Age | Commit message (Collapse) | Author |
|
The number of uid's in the range should be tested instead of written
directly.
The test still passes with the fix checks.
Found with Coverity. Fixes: CID#1237714 - 1237722
|
|
|
|
We must free FILE* after function return to not leak resources. Note that
this also closes our fd as fdopen() takes ownership of it.
Reported by Philippe De Swert (via coverity).
|
|
If a path to a previously created custom kdbus endpoint is passed in,
bind-mount a new devtmpfs that contains a 'bus' node, which in turn in
bind-mounted with the custom endpoint. This tmpfs then mounted over the
kdbus subtree that refers to the current bus.
This way, we can fake the bus node in order to lock down services with
a kdbus custom endpoint policy.
|
|
In order to re-use the policy definitions, factor them out into their own
files.
|
|
|
|
Similar to container_of(), we now use unique variable names for the bascic
math macros MAX, MIN, CLAMP, LESS_BY. Furthermore, unit tests are added to
verify they work as expected.
For a rationale, see:
commit fb835651aff79a1e7fc5795086c9b26e59a8e6ca
Author: David Herrmann <dh.herrmann@gmail.com>
Date: Fri Aug 22 14:41:37 2014 +0200
shared: make container_of() use unique variable names
|
|
If you stack container_of() macros, you will get warnings due to shadowing
variables of the parent context. To avoid this, use unique names for
variables.
Two new helpers are added:
UNIQ: This evaluates to a truly unique value never returned by any
evaluation of this macro. It's a shortcut for __COUNTER__.
UNIQ_T: Takes two arguments and concatenates them. It is a shortcut for
CONCATENATE, but meant to defined typed local variables.
As you usually want to use variables that you just defined, you need to
reference the same unique value at least two times. However, UNIQ returns
a new value on each evaluation, therefore, you have to pass the unique
values into the macro like this:
#define my_macro(a, b) __max_macro(UNIQ, UNIQ, (a), (b))
#define __my_macro(uniqa, uniqb, a, b) ({
typeof(a) UNIQ_T(A, uniqa) = (a);
typeof(b) UNIQ_T(B, uniqb) = (b);
MY_UNSAFE_MACRO(UNIQ_T(A, uniqa), UNIQ_T(B, uniqb));
})
This way, MY_UNSAFE_MACRO() can safely evaluate it's arguments multiple
times as they are local variables. But you can also stack invocations to
the macro my_macro() without clashing names.
This is the same as if you did:
#define my_macro(a, b) __max_macro(__COUNTER__, __COUNTER__, (a), (b))
#define __my_macro(prefixa, prefixb, a, b) ({
typeof(a) CONCATENATE(A, prefixa) = (a);
typeof(b) CONCATENATE(B, prefixb) = (b);
MY_UNSAFE_MACRO(CONCATENATE(A, prefixa), CONCATENATE(B, prefixb));
})
...but in my opinion, the first macro is easier to write and read.
This patch starts by converting container_of() to use this new helper.
Other macros may follow (like MIN, MAX, CLAMP, ...).
|
|
Otherwise it gets optimized out when CPPFLAGS='-DNDEBUG' is used.
Tested:
- make check TESTS='test-util' CPPFLAGS='-DNDEBUG'
|
|
Otherwise they get optimized out when CPPFLAGS='-DNDEBUG' is used, and that
causes the tests to fail.
Tested:
- make check TESTS='test-path-util' CPPFLAGS='-DNDEBUG'
|
|
When this system-wide start-up timeout is hit we execute one of the
failure actions already implemented for services that fail.
This should not only be useful on embedded devices, but also on laptops
which have the power-button reachable when the lid is closed. This
devices, when in a backpack might get powered on by accident due to the
easily reachable power button. We want to make sure that the system
turns itself off if it starts up due this after a while.
When the system manages to fully start-up logind will suspend the
machine by default if the lid is closed. However, in some cases we don't
even get as far as logind, and the boot hangs much earlier, for example
because we ask for a LUKS password that nobody ever enters.
Yeah, this is a real-life problem on my Yoga 13, which has one of those
easily accessible power buttons, even if the device is closed.
|
|
The MAXSIZE() macro takes two types and returns the size of the larger
one. It is much simpler to use than MAX(sizeof(A), sizeof(B)) and also
avoids any compiler-extensions, unlike CONST_MAX() and MAX() (which are
needed to avoid evaluating arguments more than once). This was suggested
by Daniele Nicolodi <daniele@grinta.net>.
