Age | Commit message (Collapse) | Author |
|
(David: Note, this is just a cleanup and doesn't fix any bugs)
|
|
Introduce two new helpers that send/receive a single fd via a unix
transport. Also make nspawn use them instead of hard-coding it.
Based on a patch by Krzesimir Nowak.
|
|
mount: propagate error codes correctly
|
|
sd-ipv4ll: do not assert_return when seed == 0
|
|
Make sure to propagate error codes from mount-loops correctly. Right now,
we return the return-code of the first mount that did _something_. This is
not what we want. Make sure we return an error if _any_ mount fails (and
then make sure to return the first error to not hide proper errors due to
consequential errors like -ENOTDIR).
Reported by cee1 <fykcee1@gmail.com>.
|
|
sysv-generator: follow symlinks in /etc/rc.d/init.d
|
|
When Group is set in the unit, the runtime directories are owned by
this group and not the default group of the user (same for cgroup paths
and standard outputs)
Fix #1231
|
|
|
|
systemd-mailing-devs/1442692671-10134-1-git-send-email-dev@benjarobin.fr
systemd-notify: Always pass a valid pid to sd_pid_notify
|
|
When a systemd service running in a container exits with a non-zero
code, it can be useful to terminate the container immediately and get
the exit code back to the host, when systemd-nspawn returns. This was
not possible to do. This patch adds the following to make it possible:
- Add a read-only "ExitCode" property on PID 1's "Manager" bus object.
By default, it is 0 so the behaviour stays the same as previously.
- Add a method "SetExitCode" on the same object. The method fails when
called on baremetal: it is only allowed in containers or in user
session.
- Add support in systemctl to call "systemctl exit 42". It reuses the
existing code for user session.
- Add exit.target and systemd-exit.service to the system instance.
- Change main() to actually call systemd-shutdown to exit() with the
correct value.
- Add verb 'exit' in systemd-shutdown with parameter --exit-code
- Update systemctl manpage.
I used the following to test it:
| $ sudo rkt --debug --insecure-skip-verify run \
| --mds-register=false --local docker://busybox \
| --exec=/bin/chroot -- /proc/1/root \
| systemctl --force exit 42
| ...
| Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42.
| $ echo $?
| 42
Fixes https://github.com/systemd/systemd/issues/1290
|
|
ipv4ll use an unsigned instead of an uint8_t array. Hence, use an
unsigned seed instead of declaring an array and then dereferencing it
later.
|
|
Now that seed is an unsigned and not an array, we do not need to assert
on it.
|
|
sd-ipv4acd: split out as separate library from sd-ipv4ll
|
|
core: extend KillUnit() to return error when no unit was killed
|
|
|
|
|
|
load-fragment: resolve specifiers in RuntimeDirectory
|
|
If the option --pid was used, take the pid from this option, unless take
the parend pid. Using 0 as pid (ucred of systemd-notify) will result 99% of the
time in a failure with this error: "Cannot find unit for notify message of PID"
Shouldn't we use always the ppid, since the MAINPID is something else ?
Signed-off-by: Benjamin Robin <dev@benjarobin.fr>
|
|
|
|
These programs should be run manually, typically two instances on a
veth pair to check conflict detection.
Both test programs take the ifname as input, the ACD also takes the
IP address to check, whereas LL (optionally) takes the seed, which
determines the sequence of IP addresses to try.
|
|
This splits the Address Conflict Detection out of the Link Local
library so that we can reuse it for DHCP and static addresses in
the future.
Implements RFC5227.
|
|
Use stop() and start() to drop some pulicate code.
|
|
Firstly, no longer distinguish between STOP and INIT states.
Secondly, do not trigger STOP events when calls to sd_ipv4ll_*() fail. The
caller is the one who would receive the event and will already know that the
call to sd_ipv4ll_*() has failed, so it is redundant.
STOP events will now only be triggered by calling sd_ipv4ll_stop() explicitly
or by some internal error in the library triggered by receiving a packet or
an expiring timeout (i.e., any error that would otherwise not be reported
back to the consumer of the library).
Lastly, follow CODING_STYLE and always return NULL on unref. Protect from
objects being destroyed in callbacks accordingly.
|
|
This requires the caller to stop and restart the statemachine if they want to
change the MAC address.
|
|
Simplify timeout handling.
|
|
Most packets are filtered out by the BPF, so only check for the parts that may
actually differ.
|
|
|
|
|
|
Simplify the code a bit, no functional change.
|
|
We currently process every ARP packet, but we should only care about the ones
relating to our IP address.
Also rename ipv4ll helpers to apr-utils.[ch], and rework the helpers a bit.
|
|
networkd: add support for accept ra
|
|
|
|
The size of the allocated array for received file descriptors was
incorrectly calculated. This did not matter when a single file
descriptor was received, but for more descriptors the allocation was
insufficient.
|
|
cgroup: add support for net_cls controllers
|
|
When a NXDATA or a NODATA response is received for an alias it may
include CNAME records from the redirect chain. We should cache the
response for each of these names to avoid needless roundtrips in
the future.
It is not sufficient to do the negative caching only for the
canonical name, as the included redirection chain is not guaranteed
to be complete. In fact, only the final CNAME record from the chain
is guaranteed to be included.
