Age | Commit message (Collapse) | Author |
|
this anymore to skip audit session ID retrieval
As audit is still broken in containers we need a reliable way how we can
determine whether the audit data we read from 7proc is actually useful.
Previously we used CAP_AUDIT_CONTROL for this, since nspawn removed that
from the nspawn container. This has changed a while back however, which
means we used audit data of host system in the container.
This adds an explicit container check to the audit calls, so that all
audit data is turned off in containers.
This should fix session creation with pam_systemd/logind in nspawn containers.
|
|
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
|
|
If systemd-vconsole-setup was started with LANG=C (no locale.conf), then
it would set the console to non-unicode, which is not what we want.
|
|
|
|
Make sure that our library is safe for usage in SUID programs when it
comes to env var handling
|
|
"__attribute__((always_inline))" does not replace "inline" and they
still need to be used together. This fixes "always_inline function
might not be inlinable [-Wattributes]" warning in gcc 4.7
Idea-from-patch-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63477
|
|
Just {} is used in a lot of places now, and there's nothing
special abose those few.
|
|
|
|
|
|
|
|
Make sure we compare errno against positive error codes.
The ones in hwclock.c and install.c can have an impact, the
rest are unlikely to be hit or in code that isn't widely
used.
Also check that errno > 0, to help gcc know that we are
returning a negative error code.
|
|
If we pass a constant value to ALIGN() gcc should have the chance to
calculate the value during compilation rather than runtime, so let's
avoid a static inline call if we can.
|
|
I was debugging systemd waiting on a missing disk, and noticed
that the job listing could use some polishing. Jobs that are
actually running are highlighted, so it's easier to see what
very actually waiting for.
Also, the needed widths are precalculated, to use available columns
more ecomically.
|
|
|
|
|
|
cgroup directories in sync
|
|
Avoid memory allocations to construct the path for files in the
procfs. The procfs paths are way shorter than the PATH_MAX so we
can use snprintf on a string located on the stack. This shows up
as a win on x86 using the benchmark program below.
$ make libsystemd-shared.la; gcc -O2 -Isrc/systemd/ -Isrc/ \
-o simple-perf-test simple-perf-test.c \
.libs/libsystemd-shared.a -lrt
#include "shared/util.h"
void test_once(void) {
pid_t pid = getpid();
char *tmp = NULL;
get_process_comm(pid, &tmp);
free(tmp);
tmp = NULL;
get_process_cmdline(pid, 0, 1, &tmp);
free(tmp);
is_kernel_thread(pid);
tmp = NULL;
get_process_exe(pid, &tmp);
free(tmp);
}
int main(int argc, char **argv)
{
int i;
for (i = 0; i < 50000; ++i)
test_once();
}
|
|
Fix for:
b92bea5d2a9481de69bb627a7b442a9f58fca43d
Causing:
systemd-logind[265]: Assertion 'd = event.data.ptr' failed at src/shared/dbus-loop.c:233, function bus_loop_dispatch(). Aborting.
|
|
|
|
Fixes a memleak in error path in exec_context_load_environment.
|
|
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
|
|
It is possible to build systemd without logind or run logind without systemd
init. Commit 66e41181 fixed sd_booted() to only succeed for systemd init; with
that, testing for systemd init is wrong in the parts that talk to logind.
In particular, this affects the PAM module and the "uaccess" udev builtin.
Change sd_booted() to a new logind_running() which tests for
/run/systemd/seats/.
For details, see:
<https://mail.gnome.org/archives/desktop-devel-list/2013-March/msg00092.html>
https://bugs.freedesktop.org/show_bug.cgi?id=62754
|
|
|
|
|
|
Make sure to always print out at least one valid component instead of
falling back early to 0.
|
|
different umask
|
|
Instead of outputting "5h 55s 50ms 3us" we'll now output "5h
55.050003s". Also, while outputting the accuracy is configurable.
Basically we now try use "dot notation" for all time values > 1min. For
>= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and
finally 'us'.
This should give reasonably values in most cases.
|
|
We can now parse "0.5s" as the same as "500ms". In fact, we can parse
"3.45years" correctly, too, and any other unit and fraction length.
|
|
|
|
This will properly escape all weird chars when writing env var files.
With this in place we can now read and write environment files where the
values contain arbitrary weird chars.
This enables hostnamed and suchlike to finally properly save pretty host
names with backlashes or quotes in them.
|
|
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
|
|
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
|
|
You can write much more than just one line with this call (and we
frequently do), so let's correct the naming.
|
|
formatting of a numeric type
|
|
|
|
|
|
code in src/shared/macro.h only defined MAX/MIN in case
they were not defined previously. however the MAX/MIN
macros implemented in glibc are not of the "safe" kind but defined
as:
define MIN(a,b) (((a)<(b))?(a):(b))
define MAX(a,b) (((a)>(b))?(a):(b))
Avoid nasty side effects by using our own versions instead.
Also fix the warnings derived from this change.
[zj: - modify MAX3 macro to fix warning about _a shadowing _a,
- do bootchart/svg.c too,
- remove unused MIN3.]
|
|
The ~80 chars per line part wasn't well received.
|
|
Use _cleanup_ and wrap lines to ~80 chars and such.
|
|
No need to call the heavy artillery, when the original array
is sorted. Reduces complexity from n² log n to n log n, where
n is the number of items in the array, not very large, but
still.
|
|
Not very likely, but let's fix it for the matter of
principle.
|
|
Based on coverity report.
|
|
This includes code to parse and split up match strings which will also
be useful to calculate bloom filter masks when the time comes.
|
|
|
|
|
|
|
|
|