IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Having unit(s) removed/not started, even if it solved the issue and allowed
to boot successfully, should still be considered an error, as something
clearly isn't right.
This patch elevates the log message from warning to error, and adds a status
message to make things more obvious.
The point is to allow the use of journald functions by other binaries.
Before, journald code was split into multiple files (journald-*.[ch]),
but all those files all required functions from journald.c. And
journald.c has its own main(). Now, it is possible to link against
those functions, e.g. from test binaries.
This constitutes a fix for https://bugzilla.redhat.com/show_bug.cgi?id=872638.
The patch does the following:
1. rename journald.h to journald-server.h and move corresponding code
to journald-server.c.
2. add journald-server.c and other journald-*.c parts to
libsystemd-journal-internal.
3. remove journald-syslog.c from test_journal_syslog_SOURCES, since
it is now contained in libsystemd-journal-internal.
There are no code changes, apart from the removal of a few static's,
to allow function calls between files.
Supports Python versions 2.6 through 3.3 (tested on 2.7 and 3.2).
See JournalHandler docstring for usage details.
[zj: - use send() instead of using sendv() directly
- do exception handling like in the logging module
- bumped min version to python2.6, since the module
does not work with python2.5 anyway ]
Makes the output way nicer with shorter code. Also brings
systemd-analyze behaviour more in line with other systemd-programs.
Argparse is in Python since 2.6, and is available as a package for
previous versions, if someone is stuck with very old Python.
If a 'change' event is supposed to remove created symlinks, we create
a new device structure from the sysfs device and fill it with the list
of links, to compute the delta of the old and new list of links to apply.
If the device is already 'remove'd by the kernel though, udev fails to
create the device structure, so the links are not removed properly.
> From: Neil Brown <nfbrown@suse.com>
> Date: Thu, 8 Nov 2012 10:39:06 +0100
> Subject: [PATCH] If a 'change' event does not get handled by udev until
> after the device has subsequently disappeared, udev mis-handles
> it. This can happen with 'md' devices which emit a change
> event and then a remove event when they are stopped. It is
> normally only noticed if udev is very busy (lots of arrays
> being stopped at once) or the machine is otherwise loaded
> and reponding slowly.
>
> There are two problems.
>
> 1/ udev_device_new_from_syspath() will refuse to create the device
> structure if the device does not exist in /sys, and particularly if
> the uevent file does not exist.
> If a 'db' file does exist, that is sufficient evidence that the device
> is genuine and should be created. Equally if we have just received an
> event from the kernel about the device, it must be real.
>
> This patch just disabled the test for the 'uevent' file, it doesn't
> try imposing any other tests - it isn't clear that they are really
> needed.
>
> 2/ udev_event_execute_rules() calls udev_device_read_db() on a 'device'
> structure that is largely uninitialised and in particular does not
> have the 'subsystem' set. udev_device_read_db() needs the subsystem
> so it tries to read the 'subsystem' symlink out of sysfs. If the
> device is already deleted, this naturally fails.
> udev_event_execute_rules() knows the subsystem (as it was in the
> event message) so this patch simply sets the subsystem for the device
> structure to be loaded to match the subsystem of the device structure
> that is handling the event.
>
> With these two changes, deleted handling of change events will still
> correctly remove any symlinks that are not needed any more.
Use udev_device_new() instead of allowing udev_device_new_from_syspath()
to proceed without a sysfs device.
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.
FDO bug #56593.
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it
makes sense to also allow specific user/group ownership of the socket
file for restricting access.
The mount() system call, which we issue before loading modules, will trigger
a modprobe by the kernel and block until it returns. Trying to load it again
later, will have exactly the same result as the first time.
This was premarily intended to support the LSB facility $httpd which is
only known by Fedora, and a bad idea since it lacks any real-life
usecase.
Similar, drop support for some other old Fedora-specific facilities.
Also, document the rules for introduction of new facilities, to clarify
the situation for the future.
The behaviour of the common name##_from_string conversion is surprising.
