summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-12-17test-compress: fix warning about LZ4_compress_limitedOutputZbigniew Jędrzejewski-Szmek
691b90d465 fixed one spot, but missed the other one.
2016-12-17core: remove spurious newlineZbigniew Jędrzejewski-Szmek
2016-12-17debug-generator: simplify handling of arg_default_unitZbigniew Jędrzejewski-Szmek
Also free the allocated memory before exiting.
2016-12-17Use SPECIAL_DEFAULT_TARGET consistentlyZbigniew Jędrzejewski-Szmek
2016-12-17Modify mount_propagation_flags_from_string to return a normal int codeZbigniew Jędrzejewski-Szmek
This means that callers can distiguish an error from flags==0, and don't have to special-case the empty string.
2016-12-17Merge pull request #4845 from poettering/various-smaller-fixesZbigniew Jędrzejewski-Szmek
Various smaller fixes
2016-12-17coredumpctl: let gdb handle the SIGINT signal (#4901)Franck Bui
Even if pressing Ctrl-c after spawning gdb with "coredumpctl gdb" is not really useful, we should let gdb handle the signal entirely otherwise the user can be suprised to see a different behavior when gdb is started by coredumpctl vs when it's started directly. Indeed in the former case, gdb exits due to coredumpctl being killed by the signal. So this patch makes coredumpctl ignore SIGINT as long as gdb is running.
2016-12-16core: make mount units from /proc/self/mountinfo possibly bind to a device ↵Franck Bui
(#4515) Since commit 9d06297, mount units from mountinfo are not bound to their devices anymore (they use the "Requires" dependency instead). This has the following drawback: if a media is mounted and the eject button is pressed then the media is unconditionally ejected leaving some inconsistent states. Since udev is the component that is reacting (no matter if the device is used or not) to the eject button, users expect that udev at least try to unmount the media properly. This patch introduces a new property "SYSTEMD_MOUNT_DEVICE_BOUND". When set on a block device, all units that requires this device will see their "Requires" dependency upgraded to a "BindTo" one. This is currently only used by cdrom devices. This patch also gives the possibility to the user to restore the previous behavior that is bind a mount unit to a device. This is achieved by passing the "x-systemd.device-bound" option to mount(8). Please note that currently this is not working because libmount treats the x-* options has comments therefore they're not available in utab for later application retrievals.
2016-12-16bootctl: fix typo (#4897)Lucas Werkmeister
2016-12-16core: prevent invalid socket symlink target dereference (#4895)Stefan Hajnoczi
socket_find_symlink_target() returns a pointer to p->address.sockaddr.un.sun_path when the first byte is non-zero without checking that this is AF_UNIX socket. Since sockaddr is a union this byte could be non-zero for AF_INET sockets. Existing callers happen to be safe but is an accident waiting to happen. Use socket_address_get_path() since it checks for AF_UNIX.
2016-12-14calendarspec: free memory when parsing fails (#4890)Doug Christman
This prevents memory leaks on strings like `*~*-*`. Fixes #4887
2016-12-14util-lib: rework rename_process() to be able to make use of PR_SET_MM_ARG_STARTLennart Poettering
PR_SET_MM_ARG_START allows us to relatively cleanly implement process renaming. However, it's only available with privileges. Hence, let's try to make use of it, and if we can't fall back to the traditional way of overriding argv[0]. This removes size restrictions on the process name shown in argv[] at least for privileged processes.
2016-12-14sysv-generator: properly translate sysv facilitiesLennart Poettering
We used the wrong return value in one case, so that our translations were thrown away. While we are at it, make sure to always initialize *ret on successful function exits. Fixes: #4762
2016-12-14machinectl: make "machinectl -E … shell" workLennart Poettering
Fixes: #4823
2016-12-14journalctl: improve wording in an errors messageLennart Poettering
Fixes: #4660
2016-12-14nspawn: flush out environment block of the -a stub init processLennart Poettering
The container detection code in virt.c we ship checks for /proc/1/environ, looking for "container=" in it. Let's make sure our "-a" init stub exposes that correctly. Without this "systemd-detect-virt" run in a "-a" container won't detect that it is being run in a container.
