summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-18Merge pull request #276 from poettering/dbus-search-pathKay Sievers
bus-proxy: add new dbus policy search paths from /usr
2015-06-18Merge pull request #277 from poettering/journal-interleaving-monotonicLennart Poettering
journal: make sure the clock increases strict monotonic
2015-06-17Merge pull request #270 from phomes/masterTom Gundersen
udevd: remove dead code
2015-06-17journal: make sure the clock increases strict monotonicLennart Poettering
Let's work around crappy clocks in test-journal-interleaving.c too. This does the same as 98d2a5341788b49e82d628dfdc2e241af6d70dcd but for test-journal-interlaving.c rather than test-journal-stream.c.
2015-06-17Merge pull request #275 from poettering/acl-fixesMartin Pitt
acl-util: various smaller fixes to parse_acl()
2015-06-17Merge pull request #271 from poettering/test-journal-stream-crappy-clockLennart Poettering
journal: ensure test-journal-stream doesn't get confused by crappy cl…
2015-06-17bus-proxy: add new dbus policy search paths from /usrLennart Poettering
D-Bus upstream is working on extending the configuration/policy search path, follow this. See #274 for details.
2015-06-17acl-util: various smaller fixes to parse_acl()Lennart Poettering
- Make string parameter const - Don't log some OOM errors, but not others - Don't eat up errors generated by acl_from_text() - Make sure check for success of every single strv_push() call
2015-06-17libudev: device - fix typo in udev_device_get_sysattr_list_entry()Tom Gundersen
We were adding the attributes to the wrong list.
2015-06-17Merge pull request #44 from filbranden/unquote_first_word1Lennart Poettering
Replace FOREACH_WORD_QUOTED with a loop using unquote_first_word in config_parse_exec()
2015-06-17journal: ensure test-journal-stream doesn't get confused by crappy clocksLennart Poettering
This ensures that we write strictly monotonic timestamps into the journal files, to ensure that we can properly interleave everything correctly. See #175 for details.
2015-06-17udved: remove dead codeThomas Hindoe Paaboel Andersen
Leftover from 6af5e6a4c918a68b196a04346732e094e5373a36
2015-06-17logs-show: print a debug message when we skip entries without MESSAGE= fieldsLennart Poettering
2015-06-17load-fragment: reset the list on an ExecStart= containing only whitespaceFilipe Brandenburger
This is consistent with how an empty string works in an ExecStart= statement. We should not differentiate between an empty string and whitespace only (since they look the same.) Update the test case with whitespace only to reflect that the list is reset. Tested that `test-unit-file` passes and other test cases are not affected. Installed the patched systemd binaries on a machine, booted it, looked for out of the usual behavior but did not find any.
2015-06-17load-fragment: use unquote_first_word in config_parse_execFilipe Brandenburger
Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-06-17tests: additional cases in test-unit-fileFilipe Brandenburger
These tests will be useful to check the cases regarding quoted and escaped semicolon when we switch to using unquote_first_word. Additionally, convert some of the tests that have semicolons so that the argument after the semicolon looks like a path (starts with /) so that we can see the change of behavior when making config_parse_exec more strict about what it accepts as a command separator.
2015-06-17util: Introduce unquote_first_word_and_warnFilipe Brandenburger
It will try to unquot_first_word, but if it runs into escaping problems it will retry it adding UNQUOTE_CUNESCAPE_RELAX to the flags. If it succeeds on the second try, it will log a warning about it. If it fails both times, it will log an error. Add test cases to confirm it behaves as expected.
2015-06-17util: New flag UNQUOTE_UNESCAPE_RELAX for unquote_first_wordFilipe Brandenburger
The new flag UNQUOTE_UNESCAPE_RELAX preserves unrecognized escape sequences verbatim in unquote_first_word, either when it's a trailing backslash (similar to UNQUOTE_RELAX, but in this case keep the extra backslash in the output) or in the middle of a sequence string. Add unit test cases to ensure the new flag works as expected and to prevent regressions from being introduced. Tested with a follow up commit converting config_parse_exec() to start using unquote_first_word, in which case this flags makes it possible to preserve unrecognized escape sequences. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-06-17util: Refactor common cunescape block in unquote_first_wordFilipe Brandenburger
2015-06-17Merge pull request #267 from phomes/masterTom Gundersen
sd-dhcp-client: readd deleted error check
2015-06-17Merge pull request #265 from smcv/logind-runtimedir-race-write-earlierLennart Poettering
logind: save /run/systemd/users/UID before starting user@.service
2015-06-17bus: fix installing DRIVER matches on kdbusDavid Herrmann
In kdbus we still have to support org.freedesktop.DBus matches even though there is no real bus driver. The reason is that bus-control.c turns NameOwnerChanged matches into proper kdbus matches. If we drop DRIVER matches early, we will never match on name-changes for kdbus. Two ways to fix this: 1) Install DRIVER matches on kdbus (which is the simple way our and which is what this patch does). 2) Properly fix the scope-detection to let NameOwnerChanged matches through (or better: block anything with Member!=NameOwnerChanged).
