picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
39562 commits 2 branches 0 tags 166 MiB
Commit graph

3581 commits

Author SHA1 Message Date
Yu Watanabe 3decde0226 sysctl-util: introduce sysctl_write_ip_property() and friends 2019-02-21 10:38:10 +09:00
Lennart Poettering eb5149ba74
Merge pull request #11682 from topimiettinen/private-utsname 
core: ProtectHostname feature
 2019-02-20 14:12:15 +01:00
Topi Miettinen aecd5ac621 core: ProtectHostname= feature 
Let services use a private UTS namespace. In addition, a seccomp filter is
installed on set{host,domain}name and a ro bind mounts on
/proc/sys/kernel/{host,domain}name.
 2019-02-20 10:50:44 +02:00
Matthias Klumpp 4b05f0c9d9 core: Allow to configure execute_directories execution behavior 
This adds a new bitfield to `execute_directories()` which allows to
configure whether to ignore non-zero exit statuses of binaries run and
whether to allow parallel execution of commands.
In case errors are not ignored, the exit status of the failed script
will now be returned for error reposrting purposes or other further
future use.
 2019-02-18 16:16:02 +01:00
Lennart Poettering bde06abd4f
Merge pull request #10408 from keszybz/analyze-cat-presets 
systemd-analyze cat-presets
 2019-02-18 16:02:45 +01:00
Lennart Poettering 4d422d1f9e
Merge pull request #11226 from keszybz/enable-remount-fs-dynamically 
Enable systemd-remount-fs.service dynamically
 2019-02-18 12:46:31 +01:00
Zbigniew Jędrzejewski-Szmek f1d9d36ac5 analyze: generalize cat-config to apply to tmpfiles, presets, hwdb.d, etc. 
Fixes #10256.

What works:

systemd-analyze cat-config systemd/system-preset
systemd-analyze cat-config systemd/user-preset
systemd-analyze cat-config tmpfiles.d
systemd-analyze cat-config sysusers.d
systemd-analyze cat-config systemd/sleep.conf
systemd-analyze cat-config systemd/user.conf
systemd-analyze cat-config systemd/system.conf
systemd-analyze cat-config udev/udev.conf
(and other .conf files)
systemd-analyze cat-config udev/rules.d
systemd-analyze cat-config environment.d
systemd-analyze cat-config environment

Directories may be specified with the trailing dash or not.

The caveat is that for user configuration, systemd and other tools also look
at ~/.config/. It would be nice to support this, but this patch doesn't.
"cat-config --user" is rejected, and we may allow it in the future and then
extend the search path with directories under ~/.config.

What doesn't work (and probably shouldn't because those files cannot be
meaningfully concatenated):

systemd-analyze cat-config systemd/system  (.service, .slice, .socket, ...)
systemd-analyze cat-config systemd/user
systemd-analyze cat-config systemd/network (.network, .link, and .dnssd)

The hardcoding of information about paths in this manner is a bit ugly, but
OTOH, it is not too onerous, and at least we have one place where all the
schemes are "documented" through code. It'll make us think twice before adding
yet another slightly different scheme.
 2019-02-18 10:29:33 +01:00
Zbigniew Jędrzejewski-Szmek f7767d76bb Introduce CONF_PATHS_USR_STRV to mirror CONF_PATHS_STRV 2019-02-18 10:25:25 +01:00
Zbigniew Jędrzejewski-Szmek e0b8a238df shared/install: generate list of files in separate function 
No functional change.
 2019-02-18 10:25:25 +01:00
Zbigniew Jędrzejewski-Szmek ea53cfd195 shared/calendarspec: do not allocate a big string on stack 
The string can be as long as a logical line in a unit file — so no unlimited,
but quite big. Let's use a normal heap allocation when making a copy.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13125
 2019-02-16 23:31:07 +01:00
Filipe Brandenburger 10f2864111 core: add CPUQuotaPeriodSec= 
This new setting allows configuration of CFS period on the CPU cgroup, instead
of using a hardcoded default of 100ms.

Tested:
- Legacy cgroup + Unified cgroup
- systemctl set-property
- systemctl show
- Confirmed that the cgroup settings (such as cpu.cfs_period_ns) were set
  appropriately, including updating the CPU quota (cpu.cfs_quota_ns) when
  CPUQuotaPeriodSec= is updated.
- Checked that clamping works properly when either period or (quota * period)
  are below the resolution of 1ms, or if period is above the max of 1s.
 2019-02-14 11:04:42 -08:00
Filipe Brandenburger 7b61ce3c44 time-util: Introduce parse_sec_def_infinity 
This works like parse_sec() but defaults to USEC_INFINITY when passed an
empty string or only whitespace.

Also introduce config_parse_sec_def_infinity, which can be used to parse
config options using this function.

This is useful for time options that use "infinity" for default and that
can be reset by unsetting them.

Introduce a test case to ensure it works as expected.
 2019-02-14 11:04:42 -08:00
Lennart Poettering eb7e351496
Merge pull request #11578 from keszybz/gcc-9-fixes 
Packed struct alignment workarounds for gcc-9
 2019-02-07 15:25:05 +01:00
Zbigniew Jędrzejewski-Szmek 3c7dddaccf efivars: remove direct access to unaligned structure members 
Most of the accesses *were* aligned. The only one that definetely wasn't was to
drive_path->part_start and drive_path->part_size, because those both expect
8 byte alignment, and are at offsets 4 and 12 in the packed structure.

Because of the way that device_path structure is defined and used, we expect
that device_path.length is always two-byte aligned.

This adds asserts in various places to ensure the proper alignment, and uses
memcpy in other places where the alignment might be off.
 2019-02-05 18:15:00 +01:00
Zbigniew Jędrzejewski-Szmek f7cb1c7900 efivars: make sure that _packed_ structure members are actually aligned as expected 
When looking for the terminating double-NUL, don't just read the memory
until the terminator is found, but use the information we got about the
buffer size.

The length parameter passed to utf16_to_utf8() would include the terminator, so
the converted string would end up with two terminators (the original one
converted to "utf8", still 0, and then the one that was always added anyway).
Instead let's pass just the length of the actual data to utf16_to_utf8().
 2019-02-05 17:25:08 +01:00
YmrDtnJu f2ea9cc746 shared: Revert commit 49fe5c099 in parts for function parse_acl. 
Too much code has been removed while replacing startswith with STARTSWITH_SET
so that every ACL specified e.g. in tmpfiles.d was parsed as a default ACL.
 2019-02-02 12:46:32 +01:00
Lennart Poettering 118dccc948 pager: improve english a bit 2019-01-31 13:37:58 +01:00
Zbigniew Jędrzejewski-Szmek cd8c98d7a7 shared/dissect-image: make sure that we don't truncate device name 
gcc-9 complains that the string may be truncated when written into the output
structure. This shouldn't happen, but if it did, in principle we could remove a
different structure (with a matching name prefix). Let's just refuse the
operation if the name doesn't fit.
 2019-01-27 09:35:36 +01:00
Lennart Poettering 8d4798e821
Merge pull request #11427 from kragniz/10659-env-file-quotes 
util-lib: follow shell syntax for escape in quotes
 2019-01-18 13:50:15 +01:00
Louis Taylor e768a4f032 tree-wide: use '"' instead of '\"' 
The escape used previously was redundant and made things more confusing.
 2019-01-17 16:46:29 +00:00
Lennart Poettering b1a4981aed tree-wide: whenever we allocate a new bus object, close it before dropping final ref 
This doesn't really change much, but feels more correct to do, as it
ensures that all messages currently queued in the bus connections are
definitely unreffed and thus destryoing of the connection object will
follow immediately.

