Age | Commit message (Collapse) | Author |
|
fix 1237557 Unchecked return value from library
|
|
|
|
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
|
|
This should make the unquoting scheme a bit less naive.
|
|
CID#1237532
CID#1237523
CID#1237522
|
|
If a unit contains only Also=, with no Alias= or WantedBy=, it shouldn't
be reported as static. New 'indirect' status shall be introduced.
https://bugzilla.redhat.com/show_bug.cgi?id=864298
|
|
Reads the basename of the target of a symlink.
|
|
utf8_is_printable_newline()
|
|
CID# 1251162
|
|
|
|
it static
|
|
|
|
Also, make all parsing of the kernel cmdline non-fatal.
|
|
|
|
After all, this is about files, not arguments, hence EFBIG is more
appropriate than E2BIG
|
|
sendfile_full() by it
|
|
|
|
|
|
The SELinux policy defines no context for some files. E.g.:
$ matchpathcon /run/lock/subsys /dev/mqueue
/run/lock/subsys <<none>>
/dev/mqueue <<none>>
We still need to be able to create them.
In this case selabel_lookup_raw() returns ENOENT. We should then skip
setfscreatecon(), but still return success.
It was broken since c34255bdb2 ("label: unify code to make directories,
symlinks").
|
|
Not all switch roots are like base_filesystem_create() wants them
to look like. They might even boot, if they are RO and don't have the FS
layout. Just ignore the error and switch_root nevertheless.
base_filesystem_create() should have logged, what went wrong.
|
|
Now that we only have one file with condition implementations around, we
can drop the -util suffix and simplify things a bit.
|
|
Yes, sometimes I develop OCD.
|
|
fatal for a start job if not met
|
|
|
|
|
|
Also, implement the negation check inside of condition_test() instead of
individually in each test function.
|
|
|
|
|
|
|
|
unquote_first_word()
|
|
subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
|
|
|
|
Explicitly ignore return value of ioctl to set window size.
Fixes CID#1250804 and CID#1250800.
|
|
Let's be strict here, since its better to be safe than sorry.
|
|
The barrier implementation tracks remote states internally. There is no
need to check the return value of any barrier_*() function if the caller
is not interested in the result. The barrier helpers only return the state
of the remote side, which is usually not interesting as later calls to
barrier_sync() will catch this, anyway.
Shut up coverity by explicitly ignoring return values of barrier_place()
if we're not interested in it.
|
|
Imagine a constructor like this:
int object_new(void **out) {
void *my_object;
int r;
...
r = ioctl(...);
if (r < 0)
return -errno;
...
*out = my_object;
return 0;
}
We have a lot of those in systemd. If you now call those, gcc might inline
the call and optimize it. However, gcc cannot know that "errno" is
negative if "r" is. Therefore, a caller like this will produce warnings:
r = object_new(&obj);
if (r < 0)
return r;
obj->xyz = "foobar";
In case the ioctl in the constructor fails, gcc might assume "errno" is 0
and thus the error-handling is not triggered. Therefore, "obj" is
uninitialized, but accessed. Gcc will warn about that.
The new negative_errno() helper can be used to mitigate those warnings.
The helper is guaranteed to return a negative integer. Furthermore, it
spills out runtime warnings if "errno" is non-negative.
Instead of returning "-errno", you can use:
return negative_errno();
gcc will no longer assume that this can return >=0, thus, it will not warn
about it.
Use this new helper in libsystemd-terminal to fix some grdev-drm warnings.
|
|
This macro exists for MIPS since v3.17:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=42944521af97a3b25516f15f3149aec3779656dc
|
|
A small readability improvement...
|
|
And conditionalize journald audit support with it
|
|
|
|
|
|
Also change the default prefixlen function to only access the first octet of the in_addr.
|
|
|
|
event loop
We really should not run manual event loops anymore, but standardize on
sd_event, so that we can run sd_bus connections from it eventually.
|
|
__attribute__((used)) is not enough to force static variables to
be carried over to a compiled program from a library. Mappings defined
in libsystemd-shared.a were not visible in the compiled binaries.
To ensure that the mappings are present in the final binary, the
tables are made non-static and are given a real unique name by which
they can be referenced.
To use a mapping defined not in the local compilation unit (e.g. in
a library) a reference to the mapping table is added. This is done
by including a declaration in the header file.
Expected values in test-engine are fixed to reflect the new mappings.
|
|
f7101b7368df copied some logic to prevent enabling masked units, but
also added a check which causes attempts to enable templated units to
fail. Since we know the logic beyond this check will properly handle
units which truly do not exist, we can rely on the unit file state
comparison to suffice for expressing the intent of f7101b7368df.
ref: https://bugs.archlinux.org/task/42616
|
|
|
|
|
|
I tried to preserve most errno values, but in some cases they were
inconsistent (different errno values for the same error name) or just
mismatched.
|
|
This is a rewrite of the hashmap implementation. Its advantage is lower
memory usage.
It uses open addressing (entries are stored in an array, as opposed to
linked lists). Hash collisions are resolved with linear probing and
Robin Hood displacement policy. See the references in hashmap.c.
Some fun empirical findings about hashmap usage in systemd on my laptop:
- 98 % of allocated hashmaps are Sets.
- Sets contain 78 % of all entries, plain Hashmaps 17 %, and
OrderedHashmaps 5 %.
- 60 % of allocated hashmaps contain only 1 entry.
- 90 % of allocated hashmaps contain 5 or fewer entries.
- 75 % of all entries are in hashmaps that use trivial_hash_ops.
Clearly it makes sense to:
- store entries in distinct entry types. Especially for Sets - their
entries are the most numerous and they require the least information
to store an entry.
- have a way to store small numbers of entries directly in the hashmap
structs, and only allocate the usual entry arrays when the direct
storage is full.
The implementation has an optional debugging feature (enabled by
defining the ENABLE_HASHMAP_DEBUG macro), where it:
- tracks all allocated hashmaps in a linked list so that one can
easily find them in gdb,
- tracks which function/line allocated a given hashmap, and
- checks for invalid mixing of hashmap iteration and modification.
Since entries are not allocated one-by-one anymore, mempools are not
used for entries. Originally I meant to drop mempools entirely, but it's
still worth it to use them for the hashmap structs. My testing indicates
that it makes loading of units about 5 % faster (a test with 10000 units
where more than 200000 hashmaps are allocated - pure malloc: 449±4 ms,
mempools: 427±7 ms).
Here are some memory usage numbers, taken on my laptop with a more or
less normal Fedora setup after booting with SELinux disabled (SELinux
increases systemd's memory usage significantly):
systemd (PID 1) Original New Change
dirty memory (from pmap -x 1) [KiB] 2152 1264 -41 %
total heap allocations (from gdb-heap) [KiB] 1623 756 -53 %
|