1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Commit Graph

20814 Commits

Author SHA1 Message Date
Michal Schmidt
49e440cdc9 hashmap: remove _IDX_ITERATOR_NIL definition
It is unused and rightly so. Users of the hashmap API should
not care about the idx values or any other Iterator internals.
_IDX_ITERATOR_FIRST in hashmap.h is an exception. It is needed
for ITERATOR_FIRST.
2015-06-17 17:28:44 +02:00
Kay Sievers
a54941f1b4 Merge pull request #256 from kaysievers/wip
libsystemd: remove list of symbols to export only in the future
2015-06-17 17:18:10 +02:00
Lennart Poettering
225a833007 Merge pull request #260 from mbiebl/systemshutdowndir-substitution
build-sys: restore systemshutdowndir substitution
2015-06-17 17:11:42 +02:00
Michael Biebl
40af96f692 build-sys: restore systemshutdowndir substitution
This was accidentally removed in d6b07ef.
2015-06-17 16:37:59 +02:00
Kay Sievers
73a7e4615d libsystemd: remove list of symbols to export only in the future 2015-06-17 16:21:13 +02:00
David Herrmann
0e782a6422 Merge pull request #254 from poettering/external-displays2
logind: rework display counting when detecting whether the system is …
2015-06-17 15:56:04 +02:00
Lennart Poettering
eef8c1f6fd Merge pull request #221 from utezduyar/man-cgtop-explain-max-cpu
man: explain max CPU load on cgtop
2015-06-17 15:48:31 +02:00
Zbigniew Jędrzejewski-Szmek
1542c01b1d tmpfiles: only root-owned aquota.* files are special
Fixes #188.
2015-06-17 15:46:32 +02:00
Kay Sievers
3c222be831 Merge pull request #253 from dvdhrm/libudev-man
man: add libudev man-pages (skeletons)
2015-06-17 15:44:02 +02:00
Lennart Poettering
602a41c22a logind: rework display counting when detecting whether the system is docked
Previously, we'd just count connected displays, and if there was 2 or
more we assumed a "docked" state.

With this change we now:

- Only count external displays, ignore internal ones (which we detect by
  checking the connector name against a whitelist of known external plug
  types)

- We ignore connectors which are explicitly disabled

- We then compare the count with >= 1 rather than >= 2 as before

This new logic has the benefit that systems that disconnect the internal
display when the lid is closed are better supported. Also, explicitly
disabled ports do not confuse the algorithm anymore.

This new algorithm has been suggested here:

http://lists.freedesktop.org/archives/intel-gfx/2015-June/068821.html

This also makes two functions static, that are not used outside of their
.c files.
2015-06-17 15:41:25 +02:00
Lennart Poettering
203e81db24 update TODO 2015-06-17 15:40:51 +02:00
David Herrmann
06255d6f76 man: add libudev man-pages (skeletons)
This adds man-pages for most of the libudev symbols we export. Similar
symbols are grouped together in a single man-page, with respective links
added. All man-pages contain the full skeleton including NAME, SYNOPSIS,
RETURN VALUE and SEE ALSO. However, most of them still lack the
DESCRIPTION part. This should be copied from the gtkdoc descriptions in
src/libudev/libudev*.[ch]. Any help is welcome! (the whole skeleton is
already done, so it's really just about the prose-part of the man-pages to
be written).

Missing from the man-pages are the following parts:
  - udev_set_log_fn()
  - udev_[gs]et_log_priority()
  - udev_[gs]et_userdata()
  - udev_list_entry_foreach()
  - udev_device_get_seqnum()
  - udev_device_get_usec_since_initialized()
  - udev_util_encode_string()
These are considered legacy, afaik. If not, please feel free to add them
now!

Furthermore, udev-hwdb and udev-queue are not documented at all (for the
same reasons).
2015-06-17 15:22:49 +02:00
Lennart Poettering
f1398fa59c Merge pull request #176 from filbranden/test_cgroup_mask1
test-cgroup-mask: unit_get_sibling_mask ignores cgroup_supported
2015-06-17 15:19:12 +02:00
Kay Sievers
ed443d9862 Merge pull request #251 from zonque/signal
core: execute: fix regression in pam_setup()
2015-06-17 15:09:32 +02:00
Daniel Mack
d6e5f3ad1f core: execute: fix regression in pam_setup()
Commit 72c0a2c25 ("everywhere: port everything to sigprocmask_many()
and friends") reworked code tree-wide to use the new sigprocmask_many()
helper. In this, it caused a regression in pam_setup, because it
dropped a line to initialize the 'ss' signal mask which is later used
in sigwait().

