diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-10-12 04:29:11 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-10-12 04:29:11 +0200 | 
| commit | 689b9a22f7fa89686b2b5240b7ee9f449dea5630 (patch) | |
| tree | 47d44e0bdb73c40808a5150e081a286df38a055e | |
| parent | cec736d21ff86c4ac81b4d306ddba2120333818c (diff) | |
| parent | 64685e0cea62b4937f0804e47ce2cb7929f58223 (diff) | |
Merge branch 'master' into journal
34 files changed, 273 insertions, 88 deletions
| diff --git a/Makefile.am b/Makefile.am index 892072318f..b26c613d4f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,7 +20,7 @@ ACLOCAL_AMFLAGS = -I m4  SUBDIRS = po  LIBSYSTEMD_LOGIN_CURRENT=0 -LIBSYSTEMD_LOGIN_REVISION=5 +LIBSYSTEMD_LOGIN_REVISION=6  LIBSYSTEMD_LOGIN_AGE=0  LIBSYSTEMD_DAEMON_CURRENT=0 @@ -341,7 +341,9 @@ dist_systemunit_DATA = \  	units/halt.target \  	units/kexec.target \  	units/local-fs.target \ +        units/local-fs-pre.target \  	units/remote-fs.target \ +        units/remote-fs-pre.target \  	units/cryptsetup.target \  	units/network.target \  	units/nss-lookup.target \ @@ -19,7 +19,12 @@ Bugfixes:  Features: -* bind mounts should be ordered after remount-root-fs.service +* unset container= in PID1? + +* if we can not get user quota for tmpfs, mount a separate tmpfs instance +  for every user in /run/user/$USER with a configured maximum size + +* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max  * add an option to make mounts private/shareable and so on, enable this for root by default diff --git a/configure.ac b/configure.ac index 18dc3fe36a..0ec6f69bc8 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@  AC_PREREQ(2.63) -AC_INIT([systemd],[36],[systemd-devel@lists.freedesktop.org]) +AC_INIT([systemd],[37],[systemd-devel@lists.freedesktop.org])  AC_CONFIG_SRCDIR([src/main.c])  AC_CONFIG_MACRO_DIR([m4])  AC_CONFIG_HEADERS([config.h]) diff --git a/man/systemctl.xml b/man/systemctl.xml index 2ea6fe9fdf..5adee45163 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -603,6 +603,13 @@                          </varlistentry>                          <varlistentry> +                                <term><command>list-unit-files</command></term> + +                                <listitem><para>List installed unit files. +                                </para></listitem> +                        </varlistentry> + +                        <varlistentry>                                  <term><command>enable [NAME...]</command></term>                                  <listitem><para>Enable one or more diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 609484b3a3..230c4a31f7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -279,6 +279,11 @@                                  assignments. Empty lines and lines                                  starting with ; or # will be ignored,                                  which may be used for commenting. The +                                parser strips leading and +                                trailing whitespace from the values +                                of assignments, unless you use +                                double quotes ("). +                                The                                  argument passed should be an absolute                                  file name, optionally prefixed with                                  "-", which indicates that if the file diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 4f1102021f..7b6f12d069 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -311,20 +311,28 @@                                  main process of the daemon. The                                  command line accepts % specifiers as                                  described in -                                <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. On -                                top of that basic environment variable -                                substitution is supported, where -                                <literal>${FOO}</literal> is replaced -                                by the string value of the environment -                                variable of the same name. Also -                                <literal>$FOO</literal> may appear as -                                separate word on the command line in -                                which case the variable is replaced by -                                its value split at whitespaces. Note -                                that the first argument (i.e. the -                                binary to execute) may not be a -                                variable, and must be a literal and -                                absolute path name.