Commit graph

28191 commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 2f1fc899ce
Merge pull request #14589 from keszybz/sysctl-downgrade-messages
sysctl: add glob patterns to set network settings more flexibly
2020-02-04 00:04:28 +01:00
Zbigniew Jędrzejewski-Szmek e0f424790d sysctl: add glob syntax to sysctl.d files
This is intended for net.*.conf.*.foo files. Setting just "default" is not very
useful because any interfaces present before systemd-sysctl is invoked are not
affected. Setting "all" is too harsh, because the kernel takes the stronger of
the device-specific setting and the "all" value, so effectively having a weaker
setting for specific interfaces is not possible. Let's add a way in which can
set "default" first and then all the others without "all".
2020-02-04 00:01:50 +01:00
Yu Watanabe 50152bb1c5 core: call dynamic_user_acquire() only when 'group' is non-null
When unit is reloaded, and the reloaded unit has bad-setting, then
unit_patch_contexts() is not called and exec_context::user and group
may not be configured.

A minimum reproducer for the case is:
- step 1.
$ sudo systemctl edit --full hoge.service
[Service]
oneshot
ExecStart=sleep 1h

- step 2.
$ sudo systemctl start hoge.service

- step 3.
$ sudo systemctl edit --full hoge.service
[Service]
Type=oneshot
ExecStart=@bindir@/sleep 1h
DynamicUser=yes

Then pid1 crashed.

Fixes #14733.
2020-02-03 21:51:07 +09:00
Yu Watanabe 4c1dea42b5 journal: drop unreachable path 2020-02-03 10:00:50 +01:00
Yu Watanabe bf2334c054 udev: add {Receive,Transmit}ChecksumOffload= settings
Closes #14661.
2020-02-03 12:31:31 +09:00
Naïm Favier 53e1ba280f
network: add SuppressPrefixLength option to RoutingPolicyRule (#14736)
Closes #14724.
2020-02-03 08:25:48 +09:00
Lennart Poettering d58f31793a
Merge pull request #14645 from keszybz/sd-bus-message-dump
sd_bus_message_dump
2020-02-02 17:27:50 +01:00
Lennart Poettering ddb10d8ccd
Merge pull request #14699 from yuwata/dhcp6-fix-t1-t2
dhcp6: do not use T1 and T2 longer than one provided by the lease
2020-02-02 17:16:31 +01:00
Yu Watanabe 60d0a5098b util: uid_t, gid_t, and pid_t must be 32bit
We already have assert_cc(sizeof(uid_t) == sizeof(uint32_t)) or friends
at various places.
2020-02-02 17:13:08 +01:00
Lennart Poettering a754993d9c
Merge pull request #14719 from yuwata/sd-boot-fix-warnings
sd-boot: fix warnings
2020-02-02 16:57:17 +01:00
David Michael 649916d356 sysusers: support creating users with a specific primary group
This extends the "uid:gid" syntax for "u" lines so that a group
name can be given instead of a GID.  This requires that the group
is either queued for creation by sysusers, or it is already defined
on the system.

Closes #14340
2020-02-02 16:53:22 +01:00
Yu Watanabe ea471a4695 network: support UID based routing policy
Closes #14666.
2020-02-02 22:43:38 +09:00
Yu Watanabe 03de302a31 util: add parse_uid_range() helper function 2020-02-02 22:43:38 +09:00
Lennart Poettering 5ee69e144e
Merge pull request #14178 from poettering/journal-namespace
journal: add concept of "journal namespaces"
2020-02-01 11:25:48 +01:00
Yu Watanabe 020313b213 test: also check the result of merge_gid_lists()
Fixes CID#1412354.
2020-01-31 23:31:23 +09:00
Yu Watanabe 4af8ab2cab user-util: fix use after free() on error path
Fixes CID#1412356.
2020-01-31 23:23:44 +09:00
Yu Watanabe b44b735a78 userdbd: fix memleak
Fixes CID#1412416.
2020-01-31 23:20:52 +09:00
Lennart Poettering 23d8c56046 journalctl: underline sections in --help 2020-01-31 15:10:40 +01:00
Yu Watanabe 9610210d32 nspawn: voidify umount_verbose()
Fixes CID#1415122.
2020-01-31 23:10:29 +09:00
Yu Watanabe 02cec15629 user-record-util: add missing error check
Fixes CID#1415123.
2020-01-31 23:08:59 +09:00
Yu Watanabe 00c7b071ac homework: fix errno in log_error_errno()
Fixes CID#1415124.
2020-01-31 23:07:15 +09:00
Yu Watanabe 852640f8a2 home: add missing variable initialization
Fixes CID#1415126.
2020-01-31 23:04:43 +09:00
Lennart Poettering dc5437c78b journald: add ability to activate by varlink socket
If we have exit on idle, then operations such as "journalctl
--namespace=foo --rotate" should work even if the journal daemon is
currently not running.

