summaryrefslogtreecommitdiff
path: root/src/basic
AgeCommit message (Collapse)Author
2016-07-31Add enable_disable() helperZbigniew Jędrzejewski-Szmek
In this patch "enabled" and "disabled" is used exclusively, but "enable" and "disable" forms are need for the following patch.
2016-07-26string-util: rework memory_erase() to not use GCC optimize attribute (#3812)Michael Biebl
"#pragma GCC optimize" is merely a convenience to decorate multiple functions with attribute optimize. And the manual has this to say about this attribute: This attribute should be used for debugging purposes only. It is not suitable in production code. Some versions of GCC also seem to have a problem with this pragma in combination with LTO, resulting in ICEs. So use a different approach (indirect the memset call via a volatile function pointer) as implemented in openssl's crypto/mem_clr.c. Closes: #3811
2016-07-25Merge pull request #3728 from poettering/dynamic-usersZbigniew Jędrzejewski-Szmek
2016-07-25Merge pull request #3757 from poettering/efi-searchZbigniew Jędrzejewski-Szmek
2016-07-25Merge pull request #3589 from brauner/cgroup_namespaceLennart Poettering
Cgroup namespace
2016-07-25fileio: imply /tmp as directory if passed as NULL to open_tmpfile_unlinkable()Lennart Poettering
We can make this smarter one day, to honour $TMPDIR and friends, but for now, let's just use /tmp.
2016-07-25namespace: don't fail on masked mounts (#3794)Alban Crequy
Before this patch, a service file with ReadWriteDirectories=/file... could fail if the file exists but is not a mountpoint, despite being listed in /proc/self/mountinfo. It could happen with masked mounts. Fixes https://github.com/systemd/systemd/issues/3793
2016-07-22Merge pull request #3777 from poettering/id128-reworkZbigniew Jędrzejewski-Szmek
uuid/id128 code rework
2016-07-22Merge pull request #3753 from poettering/tasks-max-scaleLennart Poettering
Add support for relative TasksMax= specifications, and bump default for services
2016-07-22namespace: ensure to return a valid inaccessible nodes (#3778)Alessandro Puccetti
Because /run/systemd/inaccessible/{chr,blk} are devices with major=0 and minor=0 it might be possible that these devices cannot be created so we use /run/systemd/inaccessible/sock instead to map them.
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a ↵Lennart Poettering
service is running This adds a new boolean setting DynamicUser= to service files. If set, a new user will be allocated dynamically when the unit is started, and released when it is stopped. The user ID is allocated from the range 61184..65519. The user will not be added to /etc/passwd (but an NSS module to be added later should make it show up in getent passwd). For now, care should be taken that the service writes no files to disk, since this might result in files owned by UIDs that might get assigned dynamically to a different service later on. Later patches will tighten sandboxing in order to ensure that this cannot happen, except for a few selected directories. A simple way to test this is: systemd-run -p DynamicUser=1 /bin/sleep 99999
2016-07-22sysusers: move various user credential validity checks to src/basic/Lennart Poettering
This way we can reuse them for validating User=/Group= settings in unit files (to be added in a later commit). Also, add some tests for them.
2016-07-22core: support percentage specifications on TasksMax=Lennart Poettering
This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-22sd-id128: split UUID file read/write code into new id128-util.[ch]Lennart Poettering
We currently have code to read and write files containing UUIDs at various places. Unify this in id128-util.[ch], and move some other stuff there too. The new files are located in src/libsystemd/sd-id128/ (instead of src/shared/), because they are actually the backend of sd_id128_get_machine() and sd_id128_get_boot(). In follow-up patches we can use this reduce the code in nspawn and machine-id-setup by adopted the common implementation.