Strictly speaking this change is entirely unnecessary, since nothing
else could have acquired a ref to the connection and queued a message
in, however, now that we have the new sd_bus_close_unref() helper it
makes a lot of sense to use it here, to ensure that whatever happens
nothing that might have been queued fucks with us.
 2019-01-17 16:12:38 +01:00
Lennart Poettering 57c03b1e6e seccomp: drop mincore() from @system-service syscall filter group 
Previously, this system call was included in @system-service since it is
a "getter" only, i.e. only queries information, and doesn't change
anything, and hence was considered not risky.

However, as it turns out, mincore() is actually security sensitive, see
the discussion here:

https://lwn.net/Articles/776034/

Hence, let's adjust the system call filter and drop mincore() from it.

This constitues a compatibility break to some level, however I presume
we can get away with this as the systemcall is pretty exotic. The fact
that it is pretty exotic is also reflected by the fact that the kernel
intends to majorly change behaviour of the system call soon (see the
linked LWN article)
 2019-01-16 18:08:35 +01:00
Topi Miettinen a1e92eee3e Remove 'inline' attributes from static functions in .c files (#11426) 
Let the compiler perform inlining (see #11397).
 2019-01-15 08:12:28 +01:00
Fabrice Fontaine 5269db454f lockfile-util.c: fix build without F_OFD_SETLK 
systemd fails to build on kernel without F_OFD_SETLK since
9714c020fc

So put include missing_fcntl.h

Fixes:
 - http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2019-01-11 17:37:36 +01:00
Zbigniew Jędrzejewski-Szmek ef4d6abe7c journal-remote: set a limit on the number of fields in a message 
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
reused for the new error condition (too many fields).

This matches the change done for systemd-journald, hence forming the second
part of the fix for CVE-2018-16865
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
 2019-01-09 23:44:17 +01:00
Zbigniew Jędrzejewski-Szmek 052c57f132 journald: set a limit on the number of fields (1k) 
We allocate a iovec entry for each field, so with many short entries,
our memory usage and processing time can be large, even with a relatively
small message size. Let's refuse overly long entries.

CVE-2018-16865
https://bugzilla.redhat.com/show_bug.cgi?id=1653861

What from I can see, the problem is not from an alloca, despite what the CVE
description says, but from the attack multiplication that comes from creating
many very small iovecs: (void* + size_t) for each three bytes of input message.
 2019-01-09 23:41:53 +01:00
Zbigniew Jędrzejewski-Szmek f0560c7453
Merge pull request #11355 from yuwata/rfe-11343 
conf-parse: accept whitespaces before comments
 2019-01-08 15:07:33 +01:00
Yu Watanabe b41dd0d2db conf-parser: accept whitespaces before comments 
Closes #11343.
 2019-01-08 14:05:15 +09:00
Yu Watanabe 71b21730d4 conf-parser: mention that unknown lvalue is ignored 2019-01-08 12:50:58 +09:00
Lennart Poettering f8c186c9ec json: handle NULL explicitly in json_variant_has_type() 2019-01-07 17:50:39 +01:00
Lennart Poettering 6af022fedd json: fix typo 2019-01-07 17:50:39 +01:00
Lennart Poettering fc0f6fbffc json: teach json_log() the new SYNTHETIC_ERRNO() logic 2019-01-07 17:50:39 +01:00
Lennart Poettering 16420be1fd loop-util: tweak codepath when a loopback file is "created" from an existing block device 
Be more careful with initialized of the 'relinquished' boolean field,
and let's return the fd, like we do for the regular codepath, too.
 2019-01-07 17:50:39 +01:00
Lennart Poettering 26c1be0fdc loop-util: minor simplification 2019-01-07 17:50:39 +01:00
Zbigniew Jędrzejewski-Szmek 3042bbebdd tree-wide: use c99 static for array size declarations 
https://hamberg.no/erlend/posts/2013-02-18-static-array-indices.html

This only works with clang, unfortunately gcc doesn't seem to implement the check
(tested with gcc-8.2.1-5.fc29.x86_64).

Simulated error:
[2/3] Compiling C object 'systemd-nspawn@exe/src_nspawn_nspawn.c.o'.
../src/nspawn/nspawn.c:3179:45: warning: array argument is too small; contains 15 elements, callee requires at least 16 [-Warray-bounds]
                        candidate = (uid_t) siphash24(arg_machine, strlen(arg_machine), hash_key);
                                            ^                                           ~~~~~~~~
../src/basic/siphash24.h:24:64: note: callee declares array parameter as static here
uint64_t siphash24(const void *in, size_t inlen, const uint8_t k[static 16]);
                                                               ^~~~~~~~~~~~
 2019-01-04 12:37:25 +01:00
Zbigniew Jędrzejewski-Szmek 5ff8da1057 Define macro for systemd-fsck-root.service 
There is one for systemd-fsck@.service, so for consistency...
 2019-01-03 15:31:03 +01:00
Zbigniew Jędrzejewski-Szmek 9b69569d2c Pull in systemd-remount-fs.service only when required 
Instead of enabling it unconditionally and then using ConditionPathExists=/etc/fstab,
and possibly masking this condition if it should be enabled for auto gpt stuff,
just pull it in explicitly when required.
 2019-01-03 15:30:28 +01:00
Zbigniew Jędrzejewski-Szmek 5c176eb4bf shared/generator: allow absolute symlink target in generator_add_symlink() 
Also remove the stray ".d" from comment and rename directory argument to "dir"
(we usually use "root" for arg_root, so using it here was misleading).
 2019-01-03 15:30:25 +01:00
Yu Watanabe 1f00998c87 ask-password-api: do not call ask_password_keyring() if keyname == NULL 
Fixes #11295.
 2018-12-30 21:13:47 +09:00
Yu Watanabe 8a111277c4 ask-password: make ask_password_keyring() static 2018-12-30 21:09:41 +09:00
Yu Watanabe a5c67ccc57 switch-root: fix error message 
Fixes #11261.
 2018-12-28 15:37:15 +09:00
Zbigniew Jędrzejewski-Szmek 8340b762e4 Revert "sleep: offer hibernation only if the kernel image still exists" 
This reverts commit edda44605f.

The kernel explicitly supports resuming with a different kernel than the one
used before hibernation. If this is something that shouldn't be supported, the
place to change this is in the kernel. We shouldn't censor something that this
exclusively in the kernel's domain.

People might be using this to switch kernels without restaring programs, and
we'd break this functionality for them.

Also, even if resuming with a different kernel was a bad idea, we don't really
prevent that with this check, since most users have more than one kernel and
can freely pick a different one from the menu. So this only affected the corner
case where the kernel has been removed, but there is no reason to single it
out.
 2018-12-21 18:23:17 +01:00
Lennart Poettering f70e7f70c9 dissect: add some assert()s 2018-12-19 23:27:47 +01:00
Lennart Poettering 052eaf5c93 gpt-auto-generator: don't wait for udev 
Generators run in a context where waiting for udev is not an option,
simply because it's not running there yet. Hence, let's not wait for it
in this case.