(Note that we don't do activation by varlink for the main instance of
journald, I am not sure the deadlocks it might introduce are worth it)
2020-01-31 15:03:55 +01:00
Lennart Poettering 65c398c031 journald: add exit on idle 2020-01-31 15:03:44 +01:00
Lennart Poettering 6d4d600260 varlink: add ability to register callback for disconnections 2020-01-31 15:03:27 +01:00
Lennart Poettering c4f601f205 varlink: add API for determining number of current connections 2020-01-31 15:03:11 +01:00
Lennart Poettering d98580e438 journald: use structured initialization 2020-01-31 15:03:07 +01:00
Lennart Poettering 2435269171 journald: add logging for one error we lacked logging for 2020-01-31 15:03:04 +01:00
Lennart Poettering d93dda3afe systemctl: show logs for correct namespace of service 2020-01-31 15:02:52 +01:00
Lennart Poettering 21fa231ece journalctl: drop misplaced empty line 2020-01-31 15:02:48 +01:00
Lennart Poettering 6b25db87a1 journalctl: add new --namespace= switch for showing logs for namespace 2020-01-31 15:02:45 +01:00
Lennart Poettering 31e99dd2cc journal: make constant argument actually 'const' 2020-01-31 15:02:41 +01:00
Lennart Poettering 456aa87906 journal: allow opening journal files specific to some namespace 2020-01-31 15:02:29 +01:00
Lennart Poettering 2f5435a147 journal: use structured initialization 2020-01-31 15:02:25 +01:00
Lennart Poettering 33ff74643e journalctl: use an anonymous array when an array is needed
I am pretty sure this makes things more readable, since the expected
argument here is actually an array.
2020-01-31 15:02:22 +01:00
Lennart Poettering 68312977db journal: properly mark two definitions that are deprecated with GCC attributes for that 2020-01-31 15:02:00 +01:00
Lennart Poettering e7238caf0c journalctl: use automatic memory cleanup 2020-01-31 15:01:57 +01:00
Lennart Poettering 0491150b5c journalctl: use log_error_errno() wherever we can 2020-01-31 15:01:53 +01:00
Lennart Poettering a6214d9643 journalctl: move pcre function code down
We usually put the static arguments at the top of each source files, do
so here too, and thus move the first code down.
2020-01-31 15:01:50 +01:00
Lennart Poettering 91dd5f7cbe core: add new LogNamespace= execution setting 2020-01-31 15:01:43 +01:00
Lennart Poettering 839d1b2014 string-util: add brief explanatory comment 2020-01-31 15:01:39 +01:00
Lennart Poettering b1852c48c1 journald: allow running multiple instances of journald
If we do, we operate on a separate set of logs and runtime objects

The namespace is configured via argv[1].

Fixes: #12123

Fixes: #10230 #9519

(These latter two issues ask for slightly different stuff, but the
usecases generally can be solved by running separate instances of
journald now, hence also declaring that as "Fixes:")
2020-01-31 15:01:18 +01:00
Lennart Poettering d6f46470f5 journald: when create journal directories use calculated paths 2020-01-31 15:01:14 +01:00
Lennart Poettering 4f60310373 journald: minor coding style updates 2020-01-31 15:01:09 +01:00
Lennart Poettering 4e00337b16 journald: let's simplify rotating of offline user journals
Let's just use the path that is already stored in JournalStorage,
instead of generating our own. While we are at it, split out the loop
into its own function.
2020-01-31 15:01:05 +01:00
Lennart Poettering 46e2348a58 journald: simplify find_journal() a bit
Let's use the already precalculated persistent storage path instead of
deriving it again from the machine ID.
2020-01-31 15:01:01 +01:00
Lennart Poettering b42b9479a8 journald: hide current storage determination in helper call 2020-01-31 15:00:57 +01:00
Lennart Poettering 74dd8f5759 journald: use structured initialization 2020-01-31 15:00:53 +01:00
Lennart Poettering 8548f4f09b journald: line break overly long function header 2020-01-31 15:00:49 +01:00
Lennart Poettering 7e7ef3bfb2 journald: let's use TAKE_PTR() and TAKE_FD() where appropriate 2020-01-31 15:00:45 +01:00
Lennart Poettering a30e35f85a journald: let's use unlink_and_free() where we can 2020-01-31 15:00:41 +01:00
Lennart Poettering 2066f4fe30 journald: specifying _pure_ on static functions is unnecessary, compiler can figure that out on its own 2020-01-31 15:00:37 +01:00
Lennart Poettering a2735a4549 journald: don't bother with seqnum file if we don't read form /dev/kmsg anyway 2020-01-31 15:00:33 +01:00
Lennart Poettering dbac262578 journald: fix indentation 2020-01-31 15:00:29 +01:00
Lennart Poettering 99d0d05a10 journald: use free_and_replace() where appropriate 2020-01-31 15:00:25 +01:00
Lennart Poettering 659a77bec6 journald: add missing logging for some errors 2020-01-31 15:00:21 +01:00
Lennart Poettering d83f7e4c92 journald: why bitwise XOR when boolean != is easier to read? 2020-01-31 14:59:41 +01:00
Yu Watanabe efda8aebcb sd-boot: fix -Wpointer-sign warning 2020-01-31 19:59:34 +09:00
Yu Watanabe a614aa1985 sd-boot: fix warning about comparison is always true 2020-01-31 19:20:34 +09:00
Yu Watanabe 3ae01632f2 dhcp6: coding style fixes 2020-01-31 14:44:40 +09:00
Yu Watanabe 9de8a4259e dhcp6: do not use T1 and T2 longer than one provided by the lease
Fixes #12623.
2020-01-31 14:44:32 +09:00
Anita Zhang 1b9d61bcee
Merge pull request #14696 from poettering/dissect-tweaks
various tweaks to the image dissection logic
2020-01-30 12:46:03 -08:00
Zbigniew Jędrzejewski-Szmek 2a4be3c52b Various typo fixes and grammar corrections 2020-01-30 13:48:01 +01:00
Zbigniew Jędrzejewski-Szmek 402058dc3a polkit: tweak grammar 2020-01-30 12:34:05 +01:00
Zbigniew Jędrzejewski-Szmek 4119d1e60a
Merge pull request #14096 from poettering/homed
systemd-homed
2020-01-30 12:32:06 +01:00
Zbigniew Jędrzejewski-Szmek f3b136a484 shared/sysctl-util: normalize repeated slashes or dots to a single value
We use those strings as hash keys. While writing "a...b" looks strange,
"a///b" does not look so strange. Both syntaxes would actually result in the
value being correctly written to the file, but they would confuse our
de-deplication over keys. So let's normalize. Output also becomes nicer.

