platform/upstream/systemd.git
6 years agoman: there's no point in referenceing systemd.unit(5) from itself (#8338)
Lennart Poettering [Fri, 2 Mar 2018 12:33:30 +0000 (13:33 +0100)]
man: there's no point in referenceing systemd.unit(5) from itself (#8338)

6 years agoMerge pull request #8323 from xyproto/ok_color
Zbigniew Jędrzejewski-Szmek [Fri, 2 Mar 2018 12:00:07 +0000 (13:00 +0100)]
Merge pull request #8323 from xyproto/ok_color

Make the color of the status OK configurable at build-time

6 years agosysusers: support `u username -:300` style syntax (#8325)
Michael Vogt [Fri, 2 Mar 2018 11:56:44 +0000 (12:56 +0100)]
sysusers: support `u username -:300` style syntax (#8325)

This PR implements the first part of RFE #8046. I.e. this allows to
write:
```
u username -:300
```
Where the uid is chosen automatically but the gid is fixed.

6 years agoMerge pull request #8332 from poettering/logind-open-if-needed
Zbigniew Jędrzejewski-Szmek [Fri, 2 Mar 2018 11:56:04 +0000 (12:56 +0100)]
Merge pull request #8332 from poettering/logind-open-if-needed

logind device resume fix

6 years agomount-setup: change bpf mount mode to 0700 (#8334)
Lennart Poettering [Fri, 2 Mar 2018 11:55:24 +0000 (12:55 +0100)]
mount-setup: change bpf mount mode to 0700 (#8334)

After discussing with the kernel folks, we agreed to default to 0700 for
this. Better safe than sorry.

6 years agoMerge pull request #8303 from yuwata/fix-8276
Zbigniew Jędrzejewski-Szmek [Fri, 2 Mar 2018 11:53:11 +0000 (12:53 +0100)]
Merge pull request #8303 from yuwata/fix-8276

test: use synthesize_nobody() in test-execute

6 years agosystemctl: document telinit/init matching a bit (#8339)
Lennart Poettering [Fri, 2 Mar 2018 11:51:57 +0000 (12:51 +0100)]
systemctl: document telinit/init matching a bit (#8339)

See: #8305

6 years agohwdb: add accelerometer mount matrix for Asus TP300LD (#8327)
futpib [Fri, 2 Mar 2018 11:11:28 +0000 (14:11 +0300)]
hwdb: add accelerometer mount matrix for Asus TP300LD (#8327)

6 years agoMerge pull request #8237 from sourcejedi/timer_suspend
Lennart Poettering [Fri, 2 Mar 2018 11:11:06 +0000 (12:11 +0100)]
Merge pull request #8237 from sourcejedi/timer_suspend

core: let OnCalendar= timer units expire during suspend (#8231)

6 years agologind: fix typo in comment
Lennart Poettering [Fri, 2 Mar 2018 10:56:15 +0000 (11:56 +0100)]
logind: fix typo in comment

6 years agologind: open device if needed
Lennart Poettering [Fri, 2 Mar 2018 10:55:51 +0000 (11:55 +0100)]
logind: open device if needed

Fixes: #8291

6 years agologind: cast away return value we don't care about
Lennart Poettering [Fri, 2 Mar 2018 10:55:33 +0000 (11:55 +0100)]
logind: cast away return value we don't care about

6 years agologind: voidify a function we never check the return value of
Lennart Poettering [Fri, 2 Mar 2018 10:55:16 +0000 (11:55 +0100)]
logind: voidify a function we never check the return value of

6 years agoMerge pull request #8316 from yuwata/fix-8315
Zbigniew Jędrzejewski-Szmek [Fri, 2 Mar 2018 10:32:25 +0000 (11:32 +0100)]
Merge pull request #8316 from yuwata/fix-8315

sysusers: do not create duplicated groups when create users

6 years agoMerge pull request #8330 from filbranden/masked1
Zbigniew Jędrzejewski-Szmek [Fri, 2 Mar 2018 10:24:31 +0000 (11:24 +0100)]
Merge pull request #8330 from filbranden/masked1

