shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00
Code
37,868 Commits 4 Branches 390 Tags 552 MiB
f8c186c9ec
Commit Graph

24158 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
8edb6563b4 json: do not unescape slashes 
Apparently this originated in PHP, so the json output could be directly
embedded in HTML script tags.
See https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped.

Since the output of our tools is not intended directly for web page generation,
let's not do this unescaping. If needed, the consumer can always do escaping as
appropriate for the target format.
 2018-12-18 15:21:37 +01:00
Zbigniew Jędrzejewski-Szmek
7f9d1aedec test-fileio: test safe_fgetc directly 
Non-ascii chars are used so that we get both "positive" and "negative"
characters (on the arches where char is signed).
 2018-12-18 15:03:22 +01:00
Lennart Poettering
0d90bd9229 process-util: rework getenv_for_pid() to use read_nul_string() 2018-12-18 15:03:22 +01:00
Lennart Poettering
3946d5762f test: add test case for read_nul_string() 2018-12-18 15:03:22 +01:00
Lennart Poettering
91a306b813 fileio: let's minimize 'count' inc/dec calls 
instead of increasing it and immediately after decreasing it again,
let's just increase it a bit later.
 2018-12-18 15:03:21 +01:00
Lennart Poettering
41f11239c0 fileio: replace read_nul_string() by read_line() with a special flag 
read_line() is a lot more careful and optimized than read_nul_string()
but does mostly the same thing. let's replace the latter by the former,
just with a special flag that toggles between the slightly different EOL
rules if both.
 2018-12-18 15:03:05 +01:00
Lennart Poettering
2a7797e964 process-util: make get_process_environ() safer 
Let's add a size limit, and let's use safe_fgetc().
 2018-12-18 15:03:05 +01:00
Lennart Poettering
03a7dbeae0 tree-wide: port some code over to safe_fgetc() 2018-12-18 15:03:00 +01:00
Lennart Poettering
285a9b2749 fileio: add new safe_fgetc() helper call 
We have very similar code whenever we call fgetc() in place, let's
replae it by a common implementation.
 2018-12-18 14:55:34 +01:00
Lennart Poettering
fd89051ec3 gpt-auto: propagate gpt partition ro/rw flag into root mount 
This ensures that the read/write state of the root mount matches the
read/write flag in the GPT partition table entry.

This is only used as fallback in case no ro/rw flag is specified on the
kernel cmdline, and there's no entry for the root partition in
/etc/fstab.

This is missing functionality of the GPT auto logic, as without this the
root partition was always mounted read-only — when booting with zero
configuration in /etc/fstab and /proc/cmdline —, as we defaulted to
read-only behaviour for all mounts. Moreover we honoured the r/o flag in
the partition table for all other partition types, except for the root
partition.
 2018-12-18 14:47:46 +01:00
Lennart Poettering
c94b241777 gpt-auto: make arg_root_rw a tri-state 
No change in behaviour, but let's track whether ro or rw are specified
on the kernel cmdline at all.
 2018-12-18 14:47:46 +01:00
Lennart Poettering
59f13dd6f8 remount-fs: optionally remount / writable, if we are told through an env var 2018-12-18 14:47:44 +01:00
Lennart Poettering
58b86fdf1d remount-fs: split code for tracking PIDs in hashmap 
Just some refactoring, no change in behaviour.
 2018-12-18 14:47:06 +01:00
Lennart Poettering
e0fe3a03ab remount-fs: use PATH_IN_SET() at one more place 2018-12-18 14:38:30 +01:00
Lennart Poettering
8a9c44edf9 gpt-auto: compare kernel cmdline args with proc_cmdline_key_streq() 2018-12-18 14:38:30 +01:00
Lennart Poettering
e4abfc77c4
Merge pull request #11197 from keszybz/various-fixups 
Various fixups
 2018-12-18 14:35:00 +01:00
Lennart Poettering
6b256626c5
Merge pull request #11191 from poettering/hashmap-clear 
rework hashmap_clear()
 2018-12-18 14:34:39 +01:00
Zbigniew Jędrzejewski-Szmek
568ef98723 test-mountpoint-util: more debug info 2018-12-18 12:20:01 +01:00
Zbigniew Jędrzejewski-Szmek
3fa3dc9e44 meson: rename two more variables from _c to _sources 
_c is misleading because .h files should be included in those lists too
(this tells meson that the build outputs should be rebuilt if the header
files change).

Follow-up for 1437822638.
 2018-12-18 12:19:52 +01:00
Zbigniew Jędrzejewski-Szmek
2811184a09 systemctl: add comment why whitespace in message is needed 2018-12-18 12:18:49 +01:00
Zbigniew Jędrzejewski-Szmek
8872c3a391 test-hashmap: add test to compare hashmap_free performance 
The point here is to compare speed of hashmap_destroy with free and a different
freeing function, to the implementation details of hashmap_clear can be
evaluated.

Results:
current code:

/* test_hashmap_free (slow, 1048576 entries) */
string_hash_ops test took 2.494499s
custom_free_hash_ops test took 2.640449s

string_hash_ops test took 2.287734s
custom_free_hash_ops test took 2.557632s

string_hash_ops test took 2.299791s
custom_free_hash_ops test took 2.586975s

string_hash_ops test took 2.314099s
custom_free_hash_ops test took 2.589327s

string_hash_ops test took 2.319137s
custom_free_hash_ops test took 2.584038s

code with a patch which restores the "fast path" using:
    for (idx = skip_free_buckets(h, 0); idx != IDX_NIL; idx = skip_free_buckets(h, idx + 1))
in the case where both free_key and free_value are either free or NULL:

/* test_hashmap_free (slow, 1048576 entries) */
string_hash_ops test took 2.347013s
custom_free_hash_ops test took 2.585104s

string_hash_ops test took 2.311583s
custom_free_hash_ops test took 2.578388s

string_hash_ops test took 2.283658s
custom_free_hash_ops test took 2.621675s

string_hash_ops test took 2.334675s
custom_free_hash_ops test took 2.601568s

So the test is noisy, but there clearly is no significant difference with the
"fast path" restored. I'm surprised by this, but it shows that the current
"safe" implementation does not cause a performance loss.