Add test.
2020-01-30 10:48:27 +01:00
Lennart Poettering 8d251485fa core: fsck images specified as RootImage= too before using them 2020-01-29 19:29:59 +01:00
Lennart Poettering 4fcb96ce25 nspawn: fsck all images when mounting things
Also, start logging about mount errors, things are hard to debug
otherwise.
2020-01-29 19:29:55 +01:00
Lennart Poettering e475f72977 dissect: add --fsck= option to systemd-dissect tool
Let's expose this fsck behaviour directly.
2020-01-29 19:29:52 +01:00
Lennart Poettering cf32c48657 dissect: optionally, run fsck before mounting dissected images
Some file systems want us to run fsck before mounting, hence do so,
optionally.
2020-01-29 19:29:44 +01:00
Lennart Poettering 0f7c9a3d81 dissect: complain if partition flags are set that we don't know 2020-01-29 19:29:39 +01:00
Yu Watanabe a44956c94a network: fix implicit type conversion warning by GCC-10
Fixes part of #14691.
2020-01-29 19:24:12 +01:00
Topi Miettinen e21d90606a pam_systemd: resolve the tty of display via /sys instead of /dev
Rely on information provided by /proc/*/stat and /sys/dev/char for resolving
the controlling tty for the display server, instead of trying to access the
tty device in /dev (which may not be accessible for example due to
PrivateDevices=yes).
2020-01-29 16:06:48 +01:00
Lennart Poettering 72d43d09cc id128: change table header from "uuid" to just "id"
The tool deals with any kind of 128bit id, not just uuid, and by default
we display just a series of hex chars, hence let's not claim everything
was a "uuid", but just generically say "id"
2020-01-29 15:32:26 +01:00
Lennart Poettering bcb1eadc0c test: fix rename_noreplace() test
This corrects the fix b81b9d406d, making the test operate like it was
originally.
2020-01-28 22:53:59 +01:00
Lennart Poettering 3c7b4ebf94 test: make sure chase_symlink() returns normalized paths 2020-01-28 22:53:59 +01:00
Lennart Poettering 47d7ab727c fs-util: make sure we output normalized paths in chase_symlinks()
Let's eat up multiple slashes.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1787089
Replaces: #14687
2020-01-28 22:53:59 +01:00
Lennart Poettering 6efb1257d1 test: add test for the non-resolving of chase_symlink() root prefix 2020-01-28 22:53:59 +01:00
Lennart Poettering c2595d3b02 fs-util: when calling chase_symlinks() with root path, leave root part unresolved
Previously there was a weird asymmetry: initially we'd resolve the
specified prefix path when chasing symlinks together with the actual
path we were supposed to cover, except when we hit an absolute symlink
where we'd use the root as it was. Let's unify handling here: the prefix
path is never resolved, and always left as it is.

This in particular fixes issues with symlinks in the prefix path, as
that confused the check that made sure we never left the root directory.

