NSS modules (libnss_*.so.*) need to be installed into
${rootlibdir} (typically /lib) in order to be used. Previously, the
modules were installed into ${libdir}, thus usually ending up in
/usr/lib, even on systems where split usr is enabled, or ${libdir} is
passed explicitly.
If Kind is not specied, the message about "Invalid Kind" was misleading.
If Kind was specified in an invalid way, we get a message in the parsing
phase anyway. Reword the message to cover both cases better.
man: mention that netdev,network files support dropins
Also update the description of drop-ins in systemd.unit(5) to say that .d
directories, not .conf files, are in /etc/system/system, /run/systemd/system,
etc.
Updated formatting for printing the key for FSS (#4165)
The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption.
Before:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.
Tomáš Janoušek [Thu, 15 Sep 2016 23:26:31 +0000 (01:26 +0200)]
logind: fix /run/user/$UID creation in apparmor-confined containers (#4154)
When a docker container is confined with AppArmor [1] and happens to run
on top of a kernel that supports mount mediation [2], e.g. any Ubuntu
kernel, mount(2) returns EACCES instead of EPERM. This then leads to:
systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied
login[42]: pam_systemd(login:session): Failed to create session: Access denied
and user sessions don't start.
This also applies to selinux that too returns EACCES on mount denial.
Ivan Shapovalov [Tue, 13 Sep 2016 00:04:35 +0000 (03:04 +0300)]
update-done, condition: write the timestamp to the file as well and use it to prevent false-positives
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90192 and #4130
for real. Also, remove timestamp check in update-done.c altogether since
the whole operation is idempotent.
We were already unconditionally using the unicode character when the
input string was not pure ASCII, leading to different behaviour in
depending on the input string.
journal-remote: implement %m support in mhd_respondf
errno value is not protected (it is undefined after this function returns).
Various mhd_* functions are not documented to protect errno, so this could not
guaranteed anyway.
According to its manual page, flags given to mkostemp(3) shouldn't include
O_RDWR, O_CREAT or O_EXCL flags as these are always included. Beyond
those, the only flag that all callers (except a few tests where it
probably doesn't matter) use is O_CLOEXEC, so set that unconditionally.
This parser will also be used in libinput, which uses the MIT license, so
relicense this file to the more permissive license to make bidirectional code
flow easier. parse_hwdb.py is only useful during building of the project, and
is not part of the installation, so effectively both licenses are very similar.
In particular, the licensing of binary packages produced by systemd is not
influenced in any way, because the MIT licensed part is not installed.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X1 Tablet models.
Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
When root was empty or equal to "/", chroot_symlinks_same was called with
root==NULL, and strjoina returned "", so the code thought both paths are equal
even if they were not. Fix that by always providing a non-null first argument
to strjoina.
Michael Olbrich [Fri, 9 Sep 2016 15:05:06 +0000 (17:05 +0200)]
unit: sent change signal before removing the unit if necessary (#4106)
If the unit is in the dbus queue when it is removed then the last change
signal is never sent. Fix this by checking the dbus queue and explicitly
send the change signal before sending the remove signal.
Felipe Sateler [Wed, 31 Aug 2016 13:00:35 +0000 (10:00 -0300)]
seccomp: also detect if seccomp filtering is enabled
In https://github.com/systemd/systemd/pull/4004 , a runtime detection
method for seccomp was added. However, it does not detect the case
where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible
if the architecture does not support filtering yet.
Add a check for that case too.
While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl,
as that should save a few system calls and (unnecessary) allocations.
Previously, reading of /proc/self/stat was done as recommended by
prctl(2) as safer. However, given that we need to do the prctl call
anyway, lets skip opening, reading and parsing the file.
Code for checking inspired by
https://outflux.net/teach-seccomp/autodetect.html
also fix valgrind warning
```
Unloaded link configuration context.
==31690==
==31690== HEAP SUMMARY:
==31690== in use at exit: 8,192 bytes in 2 blocks
==31690== total heap usage: 431 allocs, 429 frees, 321,164 bytes allocated
==31690==
==31690== 4,096 bytes in 1 blocks are still reachable in loss record 1 of 2
==31690== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==31690== by 0x166B32: mempool_alloc_tile (mempool.c:62)
==31690== by 0x166BBC: mempool_alloc0_tile (mempool.c:81)
==31690== by 0x15B8FC: hashmap_base_new (hashmap.c:732)
==31690== by 0x15B9F7: internal_hashmap_new (hashmap.c:766)
==31690== by 0x151291: conf_files_list_strv_internal (conf-files.c:103)
==31690== by 0x1514BA: conf_files_list_strv (conf-files.c:135)
==31690== by 0x13A1CF: link_config_load (link-config.c:227)
==31690== by 0x135B68: builtin_net_setup_link_init
(udev-builtin-net_setup_link.c:77)
==31690== by 0x1306B3: udev_builtin_init (udev-builtin.c:57)
==31690== by 0x11E984: adm_builtin (udevadm-test-builtin.c:72)
==31690== by 0x117B4D: run_command (udevadm.c:75)
```
Fixes #4080
systemctl: usable status command for special units (#4072)
Prior to this commit, users could be given an unusable command to run if
they attempted to stop or start special services. For example:
$ systemctl stop -- -.mount
Failed to stop -.mount: Operation refused, unit -.mount may be \
requested by dependency only.
See system logs and 'systemctl status -.mount' for details.
$ systemctl status -.mount
systemctl: invalid option -- '.'
This adds a '--' to the example command in these situations.
machinectl: split OS field in two; print ip addresses (#4058)
This splits the OS field in two : one for the distribution name
and one for the the version id.
Dashes are written for missing fields.
This also prints ip addresses of known machines. The `--max-addresses`
option specifies how much ip addresses we want to see. The default is 1.
When more than one address is written for a machine, a `,` follows it.
If there are more ips than `--max-addresses`, `...` follows the last
address.
Yann E. MORIN [Sun, 28 Aug 2016 15:26:42 +0000 (17:26 +0200)]
missing.h: add missing definitions for __O_TMPFILE
Currently, a missing __O_TMPFILE was only defined for i386 and x86_64,
leaving any other architectures with an "old" toolchain fail miserably
at build time:
src/import/export-raw.c: In function 'reflink_snapshot':
src/import/export-raw.c:271:26: error: 'O_TMPFILE' undeclared (first use in this function)
new_fd = open(d, O_TMPFILE|O_CLOEXEC|O_NOCTTY|O_RDWR, 0600);
^
__O_TMPFILE (and O_TMPFILE) are available since glibc 2.19. However, a
lot of existing toolchains are still using glibc-2.18, and some even
before that, and it is not really possible to update those toolchains.
Instead of defining it only for i386 and x86_64, define __O_TMPFILE
with the specific values for those archs where it is different from the
generic value. Use the values as found in the Linux kernel (v4.8-rc3,
current as of time of commit).
---
Note: tested on ARM (build+run), with glibc-2.18 and linux headers 3.12.
Untested on other archs, though (I have no board to test this).
Changes v1 -> v2:
- add a comment specifying some are hexa, others are octal.