summaryrefslogtreecommitdiffstats
path: root/hwdb (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-06-10networkd: fix bad memory access for routes that are note attached to a link ↵Lennart Poettering1-1/+1
yet (#3499) Corrects: 1b566071 Also see: https://github.com/systemd/systemd/pull/3478#issuecomment-225008542
2016-06-10core: disable colors when displaying cylon when systemd.log_color=off (#3495)Franck Bui1-5/+10
2016-06-10update TODOLennart Poettering1-0/+3
2016-06-10core/execute: add the magic character '!' to allow privileged execution (#3493)Alessandro Puccetti5-24/+34
This patch implements the new magic character '!'. By putting '!' in front of a command, systemd executes it with full privileges ignoring paramters such as User, Group, SupplementaryGroups, CapabilityBoundingSet, AmbientCapabilities, SecureBits, SystemCallFilter, SELinuxContext, AppArmorProfile, SmackProcessLabel, and RestrictAddressFamilies. Fixes partially https://github.com/systemd/systemd/issues/3414 Related to https://github.com/coreos/rkt/issues/2482 Testing: 1. Create a user 'bob' 2. Create the unit file /etc/systemd/system/exec-perm.service (You can use the example below) 3. sudo systemctl start ext-perm.service 4. Verify that the commands starting with '!' were not executed as bob, 4.1 Looking to the output of ls -l /tmp/exec-perm 4.2 Each file contains the result of the id command. ````````````````````````````````````````````````````````````````` [Unit] Description=ext-perm [Service] Type=oneshot TimeoutStartSec=0 User=bob ExecStartPre=!/usr/bin/sh -c "/usr/bin/rm /tmp/exec-perm*" ; /usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-pre" ExecStart=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start" ; !/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-star-2" ExecStartPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-post" ExecReload=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-reload" ExecStop=!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop" ExecStopPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop-post" [Install] WantedBy=multi-user.target] `````````````````````````````````````````````````````````````````
2016-06-10rules: block - add scm block devices to whitelist (#3494)Lennart Poettering1-1/+1
Since the introduction of the whitelist in 60-persistent-storage.rules block device symlinks are no longer created for scm block devices. Add scm to the whitelist. Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
2016-06-10nspawn: introduce --notify-ready=[no|yes] (#3474)Alessandro Puccetti5-8/+214
This the patch implements a notificaiton mechanism from the init process in the container to systemd-nspawn. The switch --notify-ready=yes configures systemd-nspawn to wait the "READY=1" message from the init process in the container to send its own to systemd. --notify-ready=no is equivalent to the previous behavior before this patch, systemd-nspawn notifies systemd with a "READY=1" message when the container is created. This notificaiton mechanism uses socket file with path relative to the contanier "/run/systemd/nspawn/notify". The default values it --notify-ready=no. It is also possible to configure this mechanism from the .nspawn files using NotifyReady. This parameter takes the same options of the command line switch. Before this patch, systemd-nspawn notifies "ready" after the inner child was created, regardless the status of the service running inside it. Now, with --notify-ready=yes, systemd-nspawn notifies when the service is ready. This is really useful when there are dependencies between different contaniers. Fixes https://github.com/systemd/systemd/issues/1369 Based on the work from https://github.com/systemd/systemd/pull/3022 Testing: Boot a OS inside a container with systemd-nspawn. Note: modify the commands accordingly with your filesystem. 1. Create a filesystem where you can boot an OS. 2. sudo systemd-nspawn -D ${HOME}/distros/fedora-23/ sh 2.1. Create the unit file /etc/systemd/system/sleep.service inside the container (You can use the example below) 2.2. systemdctl enable sleep 2.3 exit 3. sudo systemd-run --service-type=notify --unit=notify-test ${HOME}/systemd/systemd-nspawn --notify-ready=yes -D ${HOME}/distros/fedora-23/ -b 4. In a different shell run "systemctl status notify-test" When using --notify-ready=yes the service status is "activating" for 20 seconds before being set to "active (running)". Instead, using --notify-ready=no the service status is marked "active (running)" quickly, without waiting for the 20 seconds. This patch was also test with --private-users=yes, you can test it just adding it at the end of the command at point 3. ------ sleep.service ------ [Unit] Description=sleep After=network.target [Service] Type=oneshot ExecStart=/bin/sleep 20 [Install] WantedBy=multi-user.target ------------ end ------------
2016-06-10l10n: update belarusian translation (#3482)Viktar Vaŭčkievič4-116/+249
2016-06-10networkd: fix dbus matchmac interface (#3485)Andrew Jeddeloh1-1/+1
Fix issue where the *Network passed via userdata is being offset by offsetof(Network, matchmac) leading to incorrect values being exposed in dbus.
