summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* fileio: initialize errno to zero before we do fread()Lennart Poettering2017-09-22
| | | | | if there was something in the read buffer already errno might not be set on error, let's detect that case.
* fileio: try to read one byte too much in read_full_stream()Lennart Poettering2017-09-22
| | | | | | | | Let's read one byte more than the file size we read from stat() on the first fread() invocation. That way, the first read() will already be short and indicate eof to fread(). This is a minor optimization, and replaces #3908.
* fileio: move fsync() logic into write_string_stream_ts()Lennart Poettering2017-09-22
| | | | | | That way, write_string_stream_ts() becomes more powerful, and we can remove duplicate code from write_string_file_atomic() and write_string_file_ts().
* fileio: make write_string_stream() accept flags parameterLennart Poettering2017-09-22
| | | | | | Let's make write_string_stream() and write_string_file() more alike, and pass the same flag set so that we can remove a number of boolean parameters.
* fileio: support writing atomic files with timestampLennart Poettering2017-09-22
| | | | | Let's make sure "ts" is taken into account when writing atomic files, too.
* cgroup: rework which files we chown() on delegationLennart Poettering2017-09-22
| | | | | | | | | | | | | | | | On cgroupsv2 we should also chown()/chmod() the subtree_control file, so that children can use controllers the way they like. On cgroupsv1 we should also chown()/chmod() cgroups.clone_children, as not setting this for new cgroups makes little sense, and hence delegated clients should be able to write to it. Note that error handling for both cases is different. subtree_control matters so we check for errors, but the clone_children/tasks stuff doesn't really, as it's legacy stuff. Hence we only log errors and proceed. Fixes: #6216
* cgroup-util: downgrade log messages from library code to LOG_DEBUGLennart Poettering2017-11-21
| | | | | | | These errors don't really matter, that's why we log and proceed in the current code. However, we currently log at LOG_WARNING, but we really shouldn't given that this is library code. Hence downgrade this to LOG_DEBUG.
* core: whenever a unit terminates, log its consumed resources to the journalLennart Poettering2017-09-21
| | | | | | | | | | | | This adds a new recognizable log message for each unit invocation that contains structured information about consumed resources of the unit as a whole after it terminated. This is particular useful for apps that want to figure out what the resource consumption of a unit given a specific invocation ID was. The log message is only generated for units that have at least one XyzAccounting= property turned on, and currently only covers IP traffic and CPU time metrics.
* io-util: add new IOVEC_INIT/IOVEC_MAKE macrosLennart Poettering2017-09-21
| | | | | | | | | | | | | | | | | | | | | | This adds IOVEC_INIT() and IOVEC_MAKE() for initializing iovec structures from a pointer and a size. On top of these IOVEC_INIT_STRING() and IOVEC_MAKE_STRING() are added which take a string and automatically determine the size of the string using strlen(). This patch removes the old IOVEC_SET_STRING() macro, given that IOVEC_MAKE_STRING() is now useful for similar purposes. Note that the old IOVEC_SET_STRING() invocations were two characters shorter than the new ones using IOVEC_MAKE_STRING(), but I think the new syntax is more readable and more generic as it simply resolves to a C99 literal structure initialization. Moreover, we can use very similar syntax now for initializing strings and pointer+size iovec entries. We canalso use the new macros to initialize function parameters on-the-fly or array definitions. And given that we shouldn't have so many ways to do the same stuff, let's just settle on the new macros. (This also converts some code to use _cleanup_ where dynamically allocated strings were using IOVEC_SET_STRING() before, to modernize things a bit)
* cgroup: refuse to return accounting data if accounting isn't turned onLennart Poettering2017-11-21
| | | | | | | | | | We used to be a bit sloppy on this, and handed out accounting data even for units where accounting wasn't explicitly enabled. Let's be stricter here, so that we know the accounting data is actually fully valid. This is necessary, as the accounting data is no longer stored exclusively in cgroupfs, but is partly maintained external of that, and flushed during unit starts. We should hence only expose accounting data we really know is fully current.
* core: when coming back from reload/reexec, reapply all cgroup propertiesLennart Poettering2017-09-07
| | | | | | | | | | | | With this change we'll invalidate all cgroup settings after coming back from a daemon reload/reexec, so that the new settings are instantly applied. This is useful for the BPF case, because we don't serialize/deserialize the BPF program fd, and hence have to install a new, updated BPF program when coming back from the reload/reexec. However, this is also useful for the rest of the cgroup settings, as it ensures that user configuration really takes effect wherever we can.
