Age | Commit message (Collapse) | Author |
|
LOG_DEBUG is already a log level, there is no need to use LOG_PRI which
is for filtering out the facility.
|
|
With this change it is possible to send file descriptors to PID 1, via
sd_pid_notify_with_fds() which PID 1 will store individually for each
service, and pass via the usual fd passing logic on next invocation.
This is useful for enable daemon reload schemes where daemons serialize
their state to /run, push their fds into PID 1 and terminate, restoring
their state on next start from the data in /run and passed in from PID
1.
The fds are kept by PID 1 as long as no POLLHUP or POLLERR is seen on
them, and the service they belong to are either not dead or failed, or
have a job queued.
|
|
shared/install.c and use it
|
|
When setting up a namespace, mount flags like noexec, nosuid and
nodev are cleared, so the mounts always have exec, suid and dev
flags enabled.
Copy source directory mount flags to target mount when remounting
the bind mounts.
|
|
Regression introduced by ed757c0cb03eef50e8d9aeb4682401c3e9486f0b
Mirror the implementation of columns(), since the fd_columns()
functions returns a negative integer for errors.
Also fix columns() to return the unsigned variable instead of the
signed intermediary (they're the same, but better to be explicit).
|
|
Even though we use fallocate() it appears that file systems like btrfs
will trigger SIGBUS on certain low-disk-space situation. We should
handle that, hence catch the signal, add it to a list of invalidated
pages, and replace the page with an empty memory area. After each write
check if SIGBUS was triggered, and consider the write invalid if it was.
This should make journald a lot more robust with file systems where
fallocate() is not reliable, for example all CoW file systems
(btrfs...), where changing written data can fail with disk full errors.
https://bugzilla.redhat.com/show_bug.cgi?id=1045810
|
|
for the container's own subtree in the name=systemd hierarchy
More specifically mount all other hierarchies in their entirety and the
name=systemd above the container's subtree read-only.
|
|
|
|
https://github.com/vlajos/misspell_fixer
https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa
Thanks to Torstein Husebo <torstein@huseboe.net>.
|
|
This macro calculates A / B but rounds up instead of down. We explicitly
do *NOT* use:
(A + B - 1) / A
as it suffers from an integer overflow, even though the passed values are
properly tested against overflow. Our test-cases show this behavior.
Instead, we use:
A / B + !!(A % B)
Note that on "Real CPUs" this does *NOT* result in two divisions. Instead,
instructions like idivl@x86 provide both, the quotient and the remainder.
Therefore, both algorithms should perform equally well (I didn't verify
this, though).
|
|
This file was introduced with linux-3.2, use it instead of probing for it
via prctl(PR_CAPBSET_READ).
For now, keep the old code for backwards compat. We can drop it once 3.2
is our lowest requirement.
The test-cap-list code is extended to verify cap_last_cap() is the same as
we'd get via prctl probing and /proc.
|
|
|
|
|
|
|
|
machine images
|
|
|
|
use of it from nspawn
|
|
|
|
|
|
The new test-cap-list introduced in commit 2822da4fb7f891 uses the included
table of capabilities. However, it uses cap_last_cap() which probes the kernel
for the last available capability. On an older kernel (e.g. 3.10 from RHEL 7)
that causes the test to fail with the following message:
Assertion '!capability_to_name(cap_last_cap()+1)' failed at src/test/test-cap-list.c:30, function main(). Aborting.
Fix it by exporting the size of the static table and using it in the test
instead of the dynamic one from the current kernel.
Tested by successfully running ./test-cap-list and the whole `make check` test
suite with this patch on a RHEL 7 host.
|
|
subvolumes
We make use of the btrfs subvol crtime for this, and for gpt images of a
manually managed xattr, if we can.
|
|
|
|
There is alot of cleanup that will have to happen to turn on
-fstrict-aliasing, but I think our code should be "correct" to the rule.
|
|
After all, pretty much all our tools include it, and it should hence be
shared.
Also move sysfs-show.h from core/ to login/, since it has no point to
exist in core.
|
|
on a pty and returns the pty master fd to the client
This is a one-stop solution for "machinectl login", and should simplify
getting logins in containers.
|
|
|
|
|
|
|
|
|
|
For that, ask machined for a container PTY and use that.
|
|
|
|
We originally only supported escaping ucs2 encoded characters (as \uxxxx). This
only covers the BMP. Support escaping also utf16 surrogate pairs (on the form
\uxxxx\uyyyy) to cover all of unicode.
|
|
We originally only supported the BMP (i.e., we treated UTF-16 as UCS-2).
|
|
Originally we only supported ucs2, so move the ucs4 version from libsystemd-terminal to shared
and use that everywhere.
|
|
|
|
|
|
hidden_file() is a bit more precise, since dot files usually shouldn't
be ignored, but certainly be considered hidden.
|
|
the verb in it
That way the dispatcher calls know how they got called.
|
|
This adds a new bus call to machined that enumerates /var/lib/container
and returns all trees stored in it, distuingishing three types:
- GPT disk images, which are files suffixed with ".gpt"
- directory trees
- btrfs subvolumes
|
|
extra "#" to the name
That way, we have a simple, somewhat reliable way to detect such
temporary files, by simply checking if they start with ".#".
|
|
containers and install them locally
This adds a simply but powerful tool for downloading container images
from the most popular container solution used today. Use it like
this:
# systemd-import pull-dck mattdm/fedora
# systemd-nspawn -M fedora
This will donwload the layers for "mattdm/fedora", and make them
available locally as /var/lib/container/fedora.
The tool is pretty complete, as long as it's only about pulling down
images, or updating them. Pushing or searching is not supported yet.
|
|
We should move loginctl, timedatectl, machinectl over to use this new
API instead of a manual one.
|
|
deleting it)
|
|
|
|
Commit a2a5291b3f5 changed the parser to reject unfinished quoted
strings. Unfortunately it introduced an error where a trailing
backslash would case an infinite loop. Of course this must fixed, but
the question is what to to instead. Allowing trailing backslashes and
treating them as normal characters would be one option, but this seems
suboptimal. First, there would be inconsistency between handling of
quoting and of backslashes. Second, a trailing backslash is most
likely an error, at it seems better to point it out to the user than
to try to continue.
Updated rules:
ExecStart=/bin/echo \\ → OK, prints a backslash
ExecStart=/bin/echo \ → error
ExecStart=/bin/echo "x → error
ExecStart=/bin/echo "x"y → error
|
|
|
|
This fixes 2 problems introduced by 6feeeab0bc:
1) If name_to_handle_at returns ENOSYS for the child, we'll wrongly
return -ENOSYS when it returns the same for the parent. Immediately
jump to the fallback logic when we get ENOSYS.
2) If name_to_handle_at returns EOPNOTSUPP for the child but suceeds
for the parent, we'll be comparing an uninitialized value (mount_id) to
an initialized value (mount_id_parent). Initialize the mount_id
variables to invalid mount_ids to avoid this.
|
|
fork() is not async-signal-safe and calling it from the signal handler
could result in a deadlock when at_fork() handlers are called. Using
the raw clone() syscall sidesteps that problem.
The tricky part is that raise() does not work, since getpid() does not
work. Add raw_getpid() to get the real pid, and use kill() instead of
raise().
https://bugs.freedesktop.org/show_bug.cgi?id=86604
|
|
If child supports, but the parent does not, or when the child does
not support, but the parent does, assume the child is a mount point.
Only if neither supports use the fallback.
|
|
c0e57ba9e22ee937722958d8b912ade2a37f206d fixed the fallback path.
We should do the same for name_to_handle_at().
|