IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
LLDP_TX_HOLD or one of the other variables might be changed in the future
resulting in a silent error here if the if was just removed.
Replacement for #2983.
It is observed that a combination of high log throughput, low I/O speed on journal remote side and many nodes uploading simultaneously caused the journal-upload process to dump core because of watchdog starvation. This is caused because journal-upload stays in curl_easy_perform(), because it cannot upload fast enough to reach the end of the journal. Currently journal-upload will return from curl_easy_perform() only when the end of the journal is reached. Therefore a check is added in journal_input_callback(), which will update the watchdog if the elapsed time since the start of the uploading process is greater than WATCHDOG_USEC/2.
* Don't lose children exit codes
* Don't receive notification when child processes stop
Eliminates annoying "Child died"-messages:
$ ./systemd-socket-activate -l 2000 --inetd -a cat
^Z
[1]+ Stopped ./systemd-socket-activate -l 2000 --inetd -a cat
$ bg %1
[1]+ ./systemd-socket-activate -l 2000 --inetd -a cat &
Child 15657 died with code 20
$ ps u 15657
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
ubuntu 15657 0.0 0.0 4540 680 pts/2 S 00:34 0:00 cat
* Don't fail to reap some zombie children
Fixes
$ ./systemd-socket-activate -l 2000 --inetd -a cat &
$ for i in {1..1000}; do echo a | nc localhost 2000 & done
$ ps f
...
18235 pts/2 Ss 0:01 -bash
15849 pts/2 S 0:00 \_ ./systemd-socket-activate -l 2000 --inetd
-a cat
16081 pts/2 Z 0:00 | \_ [cat] <defunct>
16381 pts/2 Z 0:00 | \_ [cat] <defunct>
and many more zombies
...
On the server side we already bypass the polkit checks if the caller is root
(see the sd_bus_query_sender_privilege() call in bus_verify_polkit_async()). So
there is no reason to invoke polkit when running
systemctl/machinectl/loginctl/timedatectl as root.
Fixes#2748
strjoina() is unsafe to be used in an unbounded loop as alloca() has no error
reporting. Thus devices with a large number of tags or devlinks trigger a
segfault in device_properties_prepare() due to overflowing the stack.
Rewrite the building of the "tags" and "devlinks" strings using
GREEDY_REALLOC() and strpcpy() to work with arbitrarily long strings. This also
avoids re-copying the entire string in each loop iteration.
Before this commit we always appended one final ":" to "tags". Change this to
start with an iniital ":" and for each tag append instead of prepend a ":".
This unifies what happens for the first and all subsequent tags so that we can
use a for loop.
Fixes#2954
1. Replace strtol with unhexchar, verified with valid and invalid DUID strings.
2. Fix logging to use log_syntax instead of log_error.
3. On error reading DUID, ignore read and preserve previous state.
4. Fix man-pages to use markup, remove options not yet implemented.
5. Remove spurious header line in new files.
With this option, systemctl will only print the rhs in show:
$ systemctl show -p Wants,After systemd-journald --value
systemd-journald.socket ...
systemd-journald-dev-log.socket ...
This is useful in scripts, because the need to call awk or similar
is removed.
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any
product expecting *.localdomain to resolve to localhost, however I am aware of
at least one product that defaults to ".localdomain" as its DNS suffix provided
via DHCP (pfSense). This leads to unexpected results when attempting to access
a host that's offline (or a host that's online, when nsswitch.conf is
[mis-]configured to have myhostname ahead of DNS).
Operate on:
localhost (and localhost.)
*.localhost (and *.localhost.)
localhost.localdomain (and localhost.localdomain.)
*.localhost.localdomain (and *.localhost.localdomain.)
We should not cover:
*.localdomain (nor *.localdomain.)
localdomain (nor localdomain.)
In 110ceee58e we removed the period after
printing the started units. This makes copying the unit name easier but
results in improper English.
