Lennart Poettering [Sun, 6 Sep 2015 19:05:49 +0000 (21:05 +0200)]
Merge pull request #1176 from piotrdrag/master
Updated Polish translation
Piotr Drąg [Sun, 6 Sep 2015 18:42:16 +0000 (20:42 +0200)]
Updated Polish translation
Lennart Poettering [Sun, 6 Sep 2015 10:34:09 +0000 (12:34 +0200)]
Merge pull request #1153 from evverx/dot-alias-handling
analyze: add "alias" handling to dot subcommand
Evgeny Vereshchagin [Sat, 5 Sep 2015 05:18:08 +0000 (08:18 +0300)]
analyze: add "alias" handling to dot subcommand
`systemd-analyze dot default.target` works fine
Lennart Poettering [Sun, 6 Sep 2015 00:00:05 +0000 (02:00 +0200)]
Merge pull request #1159 from AnchorCat/polkit-details/v2
Provide unit name and operation in manage-units polkit checks (v2)
Lennart Poettering [Sat, 5 Sep 2015 23:58:48 +0000 (01:58 +0200)]
Merge pull request #1162 from dvdhrm/bus-recursive-nodes
sd-bus: make introspection data non-recursive
Lennart Poettering [Sat, 5 Sep 2015 23:30:08 +0000 (01:30 +0200)]
Merge pull request #1161 from dvdhrm/include-order2
CODING_STYLE: mandate alphabetical include order (v2)
Kay Sievers [Sat, 5 Sep 2015 21:06:31 +0000 (23:06 +0200)]
Merge pull request #1160 from dvdhrm/bus-user
sd-bus: derive uid from cgroup if possible
David Herrmann [Sat, 5 Sep 2015 17:43:29 +0000 (19:43 +0200)]
sd-bus: make introspection data non-recursive
Currently, our introspection data looks like this:
<node>
<interface name="org.freedesktop.DBus.Peer">
...
</interface>
<interface name="org.freedesktop.DBus.Introspectable">
...
</interface>
<interface name="org.freedesktop.DBus.Properties">
...
</interface>
<node name="org"/>
<node name="org/freedesktop"/>
<node name="org/freedesktop/login1"/>
<node name="org/freedesktop/login1/user"/>
<node name="org/freedesktop/login1/user/self"/>
<node name="org/freedesktop/login1/user/_1000"/>
<node name="org/freedesktop/login1/seat"/>
<node name="org/freedesktop/login1/seat/self"/>
<node name="org/freedesktop/login1/seat/seat0"/>
<node name="org/freedesktop/login1/session"/>
<node name="org/freedesktop/login1/session/self"/>
<node name="org/freedesktop/login1/session/c1"/>
</node>
(ordered alphabetically for better visibility)
This is grossly incorrect. The spec says that we're allowed to return
non-directed children, however, it does not allow us to return data
recursively in multiple parents. If we return "org", then we must not
return anything else that starts with "org/".
It is unclear, whether we can include child-nodes as a tree. Moreover, it
is usually not what the caller wants. Hence, this patch changes sd-bus to
never return introspection data recursively. Instead, only a single
child-layer is returned.
This patch relies on enumerators to never return hierarchies. If someone
registers an enumerator via sd_bus_add_enumerator, they better register
sub-enumerators if they support *TRUE* hierarchies. Each enumerator is
treated as a single layer and not filtered.
Enumerators are still allowed to return nested data. However, that data
is still required to be a single hierarchy. For instance, returning
"/org/foo" and "/com/bar" is fine, but including "/com" or "/org" in that
dataset is not.
This should be the default for enumerators and I see no reason to filter
in sd-bus. Moreover, filtering that data-set would require to sort the
strv by path and then do prefix-filtering. This is O(n log n), which
would be fine, but still better to avoid.
Fixes #664.
David Herrmann [Sat, 5 Sep 2015 16:29:14 +0000 (18:29 +0200)]
TODO: update networkd section
Remove two freshly implemented features, and add TSO support as a new
one.
David Herrmann [Sat, 5 Sep 2015 11:03:59 +0000 (13:03 +0200)]
CODING_STYLE: mandate alphabetical include order
systemd-internal headers must not rely on include order. That means, they
either must contain forward-declarations of used types/functions, or they
must include all dependencies on their own. Therefore, there is no reason
to mandate an include order on the call-side.
