platform/upstream/systemd.git
7 years agoexecute: drop explicit log_open()/log_close() now that it is unnecessary
Lennart Poettering [Tue, 26 Sep 2017 15:41:53 +0000 (17:41 +0200)]
execute: drop explicit log_open()/log_close() now that it is unnecessary

7 years agoexecute: make use of the new logging mode in execute.c
Lennart Poettering [Tue, 26 Sep 2017 15:45:32 +0000 (17:45 +0200)]
execute: make use of the new logging mode in execute.c

7 years agolog: add a mode where we open the log fds for every single log message
Lennart Poettering [Tue, 26 Sep 2017 15:45:09 +0000 (17:45 +0200)]
log: add a mode where we open the log fds for every single log message

This we can then make use in execute.c to make error logging a bit less
special when preparing for process execution, as we can still log but
don't have any fds open continously.

7 years agolog: let's make use of the fact that our functions return the negative error code...
Lennart Poettering [Mon, 25 Sep 2017 18:26:47 +0000 (20:26 +0200)]
log: let's make use of the fact that our functions return the negative error code for log_oom() too

7 years agoexecute: downgrade a log message ERR → WARNING, since we proceed ignoring its result
Lennart Poettering [Tue, 26 Sep 2017 15:42:17 +0000 (17:42 +0200)]
execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result

7 years agoexecute: rework logging in setup_keyring() to include unit info
Lennart Poettering [Tue, 26 Sep 2017 15:42:57 +0000 (17:42 +0200)]
execute: rework logging in setup_keyring() to include unit info

Let's use log_unit_error() instead of log_error() everywhere (and
friends).

7 years agotest-cpu-set-util.c: fix typo in comment (#6916)
Jan Synacek [Tue, 26 Sep 2017 14:07:34 +0000 (16:07 +0200)]
test-cpu-set-util.c: fix typo in comment (#6916)

7 years agobasic/log: fix return value from log_struct_iovec_internal()
Zbigniew Jędrzejewski-Szmek [Tue, 26 Sep 2017 14:04:33 +0000 (16:04 +0200)]
basic/log: fix return value from log_struct_iovec_internal()

This returned value so far wasn't used anywhere, so there's no change
in behaviour.

7 years agoMerge pull request #6917 from keszybz/restore-some-tests
Lennart Poettering [Tue, 26 Sep 2017 14:00:28 +0000 (16:00 +0200)]
Merge pull request #6917 from keszybz/restore-some-tests

Restore some tests

7 years agotest-cpu-set-util.c: fix typo in comment (#6916)
Jan Synacek [Tue, 26 Sep 2017 11:50:31 +0000 (13:50 +0200)]
test-cpu-set-util.c: fix typo in comment (#6916)

7 years agomeson: hook up hwdb-test.sh again
Zbigniew Jędrzejewski-Szmek [Tue, 26 Sep 2017 11:44:04 +0000 (13:44 +0200)]
meson: hook up hwdb-test.sh again

The motivation for the ./systemd-hwdb is the same as in the grandparent
for systemd-sysv-generator.

7 years agomeson: hook up udev-test.pl again
Zbigniew Jędrzejewski-Szmek [Tue, 26 Sep 2017 11:39:43 +0000 (13:39 +0200)]
meson: hook up udev-test.pl again

Seems it was dropped along with the automake rules in
72cdb3e783174dcf9223a49f03e3b0e2ca95ddb8.

7 years agosysv-generator-test: do not query $builddir
Zbigniew Jędrzejewski-Szmek [Tue, 26 Sep 2017 11:34:55 +0000 (13:34 +0200)]
sysv-generator-test: do not query $builddir

This variable is not set by meson, so let's not try to use it.

We could use some more elaborate scheme (e.g. based on $MESON_BUILD_ROOT and
$MESON_SUBDIR) to find the path to systemd-sysv-generator, but it seems
that plain ./systemd-sysv-generator works just as well and has the advantage
that it's easy to invoke the test by hand (as long as one cd's to the
meson build dir).

7 years agosysv-generator-test: drop python2 work-around
Zbigniew Jędrzejewski-Szmek [Tue, 26 Sep 2017 09:59:08 +0000 (11:59 +0200)]
sysv-generator-test: drop python2 work-around

We require python3 for meson anyway, so support python2 doesn't seem
useful anymore.

7 years agojournal-verfiy: add a couple of missing le64toh() calls (#6888)
Lennart Poettering [Mon, 25 Sep 2017 20:26:10 +0000 (22:26 +0200)]
journal-verfiy: add a couple of missing le64toh() calls (#6888)

Apparently BE users don't verify their journals...

Noticed as result of #6887

7 years agostring-util: use size_t for strjoina macro (#6914)
Jonathan Lebon [Mon, 25 Sep 2017 19:56:57 +0000 (15:56 -0400)]
string-util: use size_t for strjoina macro (#6914)

`strlen` returns a `size_t` and `alloca` expects a `size_t`.