Fixes: #14634
Replaces: #14635
2020-01-28 22:53:59 +01:00
Lennart Poettering ba0fb5acd4 sleep: automatically lock all home directories when suspending 2020-01-28 22:36:56 +01:00
Lennart Poettering 26cf9fb7f8 home: add pam_systemd_home.so PAM hookup
In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:41 +01:00
Lennart Poettering 4aa0a8ac3e home: add homectl client tool 2020-01-28 22:36:30 +01:00
Lennart Poettering 70a5db5822 home: add new systemd-homed service that can manage LUKS homes
Fixes more or less: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:07 +01:00
Franck Bui 1ffadeaae3 udev: assume that the recv buffer size of the netlink socket is already configured when the socket is passed in
This makes ReceiveBuffer= option in systemd-udevd-kernel.socket unit useful.
2020-01-28 22:35:08 +01:00
Lennart Poettering b940fb1f4f
Merge pull request #14594 from keszybz/id128-show-gpt
Print gpt table values in systemd-id128
2020-01-28 17:23:50 +01:00
Zbigniew Jędrzejewski-Szmek ebe2ab60cc
Merge pull request #14611 from yuwata/network-fix-reconfigure
network: fix reconfigure
2020-01-28 16:10:28 +01:00
Zbigniew Jędrzejewski-Szmek d2b45da40a
Merge pull request #14633 from poettering/logind-switch-polkit
add polkit hookup for VT switching in logind
2020-01-28 16:09:09 +01:00
Lennart Poettering 8615bec7a0
Merge pull request #14667 from yuwata/boot-random-seed-mode
boot: parse random-seed-mode
2020-01-28 15:42:10 +01:00
Lennart Poettering 4523f1db0f
Merge pull request #14675 from yuwata/network-dhcp-accept-nul
network: accept NUL character in SendOption=
2020-01-28 15:18:16 +01:00
Lennart Poettering 766840af42
Merge pull request #14673 from keur/protect_clock
Protect clock
2020-01-28 15:11:41 +01:00
sangelovic 58abbbcc6b sd-bus: fix introspection bug in signal parameter names 2020-01-28 11:20:33 +01:00
Yu Watanabe 732e3a6104 network: accept NUL character in SendOption=
Closes #14609.
2020-01-27 19:58:10 +09:00
Yu Watanabe a6a36dea2d test: add tests for UNESCAPE_ACCEPT_NUL 2020-01-27 19:58:06 +09:00
Yu Watanabe 0e72e469f8 escape: introduce UNESCAPE_ACCEPT_NUL flag 2020-01-27 18:04:46 +09:00
Yu Watanabe 46dc83440f escape: make cunescape() and cunescape_length() inline 2020-01-27 17:38:41 +09:00
Susant Sahani 8bdda551da efi: fix build.
```
ninja -C build
ninja: Entering directory `build'
[29/101] Generating systemd_boot.so with a custom command.
FAILED: src/boot/efi/systemd_boot.so
/usr/bin/ld -o src/boot/efi/systemd_boot.so -T /usr/lib64/gnuefi/elf_x64_efi.lds -shared -Bsymbolic -nostdlib -znocombreloc -L /usr/lib64 /usr/lib64/gnuefi/crt0-efi-x64.o src/boot/efi/disk.c.o src/boot/efi/graphics.c.o src/boot/efi/measure.c.o src/boot/efi/pe.c.o src/boot/efi/util.c.o src/boot/efi/boot.c.o src/boot/efi/console.c.o src/boot/efi/crc32.c.o src/boot/efi/random-seed.c.o src/boot/efi/sha256.c.o src/boot/efi/shim.c.o -lefi -lgnuefi /usr/lib/gcc/x86_64-redhat-linux/10/libgcc.a
/usr/bin/ld: src/boot/efi/graphics.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/pe.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/util.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/boot.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/console.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/random-seed.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/shim.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
[31/101] Generating stub.c.o with a custom command.
ninja: build stopped: subcommand failed.
make: *** [Makefile:2: all] Error 1

```
2020-01-27 16:13:28 +09:00
Kevin Kuehler 9f37272a19 analyze: Add ProtectClock= to analyze-security 2020-01-26 12:44:47 -08:00
Kevin Kuehler fc64760dda core: shared: Add ProtectClock= to systemd.exec 2020-01-26 12:23:33 -08:00
Yu Watanabe fe5a698f76 bootspec: parse random-seed-mode line in loader.conf
Fixes #14657.
2020-01-26 13:20:34 +09:00
Yu Watanabe a14c18ba7b sd-boot: fix typo
Fixes #14657.
2020-01-26 13:20:21 +09:00
Zbigniew Jędrzejewski-Szmek 2b4a65b668 sd-bus: export sd_bus_message_dump
Fixes #14640.
2020-01-23 23:38:20 +01:00
Zbigniew Jędrzejewski-Szmek 27cf4c18c7 sd-bus: make dump flags public 2020-01-23 23:38:20 +01:00
Zbigniew Jędrzejewski-Szmek dc972b0740 systemd-id128: add new verb to print GPT partitions UUIDs 2020-01-23 23:32:13 +01:00
Zbigniew Jędrzejewski-Szmek 19ce38ce62 shared/gpt: export gpt_partition_type_uuid_{to,from}_string functions 2020-01-23 22:56:23 +01:00
Zbigniew Jędrzejewski-Szmek 5e176a4dee Merge pull request #14368 from poettering/repart 2020-01-23 19:07:02 +01:00
Anita Zhang 72528419e1
Merge pull request #14618 from poettering/growfs-rootfs
generator: order growfs for the root fs after systemd-remount-fs
2020-01-22 05:32:18 -08:00
Anita Zhang fe888c79f5
Merge pull request #14614 from poettering/import-fixlets
three small importd fixes
2020-01-22 03:48:31 -08:00
Lennart Poettering 4acf0cfd2f logind: check PolicyKit before allowing VT switch
Let's lock this down a bit. Effectively nothing much changes, since the
default PK policy will allow users on the VT to change VT. Only users
with no local VT session won't be able to switch VTs.
2020-01-22 12:34:31 +01:00
Lennart Poettering 269e4d2d6b shared: split out polkit stuff from bus-util.c → bus-polkit.c
It's enough, complex stuff to warrant its own source file.

