Nick Owens [Fri, 1 May 2015 18:48:08 +0000 (11:48 -0700)]
networkd: create "kernel" setting for IPForwarding
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
Daniel Mack [Wed, 10 Jun 2015 18:42:56 +0000 (20:42 +0200)]
build-sys: make man/systemd.directives.xml depend on man/custom-entities.ent
Currently, the following command sequence fails:
make distclean
./autogen.sh c
make distcheck
That's because the command invoked to build man/systemd.directives.xml needs
man/custom-entities.ent to function, which itself isn't a dependency.
The $(filter-out $<,$^) logic used to filter out everything from the
prerequisites except for the first word, which doesn't work anymore
now. Use $(SOURCE_XML_FILES) instead.
David Herrmann [Wed, 10 Jun 2015 17:34:05 +0000 (19:34 +0200)]
bus: fix pattern matching
DBus-spec defines two different pattern matchings:
1) Path and namespace prefix matching. In this case, A matches B either
if both are equal, or if B is fully included in the namespace of A.
In other words, A has to be a prefix of B, but end with a separator
character (or the following character in B must be one).
This is used for path_namespace= and arg0namespace=
2) The other pattern matching is used for arg0path= which does a two-way
matching. That is, A must be a prefix of B, or B a prefix of A.
Furthermore, the prefix must end with a separator.
Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_'
prefixes don't make any sense now, but.. eh..
David Herrmann [Wed, 10 Jun 2015 16:47:31 +0000 (18:47 +0200)]
bus: fix test-bus-kerne-bloom.c to match properly
Make sure we actually verify our match-rules are executed properly. Right
now all we test is the bloom-matches, which are non-reliable as they leave
through false-positives.
David Herrmann [Wed, 10 Jun 2015 18:04:53 +0000 (20:04 +0200)]
bus: fix arg0path= two-way matching
DBus spec clearly defines arg0path= to be a two-way matching. That is,
either the matcher or the matchee can be a prefix of the other to match.
This is not possible to implement with bloom-filters. Instead, we'd have
to add a separate filter for each prefix. This is non-trivial, though.
Hence, just skip the match for now and match locally.
David Herrmann [Wed, 10 Jun 2015 16:26:16 +0000 (18:26 +0200)]
bus: fix bloom_add_prefixes() to add all required data
Lets look at an example where we add arg0="/foo/bar/waldo" to a
bloom-filter. The following strings are added:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo"
Two problems arise:
1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly
states that equal strings are also considered prefixes. However, in the
bloom-match, we can only provide a single match-filter. Therefore, we have
to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in
the bloom-mask of the message.
Hence, this patch makes sure bloom_add_prefixes() adds the full path as
prefix, too.
2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path
does prefix-matching with the trailing slash _included_, unlike
path_namespace= matches, which does *not* include them. This is
inconsistent, but we have to support the specs. Therefore, we must add
prefixes with _and_ without trailing separators.
Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with
the trailing slash included.
The final set of strings added therefore is:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo/"
"arg0-slash-prefix:/foo"
"arg0-slash-prefix:/"
Nick Owens [Tue, 2 Jun 2015 23:30:42 +0000 (16:30 -0700)]
libsystemd-network: use domain validation instead of hostname validation for dhcp domain option
previously hostname_is_valid was used to validate domain names, which
would silently drop perfectly valid dns names that were longer than a
single dns label.
Daniel Mack [Wed, 10 Jun 2015 08:54:59 +0000 (10:54 +0200)]
build-sys: turn some warnings into errors
Make the build sys error out on missing function prototypes, missing
variable declarations, implicit function declarations or forgotten return
statements.
None of these conditions are acceptable, and by making them hard errors, the
build bots can detect them earlier.
Martin Pitt [Tue, 9 Jun 2015 14:16:56 +0000 (16:16 +0200)]
path-util: Fix path_is_mount_point for parent mount points in symlink mode
When we have a structure like this:
/bin -> /usr/bin
/usr is a mount point
Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair
/usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different
mount IDs. But we only want to consider the base name, not any parent.
Thus we have to resolve the given path first to get the real parent when
allowing symlinks.
