| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
The function will be used in later commits.
|
| |
|
|
|
|
| |
Instead of compiling those files twice, once for libsystemd and once for
libshared, compile once as a static archive and then link into both.
This reduce the meson target for man=no compile to 1291.
|
| |
|
|
|
| |
This is similar to the great-grandpa commit. This time the number
of meson targets compilation without man is reduced from 1347 to 1302.
|
| |
|
|
|
|
|
|
|
| |
We were including gcrypt-util.[ch] by hand in the few places where it
was used. Create a convenience library to avoid compiling the same
files multiple times.
v2:
- use a separate static library instead of mergin into libbasic
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcrypt_util_sources had to be moved because otherwise they appeared twice
in libshared.so halfproducts, causing an error.
-fvisibility=default is added to libbasic, libshared_static so that the symbols
appear properly in the exported symbol list in libshared.
The advantage is that files are not compiled twice. When configured with -Dman=false,
the ninja target list is reduced from 1588 to 1347 targets. The difference in compilation
time is small (<10%). I think this is because of -O0 and ccache and multiple cores, and
in different settings the compilation time could be reduced. The main advantage is that
errors and warnings are not reported twice.
|
| |
|
|
|
|
|
|
|
| |
We already use the "_static" suffix for libshared_static ("shared" is the name
of the library, "static" is the format) and other libs, so let's rename for
consistency.
Also change libsystemd_static_sources to libsystemd_sources, since the same
list is used for both and shorter is better.
|
| | |
|
| |
|
|
|
|
| |
It's a relatively small wrapper around safe_fork() now, hence let's move
it over, and make its signature even more alike. Also, set a different
process name for the polkit and askpw agents.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
A macro is needed because otherwise we couldn't ensure type safety.
Some simple tests are included.
No functional change intended.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PID 1 to journald
And let's make use of it to implement two new unit settings with it:
1. LogLevelMax= is a new per-unit setting that may be used to configure
log priority filtering: set it to LogLevelMax=notice and only
messages of level "notice" and lower (i.e. more important) will be
processed, all others are dropped.
2. LogExtraFields= is a new per-unit setting for configuring per-unit
journal fields, that are implicitly included in every log record
generated by the unit's processes. It takes field/value pairs in the
form of FOO=BAR.
Also, related to this, one exisiting unit setting is ported to this new
facility:
3. The invocation ID is now pulled from /run/elogind/units/ instead of
cgroupfs xattrs. This substantially relaxes requirements of elogind
on the kernel version and the privileges it runs with (specifically,
cgroupfs xattrs are not available in containers, since they are
stored in kernel memory, and hence are unsafe to permit to lesser
privileged code).
/run/elogind/units/ is a new directory, which contains a number of files
and symlinks encoding the above information. PID 1 creates and manages
these files, and journald reads them from there.
Note that this is supposed to be a direct path between PID 1 and the
journal only, due to the special runtime environment the journal runs
in. Normally, today we shouldn't introduce new interfaces that (mis-)use
a file system as IPC framework, and instead just an IPC system, but this
is very hard to do between the journal and PID 1, as long as the IPC
system is a subject PID 1 manages, and itself a client to the journal.
This patch cleans up a couple of types used in journal code:
specifically we switch to size_t for a couple of memory-sizing values,
as size_t is the right choice for everything that is memory.
Fixes: #4089
Fixes: #3041
Fixes: #4441
|
| | |
|
| |
|
|
| |
Not that we need it, but let's do this as matter of completeness.
|
| | |
|
| |
|
| |
Before this fix, elogind did not compile on musl, as the header "musl-missing.h" tries to include a nonexistant header: "config.h". This patch fixes that. Musl compiles with no issues once this patch is administered.
|
| |
|
|
|
|
| |
shared/musl_missing.h: Rewrite strndupa() define to use x_ prefixed
variables, so they won't shadow surronding
variables of the same name.
|
| |
|
|
|
|
|
| |
__register_atfork is glibc-specific but is roughly equivalent to
pthread_atfork, add a definition of it on musl_missing.h and guard
against the definition of __register_atfork on src/basic/process-util.c
using #ifdef __GLIBC__
|
| |
|
|
|
|
|
| |
now meson defines itself on config.h HAVE_[__]SECURE_GETENV, instead of
checking if it is defined, check if it set to false value.
also undefine before redefining it to true.
|
| |
|
|
|
| |
now meson defines if the feature is enabled or not, check if the
feature is enabled
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes a mostly theoretical potential security hole: if for some
reason we failed to remove IPC objects created for a dynamic user (maybe
because a MAC/SElinux erronously prohibited), then we should not hand
out the same UID again until they are successfully removed.
With this commit we'll enumerate the IPC objects currently existing, and
step away from using a UID for the dynamic UID logic if there are any
matching it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
|
| |
|
|
|
| |
In addition to the changes from #6933 this handles cases that could be
matched with the included cocci file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ systemctl show elogind-journald -p UID,GID
UID=4294967295
GID=4294967295
↓
$ systemctl show elogind-journald -p UID,GID
UID=[not set]
GID=[not set]
Just seeing the number is very misleading.
Fixes #6511.
|
| | |
|
| |
|
|
|
| |
This object takes a number of bpf_insn members and wraps them together with
the in-kernel reference id. Will be needed by the firewall code.
|
| |
|
|
|
|
| |
Let's use read_line() to solve our long line limitation.
Fixes #3302.
|
| |
|
|
|
| |
Let's support assigning the empty string to reset things in one more
place.
|
| |
|
|
|
|
|
|
|
| |
config_parse_strv()
This was added to make
https://bugs.freedesktop.org/show_bug.cgi?id=62558 work, which has long
been removed, hence let's revert to the original behaviour and fully
flush out the list when an empty string is assigned.
|
| |
|
|
| |
Fixes: #6787
|
| |
|
|
|
|
|
|
| |
We make copies (without O_CLOEXEC) of the fds anyway before using them,
hence let's be safe and create them with O_CLOEXEC first, so that we
don't run into issues should pager_open() be called in a threaded
environment where another thread fork()s at the wrong time and ends up
with fds not marked O_CLOEXEC.
|
| |
|
|
| |
Fixes #6633.
|
| | |
|
| |
|
|
| |
Follow-up for 21771f338d268e06dc9a10b9b08b14ff8217d4be.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
instead of @Base (#6669)
This helps prevent symbol collisions with other programs and libraries. In particular,
because PAM modules are loaded into the process that is creating the session, and
elogind creates PAM sessions, the potential for collisions is high.
Disambiguate all elogind calls by tagging a 'version' SD_SHARED.
Fixes #6624
|
| |
|
|
|
|
| |
- Update man/rules/meson.build with elogind set of xml files.
- Update documentation generating tools to fit elogind.
- Follow upstream and link against libelogind-shared-<version>.so
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Closes #4295 and #6511.
|