2016-07-22Merge pull request #3762 from poettering/sigkill-logMartin Pitt
log about all processes we forcibly kill
2016-07-22Merge pull request #3764 from poettering/assorted-stuff-2Martin Pitt
Assorted fixes
2016-07-21missing_syscall: add __NR_copy_file_range for powerpc architecture (#3772)Alessio Igor Bogani
2016-07-21bootctl: move toupper() implementation to string-util.hLennart Poettering
We already have tolower() calls there, hence let's unify this at one place. Also, update the code to only use ASCII operations, so that we don't end up being locale dependant.
2016-07-20basic: fix macro definition in nss-util.hLennart Poettering
Fix a copy/paste mistake.
2016-07-20cgroup: suppress sending follow-up SIGCONT after sending SIGCONT/SIGKILL anywayLennart Poettering
2016-07-20core: when forcibly killing/aborting left-over unit processes log about itLennart Poettering
Let's lot at LOG_NOTICE about any processes that we are going to SIGKILL/SIGABRT because clean termination of them didn't work. This turns the various boolean flag parameters to cg_kill(), cg_migrate() and related calls into a single binary flags parameter, simply because the function now gained even more parameters and the parameter listed shouldn't get too long. Logging for killing processes is done either when the kill signal is SIGABRT or SIGKILL, or on explicit request if KILL_TERMINATE_AND_LOG instead of LOG_TERMINATE is passed. This isn't used yet in this patch, but is made use of in a later patch.
2016-07-20util: don't send SIGCONT following a SIGCONT or SIGKILL in kill_and_sigcont()Lennart Poettering
2016-07-19Merge pull request #3685 from kinvolk/alessandro/inaccessible-pathsLennart Poettering
namespace: unify limit behavior on non-directory paths
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
2016-07-18basic: fix whitespaceThomas Hindoe Paaboel Andersen
2016-07-18Merge pull request #3745 from keszybz/fix-make-nulstr-confusionLennart Poettering
Fix make nulstr confusion
2016-07-17Drop parentheses in two placesZbigniew Jędrzejewski-Szmek
2016-07-17basic/strv: add an extra NUL after strings in strv_make_nulstrZbigniew Jędrzejewski-Szmek
strv_make_nulstr was creating a nulstr which was not a valid nulstr, because it was missing the terminating NUL. This didn't cause any issues, because strv_parse_nulstr correctly parsed the result, using the separately specified length. But it's confusing to have something called nulstr which really isn't. It is likely that somebody will try to use strv_make_nulstr() in some other place, incorrectly. This patch changes strv_parse_nulstr() to produce a valid nulstr, and changes the output length parameter to be the minimum number of bytes which can be later on parsed by strv_parse_nulstr(). This allows the only user in ask-password-api to be slightly simplified. Based-on-patch-by: Jean-Sébastien Bour <jean-sebastien@bour.name> Fixes #3689.
2016-07-15tree-wide: get rid of selinux_context_t (#3732)Zbigniew Jędrzejewski-Szmek
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 deprecated selinux_context_t. Replace with a simple char* everywhere. Alternative fix for #3719.
2016-07-14basic/mount-util: recognize ocfs2 as network fs (#3713)Valentin Vidić
2016-07-11treewide: fix typos and remove accidental repetition of wordsTorstein Husebø
2016-07-09cgroup: detect cgroup namespacesChristian Brauner
- define CLONE_NEWCGROUP - add fun to detect whether cgroup namespaces are supported
2016-07-07basic: log: Increase static buffer for source file location (#3674)Daniel Mack
Commit d054f0a4 ("tree-wide: use xsprintf() where applicable") used a semantic patch approach to change a number of locations from snprintf(buf, sizeof(buf), FMT, ...) to xsprintf(buf, FMT, ...) The problem is that xsprintf() wraps the snprintf() in an assert_message_se(), so if snprintf() reports an overflow of the destination buffer, the binary will now terminate. This hit a user running a version of systemd that was built from a deeply nested system path. Fix this by a) Switching back to snprintf() for this particular case. We should really rather truncate the location string than crash in such situations. b) Increasing the size of that static string buffer, to make the event more unlikely.