However, global includes should always be ordered first. We don't want
local definitions to leak into global includes, possible changing their
behavior. Apparently, namespacing is a complex problem that people are
incapable of implementing properly..
Apart from "global before local", there is no reason to mandate a random
include order (which we happen to do right now). Instead, mandate
alphabetical ordering. The current rules do not have any benefit at all.
They neither reduce include-complexity, nor allow easy auditing of
include files. But with alphabetical ordering, we get duplicate-detection
for free, it gets *much much* easier to figure out whether a header is
already included, and it is trivial to add new headers.
David Herrmann [Sat, 5 Sep 2015 15:54:30 +0000 (17:54 +0200)]
sd-bus: derive uid from cgroup if possible
Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.
This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_systemd otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.
Long story short: With this patch applied, both:
- ./busctl --user
- sudo ./busctl --user
..will successfully connect to the user-bus of the local user.
Fixes #390.
Michael Chapman [Sat, 5 Sep 2015 14:07:17 +0000 (00:07 +1000)]
core: pass details to polkit for some unit actions
The following details are passed:
- unit: the primary name of the unit upon which the action was
invoked (i.e. after resolving any aliases);
- verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart',
'reload-or-restart', 'reload-or-try-restart', 'kill',
'reset-failed', or 'set-property', corresponding to the
systemctl verb used to invoke the action.
Typical use of these details in a polkit policy rule might be:
// Allow alice to manage example.service;
// fall back to implicit authorization otherwise.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "example.service" &&
subject.user == "alice") {
return polkit.Result.YES;
}
});
We also supply a custom polkit message that includes the unit's name and
the requested operation.
Michael Chapman [Sat, 5 Sep 2015 14:07:16 +0000 (00:07 +1000)]
bus-util: support details in CheckAuthorization calls
Extra details for an action can be supplied when calling polkit's
CheckAuthorization method. Details are a list of key/value string pairs.
Custom policy can use these details when making authorization decisions.
David Herrmann [Sat, 5 Sep 2015 13:20:21 +0000 (15:20 +0200)]
Merge pull request #1140 from poettering/sd-event-signals
A variety of sd-event, sd-login and cgroup fixes
Lennart Poettering [Fri, 4 Sep 2015 07:57:51 +0000 (09:57 +0200)]
sd-login: minor header commenting improvements
Lennart Poettering [Fri, 4 Sep 2015 07:54:14 +0000 (09:54 +0200)]
sd-login: add new sd_pid_get_cgroup() API
This adds a new sd_pid_get_cgroup() call to sd-login which may be used
to query the control path of a process. This is useful for programs when
making use of delegation units, in order to figure out which subtree has
been delegated.
In light of the unified control group hierarchy this is finally safe to
do, hence let's add a proper API for it, to make it easier to use this.
Daniel Mack [Sat, 5 Sep 2015 12:33:56 +0000 (14:33 +0200)]
Merge pull request #1157 from dvdhrm/logind-wallfix
login: fix NULL-deref on wall_message
Daniel Mack [Sat, 5 Sep 2015 12:32:56 +0000 (14:32 +0200)]
Merge pull request #1145 from systemd-mailing-devs/
1441372815-12195-1-git-send-email-hdegoede@redhat.com
hwdb: Add Thinkpad T550 / W550s to 70-pointingstick.hwdb
David Herrmann [Sat, 5 Sep 2015 10:56:04 +0000 (12:56 +0200)]
login: fix NULL-deref on wall_message
We treat an empty wall-message equal to a NULL wall-message since:
commit
5744f59a3ee883ef3a78214bd5236157acdc35ba
Author: Lennart Poettering <lennart@poettering.net>
Date: Fri Sep 4 10:34:47 2015 +0200
logind: treat an empty wall message like a NULL one
Fix the shutdown scheduler to not deref a NULL pointer, but properly
check for an empty wall-message.