7 years agoinstall: drop left-over debug message (#6913)
Zbigniew Jędrzejewski-Szmek [Mon, 25 Sep 2017 17:59:49 +0000 (19:59 +0200)]
install: drop left-over debug message (#6913)

7 years agoMerge pull request #6893 from poettering/cgroup-delegate-yay
Zbigniew Jędrzejewski-Szmek [Sun, 24 Sep 2017 18:53:04 +0000 (20:53 +0200)]
Merge pull request #6893 from poettering/cgroup-delegate-yay

cgroup delegation fixes, as well as socket unit slice assignment

7 years agoMerge pull request #6891 from poettering/read-line
Zbigniew Jędrzejewski-Szmek [Sun, 24 Sep 2017 18:51:01 +0000 (20:51 +0200)]
Merge pull request #6891 from poettering/read-line

add read_line() helper as bounded getline() and make use of it at some places

7 years agoMerge pull request #6887 from rantala/6447
Lennart Poettering [Sun, 24 Sep 2017 17:52:07 +0000 (19:52 +0200)]
Merge pull request #6887 from rantala/6447

journal: add object sanity check to journal_file_move_to_object() (#6447)

7 years agofileio: return 0 from read_one_line_file on success
Zbigniew Jędrzejewski-Szmek [Sun, 24 Sep 2017 12:27:21 +0000 (14:27 +0200)]
fileio: return 0 from read_one_line_file on success

Fixup for f4b51a2d09. Suggested by Evgeny Vereshchagin.

7 years agojournal: add missing le64toh() calls in journal_file_check_object()
Tommi Rantala [Sun, 24 Sep 2017 08:56:52 +0000 (11:56 +0300)]
journal: add missing le64toh() calls in journal_file_check_object()

Lennart Poettering noticed missing le64toh() calls.

7 years agotest-fileio: also test read_line() with actual files
Zbigniew Jędrzejewski-Szmek [Sun, 24 Sep 2017 07:10:48 +0000 (09:10 +0200)]
test-fileio: also test read_line() with actual files

Just in case the real FILE and the one from fmemopen weren't exactly
the same.

7 years agotest-fileio: close two leaked file handles
Zbigniew Jędrzejewski-Szmek [Sun, 24 Sep 2017 06:59:49 +0000 (08:59 +0200)]
test-fileio: close two leaked file handles

7 years agoman: add missing verb in timedatectl(1) (#6896)
Zbigniew Jędrzejewski-Szmek [Sat, 23 Sep 2017 14:51:41 +0000 (16:51 +0200)]
man: add missing verb in timedatectl(1) (#6896)

As noted by Michael Biebl.

7 years agoMerge pull request #6894 from poettering/read-full-file-optimize
Zbigniew Jędrzejewski-Szmek [Sat, 23 Sep 2017 11:31:02 +0000 (13:31 +0200)]
Merge pull request #6894 from poettering/read-full-file-optimize

fileio: various fixes

7 years agoMerge pull request #6892 from keszybz/enablement-work
Lennart Poettering [Sat, 23 Sep 2017 10:44:49 +0000 (12:44 +0200)]
Merge pull request #6892 from keszybz/enablement-work

Fix various issues with enabled/disabled units

7 years agotest-conf-parser: add tests for the new long lines, including overflow handling
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 12:36:12 +0000 (14:36 +0200)]
test-conf-parser: add tests for the new long lines, including overflow handling

7 years agotest-conf-parser: use _cleanup_
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 10:02:49 +0000 (12:02 +0200)]
test-conf-parser: use _cleanup_

7 years agofileio: use _cleanup_ for FILE unlocking
Zbigniew Jędrzejewski-Szmek [Sat, 23 Sep 2017 08:48:09 +0000 (10:48 +0200)]
fileio: use _cleanup_ for FILE unlocking

7 years agoupdate TODO
Lennart Poettering [Fri, 22 Sep 2017 16:27:03 +0000 (18:27 +0200)]
update TODO

7 years agoconf-parse: remove 4K line length limit
Lennart Poettering [Fri, 22 Sep 2017 16:26:35 +0000 (18:26 +0200)]
conf-parse: remove 4K line length limit

Let's use read_line() to solve our long line limitation.

Fixes #3302.

7 years agotest-conf-parser: add some basic tests for config_parse()
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 12:24:01 +0000 (14:24 +0200)]
test-conf-parser: add some basic tests for config_parse()

This function is pretty important, but we weren't calling it directly
even once in tests.

v2: add a few tests for escaping and line continuations

7 years agofileio: initialize errno to zero before we do fread()
Lennart Poettering [Fri, 22 Sep 2017 19:05:03 +0000 (21:05 +0200)]
fileio: initialize errno to zero before we do fread()

if there was something in the read buffer already errno might not be set
on error, let's detect that case.

7 years agofileio: try to read one byte too much in read_full_stream()
Lennart Poettering [Fri, 22 Sep 2017 19:03:33 +0000 (21:03 +0200)]
fileio: try to read one byte too much in read_full_stream()

Let's read one byte more than the file size we read from stat() on the
first fread() invocation. That way, the first read() will already be
short and indicate eof to fread().

