Age | Commit message (Collapse) | Author |
|
This ports a lot of manual code over to sigprocmask_many() and friends.
Also, we now consistly check for sigprocmask() failures with
assert_se(), since the call cannot realistically fail unless there's a
programming error.
Also encloses a few sd_event_add_signal() calls with (void) when we
ignore the return values for it knowingly.
|
|
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(),
tempfn_ranomd_child(). If non-NULL this string is included in the middle
of the newly created file name. This is useful for being able to
distuingish the kind of temporary file when we see one.
This also adds tests for the three call.
For now, we don't make use of this at all, but port all users over.
|
|
The names fw-util.[ch] are too ambiguous, better rename the files to
firewall-util.[ch]. Also rename the test accordingly.
|
|
Currently, the HASHMAP iterators stop at the first NULL entry in a
hashmap. This is non-obvious and breaks users like sd-device, which
legitimately store NULL values in a hashmap.
Fix all the iterators by taking a pointer to the value storage, instead of
returning it. The iterators now return a boolean that tells whether the
end of the list was reached.
Current users of HASHMAP_FOREACH() are *NOT* changed to explicitly check
for NULL. If it turns out, there were users that inserted NULL into
hashmaps, but didn't properly check for it during iteration, then we
really want to find those and fix them.
|
|
No functional change, but looked weird.
|
|
|
|
The result of unit_get_sibling_mask returns bits for the sibling cgroups
even if they are not supported in the local system.
I caught this on a machine where my kernel was misconfigured with
CONFIG_MEMCG unset, but the rest of the cgroup infrastructure enabled.
Tested with `make check` on a host running a kernel where CONFIG_MEMCG
is not set.
|
|
|
|
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
|
|
|
|
|
|
When we have a structure like this:
/bin -> /usr/bin
/usr is a mount point
Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair
/usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different
mount IDs. But we only want to consider the base name, not any parent.
Thus we have to resolve the given path first to get the real parent when
allowing symlinks.
Bug: https://github.com/systemd/systemd/issues/61
|
|
|
|
|
|
Fix a regression caused by 4034a06d ("util: rework word parsing and c
unescaping code") which broke octal escape sequences.
The reason for this breakage is that cunescape_one() expects 4 characters
in an octal encoding, which is a stray left-over from the old code which
operated on different variables to make the length check.
While at it, add a test case to prevent the same thing from happening
again.
|
|
We used to block all signals, and restore the original signal mask before exec'ing
external processes.
Now we just block the signals we care about and unconditionally unblock all signals
before exec'ing.
|
|
In cgtop,mount-setup,nspawn the name= prefix is hard-coded in the
mount options, and the define is not used.
Everywhere else, we explicitly white-list allow 'name=' prefix to be
used with all controllers, and strip it out to 'normalise' the
controller name. That work is mostly inflicted on us due to 'name='
prefix in the define. Dropping this prefix makes everything more sane
overall.
|
|
Add a regression test for the recent breakage of handling improperly
escaped exec strings in unit files.
Code contributed by Martin Pitt:
https://bugs.freedesktop.org/show_bug.cgi?id=90794
|
|
add tests for the following functions:
- fdset_new_array
- fdset_steal_first
- fdset_isempty
|
|
|
|
No functional changes.
|
|
This allows us to drop the special sigterm handling in spawn_wait()
as this will now be passed directly to the worker event loop.
We now log failing spawend processes at 'warning' level, and timeouts
are in terms of CLOCK_BOOTTIME when available, otherwise the behavior
is unchanged.
|
|
This makes path_is_mount_point() consistent with fd_is_mount_point() wrt.
flags.
|
|
Commits 27cc6f166 and f25afeb broke path_is_mount_point() for files (such as
/etc/machine-id → /run/machine-id bind mounts) as with the factorization of
fd_is_mount_point() we lost the parent directory. We cannot determine that from
an fd only as openat(fd, "..") only works for directory fds.
Change fd_is_mount_point() to behave like openat(): It now takes a file
descriptor of the containing directory, a file name in it, and flags (which can
be 0 or AT_SYMLINK_FOLLOW). Unlike name_to_handle_at() or openat(), fstatat()
only accepts the inverse flag AT_SYMLINK_NOFOLLOW and complains with EINVAL
about AT_SYMLINK_FOLLOW; so we need to transform the flags for that fallback.
