| Age | Commit message (Collapse) | Author |
|---|
|
|
|
If the function failed, nothing serious would happen
because unlink would probably return EFAULT, but this
would obscure the real error and is a bit sloppy.
|
|
Fixes minor leak in error path in device.c.
|
|
This extends 62678ded 'efi: never call qsort on potentially
NULL arrays' to all other places where qsort is used and it
is not obvious that the count is non-zero.
|
|
|
|
|
|
Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
|
|
Since on most systems with xattr systemd will compile with Smack
support enabled, we still attempt to mount various fs's with
Smack-only options.
Before mounting any of these Smack-related filesystems with
Smack specific mount options, check if Smack is functionally
active on the running kernel.
If Smack is really enabled in the kernel, all these Smack mounts
are now *fatal*, as they should be.
We no longer mount smackfs if systemd was compiled without
Smack support. This makes it easier to make smackfs mount
failures a critical error when Smack is enabled.
We no longer mount these filesystems with their Smack specific
options inside containers. There these filesystems will be
mounted with there non-mount smack options for now.
|
|
|
|
The Service type's forbid_restart field was not preserved by
serialization/deserialization, so the fact that the service should not
be restarted after stopping was lost.
If a systemctl stop foo command has been given, but the foo service
has not yet stopped, and then the systemctl --system daemon-reload was
given, then when the foo service eventually stopped, systemd would
restart it.
https://bugs.freedesktop.org/show_bug.cgi?id=69800
|
|
Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.
This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
|
|
Once systemd itself is running in a security domain for SMACK,
it will fail to start countless tasks due to missing privileges
for mounted and created directory structures. For /run and shm
specifically, we grant all tasks access.
These 2 mounts are allowed to fail, which will happen if the
system is not running a SMACK enabled kernel or security=none is
passed to the kernel.
|
|
For cifs mount like //server/share, we would get
RequiresMountsFor=/server/share, which probably isn't
harmful, but quite confusing.
Unfortunately a bunch of static functions had to be moved
up, but patch is really one line.
|
|
Since a57f7e2c828b85, a mount unit with garbage in it would cause
systemd to crash on loading it.
ref: https://bugs.freedesktop.org/show_bug.cgi?id=70148
|
|
check for "reload" rather "reboot"
This appears to be a copy/paste error.
|
|
Usually the network is stopped before filesystems are umounted.
Ordering network filesystems before remote-fs.target means that their
unmounting will be performed earlier, and can terminate sucessfully.
https://bugs.freedesktop.org/show_bug.cgi?id=70002
|
|
|
|
In e6dca81 $SHELL was added to user@.service. Let's
instead provide it to all units which have a user.
|
|
|
|
The correct path to the dir with CIPSO mappings is /etc/smack/cipso.d/;
/etc/smack/cipso is a file that can include these mappings as well,
though it is no longer supported in upstream libsmack.
|
|
Also, we need to use proper strv_env_xyz() calls when putting together
the environment array, since otherwise settings won't be properly
overriden.
And let's get rid of strv_appendf(), is overkill and there was only one
user.
|
|
|
|
|
|
|
|
|
|
|
|
This avoids a problem when we inherit a non-zero umask from the
initramfs. This would cause /run/systemd to be created with the wrong
mode.
|
|
Previously to automatically create dependencies between mount units we
matched every mount unit agains all others resulting in O(n^2)
complexity. On setups with large amounts of mount units this might make
things slow.
This change replaces the matching code to use a hashtable that is keyed
by a path prefix, and points to a set of units that require that path to
be around. When a new mount unit is installed it is hence sufficient to
simply look up this set of units via its own file system paths to know
which units to order after itself.
This patch also changes all unit types to only create automatic mount
dependencies via the RequiresMountsFor= logic, and this is exposed to
the outside to make things more transparent.
With this change we still have some O(n) complexities in place when
handling mounts, but that's currently unavoidable due to kernel APIs,
and still substantially better than O(n^2) as before.
https://bugs.freedesktop.org/show_bug.cgi?id=69740
|
|
|
|
controllers
Previously we did operations like attach, trim or migrate only on the
controllers that were enabled for a specific unit. With this changes we
will now do them for all supproted controllers, and fall back to all
possible prefix paths if the specified paths do not exist.
This fixes issues if a controller is being disabled for a unit where it
was previously enabled, and makes sure that all processes stay as "far
down" the tree as groups exist.
|
|
Prefer firmware-provided performance data over loader-exported ones; if
ACPI data is available, always use it, otherwise try to read the loader
data.
The firmware-provided variables start at the time the first EFI image
is executed and end when the operating system exits the boot services;
the (loader) time calculated in systemd-analyze increases.
|
|
hierarchy
The non-hierarchial mode contradicts the whole idea of a cgroup tree so
let's not support this. In the future the kernel will only support the
hierarchial logic anyway.
|
|
It seems that the kernel uses the first configured partition
for hibernation. If it is too full, hibernation will fail. Test
that directly.
|
|
The cgroup attribute memory.soft_limit_in_bytes is unlikely to stay
around in the kernel for good, so let's not expose it for now. We can
readd something like it later when the kernel guys decided on a final
API for this.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=68232
|
|
|
|
Previously the specifier calls could only indicate OOM by returning
NULL. With this change they will return negative errno-style error codes
like everything else.
|
|
The logs are unlikely to contain any useful information in this case.
Also, change "walked on cycle path" to "found dependency on", which
is less technical and indicates the direction. With the old message,
I was never sure if prior units depended on later ones, or vice versa.
https://bugzilla.redhat.com/show_bug.cgi?id=996133
https://bugzilla.redhat.com/show_bug.cgi?id=997082
|
|
|
|
As we load unit files lazily, we need to make sure something pulls in swap
units that should be started automatically, otherwise the default dependencies
will never be applied.
This partially reinstates code removed in
commit 64347fc2b983f33e7efb0fd2bb44e133fb9f30f4.
Also don't order swap devices after swap.target when they are 'nofail'.
|
|
Make sure swap.target correctly requires/wants the swap units.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=69291.
Reported-by: Hussam Al-Tayeb
|
|
|
|
If the memory_limit of unit is -1, we should write "-1"
to the file memory.limit_in_bytes. not the (unit64_t) -1.
otherwise the memory.limit_in_bytes will be set to zero.
|
|
it should be memory.soft_limit_in_bytes.
|
|
set the value of variable "r" to the return value
of cg_set_attribute.
|
|
Trivial cleanup of repeat_unmount() spelling.
|
|
|
|
Services using the watchdog option might want to be restarted
only if the watchdog triggers.
|
|
We don't allow reusing of scopes.
|
|
|
