Age | Commit message (Collapse) | Author |
|
Remove support for RequiresOverridable= and RequisiteOverridable=
|
|
Now that we don't have RequiresOverridable= and RequisiteOverridable=
dependencies anymore, we can get rid of tracking the "override" boolean
for jobs in the job engine, as it serves no purpose anymore.
While we are at it, fix some error messages we print when invoking
functions that take the override parameter.
|
|
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
|
|
[Install] data
Some distributions use alias unit files via symlinks in /usr to cover
for legacy service names. With this change we'll allow "systemctl
enable" on such aliases.
Previously, our rule was that symlinks are user configuration that
"systemctl enable" + "systemctl disable" creates and removes, while unit
files is where the instructions to do so are store. As a result of the
rule we'd never read install information through symlinks, since that
would mix enablement state with installation instructions.
Now, the new rule is that only symlinks inside of /etc are
configuration. Unit files, and symlinks in /usr are now valid for
installation instructions.
This patch is quite a rework of the whole install logic, and makes the
following addional changes:
- Adds a complete test "test-instal-root" that tests the install logic
pretty comprehensively.
- Never uses canonicalize_file_name(), because that's incompatible with
operation relative to a specific root directory.
- unit_file_get_state() is reworked to return a proper error, and
returns the state in a call-by-ref parameter. This cleans up confusion
between the enum type and errno-like errors.
- The new logic puts a limit on how long to follow unit file symlinks:
it will do so only for 64 steps at max.
- The InstallContext object's fields are renamed to will_process and
has_processed (will_install and has_installed) since they are also
used for deinstallation and all kinds of other operations.
- The root directory is always verified before use.
- install.c is reordered to place the exported functions together.
- Stricter rules are followed when traversing symlinks: the unit suffix
must say identical, and it's not allowed to link between regular units
and templated units.
- Various modernizations
- The "invalid" unit file state has been renamed to "bad", in order to
avoid confusion between UNIT_FILE_INVALID and
_UNIT_FILE_STATE_INVALID. Given that the state should normally not be
seen and is not documented this should not be a problematic change.
The new name is now documented however.
Fixes #1375, #1718, #1706
|
|
Dependency engine improvements
|
|
|
|
3d793d29059a7ddf5282efa6b32b953c183d7a4d broke parsing of unit file
names that include backslashes, as extract_first_word() strips those.
Fix this, by introducing a new EXTRACT_RETAIN_ESCAPE flag which disables
looking at any flags, thus being compatible with the classic
FOREACH_WORD() behaviour.
|
|
test: fix failing test-socket-util when running with ipv6.disable=1 kernel param
|
|
@evverx brought up that test-execute runs under MANAGER_USER which
forwards all its environment variables to the services. It turns out it
only forwards those that were in the environment at the time of manager
creation, so this test was still working.
It was still possible to attack it by running something like:
$ sudo VAR1=a VAR2=b VAR3=c ./test-execute
Prevent that attack by unsetting the three variables explicitly before
creating the manager for the test case.
Also add comments explaining the interactions with MANAGER_USER and,
while it has some caveats, this tests are still valid in that context.
Tested by checking that the test running with the variables set from the
external environment will still pass.
|
|
Check the base case, plus erasing the list, listing the same variable
name more than once and when variables are absent from the manager
execution environment.
Confirmed that `sudo ./test-execute` passes and that modifying the test
cases (or the values of the set variables in test-execute.c) is enough
to make the test cases fail.
|
|
|
|
The ability to use inet_pton(AF_INET6, ...) doesn't depend on kernel
ipv6 support (inet_pton is a pure libc function), so make ipv6 address
parsing tests unconditional.
|
|
Motivated by https://github.com/systemd/systemd/issues/1829 where negative
numbers were mis-handled on 32 bit platforms by safe_atou*().
|
|
Snapshots were never useful or used for anything. Many systemd
developers that I spoke to at systemd.conf2015, didn't even know they
existed, so it is fairly safe to assume that this type can be deleted
without harm.
The fundamental problem with snapshots is that the state of the system
is dynamic, devices come and go, users log in and out, timers fire...
and restoring all units to some state from the past would "undo"
those changes, which isn't really possible.
Tested by creating a snapshot, running the new binary, and checking
that the transition did not cause errors, and the snapshot is gone,
and snapshots cannot be created anymore.
New systemctl says:
Unknown operation snapshot.
Old systemctl says:
Failed to create snapshot: Support for snapshots has been removed.
IgnoreOnSnaphost settings are warned about and ignored:
Support for option IgnoreOnSnapshot= has been removed and it is ignored
http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
|
|
Let's make sure "LimitCPU=30min" can be parsed properly, following the
usual logic how we parse time values. Similar for LimitRTTIME=.
While we are at it, extend a bit on the man page section about resource
limits.
Fixes: #1772
|
|
specification of default time unit if none is specified
This is useful if we want to parse RLIMIT_RTTIME values where the common
UNIX syntax is without any units but refers to a non-second unit (µs in
this case), but where we want to allow specification of units.
|
|
* print '\n' on error
* use UDEVLIBEXECDIR (udev_rules_new uses it too)
|
|
debug-generator: respect kernel parameters for default unit setting
|
|
|
|
memory_erase() so far just called memset(), which the compiler might
optimize away under certain conditions if it feels there's benefit in
it. C11 knows a new memset_s() call that is like memset(), but may not
be optimized away. Ideally, we'd just use that call, but glibc currently
does not support it. Hence, implement our own simplistic version of it.
We use a GCC pragma to turn off optimization for this call, and also use
the "volatile" keyword on the pointers to ensure that gcc will use the
pointers as-is. According to a variety of internet sources, either one
does the trick. However, there are also reports that at least the
volatile thing isn't fully correct, hence let's add some snake oil and
employ both techniques.
https://news.ycombinator.com/item?id=4711346
|
|
test-execute: add more tests
|
|
Port capabiliy bounding set parsing to extract_first_word
|
|
|
|
To avoid polluting test/
|
|
To avoid polluting test/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tests for the functions defined in src/basic/parse-util.c. Reorder them
to match the order in which the functions are defined in the source
file. Adjusted the list of include files to remove the ones no longer
needed in test-util.c.
Tested that `make check` still passes as expected. Also checked the
number of lines removed from test-util.c matches the expected, as an
additional verification that no tests were dropped or duplicated in the
move.
|
|
Tests for the functions defined in src/basic/extract-word.c.
Tested that `make check` still passes as expected.
|
|
test-execute: check if nobody exists before running some tests
|
|
|
|
Tested CPUAffinity ranges on both a service unit and in system.conf and
confirmed they work as expected (by inspecting /proc/PID/status, for the
main pid of the service and for pid 1). Also mixed ranges with both
spaces, commas, trailing commas and spaces.
Added new tests to increase coverage of ranges and prevent regressions.
|
|
This function will be useful for CPUAffinity settings that involve
ranges of CPUs.
Make it generic and include test coverage to prevent regressions.
|
|
Tested CPUAffinity settings on both a service unit and in system.conf
and confirmed they work as expected.
Added a new test to confirm that trailing commas and spaces work and to
prevent any regressions in that area.
|
|
In order to match the other get_process_xyz() calls.
|
|
|
|
|
|
|
|
|
|
|
|
capability-util.[ch]
The files are named too generically, so that they might conflict with
the upstream project headers. Hence, let's add a "-util" suffix, to
clarify that this are just our utility headers and not any official
upstream headers.
|
|
|
|
|
|
|
|
Also, move a couple of more path-related functions to path-util.c.
|