Also make resolved use this macro instead of CONST_MAX(). This enhances
readability quite a bit.
|
|
and STOPPING=1 sd_notify() messages
|
|
|
|
UIDs/GIDs from
This way we can guarantee a limited amount of compatibility with
login.defs, by generate an appopriate "r" line out of it, on package
installation.
|
|
|
|
|
|
add tests for:
- timezone_is_valid
- get_timezones
|
|
|
|
add tests for:
- is_symlink
- pid_is_unwaited
- pid_is_alive
- search_and_fopen
- search_and_fopen_nulstr
- glob_exists
- execute_directory
|
|
|
|
add tests for:
- write_string_stream
- write_string_file
- sendfile_full
|
|
|
|
add tests for:
- socket_address_is
- socket_address_is_netlink
- sockaddr_equal
|
|
The CONST_MAX() macro is similar to MAX(), but verifies that both
arguments have the same type and are constant expressions. Furthermore,
the result of CONST_MAX() is again a constant-expression.
CONST_MAX() avoids any statement-expressions and other non-trivial
expression-types. This avoids rather arbitrary restrictions in both GCC
and LLVM, which both either fail with statement-expressions inside
type-declarations or statement-expressions inside static-const
initializations.
If anybody knows how to circumvent this, please feel free to unify
CONST_MAX() and MAX().
|
|
The "0,5" syntax was actually right. The real problem is, the test should
only run if the local system has the de_DE.UTF-8 locale. Therefore, skip
the tests if setlocale() fails. This is kinda ugly, as it is done
silently, but we cannot skip partial tests with the current
infrastructure. Should be fine this way.
|
|
One strtod() test is broken since:
commit 8e211000025940b770794abf5754de61b4add0af
Author: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
Date: Mon Aug 4 23:13:31 2014 +0200
test: use fabs on doubles
The commit was right, so no reason to revert it, but the test was broken
before and only worked by coincidence. Convert "0,5" to "0.5" so we don't
depend on locales for double conversion (or well, we depend on "C" which
seems reasonable).
|
|
This makes strappenda3 redundant, so we remove its usage and
definition. Add a few tests along the way for sanity.
|
|
from udev tools
|
|
|
|
getopt is usually good at printing out a nice error message when
commandline options are invalid. It distinguishes between an unknown
option and a known option with a missing arg. It is better to let it
do its job and not use opterr=0 unless we actually want to suppress
messages. So remove opterr=0 in the few places where it wasn't really
useful.
When an error in options is encountered, we should not print a lengthy
help() and overwhelm the user, when we know precisely what is wrong
with the commandline. In addition, since help() prints to stdout, it
should not be used except when requested with -h or --help.
Also, simplify things here and there.
|
|
In practice this shouldn't make much difference, but
sometimes our headers might be newer, and we want to
test them.
|
|
$ systemd-analyze verify trailing-g.service
[./trailing-g.service:2] Trailing garbage, ignoring.
trailing-g.service lacks ExecStart setting. Refusing.
Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument.
Failed to create trailing-g.service/start: Invalid argument
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
|
|
The barrier_wait_next_twice* test-cases run:
Parent: Child:
set_alarm(10) sleep_for(1);
... set_alarm(1);
sleep_for(2) ...
Therefore, the parent exits after 2+ periods, the client's alarm fires
after 2+ periods. This race turns out to be lost by the child on other
machines, so avoid it by increasing the parent's sleep-interval to 4. This
way, the client has 2 periods to run the barrier test, which is far more
than enough.
|
|
|
|
Avoid using msecs in favor of usec_t. This is more consistent with the
other parts of systemd and avoids the confusion between msec and usec. We
always use usecs, end of story.
|
|
Require exact matches in all cases instead of treating strings
starting with 't' ('f') as true (false).
This is required for config_parse_protect_system to parse ProtectSystem=full
correctly: it uses parse_boolean and only tries a more specific parsing
function if that did not return a valid result. Thus "full" was treated as
"false" before.
|
|
|
|
Commit 637f421e5c6a ("cgroups: always propagate controller membership
to siblings") changed the mask propagation logic, but the test wasn't
updated.
