| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make Type=idle communication bidirectional: when bootup is finished,
the manager, as before, signals idling Type=idle jobs to continue.
However, if the boot takes too long, idling jobs signal the manager
that they have had enough, wait a tiny bit more, and continue, taking
ownership of the console. The manager, when signalled that Type=idle
jobs are done, makes a note and will not write to the console anymore.
This is a cosmetic issue, but quite noticable, so let's just fix it.
Based on Harald Hoyer's patch.
https://bugs.freedesktop.org/show_bug.cgi?id=54247
http://unix.stackexchange.com/questions/51805/systemd-messages-after-starting-login/
|
| | |
|
| |
|
|
|
|
|
|
| |
The affected files in this patch had inconsistent use of tabs vs. spaces
for indentation, and this patch eliminates the stray tabs.
Also, the opening brace of sigchld_hdl() in activate.c was moved so the
opening braces are consistent throughout the file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
| |
|
|
| |
Casts are visually heavy, and can obscure unwanted truncations.
|
| |
|
|
|
|
|
|
| |
I'm assuming that it's fine if a _const_ or _pure_ function
calls assert. It is assumed that the assert won't trigger,
and even if it does, it can only trigger on the first call
with a given set of parameters, and we don't care if the
compiler moves the order of calls.
|
| |
|
|
| |
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Because "export key=val" is not supported by systemd, an error is logged
where the invalid assignment is coming from.
Introduce strv_env_clean_log() to log invalid environment assignments,
where logging is possible and allowed.
parse_env_file_internal() is modified to allow WHITESPACE in keys, to
report the issues later on.
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=772073
|
| | |
|
| |
|
|
| |
cgroup directories in sync
|
| |
|
|
| |
Fixes a memleak in error path in exec_context_load_environment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
|
| |
|
|
|
|
| |
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
|
| |
|
|
|
| |
You can write much more than just one line with this call (and we
frequently do), so let's correct the naming.
|
| |
|
|
| |
Use _cleanup_ and wrap lines to ~80 chars and such.
|
| |
|
|
| |
C.f. http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5975c725dfd6f7d36f493ab1453fbdbd35c1f0e3
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
|
| |
|
|
|
|
|
|
| |
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
|
| |
|
|
|
| |
There is some guesswork, but it should work satisfactorily for the
purpose of knowing when to suppress printing of status messages.
|
| |
|
|
|
|
|
| |
Similar to already existing is_terminal_input().
Note that the only current user (connect_logger_as) is never called
for EXEC_OUTPUT_TTY, so it won't mind whether we accept it.
|
| |
|
|
|
|
|
|
|
|
| |
journald is supposed to work. Failure to connect to its socket implies
losing messages. It should be a very unusual event. Log the failure with
LOG_CRIT.
Just because this unit's stdout/stderr failed to connect to the journal
does not necessarily mean that we shouldn't try to log the failure using
a structured entry, so let's use log_struct_unit.
|
| |
|
|
|
|
| |
The functions are quite similar. Unify them into one.
The source gets shorter, the binary gets slightly smaller.
|
| |
|
|
|
|
|
|
| |
Almost every unit logs to the journal. If journald gets a permanent
failure, units would not be able to start (exit code 209/STDOUT).
Add a fallback to /dev/null to avoid making the system entirely
unusable in such a case.
|
| |
|
|
|
|
|
| |
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Now, actually check if the environment variable names and values used
are valid, before accepting them. With this in place are at some places
more rigid than POSIX, and less rigid at others. For example, this code
allows lower-case environment variables (which POSIX suggests not to
use), but it will not allow non-UTF8 variable values.
All in all this should be a good middle ground of what to allow and what
not to allow as environment variables.
(This also splits out all environment related calls into env-util.[ch])
|
| |
|
|
|
|
|
|
| |
In the x32 ABI, syscall numbers start at 0x40000000. Mask that bit on
x32 for lookups in the syscall_names array and syscall_filter and ensure
that syscall.h is parsed correctly.
[zj: added SYSCALL_TO_INDEX, INDEX_TO_SYSCALL macros.]
|
| | |
|
| |
|
|
|
| |
Skipped bootchart and various files that looked like they should be
kept in sync with external sources.
|
| |
|
|
|
|
|
|
| |
This patch allows globbing to be used with EnvironmentFile option.
Example:
EnvironmentFile=/etc/foo.d/*.conf
t. Pekka
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The behaviour of the common name##_from_string conversion is surprising.
It accepts not only the strings from name##_table but also any number
that falls within the range of the table. The order of items in most of
our tables is an internal affair. It should not be visible to the user.
I know of a case where the surprising numeric conversion leads to a crash.
We will allow the direct numeric conversion only for the tables where the
mapping of strings to numeric values has an external meaning. This holds
for the following lookup tables:
- netlink_family, ioprio_class, ip_tos, sched_policy - their numeric
values are stable as they are defined by the Linux kernel interface.
- log_level, log_facility_unshifted - the well-known syslog interface.
We allow the user to use numeric values whose string names systemd does
not know. For instance, the user may want to test a new kernel featuring
a scheduling policy that did not exist when his systemd version was
released. A slightly unpleasant effect of this is that the
name##_to_string conversion cannot return pointers to constant strings
anymore. The strings have to be allocated on demand and freed by the
caller.
|
| |
|
|
|
| |
Information which unit a log entry pertains to enables systemctl
status to display more log messages.
|
| | |
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=54176
|
| |
|
|
|
|
|
|
| |
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
right behaviour when people want writable mounts inside of
read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This adds a timeout if the TTY cannot be acquired and makes sure we
always output the question to the console, never to the TTY of the
respective service.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As described in
https://bugs.freedesktop.org/show_bug.cgi?id=50184
the journal currently doesn't set fields such as _SYSTEMD_UNIT
properly for messages coming from processes that have already
terminated. This means among other things that "systemctl status" may
not show some of the output of services that wrote messages just
before they exited.
This patch fixes this by having processes that log to the journal
write their unit identifier to journald when the connection to
/run/systemd/journal/stdout is opened. Journald stores the unit ID
and uses it to fill in _SYSTEMD_UNIT when it cannot be obtained
normally (i.e. from the cgroup). To prevent impersonating another
unit, this information is only used when the caller is root.
This doesn't fix the general problem of getting metadata about
messages from terminated processes (which requires some kernel
support), but it allows "systemctl status" and similar queries to do
the Right Thing for units that log via stdout/stderr.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
|
| |
|
|
|
|
|
|
|
| |
We want to avoid a deadlock when a service has ExecStartPre= programs
that wait for the job queue to run empty because of Type=idle, but which
themselves keep the queue non-empty because START_PRE was considered
ACTIVATING and hence the job not complete. With this patch we alter the
state translation table so that it is impossible ever to wait for
Type=idle unit, hence removing the deadlock.
|
