| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
We're moving towards unified cgroup hierarchy where this is not necessary.
This makes main.c a bit simpler.
|
| |
|
|
|
|
| |
config_parse_join_controllers would free the destination argument on failure,
which is contrary to our normal style, where failed parsing has no effect.
Moving it to shared also allows a test to be added.
|
| |
|
|
|
|
| |
The arguments have to be indentical everywhere, so let's use a macro to
make things more readable. But only in the headers, in the .c files let's
keep them verbose so that it's easy to see the argument list.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Before this, `systemctl show` for calendar type timer unit outputs
something like below.
```
NextElapseUSecRealtime=48y 3w 3d 15h
NextElapseUSecMonotonic=0
LastTriggerUSec=48y 3w 3d 3h 41min 44.093095s
LastTriggerUSecMonotonic=0
```
As both NextElapseUSecRealtime= and LastTriggerUSec= are not timespan
but timestamp, this makes format these values by `format_timestamp()`.
|
| |
|
|
|
|
| |
Apparently O_NONBLOCK is the modern name used in most documentation and
for most cases in our sources. Let's hence replace the old alias
O_NDELAY and stick to O_NONBLOCK everywhere.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
log.h really should only include the bare minimum of other headers, as
it is really pulled into pretty much everything else and already in
itself one of the most basic pieces of code we have.
Let's hence drop inclusion of:
1. sd-id128.h because it's entirely unneeded in current log.h
2. errno.h, dito.
3. sys/signalfd.h which we can replace by a simple struct forward
declaration
4. process-util.h which was needed for getpid_cached() which we now hide
in a funciton log_emergency_level() instead, which nicely abstracts
the details away.
5. sys/socket.h which was needed for struct iovec, but a simple struct
forward declaration suffices for that too.
Ultimately this actually makes our source tree larger (since users of
the functionality above must now include it themselves, log.h won't do
that for them), but I think it helps to untangle our web of includes a
tiny bit.
(Background: I'd like to isolate the generic bits of src/basic/ enough
so that we can do a git submodule import into casync for it)
|
| |
|
|
| |
More information may be found at wireguard.com.
|
| |
|
|
| |
More information may be found at wireguard.com.
|
| |
|
|
|
|
|
|
|
|
| |
The changes both networkd and resolved to make use of the watch_bind
feature of sd-bus to connect to the system bus. This way, both daemons
can be started during early boot, and automatically and instantly
connect to the system bus as it becomes available.
This replaces prior code that used a time-based retry logic to connect
to the bus.
|
| |
|
|
|
|
|
|
|
| |
Let's remove a number of synchronization points from our service
startups: let's drop synchronous match installation, and let's opt for
asynchronous instead.
Also, let's use sd_bus_match_signal() instead of sd_bus_add_match()
where we can.
|
| | |
|
| |
|
|
|
| |
let's keep static variables together, and before the function
definitions.
|
| |
|
|
|
|
| |
We maintain static process-wide variables in these subsystems without
locking, hence let's refuse operation unless we are called from the main
thread (which we do anyway) just as a safety precaution.
|
| |
|
|
|
|
| |
Using wait_for_terminate_and_check() instead of wait_for_terminate()
let's us simplify, shorten and unify the return value checking and
logging of waitid(). Hence, let's use it all over the place.
|
| | |
|
| |
|
|
| |
The function will be used in later commits.
|
| |
|
|
|
|
| |
Instead of compiling those files twice, once for libsystemd and once for
libshared, compile once as a static archive and then link into both.
This reduce the meson target for man=no compile to 1291.
|
| |
|
|
|
| |
This is similar to the great-grandpa commit. This time the number
of meson targets compilation without man is reduced from 1347 to 1302.
|
| |
|
|
|
|
|
|
|
| |
We were including gcrypt-util.[ch] by hand in the few places where it
was used. Create a convenience library to avoid compiling the same
files multiple times.
v2:
- use a separate static library instead of mergin into libbasic
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcrypt_util_sources had to be moved because otherwise they appeared twice
in libshared.so halfproducts, causing an error.
-fvisibility=default is added to libbasic, libshared_static so that the symbols
appear properly in the exported symbol list in libshared.
