picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
39562 commits 2 branches 0 tags 166 MiB
Commit graph

4847 commits

Author SHA1 Message Date
Tom Yan 142b8142d7 mount/generators: do not make unit wanted by its device unit 
As device units will be reloaded by systemd whenever the corresponding device generates a "changed" event, if the mount unit / cryptsetup service is wanted by its device unit, the former can be restarted by systemd unexpectedly after the user stopped them explicitly. It is not sensible at all and can be considered dangerous. Neither is the behaviour conventional (as `auto` in fstab should only affect behaviour on boot and `mount -a`) or ever documented at all (not even in systemd, see systemd.mount(5) and crypttab(5)).
 2019-02-15 00:16:54 +08:00
Alberts Muktupāvels 52c6c9eaec core: when we uninstall a job, add unit to dbus queue 
Commit e6d05912cb added unit to dbus
queue on job install. Do same on job uninstall to make sure we get
PropertiesChanged signal.
 2019-02-12 16:55:45 +01:00
Stephan E ac8956efa2 Update mount.c 
typo in output
 2019-02-13 00:41:57 +09:00
Jan Engelhardt a6fe3b4894 rpm: use sh compatible redirects 
&> is bash-specific. Switch to something that will work with dash
and pbosh.
 2019-02-08 17:58:31 +01:00
NeilBrown 1cae151d8e automount: don't pass non-blocking pipe to kernel. 
Creating a pipe with O_NONBLOCK causes both the read and the write end to
be marked as non-blocking.
The "write" end is passed to the kernel autofs module, and it does not
expect a non-blocking pipe.  If it gets -EAGAIN when trying to write
(which is unlikely, but not completely impossible), it will close the
write end of the pipe, which leads to unexpected errors.

So change the code to only set O_NONBLOCK on the "read" end of the
pipe.  This is the only end that systemd interacts with, so the only end
it should be configuring.
 2019-02-08 10:33:26 +01:00
Yu Watanabe 64242fd307 core/dbus-service: empty assignment to PIDFile= resets the value 
Follow-up for a9353a5c5b.
 2019-02-06 17:58:52 +01:00
Yu Watanabe c79d66fc7e core/dbus-service: write PIDFile= setting to transient unit file 
Follow-up for a9353a5c5b.
 2019-02-06 17:58:40 +01:00
Yu Watanabe b8055c05e2 core/load-fragment: empty assignment to PIDFile= resets the value 
Follow-up for a9353a5c5b.
 2019-02-06 17:58:24 +01:00
Topi Miettinen a21760454d Detect file truncation earlier in a few places 
Users of read_one_line_file() for APIVFS entries are ignored as they are
assumed to never get truncated.
 2019-02-02 16:25:32 +02:00
Lennart Poettering 92dc48ac45
Merge pull request #11540 from taro-yamada/mytest 
ReFix #11128
 2019-01-29 11:27:42 +01:00
Daniel Black c53d2d54bd service: make killmode=cgroup|mixed, SendSIGKILL=no services singletons 
KillMode=mixed and control group are used to indicate that all
process should be killed off. SendSIGKILL is used for services
that require a clean shutdown. These are typically database
service where a SigKilled process would result in a lengthy
recovery and who's shutdown or startup time is quite variable
(so Timeout settings aren't of use).

Here we take these two factors and refuse to start a service if
there are existing processes within a control group. Databases,
while generally having some protection against multiple instances
running, lets not stress the rigor of these. Also ExecStartPre
parts of the service aren't as rigoriously written to protect
against against multiple use.

closes #8630
 2019-01-29 15:35:59 +11:00
Taro Yamada 6cff72eb0a Add a warning about the difference in permissions between existing directories and unit settings. 
To follows the intent of 30c81ce, this change does not execute chmod() and just add warnings.
 2019-01-29 09:52:21 +09:00
Taro Yamada ff9e7900c0 Revert "Fixes #11128" 
This reverts commit 0bf05f0122 because it breaks 30c81ce.
Please see #11540.
 2019-01-27 13:43:30 +09:00
Lennart Poettering a90d944359
Merge pull request #11562 from yuwata/fix-11558 
core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set
 2019-01-26 14:46:48 +01:00
Lennart Poettering f2500feadf
Merge pull request #11466 from keszybz/fix-loop-remounts 
pid1: fix cleanup of stale implicit deps based on /proc/self/mountinfo
 2019-01-26 14:42:02 +01:00
Zbigniew Jędrzejewski-Szmek c52c2dc64f pid1: fix cleanup of stale implicit deps based on /proc/self/mountinfo 
The problem was introduced in a37422045fbb68ad68f734e5dc00e0a5b1759773:
we have a unit which has a fragment, and when we'd update it based on
/proc/self/mountinfo, we'd say that e.g. What=/dev/loop8 has origin-fragment.
This commit changes two things:
- origin-fragment is changed to origin-mountinfo-implicit
- when we stop a unit, mountinfo information is flushed and all deps based
  on it are dropped.

The second step is important, because when we restart the unit, we want to
notice that we have "fresh" mountinfo information. We could keep the old info
around and solve this in a different way, but keeping stale information seems
inelegant.

Fixes #11342.
 2019-01-26 14:40:50 +01:00
Lennart Poettering 67216ef8f2
Merge pull request #11530 from keszybz/journal-cache-trimming 
Journal cache trimming
 2019-01-26 13:55:55 +01:00
Yu Watanabe 8c8203db90 core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set 
Follow-up for d54bab90e6.

Fixes #11558.
 2019-01-26 12:00:18 +01:00
Chris Lamb 4605de118d Correct more spelling errors. 2019-01-23 23:34:52 +01:00
Zbigniew Jędrzejewski-Szmek c482724aa5 procfs-util: expose functionality to query total memory 
procfs_memory_get_current is renamed to procfs_memory_get_used, because
"current" can mean anything, including total memory, used memory, and free
memory, as long as the value is up to date.

No functional change.
 2019-01-22 17:43:13 +01:00
Lennart Poettering 04ba6ed167
Merge pull request #11501 from yuwata/fix-9426 
sd-device: do not save e.g., DEVPATH or INTERFACE properties to udev database
 2019-01-22 11:57:06 +01:00
Taro Yamada 0bf05f0122 Fixes #11128 2019-01-22 11:14:51 +01:00
Zbigniew Jędrzejewski-Szmek 3a57413c26
Merge pull request #11448 from poettering/rlimit-pid1-fixo 
RLIMIT_MEMLOCK fixes
 2019-01-22 10:07:52 +01:00
Yu Watanabe 302ddcdc0a core/device: fix log message 2019-01-22 14:51:02 +09:00
Jonathon Kowalski 78218e6243 Enable some more debug logging for transaction building 2019-01-21 11:39:06 +01:00
Jonathon Kowalski 6255af75d7 Return -EAGAIN instead of -EALREADY from unit_reload 
Fixes: #11499

Let's return -EAGAIN so that on state change, unit_process_job tries to
add our job to run_queue again so that all the reloads that coalesced
into the installed reload (which itself merged into a running one)
inititally atleast runs *once*. This should ensure service picks up all
config changes reliably.

See the issue being fixed for a detailed explanation.
 2019-01-20 22:12:24 +00:00
Lennart Poettering ce932d2d33 execute: make sure to call into PAM after initializing resource limits 
We want that pam_limits takes precedence over our settings, after all.

Fixes: #11386
 2019-01-18 17:31:36 +01:00
Lennart Poettering 99a2fd3bca main: when generating the resource limit to pass to children, take FD_SETSIZE into consideration 
When we synthesize a "struct rlimit" structure to pass on for
RLIMIT_NOFILE to our children, let's explicitly make sure that the soft
limit is not above FD_SETSIZE, for compat reason with select().

Note this only applies when we derive the "struct rlimit" from what we
inherited. If the user configures something explicitly it always takes
precedence.
 2019-01-18 17:31:36 +01:00
Lennart Poettering cda7faa9a5 main: don't bump resource limits if they are higher than we need them anyway 
This matters in particular in the case of --user, since there we lack
the privs to bump the limits up again later on when invoking children.
 2019-01-18 17:31:36 +01:00
Lennart Poettering ddfa8b0b3b main: add commenting, clean up handling of saved resource limits 
This doesn't really change behaviour, but adds comments and uses more
symbolic names for everything, to make this more readable.
 2019-01-18 17:31:36 +01:00
Lennart Poettering c0d7695908 main: when bumping RLIMIT_MEMLOCK, save the previous value to pass to children 
Let's make sure that the bumping of RLIMIT_MEMLOCK does not leak into
our children.
 2019-01-18 17:31:36 +01:00
Zbigniew Jędrzejewski-Szmek b7bbf89025 core/mount: move static function earlier in file 
No functional change.
 2019-01-18 14:04:26 +01:00
Jonathon Kowalski 03ff2dc71e Change job mode of manager triggered restarts to JOB_REPLACE 
Fixes: #11305
Fixes: #3260
Related: #11456

So, here's what happens in the described scenario in #11305. A unit goes
down, and that triggeres stop jobs for the other two units as they were
bound to it. Now, the timer for manager triggered restarts kicks in and
schedules a restart job with the JOB_FAIL job mode. This means there is
a stop job installed on those units, and now due to them being bound to
us they also get a restart job enqueued. This however is a conflicts, as
neither stop can merge into restart, nor restart into stop. However,
restart should be able to replace stop in any case. If the stop
procedure is ongoing, it can cancel the stop job, install itself, and
then after reaching dead finish and convert itself to a start job.
However, if we increase the timer, then it can always take those units
from inactive -> auto-restart.