Move to normal tests from manual tests, it should not touch the system
anymore.
|
|
It seems that unit_get_siblings_mask returns the controllers
filtered by what is available, but get_members_mask and
get_cgroup_mask do not. This just fixes the test following the
symptoms.
|
|
Also add a bit of debugging output to help diagnose problems,
add missing units, and simplify cppflags.
Move test-engine to normal tests from manual tests, it should now
work without destroying the system.
|
|
They are unused and unlikely to ever be.
|
|
Explicitly initalize descriptors using explicit assignment like
bus_error. This makes barriers follow the same conventions as
everything else and makes things a bit simpler too.
Rename barier_init to barier_create so it is obvious that it is
not about initialization.
Remove some parens, etc.
|
|
|
|
This Pty API wraps the ugliness that is POSIX PTY. It takes care of:
- edge-triggered HUP handling (avoid heavy CPU-usage on vhangup)
- HUP vs. input-queue draining (handle HUP _after_ draining the whole
input queue)
- SIGCHLD vs. HUP (HUP is no reliable way to catch PTY deaths, always
use SIGCHLD. Otherwise, vhangup() and friends will break.)
- Output queue buffering (async EPOLLOUT handling)
- synchronous setup (via Barrier API)
At the same time, the PTY API does not execve(). It simply fork()s and
leaves everything else to the caller. Usually, they execve() but we
support other setups, too.
This will be needed by multiple UI binaries (systemd-console, systemd-er,
...) so it's placed in src/shared/. It's not strictly related to
libsystemd-terminal, so it's not included there.
|
|
The "Barrier" object is a simple inter-process barrier implementation. It
allows placing synchronization points and waiting for the other side to
reach it. Additionally, it has an abortion-mechanism as second-layer
synchronization to send abortion-events asynchronously to the other side.
The API is usually used to synchronize processes during fork(). However,
it can be extended to pass state through execve() so you could synchronize
beyond execve().
Usually, it's used like this (error-handling replaced by assert() for
simplicity):
Barrier b;
r = barrier_init(&b);
assert_se(r >= 0);
pid = fork();
assert_se(pid >= 0);
if (pid == 0) {
barrier_set_role(&b, BARRIER_CHILD);
...do child post-setup...
if (CHILD_SETUP_FAILED)
exit(1);
...child setup done...
barrier_place(&b);
if (!barrier_sync(&b)) {
/* parent setup failed */
exit(1);
}
barrier_destroy(&b); /* redundant as execve() and exit() imply this */
/* parent & child setup successful */
execve(...);
}
barrier_set_role(&b, BARRIER_PARENT);
...do parent post-setup...
if (PARENT_SETUP_FAILED) {
barrier_abort(&b); /* send abortion event */
barrier_wait_abortion(&b); /* wait for child to abort (exit() implies abortion) */
barrier_destroy(&b);
...bail out...
}
...parent setup done...
barrier_place(&b);
if (!barrier_sync(&b)) {
...child setup failed... ;
barrier_destroy(&b);
...bail out...
}
barrier_destroy(&b);
...child setup successfull...
This is the most basic API. Using barrier_place() to place barriers and
barrier_sync() to perform a full synchronization between both processes.
barrier_abort() places an abortion barrier which superceeds any other
barriers, exit() (or barrier_destroy()) places an abortion-barrier that
queues behind existing barriers (thus *not* replacing existing barriers
unlike barrier_abort()).
This example uses hard-synchronization with wait_abortion(), sync() and
friends. These are all optional. Barriers are highly dynamic and can be
used for one-way synchronization or even no synchronization at all
(postponing it for later). The sync() call performs a full two-way
synchronization.
The API is documented and should be fairly self-explanatory. A test-suite
shows some special semantics regarding abortion, wait_next() and exit().
Internally, barriers use two eventfds and a pipe. The pipe is used to
detect exit()s of the remote side as eventfds do not allow that. The
eventfds are used to place barriers, one for each side. Barriers itself
are numbered, but the numbers are reused once both sides reached the same
barrier, thus you cannot address barriers by the index. Moreover, the
numbering is implicit and we only store a counter. This makes the
implementation itself very lightweight, which is probably negligible
considering that we need 3 FDs for a barrier..
Last but not least: This barrier implementation is quite heavy. It's
definitely not meant for fast IPC synchronization. However, it's very easy
to use. And given the *HUGE* overhead of fork(), the barrier-overhead
should be negligible.
|
|
One missing string found.
A few things had to be moved around to make it possible to test them.
|
|
|