This is generally OK to do as we are operating on the root disk only
here, which should have been probed already by the time we come this
far.

An alternative fix might be to remove the udev dependency from image
dissection again in the long run (and thus replace reliance on
/dev/block/x:y somehow with something else).

Fixes: #11205
 2018-12-19 23:27:47 +01:00
Zbigniew Jędrzejewski-Szmek 8edb6563b4 json: do not unescape slashes 
Apparently this originated in PHP, so the json output could be directly
embedded in HTML script tags.
See https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped.

Since the output of our tools is not intended directly for web page generation,
let's not do this unescaping. If needed, the consumer can always do escaping as
appropriate for the target format.
 2018-12-18 15:21:37 +01:00
Lennart Poettering 4f9cf94c4a
Merge pull request #11144 from keszybz/dissect-image-fix 
Fix for dissect-image use in nspawn
 2018-12-17 19:36:36 +01:00
Zbigniew Jędrzejewski-Szmek a8040b6d0a dissect-image: wait for the main device and all partitions to be known by udev 
Fixes #10526.

Even if we waited for the root device to appear, the mount could still fail if
we didn't wait for udev to initalize the device. In particular, the
/dev/block/n:m path used to mount the device is created by udev, and nspawn
would sometimes win the race and the mount would fail with -ENOENT.

The same wait is done for partitions, since if we try to mount them, the same
considerations apply.

Note: I first implemented a version which just does a loop (with a short wait).
In that approach, udev takes on average ~800 µs to initialize the loopback
device. The approach where we set up a monitor and avoid the loop is a bit
nicer. There doesn't seem to be a significant difference in speed.
With 1000 invocations of 'systemd-nspawn -i image.squashfs echo':

loop (previous approach):
real	4m52.625s
user	0m37.094s
sys	2m14.705s

monitor (this patch):
real	4m50.791s
user	0m36.619s
sys	2m14.039s
 2018-12-17 13:50:57 +01:00
Zbigniew Jędrzejewski-Szmek b887c8b8a8 dissect-image: wait for the root to appear 
dissect-image would wait for the root device and paritions to appear. But if we
had an image with no partitions, we'd not wait at all. If the kernel or udev
were slow in creating device nodes or symlinks, subsequent mount attempt might
fail if nspawn won the race.

Calling wait_for_partitions_to_appear() in case of no partitions means that we
verify that the kernel agrees that there are no partitions. We verify that the
kernel sees the same number of partitions as blkid, so let's that also in this
case.

This makes the failure in #10526 much less likely, but doesn't eliminate it
completely. Stay tuned.
 2018-12-17 13:50:57 +01:00
Zbigniew Jędrzejewski-Szmek ea887be00b dissect-image: split out a chunk of dissect_image() out 
No functional change, just moving code around.
 2018-12-17 13:50:57 +01:00
Zbigniew Jędrzejewski-Szmek ed435031a5 rfkill: move wait_for_initialized() to shared/ 
The function interface is the same, except that the output pointer may be NULL.

The implementation is slightly simplified by taking advantage of changes in
ancestor commit 'sd-device: attempt to read db again if it wasn't found', by
not creating a new sd_device object before re-checking the is_initialized
status.

v2:
- In v1, the old object was always used and the device received back from the
  sd_device_monitor_start callback was ignored. I *think* the result will be
  equivalent in both cases, because by the time we the callback gets called,
  the db entry in the filesystem will also exist, and any subsequent access to
  properties of the object would trigger a read of the database from disk. But
  I'm not certain, and anyway, using the device object received in the callback
  seems cleaner.
 2018-12-17 13:50:51 +01:00
Zbigniew Jędrzejewski-Szmek 582de70f2f
Merge pull request #11086 from poettering/nscd-cache-flush 
flush nscd's caches when we register user/groups/hostnames
 2018-12-17 11:29:58 +01:00
Lennart Poettering 2d41e9b7a0
Merge pull request #11143 from keszybz/enable-symlink 
Runtime mask symlink confusion fix
 2018-12-16 12:37:07 +01:00
Lennart Poettering f079c3727c shared: add helper for flushing nscd caches 
Apparently, people do use nscd, hence play somewhat nice with it, and
let's explicitly flush nscd caches whenever we register a new
user/group.

This patch only adds the actual refresh request invocation. Later
commits then issue this call at appropriate moments.

Note that the nscd protocol is not officially documented though very
simple. This code is written very defensively so that incompatibilities
don't affect us much.

Given that glibc really has a duty to maintain compat between
differently compiled programs and their system nscd they can't break API
and thus it should be safe for us to implement an alternative,
minimalistic client.

Ideally this kind of explicit, global cache flushing would not be necessary.
However nscd currently has no cache coherency protocol, hence we can't
really implement this better. The only concept it knows is a TTL for
positive hosts lookups. Hoewver for negative lookups or any of the other
tables nothing is available.
 2018-12-15 12:10:19 +01:00
Lennart Poettering 9a6f746fb6 locale-util: prefix special glyph enum values with SPECIAL_GLYPH_ 
This has been irritating me for quite a while: let's prefix these enum
values with a common prefix, like we do for almost all other enums.

No change in behaviour, just some renaming.
 2018-12-14 08:22:54 +01:00
Lennart Poettering fd0ec39d38
Merge pull request #11046 from keszybz/generator-mains 
Macroify generators a bit more
 2018-12-13 22:39:23 +01:00
Zbigniew Jędrzejewski-Szmek 4b37c89f06 shared/install: ignore symlinks which have lower priority than the unit file 
In #10583, a unit file lives in ~/.config/systemd/user, and
'systemctl --runtime --user mask' is used to create a symlink in /run.
This symlink has lower priority than the config file, so
'systemctl --user' will happily load the unit file, and does't care about
the symlink at all.

But when asked if the unit is enabled, we'd look for all symlinks, find the
symlink in the runtime directory, and report that the unit is runtime-enabled.
In this particular case the fact that the symlink points at /dev/null, creates
additional confusion, but it doesn't really matter: *any* symlink (or regular
file) that is lower in the priority order is "covered" by the unit fragment,
and should be ignored.

Fixes #10583.
 2018-12-13 10:46:27 +01:00
Zbigniew Jędrzejewski-Szmek 3e8d06d951 shared/install: add some more debugging info 
Just to make it easier to understand what is going on.
 2018-12-13 08:40:38 +01:00
Zbigniew Jędrzejewski-Szmek 2eded6cb2c shared/install: remove two conditionals which are always false 
The name argument in UnitFileInstallInfo (i->name) should always be a unit
file name, so the conditional always takes the 'else' branch.

