]> git.ipfire.org Git - thirdparty/systemd.git/log
thirdparty/systemd.git
5 years agoRevert "sleep: offer hibernation only if the kernel image still exists"
Zbigniew Jędrzejewski-Szmek [Fri, 21 Dec 2018 10:01:34 +0000 (11:01 +0100)] 
Revert "sleep: offer hibernation only if the kernel image still exists"

This reverts commit edda44605f06a41fb86b7ab8128dcf99161d2344.

The kernel explicitly supports resuming with a different kernel than the one
used before hibernation. If this is something that shouldn't be supported, the
place to change this is in the kernel. We shouldn't censor something that this
exclusively in the kernel's domain.

People might be using this to switch kernels without restaring programs, and
we'd break this functionality for them.

Also, even if resuming with a different kernel was a bad idea, we don't really
prevent that with this check, since most users have more than one kernel and
can freely pick a different one from the menu. So this only affected the corner
case where the kernel has been removed, but there is no reason to single it
out.

5 years agoMerge pull request #11050 from poettering/resolved-domain-route
Lennart Poettering [Fri, 21 Dec 2018 17:03:58 +0000 (18:03 +0100)] 
Merge pull request #11050 from poettering/resolved-domain-route

resolved: beef up domain routing

5 years agoMerge pull request #11210 from thom311/dhcp-set-client-id-no-inval
Lennart Poettering [Fri, 21 Dec 2018 17:00:42 +0000 (18:00 +0100)] 
Merge pull request #11210 from thom311/dhcp-set-client-id-no-inval

dhcp: don't enforce hardware address length for sd_dhcp_client_set_client_id()

5 years agotree-wide: make new/new0/malloc_multiply/reallocarray safe for size 0
Zbigniew Jędrzejewski-Szmek [Fri, 21 Dec 2018 09:21:41 +0000 (10:21 +0100)] 
tree-wide: make new/new0/malloc_multiply/reallocarray safe for size 0

All underlying glibc calls are free to return NULL if the size argument
is 0. We most often call those functions with a fixed argument, or at least
something which obviously cannot be zero, but it's too easy to forget.

E.g. coverity complains about "rows = new0(JsonVariant*, n_rows-1);" in
format-table.c There is an assert that n_rows > 0, so we could hit this
corner case here. Let's simplify callers and make those functions "safe".

CID #1397035.

The compiler is mostly able to optimize this away:
$ size build{,-opt}/src/shared/libsystemd-shared-239.so
(before)
   text    data     bss     dec     hex filename
2643329  580940    3112 3227381  313ef5 build/src/shared/libsystemd-shared-239.so     (-O0 -g)
2170013  578588    3089 2751690  29fcca build-opt/src/shared/libsystemd-shared-239.so (-03 -flto -g)
(after)
   text    data     bss     dec     hex filename
2644017  580940    3112 3228069  3141a5 build/src/shared/libsystemd-shared-239.so
2170765  578588    3057 2752410  29ff9a build-opt/src/shared/libsystemd-shared-239.so

5 years agoanalyze: add assert to verify we are not dividing by 0
Zbigniew Jędrzejewski-Szmek [Fri, 21 Dec 2018 07:20:41 +0000 (08:20 +0100)] 
analyze: add assert to verify we are not dividing by 0

CID #1397051.

5 years agoudevadm: add two more assertions
Yu Watanabe [Fri, 21 Dec 2018 07:12:45 +0000 (16:12 +0900)] 
udevadm: add two more assertions

Suggested by Coverity.

Closes CID#1397033 and CID#1395708.

5 years agoman: document new systemd-resolved.service(8) routing features in more detail 11050/head
Lennart Poettering [Tue, 4 Dec 2018 15:09:11 +0000 (16:09 +0100)] 
man: document new systemd-resolved.service(8) routing features in more detail

5 years agoman: split long section in systemd-resolved.service man page into three
Lennart Poettering [Tue, 4 Dec 2018 15:08:40 +0000 (16:08 +0100)] 
man: split long section in systemd-resolved.service man page into three

Also, do some minor updating.

5 years agoresolved: read DNS default route option from networkd
Lennart Poettering [Tue, 4 Dec 2018 12:48:28 +0000 (13:48 +0100)] 
resolved: read DNS default route option from networkd

5 years agosd-network: add new API sd_network_link_get_dns_default_route()
Lennart Poettering [Tue, 4 Dec 2018 12:47:53 +0000 (13:47 +0100)] 
sd-network: add new API sd_network_link_get_dns_default_route()

This simply reads from networkd's state files whether a link shall be
used as DNS default route.

