| Age | Commit message (Collapse) | Author |
|---|
|
We cannot handle enumeration failures in a sensible way, hence let's try
hard to continue without making such failures fatal, and log about it
with precise error messages.
|
|
This is pretty much a work-around for a security vulnerability in
kernels that allow unprivileged user namespaces.
Fixes #1822.
|
|
Lots of small fixes
|
|
core: unit deps port to extract_first_word
|
|
More refactorings in extract_first_word
|
|
core: still make progress when throttling the manager loop
|
|
|
|
x86-32
strtoull() doesn't make it particularly easy to detect passed-in
negative numbers, as it silently converts them to positive ones without
generating any error. Since we are not interested in negative values we
should hence explicitly filter them out by looking at the string
directly and returning ERANGE if we see a leading "-".
Fixes: #1829
|
|
Let's make sure to process all queued log data before exiting, so that
we don't unnecessary lose messages when shutting down.
https://github.com/systemd/systemd/pull/1812#issuecomment-155149871
|
|
Let's make sure "LimitCPU=30min" can be parsed properly, following the
usual logic how we parse time values. Similar for LimitRTTIME=.
While we are at it, extend a bit on the man page section about resource
limits.
Fixes: #1772
|
|
Let's not convert RLIM_INFINITY to "unsigned long long" and then back to
rlim_t, but let's leave it in the right type right-away.
Parse resource limits as 64 bit in all cases, as according to the man
page that's what libc does anyway.
Make sure setting a resource limit to (uint64_t) -1 results in a parsing
error, and isn't implicitly converted to RLIM_INFINITY.
|
|
Let's generate a simple error, and that's it. Let's not try to be smart
and record the last word that failed.
Also, let's make sure we don't compare numeric values with 0 by relying
on C's downgrade-to-bool feature, as suggested in CODING_STYLE.
|
|
specification of default time unit if none is specified
This is useful if we want to parse RLIMIT_RTTIME values where the common
UNIX syntax is without any units but refers to a non-second unit (µs in
this case), but where we want to allow specification of units.
|
|
The macro is generically useful for putting together search paths, hence
let's make it truly generic, by dropping the implicit ".d" appending it
does, and leave that to the caller. Also rename it from
CONF_DIRS_NULSTR() to CONF_PATHS_NULSTR(), since it's not strictly about
dirs that way, but any kind of file system path.
Also, mark CONF_DIR_SPLIT_USR() as internal macro by renaming it to
_CONF_PATHS_SPLIT_USR() so that the leading underscore indicates that
it's internal.
|
|
|
|
|
|
VIRTUALIZATION_CONTAINER_OTHER
If we don't know a container manager, we should consider it as "other"
rather than as no container manager at all, to provide a somwhat useful
upgrade path.
|
|
networkd: add support to configure IPv6 hop limit
|
|
conf-parser: use extract_first_word
|
|
lldp: avoid compiler warnings in lldp_tfl_package_read* functions
|
|
|
|
This patch adds support to configure IPV6 hop limit.
For example:
/proc/sys/net/ipv6/conf/wlp3s0/hop_limit
|
|
networkd: vxlan add option to set FDB entries
|
|
[v2] treewide: treatment of errno and other cleanups
|
|
with small manual cleanups for style.
|
|
test-udev: small fixes
|
|
doc: typo and ortho fixes
|
|
core/timer: in containers OnBootSec should count from container startup
|
|
core: support IEC suffixes for RLIMIT stuff
|
|
nspawn: support custom container service name
|
|
|
|
We were hardcoding "systemd-nspawn" as the value of the $container env
variable and "nspawn" as the service string in machined registration.
This commit allows the user to configure it by setting the
$SYSTEMD_NSPAWN_CONTAINER_SERVICE env variable when calling
systemd-nspawn.
If $SYSTEMD_NSPAWN_CONTAINER_SERVICE is not set, we use the string
"systemd-nspawn" for both, fixing the previous inconsistency.
|
|
journal: reduce minimum journal file size to 512 KiB
|
|
In Fedora dnf-makecache.timer specifies OnBootSec=10min, but it fired
during boot in systemd-nspawn, because the clock ticks since the host's
boot.
Fix it by treating OnBootSec the same as OnStartupSec when running in
a container.
|
|
unused since 7b2313f5
|
|
|
|
* print '\n' on error
* use UDEVLIBEXECDIR (udev_rules_new uses it too)
|
|
|
|
For low end embedded systems 4 MiB for each journal file is a lot of
memory. Journald will use at least 512 KiB even if JOURNAL_FILE_SIZE_MIN is
set to less than that so just use 512 KiB.
|
|
Let's make things more user-friendly and support for example
LimitAS=16G
rather than force users to always use LimitAS=16106127360.
The change is relevant for options:
[Default]Limit{FSIZE,DATA,STACK,CORE,RSS,AS,MEMLOCK,MSGQUEUE}
The patch introduces config_parse_bytes_limit(), it's the same as
config_parse_limit() but uses parse_size() tu support the suffixes.
Addresses: https://github.com/systemd/systemd/issues/1772
|
|
|
|
Just skip them in place, instead of setting separator=true. We only do
that in a single place (while finding a separator outside of quote or
backslash states) so we don't really need a separate state for it.
Tested that no regressions were introduced in test-extract-word. Ran a
full `make check` and also installed the binaries on a test system and
did not see any issues related to parsing unit files or starting units
after a reboot.
|
|
Use inner loops to keep processing the same state, except when there is
a state change, then break back to the outer loop so that the correct
branch can be selected again.
Tested that no regressions were introduced in test-extract-word.
|
|
This will make it easier to use inner loops to keep looping in the same
state, by just updating p and c in the same way in the inner loops.
Tested that no regressions were created in test-extract-word.
|
|
It's a pretty small optimization but doesn't hurt...
Tested with test-extract-word.
|
|
Using `goto` might be appropriate for the "finish" cases but it was
really not necessary at this point of the code... Just use if/else
blocks to accomplish the same.
Confirmed that the test cases in test-extract-word keep working as
expected.
|
|
This block runs once before all the other handling, so move it outside
the main loop and put it in its own loop until it's finished doing its
job.
Tested by confirming `make check` (and particularly test-extract-word)
still passes and by booting a system with binaries including this
commit.
|
|
POSIX says:
The pthread_join() function shall not return an error code of [EINTR].
|
|
|
|
|
