summaryrefslogtreecommitdiff
path: root/src/core/socket.c
AgeCommit message (Collapse)Author
2013-10-14list: make our list macros a bit easier to use by not requring type spec on ↵Lennart Poettering
each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.
2013-10-11smack: minimize ifdef use, and move all labeling to smack-util.cKay Sievers
2013-10-10security: missing header inclusionsLennart Poettering
2013-10-10security: rework selinux, smack, ima, apparmor detection logicLennart Poettering
Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
2013-09-26core: rework how we match mount units against each otherLennart Poettering
Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-25cgroup: if we do a cgroup operation then do something on all supported ↵Lennart Poettering
controllers Previously we did operations like attach, trim or migrate only on the controllers that were enabled for a specific unit. With this changes we will now do them for all supproted controllers, and fall back to all possible prefix paths if the specified paths do not exist. This fixes issues if a controller is being disabled for a unit where it was previously enabled, and makes sure that all processes stay as "far down" the tree as groups exist.
2013-09-17specifier: rework specifier calls to return proper error messageLennart Poettering
Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-12core: notify triggered by socket of a serviceUmut Tezduyar
2013-07-11basic SO_REUSEPORT supportShawn Landden
2013-06-27dbus: hookup runtime property changes for mouns, services, sockets, swaps tooLennart Poettering
2013-06-27core: general cgroup reworkLennart Poettering
Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-20logind: add infrastructure to keep track of machines, and move to slicesLennart Poettering
- This changes all logind cgroup objects to use slice objects rather than fixed croup locations. - logind can now collect minimal information about running VMs/containers. As fixed cgroup locations can no longer be used we need an entity that keeps track of machine cgroups in whatever slice they might be located. Since logind already keeps track of users, sessions and seats this is a trivial addition. - nspawn will now register with logind and pass various bits of metadata along. A new option "--slice=" has been added to place the container in a specific slice. - loginctl gained commands to list, introspect and terminate machines. - user.slice and machine.slice will now be pulled in by logind.service, since only logind.service requires this slice.
2013-06-17core: add new .slice unit type for partitioning systemsLennart Poettering
In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-05-17Make it possible to disable smack separately from xattr supportKarol Lewandowski
Additionally, compile out rule loading if feature is disabled.
2013-05-07build-sys: support builds without EAs againLennart Poettering
2013-05-02Add __attribute__((const, pure, format)) in various placesZbigniew Jędrzejewski-Szmek
I'm assuming that it's fine if a _const_ or _pure_ function calls assert. It is assumed that the assert won't trigger, and even if it does, it can only trigger on the first call with a given set of parameters, and we don't care if the compiler moves the order of calls.
2013-04-25unit: rework stop pending logicLennart Poettering
When a trigger unit wants to know if a stop is queued for it, we should just check precisely that and do not check whether it is actually stopped already. This is because we use these checks usually from state change calls where the state variables are not updated yet. This change splits unit_pending_inactive() into two calls unit_inactive_or_pending() and unit_stop_pending(). The former checks state and pending jobs, the latter only pending jobs.
2013-04-18Move bus_error to dbus-common and remove bus_error_message_or_strerrorSimon Peeters
bus_error and bus_error_message_or_strerror dit almost exactly the same, so use only one of them and place it in dbus-common.
2013-04-01Add Listen* to dbus propertiesOleksii Shevchuk
sockets.socket - Test Loaded: loaded (/home/alxchk/.config/systemd/user/sockets.socket; static) Active: inactive (dead) Listen: Stream: /tmp/stream1 Stream: @stream4 Stream: [::]:9999 Stream: 127.0.0.2:9996 Stream: [::1]:9996 Datagram: /tmp/stream2 Datagram: @stream5 Datagram: [::]:9998 Datagram: 127.0.0.2:9995 Datagram: [::1]:9995 SequentialPacket: @stream6 SequentialPacket: /tmp/stream3 FIFO: /tmp/fifo1 Special: /dev/input/event9 Netlink: kobject-uevent 0 MessageQueue: /msgqueue1 [zj: - minor cleanups, - free i.listen, - remove sorting, because the order or sockets matters.]
2013-04-01core/socket: log errors when starting socket for this socketZbigniew Jędrzejewski-Szmek
When showing an error like 'Socket service not loaded', the error won't show up in the status for the socket, unless it is marked as SYSTEMD_UNIT=*.socket. Marking it as SYSTEMD_UNIT=*.service, when the service is non-existent, is not useful.
2013-03-25units: introduce new timers.target and paths.target to hook timer/path units ↵Lennart Poettering
into for boot
2013-03-15core: reuse the same /tmp, /var/tmp and inaccessible dirMichal Sekletar
All Execs within the service, will get mounted the same /tmp and /var/tmp directories, if service is configured with PrivateTmp=yes. Temporary directories are cleaned up by service itself in addition to systemd-tmpfiles. Directory which is mounted as inaccessible is created at runtime in /run/systemd.