The only call chain that links to find_symlinks_fd() is unit_file_lookup_state
→ find_symlinks_in_scope → find_symlinks → find_symlinks_fd. But
unit_file_lookup_state calls unit_name_is_valid(name), and then name is used
to construct the UnitFileInstallInfo object in install_info_discover, which just
uses the name it was given.
 2018-12-13 00:58:27 +01:00
Zbigniew Jędrzejewski-Szmek 7a44c7e31f generators: define custom main func definer and use it where applicable 
There should be no functional difference, except that the error message
is changd from "three or no arguments" to "zero or three arguments". Somehow
the inverted form always seemed strange.

umask() call is also dropped from run-generator. I think it wasn't dropped in
053254e3cb because the run generator was merged
around the same time.
 2018-12-12 21:58:00 +01:00
Chris Down e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Zbigniew Jędrzejewski-Szmek 26526f9826 shared/install: mark UnitFileInstallInfo* as const where appropriate 2018-12-12 16:50:29 +01:00
Zbigniew Jędrzejewski-Szmek 303ee60151 Mark *data and *userdata params to specifier_printf() as const 
It would be very wrong if any of the specfier printf calls modified
any of the objects or data being printed. Let's mark all arguments as const
(primarily to make it easier for the reader to see where modifications cannot
occur).
 2018-12-12 16:45:33 +01:00
Zbigniew Jędrzejewski-Szmek 9be3c60570
Merge pull request #10892 from mbiebl/revert-systemctl-runtime-unmask-breakage 
Revert "systemctl: when removing enablement or mask symlinks, cover both /run and /etc
 2018-12-12 14:23:04 +01:00
Lennart Poettering ec68d13789
Merge pull request #10897 from keszybz/etc-fstab-parsing 
Forbid dashes in hostnames and /etc/fstab parsing improvements
 2018-12-10 12:31:30 +01:00
Zbigniew Jędrzejewski-Szmek d65652f1f2 Partially unify hostname_is_valid() and dns_name_is_valid() 
This makes hostname_is_valid() apply the ldh checks too, rejecting more
hostnames.
 2018-12-10 09:56:56 +01:00
Zbigniew Jędrzejewski-Szmek 7470cc4c73 resolve: reject host names with leading or trailing dashes in /etc/hosts 
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.

hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods (".").  They must begin with an alphabetic character and end with an
> alphanumeric character.

nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.

Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.

I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.

Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
 2018-12-10 09:56:56 +01:00
Yu Watanabe c157884f09 sd-daemon: add notify_start() and notify_on_cleanup() helper function 2018-12-08 18:09:25 +09:00
Yu Watanabe eeef672f0c
Merge pull request #11038 from keszybz/man-timeouts 
Small improvements for documentation of timeout options
 2018-12-07 02:53:40 +01:00
Zbigniew Jędrzejewski-Szmek 0f495e0123 shared/blkid-util: do not include util.h needlessly 2018-12-07 02:49:03 +01:00
Yu Watanabe a81921e47e Revert "pager: close all fds when forking off pager" 
This reverts commit 55844aebb6.

As `exe_name_pipe` are closed by safe_fork().
 2018-12-06 21:15:55 +01:00
Yu Watanabe e1eb35db1e
Merge pull request #11056 from poettering/resolved-ifindex 
resolved: request incoming ifindex for DNS UDP packets, too
 2018-12-06 19:29:42 +01:00
Zbigniew Jędrzejewski-Szmek 871fa294ff Merge pull request #10935 from poettering/rlimit-nofile-safe 
Merged by hand to resolve a trivial conflict in TODO.
 2018-12-06 17:19:21 +01:00
Yu Watanabe 204f52e32d lockfile: drop unnecessary headers from lockfile-util.h 2018-12-06 13:31:16 +01:00
Yu Watanabe 893829359a nsflsgs: drop missing.h and use missing_sched.h 2018-12-06 13:31:16 +01:00
Yu Watanabe ef118d00eb util: drop missing.h from socket-util.h 2018-12-06 13:31:16 +01:00
Lennart Poettering 67df9b7a06 logs-show: use grey color for de-emphasizing journal log output 2018-12-05 18:46:23 +01:00
Lennart Poettering ee589a1882
Merge pull request #11041 from yuwata/update-missing-v2 
missing: separate missing.h more
 2018-12-04 16:19:02 +01:00
Lennart Poettering 1e9e7196cb
Merge pull request #11042 from yuwata/tiny-coding-style-fixes 
Tiny coding style fixes
 2018-12-04 16:15:09 +01:00
Yu Watanabe 36dd5ffd5d util: drop missing.h from util.h 2018-12-04 10:00:34 +01:00
Yu Watanabe f2a3de0116 tree-wide: add whitespace between type and variable name 2018-12-04 09:29:54 +01:00
Yu Watanabe b403758ce0 ip-protocol-list: sort headers 2018-12-04 09:18:21 +01:00
Yu Watanabe 3843e8260c missing: rename securebits.h to missing_securebits.h 2018-12-04 07:49:24 +01:00
Zbigniew Jędrzejewski-Szmek c2f4bcfcc1 shared/generator: reword comment for clarity 2018-12-03 23:55:29 +01:00
Lennart Poettering 94a80afed4 format-table: never try to reuse cells that have color/url/uppercase set 
The table cell reusing code is supposed to be an internal memory
optimization, and not more. This means behaviour should be the same as
if we wouldn't reuse cells.
 2018-12-03 22:42:38 +01:00
Lennart Poettering 359abf6dd0 format-table: add option to uppercase cells on display 
This adds a per-cell option for uppercasing displayed strings.
Implicitly turn this on for the header row. The fact that we format the
table header in uppercase is a formatting thing after all, hence should
be applied by the formatter, i.e. the table display code.

Moreover, this provides us with the benefit that we can more nicely
reuse the specified table headers as JSON field names, like we already
do: json field names are usually not uppercase.
 2018-12-03 22:42:38 +01:00
Lennart Poettering 31ac235771 format-table: optionally covert/output table to JSON 2018-12-03 22:42:38 +01:00
Lennart Poettering c93d372d7c format-table: use right field for display 
Since .timespan and .timestamp are unionized on top of each other this
doesn't actually matter, but it is still more correct to address it
under it's correct name.
 2018-12-03 22:42:38 +01:00
Lennart Poettering e4cbdffe28 output-mode: add new helper OUTPUT_MODE_IS_JSON() 
Just a pretty way to determine whether the selected output mode is a
JSON output mode.
 2018-12-03 22:42:38 +01:00
Lennart Poettering 9e964bb8e4 output-mode: add generic helper to pick right JsonFormatFlags for given OutputMode 2018-12-03 22:42:38 +01:00
Lennart Poettering ab91733c7e json: add new display flag JSON_FORMAT_COLOR_AUTO 
Typically we want to enable color when colors_enabled() says so, hence
let's automatize this.
 2018-12-03 22:42:38 +01:00
Lennart Poettering 897f099bb0 json: introduce explicit type for json formatting flags 2018-12-03 22:42:38 +01:00
Lennart Poettering 63e688cc3b
Merge pull request #11031 from poettering/gcc-attr-cleanup 
various gcc attribute clean-ups
 2018-12-03 21:59:00 +01:00
Lennart Poettering 76b31bbb24
Merge pull request #10920 from yuwata/hashmap-destructor 
hashmap: make hashmap_free() call destructors of key or value
 2018-12-03 17:59:44 +01:00
Lennart Poettering 90b365cee0 json: use new _align_() macro 2018-12-03 13:28:26 +01:00
Lennart Poettering ad2bf5df89
Merge pull request #10992 from yuwata/follow-up-10948 
network: make fib rule accept arbitrary ip protocol
 2018-12-03 11:09:04 +01:00
Lennart Poettering 686d13b9f2 util-lib: split out env file parsing code into env-file.c 
It's quite complex, let's split this out.

