Age | Commit message (Collapse) | Author |
|
https://github.com/systemd/systemd/pull/4372#issuecomment-253723849:
* `mount_all (outer_child)` creates `container_dir/sys/fs/selinux`
* `mount_all (outer_child)` doesn't patch `container_dir/sys/fs` and so on.
* `mount_sysfs (inner_child)` tries to create `/sys/fs/cgroup`
* This fails
370 stat("/sys/fs", {st_dev=makedev(0, 28), st_ino=13880, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=60, st_atime=2016/10/14-05:16:43.398665943, st_mtime=2016/10/14-05:16:43.399665943, st_ctime=2016/10/14-05:16:43.399665943}) = 0
370 mkdir("/sys/fs/cgroup", 0755) = -1 EACCES (Permission denied)
* `mount_syfs (inner_child)` ignores that error and
mount(NULL, "/sys", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL) = 0
* `mount_cgroups` finally fails
|
|
https://github.com/systemd/systemd/pull/4372#discussion_r83354107:
I get `open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)`
327 mkdir("/proc", 0755 <unfinished ...>
327 <... mkdir resumed> ) = -1 EEXIST (File exists)
327 stat("/proc", <unfinished ...>
327 <... stat resumed> {st_dev=makedev(8, 1), st_ino=28585, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=1024, st_blocks=4, st_size=1024, st_atime=2016/10/14-02:55:32, st_mtime=2016/
327 mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL <unfinished ...>
327 <... mount resumed> ) = 0
327 lstat("/proc", <unfinished ...>
327 <... lstat resumed> {st_dev=makedev(0, 34), st_ino=1, st_mode=S_IFDIR|0555, st_nlink=75, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:35.971031263,
327 lstat("/proc/sys", {st_dev=makedev(0, 34), st_ino=4026531855, st_mode=S_IFDIR|0555, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:39.1630
327 openat(AT_FDCWD, "/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_PATH) = 11</proc>
327 name_to_handle_at(11</proc>, "sys", {handle_bytes=128}, 0x7ffe3a238604, AT_SYMLINK_FOLLOW) = -1 EOPNOTSUPP (Operation not supported)
327 name_to_handle_at(11</proc>, "", {handle_bytes=128}, 0x7ffe3a238608, AT_EMPTY_PATH) = -1 EOPNOTSUPP (Operation not supported)
327 openat(11</proc>, "sys", O_RDONLY|O_CLOEXEC|O_PATH) = 13</proc/sys>
327 open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
327 close(13</proc/sys> <unfinished ...>
327 <... close resumed> ) = 0
327 close(11</proc> <unfinished ...>
327 <... close resumed> ) = 0
-bash-4.3# ls -ld /proc/
dr-xr-xr-x 76 65534 65534 0 Oct 14 02:57 /proc/
-bash-4.3# ls -ld /proc/1
dr-xr-xr-x 9 root root 0 Oct 14 02:57 /proc/1
-bash-4.3# ls -ld /proc/1/fdinfo
dr-x------ 2 65534 65534 0 Oct 14 03:00 /proc/1/fdinfo
|
|
|
|
Fixes:
```
==28075== 64 bytes in 1 blocks are definitely lost in loss record 2 of 3
==28075== at 0x4C2BAEE: malloc (vg_replace_malloc.c:298)
==28075== by 0x4C2DCA1: realloc (vg_replace_malloc.c:785)
==28075== by 0x4ED40A2: greedy_realloc (alloc-util.c:57)
==28075== by 0x4E90F87: extract_first_word (extract-word.c:78)
==28075== by 0x4E91813: extract_many_words (extract-word.c:270)
==28075== by 0x10FE93: parse_line (sysusers.c:1325)
==28075== by 0x11198B: read_config_file (sysusers.c:1640)
==28075== by 0x111EB8: main (sysusers.c:1773)
==28075==
```
|
|
|
|
Fixes: #4431
|
|
|
|
This simply changes this line:
ConditionPathIsReadWrite=/proc/sys/
to this:
ConditionPathIsReadWrite=/proc/sys/net/
The background for this is that the latter is namespaced through network
namespacing usually and hence frequently set as writable in containers, even
though the former is kept read-only. If /proc/sys is read-only but
/proc/sys/net is writable we should run the sysctl service, as useful settings
may be made in this case.
Fixes: #4370
|
|
By default all user and all system services get stop timeouts for 90s. This is
problematic as the user manager of course is run as system service. Thus, if
the default time-out is hit for any user service, then it will also be hit for
user@.service as a whole, thus making the whole concept useless for user
services.