5 years agonetworkd: permit DNS "DefaultRoute" configuration in .network files
Lennart Poettering [Tue, 4 Dec 2018 14:34:04 +0000 (15:34 +0100)] 
networkd: permit DNS "DefaultRoute" configuration in .network files

5 years agonetworkd: small simplification
Lennart Poettering [Tue, 4 Dec 2018 14:34:37 +0000 (15:34 +0100)] 
networkd: small simplification

5 years agoresolvectl: add support for reading/writing per-link 'default-route' boolean
Lennart Poettering [Tue, 4 Dec 2018 12:29:41 +0000 (13:29 +0100)] 
resolvectl: add support for reading/writing per-link 'default-route' boolean

5 years agoresolvectl: minor whitespace fix
Lennart Poettering [Tue, 4 Dec 2018 12:30:14 +0000 (13:30 +0100)] 
resolvectl: minor whitespace fix

5 years agoresolved: add bus API to set per-link "default route" boolean
Lennart Poettering [Tue, 4 Dec 2018 12:10:11 +0000 (13:10 +0100)] 
resolved: add bus API to set per-link "default route" boolean

5 years agoresolved: add an explicit way to configure whether a link is useful as default route
Lennart Poettering [Tue, 4 Dec 2018 11:40:07 +0000 (12:40 +0100)] 
resolved: add an explicit way to configure whether a link is useful as default route

Previously, we'd use a link as "default" route depending on whether
there are route-only domains defined on it or not. (If there are, it
would not be used as default route, if there aren't it would.)

Let's make this explicit and add a link variable controlling this. The
variable is not changeable from the outside yet, but subsequent commits
are supposed to add that.

Note that making this configurable adds a certain amount of redundancy,
as there are now two ways to ensure a link does not receive "default"
lookup (i.e. DNS queries matching no configured route):

1. By ensuring that at least one other link configures a route on it
   (for example by add "." to its search list)

2. By setting this new boolean to false.

But this is exactly what is intended with this patch: that there is an
explicit way to configure on the link itself whether it receives
'default' traffic, rather than require this to be configured on other
links.

The variable added is a tri-state: if true, the link is suitable for
recieving "default" traffic. If false, the link is not suitable for it.
If unset (i.e. negative) the original logic of "has this route-only
routes" is used, to ensure compatibility with the status quo ante.

5 years agoresolved: rework dns_server_limited_domains(), replace by dns_scope_has_route_only_do...
Lennart Poettering [Tue, 4 Dec 2018 11:08:18 +0000 (12:08 +0100)] 
resolved: rework dns_server_limited_domains(), replace by dns_scope_has_route_only_domains()

The function dns_server_limited_domains() was very strange as it
enumerate the domains associated with a DnsScope object to determine
whether any "route-only" domains, but did so as a function associated
with a DnsServer object.

Let's clear this up, and replace it by a function associated with a
DnsScope instead. This makes more sense philosphically and allows us to
reduce the loops through which we need to jump to determine whether a
scope is suitable for default routing a bit.

5 years agoresolved: bind .local domains to mDNS with DNS_SCOPE_YES, similar LLMNR
Lennart Poettering [Mon, 3 Dec 2018 21:27:19 +0000 (22:27 +0100)] 
resolved: bind .local domains to mDNS with DNS_SCOPE_YES, similar LLMNR

Previously, we'd return DNS_SCOPE_MAYBE for all domain lookups matching
LLMNR or mDNS. Let's upgrade this to DNS_SCOPE_YES, to make the binding
stronger.

The effect of this is that even if "local" is defined as routing domain
on some iface, we'll still lookup domains in local via mDNS — if mDNS is
turned on. This should not be limiting, as people who don't want such
lookups should turn off mDNS altogether, as it is useless if nothing is
routed to it.

This also has the nice benefit that mDNS/LLMR continue to work if people
use "~." as routing domain on some interface.

Similar for LLMNR and single label names.

Similar also for the link local IPv4 and IPv6 reverse lookups.

Fixes: #10125
5 years agoresolved: rework how we determine which scope to send a query to
Lennart Poettering [Mon, 3 Dec 2018 15:25:00 +0000 (16:25 +0100)] 
resolved: rework how we determine which scope to send a query to

Fixes: #10830 #9825 #9472
5 years agoresolved: add comment, explaining when Scope variables are copied from Link
Lennart Poettering [Tue, 4 Dec 2018 12:00:19 +0000 (13:00 +0100)] 
resolved: add comment, explaining when Scope variables are copied from Link

5 years agoresolved: rename_DNS_SCOPE_INVALID → _DNS_SCOPE_MATCH_INVALID
Lennart Poettering [Mon, 3 Dec 2018 21:26:46 +0000 (22:26 +0100)] 
resolved: rename_DNS_SCOPE_INVALID → _DNS_SCOPE_MATCH_INVALID

The _INVALID and _MAX enum fields should always use the full name of
thenum.

5 years agoresolved: check dns_over_tls_mode in link_needs_save()
Lennart Poettering [Tue, 4 Dec 2018 12:49:03 +0000 (13:49 +0100)] 
resolved: check dns_over_tls_mode in link_needs_save()

This was forgotten when DoT was added.

5 years agoresolved: use structured initialization for DnsScope
Lennart Poettering [Tue, 4 Dec 2018 12:31:29 +0000 (13:31 +0100)] 
resolved: use structured initialization for DnsScope

5 years agohwdb: update database
Zbigniew Jędrzejewski-Szmek [Thu, 20 Dec 2018 15:37:31 +0000 (16:37 +0100)] 
hwdb: update database

I looked over the diff, and it seems it's only additions and fixes, no removals.
The diff for the source files is much bigger, but it seems that the sorting
code is working well.