No code changes, just some file rearranging.
 2018-12-02 13:22:29 +01:00
Lennart Poettering 0a2152f005 util-lib: move open_serialization_fd() to serialize.c 
It definitely fits better there.

No code changes, just some rearranging.
 2018-12-02 13:22:29 +01:00
Lennart Poettering e4de72876e util-lib: split out all temporary file related calls into tmpfiles-util.c 
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.

No code changes, just some rearranging of source files.
 2018-12-02 13:22:29 +01:00
Lennart Poettering ee228be10c util-lib: don't include fileio.h from fileio-label.h 
There's no reason for doing that, hence simply don't.
 2018-12-02 13:22:29 +01:00
Yu Watanabe b07ec5a173 machine-image: introduce image_hash_ops and use it 2018-12-02 12:18:54 +01:00
Yu Watanabe 7a08d314f2 tree-wide: make hash_ops typesafe 2018-12-02 07:53:27 +01:00
Yu Watanabe d2b42d63c4 core,run: make SocketProtocol= accept protocol name in upper case an protocol number 2018-12-02 06:13:47 +01:00
Yu Watanabe dca2309108 test: add tests for ip_protocol_{from,to}_name() 2018-12-02 06:13:47 +01:00
Yu Watanabe 0667a0c497 util: introduce parse_ip_protocol() 
Not only protocol name in lower case, but it optionally accepts
IP protocol name in upper case and IP protocol number.
 2018-12-02 06:13:41 +01:00
Yu Watanabe cedfe0b02b util: cast smaller type to large type 2018-12-02 05:58:18 +01:00
Yu Watanabe da96ad5ae2 util: rename socket_protocol_{from,to}_name() to ip_protocol_{from,to}_name() 2018-12-02 05:48:27 +01:00
Lennart Poettering 5dd9527883 tree-wide: remove various unused functions 
All found with "cppcheck --enable=unusedFunction".
 2018-12-02 13:35:34 +09:00
Lennart Poettering 55844aebb6 pager: close all fds when forking off pager 2018-12-01 12:50:45 +01:00
Lennart Poettering 1d78890851 pager: log about all error conditions 
The code so far logged about some errors but was silent on others. Let's
stream-line that and make the function fully self-logging on all error
conditions.
 2018-12-01 12:50:45 +01:00
Lennart Poettering 0672e2c6f8 tree-wide: use FORK_RLIMIT_NOFILE_SAFE wherever possible 
Similar to the previous commit: in many cases no further fd processing
needs to be done in forked of children before execve() or any of its
flavours are called. In those case we can use FORK_RLIMIT_NOFILE_SAFE
instead.
 2018-12-01 12:50:45 +01:00
Lennart Poettering 595225af7a tree-wide: invoke rlimit_nofile_safe() before various exec{v,ve,l}() invocations 
Whenever we invoke external, foreign code from code that has
RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024
first. This is a safety precaution for compatibility with programs using
select() which cannot operate with fds > 1024.

This commit adds the call to rlimit_nofile_safe() to all invocations of
exec{v,ve,l}() and friends that either are in code that we know runs
with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for
starters) or that is part of shared code that might end up there.

The calls are placed as early as we can in processes invoking a flavour
of execve(), but after the last time we do fd manipulations, so that we
can still take benefit of the high fd limits for that.
 2018-12-01 12:50:45 +01:00
Lennart Poettering 3c069cdac4 move src/shared/rlimit-util.[ch] → src/basic/ 
This is really basic stuff and in a follow-up commit will use it all
across the codebase, including in process-util.[ch] which is in
src/basic/. Hence let's move it back to src/basic/ itself.
 2018-12-01 12:50:45 +01:00
Lennart Poettering 1300f91149 rlimit: add new rlimit_nofile_safe() helper 
This helper sets RLIMIT_NOFILE's soft limit to 1024 (FD_SETSIZE) for
compatibility with apps using select().

The idea is that we use this helper to reset the limit whenever we
invoke foreign code from our own processes which have bumped
RLIMIT_NOFILE high.
 2018-12-01 12:50:45 +01:00
Lennart Poettering ac20048fc0
Merge pull request #11002 from keszybz/path_join-merging 
Path join merging
 2018-12-01 00:44:58 +01:00
Zbigniew Jędrzejewski-Szmek 652ef29887 path-util: allow NULLs in arguments to path_join() 
This removes the need to remember to put strempty() in places, thus reducing
the likelihood of a stupid mistake.
 2018-11-30 22:21:17 +01:00
Lennart Poettering 88db94fa57 format-table: make sure we never call memcmp() with NULL parameters 2018-11-30 16:46:10 +01:00
Lennart Poettering 62d99b3970 format-table: add calls to query the data in a specific cell 2018-11-30 16:46:10 +01:00
Lennart Poettering 30d98de00c format-table: always underline header line 2018-11-30 16:46:10 +01:00
Lennart Poettering 9314ead785 format-table: add an API for getting the cell at a specific row/column 2018-11-30 16:46:10 +01:00
Lennart Poettering 27e730e6d0 format-table: add table_update() to update existing entries 2018-11-30 16:46:10 +01:00
Lennart Poettering a2c73e2d38 format-table: optionally allow reversing the sort order for a column 2018-11-30 16:46:10 +01:00
Lennart Poettering a4661181fa format-table: add option to store/format percent and uint64_t values in cells 2018-11-30 16:46:10 +01:00
Lennart Poettering a22318e554 format-table: before outputting a color, check if colors are available 
This is in many cases redundant, as a similar check is done by various
callers already, but in other cases (where we read the color from a
static table for example), it's nice to let the color check be done by
the table code itself, and since it doesn't hurt in the other cases just
do it again.
 2018-11-30 16:46:10 +01:00
Lennart Poettering 165ca5663e format-table: optionally make specific cells clickable links 2018-11-30 16:46:10 +01:00
Lennart Poettering 13b0d4d7bd format-table: when duplicating a cell, also copy the color 2018-11-30 16:46:10 +01:00
Lennart Poettering 62d6a1cc9f terminal-util: split out file:// generation from terminal_urlify_path() 
This way we can use it at other places, for example when preparing URLs
for format_table_set_url()
 2018-11-30 16:46:10 +01:00
Lennart Poettering ad5ffe3716 seccomp-util: drop process_vm_readv from @debug group 
it's already part of @ipc, no need to have it in both. Given that @ipc
is much more popular (as it is part of @system-service for example),
let's not define it a second time.
 2018-11-30 16:46:09 +01:00
Zbigniew Jędrzejewski-Szmek 62a85ee0a9 tree-wide: rename path_join_many() to path_join() 
$ git grep -e path_join_many -l|xargs sed -r -i 's/path_join_many/path_join/g'

The two test functions are merged into one.
 2018-11-30 10:59:47 +01:00
Zbigniew Jędrzejewski-Szmek 30016f21b3 tree-wide: replace path_join with path_join_many 2018-11-30 10:40:38 +01:00
Zbigniew Jędrzejewski-Szmek b2ac2b01c8
Merge pull request #10996 from poettering/oci-prep 
Preparation for the nspawn-OCI work
 2018-11-30 10:09:00 +01:00
Zbigniew Jędrzejewski-Szmek 77c772f227 Move mount-util.c to shared/ 
libmount dep is moved from libbasic to libshared, potentially removing
libmount from some build products.
 2018-11-29 21:03:44 +01:00
Zbigniew Jędrzejewski-Szmek 049af8ad0c Split out part of mount-util.c into mountpoint-util.c 
The idea is that anything which is related to actually manipulating mounts is
in mount-util.c, but functions for mountpoint introspection are moved to the
new file. Anything which requires libmount must be in mount-util.c.