Fixes: #1120
Lennart Poettering [Sat, 5 Sep 2015 10:25:52 +0000 (12:25 +0200)]
Merge pull request #1150 from evverx/update-systemctl-completion
shell-completion: update systemctl bash completion
Lennart Poettering [Sat, 5 Sep 2015 10:21:20 +0000 (12:21 +0200)]
Merge pull request #1149 from martinpitt/fix-dhcp-error-codes
networkd: adjust error codes for nonexisting DHCP data
Lennart Poettering [Sat, 5 Sep 2015 10:14:55 +0000 (12:14 +0200)]
Merge pull request #1146 from martinpitt/master
tests: Skip tests which need to access /sys/fs/cgroup if that is not …
David Herrmann [Sat, 5 Sep 2015 09:09:44 +0000 (11:09 +0200)]
NEWS: add entries for v226
Initial set of features for the upcoming v226 release next week. This is
mostly about the unified cgroup hierarchy and DHCP.
Evgeny Vereshchagin [Fri, 4 Sep 2015 20:04:10 +0000 (23:04 +0300)]
shell-completion: update systemctl bash completion
Many new options have been added since the bash completion was last
updated.
Martin Pitt [Fri, 4 Sep 2015 19:16:35 +0000 (21:16 +0200)]
networkd: adjust error codes for nonexisting DHCP data
Commit
0339cd770 changed libsystemd-network's error code for missing DHCP lease
data from ENOENT to ENODATA. Adjust networkd accordingly.
This fixes interfaces being stuck in "degraded/configuring" mode forever.
https://github.com/systemd/systemd/issues/1147
Martin Pitt [Fri, 4 Sep 2015 14:34:21 +0000 (16:34 +0200)]
tests: Skip tests which need to access /sys/fs/cgroup if that is not available
Commit efdb023 ("core: unified cgroup hierarchy support") introduced a new
error ENOEXEC in cg_unified() if /sys/fs/cgroup/ is not available. Adjust the
"skip" checks in various tests accordingly.
Add a corresponding "skip" check to test-bus-creds as well, as
sd_bus_creds_new_from_pid() now calls cg_unified() as well.
This re-fixes "make check" in build chroots without /sys/fs/cgroup.
https://github.com/systemd/systemd/issues/1132
Hans de Goede [Fri, 4 Sep 2015 13:20:15 +0000 (15:20 +0200)]
hwdb: Add Thinkpad T550 / W550s to 70-pointingstick.hwdb
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T550 / W550s models.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1200717
Lennart Poettering [Fri, 4 Sep 2015 10:45:10 +0000 (12:45 +0200)]
Merge pull request #1142 from dvdhrm/proxy-nofile
bus-proxy: increase NOFILE limit
Daniel Mack [Fri, 4 Sep 2015 10:13:45 +0000 (12:13 +0200)]
Merge pull request #1141 from poettering/logind-fixes
Various logind fixes
David Herrmann [Fri, 4 Sep 2015 09:13:32 +0000 (11:13 +0200)]
bus-proxy: increase NOFILE limit
The bus-proxy manages the kdbus connections of all users on the system
(regarding the system bus), hence, it needs an elevated NOFILE.
Otherwise, a single user can trigger ENFILE by opening NOFILE connections
to the bus-proxy.
Note that the bus-proxy still does per-user accounting, indirectly via
the proxy/fake API of kdbus. Hence, the effective per-user limit is not
raised by this. However, we now prevent one user from consuming the whole
FD limit of the shared proxy.
Also note that there is no *perfect* way to set this. The proxy is a
shared object, so it needs a larger NOFILE limit than the highest limit
of all users. This limit can be changed dynamically, though. Hence, we
cannot protect against it. However, a raised NOFILE limit is a privilege,
so we just treat it as such and basically allow these privileged users to
be able to consume more resources than normal users (and, maybe, cause
some limits to be exceeded by this).
Right now, kdbus hard-codes 1024 max connections per user on each bus.
However, we *must not* rely on this. This limits could be easily dropped
entirely, as the NOFILE limit is a suitable limit on its on.
Lennart Poettering [Fri, 4 Sep 2015 08:35:46 +0000 (10:35 +0200)]
logind: when parsing a boolean via sd-bus the type must be "int"
And not bool.
Lennart Poettering [Fri, 4 Sep 2015 08:34:47 +0000 (10:34 +0200)]
logind: treat an empty wall message like a NULL one
Lennart Poettering [Fri, 4 Sep 2015 07:23:07 +0000 (09:23 +0200)]
cgroups: delegation to unprivileged services is safe in the unified hierarchy
Delegation to unpriviliged processes is safe in the unified hierarchy,
hence allow it. This has the benefit of permitting "systemd --user"
instances to further partition their resources between user services.
