src/resolve/resolved-resolv-conf.c | 49 22 + 27 - 0 !
test/networkd-test.py | 71 71 + 0 - 0 !
2 files changed, 93 insertions(+), 27 deletions(-)

 resolved: fix comments in resolve.conf for search domain overflows
 (#3422)

Write comments about "too many search domains" and "Total length of all search
domains is too long" just once. Also put it on a separate line, as
resolv.conf(5) only specifies comments in a line by themselves.

This is ugly to do if write_resolv_conf_search() gets called once for every
search domain. So change it to receive the complete OrderedSet instead and do
the iteration by itself.

Add test cases to networkd-test.py.

https://launchpad.net/bugs/1588229

src/core/automount.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 automount: handle expire_tokens when the mount unit changes its
 state (#3434)

This basically reverts 7b2fd9d51259f6cf350791434e640ac3519acc6c ("core:
remove duplicate code in automount_update_mount()").

This was not duplicate code. The expire_tokens need to be handled as well:
Send 0 == success for MOUNT_DEAD (umount successful), do nothing for
MOUNT_UNMOUNTING (not yet done) and an error for everything else.

Otherwise the automount logic will assume unmounting is not done and will
not send any new requests for mounting. As a result, the corresponding
mount unit is never mounted.

Without this, automounts with TimeoutIdleSec= are broken. Once the idle
timeout triggered a umount, any access to the corresponding filesystem
hangs forever.

Fixes #3332.

(cherry-picked from commit 0a62f81045dd810c8f1223cccbac4d706ea2cb45)

src/resolve/resolved-dns-transaction.c | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 resolved: when restarting a transaction make sure to not touch it
 anymore (#3553)

dns_transaction_maybe_restart() is supposed to return 1 if the the transaction
has been restarted and 0 otherwise. dns_transaction_process_dnssec() relies on
this behaviour. Before this change in case of restart we'd call
dns_transaction_go() when restarting the lookup, returning its return value
unmodified. This is wrong however, as that function returns 1 if the
transaction is pending, and 0 if it completed immediately, which is a very

units/tmp.mount.m4 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 units: add nosuid and nodev options to tmp.mount (#3575)

This makes privilege escalation attacks harder by putting traps and exploits
into /tmp.

https://bugs.debian.org/826377

src/basic/in-addr-util.c | 85 85 + 0 - 0 !
src/basic/in-addr-util.h | 2 2 + 0 - 0 !
src/resolve/resolved-bus.c | 2 1 + 1 - 0 !
src/resolve/resolved-conf.c | 12 6 + 6 - 0 !
src/resolve/resolved-dns-scope.c | 15 9 + 6 - 0 !
src/resolve/resolved-dns-server.c | 36 31 + 5 - 0 !
src/resolve/resolved-dns-server.h | 7 5 + 2 - 0 !
src/resolve/resolved-link-bus.c | 4 2 + 2 - 0 !
src/resolve/resolved-link.c | 4 2 + 2 - 0 !
src/resolve/resolved-manager.c | 2 1 + 1 - 0 !
src/resolve/resolved-resolv-conf.c | 8 3 + 5 - 0 !
src/test/test-socket-util.c | 51 51 + 0 - 0 !
12 files changed, 198 insertions(+), 30 deletions(-)

 resolved: support ipv6 dns servers on the local link

Make sure we can parse DNS server addresses that use the "zone id" syntax for
local link addresses, i.e. "fe80::c256:27ff:febb:12f%wlp3s0", when reading
/etc/resolv.conf.

Also make sure we spit this out correctly again when writing /etc/resolv.conf
and via the bus.

Fixes: #3359

src/resolve/resolved-link-bus.c | 8 8 + 0 - 0 !
src/resolve/resolved-manager.c | 4 1 + 3 - 0 !
src/resolve/resolved-resolv-conf.c | 17 10 + 7 - 0 !
src/resolve/resolved.c | 7 2 + 5 - 0 !
4 files changed, 21 insertions(+), 15 deletions(-)

 resolved: also rewrite private /etc/resolv.conf when configuration
 is changed via bus calls

This also moves log message generation into manager_write_resolv_conf(), so
that it is shorter to invoke the function, given that we have to invoke it at a
couple of additional places now.