We change the job mode to JOB_REPLACE so the restart job cancels the
stop job and installs itself.

Also, the original bug could be worked around by bumping RestartSec= to
avoid the conflicting.

This doesn't seem to be something that is going to break uses. That is
because for those who already had it working, there must have never been
conflicting jobs, as that would result in a desctructive transaction by
virtue of the job mode used.

After this change, the test case is able to work nicely without issues.
 2019-01-18 13:50:52 +01:00
Lennart Poettering 5356ad6c36
Merge pull request #11465 from poettering/daemon-bus-flush 
flush+close bus connections explicitly when our daemons go down
 2019-01-18 13:48:52 +01:00
Lennart Poettering 92e29d82e6 tree-wide: fix some trailing whitespace 
@bl33pbl0p, please fix your editor

(Apparently you never configured the source tree? If you did, then the
git pre-commit hook would have been enabled which doesn't allow
commiting non-whitespace clean stuff...)
 2019-01-17 20:06:28 +01:00
Lennart Poettering 81a40363f5 core: shorten code by using new helper 2019-01-17 16:12:38 +01:00
Lennart Poettering b1a4981aed tree-wide: whenever we allocate a new bus object, close it before dropping final ref 
This doesn't really change much, but feels more correct to do, as it
ensures that all messages currently queued in the bus connections are
definitely unreffed and thus destryoing of the connection object will
follow immediately.

Strictly speaking this change is entirely unnecessary, since nothing
else could have acquired a ref to the connection and queued a message
in, however, now that we have the new sd_bus_close_unref() helper it
makes a lot of sense to use it here, to ensure that whatever happens
nothing that might have been queued fucks with us.
 2019-01-17 16:12:38 +01:00
Lennart Poettering bd62b74486 sd-bus: add sd_bus_close_unref() helper 
It's similar to sd_bus_flush_close_unref() but doesn't do the flushing.
This is useful since this will still discnnect the connection properly
but not synchronously wait for the peer to take our messages.

Primary usecase is within _cleanup_() expressions where synchronously
waiting on the peer is not OK.
 2019-01-17 16:12:38 +01:00
Aaron Plattner 119f0f2876 core: Fix -EOPNOTSUPP emergency action error string 
The error string for operations that are not supported (e.g. "shutdown" for
user-defined units) should take two arguments, where the first one is the type
of action being defined (i.e. "FailureAction" vs. "SuccessAction") and the
second is the string that was invalid.

Currently, the code prints this:

 $ systemd-run --user --wait -p SuccessAction=poweroff true
 Failed to start transient service unit: EmergencyAction setting invalid for manager type: SuccessAction

Change the format string to instead print:

 $ systemd-run --user --wait -p SuccessAction=poweroff true
 Failed to start transient service unit: SuccessAction setting invalid for manager type: poweroff
 2019-01-17 09:17:15 +01:00
Aaron Plattner db2df5500e core: Fix return argument check for parse_emergency_action 
This function returns 0 on success and a negative value on failure. On success,
it writes the parsed action to the address passed in its third argument.

`bus_set_transient_emergency_action` does this:

 r = parse_emergency_action(s, system, &v);
 if (v < 0)
     // handle failure

However, `v` is not updated if the function fails, and this should be checking
`r` instead of `v`.

The result of this is that if an invalid failure (or success) action is
specified, systemd ends up creating the unit anyway and then misbehaves if it
tries to run the failure action because the action value comes from
uninitialized stack data. In my case, this resulted in a failed assertion:

 Program received signal SIGABRT, Aborted.
 0x00007fe52cca0d7f in raise () from /snap/usr/lib/libc.so.6
 (gdb) bt
 #0  0x00007fe52cca0d7f in raise () from /snap/usr/lib/libc.so.6
 #1  0x00007fe52cc8b672 in abort () from /snap/usr/lib/libc.so.6
 #2  0x00007fe52d66f169 in log_assert_failed_realm (realm=LOG_REALM_SYSTEMD, text=0x56177ab8e000 "action < _EMERGENCY_ACTION_MAX", file=0x56177ab8dfb8 "../src/core/emergency-action.c", line=33, func=0x56177ab8e2b0 <__PRETTY_FUNCTION__.14207> "emergency_action") at ../src/basic/log.c:795
 #3  0x000056177aa98cf4 in emergency_action (m=0x56177c992cb0, action=2059118610, options=(unknown: 0), reboot_arg=0x0, exit_status=1, reason=0x7ffdd2df4290 "unit run-u0.service failed") at ../src/core/emergency-action.c:33
 #4  0x000056177ab2b739 in unit_notify (u=0x56177c9eb340, os=UNIT_ACTIVE, ns=UNIT_FAILED, flags=(unknown: 0)) at ../src/core/unit.c:2504
 #5  0x000056177aaf62ed in service_set_state (s=0x56177c9eb340, state=SERVICE_FAILED) at ../src/core/service.c:1104
 #6  0x000056177aaf8a29 in service_enter_dead (s=0x56177c9eb340, f=SERVICE_SUCCESS, allow_restart=true) at ../src/core/service.c:1712
 #7  0x000056177aaf9233 in service_enter_signal (s=0x56177c9eb340, state=SERVICE_FINAL_SIGKILL, f=SERVICE_SUCCESS) at ../src/core/service.c:1854
 #8  0x000056177aaf921b in service_enter_signal (s=0x56177c9eb340, state=SERVICE_FINAL_SIGTERM, f=SERVICE_SUCCESS) at ../src/core/service.c:1852
 #9  0x000056177aaf8eb3 in service_enter_stop_post (s=0x56177c9eb340, f=SERVICE_SUCCESS) at ../src/core/service.c:1788
 #10 0x000056177aaf91eb in service_enter_signal (s=0x56177c9eb340, state=SERVICE_STOP_SIGKILL, f=SERVICE_SUCCESS) at ../src/core/service.c:1850
 #11 0x000056177aaf91bc in service_enter_signal (s=0x56177c9eb340, state=SERVICE_STOP_SIGTERM, f=SERVICE_FAILURE_EXIT_CODE) at ../src/core/service.c:1848
 #12 0x000056177aaf9759 in service_enter_running (s=0x56177c9eb340, f=SERVICE_FAILURE_EXIT_CODE) at ../src/core/service.c:1941
 #13 0x000056177ab005b7 in service_sigchld_event (u=0x56177c9eb340, pid=112, code=1, status=1) at ../src/core/service.c:3296
 #14 0x000056177aad84b5 in manager_invoke_sigchld_event (m=0x56177c992cb0, u=0x56177c9eb340, si=0x7ffdd2df48f0) at ../src/core/manager.c:2444
 #15 0x000056177aad88df in manager_dispatch_sigchld (source=0x56177c994710, userdata=0x56177c992cb0) at ../src/core/manager.c:2508
 #16 0x00007fe52d72f807 in source_dispatch (s=0x56177c994710) at ../src/libsystemd/sd-event/sd-event.c:2846
 #17 0x00007fe52d730f7d in sd_event_dispatch (e=0x56177c993530) at ../src/libsystemd/sd-event/sd-event.c:3229
 #18 0x00007fe52d73142e in sd_event_run (e=0x56177c993530, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3286
 #19 0x000056177aad9f71 in manager_loop (m=0x56177c992cb0) at ../src/core/manager.c:2906
 #20 0x000056177aa7c876 in invoke_main_loop (m=0x56177c992cb0, ret_reexecute=0x7ffdd2df4bff, ret_retval=0x7ffdd2df4c04, ret_shutdown_verb=0x7ffdd2df4c58, ret_fds=0x7ffdd2df4c70, ret_switch_root_dir=0x7ffdd2df4c48, ret_switch_root_init=0x7ffdd2df4c50, ret_error_message=0x7ffdd2df4c60) at ../src/core/main.c:1792
 #21 0x000056177aa7f251 in main (argc=2, argv=0x7ffdd2df4e78) at ../src/core/main.c:2573

Fix this by checking the correct variable.
 2019-01-17 09:17:15 +01:00
bl33pbl0p 28d78d0726 Log the job being merged 
Makes it easier to understand what was merged (and easier to realize why).

