Michal Schmidt [Wed, 30 Sep 2015 13:12:19 +0000 (15:12 +0200)]
core: change how crash_shell and crash_reboot interact
Instead of freezing in PID1 and letting the forked child freeze or
reboot when exec("/bin/sh") fails, just wait for the child's
exit and then do the freeze_or_reboot in PID1 as usual.
This means that when both crash_shell and crash_reboot are enabled, the
system will reboot after the shell exits.
ask-password: add support for caching passwords in the kernel keyring
This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.
This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.
Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
Sangjung Woo [Tue, 6 Oct 2015 10:08:16 +0000 (19:08 +0900)]
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled
systemd-sysusers.service unit creates system users and groups and it
could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow.
Those files should have '_' smack label because of accessibility.
However, if systemd has its own smack label using '--with-smack-run-label'
configuration, systemd-sysusers process spawned by systemd(pid:1) has
its parent smack label and eventually updated files also is set as its
parent smack label.
This patch fixes that bug by labeling updated files as '_' smack label
when --with-smack-run-label' is enabled.
Primarily clean-up error logging: log either all or no error messages in
the various functions. Mostly this means the actual password querying
calls no longer will log on their own, but the callers have to do so.
Contains various other fixes too, for example ports some code over to
use the clean-up macro.
Michal Schmidt [Tue, 6 Oct 2015 12:56:33 +0000 (14:56 +0200)]
test: hashmap - increase number of entries for crippled hash test
The purpose of testing with the crippled hash function is to cover
the otherwise very unlikely codepath in bucket_calculate_dib() where
it has to fall back to recomputing the hash value.
This unlikely path was not covered by test-hashmap anymore after 57217c8f "test: hashmap - cripple the hash function by truncating the
input rather than the output".
Restore the test coverage by increasing the number of entries in the test.
The number was determined empirically by checking with lcov.
unit: give systemd-networkd.socket a better description
Usually we try to properly uppercase first characters in the
description, do so here, too. Also, keep it close to the string used in
systemd-networkd.service.
core: add support for naming file descriptors passed using socket activation
This adds support for naming file descriptors passed using socket
activation. The names are passed in a new $LISTEN_FDNAMES= environment
variable, that matches the existign $LISTEN_FDS= one and contains a
colon-separated list of names.
This also adds support for naming fds submitted to the per-service fd
store using FDNAME= in the sd_notify() message.
This also adds a new FileDescriptorName= setting for socket unit files
to set the name for fds created by socket units.
This also adds a new call sd_listen_fds_with_names(), that is similar to
sd_listen_fds(), but also returns the names of the fds.
systemd-activate gained the new --fdname= switch to specify a name for
testing socket activation.
Jacob Keller [Mon, 5 Oct 2015 21:14:45 +0000 (14:14 -0700)]
document ability to disable MACAddressPolicy
While it is currently possible to either not set MACAddressPolicy or set
it to a value different from "persistent" or "random", it is not obvious
that a user can do so. Add a policy, "none", which simply retains kernel
MAC addresses (same as not filling in the policy at all) and document it
so that users are aware of this setting.
Signed-off-by: Jacob Keller <jacob.keller@gmail.com>
Kay Sievers [Mon, 5 Oct 2015 22:41:32 +0000 (00:41 +0200)]
libsystemd: sd-device - translate / vs. ! in sysname
The kernel replaces '/' in device names with '!', we translate that back
to '/' in sysname, when taking sysname as input, we should translate it
back again.
Tom Gundersen [Sat, 3 Oct 2015 22:22:41 +0000 (00:22 +0200)]
hashmap: refactor hash_func
All our hash functions are based on siphash24(), factor out
siphash_init() and siphash24_finalize() and pass the siphash
state to the hash functions rather than the hash key.
This simplifies the hash functions, and in particular makes
composition simpler as calling siphash24_compress() repeatedly
on separate chunks of input has the same effect as first
concatenating the input and then calling siphash23_compress()
on the result.
Tom Gundersen [Sat, 3 Oct 2015 23:14:41 +0000 (01:14 +0200)]
test: hashmap - cripple the hash function by truncating the input rather than the output
The reason for the crippled hash function is to reduce the distribution
of the hash function, do this by truncating the domain rather than the
range. This does introduce a change in behavoir as the range is no longer
contiguous, which greatly reduces collisions.
This is needed as a follow-up patch will no longer allow individual hash
functions to alter the output directly.
Tom Gundersen [Sat, 3 Oct 2015 22:24:23 +0000 (00:24 +0200)]
test: siphash24 - verify internal state and composability
Verify the state of the hash-function according to the reference paper,
also verify that we can decompose the input and hash the chunks one
by one and still get the same result.
Tom Gundersen [Sat, 3 Oct 2015 19:27:25 +0000 (21:27 +0200)]
siphash24: move last compression iteration from compression step to finalization step
The last compression is special as it deals with the length byte, and padding. Move
it to the finalization step in preparation for making compression decomposable.
core: don't unset reload result, unless we begin a start or reload operation
Much like the result of the service itself we should not reset the
reload result unless we actually start from the beginning, so that
clients can query it at any time.
Specifically, let's reset the result states only when we begin with a
start operation (for both the main result, and the reload result), when
we begin with a reload operation (only for the load result), or when the
use explicitly asks for that via "systemctl reset-failed".
Implement a maximum limit on number of journal files to keep around.
Enforcing a limit is useful on this since our performance when viewing
pays a heavy penalty for each journal file to interleve. This setting is
turned on now by default, and set to 100.
Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428
promised: use whatever we find on disk at startup as lower bound on how
much disk space we can use. That commit introduced some provisions to
implement this, but actually never did.
This also adds "journalctl --vacuum-files=" to vacuum files on disk by
their number explicitly.
journal: don't affect atime of journal files when vacuuming
Let's try to use O_NOATIME if we can when vacuuming old journal files,
if we have the permissions for it, so that vacuuming doesn't count as
proper journal read access.