Patrik Flykt [Fri, 31 Jan 2014 09:31:22 +0000 (11:31 +0200)]
libsystemd-network: Add Init-Reboot support
Init-Reboot is tried if a client IP address has been given when
the DHCP client is started. In Init-Reboot, start by sending a
broadcast DHCP Request including the supplied client IP address
but without the server identifier. After sending the request,
enter Reboot state.
If a DHCP Ack is received, proceed to Bound state as usual. If a
DHCP Nak is received or the first timeout triggers, start the
address acquisition over from DHCP Init state.
See RFC 2131, sections 4.3.2, 4.4, 4.4.1 and 4.4.2 for details.
sd-bus: if we got a message with fds attached even though we didn't negotiate it, refuse to take it
This makes sure we don't mishandle if developers specificy a different
AcceptFileDescriptors= setting in .busname units then they set for the
bus connection in the activated program.
AcceptFD= defaults to true, thus making sure that by default fd passing
is enabled for all activatable names. Since for normal bus connections
fd passing is enabled too by default this makes sure fd passing works
correctly regardless whether a service is already activated or not.
Making this configurable on both busname units and in bus connections is
messy, but unavoidable since busnames are established and may queue
messages before the connection feature negotiation is done by the
service eventually activated. Conversely, feature negotiation on bus
connections takes place before the connection acquires its names.
Of course, this means developers really should make sure to keep the
settings in .busname units in sync with what they later intend to
negotiate.
util: replace close_nointr_nofail() by a more useful safe_close()
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:
fd = safe_close(fd);
Which will close an fd if it is open, and reset the fd variable
correctly.
By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
Tom Gundersen [Tue, 18 Mar 2014 13:13:01 +0000 (14:13 +0100)]
sd-dhcp-client: make sure timers fire immediately
The default slack caused there to be a delay before timers fired. Solve it
by setting timers that should trigger immediately to trigger far in the past.
This brings down the ideal-case dhcp lease acquisition time from about 500ms to
about 50ms (over a veth pair, so no network latency involved).
All the rest of the time (except for ~0.5ms) is spent in the bind() call in,
dhcp_network_bind_raw_socket(). I don't know if there is anything to be done
about that though...
It seems that resources are properly deallocated by MHD_destroy_response,
even if enqueuing the request fails.
Also replace a trivial printf with alloca and fixup log message
(it'll now be something like "Connection from CN=some.host.name",
which seems clear enough.)
machinectl: reimplement machinectl's "reboot" verb on top of "kill", and add new verb "poweroff"
There's really no point to send the reboot SIGINT from machinectl
directly, if machined can do that anyway. This saves code, and
makes machinectl network transparent for these verbs. And while we are
at it we can easily add a "poweroff" verb in addition to "reboot". Yay!
core: remount /sys/fs/cgroup/ read-only after we mounted all controllers
Given that glibc searches for /dev/shm by just looking for any tmpfs we
should be more careful with providing tmpfs instances arbitrary code
might end up writing to.
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
Jason St. John [Mon, 17 Mar 2014 04:03:46 +0000 (00:03 -0400)]
man: improve wording of systemctl's --after/--before
Commit 4a77ca7 was an attempt at fixing the wording of --after and --before,
but the new wording was unclear.
Split the combined --after/--before section into a separate section for
each, explicitly state what each option does, and add information about
how these lists are generated.
Reported-by: Andrey Borzenkov <arvidjaar@gmail.com> Reported-by: Lennart Poettering <lennart@poettering.net>
Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd
server on those two ports, in http and https modes respectively.
As before, --listen-http=3 --listen-https=4 will launch µhttpd servers
on ports 3 and 4.
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.
Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.
The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
journal-gatewayd: check if certificate is signed by CA
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.
Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
journal-gatewayd: ask clients to provide certificates
A certificate authority certificate will be presented to clients,
causing them to present their client certificate, if it is signed by
this authority (default behaviour of most clients). No certificate
checking is actually performed.
Josh Triplett [Sat, 15 Mar 2014 18:40:07 +0000 (11:40 -0700)]
Use strlen even for constant strings
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often makes it clearer that the expression counts the
trailing '\0' exactly once, by putting the +1 for the '\0' at the end of
the expression, rather than hidden in a sizeof in the middle of the
expression.
This will let journald forward logs as messages sent to all logged in
users (like wall).
Two options are added:
* ForwardToWall (default yes)
* MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.
This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
utmp_wall() now takes an optional argument 'username_override' which
allows the caller to override the username shown on wall messages.
journald will use this to inform users that its wall messages comes from
'systemd-journald'.
Michael Marineau [Fri, 14 Mar 2014 04:32:12 +0000 (21:32 -0700)]
shared: add root argument to search_and_fopen
This adds the same root argument to search_and_fopen that
conf_files_list already has. Tools that use those two functions as a
pair can now be easily modified to load configuration files from an
alternate root filesystem tree.
Greg KH [Fri, 14 Mar 2014 04:43:04 +0000 (04:43 +0000)]
machine-id: add --root option to operate on an alternate fs tree
This makes it possible to initialize the /etc/machine-id file on an
arbitrary filesystem hierarchy. This helps systems that wish to run
this at image creation time in a subdirectory, or from initramfs before
pivot-root is called.
[tomegun: converted to using _cleanup_free_ macros]
Brandon Philips [Thu, 13 Mar 2014 22:19:40 +0000 (15:19 -0700)]
nspawn: allow -EEXIST on mkdir_safe /home/${uid}
With systemd 211 nspawn attempts to create the home directory for the
given uid. However, if the home directory already exists then it will
fail. Don't error out on -EEXIST.
sd-bus: don't look for a 64bit value when we only have 32bit value on reply cookie hash table access
This broke hashtable lookups for the message cookies on s390x, which is
a 64bit BE machine where accessing 32bit values as 64bit and vice versa
will explode.
Also, while we are at it, be a bit more careful when dealing with the
64bit cookies we expose and the 32bit serial numbers dbus uses in its
payload.
Tom Gundersen [Thu, 13 Mar 2014 16:47:30 +0000 (17:47 +0100)]
nspawn: make host0's MAC address persistent
We still need to make sure that no two MAC addresses are the same, so we use
a logic similar to what is used in udev to generate MAC addresses, and base
it on a hash of the host's machine ID and thecontainer's name.
getty: Start getty on 3270 terminals available on Linux on System z
Add the first 3270 terminal device that is associated with the Linux preferred
console to the list of virtualization consoles. This is required to
automatically start a getty if the conmode=3270 kernel parameter is specified
for Linux on z/VM instances. Note that a queued upstream patch also enable
the 3270 terminal device if it is associated with the Linux preferred console.
How
To successfully start agetty on a 3270 terminal, a change in the agetty
parameter order is required. Previously, agetty would started like this:
/sbin/agetty --keep-baud 3270/tty1 115200,38400,9600 TERM
The agetty program interprets the "3270/tty1" as baud rate and fails to start
with the "bad speed: 3270/tty1" error message. Fixing this in agetty is more
complex rather than reordering the command line parameters like this:
/sbin/agetty --keep-baud 115200,38400,9600 3270/tty1 TERM
According to agetty sources and "agetty --help", agetty accepts the "tty",
"baudrate tty", and "tty baudrate" specifications.
P.S. The "tty: Set correct tty name in 'active' sysfs attribute" introduces
a change to display the terminal device which is associated with the
Linux preferred console. This change helps to let systemd handle this
particular case only. Without the changes of this commit, no additional
3270 terminal device can be managed by systemd.