Age | Commit message (Collapse) | Author |
|
machined is getting an EACCES when trying to create the lock file for
images because the mode on /run/systemd/nspawn/locks is 0600.
mkdir("/run/systemd/nspawn/locks", 0600) = -1 EEXIST (File exists)
stat("/run/systemd/nspawn/locks", {st_mode=S_IFDIR|0600, st_size=40, ...}) = 0
open("/run/systemd/nspawn/locks/inode-41:256", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC, 0600) = -1 EACCES (Permission denied)
This commit adjusts the mode to 0700 to correct the issue.
|
|
|
|
from unit names
Let's better be safe then sorry.
|
|
|
|
A variety of changes:
- Make sure all our calls distuingish OOM from other errors if OOM is
not the only error possible.
- Be much stricter when parsing escaped paths, do not accept trailing or
leading escaped slashes.
- Change unit validation to take a bit mask for allowing plain names,
instance names or template names or an combination thereof.
- Refuse manipulating invalid unit name
|
|
We should be more strict when verifying paths with path_is_safe() for
potentially dangerous constructs, and that includes lengths of
PATH_MAX-1 and larger. Be more accurate here.
|
|
|
|
This makes it obvious that those functions are only usable in the
initramfs.
Also, add a warning when noauto, nofail, or automount is used for the
root fs, instead of silently ignoring. Using those options would be a
sign of significant misconfiguration, and if we bother to check for
them, than let's go all the way and complain.
Other various small cleanups and reformattings elsewhere.
|
|
When setting IPv6 addresses acquired by DHCPv6, systemd-networkd sets
the IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. As
the flag and the attribute are present starting with Linux 3.14, older
kernels will need systemd-network to manage prefix route expiry.
By default, DHCPv6 addresses are first assigned setting the
IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. Should
the address assignment fail, the same assignment is tried without
the IFA_FLAGS attribute. Should also the second attempt fail, an error
is printed and address assignment ends with failure. As successful use
of the IFA_FLAGS netlink attribute is recorded in the Link structure,
the DHCPv6 code will know if the kernel or systemd-network fallback
code handles expiring prefixes.
The prefix expiration and IPv6 address updating fallback code is
resurrected from the parts deleted with commit
47d45d3cde45d6545367570264e4e3636bc9e345.
This patch can be removed once the minimum kernel requirements are
greater than or equal to 3.14.
|
|
filtered was used to store an allocated string twice. The first allocation was
thus lost. The string is not needed for anything, so simply skip the allocation.
Fixup for deb0a77cf0b409141c4.
|
|
|
|
Do not calculate the cgroup path manually, just use normal unit fields
and calls for that.
|
|
|
|
|
|
instance of a process
units are organized in slice trees, not only for the system instance,
but also for user systemd instances, expose this properly.
|
|
Introduce a new call unit_type_supported() and make use of it
everywhere.
Also, drop Manager parameter from per-type supported method prototype.
|
|
As perparation for future incompatible kdbus kernel API changes.
|
|
Various cleanups, be stricter when parsing unit paths.
Most importantly: return the root slice "-.slice" when asked for slice
of paths that contain no slice component.
|
|
This patch add support to create vti6 tunnel
test:
vt6.network
[Match]
Name=wlan0
[Network]
Tunnel=ip6vti
vti6.netdev
[NetDev]
Name=ip6vti
Kind=vti6
[Tunnel]
Local=2a00:ffde:4567:edde::4987
Remote=2001:473:fece:cafe::5179
ip link
11: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default
link/tunnel6 :: brd ::
12: ip6vti@wlan0: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN
mode DEFAULT group default
link/tunnel6 2a00:ffde:4567:edde::4987 peer 2001:473:fece:cafe::5179
|
|
Replaces a lof ot strerror() usage with log_netdev_error_errno()
|
|
A number of fields do not apply to all processes, including: there a
processes without a controlling tty, without parent process, without
service, user services or session. To distuingish these cases from the
case where we simply don't have the data, always return ENXIO for them,
while returning ENODATA for the case where we really lack the
information.
Also update the credentials dumping code to show this properly. Fields
that are known but do not apply are now shown as "n/a".
Note that this also changes some of the calls in process-util.c and
cgroup-util.c to return ENXIO for these cases.
|
|
These looked like a mass-replace gone slightly wrong – two statements
with no { }'s, and no error checking.
|
|
|
|
After all it can be derived from the message directly, and already is.
|
|
If NULL is specified for the bus it is now automatically derived from
the passed in message.
This commit also changes a number of invocations of sd_bus_send() to
make use of this.
|
|
This should simplify the prototype a bit. The bus parameter is redundant
in most cases, and in the few where it matters it can be derived from
the message via sd_bus_message_get_bus().
|
|
This can now benchmark more than just kdbus.
|
|
|
|
We introduce two news types of benchmarks in chart-mode:
- 'legacy' connects using the session bus
- 'direct' connects using a peer-to-peer socket
We should probably also introduce a mode for testing the dbus1-kdbus proxy.
|
|
|
|
|
|
If a unit is stopped for a moment, we need to invalidate our knowledge
of it, otherwise we might be confused by automatic restarts
This makes reboots for nspawn containers run as service work correctly.
https://bugs.freedesktop.org/show_bug.cgi?id=87428
|
|
and related calls
|
|
|
|
on the command line
|
|
|
|
status set membership
|
|
|
|
For a longer discussion see this:
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
This introduces /run/systemd/fsck.progress as a simply
AF_UNIX/SOCK_STREAM socket. If it exists and is connectable we'll
connect fsck's -c switch with it. If external programs want to get
progress data they should hence listen on this socket and will get
all they need via that socket. To get information about the connecting
fsck client they should use SO_PEERCRED.
Unless /run/systemd/fsck.progress is around and connectable this change
reverts back to v219 behaviour where we'd forward fsck output to
/dev/console on our own.
|
|
Among other smaller fixes, explicitly check if we are invoked on a block
device before making use of st.st_rdev.
|
|
|
|
src/core/unit.c: In function 'unit_coldplug':
src/core/unit.c:2884:18: warning: unused variable 'i' [-Wunused-variable]
Iterator i;
^
src/core/unit.c:2883:15: warning: unused variable 'other' [-Wunused-variable]
Unit *other;
^
|
|
Make this blocking behaviour optional with --no-block, similar to
systemctl's switch of this name.
|
|
Otherwise it might happen that by the time PID 1 adds our process to the
scope unit the process might already have died, if the process is
short-running (such as an invocation to /bin/true).
https://bugs.freedesktop.org/show_bug.cgi?id=86520
|
|
Also, place the scope unit in failed state.
|
|
NULL result only
|
|
This is yet another attempt to fix coldplugging order (more especially,
the problem which happens when one creates a job during coldplugging and
it references a not-yet-coldplugged unit).
Now we forcibly coldplug all units which participate in jobs. This
is a superset of previously implemented handling of the UNIT_TRIGGERS
dependencies, so that handling is removed.
http://lists.freedesktop.org/archives/systemd-devel/2015-April/031212.html
https://bugs.freedesktop.org/show_bug.cgi?id=88401 (once again)
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=90192
|
|
|
|
|