1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Commit Graph

30950 Commits

Author SHA1 Message Date
Lennart Poettering
fc010b01e7 mount-util: drop exponential buffer growing in name_to_handle_at_loop()
So, it appears name_to_handle_at() always returns the right buffer size
on EOVERFLOW, when it's returned due to a too small buffer. Let's rely
on that exclusively for sizing the buffer, and let's drop the
exponential buffer growing.

The new logic is now: if we see EOVERFLOW and the returned size has
increased, resize our buffer and try again. But if it didn't increase,
then propagate the EOVERFLOW as it likely has other causes.
2017-11-23 13:28:06 +01:00
Yu Watanabe
706424c2e2 core/manager: check the existance of the special units (#7433)
In the user mode, not all special units exist.
So, we need to check whether the units exist or not before operate
something to the units.
Such the check was mistakenly dropped by e68537f0ba.

Fixes #7426.
2017-11-23 13:25:56 +01:00
Carsten Strotmann
f75707dbcb Fixed Type nmnds-ipv4 -> nmdns-ipv4 (#7435) 2017-11-23 13:12:00 +01:00
Evgeny Vereshchagin
0fb8449930 cgroup: downgrade the log level of "invocation id" messages to debug (#7422)
Now that d3070fbdf6 has been merged, these errors are not as
critical as they used to be.
2017-11-23 11:07:20 +01:00
Evgeny Vereshchagin
abe4a74f80
Merge pull request #7420 from brauner/2017-11-22/systemd_in_container_unified_cgroup_hierarchy
cgroup: skip unwritable cgroups
2017-11-23 04:11:04 +03:00
Christian Brauner
2d56b80a18
cgroup: test whether pure unified hierarchy is writable
If it is not writable we should not mount it.
2017-11-22 17:35:21 +01:00
Christian Brauner
e07aefbd67
cgroup: check whether unified hierarchy is writable
When systemd is running inside a container employing user
namespaces it currently mounts the unified cgroup hierarchy
without being able to write to it. This causes systemd to
freeze during boot.
This patch checks whether the unified cgroup hierarchy
is writable. If it is not it will not mount it.

This solution is based on a patch by Evgeny Vereshchagin.

Closes #6408.
Closes https://github.com/lxc/lxc/issues/1678 .
2017-11-22 17:34:25 +01:00
Lennart Poettering
0a5b5115b1
Merge pull request #7416 from keszybz/readd-lost-test
Readd lost test
2017-11-22 17:24:21 +01:00
Zbigniew Jędrzejewski-Szmek
6b97bf2287 meson: re-attach rule-syntax-check.py test
39/248 rule-syntax-check                       OK     0.07 s

--- command ---
/home/zbyszek/src/systemd-work/test/rule-syntax-check.py \
    /home/zbyszek/src/systemd-work/build/../rules/60-block.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-cdrom_id.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-drm.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-evdev.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-input-id.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-alsa.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-input.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-storage.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-storage-tape.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-v4l.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-sensor.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-serial.rules \
    /home/zbyszek/src/systemd-work/build/../rules/70-joystick.rules \
    /home/zbyszek/src/systemd-work/build/../rules/70-mouse.rules \
    /home/zbyszek/src/systemd-work/build/../rules/70-touchpad.rules \
    /home/zbyszek/src/systemd-work/build/../rules/75-net-description.rules \
    /home/zbyszek/src/systemd-work/build/../rules/75-probe_mtd.rules \
    /home/zbyszek/src/systemd-work/build/../rules/78-sound-card.rules \
    /home/zbyszek/src/systemd-work/build/../rules/80-drivers.rules \
    /home/zbyszek/src/systemd-work/build/../rules/80-net-setup-link.rules \
    /home/zbyszek/src/systemd-work/build/rules/50-udev-default.rules \
    /home/zbyszek/src/systemd-work/build/rules/64-btrfs.rules \
    /home/zbyszek/src/systemd-work/build/rules/99-systemd.rules
--- stdout ---
...
-------

It got dropped by mistake in 72cdb3e783.
2017-11-22 12:46:08 +01:00
Zbigniew Jędrzejewski-Szmek
2956395c83 rule-test-syntax: modernize syntax and add debug message 2017-11-22 12:29:58 +01:00
Zbigniew Jędrzejewski-Szmek
bfbcf21d75
Merge pull request #7406 from poettering/timestamp-rework
timestamping rework
2017-11-22 11:55:04 +01:00
Simon Peeters
bc9c9efd07 udevd: remove unused list node 2017-11-22 10:38:07 +01:00
Simon Peeters
40a5771658 udevd: use list.h instead of udev_list_node 2017-11-22 10:38:05 +01:00
Zbigniew Jędrzejewski-Szmek
a6856129ec udev: "handle" oom in path_id
path_prepend returned a status code, but it wasn't looked at anywhere.
Adding checks for the return value in all the bazillion places where it
is called is not very attractive, so let's just make the whole program
abort cleanly if the (very unlikely) oom is encountered.
2017-11-22 10:34:47 +01:00
Zbigniew Jędrzejewski-Szmek
d7d7daece9 udev: modernize style in path_id
No functional change.
2017-11-22 10:34:34 +01:00
Susant Sahani
d6df583c87 networkd: introduce vxcan netdev. (#7150)
Similar to the virtual ethernet driver veth, vxcan implements a
local CAN traffic tunnel between two virtual CAN network devices.
When creating a vxcan, two vxcan devices are created as pair
When one end receives the packet it appears on its pair and vice
versa. The vxcan can be used for cross namespace communication.
2017-11-22 08:23:22 +01:00
Zbigniew Jędrzejewski-Szmek
a217a4bcc5
Merge pull request #7395 from poettering/nametohandleat-loop
name_to_handle_at() EOVERFLOW handling
2017-11-22 08:20:36 +01:00
Susant Sahani
5f04a209ea networkd:DHCP-client ignore default route if classless static route is set (#6885)
According to RFC 3442:

