summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-14791-2314/+11
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* grypt-util: drop two emacs modelinesLennart Poettering2018-06-142-2/+0
| | | | No idea why they didn't get removed earlier...
* tree-wide: use proper unicode © instead of (C) where we canLennart Poettering2018-06-14124-177/+177
| | | | | | Let's use a proper unicode copyright symbol where we can, it's prettier. This important patch is very important.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141152-2305/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* locale-util: on overlayfs FTW_MOUNT causes nftw(3) to not list *any* filesFranck Bui2018-06-141-1/+1
| | | | | | | | | | | | | | On overlayfs, FTW_MOUNT causes nftw to not list *any* files because the condition used by glibc to verify that it's on the same mountpoint doesn't work on overlayfs, see https://bugzilla.suse.com/show_bug.cgi?id=1096807 for the details. However using FTW_MOUNT doesn't seem to be really needed when walking through the keymap directorie tree. So until the glibc or the kernel is fixed (which might take some time), let's make localectl works with overlayfs. There's a small side effect here, by which regular (non-directory) files with bind mounts will be parsed while they were skipped by the previous logic.
* timedatectl: add 'show' command to display machine-readable outputYu Watanabe2018-06-142-1/+24
| | | | Closes #9249.
* Merge pull request #9193 from keszybz/coverityLennart Poettering2018-06-141-0/+8
|\ | | | | Coverity support for glibc-2.27
| * test-sizeof: also print float types from ISO/IEC TS 18661-3Zbigniew Jędrzejewski-Szmek2018-06-051-0/+8
| |
* | resolve: rename PrivateDNS to DNSOverTLSIwan Timmer2018-06-1423-107/+107
| | | | | | PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
* | Merge pull request #9263 from poettering/log-serializeZbigniew Jędrzejewski-Szmek2018-06-144-22/+146
|\ \ | | | | | | save/restore log level across daemon reexec
| * | main: simplify arg_system initialization a bitLennart Poettering2018-06-131-2/+3
| | | | | | | | | | | | | | | For both branches of the if check it's the first line, hence let's just do it before.
| * | pid1: preserve current value of log target across re-{load,execution}Franck Bui2018-06-134-7/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To make debugging easier, this patches allows one to change the log target and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log target at runtime (via the bus or via signals), the change was lost on the next reload/reexecution. In order to restore back the default value (set via system.conf, environment variables or any other means ), the empty string in the "LogTarget" property is now supported as well as sending SIGTRMIN+26 signal.
| * | pid1: preserve current value of log level across re-{load,execution}Franck Bui2018-06-134-13/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
* | | Merge pull request #9291 from poettering/nspawn-fixletsLennart Poettering2018-06-132-8/+9
|\ \ \ | | | | | | | | tiny nspawn fixlets
| * | | nspawn: free global variables before exitingLennart Poettering2018-06-131-2/+6
| | | | | | | | | | | | | | | | This doesn't really matter much, but is prettier for valgrind
| * | | nspawn: drop unused parameter from one callLennart Poettering2018-06-131-6/+3
| |/ /
* | | Merge pull request #9290 from poettering/radv-fixletsLennart Poettering2018-06-132-8/+11
|\ \ \ | | | | | | | | tiny sd-radv fixlets
| * | | sd-radv: use strv_isempty() where we canLennart Poettering2018-06-131-2/+1
| | | |
| * | | sd-radv: normalize function parameters a bitLennart Poettering2018-06-132-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's add "const" where we don't change structures passed. Also, we generally use "unsigned char" for IP prefix length values, do so here too. Previously different parts of the sd-radv.h API used different types for this.
| * | | sd-radv: close fd when destroying objectLennart Poettering2018-06-131-0/+4
| |/ /
* / / machine: ignore containers which disable private user namespace in ↵Yu Watanabe2018-06-131-0/+8
|/ / | | | | | | | | | | MapToMachine{User,Group} Fixes #9286.
