summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Add memcpy_safeZbigniew Jędrzejewski-Szmek2017-06-16
| | | | | | | | | | | | | | | | | ISO/IEC 9899:1999 §7.21.1/2 says: Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4. In base64_append_width memcpy was called as memcpy(x, NULL, 0). GCC 4.9 started making use of this and assumes This worked fine under -O0, but does something strange under -O3. This patch fixes a bug in base64_append_width(), fixes a possible bug in journal_file_append_entry_internal(), and makes use of the new function to simplify the code in other places.
* cgroup2: use new fstype for unified hierarchyAlban Crequy2017-06-16
| | | | | | | | | | | | | | Since Linux v4.4-rc1, __DEVEL__sane_behavior does not exist anymore and is replaced by a new fstype "cgroup2". With this patch, elogind no longer supports the old (unstable) way of doing unified hierarchy with __DEVEL__sane_behavior and elogind now requires Linux v4.4 for unified hierarchy. Non-unified hierarchy is still the default and is unchanged by this patch. https://github.com/torvalds/linux/commit/67e9c74b8a873408c27ac9a8e4c1d1c8d72c93ff
* systemctl: add --value optionZbigniew Jędrzejewski-Szmek2017-06-16
| | | | | | | | | | With this option, systemctl will only print the rhs in show: $ systemctl show -p Wants,After elogind-journald --value elogind-journald.socket ... elogind-journald-dev-log.socket ... This is useful in scripts, because the need to call awk or similar is removed.
* musl-fix: faccessat does not support AT_SYMLINK_NOFOLLOW with musl.Enno Boland2017-05-24
|
* Prep v229: Some musl-libc compatibility updatesSven Eden2017-05-22
| | | | | | - musl-libc has no <bits/local_lim.h> - musl-libc has no <xlocale.h> - added <missing.h> include to basic/mdkir.c
* Prep v229: Consolidate system sleep functions.Sven Eden2017-05-22
| | | | | | Move sleep relevant functions from shared/sleep-config.* and login/logind-action.* into login/logind-sleep.* - they aren't used outside of elogind anyway.
* Prep v229: elogind should honor its Sleep configuration.Sven Eden2017-05-19
|
* src/login/logind.conf : Fix namingSven Eden2017-05-19
|
* Prep v229: Mask more unused functions in src/basicSven Eden2017-05-18
|
* Prep v229: Use parse-printf-format.h if configure did not find printf.hSven Eden2017-05-18
|
* Prep v229: Remove orphaned filesSven Eden2017-05-17
| | | | | | | The files - src/shared/output-mode.h and - src/test/test-signal-util.c are not used anywhere anymore.
* Prep v229: Add include for parse-printf-format.h to src/basic/stdio-util.hSven Eden2017-05-17
| | | | | | | Now that dedicated libc headers are included in their corresponding foo-util.h headers, stdio-util.h is the only place left, where printf.h was included. The nice thing is, that this is the only place left where we have to take care about printf and musl-libc.
* Prep v229: Remove remaining emacs settings [6/6] src/systemdSven Eden2017-05-17
|
* Prep v229: Remove remaining emacs settings [5/6] src/sharedSven Eden2017-05-17
|
* Prep v229: Remove remaining emacs settings [4/6] src/loginSven Eden2017-05-17
|
* Prep v229: Remove remaining emacs settings [3/6] src/libelogindSven Eden2017-05-17
|
* Prep v229: Remove remaining emacs settings [2/6] src/coreSven Eden2017-05-17
|
* Prep v229: Remove remaining emacs settings [1/6] src/basicSven Eden2017-05-17
|
* Prep v229: Add missing fixes from upstream [6/6] src/systemdSven Eden2017-05-17
|
* Prep v229: Add missing fixes from upstream [5/6] src/sharedSven Eden2017-05-17
|
* Prep v229: Add missing fixes from upstream [4/6] src/loginSven Eden2017-05-17
|
* Prep v229: Add missing fixes from upstream [3/6] src/libelogindSven Eden2017-05-17
|
* Prep v229: Add missing fixes from upstream [2/6] src/coreSven Eden2017-05-17
|
* Prep v229: Add missing fixes from upstream [1/6] src/basicSven Eden2017-05-17
|
* cgroup: remove support for NetClass= directiveDaniel Mack2017-05-17
| | | | | | | | | | | | | | | | | | | Support for net_cls.class_id through the NetClass= configuration directive has been added in v227 in preparation for a per-unit packet filter mechanism. However, it turns out the kernel people have decided to deprecate the net_cls and net_prio controllers in v2. Tejun provides a comprehensive justification for this in his commit, which has landed during the merge window for kernel v4.5: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671 As we're aiming for full support for the v2 cgroup hierarchy, we can no longer support this feature. Userspace tool such as nftables are moving over to setting rules that are specific to the full cgroup path of a task, which obsoletes these controllers anyway. This commit removes support for tweaking details in the net_cls controller, but keeps the NetClass= directive around for legacy compatibility reasons.