This is a minor optimization, and replaces #3908.

7 years agofileio: move fsync() logic into write_string_stream_ts()
Lennart Poettering [Fri, 22 Sep 2017 18:59:39 +0000 (20:59 +0200)]
fileio: move fsync() logic into  write_string_stream_ts()

That way, write_string_stream_ts() becomes more powerful, and we can
remove duplicate code from  write_string_file_atomic() and
write_string_file_ts().

7 years agofileio: make write_string_stream() accept flags parameter
Lennart Poettering [Fri, 22 Sep 2017 18:55:34 +0000 (20:55 +0200)]
fileio: make write_string_stream() accept flags parameter

Let's make write_string_stream() and write_string_file() more alike, and
pass the same flag set so that we can remove a number of boolean
parameters.

7 years agofileio: support writing atomic files with timestamp
Lennart Poettering [Fri, 22 Sep 2017 18:45:06 +0000 (20:45 +0200)]
fileio: support writing atomic files with timestamp

Let's make sure "ts" is taken into account when writing atomic files,
too.

7 years agocgroup-util: replace one use of fgets() by read_line()
Lennart Poettering [Fri, 22 Sep 2017 16:25:45 +0000 (18:25 +0200)]
cgroup-util: replace one use of fgets() by read_line()

7 years agofileio: rework read_one_line_file() on top of read_line()
Lennart Poettering [Fri, 22 Sep 2017 16:01:32 +0000 (18:01 +0200)]
fileio: rework read_one_line_file() on top of read_line()

7 years agodef: add new constant LONG_LINE_MAX
Lennart Poettering [Fri, 22 Sep 2017 18:23:58 +0000 (20:23 +0200)]
def: add new constant LONG_LINE_MAX

LONG_LINE_MAX is much like LINE_MAX, but longer.

As it turns out LINE_MAX at 4096 is too short for many usecases. Since
the general concept of having a common maximum line length limit makes
sense let's add our own, and make it larger (1MB for now).

7 years agofileio: add new helper call read_line() as bounded getline() replacement
Lennart Poettering [Fri, 22 Sep 2017 15:55:53 +0000 (17:55 +0200)]
fileio: add new helper call read_line() as bounded getline() replacement

read_line() is much like getline(), and returns a line read from a
FILE*, of arbitrary sizes. In contrast to gets() it will grow the buffer
dynamically, and in contrast to getline() it will place a user-specified
boundary on the line.

7 years agosocket: assign socket units to a default slice unconditionally
Lennart Poettering [Fri, 22 Sep 2017 18:09:21 +0000 (20:09 +0200)]
socket: assign socket units to a default slice unconditionally

Due to the chown() logic socket units might end up with processes even
if no explicit command is defined for them, hence let's make sure these
processes are in the right cgroup, and that means within a slice.

Mount, swap and service units unconditionally are assigned to a slice
already, let's do the same here, too.

(This becomes more important as soon as the ebpf/firewall stuff is
merged, as there'll be another reason to fork off processes then)

7 years agocgroup: make use of unit_cgroup_delegate() where useful
Lennart Poettering [Fri, 22 Sep 2017 18:02:23 +0000 (20:02 +0200)]
cgroup: make use of unit_cgroup_delegate() where useful

It's an easy-to-use wrapper, so let's take benefit of it.

7 years agocgroup: rework which files we chown() on delegation
Lennart Poettering [Fri, 22 Sep 2017 17:58:24 +0000 (19:58 +0200)]
cgroup: rework which files we chown() on delegation

On cgroupsv2 we should also chown()/chmod() the subtree_control file,
so that children can use controllers the way they like.

On cgroupsv1 we should also chown()/chmod() cgroups.clone_children, as
not setting this for new cgroups makes little sense, and hence delegated
clients should be able to write to it.

Note that error handling for both cases is different. subtree_control
matters so we check for errors, but the clone_children/tasks stuff
doesn't really, as it's legacy stuff. Hence we only log errors and
proceed.

Fixes: #6216

7 years agocgroup-util: downgrade log messages from library code to LOG_DEBUG
Lennart Poettering [Fri, 22 Sep 2017 17:57:07 +0000 (19:57 +0200)]
cgroup-util: downgrade log messages from library code to LOG_DEBUG

These errors don't really matter, that's why we log and proceed in the
current code. However, we currently log at LOG_WARNING, but we really
shouldn't given that this is library code. Hence downgrade this to
LOG_DEBUG.

