Age | Commit message (Collapse) | Author |
|
|
|
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
|
|
|
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
|
|
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
|
|
|
|
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
|
with a dot
|
|
|
|
cg_get_machine_path is modified to include the escaped machine name
+ ".nspawn" if the machine argument is nonnull.
|
|
Also, always accept both our simple hexdump syntax and UUID syntax.
|
|
clang emits warnings about unused attribute _saved_errno_, which drown
out other—potentially useful—warnings. gcc documentation is not exactly
verbose about the effects of __attribute__((unused)) on variables, but
let's assume that it works if the unit test passes.
|
|
This adds some syntactic sugar with a macro RUN_WITH_LOCALE() that reset
the thread-specific locale temporarily.
|
|
Let's better be safe than sorry.
|
|
Freeing in error path is the common pattern with set_put().
|
|
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
|
|
As discussed with Dan Berrange it's a good idea to suffix all objects in
the cgroup tree with ".something", so that when the system is
partitioned using a resource management tool we can drop objects of
different types into the same partition directory without generate
namespace conflicts.
We'l add this to the Pax Control Group document as soon as write access
to the fdo wiki is restored.
|
|
systemd does not want to understand comments after the first
non-whitespace char occured.
key=foo #comment will result into key == "foo #comment"
key="foo" #comment will result into key == "foo#comment"
"key= #comment" will result into key == "#comment"
"key #comment" is an invalid line
|
|
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
|
Because "export key=val" is not supported by systemd, an error is logged
where the invalid assignment is coming from.
Introduce strv_env_clean_log() to log invalid environment assignments,
where logging is possible and allowed.
parse_env_file_internal() is modified to allow WHITESPACE in keys, to
report the issues later on.
|
|
parse_env_file_internal() could not parse the following lines correctly:
export key="val"
key="val"#comment
|
|
The information about the unit for which files are being parsed
is passed all the way down. This way messages land in the journal
with proper UNIT=... or USER_UNIT=... attribution.
'systemctl status' and 'journalctl -u' not displaying those messages
has been a source of confusion for users, since the journal entry for
a misspelt setting was often logged quite a bit earlier than the
failure to start a unit.
Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
|
|
|
|
|
|
containers there
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
|
|
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
|
|
Make sure that our library is safe for usage in SUID programs when it
comes to env var handling
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63477
|
|
Segmentation fault under clang.
|
|
|
|
Instead of outputting "5h 55s 50ms 3us" we'll now output "5h
55.050003s". Also, while outputting the accuracy is configurable.
Basically we now try use "dot notation" for all time values > 1min. For
>= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and
finally 'us'.
This should give reasonably values in most cases.
|
|
We can now parse "0.5s" as the same as "500ms". In fact, we can parse
"3.45years" correctly, too, and any other unit and fraction length.
|
|
This will properly escape all weird chars when writing env var files.
With this in place we can now read and write environment files where the
values contain arbitrary weird chars.
This enables hostnamed and suchlike to finally properly save pretty host
names with backlashes or quotes in them.
|
|
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
|
|
|
|
|
|
|
|
To make the result more visible, special return value
is used to tell automake that the test was skipped. While
at it, use the same return value in other skipped tests.
|
|
|
|
The rules governing %s where just too complicated. First of
all, looking at $SHELL is dangerous. For systemd --system,
it usually wouldn't be set. But it could be set if the admin
first started a debug shell, let's say /sbin/sash, and then
launched systemd from it. This shouldn't influence how daemons
are started later on, so is better ignored. Similar reasoning
holds for session mode. Some shells set $SHELL, while other
set it only when it wasn't set previously (e.g. zsh). This
results in fragility that is better avoided by ignoring $SHELL
totally.
With $SHELL out of the way, simplify things by saying that
%s==/bin/sh for root, and the configured shell otherwise.
get_shell() is the only caller, so it can be inlined.
Fixes one issue seen with 'make check'.
|
|
No longer allow dots at the beginning or end of host names, Or double
dots.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/comments/14
|
|
|
|
|
|
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
|
|
<Lekensteyn> The 198 announcement mentions
"/etc/systemd/systemd/foobar.service.d/*.conf", is that a
typo? I only have a /etc/systemd/system/. Is there a
manpage describing this new feature?
|
|
Improve test coverage a bit with tests for
close_many
strappend (to cover all ways through strnappend)
|
|
This follows the suggestions from:
http://lists.freedesktop.org/archives/systemd-devel/2013-March/009363.html
|
|
undecchar tests
|
|
Add asserts on the resutls in FOREACH_WORD_QUOTED
Added tests for:
FOREACH_WORD
strstrip
delete_chars
in_charset
|
|
tests for:
test_parse_pid
test_parse_uid
test_safe_atolli
test_safe_atod
|