Example is a start job running, and another unit triggering a verify-active job. It is not clear what job was it that from baz.service that merged into the installed job for bar.service in the debug logs. This makes it useful when debugging issues.

Jan 15 11:45:58 jupiter systemd[1218]: baz.service: Trying to enqueue job baz.service/start/replace
Jan 15 11:45:58 jupiter systemd[1218]: baz.service: Installed new job baz.service/start as 498
Jan 15 11:45:58 jupiter systemd[1218]: bar.service: Merged into installed job bar.service/start as 497
Jan 15 11:45:58 jupiter systemd[1218]: baz.service: Enqueued job baz.service/start as 498

It becomes:
Jan 15 11:45:58 jupiter systemd[1218]: bar.service: Merged bar.service/verify-active into installed job bar.service/start as 497
 2019-01-16 12:34:54 +01:00
Topi Miettinen a1e92eee3e Remove 'inline' attributes from static functions in .c files (#11426) 
Let the compiler perform inlining (see #11397).
 2019-01-15 08:12:28 +01:00
Topi Miettinen 7ae3561a5a Delete duplicate lines 
Found by inspecting results of running this small program:

int main(int argc, const char **argv) {
	for (int i = 1; i < argc; i++) {
		FILE *f;
		char line[1024], prev[1024], *r;
		int lineno;

		prev[0] = '\0';
		lineno = 1;
		f = fopen(argv[i], "r");
		if (!f)
			exit(1);
		do {
			r = fgets(line, sizeof(line), f);
			if (!r)
				break;
			if (strcmp(line, prev) == 0)
				printf("%s:%d: error: dup %s", argv[i], lineno, line);
			lineno++;
			strcpy(prev, line);
		} while (!feof(f));
		fclose(f);
	}
}
 2019-01-12 16:02:26 +01:00
Yu Watanabe 8f44e0f419
Merge pull request #11361 from yuwata/follow-up-11352 
core/socket: two follow-ups for #11352
 2019-01-10 14:25:58 +09:00
Yu Watanabe d253a45e1c core/mount: make mount_setup_existing_unit() not drop MOUNT_PROC_JUST_MOUNTED flag from units 
This fixes a bug introduced by ec88d1ea05.

Fixes #11362.
 2019-01-09 12:51:00 +01:00
Yu Watanabe d501e52bf1 core/socket: drop unnecessary assignment to 'r' 
Follow-up for e541734528.

As suggested in #11352.
 2019-01-09 02:11:19 +09:00
Yu Watanabe 6548603235 core/socket: use macro to define log_address_error_errno() 
Then, it is not necessary to suppress warnings.

Follow-up for ae05e1b658.
 2019-01-09 02:09:36 +09:00
Yu Watanabe ae05e1b658 core/socket: logs address or path which fails to be initialized 
Closes #11348.
 2019-01-08 04:40:46 +09:00
Yu Watanabe e541734528 core/socket: use _cleanup_ attribute for closing fds on error 2019-01-08 04:11:59 +09:00
Yu Watanabe fc2d74ab05 core/socket: use log_unit_*() 2019-01-08 04:11:45 +09:00
Frantisek Sumsal 4a2c3dc318
Merge pull request #11252 from evverx/use-asan-wrapper-on-travis-ci 
travis: run PID1, journald and everything else under ASan+UBsan
 2019-01-06 18:48:38 +01:00
Zbigniew Jędrzejewski-Szmek 3042bbebdd tree-wide: use c99 static for array size declarations 
https://hamberg.no/erlend/posts/2013-02-18-static-array-indices.html

This only works with clang, unfortunately gcc doesn't seem to implement the check
(tested with gcc-8.2.1-5.fc29.x86_64).

Simulated error:
[2/3] Compiling C object 'systemd-nspawn@exe/src_nspawn_nspawn.c.o'.
../src/nspawn/nspawn.c:3179:45: warning: array argument is too small; contains 15 elements, callee requires at least 16 [-Warray-bounds]
                        candidate = (uid_t) siphash24(arg_machine, strlen(arg_machine), hash_key);
                                            ^                                           ~~~~~~~~
../src/basic/siphash24.h:24:64: note: callee declares array parameter as static here
uint64_t siphash24(const void *in, size_t inlen, const uint8_t k[static 16]);
                                                               ^~~~~~~~~~~~
 2019-01-04 12:37:25 +01:00
YunQiang Su f5855697aa Pass separate dev_t var to device_path_parse_major_minor 
MIPS/O32's st_rdev member of struct stat is unsigned long, which
is 32bit, while dev_t is defined as 64bit, which make some problems
in device_path_parse_major_minor.

Don't pass st.st_rdev, st_mode to device_path_parse_major_minor,
while pass 2 seperate variables. The result of stat is alos copied
out into these 2 variables. Fixes: #11247
 2019-01-03 15:04:08 +01:00
Yu Watanabe a92f2af28a
Merge pull request #11230 from keszybz/version-string-alt 
Generate version string from git describe (alternative approach)
 2019-01-03 21:33:55 +09:00
Chris Down 4e1dfa45e9 cgroup: s/cgroups? ?v?([0-9])/cgroup v\1/gI 
Nitpicky, but we've used a lot of random spacings and names in the past,
but we're trying to be completely consistent on "cgroup vN" now.

Generated by `fd -0 | xargs -0 -n1 sed -ri --follow-symlinks 's/cgroups?  ?v?([0-9])/cgroup v\1/gI'`.

I manually ignored places where it's not appropriate to replace (eg.
"cgroup2" fstype and in src/shared/linux).
 2019-01-03 11:32:40 +09:00
Evgeny Vereshchagin 7e11a95e41 tests: reproduce https://github.com/systemd/systemd/issues/11251 2018-12-29 19:14:28 +01:00
Dave Reisner 8ca9e92c74 Make default locale a compile time option 
Default to a locale that's guaranteed to exist everywhere, but let
distros override this with something more exotic if they choose to.

Closes #11259.
 2018-12-29 21:43:04 +09:00
Evgeny Vereshchagin 7334ade4a7 core: free lines after reading them 
Closes https://github.com/systemd/systemd/issues/11251.
 2018-12-28 15:36:00 +09:00
Patrick Williams 8eab766804 core: support %j in unit dependency resolution 
Commit 250e9fadbc introduced
support for %j/%J specifier in unit files.  The function
unit_name_printf is used in unit dependency resolution,
such as Wants / After directives, but was missing support
for the %j.  Add to allow directives such as:

    [Unit]
    Wants=bar-%j.target

Fixes: systemd/systemd#11217
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
 2018-12-22 17:21:13 +09:00
Zbigniew Jędrzejewski-Szmek 3d3075e309 meson: simplify handling of pkgconfigdatadir=no, pkgconfiglibdir=no 
The idea was that those vars could be configured to 'no' to not install the .pc
files, or they could be set to '', and then they would be built but not
installed. This was inherited from the autoconf build system. This couldn't
work because '' is replaced by the default value. Also, having this level of
control doesn't seem necessary, since creating those files is very
quick. Skipping with 'no' was implemented only for systemd.pc and not the other
.pc files. Let's simplify things and skip installation if the target dir
is configured as 'no' for all .pc files.
 2018-12-21 13:43:20 +01:00
Zbigniew Jędrzejewski-Szmek 681bd2c524 meson: generate version tag from git 
$ build/systemctl --version
systemd 239-3555-g6178cbb5b5
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid
$ git tag v240 -m 'v240'
$ ninja -C build
ninja: Entering directory `build'
[76/76] Linking target fuzz-unit-file.
$ build/systemctl --version
systemd 240
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid

This is very useful during development, because a precise version string is
embedded in the build product and displayed during boot, so we don't have to
guess answers for questions like "did I just boot the latest version or the one
from before?".

This change creates an overhead for "noop" builds. On my laptop, 'ninja -C
build' that does nothing goes from 0.1 to 0.5 s. It would be nice to avoid
this, but I think that <1 s is still acceptable.

Fixes #7183.

PACKAGE_VERSION is renamed to GIT_VERSION, to make it obvious that this is the
more dynamically changing version string.

Why save to a file? It would be easy to generate the version tag using
run_command(), but we want to go through a file so that stuff gets rebuilt when
this file changes. If we just defined an variable in meson, ninja wouldn't know
it needs to rebuild things.
 2018-12-21 13:43:20 +01:00
Zbigniew Jędrzejewski-Szmek a67c318df8 meson: define PROJECT_VERSION as the "bare" project version 
Let's not use atoi() if we can simply provide the project version as a number.

In C code, this is the numerical project version. In substitutions in other
files, this is just the bare substitution.

The "PACKAGE_" prefix is from autotools, and is strange. We call systemd a
"project", and "package" is something that distros build. Let's rename.

PACKAGE_URL is renamed to PROJECT_URL for the same reasons and for consistency.

