Yu Watanabe [Wed, 17 Oct 2018 21:20:41 +0000 (06:20 +0900)]
Merge pull request #10438 from poettering/path-is-valid
be a bit more carful when processing transient socket paths via the bus
Lennart Poettering [Wed, 17 Oct 2018 20:55:00 +0000 (22:55 +0200)]
Merge pull request #10439 from poettering/job-struct-init
three trivial simplifications/clean-ups
Lennart Poettering [Wed, 17 Oct 2018 20:54:34 +0000 (22:54 +0200)]
Merge pull request #10440 from poettering/fflush-and-check-some-more
use fflush_and_check() and free_and_replace() where we can
Lennart Poettering [Wed, 17 Oct 2018 19:29:10 +0000 (21:29 +0200)]
Merge pull request #10428 from keszybz/failure-actions
Implement manager status changes using SuccessAction=
Lennart Poettering [Wed, 17 Oct 2018 18:18:27 +0000 (20:18 +0200)]
service: use free_and_replace() where we can
Lennart Poettering [Wed, 17 Oct 2018 18:14:51 +0000 (20:14 +0200)]
exec-util: use fflush_and_check() where appropriate
Lennart Poettering [Wed, 17 Oct 2018 18:13:54 +0000 (20:13 +0200)]
execute: shorten things a bit
Lennart Poettering [Wed, 17 Oct 2018 18:16:52 +0000 (20:16 +0200)]
job: add lots of colons to log messages
Lennart Poettering [Wed, 17 Oct 2018 17:07:15 +0000 (19:07 +0200)]
job: use structured initialization
Lennart Poettering [Wed, 17 Oct 2018 19:06:23 +0000 (21:06 +0200)]
core: use structured initialization
Lennart Poettering [Wed, 17 Oct 2018 19:06:09 +0000 (21:06 +0200)]
core: shorten list appending a bit, by using better macros
Lennart Poettering [Wed, 17 Oct 2018 19:00:16 +0000 (21:00 +0200)]
dbus: add missing OOM check
Lennart Poettering [Wed, 17 Oct 2018 16:28:43 +0000 (18:28 +0200)]
core: validate socket path with path_is_valid()
Lennart Poettering [Wed, 17 Oct 2018 16:28:14 +0000 (18:28 +0200)]
path-util: add new path_is_valid() helper
Lennart Poettering [Wed, 17 Oct 2018 19:05:33 +0000 (21:05 +0200)]
list: fix double avaluation in LIST_APPEND()
Andreas Henriksson [Sun, 14 Oct 2018 12:53:09 +0000 (14:53 +0200)]
sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set
When the root account is locked sulogin will either inform you of
this and not allow you in or if --force is used it will hand
you passwordless root (if using a recent enough version of util-linux).
Not being allowed a shell is ofcourse inconvenient, but at the same
time handing out passwordless root unconditionally is probably not
a good idea everywhere.
This patch thus allows to control which behaviour you want by
setting the SYSTEMD_SULOGIN_FORCE environment variable to true
or false to control the behaviour, eg. via adding this to
'systemctl edit rescue.service' (or emergency.service):
[Service]
Environment=SYSTEMD_SULOGIN_FORCE=1
Distributions who used locked root accounts and want the passwordless
behaviour could thus simply drop in the override file in
/etc/systemd/system/rescue.service.d/override.conf
Fixes: #7115
Addresses: https://bugs.debian.org/802211
Zbigniew Jędrzejewski-Szmek [Wed, 17 Oct 2018 15:27:20 +0000 (17:27 +0200)]
core: do not "warn" about mundane emergency actions
For example in a container we'd log:
Oct 17 17:01:10 rawhide systemd[1]: Started Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Forcibly powering off: unit succeeded
Oct 17 17:01:10 rawhide systemd[1]: Reached target Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Shutting down.
and on the console we'd write (in red)
[ !! ] Forcibly powering off: unit succeeded
This is not useful in any way, and the fact that we're calling an "emergency action"
is an internal implementation detail. Let's log about c-a-d and the watchdog actions
only.