No other changes, just splitting out.
2020-01-22 12:34:10 +01:00
Yu Watanabe 2c0d7ed393 network: do nothing if link is in pending or linger state on reconfiguring 2020-01-22 16:08:12 +09:00
Yu Watanabe 0ce0e3470e network: synchronously save state file when link is being reconfigured 2020-01-22 16:08:12 +09:00
Yu Watanabe 8ae7b8a1e1 network: set dirty flag when link is being reconfigured 2020-01-22 16:08:12 +09:00
Lennart Poettering dc084399fa loginctl: use /org/freedesktop/login1/session/auto when "lock-session" is called without argument
This way we'll use the "display" session automatically, and that makes
the call work when invoked from user@.service.

Fixes: #13614
2020-01-22 15:36:35 +09:00
Lennart Poettering 44b0d1fd59 core: add implicit ordering dep on blockdev@.target from all mount units
This way we shuld be able to order mounts properly against their backing
services in case complex storage is used (i.e. LUKS), even if the device
path used for mounting the devices is different from the expected device
node of the backing service.

Specifically, if we have a LUKS device /dev/mapper/foo that is mounted
by this name all is trivial as the relationship can be established a
priori easily. But if it is mounted via a /dev/disk/by-uuid/ symlink or
similar we only can relate the device node generated to the one mounted
at the moment the device is actually established. That's because the
UUID of the fs is stored inside the encrypted volume and thus not
knowable until the volume is set up. This patch tries to improve on this
situation: a implicit After=blockdev@.target dependency is generated for
all mounts, based on the data from /proc/self/mountinfo, which should be
the actual device node, with all symlinks resolved. This means that as
soon as the mount is established the ordering via blockdev@.target will
work, and that means during shutdown it is honoured, which is what we
are looking for.

Note that specifying /etc/fstab entries via UUID= for LUKS devices still
sucks and shouldn't be done, because it means we cannot know which LUKS
device to activate to make an fs appear, and that means unless the
volume is set up at boot anyway we can't really handle things
automatically when putting together transactions that need the mount.
2020-01-21 20:23:44 +01:00
Lennart Poettering e3e6f99689 core: downgrade swap → device dep to Requires=
This catches up with 9d06297e26 and adapts
the change made to swap units. We generally don't want to react
a-posteriori to swap devices disappearing, bad things will happen
anyway.
2020-01-21 20:23:40 +01:00
Lennart Poettering 61f9cf4e4c swap: generate automatic dependencies also for /proc/swaps devices
This catches up with the logic we do for mounts: we create deps based on
/proc/swaps now too, with the right flags set.
2020-01-21 20:23:37 +01:00
Lennart Poettering 5de0acf40d core: let's be defensive, /dev/nfs is also a special mount source, filter it out 2020-01-21 20:23:34 +01:00
Lennart Poettering 219f3cd941 core: drop _pure_ from static functions
For static functions the compiler should figure this out on its own.
2020-01-21 20:23:30 +01:00
Lennart Poettering a7e8855879 units: introduce blockdev@.target for properly ordering mounts/swaps against cryptsetup
Let's hook it into both cryptsetup-generator and gpt-auto-generator with
a shared implementation in generator.c

Fixes: #8472
2020-01-21 20:23:13 +01:00
Lennart Poettering 6bbd539e5e cryptsetup-generator: order after cryptsetup-pre.target unconditionally 2020-01-21 20:23:10 +01:00
Lennart Poettering 49685fb314 cryptsetup-generator: break overly long line 2020-01-21 20:23:06 +01:00
Lennart Poettering 33a4c98342 fstab-generator: line break a bit more systematically 2020-01-21 20:23:03 +01:00
Lennart Poettering fbbe240b21
Merge pull request #14605 from aerusso/pulls/x-systemd-wantedby-requiredby
Implemented x-systemd.{required,wanted}-by= options
2020-01-21 19:21:49 +01:00
Yu Watanabe 5029912157 network,udev: use uint64_t for bit rate
Fixes #14620.
2020-01-21 16:51:19 +01:00
Lennart Poettering ce96c9cb1a timesyncd: log louder when we refuse a server due to root distance
This is something people should know about, since it's caused by
misconfiguration.