Fixes: #3225

src/network/networkd-network-gperf.gperf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 networkd: fix bad memory access when parsing
 DNSSECNegativeTrustAnchors=

src/resolve/resolved-bus.c | 31 31 + 0 - 0 !
1 file changed, 31 insertions(+)

 resolved: export global ntas on the bus

We export them per-link, hence let's export the global NTAs too.

src/resolve/resolved-link-bus.c | 20 18 + 2 - 0 !
1 file changed, 18 insertions(+), 2 deletions(-)

 resolved: export the effective per-link dnssec setting,
 not the internal one

Internally, we store the per-link DNSSEC setting as -1 (invalid) if there's no
link-specific setting configured, and the global setting should be used. When
exporting this one the bus we really should export the effective DNSSEC
setting however, i.e. return the global one if there's non set per-link.

src/resolve/resolved-manager.c | 17 17 + 0 - 0 !
src/resolve/resolved-manager.h | 1 1 + 0 - 0 !
src/resolve/resolved.c | 2 1 + 1 - 0 !
3 files changed, 19 insertions(+), 1 deletion(-)

 resolved: flush all caches if sigusr2 is received

man/systemd-resolved.service.xml | 22 22 + 0 - 0 !
1 file changed, 22 insertions(+)

 man: document what sigusr1 and sigusr2 do to resolved

man/systemd-resolve.xml | 6 6 + 0 - 0 !
src/resolve/resolve-tool.c | 36 36 + 0 - 0 !
src/resolve/resolved-bus.c | 12 12 + 0 - 0 !
src/resolve/resolved-manager.c | 15 11 + 4 - 0 !
src/resolve/resolved-manager.h | 2 2 + 0 - 0 !
5 files changed, 67 insertions(+), 4 deletions(-)

 resolved: also add a way to flush all caches via the bus

And expose it in "resolve-tool --flush-caches".

man/systemd-resolve.xml | 7 7 + 0 - 0 !
src/resolve/resolve-tool.c | 522 519 + 3 - 0 !
2 files changed, 526 insertions(+), 3 deletions(-)

 resolve: add "systemd-resolve --status" command

The new command shows the per-link and global DNS configuration currently in
effect. This is useful to quickly see the DNS settings resolved acquired from
networkd and that was pushed into it via the bus APIs.

src/resolve/resolved-dns-server.c | 80 38 + 42 - 0 !
src/resolve/resolved-dns-server.h | 3 1 + 2 - 0 !
src/resolve/resolved-dns-transaction.c | 66 53 + 13 - 0 !
src/resolve/resolved-dns-transaction.h | 3 3 + 0 - 0 !
4 files changed, 95 insertions(+), 57 deletions(-)

 resolved: rework servfail handling

There might be two reasons why we get a SERVFAIL response from our selected DNS
server: because this DNS server itself is bad, or because the DNS server
actually serving the zone upstream is bad. So far we immediately downgraded our
server feature level when getting SERVFAIL, under the assumption that the first
case is the only possible case. However, this meant we'd downgrade immediately
even if we encountered the second case described above.

With this commit handling of SERVFAIL is reworked. As soon as we get a SERVFAIL
on a transaction we retry the transaction with a lower feature level, without
changing the feature level tracked for the DNS server itself. If that fails
too, we downgrade further, and so on. If during this downgrading the SERVFAIL
goes away we assume that the DNS server we are talking to is bad, but the zone
is fine and propagate the detected feature level to the information we track
about the DNS server. Should the SERVFAIL not go away this way we let the
transaction fail and accept the SERVFAIL.

src/resolve/resolved-dns-cache.c | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 resolved: when caching replies, check rcode earlier

This way we don't log complaints about packets without SOA in case we are not
caching it anyway because the rcode is not SUCCESS or NXDOMAIN...

