summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/systemd-detect-virt.xml5
-rw-r--r--man/systemd-system.conf.xml6
-rw-r--r--man/systemd.exec.xml4
-rw-r--r--man/systemd.unit.xml3
-rw-r--r--src/basic/virt.c2
-rw-r--r--src/basic/virt.h1
-rw-r--r--src/core/load-fragment-gperf.gperf.m416
-rw-r--r--src/core/load-fragment.c45
-rw-r--r--src/core/load-fragment.h1
-rw-r--r--src/core/main.c16
-rw-r--r--src/core/timer.c13
-rw-r--r--src/journal/journal-file.c2
-rw-r--r--src/network/networkd-util.c2
-rw-r--r--src/nspawn/nspawn-register.c7
-rw-r--r--src/nspawn/nspawn-register.h2
-rw-r--r--src/nspawn/nspawn.c17
-rwxr-xr-xtest/TEST-03-JOBS/test-jobs.sh2
-rw-r--r--test/test-execute/exec-systemcallerrornumber.service2
18 files changed, 109 insertions, 37 deletions
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 26d58371f4..3997e10c43 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -163,6 +163,11 @@
<entry><varname>docker</varname></entry>
<entry>Docker container manager</entry>
</row>
+
+ <row>
+ <entry><varname>rkt</varname></entry>
+ <entry>rkt app container runtime</entry>
+ </row>
</tbody>
</tgroup>
</table>
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 8dad0e0f59..54ce992b85 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -342,8 +342,10 @@
resource limits for units. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details. Use the string <varname>infinity</varname> to
- configure no limit on a specific resource. These settings may
- be overridden in individual units using the corresponding
+ configure no limit on a specific resource. The multiplicative suffixes
+ K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
+ resource limits measured in bytes (e.g. DefaultLimitAS=16G). These
+ settings may be overridden in individual units using the corresponding
LimitXXX= directives. Note that these resource limits are only
defaults for units, they are not applied to PID 1
itself.</para></listitem>
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index b49fc21cc5..96298f11ed 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -568,7 +568,9 @@
of various resources for executed processes. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details. Use the string <varname>infinity</varname> to
- configure no limit on a specific resource.</para></listitem>
+ configure no limit on a specific resource. The multiplicative suffixes
+ K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
+ resource limits measured in bytes (e.g. LimitAS=16G).</para></listitem>
<table>
<title>Limit directives and their equivalent with ulimit</title>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index afa156f7f9..5c74318fec 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -854,7 +854,8 @@
<varname>lxc</varname>,
<varname>lxc-libvirt</varname>,
<varname>systemd-nspawn</varname>,
- <varname>docker</varname> to test
+ <varname>docker</varname>,
+ <varname>rkt</varname> to test
against a specific implementation. See
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for a full list of known virtualization technologies and their
diff --git a/src/basic/virt.c b/src/basic/virt.c
index a211ea1f86..ff006e96c6 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -329,6 +329,7 @@ int detect_container(void) {
{ "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT },
{ "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN },
{ "docker", VIRTUALIZATION_DOCKER },
+ { "rkt", VIRTUALIZATION_RKT },
};
static thread_local int cached_found = _VIRTUALIZATION_INVALID;
@@ -445,6 +446,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_LXC] = "lxc",
[VIRTUALIZATION_OPENVZ] = "openvz",
[VIRTUALIZATION_DOCKER] = "docker",
+ [VIRTUALIZATION_RKT] = "rkt",
[VIRTUALIZATION_CONTAINER_OTHER] = "container-other",
};
diff --git a/src/basic/virt.h b/src/basic/virt.h
index ed83608019..aca961867c 100644
--- a/src/basic/virt.h
+++ b/src/basic/virt.h
@@ -48,6 +48,7 @@ enum {
VIRTUALIZATION_LXC,
VIRTUALIZATION_OPENVZ,
VIRTUALIZATION_DOCKER,
+ VIRTUALIZATION_RKT,
VIRTUALIZATION_CONTAINER_OTHER,
VIRTUALIZATION_CONTAINER_LAST = VIRTUALIZATION_CONTAINER_OTHER,
