Age | Commit message (Collapse) | Author |
|
With this change -U will turn on user namespacing only if the kernel actually
supports it and otherwise gracefully degrade to non-userns mode.
|
|
In nspawn we invoke copy_bytes() on a TTY fd. copy_file_range() returns EBADF
on a TTY and this error is considered fatal by copy_bytes() so far. Correct
that, so that nspawn's copy_bytes() operation works again.
This is a follow-up for a44202e98b638024c45e50ad404c7069c7835c04.
|
|
This moves the O_TMPFILE handling from the coredumping code into common library
code, and generalizes it as open_tmpfile_linkable() + link_tmpfile(). The
existing open_tmpfile() function (which creates an unlinked temporary file that
cannot be linked into the fs) is renamed to open_tmpfile_unlinkable(), to make
the distinction clear. Thus, code may now choose between:
a) open_tmpfile_linkable() + link_tmpfile()
b) open_tmpfile_unlinkable()
Depending on whether they want a file that may be linked back into the fs later
on or not.
In a later commit we should probably convert fopen_temporary() to make use of
open_tmpfile_linkable().
Followup for: #3065
|
|
Before we invoke now(CLOCK_BOOTTIME), let's make sure we actually have that
clock, since now() will otherwise hit an assert.
Specifically, let's refuse CLOCK_BOOTTIME early in sd-event if the kernel
doesn't actually support it.
This is a follow-up for #3037, and specifically:
https://github.com/systemd/systemd/pull/3037#issuecomment-210199167
|
|
This adds a new GetProcesses() bus call to the Unit object which returns an
array consisting of all PIDs, their process names, as well as their full cgroup
paths. This is then used by "systemctl status" to show the per-unit process
tree.
This has the benefit that the client-side no longer needs to access the
cgroupfs directly to show the process tree of a unit. Instead, it now uses this
new API, which means it also works if -H or -M are used correctly, as the
information from the specific host is used, and not the one from the local
system.
Fixes: #2945
|
|
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface.
This fixes #3046.
Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled.
Introduce network_has_static_ipv6_addresses() to find out if any static
ipv6 address configured.
If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static
IPv6 addresses not configured, then IPv6 will be automatically disabled for that
interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
|
|
After all it's something that we query over and over.
For example, systemctl calls colors_enabled() four times for each failing
service. The compiler is unable to optimize those calls away because they
(potentially) accesses external and global state through on_tty() and
getenv().
|
|
Otherwise building may fail with:
src/basic/user-util.c: In function 'get_home_dir':
src/basic/user-util.c:343:9: error: implicit declaration of function 'secure_getenv' [-Werror=implicit-function-declaration]
|
|
|
|
Fixes #3047.
|
|
|
|
|
|
We don#t really support systems where XDG_RUNTIME_DIR is not supported for
systemd --user. Hence, let's always set our own XDG_RUNTIME_DIR for tests that
involve systemd --user, so that we know it is set, and that it doesn't polute
the user's actual runtime dir.
|
|
numbers
And port all code over to use it.
|
|
it's unused, and should we need it one day we can always resurrect it from git
history.
|
|
Always warn if something fails, and clarify that the involved utility functions
do so in their name.
Drop the REBOOT_PARAM_FILE macro. We don't do this for other flag file paths
like this, so don't do this for this one either. The path isn't configurable
anyway, hence let's make this easier to read by avoiding this one indirection.
|
|
Let's be extra careful with the umask when we use simple fopen(), as this
creates files with 0777 by default.
|
|
With this change the logic for placing transient unit files and drop-ins
generated via "systemctl set-property" is reworked.
The latter are now placed in the newly introduced "control" unit file
directory. The fomer are now placed in the "transient" unit file directory.
Note that the properties originally set when a transient unit was created will
be written to and stay in the transient unit file directory, while later
changes are done via drop-ins.
This is preparation for a later "systemctl revert" addition, where existing
drop-ins are flushed out, but the original transient definition is restored.
|
|
CID #1304689.
|
|
Man coredump sysctl
|
|
Add a test for nss modules and some related fixes
|
|
nss-dns is also "tested". It should be almost always available,
and provides a reference for comparison.
|
|
|
|
*.localdomain != localhost
|
|
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any
product expecting *.localdomain to resolve to localhost, however I am aware of
at least one product that defaults to ".localdomain" as its DNS suffix provided
via DHCP (pfSense). This leads to unexpected results when attempting to access
a host that's offline (or a host that's online, when nsswitch.conf is
[mis-]configured to have myhostname ahead of DNS).
Operate on:
localhost (and localhost.)
*.localhost (and *.localhost.)
localhost.localdomain (and localhost.localdomain.)
*.localhost.localdomain (and *.localhost.localdomain.)