src/resolve/resolved-dns-transaction.c | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 resolved: when processing auxiliary dnssec transactions,
 accept those with SERVFAIL

Some upstream DNS servers return SERVFAIL if we ask them for DNSSEC RRs, which
some forwarding DNS servers pass on to us as SERVFAIL (other though as
NOERROR...). This is should not be considered a problem, as long as the domain
in question didn't have DNSSEC enabled. Hence: when making use of auxiliary
transactions accept those that return SERVFAIL.

man/resolved.conf.xml | 17 17 + 0 - 0 !
src/resolve/resolved-dns-transaction.c | 4 4 + 0 - 0 !
src/resolve/resolved-gperf.gperf | 1 1 + 0 - 0 !
src/resolve/resolved-manager.c | 1 1 + 0 - 0 !
src/resolve/resolved-manager.h | 1 1 + 0 - 0 !
src/resolve/resolved.conf.in | 1 1 + 0 - 0 !
6 files changed, 25 insertions(+)

 resolved: add option to disable caching (#3592)

In some cases, caching DNS results locally is not desirable, a it makes DNS
cache poisoning attacks a tad easier and also allows users on the system to
determine whether or not a particular domain got visited by another user. Thus
provide a new "Cache" resolved.conf option to disable it.

src/resolve/dns-type.c | 9 9 + 0 - 0 !
src/resolve/dns-type.h | 1 1 + 0 - 0 !
src/resolve/resolved-bus.c | 2 2 + 0 - 0 !
3 files changed, 12 insertions(+)

 resolved: explicitly refuse zone transfers using the bus api

src/basic/bitmap.c | 17 17 + 0 - 0 !
src/basic/bitmap.h | 5 2 + 3 - 0 !
src/resolve/resolved-bus.c | 4 4 + 0 - 0 !
src/resolve/resolved-dns-cache.c | 18 16 + 2 - 0 !
src/resolve/resolved-dns-cache.h | 2 1 + 1 - 0 !
src/resolve/resolved-dns-query.c | 4 3 + 1 - 0 !
src/resolve/resolved-dns-query.h | 4 4 + 0 - 0 !
src/resolve/resolved-dns-rr.c | 245 245 + 0 - 0 !
src/resolve/resolved-dns-rr.h | 4 4 + 0 - 0 !
src/resolve/resolved-dns-transaction.c | 2 1 + 1 - 0 !
src/resolve/resolved-dns-transaction.h | 2 2 + 0 - 0 !
src/resolve/test-dns-packet.c | 17 17 + 0 - 0 !
12 files changed, 316 insertions(+), 8 deletions(-)

 resolved: when using the resolverecord() bus call,
 adjust TTL for caching time

When we return the full RR wire data, let's make sure the TTL included in it is
adjusted by the time the RR sat in the cache.

As an optimization we do this only for ResolveRecord() and not for
ResolveHostname() and friends, since adjusting the TTL means copying the RR
object, and we don#t want to do that if there's no reason to.
(ResolveHostname() and friends don't return the TTL hence there's no reason to
in that case)

src/resolve/resolved-dns-packet.c | 31 31 + 0 - 0 !
src/resolve/resolved-dns-packet.h | 2 2 + 0 - 0 !
src/resolve/resolved-dns-scope.c | 42 14 + 28 - 0 !
3 files changed, 47 insertions(+), 28 deletions(-)

 resolved: add dns_packet_add_{question,answer}() helper

And make use of it at a couple of places.

src/resolve/resolved-dns-packet.c | 8 5 + 3 - 0 !
src/resolve/resolved-dns-packet.h | 5 3 + 2 - 0 !
src/resolve/resolved-dns-server.c | 2 1 + 1 - 0 !
3 files changed, 9 insertions(+), 6 deletions(-)

 resolved: extend dns_packet_append_opt() so that it can set the
 extended rcode

We don't make use of this yet, but later work will.

