summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/sd_event_add_io.xml2
-rw-r--r--man/systemd-system.conf.xml27
-rw-r--r--man/systemd.exec.xml5
-rw-r--r--man/systemd.mount.xml3
-rw-r--r--src/core/load-fragment.c229
-rw-r--r--src/resolve/resolved-bus.c10
-rw-r--r--src/resolve/resolved-dns-packet.c9
-rw-r--r--src/test/test-unit-file.c30
8 files changed, 186 insertions, 129 deletions
diff --git a/man/sd_event_add_io.xml b/man/sd_event_add_io.xml
index e3ac407cdf..4cc0428e29 100644
--- a/man/sd_event_add_io.xml
+++ b/man/sd_event_add_io.xml
@@ -196,7 +196,7 @@
with <function>sd_event_add_io()</function>. It takes the event
source object and the new event mask to set.</para>
- <para><function>sd_event_source_get_io_events()</function>
+ <para><function>sd_event_source_get_io_revents()</function>
retrieves the I/O event mask of currently seen but undispatched
events from an I/O event source created previously with
<function>sd_event_add_io()</function>. It takes the event source
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index ead52951da..edc6df914a 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -354,13 +354,26 @@
<listitem><para>These settings control various default
resource limits for units. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- for details. Use the string <varname>infinity</varname> to
- configure no limit on a specific resource. The multiplicative suffixes
- K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
- resource limits measured in bytes (e.g. DefaultLimitAS=16G). These
- settings may be overridden in individual units using the corresponding
- LimitXXX= directives. Note that these resource limits are only
- defaults for units, they are not applied to PID 1
+ for details. The resource limit is possible to specify in two formats,
+ <option>value</option> to set soft and hard limits to the same value,
+ or <option>soft:hard</option> to set both limits individually (e.g. DefaultLimitAS=4G:16G).
+ Use the string <varname>infinity</varname> to
+ configure no limit on a specific resource. The multiplicative
+ suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E
+ may be used for resource limits measured in bytes
+ (e.g. DefaultLimitAS=16G). For the limits referring to time values,
+ the usual time units ms, s, min, h and so on may be used (see
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details). Note that if no time unit is specified for
+ <varname>DefaultLimitCPU=</varname> the default unit of seconds is
+ implied, while for <varname>DefaultLimitRTTIME=</varname> the default
+ unit of microseconds is implied. Also, note that the effective
+ granularity of the limits might influence their
+ enforcement. For example, time limits specified for
+ <varname>DefaultLimitCPU=</varname> will be rounded up implicitly to
+ multiples of 1s. These settings may be overridden in individual units
+ using the corresponding LimitXXX= directives. Note that these resource
+ limits are only defaults for units, they are not applied to PID 1
itself.</para></listitem>
</varlistentry>
</variablelist>
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index ecc3a8973c..5f98ef163c 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -630,7 +630,10 @@
<listitem><para>These settings set both soft and hard limits
of various resources for executed processes. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- for details. Use the string <varname>infinity</varname> to
+ for details. The resource limit is possible to specify in two formats,
+ <option>value</option> to set soft and hard limits to the same value,
+ or <option>soft:hard</option> to set both limits individually (e.g. LimitAS=4G:16G).
+ Use the string <varname>infinity</varname> to
configure no limit on a specific resource. The multiplicative
suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E
may be used for resource limits measured in bytes
diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml
index a724d88584..4a8d265fed 100644
--- a/man/systemd.mount.xml
+++ b/man/systemd.mount.xml
@@ -88,7 +88,8 @@
configured in a unit file <filename>home-lennart.mount</filename>.
