tests: drop the precondition check for inherited flag
Docker's default capability set has the inherited flag already
set - that breaks tests which expect otherwise. Let's just
drop the check and run the test anyway.
random-util: optionally allow randomness to be generated via RDRAND
We only use this when we don't require the best randomness. The primary
usecase for this is UUID generation, as this means we don't drain
randomness from the kernel pool for them. Since UUIDs are usually not
secrets RDRAND should be goot enough for them to avoid real-life
collisions.
Originally, the high_quality_required boolean argument controlled two
things: whether to extend any random data we successfully read with
pseudo-random data, and whether to return -ENODATA if we couldn't read
any data at all.
The boolean got replaced by RANDOM_EXTEND_WITH_PSEUDO, but this name
doesn't really cover the second part nicely. Moreover hiding both
changes of behaviour under a single flag is confusing. Hence, let's
split this part off under a new flag, and use it from random_bytes().
This should normally not happen, but given that the man page suggests
something about this in the context of interruption, let's handle this
and propagate an I/O error.
It's more descriptive, since we also have a function random_bytes()
which sounds very similar.
Also rename pseudorandom_bytes() to pseudo_random_bytes(). This way the
two functions are nicely systematic, one returning genuine random bytes
and the other pseudo random ones.
Matthew Leeds [Thu, 8 Nov 2018 03:41:06 +0000 (19:41 -0800)]
man: Fix implicit dep info for timer units (#10679)
This reorganizes the systemd.timer man page so that it doesn't claim
there are no implicit dependencies right after specifying the implicit
dependencies, and so that it matches the other man pages for units. This
fixes a mistake introduced by commit aed5cb03db.
Jan Synacek [Mon, 8 Oct 2018 13:14:38 +0000 (15:14 +0200)]
ask-password: improve log message when inotify limit is reached
When inotify_add_watch() fails because of the inotify limit, errno is
set to ENOSPC and then gets shown to users as "No space left on device".
That is very confusing and requires in-depth knowledge of the C library.
Therefore, show user-friendly message when inotify limit is reached.
dnf upgrade on Fedora Rawhide pulls in unwanted selinux-policy
packages which breaks the system in several ways (and usually
ends up with crashed systemd)
tests: add a couple of files containing all the sections and directives
This should help the fuzzers to discover code paths faster.
In case anyone is interested, they were generated with the following script
```
perl -aF'/[\s,]+/' -ne '
if (my ($s, $d) = ($F[0] =~ /^([^\s\.]+)\.([^\s\.]+)$/)) { $d{$s}{$d} = 1; }
END { while (my ($key, $value) = each %d) {
printf "[%s]\n%s\n", $key, join("\n", keys(%$value))
}}'
```
by passing src/network/networkd-network-gperf.gperf and
src/network/netdev/netdev-gperf.gperf to it.
networkd: remove a weird assertion from network_load_one
The assertion was added in dbffab87f1504abc9f but I'm not exactly sure
why. Now it just crashes a fuzzer I wrote. I, of course, could fix the fuzzer
so that it would generate names ending in ".network" if anyone would tell
me why the assertion should be kept here.
login: Don't mark framebuffer devices as master-of-seat devices
Currently we consider any framebuffer device as enough to have a
valid graphical session, but this might lead to many false postives
like in the case of framebuffer devices that have a linked drm card
which is still in the process of being added, or for vesa fb, and
so it doesn't ensure us that we can have a proper graphical session.
Since these days we normally don't consider anything without a DRM
card able to provide a full graphical session, let's not set this
at this level.
Drivers which can provide a graphical session with the sole fb are
still free to mark any device as `master-of-seat`
Yu Watanabe [Thu, 1 Nov 2018 07:54:10 +0000 (16:54 +0900)]
udevd: increase default number of workers
The uevent handling in udevd is not cpu hungry.
So, let's increase the default number of workers per cpu.
This decrease the number of queued uevents.
Without this commit (children_max is 16 on my laptop)
```
$ journalctl -b -u systemd-udevd.service | grep reached | wc -l
1544
```
With this commit (children_max is 30 on my laptop)
```
$ journalctl -b -u systemd-udevd.service | grep reached | wc -l
7
```
Yu Watanabe [Thu, 1 Nov 2018 01:37:51 +0000 (10:37 +0900)]
udevd: wait 3 seconds before killing worker processes
During boot process, many worker processes are forked and killed.
To decrease cycles of forking and killing worker, let's wait
3 seconds before killing workers. If new uevent or inotify event
comes within the delay, the killing porcess will be cancelled.
core, sysctl: skip ENOENT for /proc/sys/net/unix/max_dgram_qlen
sysctl is disabled for /proc mounted from an user namespace thus entries like
/proc/sys/net/unix/max_dgram_qlen do not exist. In this case, skip the error
and do not try to change the default for the AF_UNIX datagram queue length.
Tobias Jungel [Tue, 6 Nov 2018 12:28:12 +0000 (13:28 +0100)]
networkd: don't remove route
In case networkd is restarted this prevents a removal of an already existing
route that would be configured using networkd. With the proposed changes the
route will be kept on the interface without removing. This happens only on
physical hosts or VMs since networkd handles interface configuration slightly
different in containers.
Tobias Jungel [Wed, 31 Oct 2018 12:33:54 +0000 (13:33 +0100)]
networkd: don't remove ip address
In case networkd is restarted this prevents a removal of an already existing IP
address that would be configured using networkd. With the proposed changes the
IP address will be kept on the interface without removing. This happens only on
physical hosts or VMs since networkd handles interface configuration slightly
different in containers.