core: explicitly specify credentials for direct connections, too
So far we authenticate direct connections primarily at connection time,
but let's also do this for each method individually, by attaching the
creds we need for that right away.
tmpfiles: use an ordered hashmap for the tmpfiles items
We should try to execute them in the same order they appear in the
configuration files, as it is documented. Hence move to an ordered
hashmap.
(Note though, that this still doesn't execute them completely in order:
we will still apply non-glob lines before glob-lines, and reorder lines
prefixing each other and that apply to the same paths).
When creating recursive read-only snapshots we need to mark the snapshot
writable immediately before creating subsnapshots within it, otherwise
the operation for it will fail.
The module is currently no auto-loadable (and this is unlikely to change
anytime soon, given it's API is via getsockopt/setsockopt). It is needed
by networkd and nspawn currently.
Users who really don't like the module to be loaded have the option to
blacklist it still, or not compile it at all. But for all others this
should make things work out-of-the-box.
journal: don't force FS_NOCOW_FL on new journal files, but warn if it is missing
This way users have the freedom to set or unset the FS_NOCOW_FL flag on
their journal files by setting it on the journal directory. Since our
default tmpfiles configuration now sets this flag on the directory the
flag is set by default on new files, however people can opt-out of this
by masking the tmpfiles file for it.
btrfs-util: be more careful when invoking btrfs file system ioctls
If we get passed an fd that does not refer to a regular file or
directory, we should not issue btrfs ioctls on it, since it might end up
in a device driver or similar (note that DRM for example uses the same
ioctl numbers as some file system ioctls).
Hence, let's make sure to always check if something is a regular file or
directory, or is on btrfs before invoking the respective ioctls. It's
better to be safe than sorry.
util: make sure fd refers to regular file or directory when applying file attributes
Before invoking file system ioctls we need to make sure that the
specified fd actually refers to a file system object, and not a device
node or similar. Otherwise we might by accident invoke unrelated device
driver ioctls. For example, DRM ioctls use the same ioctl numbers as the
various file system ioctls.
Kay Sievers [Tue, 21 Apr 2015 22:39:36 +0000 (00:39 +0200)]
efi-boot-generator: set automount expire for /boot
This should make the Linux vfat handling less fragile, by unmounting
the idle mount and causing to sync the entire file system to disk.
On my machines, The FAT file system at /boot regularly gets corrupted
with unclean shutdowns, rendering the machines unbootable. Either the
VFS write-back behaviour or the vfat driver itself is just not reliable
enough to be/stay mounted at every bootup.
Because of that, the automount expiry was on top of my personal
wish list. Thanks a lot Michael!
build-sys: move systemd.pc from pkgconfiglibdir back into pkgconfigdatadir
The original idea of systemd.pc was to contain arch-independent system
and systemd information. By exposing libdir as part of the fields (added
in eb39a6239c631873db62f6a942e6cb3dab0a2db4), it started to carry
arch-dependent data, thus breaking multilib systems. It was then moved
to pkgconfiglibdir to deal with this (in aec432c6134146e138124c4130be2ee89dca07fa), but actually the right
approach is to simply not include libdir in the .pc file at all.
THis patch hence more or less reverts both commits again, and moves the
.pc file back into pkgconfigdatadir.
As alternative for querying the systems primary libdir there's now
"systemd-path system-library-arch", hence a more correct alternative
exists for querying this variable from the .pc file.
hwdb: add evdev entry for the Lenovo X230 series touchpad
The Lenovo X230 advertize a vertical resolution of 136, which gives a true
size of 31 mm. The actual physical size of the touchpad is 40 mm, so
override the resolution to 100.
Hans de Goede [Fri, 17 Apr 2015 14:48:09 +0000 (16:48 +0200)]
hwdb: Add entries for the pointingstick on 2 Dell Latitudes
The pointingstick of the Dell Latitude E6400 is somewhat slow by default,
whereas the pointingstick of the Dell Latitude D620 is much too fast by
default, set POINTINGSTICK_CONST_ACCEL for both of them to adjust for this.
Hans de Goede [Fri, 17 Apr 2015 14:48:08 +0000 (16:48 +0200)]
hwdb: Add entries for the trackpoint on 2 Thinkpads
Lenovo has changed the sensitivity of the trackpoint on the x240 / T440s / T540
generation of Thinkpads, making them somewhat insensitive by default, add a
hwdb entry to tweak the sensitivity setting.
The ThinkPad X200s is way way too slow by default and unless you push the
trackpoint quite hard only sends delta events in the 1-2 range, tweak the
sensitivity to make it send a wider range of deltas and apply a const accel
factor to make it have a more reasonable speed by default.
Hans de Goede [Fri, 17 Apr 2015 14:48:07 +0000 (16:48 +0200)]
udev: keyboard-builtin: Add support for setting IBM trackpoint sensitivity
IBM / Lenovo trackpoints allow specifying a sensitivity setting through a
ps/2 command, which changes the range of the deltas sent when using the
trackpoint.
On some models with normal usage only deltas of 1 or 2 are send, resulting in
there only being 2 mouse cursor movement speeds, rather than the expected fluid
scale. Changing the sensitivity to a higher level than the bootup default fixes
this.