Detect masked unit with drop-ins

6 years agomeson: use dashes in colour names
Zbigniew Jędrzejewski-Szmek [Fri, 2 Mar 2018 08:09:29 +0000 (09:09 +0100)]
meson: use dashes in colour names

6 years agoAdd build-time option to change the color of the "OK" status text
Alexander F Rødseth [Thu, 1 Mar 2018 12:12:02 +0000 (13:12 +0100)]
Add build-time option to change the color of the "OK" status text

6 years agoOrganize the ANSI codes and add missing colors
Alexander F Rødseth [Thu, 1 Mar 2018 17:23:05 +0000 (18:23 +0100)]
Organize the ANSI codes and add missing colors

For consistency.

6 years agotest-execute: add tests with user/group daemon
Yu Watanabe [Fri, 2 Mar 2018 06:55:02 +0000 (15:55 +0900)]
test-execute: add tests with user/group daemon

The nobody user/group may not synthesized by systemd.
To run tests the functionalities in such situation, this adds tests
by user/group by daemon, as it is expected to exists all environments.

6 years agotest: masked unit with drop-ins
Filipe Brandenburger [Fri, 2 Mar 2018 05:07:27 +0000 (21:07 -0800)]
test: masked unit with drop-ins

6 years agoinstall: detect masked unit with drop-ins
Filipe Brandenburger [Fri, 2 Mar 2018 01:48:15 +0000 (17:48 -0800)]
install: detect masked unit with drop-ins

Before this fix, a unit with drop-ins will not be reported as masked by
`systemctl is-enabled` or `systemctl list-unit-files`.

6 years agosysusers: do not implicitly create group by 'm' if 'u' with the same name exists
Yu Watanabe [Thu, 1 Mar 2018 22:38:28 +0000 (07:38 +0900)]
sysusers: do not implicitly create group by 'm' if 'u' with the same name exists

The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab makes 'm' lines
disturb 'u' lines.
This fixes the disturbance.

6 years agotest: add a test for sysusers
Yu Watanabe [Thu, 1 Mar 2018 05:52:28 +0000 (14:52 +0900)]
test: add a test for sysusers

The test cases for sysusers did not cover the situation reported in
issue #8315. Let's add one more test case.

6 years agosysusers: do not create duplicated groups when create users
Yu Watanabe [Thu, 1 Mar 2018 18:27:34 +0000 (03:27 +0900)]
sysusers: do not create duplicated groups when create users

The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces
the issue #8315.

Fixes #8315.

6 years agoRemove /sbin from paths if split-bin is false (#8324)
Zbigniew Jędrzejewski-Szmek [Thu, 1 Mar 2018 20:48:36 +0000 (21:48 +0100)]
Remove /sbin from paths if split-bin is false (#8324)

Follow-up for 157baa87e4.

6 years agoMerge pull request #8319 from keszybz/yet-another-symlink-installation-tweak
Lennart Poettering [Thu, 1 Mar 2018 14:06:02 +0000 (15:06 +0100)]
Merge pull request #8319 from keszybz/yet-another-symlink-installation-tweak

meson: fix symlink creation when sbin is symlink to bin

6 years agoMerge pull request #8293 from dobyrch/master
Lennart Poettering [Thu, 1 Mar 2018 14:03:19 +0000 (15:03 +0100)]
Merge pull request #8293 from dobyrch/master

tree-wide: fix inconsistencies in option parsing

6 years agoMerge pull request #8322 from keszybz/doc-tweak
Lennart Poettering [Thu, 1 Mar 2018 13:58:12 +0000 (14:58 +0100)]
Merge pull request #8322 from keszybz/doc-tweak

man: document that link-ed files must be on /

6 years agoudevadm: prevent segfault in blkid builtin when offset not specified
Douglas Christman [Wed, 28 Feb 2018 01:35:58 +0000 (20:35 -0500)]
udevadm: prevent segfault in blkid builtin when offset not specified

"--offset" takes an optional argument; if none is specified,
stroull() will attempt to parse a NULL pointer. For example:

$ udevadm test-builtin 'blkid --offset' /sys/dev/block/8:1

Update "--offset" to require an argument; also verify that the
offset is not negative.