5 years agoNEWS: mention DynamicUser= is disabled for networkd, resolved and timesyncd
Yu Watanabe [Thu, 20 Dec 2018 18:27:26 +0000 (03:27 +0900)] 
NEWS: mention DynamicUser= is disabled for networkd, resolved and timesyncd

Which was disabled by #10117.

5 years agotests: explicitly enable user namespaces for TEST-13-NSPAWN-SMOKE
Frantisek Sumsal [Sat, 15 Dec 2018 19:22:31 +0000 (20:22 +0100)] 
tests: explicitly enable user namespaces for TEST-13-NSPAWN-SMOKE

5 years agohwdb: Add accelerometer orientation quirk for the PoV TAB-P1006W-232-3G
Hans de Goede [Thu, 20 Dec 2018 15:08:46 +0000 (16:08 +0100)] 
hwdb: Add accelerometer orientation quirk for the PoV TAB-P1006W-232-3G

Add accelerometer orientation quirk for the Point of View TAB-P1006W-232-3G
tablet.

5 years agoMerge pull request #11223 from poettering/read-line-0x00-0xff
Lennart Poettering [Thu, 20 Dec 2018 13:53:23 +0000 (14:53 +0100)] 
Merge pull request #11223 from poettering/read-line-0x00-0xff

fileio: fix read_one_line() when reading bytes > 0x7F

5 years agohwdb: Add support for HP ProBook 645 wifi and slash key (#11207)
Jeremy Su [Thu, 20 Dec 2018 12:58:02 +0000 (20:58 +0800)] 
hwdb: Add support for HP ProBook 645 wifi and slash key (#11207)

hwdb: Add support for HP ProBook 645 wifi and slash key

5 years agoMerge pull request #11222 from keszybz/tmpfiles-crash
Lennart Poettering [Thu, 20 Dec 2018 12:57:16 +0000 (13:57 +0100)] 
Merge pull request #11222 from keszybz/tmpfiles-crash

tmpfiles: fix crash with NULL in arg_root and other fixes and tests

5 years agodhcp6: don't enforce DUID content for sd_dhcp6_client_set_duid() 11210/head
Thomas Haller [Thu, 20 Dec 2018 10:56:02 +0000 (11:56 +0100)] 
dhcp6: don't enforce DUID content for sd_dhcp6_client_set_duid()

There are various functions to set the DUID of a DHCPv6 client.
However, none of them allows to set arbitrary data. The closest is
sd_dhcp6_client_set_duid(), which would still do validation of the
DUID's content via dhcp_validate_duid_len().

Relax the validation and only log a debug message if the DUID
does not validate.

Note that dhcp_validate_duid_len() already is not very strict. For example
with DUID_TYPE_LLT it only ensures that the length is suitable to contain
hwtype and time. It does not further check that the length of hwaddr is non-zero
or suitable for hwtype. Also, non-well-known DUID types are accepted for
extensibility. Why reject certain DUIDs but allowing clearly wrong formats
otherwise?

The validation and failure should happen earlier, when accepting the
unsuitable DUID. At that point, there is more context of what is wrong,
and a better failure reason (or warning) can be reported to the user. Rejecting
the DUID when setting up the DHCPv6 client seems not optimal, in particular
because the DHCPv6 client does not care about actual content of the
DUID and treats it as opaque blob.

Also, NetworkManager (which uses this code) allows to configure the entire
binary DUID in binary. It intentionally does not validate the binary
content any further. Hence, it needs to be able to set _invalid_ DUIDs,
provided that some basic constraints are satisfied (like the maximum length).

sd_dhcp6_client_set_duid() has two callers: both set the DUID obtained
from link_get_duid(), which comes from configuration.
`man networkd.conf` says: "The configured DHCP DUID should conform to
the specification in RFC 3315, RFC 6355.". It does not not state that
it MUST conform.

Note that dhcp_validate_duid_len() has another caller: DHCPv4's
dhcp_client_set_iaid_duid_internal(). In this case, continue with
strict validation, as the callers are more controlled. Also, there is
already sd_dhcp_client_set_client_id() which can be used to bypass
this check and set arbitrary client identifiers.

5 years agodhcp: don't enforce hardware address length for sd_dhcp_client_set_client_id()
Thomas Haller [Wed, 19 Dec 2018 09:05:37 +0000 (10:05 +0100)] 
dhcp: don't enforce hardware address length for sd_dhcp_client_set_client_id()

sd_dhcp_client_set_client_id() is the only API for setting a raw client-id.
All other setters are more restricted and only allow to set a type 255 DUID.

Also, dhcp4_set_client_identifier() is the only caller, which already
does:

                r = sd_dhcp_client_set_client_id(link->dhcp_client,
                                                 ARPHRD_ETHER,
                                                 (const uint8_t *) &link->mac,
                                                 sizeof(link->mac));

and hence ensures that the data length is indeed ETH_ALEN.

