Age | Commit message (Collapse) | Author |
|
|
|
sec is not set if have_time is false so avoid using it. have_time
was introduced in 9ff09bcb86fb125768667aca9bc0b10b1745370a but only
the first uses for sec were covered
Found with scan-build
|
|
|
|
|
|
|
|
CLOCK_BOOTTIME_ALARM, too
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
With this change a failing event source handler will not cause the
entire event loop to fail. Instead, we just disable the specific event
source, log a message at debug level and go on.
This also introduces a new concept of "exit code" which can be stored in
the event loop and is returned by sd_event_loop(). We also rename "quit"
to "exit" everywhere else.
Altogether this should make things more robus and keep errors local
while still providing a way to return event loop errors in a clear way.
|
|
|
|
Which does have TimeUSec. Should we specifically check for this method
instead of assuming time=0 means it doesn't exist?
Before:
shawn@debian-T61:~/git/systemd$ ./timedatectl
Local time: Wed 1969-12-31 16:00:00 PST
Universal time: Thu 1970-01-01 00:00:00 UTC
RTC time: n/a
Timezone: America/Los_Angeles (PST, -0800)
NTP enabled: n/a
NTP synchronized: no
RTC in local TZ: no
DST active: no
Last DST change: DST ended at
Sun 1969-10-26 01:59:59 PDT
Sun 1969-10-26 01:00:00 PST
Next DST change: DST begins (the clock jumps one hour forward) at
Sun 1970-04-26 01:59:59 PST
Sun 1970-04-26 03:00:00 PDT
After:
shawn@debian-T61:~/git/systemd$ ./timedatectl
Local time: Wed 2013-12-11 14:03:21 PST
Universal time: Wed 2013-12-11 22:03:21 UTC
RTC time: n/a
Timezone: America/Los_Angeles (PST, -0800)
NTP enabled: n/a
NTP synchronized: no
RTC in local TZ: no
DST active: no
Last DST change: DST ended at
Sun 2013-11-03 01:59:59 PDT
Sun 2013-11-03 01:00:00 PST
Next DST change: DST begins (the clock jumps one hour forward) at
Sun 2014-03-09 01:59:59 PST
Sun 2014-03-09 03:00:00 PDT
|
|
flags conversion
|
|
that are closer to kdbus
This turns around DO_NOT_QUEUE into QUEUE which implies a more useful
default. (And negative options are awful anyway.)
|
|
containers)
|
|
Adds a new call sd_event_set_watchdog() that can be used to hook up the
event loop with the watchdog supervision logic of systemd. If enabled
and $WATCHDOG_USEC is set the event loop will ping the invoking systemd
daemon right after coming back from epoll_wait() but not more often than
$WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than
$WATCHDOG_USEC/4*3, to make sure the service manager is called in time.
This means that setting WatchdogSec= in a .service file and calling
sd_event_set_watchdog() in your daemon is enough to hook it up with the
watchdog logic.
|
|
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.
By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.
On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.
This also decorates the vtables of the various daemons we ship with
these flags.
|
|
Use [brackets] only for optional elements.
Use <optional> in XML sources.
|
|
other calls
Instead of returning an enum of return codes, make them return error
codes like kdbus does internally.
Also, document this behaviour so that clients can stick to it.
(Also rework bus-control.c to always have to functions for dbus1 vs.
kernel implementation of the various calls.)
|
|
Message handler callbacks can be simplified drastically if the
dispatcher automatically replies to method calls if errors are returned.
Thus: add an sd_bus_error argument to all message handlers. When we
dispatch a message handler and it returns negative or a set sd_bus_error
we send this as message error back to the client. This means errors
returned by handlers by default are given back to clients instead of
rippling all the way up to the event loop, which is desirable to make
things robust.
As a side-effect we can now easily turn the SELinux checks into normal
function calls, since the method call dispatcher will generate the right
error replies automatically now.
Also, make sure we always pass the error structure to all property and
method handlers as last argument to follow the usual style of passing
variables for return values as last argument.
|
|
|
|
|
|
everywhere
We want to emphasize bus connections as per-thread communication
primitives, hence introduce a concept of a per-thread default bus, and
make use of it everywhere.
|
|
it everywhere
Try to emphasize a bit that there should be a mapping between event
loops and threads, hence introduce a logic that there's one "default"
event loop for each thread, that can be queried via
"sd_event_default()".
|
|
|
|
|
|
|
|
Among other things this makes sure we always expose a --version command
and show it in the help texts.
|
|
|
|
|
|
variables
|
|
|
|
This reverts commit 36f9f99556b2fd90705a9eda2e8f182b1e63a15e.
The ntp unit information is only needed by timedated which runs in late
boot only, where all disks are around. Hence there's no point in
allowing them to be located in the rootprefix.
|
|
|
|
|
|
|
|
This allow querying the RTC time from the unprivileged timedatectl.
|
|
|
|
|
|
and thus blocks out everybody else
chrony is appears to keep the RTC open continuously these days which is
a bad idea, and /dev/rtc is a single-user device, which is a bad idea
too. Together both bad ideas mean that nobody else can access the RTC
anymore. That's something to fix, but in the meantime we should handle
this more gracefully.
|