Age | Commit message (Collapse) | Author |
|
and disk space is low.
Previously the save_external_coredump function returned a file
descriptor corresponding to the dumped file. This descriptor was used
for two different purposes by calling code: a) access to the raw core
dump data; b) testing candidate files (via inode comparisons) while
vacuuming to protect the current core dump from vacuuming.
The descriptor returned always corresponded to a file containing the raw
core dump data. However if compresson was used and the core dump was
compressed then the descriptor returned did not correspond to the file
that would eventually be left on disk (ie the compressed file). Thus
the file was never protected by vacuuming. When disk space was low all
core dumps including the current one would be vacuumed and the
corresponding log message referred to a file that no longer existed.
This resulted in the following error message from coredumpctl if the
missing core dump was requested:
Cannot retrieve coredump from journal nor disk.
Failed to retrieve core: No such file or directory
save_external_coredump now returns two descriptors, one to be used for
inode comparisons to prevent overzealous vacuuming and one to be used
for raw data access. When compression is not used the returned inode
comparison descriptor will be invalid, indicating that the raw data
access descriptor should be used for inode comparisons as well.
Corresponding use of save_external_coredump and the returned
descriptors also updated.
|
|
destructors
|
|
We treated -ENOENT errors with silent failure, for small messages.
Do the same for large messages.
|
|
Borked since
commit 3ee897d6c2401effbc82f5eef35fce405781d6c8
Author: Lennart Poettering <lennart@poettering.net>
Date: Wed Sep 23 01:00:04 2015 +0200
tree-wide: port more code to use send_one_fd() and receive_one_fd()
because here our fd is not connected and we need to specify
the address.
|
|
Also, check the return value of all calls.
They are documented to return 0, even if journald is not listening.
|
|
|
|
We only use the public api here, so don't include
log.h.
|
|
|
|
Two unrelated fixes
|
|
Most of the function is moved to acl-util.c to make it possible to
add tests in subsequent commit.
Setting of the mode in server_fix_perms is removed:
- we either just created the file ourselves, and the permission be better right,
- or the file was already there, and we should not modify the permissions.
server_fix_perms is renamed to server_fix_acls to better reflect new
meaning, and made static because it is only used in one file.
|
|
Let's distuingish the cases where our code takes an active role in
selinux management, or just passively reports whatever selinux
properties are set.
mac_selinux_have() now checks whether selinux is around for the passive
stuff, and mac_selinux_use() for the active stuff. The latter checks the
former, plus also checks UID == 0, under the assumption that only when
we run priviliged selinux management really makes sense.
Fixes: #1941
|
|
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
|
|
Fix stdout stream parsing
|
|
This is a continuation of the previous include sort patch, which
only sorted for .c files.
|
|
|
|
|
|
tree-wide: group include of libudev.h with sd-*
|
|
journalctl: don't print -- No entries -- in quiet mode
|
|
|
|
|
|
use them everywhere
|
|
|
|
|
|
|
|
siphash24: let siphash24_finalize() and siphash24() return the result…
|
|
Rather than passing a pointer to return the result, return it directly
from the function calls.
Also, return the result in native endianess, and let the callers care
about the conversion. For hash tables and bloom filters, we don't care,
but in order to keep MAC addresses and DHCP client IDs stable, we
explicitly convert to LE.
|
|
Sort the includes accoding to the new coding style.
|
|
Change the "out" parameter from uint8_t[8] to uint64_t. On architectures which
enforce pointer alignment this fixes crashes when we previously cast an
unaligned array to uint64_t*, and on others this should at least improve
performance as the compiler now aligns these properly.
This also simplifies the code in most cases by getting rid of typecasts. The
only place which we can't change is struct duid's en.id, as that is _packed_
and public API, so we can't enforce alignment of the "id" field and have to
use memcpy instead.
|
|
Adding 3/4th of the watchdog frequency as accuracy on top of 1/2 of the
watchdog frequency means we might end up at 5/4th of the frequency which
means we might miss the message from time to time.
