The way the kernel namespaces have been implemented breaks assumptions
udev made regarding uevent sequence numbers. Creating devices in a
namespace "steals" uevents and its sequence numbers from the host. It
confuses the "udevadmin settle" logic, which might block until util a
timeout is reached, even when no uevent is pending.
Remove any assumptions about sequence numbers and deprecate libudev's
API exposing these numbers; none of that can reliably be used anymore
when namespaces are involved.
In trying to track down a stupid linker bug, I noticed a bunch of
memset() calls that should be using memzero() to make it more "obvious"
that the options are correct (i.e. 0 is not the length, but the data to
set). So fix up all current calls to memset(foo, 0, length) to
memzero(foo, length).
Instead of individually checking for containers in each user do this
once in a new call proc_cmdline() that read the file only if we are not
in a container.
This reverts commit 47e737dc13 - it
introduced a use-after-free. The only way the code would get simpler
is with a cleanup function, but eh, not worth it for just this one
bit.
Reviewed by kay on IRC.
A regression introduced when we moved to systemd's logging is that the only
way to adjust the log-level of the udev daemon is via the env var, kernel
commandline or the commandline.
This reintroduces support for specifying this in the configuration file.
Based on a patch by Kay Sievers.
A tag is exported at boot as a symlinks to the device node in the folder
/run/udev/static_node-tags/<tagname>/, if the device node exists.
These tags are cleaned up by udevadm info --cleanup-db, but are otherwise
never removed.
As of kmod v14, it is possible to export the static node information from
/lib/modules/`uname -r`/modules.devname in tmpfiles.d(5) format.
Use this functionality to let systemd-tmpfilesd create the static device nodes
at boot, and drop the functionality from systemd-udevd.
As an effect of this we can move from systemd-udevd to systemd-tmpfiles-setup-dev:
* the conditional CAP_MKNOD (replaced by checking if /sys is mounted rw)
* ordering before local-fs-pre.target (see 89d09e1b5c)
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
The removal of the TIMEOUT= handling in udevd put firmware requests into the
devpath parent/child dependency tracking. Drivers which block in module_init()
asking userspace for firmware ran into a 30 sec device timeout.
The whole firmware loading willl hopefully move into the kernel and
the fragile-since-day-one fake async driver-core device dance involving
udev can be retired:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=abb139e75c2cdbb955e840d6331cb5863e409d0e
<falconindy> kay: just curious -- it looks like nodes created by udev from
modules.devname all have 000 perms, and there's nothing in udev that attempts
to change this. is it intended?
<falconindy> c--------- 1 root root 10, 223 Jul 1 23:10 uinput
<kay> falconindy: we might miss the default of 0600
<falconindy> seems like it
<kay> falconindy: stuff that has a rule works i guess
<kay> falconindy: i'll add the 0600 now
The filename parameter passed to mkdir can't contain anything but a
garbage value at this point. This was meant to be the full pathname to
the new udev DB, as the mkdir_parents() call before it won't create the
trailing child directory.
[replace mkdir_parents() + mkdir() with mkdir_p() -- kay]
Udev was the limiting factor for us on low-RAM systems.
Given an average RSS of 180kb, 128 workers would require ~23mb of RAM.
Now, please consider what happens when there is only, say, 15mb free.
Udev protects itself from OOM, and the kernel can do nothing but panic.
28 workers * 0.18mb = ~5mb. This change should not affect more powerful
systems much, given that they still get the addition from the amount of RAM.
This reverts commit 9b5af248f0.
Udev now explicitely labels only files/directories in /dev. The selinux
array API is not released and will not work on other distros at this moment.