1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 01:27:11 +03:00
Commit Graph

121 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
b27b4b51c6 tree-wide: remove newlines from unit_write_drop_in
This reverts part of #3329, but all for a good cause.
2016-05-28 16:29:42 -04:00
Lennart Poettering
f0367da7d1 core: rename StartLimitInterval= to StartLimitIntervalSec=
We generally follow the rule that for time settings we suffix the setting name
with "Sec" to indicate the default unit if none is specified. The only
exception was the rate limiting interval settings. Fix this, and keep the old
names for compatibility.

Do the same for journald's RateLimitInterval= setting
2016-04-29 16:27:48 +02:00
Thomas H. P. Andersen
0f5e13822d tree-wide: remove unused variables (#3098) 2016-04-22 20:49:07 -04:00
Zbigniew Jędrzejewski-Szmek
86ec5e5e29 Merge pull request #3094 from poettering/run-slice
systemd-run: fix --slice= in conjunction with --scope
2016-04-22 14:04:38 -04:00
Lennart Poettering
aea529e5b2 core: don't dispatch load queue when setting Slice= for transient units
Let's be more careful when setting up the Slice= property of transient units:
let's use manager_load_unit_prepare() instead of manager_load_unit(), so that
the load queue isn't dispatched right away, because our own transient unit is
in it, and we don#t want to have it loaded until we finished initializing it.
2016-04-22 17:30:08 +02:00
Lennart Poettering
291d565a04 core,systemctl: add bus API to retrieve processes of a unit
This adds a new GetProcesses() bus call to the Unit object which returns an
array consisting of all PIDs, their process names, as well as their full cgroup
paths. This is then used by "systemctl status" to show the per-unit process
tree.

This has the benefit that the client-side no longer needs to access the
cgroupfs directly to show the process tree of a unit. Instead, it now uses this
new API, which means it also works if -H or -M are used correctly, as the
information from the specific host is used, and not the one from the local
system.

Fixes: #2945
2016-04-22 16:06:20 +02:00
Lennart Poettering
6eb7c172b5 tree-wide: add new SIGNAL_VALID() macro-like function that validates signal numbers
And port all code over to use it.
2016-04-12 13:43:32 +02:00
Daniel Mack
50f48ad37a cgroup: remove support for NetClass= directive
Support for net_cls.class_id through the NetClass= configuration directive
has been added in v227 in preparation for a per-unit packet filter mechanism.
However, it turns out the kernel people have decided to deprecate the net_cls
and net_prio controllers in v2. Tejun provides a comprehensive justification
for this in his commit, which has landed during the merge window for kernel
v4.5:

  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671

As we're aiming for full support for the v2 cgroup hierarchy, we can no
longer support this feature. Userspace tool such as nftables are moving over
to setting rules that are specific to the full cgroup path of a task, which
obsoletes these controllers anyway.

This commit removes support for tweaking details in the net_cls controller,
but keeps the NetClass= directive around for legacy compatibility reasons.
2016-02-10 16:38:56 +01:00
Martin Pitt
16a798deb3 Merge pull request #2569 from zonque/removals
Remove some old cruft
2016-02-10 14:01:46 +01:00
Daniel Mack
b26fa1a2fb tree-wide: remove Emacs lines from all files
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
2016-02-10 13:41:57 +01:00
Daniel Mack
978d665086 Merge pull request #2564 from poettering/fix-2467
Fix for #2467
2016-02-10 13:39:48 +01:00
Lennart Poettering
6bf0f408e4 core: make the StartLimitXYZ= settings generic and apply to any kind of unit, not just services
This moves the StartLimitBurst=, StartLimitInterval=, StartLimitAction=, RebootArgument= from the [Service] section
into the [Unit] section of unit files, and thus support it in all unit types, not just in services.

This way we can enforce the start limit much earlier, in particular before testing the unit conditions, so that
repeated start-up failure due to failed conditions is also considered for the start limit logic.

