IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Suppose that while iterating we have already looked into a journal file
and got a candidate for the next entry. And we are considering to look
into another journal file because it may contain an entry that is nearer
to the current location than the candidate.
We should skip the whole journal file if we can tell by looking at its
header that none of its entries can precede the candidate.
Before:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 0m20.518s
user 0m19.989s
sys 0m0.328s
After:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 0m9.445s
user 0m9.228s
sys 0m0.213s
Interleaving of entries from many journal files is expensive. But there
is room for optimization.
We can skip looking into journal files whose entries all lie before the
current iterating location. We can tell if that's the case from looking
at the journal file header. This saves a huge amount of work if one has
many of mostly not interleaved journal files.
On my workstation with 90 journal files in /var/log/journal/ID/
totalling 3.4 GB I get these results:
Before:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 5m54.258s
user 2m4.263s
sys 3m48.965s
After:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 0m20.518s
user 0m19.989s
sys 0m0.328s
The high "sys" time in the original was caused by putting more stress on
the mmap-cache than it could handle. With the patch the working set
now consists of fewer mmap windows and mmap-cache is not thrashing.
If a unit is set property by "systemctl set-property", a new dropin
file is generated. But the unit's dropin_paths and dropin_mtime are
not updated. So the unit is shown as need daemon reload.
Update unit dropin_paths and dropin_mtime also when dropin file is
written.
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.
It is done before and independent of dropping privileges.
The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.
The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.
In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.
In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
Support timer options --on-active=, --on-boot=, --on-startup=,
--on-unit-active=, --on-unit-inactive=, --on-calendar=. Each options
corresponding with OnActiveSec=, OnBootSec=, OnStartupSec=,
OnUnitActiveSec=, OnUnitInactiveSec=, OnCalendar= of timer
respectively. And OnCalendar= and WakeSystem= supported by
--timer-property= option like --property= of systemd-run.
And if --unit= option and timer options are specified the command can
be omitted. In this case, systemd-run assumes the target service is
already loaded. And just try to generate transient timer unit only.
kdbus-git gained two new features:
* memfd offsets: This allows to specify a 'start' offset in kdbus_memfd
so you can send partial memfd hunks instead of always
the full memfd
* KDBUS_HELLO_UNPRIVILEGED: If passed during HELLO, the client will be
treated as unprivileged.
In the case where no entries have been added to the journal after the specified
cursor, set need_seek before the main loop to prevent display of the entry at
said cursor.
If a cgroup fails to be destroyed (most likely because there are still
processes running as part of a service after the main pid exits), don't
free and remove the cgroup unit from the manager. This fixes a
regression introduced by the cgroup rework in v205 where systemd would
forget about processes still running after the unit becomes inactive.
(This can happen when the main pid exits and KillMode=process or none).
There is no need to require mount.usrflags. The original implementation
assumed that a btrfs subvolume would always be needed but that is not
applicable to systems that do not use btrfs for /usr.
Similar to using rootflags= for the default of mount.usrflags=, append
the classic 'ro' and 'rw' flags to the mount options.
With DIRECTION_UP (i.e. navigating backwards) in generic_array_bisect() when the
needle was found as the last item in the array, it wasn't actually processed as
match, resulting in entries being missed.
https://bugs.freedesktop.org/show_bug.cgi?id=86855
The ELF magic cannot work for consumers of our shard library, since they
are in a different module. Hence make all the ELF magic private, and
instead introduce a public function to register additional static
mapping table.
Implement a recent change in the kdbus pool logic:
PAYLOAD_VEC_OFF items are now referencing offsets relative to the
connection's pool, not to the item itself. Follow this change in
sd-bus.
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.
It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:
name=value
All other fields are ignored.
If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.
Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
It's only exposed to userspace since
commit 685343fc3ba61a1f6eef361b786601123db16c28
Author: Tom Gundersen <teg@jklm.no>
AuthorDate: Mon Jul 14 16:37:22 2014 +0200
Commit: David S. Miller <davem@davemloft.net>
CommitDate: Tue Jul 15 16:12:01 2014 -0700
to the kernel.