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 14:34:45 +0000 (16:34 +0200)]
units: allow and use SuccessAction=exit-force in system systemd-exit.service
C.f.
287419c119ef961db487a281162ab037eba70c61: 'systemctl exit 42' can be
used to set an exit value and pulls in exit.target, which pulls in systemd-exit.service,
which calls org.fdo.Manager.Exit, which calls method_exit(), which sets the objective
to MANAGER_EXIT. Allow the same to happen through SuccessAction=exit.
v2: update for 'exit' and 'exit-force'
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 13:34:57 +0000 (15:34 +0200)]
units: use SuccessAction=poweroff-force in systemd-poweroff.service
Explicit systemctl calls remain in systemd-halt.service and the system
systemd-exit.service. To convert systemd-halt, we'd need to add
SuccessAction=halt-force. Halting doesn't make much sense, so let's just
leave that is. systemd-exit.service will be converted in the next commit.
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 13:30:53 +0000 (15:30 +0200)]
units: use SuccessAction=reboot-force in systemd-reboot.service
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 13:09:11 +0000 (15:09 +0200)]
units: use SuccessAction=exit-force in systemd-exit.service
Fixes #10414.
v2:
- rename .service.in to .service
- rename 'exit' to 'exit-force'
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 13:24:44 +0000 (15:24 +0200)]
core: limit service-watchdogs=no to actual "watchdog" commands
The setting is now only looked at when considering an action for a job timeout
or unit start limit. It is ignored for ctrl-alt-del, SuccessAction, SuccessFailure.
v2: turn the parameter into a flag field
v3: rename Options to Flags
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 13:07:42 +0000 (15:07 +0200)]
core: allow services with no commands but SuccessAction set
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 12:49:36 +0000 (14:49 +0200)]
core: accept system mode emergency action specifiers with a warning
Before we would only accept those "system" values, so there wasn't other
chocie. Let's provide backwards compatiblity in case somebody made use of
this functionality in user mode.
v2: use 'exit-force' not 'exit'
v3: use error value in log_syntax
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 11:28:39 +0000 (13:28 +0200)]
core: define "exit" and "exit-force" actions for user units and only accept that
We would accept e.g. FailureAction=reboot-force in user units and then do an
exit in the user manager. Let's be stricter, and define "exit"/"exit-force" as
the only supported actions in user units.
v2:
- rename 'exit' to 'exit-force' and add new 'exit'
- add test for the parsing function
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 13:56:35 +0000 (15:56 +0200)]
man: move description of *Action= modes to FailureAction=/SuccessAction=
FailureAction=/SuccessAction= were added later then StartLimitAction=, so it
was easiest to refer to the existing description. But those two settings are
somewhat simpler (they just execute the action unconditionally) while
StartLimitAction= has additional timing and burst parameters, and they are
about to take on a more prominent role, so let's move the description of
allowed values.
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 20:45:34 +0000 (22:45 +0200)]
core: consider service with no start command immediately started
The service would always be in state == SERVICE_INACTIVE, but it needs to go
through state == SERVICE_START so that SuccessAction/FailureAction are executed.
Yu Watanabe [Tue, 16 Oct 2018 19:04:35 +0000 (04:04 +0900)]
udev: make sd_device_get_devname() failure non-fatal
As it is just for logging.
Follow-up for
eb276e98419af59d4a587f2dd37e0b923e4c6fd2.
Lennart Poettering [Wed, 17 Oct 2018 15:59:36 +0000 (17:59 +0200)]
Merge pull request #10244 from poettering/nofile-bump
bump RLIMIT_NOFILE
Zbigniew Jędrzejewski-Szmek [Wed, 17 Oct 2018 15:48:35 +0000 (17:48 +0200)]
core: return true from cg_is_empty* on ENOENT
Zbigniew Jędrzejewski-Szmek [Wed, 17 Oct 2018 12:36:09 +0000 (14:36 +0200)]
meson: simplify definition of MEMORY_ACCOUNTING_DEFAULT
Let's just use the simplest form, it doesn't really matter how the define
looks after preprocessing.