While at it, move the variable declaration to an inner scope.
2015-06-17 14:43:11 +02:00
Umut Tezduyar Lindskog
b0f5a5105b man: explain max CPU load on cgtop 2015-06-17 13:30:26 +02:00
Lennart Poettering
afc4290e2c Merge pull request #246 from smcv/xpg-not-xdg
Stop talking about the "XDG" version of basename()
2015-06-17 13:08:15 +02:00
Daniel Mack
49b5949748 Merge pull request #245 from poettering/always-sdbus-man-pages
man: always build sd-bus man pages, even if kdbus is disabled
2015-06-17 12:55:18 +02:00
Lennart Poettering
48f69d8fb4 man: always build sd-bus man pages, even if kdbus is disabled
After all, we now moved sd-bus out of the kdbus conditional, hence the
man pages should be too.
2015-06-17 12:32:33 +02:00
Simon McVittie
11c9f1e48a Stop talking about the "XDG" version of basename()
XDG refers to X Desktop Group, a former name for freedesktop.org.
This group is responsible for specifications like basedirs,
.desktop files and icon naming, but as far as I know, it has never
tried to redefine basename().

I think these references were meant to say XPG (X/Open Portability
Guide), a precursor of POSIX. POSIX is better-known and less easily
confused with XDG, and is how the basename(3) man page describes
the libgen.h version of basename().

The other version of basename() is glibc-specific and is described
in basename(3) as "the GNU version"; specifically mention that
version, to disambiguate.
2015-06-17 11:23:46 +01:00
David Herrmann
9d8a5fd3e6 Merge pull request #244 from poettering/sdbus-suppress-local
sd-bus: suppress installing local bus matches server side
2015-06-17 12:20:03 +02:00
Lennart Poettering
cc65fe5e14 sd-bus: suppress installing local bus matches server side
Matches that can only match against messages from the
org.freedesktop.DBus.Local service (or the local interfaces or path)
should never be installed server side, suppress them hence.

Similar, on kdbus matches that can only match driver messages shouldn't
be passed to the kernel.
2015-06-17 11:42:39 +02:00
Daniel Mack
6e2ebc85ad Merge pull request #241 from jsynacek/doc-fix
doc: improve readability in journald.conf.5
2015-06-17 10:56:21 +02:00
Lennart Poettering
59787a5c66 Merge pull request #239 from dvdhrm/event-assert
sd-event: make errors on EPOLL_CTL_DEL pseudo-fatal
2015-06-17 10:37:43 +02:00
Jan Synacek
b6872d3abe doc: improve readability in journald.conf.5 2015-06-17 10:12:09 +02:00
David Herrmann
366e641139 sd-event: make errors on EPOLL_CTL_DEL pseudo-fatal
If we call EPOLL_CTL_DEL, we *REALLY* expect the file-descriptor to be
present in that given epoll-set. We actually track such state via our
s->io.registered flag, so it better be true.

Make sure if that's not true, we treat it similar to assert_return() (ie.,
print a loud warning).
2015-06-17 09:13:48 +02:00
Kay Sievers
a028d19ba5 Merge pull request #240 from kaysievers/wip
build-sys: hide magic section variables from exported symbols
2015-06-17 07:55:26 +02:00
Kay Sievers
2fbb6f8f7f Merge pull request #238 from dvdhrm/udev-epoll
udev: don't close FDs before dropping them from epoll
2015-06-17 07:32:25 +02:00
Kay Sievers
aac7c5ed8b build-sys: hide magic section variables from exported symbols
https://github.com/systemd/systemd/issues/234
2015-06-17 07:29:15 +02:00
David Herrmann
ab7854df73 udev: don't close FDs before dropping them from epoll
Make sure we never close fds before we drop their related event-source.
This will cause horrible disruptions if the fd-num is re-used by someone
else. Under normal conditions, this should not cause any problems as the
close() will drop the fd from the epoll-set automatically. However, this
changes if you have any child processes with a copy of that fd.

This fixes issue #163.

Background:
        If you create an epoll-set via epoll_create() (lets call it 'EFD')
        you can add file-descriptors to it to watch for events. Whenever
        you call EPOLL_CTL_ADD on a file-descriptor you want to watch, the
        kernel looks up the attached "struct file" pointer, that this FD
        refers to. This combination of the FD-number and the "struct file"
        pointer is used as key to link it into the epoll-set (EFD).

        This means, if you duplicate your file-descriptor, you can watch
        this file-descriptor, too (because the duplicate will have a
        different FD-number, hence, the combination of FD-number and
        "struct file" is different as before).

        If you want to stop watching an FD, you use EPOLL_CTL_DEL and pass
        the FD to the kernel. The kernel again looks up your
        file-descriptor in your FD-table to find the linked "struct file".
        This FD-number and "struct file" combination is then dropped from
        the epoll-set (EFD).