* | networkd: Don't try to close fd in sd_radv_stop if fd is closed.Susant Sahani2018-06-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | sd_radv_stop is called from two places. if sd_radv_stop is alrady success then just don't try to close it . ``` systemd-networkd[604]: RADV: Stopping IPv6 Router Advertisement daemon systemd-networkd[604]: RADV: Unable to send last Router Advertisement with router lifetime set to zero: Bad file descriptor <==================HERE systemd-networkd[604]: RADV: Updated prefix 2a0a:*:*:fc::/64 preferred 1h valid 2h systemd-networkd[604]: RADV: Started IPv6 Router Advertisement daemon ``` Closes one of the issue #8960
* | Merge pull request #9261 from keszybz/drop-bool-castsLennart Poettering2018-06-1319-29/+50
|\ \ | | | | | | Drop bool casts
| * | test-alloc-util: add casts to bools from p ointersZbigniew Jędrzejewski-Szmek2018-06-131-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | C++03: "An rvalue of arithmetic, enumeration, pointer, or pointer to member type can be converted to an rvalue of type bool. A zero value, null pointer value, or null member pointer value is converted to false; any other value is converted to true" C should behave the same because pointers are scalars in C, but let's verify that.
| * | tree-wide: drop !! casts to booleansZbigniew Jędrzejewski-Szmek2018-06-1317-28/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They are not needed, because anything that is non-zero is converted to true. C11: > 6.3.1.2: When any scalar value is converted to _Bool, the result is 0 if the > value compares equal to 0; otherwise, the result is 1. https://stackoverflow.com/questions/31551888/casting-int-to-bool-in-c-c
| * | test-alloc-util: add a "test" for bool castsZbigniew Jędrzejewski-Szmek2018-06-131-0/+17
| | | | | | | | | | | | | | | | | | | | | Just in case ;) There is no good place, test-alloc-util.c is as good as any, and it's quite short so far, so let's add this there.
| * | basic/parse-util: remove unnecessary parenthesesZbigniew Jędrzejewski-Szmek2018-06-131-1/+1
| | |
* | | terminal-util: make file names in --cat-config output clickable linksLennart Poettering2018-06-131-1/+6
| | |
* | | binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commandsLennart Poettering2018-06-134-4/+57
|/ / | | | | | | | | The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
* | Merge pull request #9172 from yuwata/timesync-ntp-parserZbigniew Jędrzejewski-Szmek2018-06-134-12/+35
|\ \ | | | | | | timesync: check validity of NTP server name or address
| * | timesync: add more log messages in manager_network_read_link_servers()Yu Watanabe2018-06-131-3/+11
| | |
| * | timesync: check validity of NTP server name or addressYu Watanabe2018-06-133-3/+22
| | |
| * | conf-parser: simplify conf_parse_path()Yu Watanabe2018-06-131-6/+2
| | | | | | | | | | | | Follow-up for 97651797e83d0548aef9f808657d3518d89e5aee.
* | | Merge pull request #9280 from yuwata/follow-ups-8849Zbigniew Jędrzejewski-Szmek2018-06-137-9/+18
|\ \ \ | | | | | | | | Several follow-ups for #8849
| * | | resolvectl: fix indentationYu Watanabe2018-06-131-1/+1
| | | |
| * | | resolve: do not complete stream transaction when it is under retryingYu Watanabe2018-06-131-0/+2
| | | |
| * | | resolve: drop unused argument of dns_server_packet_lost()Yu Watanabe2018-06-133-5/+5
| | | |
| * | | resolve: correctly count TCP transaction failuresYu Watanabe2018-06-131-1/+1
| | | | | | | | | | | | | | | | Fixes #9281.
| * | | resolve: fix log messageYu Watanabe2018-06-131-1/+1
| | | |
| * | | resolve: reject PrivateDNS=yesYu Watanabe2018-06-131-1/+1
| | | |
| * | | resolve: make manager_get_private_dns_mode() always return valid settingYu Watanabe2018-06-131-1/+1
| | | |
| * | | resolve: add missing bus property and methodYu Watanabe2018-06-131-0/+7
| |/ / | | | | | | | | | Follow-up for #8849.
