summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-09-04tests: Skip tests which need to access /sys/fs/cgroup if that is not availableMartin Pitt
Commit efdb023 ("core: unified cgroup hierarchy support") introduced a new error ENOEXEC in cg_unified() if /sys/fs/cgroup/ is not available. Adjust the "skip" checks in various tests accordingly. Add a corresponding "skip" check to test-bus-creds as well, as sd_bus_creds_new_from_pid() now calls cg_unified() as well. This re-fixes "make check" in build chroots without /sys/fs/cgroup. https://github.com/systemd/systemd/issues/1132
2015-09-04Merge pull request #1142 from dvdhrm/proxy-nofileLennart Poettering
bus-proxy: increase NOFILE limit
2015-09-04Merge pull request #1141 from poettering/logind-fixesDaniel Mack
Various logind fixes
2015-09-04bus-proxy: increase NOFILE limitDavid Herrmann
The bus-proxy manages the kdbus connections of all users on the system (regarding the system bus), hence, it needs an elevated NOFILE. Otherwise, a single user can trigger ENFILE by opening NOFILE connections to the bus-proxy. Note that the bus-proxy still does per-user accounting, indirectly via the proxy/fake API of kdbus. Hence, the effective per-user limit is not raised by this. However, we now prevent one user from consuming the whole FD limit of the shared proxy. Also note that there is no *perfect* way to set this. The proxy is a shared object, so it needs a larger NOFILE limit than the highest limit of all users. This limit can be changed dynamically, though. Hence, we cannot protect against it. However, a raised NOFILE limit is a privilege, so we just treat it as such and basically allow these privileged users to be able to consume more resources than normal users (and, maybe, cause some limits to be exceeded by this). Right now, kdbus hard-codes 1024 max connections per user on each bus. However, we *must not* rely on this. This limits could be easily dropped entirely, as the NOFILE limit is a suitable limit on its on.
2015-09-04logind: when parsing a boolean via sd-bus the type must be "int"Lennart Poettering
And not bool.
2015-09-04logind: treat an empty wall message like a NULL oneLennart Poettering
2015-09-04hwdb: Update database of Bluetooth company identifiersMarcel Holtmann
2015-09-03udev: ignore ENOEXEC from cgroup lookupDavid Herrmann
The recent cgroup-rework changed the error code for un-mounted cgroupfs to ENOEXEC. Make sure udev ignores it just like ENOENT and does not spill warnings on the screen.
2015-09-03Merge pull request #1127 from neheb/masterDaniel Mack
hwdb: Add Mionix Mouse
2015-09-03Merge pull request #1134 from reverendhomer/patch-1Lennart Poettering
cgroup-util: Removed unreachable statement in cg_get_path
2015-09-03cg_get_path: Removed unreachable statementreverendhomer
controller cannot be NULL because if-statement in L509 has return Coverity #1322379
2015-09-03Merge pull request #1123 from phomes/scope-no-bool-vs-intLennart Poettering
scope: do not compare a bool return with "<= 0"
2015-09-03Merge pull request #1126 from phomes/indentation2Lennart Poettering
tree-wide: fix indentation
2015-09-02Add Mionix MouseMangix
2015-09-02tree-wide: fix indentationThomas Hindoe Paaboel Andersen
2015-09-02scope: do not compare a bool return with "<= 0"Thomas Hindoe Paaboel Andersen
2015-09-02Merge pull request #1119 from teg/virtio-namesKay Sievers
udev: net_id - support predictable ifnames on virtio buses
2015-09-02udev: net_id - support predictable ifnames on virtio busesTom Gundersen
Virtio buses are undeterministically enumerated, so we cannot use them as a basis for deterministic naming (see bf81e792f3c0). However, we are guaranteed that there is only ever one virtio bus for every parent device, so we can simply skip over the virtio buses when naming the devices.
2015-09-02Merge pull request #1118 from jsynacek/man-dot-d-v2Lennart Poettering
man: *.d conf directories: add note about initrd regeneration
2015-09-02Merge pull request #1116 from poettering/unified-rebasedLennart Poettering
core: unified cgroup hierarchy support
2015-09-02Merge pull request #1112 from poettering/sd-bus-container-fixesDavid Herrmann
machined and sd-bus container fixes
2015-09-02man: *.d conf directories: add note about initrd regenerationJan Synacek
2015-09-02Merge pull request #1117 from evverx/detect-parallels-virtDaniel Mack
virt: detect parallels virtualization
2015-09-02virt: detect parallels virtualizationEvgeny Vereshchagin
inspired by http://people.redhat.com/~rjones/virt-what/ see: * http://git.annexia.org/?p=virt-what.git;a=blob;f=virt-what.in;h=a5ed33ef3e4bfa3281c9589eccac4d92dff1babe;hb=HEAD#l200 * http://git.annexia.org/?p=virt-what.git;a=blob;f=virt-what.in;h=a5ed33ef3e4bfa3281c9589eccac4d92dff1babe;hb=HEAD#l253
2015-09-01core: unified cgroup hierarchy supportLennart Poettering
This patch set adds full support the new unified cgroup hierarchy logic of modern kernels. A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is added. If specified the unified hierarchy is mounted to /sys/fs/cgroup instead of a tmpfs. No further hierarchies are mounted. The kernel command line option defaults to off. We can turn it on by default as soon as the kernel's APIs regarding this are stabilized (but even then downstream distros might want to turn this off, as this will break any tools that access cgroupfs directly). It is possibly to choose for each boot individually whether the unified or the legacy hierarchy is used. nspawn will by default provide the legacy hierarchy to containers if the host is using it, and the unified otherwise. However it is possible to run containers with the unified hierarchy on a legacy host and vice versa, by setting the $UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0, respectively. The unified hierarchy provides reliable cgroup empty notifications for the first time, via inotify. To make use of this we maintain one manager-wide inotify fd, and each cgroup to it. This patch also removes cg_delete() which is unused now. On kernel 4.2 only the "memory" controller is compatible with the unified hierarchy, hence that's the only controller systemd exposes when booted in unified heirarchy mode. This introduces a new enum for enumerating supported controllers, plus a related enum for the mask bits mapping to it. The core is changed to make use of this everywhere. This moves PID 1 into a new "init.scope" implicit scope unit in the root slice. This is necessary since on the unified hierarchy cgroups may either contain subgroups or processes but not both. PID 1 hence has to move out of the root cgroup (strictly speaking the root cgroup is the only one where processes and subgroups are still allowed, but in order to support containers nicey, we move PID 1 into the new scope in all cases.) This new unit is also used on legacy hierarchy setups. It's actually pretty useful on all systems, as it can then be used to filter journal messages coming from PID 1, and so on. The root slice ("-.slice") is now implicitly created and started (and does not require a unit file on disk anymore), since that's where "init.scope" is located and the slice needs to be started before the scope can. To check whether we are in unified or legacy hierarchy mode we use statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in legacy mode, if it reports cgroupfs we are in unified mode. This patch set carefuly makes sure that cgls and cgtop continue to work as desired. When invoking nspawn as a service it will implicitly create two subcgroups in the cgroup it is using, one to move the nspawn process into, the other to move the actual container processes into. This is done because of the requirement that cgroups may either contain processes or other subgroups.