Makefile.am | 8 7 + 1 - 0 !
src/resolve/resolv.conf | 11 11 + 0 - 0 !
src/resolve/resolved-conf.c | 4 4 + 0 - 0 !
src/resolve/resolved-dns-packet.c | 44 28 + 16 - 0 !
src/resolve/resolved-dns-packet.h | 31 30 + 1 - 0 !
src/resolve/resolved-dns-query.c | 10 10 + 0 - 0 !
src/resolve/resolved-dns-query.h | 4 4 + 0 - 0 !
src/resolve/resolved-dns-rr.h | 7 7 + 0 - 0 !
src/resolve/resolved-dns-scope.c | 37 24 + 13 - 0 !
src/resolve/resolved-dns-server.c | 14 14 + 0 - 0 !
src/resolve/resolved-dns-server.h | 2 2 + 0 - 0 !
src/resolve/resolved-dns-stream.c | 29 23 + 6 - 0 !
src/resolve/resolved-dns-stream.h | 23 21 + 2 - 0 !
src/resolve/resolved-dns-stub.c | 572 572 + 0 - 0 !
src/resolve/resolved-dns-stub.h | 31 31 + 0 - 0 !
src/resolve/resolved-dns-transaction.c | 13 10 + 3 - 0 !
src/resolve/resolved-link-bus.c | 3 3 + 0 - 0 !
src/resolve/resolved-llmnr.c | 33 14 + 19 - 0 !
src/resolve/resolved-manager.c | 62 52 + 10 - 0 !
src/resolve/resolved-manager.h | 9 8 + 1 - 0 !
src/resolve/resolved-resolv-conf.c | 11 7 + 4 - 0 !
src/resolve/resolved.c | 13 12 + 1 - 0 !
tmpfiles.d/etc.conf.m4 | 2 1 + 1 - 0 !
units/systemd-resolved.service.m4.in | 2 1 + 1 - 0 !
24 files changed, 896 insertions(+), 79 deletions(-)

 resolved: respond to local resolver requests on 127.0.0.53:53

In order to improve compatibility with local clients that speak DNS directly
(and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process
any queries made that way.

Note that resolved does not implement a full DNS server on this port, but
simply enough to allow normal, local clients to resolve RRs through resolved.
Specifically it does not implement queries without the RD bit set (these are
requests where recursive lookups are explicitly disabled), and neither queries
with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with
validation turned off). It also refuses zone transfers and obsolete RR types.
All lookups done this way will be rejected with a clean error code, so that the
client side can repeat the query with a reduced feature set.

The code will set the DNSSEC AD flag however, depending on whether the data
resolved has been validated (or comes from a local, trusted source).

Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary,
but this is only partially useful as DNS packets cannot carry IP scope data
(i.e. the ifindex), and hence link-local addresses returned cannot be used
properly (and given that LLMNR/mDNS are mostly about link-local communication
this is quite a limitation). Also, given that DNS tends to use IDNA for
non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1.

In general this should improve compatibility with clients bypassing NSS but
it is highly recommended for clients to instead use NSS or our native bus API.

This patch also beefs up the DnsStream logic, as it reuses the code for local
TCP listening. DnsStream now provides proper reference counting for its
objects.

In order to avoid feedback loops resolved will no silently ignore 127.0.0.53
specified as DNS server when reading configuration.

resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave
the latter free for local, external DNS servers or forwarders.

This also changes the "etc.conf" tmpfiles snippet to create a symlink from
/etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this
stub the default mode of operation if /etc is not populated.

src/resolve/resolved-manager.c | 12 11 + 1 - 0 !
src/resolve/resolved-manager.h | 2 1 + 1 - 0 !
src/resolve/resolved-resolv-conf.c | 2 1 + 1 - 0 !
3 files changed, 13 insertions(+), 3 deletions(-)

 resolved: make sure that route-only domains are never added to
 /etc/resolv.conf

After all, /etc/resolv.conf doesn't know the concept of "route-only domains",
hence the domains should really not appear there.