        Last, but not least: If you close a file-descriptor that is linked
        to an epoll-set, the kernel does *NOTHING* regarding the
        epoll-set. This is a vital observation! Because this means, your
        epoll_wait() calls will still return the metadata you used to
        watch/subscribe your file-descriptor to events.
        There is one exception to this rule: If the file-descriptor that
        you just close()ed was the last FD that referred to the underlying
        "struct file", then _all_ epoll-set watches/subscriptions are
        destroyed. Hence, if you never dup()ed your FD, then a simple
        close() will also unsubscribe it from any epoll-set.

        With this in mind, lets look at fork():
                Assume you have an epoll-set (EFD) and a bunch of FDs
                subscribed to events on that EFD. If you now call fork(),
                the new process gets a copy of your file-descriptor table.
                This means, the whole table is copied and the "struct
                file" reference of each FD is increased by 1. It is
                important to notice that the FD-numbers in the child are
                exactly the same as in the parent (eg., FD #5 in the child
                refers to the same "struct file" as FD #5 in the parent).

                This means, if the child calls EPOLL_CTL_DEL on an FD, the
                kernel will look up the linked "struct file" and drop the
                FD-number and "struct file" combination from the epoll-set
                (EFD). However, this will effectively drop the
                subscription that was installed by the parent.

                To sum up: even though the child gets a duplicate of the
                EFD and all FDs, the subscriptions in the EFD are *NOT*
                duplicated!

Now, with this in mind, lets look at what udevd does:
        Udevd has a bunch of file-descriptors that it watches in its
        sd-event main-loop. Whenever a uevent is received, the event is
        dispatched on its workers. If no suitable worker is present, a new
        worker is fork()ed to handle the event. Inside of this worker, we
        try to free all resources we inherited. However, the fork() call
        is done from a call-stack that is never rewinded. Therefore, this
        call stack might own references that it drops once it is left.
        Those references we cannot deduce from the fork()'ed process;
        effectively causing us to leak objects in the worker (eg., the
        call to sd_event_dispatch() that dispatched our uevent owns a
        reference to the sd_event object it used; and drops it again once
        the function is left).

        (Another example is udev_monitor_ref() for each 'worker' that is
         also inherited by all children; thus keeping the udev-monitor and
         the uevent-fd alive in all children (which is the real cause for
         bug #163))

        (The extreme variant is sd_event_source_unref(), which explicitly
         keeps event-sources alive, if they're currently dispatched,
         knowing that the dispatcher will free the event once done. But
         if the dispatcher is in the parent, the child will never ever
         free that object, thus leaking it)

        This is usually not an issue. However, if such an object has a
        file-descriptor embedded, this FD is left open and never closed in
        the child.

In manager_exit(), if we now destroy an object (i.e., close its embedded
file-descriptor) before we destroy its related sd_event_source, then
sd-event will not be able to drop the FD from the epoll-set (EFD). This
is, because the FD is no longer valid at the time we call EPOLL_CTL_DEL.
Hence, the kernel cannot figure out the linked "struct file" and thus
cannot remove the FD-number plus "struct file" combination; effectively
leaving the subscription in the epoll-set.
Since we leak the uevent-fd in the children, they retain a copy of the FD
pointing to the same "struct file". Thus, the EFD-subscription are not
automatically removed by close() (as described above). Therefore, the main
daemon will still get its metadata back on epoll_watch() whenever an event
occurs (even though it already freed the metadata). This then causes the
free-after-use bug described in #163.

This patch fixes the order in which we destruct objects and related
sd-event-sources. Some open questions remain:

 * Why does source_io_unregister() not warn on EPOLL_CTL_DEL failures?
   This really needs to be turned into an assert_return().

 * udevd really should not leak file-descriptors into its children. Fixing
   this would *not* have prevented this bug, though (since the child-setup
   is still async).
   It's non-trivial to fix this, though. The stack-context of the caller
   cannot be rewinded, so we cannot figure out temporary refs. Maybe it's
   time to exec() the udev-workers?

 * Why does the kernel not copy FD-subscriptions across fork()?
   Or at least drop subscriptions if you close() your FD (it uses the
   FD-number as key, so it better subscribe to it)?
   Or it better used
         FD+"struct file_table*"+"struct file*"
   as key to not allow the childen to share the subscription table..
   *sigh*
   Seems like we have to live with that API forever.
2015-06-17 00:31:57 +02:00
Lennart Poettering
3eb3228e58 Merge pull request #231 from tixxdz/nspawn-userns-fixes-2
nspawn: check if kernel supports userns as early as possible
2015-06-16 19:50:59 +02:00
Djalal Harouni
b774fb7f00 nspawn: check if kernel supports userns as early as possible
If the kernel do not support user namespace then one of the children
created by nspawn parent will fail at clone(CLONE_NEWUSER) with the
generic error EINVAL and without logging the error. At the same time
the parent may also try to setup the user namespace and will fail with
another error.