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index c3b48aec4c..5b7954dbf9 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -59,18 +59,18 @@ $1.SystemCallArchitectures, config_parse_warn_compat, DISABLED_CO
$1.SystemCallErrorNumber, config_parse_warn_compat, DISABLED_CONFIGURATION, 0
$1.RestrictAddressFamilies, config_parse_warn_compat, DISABLED_CONFIGURATION, 0')
$1.LimitCPU, config_parse_limit, RLIMIT_CPU, offsetof($1, exec_context.rlimit)
-$1.LimitFSIZE, config_parse_limit, RLIMIT_FSIZE, offsetof($1, exec_context.rlimit)
-$1.LimitDATA, config_parse_limit, RLIMIT_DATA, offsetof($1, exec_context.rlimit)
-$1.LimitSTACK, config_parse_limit, RLIMIT_STACK, offsetof($1, exec_context.rlimit)
-$1.LimitCORE, config_parse_limit, RLIMIT_CORE, offsetof($1, exec_context.rlimit)
-$1.LimitRSS, config_parse_limit, RLIMIT_RSS, offsetof($1, exec_context.rlimit)
+$1.LimitFSIZE, config_parse_bytes_limit, RLIMIT_FSIZE, offsetof($1, exec_context.rlimit)
+$1.LimitDATA, config_parse_bytes_limit, RLIMIT_DATA, offsetof($1, exec_context.rlimit)
+$1.LimitSTACK, config_parse_bytes_limit, RLIMIT_STACK, offsetof($1, exec_context.rlimit)
+$1.LimitCORE, config_parse_bytes_limit, RLIMIT_CORE, offsetof($1, exec_context.rlimit)
+$1.LimitRSS, config_parse_bytes_limit, RLIMIT_RSS, offsetof($1, exec_context.rlimit)
$1.LimitNOFILE, config_parse_limit, RLIMIT_NOFILE, offsetof($1, exec_context.rlimit)
-$1.LimitAS, config_parse_limit, RLIMIT_AS, offsetof($1, exec_context.rlimit)
+$1.LimitAS, config_parse_bytes_limit, RLIMIT_AS, offsetof($1, exec_context.rlimit)
$1.LimitNPROC, config_parse_limit, RLIMIT_NPROC, offsetof($1, exec_context.rlimit)
-$1.LimitMEMLOCK, config_parse_limit, RLIMIT_MEMLOCK, offsetof($1, exec_context.rlimit)
+$1.LimitMEMLOCK, config_parse_bytes_limit, RLIMIT_MEMLOCK, offsetof($1, exec_context.rlimit)
$1.LimitLOCKS, config_parse_limit, RLIMIT_LOCKS, offsetof($1, exec_context.rlimit)
$1.LimitSIGPENDING, config_parse_limit, RLIMIT_SIGPENDING, offsetof($1, exec_context.rlimit)
-$1.LimitMSGQUEUE, config_parse_limit, RLIMIT_MSGQUEUE, offsetof($1, exec_context.rlimit)
+$1.LimitMSGQUEUE, config_parse_bytes_limit, RLIMIT_MSGQUEUE, offsetof($1, exec_context.rlimit)
$1.LimitNICE, config_parse_limit, RLIMIT_NICE, offsetof($1, exec_context.rlimit)
$1.LimitRTPRIO, config_parse_limit, RLIMIT_RTPRIO, offsetof($1, exec_context.rlimit)
$1.LimitRTTIME, config_parse_limit, RLIMIT_RTTIME, offsetof($1, exec_context.rlimit)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 43cdd1f4c4..7f12f26b08 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1082,6 +1082,49 @@ int config_parse_limit(const char *unit,
return 0;
}
+int config_parse_bytes_limit(const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ struct rlimit **rl = data;
+ uint64_t bytes;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ rl += ltype;
+
+ if (streq(rvalue, "infinity"))
+ bytes = (uint64_t) RLIM_INFINITY;
+ else {
+ int r;
+
+ r = parse_size(rvalue, 1024, &bytes);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
+ return 0;
+ }
+ }
+
+ if (!*rl) {
+ *rl = new(struct rlimit, 1);
+ if (!*rl)
+ return log_oom();
+ }
+
+ (*rl)->rlim_cur = (*rl)->rlim_max = (rlim_t) bytes;
+ return 0;
+}
+
#ifdef HAVE_SYSV_COMPAT
int config_parse_sysv_priority(const char *unit,
const char *filename,
@@ -1592,7 +1635,7 @@ int config_parse_service_sockets(
p = rvalue;
for(;;) {
- _cleanup_free_ char *word = NULL, *t = NULL, *k = NULL;
+ _cleanup_free_ char *word = NULL, *k = NULL;
r = extract_first_word(&p, &word, NULL, 0);
if (r == 0)
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 8661cbfedc..029775bb46 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -56,6 +56,7 @@ int config_parse_exec_capabilities(const char *unit, const char *filename, unsig
int config_parse_exec_secure_bits(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_bounding_set(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_bytes_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_sysv_priority(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_kill_signal(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_exec_mount_flags(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