Lennart Poettering [Fri, 4 Sep 2015 07:05:52 +0000 (09:05 +0200)]
sd-login: rework error handling
Makre sure we always return sensible errors for the various, following
the same rules, and document them in a comment in sd-login.c. Also,
update all relevant man pages accordingly.
Lennart Poettering [Thu, 3 Sep 2015 18:13:09 +0000 (20:13 +0200)]
sd-event: make sure RT signals are not dropped
RT signals operate in a queue, and we should be careful to never merge
two queued signals into one. Hence, makes sure we only ever dequeue a
single signal at a time and leave the remaining ones queued in the
signalfd. In order to implement correct priorities for the signals
introduce one signalfd per priority, so that we only process the highest
priority signal at a time.
Lennart Poettering [Thu, 3 Sep 2015 18:11:58 +0000 (20:11 +0200)]
test: add one more test case for parse_pid()
Lennart Poettering [Thu, 3 Sep 2015 18:10:00 +0000 (20:10 +0200)]
nspawn: enable all controllers we can for the "payload" subcgroup we create
In the unified hierarchy delegating controller access is safe, hence
make sure to enable all controllers for the "payload" subcgroup if we
create it, so that the container will have all controllers enabled the
nspawn service itself has.
Lennart Poettering [Thu, 3 Sep 2015 17:50:37 +0000 (19:50 +0200)]
cgroup: always read the supported controllers from the root cgroup of the local container
Otherwise we might end up thinking that we support more controllers than
actually enabled for the container we are running in.
Lennart Poettering [Thu, 3 Sep 2015 17:46:23 +0000 (19:46 +0200)]
cgroup: fix potential access of uninitialized variable
Lennart Poettering [Thu, 3 Sep 2015 17:44:02 +0000 (19:44 +0200)]
cgroup-util: make cg_pid_get_path() return -ENODATA when controller can't be found
If the controller managed by systemd cannot found in /proc/$PID/cgroup,
return ENODATA, the usual error for cases where the data being looked
for does not exist, even if the process does.
Lennart Poettering [Thu, 3 Sep 2015 17:43:15 +0000 (19:43 +0200)]
cgroup: fix potential bad memory access
Lennart Poettering [Thu, 3 Sep 2015 16:28:21 +0000 (18:28 +0200)]
cgroup: make sure cg_is_empty_recursive() returns 1 for non-existing cgroups
Previously, on the legacy hierarchy a non-existing cgroup was considered
identical to an empty one, but the unified hierarchy the check for a
non-existing one returned ENOENT.
Lennart Poettering [Thu, 3 Sep 2015 16:27:19 +0000 (18:27 +0200)]
cgroup: when comparing agent paths, use path_equal()
After all a path is a path is a path and we should use path_equal() to
comapre those.
Lennart Poettering [Thu, 3 Sep 2015 16:24:57 +0000 (18:24 +0200)]
audit: audit calls should return ENODATA when process are not in an audit session
ENODATA is how we usually indicate such "missing info" cases, so we
should do this here, too.
Lennart Poettering [Thu, 3 Sep 2015 16:23:26 +0000 (18:23 +0200)]
util: document why parse_uid() returns ENXIO
parse_uid() returns EINVAL for invalid strings, but ENXIO for the
(uid_t) -1 user ids in order to distinguish these two cases. Document
this.
Lennart Poettering [Thu, 3 Sep 2015 12:57:44 +0000 (14:57 +0200)]
core: split up manager_get_unit_by_pid()
Let's move the actual cgroup part of it into a new separate function
manager_get_unit_by_pid_cgroup(), and then make
manager_get_unit_by_pid() just a wrapper that also checks the two pid
hashmaps.
Then, let's make sure the various calls that want to deliver events to
the owners of a PID check both hashmaps and the cgroup and deliver the
event to *each* of them. OTOH make sure bus calls like GetUnitByPID()
continue to check the PID hashmaps first and the cgroup only as
fallback.
Lennart Poettering [Thu, 3 Sep 2015 12:56:26 +0000 (14:56 +0200)]
cgroup: move controller to dirname translation into join_path_legacy()
Let's simplify things a bit.