Drop additional input validation from sd_dhcp_client_set_client_id(). The client-id
is an opaque blob, and if a caller wishes to set type 1 (ethernet) or type 32
(infiniband) with unexpected address length, it should be allowed. The actual
client-id is not relevant to the DHCP client, and it's the responsibility of the
caller to generate a suitable client-id.

For example, in NetworkManager you can configure all the bytes of the
client-id, including such _invalid_ settings. I think it makes sense,
to allow the user to fully configure the identifier. Even if such configuration
would be rejected, it would be the responsibility of the higher layers (including
a sensible error message to the user) and not fail later during
sd_dhcp_client_set_client_id().

Still log a debug message if the length is unexpected.

5 years agodhcp: fix sd_dhcp_client_set_client_id() for infiniband addresses
Thomas Haller [Thu, 20 Dec 2018 12:05:13 +0000 (13:05 +0100)] 
dhcp: fix sd_dhcp_client_set_client_id() for infiniband addresses

Infiniband addresses are 20 bytes (INFINIBAND_ALEN), but only the last
8 bytes are suitable for putting into the client-id.

This bug had no effect for networkd, because sd_dhcp_client_set_client_id()
has only one caller which always uses ARPHRD_ETHER type.

I was unable to find good references for why this is correct ([1]). Fedora/RHEL
has patches for ISC dhclient that also only use the last 8 bytes ([2], [3]).
RFC 4390 (Dynamic Host Configuration Protocol (DHCP) over InfiniBand) [4] does
not discuss the content of the client-id either.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1658057#c29
[2] https://bugzilla.redhat.com/show_bug.cgi?id=660681
[3] https://src.fedoraproject.org/rpms/dhcp/blob/3ccf3c8d815df4b8e11e1a04850975f099273d5d/f/dhcp-lpf-ib.patch
[4] https://tools.ietf.org/html/rfc4390

5 years agotest-fileio: add explicit check for safe_fgetc() with 0xFF 11223/head
Lennart Poettering [Thu, 20 Dec 2018 10:21:36 +0000 (11:21 +0100)] 
test-fileio: add explicit check for safe_fgetc() with 0xFF

5 years agofileio: fix read_one_line() when reading bytes > 0x7F
Lennart Poettering [Thu, 20 Dec 2018 09:21:16 +0000 (10:21 +0100)] 
fileio: fix read_one_line() when reading bytes > 0x7F

Fixes: #11218
5 years agoMerge pull request #10912 from poettering/gpt-root-rw
Zbigniew Jędrzejewski-Szmek [Thu, 20 Dec 2018 10:37:41 +0000 (11:37 +0100)] 
Merge pull request #10912 from poettering/gpt-root-rw

make sure to propagate GPT root partition r/w flag into mount r/w flag

5 years agotmpfiles: fix crash with NULL in arg_root and other fixes and tests 11222/head
Zbigniew Jędrzejewski-Szmek [Wed, 19 Dec 2018 22:05:48 +0000 (23:05 +0100)] 
tmpfiles: fix crash with NULL in arg_root and other fixes and tests

The function to replacement paths into the configuration file list was borked.
Apart from the crash with empty root prefix, it would incorrectly handle the
case where root *was* set, and the replacement file was supposed to override
an existing file.

prefix_root is used instead of path_join because prefix_root removes duplicate
slashes (when --root=dir/ is used).

A test is added.

Fixes #11124.

5 years agoMerge pull request #11215 from poettering/gpt-auto-no-udev
Zbigniew Jędrzejewski-Szmek [Thu, 20 Dec 2018 08:29:52 +0000 (09:29 +0100)] 
Merge pull request #11215 from poettering/gpt-auto-no-udev

gpt-auto-generator: don't wait for udev

5 years agodissect: add some assert()s 11215/head
Lennart Poettering [Wed, 19 Dec 2018 17:16:41 +0000 (18:16 +0100)] 
dissect: add some assert()s

5 years agogpt-auto-generator: don't wait for udev
Lennart Poettering [Wed, 19 Dec 2018 16:17:35 +0000 (17:17 +0100)] 
gpt-auto-generator: don't wait for udev

Generators run in a context where waiting for udev is not an option,
simply because it's not running there yet. Hence, let's not wait for it
in this case.

This is generally OK to do as we are operating on the root disk only
here, which should have been probed already by the time we come this
far.

An alternative fix might be to remove the udev dependency from image
dissection again in the long run (and thus replace reliance on
/dev/block/x:y somehow with something else).

Fixes: #11205
5 years agoMerge pull request #11212 from keszybz/mount-storm-revert 11220/head
Chris Down [Wed, 19 Dec 2018 12:11:15 +0000 (12:11 +0000)] 
Merge pull request #11212 from keszybz/mount-storm-revert

Revert the patches for mount-storm prevention for now

5 years agoRevert "core/mount: minimize impact on mount storm." 11212/head
Zbigniew Jędrzejewski-Szmek [Wed, 19 Dec 2018 10:32:26 +0000 (11:32 +0100)] 
Revert "core/mount: minimize impact on mount storm."

This reverts commit 89f9752ea08f516b5d77f8e577bb772073c70c01.

