summaryrefslogtreecommitdiff
path: root/src/core/manager.h
AgeCommit message (Collapse)Author
2016-02-10cgroup: remove support for NetClass= directiveDaniel Mack
Support for net_cls.class_id through the NetClass= configuration directive has been added in v227 in preparation for a per-unit packet filter mechanism. However, it turns out the kernel people have decided to deprecate the net_cls and net_prio controllers in v2. Tejun provides a comprehensive justification for this in his commit, which has landed during the merge window for kernel v4.5: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671 As we're aiming for full support for the v2 cgroup hierarchy, we can no longer support this feature. Userspace tool such as nftables are moving over to setting rules that are specific to the full cgroup path of a task, which obsoletes these controllers anyway. This commit removes support for tweaking details in the net_cls controller, but keeps the NetClass= directive around for legacy compatibility reasons.
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-13core: add new DefaultTasksMax= setting for system.confLennart Poettering
This allows initializing the TasksMax= setting of all units by default to some fixed value, instead of leaving it at infinity as before.
2015-11-12core: unify code that warns about jobs we fail to enqueueLennart Poettering
This allows us to shorten our code a bit.
2015-11-12core: drop "override" flag when building transactionsLennart Poettering
Now that we don't have RequiresOverridable= and RequisiteOverridable= dependencies anymore, we can get rid of tracking the "override" boolean for jobs in the job engine, as it serves no purpose anymore. While we are at it, fix some error messages we print when invoking functions that take the override parameter.
2015-11-12core: remove support for RequiresOverridable= and RequisiteOverridable=Lennart Poettering
As discussed at systemd.conf 2015 and on also raised on the ML: http://lists.freedesktop.org/archives/systemd-devel/2015-November/034880.html This removes the two XyzOverridable= unit dependencies, that were basically never used, and do not enhance user experience in any way. Most folks looking for the functionality this provides probably opt for the "ignore-dependencies" job mode, and that's probably a good idea. Hence, let's simplify systemd's dependency engine and remove these two dependency types (and their inverses). The unit file parser and the dbus property parser will now redirect the settings/properties to result in an equivalent non-overridable dependency. In the case of the unit file parser we generate a warning, to inform the user. The dbus properties for this unit type stay available on the unit objects, but they are now hidden from usual introspection and will always return the empty list when queried. This should provide enough compatibility for the few unit files that actually ever made use of this.
2015-11-11Merge pull request #1837 from poettering/grabbag2Tom Gundersen
variety of fixes
2015-11-10Remove snapshot unit typeZbigniew Jędrzejewski-Szmek
Snapshots were never useful or used for anything. Many systemd developers that I spoke to at systemd.conf2015, didn't even know they existed, so it is fairly safe to assume that this type can be deleted without harm. The fundamental problem with snapshots is that the state of the system is dynamic, devices come and go, users log in and out, timers fire... and restoring all units to some state from the past would "undo" those changes, which isn't really possible. Tested by creating a snapshot, running the new binary, and checking that the transition did not cause errors, and the snapshot is gone, and snapshots cannot be created anymore. New systemctl says: Unknown operation snapshot. Old systemctl says: Failed to create snapshot: Support for snapshots has been removed. IgnoreOnSnaphost settings are warned about and ignored: Support for option IgnoreOnSnapshot= has been removed and it is ignored http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
2015-11-10core: change return value of the unit's enumerate() call to voidLennart Poettering
We cannot handle enumeration failures in a sensible way, hence let's try hard to continue without making such failures fatal, and log about it with precise error messages.
2015-10-13manager: remove unused functionThomas Hindoe Paaboel Andersen
2015-09-29core: sort includes of manager.[ch] according to CODING_STYLELennart Poettering
2015-09-22Merge pull request #986 from karelzak/monitorLennart Poettering
mount: use libmount to monitor mountinfo & utab
2015-09-21containers: systemd exits with non-zero codeAlban Crequy
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target and systemd-exit.service to the system instance. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes https://github.com/systemd/systemd/issues/1290
2015-09-16cgroup: add support for net_cls controllersDaniel Mack
Add a new config directive called NetClass= to CGroup enabled units. Allowed values are positive numbers for fix assignments and "auto" for picking a free value automatically, for which we need to keep track of dynamically assigned net class IDs of units. Introduce a hash table for this, and also record the last ID that was given out, so the allocator can start its search for the next 'hole' from there. This could eventually be optimized with something like an irb. The class IDs up to 65536 are considered reserved and won't be assigned automatically by systemd. This barrier can be made a config directive in the future. Values set in unit files are stored in the CGroupContext of the unit and considered read-only. The actually assigned number (which may have been chosen dynamically) is stored in the unit itself and is guaranteed to remain stable as long as the unit is active. In the CGroup controller, set the configured CGroup net class to net_cls.classid. Multiple unit may share the same net class ID, and those which do are linked together.