7 years agoman: Requires= needs After= to deactivate "this unit" (#6869)
John Lin [Fri, 22 Sep 2017 17:15:28 +0000 (01:15 +0800)]
man: Requires= needs After= to deactivate "this unit" (#6869)

Fixes: #6856

7 years agoMerge pull request #6879 from marcelhollerbach/testsuite-fix
Lennart Poettering [Fri, 22 Sep 2017 16:47:59 +0000 (18:47 +0200)]
Merge pull request #6879 from marcelhollerbach/testsuite-fix

time-util: testsuite fix

7 years agoinstall: consider globally enabled units as "enabled" for the user
Zbigniew Jędrzejewski-Szmek [Fri, 22 Sep 2017 12:46:09 +0000 (14:46 +0200)]
install: consider globally enabled units as "enabled" for the user

We would not consider symlinks in /etc/systemd/user/*.{wants,requires}/
towards the user unit being "enabled", because the symlinks were not
located in "config" paths. But this is confusing to users, since those units
are clearly enabled and will be started. So let's muddle the definition of
enablement a bit to include the paths only accessible to root when looking for
enabled user units.

Fixes #4432.

7 years agoinstall: consider non-Alias=/non-DefaultInstance= symlinks as "indirect" enablement
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 17:03:17 +0000 (19:03 +0200)]
install: consider non-Alias=/non-DefaultInstance= symlinks as "indirect" enablement

I think this matches the spirit of "indirect" well: the unit
*might* be active, even though it is not "installed" in the
sense of symlinks created based on the [Install] section.

The changes to test-install-root touch the same lines as in the previous
commit; the change in each case is from
   assert_se(unit_file_get_state(...) >= 0 && state == UNIT_FILE_ENABLED)
to
   assert_se(unit_file_get_state(...) >= 0 && state == UNIT_FILE_DISABLED)
to
   assert_se(unit_file_get_state(...) >= 0 && state == UNIT_FILE_INDIRECT)
in the last two commits.

7 years agoinstall: only consider names in Alias= as "enabling"
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 16:53:45 +0000 (18:53 +0200)]
install: only consider names in Alias= as "enabling"

When a unit has a symlink that makes an alias in the filesystem,
but that name is not specified in [Install], it is confusing
is the unit is shown as "enabled". Look only for names specified
in Alias=.

Fixes #6338.

v2:
- Fix indentation.
- Fix checking for normal enablement, when the symlink name is the same as the
  unit name. This case wasn't handled properly in v1.

v3:
- Rework the patch to also handle templates properly:
  A template templ@.service with DefaultInstance=foo will be considered
  enabled only when templ@foo.service symlink is found. Symlinks with
  other instance names do not count, which matches the logic for aliases
  to normal units. Tests are updated.

7 years agoupdate TODO
Lennart Poettering [Thu, 7 Sep 2017 18:03:55 +0000 (20:03 +0200)]
update TODO

7 years agobpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set
Lennart Poettering [Thu, 21 Sep 2017 18:38:07 +0000 (20:38 +0200)]
bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set

Let's permit installing BPF programs in cgroup subtrees if
Delegeate=yes. Let's not document this precise behaviour for now though,
as most likely the logic here should become recursive, but that's only
going to happen if the kernel starts supporting that. Until then,
support this in a non-recursive fashion.

7 years agoman: document two more special units
Lennart Poettering [Thu, 21 Sep 2017 18:22:06 +0000 (20:22 +0200)]
man: document two more special units

7 years agoman: remove double newlines in systemd.special man page header
Lennart Poettering [Thu, 21 Sep 2017 18:12:40 +0000 (20:12 +0200)]
man: remove double newlines in systemd.special man page header

The <!-- --> comment lines resulted in double newlines in the man page
header, which looks quite ugly. Let's rearrange a bit so that these
comments don't result in changes in the output.

7 years agoman: drop misplaced "," before "-.slice"
Lennart Poettering [Thu, 21 Sep 2017 18:12:11 +0000 (20:12 +0200)]
man: drop misplaced "," before "-.slice"

7 years agomain: bump RLIMIT_NOFILE for the root user substantially
Lennart Poettering [Thu, 21 Sep 2017 17:43:07 +0000 (19:43 +0200)]
main: bump RLIMIT_NOFILE for the root user substantially

On current kernels BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against
RLIMIT_MEMLOCK even for privileged users that have CAP_IPC_LOCK. Given
that mlock() generally ignores RLIMIT_MEMLOCK if CAP_IPC_LOCK is set
this appears to be an oversight in the kernel. Either way, until that's
fixed, let's just bump RLIMIT_MEMLOCK for the root user considerably, as
the default is quite limiting, and doesn't permit us to create more than
a few TRIE maps.

7 years agorlimit: don't assume getrlimit() always succeeds
Lennart Poettering [Thu, 21 Sep 2017 17:37:11 +0000 (19:37 +0200)]
rlimit: don't assume getrlimit() always succeeds

In times of seccomp it might very well fail, and given that we return
failures from this function anyway, let's also propagate getrlimit()
failures, just to be safe.

7 years agocore: whenever a unit terminates, log its consumed resources to the journal
Lennart Poettering [Thu, 21 Sep 2017 12:05:35 +0000 (14:05 +0200)]
core: whenever a unit terminates, log its consumed resources to the journal

This adds a new recognizable log message for each unit invocation that
contains structured information about consumed resources of the unit as
a whole after it terminated. This is particular useful for apps that
want to figure out what the resource consumption of a unit given a
specific invocation ID was.

