From b011116d1829bde044a638cbabfb070a7e0e8fa7 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 9 Oct 2011 15:54:20 +0200 Subject: update TODO --- TODO | 2 ++ 1 file changed, 2 insertions(+) (limited to 'TODO') diff --git a/TODO b/TODO index efe27bb7d8..e08097c29c 100644 --- a/TODO +++ b/TODO @@ -18,6 +18,8 @@ Bugfixes: * make polkit checks async Features: +* if we can not get user quota for tmpfs, mount a separate tmpfs instance + for every user in /run/user/$USER with a configured maximum size * bind mounts should be ordered after remount-root-fs.service -- cgit v1.2.3-54-g00ecf From 65c0cf7108ae3537a357c74b4586a783baba82f9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 10 Oct 2011 22:22:47 +0200 Subject: update TODO --- TODO | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'TODO') diff --git a/TODO b/TODO index e08097c29c..2d1cde53ef 100644 --- a/TODO +++ b/TODO @@ -17,12 +17,18 @@ Bugfixes: * make polkit checks async +* logind is leaking fifos? + Features: * if we can not get user quota for tmpfs, mount a separate tmpfs instance for every user in /run/user/$USER with a configured maximum size * bind mounts should be ordered after remount-root-fs.service +* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max + +* increase RLIMIT_NOFILE for logind, logger by default + * add an option to make mounts private/shareable and so on, enable this for root by default * internal restart counter for units (focus on auto-respawn) -- cgit v1.2.3-54-g00ecf From effe639c6a66123a7c6626cb9129f6bcbb41b3ae Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 11 Oct 2011 01:00:08 +0200 Subject: update TODO --- TODO | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'TODO') diff --git a/TODO b/TODO index 2d1cde53ef..f662104b2c 100644 --- a/TODO +++ b/TODO @@ -20,6 +20,13 @@ Bugfixes: * logind is leaking fifos? Features: + +* ConditionCapability= + +* order network mounts after network-fs-ready.target or so + +* read fedora style timezone name config for compat + * if we can not get user quota for tmpfs, mount a separate tmpfs instance for every user in /run/user/$USER with a configured maximum size -- cgit v1.2.3-54-g00ecf From a724d2ed799a8985193ba70c5c3e76f621815e10 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 11 Oct 2011 04:23:35 +0200 Subject: timedate: fall back to /etc/sysconfig/clock on Fedora, for compatibility with legacy --- TODO | 6 +----- src/timedated.c | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 7 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index f662104b2c..aa51332c05 100644 --- a/TODO +++ b/TODO @@ -17,21 +17,17 @@ Bugfixes: * make polkit checks async -* logind is leaking fifos? +* fail gracefully if logind reaches it RLIMIT_NFILES for fifos Features: * ConditionCapability= -* order network mounts after network-fs-ready.target or so - * read fedora style timezone name config for compat * if we can not get user quota for tmpfs, mount a separate tmpfs instance for every user in /run/user/$USER with a configured maximum size -* bind mounts should be ordered after remount-root-fs.service - * default to actual 32bit PIDs, via /proc/sys/kernel/pid_max * increase RLIMIT_NOFILE for logind, logger by default diff --git a/src/timedated.c b/src/timedated.c index f6fe2d83b6..16f54b59d2 100644 --- a/src/timedated.c +++ b/src/timedated.c @@ -170,8 +170,24 @@ static int read_data(void) { free_data(); r = read_one_line_file("/etc/timezone", &zone); - if (r < 0 && r != -ENOENT) - return r; + if (r < 0) { + if (r != -ENOENT) + log_warning("Failed to read /etc/timezone: %s", strerror(-r)); + +#ifdef TARGET_FEDORA + r = parse_env_file("/etc/sysconfig/clock", NEWLINE, + "ZONE", &zone, + NULL); + + if (r < 0 && r != -ENOENT) + log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r)); +#endif + } + + if (isempty(zone)) { + free(zone); + zone = NULL; + } verify_timezone(); -- cgit v1.2.3-54-g00ecf From 688c56ff7d124124007761f917a2950364509043 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 11 Oct 2011 04:43:01 +0200 Subject: logind: fail gracefully if too many sessions are created https://bugzilla.redhat.com/show_bug.cgi?id=744726 --- TODO | 4 ---- src/logind-dbus.c | 7 +++++-- 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index aa51332c05..779d1a30dd 100644 --- a/TODO +++ b/TODO @@ -17,14 +17,10 @@ Bugfixes: * make polkit checks async -* fail gracefully if logind reaches it RLIMIT_NFILES for fifos - Features: * ConditionCapability= -* read fedora style timezone name config for compat - * if we can not get user quota for tmpfs, mount a separate tmpfs instance for every user in /run/user/$USER with a configured maximum size diff --git a/src/logind-dbus.c b/src/logind-dbus.c index bc1e49d18f..0550d1bd1c 100644 --- a/src/logind-dbus.c +++ b/src/logind-dbus.c @@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler( } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) { r = bus_manager_create_session(m, message, &reply); - if (r == -ENOMEM) - goto oom; + + /* Don't delay the work on OOM here, since it might be + * triggered by a low RLIMIT_NOFILE here (since we + * send a dupped fd to the client), and we'd rather + * see this fail quickly then be retried later */ if (r < 0) return bus_send_error_reply(connection, message, &error, r); -- cgit v1.2.3-54-g00ecf From f84aea434f2b014716ce9067f0af4db24a91a7c4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 11 Oct 2011 04:43:29 +0200 Subject: units: increase LimitNOFILE a bit since we need one fd per session (for logind) and one fd per service (for stdout-syslog-bridge) increase the default rlimit a bit. --- TODO | 2 -- units/systemd-logind.service.in | 4 ++++ units/systemd-stdout-syslog-bridge.service.in | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 779d1a30dd..99e026e3c1 100644 --- a/TODO +++ b/TODO @@ -26,8 +26,6 @@ Features: * default to actual 32bit PIDs, via /proc/sys/kernel/pid_max -* increase RLIMIT_NOFILE for logind, logger by default - * add an option to make mounts private/shareable and so on, enable this for root by default * internal restart counter for units (focus on auto-respawn) diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 82a2c6a0ca..4241b8b320 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -16,3 +16,7 @@ Type=dbus BusName=org.freedesktop.login1 CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER StandardOutput=syslog + +# Increase the default a bit in order to allow many simultaneous +# logins since we keep one fd open per session. +LimitNOFILE=16384 diff --git a/units/systemd-stdout-syslog-bridge.service.in b/units/systemd-stdout-syslog-bridge.service.in index 23a5137068..4626145476 100644 --- a/units/systemd-stdout-syslog-bridge.service.in +++ b/units/systemd-stdout-syslog-bridge.service.in @@ -18,3 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-stdout-syslog-bridge NotifyAccess=all StandardOutput=null CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID + +# Increase the default a bit in order to allow many simultaneous +# services being run since we keep one fd open per service. +LimitNOFILE=16384 -- cgit v1.2.3-54-g00ecf From 62590f23c14d06e33bb1712a5e3cf04f12f189cb Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 11 Oct 2011 15:16:52 +0200 Subject: unit: introduce ConditionCapability --- TODO | 2 +- man/systemd.unit.xml | 24 +++++++++++++++++++----- src/condition.c | 34 ++++++++++++++++++++++++++++++++++ src/condition.h | 1 + src/load-fragment-gperf.gperf.m4 | 1 + 5 files changed, 56 insertions(+), 6 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 99e026e3c1..9149018134 100644 --- a/TODO +++ b/TODO @@ -19,7 +19,7 @@ Bugfixes: Features: -* ConditionCapability= +* unset container= in PID1? * if we can not