If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option.

fixes #5695.
2017-11-22 07:43:55 +01:00
Zbigniew Jędrzejewski-Szmek
ffb70e4424
Merge pull request #7381 from poettering/cgroup-unified-delegate-rework
Fix delegation in the unified hierarchy + more cgroup work
2017-11-22 07:42:08 +01:00
Zbigniew Jędrzejewski-Szmek
82a27ba821
Merge pull request #7389 from shawnl/warning
tree-wide: adjust fall through comments so that gcc is happy
2017-11-22 07:38:51 +01:00
Andrew Jeddeloh
b1b96380fe README: add requirements for IPAddress{Allow,Deny} (#7414)
Document kernel options needed for IPAddress{Allow,Deny}.
2017-11-21 23:54:20 +01:00
Lennart Poettering
23209bcd37 test: fix UDEV-WANTS testcase for non-bash shells (#7407)
testsuite.sh uses "set -o pipefile", which is a bashism, hence use bash
to invoke the script.
2017-11-21 17:38:43 +01:00
longersson
fc696d52b9 Docs: Fix spelling and capitalization (#7408) 2017-11-21 14:37:16 +01:00
Zbigniew Jędrzejewski-Szmek
97279d8380 meson: "upgrade" -Wimplicit-fallthrough to 5
5 means that only the explicit attribute introduced in previous commit
is accepted. We don't want the comments anymore.
2017-11-21 12:47:51 +01:00
jobol
37ac2744cc core/exec: Restore SmackProcessLabel setting (#7378)
Smack LSM needs the capability CAP_MAC_ADMIN to allow
setting of the current Smack exec label. Consequently,
dropping capabilities must be done after changing the
current exec label.

This is only related to Smack LSM. But for clarity and
regularity, all setting of security context moved before
dropping capabilities.

See Issue 7108
2017-11-21 12:01:13 +01:00
Lennart Poettering
54c552eae6
Merge pull request #7335 from poettering/dissect-meta-info
beef up image dissection, to gather image metadata
2017-11-21 11:58:31 +01:00
Lennart Poettering
0b0c55fafd
Merge pull request #7363 from poettering/success-action
Generalize FailureAction=, and add SuccessAction=
2017-11-21 11:57:42 +01:00
Susant Sahani
8ad93cacf0 networkd: cleanup do not call link_enter_set_routes after label is set. (#6935)
Remove link_enter_set_routes after label is set.
2017-11-21 11:54:14 +01:00
Lennart Poettering
e7266e98f9 test: fix UDEV-WANTS testcase for non-bash shells
testsuite.sh uses "set -o pipefile", which is a bashism, hence use bash
to invoke the script.
2017-11-21 11:54:08 +01:00
Lennart Poettering
99f3baa983 man: clarify that the controllers listed on Delegate= might not be the only ones 2017-11-21 11:54:08 +01:00
Lennart Poettering
b961baf1ce test: add a test case that validates cgroup delegation
This test runs on the unified hierarchy, and ensures that cgroup
delegation works properly, i.e. writ access is granted and the requested
controllers are enabled.
2017-11-21 11:54:08 +01:00
Lennart Poettering
64e844e5ca cgroup: fix delegation on the unified hierarchy
Make sure to add the delegation mask to the mask of controllers we have
to enable on our own unit. Do not claim it was a members mask, as such
a logic would mean we'd collide with cgroupv2's "no processes on inner
nodes policy".

This change does the right thing: it means any controller enabled
through Controllers= will be made available to subcrgoups of our unit,
but the unit itself has to still enable it through
cgroup.subtree_control (which it can since that file is delegated too)
to be inherited further down.

Or to say this differently: we only should manipulate
cgroup.subtree_control ourselves for inner nodes (i.e. slices), and
for leaves we need to provide a way to enable controllers in the slices
above, but stay away from the cgroup's own cgroup.subtree_control —
which is what this patch ensures.