The advantage is that files are not compiled twice. When configured with -Dman=false,
the ninja target list is reduced from 1588 to 1347 targets. The difference in compilation
time is small (<10%). I think this is because of -O0 and ccache and multiple cores, and
in different settings the compilation time could be reduced. The main advantage is that
errors and warnings are not reported twice.
|
| |
|
|
|
|
|
|
|
| |
We already use the "_static" suffix for libshared_static ("shared" is the name
of the library, "static" is the format) and other libs, so let's rename for
consistency.
Also change libsystemd_static_sources to libsystemd_sources, since the same
list is used for both and shorter is better.
|
| | |
|
| |
|
|
|
|
| |
It's a relatively small wrapper around safe_fork() now, hence let's move
it over, and make its signature even more alike. Also, set a different
process name for the polkit and askpw agents.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
A macro is needed because otherwise we couldn't ensure type safety.
Some simple tests are included.
No functional change intended.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PID 1 to journald
And let's make use of it to implement two new unit settings with it:
1. LogLevelMax= is a new per-unit setting that may be used to configure
log priority filtering: set it to LogLevelMax=notice and only
messages of level "notice" and lower (i.e. more important) will be
processed, all others are dropped.
2. LogExtraFields= is a new per-unit setting for configuring per-unit
journal fields, that are implicitly included in every log record
generated by the unit's processes. It takes field/value pairs in the
form of FOO=BAR.
Also, related to this, one exisiting unit setting is ported to this new
facility:
3. The invocation ID is now pulled from /run/elogind/units/ instead of
cgroupfs xattrs. This substantially relaxes requirements of elogind
on the kernel version and the privileges it runs with (specifically,
cgroupfs xattrs are not available in containers, since they are
stored in kernel memory, and hence are unsafe to permit to lesser
privileged code).
/run/elogind/units/ is a new directory, which contains a number of files
and symlinks encoding the above information. PID 1 creates and manages
these files, and journald reads them from there.
Note that this is supposed to be a direct path between PID 1 and the
journal only, due to the special runtime environment the journal runs
in. Normally, today we shouldn't introduce new interfaces that (mis-)use
a file system as IPC framework, and instead just an IPC system, but this
is very hard to do between the journal and PID 1, as long as the IPC
system is a subject PID 1 manages, and itself a client to the journal.
This patch cleans up a couple of types used in journal code:
specifically we switch to size_t for a couple of memory-sizing values,
as size_t is the right choice for everything that is memory.
Fixes: #4089
Fixes: #3041
Fixes: #4441
|
| | |
|
| |
|
|
| |
Not that we need it, but let's do this as matter of completeness.
|
| | |
|
| |
|
| |
Before this fix, elogind did not compile on musl, as the header "musl-missing.h" tries to include a nonexistant header: "config.h". This patch fixes that. Musl compiles with no issues once this patch is administered.
|
| |
|
|
|
|
| |
shared/musl_missing.h: Rewrite strndupa() define to use x_ prefixed
variables, so they won't shadow surronding
variables of the same name.
|
| |
|
|
|
|
|
| |
__register_atfork is glibc-specific but is roughly equivalent to
pthread_atfork, add a definition of it on musl_missing.h and guard
against the definition of __register_atfork on src/basic/process-util.c
using #ifdef __GLIBC__
|
| |
|
|
|
|
|
| |
now meson defines itself on config.h HAVE_[__]SECURE_GETENV, instead of
checking if it is defined, check if it set to false value.
also undefine before redefining it to true.
|
| |
|
|
|
| |
now meson defines if the feature is enabled or not, check if the
feature is enabled
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes a mostly theoretical potential security hole: if for some
reason we failed to remove IPC objects created for a dynamic user (maybe
because a MAC/SElinux erronously prohibited), then we should not hand
out the same UID again until they are successfully removed.
With this commit we'll enumerate the IPC objects currently existing, and
step away from using a UID for the dynamic UID logic if there are any
matching it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
|
| |
|
|
|
| |
In addition to the changes from #6933 this handles cases that could be
matched with the included cocci file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ systemctl show elogind-journald -p UID,GID
UID=4294967295
GID=4294967295
↓
$ systemctl show elogind-journald -p UID,GID
UID=[not set]
GID=[not set]
Just seeing the number is very misleading.
Fixes #6511.
|
| | |
|
