1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Commit Graph

3013 Commits

Author SHA1 Message Date
Michal Schmidt
8f7f7a1bd3 log: never block on syslog in PID 1
Use a non-blocking syslog socket if logging from PID 1.
If sendmsg fails with EAGAIN, fall back to kmsg or console only for the
current message. Next message will try syslog again.
2011-12-20 00:23:51 +01:00
Michal Schmidt
9721b19968 dbus: no sync D-Bus connection flushing
Blocking on D-Bus in a system manager could lead to deadlock.
2011-12-20 00:23:51 +01:00
Michal Schmidt
cbd37330bc dbus: register to DBus asynchronously
Chen Jie observed and analyzed a deadlock. Assuming systemd-kmsg-syslogd
is already stopped, but rsyslogd is not started yet:
 1. systemd makes a synchronous call to dbus-daemon.
 2. dbus-daemon wants to write something to syslog.
 3. syslog needs to be started by systemd.
   ... but cannot be, because systemd is waiting in 1.

Solve this by avoiding synchronous D-Bus calls. I had to write an async
bus registration call. Interestingly, D-Bus authors anticipated this, in
documentation to dbus_bus_set_unique_name():
> The only reason to use this function is to re-implement the equivalent
> of dbus_bus_register() yourself. One (probably unusual) reason to do
> that might be to do the bus registration call asynchronously instead
> of synchronously.

Lennart's comments from IRC:
> though I think this doesn't fix the problem in its entirety
> simply because dbus_connection_open_private() itself is still synchronous
> i.e. the connect() call behind it is not async
> I think I listed that issue actually on some D-Bus todo list
> i.e. to make dbus_connection_get() fully async
> but that's going to be hard
> so your patch looks good

So it may not be perfect, but it's clearly an improvement.
I did not manage to reproduce the original deadlock with the patch.
2011-12-20 00:17:14 +01:00
Dan Walsh
81c3f1f6ab label: fix labeling of symbolic links 2011-12-19 23:58:58 +01:00
Michal Schmidt
0b1f4ae635 execute: fix losing of start timestamps
Start timestamps were always cleared before saving exit timestamps.
Fix it by removing a condition that makes no sense any way I look at it.
2011-12-17 01:33:40 +01:00
Michal Schmidt
4f025f4c4f man: fix misplaced remark in description of Sockets= 2011-12-17 00:40:21 +01:00
Michal Schmidt
777b87e702 tmpfiles: add 'z', like 'Z' but not recursive 2011-12-16 18:27:35 +01:00
Michal Schmidt
062e01bbdb tmpfiles: apply chown, chmod for 'Z' entries too
If changing ownership or permissions is not desired, they can be
configured to '-' or omitted entirely.
2011-12-16 18:04:54 +01:00
Michal Schmidt
18d01523c8 service: use 'syslog+console' for sysv_console
The default output to 'tty' for SysV service was making it hard to debug
problems because error messages were missing from syslog.
2011-12-16 17:40:41 +01:00
Michal Schmidt
a37b560a63 man: mention that 'Z' ignores uid/gid/mode 2011-12-16 00:38:22 +01:00
Michal Schmidt
462d63db06 man: document 'Z' in tmpfiles 2011-12-16 00:31:21 +01:00
Michal Schmidt
a8d8878329 tmpfiles: add RECURSIVE_RELABEL_PATH ('Z')
Feature requested by Dan Walsh.
2011-12-16 00:31:21 +01:00
Michal Schmidt
99e68c0b2d tmpfiles: separate a generic item glob processing function
Item glob processing will be useful for more than just removing.
2011-12-15 23:58:55 +01:00
Michal Schmidt
f05bc3f7f1 tmpfiles: use a common function to set owner/group/mode/label 2011-12-15 23:56:58 +01:00
Michal Schmidt
a08961233b tmpfiles: rename a couple of functions
remove_item -> remove_item_instance
remove_item_glob -> remove_item
2011-12-15 23:09:08 +01:00
Michal Schmidt
66ccd0387e tmpfiles: use an enum instead of plain char for item type
For better safety. gcc can warn about missing values in switch statements.
2011-12-15 23:09:08 +01:00
Michal Schmidt
c971700e41 systemctl: fix typo in 'is-enabled'
It prevented the action from working without dbus.
2011-12-15 21:03:02 +01:00
Gregs Gregs
b911442003 fsck: Fix typo in comment 2011-12-15 18:48:15 +01:00
Lennart Poettering
c77b7f7f82 update TODO 2011-12-14 17:12:26 +01:00
Michal Schmidt
ce9593140b pam-module: add a couple of debugging prints 2011-12-14 01:25:47 +01:00
Michal Schmidt
cd0504d0a1 unit: check for unneeded dependencies even when unit stop was expected
systemd did not stop units marked as "StopWhenUnneeded=yes" when the requiring
unit was stopped on user's request.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=704197
2011-12-09 15:25:29 +01:00
Michal Schmidt
f60c2665f9 unit: fix false positive in check for unneeded unit
A freshly started unit A was immediately considered unneeded just because
unit B, which Requires A, was starting later in the transaction.
Fix it by looking not only at the state of B, but also at its pending job.

