Age | Commit message (Collapse) | Author |
|
As it turns out 512 is max number of tasks per service is hit by too many
applications, hence let's bump it a bit, and make it relative to the system's
maximum number of PIDs. With this change the new default is 15%. At the
kernel's default pids_max value of 32768 this translates to 4915. At machined's
default TasksMax= setting of 16384 this translates to 2457.
Why 15%? Because it sounds like a round number and is close enough to 4096
which I was going for, i.e. an eight-fold increase over the old 512
Summary:
| on the host | in a container
old default | 512 | 512
new default | 4915 | 2457
|
|
Let's change from a fixed value of 12288 tasks per user to a relative value of
33%, which with the kernel's default of 32768 translates to 10813. This is a
slight decrease of the limit, for no other reason than "33%" sounding like a nice
round number that is close enough to 12288 (which would translate to 37.5%).
(Well, it also has the nice effect of still leaving a bit of room in the PID
space if there are 3 cooperating evil users that try to consume all PIDs...
Also, I like my bikesheds blue).
Since the new value is taken relative, and machined's TasksMax= setting
defaults to 16384, 33% inside of containers is usually equivalent to 5406,
which should still be ample space.
To summarize:
| on the host | in the container
old default | 12288 | 12288
new default | 10813 | 5406
|
|
|
|
That way, we can neatly keep this in line with the new TasksMaxScale= option.
Note that we didn't release a version with MemoryLimitByPhysicalMemory= yet,
hence this change should be unproblematic without breaking API.
|
|
This adds support for a TasksMax=40% syntax for specifying values relative to
the system's configured maximum number of processes. This is useful in order to
neatly subdivide the available room for tasks within containers.
|
|
log about all processes we forcibly kill
|
|
Assorted fixes
|
|
https://github.com/systemd/systemd/pull/3685 introduced
/run/systemd/inaccessible/{chr,blk} to map inacessible devices,
this patch allows systemd running inside a nspawn container to create
/run/systemd/inaccessible/{chr,blk}.
|
|
|
|
bootctl: Always use upper case for "/EFI/BOOT" and "/EFI/BOOT/BOOT*.EFI".
|
|
|
|
If the ESP is not mounted with "iocharset=ascii", but with "iocharset=utf8"
(which is for example the default in Debian), the file system becomes case
sensitive. This means that a file created as "FooBarBaz" cannot be accessed as
"foobarbaz" since those are then considered different files.
Moreover, a file created as "FooBar" can then also not be accessed as "foobar",
and it also prevents such a file from being created, as both would use the same
8.3 short name "FOOBAR".
Even though the UEFI specification [0] does give the canonical spelling for
the files mentioned above, not all implementations completely conform to that,
so it's possible that those files would already exist, but with a different
spelling, causing subtle bugs when scanning or modifying the ESP.
While the proper fix would of course be that everybody conformed to the
standard, we can work around this problem by just referencing the files by
their 8.3 short names, i.e. using upper case.
Fixes: #3740
[0] <http://www.uefi.org/specifications>, version 2.6, section 3.5.1.1
|
|
|
|
Fix bug introduced by #3263: mount(2) return value is 0 or -1, not errno.
Thanks to Evgeny Vereshchagin (@evverx) for reporting.
|
|
Fix a copy/paste mistake.
|
|
|
|
|
|
Normally we make all of /proc/sys read-only in a container, but if we do have
netns enabled we can make /proc/sys/net writable, as things are virtualized
then.
|
|
|
|
|
|
We don't actually need any functionality from cgroup.h in execute.h, hence
don't include that. However, we do need the Unit structure from unit.h, hence
include that, and move it as late as possible, since it needs the definitions
from execute.h.
|
|
All other functions in execute.c that need the unit id take a Unit* parameter
as first argument. Let's change connect_logger_as() to follow a similar logic.
|
|
This way systemd is informed that we consider everything inside the scope as
"left-over", and systemd can log about killing it.
