| Age | Commit message (Collapse) | Author |
|---|
|
We shouldn't destroy IPC objects of system users on logout.
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html
This introduces SYSTEM_UID_MAX defined to the maximum UID of system
users. This value is determined compile-time, either as configure switch
or from /etc/login.defs. (We don't read that file at runtime, since this
is really a choice for a system builder, not the end user.)
While we are at it we then also update journald to use SYSTEM_UID_MAX
when we decide whether to split out log data for a specific client.
|
|
|
|
|
|
When you switch-root into a new root that has SELinux policy, you're
supposed to to run selinux_init_load_policy() to set up SELinux and load
policy. Normally this gets handled by selinux_setup().
But if SELinux was already initialized, selinux_setup() skips loading
policy and returns 0. So if you load policy normally, and then you
switch-root to a new root that has new policy, selinux_setup() never
loads the new policy. What gives?
As far as I can tell, this check is an artifact of how selinux_setup()
worked when it was first written (see commit c4dcdb9 / systemd v12):
* when systemd starts, run selinux_setup()
* if selinux_setup() loads policy OK, restart systemd
So the "if policy already loaded, skip load and return 0" check was
there to prevent an infinite re-exec loop.
Modern systemd only calls selinux_setup() on initial load and after
switch-root, and selinux_setup() no longer restarts systemd, so we don't
need that check to guard against the infinite loop anymore.
So: this patch removes the "return 0", thus allowing selinux_setup() to
actually perform SELinux setup after switch-root.
We still want to check to see if SELinux is initialized, because if
selinux_init_load_policy() fails *but* SELinux is initialized that means
we still have (old) policy active. So we don't need to halt if
enforce=1.
|
|
Previously we wouldn't serialize jobs for units that themselves have
nothing to serialize.
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018928.html
|
|
This is a speculative fix for https://bugzilla.redhat.com/show_bug.cgi?id=1088865.
Even though I cannot find a code path that where this would be
an issue, for consistency, if we assume that cgroup_path might have
been set before we got to unit_deserialize, we should make sure that
the unit is removed from the hashmap before we free the key. This seems
to be the only place where the key could be prematurely freed, leading to
hashmap corruption.
|
|
No functional change expected :)
|
|
Running systemctl enable/disable/set-default/... with the --root
option under strace reveals that it accessed various files and
directories in the main fs, and not underneath the specified root.
This can lead to correct results only when the layout and
configuration in the container are identical, which often is not the
case. Fix this by adding the specified root to all file access
operations.
This patch does not handle some corner cases: symlinks which point
outside of the specified root might be interpreted differently than
they would be by the kernel if the specified root was the real root.
But systemctl does not create such symlinks by itself, and I think
this is enough of a corner case not to be worth the additional
complexity of reimplementing link chasing in systemd.
Also, simplify the code in a few places and remove an hypothetical
memory leak on error.
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
|
|
than network target
Most likely the facility needed is actual connectivity, rather than whether or not the
network managment daemon is running.
We also need to explicitly pull in the network-online.target, as it is not active by
default.
This means {systemd-networkd,NetworkManager}-wait-online.service, can be enabled by default
as part of network-online.target, and only delay boot when some service actively pulls it in.
See: <https://bugzilla.gnome.org/show_bug.cgi?id=728965>
Cc: Pavel Šimerda <psimerda@redhat.com>
Cc: Michal Sekletar <msekleta@redhat.com>
|
|
commit 20a83d7bf was not equivalent to the original bug fix proposed by
Michal Sekletar <msekleta@redhat.com>. The committed version only added
the job to the run queue if the job had a timeout, which most jobs do
not have. Just re-ordering the code gets us the intended functionality
|
|
|
|
This patch exchange words which are inappropriate for a situation,
deletes duplicated words, and adds particles where needed.
|
|
|
|
So that we can use it at multiple places.
|
|
We should no longer pretend that we can run in any sensible way
without the kernel supporting us with cgroups functionality.
|
|
|
|
container
|
|
When we have job installed and added to run queue for service which is
still in dead state and systemd initiates reload then after reload we
never add deserialized job to the run queue again. This is caused by
check in service_coldplug() where we check if deserialized state is
something else than dead state, which is not the case thus we never call
service_set_state() and finally unit_notify() where we would have added
job to the run queue.
