The changes both networkd and resolved to make use of the watch_bind
feature of sd-bus to connect to the system bus. This way, both daemons
can be started during early boot, and automatically and instantly
connect to the system bus as it becomes available.
This replaces prior code that used a time-based retry logic to connect
to the bus.
With this new API sd-bus can synthesize a local "Connected" signal when
the connection is fully established. It mirrors the local "Disconnected"
signal that is already generated when the connection is terminated. This
is useful to be notified when connection setup is done, in order to
start method calls then, in particular when using "slow" connection
methods (for example slow TCP, or most importantly the "watch_bind"
inotify logic).
Note that one could also use hook into the initial NameAcquired signal
received from the bus broker, but that scheme works only if we actually
connect to a bus. The benefit of "Connected" OTOH is that it works with
any kind of connection.
Ideally, we'd just generate this message unconditionally, but in order
not to break clients that do not expect this message it is opt-in.
This new call is much light sd_bus_is_open(), but returns true only if
the connection is fully set up, i.e. after we finished with the
authentication and Hello() phase. This API is useful for clients in
particular when using the "watch_bind" feature, as that way it can be
determined in advance whether it makes sense to sync on some operation.
Let's directly reference /run instead, so that we can work without /var
being around, or with /var/run being incorrectly set up.
Note that we keep the old socket path in place when referencing the
system bus of containers, as they might be foreign operating systems,
that still don't have adopted /run, and where it makes sense to use the
standardized name instead. On local systems, we insist on /run being set
up properly however, hence this limitation does not apply.
Also, get rid of the UNIX_SYSTEM_BUS_ADDRESS and
UNIX_USER_BUS_ADDRESS_FMT defines. They had a purpose when we still did
kdbus, as we then had to support two different backends. But since
that's gone, we don't need this indirection anymore, hence settle on a
one define only.
Let's remove a number of synchronization points from our service
startups: let's drop synchronous match installation, and let's opt for
asynchronous instead.
Also, let's use sd_bus_match_signal() instead of sd_bus_add_match()
where we can.
These are convenience helpers that hide the match string logic (which we
probably should never have exposed), and instead just takes regular C
arguments.
We usually enqueue a number of these calls on each service
initialization. Let's do this asynchronously, and thus remove
synchronization points. This improves both performance behaviour and
reduces the chances to deadlock.
We currently wait for the RemoveMatch() reply, but then ignore what it
actually says. Let's optimize this a bit, and not even ask for an answer
back: just enqueue the RemoveMatch() operation, and do not request not
wait for any answer.
They do the same thing as their synchronous counterparts, but only
enqueue the operation, thus removing synchronization points during
service initialization.
If the callback function is passed as NULL we'll fallback to generic
implementations of the reply handlers, that terminate the connection if
the requested name cannot be acquired, under the assumption that not
being able to acquire the name is a technical problem.
When kdbus was still around we always had two implementations of the
various control calls: one for dbus1 and one for kdbus. Let'sget rid of
this, simplify things, and just merge the wrappers that used to
multiplex this with the implementations.
No change in behaviour, just some merging of functions
Currently, reply callback timeouts are started the instant the method
calls are enqueued, which can be very early on. For example, the Hello()
method call is enqueued right when sd_bus_start() is called, i.e. before
the socket connection and everything is established.
With this change we instead start the method timeout the moment we
actually leave the authentication phase of the connection. This way, the
timeout the kernel applies on socket connecting, and we apply on the
authentication phase no longer runs in parallel to the Hello() method
call, but all three run serially one after the other, which is
definitely a cleaner approach.
Moreover, this makes the "watch bind" feature a lot more useful, as it
allows enqueuing method calls while we are still waiting for inotify
events, without them timeouting until the connection is actually
established, i.e. when the method call actually has a chance of being
actually run.
This is a change of behaviour of course, but I think the new behaviour
is much better than the old one, since we don't race timeouts against
each other anymore...
This adds a "watch-bind" feature to sd-bus connections. If set and the
AF_UNIX socket we are connecting to doesn't exist yet, we'll establish
an inotify watch instead, and wait for the socket to appear. In other
words, a missing AF_UNIX just makes connecting slower.
This is useful for daemons such as networkd or resolved that shall be
able to run during early-boot, before dbus-daemon is up, and want to
connect to dbus-daemon as soon as it becomes ready.
We'd like to use inotify to get notified when AF_UNIX sockets become
connectable. That happens at the moment of listen(), but this is doesn't
necessarily create in a watchable inotify event. Hence, let's synthesize
one whenever we generically create a socket, or when we know we created
it for a D-Bus server.