We take care not to cache entries that redirects outside the current
zone, as the SOA will then not be valid.
|
|
CNAME records are special in the way they are treated by DNS servers,
and our cache should mimic that behavior: In case a domain name has an
alias, its CNAME record is returned in place of any other.
Our cache was not doing this despite caching the CNAME records, this
entailed needless lookups to re-resolve the CNAME.
|
|
Only one key is allowed per transaction now, so let's simplify things and only allow putting
one question key into the cache at a time.
|
|
Takes a key and CNAME RR and returns the canonical RR of the right
type. Make use of this in dns_question_redirect().
|
|
Creates a new CNAME RR key with the same class and name as an existing key.
|
|
|
|
It's nicer if the assertion failure message from a bad use of xsprintf
actually mentions xsprintf instead of the expression the macro is
implemented as.
The assert_message_se macro was added in the previous commit as an
internal helper, but it can also be used for customizing assertion
failure messages like in this case.
Example:
char buf[10];
xsprintf(buf, "This is a %s message.\n", "long");
Before:
Assertion '(size_t) snprintf(buf, ELEMENTSOF(buf), "This is a %s
message.\n", "long") < ELEMENTSOF(buf)' failed at foo.c:6, function
main(). Aborting.
After:
Assertion 'xsprintf: buf[] must be big enough' failed at foo.c:6,
function main(). Aborting.
|
|
Make sure the assert expression is not macro-expanded before
stringification. This makes several assertion failure messages more
readable.
As an example:
assert(streq("foo", "bar"));
I'd rather see this:
Assertion 'streq("foo", "bar")' failed at foo.c:5, function main(). Aborting.
...than this, though awesome, incomprehensible truncated mess:
Assertion '(__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p ((
"foo")) && __builtin_constant_p (("bar")) && (__s1_len = strlen (("foo")), __s2_
len = strlen (("bar")), (!((size_t)(const void *)((("foo")) + 1) - (size_t)(cons
t void *)(("foo")) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((("bar")
) + 1) - (size_t)(const void *)(("bar")) == 1) || __s2_len >= 4)) ? __builtin_st
rcmp (("foo"), ("bar")) : (__builtin_constant_p (("foo")) && ((size_t)(const voi
d *)((("foo")) + 1) - (size_t)(const void *)(("foo")) == 1) && (__s1_len = strle
n (("foo")), __s1_len < 4) ? (__builtin_constant_p (("bar")) && ((size_t)(const
void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) ? __builtin_strcm
p (("foo"), ("bar")) : (__extension__ ({ const unsigned char *__s2 = (const unsi
gned char *) (const char *) (("bar")); int __result = (((const unsigned char *)
(const char *) (("foo")))[0] - __s2[0]); if (__s1_len > 0 && __result == 0) { __
result = (((const unsigned char *) (const char *) (("foo")))[1] - __s2[1]); if (
__s1_len > 1 && __result == 0) { __result = (((const unsigned char *) (const cha
r *) (("foo")))[2] - __s2[2]); if (__s1_len > 2 && __result == 0) __result = (((
const unsigned char *) (const char *) (("foo")))[3] - __s2[3]); } } __result; })
)) : (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) -
(size_t)(const void *)(("bar")) == 1) && (__s2_len = strlen (("bar")), __s2_len
< 4) ? (__builtin_constant_p (("foo")) && ((size_t)(const void *)((("foo")) + 1
) - (size_t)(const void *)(("foo")) == 1) ? __builtin_strcmp (("foo"), ("bar"))
: (- (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (cons
t char *) (("foo")); int __result = (((const unsigned char *) (const char *) (("
bar")))[0] - __s2[0]); if (__s2_len > 0 && __result == 0) { __result = (((const
unsigned char *) (const char *) (("bar")))[1] - __s2[1]); if (__s2_len > 1 && __
result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[2]
- __s2[2]); if (__s2_len > 2 && __result == 0)
|
|
Using ELEMENTSOF on a pointer will result in a compilation error.
|
|
Add a new config directive called NetClass= to CGroup enabled units.
Allowed values are positive numbers for fix assignments and "auto" for
picking a free value automatically, for which we need to keep track of
dynamically assigned net class IDs of units. Introduce a hash table for
this, and also record the last ID that was given out, so the allocator
can start its search for the next 'hole' from there. This could
eventually be optimized with something like an irb.
The class IDs up to 65536 are considered reserved and won't be
assigned automatically by systemd. This barrier can be made a config
directive in the future.
Values set in unit files are stored in the CGroupContext of the
unit and considered read-only. The actually assigned number (which
may have been chosen dynamically) is stored in the unit itself and
is guaranteed to remain stable as long as the unit is active.
In the CGroup controller, set the configured CGroup net class to
net_cls.classid. Multiple unit may share the same net class ID,
and those which do are linked together.
|
|
Hook more properties for transient units
|
|
This patch support to configure the ipv6 acceprt ra option.
for more information see
http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html
|
|
Let's make sure that we follow the same codepaths when adjusting a
cgroup property via the dbus SetProperty() call, and when we execute the
StartupCPUShares= effect.
|
|
value for a reason
|
|
In all occasions when this function is called we do so anyway, so let's
move this inside, to make things easier.
|
|
|