* | | Merge pull request #9153 from poettering/private-mountsZbigniew Jędrzejewski-Szmek2018-06-137-14/+24
|\ \ \ | |/ / |/| | introduce PrivateMounts= setting and clean up documentation for MountFlags=
| * | core: add new PrivateMounts= unit settingLennart Poettering2018-06-127-14/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new setting is supposed to be useful in most cases where "MountFlags=slave" is currently used, i.e. as an explicit way to run a service in its own mount namespace and decouple propagation from all mounts of the new mount namespace towards the host. The effect of MountFlags=slave and PrivateMounts=yes is mostly the same, as both cause a CLONE_NEWNS namespace to be opened, and both will result in all mounts within it to be mounted MS_SLAVE. The difference is mostly on the conceptual/philosophical level: configuring the propagation mode is nothing people should have to think about, in particular as the matter is not precisely easyto grok. Moreover, MountFlags= allows configuration of "private" and "slave" modes which don't really make much sense to use in real-life and are quite confusing. In particular PrivateMounts=private means mounts made on the host stay pinned for good by the service which is particularly nasty for removable media mount. And PrivateMounts=shared is in most ways a NOP when used a alone... The main technical difference between setting only MountFlags=slave or only PrivateMounts=yes in a unit file is that the former remounts all mounts to MS_SLAVE and leaves them there, while that latter remounts them to MS_SHARED again right after. The latter is generally a nicer approach, since it disables propagation, while MS_SHARED is afterwards in effect, which is really nice as that means further namespacing down the tree will get MS_SHARED logic by default and we unify how applications see our mounts as we always pass them as MS_SHARED regardless whether any mount namespacing is used or not. The effect of PrivateMounts=yes was implied already by all the other mount namespacing options. With this new option we add an explicit knob for it, to request it without any other option used as well. See: #4393
* | | resolve: do not derive query timeout from RTTMatthias-Christian Ott2018-06-123-28/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DNS queries need timeout values to detect whether a DNS server is unresponsive or, if the query is sent over UDP, whether a DNS message was lost and has to be resent. The total time that it takes to answer a query to arrive is t + RTT, where t is the maximum time that the DNS server that is being queried needs to answer the query. An authoritative server stores a copy of the zone that it serves in main memory or secondary storage, so t is very small and therefore the time that it takes to answer a query is almost entirely determined by the RTT. Modern authoritative server software keeps its zones in main memory and, for example, Knot DNS and NSD are able to answer in less than 100 µs [1]. So iterative resolvers continuously measure the RTT to optimize their query timeouts and to resend queries more quickly if they are lost. systemd-resolved is a stub resolver: it forwards DNS queries to an upstream resolver and waits for an answer. So the time that it takes for systemd-resolved to answer a query is determined by the RTT and the time that it takes the upstream resolver to answer the query. It seems common for iterative resolver software to set a total timeout for the query. Such total timeout subsumes the timeout of all queries that the iterative has to make to answer a query. For example, BIND seems to use a default timeout of 10 s. At the moment systemd-resolved derives its query timeout entirely from the RTT and does not consider the query timeout of the upstream resolver. Therefore it often mistakenly degrades the feature set of its upstream resolvers if it takes them longer than usual to answer a query. It has been reported to be a considerable problem in practice, in particular if DNSSEC=yes. So the query timeout systemd-resolved should be derived from the timeout of the upstream resolved and the RTT to the upstream resolver. At the moment systemd-resolved measures the RTT as the time that it takes the upstream resolver to answer a query. This clearly leads to incorrect measurements. In order to correctly measure the RTT systemd-resolved would have to measure RTT separately and continuously, for example with a query with an empty question section or a query for the SOA RR of the root zone so that the upstream resolver would be able to answer to query without querying another server. However, this requires significant changes to systemd-resolved. So it seems best to postpone them until other issues have been addressed and to set the resend timeout to a fixed value for now. As mentioned, BIND seems to use a timeout of 10 s, so perhaps 12 s is a reasonable value that also accounts for common RTT values. If we assume that the we are going to retry, it could be less. So it should be enough to set the resend timeout to DNS_TIMEOUT_MAX_USEC as DNS_SERVER_FEATURE_RETRY_ATTEMPTS * DNS_TIMEOUT_MAX_USEC = 15 s. However, this will not solve the incorrect feature set degradation and should be seen as a temporary change until systemd-resolved does probe the feature set of an upstream resolver independently from the actual queries. [1] https://www.knot-dns.cz/benchmark/
* | | core: when applying io/blkio per-device rules, don't remove them if they failLennart Poettering2018-06-121-36/+20
| | | | | | | | | | | | | | | These devices might show up later, hence leave the rules as they are. Applying the limits should not alter configuration.
* | | tree-wide: unify how we define bit mak enumsLennart Poettering2018-06-1222-102/+102
| | | | | | | | | | | | | | | | | | Let's always write "1 << 0", "1 << 1" and so on, except where we need more than 31 flag bits, where we write "UINT64(1) << 0", and so on to force 64bit values.
* | | Merge pull request #8849 from irtimmer/feature/dns-over-tlsLennart Poettering2018-06-1231-112/+844
|\ \ \ | |/ / |/| | resolve: Support for DNS-over-TLS
| * | resolve: make PrivateDNS configurable per linkIwan Timmer2018-06-1114-5/+227
| | | | | | | | | Like with DNSSec, make PrivateDNS configurable per link, so you can have trusted and untrusted links.
| * | resolved: support for DNS-over-TLSIwan Timmer2018-06-1114-37/+361
| | | | | | | | | | | | Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported.