summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-08-18add a new tool for creating transient mount and automount unitsLennart Poettering
This adds "systemd-mount" which is for transient mount and automount units what "systemd-run" is for transient service, scope and timer units. The tool allows establishing mounts and automounts during runtime. It is very similar to the usual /bin/mount commands, but can pull in additional dependenices on access (for example, it pulls in fsck automatically), an take benefit of the automount logic. This tool is particularly useful for mount removable file systems (such as USB sticks), as the automount logic (together with automatic unmount-on-idle), as well as automatic fsck on first access ensure that the removable file system has a high chance to remain in a fully clean state even when it is unplugged abruptly, and returns to a clean state on the next re-plug. This is a follow-up for #2471, as it adds a simple client-side for the transient automount logic added in that PR. In later work it might make sense to invoke this tool automatically from udev rules in order to implement a simpler and safer version of removable media management á la udisks.
2016-08-18run: various minor improvementsLennart Poettering
Let's improve the --help text a bit, and other changes.
2016-08-18bus-util: unify loop around bus_append_unit_property_assignment()Lennart Poettering
This is done exactly the same way a couple of times at various places, let's unify this into one version.
2016-08-17Merge pull request #3946 from keszybz/open-journal-rootLennart Poettering
Make journalctl more flexible
2016-08-17sysv-generator: better error reporting (#3977)Felipe Sateler
Currently in the journal you get messages without context like: systemd-sysv-generator[$pid]: Failed to build name: Invalid argument When parsing the init script, show the file and line number where the error was found. At the same time, add more context information if available. Thus turning the message into something like: systemd-sysv-generator[$pid]: [/etc/init.d/root-system-proofd:13] Could not build name for facility $network,: Invalid argument
2016-08-17journal: ensure open journals from find_journal() (#3973)Vito Caputo
If journals get into a closed state like when rotate fails due to ENOSPC, when space is made available it currently goes unnoticed leaving the journals in a closed state indefinitely. By calling system_journal_open() on entry to find_journal() we ensure the journal has been opened/created if possible. Also moved system_journal_open() up to after open_journal(), before find_journal(). Fixes https://github.com/systemd/systemd/issues/3968
2016-08-14Merge pull request #3905 from htejun/cgroup-v2-cpuZbigniew Jędrzejewski-Szmek
core: add cgroup CPU controller support on the unified hierarchy (zj: merging not squashing to make it clear against which upstream this patch was developed.)
2016-08-12journalctl: allow --root argument for journal watchingZbigniew Jędrzejewski-Szmek
It is useful to look at a (possibly inactive) container or other os tree with --root=/path/to/container. This is similar to specifying --directory=/path/to/container/var/log/journal --directory=/path/to/container/run/systemd/journal (if using --directory multiple times was allowed), but doesn't require as much typing.
2016-08-12sd-journal: fix sd_journal_open_directory with SD_JOURNAL_OS_ROOTZbigniew Jędrzejewski-Szmek
The directory argument that is given to sd_j_o_d was ignored when SD_JOURNAL_OS_ROOT was given, and directories relative to the root of the host file system were used. With that flag, sd_j_o_d should do the same as sd_j_open_container: use the path as "prefix", i.e. the directory relative to which everything happens. Instead of touching sd_j_o_d, journal_new is fixed to do what sd_j_o_c was doing, and treat the specified path as prefix when SD_JOURNAL_OS_ROOT is specified.
2016-08-12sd-journal: allow SYSTEM and CURRENT_USER flags with sd_j_open_directory[_fd]Zbigniew Jędrzejewski-Szmek
There is no reason not to. This makes journalctl -D ... --system work, useful for example when viewing files from a deactivated container.
2016-08-12sd-journal: split out flags into separate defines for legibilityZbigniew Jędrzejewski-Szmek
… in preparation for future changes.
2016-08-11coredump: treat RLIMIT_CORE below page size as disabling coredumps (#3932)Zbigniew Jędrzejewski-Szmek
The kernel treats values below a certain threshold (minfmt->min_coredump which is initialized do ELF_EXEC_PAGESIZE, which varies between architectures, but is usually the same as PAGE_SIZE) as disabling coredumps [1]. Any core image below ELF_EXEC_PAGESIZE will yield an invalid backtrace anyway [2], so follow the kernel and not try to parse or store such images. [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/fs/coredump.c#n660 [2] systemd-coredump[16260]: Process 16258 (sleep) of user 1002 dumped core. Stack trace of thread 16258: #0 0x00007f1d8b3d3810 n/a (n/a) https://bugzilla.redhat.com/show_bug.cgi?id=1309172#c19
2016-08-09install: follow config_path symlink (#3362)Rhys
Under NixOS, the config_path /etc/systemd/system is a symlink to /etc/static/systemd/system. Commands such as `systemctl list-unit-files` and `systemctl is-enabled` did not work as the symlink was not followed. This does not affect how symlinks are treated within the config_path directory.
2016-08-09sd-journal: watch logs below container's /{var,run}/log/journal (instead of ↵Evgeny Vereshchagin
the /) (#3934) Fixes #3927.
2016-08-09journal-gatewayd: fix typo; s/Certificat/Certificate/ (#3931)Vito Caputo
2016-08-08core: amend policy to open up dynamic user queries (#3920)Zbigniew Jędrzejewski-Szmek
2016-08-07core: add cgroup CPU controller support on the unified hierarchyTejun Heo
Unfortunately, due to the disagreements in the kernel development community, CPU controller cgroup v2 support has not been merged and enabling it requires applying two small out-of-tree kernel patches. The situation is explained in the following documentation. https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu While it isn't clear what will happen with CPU controller cgroup v2 support, there are critical features which are possible only on cgroup v2 such as buffered write control making cgroup v2 essential for a lot of workloads. This commit implements systemd CPU controller support on the unified hierarchy so that users who choose to deploy CPU controller cgroup v2 support can easily take advantage of it. On the unified hierarchy, "cpu.weight" knob replaces "cpu.shares" and "cpu.max" replaces "cpu.cfs_period_us" and "cpu.cfs_quota_us". [Startup]CPUWeight config options are added with the usual compat translation. CPU quota settings remain unchanged and apply to both legacy and unified hierarchies. v2: - Error in man page corrected. - CPU config application in cgroup_context_apply() refactored. - CPU accounting now works on unified hierarchy.
2016-08-07networkd: remove duplicate call to manager_dirty (#3917)Susant Sahani
since link_dirty itself calls manager_dirty no need to call it separately .
2016-08-06Merge pull request #3884 from poettering/private-usersZbigniew Jędrzejewski-Szmek
2016-08-06journal-gatewayd: fix segfault with certain request (#3893)Yi EungJun
When client requests to get logs with `follow` and `KEY=match` that doesn't match any log entry, journal-gatewayd segfaulted. Make request_reader_entries to return zero in such case to wait for matching entries. This fixes https://github.com/systemd/systemd/issues/3873.
2016-08-06journal-gatewayd: add --directory option (#3913)Yi EungJun
Serve journals in the specified directory instead of default journals.
2016-08-06buildsys,journal: allow -fsanitize=address without VALGRIND definedCristian Rodríguez
Fixed (master) versions of libtool pass -fsanitize=address correctly into CFLAGS and LDFLAGS allowing ASAN to be used without any special configure tricks..however ASAN triggers in lookup3.c for the same reasons valgrind does. take the alternative codepath if __SANITIZE_ADDRESS__ is defined as well.
2016-08-06test: fix stack overflow reported by ASANCristian Rodríguez
It was meant to write to q instead of t FAIL: test-id128 ================ ================================================================= ==125770==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd4615bd31 at pc 0x7a2f41b1bf33 bp 0x7ffd4615b750 sp 0x7ffd4615b748 WRITE of size 1 at 0x7ffd4615bd31 thread T0 #0 0x7a2f41b1bf32 in id128_to_uuid_string src/libsystemd/sd-id128/id128-util.c:42 #1 0x401f73 in main src/test/test-id128.c:147 #2 0x7a2f41336341 in __libc_start_main (/lib64/libc.so.6+0x20341) #3 0x401129 in _start (/home/crrodriguez/scm/systemd/.libs/test-id128+0x401129) Address 0x7ffd4615bd31 is located in stack of thread T0 at offset 1409 in frame #0 0x401205 in main src/test/test-id128.c:37 This frame has 23 object(s): [32, 40) 'b' [96, 112) 'id' [160, 176) 'id2' [224, 240) 'a' [288, 304) 'b' [352, 368) 'a' [416, 432) 'b' [480, 496) 'a' [544, 560) 'b' [608, 624) 'a' [672, 688) 'b' [736, 752) 'a' [800, 816) 'b' [864, 880) 'a' [928, 944) 'b' [992, 1008) 'a' [1056, 1072) 'b' [1120, 1136) 'a' [1184, 1200) 'b' [1248, 1264) 'a' [1312, 1328) 'b' [1376, 1409) 't' <== Memory access at offset 1409 overflows this variable [1472, 1509) 'q' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow src/libsystemd/sd-id128/id128-util.c:42 in id128_to_uuid_string Shadow bytes around the buggy address: 0x100028c23750: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 0x100028c23760: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 0x100028c23770: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 0x100028c23780: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 0x100028c23790: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 =>0x100028c237a0: f2 f2 00 00 00 00[01]f4 f4 f4 f2 f2 f2 f2 00 00 0x100028c237b0: 00 00 05 f4 f4 f4 00 00 00 00 00 00 00 00 00 00 0x100028c237c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100028c237d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100028c237e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100028c237f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==125770==ABORTING FAIL test-id128 (exit status: 1)
2016-08-06test: test-sigbus must be skipped when -fsanitize=address is usedCristian Rodríguez
ASAN is unable to handle it.
2016-08-05Merge pull request #3818 from poettering/exit-status-envZbigniew Jędrzejewski-Szmek
beef up /var/tmp and /tmp handling; set $SERVICE_RESULT/$EXIT_CODE/$EXIT_STATUS on ExecStop= and make sure root/nobody are always resolvable
2016-08-06networkd: add support to set STP (#3903)Susant Sahani
fixes #3881
2016-08-05Merge pull request #3900 from keszybz/fix-3607Lennart Poettering
Fix 3607
2016-08-05socket: add helper function to remove code duplicationZbigniew Jędrzejewski-Szmek
2016-08-05core/socket: include remote address in the message when dropping connectionZbigniew Jędrzejewski-Szmek
Without the address the message is not very useful. Aug 04 23:52:21 rawhide systemd[1]: testlimit.socket: Too many incoming connections (4) from source ::1, dropping connection.
2016-08-05systemd: do not serialize peer, bump count when deserializing socket insteadZbigniew Jędrzejewski-Szmek
2016-08-05core/service: serialize and deserialize accept_socketZbigniew Jędrzejewski-Szmek
This fixes an issue during reexec — the count of connections would be lost: [zbyszek@fedora-rawhide ~]$ systemctl status testlimit.socket | grep Connected Accepted: 1; Connected: 1 [zbyszek@fedora-rawhide ~]$ sudo systemctl daemon-reexec [zbyszek@fedora-rawhide ~]$ systemctl status testlimit.socket | grep Connected Accepted: 1; Connected: 0 With the patch, Connected count is preserved. Also add "Accept Socket" to the dump output for services.
2016-08-05core/socket: rework SocketPeer refcountingZbigniew Jędrzejewski-Szmek
Make functions and definitions that don't need to be shared local to socket.c.
2016-08-05util-lib: unify parsing of nice level valuesLennart Poettering
This adds parse_nice() that parses a nice level and ensures it is in the right range, via a new nice_is_valid() helper. It then ports over a number of users to this. No functional changes.
2016-08-05networkd: do not set NOARP unconditionally (#3891)Zbigniew Jędrzejewski-Szmek
Fixes #3890.
2016-08-05fileio: fix MIN/MAX mixup (#3896)Vito Caputo
The intention is to clamp the value to READ_FULL_BYTES_MAX, which would be the minimum of the two.
2016-08-05journal-remote: remove unnecessary gnutls includes (#3895)Vito Caputo
journal-(gatewayd,remote).c don't actually utilize libgnutls even when HAVE_GNUTLS is defined.
2016-08-04systemd: convert peers_by_address to a setZbigniew Jędrzejewski-Szmek
2016-08-04basic/set: remove some spurious spacesZbigniew Jędrzejewski-Szmek
2016-08-04core: only set the watchdog variables in ExecStart= linesLennart Poettering
2016-08-04core: remember first unit failure, not last unit failureLennart Poettering
Previously, the result value of a unit was overriden with each failure that took place, so that the result always reported the last failure that took place. With this commit this is changed, so that the first failure taking place is stored instead. This should normally not matter much as multiple failures are sufficiently uncommon. However, it improves one behaviour: if we send SIGABRT to a service due to a watchdog timeout, then this currently would be reported as "coredump" failure, rather than the "watchodg" failure it really is. Hence, in order to report information about the type of the failure, and not about the effect of it, let's change this from all unit type to store the first, not the last failure. This addresses the issue pointed out here: https://github.com/systemd/systemd/pull/3818#discussion_r73433520
2016-08-04nss-systemd: resolve root/nobody staticallyLennart Poettering
Let's extend nss-systemd to also synthesize user/group entries for the UIDs/GIDs 0 and 65534 which have special kernel meaning. Given that nss-systemd is listed in /etc/nsswitch.conf only very late any explicit listing in /etc/passwd or /etc/group takes precedence. This functionality is useful in minimal container-like setups that lack /etc/passwd files (or only have incompletely populated ones).
2016-08-04core: set $SERVICE_RESULT, $EXIT_CODE and $EXIT_STATUS in ↵Lennart Poettering
ExecStop=/ExecStopPost= commands This should simplify monitoring tools for services, by passing the most basic information about service result/exit information via environment variables, thus making it unnecessary to retrieve them explicitly via the bus.
2016-08-04main: use pager for --dump-configuration-items (#3894)0xAX
2016-08-04fileio: fix read_full_stream() bugs (#3887)Vito Caputo
read_full_stream() _always_ allocated twice the memory needed, due to only breaking the realloc() && fread() loop when fread() returned 0, requiring another iteration and exponentially enlarged buffer just to discover the EOF condition. This also caused file sizes >2MiB && <= 4MiB to erroneously be treated as E2BIG, due to the inappropriately doubled buffer size exceeding 4*1024*1024. Also made the 4*1024*1024 magic number a READ_FULL_BYTES_MAX constant.
2016-08-04networkd: apply bridge vlan configuration correctTobias Jungel
bridge vlan configuration was applied even if it wasn't configured. fixes #3876
2016-08-04core: use the correct APIs to determine whether a dual timestamp is initializedLennart Poettering
2016-08-04core: move masking of chroot/permission masking into service_spawn()Lennart Poettering
Let's fix up the flags fields in service_spawn() rather than its callers, in order to simplify things a bit.
2016-08-04core: turn various execution flags into a proper flags parameterLennart Poettering
The ExecParameters structure contains a number of bit-flags, that were so far exposed as bool:1, change this to a proper, single binary bit flag field. This makes things a bit more expressive, and is helpful as we add more flags, since these booleans are passed around in various callers, for example service_spawn(), whose signature can be made much shorter now. Not all bit booleans from ExecParameters are moved into the flags field for now, but this can be added later.
2016-08-04util-lib: rework /tmp and /var/tmp handling codeLennart Poettering
Beef up the existing var_tmp() call, rename it to var_tmp_dir() and add a matching tmp_dir() call (the former looks for the place for /var/tmp, the latter for /tmp). Both calls check $TMPDIR, $TEMP, $TMP, following the algorithm Python3 uses. All dirs are validated before use. secure_getenv() is used in order to limite exposure in suid binaries. This also ports a couple of users over to these new APIs. The var_tmp() return parameter is changed from an allocated buffer the caller will own to a const string either pointing into environ[], or into a static const buffer. Given that environ[] is mostly considered constant (and this is exposed in the very well-known getenv() call), this should be OK behaviour and allows us to avoid memory allocations in most cases. Note that $TMPDIR and friends override both /var/tmp and /tmp usage if set.
2016-08-04Merge pull request #2471 from michaelolbrich/transient-mountsLennart Poettering
allow transient mounts and automounts