(This leave PACKAGE_VERSION as the stringified define for C code.)
 2018-12-20 21:35:29 +01:00
Zbigniew Jędrzejewski-Szmek ec8126d723 Revert "core/mount: minimize impact on mount storm." 
This reverts commit 89f9752ea0.

This patch causes various problems during boot, where a "mount storm" occurs
naturally. Current approach is flakey, and it seems very risky to push a
feature like this which impacts boot right before a release. So let's revert
for now, and consider a more robust solution after later.

Fixes #11209.

> https://github.com/systemd/systemd/pull/11196#issuecomment-448523186:
"Reverting 89f9752ea0 and fcfb1f775e fixes this test."
 2018-12-19 11:37:41 +01:00
Zbigniew Jędrzejewski-Szmek e36db50075 Revert "mount: disable mount-storm protection while mount unit is starting." 
This reverts commit fcfb1f775e.
 2018-12-19 11:32:17 +01:00
Zbigniew Jędrzejewski-Szmek d2aaf13099 Remove use of PACKAGE_STRING 
PACKAGE_VERSION is more explicit, and also, we don't pretend that changing the
project name in meson.build has any real effect. "systemd" is embedded in a
thousand different places, so let's just use the hardcoded string consistently.
This is mostly in preparation for future changes.
 2018-12-19 09:29:32 +01:00
NeilBrown fcfb1f775e mount: disable mount-storm protection while mount unit is starting. 
The starting of mount units requires that changes to
/proc/self/mountinfo be processed before the SIGCHILD from the
completion of /sbin/mount is processed, as described by the comment
  /* Note that due to the io event priority logic, we can be sure the new mountinfo is loaded
   * before we process the SIGCHLD for the mount command. */

The recently-added mount-storm protection can defeat this as it
will sometimes deliberately delay processing of /proc/self/mountinfo.

So we need to disable mount-storm protection when a mount unit is starting.
We do this by keeping a counter of the number of pending
mounts, and disabling the protection when this is non-zero.

Thanks to @asavah for finding and reporting this problem.
 2018-12-19 00:44:19 +01:00
Michal Sekletar 4c70a4a748 core: do cgroup migration first and only then connect to journald 
Fixes #11162
 2018-12-17 19:22:30 +01:00
Alexey Bogdanenko 8f9f3cb724 core: fix KeyringMode for user services 
KeyringMode option is useful for user services. Also, documentation for the
option suggests that the option applies to user services. However, setting the
option to any of its allowed values has no effect.

This commit fixes that and removes EXEC_NEW_KEYRING flag. The flag is no longer
necessary: instead of checking if the flag is set we can check if keyring_mode
is not equal to EXEC_KEYRING_INHERIT.
 2018-12-17 16:56:36 +01:00
Zbigniew Jędrzejewski-Szmek 582de70f2f
Merge pull request #11086 from poettering/nscd-cache-flush 
flush nscd's caches when we register user/groups/hostnames
 2018-12-17 11:29:58 +01:00
Khem Raj baa162cecd core: Fix use after free case in load_from_path() 
ensure that mfree() on filename is called after the logging function
which uses the string pointed by filename

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2018-12-16 22:02:00 -08:00
NeilBrown 89f9752ea0 core/mount: minimize impact on mount storm. 
If we create 2000 mounts (on a 1-CPU qemu VM) with
  mkdir -p /MNT/{1..2000}
  time for i in {1..2000}; do mount --bind /etc /MNT/$i ; done

it takes around 20 seconds to complete.  Much of this time is taken up
by systemd repeatedly processing /proc/self/mountinfo.
If I disable the processing, the time drops to about 4 seconds.

I have reports that on a larger system with multiple active user sessions, each
with it's own systemd, the impact can be higher.

One particular use-case where a large number of mounts can be expected in quick
succession is when the "clearcase" SCM starts up.

This patch modifies the handling up events from /proc/self/mountinfo so
that systemd backs off when a storm is detected.  Specifically the time to process
mountinfo is measured, and the process will not be repeated until 10 times
that duration has passed.  This ensures systemd won't use more than 10% of
real time processing mountinfo.

With this patch, my test above takes about 5 seconds.
 2018-12-16 12:38:40 +01:00
Lennart Poettering 2d41e9b7a0
Merge pull request #11143 from keszybz/enable-symlink 
Runtime mask symlink confusion fix
 2018-12-16 12:37:07 +01:00
Lennart Poettering 460ec54908 core: flush nscd's caches whenever we allocate/release a dynamic user 
This should make dynamic users and nscd work together better.

Fixes: #10740
 2018-12-15 12:10:19 +01:00
Zbigniew Jędrzejewski-Szmek 58d9d89b4b pid1: fix free of uninitialized pointer in unit_fail_if_noncanonical() 
https://bugzilla.redhat.com/show_bug.cgi?id=1653068
 2018-12-14 11:21:16 +01:00
Chris Down 0c17c00433
Merge pull request #11131 from poettering/make-lucab-happy 
optionally relabel additional files/dirs for selinux after loading policy
 2018-12-12 23:17:39 +00:00
Chris Down cb5e3bc37d cgroup: Don't explicitly check for member in UNIT_BEFORE 
The parent slice is always filtered ahead of time from UNIT_BEFORE, so
checking if the current member is the same as the parent unit will never
pass.

I may also write a SLICE_FOREACH_CHILD macro to remove some more of the
parent slice checks, but this requires a bit of a rework and general
refactoring and may not be worth it, so let's just do this for now.
 2018-12-12 20:50:10 +01:00
Chris Down e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Lennart Poettering 70a74ec645 mount-setup: don't consider it reason to fail if we can't relabel cgroupfs 
We usually don't care much about relabel failures, let's not do that
here either.
 2018-12-12 20:46:07 +01:00
Lennart Poettering c4217b43d1 mount-setup: use FOREACH_STRING where appropriate 2018-12-12 20:46:07 +01:00
Lennart Poettering 65e183d789 mount-setup: optionally, relabel a configured set of files/dirs after loading policy 
Fixes: #10466
 2018-12-12 20:46:07 +01:00
Zbigniew Jędrzejewski-Szmek 303ee60151 Mark *data and *userdata params to specifier_printf() as const 
It would be very wrong if any of the specfier printf calls modified
any of the objects or data being printed. Let's mark all arguments as const
(primarily to make it easier for the reader to see where modifications cannot
occur).
 2018-12-12 16:45:33 +01:00
Lennart Poettering a95c0505ad core: extend comments regarding coldplug() vs. catchup() 2018-12-12 11:20:53 +01:00
Lennart Poettering a1c7334b61 core: when a unit state changes only propagate to jobs after reloading is complete 
Previously, we'd immediately propagate unit state changes into any jobs
pending for them, always. With this we only do this if the manager is
out of the "reload" state. This fixes the problem #8803 tried to
address, by simply not completing jobs until after the reload (and thus
reestablishment of the dbus connection) is complete.

Note that there's no need to later on explicitly catch up with the
missed job state changes (i.e. there's no need to call
unit_process_job() later one explicitly). That's because for jobs in
JOB_WAITING state on deserialization all jobs are requeued into the run
queue anyway, and thus checked again if they can complete now. And for
JOB_RUNNING jobs unit_catchup() phase is going to trigger missed out
state changes *after* the reload complete anyway (after all that's what
distinguishes from unit_coldplug()).

Replaces: #8803
 2018-12-12 11:15:07 +01:00
Lennart Poettering 16c74914d2 core: split out all logic that updates a Job on a unit's unit_notify() invocation 
Just some refactoring, no change in behaviour.
 2018-12-12 11:15:07 +01:00
Lennart Poettering b17c9620c8 core: rework how we deserialize jobs 
Let's add a helper call unit_deserialize_job() for this purpose, and
let's move registration in the global jobs hash table into
job_install_deserialized() so that it it is done after all superficial
checks are done, and before transitioning into installed states, so that
rollback code is not necessary anymore.
 2018-12-12 11:15:07 +01:00
Lennart Poettering 48235ad6b7 job: be more careful when removing job object from jobs hash table 
Let's validate that the ID is actually allocated to us before remove a
job.

This is relevant as various bits of code will call job_free() on
partially set up Job objects, and we really shouldn't remove another job
object accidentally from the hash table, when the set up didn't
complete.
 2018-12-12 11:15:07 +01:00
Lennart Poettering 4a53080be6 core: don't track jobs-finishing-during-reload explicitly 
Memory management is borked for this, and moreover this is unnecessary
since f0831ed2a0, i.e. since coldplug() and catchup() are two different
concepts: the former restoring the state from before a reload, the
latter than adjusting it again to the actual status in effect after the
reload.

Fixes: #10716
Mostly reverts: #8803
 2018-12-12 11:15:06 +01:00
Lennart Poettering 728ba51e98 job: update job_free() to follow our usual return-NULL style 2018-12-12 11:14:26 +01:00
Zbigniew Jędrzejewski-Szmek d7ef125726 core: fix typo in comment 2018-12-11 22:20:07 +01:00
Lennart Poettering d742f4b54b cgroup: correct mangling of return values 
Let's nor return the unmangled return value before we actually mangle
it.

