Age | Commit message (Collapse) | Author |
|
|
|
After all, we want to allow userspace to get new privs...
|
|
|
|
Previously a cgroup setting down tree would result in cgroup membership
additions being propagated up the tree and to the siblings, however a
unit could never lose cgroup memberships again. With this change we'll
make sure that both cgroup additions and removals propagate properly.
|
|
If PID 1 debug logging is enabled, it is nice to keep those settings
when switching to systemd-shutdown binary, independently of whether
this was done through /proc/cmdline options, or through runtime
manipulations.
|
|
|
|
In cryptsetup-generator automatic cleanup had to be replaced
with manual cleanup, and the code gets a bit longer. But existing
code had the issue that it returned negative values from main(),
which was wrong, so should be reworked anyway.
|
|
At login there is a small race window where session_get_state() will
return SESSION_ACTIVE instead of SESSION_OPENING. This must be fixed
since during that time there are calls to session_save() to save
session states and we want to write the correct state.
When we queue the start scope and service jobs, we wait for both of them
to finish before calling and continue processing in:
"session_jobs_reply() => session_send_create_reply()"
to create the session fifo and notify clients.
However, in the match_job_removed() D-Bus signal, we may hit situations
where the scope job has successfully finished and we are still waiting
for the user service job to finish. During that time the
"session->scope_job" will be freed and set to NULL, this makes
session_get_state() return SESSION_ACTIVE before it is really active, it
should return SESSION_OPENING since we are still waiting for the service
job to finish in order to create the session fifo.
To fix this, we also check if the session fifo fd was created, if so then
the session has entered the SESSION_ACTIVE state, if not then it is still
in the SESSION_OPENING state and it is waiting for the scope and service
jobs to finish.
|
|
This fixes a regression introduced in e5002702.
|
|
The kernel will then look up the ifindex itself based on the name.
This should be used very carefully as it is racey.
[This was a left-over hunk from my previous nspawn patch.]
|
|
strv_append was removed in e3e45d4f82daa5cd85ba40dde9127df900096c0c
|
|
|
|
This adds the host side of the veth link to the given bridge.
Also refactor the creation of the veth interfaces a bit to set it up
from the host rather than the container. This simplifies the addition
to the bridge, but otherwise the behavior is unchanged.
|
|
|
|
|
|
Fix for commit e10c9985bb.
|
|
|
|
We want to reuse these functions for the server library too.
|
|
|
|
|
|
Split the recevie_message callback into _raw and _udp parts and a generic
DHCPMessage handler.
Also always verify the xid/MAC, rather than only for udp messages.
|
|
We can always know the size based on the type, so let's do this inside the library.
|
|
The kernel will happily treat 0x0 as 0xffffffff, but it is for backwards
compatibility only, so let's not perpetuate this.
|
|
|
|
|
|
Several sections of the man pages included intermixed tabs and spaces;
this commit replaces all tabs with spaces.
|
|
Actually 'STDOUT' is something that doesn't appear anywhere: in the
stdlib we have 'stdin', and there's only the constant STDOUT_FILENO,
so there's no reason to use capitals. When refering to code,
STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in
other places they are replaced with normal phrases like standard
output, etc.
|
|
* standardize capitalization of STDIN, STDOUT, and STDERR
* reword some sentences for clarity
* reflow some very long lines to be shorter than ~80 characters
* add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags
|
|
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd
actually reaps the zombie. Which leads to service_load_pid_file accepting
zombie as a valid pid.
This fixes timeouts like:
[ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing.
[ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring.
[ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing.
[ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
|
|
|
|
That is, without --enable-kdbus and kdbus running.
With --enable-kdbus things are more complicated, because dbus might be
necessary, if kdbus is missing at runtime. If it is not necessary,
the socket will be started, which is not imporant, but not the service.
|
|
|
|
I got some errors about lack of disk space... 100MB either way
shouldn't matter.
|
|
|
|
|
|
When invoked without -D in an arbitrary directory we should not try to
execute anything, make some validity checks first.
|
|
actual sources, so that we don't get spurious newlines in the man page output
|
|
|
|
because we don't know anything about the main pid, do so at debug level
|
|
notification messages
|
|
|
|
The behavior of this is a little cryptic in that $MAINPID must exit as
a direct result of receiving a signal in order for a listed signal to
be considered a success condition.
|
|
The conf_files_list family accepts an alternate root path to prefix all
directories in the list but path_strv_canonicalize_uniq doesn't use it.
This results in the suspicious behavior of resolving directory symlinks
based on the contents of / instead of the alternate root.
This adds a prefix argument to path_strv_canonicalize which will now
prepend the prefix, if given, to every path in the list. To avoid
answering what a relative path means when called with a root prefix
path_strv_canonicalize is now path_strv_canonicalize_absolute and only
considers absolute paths. Fortunately all users of already call
path_strv_canonicalize with a list of absolute paths.
|
|
Currently if the user logs out, the GC may never call user_stop(),
this will not terminate the systemd user and (sd-pam) of that user.
To fix this, remove the USER_CLOSING state check that is blocking the
GC from calling user_stop(). Since if user_check_gc() returns false
this means that all the sessions of the user were removed which will
make user_get_state() return USER_CLOSING.
Conclusion: that test will never be statisfied.
So we remove the USER_CLOSING check and replace it with a check inside
user_stop() this way we know that user_stop() has already queued stop
jobs, no need to redo.
This ensures that the GC will get its two steps correctly as pointed out
by Lennart:
http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html
Note: this also fixes another bug that prevents creating the user
private dbus socket which will break communications with the user
manager.
|
|
containers
The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.
|
|
|
|
|
|
This was inadvertantly disturbed in e3e0314b when glob support was
added.
|
|
|
|
|