2015-09-01Merge pull request #1115 from phomes/hwdb-miceLennart Poettering
hwdb: more mice
2015-09-01hwdb: more miceThomas Hindoe Paaboel Andersen
2015-09-01Merge pull request #1098 from filbranden/cpuaffinity2Lennart Poettering
Getting rid of FOREACH_WORD_QUOTED and some more cleanup in config_parse_cpu_affinity2
2015-09-01Merge pull request #1107 from msekletar/selinux-get-raw-contextLennart Poettering
selinux: always use *_raw API from libselinux
2015-09-01sd-bus: when connecting to a container, don't fall back to host busLennart Poettering
We should never connect to the host bus as fallback if connecting to a container failed via one method. Otherwise connecting to a dbus1 container will always result in a connection to the host.
2015-09-01sd-bus: when connecting to a kdbus container bus pass error upLennart Poettering
We rely on the correct error used when opening the kdbus device node, hence let's make sure we pass it up from the namespaced child process to the process which actually wants to connect.
2015-09-01machined: introduce a ptsname_namespace() call and make use of itLennart Poettering
The call is like ptsname() but does not assume the pty path was accessible in the local namespace. It uses the same internal ioctl though.
2015-09-01machined: call unlockpt() in container, not hostLennart Poettering
It makes assumptions about the pty path, hence better call it in the container namespace rather than the host.
2015-09-01core: Log parse errors in config_parse_cpu_affinity2Filipe Brandenburger
2015-09-01Merge pull request #1111 from poettering/more-cgroup-fixesTom Gundersen
More cgroup fixes
2015-09-01Merge pull request #1099 from filbranden/joincontrollers2Lennart Poettering
Getting rid of FOREACH_WORD_QUOTED in config_parse_join_controllers
2015-09-01Merge pull request #1102 from heftig/masterLennart Poettering
build-sys: Look for gcc-* binutils wrappers only if we're using GCC
2015-09-01Merge pull request #1109 from phomes/man-typosLennart Poettering
man: fix typos in systemd-path.xml
2015-09-01Merge pull request #1110 from evverx/run-interactive-authLennart Poettering
run: enable interactive authorization
2015-09-01core: rework when we kill with which signalLennart Poettering
When the user wants to explicitly send our own PID a signal, then do so. Don't follow up SIGABRT with a SIGHUP if send_sighup is enabled. At that point the process should have segfaulted, hence there's no point in following up with a SIGHUP. Send only termination signals to ourselves, never KILL or ABRT signals.
2015-09-01core: don't allow changing the slice of a unit while it is activeLennart Poettering
2015-09-01unit: small clean-upsLennart Poettering
Always say when we ignore errors. Cast calls whose return value we knowingly ingore to (void). Use "bool" where we actually mean a boolean, even if we return it as an int later on.
2015-09-01core: when looking for the unit for a process, look at the PID hashmaps firstLennart Poettering
It's cheaper that going to cgroupfs, and also usually the better choice since it's not racy and can map PIDs even if they were moved to a different unit.
2015-09-01run: enable interactive authorizationEvgeny Vereshchagin
2015-09-01cgroup: the root cgroup is always populatedLennart Poettering
2015-09-01cgroup: drop "ignore_self" argument from cg_is_empty()Lennart Poettering
In all cases where the function (or cg_is_empty_recursive()) ignoring the calling process is actually wrong, as a process keeps a cgroup busy regardless if its the current one or another. Hence, let's simplify things and drop the "ignore_self" parameter.
2015-09-01cgroup: small cleanups and coding style fixesLennart Poettering
A number of simplications and adjustments to brings things closer to our coding style.
2015-09-01cgroup: don't allow hidden cgroupsLennart Poettering
We really should care for all cgroups, and not allow hidden ones.
2015-09-01cgroup: never migrate kernel threads out of the root cgroupLennart Poettering
It won't work anyway.
2015-09-01Merge pull request #1108 from phomes/dont-shadow-globalsDavid Herrmann
tree-wide: do not shadow the global var timezone