This patch causes various problems during boot, where a "mount storm" occurs
naturally. Current approach is flakey, and it seems very risky to push a
feature like this which impacts boot right before a release. So let's revert
for now, and consider a more robust solution after later.

Fixes #11209.

> https://github.com/systemd/systemd/pull/11196#issuecomment-448523186:
"Reverting 89f9752ea08f516b5d77f8e577bb772073c70c01 and fcfb1f775ed0e9d282607bb118ba788b98952855 fixes this test."

5 years agoRevert "mount: disable mount-storm protection while mount unit is starting."
Zbigniew Jędrzejewski-Szmek [Wed, 19 Dec 2018 10:32:17 +0000 (11:32 +0100)] 
Revert "mount: disable mount-storm protection while mount unit is starting."

This reverts commit fcfb1f775ed0e9d282607bb118ba788b98952855.

5 years agomount: disable mount-storm protection while mount unit is starting.
NeilBrown [Sun, 16 Dec 2018 22:32:58 +0000 (09:32 +1100)] 
mount: disable mount-storm protection while mount unit is starting.

The starting of mount units requires that changes to
/proc/self/mountinfo be processed before the SIGCHILD from the
completion of /sbin/mount is processed, as described by the comment
  /* Note that due to the io event priority logic, we can be sure the new mountinfo is loaded
   * before we process the SIGCHLD for the mount command. */

The recently-added mount-storm protection can defeat this as it
will sometimes deliberately delay processing of /proc/self/mountinfo.

So we need to disable mount-storm protection when a mount unit is starting.
We do this by keeping a counter of the number of pending
mounts, and disabling the protection when this is non-zero.

Thanks to @asavah for finding and reporting this problem.

5 years agoMerge pull request #11201 from keszybz/more-news
Lennart Poettering [Tue, 18 Dec 2018 19:50:16 +0000 (20:50 +0100)] 
Merge pull request #11201 from keszybz/more-news

Some git history rewriting and more news

5 years agoMerge pull request #11182 from poettering/fileio-more-paranoia
Lennart Poettering [Tue, 18 Dec 2018 19:49:19 +0000 (20:49 +0100)] 
Merge pull request #11182 from poettering/fileio-more-paranoia

More safety checks for fileio.c

5 years agoMerge pull request #11203 from keszybz/json-no-slash-escaping
Chris Down [Tue, 18 Dec 2018 16:08:27 +0000 (16:08 +0000)] 
Merge pull request #11203 from keszybz/json-no-slash-escaping

json: do not unescape slashes

5 years agojson: do not unescape slashes 11203/head
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 14:16:26 +0000 (15:16 +0100)] 
json: do not unescape slashes

Apparently this originated in PHP, so the json output could be directly
embedded in HTML script tags.
See https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped.

Since the output of our tools is not intended directly for web page generation,
let's not do this unescaping. If needed, the consumer can always do escaping as
appropriate for the target format.

5 years agotest-fileio: test safe_fgetc directly 11182/head
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 12:27:59 +0000 (13:27 +0100)] 
test-fileio: test safe_fgetc directly

Non-ascii chars are used so that we get both "positive" and "negative"
characters (on the arches where char is signed).

5 years agoupdate TODO
Lennart Poettering [Mon, 17 Dec 2018 10:53:21 +0000 (11:53 +0100)] 
update TODO

5 years agoprocess-util: rework getenv_for_pid() to use read_nul_string()
Lennart Poettering [Mon, 17 Dec 2018 11:17:36 +0000 (12:17 +0100)] 
process-util: rework getenv_for_pid() to use read_nul_string()

5 years agotest: add test case for read_nul_string()
Lennart Poettering [Mon, 17 Dec 2018 10:52:51 +0000 (11:52 +0100)] 
test: add test case for read_nul_string()

5 years agofileio: let's minimize 'count' inc/dec calls
Lennart Poettering [Mon, 17 Dec 2018 10:52:05 +0000 (11:52 +0100)] 
fileio: let's minimize 'count' inc/dec calls

instead of increasing it and immediately after decreasing it again,
let's just increase it a bit later.

5 years agofileio: replace read_nul_string() by read_line() with a special flag
Lennart Poettering [Mon, 17 Dec 2018 10:50:33 +0000 (11:50 +0100)] 
fileio: replace read_nul_string() by read_line() with a special flag

read_line() is a lot more careful and optimized than read_nul_string()
but does mostly the same thing. let's replace the latter by the former,
just with a special flag that toggles between the slightly different EOL
rules if both.

5 years agoprocess-util: make get_process_environ() safer
Lennart Poettering [Mon, 17 Dec 2018 10:23:15 +0000 (11:23 +0100)] 
process-util: make get_process_environ() safer

Let's add a size limit, and let's use safe_fgetc().