Fixes: #13912
2020-01-21 15:20:17 +01:00
Lennart Poettering c680e4efa8
Merge pull request #14617 from poettering/no-strv-clear
strv: remove strv_clear() and some other minor fixes
2020-01-21 15:08:38 +01:00
Lennart Poettering e704a09409
Merge pull request #14622 from poettering/uid-ref-fixlets
trivial uid ref counting clean-ups
2020-01-21 15:08:02 +01:00
Lennart Poettering f1f20764f9 resolved: drop DNSSEC root key that is not valid anymore
I guess we can drop this now, the key is no longer valid until
2019-01-11, hence there's no point in still including it in our trust
anchor.
2020-01-21 15:06:53 +01:00
Antonio Russo be02c1cf42 Implemented x-systemd.{required,wanted}-by= options
Teaches systemd-fstab-generator these two unit options,
creating appropriate dependencies on the generated .mount
units.  When used, they override any other automatically
generated dependencies, such as local-fs.target, and are
NOT suppressed by noauto.  The new options are ignored for
/, in the same way that noauto is ignored.

Fixes: #14380
Signed-off-by: Antonio Russo <antonio.e.russo@gmail.com>
2020-01-21 06:54:34 -07:00
Lennart Poettering e0567bc8ad journal: don't use startswith() on something that is not a NUL-terminated string
Otherwise we might access memory coming after it that is not valid or
allocated.

Fixes: #14114
2020-01-21 14:32:15 +01:00
Yu Watanabe 680120bb20 virt: do not define vm_from_string() for non-x86 architecture
Fixes #14615.
2020-01-21 13:47:08 +01:00
Lennart Poettering b90cf10245 core: make a number of functions not used externally static 2020-01-21 11:51:45 +01:00
Lennart Poettering 96462ae998 core: show the UID we cannot parse 2020-01-21 11:51:26 +01:00
Lennart Poettering 898820edb5 json: lower maximum allowed recursion to 2K
Apparently 4K is too high still, let's halve it.

Fixes: #14396
2020-01-21 10:50:09 +01:00
Lennart Poettering 18e6e8635f generator: order growfs for the root fs after systemd-remount-fs
Fixes: #14603
2020-01-21 10:40:18 +01:00
Lennart Poettering d6bd2bb444 hwdb: fix error numbers passed to log_syntax() 2020-01-21 10:15:26 +01:00
Lennart Poettering 2aecc66887 hwdb: use strv_extend() where we can 2020-01-21 10:13:07 +01:00
Lennart Poettering 2e5180d38b strv: get rid of strv_clear()
Let's remove a function of questionnable utility.

strv_clear() frees the items of a string array, but not the array
itself. i.e. it half-drestructs a string array and makes it empty. This
is not too useful an operation since we almost never need to just do
that, we also want to free the whole thing. In fact, strv_clear() is
only used in one of our .c file, and there it appears like unnecessary
optimization, given that for each array with n elements it leaves the
number of free()s we need to at O(n) which is not really an optimization
at all (it goes from n+1 to n, that's all).

Prompted by the discussions on #14605
2020-01-21 10:07:34 +01:00
Lennart Poettering f85df81817 import: let's disable UNIX signal generation from curl 2020-01-20 22:09:38 +01:00
Lennart Poettering d076f9fd56 import: put a time-out on downloads
Let's abort downloads when they are stuck by setting a download speed
threshold (as suggested in the CURL docs)