The log message is only generated for units that have at least one
XyzAccounting= property turned on, and currently only covers IP traffic and CPU
time metrics.

7 years agonspawn: set up a new session keyring for the container process
Lennart Poettering [Thu, 21 Sep 2017 12:02:31 +0000 (14:02 +0200)]
nspawn: set up a new session keyring for the container process

keyring material should not leak into the container. So far we relied on
seccomp to deny access to the keyring, but given that we now made the
seccomp configurable, and access to keyctl() and friends may optionally
be permitted to containers now let's make sure we disconnect the callers
keyring from the keyring of PID 1 in the container.

7 years agoio-util: add new IOVEC_INIT/IOVEC_MAKE macros
Lennart Poettering [Thu, 21 Sep 2017 11:52:34 +0000 (13:52 +0200)]
io-util: add new IOVEC_INIT/IOVEC_MAKE macros

This adds IOVEC_INIT() and IOVEC_MAKE() for initializing iovec structures
from a pointer and a size. On top of these IOVEC_INIT_STRING() and
IOVEC_MAKE_STRING() are added which take a string and automatically
determine the size of the string using strlen().

This patch removes the old IOVEC_SET_STRING() macro, given that
IOVEC_MAKE_STRING() is now useful for similar purposes. Note that the
old IOVEC_SET_STRING() invocations were two characters shorter than the
new ones using IOVEC_MAKE_STRING(), but I think the new syntax is more
readable and more generic as it simply resolves to a C99 literal
structure initialization. Moreover, we can use very similar syntax now
for initializing strings and pointer+size iovec entries. We canalso use
the new macros to initialize function parameters on-the-fly or array
definitions. And given that we shouldn't have so many ways to do the
same stuff, let's just settle on the new macros.

(This also converts some code to use _cleanup_ where dynamically
allocated strings were using IOVEC_SET_STRING() before, to modernize
things a bit)

7 years agojob: change result field for log message about job result RESULT= → JOB_RESULT=
Lennart Poettering [Wed, 20 Sep 2017 16:29:08 +0000 (18:29 +0200)]
job: change result field for log message about job result RESULT= → JOB_RESULT=

So, currently, some of the structured log messages we generated based on
jobs carry the result in RESULT=, and others in JOB_RESULT=. Let's
streamline this, as stick to JOB_RESULT= in one place.

This is kind of an API break, but given that currently most software has
to check both fields anyway, I think we can get away with it.

Why unify on JOB_RESULT= rather than RESULT=? Well, we manage different
types of result codes in systemd. Most importanlty besides job results
there are also service results, and we should be explicit in what we
mean here.

7 years agodocumentation: document nss-systemd's internal environment variables in ENVIRONMENT.md
Lennart Poettering [Wed, 20 Sep 2017 16:28:29 +0000 (18:28 +0200)]
documentation: document nss-systemd's internal environment variables in ENVIRONMENT.md

7 years agocore: make sure to log invocation ID of units also when doing structured logging
Lennart Poettering [Wed, 20 Sep 2017 16:27:53 +0000 (18:27 +0200)]
core: make sure to log invocation ID of units also when doing structured logging

7 years agoman: document the new ip accounting and filting directives
Daniel Mack [Sat, 12 Nov 2016 12:38:38 +0000 (13:38 +0100)]
man: document the new ip accounting and filting directives

7 years agocgroup: refuse to return accounting data if accounting isn't turned on
Lennart Poettering [Thu, 7 Sep 2017 14:31:01 +0000 (16:31 +0200)]
cgroup: refuse to return accounting data if accounting isn't turned on

We used to be a bit sloppy on this, and handed out accounting data even
for units where accounting wasn't explicitly enabled. Let's be stricter
here, so that we know the accounting data is actually fully valid. This
is necessary, as the accounting data is no longer stored exclusively in
cgroupfs, but is partly maintained external of that, and flushed during
unit starts. We should hence only expose accounting data we really know
is fully current.

7 years agocore: when coming back from reload/reexec, reapply all cgroup properties
Lennart Poettering [Thu, 7 Sep 2017 12:32:33 +0000 (14:32 +0200)]
core: when coming back from reload/reexec, reapply all cgroup properties

With this change we'll invalidate all cgroup settings after coming back
from a daemon reload/reexec, so that the new settings are instantly
applied.

This is useful for the BPF case, because we don't serialize/deserialize
the BPF program fd, and hence have to install a new, updated BPF program
when coming back from the reload/reexec. However, this is also useful
for the rest of the cgroup settings, as it ensures that user
configuration really takes effect wherever we can.

7 years agocore: serialize/deserialize IP accounting across daemon reload/reexec
Lennart Poettering [Thu, 7 Sep 2017 12:07:13 +0000 (14:07 +0200)]
core: serialize/deserialize IP accounting across daemon reload/reexec

Make sure the current IP accounting counters aren't lost during
reload/reexec.