This patch extends the stop timeout to 120s for user@.service hence, so that
that the user service manager has ample time to process user services timing
out.
(The other option would have been to shorten the default user service timeout,
but I think a user service should get the same timeout by default as a system
service)
Fixes: #4206
|
|
Fixes:
```
==10750==
==10750== HEAP SUMMARY:
==10750== in use at exit: 96 bytes in 3 blocks
==10750== total heap usage: 1,711 allocs, 1,708 frees, 854,545 bytes
allocated
==10750==
==10750== 96 (64 direct, 32 indirect) bytes in 1 blocks are definitely
lost in loss record 3 of 3
==10750== at 0x4C2DA60: calloc (vg_replace_malloc.c:711)
==10750== by 0x4EB3BDA: calendar_spec_from_string
(calendarspec.c:771)
==10750== by 0x109675: test_hourly_bug_4031 (test-calendarspec.c:118)
==10750== by 0x10A00E: main (test-calendarspec.c:202)
==10750==
==10750== LEAK SUMMARY:
==10750== definitely lost: 64 bytes in 1 blocks
==10750== indirectly lost: 32 bytes in 2 blocks
==10750== possibly lost: 0 bytes in 0 blocks
==10750== still reachable: 0 bytes in 0 blocks
==10750== suppressed: 0 bytes in 0 blocks
==10750==
==10750== For counts of detected and suppressed errors, rerun with: -v
==10750== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
```
|
|
Allow ./autogen.sh to take parameters for configure
|
|
three minor fixes: document /dev/console/SAK handling + another cgroups wording fix + document User= default
|
|
Replaces: #4375
|
|
Just to make sure the next one reading this isn't surprised that the fd isn't
kept open. SAK and stuff...
Fix suggested:
https://github.com/systemd/systemd/pull/4366#issuecomment-253659162
|
|
|
|
Two unrelated patches: man page tweaks and rlimit log levels
|
|
|
|
And also hide make clean output which is very verbose and not particularly
interesting.
|
|
It is sometimes nice to run autogen with some configure parameters.
For example:
./autogen.sh c --disable-manpages
So pass any extra args after the [cgals] verb to the configure command.
Also, check that the verb is correct (empty or one of the known letters)
before doing any non-trivial work.
|
|
Since we ignore the result anyway, downgrade errors to warning.
log_oom() will still emit an error, but that's mostly theoretical, so it
is not worth complicating the code to avoid the small inconsistency
|
|
As suggested in
https://github.com/systemd/systemd/pull/4367#issuecomment-253670328
|
|
Journald fix flush when restarting (#4190)
|
|
Fixes #4410. Also includes two minor improvements to the previous
sentence.
|
|
tests: add smoke test for systemd-nspawn
|
|
Various install-related tweaks
|
|
This is a follow-up for 9ee051b9c7623
|
|
|
|
Now that determine_space_for() only deals with storage space (cached) values,
rename it so it reflects the fact that only the cached storage space values are
updated.
|
|
Updating min_use is rather an unusual operation that is limited when we first
open the journal files, therefore extracts it from determine_space_for() and
create a function of its own and call this new function when needed.
determine_space_for() is now dealing with storage space (cached) values only.
There should be no functional changes.
|
|
Introduce a dedicated helper in order to reset the storage space cache.
|
|
The set of storage space values we cache are calculated according to a couple
of filesystem statistics (free blocks, block size).
This patch caches the vfs stats we're interested in so these values are
available later and coherent with the rest of the space cached values.
|
|
This patch makes system_journal_open() stop emitting the space usage
message. The caller is now free to emit this message when appropriate.
When restarting the journal, we can now emit the message *after*
flushing the journal (if required) so that all flushed log entries are
written in the persistent journal *before* the status message.
This is required since the status message is always younger than the
flushed entries.
Fixes #4190.
|
|
This commit simply extracts from determine_space_for() the code which emits the
storage usage message and put it into a function of its own so it can be reused
by others paths later.
No functional changes.
|
|
This structure keeps track of specificities for a given journal type
(persistent or volatile) such as metrics, name, etc...
The cached space values are now moved in this structure so that each
journal has its own set of cached values.
Previously only one set existed and we didn't know if the cached
values were for the runtime journal or the persistent one.
When doing:
determine_space_for(s, runtime_metrics, ...);
determine_space_for(s, system_metrics, ...);
the second call returned the cached values for the runtime metrics.
|
|
This commit simply extracts from determine_space_for() the code which
determines the FS usage where the passed path lives (statvfs(3)) and put it
into a function of its own so it can be reused by others paths later.