Maybe fixes #1804
|
|
Previously, we'd rely on the mtime timestamps of the touch files to see
if our sync/rotation requests were already suppressed. This means we
rely on CLOCK_REALTIME timestamps. With this patch we instead store the
CLOCK_MONOTONIC timestamp *in* the touch files, and avoid relying on
mtime.
This should make things more reliable when the clock or underlying mtime
granularity is not very good.
This also adds warning messages if writing any of the flag files fails.
|
|
No functional changes.
|
|
|
|
Of course, ideally we'd just use normal synchronous bus calls, but this
is out of the question as long as we rely on dbus-daemon (which logs to
journald, and thus cannot use to avoid cyclic sync loops). Hence,
instead, reuse the wait logic already implemented for --sync, and use a
signal in one direction, and a mtime watch file for the reply.
|
|
With this new "--sync" switch we add a synchronous way to sync
everything queued to disk, and return only after that's complete. This
command gives the guarantee that anything queued before has hit the disk
before the command returns.
While we are at it, also improve the man pages and help text for
journalctl a bit.
|
|
The event might be flagged with stuff we don't expect, hence don't
be needlessly picky, just rely on the kernel passing us sensible events.
|
|
This is pretty much a work-around for a security vulnerability in
kernels that allow unprivileged user namespaces.
Fixes #1822.
|
|
Let's make sure to process all queued log data before exiting, so that
we don't unnecessary lose messages when shutting down.
https://github.com/systemd/systemd/pull/1812#issuecomment-155149871
|
|
The macro is generically useful for putting together search paths, hence
let's make it truly generic, by dropping the implicit ".d" appending it
does, and leave that to the caller. Also rename it from
CONF_DIRS_NULSTR() to CONF_PATHS_NULSTR(), since it's not strictly about
dirs that way, but any kind of file system path.
Also, mark CONF_DIR_SPLIT_USR() as internal macro by renaming it to
_CONF_PATHS_SPLIT_USR() so that the leading underscore indicates that
it's internal.
|
|
[v2] treewide: treatment of errno and other cleanups
|
|
with small manual cleanups for style.
|
|
For low end embedded systems 4 MiB for each journal file is a lot of
memory. Journald will use at least 512 KiB even if JOURNAL_FILE_SIZE_MIN is
set to less than that so just use 512 KiB.
|
|
manpage says:
posix_fallocate() returns zero on success, or an error number on
failure. Note that errno is not set.
|
|
Our functions return negative error codes.
Do not rely on errno being set after calling our own functions.
|
|
pread() returns -1 on error and sets errno. Do not use the -1 as errno.
|
|
This replaces the use of ftell() with ftello() for 64-bit size on all
archs.
Also drops a pointless check for NULL before calling strbuf_cleanup().
|
|
write_catalog() use the hashmap only to get its size. The size is
already given in parameter 'n'.
|
|
|
|
When we enumerate journal files and encounter an invalid one, remember
which this, and show it to the user.
Note the possibly slightly surprising logic here: we store only one path
per error code. This means we show all error kinds but not every actual
error we encounter. This has the benefit of not requiring us to keep a
potentially unbounded list of errors with their sources around, but can
still provide a pretty complete overview on the errors we encountered.
Fixes #1669.
|
|
- Always print a debug log message about files and directories we cannot
open right when it happens instead of the caller, thus reducing the
number of places where we need to generate the debug message.
- Always push the errors we encounter immediately into the error set,
when we run into them, instead of in the caller. Thus, we never forget
to push them in.
- Use stack instead of heap memory where we can.
- Make remove_file() void, since it cannot fail anyway and always
returned 0.
- Make local machine check of journal directories explicit in a
function, to make things more readable.
- Port to all directory listing loops FOREACH_DIRENT_ALL()
- sd-daemon is library code, hence never log at higher log levels than
LOG_DEBUG.
|
|
|