Age | Commit message (Collapse) | Author |
|
When a systemd service running in a container exits with a non-zero
code, it can be useful to terminate the container immediately and get
the exit code back to the host, when systemd-nspawn returns. This was
not possible to do. This patch adds the following to make it possible:
- Add a read-only "ExitCode" property on PID 1's "Manager" bus object.
By default, it is 0 so the behaviour stays the same as previously.
- Add a method "SetExitCode" on the same object. The method fails when
called on baremetal: it is only allowed in containers or in user
session.
- Add support in systemctl to call "systemctl exit 42". It reuses the
existing code for user session.
- Add exit.target and systemd-exit.service to the system instance.
- Change main() to actually call systemd-shutdown to exit() with the
correct value.
- Add verb 'exit' in systemd-shutdown with parameter --exit-code
- Update systemctl manpage.
I used the following to test it:
| $ sudo rkt --debug --insecure-skip-verify run \
| --mds-register=false --local docker://busybox \
| --exec=/bin/chroot -- /proc/1/root \
| systemctl --force exit 42
| ...
| Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42.
| $ echo $?
| 42
Fixes https://github.com/systemd/systemd/issues/1290
|
|
sd-ipv4acd: split out as separate library from sd-ipv4ll
|
|
core: extend KillUnit() to return error when no unit was killed
|
|
|
|
|
|
load-fragment: resolve specifiers in RuntimeDirectory
|
|
|
|
These programs should be run manually, typically two instances on a
veth pair to check conflict detection.
Both test programs take the ifname as input, the ACD also takes the
IP address to check, whereas LL (optionally) takes the seed, which
determines the sequence of IP addresses to try.
|
|
This splits the Address Conflict Detection out of the Link Local
library so that we can reuse it for DHCP and static addresses in
the future.
Implements RFC5227.
|
|
Use stop() and start() to drop some pulicate code.
|
|
Firstly, no longer distinguish between STOP and INIT states.
Secondly, do not trigger STOP events when calls to sd_ipv4ll_*() fail. The
caller is the one who would receive the event and will already know that the
call to sd_ipv4ll_*() has failed, so it is redundant.
STOP events will now only be triggered by calling sd_ipv4ll_stop() explicitly
or by some internal error in the library triggered by receiving a packet or
an expiring timeout (i.e., any error that would otherwise not be reported
back to the consumer of the library).
Lastly, follow CODING_STYLE and always return NULL on unref. Protect from
objects being destroyed in callbacks accordingly.
|
|
This requires the caller to stop and restart the statemachine if they want to
change the MAC address.
|
|
Simplify timeout handling.
|
|
Most packets are filtered out by the BPF, so only check for the parts that may
actually differ.
|
|
|
|
|
|
Simplify the code a bit, no functional change.
|
|
We currently process every ARP packet, but we should only care about the ones
relating to our IP address.
Also rename ipv4ll helpers to apr-utils.[ch], and rework the helpers a bit.
|
|
networkd: add support for accept ra
|
|
|
|
The size of the allocated array for received file descriptors was
incorrectly calculated. This did not matter when a single file
descriptor was received, but for more descriptors the allocation was
insufficient.
|
|
cgroup: add support for net_cls controllers
|
|
When a NXDATA or a NODATA response is received for an alias it may
include CNAME records from the redirect chain. We should cache the
response for each of these names to avoid needless roundtrips in
the future.
It is not sufficient to do the negative caching only for the
canonical name, as the included redirection chain is not guaranteed
to be complete. In fact, only the final CNAME record from the chain
is guaranteed to be included.
We take care not to cache entries that redirects outside the current
zone, as the SOA will then not be valid.
|
|
CNAME records are special in the way they are treated by DNS servers,
and our cache should mimic that behavior: In case a domain name has an
alias, its CNAME record is returned in place of any other.
Our cache was not doing this despite caching the CNAME records, this
entailed needless lookups to re-resolve the CNAME.
|
|
Only one key is allowed per transaction now, so let's simplify things and only allow putting
one question key into the cache at a time.
|
|
Takes a key and CNAME RR and returns the canonical RR of the right
type. Make use of this in dns_question_redirect().
|
|
Creates a new CNAME RR key with the same class and name as an existing key.
|
|
|
|
It's nicer if the assertion failure message from a bad use of xsprintf
actually mentions xsprintf instead of the expression the macro is
implemented as.
The assert_message_se macro was added in the previous commit as an
internal helper, but it can also be used for customizing assertion
failure messages like in this case.
Example:
char buf[10];
xsprintf(buf, "This is a %s message.\n", "long");
Before:
Assertion '(size_t) snprintf(buf, ELEMENTSOF(buf), "This is a %s
message.\n", "long") < ELEMENTSOF(buf)' failed at foo.c:6, function
main(). Aborting.
After:
Assertion 'xsprintf: buf[] must be big enough' failed at foo.c:6,
function main(). Aborting.
|
|
Make sure the assert expression is not macro-expanded before
stringification. This makes several assertion failure messages more
readable.
