This is a speculative fix for https://bugzilla.redhat.com/show_bug.cgi?id=1088865.
Even though I cannot find a code path that where this would be
an issue, for consistency, if we assume that cgroup_path might have
been set before we got to unit_deserialize, we should make sure that
the unit is removed from the hashmap before we free the key. This seems
to be the only place where the key could be prematurely freed, leading to
hashmap corruption.
Let's automatically initialize the kill, exec and cgroup contexts of the
various unit types when the object is constructed, instead of
invididually in type-specific code.
Also, when PrivateDevices= is set, set DevicePolicy= to closed.
The system state knows the states starting →
running/degraded/maintenance → stopping, where:
starting = system startup
running = normal operation
degraded = at least one unit is currently in failed state
maintenance = rescue/emergency mode is active or queued
stopping = system shutdown
Bring some arrays that are used for DEFINE_STRING_TABLE_LOOKUP() in the
same order than the enums they reference.
Also, pass the corresponding _MAX value to the array initalizer where
appropriate.
This is primarily useful for services that need to track clients which
reference certain objects they maintain, or which explicitly want to
subscribe to certain events. Something like this is done in a large
number of services, and not trivial to do. Hence, let's unify this at
one place.
This also ports over PID 1 to use this to ensure that subscriptions to
job and manager events are correctly tracked. As a side-effect this
makes sure we properly serialize and restore the track list across
daemon reexec/reload, which didn't work correctly before.
This also simplifies how we distribute messages to broadcast to the
direct busses: we only track subscriptions for the API bus and
implicitly assume that all direct busses are subscribed. This should be
a pretty OK simplification since clients connected via direct bus
connections are shortlived anyway.
Previously a cgroup setting down tree would result in cgroup membership
additions being propagated up the tree and to the siblings, however a
unit could never lose cgroup memberships again. With this change we'll
make sure that both cgroup additions and removals propagate properly.
In some cases it is interesting to map a PID to two units at the same
time. For example, when a user logs in via a getty, which is reexeced to
/sbin/login that binary will be explicitly referenced as main pid of the
getty service, as well as implicitly referenced as part of the session
scope.
When a process dies that we can associate with a specific unit, start
watching all other processes of that unit, so that we can associate
those processes with the unit too.
Also, for service units start doing this as soon as we get the first
SIGCHLD for either control or main process, so that we can follow the
processes of the service from one to the other, as long as process that
remain are processes of the ones we watched that died and got reassigned
to us as parent.
Similar, for scope units start doing this as soon as the scope
controller abandons the unit, and thus management entirely reverts to
systemd. To abandon a unit introduce a new Abandon() scope unit method
call.
Since the current kernel cgroup notification logic is easily confused by
existing subgroups, let's do the same thing as in containers before. and
just not wait for non-control and non-main processes.
This should be corrected as soon as we have sane cgroup notifications
from the kernel.
This should fix some race with terminating systemd --user, where the
system systemd instance might race against the user systemd instance
when sending SIGTERM.
We know that launching a unit will fail if some required directories
haven't been mounted yet. There's no point in starting it just to
have it fail even before it gets a chance to run.
Clang is a bit more strict wrt format-nonliterals:
http://clang.llvm.org/docs/LanguageExtensions.html#format-string-checking
Adding these extra printf attributes also makes gcc able to find more
problems. E.g. this patch uncovers a format issue in udev-builtin-path_id.c
Some parts looked intetional about breaking the format-nonliteral check.
I added some supression for warnings there.
The only problem is that libgen.h #defines basename to point to it's
own broken implementation instead of the GNU one. This can be fixed
by #undefining basename.
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.
This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:
- Synthesizing of "Disconnected" messages when bus connections are
severed.
- Support for attaching multiple vtables for the same interface on the
same path.
This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.
As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information.
When a service exits succesfully and has RemainAfterExit set, its hold
on the console (in m->n_on_console) wasn't released since the unit state
didn't change.