This adds a colon before printing the units, which makes the output
look better.
src/journal/compress.c: In function ‘compress_blob_lz4’:
src/journal/compress.c:115:49: warning: pointer of type ‘void *’ used in arithmetic [-Wpointer-arith]
r = LZ4_compress_limitedOutput(src, dst + 8, src_size, (int) dst_alloc_size - 8);
^
src/journal/compress.c: In function ‘decompress_blob_xz’:
src/journal/compress.c:179:35: warning: pointer of type ‘void *’ used in arithmetic [-Wpointer-arith]
s.next_out = *dst + used;
^
src/journal/compress.c: In function ‘decompress_blob_lz4’:
src/journal/compress.c:218:37: warning: pointer of type ‘void *’ used in arithmetic [-Wpointer-arith]
r = LZ4_decompress_safe(src + 8, out, src_size - 8, size);
^
src/journal/compress.c: In function ‘decompress_startswith_xz’:
src/journal/compress.c:294:38: warning: pointer of type ‘void *’ used in arithmetic [-Wpointer-arith]
s.next_out = *buffer + *buffer_size - s.avail_out;
^
src/journal/compress.c:294:53: warning: pointer of type ‘void *’ used in arithmetic [-Wpointer-arith]
s.next_out = *buffer + *buffer_size - s.avail_out;
^
src/journal/compress.c: In function ‘decompress_startswith_lz4’:
src/journal/compress.c:327:45: warning: pointer of type ‘void *’ used in arithmetic [-Wpointer-arith]
r = LZ4_decompress_safe_partial(src + 8, *buffer, src_size - 8,
^
LZ4 and XZ functions use char* and unsigned char*, respectively,
so keep void* in our internal APIs and add casts.
The patch is not minimal, but a function to parse size_t is probably
going to come in handy in other places, so I think it's nicer to define
a proper parsing function than to open-code the cast.
It could be that our .service is being stopped precisely because the
device already disappeared (e.g. due to a manual `cryptsetup close`, or
due to UDisks2 cleaning up).
Callers of dhcp_validate_duid_len() know that they must not pass
a zero duid_len. Thus asserting against that is appropriate.
On the other hand, they are not aware of the maximum allowed length
of a duid, as that is the reason why they call dhcp_validate_duid_len()
in the first place. So dhcp_validate_duid_len() should just signal a
regular error.
Thereby, change assert_return() to an assert() as this is an internal
function.
Fix copy&paste bug in map_basic() to use the correct data type for
SD_BUS_TYPE_UINT32. Before we were copying the wrong 32 bits into the
destination pointer, resulting in complete garbage on big-endian systems.
Fixes#2927
- Move gcrypt.h include inside grcrypt-util.h.
- Allow gcrypt-util.[ch] to be compiled even without gcrypt.
This allows the logic in files using gcrypt to be simplified.
- Fix compilation of systemd-resolve without gcrypt.
systemd-resolved already supported that.
Fixes#2711.
After receiving SIGCHLD, one of the ways manager_dispatch_sigchld() maps the
now zombie $PID to its unit is through manager_get_unit_by_pid_cgroup() which
reads /proc/$PID/cgroup and looks up the unit associated with the cgroup path.
On non-unified cgroup hierarchies, a process is immediately migrated to the
root cgroup on death and the cgroup lookup would always have returned the unit
associated with it, making it rather pointless but safe. On unified hierarchy,
a zombie remains associated with the cgroup that it was associated with at the
time of death and thus manager_get_unit_by_pid_cgroup() will look up the unit
properly.
However, by the time manager_dispatch_sigchld() is running, the original cgroup
may have become empty and it and its associated unit might already have been
removed. If the cgroup path doesn't yield a match, manager_dispatch_sigchld()
keeps pruning the leaf component. This means that the function may return a
slice unit for a pid and as a slice doesn't have ->sigchld_event() handler,
calling invoke_sigchld_event() on it causes a segfault.
This patch updates invoke_sigchld_event() so that it skips calling if the
handler is not set.
