diff options
34 files changed, 273 insertions, 88 deletions
diff --git a/Makefile.am b/Makefile.am index 892072318f..b26c613d4f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,7 +20,7 @@ ACLOCAL_AMFLAGS = -I m4 SUBDIRS = po LIBSYSTEMD_LOGIN_CURRENT=0 -LIBSYSTEMD_LOGIN_REVISION=5 +LIBSYSTEMD_LOGIN_REVISION=6 LIBSYSTEMD_LOGIN_AGE=0 LIBSYSTEMD_DAEMON_CURRENT=0 @@ -341,7 +341,9 @@ dist_systemunit_DATA = \ units/halt.target \ units/kexec.target \ units/local-fs.target \ + units/local-fs-pre.target \ units/remote-fs.target \ + units/remote-fs-pre.target \ units/cryptsetup.target \ units/network.target \ units/nss-lookup.target \ @@ -19,7 +19,12 @@ Bugfixes: Features: -* bind mounts should be ordered after remount-root-fs.service +* unset container= in PID1? + +* if we can not get user quota for tmpfs, mount a separate tmpfs instance + for every user in /run/user/$USER with a configured maximum size + +* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max * add an option to make mounts private/shareable and so on, enable this for root by default diff --git a/configure.ac b/configure.ac index 18dc3fe36a..0ec6f69bc8 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ AC_PREREQ(2.63) -AC_INIT([systemd],[36],[systemd-devel@lists.freedesktop.org]) +AC_INIT([systemd],[37],[systemd-devel@lists.freedesktop.org]) AC_CONFIG_SRCDIR([src/main.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h]) diff --git a/man/systemctl.xml b/man/systemctl.xml index 2ea6fe9fdf..5adee45163 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -603,6 +603,13 @@ </varlistentry> <varlistentry> + <term><command>list-unit-files</command></term> + + <listitem><para>List installed unit files. + </para></listitem> + </varlistentry> + + <varlistentry> <term><command>enable [NAME...]</command></term> <listitem><para>Enable one or more diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 609484b3a3..230c4a31f7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -279,6 +279,11 @@ assignments. Empty lines and lines starting with ; or # will be ignored, which may be used for commenting. The + parser strips leading and + trailing whitespace from the values + of assignments, unless you use + double quotes ("). + The argument passed should be an absolute file name, optionally prefixed with "-", which indicates that if the file diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 4f1102021f..7b6f12d069 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -311,20 +311,28 @@ main process of the daemon. The command line accepts % specifiers as described in - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. On - top of that basic environment variable - substitution is supported, where - <literal>${FOO}</literal> is replaced - by the string value of the environment - variable of the same name. Also - <literal>$FOO</literal> may appear as - separate word on the command line in - which case the variable is replaced by - its value split at whitespaces. Note - that the first argument (i.e. the - binary to execute) may not be a - variable, and must be a literal and - absolute path name.</para></listitem> + <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + + <para>On top of that basic environment + variable substitution is + supported. Use + <literal>${FOO}</literal> as part of a + word, or as word of its own on the + command line, in which case it will be + replaced by the value of the + environment variable including all + whitespace it contains, resulting in a + single argument. Use + <literal>$FOO</literal> as a separate + word on the command line, in which + case it will be replaced by the value + of the environment variable split up + at whitespace, resulting in no or more + arguments. Note that the first + argument (i.e. the program to execute) + may not be a variable, and must be a + literal and absolute path + name.