As an example:
assert(streq("foo", "bar"));
I'd rather see this:
Assertion 'streq("foo", "bar")' failed at foo.c:5, function main(). Aborting.
...than this, though awesome, incomprehensible truncated mess:
Assertion '(__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p ((
"foo")) && __builtin_constant_p (("bar")) && (__s1_len = strlen (("foo")), __s2_
len = strlen (("bar")), (!((size_t)(const void *)((("foo")) + 1) - (size_t)(cons
t void *)(("foo")) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((("bar")
) + 1) - (size_t)(const void *)(("bar")) == 1) || __s2_len >= 4)) ? __builtin_st
rcmp (("foo"), ("bar")) : (__builtin_constant_p (("foo")) && ((size_t)(const voi
d *)((("foo")) + 1) - (size_t)(const void *)(("foo")) == 1) && (__s1_len = strle
n (("foo")), __s1_len < 4) ? (__builtin_constant_p (("bar")) && ((size_t)(const
void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) ? __builtin_strcm
p (("foo"), ("bar")) : (__extension__ ({ const unsigned char *__s2 = (const unsi
gned char *) (const char *) (("bar")); int __result = (((const unsigned char *)
(const char *) (("foo")))[0] - __s2[0]); if (__s1_len > 0 && __result == 0) { __
result = (((const unsigned char *) (const char *) (("foo")))[1] - __s2[1]); if (
__s1_len > 1 && __result == 0) { __result = (((const unsigned char *) (const cha
r *) (("foo")))[2] - __s2[2]); if (__s1_len > 2 && __result == 0) __result = (((
const unsigned char *) (const char *) (("foo")))[3] - __s2[3]); } } __result; })
)) : (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) -
(size_t)(const void *)(("bar")) == 1) && (__s2_len = strlen (("bar")), __s2_len
< 4) ? (__builtin_constant_p (("foo")) && ((size_t)(const void *)((("foo")) + 1
) - (size_t)(const void *)(("foo")) == 1) ? __builtin_strcmp (("foo"), ("bar"))
: (- (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (cons
t char *) (("foo")); int __result = (((const unsigned char *) (const char *) (("
bar")))[0] - __s2[0]); if (__s2_len > 0 && __result == 0) { __result = (((const
unsigned char *) (const char *) (("bar")))[1] - __s2[1]); if (__s2_len > 1 && __
result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[2]
- __s2[2]); if (__s2_len > 2 && __result == 0)
|
|
Using ELEMENTSOF on a pointer will result in a compilation error.
|
|
Add a new config directive called NetClass= to CGroup enabled units.
Allowed values are positive numbers for fix assignments and "auto" for
picking a free value automatically, for which we need to keep track of
dynamically assigned net class IDs of units. Introduce a hash table for
this, and also record the last ID that was given out, so the allocator
can start its search for the next 'hole' from there. This could
eventually be optimized with something like an irb.
The class IDs up to 65536 are considered reserved and won't be
assigned automatically by systemd. This barrier can be made a config
directive in the future.
Values set in unit files are stored in the CGroupContext of the
unit and considered read-only. The actually assigned number (which
may have been chosen dynamically) is stored in the unit itself and
is guaranteed to remain stable as long as the unit is active.
In the CGroup controller, set the configured CGroup net class to
net_cls.classid. Multiple unit may share the same net class ID,
and those which do are linked together.
|
|
Hook more properties for transient units
|
|
This patch support to configure the ipv6 acceprt ra option.
for more information see
http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html
|
|
Let's make sure that we follow the same codepaths when adjusting a
cgroup property via the dbus SetProperty() call, and when we execute the
StartupCPUShares= effect.
|
|
value for a reason
|
|
In all occasions when this function is called we do so anyway, so let's
move this inside, to make things easier.
|
|
|
|
Not strictly necessary, but makes clear the fds are invalidated. Make
sure we do the same here as in most other cases.
|
|
There's a good chance we never needs these sets, hence allocate them
only when needed.
|
|
|
|
Let's stop using the "unsigned long" type for weights/shares, and let's
just use uint64_t for this, as that's what we expose on the bus.
Unify parsers, and always validate the range for these fields.
Correct the default blockio weight to 500, since that's what the kernel
actually uses.
When parsing the weight/shares settings from unit files accept the empty
string as a way to reset the weight/shares value. When getting it via
the bus, uniformly map (uint64_t) -1 to unset.
Open up StartupCPUShares= and StartupBlockIOWeight= to transient units.
|
|
This was used by consoled, which was removed, let's remove this too now.
|
|
systemd-run can now launch units with PrivateTmp, PrivateDevices,
PrivateNetwork, NoNewPrivileges set.
|
|
loginctl: print nontrivial properties in logictl show-*
|
|
|
|
|
|
systemctl: fix various aspects of polkit authorization in legacy tools.
|
|
machine: when removing, renaming, cloning images also care for .nspaw…
|
|
core: add support for the "pids" cgroup controller
|