For compatibility the four options may also be configured in the [Service] section still, but we only document them in
their new section [Unit].

This also renamed the socket unit failure code "service-failed-permanent" into "service-start-limit-hit" to express
more clearly what it is about, after all it's only triggered through the start limit being hit.

Finally, the code in busname_trigger_notify() and socket_trigger_notify() is altered to become more alike.

Fixes: #2467
2016-02-10 13:26:56 +01:00
Lennart Poettering
b21d2f8117 core: clarify which unit file is masked in error message
After all, the masked unit file error might be returned when enqueuing a unit that is not masked but requires a masked
unit. In this case it should really be clear which unit is meant here.
2016-02-09 20:47:45 +01:00
Lennart Poettering
a483fb59a8 core: store for each unit when the last low-level unit state change took place
This adds a new timestamp field to the Unit struct, storing when the last low-level state change took place, and make
sure this is restored after a daemon reload. This new field is useful to allow restarting of per-state timers exactly
where they originally started.
2016-02-01 22:18:16 +01:00
Evgeny Vereshchagin
f596e00f32 core: let's check access before type modification 2016-01-31 14:23:46 +00:00
Evgeny Vereshchagin
94bd732348 core: refactoring: add job_type_to_access_method
remove duplication
2016-01-31 14:23:46 +00:00
Evgeny Vereshchagin
61ea63f1ab core: fix selinux check for reload
Fixes:
-bash-4.3# echo 1 >/sys/fs/selinux/enforce
-bash-4.3# runcon -t systemd_test_start_t systemctl start hola

-bash-4.3# sesearch --allow -s systemd_test_reload_t -c service
Found 1 semantic av rules:
   allow systemd_test_reload_t systemd_unit_file_t : service reload ;

-bash-4.3# runcon -t systemd_test_reload_t systemctl reload hola
Failed to reload hola.service: Access denied
See system logs and 'systemctl status hola.service' for details.

-bash-4.3# journalctl -b | grep -i user_avc | grep reload
USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='
avc:  denied  { start } for auid=0 uid=0 gid=0 path="/etc/systemd/system/hola.service" cmdline="systemctl reload hola"
scontext=unconfined_u:unconfined_r:systemd_test_reload_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_unit_file_t:s0
tclass=service

See
https://fedoraproject.org/wiki/Features/SELinuxSystemdAccessControl#Documentation
2016-01-31 14:19:15 +00:00
Lennart Poettering
3282591dc3 core: make sure "systemctl reload-or-try-restart is actually a noop if a unit is not running
This makes sure we follow the same basic logic for try-restart if we have a try-reload.

Fixes #688
2016-01-28 18:48:42 +01:00
Lennart Poettering
4afd3348c7 tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.

With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.

The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).

This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.

Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:

       #define _cleanup_(function) __attribute__((cleanup(function)))

Or similar, to make the gcc feature easier to use.

Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.

See #2008.
2015-11-27 19:19:36 +01:00
Franck Bui
000a996dc4 Introduce bus_unit_check_load_state() helper
This function is used to check that a previous unit load succeed and
returns 0 in this case.

In the case the load failed, the function setup a bus error
accordingly and returns -errno.
2015-11-22 15:05:40 +01:00
Lennart Poettering
4bd29fe5ce core: drop "override" flag when building transactions
Now that we don't have RequiresOverridable= and RequisiteOverridable=
dependencies anymore, we can get rid of tracking the "override" boolean
for jobs in the job engine, as it serves no purpose anymore.

While we are at it, fix some error messages we print when invoking
functions that take the override parameter.
2015-11-12 19:54:07 +01:00
Lennart Poettering
f32b43bda4 core: remove support for RequiresOverridable= and RequisiteOverridable=
As discussed at systemd.conf 2015 and on also raised on the ML:

http://lists.freedesktop.org/archives/systemd-devel/2015-November/034880.html

This removes the two XyzOverridable= unit dependencies, that were
basically never used, and do not enhance user experience in any way.
Most folks looking for the functionality this provides probably opt for
the "ignore-dependencies" job mode, and that's probably a good idea.

