Age | Commit message (Collapse) | Author |
|
Otherwise it might be passed in as 0, which is a valid fd, but usually
does not refer to a real endpoint.
|
|
This way we know that any bridges and other user-created network devices
are in place, and can be properly added to the container.
In the long run this should be dropped, and replaced by direct calls
inside nspawn that cause the devices to be created when necessary.
|
|
Under the assumption that strcmp() is cheaper than memory allocation,
let's avoid the allocation, if the new value is identical to the old.
|
|
Let's just pass on what the user set for us.
|
|
|
|
CID# 1297428
|
|
CID#1297436
|
|
|
|
In the initrafms, generate a systemd-fsck-root.service to replace
systemd-fsck@<sysroot-device>.service. This way, after we transition
to the real root, systemd-fsck-root.service is marked as already done.
This introduces an unnecessary synchronization point, because
systemd-fsck@* is ordered after systemd-fsck-root also in the
initramfs. In practice this shouldn't be a problem.
https://bugzilla.redhat.com/show_bug.cgi?id=1201979
C.f. 956eaf2b8d6c9999024705ddadc7393bc707de02.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1147651
|
|
|
|
|
|
Simply query the size of the hashmap keeping all the worker contexts instead.
|
|
This makes the code somewhat more readable.
|
|
Make the worker context have the same life-span as the worker process. It is created on fork()
and free'd on SIGCHLD.
The change means that we can get worker_returned() for a worker context that is no longer around,
this is not a problem and we can just drop the message. The only use for worker_returned() is to
know to reschedule events to workers that are still around, so if the worker has already exited
it is not important to keep track of. We still print a debug statement in this case to be on the
safe side.
|
|
|
|
Eeeew!
|
|
CID#1296244
|
|
|
|
Follow the coding style and avoid the exit handlers.
|
|
We never return magic exit codes, but just EXIT_FAILUER or EXIT_SUCCESS.
|
|
|
|
|
|
|
|
Take and drop explicit references where it makes sense.
|
|
This is not used in the worker, so avoid having to free it there.
|
|
|
|
We used to use this to track failed events so they could be retriggered,
but that is no longer done, so the code can be dropped.
|
|
|
|
|
|
|
|
|
|
Whenever systemd is re-executed, it tries to create a system bus via
kdbus. If the system did not have kdbus loaded during bootup, but the
module is loaded later on manually, this will cause two system buses
running (kdbus and dbus-daemon in parallel).
This patch makes sure we never try to create kdbus buses if it wasn't
explicitly requested on the command-line.
|
|
Not needed since 99f861310d3f05f4.
|
|
On read-only filesystems trying to create the target will not fail with
EEXIST but with EROFS. Handle EROFS by checking if the target already
exists, and if empty when truncating.
This avoids reporting errors if tmpfiles doesn't actually needs to do
anything.
[zj: revert condition to whitelist rather then blacklisting, and add goto
to avoid stat'ting twice.]
|
|
|
|
They are not currently used, but the Makefile rules don't know that.
It's easier to ignore them, then to special-case creation rules.
|
|
Continuing the general trend of splitting up util.[ch]. I specifically
want to reuse this code in https://github.com/GNOME/libglnx and
having it split up will make future copy-pasting easier.
|
|
machined is getting an EACCES when trying to create the lock file for
images because the mode on /run/systemd/nspawn/locks is 0600.
mkdir("/run/systemd/nspawn/locks", 0600) = -1 EEXIST (File exists)
stat("/run/systemd/nspawn/locks", {st_mode=S_IFDIR|0600, st_size=40, ...}) = 0
open("/run/systemd/nspawn/locks/inode-41:256", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC, 0600) = -1 EACCES (Permission denied)
This commit adjusts the mode to 0700 to correct the issue.
|
|
|
|
|
|
hostname and machine id unmodified
|
|
Previously, the man page suggested to only use nspawn for testing,
building, and debugging things. However, it is nowadays used in
production and used as building block for rocket, hence let's just admit
that it's pretty much production ready.
|
|
from unit names
Let's better be safe then sorry.
|
|
|
|
A variety of changes:
- Make sure all our calls distuingish OOM from other errors if OOM is
not the only error possible.
- Be much stricter when parsing escaped paths, do not accept trailing or
leading escaped slashes.
- Change unit validation to take a bit mask for allowing plain names,
instance names or template names or an combination thereof.
- Refuse manipulating invalid unit name
|
|
We should be more strict when verifying paths with path_is_safe() for
potentially dangerous constructs, and that includes lengths of
PATH_MAX-1 and larger. Be more accurate here.
|
|
|
|
|