Ideally we wouldn't have to do this, and the kernel would generate an
event anyway for this. Doing this explicitly isn't too bad however, as
the event is still nicely associated with the AF_UNIX socket node, and
we generate all D-Bus sockets in our code hence it's safe.
AF_UNIX socket addresses aren't necessarily NUL terminated, however
they are usually used as strings which are assumed to be NUL terminated.
Let's hence add an extra byte to the end of the sockaddr_un structure,
that contains this NUL byte, simply for safety reasons.
Note that actually this patch changes exactly nothing IRL, as the other
sockaddr structures already are large enough to accomodate for an extra
NUL byte. The size of the union hence doesn't change at all by doing
this. The entire value of this patch is hence in the philosophical
feeling of safety, and by making something explicit that before was
implicit.
This changes two things when binding to AF_UNIX file system sockets:
1. When wethe socket already exists in the fs, and unlink() on it fails,
don't bother to bind() a second time: since nothing changed it won't
work either.
2. Also use SELinux-aware bind() for the second attempt.
Let's rework touch_file() so that it works correctly on sockets, fifos,
and device nodes: let's open an O_PATH file descriptor first and operate
based on that, if we can. This is usually the better option as it this
means we can open AF_UNIX nodes in the file system, and update their
timestamps and ownership correctly. It also means we can correctly touch
symlinks and block/character devices without triggering their drivers.
Moreover, by operating on an O_PATH fd we can make sure that we
operate on the same inode the whole time, and it can't be swapped out in
the middle.
While we are at it, rework the call so that we try to adjust as much as
we can before returning on error. This is a good idea as we call the
function quite often without checking its result, and hence it's best to
leave the files around in the most "correct" fashion possible.
If we can't process the bus for some reason we shouldn't just disable
the event source, but log something and give up on the connection. Hence
do that, and disconnect.
Currently, when sd-bus is used to issue a method call, and we get a
reply and the specified reply handler fails, we log this locally at
debug priority and proceed. The idea is that a bad server-side reply
should not be fatal for the program, except when the developer
explicitly terminates the event loop.
The reply to the initial Hello() method call we issue when joining a bus
should not be handled like that however. Instead, propagate the error
immediately, as anything that is wrong with the Hello() reply should be
considered a fatal connection problem.
This is useful so that callers know whether anything at all and how much
was flushed.
This patches through users of this functions to ensure that the return
values > 0 which may be returned now are not propagated in public APIs.
Also, users that ignore the return value are changed to do so explicitly
now.
Including BitsPerSecond or Duplex values in .link files did not work when
set_slinksettings was called because the routine was not copying the base
parameters to the structure given to ioctl. As a result, EINVAL was always
reported, and no change occurred on the Ethernet device.
#Add "Early 2008 Core 2 Duo/Penryn" Macbook4,1 match string to the existing touchpad range definition
##Symptoms
* Jerky/Jumpy cursor motion using touchpad
* "Axis value outside expected range" message in Xorg.0.log
##Fix
I followed the instructions described here :https://wayland.freedesktop.org/libinput/doc/latest/absolute_coordinate_ranges.html and came up with the following :
evdev:input:b0003v05ACp022A*
EVDEV_ABS_00=256:1469:12
EVDEV_ABS_01=256:829:12
The ranges and resolutions are the same as stated in the existing definition (+/- 2) so only add the match string.
I'm not sure why this is needed, but apparrently coverity doesn't like
(void)0. With this change, coverity can (almost) build systemd:
CFLAGS='-D_Float128="long double"' meson cov-build -Dman=false && \
CCACHE_DISABLE=1 COVERITY_UNSUPPORTED=1 cov-build --dir cov-int ninja -C cov-build
Patch originially by Marek Cermak <macermak@redhat.com>.
If read_line() returns ENOBFUS this means the line was overly long. When
we use this for checking whether an executable is a script, then this
shouldn't be propagated as-is, but simply as "this is not a script".
This tweaks write_string_stream_ts() in one minor way: when stdio
buffering has been turned off, let's append the newline we shall append
to the buffer we write ourselves so that the kernel only gets one
syscall for the result. When buffering is enabled stdio will take care
of that anyway.
Follow-up for #7750.
We use the same check at two places, let's add a tiny helper function
for it, since it's not entirely trivialy, and we changes this before
multiple times, and it's a good thing if we can change it at one place
only instead of multiple.
Let's call getsockopt() in a loop, so that we can deal correctly with
the label changing while we are trying to read it.
(also, while we are at it, let's make sure that there's always one
trailing NUL byte at the end of the buffer, after all SO_PEERSEC has
zero documentation, and multiple implementing backends, hence let's
better be safe than sorry)