With this new API sd-bus can synthesize a local "Connected" signal when
the connection is fully established. It mirrors the local "Disconnected"
signal that is already generated when the connection is terminated. This
is useful to be notified when connection setup is done, in order to
start method calls then, in particular when using "slow" connection
methods (for example slow TCP, or most importantly the "watch_bind"
inotify logic).
Note that one could also use hook into the initial NameAcquired signal
received from the bus broker, but that scheme works only if we actually
connect to a bus. The benefit of "Connected" OTOH is that it works with
any kind of connection.
Ideally, we'd just generate this message unconditionally, but in order
not to break clients that do not expect this message it is opt-in.
This new call is much light sd_bus_is_open(), but returns true only if
the connection is fully set up, i.e. after we finished with the
authentication and Hello() phase. This API is useful for clients in
particular when using the "watch_bind" feature, as that way it can be
determined in advance whether it makes sense to sync on some operation.
Let's directly reference /run instead, so that we can work without /var
being around, or with /var/run being incorrectly set up.
Note that we keep the old socket path in place when referencing the
system bus of containers, as they might be foreign operating systems,
that still don't have adopted /run, and where it makes sense to use the
standardized name instead. On local systems, we insist on /run being set
up properly however, hence this limitation does not apply.
Also, get rid of the UNIX_SYSTEM_BUS_ADDRESS and
UNIX_USER_BUS_ADDRESS_FMT defines. They had a purpose when we still did
kdbus, as we then had to support two different backends. But since
that's gone, we don't need this indirection anymore, hence settle on a
one define only.
Let's remove a number of synchronization points from our service
startups: let's drop synchronous match installation, and let's opt for
asynchronous instead.
Also, let's use sd_bus_match_signal() instead of sd_bus_add_match()
where we can.
These are convenience helpers that hide the match string logic (which we
probably should never have exposed), and instead just takes regular C
arguments.
We usually enqueue a number of these calls on each service
initialization. Let's do this asynchronously, and thus remove
synchronization points. This improves both performance behaviour and
reduces the chances to deadlock.
We currently wait for the RemoveMatch() reply, but then ignore what it
actually says. Let's optimize this a bit, and not even ask for an answer
back: just enqueue the RemoveMatch() operation, and do not request not
wait for any answer.
They do the same thing as their synchronous counterparts, but only
enqueue the operation, thus removing synchronization points during
service initialization.
If the callback function is passed as NULL we'll fallback to generic
implementations of the reply handlers, that terminate the connection if
the requested name cannot be acquired, under the assumption that not
being able to acquire the name is a technical problem.
When kdbus was still around we always had two implementations of the
various control calls: one for dbus1 and one for kdbus. Let'sget rid of
this, simplify things, and just merge the wrappers that used to
multiplex this with the implementations.
No change in behaviour, just some merging of functions
Currently, reply callback timeouts are started the instant the method
calls are enqueued, which can be very early on. For example, the Hello()
method call is enqueued right when sd_bus_start() is called, i.e. before
the socket connection and everything is established.
With this change we instead start the method timeout the moment we
actually leave the authentication phase of the connection. This way, the
timeout the kernel applies on socket connecting, and we apply on the
authentication phase no longer runs in parallel to the Hello() method
call, but all three run serially one after the other, which is
definitely a cleaner approach.
Moreover, this makes the "watch bind" feature a lot more useful, as it
allows enqueuing method calls while we are still waiting for inotify
events, without them timeouting until the connection is actually
established, i.e. when the method call actually has a chance of being
actually run.
This is a change of behaviour of course, but I think the new behaviour
is much better than the old one, since we don't race timeouts against
each other anymore...
This adds a "watch-bind" feature to sd-bus connections. If set and the
AF_UNIX socket we are connecting to doesn't exist yet, we'll establish
an inotify watch instead, and wait for the socket to appear. In other
words, a missing AF_UNIX just makes connecting slower.
This is useful for daemons such as networkd or resolved that shall be
able to run during early-boot, before dbus-daemon is up, and want to
connect to dbus-daemon as soon as it becomes ready.
If we can't process the bus for some reason we shouldn't just disable
the event source, but log something and give up on the connection. Hence
do that, and disconnect.
Currently, when sd-bus is used to issue a method call, and we get a
reply and the specified reply handler fails, we log this locally at
debug priority and proceed. The idea is that a bad server-side reply
should not be fatal for the program, except when the developer
explicitly terminates the event loop.
The reply to the initial Hello() method call we issue when joining a bus
should not be handled like that however. Instead, propagate the error
immediately, as anything that is wrong with the Hello() reply should be
considered a fatal connection problem.
This is useful so that callers know whether anything at all and how much
was flushed.
This patches through users of this functions to ensure that the return
values > 0 which may be returned now are not propagated in public APIs.
Also, users that ignore the return value are changed to do so explicitly
now.
Also, drop UID/GID validity checks from getpeercred() as the kernel will
never pass us invalid UID/GID on userns, but the overflow UID/GID
instead. Add a comment about this.
This ensures that in all threads we fork off in the background in our
code we mask out all signals, so that our thread won't end up getting
signals delivered the main process should be getting.
We always set the signal mask before forking off the thread, so that the
thread has the right mask set from its earliest existance on.
Using wait_for_terminate_and_check() instead of wait_for_terminate()
let's us simplify, shorten and unify the return value checking and
logging of waitid(). Hence, let's use it all over the place.