</para></listitem> +                                <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + +                                <para>On top of that basic environment +                                variable substitution is +                                supported. Use +                                <literal>${FOO}</literal> as part of a +                                word, or as word of its own on the +                                command line, in which case it will be +                                replaced by the value of the +                                environment variable including all +                                whitespace it contains, resulting in a +                                single argument.  Use +                                <literal>$FOO</literal> as a separate +                                word on the command line, in which +                                case it will be replaced by the value +                                of the environment variable split up +                                at whitespace, resulting in no or more +                                arguments. Note that the first +                                argument (i.e. the program to execute) +                                may not be a variable, and must be a +                                literal and absolute path +                                name.</para></listitem>                          </varlistentry>                          <varlistentry> diff --git a/man/systemd.special.xml.in b/man/systemd.special.xml.in index 218754051e..116a43ccfb 100644 --- a/man/systemd.special.xml.in +++ b/man/systemd.special.xml.in @@ -59,6 +59,7 @@                  <filename>halt.target</filename>,                  <filename>kbrequest.target</filename>,                  <filename>local-fs.target</filename>, +                <filename>local-fs-pre.target</filename>,                  <filename>mail-transfer-agent.target</filename>,                  <filename>multi-user.target</filename>,                  <filename>network.target</filename>, @@ -66,6 +67,7 @@                  <filename>poweroff.target</filename>,                  <filename>reboot.target</filename>,                  <filename>remote-fs.target</filename>, +                <filename>remote-fs-pre.target</filename>,                  <filename>rescue.target</filename>,                  <filename>rpcbind.target</filename>,                  <filename>runlevel2.target</filename>, @@ -261,6 +263,18 @@                                  </listitem>                          </varlistentry>                          <varlistentry> +                                <term><filename>local-fs-pre.target</filename></term> +                                <listitem> +                                        <para>This target unit is +                                        automatically ordered before +                                        all local mount points marked +                                        with <option>auto</option> +                                        (see above). It can be used to +                                        execute certain units before +                                        all local mounts.</para> +                                </listitem> +                        </varlistentry> +                        <varlistentry>                                  <term><filename>mail-transfer-agent.target</filename></term>                                  <listitem>                                          <para>The mail transfer agent @@ -374,6 +388,18 @@                                  </listitem>                          </varlistentry>                          <varlistentry> +                                <term><filename>remote-fs-pre.target</filename></term> +                                <listitem> +                                        <para>This target unit is +                                        automatically ordered before +                                        all remote mount points marked +                                        with <option>auto</option> +                                        (see above). It can be used to +                                        execute certain units before +                                        all remote mounts.</para> +                                </listitem> +                        </varlistentry> +                        <varlistentry>                                  <term><filename>rescue.target</filename></term>                                  <listitem>                                          <para>A special target unit diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index bf8de322dd..897f99f24c 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -121,8 +121,9 @@                  <para>If a line starts with <option>.include</option>                  followed by a file name, the specified file will be -                read as if its contents were listed in place of the -                <option>.include</option> directive.