Thanks to Michal Sekletar <msekleta@redhat.com> for the original patch.
|
|
7-space indentation is just too weird to leave alone.
Make it 8 spaces, as per CODING_STYLE. No other changes.
|
|
|
|
|
|
It's used for the FailureAction property as well.
|
|
It has the same possible values as StartLimitAction= and is executed
immediately if a service fails.
|
|
When rebooting with systemctl, an optional argument can be passed to the
reboot system call. This makes it possible the specify the argument in a
service file and use it when the service triggers a restart.
This is useful to distinguish between manual reboots and reboots caused by
failing services.
|
|
This is a second attempt at 9754d56, reverted in 2f20a8e, because
I lost a 'break;' when moving chunks around.
|
|
This reverts commit 9754d56e9b21bfe89fc18f47987d6bef491b8521.
It causes a crash in PID1:
Apr 19 13:49:32 lon systemd[1]: Code should not be reached 'Unhandled socket type.'
at src/core/socket.c:684, function instance_from_socket(). Aborting.
Apr 19 13:49:32 lon systemd[1]: Caught <ABRT>, dumped core as pid 336.
Apr 19 13:49:32 lon systemd[1]: Freezing execution.
|
|
|
|
NixOS uses Unix domain sockets for certain host <-> container
interaction; i.e. the host connects to a socket visible in the
container's directory tree, where the container uses a .socket unit to
spawn the handler program on demand. This worked in systemd 203, but
in 212 fails with "foo.socket failed to queue service startup job
(Maybe the service file is missing or not a template unit?): No data
available".
The reason is that getpeercred() now returns ENODATA if it can't get
the PID of the client, which happens in this case because the client
is not in the same PID namespace. Since getpeercred() is only used to
generate the instance name, this patch simply handles ENODATA by
creating an instance name "<nr>-unknown".
[zj: reorder clauses and remove (unsigned long) casts.]
|
|
If a persistent timer has no stamp file yet, it behaves just like a normal
timer until it runs for the first time. If the system is always shut down
while the timer is supposed to run, a stamp file is never created and
Peristent=true has no effect.
This patch fixes this by creating a stamp file with the current time
when the timer is first started.
|
|
|
|
Before:
$ systemd-analyze --user
Startup finished in 2.810s (firmware) + 48ms (loader) + 122ms (userspace) = 122ms
After:
$ systemd-analyze --user
Startup finished in 122ms (userspace) = 122ms
|
|
|
|
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.
Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
|
|
Given that native services do not carry a sysv priority anyway it is
pointless reading them from chkconfig headers, and pretend they'd work.
So let's drop this.
|
|
|
|
|
|
|
|
safe_close_pair() is more like safe_close(), except that it handles
pairs of fds, and doesn't make and misleading allusion, as it works
similarly well for socketpairs() as for pipe()s...
|
|
CLOCK_BOOTTIME_ALARM, too
|
|
|
|
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
|
|
A service with PrivateNetwork= cannot access abstract namespace sockets
of the host anymore, hence let's better not use abstract namespace
sockets for this, since we want to make sure that PrivateNetwork=
is useful and doesn't break sd_notify().
|
|
if PrivateDevices=yes is used we need to make sure we can still
create /dev/null and so on.
|
|
Let's automatically initialize the kill, exec and cgroup contexts of the
various unit types when the object is constructed, instead of
invididually in type-specific code.
Also, when PrivateDevices= is set, set DevicePolicy= to closed.
|
|
and /var/tmp are mounted
|
