networkd: run as unpriviliged "systemd-network" userLennart Poettering2014-06-011-3/+22
| | | | | | This allows us to run networkd mostly unpriviliged with the exception of CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter though...
* timesyncd: split privilege dropping code out of timesyncd so that we can ↵Lennart Poettering2014-06-014-70/+74
| | | | | | make use of it from other daemons too This is preparation to make networkd work as unpriviliged user.
* tty-ask-password-agent: Do tell what directory we failed to openCristian Rodríguez2014-06-011-1/+1
|
* udev-builtin-keyboard: do tell on which device EVIOCSKEYCODE failed.Cristian Rodríguez2014-06-011-1/+1
| | | | | | | | I am getting "Error calling EVIOCSKEYCODE (scan code 0xc022d, key code 418): Invalid argument", the error message does not tell on which specific device the problem is, add that info.
* util: ignore_file should not allow files ending with '~'Thomas Hindoe Paaboel Andersen2014-05-311-1/+1
| | | | | | ignore_file currently allows any file ending with '~' while it seems that the opposite was intended: a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
* fsck: include device name in the message about missing fsckZbigniew Jędrzejewski-Szmek2014-05-301-2/+4
|
* virt: rework container detection logicLennart Poettering2014-05-282-18/+42
| | | | | | | | | | | | Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
* build-sys: use glibc's xattr support instead of requiring libattrKay Sievers2014-05-286-25/+4
|
* hostnamed: Fix the way that static and transient host names interactStef Walter2014-05-281-5/+30
| | | | | | | | | | | | | | | | | | It is almost always incorrect to allow DHCP or other sources of transient host names to override an explicitly configured static host name. This commit changes things so that if a static host name is set, this will override the transient host name (eg: provided via DHCP). Transient host names can still be used to provide host names for machines that have not been explicitly configured with a static host name. The exception to this rule is if the static host name is set to "localhost". In those cases we act as if no static host name has been explicitly set. As discussed elsewhere, systemd may want to have an fd based ownership of the transient name. That part is not included in this commit.
* test-dhcp-option: fix memleakTom Gundersen2014-05-261-1/+1
|
* analyze/run: use bus_open_transport_systemd instead of bus_open_transportThomas Bächler2014-05-262-2/+2
| | | | | | | | | Both systemd-analyze and systemd-run only access org.freedesktop.systemd1 on the bus. This patch allows using systemd-run --user and systemd-analyze --user even if the user session's bus is not properly integrated with the systemd user unit. https://bugs.freedesktop.org/show_bug.cgi?id=79252 and other reports...
* Do not unescape unit names in [Install] sectionMichal Sekletar2014-05-261-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=49316
* timesysnc: reword network watching messages, and move resolver errors to debugKay Sievers2014-05-251-3/+3
|
* nspawn: make nspawn robust to container failureDjalal Harouni2014-05-253-25/+279
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nspawn and the container child use eventfd to wait and notify each other that they are ready so the container setup can be completed. However in its current form the wait/notify event ignore errors that may especially affect the child (container). On errors the child will jump to the "child_fail" label and terminate with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd is created without the "EFD_NONBLOCK" flag, this leaves the parent blocking on the eventfd_read() call. The container can also be killed at any moment before execv() and the parent will not receive notifications. We can fix this by using cheap mechanisms, the new high level eventfd API and handle SIGCHLD signals: * Keep the cheap eventfd and EFD_NONBLOCK flag. * Introduce eventfd states for parent and child to sync. Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the parent from waiting on an event that will never come. * If the child is killed before execv() or before notifying the parent, we install a NOP handler for SIGCHLD which will interrupt blocking calls with EINTR. This gives a chance to the parent to call wait() and terminate in main(). * If there are no errors, parent will block SIGCHLD, restore default handler and notify child which will do execv(), then parent will pass control to process_pty() to do its magic. This was exposed in part by: https://bugs.freedesktop.org/show_bug.cgi?id=76193 Reported-by: Tobias Hunger tobias.hunger@gmail.com
* nspawn: move container wait logic into wait_for_container()Djalal Harouni2014-05-251-37/+78
| | | | | | | | | | | | Move the container wait logic into its own wait_for_container() function and add two status codes: CONTAINER_TERMINATED or CONTAINER_REBOOTED. The status will be stored in its argument, this way we handle: a) Return negative on failures. b) Return zero on success and set the status to either CONTAINER_REBOOTED or CONTAINER_TERMINATED. These status codes are used to terminate nspawn or loop again in case of CONTAINER_REBOOTED.
* test-path-util: add tests for path_make_relative()Tanu Kaskinen2014-05-251-0/+22
|
* path-util: fix missing terminating zeroTanu Kaskinen2014-05-251-10/+5
| | | | | | | | | | | | | | | | | | There was this code: if (to_path_len > 0) memcpy(p, to_path, to_path_len); That didn't add the terminating zero, so the resulting string was corrupt if this code path was taken. Using strcpy() instead of memcpy() solves this issue, and also simplifies the code. Previously there was special handling for shortening "../../" to "../..", but that has now been replaced by a path_kill_slashes() call, which also makes the result prettier in case the input contains redundant slashes that would otherwise be copied to the result.
* Use %m instead of strerror(errno) where appropiateCristian Rodríguez2014-05-254-8/+6
|
* test-unit-file: skip if unit_file_get_list returns permission deniedCristian Rodríguez2014-05-251-0/+6
|
* Fix several small typosJonathan Boulle2014-05-242-4/+4
|
* detect-virt: Remove string for Microsoft virtualization detection in DMI ↵Reyad Attiyat2014-05-241-1/+0
| | | | | | | | vendor string array. The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID. https://bugs.freedesktop.org/show_bug.cgi?id=78312