2015-09-14mount: use libmount to monitor mountinfo & utabKarel Zak
The current implementation directly monitor /proc/self/mountinfo and /run/mount/utab files. It's really not optimal because utab file is private libmount stuff without any official guaranteed semantic. The libmount since v2.26 provides API to monitor mount kernel & userspace changes and since v2.27 the monitor is usable for non-root users too. This patch replaces the current implementation with libmount based solution. Signed-off-by: Karel Zak <kzak@redhat.com>
2015-09-11core: allocate sets of startup and failed units on-demandLennart Poettering
There's a good chance we never needs these sets, hence allocate them only when needed.
2015-09-10core: add support for the "pids" cgroup controllerLennart Poettering
This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-01core: unified cgroup hierarchy supportLennart Poettering
This patch set adds full support the new unified cgroup hierarchy logic of modern kernels. A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is added. If specified the unified hierarchy is mounted to /sys/fs/cgroup instead of a tmpfs. No further hierarchies are mounted. The kernel command line option defaults to off. We can turn it on by default as soon as the kernel's APIs regarding this are stabilized (but even then downstream distros might want to turn this off, as this will break any tools that access cgroupfs directly). It is possibly to choose for each boot individually whether the unified or the legacy hierarchy is used. nspawn will by default provide the legacy hierarchy to containers if the host is using it, and the unified otherwise. However it is possible to run containers with the unified hierarchy on a legacy host and vice versa, by setting the $UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0, respectively. The unified hierarchy provides reliable cgroup empty notifications for the first time, via inotify. To make use of this we maintain one manager-wide inotify fd, and each cgroup to it. This patch also removes cg_delete() which is unused now. On kernel 4.2 only the "memory" controller is compatible with the unified hierarchy, hence that's the only controller systemd exposes when booted in unified heirarchy mode. This introduces a new enum for enumerating supported controllers, plus a related enum for the mask bits mapping to it. The core is changed to make use of this everywhere. This moves PID 1 into a new "init.scope" implicit scope unit in the root slice. This is necessary since on the unified hierarchy cgroups may either contain subgroups or processes but not both. PID 1 hence has to move out of the root cgroup (strictly speaking the root cgroup is the only one where processes and subgroups are still allowed, but in order to support containers nicey, we move PID 1 into the new scope in all cases.) This new unit is also used on legacy hierarchy setups. It's actually pretty useful on all systems, as it can then be used to filter journal messages coming from PID 1, and so on. The root slice ("-.slice") is now implicitly created and started (and does not require a unit file on disk anymore), since that's where "init.scope" is located and the slice needs to be started before the scope can. To check whether we are in unified or legacy hierarchy mode we use statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in legacy mode, if it reports cgroupfs we are in unified mode. This patch set carefuly makes sure that cgls and cgtop continue to work as desired. When invoking nspawn as a service it will implicitly create two subcgroups in the cgroup it is using, one to move the nspawn process into, the other to move the actual container processes into. This is done because of the requirement that cgroups may either contain processes or other subgroups.
2015-09-01manager: don't write first-boot flag file all the timeLennart Poettering
Instead, remember that we have already written it.
2015-08-06core: dbus: track bus names per unitDaniel Mack
Currently, PID1 installs an unfiltered NameOwnerChanged signal match, and dispatches the signals itself. This does not scale, as right now, PID1 wakes up every time a bus client connects. To fix this, install individual matches once they are requested by unit_watch_bus_name(), and remove the watches again through their slot in unit_unwatch_bus_name(). If the bus is not available during unit_watch_bus_name(), just store name in the 'watch_bus' hashmap, and let bus_setup_api() do the installing later.
2015-05-11core: rename SystemdRunningAs to ManagerRunningAsLennart Poettering
It's primarily just a property of the Manager object after all, and we try to refer to PID 1 as "manager" instead of "systemd", hence let's to stick to this here too.