2015-06-17sd-dhcp-client: readd deleted error checkThomas Hindoe Paaboel Andersen
Seems to have been removed by mistake in: 9021bb9f935c93b516b10c88db2a212a9e3a8140
2015-06-17Merge pull request #262 from teg/udev-dup-fds-2Kay Sievers
udevd: daemon - connect /dev/null to std{in,out,err} in debug mode
2015-06-17Merge pull request #263 from kaysievers/wipKay Sievers
turn kdbus support into a runtime option
2015-06-17watchdog: Don't require WDIOC_SETOPTIONS/WDIOS_ENABLECARDJean Delvare
Not all watchdog drivers implement WDIOC_SETOPTIONS. Drivers which do not implement it have their device always enabled. So it's fine to report an error if WDIOS_DISABLECARD is passed and the ioctl is not implemented, however failing when WDIOS_ENABLECARD is passed and the ioctl is not implemented is not good: if the device was already enabled then WDIOS_ENABLECARD was a no-op and wasn't needed in the first place. So we can just ignore the error and continue.
2015-06-17Merge pull request #259 from poettering/logind-label-fixTom Gundersen
logind: apply selinux label to XDG_RUNTIME_DIR
2015-06-17udevd: daemon - connect /dev/null to std{in,out,err} in debug modeTom Gundersen
This is essentially a revert of 5c67cf2 and fixes issue #190.
2015-06-17logind: save /run/systemd/users/UID before starting user@.serviceSimon McVittie
Previously, this had a race condition during a user's first login. Some component calls CreateSession (most likely by a PAM service other than 'systemd-user' running pam_systemd), with the following results: - logind: * create the user's XDG_RUNTIME_DIR * tell pid 1 to create user-UID.slice * tell pid 1 to start user@UID.service Then these two processes race: - logind: * save information including XDG_RUNTIME_DIR to /run/systemd/users/UID - the subprocess of pid 1 responsible for user@service: * start a 'systemd-user' PAM session, which reads XDG_RUNTIME_DIR and puts it in the environment * run systemd --user, which requires XDG_RUNTIME_DIR in the environment If logind wins the race, which usually happens, everything is fine; but if the subprocesses of pid 1 win the race, which can happen under load, then systemd --user exits unsuccessfully. To avoid this race, we have to write out /run/systemd/users/UID even though the service has not "officially" started yet; previously this did an early-return without saving anything. Record its state as OPENING in this case. Bug: https://github.com/systemd/systemd/issues/232 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
2015-06-17turn kdbus support into a runtime optionKay Sievers
./configure --enable/disable-kdbus can be used to set the default behavior regarding kdbus. If no kdbus kernel support is available, dbus-dameon will be used. With --enable-kdbus, the kernel command line option "kdbus=0" can be used to disable kdbus. With --disable-kdbus, the kernel command line option "kdbus=1" is required to enable kdbus support.
2015-06-17logind: apply selinux label to XDG_RUNTIME_DIRLennart Poettering
As discussed in #257: we should ensure the selinux label is correctly applied to each user's XDG_RUNTIME_DIR.
2015-06-17libsystemd: remove list of symbols to export only in the futureKay Sievers
2015-06-17Merge pull request #254 from poettering/external-displays2David Herrmann
logind: rework display counting when detecting whether the system is …
2015-06-17tmpfiles: only root-owned aquota.* files are specialZbigniew Jędrzejewski-Szmek
Fixes #188.
