summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-04-29Merge pull request #3137 from keszybz/dirent-simplificationLennart Poettering
Various small cleanups in shared code
2016-04-29nspawn: convert uuid to string (#3146)Evgeny Vereshchagin
Fixes: cp /etc/machine-id /var/tmp/systemd-test.HccKPa/nspawn-root/etc systemd-nspawn -D /var/tmp/systemd-test.HccKPa/nspawn-root --link-journal host -b ... Host and machine ids are equal (P�S!V): refusing to link journals
2016-04-28networkd: reconfigure IPv6 and static address after link up event (#3105)Susant Sahani
Now we are not setting static address, start dhcp6 client and discovering IPv6 routers after link gained carrier. This fixes #2912.
2016-04-28basic/mount-util: recognize pvfs2 as network fs (#3140)Zbigniew Jędrzejewski-Szmek
Added to kernel 4.6.
2016-04-28nspawn: initialize the veth_name (#3141)Evgeny Vereshchagin
Fixes: $ systemd-nspawn -h ... Failed to remove veth interface ����: Operation not permitted This is a follow-up for d2773e59de3dd970d861
2016-04-28cgtop: initialize `ours' to NULL properly (#3139)Naohiro Aota
Running cgtop on a system, which lacks expecting stat file, results in a segfault. For example, a system with blkio tree but without cfq io scheduler, lacks "blkio.io_service_bytes". When the targeting cgroup's file does not exist, process() returns 0 and also does not modify `*ret' value (which is `*ours'). As a result, callers of refresh_one() can have bogus pointer, which result in SEGV. This patch just properly initialize the variable to NULL.
2016-04-28test-path-util: add a trivial test for hidden_or_backup_fileZbigniew Jędrzejewski-Szmek
2016-04-28tree-wide: rename hidden_file to hidden_or_backup_file and optimizeZbigniew Jędrzejewski-Szmek
In standard linux parlance, "hidden" usually means that the file name starts with ".", and nothing else. Rename the function to convey what the function does better to casual readers. Stop exposing hidden_file_allow_backup which is rather ugly and rewrite hidden_file to extract the suffix first. Note that hidden_file_allow_backup excluded files with "~" at the end, which is quite confusing. Let's get rid of it before it gets used in the wrong place.
2016-04-27basic/dirent-util: do not call hidden_file_allow_backup from ↵Zbigniew Jędrzejewski-Szmek
dirent_is_file_with_suffix If the file name is supposed to end in a suffix, there's not need to check the name against a list of "special" file names, which is slow. Instead, just check that the name doens't start with a period.
2016-04-27networkd: drop unnecessary stmtZbigniew Jędrzejewski-Szmek
2016-04-27machinectl: simplify option string assignmentZbigniew Jędrzejewski-Szmek
It's better to avoid having the option string duplicated, lest we forget to modify them in sync in the future.
2016-04-27Correctly parse OBJECT_PID in journald messages (#3129)Nalin Dahyabhai
The parse_pid() function doesn't succeed if we don't zero-terminate after the last digit in the buffer.
2016-04-27path-util: Add hidden suffixes for ucf (#3131)Martin Pitt
ucf is a standard Debian helper for managing configuration file upgrades which need more interaction or elaborate merging than conffiles managed by dpkg. Ignore its temporary and backup files similarly to the *.dpkg-* ones to avoid creating units for them in generators. https://bugs.debian.org/775903
2016-04-27journal: set STATE_ARCHIVED as part of offlining (#2740)Vito Caputo
The only code path which makes a journal durable is via journal_file_set_offline(). When we perform a rotate the journal's header->state is being set to STATE_ARCHIVED prior to journal_file_set_offline() being called. In journal_file_set_offline(), we short-circuit the entire offline when f->header->state != STATE_ONLINE. This all results in none of the journal_file_set_offline() fsync() calls being reached when rotate archives a journal, so archived journals are never explicitly made durable. What we do now is instead of setting the f->header->state to STATE_ARCHIVED directly in journal_file_rotate() prior to journal_file_close(), we set an archive flag in f->archive for the journal_file_set_offline() machinery to honor by committing STATE_ARCHIVED instead of STATE_OFFLINE when set. Prior to this, rotated journals were never getting fsync() explicitly performed on them, since journal_file_set_offline() short-circuited. Obviously this is undesirable, and depends entirely on the underlying filesystem as to how much durability was achieved when simply closing the file. Note that this problem existed prior to the recent asynchronous fsync changes, but those changes do facilitate our performing this durable offline on rotate without blocking, regardless of the underlying filesystem sync-on-close semantics.