2016-12-14util-lib: improve container detection logicLennart Poettering
Previously, systemd-detect-virt was unable to detect "systemd-nspawn -a" container environments, i.e. where PID 1 is a stub process running in host context, as in that case /proc/1/environ was inherited from the host. Let's improve that, and add an additional check for container environments where /proc/1/environ is not cleaned up and does not contain the $container environment variable: The /proc/1/sched file shows the host PID in the first line. if this is not 1, we know we are running in a PID namespace (but not which implementation). With these changes we should be able to detect container environments that don't set $container at all.
2016-12-14Add sd_is_socket_sockaddr (#4885)Zbigniew Jędrzejewski-Szmek
Fixes #1188.
2016-12-14Merge pull request #4889 from evverx/fix-test-fs-util-memleakRonny Chevalier
test-fs-util: fix memleak
2016-12-14generator: order fsck service After= the deviceLennart Poettering
Otherwise we might get started too early.
2016-12-14core: rework logic to determine when we decide to add automatic deps for mountsLennart Poettering
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider them managed by something else and do not add automatic ordering against umount.target, local-fs.target, remote-fs.target. Extrinsic mounts are considered: - All mounts if we are running in --user mode - API mounts such as everything below /proc, /sys, /dev, which exist from earliest boot to latest shutdown. - All mounts marked as initrd mounts, if we run on the host - The initrd's private directory /run/initrams that should survive until last reboot. This primarily merges a couple of different exclusion lists into a single concept.
2016-12-14core: make sure targets that get a default Conflicts=shutdown.target are ↵Lennart Poettering
also ordered against it Let's tweak the automatic dependency generation of target units: not only add a Conflicts= towards shutdown.target but also an After= line for it, so that we can be sure the new target is not started when the old target is still up. Discovered in the context of #4733 (Also, exclude dependency generation if for shutdown.target itself. — This is strictly speaking redundant, as unit_add_two_dependencies_by_name() detects that and becomes a NOP, but let's make this explicit for readability.)
2016-12-14util: Fine tune running_in_chroot() a bitLennart Poettering
Let's be a bit more careful when detecting chroot() environments, so that we can discern them from namespaced environments. Previously this would simply check if the root directory of PID 1 matches our own root directory. With this commit, we also check whether the namespaces of PID 1 and ourselves are the same. If not we assume we are running inside of a namespaced environment instead of a chroot() environment. This has the benefit that systemctl (which uses running_in_chroot()) will work as usual when invoked in a namespaced service.
2016-12-13Merge pull request #4806 from poettering/keyring-initZbigniew Jędrzejewski-Szmek
set up a per-service session kernel keyring, and store the invocation ID in it
2016-12-14test-fs-util: fix memleakEvgeny Vereshchagin
Fixes: ``` $ ./libtool --mode=execute valgrind --leak-check=full ./test-fs-util ... ==22871== ==22871== 27 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==22871== at 0x4C2FC47: realloc (vg_replace_malloc.c:785) ==22871== by 0x4E86D05: strextend (string-util.c:726) ==22871== by 0x4E8F347: chase_symlinks (fs-util.c:712) ==22871== by 0x109EBF: test_chase_symlinks (test-fs-util.c:75) ==22871== by 0x10C381: main (test-fs-util.c:305) ==22871== ``` Closes #4888
2016-12-14core: make "Restart" service property accessible via the transient APILennart Poettering
Fixes: #4402
2016-12-14core: add ability to define arbitrary bind mounts for servicesLennart Poettering
This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-12-14namespace: instead of chasing mount symlinks a priori, do so as-we-goLennart Poettering
This is relevant as many of the mounts we try to establish only can be followed when some other prior mount that is a prefix of it is established. Hence: move the symlink chasing into the actual mount functions, so that we do it as late as possibly but as early as necessary. Fixes: #4588
2016-12-14core: rename BindMount structure → MountEntryLennart Poettering
After all, these don#t strictly encapsulate bind mounts anymore, and we are preparing this for adding arbitrary user-defined bind mounts in a later commit, at which point this would become really confusing. Let's clean this up, rename the BindMount structure to MountEntry, so that it is clear that it can contain information about any kind of mount.
2016-12-14namespace: add explicit read-only flagLennart Poettering
This reworks handling of the read-only management for mount points. This will become handy as soon as we add arbitrary bind mount support (which comes in a later commit).
2016-12-13namespace: reindent protect_system_strict_table[] as wellLennart Poettering
All other tables got reindented, but one was forgotten. Fix that.
2016-12-13core: hook up MountFlags= to the transient unit logicLennart Poettering
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making MountFlags= to the list of properties that may be accessed transiently.
2016-12-13pam: include pam_keyinit.so in our PAM fragmentsLennart Poettering
We want that systemd --user gets its own keyring as usual, even if the barebones PAM snippet we ship upstream is used. If we don't do this we get the basic keyring systemd --system sets up for us.
2016-12-13core: store the invocation ID in the per-service keyringLennart Poettering
Let's store the invocation ID in the per-service keyring as a root-owned key, with strict access rights. This has the advantage over the environment-based ID passing that it also works from SUID binaries (as they key cannot be overidden by unprivileged code starting them), in contrast to the secure_getenv() based mode. The invocation ID is now passed in three different ways to a service: - As environment variable $INVOCATION_ID. This is easy to use, but may be overriden by unprivileged code (which might be a bad or a good thing), which means it's incompatible with SUID code (see above). - As extended attribute on the service cgroup. This cannot be overriden by unprivileged code, and may be queried safely from "outside" of a service. However, it is incompatible with containers right now, as unprivileged containers generally cannot set xattrs on cgroupfs. - As "invocation_id" key in the kernel keyring. This has the benefit that the key cannot be changed by unprivileged service code, and thus is safe to access from SUID code (see above). But do note that service code can replace the session keyring with a fresh one that lacks the key. However in that case the key will not be owned by root, which is easily detectable. The keyring is also incompatible with containers right now, as it is not properly namespace aware (but this is being worked on), and thus most container managers mask the keyring-related system calls. Ideally we'd only have one way to pass the invocation ID, but the different ways all have limitations. The invocation ID hookup in journald is currently only available on the host but not in containers, due to the mentioned limitations. How to verify the new invocation ID in the keyring: # systemd-run -t /bin/sh Running as unit: run-rd917366c04f847b480d486017f7239d6.service Press ^] three times within 1s to disconnect TTY. # keyctl show Session Keyring 680208392 --alswrv 0 0 keyring: _ses 250926536 ----s-rv 0 0 \_ user: invocation_id # keyctl request user invocation_id 250926536 # keyctl read 250926536 16 bytes of data in key: 9c96317c ac64495a a42b9cd7 4f3ff96b # echo $INVOCATION_ID 9c96317cac64495aa42b9cd74f3ff96b # ^D This creates a new transient service runnint a shell. Then verifies the contents of the keyring, requests the invocation ID key, and reads its payload. For comparison the invocation ID as passed via the environment variable is also displayed.