Earlier during the development of unified hierarchy, the populated event was
reported through by the dedicated "cgroup.populated" file; however, the
interface was updated so that it's reported through the "populated" field of
"cgroup.events" file. Update populated event handling logic accordingly.
Since Linux v4.4-rc1, __DEVEL__sane_behavior does not exist anymore and
is replaced by a new fstype "cgroup2".
With this patch, systemd no longer supports the old (unstable) way of
doing unified hierarchy with __DEVEL__sane_behavior and systemd now
requires Linux v4.4 for unified hierarchy.
Non-unified hierarchy is still the default and is unchanged by this
patch.
67e9c74b8a
lldp.h contains definitions of LLDP types, subtypes and capabilities which
should be exposed in public headers. Get rid of the file and move those
definitions to sd-lldp.h with the SD_ prefix.
It's possible that sd_bus_creds_get_tty() fails and thus
scheduled_shutdown_tty is NULL in method_schedule_shutdown().
Fix logind_wall_tty_filter() to get along with that, by showing the message on
all TTYs, instead of crashing in strcmp().
https://launchpad.net/bugs/1553040
If kernel command line options for locale are given,
the output of 'localectl status' command is not aligned,
for example,
=============
Warning: Settings on kernel command line override system locale settings in /etc/locale.conf.
Command Line: LANG=C
System Locale: LANG=C
VC Keymap: n/a
X11 Layout: n/a
=============
This commit fixes the alignment.
If /etc/locale.conf is empty or does not exist, the output of
'localectl status' command includes an unnecessary line break
as follows:
=======================
System Locale: n/a
VC Keymap: n/a
X11 Layout: n/a
=======================
This commit removes the line break after the system locale.
usbffs_address_create() expects an absolute path to the file that is
supposed to be opened. The path specified only leads to the directory
containing the endpoint ep0 not the endpoint itself. This commit adds
the endpoints name to the path.
If list-units command is explicitly asked to show inactive units
by using '--state=inactive' option, there's no need to force the user
to pass '--all' option to include inactive units in the search in
this case.
copy_bytes() and the comparisons in test_copy_bytes_regular_file() expect an
uint64_t, not a size_t. On 32 bit architectures the latter is 32 bit, leading
to truncation errors.
Fixes regression from commit 7a827fcb.
We get
$ systemd-nspawn --image /dev/loop1 --port 8080:80 -n -b 3
--port= is not supported, compiled without libiptc support.
instead of a ping-nc-iptables debugging session
We have a bunch of syscall wrapper definitions and it's easier to
see that they follow the same pattern if they are not interspersed
with other defines.
Change the wrappers to be uniform:
- if __NR_XXX is not defined, do not bother to call the syscall,
and return -1/ENOSYS immediately.
- do not check __NR_XXX defines if we detect the symbol as defined,
since we don't need them anyway
- reindent stuff for readability
New file basic/missing_syscall.h is included at the end of missing.h
because it might make use of some of the definitions in missing.h.
For btrfs, c_f_r() is like BTRFS_IOC_CLONE which we already used, but also
works when max_bytes is set. We do call copy_bytes in coredump code with
max_bytes set, and for large files, so we might see some benefit from using
c_f_r() on btrfs.
For other filesystems, c_f_r() falls back to do_splice_direct(), the same as
sendfile, which we already call, so there shouldn't be much difference.
Tested with test-copy and systemd-coredump on Linux 4.3 (w/o c_f_r)
and 4.5 (w/ c_f_r).
If first attempt to merge units failed and we are trying to do
merge the other way around and at the same time we are working with
template name, then other unit can't possibly be template, because it is
not possible to have template unit running, only instances of the
template. Thus we need to look for already active instance instead.
The attribute was removed in commit c047507 in the clang repository as it
was never properly implemented anyway. Avoid using the attribute with
clang because it generates a ton of annoying warnings.
We called sendfile with 16kb (a.k.a. COPY_BUFFER_SIZE) as the maximum
number of bytes to copy. This seems rather inefficient, especially with
large files. Instead, call sendfile with a "large" maximum.