Zbigniew Jędrzejewski-Szmek [Wed, 17 Oct 2018 08:21:48 +0000 (10:21 +0200)]
meson: define @HIGH_RLIMIT_NOFILE@ and use it everywhere
Lennart Poettering [Thu, 11 Oct 2018 16:31:11 +0000 (18:31 +0200)]
main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE
Lennart Poettering [Thu, 11 Oct 2018 16:23:26 +0000 (18:23 +0200)]
main: bump fs.nr_open + fs.max-file to their largest possible values
After discussions with kernel folks, a system with memcg really
shouldn't need extra hard limits on file descriptors anymore, as they
are properly accounted for by memcg anyway. Hence, let's bump these
values to their maximums.
This also adds a build time option to turn thiss off, to cover those
users who do not want to use memcg.
Lennart Poettering [Wed, 17 Oct 2018 09:58:02 +0000 (11:58 +0200)]
Merge pull request #10429 from yuwata/drop-udev-list
udev: replace udev_list by Hashmap
Yu Watanabe [Tue, 16 Oct 2018 21:47:16 +0000 (06:47 +0900)]
udev: use Hashmap for storing global properties
Yu Watanabe [Tue, 16 Oct 2018 21:11:33 +0000 (06:11 +0900)]
udev: use Hashmap for storing PROGRAM or BUILTIN
Yu Watanabe [Tue, 16 Oct 2018 20:37:34 +0000 (05:37 +0900)]
udev: use Hashmap for storing SECLABEL
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 08:38:19 +0000 (10:38 +0200)]
systemctl: fix typo
Lennart Poettering [Tue, 16 Oct 2018 17:56:04 +0000 (19:56 +0200)]
Merge pull request #10419 from yuwata/fix-prioq
Fix segfault in prioq_remove() with empty Prioq object
Yu Watanabe [Tue, 16 Oct 2018 15:55:30 +0000 (00:55 +0900)]
tree-wide: use CMP() macro where applicable
Follow-up for
6dd91b368298e3b3b264a5f2cb5647b2c5cb692b.
Ervin Peters [Tue, 16 Oct 2018 17:39:52 +0000 (19:39 +0200)]
hwdb: add Aiptek Hyperpen 12000U (#10424)
Closes #9834.
Yu Watanabe [Tue, 16 Oct 2018 16:25:58 +0000 (01:25 +0900)]
Merge pull request #10412 from poettering/sockaddr-sun-path
various fixes related to struct sockaddr_un handling
Yu Watanabe [Tue, 16 Oct 2018 16:20:12 +0000 (01:20 +0900)]
Merge pull request #10422 from poettering/network-xml-route-fix
man: systemd.network man page fix
Yu Watanabe [Tue, 16 Oct 2018 16:18:05 +0000 (01:18 +0900)]
test: add one more test for prioq_remove()
This adds a testcase for
e6e637a11a6c62eff31d36f5fc4b49c2a10c7ea8.
Yu Watanabe [Tue, 16 Oct 2018 15:47:50 +0000 (00:47 +0900)]
prioq: use structrued initializer
Yu Watanabe [Tue, 16 Oct 2018 15:38:52 +0000 (00:38 +0900)]
prioq: fix index range check
Yu Watanabe [Tue, 16 Oct 2018 14:35:22 +0000 (23:35 +0900)]
prioq: add one more assertion
Lennart Poettering [Tue, 16 Oct 2018 13:57:40 +0000 (15:57 +0200)]
tree-wide: CMP()ify all the things
Let's employ coccinelle to fix everything up automatically for us.
Michael Biebl [Tue, 16 Oct 2018 15:11:46 +0000 (17:11 +0200)]
Set theme jekyll-theme-primer
This theme uses anchorjs to provide mouse-over anchor links.
Closes: #10418
Lennart Poettering [Tue, 16 Oct 2018 15:19:23 +0000 (17:19 +0200)]
man: fix spurious uppercasing
Lennart Poettering [Tue, 16 Oct 2018 15:18:30 +0000 (17:18 +0200)]
man: an attempt to reword the [Route] Type= man page
A follow-up for #10388.