Also fix a copied&pasted comment.
2011-12-09 15:24:04 +01:00
Michal Schmidt
714d943f72 path: add missing pieces for PathModified
PATH_MODIFIED worked internally for PID files detection, but was unusable
in units.
2011-12-08 18:45:38 +01:00
Tim Waugh
7e115808a9 '@' is an 'ampersat' not an 'ampersand'; let's call it 'at symbol' 2011-12-08 17:32:09 +01:00
Michal Schmidt
f7b9e331ed systemctl: print 'error' load state in red
Be consistent in coloring of load states in list-units and status.
Print only 'error' in red.
There are no 'banned' or 'failed' states. Do not color 'masked', it's
not an error.
2011-12-06 01:30:16 +01:00
Michal Schmidt
9a46fc3b90 unit: garbage collect units with load error
Units that failed to load were never cleaned up. It was possible to
reach the 128K limit of units by attempting to load a bunch of nonsense.

Bug observed by Reartes Guillermo in
https://bugzilla.redhat.com/show_bug.cgi?id=680122
2011-12-06 00:52:37 +01:00
Bill Nottingham
d380a3bcd1 Allow 'list-unit-files' to run with --root.
To do so, move the check for the bus to the bus-using portion of
list_unit_files(), and ensure that get_config_path doesn't abort when
checking the runtime path with --root.
2011-12-05 22:04:42 +01:00
Michal Schmidt
2096e009a7 service: stop the service if ExecStartPost ends with a failure
The handling of failures in ExecStartPost is inconsistent. If the
command times out, the service is stopped. But if the command exits
with a failure, the service keeps running.

It makes more sense to stop the service when ExecStartPost fails.
If this behaviour is not desired, the ExecStartPost command can be
prefixed with "-".
2011-12-03 23:10:12 +01:00
Michal Schmidt
3a11183858 service: handle services with racy daemonization gracefully
There are a lot of forking daemons that do not exactly follow the
initialization steps as described in daemon(7). It is common that they
do not bother waiting in the parent process for the child to write the
PID file before exiting. The daemons' developers often do not perceive
this as a bug and they're unwilling to change.

Currently systemd warns about the missing PID file and falls back to
guessing the main PID. Being not quite deterministic, the guess can be
wrong with bad consequences. If the guessing is disabled, determinism is
achieved at the cost of losing the ability of noticing when the main
process of the service dies.

As long as it does not negatively affect properly written services,
systemd should strive for compatibility even with services with racy
daemonization. It is possible to provide determinism _and_ main process
supervision to them.

If the PID file is not there, rather than guessing and considering the
service running immediately after getting the SIGCHLD from the ExecStart
(or ExecStartPost) process, we can keep the service in the activating
state for a bit longer. We can use inotify to wait for the PID file to
appear. Only when it finally does appear and we read a valid PID from
it, we'll move the service to the running state. If the PID file never
appears, the usual timeout kicks in and the service fails.
2011-12-03 21:50:27 +01:00
Michal Schmidt
e92238567b path: add PathModified (= PathChanged + IN_MODIFY) 2011-12-03 13:58:21 +01:00
Michal Schmidt
4b562198c7 path: refactor PathSpec usage
path_*() functions operate on "Path *p" and they do not touch PathSpec
internals directly.

pathspec_*() functions operate on "PathSpec *s". The PathSpec class will
be useful outside of path.c.
2011-12-03 13:43:58 +01:00
Michal Schmidt
768147d13d path: use %m instead of strerror(errno)
and strerror(-errno) was just wrong.
2011-12-03 02:08:52 +01:00
Michal Schmidt
35d50f55f3 util: fix error checking after fgets()
fgets() does not set errno on EOF.
2011-12-03 02:08:52 +01:00
Michal Schmidt
91b684c730 rc-local: order after network.target
As suggested by Bill Nottingham: rc.local is often used for frobbing the
network.

https://bugzilla.redhat.com/show_bug.cgi?id=754789
2011-12-02 11:32:52 +01:00
Michal Schmidt
e951701a4d rc-local: no need to check if the script is executable
rc-local.service is pulled in by a generator only if the script is
executable. No need to check again.
2011-12-02 11:32:04 +01:00
Michal Schmidt
1567308317 add a generator to pull rc-local.service in
rc-local.service acts as an ordering barrier even if its condition is
false, because conditions are evaluated when the service is about to be
started.

