| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Because the order of coldplugging is not defined, we can reference a
not-yet-coldplugged unit and read its state while it has not yet been
set to a meaningful value.
This way, already active units may get started again.
We fix this by deferring such actions until all units have been at
least somehow coldplugged.
Fixes https://bugs.freedesktop.org/show_bug.cgi?id=88401
|
| |
|
|
|
|
| |
This adds support for showing the accumulated consumed CPU time per-unit
in the "systemctl status" output. The property is also readable via the
bus.
|
| |
|
|
|
|
| |
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When dbus.socket is updated like this:
-ListenStream=/var/run/dbus/system_bus_socket
+ListenStream=/run/dbus/system_bus_socket
... and daemon-reload is performed, bad things happen.
During deserialization systemd does not recognize that the two paths
refer to the same named socket and replaces the socket file with a new
one. As a result, applications hang when they try talking to dbus.
Fix this by finding a match not only when the path names are equal, but
also when they point to the same inode.
In socket_address_equal() it is necessary to move the address size
comparison into the abstract sockets branch. For path name sockets the
comparison must not be done and for other families it is redundant
(their sizes are constant and checked by socket_address_verify()).
FIFOs and special files can also have multiple pathnames, so compare the
inodes for them as well. Note that previously the pathname checks used
streq_ptr(), but the paths cannot be NULL.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186018
|
| |
|
|
|
|
|
|
| |
If a service has an ExecStop= program that uses the socket the service was
activated by to tell it to terminate, then that should not be used as
trigger to start the service again.
http://lists.freedesktop.org/archives/systemd-devel/2015-February/028058.html
|
| |
|
|
|
|
| |
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
| |
|
|
|
|
|
|
|
| |
changing unit state
Unit _start() and _stop() implementations can fail with -EAGAIN to delay
execution temporarily. Thus, we should not output status messages before
invoking these calls, but after, and only when we know that the
invocation actually made a change.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Using:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_unit_(debug|info|notice|warning|error|emergency)\(([^"]+), "(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_unit_\1_errno(\2, \5, "\3%m"\4);/'
|
| |
|
|
| |
It corrrectly handles both positive and negative errno values.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'
Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
|
| |
|
|
|
|
|
|
|
|
| |
- Rename log_meta() → log_internal(), to follow naming scheme of most
other log functions that are usually invoked through macros, but never
directly.
- Rename log_info_object() to log_object_info(), simply because the
object should be before any other parameters, to follow OO-style
programming style.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
|
| |
|
|
|
| |
if sigabrt doesn't do the job, follow regular shutdown
routine, sigterm > sigkill.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
APIs that query and return something cannot silently fail, they must
either return something useful, or an error. Fix that.
Also, properly rollback socket unit fd creation when something goes
wrong with the security framework.
|
| |
|
|
|
|
| |
a) always return negative errno error codes
b) always become a noop if smack is off
c) always take a NULL label as a request to remove it
|
| |
|
|
|
|
|
| |
and all that reset it to defaults mac_{selinux|smack}_fix()
Let's clean up the naming schemes a bit and use the same one for SMACK
and for SELINUX.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This way, the list of arguments to that function gets more comprehensive,
and we can get around passing lots of NULL and 0 arguments from socket.c,
swap.c and mount.c.
It also allows for splitting up the code in exec_spawn().
While at it, make ExecContext const in execute.c.
|
| | |
|
| |
|
|
|
|
| |
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit.
|
| |
|
|
|
|
| |
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list.
|
| |
|
|
|
|
|
|
|
|
| |
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
TCP_DEFER_ACCEPT Allow a listener to be awakened only when data
arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side
listening socket, the TCP/IP stack will not to wait for the final
ACK packet and not to initiate the process until the first packet
of real data has arrived. After sending the SYN/ACK, the server will
then wait for a data packet from a client. Now, only three packets
will be sent over the network, and the connection establishment delay
will be significantly reduced.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tcp keep alive variables now can be configured via conf
parameter. Follwing variables are now supported by this patch.
tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes
tcp_keepalive_probes: The maximum number of TCP keep-alive probes to
send before giving up and killing the connection if no response is
obtained from the other end.
tcp_keepalive_time: The number of seconds a connection needs to be
idle before TCP begins sending out keep-alive probes.
|
| |
|
|
|
|
|
|
| |
This reverts commit 9528592ff8d7ff361da430285deba8196e8984d5.