2015-05-11core,network: major per-object logging reworkLennart Poettering
This changes log_unit_info() (and friends) to take a real Unit* object insted of just a unit name as parameter. The call will now prefix all logged messages with the unit name, thus allowing the unit name to be dropped from the various passed romat strings, simplifying invocations drastically, and unifying log output across messages. Also, UNIT= vs. USER_UNIT= is now derived from the Manager object attached to the Unit object, instead of getpid(). This has the benefit of correcting the field for --test runs. Also contains a couple of other logging improvements: - Drops a couple of strerror() invocations in favour of using %m. - Not only .mount units now warn if a symlinks exist for the mount point already, .automount units do that too, now. - A few invocations of log_struct() that didn't actually pass any additional structured data have been replaced by simpler invocations of log_unit_info() and friends. - For structured data a new LOG_UNIT_MESSAGE() macro has been added, that works like LOG_MESSAGE() but prefixes the message with the unit name. Similar, there's now LOG_LINK_MESSAGE() and LOG_NETDEV_MESSAGE(). - For structured data new LOG_UNIT_ID(), LOG_LINK_INTERFACE(), LOG_NETDEV_INTERFACE() macros have been added that generate the necessary per object fields. The old log_unit_struct() call has been removed in favour of these new macros used in raw log_struct() invocations. In addition to removing one more function call this allows generated structured log messages that contain two object fields, as necessary for example for network interfaces that are joined into another network interface, and whose messages shall be indexed by both. - The LOG_ERRNO() macro has been removed, in favour of log_struct_errno(). The latter has the benefit of ensuring that %m in format strings is properly resolved to the specified error number. - A number of logging messages have been converted to use log_unit_info() instead of log_info() - The client code in sysv-generator no longer #includes core code from src/core/. - log_unit_full_errno() has been removed, log_unit_full() instead takes an errno now, too. - log_unit_info(), log_link_info(), log_netdev_info() and friends, now avoid double evaluation of their parameters
2015-04-29core: for queued reload message there is no need to store the bus explicitlyLennart Poettering
After all it can be derived from the message directly, and already is.
2015-02-26core: emit changes for NFailedUnits propertyLucas De Marchi
By notifying the clients when this property is changed it's possible to allow "system health monitor" tools to get transitions like running<->degraded. This is an alternative to send changes on the SystemState property since the latter is more difficult to derive.
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-01-28core: when the user hits Ctrl-Alt-Del more than 7x per 2s, reboot immediatelyLennart Poettering
This should be useful for cases where clean rebooting doesn't work, and the user wants to hurry up the reboot.
2015-01-11Implement masking and overriding of generatorsZbigniew Jędrzejewski-Szmek
Sometimes it is necessary to stop a generator from running. Either because of a bug, or for testing, or some other reason. The only way to do that would be to rename or chmod the generator binary, which is inconvenient and does not survive upgrades. Allow masking and overriding generators similarly to units and other configuration files. For the systemd instance, masking would be more common, rather than overriding generators. For the user instances, it may also be useful for users to have generators in $XDG_CONFIG_HOME to augment or override system-wide generators. Directories are searched according to the usual scheme (/usr/lib, /usr/local/lib, /run, /etc), and files with the same name in higher priority directories override files with the same name in lower priority directories. Empty files and links to /dev/null mask a given name. https://bugs.freedesktop.org/show_bug.cgi?id=87230
2014-11-28mount: monitor for utab changes with inotifyChris Leech
Parsing the mount table with libmount races against the mount command, which will handle the actual mounting before updating utab. This means the poll event on /proc/self/mountinfo can kick of a reparse in systemd before the utab information is available. This change adds in an additional event source using inotify to watch for changes to utab. It only watches for IN_MOVED_TO events, matching libmount behavior of always overwriting this file using rename(2). This does add a second pass through the mount table parsing when utab is updated.
2014-11-23manager: let manager_free() handle NULLsZbigniew Jędrzejewski-Szmek
This makes the calling code a bit simpler.
2014-10-27manager: print warning on console before rebootZbigniew Jędrzejewski-Szmek
It will be printed even if a prompt is blocking other messages.
2014-10-27manager: convert ephemeral to enumZbigniew Jędrzejewski-Szmek
In preparation for subsequent changes.
2014-10-27manager: do not print anything while passwords are being queriedZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=73942
2014-10-28core: remove system start timeout logic againLennart Poettering
The system start timeout as previously implemented would get confused by long-running services that are included in the initial system startup transaction for example by being cron-job-like long-running services triggered immediately at boot. Such long-running jobs would be subject to the default 15min timeout, esily triggering it. Hence, remove this again. In a subsequent commit, introduce per-target job timeouts instead, that allow us to control these timeouts more finegrained.
2014-08-22core: split up "starting" manager state into "initializing" and "starting"Lennart Poettering
We'll stay in "initializing" until basic.target has reached, at which point we will enter "starting". This is preparation so that we can change the startip timeout to only apply to the first phase of startup, not the full procedure.