This commit adds support for setting a POINTINGSTICK_SENSITIVITY value
in hwdb to allow changing the sensitivity on boot through udev / hwdb.
Hans de Goede [Fri, 17 Apr 2015 14:48:06 +0000 (16:48 +0200)]
udev: Add hwdb file for setting pointingstick properties
There is quite a wide spread in the delta events generated by pointingsticks,
some generate deltas of 1-2 under normal use, while others generate deltas
from 1-20.
This commit adds a hwdb file which allows specifying a per model
POINTINGSTICK_CONST_ACCEL value which can be used by the userspace input stack
to normalize the deltas so that all pointingsticks get the same feeling ootb.
The hwdb matching re-uses the existing 60-evdev.rules.
Fedora's filesystem package ships /usr/bin (and other directories) which are
not writable by its owner. machinectl pull-dkr (and possibly others) are not
able to extract those:
service: transition through SIGKILL states only when SIGKILL is enabled
If there's no remaining process to kill, skip the SIGKILL states if
SIGKILL is disabled.
Effectively this doesn't change much since if there's nothing to kill
with SIGTERM or SIGABRT then there's also nothing to kill with SIGKILL.
However, this avoids confusion with the state engine jumping through
SIGKILL states for no reason...
Susant Sahani [Thu, 5 Mar 2015 16:32:47 +0000 (22:02 +0530)]
networkd vxlan: Add support for enabling UDP checksums
Add UDPCheckSum option to enable transmitting UDP checksums when doing
VXLAN/IPv4. Add UDP6ZeroChecksumRx, and UDP6ZeroChecksumTx
options to enable sending zero checksums and receiving zero
checksums in VXLAN/IPv6
[tomegun: rebase manpage due to whitespace changes]
udev: settle should return immediately when timeout is 0
udevadm manual says:
A value of 0 will check if the queue is empty and always return
immediately.
However, currently we ignore the deadline if the value is 0, and wait
without any limit.
Zero timeout behaved according to the documentation until commit ead7c62ab7 (udevadm: settle - kill alarm()). Looking at this patch, it
seems that the behavior change was unintended.
Martin Pitt [Thu, 16 Apr 2015 11:44:07 +0000 (06:44 -0500)]
cryptsetup: Implement offset and skip options
These are useful for plain devices as they don't have any metadata by
themselves. Instead of using an unreliable hardcoded device name in crypttab
you can then put static metadata at the start of the partition for a stable
UUID or label.
Tom Gundersen [Fri, 17 Apr 2015 12:53:02 +0000 (14:53 +0200)]
sd-device: uniformly handle missing devices
sd_device_new_from_* now returns -ENODEV when the device does not exist, and the enumerator
silently drops these errors as missing devices is exepected.
Tom Gundersen [Fri, 17 Apr 2015 12:11:00 +0000 (14:11 +0200)]
sd-device: enumerator - match only on initialized devices by default
It is still possible to include uninitialized ones, but now that is opt-in. In most
cases people only want initialized devices. Exception is if you want to work without
udev running.
selinux: use different log priorites for log messages
When selinux calls our callback with a log message, it specifies the
type as AVC or INFO/WARNING/ERROR. The question is how to map this to
audit types and/or log priorities. SELINUX_AVC maps to AUDIT_USER_AVC
reasonably, but for the other messages we have no idea, hence we use
AUDIT_USER_AVC for everything. When not using audit logging, we can
map those selinux levels to LOG_INFO/WARNING/ERROR etc.
Also update comment which was not valid anymore in light of journald
sucking in audit logs, and was actually wrong from the beginning —
libselinux uses the callback for everything, not just avcs.
This stemmed out of https://bugzilla.redhat.com/show_bug.cgi?id=1195330,
but does not solve it.
Hans de Goede [Mon, 13 Apr 2015 09:15:01 +0000 (11:15 +0200)]
input_id: Identify scroll-wheel device on Trust TB7300 tablet as keyboard
The Trust TB7300 (relabelled Waltop?) tablet has a scrollwheel which shows
up as a /dev/input/event# node all by itself. Currently input_id does not
set any ID_INPUT_FOO attr on this causing it it to not be recognized by
Xorg / libinput.
This commit fixes this by marking it with ID_INPUT_KEY.
tmpfiles: Add +C attrib to the journal files directories
Add the +C file attribute (NOCOW) to the journal directories, so that
the flag is inherited automatically for new journal files created in
them. The journal write pattern is problematic on btrfs file systems as
it results in badly fragmented files when copy-on-write (COW) is used:
the performances decreases substantially over time.
To avoid this issue, this tmpfile.d snippet sets the NOCOW attribute to
the journal files directories, so newly created journal files inherit
the NCOOW attribute that disables copy-on-write.
Be aware that the NOCOW file attribute also disables btrfs checksumming
for these files, and thus prevents btrfs from rebuilding corrupted files
on a RAID filesystem.
In a single disk filesystems (or filesystems without redundancy) it is
safe to use the NOCOW flags without drawbacks, since the journal files
contain their own checksumming.