It accepts not only the strings from name##_table but also any number
that falls within the range of the table. The order of items in most of
our tables is an internal affair. It should not be visible to the user.
I know of a case where the surprising numeric conversion leads to a crash.
We will allow the direct numeric conversion only for the tables where the
mapping of strings to numeric values has an external meaning. This holds
for the following lookup tables:
- netlink_family, ioprio_class, ip_tos, sched_policy - their numeric
values are stable as they are defined by the Linux kernel interface.
- log_level, log_facility_unshifted - the well-known syslog interface.
We allow the user to use numeric values whose string names systemd does
not know. For instance, the user may want to test a new kernel featuring
a scheduling policy that did not exist when his systemd version was
released. A slightly unpleasant effect of this is that the
name##_to_string conversion cannot return pointers to constant strings
anymore. The strings have to be allocated on demand and freed by the
caller.
strtol() and friends may set EINVAL if no conversion was performed, but
they are not required to do so. In practice they don't. We need to check
for it.
https://bugzilla.redhat.com/show_bug.cgi?id=870577
This adds SMACK label configuration options to socket units.
SMACK labels should be applied to most objects on disk well before
execution time, but two items remain that are generated dynamically
at run time that require SMACK labels to be set in order to enforce
MAC on all objects.
Files on disk can be labelled using package management.
For device nodes, simple udev rules are sufficient to add SMACK labels
at boot/insertion time.
Sockets can be created at run time and systemd does just that for
several services. In order to protect FIFO's and UNIX domain sockets,
we must instruct systemd to apply SMACK labels at runtime.
This patch adds the following options:
Smack - applicable to FIFO's.
SmackIpIn/SmackIpOut - applicable to sockets.
No external dependencies are required to support SMACK, as setting
the labels is done using fsetxattr(). The labels can be set on a
kernel that does not have SMACK enabled either, so there is no need
to #ifdef any of this code out.
For more information about SMACK, please see Documentation/Smack.txt
in the kernel source code.
v3 of this patch changes the config options to be CamelCased.
Add efivarfs to the mount_table in mount-setup.c, so the EFI variable
filesystem will be mounted when systemd executed.
The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel.
Cc: Kay Sievers <kay@vrfy.org>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Mantas Mikulėnas <grawity@gmail.com>
Cc: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Cc: Matt Fleming <matt.fleming@intel.com>
Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
Cc: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
commit 49371bb fixed the observed division by zero, but missed another
occurrence of the same bug. It was also not the optimal fix. We can
simply make the divisor a constant by swapping it with the compared
value.
In early userspace, if kernel initialization happens extremely quickly,
a call to systemd-timestamp can potentially result in division by zero.
Ensure that the check in timespec_load, which only makes sense if tv_sec
is greater than zero, is guarded by this condition.
Starting a swap unit pointing to (What) a symlink (e.g. /dev/mapper/swap
or /dev/disk/by-uuid/...) would have said unit marked active, following
the one using the "actual" device (/dev/{dm-1,sda3}), but that new unit
would be seen as inactive.
Since all requests to stop swap units would follow/redirect to it,
and it is seen inactive, nothing would be done (swapoff never called).
This is because this unit would be treated twice in
swap_process_new_swap, the second call to swap_add_one causing it to
eventually be marked inactive.
l might contain zero strings, however there is still memory
allocated for NULL terminator, use _cleanup_strv_free_ instead to
prevent tiny leak in such case.
Network file systems generally do not offer inotify() that would work
across the network. We hence cannot rely on inotify() exclusiely in
those case. Provide an API to determine these cases, and suggest doing
manual regular rechecks.
Note that this is not complete yet, as we need to rescan journal dirs on
network file systems explicitly to find new/removed files
When traversing entry array chains for a bisection or for retrieving an
item by index we previously always started at the beginning of the
chain. Since we tend to look at the same chains repeatedly, let's cache
where we have been the last time, and maybe we can skip ahead with this
the next time.
This turns most bisections and index lookups from O(log(n)*log(n)) into
O(log(n)). More importantly however, we seek around on disk much less,
which is good to reduce buffer cache and seek times on rotational disks.
