| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Only 34 of 74 tools need libselinux linked, and libselinux is a pain
with its unconditional library constructor.
|
|
don't put the socket in failure mode"
This reverts commit 9586cdfab6a2638078702b7fea7e16b3a71899e2.
(but not the TODO hunk).
The bug was already fixed by 1a710b43. And if other errors occur, we
don't want to leave the socket active in order to avoid having socket
tarpits.
|
|
If a client connects to us repeatedly always using the same source port
and we instantiate a service for the incoming connection this might
clash with an old instance. Hence, include the connection number, the
same way we do it for AF_UNIX to make connections unique.
https://bugs.freedesktop.org/show_bug.cgi?id=45297
|
|
the socket in failure mode
An incoming connection that is immediately terminated might result in
getpeername() or a similar call failing. Hence it is quite possible that
while we are setting up an instantiated service for a socket we might
get an error and we shouldn't take this as hint to take the listening
socket down.
https://bugs.freedesktop.org/show_bug.cgi?id=45297
https://bugzilla.novell.com/show_bug.cgi?id=741590
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=798760
(Note that this work is not complete yet, as the kernel seems to send us
useless data with SCM_SECURITY enabled)
|
|
introduce new terminology
|
|
If the service reaches the start limit, mark the sockets that activate
it as failed (with the result code 'service-broken').
This way the sockets won't act as tarpits for clients connecting to
them.
|
|
|
|
|
|
|
|
little effect
|
|
Albert Strasheim reported a socket unit with Accept=yes was failing
sometimes.
getpeername() returns ENOTCONN if the connection was killed by TCP RST.
The socket unit must not fail when it happens.
Reproducer available at:
https://bugzilla.redhat.com/show_bug.cgi?id=783344
|
|
Always use the macros for downcasting.
Remove a few obviously pointless casts.
|
|
The UNIT() macro upcasts from specific unit types to the base Unit.
Use it everywhere, rather than accessing the 'meta' member directly.
|
|
Now that objects of all unit types are allocated the exact amount of
memory they need, the Unit union has lost its purpose. Remove it.
"Unit" is a more natural name for the base unit class than "Meta", so
rename Meta to Unit.
Access to members of the base class gets simplified.
|
|
The storage of the unit objects on the heap is currently not very
efficient. For every unit object we allocate a chunk of memory as large
as the biggest unit type, although there are significant differences in
the units' real requirements.
pahole shows the following sizes of structs:
488 Target
496 Snapshot
512 Device
528 Path
560 Timer
576 Automount
1080 Socket
1160 Swap
1168 Service
1280 Mount
Usually there aren't many targets or snapshots in the system, but Device
is one of the most common unit types and for every one we waste
1280 - 512 = 768 bytes.
Fix it by allocating only the right amount for the given unit type.
On my machine (x86_64, with 39 LVM volumes) this decreases systemd's
USS (unique set size) by more than 300 KB.
|
|
When we merge units that some kind of object points to, those pointers
might become invalidated, and needs to be updated. Introduce a UnitRef
struct which links up all the unit references, to ensure corrected
references.
At the same time, drop configured_sockets in the Service object, and
replace it by proper UNIT_TRIGGERS resp. UNIT_TRIGGERED_BY dependencies,
which allow us to simplify a lot of code.
|
|
kind of exec program specified
|
|
to needlessly abbreviate options unless they are very well established
|
|
Add an option to enable SO_PASSCRED for unix sockets.
|
|
|
|
|
|
|
|
configuration settings built by gperf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Explicitly disconnect all clients from a VT when a getty starts/finishes
(requires TIOCVHANGUP, available in 2.6.29).
Explicitly deallocate getty VTs in order to flush scrollback buffer.
Explicitly reset terminals to a defined state before spawning getty.
|
|
mqueues need to be executable
|
|
|
|
|
|
|
|
|
|
|
|
consult the selinux database
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When we kill a process to terminate it make sure to send SIGCONT to
ensure it is unpaused and processes the signal.
|
|
Just some lame spelling corrections with no functionality.
|
|
|
|
Make sure that when a .socket unit is installed without its matching
.service we don't end up activating a legacy SysV/LSB service with the
same name. SysV/LSB style services do not support passing sockets and we
don't want to extend SysV/LSB to ensure we don't break compatibility
with other systems.
|