When the code is compiled with optimization, those times are significantly
lower (e.g. 1.1s and 1.4s), but again, there is no difference with the "fast
path" restored.

The difference between string_hash_ops and custom_free_hash_ops is the
additional cost of global modification and the extra function call.
 2018-12-18 12:04:08 +01:00
Zbigniew Jędrzejewski-Szmek
32ca29115e test-hashmap: use the usual function headers and print timing stats 
This makes it slightly easier to watch for performance changes.
 2018-12-18 12:04:04 +01:00
Zbigniew Jędrzejewski-Szmek
70b400d9c2 hashmap: use ternary op to shorten code 2018-12-18 12:04:00 +01:00
Filipe Brandenburger
7f09920585 lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors 
In particular, check that the order of the results is consistent.

This test coverage will be useful in order to refactor the compare_func
used while sorting the results.

When introduced, this test also uncovered a memory leak in sd_lldp_stop(),
which was then fixed by a separate commit using a specialized function
as destructor of the LLDP Hashmap.

Tested:
  $ ninja -C build/ test
  $ valgrind --leak-check=full build/test-lldp
 2018-12-18 11:28:10 +01:00
Lennart Poettering
8ae1a821b3 sd-lldp: accept if a neighbor is already removed from the hashtable 2018-12-18 11:28:10 +01:00
Lennart Poettering
c380b84d8b hashmap: rework hashmap_clear() to be more defensive 
Let's first remove an item from the hashmap and only then destroy it.
This makes sure that destructor functions can mdoify the hashtables in
their own codee and we won't be confused by that.
 2018-12-18 11:28:10 +01:00
Lennart Poettering
6d72da2f3e resolved: mention which RRs we query when requesting them to authenticate some other RR 2018-12-18 11:25:21 +01:00
Lennart Poettering
d5acaa51db resolved: only attempt non-answer SOA RRs if they are parents of our query 
There's no value in authenticating SOA RRs that are neither answer to
our question nor parent of our question (the latter being relevant so
that we have a TTL from the SOA field for negative caching of the actual
query).

By being to eager here, and trying to authenticate too much we run the
risk of creating cyclic deps between our transactions which then causes
the over-all authentication to fail.

Fixes: #9771
 2018-12-18 11:25:21 +01:00
Lennart Poettering
1a126325eb timesync: fix serialization of IP address 
Fixes: #11169
 2018-12-18 00:59:14 +01:00
Lennart Poettering
4f9cf94c4a
Merge pull request #11144 from keszybz/dissect-image-fix 
Fix for dissect-image use in nspawn
 2018-12-17 19:36:36 +01:00
Michal Sekletar
4c70a4a748 core: do cgroup migration first and only then connect to journald 
Fixes #11162
 2018-12-17 19:22:30 +01:00
Lennart Poettering
500c65ad69
Merge pull request #11167 from yuwata/sd-resolve-typesafe 
sd-resolve: introduce typesafe macros
 2018-12-17 19:22:07 +01:00
Alexey Bogdanenko
8f9f3cb724 core: fix KeyringMode for user services 
KeyringMode option is useful for user services. Also, documentation for the
option suggests that the option applies to user services. However, setting the
option to any of its allowed values has no effect.

This commit fixes that and removes EXEC_NEW_KEYRING flag. The flag is no longer
necessary: instead of checking if the flag is set we can check if keyring_mode
is not equal to EXEC_KEYRING_INHERIT.
 2018-12-17 16:56:36 +01:00
Lennart Poettering
95cde1ed24
Merge pull request #11159 from keszybz/udev-typedef 
Udev typedef and normal error reporting
 2018-12-17 16:19:10 +01:00
Michal Sekletar
672773b63a journald: correctly attribute log messages also with cgroupsv1 
With cgroupsv1 a zombie process is migrated to root cgroup in all
hierarchies. This was changed for unified hierarchy and /proc/PID/cgroup
reports cgroup to which process belonged before it exited.

Be more suspicious about cgroup path reported by the kernel and use
unit_id provided by the log client if the kernel reports that process is
running in the root cgroup.

Users tend to care the most about 'log->unit_id' mapping so systemctl
status can correctly report last log lines. Also we wouldn't be able to
infer anything useful from "/" path anyway.

See: 2e91fa7f6d
 2018-12-17 15:16:11 +01:00
Lennart Poettering
a9238f6a33
Merge pull request #11184 from poettering/resolved-search-domains-max 
resolve: bump max of dns servers/search domains
 2018-12-17 15:15:45 +01:00
Tore Anderson
93158c77bc resolve: enable EDNS0 towards the 127.0.0.53 stub resolver 
This appears to be necessary for client software to ensure the reponse data
is validated with DNSSEC. For example, `ssh -v -o VerifyHostKeyDNS=yes -o
StrictHostKeyChecking=yes redpilllinpro01.ring.nlnog.net` fails if EDNS0 is
not enabled. The debugging output reveals that the `SSHFP` records were
found in DNS, but were considered insecure.

Note that the patch intentionally does *not* enable EDNS0 in the
`/run/systemd/resolve/resolv.conf` file (the one that contains `nameserver`
entries for the upstream DNS servers), as it is impossible to know for
certain that all the upstream DNS servers handles EDNS0 correctly.
 2018-12-17 15:15:18 +01:00
Zbigniew Jędrzejewski-Szmek
a8040b6d0a dissect-image: wait for the main device and all partitions to be known by udev 
Fixes #10526.

Even if we waited for the root device to appear, the mount could still fail if
we didn't wait for udev to initalize the device. In particular, the
/dev/block/n:m path used to mount the device is created by udev, and nspawn
would sometimes win the race and the mount would fail with -ENOENT.

The same wait is done for partitions, since if we try to mount them, the same
considerations apply.