2016-06-10networkd: add support to configure VLAN on bridge portsTobias Jungel10-1/+466
2016-06-09networkd-link: parse linkinfo to get kindTobias Jungel2-1/+20
2016-06-09networkd: clean up vlan handling a bit (#3478)Lennart Poettering6-13/+117
Let's add a generic parser for VLAN ids, which should become handy as preparation for PR #3428. Let's also make sure we use uint16_t for the vlan ID type everywhere, and that validity checks are already applied at the time of parsing, and not only whne we about to prepare a netdev. Also, establish a common definition VLANID_INVALID we can use for non-initialized VLAN id fields.
2016-06-09Updated Turkish translation (#3477)Muhammet Kara1-49/+61
2016-06-09bus_util: add support to map double (#3479)Susant Sahani1-0/+13
Now we don't support parsing double at map_basic. when trying to use bus_message_map_all_properties with a double this fails. Let's add it.
2016-06-09udev-builtin-blkid: fix GPT_FLAG_NO_AUTO check for ESP (#3450)Lennart Poettering1-5/+5
The flags check was accidentally placed in the ESP if block, but should be in the root if block. This corrects: 0238d4c660e732dd03ba0cdb54a29ec5870ee849 Fixes: #3440 Also see: #3441
2016-06-09load-fragment: don't try to do a template instance replacement if we are not ↵Lennart Poettering1-1/+1
an instance (#3451) Corrects: 7aad67e7 Fixes: #3438
2016-06-09execute: check whether the specified fd is a tty before chowning/chmoding ↵Lennart Poettering1-0/+4
it (#3457) Let's add an extra safety check before we chmod/chown a TTY to the right user, as we might end up having connected something to STDIN/STDOUT that is actually not a TTY, even though this might have been requested, due to permissive StandardInput= settings or transient service activation with fds passed in. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=85255
2016-06-09Update spanish po file (#3463)Pablo Lezaeta Reyes [pˈaβ̞lo lˌe̞θaˈeta rˈejɛ]1-45/+36
2016-06-09units: add a basic SystemCallFilter (#3471)Topi Miettinen10-0/+10
Add a line SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace for daemons shipped by systemd. As an exception, systemd-timesyncd needs @clock system calls and systemd-localed is not privileged. ptrace(2) is blocked to prevent seccomp escapes.
2016-06-08logind: minor cleanup and use IN_SET() in manager_handle_action()Franck Bui1-1/+1
2016-06-08logind: really handle *KeyIgnoreInhibited options in logind.confFranck Bui1-1/+1
2016-06-08units: enable MemoryDenyWriteExecute (#3459)Topi Miettinen10-0/+10
Secure daemons shipped by systemd by enabling MemoryDenyWriteExecute. Closes: #3459
2016-06-08sysv-generator: remove more dead code (#3462)Lennart Poettering1-16/+11
The changes in 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f weren't complete, only half the code that dealt with K links was removed. This is a follow-up patch that removes the rest too. No functional changes.
2016-06-07hwdb: selinuxify a bit (#3460)Evgeny Vereshchagin1-2/+6
-bash-4.3# rm /etc/udev/hwdb.bin -bash-4.3# systemd-hwdb update -bash-4.3# ls -Z /etc/udev/hwdb.bin system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin Fixes: #3458
2016-06-07networkd: rename IPv6AcceptRouterAdvertisements to IPv6AcceptRALennart Poettering4-10/+13
The long name is just too hard to type. We generally should avoid using acronyms too liberally, if they aren't established enough, but it appears that "RA" is known well enough. Internally we call the option "ipv6_accept_ra" anyway, and the kernel also exposes it under this name. Hence, let's rename the IPv6AcceptRouterAdvertisements= setting and the [IPv6AcceptRouterAdvertisements] section to IPv6AcceptRA= and [IPv6AcceptRA]. The old setting IPv6AcceptRouterAdvertisements= is kept for compatibility with older configuration. (However the section [IPv6AcceptRouterAdvertisements] is not, as it was never available in a published version of systemd.
2016-06-07sd-netlink: fix deep recursion in message destruction (#3455)David Herrmann1-4/+6
On larger systems we might very well see messages with thousands of parts. When we free them, we must avoid recursing into each part, otherwise we very likely get stack overflows. Fix sd_netlink_message_unref() to use an iterative approach rather than recursion (also avoid tail-recursion in case it is not optimized by the compiler).
2016-06-07fstab-generator: don't process root= if it happens to be "gpt-auto" (#3452)Lennart Poettering1-0/+6
As that's handled by "gpt-auto-generator". Fixes: #3404
2016-06-06os-release: Add VERSION_CODENAME field (#3445)Benjamin Drung1-0/+16
Debian and their derivatives (Ubuntu, Trisquel, etc.) use a code name for their repositories. Thus record the code name in os-release for processing. Closes systemd/systemd#3429
2016-06-06cgtop: minimize aux variable scopeLennart Poettering1-1/+3
2016-06-06core: add minor commentLennart Poettering1-1/+1
Let's explain #3444 briefly in the sources, too.
