| Age | Commit message (Collapse) | Author |
|---|
|
nspawn and the container child use eventfd to wait and notify each other
that they are ready so the container setup can be completed.
However in its current form the wait/notify event ignore errors that
may especially affect the child (container).
On errors the child will jump to the "child_fail" label and terminate
with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd
is created without the "EFD_NONBLOCK" flag, this leaves the parent
blocking on the eventfd_read() call. The container can also be killed
at any moment before execv() and the parent will not receive
notifications.
We can fix this by using cheap mechanisms, the new high level eventfd
API and handle SIGCHLD signals:
* Keep the cheap eventfd and EFD_NONBLOCK flag.
* Introduce eventfd states for parent and child to sync.
Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or
EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the
parent from waiting on an event that will never come.
* If the child is killed before execv() or before notifying the parent,
we install a NOP handler for SIGCHLD which will interrupt blocking calls
with EINTR. This gives a chance to the parent to call wait() and
terminate in main().
* If there are no errors, parent will block SIGCHLD, restore default
handler and notify child which will do execv(), then parent will pass
control to process_pty() to do its magic.
This was exposed in part by:
https://bugs.freedesktop.org/show_bug.cgi?id=76193
Reported-by: Tobias Hunger tobias.hunger@gmail.com
|
|
Move the container wait logic into its own wait_for_container() function
and add two status codes: CONTAINER_TERMINATED or CONTAINER_REBOOTED.
The status will be stored in its argument, this way we handle:
a) Return negative on failures.
b) Return zero on success and set the status to either
CONTAINER_REBOOTED or CONTAINER_TERMINATED.
These status codes are used to terminate nspawn or loop again in case of
CONTAINER_REBOOTED.
|
|
|
|
There was this code:
if (to_path_len > 0)
memcpy(p, to_path, to_path_len);
That didn't add the terminating zero, so the resulting string was
corrupt if this code path was taken.
Using strcpy() instead of memcpy() solves this issue, and also
simplifies the code.
Previously there was special handling for shortening "../../" to
"../..", but that has now been replaced by a path_kill_slashes() call,
which also makes the result prettier in case the input contains
redundant slashes that would otherwise be copied to the result.
|
|
|
|
|
|
|
|
|
|
Also some small grammar updates.
|
|
|
|
Now that we have two options described in the same paragraph, we cannot
use singular anymore.
|
|
|
|
|
|
vendor string array.
The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID.
https://bugs.freedesktop.org/show_bug.cgi?id=78312
|
|
|
|
|
|
|
|
|
|
Create initial stamp file with compiled-in time to prevent bootups
with clocks in the future from storing invalid timestamps.
At shutdown, only update the timestamp if we got an authoritative
time to store.
|
|
|
|
|
|
Djalal Harouni <tixxdz@opendz.org>:
There is also this one genrated by LTO, IMO it's a false positive since
we do *check* for "lease" but the code is not consistent since in that
code path, "lease" is initialized to NULL in other places, except for
this one:
src/resolve/resolved-manager.c: In function 'manager_update_resolv_conf':
src/libsystemd-network/sd-dhcp-lease.c:67:18: warning: 'lease' may be used uninitialized in this function [-Wmaybe-uninitialized]
if (lease->dns_size) {
^
src/network/sd-network.c:146:24: note: 'lease' was declared here
sd_dhcp_lease *lease;
^
|
|
|
|
|
|
drop-ins don't carry the main configuration of a unit, hence read them
if we can't, complain if we cannot, but don't fail.
|
|
because it is missing
After all, we want to be able to boot with /etc empty one day...
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html
|
|
File locking is usually a bad idea, don't suggest using it.
|
|
|
|
This undoes part of commit e6a4a517befe559adf6d1dbbadf425c3538849c9.
Instead of removing the error message about non-empty journal bind mount
directories, simply downgrade the message to a warning and proceed.
|
|
|
|
Only accept cpu quota values in percentages, get rid of period
definition.
It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values.
|
|
|
|
Better be safe than sorry...
|
|
|
|
unescaped by parse_env_file()
|
|
On Thu, May 22, 2014 at 9:53 AM, Jan Engelhardt <jengelh@inai.de> wrote:
>
> If libsystemd-network.la is relying on that udev function, it ought
> to specify libudev(-internal).la in libsystemd_network_la_LIBADD.
|
|
dentry
Currently if nspawn was called with --link-journal=host or
--link-journal=auto and the right /var/log/journal/machine-id/ exists
then the bind mount the subdirectory into the container might fail due
to the ~/mycontainer/var/log/journal/machine-id/ of the container not
being empty.
There is no reason to check if the container journal subdir is empty
since there will be a bind mount on top of it. The user asked for a bind
mount so give it.
Note: a next call with --link-journal=guest may fail due to the
/var/log/journal/machine-id/ on the host not being empty.
https://bugs.freedesktop.org/show_bug.cgi?id=76193
Reported-by: Tobias Hunger <tobias.hunger@gmail.com>
|
|
The verbose link-time deprecation warnings are annoying. These libs
will never change or be extended; there is no need to test the list
of exported symbols.
|
|
./.libs/libsystemd-network.a(libsystemd_network_la-network-internal.o):
network-internal.c:function net_get_unique_predictable_data:
error: undefined reference to 'udev_device_get_property_value'
collect2: error: ld returned 1 exit status
|
|
|
|
The build fails if kmod is not in a default location.
|
|
|
|
This is the behaviour the kernel cgroup rework exposes for all
controllers, hence let's do this already now for all cases.
|
|
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io
weights, and keep the startup unit set around all the time.
|
|
Similar to CPUShares= and BlockIOWeight= respectively. However only
assign the specified weight during startup. Each control group
attribute is re-assigned as weight by CPUShares=weight and
BlockIOWeight=weight after startup. If not CPUShares= or
BlockIOWeight= be specified, then the attribute is re-assigned to each
default attribute value. (default cpu.shares=1024, blkio.weight=1000)
If only CPUShares=weight or BlockIOWeight=weight be specified, then
that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
|
|
This reverts commit 351efdc7a4d900a1aebca517dd0b46b89cdd7306.
|
|
|
|
This fallback will anyway never get tested, so rip it out.
|
|
|