Note: I first implemented a version which just does a loop (with a short wait).
In that approach, udev takes on average ~800 µs to initialize the loopback
device. The approach where we set up a monitor and avoid the loop is a bit
nicer. There doesn't seem to be a significant difference in speed.
With 1000 invocations of 'systemd-nspawn -i image.squashfs echo':

loop (previous approach):
real	4m52.625s
user	0m37.094s
sys	2m14.705s

monitor (this patch):
real	4m50.791s
user	0m36.619s
sys	2m14.039s
 2018-12-17 13:50:57 +01:00
Zbigniew Jędrzejewski-Szmek
b887c8b8a8 dissect-image: wait for the root to appear 
dissect-image would wait for the root device and paritions to appear. But if we
had an image with no partitions, we'd not wait at all. If the kernel or udev
were slow in creating device nodes or symlinks, subsequent mount attempt might
fail if nspawn won the race.

Calling wait_for_partitions_to_appear() in case of no partitions means that we
verify that the kernel agrees that there are no partitions. We verify that the
kernel sees the same number of partitions as blkid, so let's that also in this
case.

This makes the failure in #10526 much less likely, but doesn't eliminate it
completely. Stay tuned.
 2018-12-17 13:50:57 +01:00
Zbigniew Jędrzejewski-Szmek
ea887be00b dissect-image: split out a chunk of dissect_image() out 
No functional change, just moving code around.
 2018-12-17 13:50:57 +01:00
Zbigniew Jędrzejewski-Szmek
ed435031a5 rfkill: move wait_for_initialized() to shared/ 
The function interface is the same, except that the output pointer may be NULL.

The implementation is slightly simplified by taking advantage of changes in
ancestor commit 'sd-device: attempt to read db again if it wasn't found', by
not creating a new sd_device object before re-checking the is_initialized
status.

v2:
- In v1, the old object was always used and the device received back from the
  sd_device_monitor_start callback was ignored. I *think* the result will be
  equivalent in both cases, because by the time we the callback gets called,
  the db entry in the filesystem will also exist, and any subsequent access to
  properties of the object would trigger a read of the database from disk. But
  I'm not certain, and anyway, using the device object received in the callback
  seems cleaner.
 2018-12-17 13:50:51 +01:00
Lennart Poettering
b950ee06e6 resolve: bump max of dns servers/search domains 
Apparently people want more of these (as #11175 shows). Since this is
merely a safety limit for us, let's just bump all values substantially.

Fixes: #11175
 2018-12-17 13:34:50 +01:00
Zbigniew Jędrzejewski-Szmek
11c49e6df5 sd-device: remove holes in struct sd_device 
Normally, we don't care too much about what pahole reports. But this structure
could potentially be allocated for every device on the system, i.e. in a large
number of copies. 5 vs 7 cache lines is nice.

/* size: 400, cachelines: 7, members: 53 */
/* sum members: 330, holes: 12, sum holes: 70 */
/* last cacheline: 16 bytes */

/* size: 320, cachelines: 5, members: 53 */
/* bit holes: 1, sum bit holes: 6 bits */
/* bit_padding: 5 bits */
 2018-12-17 12:29:28 +01:00
Zbigniew Jędrzejewski-Szmek
bce48452b8
Merge pull request #11077 from yuwata/udev-issue-better-fix 
sd-device: do not change buffer size if the socket is already bound
 2018-12-17 12:13:35 +01:00
Zbigniew Jędrzejewski-Szmek
582de70f2f
Merge pull request #11086 from poettering/nscd-cache-flush 
flush nscd's caches when we register user/groups/hostnames
 2018-12-17 11:29:58 +01:00
Zbigniew Jędrzejewski-Szmek
2e08871534 udev: use typedef for struct udev_event 2018-12-17 09:27:24 +01:00
Zbigniew Jędrzejewski-Szmek
9a07157dd5 udev: use typedef for struct udev_rules 2018-12-17 09:27:21 +01:00
Zbigniew Jędrzejewski-Szmek
96fd7bc536
Merge pull request #11179 from kraj/kraj/pu 
Fix issues found with gcc trunk
 2018-12-17 09:17:35 +01:00
Lennart Poettering
2d78717b09 fileio: when reading a full file into memory, refuse inner NUL bytes 
Just some extra care to avoid any ambiguities in what we read.
 2018-12-17 09:14:23 +01:00
Khem Raj
baa162cecd core: Fix use after free case in load_from_path() 
ensure that mfree() on filename is called after the logging function
which uses the string pointed by filename

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2018-12-16 22:02:00 -08:00
Khem Raj
bfc4183ea9 sysctl: Don't pass null directive argument to '%s' 
value pointer here is always NULL but  subsequent use of that pointer
with a %s format will always be NULL, printing p instead would be a
valid string

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2018-12-16 21:01:39 -08:00
Yu Watanabe
45cb8247d9
Merge pull request #11142 from ssahani/bond-dynamic-tlb 
netdev bond: add support to configure tlb_dynamic_lb
 2018-12-17 02:06:05 +01:00
Yu Watanabe
7082bb05ad timesync: use typesafe resolve_getaddrinfo() 2018-12-17 10:02:36 +09:00
Yu Watanabe
f2935c77c6 socket-proxyd: use typesafe resolve_getaddrinfo() 2018-12-17 10:02:36 +09:00
Yu Watanabe
1061dab129 netdev: use typesafe resolve_getaddrinfo() in wireguard.c 2018-12-17 10:02:36 +09:00
Yu Watanabe
a4c9ae400f netdev: sort headers 2018-12-17 10:02:36 +09:00
Yu Watanabe
ceb26cdbc2 sd-resolve: add sd_resolve_get{addr,info}_with_destroy_callback() and typesafe macros 2018-12-17 10:02:36 +09:00
Zbigniew Jędrzejewski-Szmek
dc5042c0a3 sd-device: pass timestamp internally as usec_t not char* 2018-12-16 20:58:45 +01:00
Zbigniew Jędrzejewski-Szmek
ebcc52fad6 sd-device: reduce the number of implementations of device_read_db() we keep around 
We had two very similar functions: device_read_db_aux and device_read_db,
and a number of wrappers for them:

device_read_db_aux
  ← device_read_db (in sd-device.c)
    ← all functions in sd-device.c, including sd_device_is_initialized

