Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
As discussed with Dan Berrange it's a good idea to suffix all objects in
the cgroup tree with ".something", so that when the system is
partitioned using a resource management tool we can drop objects of
different types into the same partition directory without generate
namespace conflicts.
We'l add this to the Pax Control Group document as soon as write access
to the fdo wiki is restored.
All attributes are stored as text, since root_directory is already
text, and it seems easier to have all of them in text format.
Attributes are written in the trusted. namespace, because the kernel
currently does not allow user. attributes on cgroups. This is a PITA,
and CAP_SYS_ADMIN is required to *read* the attributes. Alas.
A second pipe is opened for the child to signal the parent that the
cgroup hierarchy has been set up.
This reverts commit 4826f0b7b5.
Because statfs.t_type can be int on some architecures, we have to cast
the const magic to the type, otherwise the compiler warns about
signed/unsigned comparison, because the magic can be 32 bit unsigned.
statfs(2) man page is also wrong on some systems, because
f_type is not __SWORD_TYPE on some architecures.
The following program:
int main(int argc, char**argv)
{
struct statfs s;
statfs(argv[1], &s);
printf("sizeof(f_type) = %d\n", sizeof(s.f_type));
printf("sizeof(__SWORD_TYPE) = %d\n", sizeof(__SWORD_TYPE));
printf("sizeof(long) = %d\n", sizeof(long));
printf("sizeof(int) = %d\n", sizeof(int));
if (sizeof(s.f_type) == sizeof(int)) {
printf("f_type = 0x%x\n", s.f_type);
} else {
printf("f_type = 0x%lx\n", s.f_type);
}
return 0;
}
executed on s390x gives for a btrfs:
sizeof(f_type) = 4
sizeof(__SWORD_TYPE) = 8
sizeof(long) = 8
sizeof(int) = 4
f_type = 0x9123683e
nspawn will overmount resolv.conf if it exists. Since e.g.
default install with yum doesn't create /etc/resolv.conf,
a container created with yum will not have network. This
seems undesirable, and since we overmount the file anyway,
let's create it too.
Also, mounting a read-write /etc/resolv.conf in the container
is treated as a failure, since it makes it possible to
modify hosts /etc/resolv.conf from inside the container.
libsystemd-audit needs functions from libsystemd-shared, so
libsystemd-audit needs to appear first. Otherwise:
CCLD systemd-logind
./.libs/libsystemd-audit.a(audit.o): In function `audit_session_from_pid':
/home/josh/src/systemd/src/shared/audit.c:50: undefined reference to `detect_container'
This patch adds --disable-tests to configure. It is based on a patch
posted by Thierry Reding in 2010. The motivation for adding it is that
some tests fail link-time when cross-compiling.
The patch adds a new Makefile variable -- manual_tests -- and uses
that instead of noinst_PROGRAMS. However, if ENABLE_TESTS is true,
the former is added to the latter. It also renames noinst_tests to
simply tests.
This reverts commit a858b64ddd.
This reverts commit aea275c431.
This reverts commit fc6e6d245e.
This reverts commit c4073a27c5.
This reverts commit cddf148028.
This reverts commit 8c68a70170.
The constants are now casted to __SWORD_TYPE, which should resolve the
compiler warnings about signed vs unsigned.
After talking to Kay, we concluded:
This should be fixed in the kernel, not worked around in userspace tools.
Architectures cannot use int and expect magic constants lager than INT_MAX
to work correctly. The kernel header needs to be fixed.
Even coreutils cannot handle it:
#define RAMFS_MAGIC 0x858458f6
# stat -f -c%t /
ffffffff858458f6
#define BTRFS_SUPER_MAGIC 0x9123683E
# stat -f -c%t /mnt
ffffffff9123683e
Although I found the perfect working macro to fix the thing :)
__extension__ ({ \
bool _ret = false; \
switch(f) { case c: _ret=true; }; \
( _ret ); \
})
systemd does not want to understand comments after the first
non-whitespace char occured.
key=foo #comment will result into key == "foo #comment"
key="foo" #comment will result into key == "foo#comment"
"key= #comment" will result into key == "#comment"
"key #comment" is an invalid line
On some architectures (like s390x) the kernel has the type int for
f_type, but long in userspace.
Assigning the 32 bit magic constants from linux/magic.h to the 31 bit
signed f_type in the kernel, causes f_type to be negative for some
constants.
glibc extends the int to long for those architecures in 64 bit mode, so
the negative int becomes a negative long, which cannot be simply
compared to the original magic constant, because the compiler would
automatically cast the constant to long.
To workaround this issue, we also compare to the (int)MAGIC value in a
macro. Of course, we could do #ifdef with the architecure, but it has to
be maintained, and the magic constants are 32 bit anyway.
Someday, when the int is unsigned or long for all architectures, we can
remove this macro again. Until then, keep it as simple as it can be.