get user quota for tmpfs, mount a separate tmpfs instance for every user in /run/user/$USER with a configured maximum size diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index e47c14679e..897f99f24c 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -673,6 +673,7 @@ ConditionKernelCommandLine= ConditionVirtualization= ConditionSecurity= + ConditionCapability= ConditionNull= Before starting a unit @@ -749,9 +750,9 @@ value to check if being executed in any virtualized environment, or one of vm and - container to test against - a specific type of virtualization - solution, or one of + container to test + against a specific type of + virtualization solution, or one of qemu, kvm, vmware, @@ -775,7 +776,19 @@ system. Currently the only recognized value is selinux. The test may be negated by prepending - an exclamation mark. Finally, + an exclamation + mark. ConditionCapability= + may be used to check whether the given + capability exists in the capability + bounding set of the service manager + (i.e. this does not check whether + capability is actually available in + the permitted or effective sets, see + capabilities7 + for details). Pass a capability name + such as CAP_MKNOD, + possibly prefixed with an exclamation + mark to negate the check. Finally, ConditionNull= may be used to add a constant condition check value to the unit. It takes a @@ -932,7 +945,8 @@ systemd.target5, systemd.path5, systemd.timer5, - systemd.snapshot5 + systemd.snapshot5, + capabilities7 diff --git a/src/condition.c b/src/condition.c index 07624c841d..f18c45421a 100644 --- a/src/condition.c +++ b/src/condition.c @@ -23,6 +23,7 @@ #include #include #include +#include #ifdef HAVE_SELINUX #include @@ -159,6 +160,36 @@ static bool test_security(const char *parameter) { return false; } +static bool test_capability(const char *parameter) { + cap_value_t value; + FILE *f; + char line[LINE_MAX]; + unsigned long long capabilities = (unsigned long long) -1; + + /* If it's an invalid capability, we don't have it */ + + if (cap_from_name(parameter, &value) < 0) + return false; + + /* If it's a valid capability we default to assume + * that we have it */ + + f = fopen("/proc/self/status", "re"); + if (!f) + return true; + + while (fgets(line, sizeof(line), f)) { + truncate_nl(line); + + if (startswith(line, "CapBnd:")) { + (void) sscanf(line+7, "%llx", &capabilities); + break; + } + } + + return !!(capabilities & (1ULL << value)); +} + bool condition_test(Condition *c) { assert(c); @@ -214,6 +245,9 @@ bool condition_test(Condition *c) { case CONDITION_SECURITY: return test_security(c->parameter) == !c->negate; + case CONDITION_CAPABILITY: + return test_capability(c->parameter) == !c->negate; + case CONDITION_NULL: return !c->negate; diff --git a/src/condition.h b/src/condition.h index dd65aa6054..71b1c6761e 100644 --- a/src/condition.h +++ b/src/condition.h @@ -37,6 +37,7 @@ typedef enum ConditionType { CONDITION_KERNEL_COMMAND_LINE, CONDITION_VIRTUALIZATION, CONDITION_SECURITY, + CONDITION_CAPABILITY, CONDITION_NULL, _CONDITION_TYPE_MAX, _CONDITION_TYPE_INVALID = -1 diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4 index 7749b88dfb..41797d20c0 100644 --- a/src/load-fragment-gperf.gperf.m4 +++ b/src/load-fragment-gperf.gperf.m4 @@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable, config_parse_unit_condition_path, CONDITION_F Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0 Unit.ConditionVirtualization, config_parse_unit_condition_string, CONDITION_VIRTUALIZATION, 0 Unit.ConditionSecurity, config_parse_unit_condition_string, CONDITION_SECURITY, 0 +Unit.ConditionCapability, config_parse_unit_condition_string, CONDITION_CAPABILITY, 0 Unit.ConditionNull, config_parse_unit_condition_null, 0, 0 m4_dnl Service.PIDFile, config_parse_unit_path_printf, 0, offsetof(Service, pid_file) -- cgit v1.2.3-54-g00ecf