summaryrefslogtreecommitdiff
path: root/src/basic
AgeCommit message (Collapse)Author
2016-08-05Merge pull request #3818 from poettering/exit-status-envZbigniew Jędrzejewski-Szmek
beef up /var/tmp and /tmp handling; set $SERVICE_RESULT/$EXIT_CODE/$EXIT_STATUS on ExecStop= and make sure root/nobody are always resolvable
2016-08-05Merge pull request #3900 from keszybz/fix-3607Lennart Poettering
Fix 3607
2016-08-05util-lib: unify parsing of nice level valuesLennart Poettering
This adds parse_nice() that parses a nice level and ensures it is in the right range, via a new nice_is_valid() helper. It then ports over a number of users to this. No functional changes.
2016-08-05fileio: fix MIN/MAX mixup (#3896)Vito Caputo
The intention is to clamp the value to READ_FULL_BYTES_MAX, which would be the minimum of the two.
2016-08-04basic/set: remove some spurious spacesZbigniew Jędrzejewski-Szmek
2016-08-04fileio: fix read_full_stream() bugs (#3887)Vito Caputo
read_full_stream() _always_ allocated twice the memory needed, due to only breaking the realloc() && fread() loop when fread() returned 0, requiring another iteration and exponentially enlarged buffer just to discover the EOF condition. This also caused file sizes >2MiB && <= 4MiB to erroneously be treated as E2BIG, due to the inappropriately doubled buffer size exceeding 4*1024*1024. Also made the 4*1024*1024 magic number a READ_FULL_BYTES_MAX constant.
2016-08-04util-lib: rework /tmp and /var/tmp handling codeLennart Poettering
Beef up the existing var_tmp() call, rename it to var_tmp_dir() and add a matching tmp_dir() call (the former looks for the place for /var/tmp, the latter for /tmp). Both calls check $TMPDIR, $TEMP, $TMP, following the algorithm Python3 uses. All dirs are validated before use. secure_getenv() is used in order to limite exposure in suid binaries. This also ports a couple of users over to these new APIs. The var_tmp() return parameter is changed from an allocated buffer the caller will own to a const string either pointing into environ[], or into a static const buffer. Given that environ[] is mostly considered constant (and this is exposed in the very well-known getenv() call), this should be OK behaviour and allows us to avoid memory allocations in most cases. Note that $TMPDIR and friends override both /var/tmp and /tmp usage if set.
2016-08-04util-lib: add parse_percent_unbounded() for percentages over 100% (#3886)David Michael
This permits CPUQuota to accept greater values as documented.
2016-08-03Merge pull request #3820 from poettering/nspawn-resolvconfZbigniew Jędrzejewski-Szmek
nspawn resolv.conf handling improvements, and inherit $TERM all the way through nspawn → console login
2016-08-03util-lib: make timestamp generation and parsing reversible (#3869)Lennart Poettering
This patch improves parsing and generation of timestamps and calendar specifications in two ways: - The week day is now always printed in the abbreviated English form, instead of the locale's setting. This makes sure we can always parse the week day again, even if the locale is changed. Given that we don't follow locale settings for printing timestamps in any other way either (for example, we always use 24h syntax in order to make uniform parsing possible), it only makes sense to also stick to a generic, non-localized form for the timestamp, too. - When parsing a timestamp, the local timezone (in its DST or non-DST name) may be specified, in addition to "UTC". Other timezones are still not supported however (not because we wouldn't want to, but mostly because libc offers no nice API for that). In itself this brings no new features, however it ensures that any locally formatted timestamp's timezone is also parsable again. These two changes ensure that the output of format_timestamp() may always be passed to parse_timestamp() and results in the original input. The related flavours for usec/UTC also work accordingly. Calendar specifications are extended in a similar way. The man page is updated accordingly, in particular this removes the claim that timestamps systemd prints wouldn't be parsable by systemd. They are now. The man page previously showed invalid timestamps as examples. This has been removed, as the man page shouldn't be a unit test, where such negative examples would be useful. The man page also no longer mentions the names of internal functions, such as format_timestamp_us() or UNIX error codes such as EINVAL.
2016-08-03core: inherit TERM from PID 1 for all services started on /dev/consoleLennart Poettering
This way, invoking nspawn from a shell in the best case inherits the TERM setting all the way down into the login shell spawned in the container. Fixes: #3697
2016-08-03Merge pull request #3828 from keszybz/drop-systemd-vconsole-setup-serviceLennart Poettering
Update documentation for systemd-vconsole-setup
2016-08-01virt: detect bhyve (FreeBSD hypervisor) (#3840)Leonardo Brondani Schenkel
The CPUID and DMI vendor strings do not seem to be documented. Values were found experimentally and by inspecting the source code.
