Age | Commit message (Collapse) | Author |
|
That function really makes little sense, as the open-coded variant
is much more readable. Also, if the 2nd argument is NULL, mfree()
is a much better candidate.
Convert the only users of this function in localed, and then remove it
entirely.
|
|
This adds a new mac_smack_copy() function in order to read the smack
label from the source and apply it to the destination.
|
|
cgroup fix, nspawn fix, plus change to download .nspawn files in importd
|
|
Patch via coccinelle.
|
|
Turn this:
if ((r = foo()) < 0) { ...
into this:
r = foo();
if (r < 0) { ...
|
|
This replaces this:
free(p);
p = NULL;
by this:
p = mfree(p);
Change generated using coccinelle. Semantic patch is added to the
sources.
|
|
the controller in the kernel
Follow-up to 5bf8002a3a6723ce50331c024122078552fb600a.
|
|
basic: rework virtualization detection API
|
|
Commit efdb0237 accidentally changed the name of the "devices" cgroup
controller to "device".
|
|
Introduce a proper enum, and don't pass around string ids anymore. This
simplifies things quite a bit, and makes virtualization detection more
similar to architecture detection.
|
|
various fixes to the core, logind, machined, nspawn
|
|
.nspawn fiels are simple settings files that may accompany container
images and directories and contain settings otherwise passed on the
nspawn command line. This provides an efficient way to attach execution
data directly to containers.
|
|
The following details are passed:
- unit: the primary name of the unit upon which the action was
invoked (i.e. after resolving any aliases);
- verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart',
'reload-or-restart', 'reload-or-try-restart', 'kill',
'reset-failed', or 'set-property', corresponding to the
systemctl verb used to invoke the action.
Typical use of these details in a polkit policy rule might be:
// Allow alice to manage example.service;
// fall back to implicit authorization otherwise.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "example.service" &&
subject.user == "alice") {
return polkit.Result.YES;
}
});
We also supply a custom polkit message that includes the unit's name and
the requested operation.
|
|
In the unified hierarchy delegating controller access is safe, hence
make sure to enable all controllers for the "payload" subcgroup if we
create it, so that the container will have all controllers enabled the
nspawn service itself has.
|
|
local container
Otherwise we might end up thinking that we support more controllers than
actually enabled for the container we are running in.
|
|
|
|
found
If the controller managed by systemd cannot found in /proc/$PID/cgroup,
return ENODATA, the usual error for cases where the data being looked
for does not exist, even if the process does.
|
|
|
|
Previously, on the legacy hierarchy a non-existing cgroup was considered
identical to an empty one, but the unified hierarchy the check for a
non-existing one returned ENOENT.
|
|
After all a path is a path is a path and we should use path_equal() to
comapre those.
|
|
session
ENODATA is how we usually indicate such "missing info" cases, so we
should do this here, too.
|
|
parse_uid() returns EINVAL for invalid strings, but ENXIO for the
(uid_t) -1 user ids in order to distinguish these two cases. Document
this.
|
|
Let's simplify things a bit.
|
|
This simply factors out the uid validation checks from parse_uid() and
uses them everywhere. This simply verifies that the passed UID is
neither 64bit -1 nor 32bit -1.
|
|
This adds a new PID_TO_PTR() macro, plus PTR_TO_PID() and makes use of
it wherever we maintain processes in a hash table. Previously we
sometimes used LONG_TO_PTR() and other times ULONG_TO_PTR() for that,
hence let's make this more explicit and clean up things.
|
|
controller cannot be NULL because if-statement in L509 has return
Coverity #1322379
|
|
|
|
core: unified cgroup hierarchy support
|
|
machined and sd-bus container fixes
|
|
inspired by http://people.redhat.com/~rjones/virt-what/
see:
* http://git.annexia.org/?p=virt-what.git;a=blob;f=virt-what.in;h=a5ed33ef3e4bfa3281c9589eccac4d92dff1babe;hb=HEAD#l200
* http://git.annexia.org/?p=virt-what.git;a=blob;f=virt-what.in;h=a5ed33ef3e4bfa3281c9589eccac4d92dff1babe;hb=HEAD#l253
|
|
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
|
|
Getting rid of FOREACH_WORD_QUOTED and some more cleanup in config_parse_cpu_affinity2
|
|
selinux: always use *_raw API from libselinux
|
|
The call is like ptsname() but does not assume the pty path was
accessible in the local namespace. It uses the same internal ioctl
though.
|
|
It makes assumptions about the pty path, hence better call it in the
container namespace rather than the host.
|
|
More cgroup fixes
|
|
|
|
In all cases where the function (or cg_is_empty_recursive()) ignoring
the calling process is actually wrong, as a process keeps a cgroup busy
regardless if its the current one or another. Hence, let's simplify
things and drop the "ignore_self" parameter.
|
|
A number of simplications and adjustments to brings things closer to our
coding style.
|
|
We really should care for all cgroups, and not allow hidden ones.
|
|
It won't work anyway.
|
|
tree-wide: do not shadow the global var timezone
|
|
|
|
Like we do it pretty much everywhere else.
|
|
When mcstransd* is running non-raw functions will return translated SELinux
context. Problem is that libselinux will cache this information and in the
future it will return same context even though mcstransd maybe not running at
that time. If you then check with such context against SELinux policy then
selinux_check_access may fail depending on whether mcstransd is running or not.
To workaround this problem/bug in libselinux, we should always get raw context
instead. Most users will not notice because result of access check is logged
only in debug mode.
* SELinux context translation service, which will translates labels to human
readable form
|
|
Make use of it in config_parse_cpu_affinity2.
Tested by tweaking the `CPUAffinity' setting in /etc/systemd/system.conf
and reloading the daemon to confirm it is working as expected.
No regressions observed in test cases.
|
|
|
|
|
|
Refactor allocation of the result string to the top, since it is
currently done in both branches of the condition.
Remove unreachable code checking for EXTRACT_DONT_COALESCE_SEPARATORS
when state == SEPARATOR (the only place where SEPARATOR is assigned to
state follows a check for EXTRACT_DONT_COALESCE_SEPARATORS that jumps to
the end of the function.)
Tested by running test-util successfully.
Follow up to: 206644aedeb8859801051ac170ec562c6a113a79
|
|
This covers the case where an argument is an empty string, such as ''.
Instead of allocating the empty string in the individual conditions when
state == VALUE, just always allocate it at the end of state == START, at
which point we know we will have an argument.
Tested that test-util keeps passing after the refactor.
Follow up to: 14e685c29d5b317b815e3e9f056648027852b07e
|