No functional changes.
|
|
When a unit file is invalid, we'd return an error without any details:
$ systemctl --root=/ enable testing@instance.service
Failed to enable: Invalid argument.
Fix things to at least print the offending file name:
$ systemctl enable testing@instance.service
Failed to enable unit: File testing@instance.service: Invalid argument
$ systemctl --root=/ enable testing@instance.service
Failed to enable unit, file testing@instance.service: Invalid argument.
A real fix would be to pass back a proper error message from conf-parser.
But this would require major surgery, since conf-parser functions now
simply print log errors, but we would need to return them over the bus.
So let's just print the file name, to indicate where the error is.
(Incomplete) fix for #4210.
|
|
Test case:
[Install]
WantedBy= default.target
Also=getty@%p.service
$ ./systemctl --root=/ enable testing@instance.service
Created symlink /etc/systemd/system/default.target.wants/testing@instance.service → /etc/systemd/system/testing@.service.
Created symlink /etc/systemd/system/getty.target.wants/getty@testing.service → /usr/lib/systemd/system/getty@.service.
$ ./systemctl --root=/ disable testing@instance.service
Removed /etc/systemd/system/getty.target.wants/getty@testing.service.
Removed /etc/systemd/system/default.target.wants/testing@instance.service.
Fixes part of #4210.
Resolving specifiers in DefaultInstance seems to work too:
[Install]
WantedBy= default.target
DefaultInstance=%u
$ systemctl --root=/ enable testing3@instance.service
Created symlink /etc/systemd/system/default.target.wants/testing3@instance.service → /etc/systemd/system/testing3@.service.
$ systemctl --root=/ enable testing3@.service
Created symlink /etc/systemd/system/default.target.wants/testing3@zbyszek.service → /etc/systemd/system/testing3@.service.
|
|
Test case:
[Install]
WantedBy= default.target
Also=foobar-unknown.service
Before:
$ systemctl --root=/ enable testing2@instance.service
Failed to enable: No such file or directory.
After
$ ./systemctl --root=/ enable testing2@instance.service
Failed to enable unit, file foobar-unknown.service: No such file or directory.
|
|
With the following test case:
[Install]
WantedBy= default.target
Also=foobar-unknown.service
disabling would fail with:
$ ./systemctl --root=/ disable testing.service
Cannot find unit foobar-unknown.service. # this is level debug
Failed to disable: No such file or directory. # this is the error
After the change we proceed:
$ ./systemctl --root=/ disable testing.service
Cannot find unit foobar-unknown.service.
Removed /etc/systemd/system/default.target.wants/testing.service.
This does not affect specifying a missing unit directly:
$ ./systemctl --root=/ disable nosuch.service
Failed to disable: No such file or directory.
|
|
systemctl: use underlines to seperate unit types in listing
|
|
Fixes #4371.
|
|
This commit adds a `fd` option to `StandardInput=`,
`StandardOutput=` and `StandardError=` properties in order to
connect standard streams to externally named descriptors provided
by some socket units.
This option looks for a file descriptor named as the corresponding
stream. Custom names can be specified, separated by a colon.
If multiple name-matches exist, the first matching fd will be used.
|
|
Fixes #4365.
|
|
Basically, this test runs:
```
systemd-nspawn --register=no -D "$_root" -b
systemd-nspawn --register=no -D "$_root" --private-network -b
systemd-nspawn --register=no -D "$_root" -U -b
systemd-nspawn --register=no -D "$_root" --private-network -U -b
```
and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]`
Inspired by
* systemd#3589 (comment)
* systemd#4372 (comment)
* systemd#4223 (comment)
* systemd#1555
and so on :-)
|
|
|
|
|
|
|
|
(printf("%.*s", -1, "…") is the same as not specifying the precision at all.)
v2: also underline highlighted (failing) units
Fixes #4137.
|
|
Let's avoid the overly abbreviated "cgroups" terminology. Let's instead write:
"Linux Control Groups (cgroups)" is the long form wherever the term is
introduced in prose. Use "control groups" in the short form wherever the term
is used within brief explanations.
Follow-up to: #4381
|
|
Escape unit names for the eval call in _call_program
The value of the Id property is transformed back into a unit name
usable by systemctl.
system-systemd\x5cx2dcryptsetup.slice -> system-systemd\x2dcryptsetup.slice
Also filter units by property via parameter expansion, not a for loop
|