I hit an "assert(j->installed)" failure in transaction_apply(). Looking
into the backtrace I saw what happened:
1. The system was booting. var.mount/start was an installed job.
2. I pressed Ctrl+Alt+Del.
3. reboot.target was going to be isolated.
4. transaction_apply() proceeded to install a var.mount/stop job.
5. job_install() canceled the conflicting start job.
6. Depending jobs ended recursively with JOB_DEPENDENCY, among them was
local-fs.target/start.
7. Its OnFailure action triggered - emergency.target was now going to be
isolated.
8. We recursed back into transaction_apply() where the half-installed
var.mount/stop job confused us.
Recursing from job installation back into the transaction code cannot be
a good idea. Avoid the problem by canceling the conflicting job
non-recursively in job_install(). I don't think we'll miss anything by
not recursing here. After all, we are called from transaction_apply().
We will not be installing just this one job, but all jobs from a
transaction. All requirement dependencies will be included in it and
will be installed separately. Every transaction job will get a chance
to cancel its own conflicting installed job.
Mostly useful for testing purposes. Setting Age to 1s works just as
well, but it is surprising that using 0s (or just 0) does not work.
Also clarify this in the documentation.
If you enter unit_add_exec_dependencies with m->where = NULL, you'll
very likely end up aborting somewhere under socket_needs_mount.
(When systemd goes to check to see if the journald socket requires your
mount, it'll do path_startswith(path, m->where)... *kaboom*)
This patch should ensure that:
a) both branches in mount_add_one() set m->where, and
b) mount_add_extras() calls unit_add_exec_dependencies() *after*
setting m->where.
If 'systemctl enable' (and friends) is run inside chroot it always
exits with a bad return code. unit_file_enable() returns the number of
symlink rules that were supposed to be created. So resetting r to 0 and
exiting gracefully should be the correct way.
'systemd-coredumpctl' will list available coredumps:
PID UID GID sig exe
32452 500 500 11 /home/zbyszek/systemd/build/journalctl
32666 500 500 11 /usr/lib64/valgrind/memcheck-amd64-linux
...
'systemd-coredumpctl dump PID' will write the coredump
to specified file or stdout.
Some keymaps apply to a large range of computer models, not all of which have
all of the scan codes in the maps. If a single scan code is invalid, do not
abort but continue with the next entry in the map. Instead just show the error
message for that particular scan code, to help with debugging.
Commit b1f87c76b1 changed sscanf from %i to %u, as scan codes are unsigned
numbers which can be > 0x7FFFFFFF. However, sscanf doesn't accept hexadecimal
numbers for %u. It works fine with %i, so revert this back.
Given that "journalctl -u" exists now there's no need to duplicate this
functionality in systemctl, so let's drop this, especially given that it
always felt a bit awkward to overload "-f" to both --force and --follow,
and to have continues output with a status header for this.
systemctl status -f avahi-daemon
now becomes:
journalctl -fu avahi-daemon
Which is shorter and a lot less redundant.
The new 'unique' API allows listing all unique field values that a field
specified by a field name can take in all entries of the journal. This
allows answering queries such as "What units logged to the journal?",
"What hosts have logged into the journal?", "Which boot IDs have logged
into the journal?".
Ultimately this allows implementation of tools similar to lastlog based
on journal data.
Note that listing these field values will not work for journal files
created with older journald, as the field values are not indexed in
older files.
Much like logind has a client in loginctl, and journald in journalctl
introduce timedatectl, to change the system time (incl. RTC), timezones
and related settings.
If a device unit has aliases defined in udev rules, and there are
other units that depend on that alias, as in
BindTo=sys-subsystem-net-devices-eth0.device
then systemd will fail the start the alias, and any dependent units
will time out. See
https://bugs.freedesktop.org/show_bug.cgi?id=52580
This is because unit_add_name() in device_add_escaped_name() will
return EEXIST.