  ← device_read_db_force
     ← event_execute_rules_on_remove (in udev-event.c)

device_read_db (in device-private.c)
  ← functions in device_private.c (but not device_read_db_force):
    device_get_devnode_{mode,uid,gid}
    device_get_devlink_priority
    device_get_watch_handle
    device_clone_with_db
    ← called from udevadm, udev-{node,event,watch}.c

Before 7141e4f62c (sd-device: don't retry loading
uevent/db files more than once), the two implementations were the same. In that
commit, device_read_db_aux was changed. Those changes were reverted in the parent
commit, so the two implementations are now again the same except for superficial
differences. This commit removes device_read_db (in sd-device.c), and renames
device_read_db_aux to device_read_db_internal and makes everyone use this one
implementation. There should be no functional change.
 2018-12-16 20:17:39 +01:00
Zbigniew Jędrzejewski-Szmek
cd53c8f97d sd-device: attempt to read db again if it wasn't found 
This mostly reverts "sd-device: don't retry loading uevent/db files more than
once", 7141e4f62c. We will retry if we couldn't
access the file, but not if parsing failed.

Not re-reading the database at all just doesn't seem like a good idea. We have
two implementations of device_read_db, and one does that, and the other retries
to read the db. Re-reading seems more useful, since we can create the object
and then access properties as some later time when we know that the device has
been initialized and we can get useful results. Otherwise, we force the user to
destroy this object and create a new one.

This changes device_read_uevent_file() and device_read_db_aux(). See next
commit for description of where those functions are used.
 2018-12-16 19:52:58 +01:00
NeilBrown
89f9752ea0 core/mount: minimize impact on mount storm. 
If we create 2000 mounts (on a 1-CPU qemu VM) with
  mkdir -p /MNT/{1..2000}
  time for i in {1..2000}; do mount --bind /etc /MNT/$i ; done

it takes around 20 seconds to complete.  Much of this time is taken up
by systemd repeatedly processing /proc/self/mountinfo.
If I disable the processing, the time drops to about 4 seconds.

I have reports that on a larger system with multiple active user sessions, each
with it's own systemd, the impact can be higher.

One particular use-case where a large number of mounts can be expected in quick
succession is when the "clearcase" SCM starts up.

This patch modifies the handling up events from /proc/self/mountinfo so
that systemd backs off when a storm is detected.  Specifically the time to process
mountinfo is measured, and the process will not be repeated until 10 times
that duration has passed.  This ensures systemd won't use more than 10% of
real time processing mountinfo.

With this patch, my test above takes about 5 seconds.
 2018-12-16 12:38:40 +01:00
Lennart Poettering
2d41e9b7a0
Merge pull request #11143 from keszybz/enable-symlink 
Runtime mask symlink confusion fix
 2018-12-16 12:37:07 +01:00
Filipe Brandenburger
fc833520e4 Revert "lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors" 
This reverts commit dd102e4d0c.

That test case exposed a memory leak and breaks CI, so let's revert it until
the original issue is fixed, to prevent disruption of automated testing.
 2018-12-15 20:58:39 +03:00
Filipe Brandenburger
2e14ea7d78
Merge pull request #11137 from poettering/bogus-id128 
hostnamed: let's filter out some obviously bogus product UUIDs
 2018-12-15 09:27:14 -08:00
Susant Sahani
6d4efac2d9 networkd: Bond - AllSlavesActive fix parser 
Bond.AllSlavesActive use parser type bool
 2018-12-15 18:17:02 +05:30
Susant Sahani
fde60a424e netdev bond: add support to configure tlb_dynamic_lb 
Closes https://github.com/systemd/systemd/issues/11135

Add test for bond : tlb_dynamic_lb
 2018-12-15 18:15:16 +05:30
Lennart Poettering
460ec54908 core: flush nscd's caches whenever we allocate/release a dynamic user 
This should make dynamic users and nscd work together better.

Fixes: #10740
 2018-12-15 12:10:19 +01:00
Lennart Poettering
7782e0a0ea hostnamed: always flush nscd cache when changing hostname 
This way we know that nss-myhostname always serves the correct answer.
 2018-12-15 12:10:19 +01:00
Lennart Poettering
9fdcbae5e2 machined: flush nscd caches whenever a machine comes/goes 
This way, nss-mymachines should always serve authoritative data.
 2018-12-15 12:10:19 +01:00
Lennart Poettering
5be61bead5 machined: fix memory corruption 
Let's make sure the first hashmap we destroy also frees all machines,
because otherwise when freeing the other hashmaps we'll try to
deregister the contained machines from the hashmaps already destroyed.
 2018-12-15 12:10:19 +01:00
Lennart Poettering
f079c3727c shared: add helper for flushing nscd caches 
Apparently, people do use nscd, hence play somewhat nice with it, and
let's explicitly flush nscd caches whenever we register a new
user/group.

This patch only adds the actual refresh request invocation. Later
commits then issue this call at appropriate moments.

Note that the nscd protocol is not officially documented though very
simple. This code is written very defensively so that incompatibilities
don't affect us much.

Given that glibc really has a duty to maintain compat between
differently compiled programs and their system nscd they can't break API
and thus it should be safe for us to implement an alternative,
minimalistic client.