* core: serialize/deserialize IP accounting across daemon reload/reexecLennart Poettering2017-09-07
| | | | | | | | | | | | | | | Make sure the current IP accounting counters aren't lost during reload/reexec. Note that we destroy all BPF file objects during a reload: the BPF programs, the access and the accounting maps. The former two need to be regenerated anyway with the newly loaded configuration data, but the latter one needs to survive reloads/reexec. In this implementation I opted to only save/restore the accounting map content instead of the map itself. While this opens a (theoretic) window where IP traffic is still accounted to the old map after we read it out, and we thus miss a few bytes this has the benefit that we can alter the map layout between versions should the need arise.
* Add test for eBPF firewall codeDaniel Mack2016-11-03
|
* cgroup: dump the newly added IP settings in the cgroup contextLennart Poettering2017-09-01
|
* cgroup, unit, fragment parser: make use of new firewall functionsDaniel Mack2017-11-21
|
* Add firewall eBPF compilerDaniel Mack2017-11-21
|
* cgroup: add fields to accommodate eBPF related detailsDaniel Mack2017-11-21
| | | | | Add pointers for compiled eBPF programs as well as list heads for allowed and denied hosts for both directions.
* Add IP address address ACL representation and parserDaniel Mack2017-11-21
| | | | | | | Add a config directive parser that takes multiple space separated IPv4 or IPv6 addresses with optional netmasks in CIDR notation rvalue and puts a parsed version of it to linked list of IPAddressAccessItem objects. The code actually using this will be added later.
* Add abstraction model for BPF programsDaniel Mack2017-11-20
| | | | | This object takes a number of bpf_insn members and wraps them together with the in-kernel reference id. Will be needed by the firewall code.
* in-addr-util: add new helper call in_addr_prefix_from_string_auto()Lennart Poettering2017-11-20
| | | | | | This is much like in_addr_prefix_from_string(), but automatically determines whether IPv4 or IPv6 addresses are specified. Also adds a test for it.
* manager: watching the cgroup2 inotify fd is safe in test runs tooLennart Poettering2017-11-20
| | | | | Less deviation between test runs and normal runs is always a good idea, hence enable more stuff that is safe in test runs
* cgroup: always invalidate "cpu" and "cpuacct" togetherLennart Poettering2017-09-05
| | | | | | | This doesn't really matter, as we never invalidate cpuacct explicitly, and there's no real reason to care for it explicitly, however it's prettier if we always treat cpu and cpuacct as belonging together, the same way we conisder "io" and "blkio" to belong together.
* cgroup-util: minor coding style adjustmentLennart Poettering2017-09-04
|
* v235: Added missing updatesSven Eden2017-11-19
|
* Prep v235: Added cap-list, which is needed now.Sven Eden2017-11-19
|
* fileio: return 0 from read_one_line_file on successZbigniew Jędrzejewski-Szmek2017-09-24
| | | | Fixup for f4b51a2d09. Suggested by Evgeny Vereshchagin.
* test-conf-parser: add tests for the new long lines, including overflow handlingZbigniew Jędrzejewski-Szmek2017-09-25
|
* test-conf-parser: use _cleanup_Zbigniew Jędrzejewski-Szmek2017-09-21
|
* fileio: use _cleanup_ for FILE unlockingZbigniew Jędrzejewski-Szmek2017-09-25
|
* conf-parse: remove 4K line length limitLennart Poettering2017-09-22
| | | | | | Let's use read_line() to solve our long line limitation. Fixes #3302.
* test-conf-parser: add some basic tests for config_parse()Zbigniew Jędrzejewski-Szmek2017-09-25
| | | | | | | This function is pretty important, but we weren't calling it directly even once in tests. v2: add a few tests for escaping and line continuations
* fileio: initialize errno to zero before we do fread()Lennart Poettering2017-09-22
| | | | | if there was something in the read buffer already errno might not be set on error, let's detect that case.
* fileio: try to read one byte too much in read_full_stream()Lennart Poettering2017-09-22
| | | | | | | | Let's read one byte more than the file size we read from stat() on the first fread() invocation. That way, the first read() will already be short and indicate eof to fread(). This is a minor optimization, and replaces #3908.