To improve this, check if the kernel supports user namespace as early
as possible.
2015-06-16 17:30:45 +01:00
Lennart Poettering
c986cc7000 Merge pull request #228 from teg/tmpfiles-btrfs-notdir
tmpfiles: silently ignore failed removal of btrfs submount from non-dir
2015-06-16 18:00:28 +02:00
Tom Gundersen
636aabc272 tmpfiles: silently ignore failed removal of btrfs submount from non-dir
This fixes:
Jun 16 16:00:20 tomegun-x2402 systemd-tmpfiles[233]: rm_rf(/var/lib/machines/.#fedora.lck): Not a directory
Jun 16 16:00:20 tomegun-x2402 systemd-tmpfiles[233]: rm_rf(/var/lib/machines/.#Fedora-Cloud-Base-20141203-21.x86_64.raw.lck): Not a directory
2015-06-16 16:23:13 +02:00
Michal Schmidt
9ef41ffeec Merge pull request #197 from dvdhrm/hashmap
hashmap: fix iterators to not skip entries
2015-06-16 14:44:43 +02:00
David Herrmann
aab723074c Merge pull request #223 from ronnychevalier/rc/warning_va_start
signal-util: fix incorrect argument of va_start
2015-06-16 13:04:41 +02:00
Daniel Mack
265d3f718b Merge pull request #222 from utezduyar/mem-leak-on-bus-error
sd-bus: use proper cleanup macro
2015-06-16 12:02:56 +02:00
Ronny Chevalier
c59d3e8d37 signal-util: fix incorrect argument of va_start
The last argument of the function before the vargs is "old" not "how".

warning: second parameter of ‘va_start’ not last named argument
2015-06-16 11:41:59 +02:00
Umut Tezduyar Lindskog
dcf6952028 sd-bus: use proper cleanup macro 2015-06-16 11:20:10 +02:00
Daniel Mack
5630aab1a8 Merge pull request #218 from poettering/dual-timestamp-null
everywhere: actually make use of DUAL_TIMESTAMP_NULL macro
2015-06-16 11:03:27 +02:00
Daniel Mack
1a770c60ee Merge pull request #219 from poettering/logind-docked
logind: expose "Docked" bool as property on the bus
2015-06-16 11:02:40 +02:00
Lennart Poettering
4fba57963b logind: cast close() call to (void) 2015-06-16 01:55:20 +02:00
Lennart Poettering
148560792a logind: expose "Docked" bool as property on the bus
We know the state anyway, let's expose it in the bus. It's useful for
debugging at least, but it might be useful for DEs too.
2015-06-16 01:11:10 +02:00
Lennart Poettering
5cb14b3742 everywhere: actually make use of DUAL_TIMESTAMP_NULL macro
Let's use it as initializer where appropriate.
2015-06-16 01:08:12 +02:00
Lennart Poettering
5febf10c1c update TODO 2015-06-16 01:02:52 +02:00
Lennart Poettering
86b85cf440 Merge pull request #214 from poettering/signal-rework-2
everywhere: port everything to sigprocmask_many() and friends
2015-06-15 20:35:18 +02:00
Lennart Poettering
78ed65ac8d Merge pull request #212 from poettering/gc-machine-snapshots
automatically remove old machine shapshots at boot
2015-06-15 20:33:35 +02:00
Lennart Poettering
72c0a2c255 everywhere: port everything to sigprocmask_many() and friends
This ports a lot of manual code over to sigprocmask_many() and friends.

Also, we now consistly check for sigprocmask() failures with
assert_se(), since the call cannot realistically fail unless there's a
programming error.

Also encloses a few sd_event_add_signal() calls with (void) when we
ignore the return values for it knowingly.
2015-06-15 20:13:23 +02:00
Kay Sievers
dd5da693ab Merge pull request #209 from crrodriguez/master
buildsys: missing SECCOMP_CFLAGS in various places
2015-06-15 19:56:23 +02:00
Lennart Poettering
770b5ce4fc tmpfiles: automatically remove old machine snapshots at boot
Remove old temporary snapshots, but only at boot. Ideally we'd have
"self-destroying" btrfs snapshots that go away if the last last
reference to it does. To mimic a scheme like this at least remove the
old snapshots on fresh boots, where we know they cannot be referenced
anymore. Note that we actually remove all temporary files in
/var/lib/machines/ at boot, which should be safe since the directory has
defined semantics. In the root directory (where systemd-nspawn
--ephemeral places snapshots) we are more strict, to avoid removing
unrelated temporary files.

This also splits out nspawn/container related tmpfiles bits into a new
tmpfiles snippet to systemd-nspawn.conf
2015-06-15 19:28:55 +02:00