The solution taken here is to call device_update_unit() on the alias
name. Thus if a unit with the alias name already exists, we reuse it;
otherwise a new unit is created. Creating multiple units for a single
device is perhaps suboptimal, but it's consistent with the treatment
of udev symlinks in device_process_new_device().
Under some circumstances this could lead to a segfault since we we
half-initialized a mount unit, then tried to hook it into the network of
things and while doing that recursively ended up looking at our
half-initialized mount unit again assuming it was fully initialized.
This commit checks for a usage line which contains [{|]reload[|}"] (to
not errnously match force-reload).
Heuristics like this suck, but it solves a real problem and there
appears to be no better way...
The fstab generator adds Before=swap.target by default, and when creating
a custom .swap unit, you can also add Before=swap.target to the unit.
However, it is impossible to not have this ordering dependency right now.
Virtually all existing setups likely use the fstab generator, so this
change is unlikely to break anything.
Use cases:
* iptables.service – atomically reload rules without having to flush
them beforehand (which may leave the system insecure if reload fails)
* rpc-nfsd.service – reexport filesystems after /etc/exports update
without completely stopping and restarting nfsd
(In both cases, the actual service is provided by a kernel module and
does not have any associated user-space processes, thus Type=oneshot.)
Valgrind says:
==29176== Conditional jump or move depends on uninitialised value(s)
==29176== at 0x412A85: cunescape_length_with_prefix (util.c:1565)
==29176== by 0x40B351: dev_kmsg_record (journald-kmsg.c:301)
==29176== by 0x40B653: server_read_dev_kmsg (journald-kmsg.c:347)
==29176== by 0x40B701: server_flush_dev_kmsg (journald-kmsg.c:365)
==29176== by 0x409DE7: main (journald.c:1535)
The MESSAGE_ID=... stanza will appear in countless number of places.
It is just too long to write it out in full each time.
Incidentally, this also fixes a typo of MESSSAGE is three places.
The removal of the TIMEOUT= handling in udevd put firmware requests into the
devpath parent/child dependency tracking. Drivers which block in module_init()
asking userspace for firmware ran into a 30 sec device timeout.
The whole firmware loading willl hopefully move into the kernel and
the fragile-since-day-one fake async driver-core device dance involving
udev can be retired:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=abb139e75c2cdbb955e840d6331cb5863e409d0e
If the final key in any sysctl.d file is a duplicate, systemd-sysctl
will exit with an error (and no explaination why). Ignore this, as
duplicate keys are to be expected when overriding settings in the
directory hierarchy.
This allows unprivileged clients to check for the used virtualization
even when lacking the privileges that some of the virtualization tests
require.
https://bugzilla.gnome.org/show_bug.cgi?id=684801
No longer override the default kernel keymap if nothing is specified in
vconsole.conf.
The default should be to do nothing (i.e., use what is already in the
kernel) unless the distro/admin has explicitly requested it.
No longer override the default kernel font if nothing is specified in
vconsole.conf.
The default kernel font[0] provides ISO-8859-1 and box characters. Users
of Arabic, Cyrilic or Hebrew must set a different font manually as these
character sets were provided by the old default font [1], but are not
any longer.
Rationale:
* it is counter-intuitive that an empty vconsole.conf file is different
from adding FONT="";
* the version of the default font shipped with Arch (which is the
upstream one) behaves very badly during early boot[2] (which should
admittedly be fixed in the font itself);
* the kernel already supplies a default font, it seems reasonable to
use that unless anything else is specified;
* This also avoids a needless slow call to setfont; and
* We don't want to work around problems in the kernel (in case the
compiled-in font is not acceptable for whatever reason).
[0]: <https://dev.archlinux.org/~tomegun/kernel.bdf>
[1]: <https://dev.archlinux.org/~tomegun/latarcyrheb.bdf>
[2]: <http://i.imgur.com/J2tM4.jpg>
As audit is pretty much just a special kind of logging we should treat
it similar, and manage the audit fd in a static variable.
This simplifies the audit fd sharing with the SELinux access checking
code quite a bit.
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