Ideally this kind of explicit, global cache flushing would not be necessary.
However nscd currently has no cache coherency protocol, hence we can't
really implement this better. The only concept it knows is a TTL for
positive hosts lookups. Hoewver for negative lookups or any of the other
tables nothing is available.
 2018-12-15 12:10:19 +01:00
Lennart Poettering
6839aa567c hostnamed: filter out all-zero and all-0xFF DMI ProductUUIDs 
These UUIDs are considered as wildcard value for "unset" UUIDs
typically, and this even makes sense. Let's suppress them hence.
 2018-12-15 12:06:44 +01:00
Lennart Poettering
670814387b sd-id128: add helpers to check fo all-0xFF ids 2018-12-15 12:06:44 +01:00
Lennart Poettering
463adf5710 sd-id128: slightly reorder function prototypes 
Let's place the three calls for acquiring the IDs together, and the
calls for getting the app-specific ones separate from them.
 2018-12-15 12:06:44 +01:00
Lennart Poettering
4783e5ad3d sd-128: base SD_ID128_MAKE() macro on existing SD_ID128_ARRAY() macro 2018-12-15 12:06:44 +01:00
Lennart Poettering
549b47247d fstab-generator: remove spurious newline 2018-12-15 12:06:44 +01:00
Filipe Brandenburger
dc6bf94d68 lldp: simplify compare_func, using ?: to chain comparisons 
The ?: operator is very useful for chaining comparison functions
(strcmp, memcmp, CMP), since its behavior is to return the result
of the comparison function call if non-zero, or continue evaluating
the chain of comparison functions.

This simplifies the code in that using a temporary `r` variable
to store the function results is no longer necessary and the checks
for non-zero to return are no longer needed either, resulting in a
typical three-fold reduction to the number of lines in the code.

Introduce a new memcmp_nn() to compare two memory buffers in
lexicographic order, taking length in consideration.

Tested: $ ninja -C build/ test

All test cases pass. In particular, test_multiple_neighbors_sorted()
in test-lldp would catch regressions introduced by this commit.
 2018-12-14 09:18:42 -08:00
Filipe Brandenburger
dd102e4d0c lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors 
In particular, check that the order of the results is consistent.

This test coverage will be useful in order to refactor the compare_func
used while sorting the results.

Tested: ninja -C build/ test
 2018-12-14 09:18:01 -08:00
Lennart Poettering
6baac700a8 tests: add a test that checks read_line() properly handles line endings at EOF 
As requested here: https://github.com/systemd/systemd/pull/11129#discussion_r241588835
 2018-12-14 12:57:32 +01:00
Lennart Poettering
31fd02f009 fileio: fail early if we can't return the number of bytes we read anymore in an int 
This is mostly paranoia, but let's better be safer than sorry. This of
course means there's always an implicit limit to how much we can read at
a time of 2G. But that should be ample.
 2018-12-14 12:56:12 +01:00
Zbigniew Jędrzejewski-Szmek
58d9d89b4b pid1: fix free of uninitialized pointer in unit_fail_if_noncanonical() 
https://bugzilla.redhat.com/show_bug.cgi?id=1653068
 2018-12-14 11:21:16 +01:00
Zbigniew Jędrzejewski-Szmek
3f9a0a522f tree-wide: s/time-out/timeout/g 
From WordNet (r) 3.0 (2006) [wn]:

  time-out
      n 1: a brief suspension of play; "each team has two time-outs left"

From The Free On-line Dictionary of Computing (18 March 2015) [foldoc]:

  timeout

     A period of time after which an error condition is raised if
     some event has not occured.  A common example is sending a
     message.  If the receiver does not acknowledge the message
     within some preset timeout period, a transmission error is
     assumed to have occured.
 2018-12-14 11:17:52 +01:00
Thomas Haller
1a35985264 in-addr-util: fix undefined result for in4_addr_netmask_to_prefixlen(<0.0.0.0>) 
u32ctz() was undefined for zero due to __builtin_ctz() [1].
Explicitly check for zero to make the behavior defined.

Note that this issue only affected in4_addr_netmask_to_prefixlen()
which is the only caller.

It may seem slightly odd, to return 32 (bits) for utz(0). But that
is what in4_addr_netmask_to_prefixlen() needs, and it probably makes
the most sense here.

[1] https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html

Fixes: ba91431154
 2018-12-14 11:15:36 +01:00
Zbigniew Jędrzejewski-Szmek
1d79128121 udev: make udev_rules_new() return a proper error code 2018-12-14 10:20:43 +01:00
Lennart Poettering
838894b0c6 fileio: make read_line() handle various line endings correctly 
This adds support for windows line endings.

More importantly though with this change a newline followed by EOF is
considered a single line end.
 2018-12-14 09:12:17 +01:00
Yu Watanabe
5cd6711621 sd-netlink: set destroy_callback only if asynchronous call succeeds 2018-12-14 08:50:51 +01:00
Lennart Poettering
9a6f746fb6 locale-util: prefix special glyph enum values with SPECIAL_GLYPH_ 
This has been irritating me for quite a while: let's prefix these enum
values with a common prefix, like we do for almost all other enums.

No change in behaviour, just some renaming.
 2018-12-14 08:22:54 +01:00
Yu Watanabe
903893237a sd-device: do not change buffer size if the socket is already bound 
From the results of CIs in #11076, changing buffer size may cause
issue #10754. So, let's prohibit to change the size if it is already
bound.

This also reverts commit 986ab0d2dc.
 2018-12-14 09:33:06 +09:00
Yu Watanabe
c821e84ac7 sd-device: do not modify socket option(s) if socket is passed by PID1 
If the socket fd is passed by PID1, then it is created by .socket unit
and we have already set sufficient option(s) for the socket.
So, let's not touch the passed socket.
 2018-12-14 09:28:33 +09:00
Yu Watanabe
a153a1de75 Revert "sd-device: do not call device_monitor_enable_receiving() for passed fd from pid1" 
This reverts commit 916707cca5.

As the CI results on #11076, #10754 is not fixed by the commit,
but by 986ab0d2dc. So, let's revert the
commit.
 2018-12-14 09:24:31 +09:00
Lennart Poettering
fd0ec39d38
Merge pull request #11046 from keszybz/generator-mains 
Macroify generators a bit more
 2018-12-13 22:39:23 +01:00
Zbigniew Jędrzejewski-Szmek
4b37c89f06 shared/install: ignore symlinks which have lower priority than the unit file 
In #10583, a unit file lives in ~/.config/systemd/user, and
'systemctl --runtime --user mask' is used to create a symlink in /run.
This symlink has lower priority than the config file, so
'systemctl --user' will happily load the unit file, and does't care about
the symlink at all.