2016-07-31Add enable_disable() helperZbigniew Jędrzejewski-Szmek
In this patch "enabled" and "disabled" is used exclusively, but "enable" and "disable" forms are need for the following patch.
2016-07-26string-util: rework memory_erase() to not use GCC optimize attribute (#3812)Michael Biebl
"#pragma GCC optimize" is merely a convenience to decorate multiple functions with attribute optimize. And the manual has this to say about this attribute: This attribute should be used for debugging purposes only. It is not suitable in production code. Some versions of GCC also seem to have a problem with this pragma in combination with LTO, resulting in ICEs. So use a different approach (indirect the memset call via a volatile function pointer) as implemented in openssl's crypto/mem_clr.c. Closes: #3811
2016-07-25Merge pull request #3728 from poettering/dynamic-usersZbigniew Jędrzejewski-Szmek
2016-07-25Merge pull request #3757 from poettering/efi-searchZbigniew Jędrzejewski-Szmek
2016-07-25Merge pull request #3589 from brauner/cgroup_namespaceLennart Poettering
Cgroup namespace
2016-07-25fileio: imply /tmp as directory if passed as NULL to open_tmpfile_unlinkable()Lennart Poettering
We can make this smarter one day, to honour $TMPDIR and friends, but for now, let's just use /tmp.
2016-07-25namespace: don't fail on masked mounts (#3794)Alban Crequy
Before this patch, a service file with ReadWriteDirectories=/file... could fail if the file exists but is not a mountpoint, despite being listed in /proc/self/mountinfo. It could happen with masked mounts. Fixes https://github.com/systemd/systemd/issues/3793
2016-07-22Merge pull request #3777 from poettering/id128-reworkZbigniew Jędrzejewski-Szmek
uuid/id128 code rework
2016-07-22Merge pull request #3753 from poettering/tasks-max-scaleLennart Poettering
Add support for relative TasksMax= specifications, and bump default for services
2016-07-22namespace: ensure to return a valid inaccessible nodes (#3778)Alessandro Puccetti
Because /run/systemd/inaccessible/{chr,blk} are devices with major=0 and minor=0 it might be possible that these devices cannot be created so we use /run/systemd/inaccessible/sock instead to map them.
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a ↵Lennart Poettering
service is running This adds a new boolean setting DynamicUser= to service files. If set, a new user will be allocated dynamically when the unit is started, and released when it is stopped. The user ID is allocated from the range 61184..65519. The user will not be added to /etc/passwd (but an NSS module to be added later should make it show up in getent passwd). For now, care should be taken that the service writes no files to disk, since this might result in files owned by UIDs that might get assigned dynamically to a different service later on. Later patches will tighten sandboxing in order to ensure that this cannot happen, except for a few selected directories. A simple way to test this is: systemd-run -p DynamicUser=1 /bin/sleep 99999
2016-07-22sysusers: move various user credential validity checks to src/basic/Lennart Poettering
This way we can reuse them for validating User=/Group= settings in unit files (to be added in a later commit). Also, add some tests for them.
2016-07-22core: support percentage specifications on TasksMax=Lennart Poettering
This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-22sd-id128: split UUID file read/write code into new id128-util.[ch]Lennart Poettering
We currently have code to read and write files containing UUIDs at various places. Unify this in id128-util.[ch], and move some other stuff there too. The new files are located in src/libsystemd/sd-id128/ (instead of src/shared/), because they are actually the backend of sd_id128_get_machine() and sd_id128_get_boot(). In follow-up patches we can use this reduce the code in nspawn and machine-id-setup by adopted the common implementation.
2016-07-22Merge pull request #3762 from poettering/sigkill-logMartin Pitt
log about all processes we forcibly kill
2016-07-22Merge pull request #3764 from poettering/assorted-stuff-2Martin Pitt
Assorted fixes
2016-07-21missing_syscall: add __NR_copy_file_range for powerpc architecture (#3772)Alessio Igor Bogani
2016-07-21bootctl: move toupper() implementation to string-util.hLennart Poettering
We already have tolower() calls there, hence let's unify this at one place. Also, update the code to only use ASCII operations, so that we don't end up being locale dependant.