* fileio: move fsync() logic into write_string_stream_ts()Lennart Poettering2017-09-22
| | | | | | That way, write_string_stream_ts() becomes more powerful, and we can remove duplicate code from write_string_file_atomic() and write_string_file_ts().
* fileio: make write_string_stream() accept flags parameterLennart Poettering2017-09-22
| | | | | | Let's make write_string_stream() and write_string_file() more alike, and pass the same flag set so that we can remove a number of boolean parameters.
* fileio: support writing atomic files with timestampLennart Poettering2017-09-22
| | | | | Let's make sure "ts" is taken into account when writing atomic files, too.
* cgroup-util: replace one use of fgets() by read_line()Lennart Poettering2017-09-25
|
* fileio: rework read_one_line_file() on top of read_line()Lennart Poettering2017-09-25
|
* def: add new constant LONG_LINE_MAXLennart Poettering2017-09-22
| | | | | | | | LONG_LINE_MAX is much like LINE_MAX, but longer. As it turns out LINE_MAX at 4096 is too short for many usecases. Since the general concept of having a common maximum line length limit makes sense let's add our own, and make it larger (1MB for now).
* fileio: add new helper call read_line() as bounded getline() replacementLennart Poettering2017-09-25
| | | | | | | read_line() is much like getline(), and returns a line read from a FILE*, of arbitrary sizes. In contrast to gets() it will grow the buffer dynamically, and in contrast to getline() it will place a user-specified boundary on the line.
* cgroup: rework which files we chown() on delegationLennart Poettering2017-09-22
| | | | | | | | | | | | | | | | On cgroupsv2 we should also chown()/chmod() the subtree_control file, so that children can use controllers the way they like. On cgroupsv1 we should also chown()/chmod() cgroups.clone_children, as not setting this for new cgroups makes little sense, and hence delegated clients should be able to write to it. Note that error handling for both cases is different. subtree_control matters so we check for errors, but the clone_children/tasks stuff doesn't really, as it's legacy stuff. Hence we only log errors and proceed. Fixes: #6216
* cgroup-util: downgrade log messages from library code to LOG_DEBUGLennart Poettering2017-09-25
| | | | | | | These errors don't really matter, that's why we log and proceed in the current code. However, we currently log at LOG_WARNING, but we really shouldn't given that this is library code. Hence downgrade this to LOG_DEBUG.
* time-util: mktime_or_timegm are changing the struct tmMarcel Hollerbach2017-09-20
| | | | | after that wm_day etc. seems to be changed. Moving the check infront of the mktime_or_timegm fixes that.
* time-util: correctly handle the timezone when parsingMarcel Hollerbach2017-09-20
| | | | | | | | | | The timezone was cut off the string once the timezone was not UTC. If it is not UTC but a other timezone that matches tzname[0] or tzname[1], then we can leave it to the impl function to parse that correctly. If not we can just fallback to whatever is the current timezone is in the given t_timezone. This should fix the testuite and tests.
* Link to the right glibc commit in comment (#6884)Zbigniew Jędrzejewski-Szmek2017-09-21
| | | | | | Reported by Marcos Mello. Fixes #6882.
* time-util: fix shadowing of timezoneMarcel Hollerbach2017-09-19
| | | | | timezone was shadowing timezone from time.h which leads to a buildbreak since elogind is built with -Werror
* Make test_run into a flags field and disable generators againZbigniew Jędrzejewski-Szmek2017-09-25
| | | | | | | | | | Now generators are only run in elogind --test mode, where this makes most sense (how are you going to test what would happen otherwise?). Fixes #6842. v2: - rename test_run to test_run_flags
* tests: change dbus tests to use user bus (#6845)Michael Biebl2017-09-19
| | | | | | This makes it possible to run more dbus tests in a build environment/chroot where no system bus is available. To run the dbus test one then can use dbus-run-session.
* test-exec-util: add two test cases for scripts masked with empty fileZbigniew Jędrzejewski-Szmek2017-09-17
| | | | | | A test for #6831. Fails without the previous commit. Suggested by Evgeny Vereshchagin.
* conf-files: fix check for masking with empty filesZbigniew Jędrzejewski-Szmek2017-09-17
| | | | Fixes #6831.