src/resolve/resolved-manager.c | 5 5 + 0 - 0 !
test/networkd-test.py | 31 31 + 0 - 0 !
2 files changed, 36 insertions(+)

 resolved: add test for route-only domain filtering (#3609)

With commit 6f7da49d00 route-only domains do not get put into resolv.conf's
"search" list any more. Add a comment about the tri-state, to clarify its
semantics and why we are passing a bool parameter into an int type. Also add a
test case for it.

test/networkd-test.py | 75 32 + 43 - 0 !
1 file changed, 32 insertions(+), 43 deletions(-)

 test: check resolved generated resolv.conf in networkd-test (#3628)

* test: check resolved generated resolv.conf in networkd-test

Directly verify the contents of /run/systemd/resolve/resolv.conf instead of
/etc/resolv.conf. The latter might be a plain file or a symlink to something
else (like Debian's resolvconf output), and in these cases we cannot make
strong assumptions about the contents.

Drop the "/etc/resolv.conf is a symlink" conditions and the "resolv.conf can
have at most three nameservers" alternatives, as we know that resolved always
adds all nameservers.

Explicitly start resolved at the start of a test to ensure that it is running.

* test: get along with existing system search domains in resolv.conf

The previous change has uncovered a bug in the tests: Existing search domains
can exist in resolv.conf which test_search_domains{,_too_long} didn't take into account.

As existing domains take some of the "max 6 domains" and "max 255 chars" limit,
don't expect that the last items from our test data actually appears in the
output, just the first few.

Makefile.am | 16 4 + 12 - 0 !
1 file changed, 4 insertions(+), 12 deletions(-)

 build-sys: do not recompile everything for libsystemd

Makefile.am | 538 327 + 211 - 0 !
src/test/test-path-util.c | 2 1 + 1 - 0 !
2 files changed, 328 insertions(+), 212 deletions(-)

 build-sys: add new libsystemd-shared private library

Link as many binaries as possible with it, to save storage space.

Preserve the static libshared and libbasic for use in libraries, nss
modules and udev.

Libraries need to be static in order to avoid polluting the symbol
namespace.

Udev needs to be static so downstream can avoid strict version dependencies
with the systemd package, and this can complicate upgrade scenarios.

src/machine/machinectl.c | 15 11 + 4 - 0 !
src/shared/bus-unit-util.c | 5 5 + 0 - 0 !
src/systemctl/systemctl.c | 64 37 + 27 - 0 !
3 files changed, 53 insertions(+), 31 deletions(-)

 {machine,system}ctl: always pass &changes and &n_changes (#3350)

We have to pass addresses of changes and n_changes to
bus_deserialize_and_dump_unit_file_changes(). Otherwise we are hit by
missing information (subsequent calls to unit_file_changes_add() to
not add anything).

Also prevent null pointer dereference in
bus_deserialize_and_dump_unit_file_changes() by asserting.

Fixes #3339
(cherry picked from commit acc0269cad31d1aaef2034a055b34c07c88a353d)

src/basic/time-util.c | 21 19 + 2 - 0 !
src/core/locale-setup.c | 22 22 + 0 - 0 !
src/locale/localed.c | 205 106 + 99 - 0 !
src/timedate/timedated.c | 10 10 + 0 - 0 !
4 files changed, 157 insertions(+), 101 deletions(-)

 use debian specific config files

Use /etc/default/locale instead of /etc/locale.conf for locale settings.

Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.

Read/write /etc/timezone if /etc/localtime does not exist.

src/login/logind-core.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 =?utf-8?q?don=e2=80=99t_try_to_start_autovt_units_when_not_runnin?=
 =?utf-8?q?g_with_systemd_as_pid_1?=

Closes: #726466

src/hostname/org.freedesktop.hostname1.service | 2 1 + 1 - 0 !
src/locale/org.freedesktop.locale1.service | 2 1 + 1 - 0 !
src/login/org.freedesktop.login1.service | 2 1 + 1 - 0 !
src/timedate/org.freedesktop.timedate1.service | 2 1 + 1 - 0 !
4 files changed, 4 insertions(+), 4 deletions(-)

 make logind/hostnamed/localed/timedated d-bus activatable

We want to use those services outside of systemd, so we make them
activatable via D-Bus.