* tree-wide: remove Emacs lines from all filesDaniel Mack2017-05-17
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* core: change internal error code for masked units from EBADR to ESHUTDOWNLennart Poettering2017-05-17
| | | | | | | | | | | | | | | | | This commit changes the mapping of the BUS_ERROR_UNIT_MASKED error to ESHUTDOWN. This error is used whenever the transaction engine is asked to operate on a masked unit. ESHUTDOWN is what is used for the similar case when the unit file enable/disable logic hits a masked unit file, hence is a natural candidate to be used here too. Background: before this patch both "job type not applicable" and "unit masked" where mapped to EBADR, which transaction_add_job_and_dependencies() then checked for. It actually wanted to check exclusively for the former error condition, not the latter but due to the same mapping this failed to work. This patch semi-undoes an accidental change made in caffa4ef700fdd0eadd6c0b2ef9925611672a1bc, however restores the error number to ESHUTDOWN instead of the original ENOSYS (for the reasons indicated above). To make this easier to grok for the future, I added comments to explaining which error conditions are checked for. Fixes: #2315
* time-util: introduce usec_sub()Alexander Kuleshov2017-05-17
| | | | | | | The dual_timestamp_from_realtime(), dual_timestamp_from_monotonic() and dual_timestamp_from_boottime_or_monotonic() shares the same code for comparison given ts with delta. Let's move it to the separate inline function to prevent code duplication.
* coredump: rework coredumping logicLennart Poettering2017-05-17
| | | | | | | | | | | | | | | | This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a stacktrace and writes the coredump to disk. This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust= and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally priorized processes. This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until /var/elogind/coredump is mounted and writable. Fixes: #2286
* time-util: use dual_timestamp_get()Alexander Kuleshov2017-05-17
| | | | | | The time-util.c provides dual_timestamp_get() function for getting realtime and monotonic timestamps. Let's use it instead of direct realtime/monotonic calculation.
* core: log about path_is_mount_point() errorsLennart Poettering2017-05-17
| | | | | | | We really shouldn't fail silently, but print a log message about these errors. Also make sure to attach error codes to all log messages where that makes sense. (While we are at it, add a couple of (void) casts to functions where we knowingly ignore return values.)
* util: add check that makes sure time_t and TIME_T_MAX work the way we assume ↵Lennart Poettering2017-05-17
| | | | they do
* logind: load SELinux labelling systemNicolas Iooss2017-05-17
| | | | | | | | | | | elogind-logind uses mkdir_label and label_fix functions without calling first mac_selinux_init. This makes /run/user/$UID/ directories not labelled correctly on an Arch Linux system using SELinux. Fix this by calling mac_selinux_init("/run") early in elogind-logind. This makes files created in /etc/udev/rules.d and /var/lib/elogind to be labelled through transitions in the SELinux policy instead of using setfscreatecon (with mac_selinux_create_file_prepare).
* core: rework unit timeout handling, and add new setting RuntimeMaxSec=Lennart Poettering2017-05-17
| | | | | | | | | | | | | | | | | | | | | | This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code (following the logic that 0 means "no", and USEC_INFINITY means "never"). This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated, and sd-event considers it has indication for turning off the event source. This also alters the deserialization of the units to restart timeouts from the time they were originally started from. Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to artificially prolonged timeouts if a daemon reload took place. Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs. This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn() calls fail. Fixes: #2249
* core: fix support for transient resource limit propertiesLennart Poettering2017-05-17
| | | | | | | | | | | | | Make sure we can properly process resource limit properties. Specifically, allow transient configuration of both the soft and hard limit, the same way from the unit files. Previously, only the the hard rlimits could be configured but they'd implicitly spill into the soft hard rlimits. This also updates the client-side code to be able to parse hard/soft resource limit specifications. Since we need to serialize two properties in bus_append_unit_property_assignment() now, the marshalling of the container around it is now moved into the function itself. This has the benefit of shortening the calling code. As a side effect this now beefs up the rlimit parser of "systemctl set-property" to understand time and disk sizes where that's appropriate.