But when asked if the unit is enabled, we'd look for all symlinks, find the
symlink in the runtime directory, and report that the unit is runtime-enabled.
In this particular case the fact that the symlink points at /dev/null, creates
additional confusion, but it doesn't really matter: *any* symlink (or regular
file) that is lower in the priority order is "covered" by the unit fragment,
and should be ignored.

Fixes #10583.
 2018-12-13 10:46:27 +01:00
Zbigniew Jędrzejewski-Szmek
3e8d06d951 shared/install: add some more debugging info 
Just to make it easier to understand what is going on.
 2018-12-13 08:40:38 +01:00
Franck Bui
d610d20125 vconsole-setup: fonts copy will fail if the current terminal is in graphical mode 
If the terminal is in graphical mode, the kernel will refuse to copy the fonts
and will return -EINVAL.

Also having the graphical mode in effect probably indicates that the terminal
is in used by another application and we shouldn't interfer in such cases.
 2018-12-13 08:30:20 +01:00
Zbigniew Jędrzejewski-Szmek
2eded6cb2c shared/install: remove two conditionals which are always false 
The name argument in UnitFileInstallInfo (i->name) should always be a unit
file name, so the conditional always takes the 'else' branch.

The only call chain that links to find_symlinks_fd() is unit_file_lookup_state
→ find_symlinks_in_scope → find_symlinks → find_symlinks_fd. But
unit_file_lookup_state calls unit_name_is_valid(name), and then name is used
to construct the UnitFileInstallInfo object in install_info_discover, which just
uses the name it was given.
 2018-12-13 00:58:27 +01:00
Chris Down
0c17c00433
Merge pull request #11131 from poettering/make-lucab-happy 
optionally relabel additional files/dirs for selinux after loading policy
 2018-12-12 23:17:39 +00:00
Zbigniew Jędrzejewski-Szmek
a3e7ea0282 fstab-generator: fix check for /sys 
It would work when the generator was run by systemd, since generators
are always started in "/", but when running the generator for debugging
purposes the result would be ... different.
 2018-12-12 21:58:00 +01:00
Zbigniew Jędrzejewski-Szmek
9d22f97b87 getty-generator: use the new main function definer 
I changed the nulstr loop to a normal FOREACH_STRING loop. It seems clearer
this way.
 2018-12-12 21:58:00 +01:00
Zbigniew Jędrzejewski-Szmek
ec6e959750 gpt-auto-generator: use the new main function definer 
The first error is now returned.
 2018-12-12 21:58:00 +01:00
Zbigniew Jędrzejewski-Szmek
bd020018f2 system-update-generator: use the new main function definer 2018-12-12 21:58:00 +01:00
Zbigniew Jędrzejewski-Szmek
7a44c7e31f generators: define custom main func definer and use it where applicable 
There should be no functional difference, except that the error message
is changd from "three or no arguments" to "zero or three arguments". Somehow
the inverted form always seemed strange.

umask() call is also dropped from run-generator. I think it wasn't dropped in
053254e3cb because the run generator was merged
around the same time.
 2018-12-12 21:58:00 +01:00
Sam Morris
4b987478b0 resolved: have the stub resolver listen on both TCP and UDP by default 
RFC7766 section 4 states that in the absence of EDNS0, a response that
is too large for a 512-byte UDP packet will have the 'truncated' bit
set. The client is expected to retry the query over TCP.

Fixes #10264.
 2018-12-12 21:21:04 +01:00
Chris Down
cb5e3bc37d cgroup: Don't explicitly check for member in UNIT_BEFORE 
The parent slice is always filtered ahead of time from UNIT_BEFORE, so
checking if the current member is the same as the parent unit will never
pass.

I may also write a SLICE_FOREACH_CHILD macro to remove some more of the
parent slice checks, but this requires a bit of a rework and general
refactoring and may not be worth it, so let's just do this for now.
 2018-12-12 20:50:10 +01:00
tibbling
2cf0b2fe2d timedated: Add dbus method to retrieve list of time zones (#11114) 
Move function call get_timezones from timedatectl to timedated and
create a dbus method to list timezones.
 2018-12-12 20:49:04 +01:00
Chris Down
e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Lennart Poettering
70a74ec645 mount-setup: don't consider it reason to fail if we can't relabel cgroupfs 
We usually don't care much about relabel failures, let's not do that
here either.
 2018-12-12 20:46:07 +01:00
Lennart Poettering
c4217b43d1 mount-setup: use FOREACH_STRING where appropriate 2018-12-12 20:46:07 +01:00
Lennart Poettering
65e183d789 mount-setup: optionally, relabel a configured set of files/dirs after loading policy 
Fixes: #10466
 2018-12-12 20:46:07 +01:00
Zbigniew Jędrzejewski-Szmek
26526f9826 shared/install: mark UnitFileInstallInfo* as const where appropriate 2018-12-12 16:50:29 +01:00
Zbigniew Jędrzejewski-Szmek
303ee60151 Mark *data and *userdata params to specifier_printf() as const 
It would be very wrong if any of the specfier printf calls modified
any of the objects or data being printed. Let's mark all arguments as const
(primarily to make it easier for the reader to see where modifications cannot
occur).
 2018-12-12 16:45:33 +01:00
Zbigniew Jędrzejewski-Szmek
9be3c60570
Merge pull request #10892 from mbiebl/revert-systemctl-runtime-unmask-breakage 
Revert "systemctl: when removing enablement or mask symlinks, cover both /run and /etc
 2018-12-12 14:23:04 +01:00
Lennart Poettering
a95c0505ad core: extend comments regarding coldplug() vs. catchup() 2018-12-12 11:20:53 +01:00
Lennart Poettering
a1c7334b61 core: when a unit state changes only propagate to jobs after reloading is complete 
Previously, we'd immediately propagate unit state changes into any jobs
pending for them, always. With this we only do this if the manager is
out of the "reload" state. This fixes the problem #8803 tried to
address, by simply not completing jobs until after the reload (and thus
reestablishment of the dbus connection) is complete.