5 years agotree-wide: port some code over to safe_fgetc()
Lennart Poettering [Mon, 17 Dec 2018 10:22:38 +0000 (11:22 +0100)] 
tree-wide: port some code over to safe_fgetc()

5 years agoNEWS: add a note about symlink following in .wants and .requires 11201/head
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 13:31:24 +0000 (14:31 +0100)] 
NEWS: add a note about symlink following in .wants and .requires

This ain't so easy to express without using too much technical language...

https://github.com/systemd/systemd/pull/10094#issuecomment-427407570

5 years agoNEWS: add note about NNP=yes
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 13:14:44 +0000 (14:14 +0100)] 
NEWS: add note about NNP=yes

5 years agofileio: add new safe_fgetc() helper call
Lennart Poettering [Mon, 17 Dec 2018 10:21:12 +0000 (11:21 +0100)] 
fileio: add new safe_fgetc() helper call

We have very similar code whenever we call fgetc() in place, let's
replae it by a common implementation.

5 years agoMerge pull request #10221 from lucaswerkmeister/bash-completion
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 13:47:12 +0000 (14:47 +0100)] 
Merge pull request #10221 from lucaswerkmeister/bash-completion

Merged locally to resolve a conflict. The redirection of error is required to
suppress "# Not showing unlisted system calls, ...".

5 years agoupdate TODO 10912/head
Lennart Poettering [Fri, 23 Nov 2018 22:06:22 +0000 (23:06 +0100)] 
update TODO

5 years agogpt-auto: propagate gpt partition ro/rw flag into root mount
Lennart Poettering [Fri, 23 Nov 2018 21:16:57 +0000 (22:16 +0100)] 
gpt-auto: propagate gpt partition ro/rw flag into root mount

This ensures that the read/write state of the root mount matches the
read/write flag in the GPT partition table entry.

This is only used as fallback in case no ro/rw flag is specified on the
kernel cmdline, and there's no entry for the root partition in
/etc/fstab.

This is missing functionality of the GPT auto logic, as without this the
root partition was always mounted read-only — when booting with zero
configuration in /etc/fstab and /proc/cmdline —, as we defaulted to
read-only behaviour for all mounts. Moreover we honoured the r/o flag in
the partition table for all other partition types, except for the root
partition.

5 years agogpt-auto: make arg_root_rw a tri-state
Lennart Poettering [Fri, 23 Nov 2018 18:49:13 +0000 (19:49 +0100)] 
gpt-auto: make arg_root_rw a tri-state

No change in behaviour, but let's track whether ro or rw are specified
on the kernel cmdline at all.

5 years agoremount-fs: optionally remount / writable, if we are told through an env var
Lennart Poettering [Fri, 23 Nov 2018 18:47:41 +0000 (19:47 +0100)] 
remount-fs: optionally remount / writable, if we are told through an env var

5 years agoremount-fs: split code for tracking PIDs in hashmap
Lennart Poettering [Fri, 23 Nov 2018 18:41:11 +0000 (19:41 +0100)] 
remount-fs: split code for tracking PIDs in hashmap

Just some refactoring, no change in behaviour.

5 years agoremount-fs: use PATH_IN_SET() at one more place
Lennart Poettering [Fri, 23 Nov 2018 18:40:12 +0000 (19:40 +0100)] 
remount-fs: use PATH_IN_SET() at one more place

5 years agogpt-auto: compare kernel cmdline args with proc_cmdline_key_streq()
Lennart Poettering [Fri, 23 Nov 2018 17:51:30 +0000 (18:51 +0100)] 
gpt-auto: compare kernel cmdline args with proc_cmdline_key_streq()

5 years agoMerge pull request #11197 from keszybz/various-fixups
Lennart Poettering [Tue, 18 Dec 2018 13:35:00 +0000 (14:35 +0100)] 
Merge pull request #11197 from keszybz/various-fixups

Various fixups

5 years agoMerge pull request #11191 from poettering/hashmap-clear
Lennart Poettering [Tue, 18 Dec 2018 13:34:39 +0000 (14:34 +0100)] 
Merge pull request #11191 from poettering/hashmap-clear

rework hashmap_clear()

5 years agounits: set NoNewPrivileges= for all long-running services
Lennart Poettering [Mon, 12 Nov 2018 16:19:48 +0000 (17:19 +0100)] 
units: set NoNewPrivileges= for all long-running services

Previously, setting this option by default was problematic due to
SELinux (as this would also prohibit the transition from PID1's label to
the service's label). However, this restriction has since been lifted,
hence let's start making use of this universally in our services.

On SELinux system this change should be synchronized with a policy
update that ensures that NNP-ful transitions from init_t to service
labels is permitted.

Fixes: #1219
5 years agounits: sort [Service] sections alphabetically
Lennart Poettering [Tue, 18 Dec 2018 13:07:23 +0000 (14:07 +0100)] 
units: sort [Service] sections alphabetically

5 years agoRevert "units: set NoNewPrivileges= for all long-running services"
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 13:02:56 +0000 (14:02 +0100)] 
Revert "units: set NoNewPrivileges= for all long-running services"

This reverts commit 3ca9940cb95cb263c6bfe5cfee72df232fe46a94.

Let's split the commit in two: the sorting and the changes.
Because there's a requirement to update selinux policy, this change is
incompatible, strictly speaking. I expect that distributions might want to
revert this particular change. Let's make it easy.