diff --git a/src/core/main.c b/src/core/main.c
index 696372e37c..950315e857 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -658,18 +658,18 @@ static int parse_config_file(void) {
{ "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
{ "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
{ "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU] },
- { "Manager", "DefaultLimitFSIZE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
- { "Manager", "DefaultLimitDATA", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
- { "Manager", "DefaultLimitSTACK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
- { "Manager", "DefaultLimitCORE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
- { "Manager", "DefaultLimitRSS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
+ { "Manager", "DefaultLimitFSIZE", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
+ { "Manager", "DefaultLimitDATA", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
+ { "Manager", "DefaultLimitSTACK", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
+ { "Manager", "DefaultLimitCORE", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
+ { "Manager", "DefaultLimitRSS", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
{ "Manager", "DefaultLimitNOFILE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NOFILE] },
- { "Manager", "DefaultLimitAS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
+ { "Manager", "DefaultLimitAS", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
{ "Manager", "DefaultLimitNPROC", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NPROC] },
- { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
+ { "Manager", "DefaultLimitMEMLOCK", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
{ "Manager", "DefaultLimitLOCKS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_LOCKS] },
{ "Manager", "DefaultLimitSIGPENDING", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
- { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
+ { "Manager", "DefaultLimitMSGQUEUE", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
{ "Manager", "DefaultLimitNICE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NICE] },
{ "Manager", "DefaultLimitRTPRIO", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTPRIO] },
{ "Manager", "DefaultLimitRTTIME", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTTIME] },
diff --git a/src/core/timer.c b/src/core/timer.c
index cc2afedabf..c9dc97d4fb 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -34,6 +34,7 @@
#include "unit-name.h"
#include "unit.h"
#include "user-util.h"
+#include "virt.h"
static const UnitActiveState state_translation_table[_TIMER_STATE_MAX] = {
[TIMER_DEAD] = UNIT_INACTIVE,
@@ -359,10 +360,14 @@ static void timer_enter_waiting(Timer *t, bool initial) {
break;
case TIMER_BOOT:
- /* CLOCK_MONOTONIC equals the uptime on Linux */
- base = 0;
- break;
-
+ if (detect_container() <= 0) {
+ /* CLOCK_MONOTONIC equals the uptime on Linux */
+ base = 0;
+ break;
+ }
+ /* In a container we don't want to include the time the host
+ * was already up when the container started, so count from
+ * our own startup. Fall through. */
case TIMER_STARTUP:
base = UNIT(t)->manager->userspace_timestamp.monotonic;
break;
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index e00a0d711d..f9ff9545dd 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -48,7 +48,7 @@
#define COMPRESSION_SIZE_THRESHOLD (512ULL)
/* This is the minimum journal file size */
-#define JOURNAL_FILE_SIZE_MIN (4ULL*1024ULL*1024ULL) /* 4 MiB */
+#define JOURNAL_FILE_SIZE_MIN (512ULL*1024ULL) /* 512 KiB */
/* These are the lower and upper bounds if we deduce the max_use value
* from the file system size */
diff --git a/src/network/networkd-util.c b/src/network/networkd-util.c
index 17165266ef..df091393f6 100644
--- a/src/network/networkd-util.c
+++ b/src/network/networkd-util.c
@@ -84,7 +84,7 @@ int config_parse_address_family_boolean_with_kernel(
if (streq(rvalue, "kernel"))
s = _ADDRESS_FAMILY_BOOLEAN_INVALID;
else {
- log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPForwarding= option, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPForward= option, ignoring: %s", rvalue);