Hui Yiqun [Sat, 13 Oct 2018 06:01:47 +0000 (14:01 +0800)]
networkd: type support for "throw" in [Route] section
Lennart Poettering [Thu, 11 Oct 2018 16:22:38 +0000 (18:22 +0200)]
mkosi: make kmsg work in our mkosi builds at least
Lennart Poettering [Tue, 2 Oct 2018 07:21:45 +0000 (09:21 +0200)]
NEWS: explain the RLIMIT_NOFILE bump
Lennart Poettering [Tue, 2 Oct 2018 06:41:03 +0000 (08:41 +0200)]
rlimit-util: don't call setrlimit() needlessly if it wouldn't change anything
Just a tiny tweak to avoid generating an error if there's no need to.
Lennart Poettering [Mon, 1 Oct 2018 16:11:52 +0000 (18:11 +0200)]
core: bump RLIMIT_NOFILE soft+hard limit for systemd itself in all cases
Previously we'd do this for PID 1 only. Let's do this when running in
user mode too, because we know we can handle it.
Lennart Poettering [Mon, 1 Oct 2018 16:08:27 +0000 (18:08 +0200)]
units: bump the RLIMIT_NOFILE soft limit for all services that access the journal
This updates the unit files of all our serviecs that deal with journal
stuff to use a higher RLIMIT_NOFILE soft limit by default. The new value
is the same as used for the new HIGH_RLIMIT_NOFILE we just added.
With this we ensure all code that access the journal has higher
RLIMIT_NOFILE. The code that runs as daemon via the unit files, the code
that is run from the user's command line via C code internal to the
relevant tools. In some cases this means we'll redundantly bump the
limits as there are tools run both from the command line and as service.
Lennart Poettering [Mon, 1 Oct 2018 15:56:52 +0000 (17:56 +0200)]
core: raise the RLIMIT_NOFILE hard limit for all services by default
Following the discussions with the kernel folks, let's substantially
increase the hard limit (but not the soft limit) of RLIMIT_NOFILE to
256K for all services we start.
Note that PID 1 itself bumps the limit even further, to the max the
kernel allows. We can deal with that after all.
Lennart Poettering [Mon, 1 Oct 2018 15:44:46 +0000 (17:44 +0200)]
tree-wide: uniformly bump RLIMIT_NOFILE in all our tools that access the journal
This makes use of rlimit_nofile_bump() in all tools that access the
journal. In some cases this replaces older code to achieve this, and
others we add it in where it was missing.
Lennart Poettering [Mon, 1 Oct 2018 15:38:48 +0000 (17:38 +0200)]
core: add a new call for bumping RLIMIT_NOFILE to "high" values
Following discussions with some kernel folks at All Systems Go! it
appears that file descriptors are not really as expensive as they used
to be (both memory and performance-wise) and it should thus be OK to allow
programs (including unprivileged ones) to have more of them without ill
effects.
Unfortunately we can't just raise the RLIMIT_NOFILE soft limit
globally for all processes, as select() and friends can't handle fds
>= 1024, and thus unexpecting programs might fail if they accidently get
an fd outside of that range. We can however raise the hard limit, so
that programs that need a lot of fds can opt-in into getting fds beyond
the 1024 boundary, simply by bumping the soft limit to the now higher
hard limit.
This is useful for all our client code that accesses the journal, as the
journal merging logic might need a lot of fds. Let's add a unified
function for bumping the limit in a robust way.
Lennart Poettering [Mon, 1 Oct 2018 15:37:01 +0000 (17:37 +0200)]
def: add a "high" limit for RLIMIT_NOFILE
This simply adds a new constant we can use for bumping RLIMIT_NOFILE to
a "high" value. It default to 256K for now, which is pretty high, but
smaller than the kernel built-in limit of 1M.
Previously, some tools that needed a higher RLIMIT_NOFILE bumped it to
16K. This new define goes substantially higher than this, following the
discussion with the kernel folks.