Lennart Poettering [Thu, 3 Sep 2015 11:29:53 +0000 (13:29 +0200)]
util: add new uid_is_valid() call
This simply factors out the uid validation checks from parse_uid() and
uses them everywhere. This simply verifies that the passed UID is
neither 64bit -1 nor 32bit -1.
Lennart Poettering [Thu, 3 Sep 2015 11:22:51 +0000 (13:22 +0200)]
macro: introduce new PID_TO_PTR macros and make use of them
This adds a new PID_TO_PTR() macro, plus PTR_TO_PID() and makes use of
it wherever we maintain processes in a hash table. Previously we
sometimes used LONG_TO_PTR() and other times ULONG_TO_PTR() for that,
hence let's make this more explicit and clean up things.
Lennart Poettering [Thu, 3 Sep 2015 11:19:17 +0000 (13:19 +0200)]
man: always use the same example in nss module documentation
Show the same recommended example file in all three man pages, just
highlight the different, relevant parts.
This should be less confusing for users, and clarify what we actually
recommend how /etc/nsswitch.conf is set up.
Marcel Holtmann [Fri, 4 Sep 2015 00:51:50 +0000 (02:51 +0200)]
hwdb: Update database of Bluetooth company identifiers
David Herrmann [Thu, 3 Sep 2015 13:18:06 +0000 (15:18 +0200)]
udev: ignore ENOEXEC from cgroup lookup
The recent cgroup-rework changed the error code for un-mounted cgroupfs to
ENOEXEC. Make sure udev ignores it just like ENOENT and does not spill
warnings on the screen.
Daniel Mack [Thu, 3 Sep 2015 10:35:48 +0000 (12:35 +0200)]
Merge pull request #1127 from neheb/master
hwdb: Add Mionix Mouse
Lennart Poettering [Thu, 3 Sep 2015 09:22:19 +0000 (11:22 +0200)]
Merge pull request #1134 from reverendhomer/patch-1
cgroup-util: Removed unreachable statement in cg_get_path
reverendhomer [Thu, 3 Sep 2015 08:34:47 +0000 (11:34 +0300)]
cg_get_path: Removed unreachable statement
controller cannot be NULL because if-statement in L509 has return
Coverity #1322379
Lennart Poettering [Wed, 2 Sep 2015 23:12:58 +0000 (01:12 +0200)]
Merge pull request #1123 from phomes/scope-no-bool-vs-int
scope: do not compare a bool return with "<= 0"
Lennart Poettering [Wed, 2 Sep 2015 23:12:07 +0000 (01:12 +0200)]
Merge pull request #1126 from phomes/indentation2
tree-wide: fix indentation
Mangix [Wed, 2 Sep 2015 22:56:57 +0000 (15:56 -0700)]
Add Mionix Mouse
Thomas Hindoe Paaboel Andersen [Wed, 2 Sep 2015 18:46:22 +0000 (20:46 +0200)]
tree-wide: fix indentation
Thomas Hindoe Paaboel Andersen [Wed, 2 Sep 2015 17:58:12 +0000 (19:58 +0200)]
scope: do not compare a bool return with "<= 0"
Kay Sievers [Wed, 2 Sep 2015 12:30:49 +0000 (14:30 +0200)]
Merge pull request #1119 from teg/virtio-names
udev: net_id - support predictable ifnames on virtio buses
Tom Gundersen [Tue, 25 Aug 2015 12:12:19 +0000 (14:12 +0200)]
udev: net_id - support predictable ifnames on virtio buses
Virtio buses are undeterministically enumerated, so we cannot use them as a basis
for deterministic naming (see
bf81e792f3c0). However, we are guaranteed that there
is only ever one virtio bus for every parent device, so we can simply skip over
the virtio buses when naming the devices.