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
We already use the "_static" suffix for libshared_static ("shared" is the name
of the library, "static" is the format) and other libs, so let's rename for
consistency.
Also change libsystemd_static_sources to libsystemd_sources, since the same
list is used for both and shorter is better.
Quoting Lennart Poettering in
https://github.com/systemd/systemd/pull/6464#issuecomment-319029293:
> If the kernel allows us to query that data we should also be Ok with passing
> it on to our own caller, regardless if selinux is technically on or off...
The advantage is that this allows gcc to be smarter and reduce linkage:
(before)$ ldd build/libnss_systemd.so.2
linux-vdso.so.1 (0x00007ffeb46ff000)
librt.so.1 => /lib64/librt.so.1 (0x00007f2f60da6000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f2f60ba1000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2f60978000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2f60759000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2f60374000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2f61294000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f2f600f0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f2f5feec000)
(after )$ ldd build/libnss_systemd.so.2
linux-vdso.so.1 (0x00007ffe5f543000)
librt.so.1 => /lib64/librt.so.1 (0x00007f427dcaa000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f427daa5000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f427d886000)
libc.so.6 => /lib64/libc.so.6 (0x00007f427d4a1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f427e196000)
Note that this only works in conjuction with the previous commit: either
of the two commits alone does not have the desired effect on linkage.
Replaces #6464.
Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f,
FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*,
instead of doing individual per-call decision whether to use normal
calls or _unlocked() calls.
This has various benefits:
1. It's easier to read and easier not to forget
2. It's more comprehensive, as fprintf() and friends are covered too
(as these functions have no _unlocked() counterpart)
3. Philosophically, it's a bit more correct, because it's more a
property of the file handle really whether we ever pass it on to another
thread, not of the operations we then apply to it.
This patch reworks all pieces of codes that so far used fxyz_unlocked()
calls to use __fsetlocking() instead. It also reworks all places that
use open_memstream(), i.e. use stdio FILE* for string manipulations.
Note that this in some way a revert of 4b61c87511.
RequiredForOnline= denotes a link/network that does/does not require being up
for systemd-networkd-wait-online to consider the system online; this makes it
possible to ignore devices without modifying parameters to wait-online.
If test-resolve is running in some CI environment that doesn't have
reliably working DNS, it's a good idea not to hang forever, let's
time-out after 20s
Similar to the virtual ethernet driver veth, vxcan implements a
local CAN traffic tunnel between two virtual CAN network devices.
When creating a vxcan, two vxcan devices are created as pair
When one end receives the packet it appears on its pair and vice
versa. The vxcan can be used for cross namespace communication.
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
THe match cookie was used by kdbus to identify matches we install
uniquely. But given that kdbus is gone, the cookie serves no process
anymore, let's kill it.
When debug logging is enabled we show brief information about every bus
message we send or receieve. Pretty much all information is shown,
except for the error name if a message is an error (interestingly we do
print the error text however). Fix that, and add the error name as well.
This makes it possible to run more dbus tests in a build
environment/chroot where no system bus is available.
To run the dbus test one then can use dbus-run-session.
It's confusing to use a single void* to store data with two different
types, i.e. a userdata value which is safe to pass to ->find(), and a
userdata value which identifies the found object.
Name the latter `found_u`. This naming treats (!c->find) as a degenerate
case. (I.e. at that point, we know the object has already been found :).
Before this commit, if you run `loginctl user-status` from
debug-shell.service (and you have no login sessions for root), you always
see this output:
0
Linger: no
because Properties.GetAll is returning success but without any properties,
when the only find() callback had returned 0 to mean "no object found".
After:
Could not get properties: Unknown object:
'/org/freedesktop/login1/user/self'
BTW I have a fix for more user-friendly messages from logind in this case.
It is pending in my local branch for #6829 "fix `loginctl enable-linger`".
Routing Policy rule manipulates rules in the routing policy database control the
route selection algorithm.
This work supports to configure Rule
```
[RoutingPolicyRule]
TypeOfService=0x08
Table=7
From= 192.168.100.18
```
```
ip rule show
0: from all lookup local
0: from 192.168.100.18 tos 0x08 lookup 7
```
V2 changes:
1. Added logic to handle duplicate rules.
2. If rules are changed or deleted and networkd restarted
then those are deleted when networkd restarts next time
V3:
1. Add parse_fwmark_fwmask
As it turns out the authentication phase times out too often than is
good, mostly due to PRNG pools not being populated during boot. Hence,
let's increase the authentication timeout from 25s to 90s, to cover for
that.
(Note that we leave the D-Bus method call timeout at 25s, matching the
reference implementation's value. And if the auth phase managed to
complete then the pools should be populated enough and mehtod calls
shouldn't take needlessly long anymore).
Fixes: #6418
Newer kernels will emit uevents with "bind" and "unbind" actions. These
uevents will be issued when driver is bound to or unbound from a device.
"Bind" events are helpful when device requires a firmware to operate
properly, and driver is unable to create a child device before firmware
is properly loaded.
For some reason systemd validates actions and drops the ones it does not
know, instead of passing them on through as old udev did, so we need to
explicitly teach it about them.
This prevents `systemctl` from runnning /bin/touch when the following
command is used:
```
systemctl -H '-oProxyCommand=/bin/touch i-shouldnt-be-here' show-environment
```
If a message is too large to fit into the output buffer, it will be
transmitted to the kernel in several chunks. However, the FDs must
only ever be transmitted once or they will bereceived by the remote
end repeatedly.