Fixes: #11062
 2018-12-10 16:09:41 +01:00
Lennart Poettering 92a993041a cgroup: call cg_all_unified() right before using the result 
Let's not query it before we actually need it.
 2018-12-10 16:09:41 +01:00
Lennart Poettering 8f3fd07ac0
Merge pull request #11105 from keszybz/path-parsing 
Some tightening of our path parsing code
 2018-12-10 15:50:08 +01:00
Zbigniew Jędrzejewski-Szmek 1d4c6f5bef pid1: set Description even for devices which don't exist yet 
We'd only set the description after the device appeared in sysfs, so
we'd always print
"A start job is running for dev-disk-by\x2duuid-aaaa ... aaaa.device (42s / 1min 30s)"
Let's make this
"A start job is running for /dev/disk/by-duuid/aaaa ... aaaa (42s / 1min 30s)"

https://bugzilla.redhat.com/show_bug.cgi?id=1655860
 2018-12-10 14:00:42 +01:00
Lennart Poettering 2327f95499
Merge pull request #10984 from fbuihuu/tmpfiles-be-more-explicit-with-unsafe-transition 
tmpfiles: be more explicit when an unsafe path transition is met
 2018-12-10 12:31:56 +01:00
Zbigniew Jędrzejewski-Szmek 4cb06c5949 Use VLA instead of alloca 
The test is the same, but an array is more readable.
 2018-12-10 11:57:26 +01:00
Zbigniew Jędrzejewski-Szmek 60473f0c23 pid1: fix (harmless) off-by-one in PATH_MAX comparison 
PATH_MAX is supposed to include the terminating NUL byte. But we already
check that there is no NUL byte in the specified path. Hence the maximum
length we can expect is PATH_MAX - 1.

This doesn't change much, but makes this use of PATH_MAX consistent with the
rest of the codebase.
 2018-12-10 11:57:26 +01:00
Franck Bui 36c97decbe fs-util: make chase_symlink() returns -ENOLINK when unsafe transitions are met 
We previously returned -EPERM but it can be returned for various other reasons
too.

Let's use -ENOLINK instead as this value shouldn't be used currently. This
allows users of CHASE_SAFE to detect without any ambiguities when unsafe
transitions are encountered by chase_symlinks().

All current users of CHASE_SAFE that explicitly reacted on -EPERM have been
converted to react on -ENOLINK.
 2018-12-10 09:18:27 +01:00
Lennart Poettering 06721f39f6 swap: always add in extras when we load a swap unit 
Much like for the mount units we need fields such as the slice
initialized by the time we activate the swap, hence when the kernel
let's us know about a new swap that appeared we need to initialize the
slice in any Swap object we allocated for that right-away, even if we
can't read the real unit file for the swap device.
 2018-12-07 17:35:32 +01:00
Lennart Poettering a0a424083f swap: drop return value 
We don't actually return any valid 'r' here, let's explicitly return 0
here hence instead.
 2018-12-07 17:35:32 +01:00
Lennart Poettering eb04385dc5 swap: don't propagate issues with processing /proc/swaps 
This follows similar recent changes in mount.c: error should be consider
local, and not be propagated.
 2018-12-07 17:35:32 +01:00
Lennart Poettering 46f944802c swap: when loading a unit from /proc/swaps, mark its load state as good 
This follows similar logic in the mount unit.
 2018-12-07 17:35:32 +01:00
Lennart Poettering 15332d738f swap: split out code adding in additional unit props into a function of its own 
This adds swap_add_extras() similar to mount_add_extras().

No change in behaviour, just some refactoring.
 2018-12-07 17:35:32 +01:00
Lennart Poettering ba6fbb2cee swap: fix misplaced comment 2018-12-07 17:35:32 +01:00
Lennart Poettering 31135818e4 swap: flush out state when activating a unit, not when deactivating it 
This is similar to the previous commit which did the same change for
mount units.
 2018-12-07 17:35:32 +01:00
Lennart Poettering 7eba1463de mount: flush out cycle state on DEAD→MOUNTED only, not the other way round 
For services (and other units) we generally follow the rule that at the
beginning of each cycle, i.e. when the INACTIVE/FAILED state is left for
ACTIVATING/ACTIVE we flush out various state variables. Mount units
handled this differently so far when the unit state change was effected
outside of systemd: in that case these variables would be flushed out
when going back to INACTIVE/FAILED already.

Let's fix that, and flush out this state always during the activating
transition, not during the deactivating transition.
 2018-12-07 17:35:32 +01:00
Lennart Poettering ec88d1ea05 mount: replace three closely related mount flags into a proper flags enum 
We pass these flags around, and even created a structure for them. Let's
fix things properly, and make them a flags value of its own.
 2018-12-07 17:35:32 +01:00
Lennart Poettering b6418dc94e mount: strdup() device paths we collect 
We never know what the changes triggered by mount_set_state() do to the
unit. Let's be safe and copy the device path into our set, so that we
are safe against that.
 2018-12-07 17:35:32 +01:00
Lennart Poettering f8064c4fda mount: when the kernel reports a mount to be established reset all kinds of load failures 
It doesn't matter what kind of precise failure we had earlier with
loading the unit, let's report that it loaded successfully now, after
all the kernel is an OK source for that, like any other.
 2018-12-07 17:35:32 +01:00
Lennart Poettering a37422045f mount: regenerate all deps whenever a mount's parameters changes 
Whenever we notice a change on an existing /proc/self/mountinfo line,
let's update the deps generated from it. For that, let's flush out the
old deps generated this way, and add in the new ones.

This takes benefit of the fact that today (unlike a comment this patch
removes says) we can remove deps in a somewhat reasonable way.
 2018-12-07 17:35:32 +01:00
Lennart Poettering 6d7e89b070 mount: when allocating a Mount object based on /proc/self/mountinfo mark it so 
Let's set 'from_proc_self_mountinfo' right away, since we know its from
there. This is important so that when the load queue is dispatched (and
thus mount_load() called) this
fact is already known.
 2018-12-07 17:35:32 +01:00
Lennart Poettering 26e35b164b mount: let mount_add_extras() take care of remote-fs.target deps 
In a previous commit we added logic that mount_add_extras() (or more
precisely mount_add_default_dependencies()) adds in dependencies on
remote-fs.target and local-fs.target, hence we can drop this from
mount_setup_new_unit() and let the usual load queue dispatching take
care of this.
 2018-12-07 17:34:29 +01:00
Lennart Poettering e10fe04266 mount: use free_and_strdup() over plain strdup() 
Let's initialize two fields with free_and_strdup() rather than directly
with strdup(). The fields should not be initialized so far, but it's
still nicer to be prepared for futzre code changes and always free
what's stored before replacing it.
 2018-12-07 17:34:29 +01:00
Lennart Poettering 60b8c203f8 mount: generate error message matching the error location 2018-12-07 17:34:29 +01:00
Lennart Poettering 839ee05838 mount: move allocation of Unit object into mount_setup_new_unit() 
This should encapsulate things in a nicer way.
 2018-12-07 17:34:29 +01:00
Lennart Poettering bbee24bc96 mount: add a common helper for filling in info from /proc/self/mountinfo 2018-12-07 17:30:14 +01:00
Lennart Poettering ba0d56f55f mount: don't propagate errors from mount_setup_unit() further up 
If we can't process a specific line in /proc/self/mountinfo we should
log about it (which we do), but this should not affect other lines, nor
further processing of mount units. Let's keep these failures local.

Fixes: #10874
 2018-12-07 17:30:14 +01:00
Lennart Poettering 3f459cd96e mount: simplify de-serialization of control PID a bit 2018-12-07 17:30:14 +01:00
Lennart Poettering 2c09fb818f mount: serialize umount retry counter across reloads/reexec 2018-12-07 17:30:14 +01:00
Lennart Poettering 780ae0221a mount: make sure mount_add_extras() is always invoked when we load a mount unit 
We need to make sure that the slice property is initialized whenever
mount_load() is invoked, even if we fail to load things properly off
disk. This is important since we generally don't allow changing the
slice after a unit has been started. But given that we must track the
state of external objects with mount units we must hence initialize the
property no matter what.
 2018-12-07 17:30:14 +01:00
Lennart Poettering 1f73647647 mount: document that mount_add_extras() must work with active units, too 2018-12-07 17:30:14 +01:00
Lennart Poettering d54bab90e6 mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too 
This deps are very similar to the -pre deps, hence establish them at the
same place, in particular as they should only be generated if default
deps are on.