For details about the escaping logic used to convert a file system
path to a unit name, see
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ Note that mount units cannot be templated.</para>
<para>Optionally, a mount unit may be accompanied by an automount
unit, to allow on-demand or parallelized mounting. See
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 3b55781d18..8847578bd7 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1089,46 +1089,107 @@ int config_parse_bounding_set(
return 0;
}
-int config_parse_limit(
- const char *unit,
- const char *filename,
- unsigned line,
- const char *section,
- unsigned section_line,
- const char *lvalue,
- int ltype,
- const char *rvalue,
- void *data,
- void *userdata) {
-
- struct rlimit **rl = data;
- rlim_t v;
- int r;
-
- assert(filename);
- assert(lvalue);
- assert(rvalue);
- assert(data);
+static int rlim_parse_u64(const char *val, rlim_t *res) {
+ int r = 0;
- rl += ltype;
-
- if (streq(rvalue, "infinity"))
- v = RLIM_INFINITY;
+ if (streq(val, "infinity"))
+ *res = RLIM_INFINITY;
else {
uint64_t u;
/* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
assert_cc(sizeof(rlim_t) == sizeof(uint64_t));
- r = safe_atou64(rvalue, &u);
+ r = safe_atou64(val, &u);
if (r >= 0 && u >= (uint64_t) RLIM_INFINITY)
r = -ERANGE;
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
- return 0;
- }
+ if (r == 0)
+ *res = (rlim_t) u;
+ }
+ return r;
+}
+
+static int rlim_parse_size(const char *val, rlim_t *res) {
+ int r = 0;
+
+ if (streq(val, "infinity"))
+ *res = RLIM_INFINITY;
+ else {
+ uint64_t u;
+
+ r = parse_size(val, 1024, &u);
+ if (r >= 0 && u >= (uint64_t) RLIM_INFINITY)
+ r = -ERANGE;
+ if (r == 0)
+ *res = (rlim_t) u;
+ }
+ return r;
+}
+
+static int rlim_parse_sec(const char *val, rlim_t *res) {
+ int r = 0;
+
+ if (streq(val, "infinity"))
+ *res = RLIM_INFINITY;
+ else {
+ usec_t t;
+
+ r = parse_sec(val, &t);
+ if (r < 0)
+ return r;
+ if (t == USEC_INFINITY)
+ *res = RLIM_INFINITY;
+ else
+ *res = (rlim_t) (DIV_ROUND_UP(t, USEC_PER_SEC));
+
+ }
+ return r;
+}
+
+static int rlim_parse_usec(const char *val, rlim_t *res) {
+ int r = 0;
+
+ if (streq(val, "infinity"))
+ *res = RLIM_INFINITY;
+ else {
+ usec_t t;
+
+ r = parse_time(val, &t, 1);
+ if (r < 0)
+ return r;
+ if (t == USEC_INFINITY)
+ *res = RLIM_INFINITY;
+ else
+ *res = (rlim_t) t;
+ }
+ return r;
+}
- v = (rlim_t) u;
+static int parse_rlimit_range(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *value,
+ struct rlimit **rl,
+ int (*rlim_parser)(const char *, rlim_t *)) {
+
+ rlim_t soft, hard;
+ _cleanup_free_ char *sword = NULL, *hword = NULL;
+ int nwords, r;
+
+ assert(value);
+
+ /* <value> or <soft:hard> */
+ nwords = extract_many_words(&value, ":", EXTRACT_DONT_COALESCE_SEPARATORS, &sword, &hword, NULL);
+ r = nwords < 0 ? nwords : nwords == 0 ? -EINVAL : 0;
+
+ if (r == 0)
+ r = rlim_parser(sword, &soft);
+ if (r == 0 && nwords == 2)
+ r = rlim_parser(hword, &hard);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", value);
+ return 0;
}
if (!*rl) {
@@ -1136,12 +1197,12 @@ int config_parse_limit(
if (!*rl)
return log_oom();
}
-
- (*rl)->rlim_cur = (*rl)->rlim_max = v;
+ (*rl)->rlim_cur = soft;
+ (*rl)->rlim_max = nwords == 2 ? hard : soft;
return 0;
}
-int config_parse_bytes_limit(
+int config_parse_limit(
const char *unit,
const char *filename,
unsigned line,
@@ -1154,8 +1215,6 @@ int config_parse_bytes_limit(
void *userdata) {
struct rlimit **rl = data;
- rlim_t bytes;
- int r;
assert(filename);
assert(lvalue);
@@ -1163,31 +1222,30 @@ int config_parse_bytes_limit(
assert(data);
rl += ltype;
+ return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_u64);
+}
- if (streq(rvalue, "infinity"))
- bytes = RLIM_INFINITY;
- else {
- uint64_t u;
-
- r = parse_size(rvalue, 1024, &u);
- if (r >= 0 && u >= (uint64_t) RLIM_INFINITY)
- r = -ERANGE;
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
- return 0;
- }
+int config_parse_bytes_limit(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
- bytes = (rlim_t) u;
- }
+ struct rlimit **rl = data;
- if (!*rl) {
- *rl = new(struct rlimit, 1);
- if (!*rl)
- return log_oom();
- }
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
- (*rl)->rlim_cur = (*rl)->rlim_max = bytes;
- return 0;
+ rl += ltype;
+ return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_size);
}
int config_parse_sec_limit(
@@ -1203,8 +1261,6 @@ int config_parse_sec_limit(
void *userdata) {
struct rlimit **rl = data;
- rlim_t seconds;
- int r;
assert(filename);
assert(lvalue);
@@ -1212,35 +1268,9 @@ int config_parse_sec_limit(
assert(data);
rl += ltype;
-
- if (streq(rvalue, "infinity"))
- seconds = RLIM_INFINITY;
- else {
- usec_t t;
-
- r = parse_sec(rvalue, &t);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
- return 0;
- }
-
- if (t == USEC_INFINITY)
- seconds = RLIM_INFINITY;
- else
- seconds = (rlim_t) (DIV_ROUND_UP(t, USEC_PER_SEC));
- }
-
- if (!*rl) {
- *rl = new(struct rlimit, 1);
- if (!*rl)
- return log_oom();
- }
-
- (*rl)->rlim_cur = (*rl)->rlim_max = seconds;
- return 0;
+ return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_sec);
}
-
int config_parse_usec_limit(
const char *unit,
const char *filename,
@@ -1254,8 +1284,6 @@ int config_parse_usec_limit(