The D-Bus specification disallows several sets of FDs attached to
one message, however, the reference implementation of D-Bus will
not reject such a message, rather it will reassign the duplicate
FDs to subsequent FD-carrying messages.
This attaches the FD array only to the first byte of the message.
Observed when running from the console of a systemd nspawn container
(see failure below).
The value of r was tested, when r was last set by
sd_session_can_graphical(). This did not correspond to the value expected.
Fix the code, so we compare relevant values now. Hopefully :).
Test failure
------------
/* Information printed is from the live system */
sd_pid_get_unit(0, …) → "session-13.scope"
sd_pid_get_user_unit(0, …) → "n/a"
sd_pid_get_slice(0, …) → "user-1000.slice"
sd_pid_get_session(0, …) → "13"
sd_pid_get_owner_uid(0, …) → 1000
sd_pid_get_cgroup(0, …) → "/user.slice/user-1000.slice/session-13.scope"
sd_uid_get_display(1000, …) → "13"
sd_uid_get_sessions(1000, …) → [2] "15 13"
sd_uid_get_seats(1000, …) → [1] "seat0"
sd_session_is_active("13") → yes
sd_session_is_remote("13") → no
sd_session_get_state("13") → "active"
sd_session_get_uid("13") → 1000
sd_session_get_type("13") → "tty"
sd_session_get_class("13") → "user"
sd_session_get_display("13") → "n/a"
sd_session_get_remote_user("13") → "n/a"
sd_session_get_remote_host("13") → "n/a"
sd_session_get_seat("13") → "seat0"
sd_session_can_multi_seat("seat0") → no
sd_session_can_tty("seat0") → no
sd_session_can_graphical("seat0") → no
sd_uid_get_state(1000, …) → active
Assertion '!!k == !!r' failed at ../src/libsystemd/sd-login/test-login.c:191, function test_login(). Aborting.
Fixes:
```
$ env -i valgrind --leak-check=full ./build/test-bus-chat
...
==7763== 1,888 (1,824 direct, 64 indirect) bytes in 1 blocks are
definitely lost in loss record 2 of 2
==7763== at 0x4C2FA50: calloc (vg_replace_malloc.c:711)
==7763== by 0x4F8FF9A: sd_bus_new (sd-bus.c:175)
==7763== by 0x4F938BF: sd_bus_open_user (sd-bus.c:1138)
==7763== by 0x109ACD: server_init (test-bus-chat.c:70)
==7763== by 0x10BCF8: main (test-bus-chat.c:526)
==7763==
```
Closes#6481
Let's add a proper validation function, since validation isn't entirely
trivial. Make use of it where applicable. Also make use of
AUDIT_SESSION_INVALID where we need a marker for an invalid audit
session.
Some kdbus_flag and memfd related parts are left behind, because they
are entangled with the "legacy" dbus support.
test-bus-benchmark is switched to "manual". It was already broken before
(in the non-kdbus mode) but apparently nobody noticed. Hopefully it can
be fixed later.
As a follow-up for db3f45e2d2 let's do the
same for all other cases where we create a FILE* with local scope and
know that no other threads hence can have access to it.
For most cases this shouldn't change much really, but this should speed
dbus introspection and calender time formatting up a bit.
This moves pretty much all uses of getpid() over to getpid_raw(). I
didn't specifically check whether the optimization is worth it for each
replacement, but in order to keep things simple and systematic I
switched over everything at once.
During early boot, we'd call getrandom(), and immediately fall back to
reading from /dev/urandom unless we got the full requested number of bytes.
Those two sources are the same, so the most likely result is /dev/urandom
producing some pseudorandom numbers for us, complaining widely on the way.
Let's change our behaviour to be more conservative:
- if the numbers are only used to initialize a hash table, a short read is OK,
we don't really care if we get the first part of the seed truly random and
then some pseudorandom bytes. So just do that and return "success".
- if getrandom() returns -EAGAIN, fall back to rand() instead of querying
/dev/urandom again.
The idea with those two changes is to avoid generating a warning about
reading from an /dev/urandom when the kernel doesn't have enough entropy.
- only in the cases where we really need to make the best effort possible
(sd_id128_randomize and firstboot password hashing), fall back to
/dev/urandom.
When calling getrandom(), drop the checks whether the argument fits in an int —
getrandom() should do that for us already, and we call it with small arguments
only anyway.
Note that this does not really change the (relatively high) number of random
bytes we request from the kernel. On my laptop, during boot, PID 1 and all
other processes using this code through libsystemd request:
74780 bytes with high_quality_required == false
464 bytes with high_quality_required == true
and it does not eliminate reads from /dev/urandom completely. If the kernel was
short on entropy and getrandom() would fail, we would fall back to /dev/urandom
for those 464 bytes.
When falling back to /dev/urandom, don't lose the short read we already got,
and just read the remaining bytes.
If getrandom() syscall is not available, we fall back to /dev/urandom same
as before.
Fixes#4167 (possibly partially, let's see).
Newer D-Bus versions implement the GetConnectionCredentials() driver
call to get all connection creds in one go. Make use of that to reduce
the number of bus calls we do.
When only a single credential field is queried we will still use the old
calls, which we'll also use if the new call isn't implemented.
The bus driver service is always implemented by the owner of the bus,
hence let's shortcut the credential operation and use our cached data.
