Age | Commit message (Collapse) | Author |
|
Beef up the existing var_tmp() call, rename it to var_tmp_dir() and add a
matching tmp_dir() call (the former looks for the place for /var/tmp, the
latter for /tmp).
Both calls check $TMPDIR, $TEMP, $TMP, following the algorithm Python3 uses.
All dirs are validated before use. secure_getenv() is used in order to limite
exposure in suid binaries.
This also ports a couple of users over to these new APIs.
The var_tmp() return parameter is changed from an allocated buffer the caller
will own to a const string either pointing into environ[], or into a static
const buffer. Given that environ[] is mostly considered constant (and this is
exposed in the very well-known getenv() call), this should be OK behaviour and
allows us to avoid memory allocations in most cases.
Note that $TMPDIR and friends override both /var/tmp and /tmp usage if set.
|
|
For this moment machinectl prints legend and count of machines/images/etc.
But in a case when we have no images,machines,etc., there is no sense to
show legend:
~$ machinectl
MACHINE CLASS SERVICE
0 machines listed.
Let's print only 'No machines', 'No images', 'No transfers' in this case.
|
|
It's a bit easier to read because shorter. Also, most likely a tiny bit faster.
|
|
|
|
|
|
|
|
make "machinectl clean" asynchronous, and open it up via PolicyKit
|
|
machinectl: interpret options placed between "shell" verb and machine name
|
|
Let's make sure we catch early when a machine doesn't exist that is attempted
to be started or enabled as system service.
|
|
The method is already hooked up to PolicyKit, hence let's open this up via the
bus policy language too.
Fixes: #3585
|
|
background process
This is a follow-up to 5d2036b5f3506bd0ff07042aee8d69c26db32298, and also makes
the "machinectl clean" verb asynchronous, after all it's little more than a
series of image removals.
The changes required to make this happen are a bit more comprehensive as we
need to pass information about deleted images back to the client, as well as
information about the image we failed on if we failed on one. Hence, create a
temporary file in /tmp, serialize that data into, and read it from the parent
after the operation is complete.
|
|
There's no point in explicitly closing the errno pipe, if we exit right after
anyway. It doesn't hurt doing this either, but let's do this the same way for
all cases where we use the "Operation" object right now, and in all other cases
we do not close the pipe explicitly, hence don't do so here either.
|
|
Otherwise starting a machine named `foo-bar-baz` will end up in
machinectl attempting to start the service unit
`systemd-nspawn@foo\x2dbar\x2dbaz` instead of
`systemd-nspawn@foo-bar-baz`.
|
|
Previously, we'd stop processing of the argument list immediately when hitting
the "shell" verb. However, we really should continue processing options then,
until we hit the machine name.
Fixes: #3472
|
|
the pager (#3550)
If "systemctl -H" is used, let's make sure we first terminate the bus
connection, and only then close the pager. If done in this order ssh will get
an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
terminate. This makes sure the standard error we were invoked on is released by
ssh, and only that makes sure we don't deadlock on the pager which waits for
all clients closing its input pipe.
(Similar fixes for the various other xyzctl tools that support both pagers and
-H)
Fixes: #3543
|
|
|
|
and make use of it everywhere
|
|
We have to pass addresses of changes and n_changes to
bus_deserialize_and_dump_unit_file_changes(). Otherwise we are hit by
missing information (subsequent calls to unit_file_changes_add() to
not add anything).
Also prevent null pointer dereference in
bus_deserialize_and_dump_unit_file_changes() by asserting.
Fixes #3339
|
|
call timeout
By default we timeout all bus calls, but if we know that these bus calls might
be slow, let's explicitly turn the timeouts off.
|
|
With this all potentially slow operations are done out-of-process,
asynchronously, using the same "Operation" object.
|
|
If we remove a directory image (i.e. not a btrfs snapshot) then things might
get quite expensive, hence run this asynchronous in a forked off process, too.
|
|
Let's make sigkill_wait() take a normal pid_t, and add sigkill_waitp() that
takes a pointer (which is useful for usage in _cleanup_), following the usual
logic we have for this.
|
|
Cloning an image can be slow, if the image is not on a btrfs subvolume, hence
let's make sure we do this asynchronously in a child process, so that machined
isn't blocked as long as we process the client request.
This adds a new, generic "Operation" object to machined, that is used to track
these kind of background processes.
This is inspired by the MachineOperation object that already exists to make
copy operations asynchronous. A later patch will rework the MachineOperation
logic to use the generic Operation instead.
|
|
It's better to avoid having the option string duplicated, lest we forget
to modify them in sync in the future.
|
|
rework "journalctl -M"
|
|
non-btrfs file systems (#3117)
Fixes: #2060
(Of course, in the long run, we should probably add a copy-based fall-back. But
given how slow that is, this probably requires some asynchronous forking logic
like the CopyFrom() and CopyTo() method calls already implement.)
|
|
This new call returns a file descriptor for the root directory of a container.
This file descriptor may then be used to access the rest of the container's
file system, via openat() and similar calls. Since the file descriptor returned
is for the file system namespace inside of the container it may be used to
access all files of the container exactly the way the container itself would
see them. This is particularly useful for containers run directly from
loopback media, for example via systemd-nspawn's --image= switch. It also
provides access to directories such as /run of a container that are normally
not accessible to the outside of a container.
This replaces PR #2870.
Fixes: #2870
|
|
Fixes: #2420
|
|
systemd-run: fix --slice= in conjunction with --scope
|
|
|
|
Make this an output flag instead, so that our function prototypes can lose one
parameter
|
|
This ports over machinectl and loginctl to also use the new GetProcesses() bus
call to show the process tree of a container or login session. This is similar
to how systemctl already has been ported over in a previous commit.
|
|
|
|
The coccinelle patch didn't work in some places, I have no idea why.
|
|
This new command removes all, or all hidden container images that have been
downloaded.
|
|
numbers
And port all code over to use it.
|
|
|
|
|
|
tree-wide: merge pager_open_if_enabled() to the pager_open()
|
|
Many subsystems define own pager_open_if_enabled() function which
checks '--no-pager' command line argument and open pager depends
on its value. All implementations of pager_open_if_enabled() are
the same. Let's merger this function with pager_open() from the
shared/pager.c and remove pager_open_if_enabled() from all subsytems
to prevent code duplication.
|
|
|
|
Networkctl prettification
|
|
|
|
Throughout the tree there's spurious use of spaces separating ++ and --
operators from their respective operands. Make ++ and -- operator
consistent with the majority of existing uses; discard the spaces.
|
|
|
|
The deserialize_timestamp_value() is renamed timestamp_deserialize() to be more
consistent with dual_timestamp_deserialize()
And add the NULL check back on realtime and monotonic
|
|
which is introduced in the ebf30a086dfa commit.
|
|
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
|
|
loopback file
An unlimited quota makes a lot of sense, but we really should try to propagate this onto the loopback file size, since
an infinitely sized file makes no sense.
Fixes: #2314 #2253
|