This allows us to later on remove similar code that adds in these deps
whenever /proc/self/mountinfo changes.
 2018-12-07 17:30:14 +01:00
Lennart Poettering 32a5f8fe22 mount: remove unnecessary initialization of device_wants_mount and 'if' 2018-12-07 17:30:14 +01:00
Lennart Poettering a26592cf58 mount: use mfree() where appropriate 2018-12-07 17:30:14 +01:00
Lennart Poettering 06e457b1a3 mount: rename needs_quota() → mount_needs_quota() 
No change of logic, just some renaming, in order to match more closely
the naming of the other, similar functions.
 2018-12-07 17:30:14 +01:00
Lennart Poettering 7121cbcffe mount: merge redundant call mount_needs_network() into mount_is_network() 2018-12-07 17:30:14 +01:00
Zbigniew Jędrzejewski-Szmek 9b674e2581 core/device: fix typo 2018-12-07 15:39:52 +01:00
Zbigniew Jędrzejewski-Szmek 871fa294ff Merge pull request #10935 from poettering/rlimit-nofile-safe 
Merged by hand to resolve a trivial conflict in TODO.
 2018-12-06 17:19:21 +01:00
Yu Watanabe f0a43eb821
Merge pull request #11063 from yuwata/update-missing-v3 
missing: split missing.h into small pieces
 2018-12-06 16:54:27 +01:00
Zbigniew Jędrzejewski-Szmek 2d479ff1cc
Merge pull request #10963 from poettering/bus-force-state-change-signal 
force PropertiesChanged bus signal on all unit state changes
 2018-12-06 16:42:21 +01:00
Yu Watanabe e93672eeac tree-wide: drop missing.h from headers and use relevant missing_*.h 2018-12-06 13:31:16 +01:00
Lennart Poettering ee589a1882
Merge pull request #11041 from yuwata/update-missing-v2 
missing: separate missing.h more
 2018-12-04 16:19:02 +01:00
Lennart Poettering 1e9e7196cb
Merge pull request #11042 from yuwata/tiny-coding-style-fixes 
Tiny coding style fixes
 2018-12-04 16:15:09 +01:00
Lennart Poettering ea900d2bfe
Merge pull request #11009 from poettering/root-cgroup-again 
tweak root cgroup attribute fiddling for cgroupsv1 again
 2018-12-04 12:33:03 +01:00
Yu Watanabe f2a3de0116 tree-wide: add whitespace between type and variable name 2018-12-04 09:29:54 +01:00
Yu Watanabe 3843e8260c missing: rename securebits.h to missing_securebits.h 2018-12-04 07:49:24 +01:00
Lennart Poettering a365325e04
Merge pull request #10567 from cdown/disable_controller 
cgroup: Add DisableControllers= directive to disable controller in subtree
 2018-12-03 18:58:29 +01:00
Lennart Poettering 76b31bbb24
Merge pull request #10920 from yuwata/hashmap-destructor 
hashmap: make hashmap_free() call destructors of key or value
 2018-12-03 17:59:44 +01:00
Chris Down c72703e26d cgroup: Add DisableControllers= directive to disable controller in subtree 
Some controllers (like the CPU controller) have a performance cost that
is non-trivial on certain workloads. While this can be mitigated and
improved to an extent, there will for some controllers always be some
overheads associated with the benefits gained from the controller.
Inside Facebook, the fix applied has been to disable the CPU controller
forcibly with `cgroup_disable=cpu` on the kernel command line.

This presents a problem: to disable or reenable the controller, a reboot
is required, but this is quite cumbersome and slow to do for many
thousands of machines, especially machines where disabling/enabling a
stateful service on a machine is a matter of several minutes.

Currently systemd provides some configuration knobs for these in the
form of `[Default]CPUAccounting`, `[Default]MemoryAccounting`, and the
like. The limitation of these is that Default*Accounting is overrideable
by individual services, of which any one could decide to reenable a
controller within the hierarchy at any point just by using a controller
feature implicitly (eg. `CPUWeight`), even if the use of that CPU
feature could just be opportunistic. Since many services are provided by
the distribution, or by upstream teams at a particular organisation,
it's not a sustainable solution to simply try to find and remove
offending directives from these units.

This commit presents a more direct solution -- a DisableControllers=
directive that forcibly disallows a controller from being enabled within
a subtree.
 2018-12-03 15:40:31 +00:00
Chris Down 4f6f62e468 cgroup: Traverse leaves to realised cgroup to release controllers 
This adds a depth-first version of unit_realize_cgroup_now which can
only do depth-first disabling of controllers, in preparation for the
DisableController= directive.
 2018-12-03 14:37:39 +00:00
Chris Down a57669d290 cgroup: Rework unit_realize_cgroup_now to explicitly be breadth-first 
systemd currently doesn't really expend much effort in disabling
controllers. unit_realize_cgroup_now *may* be able to disable a
controller in the basic case when using cgroup v2, but generally won't
manage as downstream dependents may still use it.

This code doesn't add any logic to fix that, but it starts the process
of moving to have a breadth-first version of unit_realize_cgroup_now for
enabling, and a depth-first version of unit_realize_cgroup_now for
disabling.
 2018-12-03 14:37:39 +00:00
Chris Down 0d2d6fbf15 cgroup: Move attribute application into unit_create_cgroup 
We always end up doing these together, so just colocate them and require
manager state for unit_create_cgroup.
 2018-12-03 14:37:38 +00:00
Lennart Poettering ad2bf5df89
Merge pull request #10992 from yuwata/follow-up-10948 
network: make fib rule accept arbitrary ip protocol
 2018-12-03 11:09:04 +01:00
Lennart Poettering 686d13b9f2 util-lib: split out env file parsing code into env-file.c 
It's quite complex, let's split this out.

No code changes, just some file rearranging.
 2018-12-02 13:22:29 +01:00
Lennart Poettering e4de72876e util-lib: split out all temporary file related calls into tmpfiles-util.c 
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.

No code changes, just some rearranging of source files.
 2018-12-02 13:22:29 +01:00
Lennart Poettering ee228be10c util-lib: don't include fileio.h from fileio-label.h 
There's no reason for doing that, hence simply don't.
 2018-12-02 13:22:29 +01:00
Yu Watanabe 7a08d314f2 tree-wide: make hash_ops typesafe 2018-12-02 07:53:27 +01:00
Yu Watanabe d2b42d63c4 core,run: make SocketProtocol= accept protocol name in upper case an protocol number 2018-12-02 06:13:47 +01:00
Yu Watanabe da96ad5ae2 util: rename socket_protocol_{from,to}_name() to ip_protocol_{from,to}_name() 2018-12-02 05:48:27 +01:00
Lennart Poettering 5dd9527883 tree-wide: remove various unused functions 
All found with "cppcheck --enable=unusedFunction".
 2018-12-02 13:35:34 +09:00
Lennart Poettering 67e2ea1542 cgroup: suffix unit file settings with "=" in log output 
Let's follow our recommendations from CODING_STYLE and suffix unit file
settings with "=" everywhere.
 2018-12-01 12:57:51 +01:00
Lennart Poettering be2c032781 core: don't try to write CPU quota and memory limit cgroup attrs on root cgroup 
In the kernel sources attempts to write to either are refused with
EINVAL. Not sure why these attributes are exported anyway on cgroupsv1,
but this means we really should ignore them altogether.

This simplifies our code as this means cgroupsv1 is more alike cgroupsv2
in this regard.

Fixes: #10969
 2018-12-01 12:57:51 +01:00
Lennart Poettering 3c4832ada4 core: enqueue unit earlier when state changes 
Previously, we'd enqueue a unit to the dbus queue whenever the state
changed, after we processed the state change fully. This commit to the
beginning of the state change. This has the benefit that when the state
change causes a job to complete the unit is already in the dbus queue,
and thus we get the guarantee that any unit change can be sent out to
clients before the job change.
 2018-12-01 12:53:26 +01:00
Lennart Poettering e6d05912cb core: when we install a job, announce this via the bus 
Whenever we enqueue a job, we should announce this on the bus, hence add
both the job and the unit to the dbus queues. (Why both? The former
should be obvious, the latter because we send out Job properties).

In most cases adding these to the queue is not necessary, as
other properties tend to change at the same time and result in a change
being sent out. However, let's clean this up and make it explicit.
 2018-12-01 12:53:26 +01:00
Lennart Poettering 641e0d7a1b core: clarify that the CollectMode bus property is constant 
it's configured from unit files only, and hence is constant.
 2018-12-01 12:53:26 +01:00
Lennart Poettering af92c603bb core: send out unit change events when a new invocation ID is acquired 
It's free, as this generally coincides with unit_start(), but let's make
this clean and explicit.
 2018-12-01 12:53:26 +01:00
Lennart Poettering e18f8852f3 core: invalidate invidual Assert/Condition properties when sending out change messages 
Let's inform the clients about assert/condition property changes as they
happen, it's basically for free because assert/condition property
changes generally coincide with other unit state changes (after all
these checks are done on unit_start())
 2018-12-01 12:53:26 +01:00
Lennart Poettering 13142276c1 core: before returning new job path to clients, force out JobNew signals 
When a client requests a new job, let's make sure we for out the JobNew
signals for it, before we return successfully from the method call.
After all we shouldn't return a path that is not announced yet, as
announcement of jobs should be considered part of the job setup.
 2018-12-01 12:53:26 +01:00
Lennart Poettering 17407bc28d core: before sending out a job new/change/removal message, send out unit change message for job's unit 
We always want the state of the unit to be reflected first to the
client before we claim the job has changed state, after all the job is
the request to change unit state, and thus job changes are kinda the
confirmation that the state changed as requested.
 2018-12-01 12:53:26 +01:00
Lennart Poettering 6fcbec6f9b core: whenever we change state of a unit, force out PropertiesChanged bus signal 
This allows clients to follow our internal state changes safely.