void *userdata) {
struct rlimit **rl = data;
- rlim_t useconds;
- int r;
assert(filename);
assert(lvalue);
@@ -1263,33 +1291,10 @@ int config_parse_usec_limit(
assert(data);
rl += ltype;
+ return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_usec);
+}
- if (streq(rvalue, "infinity"))
- useconds = RLIM_INFINITY;
- else {
- usec_t t;
-
- r = parse_time(rvalue, &t, 1);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
- return 0;
- }
-
- if (t == USEC_INFINITY)
- useconds = RLIM_INFINITY;
- else
- useconds = (rlim_t) t;
- }
-
- if (!*rl) {
- *rl = new(struct rlimit, 1);
- if (!*rl)
- return log_oom();
- }
- (*rl)->rlim_cur = (*rl)->rlim_max = useconds;
- return 0;
-}
#ifdef HAVE_SYSV_COMPAT
int config_parse_sysv_priority(const char *unit,
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 1fd8e78f92..c5b4857017 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -298,7 +298,15 @@ static void bus_method_resolve_address_complete(DnsQuery *q) {
goto finish;
}
- /* We don't process CNAME for PTR lookups. */
+ r = dns_query_process_cname(q);
+ if (r == -ELOOP) {
+ r = sd_bus_reply_method_errorf(q->request, BUS_ERROR_CNAME_LOOP, "CNAME loop detected, or CNAME resolving disabled on '%s'", dns_question_name(q->question));
+ goto finish;
+ }
+ if (r < 0)
+ goto finish;
+ if (r > 0) /* This was a cname, and the query was restarted. */
+ return;
r = sd_bus_message_new_method_return(q->request, &reply);
if (r < 0)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index aeff3138d7..40b662246f 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1744,12 +1744,9 @@ int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, size_t *start) {
if (r < 0)
goto fail;
- /* The types bitmap must contain at least the NSEC record itself, so an empty bitmap means
- something went wrong */
- if (bitmap_isclear(rr->nsec.types)) {
- r = -EBADMSG;
- goto fail;
- }
+ /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
+ * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
+ * without the NSEC bit set. */
break;
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index c3973a316e..854f60be80 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -680,11 +680,21 @@ static void test_config_parse_rlimit(void) {
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 55);
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
+ assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "55:66", rl, NULL) >= 0);
+ assert_se(rl[RLIMIT_NOFILE]);
+ assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 55);
+ assert_se(rl[RLIMIT_NOFILE]->rlim_max == 66);
+
assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "infinity", rl, NULL) >= 0);
assert_se(rl[RLIMIT_NOFILE]);
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
+ assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "infinity:infinity", rl, NULL) >= 0);
+ assert_se(rl[RLIMIT_NOFILE]);
+ assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);
+ assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
+
rl[RLIMIT_NOFILE] = mfree(rl[RLIMIT_NOFILE]);
assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "56", rl, NULL) >= 0);
@@ -697,6 +707,11 @@ static void test_config_parse_rlimit(void) {
assert_se(rl[RLIMIT_CPU]->rlim_cur == 57);
assert_se(rl[RLIMIT_CPU]->rlim_cur == rl[RLIMIT_CPU]->rlim_max);
+ assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "40s:1m", rl, NULL) >= 0);
+ assert_se(rl[RLIMIT_CPU]);
+ assert_se(rl[RLIMIT_CPU]->rlim_cur == 40);
+ assert_se(rl[RLIMIT_CPU]->rlim_max == 60);
+
assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "infinity", rl, NULL) >= 0);
assert_se(rl[RLIMIT_CPU]);
assert_se(rl[RLIMIT_CPU]->rlim_cur == RLIM_INFINITY);
@@ -714,16 +729,31 @@ static void test_config_parse_rlimit(void) {
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 58);
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
+ assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "58:60", rl, NULL) >= 0);
+ assert_se(rl[RLIMIT_RTTIME]);
+ assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 58);
+ assert_se(rl[RLIMIT_RTTIME]->rlim_max == 60);
+
assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "59s", rl, NULL) >= 0);
assert_se(rl[RLIMIT_RTTIME]);
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 59 * USEC_PER_SEC);
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
+ assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "59s:123s", rl, NULL) >= 0);
+ assert_se(rl[RLIMIT_RTTIME]);
+ assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 59 * USEC_PER_SEC);
+ assert_se(rl[RLIMIT_RTTIME]->rlim_max == 123 * USEC_PER_SEC);
+
assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "infinity", rl, NULL) >= 0);
assert_se(rl[RLIMIT_RTTIME]);
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == RLIM_INFINITY);
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
+ assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "infinity:infinity", rl, NULL) >= 0);
+ assert_se(rl[RLIMIT_RTTIME]);
+ assert_se(rl[RLIMIT_RTTIME]->rlim_cur == RLIM_INFINITY);
+ assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
+
assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "2345ms", rl, NULL) >= 0);
assert_se(rl[RLIMIT_RTTIME]);
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 2345 * USEC_PER_MSEC);