Adjust rm_rf_children() accordingly (only other caller of fd_is_mount_point()
aside from path_is_mount_point()).
Add test cases for files, links, and file bind mounts (the latter will only
work when running as root). Split out a new test_path_is_mount_point() test
case function as it got significantly larger now.
|
|
Fixes CID CID 1299638 (use after free).
|
|
|
|
|
|
|
|
The DOM parser tests are accompanied with structure and element analysis
|
|
The hostname(1) tool allows comments in /etc/hostname. Introduce a new
read_hostname_config() in hostname-util which reads a hostname configuration
file like /etc/hostname, strips out comments, whitespace, and cleans the
hostname. Use it in hostname-setup.c and hostnamed and remove duplicated code.
Update hostname manpage. Add tests.
https://launchpad.net/bugs/1053048
|
|
CID#1299016
|
|
When a service is chrooted with the option RootDirectory=/opt/..., then
the options PrivateDevices, PrivateTmp, ProtectHome, ProtectSystem must
mount the directories under $RootDirectory/{dev,tmp,home,usr,boot}.
The test-ns tool can test setup_namespace() with and without chroot:
$ sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns
$ sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns
|
|
|
|
An Exec*= line with whitespace after modifiers, like
ExecStart=- /bin/true
is considered to have an empty command path. This is as specified, but causes
systemd to crash with
Assertion 'skip < l' failed at ../src/core/load-fragment.c:607, function config_parse_exec(). Aborting.
Aborted (core dumped)
Fix this by logging an error instead and ignoring the invalid line.
Add corresponding test cases. Also add a test case for a completely empty value
which resets the command list.
https://launchpad.net/bugs/1454173
|
|
So far a number of utilities implemented their own calls for this, unify
them in prefix_root() and prefix_roota(). The former uses heap memory,
the latter allocates from the stack via alloca().
Port over most users of a --root= logic.
|
|
All other types exported from install.h should be namespaces like this,
hence namespace InstallInfo the same way.
Also, remove external forward definition of UnitFileScope type.
|
|
It's primarily just a property of the Manager object after all, and we
try to refer to PID 1 as "manager" instead of "systemd", hence let's to
stick to this here too.
|
|
CID# 1297428
|
|
|
|
CID#1296244
|
|
from unit names
Let's better be safe then sorry.
|
|
A variety of changes:
- Make sure all our calls distuingish OOM from other errors if OOM is
not the only error possible.
- Be much stricter when parsing escaped paths, do not accept trailing or
leading escaped slashes.
- Change unit validation to take a bit mask for allowing plain names,
instance names or template names or an combination thereof.
- Refuse manipulating invalid unit name
|
|
|
|
|
|
instance of a process
units are organized in slice trees, not only for the system instance,
but also for user systemd instances, expose this properly.
|
|
Various cleanups, be stricter when parsing unit paths.
Most importantly: return the root slice "-.slice" when asked for slice
of paths that contain no slice component.
|
|
A number of fields do not apply to all processes, including: there a
processes without a controlling tty, without parent process, without
service, user services or session. To distuingish these cases from the
case where we simply don't have the data, always return ENXIO for them,
while returning ENODATA for the case where we really lack the
information.
Also update the credentials dumping code to show this properly. Fields
that are known but do not apply are now shown as "n/a".
Note that this also changes some of the calls in process-util.c and
cgroup-util.c to return ENXIO for these cases.
|
|
test for mount points
It's a very recent kernel addition, but certainly makes sense to
support.
|
|
When parsing a unit with a trailing slash after an escaped line break, like
ExecStart=/bin/echo 'foo \
bar'
the split() function (through config_parse()) asserted and crashed pid 1:
Assertion 'current[*l + 1] == quotechars[0]' failed at ../src/shared/util.c:583, function split(). Aborting.
Fix this by returning an error in this case ("trailing garbage").
Add corresponding test case. Also fix the missing "unit" argument of
config_parse_exec() in the comment.
https://launchpad.net/bugs/1447243
|
|
|