Age | Commit message (Collapse) | Author |
|
|
|
Already split variable assignments before invoking the callback. And
drop "rd." settings if we are not in an initrd.
|
|
|
|
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
|
|
GREEDY_REALLOC takes a pointer to the real size, not the array-width as
argument. Therefore, our array is currently way to small to keep the seat
positions.
Introduce GREEDY_REALLOC0_T() as typed version of GREEDY_REALLOC and store
the array-width instead of array-size.
|
|
for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
|
|
processes
|
|
containers on a 64bit host
|
|
|
|
Previously, we'd fixed show_state only after printing the welcome
message which had the effect that the welcome message was almost always
suppressed.
|
|
In cryptsetup-generator automatic cleanup had to be replaced
with manual cleanup, and the code gets a bit longer. But existing
code had the issue that it returned negative values from main(),
which was wrong, so should be reworked anyway.
|
|
|
|
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd
actually reaps the zombie. Which leads to service_load_pid_file accepting
zombie as a valid pid.
This fixes timeouts like:
[ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing.
[ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring.
[ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing.
[ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
|
|
|
|
|
|
|
|
doesn't fall back to PRNG
|
|
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
https://bugzilla.gnome.org/show_bug.cgi?id=722889
|
|
This will only work on Linux >= 3.11, and probably not on all
filesystems. Fallback code is provided.
|
|
|
|
|
|
when pid is set to 0 use /proc/self
|
|
It is nicer to predefine patterns using configure time check instead of
using casts everywhere.
Since we do not need to use any flags, include "%" in the format instead
of excluding it like PRI* macros.
|
|
|
|
Even if the lower-leveld dbus1 protocol calls it "serial", let's expose
the word "cookie" for this instead, as this is what kdbus uses and since
it doesn't imply monotonicity the same way "serial" does.
|
|
Introduce new call getpeercred() which internally just uses SO_PEERCRED
but checks if the returned data is actually useful due to namespace
quirks.
|
|
SipHash appears to be the new gold standard for hashing smaller strings
for hashtables these days, so let's make use of it.
|
|
|
|
In some circumstances, for example when start-up times out we
immediately jump into the final state, at which point we still should
try to watch the main pid so that the SIGCHLD allows us to quickly
move into dead state.
|
|
also define noreturn w/o <stdnoreturn.h>
|
|
Due to this patch, message dump (for message which includes boolean
type) is more consistent with dbus-send (which display true/false
instead of yes/no for boolean). It's only simple 'cosmetics change'.
** For dbus-send **
dbus-send --system --dest=org.freedesktop.DBus --type=method_call --print-reply / org.freedesktop.DBus.NameHasOwner string:org.freedesktop.login1
method return sender=org.freedesktop.DBus -> dest=:1.97 reply_serial=2
boolean true
** For libsystemd-bus (without this patch) **
‣ Type=method_call Endian=l Flags=0 Version=2 Serial=8
Destination=org.freedesktop.DBus Path=/org/freedesktop/DBus Interface=org.freedesktop.DBus Member=NameHasOwner
MESSAGE "s" {
STRING "org.freedesktop.login1";
};
‣ Type=method_return Endian=l Flags=1 Version=2 Serial=51 ReplySerial=8
Sender=:1.59 Destination=:1.67
UniqueName=:1.59 WellKnownNames={org.freedesktop.DBus}
MESSAGE "b" {
BOOLEAN yes;
};
For me true/false seems to be better readable than yes/no for BOOLEAN.
|
|
|
|
bus also switch over PID namespace
This is necessary to ensure that kdbus can collect creds of the
destination namespace when connecting.
|
|
These specifiers require NSS lookups to work, and we really shouldn't do
them from PID 1 hence. With this change they are now only supported for
user systemd instance, or when the configured user for a unit is root.
|
|
Previously we'd open the connection in the originating namespace, which
meant most peers of the bus would not be able to make sense of the
PID/UID/... identity of us since we didn't exist in the namespace they
run in. However they require this identity for privilege decisions,
hence disallowing access to anything from the host.
Instead, when connecting to a container, create a temporary subprocess,
make it join the container's namespace and then connect from there to
the kdbus instance. This is similar to how we do it for socket
conections already.
THis also unifies the namespacing code used by machinectl and the bus
APIs.
|
|
Compared to greedy_realloc(), this sets all newly allocated memory to 0.
As the old variant has been used a lot for string-handling, we avoid
changing it as clearing memory is not needed there.
|
|
PrivateTmp= namespaces
|
|
|
|
|
|
|
|
Instead of individually checking for containers in each user do this
once in a new call proc_cmdline() that read the file only if we are not
in a container.
|
|
|
|
When set to 0 this will stop tools like the backlight and rfkill tools to
restore state from previous boot. This is useful in case the stored state
is bogus to the extent that it is preventing you from resetting it (e.g.,
the backlight settings cause the screen to be off on boot on a system where
the backlight can not be adjusted directly from the keyboard).
|
|
Always use our own macros, and name all our own macros the same style.
|
|
Emacs C indenting really gets confused by these lines if they carry no
trailing semicolon, hence let's make this nicer for good old emacs. The
other macros which define functions already do this too, so let's copy
the scheme here.
Also, let's use an uppercase name for the macro. So far our rough rule
was that macros that are totally not function-like (like this ones,
which define a function) are uppercase. (Well, admittedly it is a rough
rule only, for example function and variable decorators are all
lower-case SINCE THE CONSTANT YELLING IN THE SOURCES WOULD SUCK, and
also they at least got underscore prefixes.) Also, the macros that
define functions that we already have are all uppercase, so let's do the
same here...
|
|
|
|
This extends 62678ded 'efi: never call qsort on potentially
NULL arrays' to all other places where qsort is used and it
is not obvious that the count is non-zero.
|
|
rename old versions to ascii_*
Do not take into account zerowidth characters, but do consider double-wide characters.
Import needed utf8 helper code from glib.
v3: rebase ontop of utf8 restructuring work
[zj: tweak the algorithm a bit, move new code to separate file]
|
|
|
|
We were already creating the file if it was missing, and this way
containers can reconfigure the file without running into problems.
This also makes resolv.conf handling more alike to handling of
/etc/localtime, which is also not a bind mount.
|