summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* TODO: add note about chase_symlink flagLuca Boccassi2021-10-241-0/+3
|
* Merge pull request #21108 from mrc0mmand/here-comes-the-coverageYu Watanabe2021-10-243-6/+12
|\ | | | | A couple more coverage-related tweaks
| * test: rename the global service override file for coverage runsFrantisek Sumsal2021-10-231-1/+1
| | | | | | | | | | | | Otherwise we break TEST-15-DROPIN, since it uses /usr/lib/systemd/system/service.d/override.conf in some of its sub-tests.
| * README: fix CentOS CI badgeFrantisek Sumsal2021-10-231-1/+1
| |
| * test: disable ProtectHome= when collecting coverage as wellFrantisek Sumsal2021-10-232-5/+11
|/ | | | | | | | | | Depending on the location of the original build dir, either ProtectHome= or ProtectSystem= may get in the way when creating the gcov metadata files. Follow-up to: * 02d7e73013a92c5580023e4e548d19adbc254dbe * 6c9efba67715cd1ced170ac46c04d47934ad276a
* Merge pull request #21082 from yuwata/network-dhcp6-pd-trivial-cleanupsYu Watanabe2021-10-231-43/+53
|\ | | | | network: DHCPv6 PD: several trivial cleanups
| * network: dhcp6pd: check link state earlier before assigning prefixes to ↵Yu Watanabe2021-10-221-5/+5
| | | | | | | | | | | | downstream Also, narrow the acceptable range of the states.
| * network: dhcp6pd: also call dhcp6_pd_prepare() and dhcp6_pd_finalize() for ↵Yu Watanabe2021-10-221-8/+14
| | | | | | | | | | | | upstream interface As now the subnet prefix may be assigned to the upstream interface.
| * network: dhcp6pd: not necessary to drop routes when Assign=yesYu Watanabe2021-10-211-30/+34
| |
* | efivars: skip writing if variable is already in wanted stateAnssi Hannula2021-10-231-1/+25
| | | | | | | | | | | | | | | | | | In order to minimize EFI variable NVRAM wear, do not rewrite variables if they are already in the wanted state (i.e. same data and attributes). This allows e.g. performing repeat calls of "bootctl install" (which always rewrites the EFI boot entry) without consuming EFI NVRAM write cycles.
* | homed: don't drop caches on activationLennart Poettering2021-10-233-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | We should drop caches if we are configured to do so in all cases where we are done with home dir operations: except if that operation is activation, because in that case we are not destroying anything, but leaving it on. Hence, turn off the flag that reminds us that we should drop caches before exiting, once activation completed fully, Follow-up for 86019efa4416d7b548cab321c15bc22a65463786
* | nspawn: ignore --suppress-sync=yes when seccomp is disabledYu Watanabe2021-10-221-0/+4
| | | | | | | | | | | | Follow-up for 4a4654e0241fbeabecb8587fd3520b6b39264b9c. Fixes #21090.
* | nspawn: bump RLIMIT_NOFILE for nspawn payload similar to how host PID 1 does ↵Lennart Poettering2021-10-221-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | it for its payload We try to pass containers roughly the same rlimits as the host gets from the kernel. However, this means we'd set the RLIMIT_NOFILE to 4K. Which is quite limiting though, and is something we actually departed from in PID1: since 52d620757817bc0fa7de3ddbe43024544ced7ea0 we raise the limit substantially for all userspace. Given that nspawn is quite often invoked without proper PID1, let's raise the limits for container payloads the same way as we do from the real PID1 to its service payloads.
* | update TODOLennart Poettering2021-10-221-0/+6
| |
* | sd-boot: Add keys to reboot into firmware interfaceJan Janssen2021-10-223-22/+53
| | | | | | | | | | | | | | | | This is useful if the auto-firmware setting has been disabled. The keys used here are based on what the majority of firmware employ in the wild. This also ensures there's a chance for the user to discover this in case they were too slow during POST or simply used the wrong ones.