src/login/pam_systemd.c | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 start logind on demand via libpam-systemd

Don't make pam_sm_open_session() a NOP if logind is not running. Trying
to access logind via D-Bus will start it on demand.

src/libsystemd/sd-login/sd-login.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 make sd_login_monitor_new() work for logind without systemd

Fix sd_login_monitor_new() to not fail if there is no
/sys/fs/cgroup/systemd/machine; that only exists when running with systemd as
PID 1.

Bug-Ubuntu: https://launchpad.net/bugs/1400203

src/systemctl/systemctl.c | 15 10 + 5 - 0 !
1 file changed, 10 insertions(+), 5 deletions(-)

 add /run/initctl support to sysv compat tools

sysvinit in Debian uses /run/initctl as FIFO to communicate with PID 1.
Make the SysV compat tools in systemd-sysv try both /run/initctl and the
traditional /dev/initctl. This makes them usable when running sysvinit
as PID 1.

Makefile.am | 8 8 + 0 - 0 !
src/insserv-generator/Makefile | 28 28 + 0 - 0 !
src/insserv-generator/insserv-generator.c | 333 333 + 0 - 0 !
3 files changed, 369 insertions(+)

 insserv.conf generator

Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate
systemd unit drop-in files to add corresponding dependencies.

This patch is based on work by Frederic Crozat <fcrozat@suse.com>.
See [0] for the original patch.

It has the following modifications:
- it removes support for boot. and bool.localfs which is a SuSE specific
  extension
- it ensures that targets do not start other targets or services
- maps $x-display-manager to display-manager.service, just like the
  sysv-generator

[0] https://build.opensuse.org/package/view_file/openSUSE:Factory/systemd/insserv-generator.patch

man/systemd.special.xml | 5 5 + 0 - 0 !
src/insserv-generator/insserv-generator.c | 2 1 + 1 - 0 !
src/sysv-generator/sysv-generator.c | 31 27 + 4 - 0 !
test/sysv-generator-test.py | 10 5 + 5 - 0 !
4 files changed, 38 insertions(+), 10 deletions(-)

 add support for rcs.d init scripts to the sysv-generator

As we unconditionally add After=local-fs.target now, this requires some
adjustments to the test suite.

src/udev/udev.conf | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 add note to udev.conf that changes to that file require a rebuild of
 the initramfs

Based on debian/patches/udev_conf_comments from the old udev package.

tmpfiles.d/tmp.conf | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 bring tmpfiles.d/tmp.conf in line with debian defaults

Closes: #675422

src/core/mount-setup.c | 2 2 + 0 - 0 !
tmpfiles.d/legacy.conf | 1 0 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 make /run/lock tmpfs an api fs

The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.

Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.

Closes: #751392

src/udev/udev-event.c | 41 38 + 3 - 0 !
1 file changed, 38 insertions(+), 3 deletions(-)

 revert "udev: network device renaming - immediately give up if the
 target name isn't available"

This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.

We need to keep supporting systems with 75-persistent-net-generator.rules
generated names for a while after switching to net.ifnames. Re-apply this old
hack to make the renaming less likely to fail.

configure.ac | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 use different default paths for various binaries

Since Debian hasn't done the usr-merge (yet), various binaries are still
installed in / and not /usr.
Update the defaults in configure.ac so we don't have to build-depend on
quota, procps, kmod and kexec-tools just to get the correct paths.

Closes: #721347

src/login/systemd-user.m4 | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 adjust systemd-user pam config file for debian

This pam config file is used by libpam-systemd/systemd-logind when
launching systemd user instances.

src/shared/sleep-config.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add support for tuxonice hibernation

systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.

src/core/namespace.c | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

 include additional directories in protectsystem

man/journald.conf.xml | 2 1 + 1 - 0 !
src/journal/journald-server.c | 1 1 + 0 - 0 !
src/journal/journald.conf | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 2 deletions(-)

 re-enable journal forwarding to syslog

Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See

  http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html

for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.

src/journal/journald-audit.c | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 don't enable audit by default

It causes flooding of dmesg and syslog, suppressing actually important
messages.

Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html

Bug-Debian: https://bugs.debian.org/773528

units/systemd-logind.service.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 only start logind if dbus is installed

logind fails to start in environments without dbus, such as LXC containers or
servers. Add a startup condition to avoid the very noisy startup failure.

Part of #772700

src/basic/cgroup-util.c | 2 0 + 2 - 0 !
src/core/cgroup.c | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 3 deletions(-)

 cgroup: don't trim cgroup trees created by someone else

In cases when there is a cgroup tree in a controller hierarchy which was
not created by us, but it looks like it was (i.e. cgroup path is the
same as the one in systemd's named hierarchy) we shouldn't delete it.

Makefile-man.am | 12 12 + 0 - 0 !
Makefile.am | 12 12 + 0 - 0 !
man/systemd-fsckd.service.xml | 162 162 + 0 - 0 !
po/POTFILES.in | 1 1 + 0 - 0 !
src/fsckd/fsckd.c | 685 685 + 0 - 0 !
units/systemd-fsck-root.service.in | 2 2 + 0 - 0 !
units/systemd-fsck@.service.in | 3 2 + 1 - 0 !
units/systemd-fsckd.service.in | 17 17 + 0 - 0 !
units/systemd-fsckd.socket | 15 15 + 0 - 0 !
9 files changed, 908 insertions(+), 1 deletion(-)

 fsckd daemon for inter-fsckd communication

Global logic:
Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
progress report. systemd-fsckd then computes and writes to /dev/console the
number of devices currently being checked and the minimum fsck progress.

Plymouth and user interaction:
Forward the progress to plymouth and support canellation of in progress fsck.
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.

Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
  checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
  displaying the information above. It can be overriden by plymouth themes
  supporting i18n.

Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.

Send a message to signal to user what key we are grabbing for fsck cancel.

Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overriden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.

Misc:
systemd-fsckd stops on idle when no fsck is connected.
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part. Adapt existing fsck man page.

Note that fsckd had lived in the upstream tree for a while, but was removed.
More information at
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
-

src/fstab-generator/fstab-generator.c | 11 8 + 3 - 0 !
units/systemd-fsck-root.service.in | 1 1 + 0 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 skip filesystem check if already done by the initramfs

Newer versions of initramfs-tools already fsck and mount / and /usr in
the initramfs. Skip the filesystem check in this case.

Based on a previous patch by Michael Biebl <biebl@debian.org>.

Closes: #782522
Closes: #810748

src/core/unit.c | 19 1 + 18 - 0 !
1 file changed, 1 insertion(+), 18 deletions(-)

 revert "core: one step back again,
 for nspawn we actually can't wait for cgroups running empty since
 systemd will get exactly zero notifications about it"

This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.

Bug-Debian: https://bugs.debian.org/784720
Bug-Ubuntu: https://launchpad.net/bugs/1448259
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137

src/core/main.c | 11 0 + 11 - 0 !
sysctl.d/50-coredump.conf.in | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 12 deletions(-)

 revert "core: set rlimit_core to unlimited by default"

Partially revert commit 15a900327ab as this completely breaks core dumps
without systemd-coredump. It's also contradicting core(8), and it's not
systemd's place to redefine the kernel definitions of core files.

Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
*file*, but the kernel deliberately ignores it for piping), so set a static
2^63 core size limit for systemd-coredump to go back to the previous behaviour
(otherwise the change above would break systemd-coredump).