What "large" max means is a bit tricky: current file offset + max
must fit in loff_t. This means that as we call sendfile more than once,
we have to lower the max size.
With this patch, test-copy calls sendfile twice, e.g.:
sendfile(4, 3, NULL, 9223372036854775807) = 738760
sendfile(4, 3, NULL, 9223372036854037047) = 0
The second call is necessary to determine EOF.
I started looking into adding copy_file_range support, and discovered
that we can improve the way we call sendfile:
- sendfile(2) man page is missing an important bit: the number of bytes to
copy cannot be too big (SSIZE_MAX actually), and the description of EINVAL
return code does not mention this either,
- our implementation works but calls sendfile over and over with a small
size, which seems suboptimal.
First add a test which (under strace) can be used to see current behaviour.
It was added in 2.6.39, and causes an assertion to fail when running in mock
hosted on 2.6.23-based RHEL-6:
Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
Since glibc is moving away from implicitly including sys/sysmacros.h
all the time via sys/types.h, include the header directly in more
places. This seems to cover most makedev/major/minor usage.
lldp_start_timer() was only called during sd_lldp_get_neighbors().
Ensure that the timer is (re-)started when a new neighbor appears.
Otherwise, the timer is not started when relying on the events alone.
Fixes: 34437b4f9c
In some cases we do not have a udev device when setting up a unit
(certainly the code gracefully handles this). However, we do
then go on to compare the path via path_equal which will assert
if a null value is passed in.
See https://bugs.mageia.org/show_bug.cgi?id=17766
Not sure if this is the correct fix, but it avoids the crash
Simply avoid the trouble and use a void* if the define
is missing. We lose type safety, but who cares.
sigaction(2) says that siginfo_t requires _POSIX_C_SOURCE >= 199309L,
but we can be a bit more generous and use the same define
as /usr/include/signal.h.
Currently socket_address_listen() calls mac_selinux_bind() to bind a UNIX
socket and checks its return value and errno for EADDRINUSE. This is not
correct. When there's an SELinux context change made for the new socket,
bind() is not the last function called in mac_selinux_bind(). In that
case the last call is setfscreatecon() from libselinux which can change
errno as it uses access() to check if /proc/thread-self is available.
It fails on kernels before 3.17 and errno is set to ENOENT.
It's safe to check only the return value at it's set to -errno.
If the user specifies an selinux_apifs_context all content created in
the container including /dev/console should use this label.
Currently when this uses the default label it gets labeled user_devpts_t,
which would require us to write a policy allowing container processes to
manage user_devpts_t. This means that an escaped process would be allowed
to attack all users terminals as well as other container terminals. Changing
the label to match the apifs_context, means the processes would only be allowed
to manage their specific tty.
This change fixes a problem preventing RKT containers from working with systemd-nspawn.
name is IFNAMSIZ bytes, but we would copy sizeof(info->name) bytes,
which is IFNAMSIZ + 1. In effect we would go outside of the source
buffer and possibly leave a non-null terminated string in info->name.
CID #1351754.
The source file name and the binary name were mismatched.
Rename binary to match.
Make the test exit with TEST_SKIP if the data is missing or we
have no permissions. Otherwise, the data will be printed, which
should be safe to enable by default.
Without this patch applied the mount unit with 'automount' option was still
pulled by local-fs.target and thus was activated during the boot process which
defeats the purpose of the 'automount' option:
$ grep /mnt /etc/fstab
/dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
/dev/vdb1 on /mnt type ext2 (rw,relatime)
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
With the patch applied:
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
$ systemctl status mnt.mount | grep Active
Active: inactive (dead)
$ ls /mnt
lost+found
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
A mount within /run/initramfs is indicative that the mount was
created by initramfs init and will be unmounted by initramfs
shutdown.
It is unlikely that such a mount point would even be unmountable
by the the main system, for example in the case of the root file-
system being loop-mounted from a file in a /run/initramfs mount.
