Age | Commit message (Collapse) | Author |
|
|
|
If two instances of test-fileio were run in parallel,
they could fail when trying to write the same file.
This predictable name in /tmp/ wasn't actually a security
issue, because write_env_file would not follow symlinks,
so this could be an issue only when running tests in
parallel.
|
|
In case of scripts, _EXE is set to the interpreter name, and
_COMM is set based on the file name. Add a match for _COMM,
and _EXE if the interpreter is not a link (e.g. for yum,
the interpreter is /usr/bin/python, but it is a link to
/usr/bin/python2, which in turn is a link to /usr/bin/python2.7,
at least on Fedora, so we end up with _EXE=/usr/bin/python2.7).
I don't think that such link chasing makes sense, because
the final _EXE name is more likely to change.
|
|
|
|
|
|
Jan: test-tables fails on my system. The one it's failing on is:
syscall: 222 → (null) → -1
... and indeed, our own tables should not have holes, but syscall
tables certainly might.
|
|
|
|
|
|
|
|
Previously for an instantiated unit foo@bar.service we created a cgroup
foo@.service/foo@bar.service, in order to place all instances of the
same template inside the same subtree. As we now implicitly add all
instantiated units into one per-template slice we don't need this
complexity anymore, and instance units can map directly to the cgroups
of their full name.
|
|
|
|
The tests check if the tables have entries for all values
in the enum, and that the entries are unique.
|
|
|
|
|
|
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
|
|
|
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
|
|
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
|
|
|
|
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
|
with a dot
|
|
|
|
cg_get_machine_path is modified to include the escaped machine name
+ ".nspawn" if the machine argument is nonnull.
|
|
Also, always accept both our simple hexdump syntax and UUID syntax.
|
|
clang emits warnings about unused attribute _saved_errno_, which drown
out other—potentially useful—warnings. gcc documentation is not exactly
verbose about the effects of __attribute__((unused)) on variables, but
let's assume that it works if the unit test passes.
|
|
This adds some syntactic sugar with a macro RUN_WITH_LOCALE() that reset
the thread-specific locale temporarily.
|
|
Let's better be safe than sorry.
|
|
Freeing in error path is the common pattern with set_put().
|
|
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
|
|
As discussed with Dan Berrange it's a good idea to suffix all objects in
the cgroup tree with ".something", so that when the system is
partitioned using a resource management tool we can drop objects of
different types into the same partition directory without generate
namespace conflicts.
We'l add this to the Pax Control Group document as soon as write access
to the fdo wiki is restored.
|
|
systemd does not want to understand comments after the first
non-whitespace char occured.
key=foo #comment will result into key == "foo #comment"
key="foo" #comment will result into key == "foo#comment"
"key= #comment" will result into key == "#comment"
"key #comment" is an invalid line
|
|
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
|
Because "export key=val" is not supported by systemd, an error is logged
where the invalid assignment is coming from.
Introduce strv_env_clean_log() to log invalid environment assignments,
where logging is possible and allowed.
parse_env_file_internal() is modified to allow WHITESPACE in keys, to
report the issues later on.
|
|
parse_env_file_internal() could not parse the following lines correctly:
export key="val"
key="val"#comment
|
|
The information about the unit for which files are being parsed
is passed all the way down. This way messages land in the journal
with proper UNIT=... or USER_UNIT=... attribution.
'systemctl status' and 'journalctl -u' not displaying those messages
has been a source of confusion for users, since the journal entry for
a misspelt setting was often logged quite a bit earlier than the
failure to start a unit.
Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
|
|
|
|
|
|
containers there
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
|
|
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
|
|
Make sure that our library is safe for usage in SUID programs when it
comes to env var handling
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63477
|
|
Segmentation fault under clang.
|
|
|
|
Instead of outputting "5h 55s 50ms 3us" we'll now output "5h
55.050003s". Also, while outputting the accuracy is configurable.
Basically we now try use "dot notation" for all time values > 1min. For
>= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and
finally 'us'.
This should give reasonably values in most cases.
|
|
We can now parse "0.5s" as the same as "500ms". In fact, we can parse
"3.45years" correctly, too, and any other unit and fraction length.
|
|
This will properly escape all weird chars when writing env var files.
With this in place we can now read and write environment files where the
values contain arbitrary weird chars.
This enables hostnamed and suchlike to finally properly save pretty host
names with backlashes or quotes in them.
|
|
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
|
|
|
|
|
|
|