Hence, let's simplify systemd's dependency engine and remove these two
dependency types (and their inverses).

The unit file parser and the dbus property parser will now redirect
the settings/properties to result in an equivalent non-overridable
dependency. In the case of the unit file parser we generate a warning,
to inform the user.

The dbus properties for this unit type stay available on the unit
objects, but they are now hidden from usual introspection and will
always return the empty list when queried.

This should provide enough compatibility for the few unit files that
actually ever made use of this.
2015-11-12 19:27:24 +01:00
Zbigniew Jędrzejewski-Szmek
36b4a7ba55 Remove snapshot unit type
Snapshots were never useful or used for anything. Many systemd
developers that I spoke to at systemd.conf2015, didn't even know they
existed, so it is fairly safe to assume that this type can be deleted
without harm.

The fundamental problem with snapshots is that the state of the system
is dynamic, devices come and go, users log in and out, timers fire...
and restoring all units to some state from the past would "undo"
those changes, which isn't really possible.

Tested by creating a snapshot, running the new binary, and checking
that the transition did not cause errors, and the snapshot is gone,
and snapshots cannot be created anymore.

New systemctl says:
Unknown operation snapshot.
Old systemctl says:
Failed to create snapshot: Support for snapshots has been removed.

IgnoreOnSnaphost settings are warned about and ignored:
Support for option IgnoreOnSnapshot= has been removed and it is ignored

http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
2015-11-10 19:33:06 -05:00
Lennart Poettering
b5efdb8af4 util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
Lennart Poettering
ee104e11e3 user-util: move UID/GID related macros from macro.h to user-util.h 2015-10-27 13:25:57 +01:00
Lennart Poettering
8752c5752f util-lib: move more locale-related calls to locale-util.[ch] 2015-10-27 13:25:56 +01:00
Evgeny Vereshchagin
efb30ba1a6 core: don't allow manual start with reload-or-restart too
fix bug: systemctl reload-or-restart starts a service with RefuseManualStart=yes
2015-10-26 04:23:09 +00:00
Lennart Poettering
07630cea1f util-lib: split our string related calls from util.[ch] into its own file string-util.[ch]
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.

This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.

Also touches a few unrelated include files.
2015-10-24 23:05:02 +02:00
Lennart Poettering
4b4cb0a1ff core: fix type of NetClass dbus property
it's exposed as uint32_t and it is internally an uint32_t, hence no need
to treat it as an unsigned.
2015-10-19 23:07:18 +02:00
Daniel Mack
32ee7d3309 cgroup: add support for net_cls controllers
Add a new config directive called NetClass= to CGroup enabled units.
Allowed values are positive numbers for fix assignments and "auto" for
picking a free value automatically, for which we need to keep track of
dynamically assigned net class IDs of units. Introduce a hash table for
this, and also record the last ID that was given out, so the allocator
can start its search for the next 'hole' from there. This could
eventually be optimized with something like an irb.

The class IDs up to 65536 are considered reserved and won't be
assigned automatically by systemd. This barrier can be made a config
directive in the future.

Values set in unit files are stored in the CGroupContext of the
unit and considered read-only. The actually assigned number (which
may have been chosen dynamically) is stored in the unit itself and
is guaranteed to remain stable as long as the unit is active.

In the CGroup controller, set the configured CGroup net class to
net_cls.classid. Multiple unit may share the same net class ID,
and those which do are linked together.
2015-09-16 00:21:55 +02:00
Lennart Poettering
03a7b521e3 core: add support for the "pids" cgroup controller
This adds support for the new "pids" cgroup controller of 4.3 kernels.
It allows accounting the number of tasks in a cgroup and enforcing
limits on it.