2015-06-17logind: rework display counting when detecting whether the system is dockedLennart Poettering
Previously, we'd just count connected displays, and if there was 2 or more we assumed a "docked" state. With this change we now: - Only count external displays, ignore internal ones (which we detect by checking the connector name against a whitelist of known external plug types) - We ignore connectors which are explicitly disabled - We then compare the count with >= 1 rather than >= 2 as before This new logic has the benefit that systems that disconnect the internal display when the lid is closed are better supported. Also, explicitly disabled ports do not confuse the algorithm anymore. This new algorithm has been suggested here: http://lists.freedesktop.org/archives/intel-gfx/2015-June/068821.html This also makes two functions static, that are not used outside of their .c files.
2015-06-17Merge pull request #176 from filbranden/test_cgroup_mask1Lennart Poettering
test-cgroup-mask: unit_get_sibling_mask ignores cgroup_supported
2015-06-17Merge pull request #251 from zonque/signalKay Sievers
core: execute: fix regression in pam_setup()
2015-06-17core: execute: fix regression in pam_setup()Daniel Mack
Commit 72c0a2c25 ("everywhere: port everything to sigprocmask_many() and friends") reworked code tree-wide to use the new sigprocmask_many() helper. In this, it caused a regression in pam_setup, because it dropped a line to initialize the 'ss' signal mask which is later used in sigwait(). While at it, move the variable declaration to an inner scope.
2015-06-17Merge pull request #246 from smcv/xpg-not-xdgLennart Poettering
Stop talking about the "XDG" version of basename()
2015-06-17Stop talking about the "XDG" version of basename()Simon McVittie
XDG refers to X Desktop Group, a former name for freedesktop.org. This group is responsible for specifications like basedirs, .desktop files and icon naming, but as far as I know, it has never tried to redefine basename(). I think these references were meant to say XPG (X/Open Portability Guide), a precursor of POSIX. POSIX is better-known and less easily confused with XDG, and is how the basename(3) man page describes the libgen.h version of basename(). The other version of basename() is glibc-specific and is described in basename(3) as "the GNU version"; specifically mention that version, to disambiguate.
2015-06-17Merge pull request #244 from poettering/sdbus-suppress-localDavid Herrmann
sd-bus: suppress installing local bus matches server side
2015-06-17sd-bus: suppress installing local bus matches server sideLennart Poettering
Matches that can only match against messages from the org.freedesktop.DBus.Local service (or the local interfaces or path) should never be installed server side, suppress them hence. Similar, on kdbus matches that can only match driver messages shouldn't be passed to the kernel.
2015-06-17Merge pull request #239 from dvdhrm/event-assertLennart Poettering
sd-event: make errors on EPOLL_CTL_DEL pseudo-fatal
2015-06-17sd-event: make errors on EPOLL_CTL_DEL pseudo-fatalDavid Herrmann
If we call EPOLL_CTL_DEL, we *REALLY* expect the file-descriptor to be present in that given epoll-set. We actually track such state via our s->io.registered flag, so it better be true. Make sure if that's not true, we treat it similar to assert_return() (ie., print a loud warning).
2015-06-17Merge pull request #240 from kaysievers/wipKay Sievers
build-sys: hide magic section variables from exported symbols
2015-06-17Merge pull request #238 from dvdhrm/udev-epollKay Sievers
udev: don't close FDs before dropping them from epoll
2015-06-17build-sys: hide magic section variables from exported symbolsKay Sievers
https://github.com/systemd/systemd/issues/234
2015-06-17udev: don't close FDs before dropping them from epollDavid Herrmann
Make sure we never close fds before we drop their related event-source. This will cause horrible disruptions if the fd-num is re-used by someone else. Under normal conditions, this should not cause any problems as the close() will drop the fd from the epoll-set automatically. However, this changes if you have any child processes with a copy of that fd. This fixes issue #163. Background: If you create an epoll-set via epoll_create() (lets call it 'EFD') you can add file-descriptors to it to watch for events. Whenever you call EPOLL_CTL_ADD on a file-descriptor you want to watch, the kernel looks up the attached "struct file" pointer, that this FD refers to. This combination of the FD-number and the "struct file" pointer is used as key to link it into the epoll-set (EFD). This means, if you duplicate your file-descriptor, you can watch this file-descriptor, too (because the duplicate will have a different FD-number, hence, the combination of FD-number and "struct file" is different as before). If you want to stop watching an FD, you use EPOLL_CTL_DEL and pass the FD to the kernel. The kernel again looks up your file-descriptor in your FD-table to find the linked "struct file". This FD-number and "struct file" combination is then dropped from the epoll-set (EFD). Last, but not least: If you close a file-descriptor that is linked to an epoll-set, the kernel does *NOTHING* regarding the epoll-set. This is a vital observation! Because this means, your epoll_wait() calls will still return the metadata you used to watch/subscribe your file-descriptor to events. There is one exception to this rule: If the file-descriptor that you just close()ed was the last FD that referred to the underlying "struct file", then _all_ epoll-set watches/subscriptions are destroyed. Hence, if you never dup()ed your FD, then a simple close() will also unsubscribe it from any epoll-set. With this in mind, lets look at fork(): Assume you have an epoll-set (EFD) and a bunch of FDs subscribed to events on that EFD. If you now call fork(), the new process gets a copy of your file-descriptor table. This means, the whole table is copied and the "struct file" reference of each FD is increased by 1. It is important to notice that the FD-numbers in the child are exactly the same as in the parent (eg., FD #5 in the child refers to the same "struct file" as FD #5 in the parent). This means, if the child calls EPOLL_CTL_DEL on an FD, the kernel will look up the linked "struct file" and drop the FD-number and "struct file" combination from the epoll-set (EFD). However, this will effectively drop the subscription that was installed by the parent. To sum up: even though the child gets a duplicate of the EFD and all FDs, the subscriptions in the EFD are *NOT* duplicated! Now, with this in mind, lets look at what udevd does: Udevd has a bunch of file-descriptors that it watches in its sd-event main-loop. Whenever a uevent is received, the event is dispatched on its workers. If no suitable worker is present, a new worker is fork()ed to handle the event. Inside of this worker, we try to free all resources we inherited. However, the fork() call is done from a call-stack that is never rewinded. Therefore, this call stack might own references that it drops once it is left. Those references we cannot deduce from the fork()'ed process; effectively causing us to leak objects in the worker (eg., the call to sd_event_dispatch() that dispatched our uevent owns a reference to the sd_event object it used; and drops it again once the function is left). (Another example is udev_monitor_ref() for each 'worker' that is also inherited by all children; thus keeping the udev-monitor and the uevent-fd alive in all children (which is the real cause for bug #163)) (The extreme variant is sd_event_source_unref(), which explicitly keeps event-sources alive, if they're currently dispatched, knowing that the dispatcher will free the event once done. But if the dispatcher is in the parent, the child will never ever free that object, thus leaking it) This is usually not an issue. However, if such an object has a file-descriptor embedded, this FD is left open and never closed in the child. In manager_exit(), if we now destroy an object (i.e., close its embedded file-descriptor) before we destroy its related sd_event_source, then sd-event will not be able to drop the FD from the epoll-set (EFD). This is, because the FD is no longer valid at the time we call EPOLL_CTL_DEL. Hence, the kernel cannot figure out the linked "struct file" and thus cannot remove the FD-number plus "struct file" combination; effectively leaving the subscription in the epoll-set. Since we leak the uevent-fd in the children, they retain a copy of the FD pointing to the same "struct file". Thus, the EFD-subscription are not automatically removed by close() (as described above). Therefore, the main daemon will still get its metadata back on epoll_watch() whenever an event occurs (even though it already freed the metadata). This then causes the free-after-use bug described in #163. This patch fixes the order in which we destruct objects and related sd-event-sources. Some open questions remain: * Why does source_io_unregister() not warn on EPOLL_CTL_DEL failures? This really needs to be turned into an assert_return(). * udevd really should not leak file-descriptors into its children. Fixing this would *not* have prevented this bug, though (since the child-setup is still async). It's non-trivial to fix this, though. The stack-context of the caller cannot be rewinded, so we cannot figure out temporary refs. Maybe it's time to exec() the udev-workers? * Why does the kernel not copy FD-subscriptions across fork()? Or at least drop subscriptions if you close() your FD (it uses the FD-number as key, so it better subscribe to it)? Or it better used FD+"struct file_table*"+"struct file*" as key to not allow the childen to share the subscription table.. *sigh* Seems like we have to live with that API forever.
2015-06-16Merge pull request #231 from tixxdz/nspawn-userns-fixes-2Lennart Poettering
nspawn: check if kernel supports userns as early as possible
2015-06-16nspawn: check if kernel supports userns as early as possibleDjalal Harouni
If the kernel do not support user namespace then one of the children created by nspawn parent will fail at clone(CLONE_NEWUSER) with the generic error EINVAL and without logging the error. At the same time the parent may also try to setup the user namespace and will fail with another error. To improve this, check if the kernel supports user namespace as early as possible.