We check /etc/machine-id of the container and if it is already populated
we use value from there, possibly ignoring value of --uuid option from
the command line. When dealing with R/O image we setup transient machine
id.
Once we determined machine id of the container, we use this value for
registration with systemd-machined and we also export it via
container_uuid environment variable.
As registration with systemd-machined is done by the main nspawn process
we communicate container machine id established by setup_machine_id from
outer child to the main process by unix domain socket. Similarly to PID
of inner child.
LLDP_TX_HOLD or one of the other variables might be changed in the future
resulting in a silent error here if the if was just removed.
Replacement for #2983.
We don't want to actually install it anywhere, because it
is only usable copied or %included directly into a spec file,
and must be available before %prep is run. But still, it's
useful to generate it automatically so it's easier to copy
and it doesn't go stale.
Add two more tests:
- Add a single tag, match on it, don't match on another.
- Add 10.000 tags to a device, ensure that udev survives this.
(Reproduces crash fixed by commit 1d88a271a)
It is observed that a combination of high log throughput, low I/O speed on journal remote side and many nodes uploading simultaneously caused the journal-upload process to dump core because of watchdog starvation. This is caused because journal-upload stays in curl_easy_perform(), because it cannot upload fast enough to reach the end of the journal. Currently journal-upload will return from curl_easy_perform() only when the end of the journal is reached. Therefore a check is added in journal_input_callback(), which will update the watchdog if the elapsed time since the start of the uploading process is greater than WATCHDOG_USEC/2.
* Don't lose children exit codes
* Don't receive notification when child processes stop
Eliminates annoying "Child died"-messages:
$ ./systemd-socket-activate -l 2000 --inetd -a cat
^Z
[1]+ Stopped ./systemd-socket-activate -l 2000 --inetd -a cat
$ bg %1
[1]+ ./systemd-socket-activate -l 2000 --inetd -a cat &
Child 15657 died with code 20
$ ps u 15657
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
ubuntu 15657 0.0 0.0 4540 680 pts/2 S 00:34 0:00 cat
* Don't fail to reap some zombie children
Fixes
$ ./systemd-socket-activate -l 2000 --inetd -a cat &
$ for i in {1..1000}; do echo a | nc localhost 2000 & done
$ ps f
...
18235 pts/2 Ss 0:01 -bash
15849 pts/2 S 0:00 \_ ./systemd-socket-activate -l 2000 --inetd
-a cat
16081 pts/2 Z 0:00 | \_ [cat] <defunct>
16381 pts/2 Z 0:00 | \_ [cat] <defunct>
and many more zombies
...
On the server side we already bypass the polkit checks if the caller is root
(see the sd_bus_query_sender_privilege() call in bus_verify_polkit_async()). So
there is no reason to invoke polkit when running
systemctl/machinectl/loginctl/timedatectl as root.
Fixes#2748
strjoina() is unsafe to be used in an unbounded loop as alloca() has no error
reporting. Thus devices with a large number of tags or devlinks trigger a
segfault in device_properties_prepare() due to overflowing the stack.
Rewrite the building of the "tags" and "devlinks" strings using
GREEDY_REALLOC() and strpcpy() to work with arbitrarily long strings. This also
avoids re-copying the entire string in each loop iteration.
Before this commit we always appended one final ":" to "tags". Change this to
start with an iniital ":" and for each tag append instead of prepend a ":".
This unifies what happens for the first and all subsequent tags so that we can
use a for loop.
Fixes#2954
1. Replace strtol with unhexchar, verified with valid and invalid DUID strings.
2. Fix logging to use log_syntax instead of log_error.
3. On error reading DUID, ignore read and preserve previous state.
4. Fix man-pages to use markup, remove options not yet implemented.
5. Remove spurious header line in new files.
With this option, systemctl will only print the rhs in show:
$ systemctl show -p Wants,After systemd-journald --value
systemd-journald.socket ...
systemd-journald-dev-log.socket ...
This is useful in scripts, because the need to call awk or similar
is removed.
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any
product expecting *.localdomain to resolve to localhost, however I am aware of
at least one product that defaults to ".localdomain" as its DNS suffix provided
via DHCP (pfSense). This leads to unexpected results when attempting to access
a host that's offline (or a host that's online, when nsswitch.conf is
[mis-]configured to have myhostname ahead of DNS).
Operate on:
localhost (and localhost.)
*.localhost (and *.localhost.)
localhost.localdomain (and localhost.localdomain.)
*.localhost.localdomain (and *.localhost.localdomain.)
We should not cover:
*.localdomain (nor *.localdomain.)
localdomain (nor localdomain.)
Michal Sekletar