</para></listitem> </varlistentry> <varlistentry> diff --git a/man/systemd.special.xml.in b/man/systemd.special.xml.in index 218754051e..116a43ccfb 100644 --- a/man/systemd.special.xml.in +++ b/man/systemd.special.xml.in @@ -59,6 +59,7 @@ <filename>halt.target</filename>, <filename>kbrequest.target</filename>, <filename>local-fs.target</filename>, + <filename>local-fs-pre.target</filename>, <filename>mail-transfer-agent.target</filename>, <filename>multi-user.target</filename>, <filename>network.target</filename>, @@ -66,6 +67,7 @@ <filename>poweroff.target</filename>, <filename>reboot.target</filename>, <filename>remote-fs.target</filename>, + <filename>remote-fs-pre.target</filename>, <filename>rescue.target</filename>, <filename>rpcbind.target</filename>, <filename>runlevel2.target</filename>, @@ -261,6 +263,18 @@ </listitem> </varlistentry> <varlistentry> + <term><filename>local-fs-pre.target</filename></term> + <listitem> + <para>This target unit is + automatically ordered before + all local mount points marked + with <option>auto</option> + (see above). It can be used to + execute certain units before + all local mounts.</para> + </listitem> + </varlistentry> + <varlistentry> <term><filename>mail-transfer-agent.target</filename></term> <listitem> <para>The mail transfer agent @@ -374,6 +388,18 @@ </listitem> </varlistentry> <varlistentry> + <term><filename>remote-fs-pre.target</filename></term> + <listitem> + <para>This target unit is + automatically ordered before + all remote mount points marked + with <option>auto</option> + (see above). It can be used to + execute certain units before + all remote mounts.</para> + </listitem> + </varlistentry> + <varlistentry> <term><filename>rescue.target</filename></term> <listitem> <para>A special target unit diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index bf8de322dd..897f99f24c 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -121,8 +121,9 @@ <para>If a line starts with <option>.include</option> followed by a file name, the specified file will be - read as if its contents were listed in place of the - <option>.include</option> directive.</para> + parsed at this point. Make sure that the file that is + included has the appropiate section headers before + any directives.</para> <para>Along with a unit file <filename>foo.service</filename> a directory @@ -672,6 +673,7 @@ <term><varname>ConditionKernelCommandLine=</varname></term> <term><varname>ConditionVirtualization=</varname></term> <term><varname>ConditionSecurity=</varname></term> + <term><varname>ConditionCapability=</varname></term> <term><varname>ConditionNull=</varname></term> <listitem><para>Before starting a unit @@ -748,9 +750,9 @@ value to check if being executed in any virtualized environment, or one of <varname>vm</varname> and - <varname>container</varname> to test against - a specific type of virtualization - solution, or one of + <varname>container</varname> to test + against a specific type of + virtualization solution, or one of <varname>qemu</varname>, <varname>kvm</varname>, <varname>vmware</varname>, @@ -774,7 +776,19 @@ system. Currently the only recognized value is <varname>selinux</varname>. The test may be negated by prepending - an exclamation mark. Finally, + an exclamation + mark. <varname>ConditionCapability=</varname> + may be used to check whether the given + capability exists in the capability + bounding set of the service manager + (i.e. this does not check whether + capability is actually available in + the permitted or effective sets, see + <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> + for details). Pass a capability name + such as <literal>CAP_MKNOD</literal>, + possibly prefixed with an exclamation + mark to negate the check. Finally, <varname>ConditionNull=</varname> may be used to add a constant condition check value to the unit. It takes a @@ -931,7 +945,8 @@ <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry> + <citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> </para> </refsect1> @@ -53,7 +53,7 @@ msgstr "Ustawienie lokalizacji systemu" #: ../src/org.freedesktop.login1.policy.in.h:1 msgid "Allow attaching devices to seats" -msgstr "Zezwolenie na podłączanie urządzeń do siedzeń" +msgstr "Zezwolenie na podłączanie urządzeń do stanowisk" #: ../src/org.freedesktop.login1.policy.in.h:2 msgid "Allow non-logged-in users to run programs" @@ -69,8 +69,8 @@ msgstr "" #: ../src/org.freedesktop.login1.policy.in.h:4 msgid "Authentication is required to allow attaching a device to a seat" msgstr "" -"Wymagane jest uwierzytelnienie, aby zezwolić na podłączanie urządzeń do " -"siedzeń" +"Wymagane jest uwierzytelnienie, aby zezwolić na podłączenie urządzenia do " +"stanowiska" #: ../src/org.freedesktop.login1.policy.in.h:5 msgid "Authentication is required to allow powering off the system" @@ -103,11 +103,11 @@ msgid "" "seats" msgstr "" "Wymagane jest uwierzytelnienie, aby zezwolić na ponowne ustawianie sposobu " -"podłączenia urządzeń do siedzeń" +"podłączenia urządzeń do stanowisk" #: ../src/org.freedesktop.login1.policy.in.h:10 msgid "Flush device to seat attachments" -msgstr "Czyszczenie podłączeń urządzeń do siedzeń" +msgstr "Usunięcie podłączenia urządzeń do stanowisk" #: ../src/org.freedesktop.login1.policy.in.h:11 msgid "Power off the system" diff --git a/src/condition.c b/src/condition.c index e978656772..f18c45421a 100644 --- a/src/condition.c +++ b/src/condition.c @@ -23,6 +23,7 @@ #include <errno.h> #include <string.h> #include <unistd.h> +#include <sys/capability.h> #ifdef HAVE_SELINUX #include <selinux/selinux.h> @@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) { return true; /* Finally compare id */ - return streq(parameter, id); + return v > 0 && streq(parameter, id); } static bool test_security(const char *parameter) { @@ -159,6 +160,36 @@ static bool test_security(const char *parameter) { return false; } +static bool test_capability(const char *parameter) { + cap_value_t value; + FILE *f; + char line[LINE_MAX]; + unsigned long long capabilities = (unsigned long long) -1; + + /* If it's an invalid capability, we don't have it */ + + if (cap_from_name(parameter, &value) < 0) + return false; + + /* If it's a valid capability we default to assume + * that we have it */ + + f = fopen("/proc/self/status", "re"); + if (!f) + return true; + + while (fgets(line, sizeof(line), f)) { + truncate_nl(line); + + if (startswith(line, "CapBnd:")) { + (void) sscanf(line+7, "%llx", &capabilities); + break; + } + } + + return !!(capabilities & (1ULL << value)); +} + bool condition_test(Condition *c) { assert(c); @@ -214,6 +245,9 @@ bool condition_test(Condition *c) { case CONDITION_SECURITY: return test_security(c->parameter) == !c->negate; + case CONDITION_CAPABILITY: + return test_capability(c->parameter) == !c->negate; + case CONDITION_NULL: return !c->negate; diff --git a/src/condition.h b/src/condition.h index dd65aa6054..71b1c6761e 100644 --- a/src/condition.h +++ b/src/condition.h @@ -37,6 +37,7 @@ typedef enum ConditionType { CONDITION_KERNEL_COMMAND_LINE, CONDITION_VIRTUALIZATION, CONDITION_SECURITY, + CONDITION_CAPABILITY, CONDITION_NULL, _CONDITION_TYPE_MAX, _CONDITION_TYPE_INVALID = -1 diff --git a/src/execute.c b/src/execute.c index 53e7e77fde..866e8bf2f6 100644 --- a/src/execute.c +++ b/src/execute.c @@ -895,12 +895,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) { } } - for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++) + for (i = 0; i <= cap_last_cap(); i++) if (drop & ((uint64_t) 1ULL << (uint64_t) i)) { if (prctl(PR_CAPBSET_DROP, i) < 0) { - if (errno == EINVAL) - break; - r = -errno; goto finish; } @@ -1720,7 +1717,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { unsigned long l; fprintf(f, "%sCapabilityBoundingSet:", prefix); - for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++) + for (l = 0; l <= cap_last_cap(); l++) if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) { char *t; diff --git a/src/generate-kbd-model-map b/src/generate-kbd-model-map index 4fcf785e10..624c5179fa 100755 --- a/src/generate-kbd-model-map +++ b/src/generate-kbd-model-map @@ -1,49 +1,33 @@ #!