This makes sure things simply work, given that dbus itself doesn't
support GetConnectionSELinuxSecurityContext() on the bus driver name
itself.
Fixes: #6120
Previously we'd propagate errors returned by user callbacks configured
in vtables back to the users only for method handlers and property
get/set handlers. This does the same for child enumeration and when we
check whether a fallback unit exists.
Without this the failure will be treated as a non-recoverable connection
error and result in connection termination.
Fixes: #6059
This prevents udev from reading the data after freeing it.
See https://github.com/systemd/systemd/issues/6040#issuecomment-306589836
==264== Invalid read of size 1
==264== at 0x4C2E112: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x5943EBD: strdup (in /usr/lib/libc-2.25.so)
==264== by 0x13E263: device_add_property_aux (sd-device.c:122)
==264== by 0x14788C: device_add_property_internal (sd-device.c:150)
==264== by 0x14788C: device_rename (device-private.c:786)
==264== by 0x120DB6: udev_device_rename (libudev-device-private.c:213)
==264== by 0x120DB6: udev_event_execute_rules (udev-event.c:895)
==264== by 0x120DB6: worker_spawn (udevd.c:456)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264== Address 0x7b251a0 is 0 bytes inside a block of size 5 free'd
==264== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x13E2A2: freep (alloc-util.h:57)
==264== by 0x13E2A2: device_add_property_aux (sd-device.c:111)
==264== by 0x147873: device_add_property_internal (sd-device.c:150)
==264== by 0x147873: device_rename (device-private.c:781)
==264== by 0x120DB6: udev_device_rename (libudev-device-private.c:213)
==264== by 0x120DB6: udev_event_execute_rules (udev-event.c:895)
==264== by 0x120DB6: worker_spawn (udevd.c:456)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264== Block was alloc'd at
==264== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x5943EC9: strdup (in /usr/lib/libc-2.25.so)
==264== by 0x13E263: device_add_property_aux (sd-device.c:122)
==264== by 0x143B45: device_add_property_internal (sd-device.c:150)
==264== by 0x143B45: device_amend.lto_priv.235 (device-private.c:454)
==264== by 0x1387B7: device_append (device-private.c:516)
==264== by 0x1387B7: device_new_from_nulstr (device-private.c:620)
==264== by 0x1387B7: udev_device_new_from_nulstr (libudev-device-private.c:268)
==264== by 0x1387B7: udev_monitor_receive_device (libudev-monitor.c:682)
==264== by 0x11FC69: worker_spawn (udevd.c:509)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264==
This prevents udev from double-freeing and crashing.
See https://github.com/systemd/systemd/issues/6040#issuecomment-306589836
==351== Invalid free() / delete / delete[] / realloc()
==351== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x13CBE8: hashmap_clear_free_free (hashmap.c:900)
==351== by 0x13CBE8: hashmap_free_free_free (hashmap.c:852)
==351== by 0x147F4F: sd_device_unref (sd-device.c:88)
==351== by 0x130CCC: udev_device_unref (libudev-device.c:552)
==351== by 0x130CD5: udev_device_unref (libudev-device.c:553)
==351== by 0x11FBBB: worker_spawn (udevd.c:488)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
==351== Address 0x81745b0 is 0 bytes inside a block of size 1 free'd
==351== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x1447F0: freep (alloc-util.h:57)
==351== by 0x1447F0: sd_device_set_sysattr_value (sd-device.c:1859)
==351== by 0x132081: udev_device_set_sysattr_value (libudev-device.c:849)
==351== by 0x12E777: set_trackpoint_sensitivity (udev-builtin-keyboard.c:180)
==351== by 0x12E777: builtin_keyboard.lto_priv.170 (udev-builtin-keyboard.c:263)
==351== by 0x14D03F: udev_builtin_run.constprop.75 (udev-builtin.c:133)
==351== by 0x11FAEB: udev_event_execute_run (udev-event.c:957)
==351== by 0x11FAEB: worker_spawn (udevd.c:461)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
==351== Block was alloc'd at
==351== at 0x4C2CF35: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x144853: sd_device_set_sysattr_value (sd-device.c:1888)
==351== by 0x132081: udev_device_set_sysattr_value (libudev-device.c:849)
==351== by 0x12E777: set_trackpoint_sensitivity (udev-builtin-keyboard.c:180)
==351== by 0x12E777: builtin_keyboard.lto_priv.170 (udev-builtin-keyboard.c:263)
==351== by 0x14D03F: udev_builtin_run.constprop.75 (udev-builtin.c:133)
==351== by 0x11FAEB: udev_event_execute_run (udev-event.c:957)
==351== by 0x11FAEB: worker_spawn (udevd.c:461)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
This adds /sys/firmware lookup for sysname when creating a new device,
which allows device-tree properties lookup. This look-up can then be
used in udev rules, allowing device-tree-based model detection.
The code is mostly correct, but gcc is trying to outsmart us, and emits a
warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&n, ":1.%llu", name->id) < 0) {
^
src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
^
This is hard to work around properly, because kdbus.h uses __u64 which is
defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
solution of using %PRIu64 fails on amd64:
src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
^~~~~~
Let's just avoid the whole issue for now by silencing the warning.
After the next release, we should just get rid of the kdbus code.
Fixes#5561.
Other functions in sd-login generally allow the output parameter to be NULL, in
which case only the number of items that would be stored in the array is returned.
Be nice and do the same here.
C.f. 0543105b0f.