2016-04-26core: set start job timeout from the kernel commandline (#3112)tblume
Add the boot parameter: systemd.default_timeout_start_sec to allow modification of the default start job timeout at boot time.
2016-04-26Merge pull request #3124 from poettering/small-journal-fixesZbigniew Jędrzejewski-Szmek
2016-04-26Revert "smaller journal fixes (#3124)"Zbigniew Jędrzejewski-Szmek
This reverts commit 6e3930c40f3379b7123e505a71ba4cd6db6c372f. Merge got squashed by mistake.
2016-04-26Merge pull request #3093 from poettering/nspawn-userns-magicLennart Poettering
nspawn automatic user namespaces
2016-04-26smaller journal fixes (#3124)Lennart Poettering
* sd-journal: detect earlier if we try to read an object from an invalid offset Specifically, detect early if we try to read from offset 0, i.e. are using uninitialized offset data. * journal: when dumping journal contents, react nicer to lines we can't read If journal files are not cleanly closed it might happen that intermediaery journal entries cannot be read. Handle this nicely, skip over the unreadable entries, and log a debug message about it; after all we generally follow the logic that we try to make the best of corrupted files. * journal-file: always generate the same error when encountering corrupted files Let's make sure EBADMSG is the one error we throw when we encounter corrupted data, so that we can neatly test for it. * journal-file: when iterating through a partly corruped journal file, treat error like EOF When we linearly iterate through a corrupted journal file, and we encounter a read error, don't consider this fatal, but merely as EOF condition (and log about it). * journal-file: make seeking in corrupted files work Previously, when we used a bisection table for seeking through a corrupted file, and the end of the bisection table was corrupted we'd most likely fail the entire seek operation. Improve the situation: if we encounter invalid entries in a bisection table, linearly go backwards until we find a working entry again. * man: elaborate on the automatic systemd-journald.socket service dependencies Fixes: #1603
2016-04-26journal-file: make seeking in corrupted files workLennart Poettering
Previously, when we used a bisection table for seeking through a corrupted file, and the end of the bisection table was corrupted we'd most likely fail the entire seek operation. Improve the situation: if we encounter invalid entries in a bisection table, linearly go backwards until we find a working entry again.
2016-04-26journal-file: when iterating through a partly corruped journal file, treat ↵Lennart Poettering
error like EOF When we linearly iterate through a corrupted journal file, and we encounter a read error, don't consider this fatal, but merely as EOF condition (and log about it).
2016-04-26journal-file: always generate the same error when encountering corrupted filesLennart Poettering
Let's make sure EBADMSG is the one error we throw when we encounter corrupted data, so that we can neatly test for it.
2016-04-26journal: when dumping journal contents, react nicer to lines we can't readLennart Poettering
If journal files are not cleanly closed it might happen that intermediaery journal entries cannot be read. Handle this nicely, skip over the unreadable entries, and log a debug message about it; after all we generally follow the logic that we try to make the best of corrupted files.
2016-04-26sd-journal: detect earlier if we try to read an object from an invalid offsetLennart Poettering
Specifically, detect early if we try to read from offset 0, i.e. are using uninitialized offset data.
2016-04-26systemd --user: call pam_loginuid when creating user@.service (#3120)Zbigniew Jędrzejewski-Szmek
This way the user service will have a loginuid, and it will be inherited by child services. This shouldn't change anything as far as systemd itself is concerned, but is nice for various services spawned from by systemd --user that expect a loginuid. pam_loginuid(8) says that it should be enabled for "..., crond and atd". user@.service should behave similarly to those two as far as audit is concerned. https://bugzilla.redhat.com/show_bug.cgi?id=1328947#c28
2016-04-25Merge pull request #3109 from poettering/journal-by-fdZbigniew Jędrzejewski-Szmek
rework "journalctl -M"
2016-04-25Merge pull request #3114 from poettering/journalctl-bZbigniew Jędrzejewski-Szmek
Fix endless loops in journalctl --list-boots (closes #617).