2016-12-13core: run each system service with a fresh session keyringLennart Poettering
This patch ensures that each system service gets its own session kernel keyring automatically, and implicitly. Without this a keyring is allocated for it on-demand, but is then linked with the user's kernel keyring, which is OK behaviour for logged in users, but not so much for system services. With this change each service gets a session keyring that is specific to the service and ceases to exist when the service is shut down. The session keyring is not linked up with the user keyring and keys hence only search within the session boundaries by default. (This is useful in a later commit to store per-service material in the keyring, for example the invocation ID) (With input from David Howells)
2016-12-13sd-id128: id128_write overwrites target fileEvgeny Vereshchagin
2016-12-13machine-id-setup: `--print --commit` respects the --root optionEvgeny Vereshchagin
2016-12-13core: machine_id_setup overwrites broken machine-idEvgeny Vereshchagin
2016-12-13nspawn: when getting SIGCHLD make sure it's from the first child (#4855)Andrey Ulanov
When getting SIGCHLD we should not assume that it was the first child forked from system-nspawn that has died as it may also be coming from an orphan process. This change adds a signal handler that ignores SIGCHLD unless it came from the first containerized child - the real child. Before this change the problem can be reproduced as follows: $ sudo systemd-nspawn --directory=/container-root --share-system Press ^] three times within 1s to kill container. [root@andreyu-coreos ~]# { true & } & [1] 22201 [root@andreyu-coreos ~]# Container root-fedora-latest terminated by signal KILL
2016-12-12Merge pull request #4771 from keszybz/udev-property-orderingMartin Pitt
Udev property ordering
2016-12-12Merge pull request #4867 from keszybz/catalog-messagesLennart Poettering
Catalog message improvements
2016-12-11hwdb: emit warning when matches are specified at the very end of fileZbigniew Jędrzejewski-Szmek
This is also an error, but it wasn't caught. [/tmp/tmp.YWeKax4fMI/etc/udev/hwdb.d/10-bad.hwdb:26] Property expected, ignoring record with no properties
2016-12-11basic/log: CODE_FUNCTION → CODE_FUNCZbigniew Jędrzejewski-Szmek
systemd.journal-fields(7) documents CODE_FUNC=. Internally, we were inconsistent: sd_journal_print uses CODE_FUNC=, log.h has CODE_FUNCTION=, python-systemd and bootchart also used CODE_FUNC=, when they were internal. Most external projects use sd_journal_* functions, so CODE_FUNC=, python-systemd still uses CODE_FUNC=, as does systemd-bootchart, and independent reimplementations in golang-github-coreos-go-systemd, qtbase, network manager, glib, pulseaudio. Hence, I don't think there's much choice.
2016-12-11share/log: change log_syntax from "[a:b] " to "a:b: "Zbigniew Jędrzejewski-Szmek
Those square brackets don't fit how our other messages look like; we use colons everywhere else. The "[a:b]" format was originally added in ed5bcfbe3c3b68e59242c03649eea03a9707d318, and remained unchanged for 7 years, but in the meantime other conventions evolved. The new version is also one character shorter. [/etc/systemd/system/systemd-networkd.service.d/override.conf:2] Failed to parse sec value, ignoring: ... ↓ /etc/systemd/system/systemd-networkd.service.d/override.conf:2: Failed to parse sec value, ignoring: ...
2016-12-11basic/log: merge two big log_struct_internal invocations into oneZbigniew Jędrzejewski-Szmek
We can take advantage of the fact a NULL argument terminates the list.
2016-12-11Merge pull request #4859 from keszybz/networkdLennart Poettering
Networkd man page update and fixes for the fallout
2016-12-11Merge pull request #4864 from keszybz/build-sysLennart Poettering
Fix some build issues and warnings
2016-12-11Merge pull request #4861 from keszybz/dissect-tweaksLennart Poettering
A prettification of the dissect code, mkosi and TODO updates
2016-12-11pid1,catalog: use a different MESSAGE_ID for user manager startupZbigniew Jędrzejewski-Szmek
This add a new message id for the end of user instance startup. User manager startup is a different beast then the system startup. Their descriptions are completely different too. Let's just separate them. Partially fixes #3351. Also remove "successful" from the description, since we don't know if the startup was successful or not.
2016-12-11basic/extract-word,man: clarify "correction" of invalid escapesZbigniew Jędrzejewski-Szmek
Our warning message was misleading, because we wouldn't "correct" anything, we'd just ignore unkown escapes. Update the message. Also, print just the extracted word (which contains the offending sequences) in the message, instead of the whole line. Fixes #4697.