6 years agoanalyze: fix typo in error message
Douglas Christman [Thu, 1 Mar 2018 00:31:32 +0000 (08:31 +0800)]
analyze: fix typo in error message

6 years agotest-libudev: make "-m" equivalent to "--monitor"
Douglas Christman [Wed, 28 Feb 2018 01:28:50 +0000 (20:28 -0500)]
test-libudev: make "-m" equivalent to "--monitor"

"-m" is specified as a short form of "--monitor" in the option struct,
but not included in getopt_long's optstring.  Update the optstring
to be consistent with the option struct.

6 years agosystemctl: remove redundant option parsing code
Douglas Christman [Wed, 28 Feb 2018 01:19:55 +0000 (20:19 -0500)]
systemctl: remove redundant option parsing code

"-f" used to be overloaded to mean both "--force" and "--follow";
aae9a96d removed "--follow", leaving behind some duplicate code.

6 years agojournalctl: make journalctl -g work as documented
Douglas Christman [Wed, 28 Feb 2018 01:16:26 +0000 (20:16 -0500)]
journalctl: make journalctl -g work as documented

Add "g" to optstring so both "--grep" and "-g" work with journalctl

6 years agoman: document that link-ed files must be on /
Zbigniew Jędrzejewski-Szmek [Thu, 1 Mar 2018 12:11:00 +0000 (13:11 +0100)]
man: document that link-ed files must be on /

Fixes #8307.

6 years agomeson: support both separate and merged sbin-bin directories
Zbigniew Jędrzejewski-Szmek [Thu, 1 Mar 2018 09:28:29 +0000 (10:28 +0100)]
meson: support both separate and merged sbin-bin directories

Follow-up for ba7f4ae6178309dc937e10cf7dce0eca9dafb8de.

By default, we detect if the real root has a separate /usr/sbin directory, but
this can be overrides with -Dsplit-bin=true|false. The check assumes that
/usr/sbin is split if it is not a symlink, so it'll return a false negative
with some more complicated setups. But that's OK, in those cases this should be
configured explicitly.

This will copy the structure of the directories in the root file system to
$DESTDIR. If a directory is a directory in $DESTDIR but a symlink in the root
file system, this script will fail. This means that it's not possible to reuse
a $DESTDIR from between ba7f4ae61 and this patch.

6 years agomeson: autodetect split-usr
Zbigniew Jędrzejewski-Szmek [Thu, 1 Mar 2018 10:49:42 +0000 (11:49 +0100)]
meson: autodetect split-usr

Also move the status from "features" to the paths section. This is more of an
anti-feature.

6 years agoprocfs-util: drop unnecessary zero initializations (#8321)
Lennart Poettering [Thu, 1 Mar 2018 10:27:06 +0000 (11:27 +0100)]
procfs-util: drop unnecessary zero initializations (#8321)

Follow-up for #8149.

6 years agoMerge pull request #8149 from poettering/fake-root-cgroup
Lennart Poettering [Thu, 1 Mar 2018 10:10:24 +0000 (11:10 +0100)]
Merge pull request #8149 from poettering/fake-root-cgroup

Properly synthesize CPU+memory accounting data for the root cgroup

6 years agounits: delegate "memory" instead of "cpu" by default for user instances (#8320)
Franck Bui [Thu, 1 Mar 2018 09:58:03 +0000 (10:58 +0100)]
units: delegate "memory" instead of "cpu" by default for user instances (#8320)

CPU accounting has a too bad impact on performance to be enabled by
default. Therefore we should not delegate "cpu" for now.

OTOH since commit e0c46a736412b79b94a21f8512a769b9212b9adf, memory accounting
has been turned on for all units by default so it makes sense to delegate this
controller by default.