2013-03-13core: single unit_kill implementation for all unit typesMichal Schmidt
There are very few differences in the implementations of the kill method in the unit types that have one. Let's unify them. This does not yet unify unit_kill() with unit_kill_context().
2013-01-26core: unify kill code of mount, service, socket, swap unitsLennart Poettering
2013-01-19unit: optionally allow making cgroup attribute changes persistentLennart Poettering
2013-01-17units: for all unit settings that take lists, allow the empty string for ↵Lennart Poettering
resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-15core: do not make sockets dependent on loMichał Bartoszkiewicz
/sys/subsystem/net/devices/lo is never considered active, so sockets with BindToDevice=lo would never be activated.
2013-01-06systemd: use unit logging macrosZbigniew Jędrzejewski-Szmek
2012-12-22socket: support socket activation of containersLennart Poettering
2012-12-22socket: properly serialize/desrialize mqueue fdsLennart Poettering
2012-12-19socket: Too many incoming connectionsDimitrios Apostolou
Hello list, some socket activated service gave me the error message you can see on the subject, maybe systemd should be more verbose in that case. Thanks, Dimitris
2012-11-23timer: implement calendar time eventsLennart Poettering
2012-11-21Add #ifdef guards around xattr usageHenrik Grindal Bakken
This adds #ifdef HAVE_ATTR_XATTR_H guards around all usage of xattr. This unbreaks building with --disable-xattr when <attr/xattr.h> doesn't exist. <attr/xattr.h> and usage of fsetxattr() without
2012-11-20socket: improve error message when we cannot spawn the socket's service unitLennart Poettering
2012-11-06Revert "Implement SocketUser= and SocketGroup= for [Socket]"Dave Reisner
This was never intended to be pushed. This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e.
2012-11-05Implement SocketUser= and SocketGroup= for [Socket]Dave Reisner
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.
2012-10-30SMACK: Add configuration options. (v3)Auke Kok
This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.
2012-10-16mount: don't try to initialize extra deps for mount units before ↵Lennart Poettering
initializing their basic fields Under some circumstances this could lead to a segfault since we we half-initialized a mount unit, then tried to hook it into the network of things and while doing that recursively ended up looking at our half-initialized mount unit again assuming it was fully initialized.
2012-09-18core: move ManagerRunningAs to sharedZbigniew Jędrzejewski-Szmek
Note: I did s/MANAGER/SYSTEMD/ everywhere, even though it makes the patch quite verbose. Nevertheless, keeping MANAGER prefix in some places, and SYSTEMD prefix in others would just lead to confusion down the road. Better to rip off the band-aid now.
2012-09-18unit-printf: before resolving exec context specifiers check whether the ↵Lennart Poettering
object actually has an exec context
2012-09-18unit: split unit_printf() and friends into its own .c fileLennart Poettering
2012-09-18logind: split up inhibit acquire policyLennart Poettering
2012-09-16socket: prevent signed integer overflowDave Reisner
src/core/socket.c:588:25: error: overflow in implicit constant conversion src/core/socket.c:589:17: error: overflow in implicit constant conversion
2012-08-14service: add options RestartPreventExitStatus and SuccessExitStatusLukas Nykryn
In some cases, like wrong configuration, restarting after error does not help, so administrator can specify statuses by RestartPreventExitStatus which will not cause restart of a service. Sometimes you have non-standart exit status, so this can be specified by SuccessfulExitStatus.
2012-07-20units: apply default resource limits to socket/mount/swap processes tooLennart Poettering
2012-07-20core: drop KillMode parameter from KillUnit() bus callLennart Poettering
It made no sense, and since we are documenting the bus calls now and want to include them in our stability promise we really should get it cleaned up sooner, not later.
2012-07-20unit: split off KillContext from ExecContext containing only kill definitionsLennart Poettering
2012-07-16unit: set default working directory to the user's home directory when ↵Lennart Poettering
running in user mode
2012-07-10unit: get rid of UnitVTable.suffix, which is now unusedLennart Poettering
2012-06-22journal: set the _SYSTEMD_UNIT field for messages from terminated processesEelco Dolstra
As described in https://bugs.freedesktop.org/show_bug.cgi?id=50184 the journal currently doesn't set fields such as _SYSTEMD_UNIT properly for messages coming from processes that have already terminated. This means among other things that "systemctl status" may not show some of the output of services that wrote messages just before they exited. This patch fixes this by having processes that log to the journal write their unit identifier to journald when the connection to /run/systemd/journal/stdout is opened. Journald stores the unit ID and uses it to fill in _SYSTEMD_UNIT when it cannot be obtained normally (i.e. from the cgroup). To prevent impersonating another unit, this information is only used when the caller is root. This doesn't fix the general problem of getting metadata about messages from terminated processes (which requires some kernel support), but it allows "systemctl status" and similar queries to do the Right Thing for units that log via stdout/stderr.