2016-04-25machined: generate a nicer error when the user tries "machinectl clone" on ↵Lennart Poettering
non-btrfs file systems (#3117) Fixes: #2060 (Of course, in the long run, we should probably add a copy-based fall-back. But given how slow that is, this probably requires some asynchronous forking logic like the CopyFrom() and CopyTo() method calls already implement.)
2016-04-25core: fix description of "resources" service error (#3119)Lennart Poettering
The "resources" error is really just the generic error we return when we hit some kind of error and we have no more appropriate error for the case to return, for example because of some OS error. Hence, reword the explanation and don't claim any relation to resource limits. Admittedly, the "resources" service error is a bit of a misnomer, but I figure it's kind of API now. Fixes: #2716
2016-04-25Merge pull request #3113 from ssahani/route-fixLennart Poettering
netwotkd: fix address and route conf
2016-04-25journal: fix already offline check and thread leak (#2810)Vito Caputo
Early in journal_file_set_offline() f->header->state is tested to see if it's != STATE_ONLINE, and since there's no need to do anything if the journal isn't online, the function simply returned here. Since moving part of the offlining process to a separate thread, there are two problems here: 1. We can't simply check f->header->state, because if there is an offline thread active it may modify f->header->state. 2. Even if the journal is deemed offline, the thread responsible may still need joining, so a bare return may leak the thread's resources like its stack. To address #1, the helper journal_file_is_offlining() is called prior to accessing f->header->state. If journal_file_is_offlining() returns true, f->header->state isn't even checked, because an offlining journal is obviously online, and we'll just continue with the normal set offline code path. If journal_file_is_offlining() returns false, then it's safe to check f->header->state, because the offline_state is beyond the point of modifying f->header->state, and there's a memory barrier in the helper. If we find f->header->state is != STATE_ONLINE, then we call the idempotent journal_file_set_offline_thread_join() on the way out of the function, to join a potential lingering offline thread.
2016-04-25journalctl: turn --unit= in combination with --user into --user-unit=Lennart Poettering
Let's be nice to users, and let's turn the nonsensical "--unit=… --user" into "--user-unit=…" which the user more likely meant. Fixes #1621
2016-04-25sd-journal: "soft" deprecate sd_journal_open_container()Lennart Poettering
Let's document the call as deprecated, since it doesn't cover containers with directories that aren#t visible to the host properly.
2016-04-25journalctl: port --machine= switch to use machined's OpenMachineRootDirectory()Lennart Poettering
This way, the switch becomes compatible with nspawn containers using --image=, and those which only store journal data in /run (i.e. have persistant logs off). Fixes: #49
2016-04-25journalctl: don't trust the per-field entry tables when looking for boot IDsLennart Poettering
When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25journalctl: improve output of --header a bitLennart Poettering
Show the various timestamps in hexadecimal too. This is useful for matching the timestamps included in cursor strings (which are encoded in hex, too), with the references in the journal header.
2016-04-25nspawn: explicitly remove veth links after use (#3111)Lennart Poettering
* sd-netlink: permit RTM_DELLINK messages with no ifindex This is useful for removing network interfaces by name. * nspawn: explicitly remove veth links we created after use Sometimes the kernel keeps veth links pinned after the namespace they have been joined to died. Let's hence explicitly remove veth links after use. Fixes: #2173
2016-04-25journalctl: simplify discover_next_boot() a bitLennart Poettering
Drop the "read_realtime" parameter. Getting the realtime timestamp from an entry is cheap, as it is a normal header field, hence let's just get this unconditionally, and simplify our code a bit.
2016-04-25journalctl: simplify get_boots() a bit, by getting rid of one BootId objectLennart Poettering
Let's store the reference as simple sd_id128_t, since we don't actually need a BootId for it.