This has been requested repeatedly, so let's give it a go. We explicitly do not allow matching
on names that have already been changed (from a previous udev run, or otherwise), and matching
on unpredictable names (ethX) is discouraged (but not currently disallowed).
We also currently allow:
[Match]
Name=veth0
[Link]
Name=my-name0
SomeOtherSetting=true
Which means that the link file will be applied the first time it is invoked, but
not on subsequent invocations, which may be surprising.
..so make them cry and print a warning if __NR_memfd_create is not
defined. This should make syscall() fail with -ENOSYS, thus trigger a
suitable runtime error-path.
This patch changes the naming scheme for sas disks. The original names used
disk's sas address and lun, the new scheme uses sas address of the
nearest expander (if available) and a phy id of the used connection.
If no expander is used, the phy id of hba phy is used.
Note that names that refer to RAID or other abstract devices are
unchanged.
Name in raid configuration:
hba_pci_address-sas-raid_sas_address-lunY-partZ
Name in expander bare disk configuration:
hba_pci_address-sas-expander_sas_address-phyX-lunY-partZ
Name format without expanders:
hba_pci_address-sas-phyX-lunY-partZ
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
This patch add support to specify path cost of the
bridge port to be configured via conf file.
Exampe: conf
file: br.netdev
[NetDev]
Name=br-test
Kind=bridge
file: br.network
[Match]
Name=em1
[Network]
Bridge=br-test
[BridgePort]
Cost=332
bridge link
2: em1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master
br-test state disabled priority 32 cost 332
We need original socket_fd around otherwise mac_selinux_get_child_mls_label
fails with -EINVAL return code. Also don't call setexeccon twice but rather pass
context value of SELinuxContext option as an extra argument.
This is useful inside of containers or local networks to intrdouce a
stable name of the default gateway host (in case of containers usually
the host, in case of LANs usually local router).
The errors are prefixed with "libxkbcommon" to provide some context,
because they are quite confusing without it. With the prefix, we at
least know where they come from.
If /etc was read only at boot time with an empty /etc/machine-id, the latter
will be mounted as a tmpfs and get reset at each boot. If the system becomes rw
later, this functionality enables to commit in a race-free manner the
transient machine-id to disk.
Generate the file name from ID_PATH plus the rfkill type (wlan,
bluetooth, ...) and ignore the rfkill device name, since it apparently
is not a stable identifier.
Also, ensure that devices disappearing don't result in broken services,
simply exit cleanly.
During upgrades and when transitioning between different systemd
versions in initrd and on the host we have to expect that some
serialization fields are unknown or parse incorrectly. This shouldn't
really be considered an error, hence downgrade the log messages about
it to debug. This way we can still trace it, but it doesn't confuse
users.
This kinda reverts 46849c3f.
This is the IP address of the default route on the link, if present. A
description is printed when available (the manufacturer of the gateway NIC based
on its MAC address).
In the future we should prefer LLDP information over MAC info.
The RFC says to encode an single empty TXT string instead of an empty
TXT array. It also says to treat a zero-length TXT RR as a TXT array
with a single zero-length string.
This is mostly likely the audit socket, and we really should close it
if we cannot make sense of it, since as long as it is open the kernel
might disable the kmsg forwarding of audit msgs, and we should avoid
that, since audit msgs might get completely lost then.
I also downgraded the log message we show a bit, after all things should
really work fine, and we proceed fine with it.
systemd-delta man page promises that multiple types of deltas will be
concatenated if they are listed with a comma as separator. Replace
FOREACH_WORD() with FOREACH_WORD_SEPARATOR() to restore the functionality.
It helps editing units by either creating a drop-in file, like
/etc/systemd/system/my.service.d/override.conf, or by copying the
original unit from /usr/lib/systemd/ to /etc/systemd/ if the --full
option is specified.
It invokes an editor on temporary files related to the unit files and
if the editor exited successfully, then it renames the temporary files
to their original names (e.g. my.service or override.conf) and
daemon-reload is invoked.