2016-07-02Merge pull request #3641 from 0xAX/unset-cloexec-for-stdfsLennart Poettering
basic/fd-util: introduce stdio_unset_cloexec() function
2016-07-02treewide: use stdio_unset_cloexec() functionAlexander Kuleshov
2016-07-02basic/fd-util: introduce stdio_unset_cloexec() functionAlexander Kuleshov
There are some places in the systemd which are use the same pattern: fd_cloexec(STDIN_FILENO, false); fd_cloexec(STDOUT_FILENO, false); fd_cloexec(STDERR_FILENO, false); to unset CLOEXEC for standard file descriptors. This patch introduces the stdio_unset_cloexec() function to hide this and make code cleaner.
2016-07-01calendarspec: use ".." notation for ranges of weekdaysDouglas Christman
For backwards compatibility, both the new format (Mon..Wed) and the old format (Mon-Wed) are supported.
2016-07-01calendarspec: allow ranges in date and time specificationsDouglas Christman
Resolves #3042
2016-06-30Merge pull request #3596 from poettering/machine-cleanMartin Pitt
make "machinectl clean" asynchronous, and open it up via PolicyKit
2016-06-30journalctl: Make temporary files directory configurable (#3574)ottopotto
journalctl: Use env variable TMPDIR to save temporary files
2016-06-27basic/strv: introduce STRV_IGNORE macro (#3601)0xAX
to hide casting of '-1' strings and make code cleaner.
2016-06-27basic: pass flags to the fnmatch (#3606)Evgeny Vereshchagin
Fixes: ``` $ systemctl list-unit-files 'hey\*' 0 unit files listed. $ systemctl list-unit-files | grep hey hey\x7eho.service static ```
2016-06-26basic/strv: use SWAP_TWO() macro (#3602)0xAX
2016-06-24machined: "machinectl clean" can take a while, do it asynchronously from a ↵Lennart Poettering
background process This is a follow-up to 5d2036b5f3506bd0ff07042aee8d69c26db32298, and also makes the "machinectl clean" verb asynchronous, after all it's little more than a series of image removals. The changes required to make this happen are a bit more comprehensive as we need to pass information about deleted images back to the client, as well as information about the image we failed on if we failed on one. Hence, create a temporary file in /tmp, serialize that data into, and read it from the parent after the operation is complete.
2016-06-24Merge pull request #3549 from poettering/resolved-moreTom Gundersen
resolved: more fixes, among them "systemctl-resolve --status" to see DNS configuration in effect, and a local DNS stub listener on 127.0.0.53
2016-06-23build-sys: move fdset.[ch] src/basic → src/shared (#3580)Lennart Poettering
It makes use of the sd_listen_fds() call, and as such should live in src/shared, as the distinction between src/basic and src/shared is that the latter may use libsystemd APIs, the former does not. Note that btrfs-util.[ch] and log.[ch] also include header files from libsystemd, but they only need definitions, they do not invoke any function from it. Hence they may stay in src/basic.
2016-06-21tree-wide: some work-arounds for gcc false positives regarding uninitialized ↵Lennart Poettering
variables
2016-06-21resolved: when using the ResolveRecord() bus call, adjust TTL for caching timeLennart Poettering
When we return the full RR wire data, let's make sure the TTL included in it is adjusted by the time the RR sat in the cache. As an optimization we do this only for ResolveRecord() and not for ResolveHostname() and friends, since adjusting the TTL means copying the RR object, and we don#t want to do that if there's no reason to. (ResolveHostname() and friends don't return the TTL hence there's no reason to in that case)
2016-06-21set: add new set_put_strsplit() callLennart Poettering
It's like set_put_strdup(), but splits up a string via an extract_first_word() loop.
2016-06-21string-table: make sure DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN() handles ↵Lennart Poettering
NULL strings nicely xyz_from_string() functions defined with DEFINE_STRING_TABLE_LOOKUP() properly handle NULL strings already. make sure the equivalent functions defined with DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN() do the same.