2016-04-25journalctl: add some explanatory comments to get_boots()Lennart Poettering
2016-04-25sd-journal: add logic to open journal files of a specific OS treeLennart Poettering
With this change a new flag SD_JOURNAL_OS_ROOT is introduced. If specified while opening the journal with the per-directory calls (specifically: sd_journal_open_directory() and sd_journal_open_directory_fd()) the passed directory is assumed to be the root directory of an OS tree, and the journal files are searched for in /var/log/journal, /run/log/journal relative to it. This is useful to allow usage of sd-journal on file descriptors returned by the OpenRootDirectory() call of machined.
2016-04-25machined: add new OpenRootDirectory() call to Machine objectsLennart Poettering
This new call returns a file descriptor for the root directory of a container. This file descriptor may then be used to access the rest of the container's file system, via openat() and similar calls. Since the file descriptor returned is for the file system namespace inside of the container it may be used to access all files of the container exactly the way the container itself would see them. This is particularly useful for containers run directly from loopback media, for example via systemd-nspawn's --image= switch. It also provides access to directories such as /run of a container that are normally not accessible to the outside of a container. This replaces PR #2870. Fixes: #2870
2016-04-25sd-journal: add API for opening journal files or directories by fdLennart Poettering
Also, expose this via the "journalctl --file=-" syntax for STDIN. This feature remains undocumented though, as it is probably not too useful in real-life as this still requires fds that support mmaping and seeking, i.e. does not work for pipes, for which reading from STDIN is most commonly used.
2016-04-25nspawn: when readjusting UID/GID ownership of OS trees, skip read-only subtreesLennart Poettering
This should allow tools like rkt to pre-mount read-only subtrees in the OS tree, without breaking the patching code. Note that the code will still fail, if the top-level directory is already read-only.
2016-04-25nspawn: don't try to patch UIDs/GIDs of procfs and suchlikeLennart Poettering
2016-04-25nspawn: make -U a tiny bit smarterLennart Poettering
With this change -U will turn on user namespacing only if the kernel actually supports it and otherwise gracefully degrade to non-userns mode.
2016-04-25nspawn: allow configuration of user namespaces in .nspawn filesLennart Poettering
In order to implement this we change the bool arg_userns into an enum UserNamespaceMode, which can take one of NO, PICK or FIXED, and replace the arg_uid_range_pick bool with it.
2016-04-25nspawn: add -U as shortcut for --private-users=pickLennart Poettering
Given that user namespacing is pretty useful now, let's add a shortcut command line switch for the logic.
2016-04-25nspawn: optionally, automatically allocate a UID/GID range for userns containersLennart Poettering
This adds the new value "pick" to --private-users=. When specified a new UID/GID range of 65536 users is automatically and randomly allocated from the host range 0x00080000-0xDFFF0000 and used for the container. The setting implies --private-users-chown, so that container directory is recursively chown()ed to the newly allocated UID/GID range, if that's necessary. As an optimization before picking a randomized UID/GID the UID of the container's root directory is used as starting point and used if currently not used otherwise. To protect against using the same UID/GID range multiple times a few mechanisms are in place: - The first and the last UID and GID of the range are checked with getpwuid() and getgrgid(). If an entry already exists a different range is picked. Note that by "last" UID the user 65534 is used, as 65535 is the 16bit (uid_t) -1. - A lock file for the range is taken in /run/systemd/nspawn-uid/. Since the ranges are taken in a non-overlapping fashion, and always start on 64K boundaries this allows us to maintain a single lock file for each range that can be randomly picked. This protects nspawn from picking the same range in two parallel instances. - If possible the /etc/passwd lock file is taken while a new range is selected until the container is up. This means adduser/addgroup should safely avoid the range as long as nss-mymachines is used, since the allocated range will then show up in the user database. The UID/GID range nspawn picks from is compiled in and not configurable at the moment. That should probably stay that way, since we already provide ways how users can pick their own ranges manually if they don't like the automatic logic. The new --private-users=pick logic makes user namespacing pretty useful now, as it relieves the user from managing UID/GID ranges.
2016-04-25nspawn: optionally fix up OS tree uid/gids for usernsLennart Poettering
This adds a new --private-userns-chown switch that may be used in combination with --private-userns. If it is passed a recursive chmod() operation is run on the OS tree, fixing all file owner UID/GIDs to the right ranges. This should make user namespacing pretty workable, as the OS trees don't need to be prepared manually anymore.