This was supposed to be a preparation for further changes, with no functional
difference, but it results in a significant change in linkage:

$ ldd build/libnss_*.so.2
(before)
build/libnss_myhostname.so.2:
	linux-vdso.so.1 (0x00007fff77bf5000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f4bbb7b2000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007f4bbb755000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4bbb734000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f4bbb56e000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f4bbb8c1000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f4bbb51b000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f4bbb512000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4bbb4e3000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f4bbb45e000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f4bbb458000)
build/libnss_mymachines.so.2:
	linux-vdso.so.1 (0x00007ffc19cc0000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fdecb74b000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fdecb744000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fdecb6e7000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdecb6c6000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fdecb500000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fdecb8a9000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fdecb4ad000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fdecb4a2000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdecb475000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fdecb3f0000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fdecb3ea000)
build/libnss_resolve.so.2:
	linux-vdso.so.1 (0x00007ffe8ef8e000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fcf314bd000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fcf314b6000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fcf31459000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf31438000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fcf31272000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fcf31615000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fcf3121f000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcf31214000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fcf311e7000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fcf31162000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fcf3115c000)
build/libnss_systemd.so.2:
	linux-vdso.so.1 (0x00007ffda6d17000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f610b83c000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f610b835000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007f610b7d8000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610b7b7000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f610b5f1000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f610b995000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f610b59e000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f610b593000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f610b566000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f610b4e1000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f610b4db000)

(after)
build/libnss_myhostname.so.2:
	linux-vdso.so.1 (0x00007fff0b5e2000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fde0c328000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fde0c307000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fde0c141000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fde0c435000)
build/libnss_mymachines.so.2:
	linux-vdso.so.1 (0x00007ffdc30a7000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f06ecabb000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f06ecab4000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f06eca93000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f06ec8cd000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f06ecc15000)
build/libnss_resolve.so.2:
	linux-vdso.so.1 (0x00007ffe95747000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fa56a80f000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fa56a808000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa56a7e7000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fa56a621000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fa56a964000)
build/libnss_systemd.so.2:
	linux-vdso.so.1 (0x00007ffe67b51000)
	librt.so.1 => /lib64/librt.so.1 (0x00007ffb32113000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007ffb3210c000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffb320eb000)
	libc.so.6 => /lib64/libc.so.6 (0x00007ffb31f25000)
	/lib64/ld-linux-x86-64.so.2 (0x00007ffb3226a000)

I don't quite understand what is going on here, but let's not be too picky.
 2018-11-29 21:03:44 +01:00
Lennart Poettering 30874dda3a dev-setup: generalize logic we use to create "inaccessible" device nodes 
Let's generalize this, so that we can use this in nspawn later on, which
is pretty useful as we need to be able to mask files from the inner
child of nspawn too, where the host's /run/systemd/inaccessible
directory is not visible anymore. Moreover, if nspawn can create these
nodes on its own before the payload this means the payload can run with
fewer privileges.
 2018-11-29 20:21:40 +01:00
Lennart Poettering d435a18244 ptyfwd: optionally override terminal width/height 2018-11-29 20:21:39 +01:00
Lennart Poettering 54b22b2643 tree-wide: port various parts of the code over to the new device_major_minor_path() calls 2018-11-29 20:21:39 +01:00
Zbigniew Jędrzejewski-Szmek 401faa3533
Merge pull request #10357 from poettering/import-fs 
machinectl import-fs command and other fixes
 2018-11-29 16:38:46 +01:00
Zbigniew Jędrzejewski-Szmek 8b4e51a60e
Merge pull request #10797 from poettering/run-generator 
add new "systemd-run-generator" for running arbitrary commands from the kernel command line as system services using the "systemd.run=" kernel command line switch
 2018-11-28 22:40:55 +01:00
Yu Watanabe 50ae773f85
Merge pull request #10970 from yuwata/from-name-return-negative-errno 
util: make *_from_name() returns negative errno on error
 2018-11-29 03:18:03 +09:00
Yu Watanabe acf4d15893 util: make *_from_name() returns negative errno on error 2018-11-28 20:20:50 +09:00
Yu Watanabe 7b5e750d2a util: also move scripts related to socket-protocol-list.[ch] to shared/ 
The source files were moved to shared/. Let's also move the relevant scripts.
 2018-11-28 20:20:29 +09:00
Lennart Poettering 1f70196644
Merge pull request #10961 from poettering/busctl-monitor-json 
busctl: support json mode also for 'busctl monitor'
 2018-11-28 10:30:53 +01:00
Lennart Poettering e4086ae0b3 install: when enabling a template unit without DefaultInstance= nor specified instance don't do anything 
Previously, we'd link the unit file into /etc in this case, but that
should only be done if the unit file is not in the search path anyway,
and this is already done implicitly anyway for all enabled unit files,
hence no reason to duplicate this here.

Fixes: #10253
 2018-11-28 08:43:47 +01:00
Lennart Poettering d23aeead14 install: use structured initializers 2018-11-28 08:43:47 +01:00
Lennart Poettering 319a4f27c4 json: teach json builder "conditional" object fields 
Quite often when we generate objects some fields should only be
generated in some conditions. Let's add high-level support for that.
Matching the existing JSON_BUILD_PAIR() this adds
JSON_BUILD_PAIR_CONDITIONAL() which is very similar, but takes an
additional parameter: a boolean condition. If "true" this acts like
JSON_BUILD_PAIR(), but if false then the whole pair is suppressed.

This sounds simply, but requires a tiny bit of complexity: when complex
sub-variants are used in fields, then we also need to suppress them.
 2018-11-28 08:38:55 +01:00
Michael Biebl 1830ac51a4 Revert "systemctl: when removing enablement or mask symlinks, cover both /run and /etc" 
Having systemctl disable/unmask remove all symlinks in /etc and /run is
unintuitive and breaks existing use cases.
systemctl should behave symmetrically.
A "systemctl --runtime unmask" should undo a "systemctl --runtime mask"
action.
Say you have a service, which was masked by the admin in /etc.
If you temporarily want to mask the execution of the service (say in a
script), you'd create a runtime mask via "systemctl --runtime mask".
It is is now no longer possible to undo this temporary mask without
nuking the admin changes, unless you start rm'ing files manually.

While it is useful to be able to remove all enablement/mask symlinks in
one go, this should be done via a separate command line switch, like
"systemctl --all unmask".

This reverts commit 4910b35078.

Fixes: #9393
 2018-11-27 15:15:52 +01:00
Lennart Poettering 4917894417
Merge pull request #10944 from poettering/redirect-file-fix 
StandardOutput=file: fixes
 2018-11-27 13:18:26 +01:00
Lennart Poettering 5cfa2c3dc0 tree-wide: use IOVEC_MAKE() at many places 2018-11-27 10:12:27 +01:00
Lennart Poettering 8d33232ef1 bus-unit-util: properly accept StandardOutput=append:… settings 2018-11-27 10:06:51 +01:00
Lennart Poettering 7af67e9a8b core: allow to set exit status when using SuccessAction=/FailureAction=exit in units 
This adds SuccessActionExitStatus= and FailureActionExitStatus= that may
be used to configure the exit status to propagate in when
SuccessAction=exit or FailureAction=exit is used.