Fixes: #7355
2017-11-21 11:54:08 +01:00
Lennart Poettering
5e20b0a452 cgroup: properly determine cgroups zombie processes belong to
When a process becomes a zombie its cgroup might be deleted. Let's add
some minimal code to detect cases like this, so that we can still
attribute this back to the original cgroup.
2017-11-21 11:54:08 +01:00
Lennart Poettering
77fa610b22 cgroup-util: optimization — open subtree_control file only once for all controllers 2017-11-21 11:54:08 +01:00
Lennart Poettering
5962e9db5e update TODO 2017-11-21 11:54:08 +01:00
Lennart Poettering
3c7416b6ca core: unify common code for preparing for forking off unit processes
This introduces a new function unit_prepare_exec() that encapsulates a
number of calls we do in preparation for spawning off some processes in
all our unit types that do so.

This allows us to neatly unify a bit of code between unit types and
shorten our code.
2017-11-21 11:54:08 +01:00
Lennart Poettering
6925a0de4e cgroup-util: move Set* allocation into cg_kernel_controllers()
Previously, callers had to do this on their own. Let's make the call do
that instead, making the caller code a bit shorter.
2017-11-21 11:54:08 +01:00
Lennart Poettering
bf516294c8 nspawn: minor optimization
no need to prepare the target path if we quite the loop anyway one step
later.
2017-11-21 11:54:08 +01:00
Lennart Poettering
d7c9693a3e nspawn-mount: rework get_controllers() a bit
Let's rename get_controllers() → get_process_controllers(), in order to
underline the difference to cg_kernel_controllers(). After all, one
returns the controllers available to the process, the other the
controllers enabled in the kernel at all).

Let's also update the code to use read_line() and set_put_strdup() to
shorten the code a bit, and make it more robust.
2017-11-21 11:54:08 +01:00
Lennart Poettering
ea9053c5f8 nspawn: rework mount_systemd_cgroup_writable() a bit
We shouldn't call alloca() as part of function calls, that's not really
defined in C. Hence, let's first do our stack allocations, and then
invoke functions.

Also, some coding style fixes, and minor shuffling around.

No functional changes.
2017-11-21 11:54:08 +01:00
Lennart Poettering
68ac0d05a9 cgroup: move cgroup controller names def.h → cgroup-util.h
These definitions are clearly cgroup specific, hence let's move them out
of def.h
2017-11-21 11:54:08 +01:00
Susant Sahani
762e2659b9 networkd: support incoming/outgoing device for rule matching (#7223)
Closes #7210
2017-11-21 11:51:50 +01:00
Lennart Poettering
190654f44b test: fix UDEV-WANTS testcase for non-bash shells
testsuite.sh uses "set -o pipefile", which is a bashism, hence use bash
to invoke the script.
2017-11-21 11:37:28 +01:00
Lennart Poettering
654c87e0e6 udev: port udev_has_devtmpfs() to use path_get_mnt_id()
This means there's a good chance the code also works on kernels that
lack name_to_handle_at().
2017-11-21 11:37:12 +01:00
Lennart Poettering
c2a986d509 mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
This is a simple wrapper around name_to_handle_at_loop() and
fd_fdinfo_mnt_id() to query the mnt ID of a path. It uses
name_to_handle_at() where it can, and falls back to to
fd_fdinfo_mnt_id() where that doesn't work.

This is a best-effort thing of course, since neither name_to_handle_at()
nor the fdinfo logic work on all kernels.
2017-11-21 11:37:12 +01:00
Lennart Poettering
cbfb8679dd mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
As it turns out MAX_HANDLE_SZ is a lie, the handle buffer we pass into
name_to_handle_at() might need to be larger than MAX_HANDLE_SZ, and we
thus need to invoke name_to_handle_at() in a loop, growing the buffer as
needed.

This adds a new wrapper name_to_handle_at_loop() around
name_to_handle_at() that does the necessary looping, and ports over all
users.

Fixes: #7082
2017-11-21 11:37:12 +01:00
Lennart Poettering
213242a36b man: bootup(7) is one of our own man pages 2017-11-21 11:01:34 +01:00
Lennart Poettering
e68537f0ba core: make use of unit_active_or_pending() where we can
Let's make use of unit_active_or_pending() where we can. Note that this
change changes beaviour in one specific case: when shutdown.target is
active we'll now also return that the system is in "stopping" state, not
only when we try to get into it. That makes sense as shutdown.target is
ordered before the actually shutdown units such as
"systemd-poweroff.service", and if the state is queried between reaching
those we should also report "stopping".
2017-11-21 11:01:34 +01:00
Lennart Poettering
49d5666cc5 manager: introduce MANAGER_IS_FINISHED() macro
Let's make our finished checks a bit more readable. Checking the
timestamp is not entirely obvious, hence let's abstract that a bit by
adding a macro that shows what we are doing here, not how we doing it.

This is particularly useful if we want to change the definition of
"finished" later on, in particular, when we try to fix #7023.
2017-11-21 11:01:34 +01:00
Lennart Poettering
713f6f901d manager: add manager_get_dump_string()
It's like manager_dump(), but returns a string. This allows us to reduce
some duplicate code. Also, while we are at it, turn off stdio locking
while we write to the memory FILE *f.
2017-11-21 11:01:34 +01:00