Age | Commit message (Collapse) | Author |
|
|
|
gcc (4.8.2, arm) does not understand that journal_file_append_field()
will always set 'fo' when it returns 0, so this warning is bogus.
Anyway, fix it by initialiting fo = NULL.
|
|
gcc (4.8.2, arm) does not understand that next_beyond_location() will
always set 'p' when it returns > 0. Initialize p in order to fix this.
|
|
first (or second)
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
|
|
|
|
sd_journal_get_cutoff_realtime_usec() on failure
|
|
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
|
|
Resolve spotted issues related to missing or extraneous commas, dashes.
|
|
|
|
|
|
This is now part of libsystemd.
|
|
In trying to track down a stupid linker bug, I noticed a bunch of
memset() calls that should be using memzero() to make it more "obvious"
that the options are correct (i.e. 0 is not the length, but the data to
set). So fix up all current calls to memset(foo, 0, length) to
memzero(foo, length).
|
|
Current glibc implementation is safe. Kernel does this atomically,
and write is actually implemented through writev. So if write is
async-signal-safe, than writev pretty much must be too.
|
|
Let's unify our code here, and also always specifiy O_CLOEXEC.
|
|
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
https://bugzilla.gnome.org/show_bug.cgi?id=722889
|
|
This will only work on Linux >= 3.11, and probably not on all
filesystems. Fallback code is provided.
|
|
In the case of the error set_consume will free the pointer 'pattern'
which is later used in log_error. Either we should stop priniting that
or use simple set_put and free pattern manually.
This reverts commit ece6b8fd5bbc1fee16f652e680e3033f2f3efc4a.
|
|
This reverts commit cf50a55277ee432e1217ad894afcbd9a664ff96c.
set_consume frees on error.
|
|
|
|
Before, journald would remove journal files until both MaxUse= and
KeepFree= settings would be satisfied. The first one depends (if set
automatically) on the size of the file system and is constant. But
the second one depends on current use of the file system, and a spike
in disk usage would cause journald to delete journal files, trying to
reach usage which would leave 15% of the disk free. This behaviour is
surprising for the user who doesn't expect his logs to be purged when
disk usage goes above 85%, which on a large disk could be some
gigabytes from being full. In addition attempting to keep 15% free
provides an attack vector where filling the disk sufficiently disposes
of almost all logs.
Instead, obey KeepFree= only as a limit on adding additional files.
When replacing old files with new, ignore KeepFree=. This means that
if journal disk usage reached some high point that at some later point
start to violate the KeepFree= constraint, journald will not add files
to go above this point, but it will stay (slightly) below it. When
journald is restarted, it forgets the previous maximum usage value,
and sets the limit based on the current usage, so if disk remains to
be filled, journald might use one journal-file-size less on each
restart, if restarts happen just after rotation. This seems like a
reasonable compromise between implementation complexity and robustness.
|
|
This is a continuation of e3e0314b systemctl: allow globbing in commands
which take multiple unit names.
Multiple patterns can be specified, as separate arguments, or as one argument
with patterns seperated by commas.
If patterns are given, at least one unit must be matched (by any of the patterns).
This is different behaviour than systemctl, but here it is necessary because
otherwise anything would be matched, which is unlikely to be the intended
behaviour.
https://bugs.freedesktop.org/show_bug.cgi?id=59336
|
|
sd_j_e_u needs to keep a reference to an object while comparing it
with possibly duplicate objects in other files. Because the size of
mmap cache is limited, with enough files and object to compare to,
at some point the object being compared would be munmapped, resulting
in a segmentation fault.
Fix this issue by turning keep_always into a reference count that can
be increased and decreased. Other callers which set keep_always=true
are unmodified: their references are never released but are ignored
when the whole file is closed, which happens at some point. keep_always
is increased in sd_j_e_u and later on released.
|
|
Convert entry_array.items[0] to host byte order prior to passing it to
chain_cache_put().
[zj: also use le64toh in journal-verify.c]
https://bugs.freedesktop.org/show_bug.cgi?id=73194
|
|
Suggested-by: Russ Allbery <rra@debian.org>
|
|
|
|
|
|
This reverts commit cf5bccc2bb9569030cb04debbc4208aaca0fe5b4.
We should fix thinks properly if they aren't perfect, not just break
other things...
|
|
This flag shouldn't try and consume the following argument. It should
behave like every other flag which takes an optional argument when
parsed by getopt_long.
|
|
including it in the log strings
|
|
Introduce new call getpeercred() which internally just uses SO_PEERCRED
but checks if the returned data is actually useful due to namespace
quirks.
|
|
|
|
SipHash appears to be the new gold standard for hashing smaller strings
for hashtables these days, so let's make use of it.
|
|
This commit also adds error handling for failures during
directory reading.
|
|
The available_space function now returns 0 if reading the directory
fails. Previously, such errors were silently ignored.
|
|
|
|
-- fix grammar and reword some descriptions for clarity
-- add a useful description of what --follow does
-- fix the description for --after-cursor
-- properly introduce the FSS acronym for "Forward Secure Sealing" in
both sections
-- clarify the --disk-usage command
[zj: perform similar changes to zsh completions]
squash! journalctl: fix several issues in --help message text
|
|
also define noreturn w/o <stdnoreturn.h>
|
|
we also do 'last_index = (uint64_t) -1;' at the end of the while
loop so there is no reason to also do it here.
|
|
|
|
|
|
|
|
While all the libc implementations I know return NULL when memchr's size
parameter is 0, without accessing any memory, passing NULL to memchr is
still invalid:
C11 7.24.1p2: Where an argument declared as "size_t n" specifies the length
of the array for a function, n can have the value zero on a call to that
function. Unless explicitly stated otherwise in the description of a
particular function in this subclause, pointer arguments on such a call
shall still have valid values, as described in 7.1.4. On such a call, a
function that locates a character finds no occurrence, a function that
compares two character sequences returns zero, and a function that copies
characters copies zero characters.
see http://llvm.org/bugs/show_bug.cgi?id=18247
|
|
|
|
Detection would fail if language was not specified in the filename
but a dot appeared somewhere higher in the path.
|
|
for non-static functions
|
|
|
|
Clang is a bit more strict wrt format-nonliterals:
http://clang.llvm.org/docs/LanguageExtensions.html#format-string-checking
Adding these extra printf attributes also makes gcc able to find more
problems. E.g. this patch uncovers a format issue in udev-builtin-path_id.c
Some parts looked intetional about breaking the format-nonliteral check.
I added some supression for warnings there.
|
|
We really should return errors from event handlers if we have a
continous problem and don't know any other solution.
|
|
With this change a failing event source handler will not cause the
entire event loop to fail. Instead, we just disable the specific event
source, log a message at debug level and go on.
This also introduces a new concept of "exit code" which can be stored in
the event loop and is returned by sd_event_loop(). We also rename "quit"
to "exit" everywhere else.
Altogether this should make things more robus and keep errors local
while still providing a way to return event loop errors in a clear way.
|
|
journalctl help output might run off the screen, so be consistent
as other systemd tools do and pipe it into a pager.
|