</para> +                parsed at this point. Make sure that the file that is +                included has the appropiate section headers before +                any directives.</para>                  <para>Along with a unit file                  <filename>foo.service</filename> a directory @@ -672,6 +673,7 @@                                  <term><varname>ConditionKernelCommandLine=</varname></term>                                  <term><varname>ConditionVirtualization=</varname></term>                                  <term><varname>ConditionSecurity=</varname></term> +                                <term><varname>ConditionCapability=</varname></term>                                  <term><varname>ConditionNull=</varname></term>                                  <listitem><para>Before starting a unit @@ -748,9 +750,9 @@                                  value to check if being executed in                                  any virtualized environment, or one of                                  <varname>vm</varname> and -                                <varname>container</varname> to test against -                                a specific type of virtualization -                                solution, or one of +                                <varname>container</varname> to test +                                against a specific type of +                                virtualization solution, or one of                                  <varname>qemu</varname>,                                  <varname>kvm</varname>,                                  <varname>vmware</varname>, @@ -774,7 +776,19 @@                                  system.  Currently the only recognized                                  value is <varname>selinux</varname>.                                  The test may be negated by prepending -                                an exclamation mark. Finally, +                                an exclamation +                                mark. <varname>ConditionCapability=</varname> +                                may be used to check whether the given +                                capability exists in the capability +                                bounding set of the service manager +                                (i.e. this does not check whether +                                capability is actually available in +                                the permitted or effective sets, see +                                <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> +                                for details). Pass a capability name +                                such as <literal>CAP_MKNOD</literal>, +                                possibly prefixed with an exclamation +                                mark to negate the check. Finally,                                  <varname>ConditionNull=</varname> may                                  be used to add a constant condition                                  check value to the unit. It takes a @@ -931,7 +945,8 @@                          <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,                          <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,                          <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -                        <citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry> +                        <citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +                        <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>                  </para>          </refsect1> @@ -53,7 +53,7 @@ msgstr "Ustawienie lokalizacji systemu"  #: ../src/org.freedesktop.login1.policy.in.h:1  msgid "Allow attaching devices to seats" -msgstr "Zezwolenie na podłączanie urządzeń do siedzeń" +msgstr "Zezwolenie na podłączanie urządzeń do stanowisk"  #: ../src/org.freedesktop.login1.policy.in.h:2  msgid "Allow non-logged-in users to run programs" @@ -69,8 +69,8 @@ msgstr ""  #: ../src/org.freedesktop.login1.policy.in.h:4  msgid "Authentication is required to allow attaching a device to a seat"  msgstr "" -"Wymagane jest uwierzytelnienie, aby zezwolić na podłączanie urządzeń do " -"siedzeń" +"Wymagane jest uwierzytelnienie, aby zezwolić na podłączenie urządzenia do " +"stanowiska"  #: ../src/org.freedesktop.login1.policy.in.h:5  msgid "Authentication is required to allow powering off the system" @@ -103,11 +103,11 @@ msgid ""  "seats"  msgstr ""  "Wymagane jest uwierzytelnienie, aby zezwolić na ponowne ustawianie sposobu " -"podłączenia urządzeń do siedzeń" +"podłączenia urządzeń do stanowisk"  #: ../src/org.freedesktop.login1.policy.in.h:10  msgid "Flush device to seat attachments" -msgstr "Czyszczenie podłączeń