"Scope" units are very much like service units, however with the
difference that they are created from pre-existing processes, rather
than processes that systemd itself forks off. This means they are
generated programmatically via the bus API as transient units rather
than from static configuration read from disk. Also, they do not provide
execution-time parameters, as at the time systemd adds the processes to
the scope unit they already exist and the parameters cannot be applied
anymore.
The primary benefit of this new unit type is to create arbitrary cgroups
for worker-processes forked off an existing service.
This commit also adds a a new mode to "systemd-run" to run the specified
processes in a scope rather then a transient service.
Transient units can be created via the bus API. They are configured via
the method call parameters rather than on-disk files. They are subject
to normal GC. Transient units currently may only be created for
services (however, we will extend this), and currently only ExecStart=
and the cgroup parameters can be configured (also to be extended).
Transient units require a unique name, that previously had no
configuration file on disk.
A tool systemd-run is added that makes use of this functionality to run
arbitrary command lines as transient services:
$ systemd-run /bin/ping www.heise.de
Will cause systemd to create a new transient service and run ping in it.
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
When a sigchld is received from an alien child, main_pid is set to
0 then service_enter_running calls main_pid_good to check if the
child is running. This incorrectly returned true because
kill(main_pid, 0) would return >= 0.
This fixes an error where a service would die and the cgroup would
become empty but the service would still report as active (running).
We can assume that a service for which a watchdog timeout was triggered
is unresponsive to a clean shutdown. However, it still makes sense to
execute the post-stop cleanup commands that can be configured with
ExecStopPost=. Hence, when the timeout is hit enter STOP_SIGKILL rather
than FINAL_SIGKILL.
Just calling service_enter_dead() does not kill any processes.
As a result, the old process may still be running when the new one is
started.
After a watchdog failure the service is in an undefined state.
Using the normal shutdown mechanism makes no sense. Instead all processes
are just killed and the service can try to restart.
I'm assuming that it's fine if a _const_ or _pure_ function
calls assert. It is assumed that the assert won't trigger,
and even if it does, it can only trigger on the first call
with a given set of parameters, and we don't care if the
compiler moves the order of calls.
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
Let's say you have two initscripts, A and B:
A contains in its LSB header:
Required-Start: C
and B contains in its LSB header:
Provides: C
When systemd is parsing /etc/rc.d/, depending on the file order, you
can end up with either:
- B is parsed first. An unit "C.service" will be "created" and will be
added as additional name to B.service, with unit_add_name. No bug.
- A is parsed first. An unit "C.service" is created for the
"Required-Start" dependency (it will have no file attached, since
nothing provides this dependency yet). Then B is parsed and when trying
to handle "Provides: C", unit_add_name is called but will fail, because
"C.service" already exists in manager->units. Therefore, a merge should
occur for that case.
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
There are very few differences in the implementations of the kill method in the
unit types that have one. Let's unify them.
This does not yet unify unit_kill() with unit_kill_context().
Dropping the distribution specific #ifdefs in
88516c0c95 broke the .sh suffix stripping
since we now always used the else clause of the rc. check.
We eventually want to drop the rc. prefix stripping, but for now we
assume that no sysv init script uses both an rc. prefix and .sh suffix,
so make the check for the .sh suffix and rc. prefix mutually exclusive.
When watches are installed from the bottom, it is always possible
to race, and miss a file creation event. The race can be avoided
if a watch is first established for a parent directory, and then for
the file in the directory. If the file is created in the time between,
the watch on the parent directory will fire.
Some messages (mostly at debug level) are added to help diagnose
pidfile issues.
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=917075.
Now, actually check if the environment variable names and values used
are valid, before accepting them. With this in place are at some places
more rigid than POSIX, and less rigid at others. For example, this code
allows lower-case environment variables (which POSIX suggests not to
use), but it will not allow non-UTF8 variable values.
All in all this should be a good middle ground of what to allow and what
not to allow as environment variables.
(This also splits out all environment related calls into env-util.[ch])
A watchdog notification may be handled after the watchdog timer was stopped
while stopping the service. As a result the timer is restarted and the
service may be restarted as well.
The watchdog timestamp is initially set during startup in
service_enter_start_post() and cleared when the timer is stopped. Therefore
it can be used as an indication if the timer should be reset.
For services without ExecStop= the state SERVICE_STOP is never entered. as
a result the watchdog timer is not stopped and the service is restarted (if
it is configuered to restart).
Stopping the watchdog timer for SERVICE_STOP_SIGTERM as well fixes this.
This makes sure that a service is not indefinitely restarted in a tight
loop if it fails before it is able to process its socket.
This corrects the breakage introduced with
8d1b002a2e. Shame on me.
We no longer allow early-boot init scripts, however in late boot the
syslog socket and local mounts are established anyway, so let's simplify
our dep graph a bit.
If $syslog doesn't resolve to syslog.target anymore there's no reason to
keep syslog.target around anymore. Let's remove it.
Note that many 3rd party service unit files order themselves after
syslog.target. These will be dangling dependencies now, which should be
unproblematic, however.
Systemd should not introduce any new facilities. Distributions which still
need to support their non-standard/legacy facilities should add them as
patches to their packaging.
The following facilities are no longer recognized:
$x-display-manager
$mail-transfer-agent
$mail-transport-agent
$mail-transfer-agent
$smtp
$null
This target is no longer available:
mail-transfer-agent.target
TARGET_UBUNTU is effectively the same as TARGET_DEBIAN. Given the Ubuntu
is unlikely to use systemd anytime soon there's no point in keeping this
separate.
This remove distro-specific support for early-boot SysV init scripts.
(And leaves support for normal SysV scripts untouched).
If distributions wish to continue to allow early-boot SysV scripts in
their distribution-specific way they should either maintain this patch
downstream manually, or write a generator for them, or simply ship all
those scripts with a .service wrapper.
As it turns out reboot() doesn't actually imply a file system sync, but
only a disk sync. Accordingly, readd explicit sync() invocations
immediately before we invoke reboot().
This is much less dramatic than it might sounds as we umount all
disks/read-only remount them anyway before going down.
This was premarily intended to support the LSB facility $httpd which is
only known by Fedora, and a bad idea since it lacks any real-life
usecase.
Similar, drop support for some other old Fedora-specific facilities.
Also, document the rules for introduction of new facilities, to clarify
the situation for the future.
This commit checks for a usage line which contains [{|]reload[|}"] (to
not errnously match force-reload).
Heuristics like this suck, but it solves a real problem and there
appears to be no better way...
Use cases:
* iptables.service – atomically reload rules without having to flush
them beforehand (which may leave the system insecure if reload fails)
* rpc-nfsd.service – reexport filesystems after /etc/exports update
without completely stopping and restarting nfsd
(In both cases, the actual service is provided by a kernel module and
does not have any associated user-space processes, thus Type=oneshot.)
Instead of doing hand optimized fd bisect arrays just use plain old
hashmaps. Now I can understand my own code again. Yay!
As a side effect this should fix some bad memory accesses caused by
accesses after mmap(), introduced in 189.