/usr/bin/python -import system_config_keyboard.keyboard_models, sys +import sys +import system_config_keyboard.keyboard_models def strdash(s): - r = s.strip() - - if r == "": - return "-" - - return r - -def tab_extend(s, n = 1): + return s.strip() or '-' +def tab_extend(s, n=1): s = strdash(s) - k = len(s) / 8 + k = len(s) // 8 if k >= n: f = 1 else: f = n - k - for x in range(0, f): - s = s + "\t" - - return s - + return s + '\t'*f models = system_config_keyboard.keyboard_models.KeyboardModels().get_models() print "# Generated from system-config-keyboard's model list" - print "# consolelayout\t\txlayout\txmodel\t\txvariant\txoptions" -k = models.keys() - -k.reverse() - -for key in k: - value = models[key] - - options = value[4] - if len(options) > 0: - options = "terminate:ctrl_alt_bksp," + options - else: - options = "terminate:ctrl_alt_bksp" +for key, value in reversed(models.items()): + options = "terminate:ctrl_alt_bksp" + if value[4]: + options += ',' + value[4] - print "%s%s%s%s%s" % (tab_extend(key, 3), tab_extend(value[1]), tab_extend(value[2], 2), tab_extend(value[3], 2), options) + print ''.join((tab_extend(key, 3), tab_extend(value[1]), + tab_extend(value[2], 2), tab_extend(value[3], 2), + options)) diff --git a/src/hostname-setup.c b/src/hostname-setup.c index 57db9fbf7c..7216b75c8a 100644 --- a/src/hostname-setup.c +++ b/src/hostname-setup.c @@ -32,7 +32,7 @@ #if defined(TARGET_FEDORA) || defined(TARGET_ALTLINUX) || defined(TARGET_MANDRIVA) || defined(TARGET_MEEGO) #define FILENAME "/etc/sysconfig/network" -#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE) +#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) #define FILENAME "/etc/HOSTNAME" #elif defined(TARGET_ARCH) #define FILENAME "/etc/rc.conf" @@ -114,7 +114,7 @@ finish: fclose(f); return r; -#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE) +#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) return read_and_strip_hostname(FILENAME, hn); #else return -ENOENT; diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4 index 7749b88dfb..41797d20c0 100644 --- a/src/load-fragment-gperf.gperf.m4 +++ b/src/load-fragment-gperf.gperf.m4 @@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable, config_parse_unit_condition_path, CONDITION_F Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0 Unit.ConditionVirtualization, config_parse_unit_condition_string, CONDITION_VIRTUALIZATION, 0 Unit.ConditionSecurity, config_parse_unit_condition_string, CONDITION_SECURITY, 0 +Unit.ConditionCapability, config_parse_unit_condition_string, CONDITION_CAPABILITY, 0 Unit.ConditionNull, config_parse_unit_condition_null, 0, 0 m4_dnl Service.PIDFile, config_parse_unit_path_printf, 0, offsetof(Service, pid_file) diff --git a/src/localed.c b/src/localed.c index e627c3a716..c6b48de5f9 100644 --- a/src/localed.c +++ b/src/localed.c @@ -574,6 +574,10 @@ static int write_data_x11(void) { #ifdef TARGET_FEDORA unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); + + /* Symlink this to /dev/null, so that s-s-k (if it is + * still running) doesn't recreate this. */ + symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); #endif if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) @@ -619,6 +623,10 @@ static int write_data_x11(void) { #ifdef TARGET_FEDORA unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); + + /* Symlink this to /dev/null, so that s-s-k (if it is + * still running) doesn't recreate this. */ + symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); #endif r = 0; diff --git a/src/logind-dbus.c b/src/logind-dbus.c index bc1e49d18f..0550d1bd1c 100644 --- a/src/logind-dbus.c +++ b/src/logind-dbus.c @@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler( } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) { r = bus_manager_create_session(m, message, &reply); - if (r == -ENOMEM) - goto oom; + + /* Don't delay the work on OOM here, since it might be + * triggered by a low RLIMIT_NOFILE here (since we + * send a dupped fd to the client), and we'd rather + * see this fail quickly then be retried later */ if (r < 0) return bus_send_error_reply(connection, message, &error, r); diff --git a/src/mount.c b/src/mount.c index 2fc799a6ed..ef953f0d0a 100644 --- a/src/mount.c +++ b/src/mount.c @@ -357,9 +357,11 @@ static int mount_add_fstab_links(Mount *m) { if (mount_is_network(p)) { target = SPECIAL_REMOTE_FS_TARGET; - after = SPECIAL_NETWORK_TARGET; - } else + after = SPECIAL_REMOTE_FS_PRE_TARGET; + } else { target = SPECIAL_LOCAL_FS_TARGET; + after = SPECIAL_LOCAL_FS_PRE_TARGET; + } if (!path_equal(m->where, "/")) if ((r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true)) < 0) diff --git a/src/nspawn.c b/src/nspawn.c index 8441c057b9..653d7db730 100644 --- a/src/nspawn.c +++ b/src/nspawn.c @@ -361,7 +361,7 @@ static int drop_capabilities(void) { unsigned long l; - for (l = 0; l <= MAX(63LU, (unsigned long) CAP_LAST_CAP); l++) { + for (l = 0; l <= cap_last_cap(); l++) { unsigned i; for (i = 0; i < ELEMENTSOF(retain); i++) @@ -372,12 +372,6 @@ static int drop_capabilities(void) { continue; if (prctl(PR_CAPBSET_DROP, l) < 0) { - - /* If this capability is not known, EINVAL - * will be returned, let's ignore this. */ - if (errno == EINVAL) - break; - log_error("PR_CAPBSET_DROP failed: %m"); return -errno; } diff --git a/src/pager.c b/src/pager.c index 6e2bb4901e..3fc81820e9 100644 --- a/src/pager.c +++ b/src/pager.c @@ -32,7 +32,7 @@ static pid_t pager_pid = 0; -static void pager_fallback(void) { +_noreturn_ static void pager_fallback(void) { ssize_t n; do { n = splice(STDIN_FILENO, NULL, STDOUT_FILENO, NULL, 64*1024, 0); diff --git a/src/readahead-common.h b/src/readahead-common.h index 167df316d9..9547ad201c 100644 --- a/src/readahead-common.h +++ b/src/readahead-common.h @@ -27,7 +27,7 @@ #include "macro.h" -#define READAHEAD_FILE_SIZE_MAX (128*1024*1024) +#define READAHEAD_FILE_SIZE_MAX (10*1024*1024) int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st); diff --git a/src/sd-login.h b/src/sd-login.h index 7102eb88e0..0cb0bf06bb 100644 --- a/src/sd-login.h +++ b/src/sd-login.h @@ -83,7 +83,7 @@ int sd_session_get_seat(const char *session, char **seat); int sd_seat_get_active(const char *seat, char **session, uid_t *uid); /* Return sessions and users on seat. Returns number of sessions as - * return value. If sessions is NULL returs only the number of + * return value. If sessions is NULL returns only the number of * sessions. */ int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uid, unsigned *n_uids); @@ -94,7 +94,7 @@ int sd_seat_can_multi_session(const char *seat); * seats is NULL only returns number of seats. */ int sd_get_seats(char ***seats); -/* Get all sessions, store in *seessions. Returns the number of +/* Get all sessions, store in *sessions. Returns the number of * sessions. If sessions is NULL only returns number of sessions. */ int sd_get_sessions(char ***sessions); diff --git a/src/service.c b/src/service.c index c2053ce3ac..e64d289fed 100644 --- a/src/service.c +++ b/src/service.c @@ -829,6 +829,7 @@ static int service_load_sysv_path(Service *s, const char *path) { /* Special setting for all SysV services */ s->type = SERVICE_FORKING; s->remain_after_exit = !s->pid_file; + s->guess_main_pid = false; s->restart = SERVICE_RESTART_NO; if (s->meta.manager->sysv_console) diff --git a/src/special.h b/src/special.h index 614e53ca1b..3fe34c955c 100644 --- a/src/special.h +++ b/src/special.h @@ -45,7 +45,9 @@ #define SPECIAL_SYSINIT_TARGET "sysinit.target" #define SPECIAL_SOCKETS_TARGET "sockets.target" #define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */ +#define SPECIAL_LOCAL_FS_PRE_TARGET "local-fs-pre.target" #define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */ +#define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target" #define SPECIAL_SWAP_TARGET "swap.target" #define SPECIAL_BASIC_TARGET "basic.target" diff --git a/src/timedated.c b/src/timedated.c index f6fe2d83b6..16f54b59d2 100644 --- a/src/timedated.c +++ b/src/timedated.c @@ -170,8 +170,24 @@ static int read_data(void) { free_data(); r = read_one_line_file("/etc/timezone", &zone); - if (r < 0 && r != -ENOENT) - return r; + if (r < 0) { + if (r != -ENOENT) + log_warning("Failed to read /etc/timezone: %s", strerror(-r)); + +#ifdef TARGET_FEDORA + r = parse_env_file("/etc/sysconfig/clock", NEWLINE, + "ZONE", &zone, + NULL); + + if (r < 0 && r != -ENOENT) + log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r)); +#endif + } + + if (isempty(zone)) { + free(zone); + zone = NULL; + } verify_timezone(); diff --git a/src/tmpfiles.c b/src/tmpfiles.c index a6b8f859aa..21bf44d3a4 100644 --- a/src/tmpfiles.c +++ b/src/tmpfiles.c @@ -157,6 +157,7 @@ static void load_unix_sockets(void) { } } + fclose(f); return; fail: diff --git a/src/util.c b/src/util.c index a3cfe864b6..26c2f22ff0 100644 --- a/src/util.c +++ b/src/util.c @@ -2336,8 +2336,10 @@ int chvt(int vt) { 0 }; - if (ioctl(fd, TIOCLINUX, tiocl) < 0) - return -errno; + if (ioctl(fd, TIOCLINUX, tiocl) < 0) { + r = -errno; + goto fail; + } vt = tiocl[0] <= 0 ? 