| Age | Commit message (Collapse) | Author |
|---|
|
subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
|
|
if sigabrt doesn't do the job, follow regular shutdown
routine, sigterm > sigkill.
|
|
This reverts commit 141a1ceaa62578f1ed14f04cae2113dd0f49fd7f.
People should fix their libc's getopt(), instead of us using a weird
option ordering...
|
|
|
|
This way, the list of arguments to that function gets more comprehensive,
and we can get around passing lots of NULL and 0 arguments from socket.c,
swap.c and mount.c.
It also allows for splitting up the code in exec_spawn().
While at it, make ExecContext const in execute.c.
|
|
|
|
This makes no difference if /usr was mounted in the initrd,
and brings the behaviour of legacy systems closer to those
with a propper initrd.
|
|
Instead of adjusting job timeouts in the core, let fstab-generator
write out a dropin snippet with the appropriate JobTimeout.
x-systemd-device.timeout option is removed from Options= line
in the generated unit.
The functions to write dropins are moved from core/unit.c to
shared/dropin.c, to make them available outside of core.
generator.c is moved to libsystemd-label, because it now uses
functions defined in dropin.c, which are in libsystemd-label.
|
|
"-s" switch
|
|
/etc/mtab should die die die. It's sad enough util-linux still contains
support for it, but we don't have to partake in that charade, so let's
turn this off.
This is in-line with the fact that since years we already have been
"tainting" systemd if we detect /etc/mtab not being a symlink...
Of course, util-linux is currently broken, and still touches /etc/mtab,
weven if we pass "--no-mtab" to it:
https://bugzilla.redhat.com/show_bug.cgi?id=1109367
But hey, let's hope that gets fixed quickly, even if total removal of
/etc/mtab support from util-linux might not happen so quickly...
|
|
For now only What=, Options=, Type= are supported, and Where= is deduced
from the unit name.
|
|
CLOCK_BOOTTIME_ALARM, too
|
|
Let's automatically initialize the kill, exec and cgroup contexts of the
various unit types when the object is constructed, instead of
invididually in type-specific code.
Also, when PrivateDevices= is set, set DevicePolicy= to closed.
|
|
|
|
As discussed on the ML these are useful to manage runtime directories
below /run for services.
|
|
|
|
|
|
|
|
BlockIOAccounting= for all units at once
|
|
first (or second)
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
|
|
Given that we now have KillMode=mixed where SIGTERM might kill a smaller
set than SIGKILL we need to make sure to always go explicitly throught
the SIGKILL state to get the right end result.
|
|
Things will continue when either the job timeout
or the unit timeout is reached. Add functionality to
access that info.
|
|
mode
|
|
It is nicer to predefine patterns using configure time check instead of
using casts everywhere.
Since we do not need to use any flags, include "%" in the format instead
of excluding it like PRI* macros.
|
|
Also, introduce a new environment variable named $WATCHDOG_PID which
cotnains the PID of the process that is supposed to send the keep-alive
events. This is similar how $LISTEN_FDS and $LISTEN_PID work together,
and protects against confusing processes further down the process tree
due to inherited environment.
|
|
Since the vtable includes this information anyway, let's just use that
|
|
|
|
PrivateTmp= namespaces
|
|
|
|
We expect the event on /proc/swaps before we expect the SIGCHILD,
reflect this in the state machine.
|
|
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.
This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:
- Synthesizing of "Disconnected" messages when bus connections are
severed.
- Support for attaching multiple vtables for the same interface on the
same path.
This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.
As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=71132
Patch adds DefaultTimeoutStartSec, DefaultTimeoutStopSec, DefaultRestartSec
configuration options to manager configuration file.
|
|
We now treat passno as boleans in the generators, and don't need this any more. fsck itself
is able to sequentialize checks on the same local media, so in the common case the ordering
is redundant.
It is still possible to force an order by using .d fragments, in case that is desired.
|
|
For cifs mount like //server/share, we would get
RequiresMountsFor=/server/share, which probably isn't
harmful, but quite confusing.
Unfortunately a bunch of static functions had to be moved
up, but patch is really one line.
|
|
Since a57f7e2c828b85, a mount unit with garbage in it would cause
systemd to crash on loading it.
ref: https://bugs.freedesktop.org/show_bug.cgi?id=70148
|
|
Usually the network is stopped before filesystems are umounted.
Ordering network filesystems before remote-fs.target means that their
unmounting will be performed earlier, and can terminate sucessfully.
https://bugs.freedesktop.org/show_bug.cgi?id=70002
|
|
Previously to automatically create dependencies between mount units we
matched every mount unit agains all others resulting in O(n^2)
complexity. On setups with large amounts of mount units this might make
things slow.
This change replaces the matching code to use a hashtable that is keyed
by a path prefix, and points to a set of units that require that path to
be around. When a new mount unit is installed it is hence sufficient to
simply look up this set of units via its own file system paths to know
which units to order after itself.
This patch also changes all unit types to only create automatic mount
dependencies via the RequiresMountsFor= logic, and this is exposed to
the outside to make things more transparent.
With this change we still have some O(n) complexities in place when
handling mounts, but that's currently unavoidable due to kernel APIs,
and still substantially better than O(n^2) as before.
https://bugs.freedesktop.org/show_bug.cgi?id=69740
|
|
controllers
Previously we did operations like attach, trim or migrate only on the
controllers that were enabled for a specific unit. With this changes we
will now do them for all supproted controllers, and fall back to all
possible prefix paths if the specified paths do not exist.
This fixes issues if a controller is being disabled for a unit where it
was previously enabled, and makes sure that all processes stay as "far
down" the tree as groups exist.
|
|
umount.target in the real root
These mounts should be kept around and unmounted in the shutdown ramfs.
Currently, we will still attempt to umount these in the final kill spree, but
we should consider avoiding that too. Also, the should_umount function should
be generalised and put into util.c or something like that, but we are still
discussing precisely how.
|
|
This makes mount units work like swap units: when the backing device appears
the mount unit will be started.
v2: the device should want the mount unconditionally, not only for DefaultDependencies=yes
|
|
|
|
Don't segfault, if m->from_proc_self_mountinfo and m->from_fragment is
false.
https://bugzilla.redhat.com/show_bug.cgi?id=957783#c9
|
|
Transient units can be created via the bus API. They are configured via
the method call parameters rather than on-disk files. They are subject
to normal GC. Transient units currently may only be created for
services (however, we will extend this), and currently only ExecStart=
and the cgroup parameters can be configured (also to be extended).
Transient units require a unique name, that previously had no
configuration file on disk.
A tool systemd-run is added that makes use of this functionality to run
arbitrary command lines as transient services:
$ systemd-run /bin/ping www.heise.de
Will cause systemd to create a new transient service and run ping in it.
|
|
|
|
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
|
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
|
|
conflicting dep for umount.target
That way systemd won't try to umount it at shutdown.
|
|
I'm assuming that it's fine if a _const_ or _pure_ function
calls assert. It is assumed that the assert won't trigger,
and even if it does, it can only trigger on the first call
with a given set of parameters, and we don't care if the
compiler moves the order of calls.
|
|
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
|
|
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
|
