Age | Commit message (Collapse) | Author |
|
|
|
If some sleep operation was not possible (e.g. because swap is missing),
we would try twice: once through logind, which would result in a clean error:
Failed to execute operation: Sleep verb not supported
and then second time by starting the appropriate unit directly, which is
more messy. If logind tells us that something is not possible (or already
in progress), report that to the user and quit. If logind is present and working
we should not try to work around it.
Loosely based on https://bugs.freedesktop.org/show_bug.cgi?id=87832.
|
|
ENOSYS is used to signify compiled-out functionality. Using it for
different kinds of error is misleading.
For BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, logind-action.c uses ENOTSUP
already, so changing it to ENOTSUP makes the dbus and action paths
behave the same.
|
|
|
|
This implements two new helpers, discussed on systemd-devel about 1 year
ago:
sd_bus_emit_object_added()
sd_bus_emit_object_removed()
Both calls are equivalent to their respective counterpart
sd_bus_emit_interfaces_{added/removed}(), but can figure out the list of
interfaces themselves, instead of requiring the caller to provide them.
Furthermore, both calls properly deal with builtin interfaces provided via
org.freedesktop.DBus.* and alike.
Both calls simply traverse a node and all its parent nodes to figure out a
list of all interfaces registered as vtable or fallback. It then appends
each of them, similar to the interfaces_{added/removed}() helpers.
Note that interfaces_{added/removed}() runs a parent traversal for *each*
passed interface. Therefore, it can simply bail out, once it found a
parent node that implements a given interface.
With object_{added/removed}() we cannot know the registered interfaces in
advance, thus, we cannot run one traversal per node. Instead, we run a
single traversal and remember all interfaces that we added. Therefore, a
child-interface overrides all conflicting parent-interfaces. We keep a
"Set *s" context to track those while climbing up the tree.
|
|
The kernel provides capabilities as a u32 array, sd-bus uses an u8 array.
This works fine on little-endian as both are encoded the same way.
However, this fails on big-endian if we do not perform sufficient
byte-swapping on each u32 entry.
This patch makes sd-bus use u32, too. We avoid changing any kernel
provided data so we can keep pointing into kdbus pool buffers which
contain u32 arrays.
|
|
The number of available caps can be read from
/proc/sys/kernel/cap_last_cap during runtime. Our helper cap_last_cap()
does that, so there's no reason to remember the size of any capability
cache. We can just pre-allocate arrays with a suitable size for all
available caps and reject any higher caps.
The kernel capability API uses u32 as base so make sure we do the same.
Note that this is specified by POSIX, so it's unlikely to change.
|
|
This macro calculates A / B but rounds up instead of down. We explicitly
do *NOT* use:
(A + B - 1) / A
as it suffers from an integer overflow, even though the passed values are
properly tested against overflow. Our test-cases show this behavior.
Instead, we use:
A / B + !!(A % B)
Note that on "Real CPUs" this does *NOT* result in two divisions. Instead,
instructions like idivl@x86 provide both, the quotient and the remainder.
Therefore, both algorithms should perform equally well (I didn't verify
this, though).
|
|
This reverts commit 206e7a5f7b55ac61188efd895e65ab26e478cbb2.
We actually want to allow shutting down containers that use
RegisterMachine() rather than CreateMachine() to register their own
unit. It should be safe to do so, since the primary usecase for
RegisterMachine() are container managers that run only a single
container within their own unit, such as systemd-nspawn.
|
|
|
|
That way, systemd can actually figure out if everything is OK with
nspawn.
|
|
systemd-nspawn for containers
This is basically just a shortcut for "systemctl enable
systemd-nspawn@<foobar>.service", but does escaping.
|
|
|
|
We *must* not use sd_bus_reply_*() as it does not set the sender field
correctly. Use the synthetic_reply_*() helpers instead!
|
|
This file was introduced with linux-3.2, use it instead of probing for it
via prctl(PR_CAPBSET_READ).
For now, keep the old code for backwards compat. We can drop it once 3.2
is our lowest requirement.
The test-cap-list code is extended to verify cap_last_cap() is the same as
we'd get via prctl probing and /proc.
|
|
fail
|
|
Drop spurious 'we'.
|
|
All we care about is that the kernel (pid==0) sent the message. Verifying the sender uid
seems to break when using userns.
Reported by Stéphane Graber.
|
|
|
|
Only a minor change as the timeout would be hit soon thereafetr at the next loop.
|
|
This caused rtnl_poll to always return true immediately in sd_rtnl_call().
|
|
Read the message form the socket or we will loop trying to read the
same message repeatedly.
|
|
We should just try again instead.
|
|
We drop messages received from the wrong uid/pid, log this at debug level.
|
|
We no longer configure the addresses on the loopback interface, but simply bring it up
and let the kernel do the rest. Also change the check to only check if the interface
is up, rather than checking for the IPv4 loopback address.
|
|
|
|
|
|
object inbetween
|
|
|
|
|
|
|
|
machine images
|
|
|
|
|
|
use of it from nspawn
|
|
Add missing htonl() so that check_loopback() actually tests for 127.0.0.1
instead of 1.0.0.127 on little-endian machines.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/var/lib/container
|
|
referring to the host's own directory tree
|
|
|
|
|
|
|
|
vendor image
|
|
|
|
|