Note that we destroy all BPF file objects during a reload: the BPF
programs, the access and the accounting maps. The former two need to be
regenerated anyway with the newly loaded configuration data, but the
latter one needs to survive reloads/reexec. In this implementation I
opted to only save/restore the accounting map content instead of the map
itself. While this opens a (theoretic) window where IP traffic is still
accounted to the old map after we read it out, and we thus miss a few
bytes this has the benefit that we can alter the map layout between
versions should the need arise.

7 years agocore: when creating the socket fds for a socket unit, join socket's cgroup first
Lennart Poettering [Thu, 7 Sep 2017 09:17:43 +0000 (11:17 +0200)]
core: when creating the socket fds for a socket unit, join socket's cgroup first

Let's make sure that a socket unit's IPAddressAllow=/IPAddressDeny=
settings are in effect on all socket fds associated with it. In order to
make this happen we need to make sure the cgroup the fds are associated
with are the socket unit's cgroup. The only way to do that is invoking
socket()+accept() in them. Since we really don't want to migrate PID 1
around we do this by forking off a helper process, which invokes
socket()/accept() and sends the newly created fd to PID 1. Ugly, but
works, and there's apparently no better way right now.

This generalizes forking off per-unit helper processes in a new function
unit_fork_helper_process(), which is then also used by the NSS chown()
code of socket units.

7 years agosocket-label: let's use IN_SET, so that we have to call socket_address_family() only...
Lennart Poettering [Thu, 7 Sep 2017 09:15:27 +0000 (11:15 +0200)]
socket-label: let's use IN_SET, so that we have to call socket_address_family() only once

7 years agocore: warn loudly if IP firewalling is configured but not in effect
Lennart Poettering [Wed, 6 Sep 2017 15:56:15 +0000 (17:56 +0200)]
core: warn loudly if IP firewalling is configured but not in effect

7 years agoAdd test for eBPF firewall code
Daniel Mack [Thu, 3 Nov 2016 16:31:25 +0000 (17:31 +0100)]
Add test for eBPF firewall code

7 years agoip-address-access: minimize IP address lists
Lennart Poettering [Tue, 5 Sep 2017 15:41:34 +0000 (17:41 +0200)]
ip-address-access: minimize IP address lists

Let's drop redundant items from the IP address list after parsing. Let's
also mask out redundant bits hidden by the prefixlength.

7 years agomkosi: when the build fails, show its log output, and propagate error
Lennart Poettering [Tue, 5 Sep 2017 10:19:28 +0000 (12:19 +0200)]
mkosi: when the build fails, show its log output, and propagate error

7 years agocore: support IP firewalling to be configured for transient units
Lennart Poettering [Tue, 5 Sep 2017 09:16:35 +0000 (11:16 +0200)]
core: support IP firewalling to be configured for transient units

7 years agocgroup: dump the newly added IP settings in the cgroup context
Lennart Poettering [Fri, 1 Sep 2017 18:31:44 +0000 (20:31 +0200)]
cgroup: dump the newly added IP settings in the cgroup context

7 years agosystemctl: report accounted network traffic in "systemctl status"
Daniel Mack [Thu, 3 Nov 2016 18:00:09 +0000 (19:00 +0100)]
systemctl: report accounted network traffic in "systemctl status"

This hooks up the eposed D-Bus values and displays them like this:

-bash-4.3# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-11-11 20:10:36 CET; 1min 29s ago
 Main PID: 33 (httpd)
   Status: "Total requests: 22514; Idle/Busy workers 92/7;Requests/sec: 259; Bytes served/sec:  87KB/sec"
  Network: 15.8M in, 51.1M out
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   CGroup: /system.slice/httpd.service
           ├─ 33 /usr/sbin/httpd -DFOREGROUND
           ├─ 37 /usr/sbin/httpd -DFOREGROUND
           ├─112 /usr/sbin/httpd -DFOREGROUND
           └─119 /usr/sbin/httpd -DFOREGROUND

7 years agomanager: hook up IP accounting defaults
Daniel Mack [Fri, 1 Sep 2017 14:04:50 +0000 (16:04 +0200)]
manager: hook up IP accounting defaults

7 years agocgroup, unit, fragment parser: make use of new firewall functions
Daniel Mack [Tue, 5 Sep 2017 17:27:53 +0000 (19:27 +0200)]
cgroup, unit, fragment parser: make use of new firewall functions

7 years agoAdd firewall eBPF compiler
Daniel Mack [Fri, 11 Nov 2016 18:41:16 +0000 (19:41 +0100)]
Add firewall eBPF compiler

7 years agocgroup: add fields to accommodate eBPF related details
Daniel Mack [Fri, 11 Nov 2016 18:59:19 +0000 (19:59 +0100)]
cgroup: add fields to accommodate eBPF related details

Add pointers for compiled eBPF programs as well as list heads for allowed
and denied hosts for both directions.

7 years agoAdd IP address address ACL representation and parser
Daniel Mack [Thu, 3 Nov 2016 16:30:06 +0000 (17:30 +0100)]
Add IP address address ACL representation and parser

Add a config directive parser that takes multiple space separated IPv4
or IPv6 addresses with optional netmasks in CIDR notation rvalue and
puts a parsed version of it to linked list of IPAddressAccessItem objects.
The code actually using this will be added later.