This makes if /run/systemd/{seats,sessions,users} are missing, then
sd_get_seats(), sd_get_sessions() and sd_get_uids() return 0, that is,
an empty list, instead of -ENOENT.
The -ENOMEDIUM return value was introduced in v232-1001-g2977724b09,
('core: make hybrid cgroup unified mode keep compat /sys/fs/cgroup/systemd hierarchy'),
and would be returned by cg_pid_get_path_shifted(), but the documented and
expected return value is -ENODATA. Let's just catch ENXIO/ENOMEDIUM and translate
it to ENODATA in all cases.
Complements 171f8f591f, fixes#6012.
All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.
Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'
test-login.c is largely rewritten to use _cleanup_ and give more meaningful
messages (function names are used instead of creative terms like "active
session", so that when something unexpected is returned, it's much easier to
see what function is responsible).
The monitoring part is only activated if '-m' is passed on the command line.
It runs against the information from /run/systemd/ in the live system, but that
should be OK: logind/sd-login interface is supposed to be stable and both
backwards and forwards compatible.
If not running in a login session, some tests are skipped.
Those two changes together mean that it's possible to run test-login in the
test suite.
Tests for sd_pid_get_{unit,user_unit,slice} are added.
sd_seat_get_sessions returns two arrays, that in principle should always match:
the session names and corresponding uids. The second array could be shorter only
if parsing or uid conversion fails. But in that case there is no way to tell
*which* uid is wrong, so they are *all* useless. It's better to simplify things and
just return an error if parsing fails.
As described by Luke Shumaker:
sd_seat_get_sessions looks at /run/systemd/seats/${seat_name}:SESSIONS to get
the list of sessions (which I believe is correct), and at
/run/systemd/seats/${seat_name}:ACTIVE_SESSIONS for the list of users (which
I believe is incorrect); I believe that it should look at the UIDS field for
the list of users. As far as I can tell, the ACTIVE_SESSIONS field is never
even present in the seats file. I also believe that this has been broken
since the function was first committed almost 6 years ago.
Fixes#5743.
Without cc9daff228, this results in:
src/libsystemd/sd-bus/test-bus-vtable-cc.cc:56:1: sorry, unimplemented: non-trivial designated initializers not supported
};
^
This test is mostly a compilation test that checks that various defines in
sd-bus-vtable.h are valid C++. The code is executed, but the results are not
checked (apart from sd-bus functions not returning an error). test-bus-objects
contains pretty extensive tests for this functionality.
The C++ version is only added to meson, since it's simpler there.
Because of the .cc extension, meson will compile the executable with c++.
This test is necessary to properly check the macros in sd-bus-vtable.h. Just
running the headers through g++ is not enough, because the macros are not
exercised.
Follow-up for #5941.
This reverts commit 6355e75610.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and systemd instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for systemd --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
We already report builtin interfaces with InterfacesAdded and InterfacesRemoved. However,
we never reported them in GetManagedObjects(). This might end up confusing callers that
want to use those interfaces (or simply rely on the interface count to be coherent).
Report the builtins for all objects that are queried.
The indentation for emacs'es meson-mode is added .dir-locals.
All files are reindented automatically, using the lasest meson-mode from git.
Indentation should now be fairly consistent.
With mesonbuid/meson#1545, meson does not propagate deps of a library
when linking with that library. That's of course the right thing to do,
but it exposes a bunch of missing deps.
This compiles with both meson-0.39.1 and meson-git + pr/1545.
This is what autoconf-based build does, and it makes test-bus-error and
test-engine able to access the bus error mapping table. OTOH, this is a heavy
price to pay: it would be excellent to link libcore.a to libsystemd-shared-NNN.so.
Otherwise we duplicate the same code in 'systemd' and 'libsystemd-shared-NNN.so'.
-rwxrwxr-x. 1 4075544 Apr 6 20:30 systemd* <-- libcore linked against libsystemd-shared.so
-rwxrwxr-x. 1 5596504 Apr 9 14:07 systemd* <-- libcore linked against libsystemd-shared.a
v2:
- update for 6b5cf3ea62
This is pretty ugly, because I don't know how to use a single
definition for two purposes:
- --version-script needs a path relative to the build root
- link_depends needs a path relative to source root
Also, link_depends does not accept files() output
[https://github.com/mesonbuild/meson/issues/1172], and I don't see a way to go
from files() output to a string path that can be used to craft the -Wl arg.
Ideally, a single files() result could be used in both places.
I'm leaving this as a separate commit for now.
Tests can be run with 'ninja-build test' or using 'mesontest'.
'-Dtests=unsafe' can be used to include the "unsafe" tests in the
test suite, same as with autotools.
v2:
- use more conf.get guards are optional components
- declare deps on generated headers for test-{af,arphrd,cap}-list
v3:
- define environment for tests
Most test don't need this, but to be consistent with autotools-based build, and
to avoid questions which tests need it and which don't, set the same environment
for all tests.
v4:
- rework test generation
Use a list of lists to define each test. This way we can reduce the
boilerplate somewhat, although the test listings are still pretty verbose. We
can also move the definitions of the tests to the subdirs. Unfortunately some
subdirs are included earlier than some of the libraries that test binaries
are linked to. So just dump all definitions of all tests that cannot be
defined earlier into src/test. The `executable` definitions are still at the
top level, so the binaries are compiled into the build root.
v5:
- tag test-dnssec-complex as manual
v6:
- fix HAVE_LIBZ typo
- add missing libgobject/libgio defs
- mark test-qcow2 as manual
It's crucial that we can build systemd using VS2010!