* | Merge pull request #21094 from poettering/userns-splitLennart Poettering2021-10-228-48/+67
|\ \ | | | | | | util-lib: split out userns allocation into new helper function
| * | process-util: move sync() out of freeze()Lennart Poettering2021-10-222-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | We are using this for creating userns namespaces, and we really shouldn't try to sync there. Moreover the use of free() in shutdown code doesn't need it anyway, since it just sync()ed right before anyway. Only the third user of freeze() we have actually needs the syc(), hence do it there and nowhere else.
| * | namespace-util: introduce userns_acquire() as helper for allocating new ↵Lennart Poettering2021-10-223-23/+45
| | | | | | | | | | | | | | | | | | | | | | | | unbound userns This returns a namespace fd, and takes a uidmap/gidmap as string. This is split out out mount-util.c's remount_idmap() logic, so that we can allocate a userns independently.
| * | basic: move freeze() from shared/exec-util.h to basic/process-util.hLennart Poettering2021-10-224-25/+23
| | | | | | | | | | | | | | | That way we can use it in other code from basic/. It fits into both headers equally well or badly, hence let's just move this one function.
* | | Merge pull request #21093 from poettering/homework-trivial-tweaksLennart Poettering2021-10-226-26/+44
|\ \ \ | | | | | | | | homed trivial refactoring
| * | | homework: split home_unshare_and_mount() in twoLennart Poettering2021-10-223-5/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the call did two things, and the second thing was optional (depending on first arg being NULL). Let's simplify this and just make it two distinct functions, where one calls the other. This should make things a bit more readable, given that we called a function called "…and_mount()" which didn't actually mount... No actual code changes, just some refactoring.
| * | | homework: use bit fields where we deal with lots of separate boolean flagsLennart Poettering2021-10-221-6/+6
| | | | | | | | | | | | | | | | No actual code changes, just making a structure a bit shorter.
| * | | homework: add macro for "/run/systemd/user-home-mount"Lennart Poettering2021-10-225-15/+20
| |/ / | | | | | | | | | | | | | | | | | | We use this work dir a various places, and it's easy to mistype, hence let the compiler detect this for us, and introduce a macro for it. No code changes, just some search/replace.
* | | update TODOLennart Poettering2021-10-221-0/+8
| | |
* | | Merge pull request #21079 from poettering/fd-reopen-directory-tweakLennart Poettering2021-10-222-3/+112
|\ \ \ | |/ / |/| | fd-util: when re-opening a directory with fd_reopen() go via openat(……
| * | test-fd-util: add test case for fd_reopen()Lennart Poettering2021-10-221-0/+96
| | |
| * | fd-util: tweak error handling in fd_reopen()Lennart Poettering2021-10-221-3/+6
| | | | | | | | | | | | | | | | | | If we know that /proc/ works, then ENOENT when reopening an fd means the fd didn't exist. Let's return the correct error code for that, i.e. EBADF.
| * | fd-util: when re-opening a directory with fd_reopen() go via openat(…, ↵Lennart Poettering2021-10-221-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ".", …) This adds a tiny shortcut to fd_reopen(): if we are about to reopen the fd via O_DIRECTORY then we know it#s a directory and we might as well reopen it via opening "." using the fd as "at fd" in openat(). This has the benefit that we don't need /proc/self/fd/ around for this special case: fewer sources of errors.
* | | network: dhcp6pd: fix the default value of subnet IDYu Watanabe2021-10-221-1/+1
| | | | | | | | | | | | The type of dhcp6_pd_subnet_id is int64_t.
* | | varlink: disconnect varlink link in one more caseLennart Poettering2021-10-221-3/+4
|/ / | | | | | | | | | | | | | | | | | | Previously we'd possibly see POLLHUP on a varlink link, and continue to run epoll on it even though we have nothing to read nor write anymore. Let's fix that, and once we know that there's nothing to write anymore (or we saw a write error already) we'll disconnect after POLLHUP. Fixes: #20062
* | test-networkd-address: fix clock typeLennart Poettering2021-10-221-2/+2
| | | | | | | | | | | | The clock to use internally is clock_boottime_or_monotonic(), but the test used CLOCK_MONOTONIC. After one system suspend the test thus likely starts to fail.