1 : tiocl[0]; } @@ -2345,7 +2347,8 @@ int chvt(int vt) { if (ioctl(fd, VT_ACTIVATE, vt) < 0) r = -errno; - close_nointr_nofail(r); +fail: + close_nointr_nofail(fd); return r; } @@ -5899,4 +5902,36 @@ int prot_from_flags(int flags) { default: return -EINVAL; } + +unsigned long cap_last_cap(void) { + static __thread unsigned long saved; + static __thread bool valid = false; + unsigned long p; + + if (valid) + return saved; + + p = (unsigned long) CAP_LAST_CAP; + + if (prctl(PR_CAPBSET_READ, p) < 0) { + + /* Hmm, look downwards, until we find one that + * works */ + for (p--; p > 0; p --) + if (prctl(PR_CAPBSET_READ, p) >= 0) + break; + + } else { + + /* Hmm, look upwards, until we find one that doesn't + * work */ + for (;; p++) + if (prctl(PR_CAPBSET_READ, p+1) < 0) + break; + } + + saved = p; + valid = true; + + return p; } diff --git a/src/util.h b/src/util.h index 89a7bec612..1db82f83e0 100644 --- a/src/util.h +++ b/src/util.h @@ -515,4 +515,6 @@ bool kexec_loaded(void); int prot_from_flags(int flags); +unsigned long cap_last_cap(void); + #endif diff --git a/units/local-fs-pre.target b/units/local-fs-pre.target new file mode 100644 index 0000000000..11e67bac1c --- /dev/null +++ b/units/local-fs-pre.target @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# See systemd.special(7) for details + +[Unit] +Description=Local File Systems (Pre) diff --git a/units/remote-fs-pre.target b/units/remote-fs-pre.target new file mode 100644 index 0000000000..5406aa22d3 --- /dev/null +++ b/units/remote-fs-pre.target @@ -0,0 +1,15 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# See systemd.special(7) for details + +[Unit] +Description=Remote File Systems (Pre) +After=network.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remount-rootfs.service b/units/remount-rootfs.service index e95023f03d..89a16c8b26 100644 --- a/units/remount-rootfs.service +++ b/units/remount-rootfs.service @@ -10,7 +10,8 @@ Description=Remount Root FS DefaultDependencies=no Conflicts=shutdown.target After=systemd-readahead-collect.service systemd-readahead-replay.service fsck-root.service -Before=local-fs.target shutdown.target +Before=local-fs-pre.target local-fs.target shutdown.target +Wants=local-fs-pre.target [Service] Type=oneshot diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 82a2c6a0ca..4241b8b320 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -16,3 +16,7 @@ Type=dbus BusName=org.freedesktop.login1 CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER StandardOutput=syslog + +# Increase the default a bit in order to allow many simultaneous +# logins since we keep one fd open per session. +LimitNOFILE=16384 diff --git a/units/systemd-remount-api-vfs.service.in b/units/systemd-remount-api-vfs.service.in index 2ccbe23c8c..6339ee64a6 100644 --- a/units/systemd-remount-api-vfs.service.in +++ b/units/systemd-remount-api-vfs.service.in @@ -10,7 +10,8 @@ Description=Remount API VFS DefaultDependencies=no Conflicts=shutdown.target After=systemd-readahead-collect.service systemd-readahead-replay.service -Before=local-fs.target shutdown.target +Before=local-fs-pre.target local-fs.target shutdown.target +Wants=local-fs-pre.target [Service] Type=oneshot diff --git a/units/systemd-stdout-syslog-bridge.service.in b/units/systemd-stdout-syslog-bridge.service.in index 23a5137068..4626145476 100644 --- a/units/systemd-stdout-syslog-bridge.service.in +++ b/units/systemd-stdout-syslog-bridge.service.in @@ -18,3 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-stdout-syslog-bridge NotifyAccess=all StandardOutput=null CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID + +# Increase the default a bit in order to allow many simultaneous +# services being run since we keep one fd open per service. +LimitNOFILE=16384 |