... er, wait, no, that's not the official reason. We need to shed old systems
by requring python 3! Oh, no, it's something else. Maybe we need to throw out
345 years of knowlege accumulated in autotools? Whatever, this new thing is
cool and shiny, let's use it.
This is not complete, I'm throwing it out here for your amusement and critique.
- rules for sd-boot are missing. Those might be quite complicated.
- rules for tests are missing too. Those are probably quite simple and
repetitive, but there's lots of them.
- it's likely that I didn't get all the conditions right, I only tested "full"
compilation where most deps are provided and nothing is disabled.
- busname.target and all .busname units are skipped on purpose.
Otherwise, installation into $DESTDIR has the same list of files and the
autoconf install, except for .la files.
It'd be great if people had a careful look at all the library linking options.
I added stuff until things compiled, and in the end there's much less linking
then in the old system. But it seems that there's still a lot of unnecessary
deps.
meson has a `shared_module` statement, which sounds like something appropriate
for our nss and pam modules. Unfortunately, I couldn't get it to work. For the
nss modules, we need an .so version of '2', but `shared_module` disallows the
version argument. For the pam module, it also didn't work, I forgot the reason.
The handling of .m4 and .in and .m4.in files is rather awkward. It's likely
that this could be simplified. If make support is ever dropped, I think it'd
make sense to switch to a different templating system so that two different
languages and not required, which would make everything simpler yet.
v2:
- use get_pkgconfig_variable
- use sh not bash
- use add_project_arguments
v3:
- drop required:true and fix progs/prog typo
v4:
- use find_library('bz2')
- add TTY_GID definition
- define __SANE_USERSPACE_TYPES__
- use join_paths(prefix, ...) is used on all paths to make them all absolute
v5:
- replace all declare_dependency's with []
- add more conf.get guards around optional components
v6:
- drop -pipe, -Wall which are the default in meson
- use compiler.has_function() and compiler.has_header_symbol instead of the
hand-rolled checks.
- fix duplication in 'liblibsystemd' library name
- use the right .sym file for pam_systemd
- rename 'compiler' to 'cc': shorter, and more idiomatic.
v7:
- use ENABLE_ENVIRONMENT_D not HAVE_ENVIRONMENT_D
- rename prefix to prefixdir, rootprefix to rootprefixdir
("prefix" is too common of a name and too easy to overwrite by mistake)
- wrap more stuff with conf.get('ENABLE...') == 1
- use rootprefix=='/' and rootbindir as install_dir, to fix paths under
split-usr==true.
v8:
- use .split() also for src/coredump. Now everything is consistent ;)
- add rootlibdir option and use it on the libraries that require it
v9:
- indentation
v10:
- fix check for qrencode and libaudit
v11:
- unify handling of executable paths, provide options for all progs
This makes the meson build behave slightly differently than the
autoconf-based one, because we always first try to find the executable in the
filesystem, and fall back to the default. I think different handling of
loadkeys, setfont, and telinit was just a historical accident.
In addition to checking in $PATH, also check /usr/sbin/, /sbin for programs.
In Fedora $PATH includes /usr/sbin, (and /sbin is is a symlink to /usr/sbin),
but in Debian, those directories are not included in the path.
C.f. https://github.com/mesonbuild/meson/issues/1576.
- call all the options 'xxx-path' for clarity.
- sort man/rules/meson.build properly so it's stable
This is our own header, we should include use the local-include syntax
("" not <>), to make it clear we are including the one from the build tree.
All other includes of files from src/systemd/ use this scheme.
busctl is not part of libsystemd, and should not be stored under libsystemd.
In particular this is confusing because busctl is linked with libshared, but
stuff in libsystemd is not supposed to depend on libshared.
If our netlink input buffer overruns the kernel will send us ENOBUFS on
the next recvmsg(). Don't consider this a complete failure resulting in
closing of the netlink socket. Instead, simply continue (after debug
logging).
Of course, ideally we'd have a better strategy for this, and would have
a way to resync if this happens (as well as a scheme for cancelling all
ongoing asynchronous transactions), but for now let's at least not choke
fatally, and simply accept that we lost some messages and continue.
Note that if we lose messages when synchronously waiting for an
operation to complete, we'll still propagate the ENOBUFS up, to make the
individual transaction fail.
See: #5398
(This bug does not properly fix the issue, hence we should leave the bug
open.)
Coverity was complaining about TOCTOU (CID #745806). Indeed, it seems better
to open the file and avoid the stat altogether:
- O_NOFOLLOW means we'll get ELOOP, which we can translate to EINVAL as before,
- similarly, open(O_WRONLY) on a directory will fail with EISDIR,
- and finally, it makes no sense to check access mode ourselves: just let
the kernel do it and propagate the error.
v2:
- fix memleak, don't clober input arg
cg_[all_]unified() test whether a specific controller or all controllers are on
the unified hierarchy. While what's being asked is a simple binary question,
the callers must assume that the functions may fail any time, which
unnecessarily complicates their usages. This complication is unnecessary.
Internally, the test result is cached anyway and there are only a few places
where the test actually needs to be performed.
This patch simplifies cg_[all_]unified().
* cg_[all_]unified() are updated to return bool. If the result can't be
decided, assertion failure is triggered. Error handlings from their callers
are dropped.