Bug-Debian: https://bugs.debian.org/815020

src/network/networkd-link.c | 20 12 + 8 - 0 !
src/network/networkd-ndisc.c | 12 8 + 4 - 0 !
2 files changed, 20 insertions(+), 12 deletions(-)

 revert "revert "networkd: ndisc - revert to letting the kernel
 handle NDisc""

networkd v229 introduces many regressions in IPv6 related RA handling,
reverting this at least fixes:
 * https://bugs.debian.org/814566
   networkd >= 229-1 starts assigning IPv6 addresses/ routes to lower bridge
   members
   which may be https://github.com/systemd/systemd/issues/2572
   [networkd] bridged intefaces still get RA ipv6 addresses #2572
and is quite likely to also fix:
 * https://bugs.debian.org/814667
   systemd-networkd overrides default kernel net.ipv6.conf.interface.accept_ra
 * https://bugs.debian.org/815586
   does its own RA handling and is doing it wrong

This reverts commit fe30727643a7c53faa29f1caa8dcabcb2b6f6fcb.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

man/systemd-system.conf.xml | 6 2 + 4 - 0 !
src/core/main.c | 4 2 + 2 - 0 !
src/core/manager.c | 3 1 + 2 - 0 !
src/core/system.conf | 4 2 + 2 - 0 !
4 files changed, 7 insertions(+), 10 deletions(-)

 revert "core: enable tasksmax= for all services by default,
 and set it to 512"

This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.

Introducing a default limit on number of threads broke a lot of software which
regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
indefinite number of subtasks that are not in a scope, like LXC or cron.

512 is way too much for most "simple" services, and it's way too little for
others such as the ones mentioned above. There is also no particular rationale
about "512", so even if we'd bump it to 1024 we'd just make the limit even less
useful while still breaking software.

It is both much safer and also much more effective in terms of guarding against
berserk programs/bugs/unintended fork bombs etc. to set limits in units
individually. Once someone looks at one, this is then a great time to also flip
on the other resource and privilege limitations that systemd offers.

Bug: https://github.com/systemd/systemd/issues/3211
Bug-Debian: https://bugs.debian.org/823530
Bug-Ubuntu: https://launchpad.net/bugs/1578080

Makefile.am | 33 11 + 22 - 0 !
README | 5 2 + 3 - 0 !
configure.ac | 2 1 + 1 - 0 !
src/core/manager.c | 4 2 + 2 - 0 !
src/core/manager.h | 5 3 + 2 - 0 !
src/core/mount.c | 118 71 + 47 - 0 !
6 files changed, 90 insertions(+), 77 deletions(-)

 revert "mount: use libmount to monitor mountinfo & utab" + adopt for
 jessie

This reverts commit d379d44255469f03994832ab5821bf1b9034f4dc and
further adjusts code for usage with jessie-backports (include
fd-util.h + fs-util.h accordingly).

README | 2 1 + 1 - 0 !
man/systemd.swap.xml | 3 1 + 2 - 0 !
src/core/swap.c | 43 25 + 18 - 0 !
src/fstab-generator/fstab-generator.c | 28 23 + 5 - 0 !
4 files changed, 50 insertions(+), 26 deletions(-)

 revert "swap: use swapon -o"

This reverts commit bf1d7ba70aceddb5dae0cd2e370b8afaf0c81b05.

Conflicts:
	man/systemd.swap.xml

src/basic/fileio.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fileio: fix broken permissions with o_tmpfile

Our test-suite is failing on i386 in jessie, specifically
test-tmpfiles.  It turns out that the files created with
O_TMPFILE have broken permissions and are unreadable. See
https://bugs.debian.org/832521 for further details.

Thanks: Felipe Sateler <fsateler@debian.org> and Michael Biebl <biebl@debian.org>

src/basic/string-util.c | 26 11 + 15 - 0 !
1 file changed, 11 insertions(+), 15 deletions(-)

 string-util: rework memory_erase() to not use gcc optimize attribute
 (#3812)

"#pragma GCC optimize" is merely a convenience to decorate multiple
functions with attribute optimize. And the manual has this to say about
this attribute:

  This attribute should be used for debugging purposes only. It
  is not suitable in production code.

Some versions of GCC also seem to have a problem with this pragma in
combination with LTO, resulting in ICEs.