Note that there's no need to later on explicitly catch up with the
missed job state changes (i.e. there's no need to call
unit_process_job() later one explicitly). That's because for jobs in
JOB_WAITING state on deserialization all jobs are requeued into the run
queue anyway, and thus checked again if they can complete now. And for
JOB_RUNNING jobs unit_catchup() phase is going to trigger missed out
state changes *after* the reload complete anyway (after all that's what
distinguishes from unit_coldplug()).

Replaces: #8803
 2018-12-12 11:15:07 +01:00
Lennart Poettering
16c74914d2 core: split out all logic that updates a Job on a unit's unit_notify() invocation 
Just some refactoring, no change in behaviour.
 2018-12-12 11:15:07 +01:00
Lennart Poettering
b17c9620c8 core: rework how we deserialize jobs 
Let's add a helper call unit_deserialize_job() for this purpose, and
let's move registration in the global jobs hash table into
job_install_deserialized() so that it it is done after all superficial
checks are done, and before transitioning into installed states, so that
rollback code is not necessary anymore.
 2018-12-12 11:15:07 +01:00
Lennart Poettering
48235ad6b7 job: be more careful when removing job object from jobs hash table 
Let's validate that the ID is actually allocated to us before remove a
job.

This is relevant as various bits of code will call job_free() on
partially set up Job objects, and we really shouldn't remove another job
object accidentally from the hash table, when the set up didn't
complete.
 2018-12-12 11:15:07 +01:00
Lennart Poettering
4a53080be6 core: don't track jobs-finishing-during-reload explicitly 
Memory management is borked for this, and moreover this is unnecessary
since f0831ed2a0, i.e. since coldplug() and catchup() are two different
concepts: the former restoring the state from before a reload, the
latter than adjusting it again to the actual status in effect after the
reload.

Fixes: #10716
Mostly reverts: #8803
 2018-12-12 11:15:06 +01:00
Lennart Poettering
728ba51e98 job: update job_free() to follow our usual return-NULL style 2018-12-12 11:14:26 +01:00
Zbigniew Jędrzejewski-Szmek
aba311f7ff generators: configure logging before the first use 2018-12-12 10:48:38 +01:00
Lennart Poettering
8aa7e29db7
Merge pull request #11122 from keszybz/tmpfiles-man 
Improvements to tmpfiles.d man page
 2018-12-12 10:13:21 +01:00
Zbigniew Jędrzejewski-Szmek
06da5c63dd meson: make net.naming-scheme= default configurable 
This is useful for distributions, where the stability of interface names should
be preseved after an upgrade of systemd. So when some specific release of the
distro is made available, systemd defaults to the latest & greatest naming
scheme, and subsequent updates set the same default. This default may still
be overriden through the kernel and env var options.

A special value "latest" is also allowed. Without a specific name, it is harder
to verride from meson. In case of 'combo' options, meson reads the default
during the initial configuration, and "remembers" this choice. When systemd is
updated, old build/ directories could keep the old default, which would be
annoying. Hence, "latest" is introduced to make it explicit, yet follow the
upstream. This is actually useful for the user too, because it may be used
as an override, without having to actually specify a version.
 2018-12-12 10:09:36 +01:00
Lennart Poettering
f7e81fd96f udev: introduce udev net_id "naming schemes" 
With this we can stabilize how naming works for network interfaces. A
user can request through a kernel cmdline option or an env var which
scheme to follow. The idea is that installers use this to set into stone
(a very soft stone though) the scheme used during installation so that
interface naming doesn't change afterwards anymore.

Why use env vars and kernel cmdline options, and not a config file of
its own?

Well, first of all there's no obvious existing one to use. But more
importantly: I have the feeling that this logic is kind of an incomplete
hack, and I simply don't want to do advertise this as a perfectly
working solution. So far we used env vars for the non-so-official
options and proper config files for the official stuff. Given how
incomplete this logic is (i.e. the big variable for naming remains the
kernel, which might expose sysfs attributes in newer versions that we
check for and didn't exist in older versions — and other problems like
this), I am simply not confident in giving this first-class exposure in
a primary configuration file.

Fixes: #10448
 2018-12-11 23:29:46 +01:00
Zbigniew Jędrzejewski-Szmek
d7ef125726 core: fix typo in comment 2018-12-11 22:20:07 +01:00
Chris Down
912b4547b5 Always explicitly discard popped stream type from __fsetlocking 
No biggie, but I noticed this while looking into bus_match_to_string.
 2018-12-11 18:49:54 +01:00
Lennart Poettering
b2c9e8e187
Merge pull request #11100 from abogdanenko/udev-test-check-perm 
udev-test: check if permitted to create block device nodes
 2018-12-11 17:37:57 +01:00
Alexey Bogdanenko
a680beb2fe udev-test: add message to show why test-udev failed 
Before:

    Assertion 'mknod(devname, mode, devnum) == 0' failed at ../src/test/test-udev.c:116, function run(). Aborting.
    Assertion 'unlink(devname) == 0' failed at ../src/test/test-udev.c:118, function run(). Aborting.

After:

    mknod() failed for '/dev/sda': Operation not permitted
    unlink('/dev/sda') failed: No such file or directory
 2018-12-11 16:55:34 +03:00
Zbigniew Jędrzejewski-Szmek
489fae526d nspawn: check cg_ns_supported() just once 
cg_ns_supported() caches, so the condition was really checked just once, but
it looks weird to assign the return value to arg_use_cgns (if the variable is not present),
because then the other checks are effectively equivalent to
  if (cg_ns_supported() && cg_ns_supported()) { ...
and later
  if (!cg_ns_supported() || !cg_ns_supported()) { ...
 2018-12-11 13:37:41 +00:00
Lennart Poettering
66944c14f3
Merge pull request #11107 from keszybz/udevadm-info-args 
Allow multiple args in udevadm info
 2018-12-11 12:12:58 +01:00
Zbigniew Jędrzejewski-Szmek
ff0fa50432
Merge pull request #11083 from poettering/nspawn-settings-fixes 
read nspawn's .nspawn files before validating configuration
 2018-12-11 11:52:23 +01:00
Zbigniew Jędrzejewski-Szmek
3c79311a6a udevadm: allow multiple arguments to "info" 
This matches udevadm trigger, which allows multiple arguments since
80877656a5.
 2018-12-11 09:29:21 +01:00
Zbigniew Jędrzejewski-Szmek
b6854081ff udevadm: allow a .device unit to be specified for query and trigger 
This is convenient when working with device units in systemd. Instead of
converting the systemd unit name to a path to feed to udevadm, udevadm
info|trigger can be called directly on the unit name.

