summaryrefslogtreecommitdiff
path: root/src/shared/cgroup-util.c
AgeCommit message (Collapse)Author
2014-07-31Reject invalid quoted stringsZbigniew Jędrzejewski-Szmek
String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-04-21condense assignment and path_kill_slashes callsDave Reisner
2014-03-16Use strlen even for constant stringsJosh Triplett
GCC optimizes strlen("string constant") to a constant, even with -O0. Thus, replace patterns like sizeof("string constant")-1 with strlen("string constant") where possible, for clarity. In particular, for expressions intended to add up the lengths of components going into a string, this often makes it clearer that the expression counts the trailing '\0' exactly once, by putting the +1 for the '\0' at the end of the expression, rather than hidden in a sizeof in the middle of the expression.
2014-02-17doc: update punctuationJan Engelhardt
Resolve spotted issues related to missing or extraneous commas, dashes.
2014-02-17core: find the closest parent slice that has a specfic cgroup controller ↵Lennart Poettering
enabled when enabling/disabling cgroup controllers for units
2014-02-11machined: optionally, allow registration of pre-existing units (scopesLennart Poettering
or services) as machine with machined
2014-02-07cgroup: make sure to properly send SIGCONT to all processes of a cgroup if ↵Lennart Poettering
that's requested
2014-01-27bus: add API calls for connecting to starter busLennart Poettering
Add new calls sd_bus_open() and sd_bus_default() for connecting to the starter bus a service was invoked for, or -- if the process is not a bus-activated service -- the appropriate bus for the scope the process has been started in.
2014-01-05shared: procfs_file_alloca: handle pid==0Simon Peeters
when pid is set to 0 use /proc/self
2013-12-26Use enums to make it obvious what boolean params meanZbigniew Jędrzejewski-Szmek
Suggested-by: Russ Allbery <rra@debian.org>
2013-12-24bus: properly shift cgroup data returned from kdbus by the container's root ↵Lennart Poettering
before parsing
2013-12-22Fix extraction of _SYSTEMD_USER_UNITZbigniew Jędrzejewski-Szmek
Units from user services underneath user@.service would not be detected properly.
2013-12-17__thread --> thread_local for C11 compatShawn Landden
Also make thread_local available w/o including <threads.h>. (as the latter hasn't been implemented, but this part is trivial)
2013-12-11journald: cache cgroup root path, instead of querying it on every incoming ↵Lennart Poettering
log message
2013-12-03bus: add generator that turns old dbus1 activation files into .busname + ↵Lennart Poettering
.service units
2013-11-08Remove dead code and unexport some callsLennart Poettering
"make check-api-unused" informs us about code that is not used anymore or that is exported but only used internally. Fix these all over the place.
2013-10-02cgroup: there's no point in labelling cgroupfs dirs, so let's not do thatsystemd/v208Lennart Poettering
This allows us to get rid of the dep on libsystemd-label for cgroup management. https://bugs.freedesktop.org/show_bug.cgi?id=69966
2013-09-26cgroup: when referencing cgroup controller trees allow omission of the pathLennart Poettering
2013-09-25util: add macro for iterating through all prefixes of a pathLennart Poettering
Syntactic sugar in a macro PATH_FOREACH_PREFIX.
2013-09-25cgroup: if we do a cgroup operation then do something on all supported ↵Lennart Poettering
controllers Previously we did operations like attach, trim or migrate only on the controllers that were enabled for a specific unit. With this changes we will now do them for all supproted controllers, and fall back to all possible prefix paths if the specified paths do not exist. This fixes issues if a controller is being disabled for a unit where it was previously enabled, and makes sure that all processes stay as "far down" the tree as groups exist.
2013-09-16Verify validity of session name when received from outsideZbigniew Jędrzejewski-Szmek
Only ASCII letters and digits are allowed.
2013-07-11cgroup: simplify how instantiated units are mapped to cgroupsLennart Poettering
Previously for an instantiated unit foo@bar.service we created a cgroup foo@.service/foo@bar.service, in order to place all instances of the same template inside the same subtree. As we now implicitly add all instantiated units into one per-template slice we don't need this complexity anymore, and instance units can map directly to the cgroups of their full name.
2013-07-10cgroup: when uninstalling agent, actually turn it off firstLennart Poettering
2013-07-04disable the cgroups release agent when shutting downKay Sievers
During shutdown, when we try to clean up all remaining processes, the kernel will fork new agents every time a cgroup runs empty. These new processes cause delays in the final SIGTERM, SIGKILL logic. Apart from that, this should also avoid that the kernel-forked binaries cause unpredictably timed access to the filesystem which we might need to unmount.
2013-07-02libsystemd-logind: fix detection of session/user/machine of a PIDLennart Poettering
2013-07-01core: add new "scope" unit type for making a unit of pre-existing processesLennart Poettering
"Scope" units are very much like service units, however with the difference that they are created from pre-existing processes, rather than processes that systemd itself forks off. This means they are generated programmatically via the bus API as transient units rather than from static configuration read from disk. Also, they do not provide execution-time parameters, as at the time systemd adds the processes to the scope unit they already exist and the parameters cannot be applied anymore. The primary benefit of this new unit type is to create arbitrary cgroups for worker-processes forked off an existing service. This commit also adds a a new mode to "systemd-run" to run the specified processes in a scope rather then a transient service.