urządzeń do siedzeń" +msgstr "Usunięcie podłączenia urządzeń do stanowisk"  #: ../src/org.freedesktop.login1.policy.in.h:11  msgid "Power off the system" diff --git a/src/condition.c b/src/condition.c index e978656772..f18c45421a 100644 --- a/src/condition.c +++ b/src/condition.c @@ -23,6 +23,7 @@  #include <errno.h>  #include <string.h>  #include <unistd.h> +#include <sys/capability.h>  #ifdef HAVE_SELINUX  #include <selinux/selinux.h> @@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) {                  return true;          /* Finally compare id */ -        return streq(parameter, id); +        return v > 0 && streq(parameter, id);  }  static bool test_security(const char *parameter) { @@ -159,6 +160,36 @@ static bool test_security(const char *parameter) {          return false;  } +static bool test_capability(const char *parameter) { +        cap_value_t value; +        FILE *f; +        char line[LINE_MAX]; +        unsigned long long capabilities = (unsigned long long) -1; + +        /* If it's an invalid capability, we don't have it */ + +        if (cap_from_name(parameter, &value) < 0) +                return false; + +        /* If it's a valid capability we default to assume +         * that we have it */ + +        f = fopen("/proc/self/status", "re"); +        if (!f) +                return true; + +        while (fgets(line, sizeof(line), f)) { +                truncate_nl(line); + +                if (startswith(line, "CapBnd:")) { +                        (void) sscanf(line+7, "%llx", &capabilities); +                        break; +                } +        } + +        return !!(capabilities & (1ULL << value)); +} +  bool condition_test(Condition *c) {          assert(c); @@ -214,6 +245,9 @@ bool condition_test(Condition *c) {          case CONDITION_SECURITY:                  return test_security(c->parameter) == !c->negate; +        case CONDITION_CAPABILITY: +                return test_capability(c->parameter) == !c->negate; +          case CONDITION_NULL:                  return !c->negate; diff --git a/src/condition.h b/src/condition.h index dd65aa6054..71b1c6761e 100644 --- a/src/condition.h +++ b/src/condition.h @@ -37,6 +37,7 @@ typedef enum ConditionType {          CONDITION_KERNEL_COMMAND_LINE,          CONDITION_VIRTUALIZATION,          CONDITION_SECURITY, +        CONDITION_CAPABILITY,          CONDITION_NULL,          _CONDITION_TYPE_MAX,          _CONDITION_TYPE_INVALID = -1 diff --git a/src/execute.c b/src/execute.c index 53e7e77fde..866e8bf2f6 100644 --- a/src/execute.c +++ b/src/execute.c @@ -895,12 +895,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) {                  }          } -        for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++) +        for (i = 0; i <= cap_last_cap(); i++)                  if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {                          if (prctl(PR_CAPBSET_DROP, i) < 0) { -                                if (errno == EINVAL) -                                        break; -                                  r = -errno;                                  goto finish;                          } @@ -1720,7 +1717,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {                  unsigned long l;                  fprintf(f, "%sCapabilityBoundingSet:", prefix); -                for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++) +                for (l = 0; l <= cap_last_cap(); l++)                          if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {                                  char *t; diff --git a/src/generate-kbd-model-map b/src/generate-kbd-model-map index 4fcf785e10..624c5179fa 100755 --- a/src/generate-kbd-model-map +++ b/src/generate-kbd-model-map @@ -1,49 +1,33 @@  #!/usr/bin/python -import system_config_keyboard.keyboard_models, sys +import sys +import system_config_keyboard.keyboard_models  def strdash(s): -        r = s.strip() - -        if r == "": -                return "-" - -        return r - -def tab_extend(s, n = 1): +        return s.strip() or '-' +def tab_extend(s, n=1):          s = strdash(s) -        k = len(s) / 8 +        k = len(s) // 8          if k >= n:                  f = 1          else:                  f = n - k -        for x in range(0, f): -                s = s + "\t" - -        return s - +        return s + '\t'*f  models = system_config_keyboard.keyboard_models.KeyboardModels().get_models()  print "# Generated from system-config-keyboard's model list" -  print "# consolelayout\t\txlayout\txmodel\t\txvariant\txoptions" -k = models.keys() - -k.reverse() - -for key in k: -        value = models[key] - -        options = value[4] -        if len(options) > 0: -                options = "terminate:ctrl_alt_bksp," + options -        else: -                options = "terminate:ctrl_alt_bksp" +for