Apparently TFO is actually the default at least for the server side now.
Also the setsockopt doesn't actually take a bool, but a qlen integer.
|
| |
|
|
|
|
|
|
|
|
| |
TCP Fast Open (TFO) speeds up the opening of successiveTCP)
connections between two endpoints.It works by using a TFO cookie
in the initial SYN packet to authenticate a previously connected
client. It starts sending data to the client before the receipt
of the final ACK packet of the three way handshake is received,
skipping a round trip and lowering the latency in the start of
transmission of data.
|
| |
|
|
|
|
|
| |
This patch adds support for TCP TCP_NODELAY socket option. This can be
configured via NoDelay conf parameter. TCP Nagle's algorithm works by
combining a number of small outgoing messages, and sending them all at
once. This controls the TCP_NODELAY socket option.
|
| |
|
|
|
|
|
|
| |
This tool will warn about misspelt directives, unknown sections, and
non-executable commands. It will also catch the common mistake of
using Accept=yes with a non-template unit and vice versa.
https://bugs.freedesktop.org/show_bug.cgi?id=56607
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Parsing sysv files was moved to the sysv-generator in the previous commit.
This patch removes the sysv parsing from serivce.c.
Note that this patch drops the following now unused sysv-specific info
from service dump:
"SysV Init Script has LSB Header: (yes/no)"
"SysVEnabled: (yes/no)"
"SysVRunLevels: (levels)"
|
| |
|
|
|
| |
Prevent use of uninitialized variable and removed a now unused
cleanup function for freeaddrinfo
|
| |
|
|
|
| |
It's not safe invoking NSS from PID 1, hence fork off worker processes
that upload the policy into the kernel for busnames.
|
| |
|
|
|
|
|
| |
system
This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.
|
| |
|
|
|
|
|
|
|
|
|
| |
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO
nodes in the file system, with the same lifecycle as the socket itself.
This has two benefits: first, this allows us to remove /dev/log and
/dev/initctl from /dev, thus leaving only symlinks, device nodes and
directories in the /dev tree. More importantly however, this allows us
to move /dev/log out of /dev, while still making it accessible there, so
that PrivateDevices= can provide /dev/log too.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
No functional change expected :)
|
| |
|
|
|
| |
This is a second attempt at 9754d56, reverted in 2f20a8e, because
I lost a 'break;' when moving chunks around.
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 9754d56e9b21bfe89fc18f47987d6bef491b8521.
It causes a crash in PID1:
Apr 19 13:49:32 lon systemd[1]: Code should not be reached 'Unhandled socket type.'
at src/core/socket.c:684, function instance_from_socket(). Aborting.
Apr 19 13:49:32 lon systemd[1]: Caught <ABRT>, dumped core as pid 336.
Apr 19 13:49:32 lon systemd[1]: Freezing execution.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NixOS uses Unix domain sockets for certain host <-> container
interaction; i.e. the host connects to a socket visible in the
container's directory tree, where the container uses a .socket unit to
spawn the handler program on demand. This worked in systemd 203, but
in 212 fails with "foo.socket failed to queue service startup job
(Maybe the service file is missing or not a template unit?): No data
available".
The reason is that getpeercred() now returns ENODATA if it can't get
the PID of the client, which happens in this case because the client
is not in the same PID namespace. Since getpeercred() is only used to
generate the instance name, this patch simply handles ENODATA by
creating an instance name "<nr>-unknown".
[zj: reorder clauses and remove (unsigned long) casts.]
|
| |
|
|
| |
CLOCK_BOOTTIME_ALARM, too
|
| |
|
|
|
|
|
|
| |
Let's automatically initialize the kill, exec and cgroup contexts of the
various unit types when the object is constructed, instead of
invididually in type-specific code.
Also, when PrivateDevices= is set, set DevicePolicy= to closed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:
fd = safe_close(fd);
Which will close an fd if it is open, and reset the fd variable
correctly.
By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
|