2016-07-20basic: fix macro definition in nss-util.hLennart Poettering
Fix a copy/paste mistake.
2016-07-20cgroup: suppress sending follow-up SIGCONT after sending SIGCONT/SIGKILL anywayLennart Poettering
2016-07-20core: when forcibly killing/aborting left-over unit processes log about itLennart Poettering
Let's lot at LOG_NOTICE about any processes that we are going to SIGKILL/SIGABRT because clean termination of them didn't work. This turns the various boolean flag parameters to cg_kill(), cg_migrate() and related calls into a single binary flags parameter, simply because the function now gained even more parameters and the parameter listed shouldn't get too long. Logging for killing processes is done either when the kill signal is SIGABRT or SIGKILL, or on explicit request if KILL_TERMINATE_AND_LOG instead of LOG_TERMINATE is passed. This isn't used yet in this patch, but is made use of in a later patch.
2016-07-20util: don't send SIGCONT following a SIGCONT or SIGKILL in kill_and_sigcont()Lennart Poettering
2016-07-19Merge pull request #3685 from kinvolk/alessandro/inaccessible-pathsLennart Poettering
namespace: unify limit behavior on non-directory paths
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
2016-07-18basic: fix whitespaceThomas Hindoe Paaboel Andersen
2016-07-18Merge pull request #3745 from keszybz/fix-make-nulstr-confusionLennart Poettering
Fix make nulstr confusion
2016-07-17Drop parentheses in two placesZbigniew Jędrzejewski-Szmek
2016-07-17basic/strv: add an extra NUL after strings in strv_make_nulstrZbigniew Jędrzejewski-Szmek
strv_make_nulstr was creating a nulstr which was not a valid nulstr, because it was missing the terminating NUL. This didn't cause any issues, because strv_parse_nulstr correctly parsed the result, using the separately specified length. But it's confusing to have something called nulstr which really isn't. It is likely that somebody will try to use strv_make_nulstr() in some other place, incorrectly. This patch changes strv_parse_nulstr() to produce a valid nulstr, and changes the output length parameter to be the minimum number of bytes which can be later on parsed by strv_parse_nulstr(). This allows the only user in ask-password-api to be slightly simplified. Based-on-patch-by: Jean-Sébastien Bour <jean-sebastien@bour.name> Fixes #3689.
2016-07-15tree-wide: get rid of selinux_context_t (#3732)Zbigniew Jędrzejewski-Szmek
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 deprecated selinux_context_t. Replace with a simple char* everywhere. Alternative fix for #3719.
2016-07-14basic/mount-util: recognize ocfs2 as network fs (#3713)Valentin Vidić
2016-07-11treewide: fix typos and remove accidental repetition of wordsTorstein Husebø
2016-07-09cgroup: detect cgroup namespacesChristian Brauner
- define CLONE_NEWCGROUP - add fun to detect whether cgroup namespaces are supported
2016-07-07basic: log: Increase static buffer for source file location (#3674)Daniel Mack
Commit d054f0a4 ("tree-wide: use xsprintf() where applicable") used a semantic patch approach to change a number of locations from snprintf(buf, sizeof(buf), FMT, ...) to xsprintf(buf, FMT, ...) The problem is that xsprintf() wraps the snprintf() in an assert_message_se(), so if snprintf() reports an overflow of the destination buffer, the binary will now terminate. This hit a user running a version of systemd that was built from a deeply nested system path. Fix this by a) Switching back to snprintf() for this particular case. We should really rather truncate the location string than crash in such situations. b) Increasing the size of that static string buffer, to make the event more unlikely.
2016-07-02Merge pull request #3641 from 0xAX/unset-cloexec-for-stdfsLennart Poettering
basic/fd-util: introduce stdio_unset_cloexec() function
2016-07-02treewide: use stdio_unset_cloexec() functionAlexander Kuleshov
2016-07-02basic/fd-util: introduce stdio_unset_cloexec() functionAlexander Kuleshov
There are some places in the systemd which are use the same pattern: fd_cloexec(STDIN_FILENO, false); fd_cloexec(STDOUT_FILENO, false); fd_cloexec(STDERR_FILENO, false); to unset CLOEXEC for standard file descriptors. This patch introduces the stdio_unset_cloexec() function to hide this and make code cleaner.
2016-07-01calendarspec: use ".." notation for ranges of weekdaysDouglas Christman
For backwards compatibility, both the new format (Mon..Wed) and the old format (Mon-Wed) are supported.