Fixes: #14215
2020-01-20 22:07:02 +01:00
Lennart Poettering 137c6c6b36 import: don't complain if FS_NOCOW_FL is not available
Let's downgrade the log message to LOG_DEBUG if triggered by an fs that
doesn't support the flag.
2020-01-20 21:10:31 +01:00
Lennart Poettering e594a3b154 repart: add new systemd-repart tool
Fixes: #14052
2020-01-20 17:42:03 +01:00
Lennart Poettering b57ebc6004 conf-parser: add parser for 32bit signed integers 2020-01-20 17:42:03 +01:00
Lennart Poettering 7e70f2cb0e locale-util: add special glyph Σ 2020-01-20 17:42:03 +01:00
Lennart Poettering 1d2a1a0cb8 locale-util: add block drawing special glyphs 2020-01-20 17:42:03 +01:00
Lennart Poettering 137688dff4 format-table: add support for formatting uuids/id128 values 2020-01-20 17:42:03 +01:00
Lennart Poettering 1293a168f1 id128: move make_v4_uuid into id128-util.h to make it generally useful 2020-01-20 17:42:03 +01:00
Lennart Poettering 449d530700 makefs: simplify SPDX header 2020-01-20 17:42:03 +01:00
Lennart Poettering e56a8790a0 test: add test for https://github.com/systemd/systemd/issues/14560 2020-01-20 17:19:51 +01:00
Lennart Poettering 3b7f79dc9f core: make sure StandardInput=file: doesn't get dup'ed to stdout/stderr by default
Fixes: #14560
2020-01-20 17:19:42 +01:00
Daan De Meyer 5cbaf95ee3 wait-online: Support waiting for interfaces to disappear 2020-01-18 18:17:25 +01:00
Daan De Meyer 75cd4a5d92 wait-online: Add maximum operational state option 2020-01-18 18:17:22 +01:00
Sascha Dewald fc57f105d9 pkgconf: add full generator paths 2020-01-18 17:48:28 +01:00
Lennart Poettering 7e284b054e tree-wide: we forgot to destroy some bus errors 2020-01-18 17:47:20 +01:00
Zbigniew Jędrzejewski-Szmek 8a9125cbb3
Merge pull request #14596 from poettering/no-mask-perpetual
core: don't allow perpetual units to be masked
2020-01-18 10:17:10 +01:00
Wieland Hoffmann 287cf2d802 typo: "May modify to" -> "May modify" 2020-01-18 10:08:27 +01:00
Lennart Poettering 0879fbd6fe mount: make checks on perpetual mount units more lax
We don#t really care where perpetual mounts are mounted from, since they
have to exist since before we run anyway.
2020-01-17 15:09:18 +01:00
Lennart Poettering 88414eed6f core: never allow perpetual units to be masked
Fixes: #14550
2020-01-17 15:02:15 +01:00
Zbigniew Jędrzejewski-Szmek 4ca739e20a core: reduce indentation a bit 2020-01-17 08:13:09 +01:00
Zbigniew Jędrzejewski-Szmek b0a94df963 logind: use loop instead of repeated code
https://github.com/systemd/systemd/pull/14096#discussion_r350953689
2020-01-17 08:13:09 +01:00
Zbigniew Jędrzejewski-Szmek ddee3ada46 shared/user-record-nss: use macro to avoid repeats
It's easier to read when each field is intialized in exactly one place.
2020-01-17 08:13:09 +01:00
Zbigniew Jędrzejewski-Szmek 192aee3cae shared/user-record-nss: shorten code a bit
free_and_strdup() already does comparison internally.
2020-01-16 21:57:00 +01:00
Arian van Putten c7d26acce6 Disable reading SystemdOptions EFI Var when in SecureBoot mode
In SecureBoot mode this is probably not what you want. As your cmdline
is cryptographically signed like when using Type #2 EFI Unified Kernel
Images (https://systemd.io/BOOT_LOADER_SPECIFICATION/) The user's
intention is then that the cmdline should not be modified.  You want to
make sure that the system starts up as exactly specified in the signed
artifact.
2020-01-16 18:46:56 +01:00
Zbigniew Jędrzejewski-Szmek c16460cf78 shared/sysctl-util: add missing header
one_zero() is used later in the header...
2020-01-16 15:51:44 +01:00
Zbigniew Jędrzejewski-Szmek 32458cc968 sysctl: downgrade message when we have no permission
We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.

Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.

https://bugzilla.redhat.com/show_bug.cgi?id=1609806
2020-01-16 14:45:50 +01:00
Zbigniew Jędrzejewski-Szmek b2ae4d9eb8 sysctl: move hashmap allocation out of main function
This allocation is a low level detail, and it seems nicer to keep it
out of run().
2020-01-16 14:45:37 +01:00
Zbigniew Jędrzejewski-Szmek 251d3d20c3
Merge pull request #14581 from poettering/setcred-alternative-fix
alternative pam_setcred() fix
2020-01-16 09:53:26 +01:00
Lennart Poettering 4bb68f2fee core: on each iteration processing /proc/self/mountinfo merge all discovery flags for each path
This extends on d253a45e1c, and instead of
merging just a single flag from previous mount entries of
/proc/self/mountinfo for the same path we merge all three.

This shouldn't change behaviour, but I think make things more readable.

Previously we'd set MOUNT_PROC_IS_MOUNTED unconditionally, we still do.

Previously we'd inherit MOUNT_PROC_JUST_MOUNTED from a previous entry on
the same line, we still do.

MOUNT_PROC_JUST_CHANGED should generally stay set too. Why that? If we
have two mount entries on the same mount point we'd first process one
and then the other, and the almost certainly different mount parameters
of the two would mean we'd set MOUNT_PROC_JUST_CHANGED for the second.
And with this we'll definitely do that still.