This adds two new setting TasksAccounting= and TasksMax= to each unit,
as well as a gloabl option DefaultTasksAccounting=.

This also updated "cgtop" to optionally make use of the new
kernel-provided accounting.

systemctl has been updated to show the number of tasks for each service
if it is available.

This patch also adds correct support for undoing memory limits for units
using a MemoryLimit=infinity syntax. We do the same for TasksMax= now
and hence keep things in sync here.
2015-09-10 18:41:06 +02:00
Michael Chapman
88ced61bf9 core: pass details to polkit for some unit actions
The following details are passed:

- unit: the primary name of the unit upon which the action was
        invoked (i.e. after resolving any aliases);
- verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart',
        'reload-or-restart', 'reload-or-try-restart', 'kill',
        'reset-failed', or 'set-property', corresponding to the
        systemctl verb used to invoke the action.

Typical use of these details in a polkit policy rule might be:

  // Allow alice to manage example.service;
  // fall back to implicit authorization otherwise.
  polkit.addRule(function(action, subject) {
      if (action.id == "org.freedesktop.systemd1.manage-units" &&
          action.lookup("unit") == "example.service" &&
          subject.user == "alice") {
          return polkit.Result.YES;
      }
  });

We also supply a custom polkit message that includes the unit's name and
the requested operation.
2015-09-06 00:07:17 +10:00
Lennart Poettering
efdb02375b core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.

A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).

It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.

The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.

This patch also removes cg_delete() which is unused now.

On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.

This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.

This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.

The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.

To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.

This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.

When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 23:52:27 +02:00
Lennart Poettering
d79200e26e unit: unify how we assing slices to units
This adds a new call unit_set_slice(), and simplifies
unit_add_default_slice(). THis should make our code a bit more robust
and simpler.
2015-08-31 13:20:43 +02:00
Lennart Poettering
35b7ff80e2 unit: add new macros to test for unit contexts 2015-08-31 13:20:43 +02:00
Lennart Poettering
21b735e798 core: add unit_dbus_interface_from_type() to unit-name.h
Let's add a way to get the type-specific D-Bus interface of a unit from
either its type or name to src/basic/unit-name.[ch]. That way we can
share it with the client side, where it is useful in tools like cgls or
machinectl.

Also ports over machinectl to make use of this.
2015-08-28 02:10:10 +02:00
Lennart Poettering
98bac6058c core: report root cgroup as "/" over the bus
Internally, the root cgroup is stored as the empty string in
Unit.cgroup_path, and "no cgroup" as NULL. Unfortunately, D-Bus does not
know a NULL concept, hence when reporting the cgroup to clients we
should turn the root cgroup into "/", and leave the empty string for the
"no cgroup" case.

This should make sure that "systemctl status -- -.slice" works correctly
and shows the entire cgroup tree.
2015-08-25 20:42:50 +02:00
Thomas Hindoe Paaboel Andersen
e861098bf2 core: fix OOM checks in dbus-unit
CID#1299014
2015-05-19 06:46:59 +02:00
Lennart Poettering
be7d9ff730 core: introduce seperate reverse dependencies for Requires= and Requisite=
This allows us to ensure that Requisite= dependencies never cause
propagation between units, while Requires= dependencies might.

http://lists.freedesktop.org/archives/systemd-devel/2015-May/031742.html
2015-05-19 01:24:28 +02:00
Lennart Poettering
f2341e0a87 core,network: major per-object logging rework
This changes log_unit_info() (and friends) to take a real Unit* object
insted of just a unit name as parameter. The call will now prefix all
logged messages with the unit name, thus allowing the unit name to be
dropped from the various passed romat strings, simplifying invocations
drastically, and unifying log output across messages. Also, UNIT= vs.
USER_UNIT= is now derived from the Manager object attached to the Unit
object, instead of getpid(). This has the benefit of correcting the
field for --test runs.