2014-08-22core: add support for a configurable system-wide start-up timeoutLennart Poettering
When this system-wide start-up timeout is hit we execute one of the failure actions already implemented for services that fail. This should not only be useful on embedded devices, but also on laptops which have the power-button reachable when the lid is closed. This devices, when in a backpack might get powered on by accident due to the easily reachable power button. We want to make sure that the system turns itself off if it starts up due this after a while. When the system manages to fully start-up logind will suspend the machine by default if the lid is closed. However, in some cases we don't even get as far as logind, and the boot hangs much earlier, for example because we ask for a LUKS password that nobody ever enters. Yeah, this is a real-life problem on my Yoga 13, which has one of those easily accessible power buttons, even if the device is closed.
2014-08-18core: Verify systemd1 DBus method callers via polkitStef Walter
DBus methods that retrieve information can be called by anyone. DBus methods that modify state of units are verified via polkit action: org.freedesktop.systemd1.manage-units DBus methods that modify state of unit files are verified via polkit action: org.freedesktop.systemd1.manage-unit-files DBus methods that reload the entire daemon state are verified via polkit action: org.freedesktop.systemd1.reload-daemon DBus methods that modify job state are callable from the clients that started the job. root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property access etc. There are several DBus methods that can only be called by root. Open up the dbus1 policy for the above methods. (Heavily modified by Lennart, making use of the new bus_verify_polkit_async() version that doesn't force us to always pass the original callback around. Also, interactive auhentication must be opt-in, not unconditional, hence I turned this off.)
2014-07-20test-engine: fix access to unit load pathZbigniew Jędrzejewski-Szmek
Also add a bit of debugging output to help diagnose problems, add missing units, and simplify cppflags. Move test-engine to normal tests from manual tests, it should now work without destroying the system.
2014-07-07firstboot: get rid of firstboot generator again, introduce ↵Lennart Poettering
ConditionFirstBoot= instead As Zbigniew pointed out a new ConditionFirstBoot= appears like the nicer way to hook in systemd-firstboot.service on first boots (those with /etc unpopulated), so let's do this, and get rid of the generator again.
2014-07-07firstboot: add new component to query basic system settings on first boot, ↵Lennart Poettering
or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not.
2014-05-22cgroups: simplify CPUQuota= logicLennart Poettering
Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22core: add startup resource control optionWaLyong Cho
Similar to CPUShares= and BlockIOWeight= respectively. However only assign the specified weight during startup. Each control group attribute is re-assigned as weight by CPUShares=weight and BlockIOWeight=weight after startup. If not CPUShares= or BlockIOWeight= be specified, then the attribute is re-assigned to each default attribute value. (default cpu.shares=1024, blkio.weight=1000) If only CPUShares=weight or BlockIOWeight=weight be specified, then that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-04-25core: expose CFS CPU time quota as high-level unit propertiesLennart Poettering
2014-03-24core: add a setting to globally control the default for timer unit accuracyLennart Poettering
2014-03-12core: introduce system state enumLennart Poettering
The system state knows the states starting → running/degraded/maintenance → stopping, where: starting = system startup running = normal operation degraded = at least one unit is currently in failed state maintenance = rescue/emergency mode is active or queued stopping = system shutdown
2014-03-05missing: if RLIMIT_RTTIME is not defined by the libc, then we need a new ↵Lennart Poettering
define for the max number of rlimits, too
2014-03-03core: move ShowStatus type into the coreLennart Poettering
Let's make the scope of the show-status stuff a bit smaller, and make it private to the core, rather than shared API in shared/.
2014-03-03core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settingsLennart Poettering
As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03bus: add sd_bus_track object for tracking peers, and port core over to itLennart Poettering
This is primarily useful for services that need to track clients which reference certain objects they maintain, or which explicitly want to subscribe to certain events. Something like this is done in a large number of services, and not trivial to do. Hence, let's unify this at one place. This also ports over PID 1 to use this to ensure that subscriptions to job and manager events are correctly tracked. As a side-effect this makes sure we properly serialize and restore the track list across daemon reexec/reload, which didn't work correctly before. This also simplifies how we distribute messages to broadcast to the direct busses: we only track subscriptions for the API bus and implicitly assume that all direct busses are subscribed. This should be a pretty OK simplification since clients connected via direct bus connections are shortlived anyway.
2014-02-24core: add global settings for enabling CPUAccounting=, MemoryAccounting=, ↵Lennart Poettering
BlockIOAccounting= for all units at once