This also adds a comment explaining the situation a bit, and why we get
into this situation.
2020-01-15 17:42:12 +01:00
Lennart Poettering 46d7c6afbf execute: allow pam_setcred() to fail, ignore errors
Fixes: #14567
Alternative-To: #14569
2020-01-15 17:10:43 +01:00
Lennart Poettering 5b8d1f6b77 execute: add const to array parameters, where possible 2020-01-15 17:10:28 +01:00
Lennart Poettering f9c1f4e193 pam-systemd: apply user record properties to session
This way any component providing us with JSON user record data can use
this for automatic resource management and other session properties.
2020-01-15 15:30:02 +01:00
Lennart Poettering 7bfbf6cc92 pam-systemd: normalize return values of append_session_xyz()
Let's propagate the PAM errors we got.
2020-01-15 15:29:59 +01:00
Lennart Poettering 9ab0d3ebe5 pam-systemd: port over to use a UserRecord structure
Later on this allows us to set various session properties from user
record.
2020-01-15 15:29:55 +01:00
Lennart Poettering 355c9966c2 pam-systemd: share bus connection with pam_systemd_home if we can
Let's use the pam-util.h provided helpers to acquire them.
2020-01-15 15:29:52 +01:00
Lennart Poettering d750dde2a6 pam-systemd: port to pam_bus_log_{create|parse}_error() and pam_log_oom() 2020-01-15 15:29:48 +01:00
Lennart Poettering cef9f2a647 shared: add pam utility helpers 2020-01-15 15:29:31 +01:00
Lennart Poettering d510589fd0 logind: honour per-user stopDelayUSec property 2020-01-15 15:29:27 +01:00
Lennart Poettering 156a363750 logind: honour killProcesses field of user record 2020-01-15 15:29:24 +01:00
Lennart Poettering e8e4b7a0b6 logind: enforce user record resource settings when user logs in 2020-01-15 15:29:21 +01:00
Lennart Poettering 22c902facc logind: port to UserRecord object
This changes the user tracking of logind to use the new-style UserRecord
object.

In a later commit this enables us to do per-user resource management.
2020-01-15 15:29:17 +01:00
Lennart Poettering 1684c56f40 nss: hook up nss-systemd with userdb varlink bits
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.

(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).

Fixes: #12492
2020-01-15 15:29:07 +01:00
Lennart Poettering 19d22d433d core: add user/group resolution varlink interface to PID 1 2020-01-15 15:28:55 +01:00
Lennart Poettering 4bad7eedae core: make return parameter of dynamic_user_lookup_name() optional 2020-01-15 15:28:52 +01:00
Lennart Poettering 1604937f83 userdbd: add userdbctl tool as client for userdbd 2020-01-15 15:28:42 +01:00
Lennart Poettering d093b62c94 userdbd: add new service that can merge userdb queries from multiple clients 2020-01-15 15:28:17 +01:00
Lennart Poettering 295c1a6e45 shared: add helpers for displaying new-style user/group records to users 2020-01-15 15:27:59 +01:00
Lennart Poettering ec8e4a0ef1 shared: add internal API for querying JSON user records via varlink
This new API can be used in place of NSS by our own internal code if
more than the classic UNIX records are needed.
2020-01-15 15:27:41 +01:00
Lennart Poettering 9b2d907877 shared: add helpers for converting NSS passwd/group structures to new JSON objects
These new calls may be used to convert classic UNIX/glibc NSS struct
passwd and struct group records into new-style JSON-based user/group
objects.
2020-01-15 15:27:23 +01:00
Lennart Poettering 71d0b9d422 shared: add generic user/group record structures and JSON parsers 2020-01-15 15:27:04 +01:00
Lennart Poettering 64aa2622a3 libcrypt-util: add superficial validator for UNIX hashed password strings 2020-01-15 15:26:51 +01:00
Lennart Poettering 42f3b2f975 shared: split out crypt() specific helpers into its own .c/.h in src/shared/
This way we can use libxcrypt specific functionality such as
crypt_gensalt() and thus take benefit of the newer algorithms libxcrypt
implements. (Also adds support for a new env var $SYSTEMD_CRYPT_PREFIX
which may be used to select the hash algorithm to use for libxcrypt.)

Also, let's move the weird crypt.h inclusion into libcrypt.h so that
there's a single place for it.
2020-01-15 15:26:27 +01:00
Lennart Poettering 2ee4b118fa nss-util: add macros for generating getpwent()/getgrent() prototypes
We have similar macros already for getpwuid()/getpwnam(), let's add more
of this.
2020-01-15 15:25:32 +01:00
Zbigniew Jędrzejewski-Szmek 98f44b97bb
Merge pull request #14562 from yuwata/table-strv
introduce TABLE_STRV and use it in networkctl and resolvectl
2020-01-15 13:59:11 +01:00
Lennart Poettering eea45a3399
Merge pull request #14424 from poettering/watch-bus-name-rework
pid1: simplify drastically how we watch bus names for service's BusName= setting
2020-01-15 11:46:11 +01:00
Yu Watanabe 222a6aace7
Merge pull request #14547 from keszybz/networkctl-matching
networkctl: return error or warning when interfaces are not matched
2020-01-15 11:56:01 +09:00
Yu Watanabe bbaba5748d test-format-table: add tests for TABLE_STRV 2020-01-15 11:52:40 +09:00
Yu Watanabe 29e15e98c7 resolvectl: use format-table.[ch] 2020-01-15 11:52:40 +09:00
Yu Watanabe 536cdd07b3 networkctl: use TABLE_STRV 2020-01-15 11:52:40 +09:00
Yu Watanabe 4618660d10 format-table: introduce TABLE_STRV 2020-01-15 11:52:40 +09:00
Yu Watanabe 8b75798d12 strv: introduce strv_compare() 2020-01-15 11:52:40 +09:00