Age | Commit message (Collapse) | Author |
|
static files
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.
The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.
This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.
The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.
The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.
This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
|
|
|
|
|
|
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
|
|
everything below
This has the benefit of not triggering any autofs mount points
unnecessarily.
|
|
|
|
sd_pid_notify() operates like sd_notify(), however operates on a
different PID (for example the parent PID of a process).
Make use of this in systemd-notify, so that message are sent from the
PID specified with --pid= rather than the usually shortlived PID of
systemd-notify itself.
This should increase the likelyhood that PID 1 can identify the cgroup
that the notification message was sent from properly.
|
|
make use of it from other daemons too
This is preparation to make networkd work as unpriviliged user.
|
|
ignore_file currently allows any file ending with '~' while it
seems that the opposite was intended:
a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
|
|
|
|
|
|
|
|
|
|
No functional change expected :)
|
|
SIGINT/SITERM
|
|
Let's unify generation of unicode chars at one place.
Also, don't add an extra space into chars we print, except for the tree
chars where this is really necessary.
|
|
And move it to sperate function.
|
|
|
|
The kernel can return pretty much anything there, even though the fd is
closed. Let's not get confused by that.
|
|
greedy_realloc() and greedy_realloc0() now store the allocated
size as the count, not bytes.
Replace GREEDY_REALLOC uses with GREEDY_REALLOC_T everywhere,
and then rename GREEDY_REALLOC_T to GREEDY_REALLOC. It is just
too error-prone to have two slightly different macros which do the
same thing.
|
|
Based on a similar patch by Lukáš Nykrýn.
|
|
safe_close_pair() is more like safe_close(), except that it handles
pairs of fds, and doesn't make and misleading allusion, as it works
similarly well for socketpairs() as for pipe()s...
|
|
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:
fd = safe_close(fd);
Which will close an fd if it is open, and reset the fd variable
correctly.
By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
|
|
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often makes it clearer that the expression counts the
trailing '\0' exactly once, by putting the +1 for the '\0' at the end of
the expression, rather than hidden in a sizeof in the middle of the
expression.
|
|
This is very useful when debugging sd-bus to look at messages.
|
|
This adds the same root argument to search_and_fopen that
conf_files_list already has. Tools that use those two functions as a
pair can now be easily modified to load configuration files from an
alternate root filesystem tree.
|
|
With in_charset now reduced to a one-liner (plus asserts), make it a
static inline.
|
|
This simplifies in_charset down to a one-liner, and allows for possible
optimizations of strspn in libc.
|
|
files_same() returns
1, if the files are the same
0, if the files have different inode/dev numbers
errno, for any stat error
|
|
|
|
Already split variable assignments before invoking the callback. And
drop "rd." settings if we are not in an initrd.
|
|
|
|
define for the max number of rlimits, too
|
|
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
|
|
Things like 3B4T, 4B50B, 400 100 (meaning 4*1024**4+3, 54, and 500,
respectively) are now disallowed. It is necessary to say 4T3B, 54B,
500 instead. I think this was confusing and error prone.
As a special form, 400B 100 is allowed, i.e. "B" suffix is treated
as different from "", although they mean the same thing.
|
|
It seems natural to be able to say SystemMaxUsage=1.5G.
https://bugzilla.redhat.com/show_bug.cgi?id=1047568
|
|
for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
|
|
|
|
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
|
|
processes
|
|
containers on a 64bit host
|
|
|
|
Previously, we'd fixed show_state only after printing the welcome
message which had the effect that the welcome message was almost always
suppressed.
|
|
In cryptsetup-generator automatic cleanup had to be replaced
with manual cleanup, and the code gets a bit longer. But existing
code had the issue that it returned negative values from main(),
which was wrong, so should be reworked anyway.
|
|
|
|
|
|
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd
actually reaps the zombie. Which leads to service_load_pid_file accepting
zombie as a valid pid.
This fixes timeouts like:
[ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing.
[ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring.
[ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing.
[ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
|
|
The conf_files_list family accepts an alternate root path to prefix all
directories in the list but path_strv_canonicalize_uniq doesn't use it.
This results in the suspicious behavior of resolving directory symlinks
based on the contents of / instead of the alternate root.
This adds a prefix argument to path_strv_canonicalize which will now
prepend the prefix, if given, to every path in the list. To avoid
answering what a relative path means when called with a root prefix
path_strv_canonicalize is now path_strv_canonicalize_absolute and only
considers absolute paths. Fortunately all users of already call
path_strv_canonicalize with a list of absolute paths.
|
|
|
|
|