7 years agoAdd abstraction model for BPF programs
Daniel Mack [Tue, 18 Oct 2016 15:57:10 +0000 (17:57 +0200)]
Add abstraction model for BPF programs

This object takes a number of bpf_insn members and wraps them together with
the in-kernel reference id. Will be needed by the firewall code.

7 years agobuild-sys: add new kernel bpf.h drop-in
Daniel Mack [Fri, 28 Oct 2016 15:37:54 +0000 (17:37 +0200)]
build-sys: add new kernel bpf.h drop-in

The defines we need are pretty comprehensive and new, hence copy in the
full header from the kernel.

7 years agoin-addr-util: add new helper call in_addr_prefix_from_string_auto()
Lennart Poettering [Fri, 1 Sep 2017 12:25:59 +0000 (14:25 +0200)]
in-addr-util: add new helper call in_addr_prefix_from_string_auto()

This is much like in_addr_prefix_from_string(), but automatically
determines whether IPv4 or IPv6 addresses are specified. Also adds a
test for it.

7 years agoin-addr-util: prefix return parameters with ret_
Lennart Poettering [Fri, 1 Sep 2017 12:08:16 +0000 (14:08 +0200)]
in-addr-util: prefix return parameters with ret_

7 years agoin-addr-util: be more systematic with naming our functions
Lennart Poettering [Fri, 1 Sep 2017 12:40:02 +0000 (14:40 +0200)]
in-addr-util: be more systematic with naming our functions

Let's rename all our functions that process IPv4 in_addr structures
in4_addr_xyz(), following the already establishing naming logic for
this.

Leave the in_addr_xyz() prefix for functions that process the IPv4/IPv6
in_addr_union union instead.

7 years agomanager: initialize timeouts when allocating a naked Manager object
Lennart Poettering [Mon, 4 Sep 2017 16:19:07 +0000 (18:19 +0200)]
manager: initialize timeouts when allocating a naked Manager object

This way we can safely run manager objects from tests and good timeouts
apply. Without this all timeouts are set 0, which means they fire
instantly, when run from tests which do not explicitly configure them
(the way main.c does).

7 years agomanager: watching the cgroup2 inotify fd is safe in test runs too
Lennart Poettering [Tue, 5 Sep 2017 09:40:47 +0000 (11:40 +0200)]
manager: watching the cgroup2 inotify fd is safe in test runs too

Less deviation between test runs and normal runs is always a good idea,
hence enable more stuff that is safe in test runs

7 years agocgroup: always invalidate "cpu" and "cpuacct" together
Lennart Poettering [Tue, 5 Sep 2017 09:17:01 +0000 (11:17 +0200)]
cgroup: always invalidate "cpu" and "cpuacct" together

This doesn't really matter, as we never invalidate cpuacct explicitly,
and there's no real reason to care for it explicitly, however it's
prettier if we always treat cpu and cpuacct as belonging together, the
same way we conisder "io" and "blkio" to belong together.

7 years agocgroup-util: minor coding style adjustment
Lennart Poettering [Mon, 4 Sep 2017 16:18:04 +0000 (18:18 +0200)]
cgroup-util: minor coding style adjustment

7 years agocore: make sure to dump cgroup context when unit_dump() is called for all unit types
Lennart Poettering [Tue, 5 Sep 2017 17:20:29 +0000 (19:20 +0200)]
core: make sure to dump cgroup context when unit_dump() is called for all unit types

For some reason we didn't dump the cgroup context for a number of unit
types, including service units. Not sure how this wasn't noticed
before... Add this in.

7 years agotime-util: mktime_or_timegm are changing the struct tm
Marcel Hollerbach [Wed, 20 Sep 2017 17:26:13 +0000 (19:26 +0200)]
time-util: mktime_or_timegm are changing the struct tm

after that wm_day etc. seems to be changed. Moving the check infront of
the mktime_or_timegm fixes that.

7 years agotime-util: correctly handle the timezone when parsing
Marcel Hollerbach [Wed, 20 Sep 2017 12:47:49 +0000 (14:47 +0200)]
time-util: correctly handle the timezone when parsing

The timezone was cut off the string once the timezone was not UTC.
If it is not UTC but a other timezone that matches tzname[0] or
tzname[1], then we can leave it to the impl function to parse that
correctly. If not we can just fallback to whatever is the current
timezone is in the given t_timezone.

This should fix the testuite and tests.

7 years agojournald: make maximum size of stream log lines configurable and bump it to 48K ...
Lennart Poettering [Fri, 22 Sep 2017 08:22:24 +0000 (10:22 +0200)]
journald: make maximum size of stream log lines configurable and bump it to 48K (#6838)

This adds a new setting LineMax= to journald.conf, and sets it by
default to 48K. When we convert stream-based stdout/stderr logging into
record-based log entries, read up to the specified amount of bytes
before forcing a line-break.