return 0;
}
}
diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c
index 7139ad9958..374f958c20 100644
--- a/src/nspawn/nspawn-register.c
+++ b/src/nspawn/nspawn-register.c
@@ -39,7 +39,8 @@ int register_machine(
unsigned n_mounts,
int kill_signal,
char **properties,
- bool keep_unit) {
+ bool keep_unit,
+ const char *service) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_bus_flush_close_unref_ sd_bus *bus = NULL;
@@ -61,7 +62,7 @@ int register_machine(
"sayssusai",
machine_name,
SD_BUS_MESSAGE_APPEND_ID128(uuid),
- "nspawn",
+ service,
"container",
(uint32_t) pid,
strempty(directory),
@@ -86,7 +87,7 @@ int register_machine(
"sayssusai",
machine_name,
SD_BUS_MESSAGE_APPEND_ID128(uuid),
- "nspawn",
+ service,
"container",
(uint32_t) pid,
strempty(directory),
diff --git a/src/nspawn/nspawn-register.h b/src/nspawn/nspawn-register.h
index b27841ff59..d3bfd84e5e 100644
--- a/src/nspawn/nspawn-register.h
+++ b/src/nspawn/nspawn-register.h
@@ -27,5 +27,5 @@
#include "nspawn-mount.h"
-int register_machine(const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, bool keep_unit);
+int register_machine(const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, bool keep_unit, const char *service);
int terminate_machine(pid_t pid);
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 4b7b3e6156..762c3be3de 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -178,6 +178,7 @@ static bool arg_unified_cgroup_hierarchy = false;
static SettingsMask arg_settings_mask = 0;
static int arg_settings_trusted = -1;
static char **arg_parameters = NULL;
+static const char *arg_container_service_name = "systemd-nspawn";
static void help(void) {
printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
@@ -387,7 +388,7 @@ static int parse_argv(int argc, char *argv[]) {
};
int c, r;
- const char *p;
+ const char *p, *e;
uint64_t plus = 0, minus = 0;
bool mask_all_settings = false, mask_no_settings = false;
@@ -909,6 +910,10 @@ static int parse_argv(int argc, char *argv[]) {
if (r < 0)
return r;
+ e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
+ if (e)
+ arg_container_service_name = e;
+
return 1;
}
@@ -2404,10 +2409,10 @@ static int inner_child(
FDSet *fds) {
_cleanup_free_ char *home = NULL;
- unsigned n_env = 2;
+ unsigned n_env = 1;
const char *envp[] = {
"PATH=" DEFAULT_PATH_SPLIT_USR,
- "container=systemd-nspawn", /* LXC sets container=lxc, so follow the scheme here */
+ NULL, /* container */
NULL, /* TERM */
NULL, /* HOME */
NULL, /* USER */
@@ -2508,6 +2513,9 @@ static int inner_child(
if (r < 0)
return r;
+ /* LXC sets container=lxc, so follow the scheme here */
+ envp[n_env++] = strjoina("container=", arg_container_service_name);
+
envp[n_env] = strv_find_prefix(environ, "TERM=");
if (envp[n_env])
n_env ++;
@@ -3426,7 +3434,8 @@ int main(int argc, char *argv[]) {
arg_custom_mounts, arg_n_custom_mounts,
arg_kill_signal,
arg_property,
- arg_keep_unit);
+ arg_keep_unit,
+ arg_container_service_name);
if (r < 0)
goto finish;
}
diff --git a/test/TEST-03-JOBS/test-jobs.sh b/test/TEST-03-JOBS/test-jobs.sh
index 6f32c240cd..42d475fe2f 100755
--- a/test/TEST-03-JOBS/test-jobs.sh
+++ b/test/TEST-03-JOBS/test-jobs.sh
@@ -23,7 +23,7 @@ grep 'sleep\.service.*running' /root/list-jobs.txt || exit 1
grep 'hello\.service' /root/list-jobs.txt && exit 1
systemctl stop sleep.service hello-after-sleep.target || exit 1
-# Test for a crash when enqueueing a JOB_NOP when other job already exists
+# Test for a crash when enqueuing a JOB_NOP when other job already exists
systemctl start --no-block hello-after-sleep.target || exit 1
# hello.service should still be waiting, so these try-restarts will collapse
# into NOPs.
diff --git a/test/test-execute/exec-systemcallerrornumber.service b/test/test-execute/exec-systemcallerrornumber.service
index 255a8b231a..b11a952bd6 100644
--- a/test/test-execute/exec-systemcallerrornumber.service
+++ b/test/test-execute/exec-systemcallerrornumber.service
@@ -2,6 +2,6 @@
Description=Test for SystemCallErrorNumber
[Service]
-ExecStart=/usr/bin/uname -a
+ExecStart=/bin/sh -c 'uname -a'
SystemCallFilter=~uname
SystemCallErrorNumber=EACCES