key, value in reversed(models.items()): +        options = "terminate:ctrl_alt_bksp" +        if value[4]: +                options += ',' + value[4] -        print "%s%s%s%s%s" % (tab_extend(key, 3), tab_extend(value[1]), tab_extend(value[2], 2), tab_extend(value[3], 2), options) +        print ''.join((tab_extend(key, 3), tab_extend(value[1]), +                       tab_extend(value[2], 2), tab_extend(value[3], 2), +                       options)) diff --git a/src/hostname-setup.c b/src/hostname-setup.c index 57db9fbf7c..7216b75c8a 100644 --- a/src/hostname-setup.c +++ b/src/hostname-setup.c @@ -32,7 +32,7 @@  #if defined(TARGET_FEDORA) || defined(TARGET_ALTLINUX) || defined(TARGET_MANDRIVA) || defined(TARGET_MEEGO)  #define FILENAME "/etc/sysconfig/network" -#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE) +#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)  #define FILENAME "/etc/HOSTNAME"  #elif defined(TARGET_ARCH)  #define FILENAME "/etc/rc.conf" @@ -114,7 +114,7 @@ finish:          fclose(f);          return r; -#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE) +#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)          return read_and_strip_hostname(FILENAME, hn);  #else          return -ENOENT; diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4 index 7749b88dfb..41797d20c0 100644 --- a/src/load-fragment-gperf.gperf.m4 +++ b/src/load-fragment-gperf.gperf.m4 @@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable,  config_parse_unit_condition_path,   CONDITION_F  Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0  Unit.ConditionVirtualization,    config_parse_unit_condition_string, CONDITION_VIRTUALIZATION,      0  Unit.ConditionSecurity,          config_parse_unit_condition_string, CONDITION_SECURITY,            0 +Unit.ConditionCapability,        config_parse_unit_condition_string, CONDITION_CAPABILITY,          0  Unit.ConditionNull,              config_parse_unit_condition_null,   0,                             0  m4_dnl  Service.PIDFile,                 config_parse_unit_path_printf,      0,                             offsetof(Service, pid_file) diff --git a/src/localed.c b/src/localed.c index e627c3a716..c6b48de5f9 100644 --- a/src/localed.c +++ b/src/localed.c @@ -574,6 +574,10 @@ static int write_data_x11(void) {  #ifdef TARGET_FEDORA                  unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); + +                /* Symlink this to /dev/null, so that s-s-k (if it is +                 * still running) doesn't recreate this. */ +                symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");  #endif                  if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) @@ -619,6 +623,10 @@ static int write_data_x11(void) {  #ifdef TARGET_FEDORA                  unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); + +                /* Symlink this to /dev/null, so that s-s-k (if it is +                 * still running) doesn't recreate this. */ +                symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");  #endif                  r = 0; diff --git a/src/logind-dbus.c b/src/logind-dbus.c index bc1e49d18f..0550d1bd1c 100644 --- a/src/logind-dbus.c +++ b/src/logind-dbus.c @@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler(          } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) {                  r = bus_manager_create_session(m, message, &reply); -                if (r == -ENOMEM) -                        goto oom; + +                /* Don't delay the work on OOM here, since it might be +                 * triggered by a low RLIMIT_NOFILE here (since we +                 * send a dupped fd to the client), and we'd rather +                 * see this fail quickly then be retried later */                  if (r < 0)                          return bus_send_error_reply(connection, message, &error, r); diff --git a/src/mount.c b/src/mount.c index 2fc799a6ed..ef953f0d0a 100644 --- a/src/mount.c +++ b/src/mount.c @@ -357,9 +357,11 @@ static int mount_add_fstab_links(Mount *m) {          if (mount_is_network(p)) {                  target = SPECIAL_REMOTE_FS_TARGET; -                after = SPECIAL_NETWORK_TARGET; -        } else +                after = SPECIAL_REMOTE_FS_PRE_TARGET; +        } else {                  target = SPECIAL_LOCAL_FS_TARGET; +                after = SPECIAL_LOCAL_FS_PRE_TARGET; +        }          if (!path_equal(m->where, "/"))                  if ((r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true)) < 0) diff --git a/src/nspawn.c b/src/nspawn.c index 8441c057b9..653d7db730 100644 --- a/src/nspawn.c +++ b/src/nspawn.c @@ -361,7 +361,7 @@ static int drop_capabilities(void) {          unsigned long l; -        for (l = 0; l <= MAX(63LU, (unsigned long) CAP_LAST_CAP); l++) { +        for (l = 0; l <= cap_last_cap(); l++) {                  unsigned i;                  for (i = 0; i < ELEMENTSOF(retain); i++) @@ -372,12 +372,6 @@ static int drop_capabilities(void) {                          continue;                  if (prctl(PR_CAPBSET_DROP, l) < 0) { - -                        /* If this capability is not known, EINVAL -                         * will be returned, let's ignore this. */ -                        if (errno == EINVAL) -                                break; -                          log_error("PR_CAPBSET_DROP failed: %m");                          return -errno;                  } diff --git a/src/pager.c b/src/pager.c index 6e2bb4901e..3fc81820e9 100644 --- a/src/pager.c +++ b/src/pager.c @@ -32,7 +32,7 @@  static pid_t pager_pid = 0; -static void pager_fallback(void) { +_noreturn_ static void pager_fallback(void) {          ssize_t n;          do {                  n = splice(STDIN_FILENO, NULL, STDOUT_FILENO, NULL, 64*1024, 0); diff --git a/src/readahead-common.h b/src/readahead-common.h index 167df316d9..9547ad201c 100644 --- a/src/readahead-common.h +++ b/src/readahead-common.h @@ -27,7 +27,7 @@  #include "macro.h" -#define READAHEAD_FILE_SIZE_MAX (128*1024*1024) +#define READAHEAD_FILE_SIZE_MAX (10*1024*1024)  int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st); diff --git a/src/sd-login.h b/src/sd-login.h index 7102eb88e0..0cb0bf06bb 100644 --- a/src/sd-login.h +++ b/src/sd-login.h @@ -83,7 +83,7 @@ int sd_session_get_seat(const char *session, char **seat);  int sd_seat_get_active(const char *seat, char **session, uid_t *uid);  /* Return sessions and users on seat. Returns number of sessions as - * return value. If sessions is NULL returs only the number of + * return value. If sessions is NULL returns only the number of   * sessions. */  int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uid, unsigned *n_uids); @@ -94,7 +94,7 @@ int sd_seat_can_multi_session(const char *seat);   * seats is NULL only returns number of seats. */  int sd_get_seats(char ***seats); -/* Get all sessions, store in *seessions. Returns the number of +/* Get all sessions, store in *sessions. Returns the number of   * sessions. If sessions is NULL only returns number of sessions. */  int sd_get_sessions(char ***sessions); diff --git a/src/service.c b/src/service.c index c2053ce3ac..e64d289fed 100644 --- a/src/service.c +++ b/src/service.c @@ -829,6 +829,7 @@ static int service_load_sysv_path(Service *s, const char *path) {          /* Special setting for all SysV services */          s->type = SERVICE_FORKING;          s->remain_after_exit = !s->pid_file; +        s->guess_main_pid = false;          s->restart = SERVICE_RESTART_NO;          if (s->meta.manager->sysv_console) diff --git a/src/special.h b/src/special.h index 614e53ca1b..3fe34c955c 100644 --- a/src/special.h +++ b/src/special.h @@ -45,7 +45,9 @@  #define SPECIAL_SYSINIT_TARGET "sysinit.target"  #define SPECIAL_SOCKETS_TARGET "sockets.target"  #define SPECIAL_LOCAL_FS_TARGET "local-fs.target"         /* LSB's $local_fs */ +#define SPECIAL_LOCAL_FS_PRE_TARGET "local-fs-pre.target"  #define SPECIAL_REMOTE_FS_TARGET "remote-fs.target"       /* LSB's $remote_fs */ +#define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target"  #define SPECIAL_SWAP_TARGET "swap.target"  #define SPECIAL_BASIC_TARGET "basic.target" diff --git a/src/timedated.c b/src/timedated.c index f6fe2d83b6..16f54b59d2 100644 --- a/src/timedated.c +++ b/src/timedated.c @@ -170,8 +170,24 @@ static int read_data(void) {          free_data();          r = read_one_line_file("/etc/timezone", &zone); -        if (r < 0 && r != -ENOENT) -                return r; +        if (r < 0) { +                if (r != -ENOENT) +                        log_warning("Failed to read /etc/timezone: %s", strerror(-r)); + +#ifdef TARGET_FEDORA +                r = parse_env_file("/etc/sysconfig/clock", NEWLINE, +                                   "ZONE", &zone, +                                   NULL); + +                if (r < 0 && r != -ENOENT) +                        log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r)); +#endif +        } + +        if (isempty(zone)) { +                free(zone); +                zone = NULL; +        }          verify_timezone(); diff --git a/src/tmpfiles.c b/src/tmpfiles.c index a6b8f859aa..21bf44d3a4 100644 --- a/src/tmpfiles.c +++ b/src/tmpfiles.c @@ -157,6 +157,7 @@ static void load_unix_sockets(void) {                  }          } +        fclose(f);          return;  fail: diff --git a/src/util.c b/src/util.c index a3cfe864b6..26c2f22ff0 100644 --- a/src/util.c +++ b/src/util.c @@ -2336,8 +2336,10 @@ int chvt(int vt) {                          0                  }; -                if (ioctl(fd, TIOCLINUX, tiocl) < 0) -                        return -errno; +                if (ioctl(fd, TIOCLINUX, tiocl) < 0) { +                        r = -errno; +                        goto fail; +                }                  vt = tiocl[0] <= 0 ? 