Lennart Poettering [Mon, 1 Oct 2018 13:47:50 +0000 (15:47 +0200)]
update TODO
Lennart Poettering [Tue, 16 Oct 2018 11:56:14 +0000 (13:56 +0200)]
siphash24: add helper for calculating the hash value for a string
Let's shorten some code.
Lennart Poettering [Tue, 16 Oct 2018 14:26:44 +0000 (16:26 +0200)]
Merge pull request #10416 from poettering/udev-coverity
three simple coverity fixes
Yu Watanabe [Tue, 16 Oct 2018 13:27:30 +0000 (22:27 +0900)]
util: fix segfault in prioq_remove() with empty Prioq object
Yu Watanabe [Tue, 16 Oct 2018 13:17:04 +0000 (22:17 +0900)]
util,test: introduce cleanup function prioq_freep()
This also simplifies test-prioq.c.
Yu Watanabe [Tue, 16 Oct 2018 12:56:46 +0000 (21:56 +0900)]
test: use CMP() macro at one more place
Lennart Poettering [Tue, 16 Oct 2018 11:49:28 +0000 (13:49 +0200)]
udev: (void)ify calls to kill() where we knowingly ignore the return values
CID 1368231
CID 1368229
Lennart Poettering [Tue, 16 Oct 2018 11:48:25 +0000 (13:48 +0200)]
udev: don't use devname before we acquired it
CID 1396107
Lennart Poettering [Tue, 16 Oct 2018 11:47:23 +0000 (13:47 +0200)]
core: log about unit_watch_pid() failing
CID 1237509
Lennart Poettering [Tue, 16 Oct 2018 10:48:01 +0000 (12:48 +0200)]
Merge pull request #10327 from yuwata/test-sd-device-enumerator-subsystem
sd-device-enumerator: dedup enumerated devices and add test for subsystem filtering
Lennart Poettering [Tue, 16 Oct 2018 09:32:09 +0000 (11:32 +0200)]
Set theme jekyll-theme-cayman
Zbigniew Jędrzejewski-Szmek [Mon, 15 Oct 2018 20:41:49 +0000 (22:41 +0200)]
catalog: fix name of variable
All the messages would (literally) say "The start-up result is RESULT."
because @RESULT@ was not defined.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1639482
and the first part of #8005.
Fixup for
646cc98dc81c4d0edbc1b57e7bca0f474b47e270.
Harry Mallon [Mon, 15 Oct 2018 16:10:44 +0000 (17:10 +0100)]
rules: Add ID_REVISION environment var for NVMe devices
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 07:34:27 +0000 (09:34 +0200)]
Merge pull request #9824 from poettering/login-unit-fixes
many logind improvements
Zbigniew Jędrzejewski-Szmek [Tue, 16 Oct 2018 06:42:34 +0000 (08:42 +0200)]
Merge pull request #10391 from poettering/systemctl-exit-code-fixes
systemctl exit code fixes
Lennart Poettering [Mon, 15 Oct 2018 17:45:37 +0000 (19:45 +0200)]
nspawn: TAKE_FD() is your friend
Lennart Poettering [Mon, 15 Oct 2018 17:40:18 +0000 (19:40 +0200)]
tree-wide: use sockaddr_un_unlink() at two more places where appropriate
Lennart Poettering [Mon, 15 Oct 2018 17:23:09 +0000 (19:23 +0200)]
udev: use safe_close() where we can
Lennart Poettering [Mon, 15 Oct 2018 17:21:37 +0000 (19:21 +0200)]
tree-wide: add a single version of "static const int one = 1"
All over the place we define local variables for the various sockopts
that take a bool-like "int" value. Sometimes they are const, sometimes
static, sometimes both, sometimes neither.
Let's clean this up, introduce a common const variable "const_int_one"
(as well as one matching "const_int_zero") and use it everywhere, all
acorss the codebase.
