This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.
This takes inspiration from Rust:
https://doc.rust-lang.org/std/option/enum.Option.html#method.take
and was suggested by Alan Jenkins (@sourcejedi).
It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
At various places we only want to close fds if they are not
stdin/stdout/stderr, i.e. fds 0, 1, 2. Let's add a unified helper call
for that, and port everything over.
Let's forget all relevant terminal features we learnt when we make a
console or /dev/null stdin/stdout/stderr.
Also, while we are at it, let's drop the various _unlikely_ and
_likely_ annotiations around the terminal feature caches. In many cases
we call the relevant functions only once in which cases the annotations
are likely to do just harm and no good. After all we can't know if the
specific code will call us just once or many times...
This modernizes acquire_terminal() in a couple of ways:
1. The three boolean arguments are replaced by a flags parameter, that
should be more descriptive in what it does.
2. We now properly handle inotify queue overruns
3. We use _cleanup_ for closing the fds now, to shorten the code quite a
bit.
Behaviour should not be altered by this.
Using wait_for_terminate_and_check() instead of wait_for_terminate()
let's us simplify, shorten and unify the return value checking and
logging of waitid(). Hence, let's use it all over the place.
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
Ultimately, O_CLOEXEC should be off in fd 0, 1, 2, but when we open
/dev/null here it's unlikely to be < 0, and after dupping the fd to 0,
1, 2 we turn off O_CLOEXEC explicitly anyway.
Unless we know that what we are about to open will return 0, 1 or 2 we
should always set O_CLOEXEC in order to be safe to other threads forking
of subprocesses at the wrong moment.
Just a minor tweak, making sure we execute as much as we can of the
funciton, but return the first error instead of the last we encounter.
This is usuelly how we do things when we have functions that continue on
the first error, so let's do it like that here too.
This new helper removes a leading /dev if there is one. We have code
doing this all over the place, let's unify this, and correct it while
we are at it, by using path_startswith() rather than startswith() to
drop the prefix.
This moves pretty much all uses of getpid() over to getpid_raw(). I
didn't specifically check whether the optimization is worth it for each
replacement, but in order to keep things simple and systematic I
switched over everything at once.
ask_char() now reprints the question every 2sec automatically.
It prefixes its output with '\r' to to bring the cursor to the
beginning of the terminal line, and then print the message, redoing it
every 2sec.
As long as nothing interferes with out output this logic will have no
visible effect as we constantly overprint the visible text with the
exact same text.
However, if something is dumped in the middle, then our question won't
get lost, as we'll ask soon again.
This is useful if the question is asked to a terminal that is also
used to dump some other status messages/logs. For example when
confirmation messages are enabled during the boot
(systemd.confirm_spawn=1), the question can easily be lost if the
kernel logs are also enabled and both use the same console.
Idea suggested by Lennart Poettering.
When waiting for the terminal to be release in acquire_terminal(), we
were monitoring the terminal fd instead of the inotify descriptor.
Therefore any write accesses would wake up the waiting process instead
of being wake up when the tty is closed only.
After the call of the isatty() we check its result twice in the
open_terminal(). There are no sense to check result of isatty() that
it is less than zero and return -errno, because as described in
documentation:
isatty() returns 1 if fd is an open file descriptor referring to a
terminal; otherwise 0 is returned, and errno is set to indicate the
error.
So it can't be less than zero.
This changes the semantics a bit: before, SYSTEMD_COLORS= would be treated as
"yes", same as SYSTEMD_COLORS=xxx and SYSTEMD_COLORS=1, and only
SYSTEMD_COLORS=0 would be treated as "no". Now, only valid booleans are treated
as "yes". This actually matches how $SYSTEMD_COLORS was announced in NEWS.
When started by the kernel, we are connected to the console, and we'll set TERM
properly to some value in fixup_environment(). We'll then enable or disable
colors based on the value of $SYSTEMD_COLORS and $TERM.
When reexecuting, TERM should be already set, so we can use this value.
Effectively, behaviour is the same as before affd7ed1a was reverted, but instead
of reopening the console before configuring color output, we just ignore what
stdout is connected to and decide based on the variables only.
This way, invoking nspawn from a shell in the best case inherits the TERM
setting all the way down into the login shell spawned in the container.
Fixes: #3697
but also on all other consoles. This does help on e.g. mainframes
where often a serial console together with other consoles are
used. Even rack based servers attachted to both a serial console
as well as having a virtual console do sometimes miss a connected
monitor.
To be able to ask on all terminal devices of /dev/console the devices
are collected. If more than one device are found, then on each of the
terminals a inquiring task for passphrase is forked and do not return
to the caller.
Every task has its own session and its own controlling terminal.
If one of the tasks does handle a password, the remaining tasks
will be terminated.
Also let contradictory options on the command of
systemd-tty-ask-password-agent fail.
Spwan for each device of the system console /dev/console a own process.
Replace the system call wait() with with system call waitid().
Use SIGTERM instead of SIGHUP to get unresponsive childs down.
Port the collect_consoles() function forward to a pulbic and strv
based function "get_kernel_consoles()" in terminal-util.c and use this
in tty-ask-password-agent.c.
After all it's something that we query over and over.
For example, systemctl calls colors_enabled() four times for each failing
service. The compiler is unable to optimize those calls away because they
(potentially) accesses external and global state through on_tty() and
getenv().
... to determine if color output should be enabled. If the variable is not set,
fall back to using on_tty(). Also, rewrite existing code to use
colors_enabled() where appropriate.
gcc is confused by the common idiom of
return errno ? -errno : -ESOMETHING
and thinks a positive value may be returned. Replace this condition
with errno > 0 to help gcc and avoid many spurious warnings. I filed
a gcc rfe a long time ago, but it hard to say if it will ever be
implemented [1].
Both conventions were used in the codebase, this change makes things
more consistent. This is a follow up to bcb161b023.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846
Lennart Poettering