1 : tiocl[0];          } @@ -2345,7 +2347,8 @@ int chvt(int vt) {          if (ioctl(fd, VT_ACTIVATE, vt) < 0)                  r = -errno; -        close_nointr_nofail(r); +fail: +        close_nointr_nofail(fd);          return r;  } @@ -5899,4 +5902,36 @@ int prot_from_flags(int flags) {          default:                  return -EINVAL;          } + +unsigned long cap_last_cap(void) { +        static __thread unsigned long saved; +        static __thread bool valid = false; +        unsigned long p; + +        if (valid) +                return saved; + +        p = (unsigned long) CAP_LAST_CAP; + +        if (prctl(PR_CAPBSET_READ, p) < 0) { + +                /* Hmm, look downwards, until we find one that +                 * works */ +                for (p--; p > 0; p --) +                        if (prctl(PR_CAPBSET_READ, p) >= 0) +                                break; + +        } else { + +                /* Hmm, look upwards, until we find one that doesn't +                 * work */ +                for (;; p++) +                        if (prctl(PR_CAPBSET_READ, p+1) < 0) +                                break; +        } + +        saved = p; +        valid = true; + +        return p;  } diff --git a/src/util.h b/src/util.h index 89a7bec612..1db82f83e0 100644 --- a/src/util.h +++ b/src/util.h @@ -515,4 +515,6 @@ bool kexec_loaded(void);  int prot_from_flags(int flags); +unsigned long cap_last_cap(void); +  #endif diff --git a/units/local-fs-pre.target b/units/local-fs-pre.target new file mode 100644 index 0000000000..11e67bac1c --- /dev/null +++ b/units/local-fs-pre.target @@ -0,0 +1,11 @@ +#  This file is part of systemd. +# +#  systemd is free software; you can redistribute it and/or modify it +#  under the terms of the GNU General Public License as published by +#  the Free Software Foundation; either version 2 of the License, or +#  (at your option) any later version. + +# See systemd.special(7) for details + +[Unit] +Description=Local File Systems (Pre) diff --git a/units/remote-fs-pre.target b/units/remote-fs-pre.target new file mode 100644 index 0000000000..5406aa22d3 --- /dev/null +++ b/units/remote-fs-pre.target @@ -0,0 +1,15 @@ +#  This file is part of systemd. +# +#  systemd is free software; you can redistribute it and/or modify it +#  under the terms of the GNU General Public License as published by +#  the Free Software Foundation; either version 2 of the License, or +#  (at your option) any later version. + +# See systemd.special(7) for details + +[Unit] +Description=Remote File Systems (Pre) +After=network.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remount-rootfs.service b/units/remount-rootfs.service index e95023f03d..89a16c8b26 100644 --- a/units/remount-rootfs.service +++ b/units/remount-rootfs.service @@ -10,7 +10,8 @@ Description=Remount Root FS  DefaultDependencies=no  Conflicts=shutdown.target  After=systemd-readahead-collect.service systemd-readahead-replay.service fsck-root.service -Before=local-fs.target shutdown.target +Before=local-fs-pre.target local-fs.target shutdown.target +Wants=local-fs-pre.target  [Service]  Type=oneshot diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 82a2c6a0ca..4241b8b320 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -16,3 +16,7 @@ Type=dbus  BusName=org.freedesktop.login1  CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER  StandardOutput=syslog + +# Increase the default a bit in order to allow many simultaneous +# logins since we keep one fd open per session. +LimitNOFILE=16384 diff --git a/units/systemd-remount-api-vfs.service.in b/units/systemd-remount-api-vfs.service.in index 2ccbe23c8c..6339ee64a6 100644 --- a/units/systemd-remount-api-vfs.service.in +++ b/units/systemd-remount-api-vfs.service.in @@ -10,7 +10,8 @@ Description=Remount API VFS  DefaultDependencies=no  Conflicts=shutdown.target  After=systemd-readahead-collect.service systemd-readahead-replay.service -Before=local-fs.target shutdown.target +Before=local-fs-pre.target local-fs.target shutdown.target +Wants=local-fs-pre.target  [Service]  Type=oneshot diff --git a/units/systemd-stdout-syslog-bridge.service.in b/units/systemd-stdout-syslog-bridge.service.in index 23a5137068..4626145476 100644 --- a/units/systemd-stdout-syslog-bridge.service.in +++ b/units/systemd-stdout-syslog-bridge.service.in @@ -18,3 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-stdout-syslog-bridge  NotifyAccess=all  StandardOutput=null  CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID + +# Increase the default a bit in order to allow many simultaneous +# services being run since we keep one fd open per service. +LimitNOFILE=16384 | 