We should not cover:
*.localdomain (nor *.localdomain.)
localdomain (nor localdomain.)
|
|
* tests-functions: improve FSTYPE-support
make clean setup FSTYPE=reiserfs is working fine now :)
* basic: fallback to fstatat if entry->d_type is DT_UNKNOWN
Fixes localectl on reiserfs:
-bash-4.3# mkdir -p /usr/lib/locale
-bash-4.3# stat -f /usr/lib/locale/
File: "/usr/lib/locale/"
ID: bdb0322715b5366e Namelen: 255 Type: reiserfs
Block size: 4096
Blocks: Total: 99835 Free: 60262 Available: 60262
Inodes: Total: 0 Free: 0
-bash-4.3# mkdir /usr/lib/locale/HeyHo
-bash-4.3# localectl list-locales --no-pager
-bash-4.3# mount -t tmpfs tmpfs /usr/lib/locale
-bash-4.3# mkdir /usr/lib/locale/HeyHo
-bash-4.3# localectl list-locales --no-pager
HeyHo
|
|
In preparation for subsequent changes.
|
|
Both types are unsigned, so the cast to the longer type is automatic.
|
|
The patch is not minimal, but a function to parse size_t is probably
going to come in handy in other places, so I think it's nicer to define
a proper parsing function than to open-code the cast.
|
|
|
|
Earlier during the development of unified hierarchy, the populated event was
reported through by the dedicated "cgroup.populated" file; however, the
interface was updated so that it's reported through the "populated" field of
"cgroup.events" file. Update populated event handling logic accordingly.
|
|
Since Linux v4.4-rc1, __DEVEL__sane_behavior does not exist anymore and
is replaced by a new fstype "cgroup2".
With this patch, systemd no longer supports the old (unstable) way of
doing unified hierarchy with __DEVEL__sane_behavior and systemd now
requires Linux v4.4 for unified hierarchy.
Non-unified hierarchy is still the default and is unchanged by this
patch.
https://github.com/torvalds/linux/commit/67e9c74b8a873408c27ac9a8e4c1d1c8d72c93ff
|
|
Fixes #2823.
Also remove unnecessary feof check.
|
|
Use sendfile smarter
|
|
We have a bunch of syscall wrapper definitions and it's easier to
see that they follow the same pattern if they are not interspersed
with other defines.
Change the wrappers to be uniform:
- if __NR_XXX is not defined, do not bother to call the syscall,
and return -1/ENOSYS immediately.
- do not check __NR_XXX defines if we detect the symbol as defined,
since we don't need them anyway
- reindent stuff for readability
New file basic/missing_syscall.h is included at the end of missing.h
because it might make use of some of the definitions in missing.h.
|
|
For btrfs, c_f_r() is like BTRFS_IOC_CLONE which we already used, but also
works when max_bytes is set. We do call copy_bytes in coredump code with
max_bytes set, and for large files, so we might see some benefit from using
c_f_r() on btrfs.
For other filesystems, c_f_r() falls back to do_splice_direct(), the same as
sendfile, which we already call, so there shouldn't be much difference.
Tested with test-copy and systemd-coredump on Linux 4.3 (w/o c_f_r)
and 4.5 (w/ c_f_r).
|
|
syscall numbers based on:
https://fedora.juszkiewicz.com.pl/syscalls.html
|
|
Clang warnings
|
|
selinux: use *_raw API from libselinux
|
|
|
|
|
|
The attribute was removed in commit c047507 in the clang repository as it
was never properly implemented anyway. Avoid using the attribute with
clang because it generates a ton of annoying warnings.
|
|
We called sendfile with 16kb (a.k.a. COPY_BUFFER_SIZE) as the maximum
number of bytes to copy. This seems rather inefficient, especially with
large files. Instead, call sendfile with a "large" maximum.
What "large" max means is a bit tricky: current file offset + max
must fit in loff_t. This means that as we call sendfile more than once,
we have to lower the max size.
With this patch, test-copy calls sendfile twice, e.g.:
sendfile(4, 3, NULL, 9223372036854775807) = 738760
sendfile(4, 3, NULL, 9223372036854037047) = 0
The second call is necessary to determine EOF.
|
|
It was added in 2.6.39, and causes an assertion to fail when running in mock
hosted on 2.6.23-based RHEL-6:
Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
|
|
Since glibc is moving away from implicitly including sys/sysmacros.h
all the time via sys/types.h, include the header directly in more
places. This seems to cover most makedev/major/minor usage.
|
|
We'd still use the invalid errno for a return value. Rework
the code to simply return the right error right away.
|
|
Currently socket_address_listen() calls mac_selinux_bind() to bind a UNIX
socket and checks its return value and errno for EADDRINUSE. This is not
correct. When there's an SELinux context change made for the new socket,
bind() is not the last function called in mac_selinux_bind(). In that
case the last call is setfscreatecon() from libselinux which can change
errno as it uses access() to check if /proc/thread-self is available.
It fails on kernels before 3.17 and errno is set to ENOENT.
It's safe to check only the return value at it's set to -errno.
|
|
This is a follow-up to 5c5433ad32
|
|
Selinux loading fix and warning cleanups
|
|
It seems that it is signed both on i386 and arm.
Avoids a stupid gcc warning on arm:
src/udev/udevadm-monitor.c: In function ‘print_device’:
src/udev/udevadm-monitor.c:44:16: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 3 has type ‘__time_t {aka long int}’ [-Wformat=]
printf("%-6s[%"PRI_TIME".%06ld] %-8s %s (%s)\n",
^
|