Lennart Poettering [Wed, 2 Sep 2015 09:30:08 +0000 (11:30 +0200)]
Merge pull request #1118 from jsynacek/man-dot-d-v2
man: *.d conf directories: add note about initrd regeneration
Lennart Poettering [Wed, 2 Sep 2015 09:21:24 +0000 (11:21 +0200)]
Merge pull request #1116 from poettering/unified-rebased
core: unified cgroup hierarchy support
David Herrmann [Wed, 2 Sep 2015 09:14:41 +0000 (11:14 +0200)]
Merge pull request #1112 from poettering/sd-bus-container-fixes
machined and sd-bus container fixes
Jan Synacek [Tue, 1 Sep 2015 12:21:37 +0000 (14:21 +0200)]
man: *.d conf directories: add note about initrd regeneration
Daniel Mack [Wed, 2 Sep 2015 06:00:38 +0000 (08:00 +0200)]
Merge pull request #1117 from evverx/detect-parallels-virt
virt: detect parallels virtualization
Evgeny Vereshchagin [Wed, 2 Sep 2015 01:43:32 +0000 (01:43 +0000)]
virt: detect parallels virtualization
inspired by http://people.redhat.com/~rjones/virt-what/
see:
* http://git.annexia.org/?p=virt-what.git;a=blob;f=virt-what.in;h=
a5ed33ef3e4bfa3281c9589eccac4d92dff1babe;hb=HEAD#l200
* http://git.annexia.org/?p=virt-what.git;a=blob;f=virt-what.in;h=
a5ed33ef3e4bfa3281c9589eccac4d92dff1babe;hb=HEAD#l253
Lennart Poettering [Tue, 1 Sep 2015 17:22:36 +0000 (19:22 +0200)]
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
Lennart Poettering [Tue, 1 Sep 2015 20:07:58 +0000 (22:07 +0200)]
Merge pull request #1115 from phomes/hwdb-mice
hwdb: more mice
Thomas Hindoe Paaboel Andersen [Tue, 1 Sep 2015 20:01:22 +0000 (22:01 +0200)]
hwdb: more mice
Lennart Poettering [Tue, 1 Sep 2015 18:52:52 +0000 (20:52 +0200)]
Merge pull request #1098 from filbranden/cpuaffinity2
Getting rid of FOREACH_WORD_QUOTED and some more cleanup in config_parse_cpu_affinity2
Lennart Poettering [Tue, 1 Sep 2015 18:46:27 +0000 (20:46 +0200)]
Merge pull request #1107 from msekletar/selinux-get-raw-context
selinux: always use *_raw API from libselinux
Lennart Poettering [Tue, 1 Sep 2015 18:38:37 +0000 (20:38 +0200)]
sd-bus: when connecting to a container, don't fall back to host bus
We should never connect to the host bus as fallback if connecting to a
container failed via one method. Otherwise connecting to a dbus1
container will always result in a connection to the host.
Lennart Poettering [Tue, 1 Sep 2015 18:36:52 +0000 (20:36 +0200)]
sd-bus: when connecting to a kdbus container bus pass error up
We rely on the correct error used when opening the kdbus device node,
hence let's make sure we pass it up from the namespaced child process to
the process which actually wants to connect.
Lennart Poettering [Tue, 1 Sep 2015 18:12:25 +0000 (20:12 +0200)]
machined: introduce a ptsname_namespace() call and make use of it
The call is like ptsname() but does not assume the pty path was
accessible in the local namespace. It uses the same internal ioctl
though.
Lennart Poettering [Tue, 1 Sep 2015 17:39:14 +0000 (19:39 +0200)]
machined: call unlockpt() in container, not host
It makes assumptions about the pty path, hence better call it in the
container namespace rather than the host.
Filipe Brandenburger [Tue, 1 Sep 2015 18:10:09 +0000 (11:10 -0700)]
core: Log parse errors in config_parse_cpu_affinity2
Tom Gundersen [Tue, 1 Sep 2015 17:48:04 +0000 (19:48 +0200)]
Merge pull request #1111 from poettering/more-cgroup-fixes
More cgroup fixes
Lennart Poettering [Tue, 1 Sep 2015 17:10:45 +0000 (19:10 +0200)]
Merge pull request #1099 from filbranden/joincontrollers2
Getting rid of FOREACH_WORD_QUOTED in config_parse_join_controllers
Lennart Poettering [Tue, 1 Sep 2015 17:09:42 +0000 (19:09 +0200)]
Merge pull request #1102 from heftig/master
build-sys: Look for gcc-* binutils wrappers only if we're using GCC
Lennart Poettering [Tue, 1 Sep 2015 17:08:55 +0000 (19:08 +0200)]
Merge pull request #1109 from phomes/man-typos
man: fix typos in systemd-path.xml
Lennart Poettering [Tue, 1 Sep 2015 17:08:17 +0000 (19:08 +0200)]
Merge pull request #1110 from evverx/run-interactive-auth
run: enable interactive authorization
Lennart Poettering [Tue, 1 Sep 2015 16:54:08 +0000 (18:54 +0200)]
core: rework when we kill with which signal
When the user wants to explicitly send our own PID a signal, then do so.