With this change systemd will log about all processes killed due to the session
clean-up on KillUserProcesses=yes.
|
|
After all, if a unit is abandoned, all processes inside of it may be considered
"left over" and are something we should better log about.
|
|
This was accidentally left commented out for debugging purposes, let's fix that
and make the signal directed again.
|
|
|
|
Let's lot at LOG_NOTICE about any processes that we are going to
SIGKILL/SIGABRT because clean termination of them didn't work.
This turns the various boolean flag parameters to cg_kill(), cg_migrate() and
related calls into a single binary flags parameter, simply because the function
now gained even more parameters and the parameter listed shouldn't get too
long.
Logging for killing processes is done either when the kill signal is SIGABRT or
SIGKILL, or on explicit request if KILL_TERMINATE_AND_LOG instead of LOG_TERMINATE
is passed. This isn't used yet in this patch, but is made use of in a later
patch.
|
|
|
|
|
|
We generally try to avoid strerror(), due to its threads-unsafety, let's do
this here, too.
Also, let's be tiny bit more explanatory with the log messages, and let's
shorten a few things.
|
|
We usually hide legacy bus properties from introspection. Let's do that for the
InaccessibleDirectories= properties too.
The properties stay accessible if requested, but they won't be listed anymore
if people introspect the unit.
|
|
namespace: unify limit behavior on non-directory paths
|
|
Let's make sure our logging APIs is in sync with how stdout/stderr logging
works.
|
|
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories=
to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept
as aliases but they are not advertised in the documentation.
Renamed variables:
`read_write_dirs` --> `read_write_paths`
`read_only_dirs` --> `read_only_paths`
`inaccessible_dirs` --> `inaccessible_paths`
|
|
Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.
Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
|
|
json output
With this change, binary record data is formatted as string if --all is
specified when using json output. This is inline with the effect of --all on
the other available output modes.
Fixes: #3416
|
|
When converting log messages from human readable text into binary records to
send off to journald in sd_journal_print(), strip trailing whitespace in the
log message. This way, handling of logs made via syslog(), stdout/stderr and
sd_journal_print() are treated the same way: trailing (but not leading)
whitespace is automatically removed, in particular \n and \r. Note that in case
of syslog() and stdout/stderr based logging the stripping takes place
server-side though, while for the native protocol based transport this takes
place client-side. This is because in the former cases conversion from
free-form human-readable strings into structured, binary log records takes
place on the server-side while for journal-native logging it happens on the
client side, and after conversion into binary records we probably shouldn't
alter the data anymore.
See: #3416
|
|
install everything in /boot/efi, if this is a mountpoint
|
|
|
|
|
|
|
|
|
|
WaitForKeyEx may never return on some UEFI systems depending
on firmware, hardware configuration and the phase of the moon.
Use ConIn->WaitForKey unconditionally instead.
Fixes #3632
|
|
Such mkdir errors happen for example when trying to mkdir /sys/fs/selinux.
/sys is documented to be readonly in the container, so mkdir errors below /sys
can be expected.
They shouldn't be logged as warnings since they lead users to think that
there is something wrong.
|
|
Fix make nulstr confusion
|
|
Trivial fixes
|
|
|
|
|
|
Usually multiple DNS servers are configured, and it looks strange to have
singular in the heading.
|
|
strv_make_nulstr was creating a nulstr which was not a valid nulstr,
because it was missing the terminating NUL. This didn't cause any issues,
because strv_parse_nulstr correctly parsed the result, using the
separately specified length.
But it's confusing to have something called nulstr which really isn't.
It is likely that somebody will try to use strv_make_nulstr() in
some other place, incorrectly.
This patch changes strv_parse_nulstr() to produce a valid nulstr, and
changes the output length parameter to be the minimum number of bytes
which can be later on parsed by strv_parse_nulstr(). This allows the
only user in ask-password-api to be slightly simplified.
Based-on-patch-by: Jean-Sébastien Bour <jean-sebastien@bour.name>
Fixes #3689.
|