To avoid the ordering barrier in a legacy-free system, add a generator
to pull rc-local.service into the transaction only if the script is
executable.

If/when we rewrite SysV compatibility into a generator, this one can become
a part of it.
2011-12-02 11:29:48 +01:00
Michal Schmidt
42e87475cf man: document the PassCred option 2011-11-30 11:06:35 +01:00
Michal Schmidt
1a2801529e syslog: use PassCred=yes for the /dev/log socket
Both kmsg-syslogd and the real syslog service want to receive
SCM_CREDENTIALS. With socket activation it is too late to set
SO_PASSCRED in the services.
2011-11-30 11:00:28 +01:00
Michal Schmidt
75d3fc60f8 shutdownd: use PassCred=yes in the socket unit
Since Linux 3.2 in order to receive SCM_CREDENTIALS it is not sufficient
to set SO_PASSCRED just before recvmsg(). The option has to be already
set when the sender sends the message.

With socket activation it is too late to set the option in the service.
It must be set on the socket right from the start.

See the kernel commit:
16e57262 af_unix: dont send SCM_CREDENTIALS by default

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=757628
2011-11-30 10:12:59 +01:00
Michal Schmidt
d68af58657 socket: add option for SO_PASSCRED
Add an option to enable SO_PASSCRED for unix sockets.
2011-11-30 09:52:34 +01:00
Michal Schmidt
f6cebb3bd5 let mount and swap units log to the configured defaults
Related-to: https://bugzilla.redhat.com/show_bug.cgi?id=750032
2011-11-19 03:16:55 +01:00
Michal Schmidt
1a4459d633 pam-module: treat "cron" in PAM_TTY as empty tty
cron sets PAM_TTY to "cron" and it has been doing it for a long time.
It cannot be changed because user configurations may depend on it.

https://bugzilla.redhat.com/show_bug.cgi?id=727315
2011-11-19 01:17:53 +01:00
Michal Schmidt
1dc9953709 pam-module: use the correct session type "unspecified"
logind does not understand "other".
2011-11-19 01:14:11 +01:00
Michal Schmidt
4c2630ebf2 execute: log errors from "sd(EXEC)"
To give the administrator more hints about failures occuring in spawning
of commands than just the exit code, log the strerror.
All fds are closed, so reopen the log.

Related-to: https://bugzilla.redhat.com/show_bug.cgi?id=752901
2011-11-17 01:36:11 +01:00
Michal Schmidt
9ba353983a execute: make setup_pam() return -errno when possible
The only caller currently checks if the result is non-zero,
so nothing changes there.
2011-11-17 00:16:22 +01:00
Michal Schmidt
4d8a7798e7 execute: avoid logging to closed fds
Several functions called from the "sd(EXEC)" process try to log messages
when all the file descriptors are already closed, including the logging
ones. The logging functions do not expect their fds to be closed and
they hit an assertion failure. The failure wants to be logged too,
so there is an infinite recursion, ended by a SIGSEGV.

When we close all fds, we must let log.c know about it.
2011-11-16 23:52:10 +01:00
Thomas Jarosch
085c98af4e Fix same expression on both sides of '&&'
The code should probably look like the statements above it.
Please verify, I just detected it using cppcheck.

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
2011-11-14 18:08:27 +01:00
Michal Schmidt
9f84624270 man: fix typo in sd_notify
Noticed by guzu.
2011-11-11 10:48:17 +01:00
Michal Schmidt
5831e9b726 job: colored status messages on boot
The lack or green/red status marks on boot has been described by some
users as "critical", "dramatic", "dealbreaker", "showstopper". Seriously.
2011-11-11 00:27:02 +01:00
Michal Schmidt
c5419d4239 service: don't warn if the pidfile still exists after SIGCHLD
A service that drops its privileges may not be able to remove it when it
exits. The stale pidfile is not a problem as long as the service
carefully recognizes it on its next start.

systemd would produce a warning after the service exits:
  PID ... read from file ... does not exist. Your service or init
  script might be broken.

Silence the warning in this case. Still warn if this error is detected
when loading the pidfile after service start.

Noticed by Miroslav Lichvar in
 https://bugzilla.redhat.com/show_bug.cgi?id=752396
2011-11-10 10:18:08 +01:00