2016-06-06mount: make sure got into MOUNT_DEAD state after a successful umount (#3444)michaelolbrich1-0/+1
Without this code the following can happen: 1. Open a file to keep a mount busy 2. Try to stop the corresponding mount unit with systemctl -> umount fails and the failure is remembered in mount->result 3. Close the file and umount the filesystem manually -> mount_dispatch_io() calls "mount_enter_dead(mount, MOUNT_SUCCESS)" -> Old error in mount->result is reused and the mount unit enters a failed state Clear the old error result when 'mountinfo' reports a successful umount to fix this.
2016-06-06network: beef up ipv6 RA support considerablyLennart Poettering17-557/+1911
This reworks sd-ndisc and networkd substantially to support IPv6 RA much more comprehensively. Since the API is extended quite a bit networkd has been ported over too, and the patch is not as straight-forward as one could wish. The rework includes: - Support for DNSSL, RDNSS and RA routing options in sd-ndisc and networkd. Two new configuration options have been added to networkd to make this configurable. - sd-ndisc now exposes an sd_ndisc_router object that encapsulates a full RA message, and has direct, friendly acessor functions for the singleton RA properties, as well as an iterative interface to iterate through known and unsupported options. The router object may either be retrieved from the wire, or generated from raw data. In many ways the sd-ndisc API now matches the sd-lldp API, except that no implicit database of seen data is kept. (Note that sd-ndisc actually had a half-written, but unused implementaiton of such a store, which is removed now.) - sd-ndisc will now collect the reception timestamps of RA, which is useful to make sd_ndisc_router fully descriptive of what it covers. Fixes: #1079
2016-06-06network: use inet_ntop() rather than SD_NDISC_ADDRESS_FORMAT_VAL() when ↵Lennart Poettering1-6/+9
serializing Let's use the usual libc API for serializing IPv6 addresses, instead of the NDISC-specific macro we should get rid of anyway.
2016-06-06util: make it easier to check whether in_addr or in6_addr addresses are NULLLennart Poettering2-6/+17
2016-06-06util-lib: add accessors for unaligned native endian wordsLennart Poettering2-0/+42
2016-06-06exit-status: update comments a bitLennart Poettering1-6/+10
2016-06-06lldp: include sys/types.h in sd-lldp.hLennart Poettering1-0/+1
After all, we use clockid_t which is defined there.
2016-06-06lldp: minor coding style improvementLennart Poettering1-4/+3
2016-06-06lldp: add sd_lldp_get_event() callLennart Poettering2-0/+7
sd-ndisc has something like this, let's add this for sd-lldp, too.
2016-06-06lldp: deal properly with recv() returning EAGAIN/EINTRLennart Poettering1-1/+5
It might very well return EAGAIN in case of packet checksum problems and suchlike, hence let's better handle this nicely, the same way as we do it in the other sd-network libraries for incoming datagrams.
2016-06-06lldp: pass correct neighbor object to REMOVED callbackLennart Poettering1-2/+1
2016-06-06lldp: rename TLV accessor pseudo-macrosLennart Poettering2-9/+8
Let's make sure the inline functions for retrieving TLV data actually carry TLV in the name, so that we don#t assume they retrieve the whole, raw packet data.
2016-06-06lldp: make sd_lldp_neighbor_tlv_rewind() return whether there's a first entryLennart Poettering1-1/+1
This way it's nicer to use as it matches how sd_lldp_neighbor_tlv_next() indicates an EOF too via its return value.
2016-06-06lldp: use NULL instead 0, when we deal with a pointerLennart Poettering1-1/+1
2016-06-06lldp: add _public_ to a two exported functions missing itLennart Poettering1-2/+2
2016-06-06lldp: clarify that sd_lldp_neighbor_get_ttl() returns secondsLennart Poettering2-4/+4
Let's simply encode this in the parameter name.
2016-06-06lldp: add proper ref counting to sd_lldp object and a separate call for ↵Lennart Poettering5-31/+70
setting the ifindex Let's make sd-lldp a bit more like sd-ndisc ant the other APIs, and add proper ref counting and a separate call for setting the ifindex. This also adds a new lldp_reset() call we can use at various places to close all fds. This is also similar to how sd-ndisc already does it.
2016-06-06exit-code: minor coding style updatesLennart Poettering1-12/+6
2016-06-06sd-lldp: take triple timestamp when reading LLDP packetsLennart Poettering4-3/+34
It's a good idea to store away the recption time of LLDP packets in the neighbor object, simply because the LLDP data only has a validity of a certain amount of time. Hence, let's record the timestamp when we receive the datagram and expose an API for it. Also, automatically expire LLDP neighbors based on this new timestamp.
2016-06-06sd-event: port over to new triple timestamp logicLennart Poettering1-39/+17
2016-06-06time-util: add triple timestamp objectLennart Poettering2-1/+98
We already have a double timestamp object that we use whenever we need both a MONOTONIC and a REALTIME timestamp taken and stored. With this change we also add a triple timestamp object that in addition stores a BOOTTIME timestamp, which is useful for a few usecases. Note that we keep dual_timestamp around, as it is useful in many cases where triple_timestamp is not, in particular because retrieving the monotonic and realtime timestamps is much cheaper on Linux that getting the boottime timestamp.