When not specified let's also propagate the exit status of the main
process we fork off for the unit.
 2018-11-27 09:44:40 +01:00
Lennart Poettering ff9bf8d012 units: make fsck/grows/makefs/makeswap units conflict against shutdown.target 
They are the only units we shipped/generated where this was missing really. Let's fix these.

Follow-up for: #10933
 2018-11-26 22:18:16 +01:00
Lennart Poettering 020b39497a tree-wide: use SWAP_TWO a bit more 2018-11-26 22:17:34 +01:00
Lennart Poettering 5f7ecd610c import: drop logic of setting up /var/lib/machines as btrfs loopback mount 
Let's simplify things and drop the logic that /var/lib/machines is setup
as auto-growing btrfs loopback file /var/lib/machines.raw.

THis was done in order to make quota available for machine management,
but quite frankly never really worked properly, as we couldn't grow the
file system in sync with its use properly. Moreover philosophically it's
problematic overriding the admin's choice of file system like this.

Let's hence drop this, and simplify things. Deleting code is a good
feeling.

Now that regular file systems provide project quota we could probably
add per-machine quota support based on that, hence the btrfs quota
argument is not that interesting anymore (though btrfs quota is a bit
more powerful as it allows recursive quota, i.e. that the machine pool
gets an overall quota in addition to per-machine quota).
 2018-11-26 18:09:01 +01:00
Lennart Poettering b11591af27 import-util: downgrade log message about quota to LOG_DEBUG 
We invoke this usually on a temporary path before renaming it into
place. This means the log message is quite suprising as it mentions a
weird path with random characters in it. Hence, let's downgrade the
message in order not to confuse the user.
 2018-11-26 18:09:01 +01:00
Lennart Poettering fd67de0152 tree-wide: fix a few missing includes 2018-11-26 18:09:01 +01:00
Harald Hoyer 4e9322048b generator.c: systemd-fsck-root.service conflict with shutdown.target 
Otherwise a "reboot" or "poweroff" in the initramfs will have to wait
until systemd-fsck-root.service has completed, which might never happen
if the root device never shows up.
 2018-11-26 16:51:22 +01:00
Lennart Poettering 49fe5c0996 tree-wide: port various places over to STARTSWITH_SET() 2018-11-26 14:08:46 +01:00
Yu Watanabe 03b35f8775
Merge pull request #10871 from keszybz/more-cleanup-2 
Allow "synthetic" errno to be used in log calls
 2018-11-22 23:16:43 +09:00
Lennart Poettering ca64ce4ad8 sysctl: when debug logging about sysctl changes, truncate trailing newline 2018-11-22 11:45:37 +01:00
Zbigniew Jędrzejewski-Szmek baaa35ad70 coccinelle: make use of SYNTHETIC_ERRNO 
Ideally, coccinelle would strip unnecessary braces too. But I do not see any
option in coccinelle for this, so instead, I edited the patch text using
search&replace to remove the braces. Unfortunately this is not fully automatic,
in particular it didn't deal well with if-else-if-else blocks and ifdefs, so
there is an increased likelikehood be some bugs in such spots.

I also removed part of the patch that coccinelle generated for udev, where we
returns -1 for failure. This should be fixed independently.
 2018-11-22 10:54:38 +01:00
Zbigniew Jędrzejewski-Szmek 6d176522f5 Revert 5fdf2d51c2 
This reverts 5fdf2d51c2, except for one improved
log message.

Fixes #10613.

Checking if resume= is configured is a good idea, but it turns out we cannot do
it reliably:
- the code only supported boot options with sd-boot, and it's not very widely
  used. This means that for most systemd we could only check the current
  commandline, not the next one.
- Various systems resume without, e.g. Debian has
  /etc/initramfs-tools/conf.d/resume in the initramfs.

Making those checks better would be possible with enough effort, but there'll
be always new systems that boot in a slightly different way and we would need
to keep adding new cases. Longer term, we want to rely on autodetecting the
resume partition, and then checks like this will not be necessary at all. It is
quite clear from the number of bug reports that the number of poeple impacted
by this is quite high now, so let's just drop this.
 2018-11-21 15:04:22 +01:00
Lennart Poettering 818623aca5
Merge pull request #10860 from keszybz/more-cleanup-2 
Do more stuff from main macros
 2018-11-21 11:07:31 +01:00
Zbigniew Jędrzejewski-Szmek 8d38b8ad56 Call mac_selinux_close() from main func macros, convert user-sessions and test-udev 2018-11-21 09:14:00 +01:00
Zbigniew Jędrzejewski-Szmek d1405af399 systemctl: define main through macro and call ask_password_agent_close() from the macro 
This doesn't save us anything, but I like consistency.
 2018-11-21 09:14:00 +01:00
Zbigniew Jędrzejewski-Szmek a6db316372 shared/main-func: also close the polkit agent automatically 
The agent is closed after the static destuctors but before the pager.
No users of DEFINE_MAIN_FUNCTION* were using a polkit agent, so this makes no
functional difference.
 2018-11-20 18:40:02 +01:00
Zbigniew Jędrzejewski-Szmek 294bf0c34a Split out pretty-print.c and move pager.c and main-func.h to shared/ 
This is high-level functionality, and fits better in shared/ (which is for
our executables), than in basic/ (which is also for libraries).
 2018-11-20 18:40:02 +01:00
Lennart Poettering 3584d3ca4f exit-status: introduce EXIT_EXCEPTION mapping to 255 2018-11-20 17:04:07 +01:00
Zbigniew Jędrzejewski-Szmek 7fa0269bca
Merge pull request #10850 from poettering/log-setup 
reduce some logging boilerplate
 2018-11-20 13:36:45 +01:00
Lennart Poettering 6bf3c61c57 log: introduce new helper call log_setup_service() 
Let's reduce the common boilerplate and have a single setup function
used by all service code to setup logging.
 2018-11-20 11:18:22 +01:00
Lennart Poettering afe44c8ffd generators: introduce a common implementation for the log setup boilerplate 2018-11-20 10:57:50 +01:00
Zbigniew Jędrzejewski-Szmek d284b82b3e Move various files that don't need to be in basic/ to shared/ 
This doesn't have much effect on the final build, because we link libbasic.a
into libsystemd-shared.so, so in the end, all the object built from basic/
end up in libsystemd-shared. And when the static library is linked into binaries,
any objects that are included in it but are not used are trimmed. Hence, the
size of output artifacts doesn't change:

$ du -sb /var/tmp/inst*
54181861	/var/tmp/inst1    (old)
54207441	/var/tmp/inst1s   (old split-usr)
54182477	/var/tmp/inst2    (new)
54208041	/var/tmp/inst2s   (new split-usr)

(The negligible change in size is because libsystemd-shared.so is bigger
by a few hundred bytes. I guess it's because symbols are named differently
or something like that.)