* | sd-boot: Be more precise about secure boot modesJan Janssen2021-10-2210-17/+111
| | | | | | | | Fixes: #11559
* | Merge pull request #21081 from mrc0mmand/even-more-coverage-tweaksYu Watanabe2021-10-213-5/+38
|\ \ | | | | | | test: collect even more coverage
| * | test: make the coverage check safer for non-compiled buildsFrantisek Sumsal2021-10-211-1/+9
| | |
| * | test: collect the coverage _before_ unmounting the rootfsFrantisek Sumsal2021-10-211-1/+1
| | | | | | | | | | | | d'oh!
| * | test: loosen sandbox restrictions for integration tests as wellFrantisek Sumsal2021-10-211-4/+12
| | | | | | | | | | | | | | | | | | Otherwise we miss quite a lot of coverage (mainly from logind, hostnamed, networkd, and possibly others), since they can't write their reports with `ProtectSystem=strict`.
| * | test: loosen certain sandbox restrictions when collecting coverageFrantisek Sumsal2021-10-211-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With `ProtectSystem=strict` gcov is unable to write the *.gcda files with collected coverage. Let's add a yet another switch to make such restriction less strict to make gcov happy. This addresses following errors: ``` ... systemd-networkd[272469]: profiling:/systemd-meson-build/src/shared/libsystemd-shared-249.a.p/binfmt-util.c.gcda:Cannot open systemd-networkd[272469]: profiling:/systemd-meson-build/src/shared/libsystemd-shared-249.a.p/base-filesystem.c.gcda:Cannot open systemd-networkd[272469]: profiling:/systemd-meson-build/src/shared/libsystemd-shared-249.a.p/barrier.c.gcda:Cannot open systemd-networkd[272469]: profiling:/systemd-meson-build/src/shared/libsystemd-shared-249.a.p/ask-password-api.c.gcda:Cannot open systemd-networkd[272469]: profiling:/systemd-meson-build/src/shared/libsystemd-shared-249.a.p/apparmor-util.c.gcda:Cannot open systemd-networkd[272469]: profiling:/systemd-meson-build/src/shared/libsystemd-shared-249.a.p/acpi-fpdt.c.gcda:Cannot open ... ```
| * | test: wait a bit for the given PID to die if it's still aliveFrantisek Sumsal2021-10-211-0/+10
| | | | | | | | | | | | | | | | | | When playing around with the coverage-enabled build I kept hitting an issue where dnsmasq failed to start because the previous instance was still shutting down. This should, hopefully, help to mitigate that.
* | | hwdb: Allow USB autosuspend for MS Surface Pro (2017) Type CoverJonas Dreßler2021-10-211-0/+8
| |/ |/| | | | | | | The Surface Type Covers are known to support USB autosuspend just fine (and it's also enabled by default on Windows), so enable it in hwdb.
* | Merge pull request #21072 from yuwata/network-address-lifetimeYu Watanabe2021-10-2111-150/+223
|\ \ | | | | | | network: address: use usec_t for handling lifetime
| * | network: address: use usec_t for handling lifetimeYu Watanabe2021-10-218-95/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This drops stuct ifa_cacheinfo from Address, and store lifetime with usec_t. Why? Now, all requests of address configurations are once stored in the request queue, and will be processed when it is ready. So, the timestamp value passed to the kernel must be evaluated on configure. This also fixes the following two issues. - Time values in struct ifa_cacheinfo are stored in uint32_t. So, the validity check of the address configured by NDisc may fail on long running systems. - If a system uses DHCPv6PD, when an interface may appear or be reconfigured later, then the lifetime value may be inappropriate. We need to adjust the lifetime with the current time and the timestamp of the lease.
| * | network: ndisc: rename valid_until -> lifetime_usecYu Watanabe2021-10-212-22/+30
| | |
| * | network: ndisc: add missing lifetime checkYu Watanabe2021-10-211-4/+7
| | |
| * | network: route: rename lifetime -> lifetime_usecYu Watanabe2021-10-214-32/+37
| | |
* | | Merge pull request #21050 from yuwata/network-bpf-cleanupsYu Watanabe2021-10-215-75/+64
|\ \ \ | |_|/ |/| | libsystemd-network: cleanup BPF code
| * | icmp6: shorten code a bitYu Watanabe2021-10-211-7/+6
| | |
| * | dhcp: shorten BPF code a bitYu Watanabe2021-10-211-10/+6
| | | | | | | | | | | | | | | | | | - replace `A = k` and `X = A` with `X = k`, - replace `A ^= X` and `A == 0` with `A == X`. - use UINT32_MAX when accept a packet
| * | dhcp: rebreak function argumentsYu Watanabe2021-10-211-8/+23
| | |
| * | dhcp: fix assertionsYu Watanabe2021-10-211-2/+5
| | |
| * | dhcp: shorten code a bitYu Watanabe2021-10-211-9/+3
| | |