5 years agoMerge pull request #11200 from poettering/mailmap-updates-240
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 13:00:59 +0000 (14:00 +0100)] 
Merge pull request #11200 from poettering/mailmap-updates-240

updates for .mailmap and NEWS

5 years agoMerge pull request #11194 from poettering/resolved-soa-parent
Lennart Poettering [Tue, 18 Dec 2018 12:07:24 +0000 (13:07 +0100)] 
Merge pull request #11194 from poettering/resolved-soa-parent

be more conservative with set of RRs to authenticate

5 years agoNEWS: add one more item 11200/head
Lennart Poettering [Tue, 18 Dec 2018 12:04:43 +0000 (13:04 +0100)] 
NEWS: add one more item

5 years agoNEWS: update contributors list, taking new .mailmap into account
Lennart Poettering [Tue, 18 Dec 2018 11:56:56 +0000 (12:56 +0100)] 
NEWS: update contributors list, taking new .mailmap into account

5 years agosort .mailmap alphabetically
Lennart Poettering [Tue, 18 Dec 2018 11:55:00 +0000 (12:55 +0100)] 
sort .mailmap alphabetically

5 years agoupdate .mailmap a bit from v240 contributions
Lennart Poettering [Tue, 18 Dec 2018 11:53:58 +0000 (12:53 +0100)] 
update .mailmap a bit from v240 contributions

5 years agotest-mountpoint-util: more debug info 11197/head
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 07:53:48 +0000 (08:53 +0100)] 
test-mountpoint-util: more debug info

5 years agomeson: print EFI CC configuration nicely
Zbigniew Jędrzejewski-Szmek [Mon, 17 Dec 2018 23:02:11 +0000 (00:02 +0100)] 
meson: print EFI CC configuration nicely

In 595343fb4c99c2679d347ef7c19debfbfed6342e it was converted to an array.
This doesn't look good in the output. Let's convert it back to a string.

5 years agomeson: rename two more variables from _c to _sources
Zbigniew Jędrzejewski-Szmek [Mon, 17 Dec 2018 22:39:17 +0000 (23:39 +0100)] 
meson: rename two more variables from _c to _sources

_c is misleading because .h files should be included in those lists too
(this tells meson that the build outputs should be rebuilt if the header
files change).

Follow-up for 1437822638ff9468fa78c7cfe56f8f55f955a61d.

5 years agosystemctl: add comment why whitespace in message is needed
Zbigniew Jędrzejewski-Szmek [Mon, 17 Dec 2018 22:19:06 +0000 (23:19 +0100)] 
systemctl: add comment why whitespace in message is needed

5 years agotest-hashmap: add test to compare hashmap_free performance 11191/head
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 10:35:48 +0000 (11:35 +0100)] 
test-hashmap: add test to compare hashmap_free performance

The point here is to compare speed of hashmap_destroy with free and a different
freeing function, to the implementation details of hashmap_clear can be
evaluated.

Results:
current code:

/* test_hashmap_free (slow, 1048576 entries) */
string_hash_ops test took 2.494499s
custom_free_hash_ops test took 2.640449s

string_hash_ops test took 2.287734s
custom_free_hash_ops test took 2.557632s

string_hash_ops test took 2.299791s
custom_free_hash_ops test took 2.586975s

string_hash_ops test took 2.314099s
custom_free_hash_ops test took 2.589327s

string_hash_ops test took 2.319137s
custom_free_hash_ops test took 2.584038s

code with a patch which restores the "fast path" using:
    for (idx = skip_free_buckets(h, 0); idx != IDX_NIL; idx = skip_free_buckets(h, idx + 1))
in the case where both free_key and free_value are either free or NULL:

/* test_hashmap_free (slow, 1048576 entries) */
string_hash_ops test took 2.347013s
custom_free_hash_ops test took 2.585104s

string_hash_ops test took 2.311583s
custom_free_hash_ops test took 2.578388s

string_hash_ops test took 2.283658s
custom_free_hash_ops test took 2.621675s

string_hash_ops test took 2.334675s
custom_free_hash_ops test took 2.601568s

So the test is noisy, but there clearly is no significant difference with the
"fast path" restored. I'm surprised by this, but it shows that the current
"safe" implementation does not cause a performance loss.

When the code is compiled with optimization, those times are significantly
lower (e.g. 1.1s and 1.4s), but again, there is no difference with the "fast
path" restored.

The difference between string_hash_ops and custom_free_hash_ops is the
additional cost of global modification and the extra function call.

5 years agotest-hashmap: use the usual function headers and print timing stats
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 10:33:52 +0000 (11:33 +0100)] 
test-hashmap: use the usual function headers and print timing stats

This makes it slightly easier to watch for performance changes.

5 years agohashmap: use ternary op to shorten code
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 08:50:01 +0000 (09:50 +0100)] 
hashmap: use ternary op to shorten code

5 years agolldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors
Filipe Brandenburger [Thu, 6 Dec 2018 07:58:58 +0000 (23:58 -0800)] 
lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors

In particular, check that the order of the results is consistent.

This test coverage will be useful in order to refactor the compare_func
used while sorting the results.

When introduced, this test also uncovered a memory leak in sd_lldp_stop(),
which was then fixed by a separate commit using a specialized function
as destructor of the LLDP Hashmap.