The man page is reworked a bit to describe the modern syntax with positional
arguments first. It's just simpler to use than the positional options.
 2018-12-11 09:24:31 +01:00
Zbigniew Jędrzejewski-Szmek
d539f79176 udevadm: use path_startswith and shorten code a bit 2018-12-11 09:21:08 +01:00
Zbigniew Jędrzejewski-Szmek
668e7c0cfd udevadm: improve error output when a device is not specified or specified wrong 
udevadm would dump help() output, instead of printing a message about what is
wrong. That's just bad UX. Let's use a different message if the argument is
missing, and a different one if it is invalid.

Also, rework the code to separate the business logic from argument parsing.
Let's not use "default:" in switch statements. This way, the compiler will warn
us if we miss one of the cases.
 2018-12-11 07:29:51 +01:00
Lennart Poettering
d742f4b54b cgroup: correct mangling of return values 
Let's nor return the unmangled return value before we actually mangle
it.

Fixes: #11062
 2018-12-10 16:09:41 +01:00
Lennart Poettering
92a993041a cgroup: call cg_all_unified() right before using the result 
Let's not query it before we actually need it.
 2018-12-10 16:09:41 +01:00
Lennart Poettering
8f3fd07ac0
Merge pull request #11105 from keszybz/path-parsing 
Some tightening of our path parsing code
 2018-12-10 15:50:08 +01:00
Thomas Haller
8217ed5ec3 network: fix handling of uninitialized and zero IAID setting 
An earlier commit 0e408b82b (dhcp6-client: handle IAID with value zero)
introduced a flag to sd_dhcp6_client to distinguish between an unset
IAID and a value set to zero.

However, that was not sufficient and broke leaving the setting
uninitialized in networkd configuration. The configuration parsing
also must distinguish between the default, unset value and an
explict zero configuration.

Fixes: 0e408b82b8
 2018-12-10 14:25:28 +01:00
Zbigniew Jędrzejewski-Szmek
1d4c6f5bef pid1: set Description even for devices which don't exist yet 
We'd only set the description after the device appeared in sysfs, so
we'd always print
"A start job is running for dev-disk-by\x2duuid-aaaa ... aaaa.device (42s / 1min 30s)"
Let's make this
"A start job is running for /dev/disk/by-duuid/aaaa ... aaaa (42s / 1min 30s)"

https://bugzilla.redhat.com/show_bug.cgi?id=1655860
 2018-12-10 14:00:42 +01:00
Lennart Poettering
60f1ec13ed nspawn: move most validation checks and configuration mangling into verify_arguments() 
That's what the function is for after all, and only if it's done there
we can verify the effect of .nspawn files correctly too: after all we
should not just validate that everything configured on the command line
makes sense, but the stuff configured in the .nspawn files, too.
 2018-12-10 12:54:56 +01:00
Lennart Poettering
d5455d2f98 nspawn: split out code parsing env vars into a function of its own 
This then let's us to ensure it's called after we parsed the cmdline,
and after we loaded the settings file, so that it these env var settings
override everything loaded from there.
 2018-12-10 12:54:56 +01:00
Lennart Poettering
5eee829043 nspawn: move cg_unified_flush() invocation out of parse_argv() 
It has nothing to do with argument parsing, and hence shouldn't be
there.
 2018-12-10 12:54:56 +01:00
Lennart Poettering
2327f95499
Merge pull request #10984 from fbuihuu/tmpfiles-be-more-explicit-with-unsafe-transition 
tmpfiles: be more explicit when an unsafe path transition is met
 2018-12-10 12:31:56 +01:00
Lennart Poettering
ec68d13789
Merge pull request #10897 from keszybz/etc-fstab-parsing 
Forbid dashes in hostnames and /etc/fstab parsing improvements
 2018-12-10 12:31:30 +01:00
Zbigniew Jędrzejewski-Szmek
4cb06c5949 Use VLA instead of alloca 
The test is the same, but an array is more readable.
 2018-12-10 11:57:26 +01:00
Zbigniew Jędrzejewski-Szmek
60473f0c23 pid1: fix (harmless) off-by-one in PATH_MAX comparison 
PATH_MAX is supposed to include the terminating NUL byte. But we already
check that there is no NUL byte in the specified path. Hence the maximum
length we can expect is PATH_MAX - 1.

This doesn't change much, but makes this use of PATH_MAX consistent with the
rest of the codebase.
 2018-12-10 11:57:26 +01:00
Zbigniew Jędrzejewski-Szmek
f8703ed7e5 basic/path-util: line-break PATH_FOREACH_PREFIX macros 
Now I can see what they do :]
 2018-12-10 11:57:26 +01:00
Zbigniew Jędrzejewski-Szmek
296acffe45 When parsing paths, reject anything above PATH_MAX 
The check for length is done after path_simplify(), to be nice to paths which
are constructed using specifiers, and have duplicate slashes and stuff.
 2018-12-10 11:57:26 +01:00
Lennart Poettering
ec9efbd9bc
Merge pull request #11093 from yuwata/update-python-scripts-for-lgtm 
Update python scripts for lgtm
 2018-12-10 11:13:21 +01:00
Yu Watanabe
416b88013c systemctl: check triggering units only for stopped units 
Fixes #11088.
 2018-12-10 11:06:28 +01:00
Zbigniew Jędrzejewski-Szmek
5fe7a0a7de basic/hostname-util: do truncation last when cleaning up 
This allows more of the original name to be used if there are invalid
chars in the beginning.
 2018-12-10 09:56:56 +01:00