* cg_unified_flush() is updated to calculate the new result synchrnously and
return whether it succeeded or not. Places which need to flush the test
result are updated to test for failure. This ensures that all the following
cg_[all_]unified() tests succeed.
* Places which expected possible cg_[all_]unified() failures are updated to
call and test cg_unified_flush() before calling cg_[all_]unified(). This
includes functions used while setting up mounts during boot and
manager_setup_cgroup().
The code make the following assertion: when freeing a event loop object
(usually it's done after exiting from the main event loop), no signal events
are still queued and are pending.
This assertion can be found in event_unmask_signal_data() with
"assert(!d->current);" assertion.
It appears that this assertion can be wrong at least in a specific case
described below.
Consider the following example which is inspired from udev: a process defines 3
source events: 2 are created by sd_event_add_signal() and 1 is created by
sd_event_add_post().
1. the process receives the 2 signals consecutively so that signal 'A' source
event is queued and pending. Consequently the post source event is also
queued and pending. This is done by sd_event_wait().
2. The callback for signal 'A' is called by sd_event_dispatch().
3. The next call to sd_event_wait() will queue signal 'B' source event.
4. The callback for the post source event is called and calls sd_event_exit().
5. the event loop is exited.
6. freeing the event loop object will lead to the assertion failure in
event_unmask_signal_data().
This patch simply removes this assertion as it doesn't seem to be a
bug if the signal data still reference a signal source at this point.
If a callback of an event source returns an error, then the event source
might already be half-destroyed, if the callback dropped all refs.
Hence, don't assume that the type is still valid, and save it before we
issue the callback.
76ec966f0e changed the code from ESHUTDOWN to ERFKILL, but missed one
spot in bus-common-errors.c. Fix that.
The code in transaction.c was checking for ERFKILL, but I'm not sure if this
mismatch had any effect, i.e. if there were any code paths in which the wrong
code actually made difference.
Also add comments when ESHUTDOWN is used in the journal code, so it's easy to
distinguish those cases when grepping. Standarize on the same capitalization.
(There's also a bunch of uses in sd-bus.c, but that's clearly different.)
gcc 7 adds -Wimplicit-fallthrough=3 to -Wextra. There are a few ways
we could deal with that. After we take into account the need to stay compatible
with older versions of the compiler (and other compilers), I don't think adding
__attribute__((fallthrough)), even as a macro, is worth the trouble. It sticks
out too much, a comment is just as good. But gcc has some very specific
requiremnts how the comment should look. Adjust it the specific form that it
likes. I don't think the extra stuff we had in those comments was adding much
value.
(Note: the documentation seems to be wrong, and seems to describe a different
pattern from the one that is actually used. I guess either the docs or the code
will have to change before gcc 7 is finalized.)
Let's store the invocation ID in the per-service keyring as a root-owned key,
with strict access rights. This has the advantage over the environment-based ID
passing that it also works from SUID binaries (as they key cannot be overidden
by unprivileged code starting them), in contrast to the secure_getenv() based
mode.
The invocation ID is now passed in three different ways to a service:
- As environment variable $INVOCATION_ID. This is easy to use, but may be
overriden by unprivileged code (which might be a bad or a good thing), which
means it's incompatible with SUID code (see above).
- As extended attribute on the service cgroup. This cannot be overriden by
unprivileged code, and may be queried safely from "outside" of a service.
However, it is incompatible with containers right now, as unprivileged
containers generally cannot set xattrs on cgroupfs.
- As "invocation_id" key in the kernel keyring. This has the benefit that the
key cannot be changed by unprivileged service code, and thus is safe to
access from SUID code (see above). But do note that service code can replace
the session keyring with a fresh one that lacks the key. However in that case
the key will not be owned by root, which is easily detectable. The keyring is
also incompatible with containers right now, as it is not properly namespace
aware (but this is being worked on), and thus most container managers mask
the keyring-related system calls.
Ideally we'd only have one way to pass the invocation ID, but the different
ways all have limitations. The invocation ID hookup in journald is currently
only available on the host but not in containers, due to the mentioned
limitations.
How to verify the new invocation ID in the keyring:
# systemd-run -t /bin/sh
Running as unit: run-rd917366c04f847b480d486017f7239d6.service
Press ^] three times within 1s to disconnect TTY.
# keyctl show
Session Keyring
680208392 --alswrv 0 0 keyring: _ses
250926536 ----s-rv 0 0 \_ user: invocation_id
# keyctl request user invocation_id
250926536
# keyctl read 250926536
16 bytes of data in key:
9c96317c ac64495a a42b9cd7 4f3ff96b
# echo $INVOCATION_ID
9c96317cac64495aa42b9cd74f3ff96b
# ^D
This creates a new transient service runnint a shell. Then verifies the
contents of the keyring, requests the invocation ID key, and reads its payload.
For comparison the invocation ID as passed via the environment variable is also
displayed.
Let's use chase_symlinks() everywhere, and stop using GNU
canonicalize_file_name() everywhere. For most cases this should not change
behaviour, however increase exposure of our function to get better tested. Most
importantly in a few cases (most notably nspawn) it can take the correct root
directory into account when chasing symlinks.
We cannot compare filenames directly, because paths are not sortable
lexicographically, e.g. /etc/udev is "later" (has higher priority)
than /usr/lib/udev.