If the temporary file is empty the modification is canceled.
See https://bugzilla.redhat.com/show_bug.cgi?id=906824
Also accept '\r' as newline character.
This dropps warnings of the type:
invalid key/value pair in file /usr/lib/udev/rules.d/40-usb-media-players.rules
on line 26, starting at character 25 ('')
The current code would print the character following the first invalid
character.
Given an udev rules-file without a trailing newline we would otherwise print
garbage:
invalid key/value pair in file /usr/lib/udev/rules.d/40-usb-media-players.rules
on line 26, starting at character 25 ('m')
This is now changed to print
invalid key/value pair in file /usr/lib/udev/rules.d/40-usb-media-players.rules
on line 26, starting at character 25 ('')
(still not very good as printing \0 just gives the empty string)
Currently a property in the form of
FOO=bar
is stored as " FOO=bar", i.e. the property name contains a leading space.
That's quite hard to spot.
This patch discards all extra whitespaces but the first one which is required
by libudev's hwdb_add_property.
[zj: modify the check a bit]
https://bugs.freedesktop.org/show_bug.cgi?id=82311
When creating a new mount unit after an event on /proc/self/mountinfo,
check the mount options as well as the fstype to determine if this is a
remote mount that requires network access.
This is an attempt to add it the remote-fs dependencies to a mount unit
if the options change, like when the utab options are picked up after
mountinfo has already been processed. It just adds the remote-fs
dependencies, leaving the local-fs ones in place.
With this change I always get mount units with proper remote-fs
dependencies when mounted with the _netdev option.
Parsing the mount table with libmount races against the mount command,
which will handle the actual mounting before updating utab. This means
the poll event on /proc/self/mountinfo can kick of a reparse in systemd
before the utab information is available.
This change adds in an additional event source using inotify to watch
for changes to utab. It only watches for IN_MOVED_TO events, matching
libmount behavior of always overwriting this file using rename(2).
This does add a second pass through the mount table parsing when utab is
updated.
Let's do this right from the beginning, to prepare ground for udev
messages that most likely want to store list of strings (for device
tags) in messages, and filter on them.
The ID returned really doesn't identify the owner, but the bus instance,
hence fix this misnaming.
Also, update "busctl status" to show the ID in its output.
If the format string contains %m, clearly errno must have a meaningful
value, so we might as well use log_*_errno to have ERRNO= logged.
Using:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/'
Plus some whitespace, linewrap, and indent adjustments.
Using:
find . -name '*.[ch]' | while read f; do perl -i.mmm -e \
'local $/;
local $_=<>;
s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg;
print;'
$f
done
And a couple of manual whitespace fixups.
Simplify unit_name_mangle() and unit_name_mangle_with_suffix() to
always behave the same, and only append a suffix if there is no
type suffix. If a user says 'isolate blah.device' it is better to
return an error that the type cannot be isolated, than to try to
isolate blah.device.target.
In show_all_names(), bus_map_all_properties() returns 1 on success which is
then used as the return code of show_all_names() and eventually main(). Exit
with zero in main() on all nonnegative results to guard against similar errors.
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'
Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
This enables us to write things like this:
int open_some_file(void) {
fd = open("/dev/foobar", O_RDWR|O_CLOEXEC);
if (fd < 0)
return log_error_errno(errno, "Failed to reboot: %m");
return fd;
}
Which is function that returns -errno on failure, as well as printing an
error message, all in one line.
- Rename log_meta() → log_internal(), to follow naming scheme of most
other log functions that are usually invoked through macros, but never
directly.
- Rename log_info_object() to log_object_info(), simply because the
object should be before any other parameters, to follow OO-style
programming style.
This change has two benefits:
- The format string %m will now resolve to the specified error (or to
errno if the specified error is 0. This allows getting rid of a ton of
strerror() invocations, a function that is not thread-safe.
- The specified error can be passed to the journal in the ERRNO= field.
Now of course, we just need somebody to convert all cases of this:
log_error("Something happened: %s", strerror(-r));
into thus:
log_error_errno(-r, "Something happened: %m");