The effect is on the build process, in particular partial builds. This change
effectively moves the requirements on some build steps toward the leaves of the
dependency tree. Two effects:
- when building items that do not depend on libsystemd-shared, we
  build less stuff for libbasic.a (which wouldn't be used anyway,
  so it's a net win).
- when building items that do depend on libshared, we reduce libbasic.a as a
  synchronization point, possibly allowing better parallelism.

Method:
1. copy list of .h files from src/basic/meson.build to /tmp/basic
2. $ for i in $(grep '.h$' /tmp/basic); do echo $i; git --no-pager grep "include \"$i\"" src/basic/ 'src/lib*' 'src/nss-*' 'src/journal/sd-journal.c' |grep -v "${i%.h}.c";echo ;done | less
 2018-11-20 07:27:37 +01:00
Lennart Poettering cc7a0bfa15 bootspec: introduce SYSTEMD_ESP_PATH for overriding where to look for the ESP (#10834) 2018-11-20 12:37:01 +09:00
Lennart Poettering 4472fa6d2c conf-parse: use strjoina() where appropriate 2018-11-17 08:47:27 +01:00
asavah 6917857ed4 fix build with -Defi=false 2018-11-16 21:51:47 +01:00
Lennart Poettering ca0e33734e
Merge pull request #10777 from poettering/seccomp-filter-others 
list syscalls supported by the local kernel but not in any syscall groups explicitly in "systemd-analyze syscall-filter"
 2018-11-16 17:53:50 +01:00
Lennart Poettering 6415fecd4c
Merge pull request #10785 from poettering/cgroup-join-removal 
remove JoinControllers= setting
 2018-11-16 17:53:26 +01:00
Lennart Poettering a05cfe230f seccomp: add some missing syscalls to filter sets 2018-11-16 16:10:57 +01:00
Lennart Poettering 68d7c268f8 efivars: let's add some validation of boot menu entry name syntax 2018-11-16 15:52:22 +01:00
Lennart Poettering cea72d53f8 efivars: add new helper efi_set_variable_string() 
Let's make it easier to parse an UTF-16 string properly.
 2018-11-16 15:52:22 +01:00
Lennart Poettering 80641a81b6 bootctl: display loader features in a pretty way. 2018-11-16 15:52:22 +01:00
Lennart Poettering 143fadf369 core: remove JoinControllers= configuration setting 
This removes the ability to configure which cgroup controllers to mount
together. Instead, we'll now hardcode that "cpu" and "cpuacct" are
mounted together as well as "net_cls" and "net_prio".

The concept of mounting controllers together has no future as it does
not exist to cgroupsv2. Moreover, the current logic is systematically
broken, as revealed by the discussions in #10507. Also, we surveyed Red
Hat customers and couldn't find a single user of the concept (which
isn't particularly surprising, as it is broken...)

This reduced the (already way too complex) cgroup handling for us, since
we now know whenever we make a change to a cgroup for one controller to
which other controllers it applies.
 2018-11-16 14:54:13 +01:00
Yu Watanabe 9b2934cb81 udev-util: read resolve_names from udev.conf 
Fixes CID#1396866.
 2018-11-16 09:21:58 +01:00
Zbigniew Jędrzejewski-Szmek cd5a29ce98
Merge pull request #10742 from poettering/c-utf8 
default to C.UTF-8 locale, and many improvements to env var file parsing/kernel cmdline parsing
 2018-11-15 12:47:17 +01:00
Lennart Poettering 042cad5737
Merge pull request #10753 from keszybz/pager-no-interrupt 
Add mode in journalctl where ^C is handled by the pager
 2018-11-14 20:09:39 +01:00
Lennart Poettering 13df9c398d fileio: automatically add NULL sentinel to parse_env_file() 
Let's modernize things a bit.
 2018-11-14 17:01:55 +01:00
Lennart Poettering aa8fbc74e3 fileio: drop "newline" parameter for env file parsers 
Now that we don't (mis-)use the env file parser to parse kernel command
lines there's no need anymore to override the used newline character
set. Let's hence drop the argument and just "\n\r" always. This nicely
simplifies our code.
 2018-11-14 17:01:54 +01:00
Zbigniew Jędrzejewski-Szmek fde32028a4 Move LONG_LINE_MAX definition to fileio.h 
All users of the macro (except for one, in serialize.c), use the macro in
connection with read_line(), so they must include fileio.h.  Let's not play
libc games and require multiple header file to be included for the most common
use of a function.

The removal of def.h includes is not exact. I mostly went over the commits that
switch over to use read_line() and add def.h at the same time and reverted the
addition of def.h in those files.
 2018-11-14 16:25:32 +01:00
Lennart Poettering 8755568681
Merge pull request #10759 from keszybz/udevd-more-configuration 
Udevd more configuration options
 2018-11-14 16:21:14 +01:00
Zbigniew Jędrzejewski-Szmek a14e7af162 udev: also allow resolve_names= to be specified in udev.conf 2018-11-13 14:35:36 +01:00
Zbigniew Jędrzejewski-Szmek bc768f0475 udev: move ResolveNameTiming definition and parsers to udev-util.h 
Follow-up for c4d44cba4d. No functional change,
but the parser is moved to libsystemd-shared.so.
 2018-11-13 14:04:29 +01:00
Zbigniew Jędrzejewski-Szmek 4b3ca79ea9 udevd: allow more parameters to be set through udev.conf 
Rebooting to set change the kernel command line to set some udev parameters is
inconvenient. Let's allow setting more stuff in the config file.

Also drop quotes from around "info" in udev.conf. We need to accept them for
compatibility, but there is no reason to use them.
 2018-11-13 14:03:47 +01:00
Zbigniew Jędrzejewski-Szmek 705727fd76 shared/dissect-image: drop parens 2018-11-13 11:58:44 +01:00
Lennart Poettering 1edcb6a91c tree-wide: port over other candidates for namespace_fork() 
Let's always use the same, correct, way to join a namespace.
 2018-11-13 10:49:18 +01:00
Zbigniew Jędrzejewski-Szmek a90db619ca shared: fix typo 2018-11-10 07:43:57 +01:00
Yu Watanabe 9adbfeb38a conf-parser: ignore trailing back-slash in comment 
Fixes #10598.
 2018-11-08 18:09:04 +09:00
Zbigniew Jędrzejewski-Szmek e44c5a3ba6
Merge pull request #10594 from poettering/env-reload-fix 
change handling of environment block of PID1's manager object
 2018-11-07 12:49:13 +01:00
Lennart Poettering 0e28c86f54 ask-password: fix minor memory leak on error path 
CID 1396557
 2018-11-06 16:41:01 +03:00
Yu Watanabe 383bb2bc1a vlan-util: add assertions to parse_vlanid() 2018-11-04 00:31:46 +09:00
Xiang Fan c7b7d74e81 ask-password: check keyring in ask_password_tty and ask_password_agent 
A race condition happens when calling ask_password_auto() multiple times
to unlock several disks on boot and effectively no password caching is
utilized. This patch fixes it by polling the cache when waiting for
the password.
 2018-10-31 18:26:58 +01:00
Lennart Poettering bea1a01310 strv: wrap strv_new() in a macro so that NULL sentinel is implicit 2018-10-31 18:00:52 +01:00
Yu Watanabe fbd0aea17e dissect: do not store unused devnum 2018-10-31 09:29:51 +09:00