| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
|
|
|
|
|
|
|
|
|
|
| |
Ultimately, O_CLOEXEC should be off in fd 0, 1, 2, but when we open
/dev/null here it's unlikely to be < 0, and after dupping the fd to 0,
1, 2 we turn off O_CLOEXEC explicitly anyway.
Unless we know that what we are about to open will return 0, 1 or 2 we
should always set O_CLOEXEC in order to be safe to other threads forking
of subprocesses at the wrong moment.
|
|
|
|
|
|
|
|
| |
Just a minor tweak, making sure we execute as much as we can of the
funciton, but return the first error instead of the last we encounter.
This is usuelly how we do things when we have functions that continue on
the first error, so let's do it like that here too.
|
|
|
|
|
| |
Our own calls return errors in their return values, hence use that
rather than errno when checking errors.
|
| |
|
|
|
|
|
|
|
| |
Most importantly, let's highlight the differences to the rc-local
behaviour in SysV.
Fixes: #7703
|
| |
|
|
|
|
|
| |
Should glibc add this eventually, let's try to be smart where to look
for it.
|
|
|
|
|
| |
Hopefully, should gettid() show up one day in glibc it'll show up where
getpid() is defined too.
|
|
|
|
|
|
|
|
|
|
| |
We of course don't know in which header glibc will export pivot_root()
and if it ever will. But there's a good chance they'll place it where
chroot() is located, given the similarity in the operations, hence let's
try our luck and look for it at the same place.
If we are lucky this means we don't have to patch our code if glibc
decides to expose the call one day.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reworks how we set _GNU_SOURCE when checking for the availability
of functions:
1. We set it for most of the functions we look for. After all we set it
for our entire built anyway, and it's usually how Linux-specific
definitions in glibc are protected these days. Given that we usually
have checks for such modern stuff only anyway, let's just blanket enable
it.
2. Use "args" instead of "prefix" to set the macro. This is what is
suggested in the meson docs, hence let's do it.
|
|
|
|
|
|
|
|
|
| |
Follow-up for bad7a0c81f501fbbcc79af9eaa4b8254441c4a1f of git
repository for glibc.
Recently glibc added `copy_file_range()`, but to use it,
`_GNU_SOURCE` needs to be defined. This adds the flag in
meson.build to detect the function by meson correctly.
|
|
|
|
| |
It just seems strange to have it in a different file if mkdir-label.c exists.
|
| |
|
|
|
|
|
| |
We'd pass pointers to mkdir and mkdir_label to call in various places. mkdir
returns the error in errno while mkdir_label returns the error directly.
|
|
|
|
| |
And use them where they can be applicable.
|
| |
|
|
|
|
|
| |
This works supports to configure L3S mode and flags
such as bridge, private and vepa
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quoting Lennart Poettering in
https://github.com/systemd/systemd/pull/6464#issuecomment-319029293:
> If the kernel allows us to query that data we should also be Ok with passing
> it on to our own caller, regardless if selinux is technically on or off...
The advantage is that this allows gcc to be smarter and reduce linkage:
(before)$ ldd build/libnss_systemd.so.2
linux-vdso.so.1 (0x00007ffeb46ff000)
librt.so.1 => /lib64/librt.so.1 (0x00007f2f60da6000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f2f60ba1000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2f60978000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2f60759000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2f60374000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2f61294000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f2f600f0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f2f5feec000)
(after )$ ldd build/libnss_systemd.so.2
linux-vdso.so.1 (0x00007ffe5f543000)
librt.so.1 => /lib64/librt.so.1 (0x00007f427dcaa000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f427daa5000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f427d886000)
libc.so.6 => /lib64/libc.so.6 (0x00007f427d4a1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f427e196000)
Note that this only works in conjuction with the previous commit: either
of the two commits alone does not have the desired effect on linkage.
Replaces #6464.
|
|
|
|
| |
In preparation for future changes.
|
|
|
|
|
|
|
|
|
| |
same motivation as in #5816:
- distributions have scripts to rewrite shebangs on installation and
they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
there PATH correctly.
|
|
|
|
| |
Also include missing.h in dissect-image.c to pick it up.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Let's correct the error handling (the error is in errno, not r), and
let's add logging like the rest of the function has it.
|
|
|
|
|
|
|
|
| |
Otherwise, setting udev_log=debug in /etc/udev/udev.conf has no effects since
systemd-udevd is built with LOG_REALM=LOG_REALM_UDEV.