Also contains a couple of other logging improvements:

- Drops a couple of strerror() invocations in favour of using %m.

- Not only .mount units now warn if a symlinks exist for the mount
  point already, .automount units do that too, now.

- A few invocations of log_struct() that didn't actually pass any
  additional structured data have been replaced by simpler invocations
  of log_unit_info() and friends.

- For structured data a new LOG_UNIT_MESSAGE() macro has been added,
  that works like LOG_MESSAGE() but prefixes the message with the unit
  name. Similar, there's now LOG_LINK_MESSAGE() and
  LOG_NETDEV_MESSAGE().

- For structured data new LOG_UNIT_ID(), LOG_LINK_INTERFACE(),
  LOG_NETDEV_INTERFACE() macros have been added that generate the
  necessary per object fields. The old log_unit_struct() call has been
  removed in favour of these new macros used in raw log_struct()
  invocations. In addition to removing one more function call this
  allows generated structured log messages that contain two object
  fields, as necessary for example for network interfaces that are
  joined into another network interface, and whose messages shall be
  indexed by both.

- The LOG_ERRNO() macro has been removed, in favour of
  log_struct_errno(). The latter has the benefit of ensuring that %m in
  format strings is properly resolved to the specified error number.

- A number of logging messages have been converted to use
  log_unit_info() instead of log_info()

- The client code in sysv-generator no longer #includes core code from
  src/core/.

- log_unit_full_errno() has been removed, log_unit_full() instead takes
  an errno now, too.

- log_unit_info(), log_link_info(), log_netdev_info() and friends, now
  avoid double evaluation of their parameters
2015-05-11 22:24:45 +02:00
Lennart Poettering
7410616cd9 core: rework unit name validation and manipulation logic
A variety of changes:

- Make sure all our calls distuingish OOM from other errors if OOM is
  not the only error possible.

- Be much stricter when parsing escaped paths, do not accept trailing or
  leading escaped slashes.

- Change unit validation to take a bit mask for allowing plain names,
  instance names or template names or an combination thereof.

- Refuse manipulating invalid unit name
2015-05-05 15:06:42 -07:00
Lennart Poettering
190700621f sd-bus: drop bus parameter from message callback prototype
This should simplify the prototype a bit. The bus parameter is redundant
in most cases, and in the few where it matters it can be derived from
the message via sd_bus_message_get_bus().
2015-04-29 18:36:25 +02:00
Lennart Poettering
5ad096b3f1 core: expose consumed CPU time per unit
This adds support for showing the accumulated consumed CPU time per-unit
in the "systemctl status" output. The property is also readable via the
bus.
2015-03-02 12:15:25 +01:00
Thomas Hindoe Paaboel Andersen
2eec67acbb remove unused includes
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
2015-02-23 23:53:42 +01:00
Lennart Poettering
1d22e9068c core: rework policykit hookup
- Always issue selinux access check as early as possible, and PK check
  as late as possible.

- Introduce a new policykit action for altering environment

- Open most remaining bus calls to unprivileged clients via PK
2015-02-18 18:56:27 +01:00
Lennart Poettering
261420ba2a core: open up DefaultDependencies= property for transient units 2015-02-03 19:07:40 +01:00
Lennart Poettering
934277fe6a core: add a property that shows the current memory usage of a unit
This is exposed the memory.usage_in_bytes cgroup property on the bus,
and makes "systemctl status" show it in its default output.
2015-01-23 03:00:15 +01:00
Lennart Poettering
764458325e core: properly pass unit file state to clients via the bus 2014-12-10 19:58:50 +01:00
Lennart Poettering
96aad8d15a sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h
Stuff in src/shared/ should not use stuff from src/libsystemd/ really.
2014-12-10 19:07:48 +01:00
Lennart Poettering
d2dc52dbc4 systemctl: show unit file preset state in "systemctl status" output" 2014-12-02 13:23:04 +01:00