Up until now, the failure action has launched reboot.target and
poweroff.target with a less aggressive job mode than
"systemctl reboot" does. This has meant that the reboot and power-
off operations can stall if there are any conflicts with the target
during rebooting.
It seems that it is signed both on i386 and arm.
Avoids a stupid gcc warning on arm:
src/udev/udevadm-monitor.c: In function ‘print_device’:
src/udev/udevadm-monitor.c:44:16: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 3 has type ‘__time_t {aka long int}’ [-Wformat=]
printf("%-6s[%"PRI_TIME".%06ld] %-8s %s (%s)\n",
^
As described in the documentation:
When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
O_DIRECTORY, and O_NOFOLLOW are ignored.
So, we can remove unnecessary flags in a case when O_PATH is passed
to the open() or openat().
systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
The get_state_one_unit returns the enum of the active state of the unit
Do not rely on the string value of the active state.
Fix#2718 since the refactoring allow to handle more case
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
Initialize auto variables with cleanup attribute, otherwise we
get a compiler warning with -fexceptions.
./configure CFLAGS='-Wmaybe-uninitialized -fexceptions -O2'
Similarly to the previous commit, make context_write_data_local_rtc()
understand /etc/adjtime files with just one or two lines, with or without a
final newline.
Normalize the file to the current definition in hwclock(8), in the spirit of
"be liberal what you accept and strict what you produce": Add line terminators,
and set the second line to "0" if missing.
Fixes: #2638
As we default to "hardware clock is in UTC" if /etc/adjtime is not present, it
also makes sense to have that default if /etc/adjtime contains only one or two
lines.
Drop the "gibberish" test case, as this was just EIO because of not containing
three lines, which is already contained in other tests. clock_is_localtime()
never actually validated the format of the first two lines, and there is little
point in doing that.
This addresses the reading half of issue #2638.
Add path argument to clock_is_localtime() and default to "/etc/adjtime" if it's
NULL. This makes the function testable.
Add test-clock: initial test cases for some scenarios, using a temporary file.
This also checks the behaviour with a NULL (i. e. the system's /etc/adjtime)
file.
Many subsystems define own pager_open_if_enabled() function which
checks '--no-pager' command line argument and open pager depends
on its value. All implementations of pager_open_if_enabled() are
the same. Let's merger this function with pager_open() from the
shared/pager.c and remove pager_open_if_enabled() from all subsytems
to prevent code duplication.
RFC 2131 Section 4.1 says that
"If the ’giaddr’ field in a DHCP message from a client is non-zero,
the server sends any return messages to the ’DHCP server’ port on the
BOOTP relay agent whose address appears in ’giaddr’."
Fix this by adding a destination port when sending unicast UDP packets
and provide the server port when a BOOTP relay agent is being used.
When running in XEN Dom0 the virtualization check:
1) detect_xen returns HYPERVISOR_NONE so next checks are executed
2) /proc/sys/hypervisor detects a XEN hypervisor
it is lacking the special Dom0 detection as in detect_xen
With this patch, at the end of all virtualization checks we double-check if running in XEN Dom0 or DomU.
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
Throughout the tree there's spurious use of spaces separating ++ and --
operators from their respective operands. Make ++ and -- operator
consistent with the majority of existing uses; discard the spaces.
When a transaction is complete, and we notify its owners, make sure we deal
correctly with the requesters removing themselves from the list of owners while
we continue iterating.
This was previously already dealt with with transactions that require other
transactions for DNSSEC purposes, fix this for other possibly transaction
owners too now.
Since iterating through "Set" objects is not safe regarding removal of entries
from it, rework the logic to use two Sets, and move each entry we notified from
one set to the other set before we dispatch the notification. This move operation
requires no additional memory, and enables us to ensure that we don't notify
any object twice.
Fixes: #2676
As suggested by CODING_STYLE we should use "void*" as type for generic memory,
and uint8_t* for generic bytes. Hence use that instead of "char*", which should
really be used only for strings these days.