However using LOG_REALM_UDEV (for libudev_core) reveals another similar bug for
udevadm which should also define LOG_REALM_UDEV.
|
|
|
|
| |
No functional change.
|
| |
|
|
|
|
|
| |
This message would also be emitted at boot for any user with linger
enabled, so "logged in" is the wrong term to use.
|
|
|
|
| |
Don't bother with removing the directory if we didn't create it.
|
|
|
|
| |
sysvinit_path and sysvrcnd_path have to be set both to activate Sysv compatibility.
|
| |
|
|
|
|
|
|
|
|
| |
(#7645)
This makes things a bit easier to read I think, and also makes sure we
always use the _unlikely_ wrapper around it, which so far we used
sometimes and other times we didn't. Let's clean that up.
|
| |
|
|
|
|
|
|
| |
Followup to previous commit. Suggested by @poettering.
Reindented the `verbs[]` tables to match the apparent previous
whitespace rules (indent to one flag, allow multiple flags to overflow?).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A lot of code references the `running_in_chroot()` function; while
I didn't dig I'm pretty certain this arose to deal with situations
like RPM package builds in `mock` - there we don't want the `%post`s
to `systemctl start` for example.
And actually this exact same use case arises for
[rpm-ostree](https://github.com/projectatomic/rpm-ostree/)
where we implement offline upgrades by default; the `%post`s are
always run in a new chroot using [bwrap](https://github.com/projectatomic/bubblewrap).
And here's the problem: bwrap creates proper mount roots, so it
passes `running_in_chroot()`, and then if a script tries to do
`systemctl start` we get:
`System has not been booted with systemd as init system (PID 1)`
but that's an *error*, unlike the `running_in_chroot()` case where we ignore.
Further complicating things is there are real world RPM packages
like `glusterfs` which end up invoking `systemctl start`.
A while ago, the `SYSTEMD_IGNORE_CHROOT` environment variable was
added for the inverse case of running in a chroot, but still wanting
to use systemd as PID 1 (presumably some broken initramfs setups?).
Let's introduce a `SYSTEMD_OFFLINE` environment variable for cases like
mock/rpm-ostree so we can force on the "ignore everything except preset" logic.
This way we'll still not start services even if mock switches to use nspawn or
bwrap or something else that isn't a chroot.
We also cleanly supercede the `SYSTEMD_IGNORE_CHROOT=1` which is now spelled
`SYSTEMD_OFFLINE=0`. (Suggested by @poettering)
Also I made things slightly nicer here and we now print the ignored operation.
|
|
|
|
|
|
|
|
| |
Let's provide a real reason why /* */ should be used for commenting,
rather than //, beyond mere taste.
(This ultimately simply codifies how I use // vs. /* */ comments, and I
think this is useful as an explanation and reason hence.)
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remount, and subsequent umount, attempts can hang for inaccessible network
based mount points. This can leave a system in a hard hang state that
requires a hard reset in order to recover. This change moves the remount,
and umount attempts into separate child processes. The remount and umount
operations will block for up to 90 seconds (DEFAULT_TIMEOUT_USEC). Should
those waits fail, the parent will issue a SIGKILL to the child and continue
with the shutdown efforts.
In addition, instead of only reporting some additional errors on the final
attempt, failures are reported as they occur.
|
|
|
|
|
|
| |
Let's employ coccinelle to do this for us.
Follow-up for #7625.
|
|
|
|
|
|
| |
These helper calls are potentially called often, and allocate FILE*
objects internally for a very short period of time, let's turn off
locking for them too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
startup/runtime/shutdown (#7214)
With Type=notify services, EXTEND_TIMEOUT_USEC= messages will delay any startup/
runtime/shutdown timeouts.
A service that hasn't timed out, i.e, start time < TimeStartSec,
runtime < RuntimeMaxSec and stop time < TimeoutStopSec, may by sending
EXTEND_TIMEOUT_USEC=, allow the service to continue beyond the limit for
the execution phase (i.e TimeStartSec, RunTimeMaxSec and TimeoutStopSec).
EXTEND_TIMEOUT_USEC= must continue to be sent (in the same way as
WATCHDOG=1) within the time interval specified to continue to reprevent
the timeout from occuring.
Watchdog timeouts are also extended if a EXTEND_TIMEOUT_USEC is greater
than the remaining time on the watchdog counter.
Fixes #5868.
|
|
|
|
|
|
|
| |
block.
Do not replace double dashes in XML comments, that are either the
comment start or end.
|
|
|
|
| |
up before found #else switches.
|