Previously, quick state changes (for example, when we restart a unit due
to Restart= after it quickly transitioned through DEAD/FAILED states)
would be coalesced into one bus signal event, with this change there's
the guarantee that all state changes after the unit was announced ones
are reflected on th bus.

Note we only do this kind of guaranteed flushing only for unit state
changes, not for other unit property changes, where clients still have
to expect coalescing. This is because the unit state is a very
important, high-level concept.

Fixes: #10185
 2018-12-01 12:53:26 +01:00
Lennart Poettering 37d0b962ef core: when we manage to resolve a user, only enqueue dbus event, don't send out message right-away 
Let's only enqueue the dbus signal generation, let's not do it
right-away, after all we want coalescing to take effect here.
 2018-12-01 12:53:26 +01:00
Lennart Poettering ece0fe12ad tree-wide: (void)ify some setsid() and related calls 2018-12-01 12:50:45 +01:00
Lennart Poettering 595225af7a tree-wide: invoke rlimit_nofile_safe() before various exec{v,ve,l}() invocations 
Whenever we invoke external, foreign code from code that has
RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024
first. This is a safety precaution for compatibility with programs using
select() which cannot operate with fds > 1024.

This commit adds the call to rlimit_nofile_safe() to all invocations of
exec{v,ve,l}() and friends that either are in code that we know runs
with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for
starters) or that is part of shared code that might end up there.

The calls are placed as early as we can in processes invoking a flavour
of execve(), but after the last time we do fd manipulations, so that we
can still take benefit of the high fd limits for that.
 2018-12-01 12:50:45 +01:00
Zbigniew Jędrzejewski-Szmek b2ac2b01c8
Merge pull request #10996 from poettering/oci-prep 
Preparation for the nspawn-OCI work
 2018-11-30 10:09:00 +01:00
Zbigniew Jędrzejewski-Szmek 049af8ad0c Split out part of mount-util.c into mountpoint-util.c 
The idea is that anything which is related to actually manipulating mounts is
in mount-util.c, but functions for mountpoint introspection are moved to the
new file. Anything which requires libmount must be in mount-util.c.

This was supposed to be a preparation for further changes, with no functional
difference, but it results in a significant change in linkage:

$ ldd build/libnss_*.so.2
(before)
build/libnss_myhostname.so.2:
	linux-vdso.so.1 (0x00007fff77bf5000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f4bbb7b2000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007f4bbb755000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4bbb734000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f4bbb56e000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f4bbb8c1000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f4bbb51b000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f4bbb512000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4bbb4e3000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f4bbb45e000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f4bbb458000)
build/libnss_mymachines.so.2:
	linux-vdso.so.1 (0x00007ffc19cc0000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fdecb74b000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fdecb744000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fdecb6e7000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdecb6c6000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fdecb500000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fdecb8a9000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fdecb4ad000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fdecb4a2000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdecb475000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fdecb3f0000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fdecb3ea000)
build/libnss_resolve.so.2:
	linux-vdso.so.1 (0x00007ffe8ef8e000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fcf314bd000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fcf314b6000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fcf31459000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf31438000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fcf31272000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fcf31615000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fcf3121f000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcf31214000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fcf311e7000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fcf31162000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fcf3115c000)
build/libnss_systemd.so.2:
	linux-vdso.so.1 (0x00007ffda6d17000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f610b83c000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f610b835000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007f610b7d8000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610b7b7000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f610b5f1000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f610b995000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f610b59e000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f610b593000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f610b566000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f610b4e1000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f610b4db000)

(after)
build/libnss_myhostname.so.2:
	linux-vdso.so.1 (0x00007fff0b5e2000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fde0c328000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fde0c307000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fde0c141000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fde0c435000)
build/libnss_mymachines.so.2:
	linux-vdso.so.1 (0x00007ffdc30a7000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f06ecabb000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f06ecab4000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f06eca93000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f06ec8cd000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f06ecc15000)
build/libnss_resolve.so.2:
	linux-vdso.so.1 (0x00007ffe95747000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fa56a80f000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fa56a808000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa56a7e7000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fa56a621000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fa56a964000)
build/libnss_systemd.so.2:
	linux-vdso.so.1 (0x00007ffe67b51000)
	librt.so.1 => /lib64/librt.so.1 (0x00007ffb32113000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007ffb3210c000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffb320eb000)
	libc.so.6 => /lib64/libc.so.6 (0x00007ffb31f25000)
	/lib64/ld-linux-x86-64.so.2 (0x00007ffb3226a000)

I don't quite understand what is going on here, but let's not be too picky.
 2018-11-29 21:03:44 +01:00
Lennart Poettering 30874dda3a dev-setup: generalize logic we use to create "inaccessible" device nodes 
Let's generalize this, so that we can use this in nspawn later on, which
is pretty useful as we need to be able to mask files from the inner
child of nspawn too, where the host's /run/systemd/inaccessible
directory is not visible anymore. Moreover, if nspawn can create these
nodes on its own before the payload this means the payload can run with
fewer privileges.
 2018-11-29 20:21:40 +01:00
Lennart Poettering d5aecba6e0 cgroup: use device_path_parse_major_minor() also for block device paths 
Not only when we populate the "devices" cgroup controller we need
major/minor numbers, but for the io/blkio one it's the same, hence let's
use the same logic for both.
 2018-11-29 20:21:39 +01:00
Lennart Poettering 846b3bd61e stat-util: add new APIs device_path_make_{major_minor|canonical}() and device_path_parse_major_minor() 
device_path_make_{major_minor|canonical)  generate device node paths
given a mode_t and a dev_t. We have similar code all over the place,
let's unify this in one place. The former will generate a "/dev/char/"
or "/dev/block" path, and never go to disk. The latter then goes to disk
and resolves that path to the actual path of the device node.

device_path_parse_major_minor() reverses device_path_make_major_minor(),
also withozut going to disk.

We have similar code doing something like this at various places, let's
unify this in a single set of functions. This also allows us to teach
them special tricks, for example handling of the
/run/systemd/inaccessible/{blk|chr} device nodes, which we use for
masking device nodes, and which do not exist in /dev/char/* and
/dev/block/*
 2018-11-29 20:21:39 +01:00
Lennart Poettering 8e8b5d2e6d cgroups: beef up DeviceAllow= syntax a bit 
Previously we'd allow pattern expressions such as "char-input" to match
all input devices. Internally, this would look up the right major to
test in /proc/devices. With this commit the syntax is slightly extended:

- "char-*" can be used to match any kind of character device, and
  similar "block-*. This expression would work previously already, but
  instead of actually installing a wildcard match it would install many
  individual matches for everything listed in /proc/devices.

- "char-<MAJOR>" with "<MAJOR>" being a numerical parameter works now
  too. This allows clients to install whitelist items by specifying the
  major directly.

The main reason to add these is to provide limited compat support for
clients that for some reason contain whitelists with major/minor numbers
(such as OCI containers).
 2018-11-29 20:21:39 +01:00
Lennart Poettering 74c48bf5a8 core: add special handling for devices cgroup allow lists for /dev/block/* and /dev/char/* device nodes 
This adds some code to hanlde /dev/block/* and /dev/char/* device node
paths specially: instead of actually stat()ing them we'll just parse the
major/minor name from the name. This is useful 'hack' to allow clients
to install whitelists for devices that don't actually have to exist.

Also, let's similarly handle /run/systemd/inaccessible/{blk|chr}. This
allows us to simplify our built-in default whitelist to not require a
"ignore_enoent" mode for these nodes.