* shared: simplify parsing of bus properties a bitLennart Poettering2017-05-17
| | | | Let's write the property name and value in one call, when that's possible, shorthing our code a bit.
* core: fix handling of AccuracyUSec and RandomDelayUSec bus propertiesLennart Poettering2017-05-17
| | | | | | | | | | | Clear up some confusion regarding the USec and Sec suffixes we use. In configuration files we usually use the Sec suffix, to indicate the implied time unit if none is specified. The respective bus properties however use the USec property, since they expose 64bit unsigned integers containing time in µs. Before this patch timer units exposed a bus property AccuracyUSec (which hence is the correct name) but when parsing transient property data would look for AccuracySec instead (which is incorrect). This patch ensures we look for AccuracySec correctly, but keeps the code for AccuracyUSec in place for compatibility, but adds a warning to ensure that apps are updated to use the right property.
* sd-event: permit a USEC_INFINITY timeout as an alternative to a disabling an ↵Lennart Poettering2017-05-17
| | | | | | | event source This should simplify handling of time events in clients and is in-line with the USEC_INFINITY macro we already have. This way setting a timeout to 0 indicates "elapse immediately", and a timeout of USEC_INFINITY "elapse never".
* sd-event: when determining the last allowed time a time event may elapse, ↵Lennart Poettering2017-05-17
| | | | deal with overflows
* basic: fix touch() creating files with 07777 modeMantas Mikulėnas2017-05-17
| | | | | | | mode_t is unsigned, so MODE_INVALID < 0 can never be true. This fixes a possible DoS where any user could fill /run by writing to a world-writable /run/elogind/show-status.
* basic: when parsing verb command lines, optionally shortcut them in chroot() ↵Lennart Poettering2017-05-17
| | | | | | environments This adds some basic infrastructure in order to fix #2015.
* systemctl: improve message when a job fails with a JOB_INVALID stateLennart Poettering2017-05-17
| | | | This result can only happen if the job was a reload job for an inactive unit. Make the error message actually say that.
* basic: getauxval(AT_RANDOM) is apparently not necessarily alignedLennart Poettering2017-05-17
| | | | | | Let's make sure we read it in a way compatible with non-aligned memory. Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812928
* nss: block various signals while running NSS lookupsLennart Poettering2017-05-17
| | | | | | | Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be interrupted where they should (SIGINT, ...). Fixes #1965
* basic: don't append suffixes to unit name glob expressionsLennart Poettering2017-05-17
| | | | | | | When the user specifies "foo*" as unit name glob expression, we shouldn't turn this into "foo*.service". Hence: only append a suffix if the specified string isn't a glob expression. Fixes: #2397
* machined: add early checks for unrealistically large image/pool sizesLennart Poettering2017-05-17
|
* shutdown: complain if process excluded from killing spree runs of the same ↵Michal Sekletar2017-05-17
| | | | rootfs as PID1
* elogind-activate: Add support for datagram socketsSusant Sahani2017-05-17
| | | | | | | | | core: Add flexible way to provide socket type the socket type should be a diffrent argumet in make_socket_fd . In this way we can set the socket type like SOCK_STREAM SOCK_DGRAM in the address. journal-remote: modify make_socket_fd
* resolve: generate a nice clean error when clients try to resolve a name when ↵Lennart Poettering2017-05-17
| | | | the network is down
* logind,machined: bump TasksMax=Lennart Poettering2017-05-17
| | | | | | | | | Issue #2388 suggests the current TasksMax= setting for user processes is to low. Bump it to 12K. Also, bump the container TasksMax= from 8K to 16K, so that it remains higher than the one for user processes. (Compare: the kernel default limit for processes system-wide is 32K). Fixes #2388