Lennart Poettering [Mon, 15 Oct 2018 16:54:12 +0000 (18:54 +0200)]
socket-util: tighten socket_address_verify() checks a bit
Lennart Poettering [Mon, 15 Oct 2018 16:27:33 +0000 (18:27 +0200)]
socket-util: tweak commenting in socket_address_get_path()
Let's make clear explicitly that there's always a NUL byte following the
path, and how.
Lennart Poettering [Mon, 15 Oct 2018 16:26:31 +0000 (18:26 +0200)]
socket-util: include trailing NUL byte in SOCKADDR_UN_LEN() count for fs sockets
This is what unix(7) recommends, hence do so.
Lennart Poettering [Mon, 15 Oct 2018 16:22:04 +0000 (18:22 +0200)]
sd-bus: rework how we initialize struct sockaddr_un
Let's use structured initialization, but more importantly, let's
increase salen by 1, if we reference AF_UNIX sockets in the file system,
so that they also contain the trailing NUL byte. This is what unix(7)
suggests to do, hence follow it.
Lennart Poettering [Mon, 15 Oct 2018 16:17:57 +0000 (18:17 +0200)]
sd-bus: make parsing of AF_UNIX socket addresses more strict
Insist on NUL termination, just to be safe rather than sorry. The kernel
doesn't require it, but it's really annoying if people rely on this,
hence refuse this early.
Lennart Poettering [Mon, 15 Oct 2018 11:58:31 +0000 (13:58 +0200)]
tree-wide: port various users over to sockaddr_un_set_path()
CID 1396140
CID 1396141
Lennart Poettering [Mon, 15 Oct 2018 16:02:30 +0000 (18:02 +0200)]
socket-util: add sockaddr_un_set_path() helper
Properly initializing sun_path from foreign data is not easy, given the
size constraints, and NUL confusion. Let's add a helper function for
this.
Lennart Poettering [Mon, 15 Oct 2018 11:59:07 +0000 (13:59 +0200)]
tree-wide: use structured initialization for sockaddr_un
Lennart Poettering [Mon, 15 Oct 2018 11:58:00 +0000 (13:58 +0200)]
core: be more specific in error message
Lennart Poettering [Mon, 15 Oct 2018 11:57:07 +0000 (13:57 +0200)]
strxcpyx: minor coding style updates
Lennart Poettering [Mon, 15 Oct 2018 11:55:48 +0000 (13:55 +0200)]
socket-address: document socket address parsing size restrictions in a comment
Lennart Poettering [Mon, 15 Oct 2018 11:55:00 +0000 (13:55 +0200)]
socket-util: use structured initialization
Lennart Poettering [Mon, 15 Oct 2018 10:09:17 +0000 (12:09 +0200)]
tree-wide: make use of TAKE_FD() at two more places
Lennart Poettering [Mon, 15 Oct 2018 10:08:30 +0000 (12:08 +0200)]
tree-wide: use sockaddr_un_unlink() whereever appropriate
Let's port everything over.
Lennart Poettering [Mon, 15 Oct 2018 10:06:07 +0000 (12:06 +0200)]
socket-util: add new sockaddr_un_unlink() helper
The helper is supposed to properly handle cases where .sun_path does not
contain a NUL byte, and thus copies out the path suffix a NUL as
necessary.
This also reworks the more specific socket_address_unlink() to be a
wrapper around the more generic sockaddr_un_unlink()
Lennart Poettering [Mon, 15 Oct 2018 10:05:54 +0000 (12:05 +0200)]
alloc-util: add alloca() counterparts for memdup() and memdup_suffix0()
Zbigniew Jędrzejewski-Szmek [Mon, 15 Oct 2018 13:39:05 +0000 (15:39 +0200)]
Merge pull request #10373 from poettering/systemd-io
adopt systemd.io urls
Yu Watanabe [Sun, 14 Oct 2018 22:15:12 +0000 (07:15 +0900)]
Merge pull request #10392 from poettering/manager-no-inotify-fail
make sure /etc/localtime issues don't cause systemd to fail boot
Ben Boeckel [Sun, 14 Oct 2018 21:16:43 +0000 (17:16 -0400)]
man/systemd.nspawn: fix reference to --timezone argument (#10403)