This also makes three related changes:

- When a NUL byte is read we'll not recognize this as alternative line
  break, instead of silently dropping everything after it. (see #4863)

- The reason for a line-break is now encoded in the log record, if it
  wasn't a plain newline. Specifically, we distuingish "nul",
  "line-max" and "eof", for line breaks due to NUL byte, due to the
  maximum line length as configured with LineMax= or due to end of
  stream. This data is stored in the new implicit _LINE_BREAK= field.
  It's not synthesized for plain \n line breaks.

- A randomized 128bit ID is assigned to each log stream.

With these three changes in place it's (mostly) possible to reconstruct
the original byte streams from log data, as (most) of the context of
the conversion from the byte stream to log records is saved now. (So,
the only bits we still drop are empty lines. Which might be something to
look into in a future change, and which is outside of the scope of this
work)

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=86465
See: #4863
Replaces: #4875

7 years agojournal: add object sanity check to journal_file_move_to_object()
Tommi Rantala [Tue, 19 Sep 2017 08:10:49 +0000 (11:10 +0300)]
journal: add object sanity check to journal_file_move_to_object()

Introduce journal_file_check_object(), which does lightweight object
sanity checks, and use it in journal_file_move_to_object(), so that we
will catch certain corrupted objects in the journal file.

This fixes #6447, where we had only partially written out OBJECT_ENTRY
(ObjectHeader written, but rest of object zero bytes), causing
"journalctl --list-boots" to fail.

  $ builddir.vanilla/journalctl --list-boots -D bug6447/
  Failed to determine boots: No data available

  $ builddir.patched/journalctl --list-boots -D bug6447/
  -52 22633da1c5374a728d6c215e2c301dc2 Mon 2017-07-10 05:29:21 EEST—Mon 2017-07-10 05:31:51 EEST
  -51 2253aab9ea7e4a2598f2abda82939eff Mon 2017-07-10 05:32:22 EEST—Mon 2017-07-10 05:36:49 EEST
  -50 ef0d85d35c74486fa4104f9d6391b6ba Mon 2017-07-10 05:40:33 EEST—Mon 2017-07-10 05:40:40 EEST
  [...]

Note that journal_file_check_object() is similar to
journal_file_object_verify(). The most expensive checks are omitted, as
they would slow down every journal_file_move_to_object() call too much.

With this implementation, the added overhead is small, for example when
dumping some journal content to /dev/null
(built with -Dbuildtype=debugoptimized -Db_ndebug=true):

 Performance counter stats for 'builddir.vanilla/journalctl -D 76f4d4c3406945f9a60d3ca8763aa754/':

      12542,311634      task-clock:u (msec)       #    1,000 CPUs utilized
                 0      context-switches:u        #    0,000 K/sec
                 0      cpu-migrations:u          #    0,000 K/sec
            80 100      page-faults:u             #    0,006 M/sec
    41 786 963 456      cycles:u                  #    3,332 GHz
   105 453 864 770      instructions:u            #    2,52  insn per cycle
    24 342 227 334      branches:u                # 1940,809 M/sec
       105 709 217      branch-misses:u           #    0,43% of all branches

      12,545199291 seconds time elapsed

 Performance counter stats for 'builddir.patched/journalctl -D 76f4d4c3406945f9a60d3ca8763aa754/':

      12734,723233      task-clock:u (msec)       #    1,000 CPUs utilized
                 0      context-switches:u        #    0,000 K/sec
                 0      cpu-migrations:u          #    0,000 K/sec
            80 693      page-faults:u             #    0,006 M/sec
    42 661 017 429      cycles:u                  #    3,350 GHz
   107 696 985 865      instructions:u            #    2,52  insn per cycle
    24 950 526 745      branches:u                # 1959,252 M/sec
       101 762 806      branch-misses:u           #    0,41% of all branches

      12,737527327 seconds time elapsed

Fixes #6447.

7 years agoMerge pull request #6853 from sourcejedi/GetAll
Lennart Poettering [Thu, 21 Sep 2017 19:41:55 +0000 (21:41 +0200)]
Merge pull request #6853 from sourcejedi/GetAll

 sd-bus: fix response for GetAll on non-existent objects

7 years agoLink to the right glibc commit in comment (#6884)
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 18:54:16 +0000 (20:54 +0200)]
Link to the right glibc commit in comment (#6884)

Reported by Marcos Mello.

Fixes #6882.

7 years agoinstall: move and rename to lowercase two functions
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 16:36:45 +0000 (18:36 +0200)]
install: move and rename to lowercase two functions

No reason to make them look like macros.

7 years agotimedatectl: be more explicit what "ntp synchronized" means
Zbigniew Jędrzejewski-Szmek [Thu, 21 Sep 2017 14:05:52 +0000 (16:05 +0200)]
timedatectl: be more explicit what "ntp synchronized" means

The documentation explained that the message doesn't really mean what it says,
but I think it's better to just make the message more straightforward.

Fixes #6554.