Martin Pitt [Tue, 9 Jun 2015 12:01:06 +0000 (14:01 +0200)]
build-sys: always dist *.policy.in files
Unconditionally dist org.freedesktop.{import1,machine1}.policy.in, like all the
other *.policy.in files. This avoids missing policy files in the tarball.
Spotted by "make distcheck" failure with --disable-importd.
Harald Hoyer [Mon, 1 Jun 2015 15:26:27 +0000 (17:26 +0200)]
cryptsetup: craft a unique ID with the source device
If cryptsetup is called with a source device as argv[3], then craft the
ID for the password agent with a unique device path.
If possible "/dev/block/<maj>:<min>" is used, otherwise the original
argv[3] is used.
This enables password agents like petera [1] to provide a password
according to the source device. The original ID did not carry enough
information and was more targeted for a human readable string, which
is specified in the "Message" field anyway.
With this patch the ID of the ask.XXX ini file looks like this:
ID=cryptsetup:/dev/block/<maj>:<min>
Tom Gundersen [Mon, 8 Jun 2015 20:30:59 +0000 (22:30 +0200)]
man: systemd.link - explain random MAC addresses
Two of the bits in the MAC address are set unconditioanlly, and the rest is randomized,
make this clear in the documentation (as it currently read as if it was all random).
Daniel Mack [Mon, 8 Jun 2015 16:52:25 +0000 (18:52 +0200)]
kmod-setup: split warn flags
Traditionally, we used to warn about ipv6 being a module or being
unavailable. This was changed in b4aa82f16 ("kmod-setup: don't warn
when ipv6 can't be loaded") in a way that neither of the two conditions
will cause a log message.
Now, while running a setup without any IPv6 is completely fine and
shouldn't cause any warning, we should still warn about ipv6 being a
module instead of built-in.
To achieve this, split the boolean warn flag into two: one for a
feature not being built-in but shipped as a module, and one to
print an error when a module is entirely unavailable.
We will, however, still warn if kmod returns anything else than
-ENOENT in the attempt of loading the module, and at the very least,
turn the message into a debug log.
Daniel Mack [Fri, 5 Jun 2015 12:11:26 +0000 (14:11 +0200)]
Add README.md
A README.md allows us to include a badge for the current build status of
Semaphore CI. Keep other information in this file minimal, and avoid
information duplication but point readers to the official README.
David Herrmann [Fri, 5 Jun 2015 13:23:03 +0000 (15:23 +0200)]
bus: don't force send-masks on kdbus buses
Right now we always pass KDBUS_ITEM_ATTACH_FLAGS_RECV to
KDBUS_CMD_BUS_MAKE, effectively forcing every bus connection to do the
same during KDBUS_CMD_HELLO. This used to be a workaround to make sure all
metadata is always present. However, we refrained from that approach and
intend to make all metadata collection solely rely on /proc access
restrictions. Therefore, there is no need to force the send-flags mask on
newly created buses.
Philip Withnall [Fri, 29 May 2015 09:49:21 +0000 (10:49 +0100)]
logind: Fix user_elect_display() to be more stable
The previous implementation of user_elect_display() could easily end up
overwriting the user’s valid graphical session with a new TTY session.
For example, consider the situation where there is one session:
c1, type = SESSION_X11, !stopping, class = SESSION_USER
it is initially elected as the user’s display (i.e. u->display = c1).
If another session is started, on a different VT, the sessions_by_user
list becomes:
c1, type = SESSION_X11, !stopping, class = SESSION_USER
c2, type = SESSION_TTY, !stopping, class = SESSION_USER
In the previous code, graphical = c1 and text = c2, as expected.
However, neither graphical nor text fulfil the conditions for setting
u->display = graphical (because neither is better than u->display), so
the code falls through to check the text variable. The conditions for
this match, as u->display->type != SESSION_TTY (it’s actually
SESSION_X11). Hence u->display is set to c2, which is incorrect, because
session c1 is still valid.
Refactor user_elect_display() to use a more explicit filter and
pre-order comparison over the sessions. This can be demonstrated to be
stable and only ever ‘upgrade’ the session to a more graphical one.
projects / thirdparty / systemd.git / log