Tested:
  $ ninja -C build/ test
  $ valgrind --leak-check=full build/test-lldp

5 years agosd-lldp: accept if a neighbor is already removed from the hashtable
Lennart Poettering [Mon, 17 Dec 2018 17:43:11 +0000 (18:43 +0100)] 
sd-lldp: accept if a neighbor is already removed from the hashtable

5 years agohashmap: rework hashmap_clear() to be more defensive
Lennart Poettering [Mon, 17 Dec 2018 17:42:09 +0000 (18:42 +0100)] 
hashmap: rework hashmap_clear() to be more defensive

Let's first remove an item from the hashmap and only then destroy it.
This makes sure that destructor functions can mdoify the hashtables in
their own codee and we won't be confused by that.

5 years agoresolved: mention which RRs we query when requesting them to authenticate some other RR 11194/head
Lennart Poettering [Mon, 17 Dec 2018 20:16:48 +0000 (21:16 +0100)] 
resolved: mention which RRs we query when requesting them to authenticate some other RR

5 years agoresolved: only attempt non-answer SOA RRs if they are parents of our query
Lennart Poettering [Mon, 17 Dec 2018 20:14:17 +0000 (21:14 +0100)] 
resolved: only attempt non-answer SOA RRs if they are parents of our query

There's no value in authenticating SOA RRs that are neither answer to
our question nor parent of our question (the latter being relevant so
that we have a TTL from the SOA field for negative caching of the actual
query).

By being to eager here, and trying to authenticate too much we run the
risk of creating cyclic deps between our transactions which then causes
the over-all authentication to fail.

Fixes: #9771
5 years agotimesync: fix serialization of IP address
Lennart Poettering [Mon, 17 Dec 2018 14:30:23 +0000 (15:30 +0100)] 
timesync: fix serialization of IP address

Fixes: #11169
5 years agoNEWS: document the usern/mknod borkage in 4.18 a bit
Lennart Poettering [Mon, 17 Dec 2018 15:46:36 +0000 (16:46 +0100)] 
NEWS: document the usern/mknod borkage in 4.18 a bit

5 years agoNEWS: add missing 'not'
Lennart Poettering [Thu, 13 Dec 2018 15:53:40 +0000 (16:53 +0100)] 
NEWS: add missing 'not'

5 years agodocs: add missing section to ENVIRONMENT.md
Lennart Poettering [Mon, 17 Dec 2018 15:37:18 +0000 (16:37 +0100)] 
docs: add missing section to ENVIRONMENT.md

No, this is not an env var understood by logind. Let's fix the
confusoin.

5 years agoMerge pull request #11144 from keszybz/dissect-image-fix
Lennart Poettering [Mon, 17 Dec 2018 18:36:36 +0000 (19:36 +0100)] 
Merge pull request #11144 from keszybz/dissect-image-fix

Fix for dissect-image use in nspawn

5 years agocore: do cgroup migration first and only then connect to journald
Michal Sekletar [Mon, 17 Dec 2018 14:57:42 +0000 (15:57 +0100)] 
core: do cgroup migration first and only then connect to journald

Fixes #11162

5 years agoMerge pull request #11167 from yuwata/sd-resolve-typesafe
Lennart Poettering [Mon, 17 Dec 2018 18:22:07 +0000 (19:22 +0100)] 
Merge pull request #11167 from yuwata/sd-resolve-typesafe

sd-resolve: introduce typesafe macros

5 years agocore: fix KeyringMode for user services
Alexey Bogdanenko [Sun, 16 Dec 2018 16:04:28 +0000 (19:04 +0300)] 
core: fix KeyringMode for user services

KeyringMode option is useful for user services. Also, documentation for the
option suggests that the option applies to user services. However, setting the
option to any of its allowed values has no effect.

This commit fixes that and removes EXEC_NEW_KEYRING flag. The flag is no longer
necessary: instead of checking if the flag is set we can check if keyring_mode
is not equal to EXEC_KEYRING_INHERIT.

5 years agoMerge pull request #11159 from keszybz/udev-typedef
Lennart Poettering [Mon, 17 Dec 2018 15:19:10 +0000 (16:19 +0100)] 
Merge pull request #11159 from keszybz/udev-typedef

Udev typedef and normal error reporting

5 years agojournald: correctly attribute log messages also with cgroupsv1
Michal Sekletar [Fri, 14 Dec 2018 14:17:27 +0000 (15:17 +0100)] 
journald: correctly attribute log messages also with cgroupsv1

With cgroupsv1 a zombie process is migrated to root cgroup in all
hierarchies. This was changed for unified hierarchy and /proc/PID/cgroup
reports cgroup to which process belonged before it exited.

Be more suspicious about cgroup path reported by the kernel and use
unit_id provided by the log client if the kernel reports that process is
running in the root cgroup.

Users tend to care the most about 'log->unit_id' mapping so systemctl
status can correctly report last log lines. Also we wouldn't be able to
infer anything useful from "/" path anyway.

See: https://github.com/torvalds/linux/commit/2e91fa7f6d451e3ea9fec999065d2fd199691f9d