Don't follow up SIGABRT with a SIGHUP if send_sighup is enabled. At that
point the process should have segfaulted, hence there's no point in
following up with a SIGHUP.
Send only termination signals to ourselves, never KILL or ABRT signals.
Lennart Poettering [Tue, 1 Sep 2015 16:53:29 +0000 (18:53 +0200)]
core: don't allow changing the slice of a unit while it is active
Lennart Poettering [Tue, 1 Sep 2015 16:51:44 +0000 (18:51 +0200)]
unit: small clean-ups
Always say when we ignore errors. Cast calls whose return value we
knowingly ingore to (void). Use "bool" where we actually mean a boolean,
even if we return it as an int later on.
Lennart Poettering [Tue, 1 Sep 2015 16:47:46 +0000 (18:47 +0200)]
core: when looking for the unit for a process, look at the PID hashmaps first
It's cheaper that going to cgroupfs, and also usually the better choice
since it's not racy and can map PIDs even if they were moved to a
different unit.
Evgeny Vereshchagin [Tue, 1 Sep 2015 16:43:08 +0000 (16:43 +0000)]
run: enable interactive authorization
Lennart Poettering [Tue, 1 Sep 2015 16:36:28 +0000 (18:36 +0200)]
cgroup: the root cgroup is always populated
Lennart Poettering [Tue, 1 Sep 2015 16:32:07 +0000 (18:32 +0200)]
cgroup: drop "ignore_self" argument from cg_is_empty()
In all cases where the function (or cg_is_empty_recursive()) ignoring
the calling process is actually wrong, as a process keeps a cgroup busy
regardless if its the current one or another. Hence, let's simplify
things and drop the "ignore_self" parameter.
Lennart Poettering [Tue, 1 Sep 2015 16:02:43 +0000 (18:02 +0200)]
cgroup: small cleanups and coding style fixes
A number of simplications and adjustments to brings things closer to our
coding style.
Lennart Poettering [Tue, 1 Sep 2015 15:54:17 +0000 (17:54 +0200)]
cgroup: don't allow hidden cgroups
We really should care for all cgroups, and not allow hidden ones.
Lennart Poettering [Tue, 1 Sep 2015 15:53:14 +0000 (17:53 +0200)]
cgroup: never migrate kernel threads out of the root cgroup
It won't work anyway.
David Herrmann [Tue, 1 Sep 2015 16:33:54 +0000 (18:33 +0200)]
Merge pull request #1108 from phomes/dont-shadow-globals
tree-wide: do not shadow the global var timezone
Thomas Hindoe Paaboel Andersen [Tue, 1 Sep 2015 16:31:04 +0000 (18:31 +0200)]
man: fix typos in systemd-path.xml
Thomas Hindoe Paaboel Andersen [Sun, 30 Aug 2015 01:18:33 +0000 (03:18 +0200)]
tree-wide: do not shadow the global var timezone
Lennart Poettering [Tue, 1 Sep 2015 15:25:59 +0000 (17:25 +0200)]
units: enable waiting for unit termination in certain cases
The legacy cgroup hierarchy does not support reliable empty
notifications in containers and if there are left-over subgroups in a
cgroup. This makes it hard to correctly wait for them running empty, and
thus we previously disabled this logic entirely.
With this change we explicitly check for the container case, and whether
the unit is a "delegation" unit (i.e. one where programs may create
their own subgroups). If we are neither in a container, nor operating on
a delegation unit cgroup empty notifications become reliable and thus we
start waiting for the empty notifications again.
This doesn't really fix the general problem around cgroup notifications
but reduces the effect around it.
(This also reorders #include lines by their focus, as suggsted in
CODING_STYLE. We have to add "virt.h", so let's do that at the right
place.)
Also see #317.
Filipe Brandenburger [Tue, 1 Sep 2015 15:31:34 +0000 (08:31 -0700)]
core: add OOM check in config_parse_join_controllers
Filipe Brandenburger [Tue, 1 Sep 2015 15:30:26 +0000 (08:30 -0700)]
core: Log parse errors in config_parse_join_controllers