The on-disk format is changed to have a separate field for "file priority",
which is stored when writing the binary file, and then loaded and used in
comparisons. For data in the previous format (as generated by systemd 232),
this information is not available, and we use a trick where the offset into the
string table is used as a proxy for priority. Most of the time strings are
stored in the order in which the files were processed. This is not entirely
reliable, but is good enough to properly order /usr/lib and /etc/, which are
the two most common cases. This hack is included because it allows proper
parsing of files until the binary hwdb is regenerated.
Instead of adding a new field, I reduced the size of line_number from 64 to 32
bits, and added a 16 bit priority field, and 16 bits of padding. Adding a new
field of 16 bytes would significantly screw up alignment and increase file
size, and line number realistically don't need more than ~20 bits.
Fixes#4750.
This adds an API for retrieving an app-specific machine ID to sd-id128.
Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload
and the machine ID as key.
(An alternative would have been to use siphash for this, which is also
cryptographically strong. However, as it only generates 64bit hashes it's not
an obvious choice for generating 128bit IDs.)
Fixes: #4667
According to the D-Bus spec (v0.29),
| The direction element on <arg> may be omitted, in which case it
| defaults to "in" for method calls and "out" for signals. Signals only
| allow "out" so while direction may be specified, it's pointless.
Therefore we still should accept a 'direction' attribute, even if it's
useless in reality.
Closes: #4616
We don't have plural in the name of any other -util files and this
inconsistency trips me up every time I try to type this file name
from memory. "formats-util" is even hard to pronounce.
This adds a new invocation ID concept to the service manager. The invocation ID
identifies each runtime cycle of a unit uniquely. A new randomized 128bit ID is
generated each time a unit moves from and inactive to an activating or active
state.
The primary usecase for this concept is to connect the runtime data PID 1
maintains about a service with the offline data the journal stores about it.
Previously we'd use the unit name plus start/stop times, which however is
highly racy since the journal will generally process log data after the service
already ended.
The "invocation ID" kinda matches the "boot ID" concept of the Linux kernel,
except that it applies to an individual unit instead of the whole system.
The invocation ID is passed to the activated processes as environment variable.
It is additionally stored as extended attribute on the cgroup of the unit. The
latter is used by journald to automatically retrieve it for each log logged
message and attach it to the log entry. The environment variable is very easily
accessible, even for unprivileged services. OTOH the extended attribute is only
accessible to privileged processes (this is because cgroupfs only supports the
"trusted." xattr namespace, not "user."). The environment variable may be
altered by services, the extended attribute may not be, hence is the better
choice for the journal.
Note that reading the invocation ID off the extended attribute from journald is
racy, similar to the way reading the unit name for a logging process is.
This patch adds APIs to read the invocation ID to sd-id128:
sd_id128_get_invocation() may be used in a similar fashion to
sd_id128_get_boot().
PID1's own logging is updated to always include the invocation ID when it logs
information about a unit.
A new bus call GetUnitByInvocationID() is added that allows retrieving a bus
path to a unit by its invocation ID. The bus path is built using the invocation
ID, thus providing a path for referring to a unit that is valid only for the
current runtime cycleof it.
Outlook for the future: should the kernel eventually allow passing of cgroup
information along AF_UNIX/SOCK_DGRAM messages via a unique cgroup id, then we
can alter the invocation ID to be generated as hash from that rather than
entirely randomly. This way we can derive the invocation race-freely from the
messages.
As suggested here:
https://github.com/systemd/systemd/pull/4296#issuecomment-251911349
Let's try AF_INET first as socket, but let's fall back to AF_NETLINK, so that
we can use a protocol-independent socket here if possible. This has the benefit
that our code will still work even if AF_INET/AF_INET6 is made unavailable (for
exmple via seccomp), at least on current kernels.
If we find duplicates in a property-lookup, make sure to order them by
their origin. That is, matches defined "later" take precedence over
earlier matches. The "later"-order is defined by file-name + line-number
combination. That is, if a match is defined below another one in the
same hwdb file, it takes precedence, same as if it is defined in a file
ordered after another one.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Extend the hwdb to store the source file-name and file-number for each
property. We simply extend the stored value struct with the new
information. It is fully backwards compatible and old readers will
continue to work.
The libudev/sd-hwdb reader is updated in a followup.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
It is not legal to use hard-coded types to calculate offsets. We must
always use the offsets of the hwdb header to calculate those. Otherwise,
we will break horribly if run on hwdb files written by other
implementations or written with future extensions.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Let's bump it further, as this the current limit turns out to be problematic
IRL. Let's bump it to more than twice what we know of is needed.
Fixes: #4068
Old libdbus has a feature that the process is terminated whenever the the bus
connection receives a disconnect. This is pretty useful on desktop apps (where
a disconnect indicates session termination), as well as on command line apps
(where we really shouldn't stay hanging in most cases if dbus daemon goes
down).
Add a similar feature to sd-bus, but make it opt-in rather than opt-out, like
it is on libdbus. Also, if the bus is attached to an event loop just exit the
event loop rather than the the whole process.
If the server side kicks us from the bus, from our view no names are on the bus
anymore, hence let's make sure to dispatch all tracking objects immediately.
In order to add a name to a bus tracking object we need to do some bus
operations: we need to check if the name already exists and add match for it.
Both are synchronous bus calls. While processing those we need to make sure
that the tracking object is not dispatched yet, as it might still be empty, but
is not going to be empty for very long.
hence, block dispatching by removing the object from the dispatch queue while
adding it, and readding it on error.