In general we should be careful with hardcoding major/minor numbers, but
in this case this should safe.
 2018-11-29 20:03:56 +01:00
Zbigniew Jędrzejewski-Szmek 8b4e51a60e
Merge pull request #10797 from poettering/run-generator 
add new "systemd-run-generator" for running arbitrary commands from the kernel command line as system services using the "systemd.run=" kernel command line switch
 2018-11-28 22:40:55 +01:00
Yu Watanabe 50ae773f85
Merge pull request #10970 from yuwata/from-name-return-negative-errno 
util: make *_from_name() returns negative errno on error
 2018-11-29 03:18:03 +09:00
Yu Watanabe acf4d15893 util: make *_from_name() returns negative errno on error 2018-11-28 20:20:50 +09:00
Lennart Poettering b4525804a1 core: USB function properties do not change dynamically, don't claim so 
This reduces our PropertiesChanged signals a bit in size as we don't
keep out blasting properties that cannot change anyway all the time.
 2018-11-28 10:29:51 +01:00
Lennart Poettering 4917894417
Merge pull request #10944 from poettering/redirect-file-fix 
StandardOutput=file: fixes
 2018-11-27 13:18:26 +01:00
Zbigniew Jędrzejewski-Szmek 6fa158f55c
Merge pull request #10902 from poettering/highlight-status 
Highlight status
 2018-11-27 12:53:43 +01:00
Lennart Poettering 41fc585a7a core: be more careful when inheriting stdout fds to stderr 
We need to compare the fd name/file name if we inherit an fd from stdout
to stderr. Let's do that.

Fixes: #10875
 2018-11-27 10:06:51 +01:00
Lennart Poettering 1704fba92f dbus-execute: generate the correct transient unit setting 2018-11-27 10:06:50 +01:00
Lennart Poettering dbe6c4b657 dbus-execute: fix indentation 2018-11-27 10:06:50 +01:00
Lennart Poettering 922ce049d1 core: drop references to 'StandardOutputFileToCreate' 
This property never existed, let's drop any reference to it.
 2018-11-27 10:06:50 +01:00
Lennart Poettering 7af67e9a8b core: allow to set exit status when using SuccessAction=/FailureAction=exit in units 
This adds SuccessActionExitStatus= and FailureActionExitStatus= that may
be used to configure the exit status to propagate in when
SuccessAction=exit or FailureAction=exit is used.

When not specified let's also propagate the exit status of the main
process we fork off for the unit.
 2018-11-27 09:44:40 +01:00
Lennart Poettering 78f93209fc core: when Delegate=yes is set for a unit, run ExecStartPre= and friends in a subcgroup of the unit 
Otherwise we might conflict with the "no-processes-in-inner-cgroup" rule
of cgroupsv2. Consider nspawn starting up and initializing its cgroup
hierarchy with "supervisor/" and "payload/" as subcgroup, with itself
moved into the former and the payload into the latter. Now, if an
ExecStartPre= is run right after it cannot be placed in the main cgroup,
because that is now in inner cgroup with populated children.

Hence, let's run these helpers in another sub-cgroup .control/ below it.

This is somewhat ugly since it weakens the clear separation of
ownership, but given that this is an explicit contract, and double opt-in should be acceptable.

Fixes: #10482
 2018-11-26 18:43:23 +01:00
Lennart Poettering 5b262f74e4 unit: tweak status output a bit 
Let's highlight the unit description string in the status updates, to
separate them a bit more the english sentence they are part of, and thus
make the different casing less surprising.
 2018-11-26 18:24:12 +01:00
Lennart Poettering ccfc08d4bc show-status: use free_and_replace() where we can 2018-11-26 18:24:12 +01:00
Lennart Poettering a885727a64 show-status: fold two bool flags function arguments into a flags 
parameter
 2018-11-26 18:24:12 +01:00
Yu Watanabe 938dbb292a
Merge pull request #10901 from poettering/startswith-list 
add new STARTSWITH_SET() macro
 2018-11-26 22:40:51 +09:00
Lennart Poettering 9630d4dd68
Merge pull request #10894 from poettering/root-cgroup-fix 
A multitude of cgroup fixes
 2018-11-26 14:13:01 +01:00
Lennart Poettering da9fc98ded tree-wide: port more code over to PATH_STARTSWITH_SET() 2018-11-26 14:08:46 +01:00
Lennart Poettering 49fe5c0996 tree-wide: port various places over to STARTSWITH_SET() 2018-11-26 14:08:46 +01:00
Lennart Poettering b8b6f32104 cgroup: when we unload a unit, also update all its parent's members mask 
This way we can corectly ensure that when a unit that requires some
controller goes away, we propagate the removal of it all the way up, so
that the controller is turned off in all the parents too.
 2018-11-23 13:41:37 +01:00
Lennart Poettering 5af8805872 cgroup: drastically simplify caching of cgroups members mask 
Previously we tried to be smart: when a new unit appeared and it only
added controllers to the cgroup mask we'd update the cached members mask
in all parents by ORing in the controller flags in their cached values.
Unfortunately this was quite broken, as we missed some conditions when
this cache had to be reset (for example, when a unit got unloaded),
moreover the optimization doesn't work when a controller is removed
anyway (as in that case there's no other way for the parent to iterate
though all children if any other, remaining child unit still needs it).
Hence, let's simplify the logic substantially: instead of updating the
cache on the right events (which we didn't get right), let's simply
invalidate the cache, and generate it lazily when we encounter it later.
This should actually result in better behaviour as we don't have to
calculate the new members mask for a whole subtree whever we have the
suspicion something changed, but can delay it to the point where we
actually need the members mask.

This allows us to simplify things quite a bit, which is good, since
validating this cache for correctness is hard enough.

Fixes: #9512
 2018-11-23 13:41:37 +01:00
Lennart Poettering 8a0d538815 cgroup: extend comment on what unit_release_cgroup() is for 2018-11-23 13:41:37 +01:00
Lennart Poettering 1fd3a10c38 cgroup: extend reasons when we realize the enable mask 
After creating a cgroup we need to initialize its
"cgroup.subtree_control" file with the controllers its children want to
use. Currently we do so whenever the mkdir() on the cgroup succeeded,
i.e. when we know the cgroup is "fresh". Let's update the condition
slightly that we also do so when internally we assume a cgroup doesn't
exist yet, even if it already does (maybe left-over from a previous
run).

This shouldn't change anything IRL but make things a bit more robust.
 2018-11-23 13:41:37 +01:00
Lennart Poettering d5095dcd30 cgroup: tighten call that detects whether we need to realize a unit's cgroup a bit, and comment why 2018-11-23 13:41:37 +01:00
Lennart Poettering 5a62e5e2ac cgroup: document what the various masks variables are used for 2018-11-23 13:41:37 +01:00
Lennart Poettering 27c4ed790a cgroup: simplify check whether it makes sense to realize a cgroup 2018-11-23 13:41:37 +01:00
Lennart Poettering e00068e71f cgroup: in unit_invalidate_cgroup() actually modify invalidation mask 
Previously this would manipulate the realization mask for invalidating
the realization. This is a bit ugly though as the realization mask's
primary purpose to is to reflect in which hierarchies a cgroup currently
exists, and it's probably a good idea to keep that in sync with
realities.

We nowadays have the an explicit fields for invalidating cgroup
controller information, the "cgroup_invalidated_mask", let's use this
one instead.

The effect is pretty much the same, as the main consumer of these masks
(unit_has_mask_realize()) checks both anyway.
 2018-11-23 13:41:37 +01:00
Lennart Poettering 27adcc9737 cgroup: be more careful with which controllers we can enable/disable on a cgroup 
This changes cg_enable_everywhere() to return which controllers are
enabled for the specified cgroup. This information is then used to
correctly track the enablement mask currently in effect for a unit.
Moreover, when we try to turn off a controller, and this works, then
this is indicates that the parent unit might succesfully turn it off
now, too as our unit might have kept it busy.

So far, when realizing cgroups, i.e. when syncing up the kernel
representation of relevant cgroups with our own idea we would strictly
work from the root to the leaves. This is generally a good approach, as
when controllers are enabled this has to happen in root-to-leaves order.
However, when controllers are disabled this has to happen in the
opposite order: in leaves-to-root order (this is because controllers can
only be enabled in a child if it is already enabled in the parent, and
if it shall be disabled in the parent then it has to be disabled in the
child first, otherwise it is considered busy when it is attempted to
remove it in the parent).

To make things complicated when invalidating a unit's cgroup membershup
systemd can actually turn off some controllers previously turned on at
the very same time as it turns on other controllers previously turned
off. In such a case we have to work up leaves-to-root *and*
root-to-leaves right after each other. With this patch this is
implemented: we still generally operate root-to-leaves, but as soon as
we noticed we successfully turned off a controller previously turned on
for a cgroup we'll re-enqueue the cgroup realization for all parents of
a unit, thus implementing leaves-to-root where necessary.
 2018-11-23 13:41:37 +01:00
Zbigniew Jędrzejewski-Szmek e5e0a79623 pid1,sd-device: use PATH_STARTSWITH_SET more 2018-11-23 13:37:47 +01:00
Lennart Poettering 26a17ca280 cgroup: add explanatory comment 2018-11-23 12:24:37 +01:00
Lennart Poettering 442ce7759c cgroup: units that aren't loaded properly should not result in cgroup controllers being pulled in 
This shouldn't make much difference in real life, but is a bit cleaner.
 2018-11-23 12:24:37 +01:00