2013-06-27core: general cgroup reworkLennart Poettering
Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-21login: add an api to determine the slice a PID is located in to libsystemd-loginLennart Poettering
2013-06-20logind: add infrastructure to keep track of machines, and move to slicesLennart Poettering
- This changes all logind cgroup objects to use slice objects rather than fixed croup locations. - logind can now collect minimal information about running VMs/containers. As fixed cgroup locations can no longer be used we need an entity that keeps track of machine cgroups in whatever slice they might be located. Since logind already keeps track of users, sessions and seats this is a trivial addition. - nspawn will now register with logind and pass various bits of metadata along. A new option "--slice=" has been added to place the container in a specific slice. - loginctl gained commands to list, introspect and terminate machines. - user.slice and machine.slice will now be pulled in by logind.service, since only logind.service requires this slice.
2013-06-17core: add new .slice unit type for partitioning systemsLennart Poettering
In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-06cgroup: the "tasks" attribute is obsolete, cgroup.procs is the new replacementLennart Poettering
2013-05-03cgroup: when escaping a cgroup object name, also escape names that start ↵Lennart Poettering
with a dot
2013-05-02Add __attribute__((const, pure, format)) in various placesZbigniew Jędrzejewski-Szmek
I'm assuming that it's fine if a _const_ or _pure_ function calls assert. It is assumed that the assert won't trigger, and even if it does, it can only trigger on the first call with a given set of parameters, and we don't care if the compiler moves the order of calls.
2013-05-01cgls: add --machine/-MZbigniew Jędrzejewski-Szmek
cg_get_machine_path is modified to include the escaped machine name + ".nspawn" if the machine argument is nonnull.
2013-04-30cgroup: make cg_pid_get_path() work properly for co-mounted controllers and ↵Lennart Poettering
normalized named hierarchies
2013-04-30cgroup: do not allow manipulating the cgroup path of units within the ↵Lennart Poettering
systemd:/system subtree
2013-04-25Use attribute(unused) in PROTECT_ERRNOZbigniew Jędrzejewski-Szmek
clang emits warnings about unused attribute _saved_errno_, which drown out other—potentially useful—warnings. gcc documentation is not exactly verbose about the effects of __attribute__((unused)) on variables, but let's assume that it works if the unit test passes.
2013-04-24cgroup: always validate cgroup controller namesLennart Poettering
Let's better be safe than sorry.
2013-04-22cgroup: make sure all our cgroup objects have a suffix and are properly escapedLennart Poettering
Session objects will now get the .session suffix, user objects the .user suffix, nspawn containers the .nspawn suffix. This also changes the user cgroups to be named after the numeric UID rather than the username, since this allows us the parse these paths standalone without requiring access to the cgroup file system. This also changes the mapping of instanced units to cgroups. Instead of mapping foo@bar.service to the cgroup path /user/foo@.service/bar we will now map it to /user/foo@.service/foo@bar.service, in order to ensure that all our objects are properly suffixed in the tree.
2013-04-22nspawn: suffix the nspawn cgroups with ".nspawn"Lennart Poettering
As discussed with Dan Berrange it's a good idea to suffix all objects in the cgroup tree with ".something", so that when the system is partitioned using a resource management tool we can drop objects of different types into the same partition directory without generate namespace conflicts. We'l add this to the Pax Control Group document as soon as write access to the fdo wiki is restored.
2013-04-18move _cleanup_ attribute in front of the typeHarald Hoyer
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
2013-04-16nspawn: introduce the new /machine/ tree in the cgroup tree and move ↵Lennart Poettering
containers there Containers will now carry a label (normally derived from the root directory name, but configurable by the user), and the container's root cgroup is /machine/<label>. This label is called "machine name", and can cover both containers and VMs (as soon as libvirt also makes use of /machine/). libsystemd-login can be used to query the machine name from a process. This patch also includes numerous clean-ups for the cgroup code.
2013-04-15bus: handle env vars safelyLennart Poettering
Make sure that our library is safe for usage in SUID programs when it comes to env var handling
2013-04-08cgroup: clean-upsLennart Poettering
2013-04-08cgroup: always keep access mode of 'tasks' and 'cgroup.procs' files in ↵Lennart Poettering
cgroup directories in sync
2013-04-03util: rename write_one_line_file() to write_string_file()Lennart Poettering
You can write much more than just one line with this call (and we frequently do), so let's correct the naming.
2013-02-14honor SELinux labels, when creating and writing config filesHarald Hoyer
Also split out some fileio functions to fileio.c and provide a SELinux aware pendant in fileio-label.c see https://bugzilla.redhat.com/show_bug.cgi?id=881577
2013-02-13use strneq instead of strncmpThomas Hindoe Paaboel Andersen
2013-01-19cgroup: additional validity checks for cgroup attribute namesLennart Poettering