6 years agoMerge pull request #8318 from keszybz/doc-tweak
Lennart Poettering [Thu, 1 Mar 2018 09:44:17 +0000 (10:44 +0100)]
Merge pull request #8318 from keszybz/doc-tweak

A small man page update

6 years agotest-execute: add a test for the case that NOBODY_GROUP_NAME is nogroup
Yu Watanabe [Thu, 1 Mar 2018 09:31:26 +0000 (18:31 +0900)]
test-execute: add a test for the case that NOBODY_GROUP_NAME is nogroup

6 years agotest-execute: check nobody user and group are configured correctly
Yu Watanabe [Thu, 1 Mar 2018 09:29:28 +0000 (18:29 +0900)]
test-execute: check nobody user and group are configured correctly

Several tests request nobody user or group. If they are badly
configured, then tests may fail.

This makes test-execute check nobody user and group are configured
correctly before running such tests.

Fixes #8276.

6 years agobasic/cgroup-util: simplify cg_get_keyed_attribute(), add test
Zbigniew Jędrzejewski-Szmek [Thu, 1 Mar 2018 08:30:55 +0000 (09:30 +0100)]
basic/cgroup-util: simplify cg_get_keyed_attribute(), add test

I didn't like the nested loop where we'd count what we have acquired already,
since we should always know that.

6 years agogitignore .pot file
Zbigniew Jędrzejewski-Szmek [Thu, 1 Mar 2018 07:05:27 +0000 (08:05 +0100)]
gitignore .pot file

It is created by "ninja systemd-pot", and we don't want to include it
in git.

6 years agoMerge pull request #8171 from poettering/sd-bus-queue-limit
Lennart Poettering [Wed, 28 Feb 2018 17:15:40 +0000 (18:15 +0100)]
Merge pull request #8171 from poettering/sd-bus-queue-limit

try not to overload pid1's bus message write queue

6 years agocore: don't freeze OnCalendar= timer units when the clock goes back a lot
Alan Jenkins [Wed, 28 Feb 2018 16:03:43 +0000 (16:03 +0000)]
core: don't freeze OnCalendar= timer units when the clock goes back a lot

E.g. if you have a monthly event and you set the computer clock back one
year, we can allow the next 12 monthly events to happen naturally.  In fact
we already do this when you start a Persistent=yes timer, we just need to
apply the same logic when it's running and we notice the system clock
being set backwards.

6 years agocore: let OnCalendar= timer units expire during suspend (#8231)
Alan Jenkins [Wed, 28 Feb 2018 15:34:16 +0000 (15:34 +0000)]
core: let OnCalendar= timer units expire during suspend (#8231)

On timejumps, including suspend, timer_time_change() calls for a
re-calculation of the next elapse.  Sadly I'm not quite sure what the
intended effect of this was!  Because it was not managing to fire
OnCalendar= timers which fired during the suspend... unless the timer had
already fired once before.

Reported, entirely correctly as far as I can see, on stackexchange:
https://unix.stackexchange.com/questions/351829/systemd-timer-that-expired-while-suspended

 /* If we know the last time this was
  * triggered, schedule the job based relative
- * to that. If we don't just start from
- * now. */
+ * to that. If we don't, just start from
+ * the activation time. */

The same code is called for both the initial calculation and this
re-calculation.  If we're _not_ already active, then this is before the
activation time has been recorded in the unit, so just use the current
time as before.  The new code is mechanically adapted from the same
logic for `OnActiveSec=` (case TIMER_ACTIVE in the code which follows).

Tested with `date --set`.

Motivations:

* Rotate monitoring data from Atop into files which are named per-day.
  Fedora currently implements this with a cron job that runs at midnight,
  but that didn't handle suspend correctly either.

* unbound-anchor.timer on Fedora, is used to update DNSSEC "root trust
  anchor" daily, before the TTL expires.  It uses OnCalendar=daily
  AccuracySec=24h.  Which is a bit suspect because the TTL is 2 days, but I
  think it has the right general idea.

  None of the other timer settings are correct, because they would not
  account for time spent in suspend.  Unless you set WakeSystem
  (this feature is currently undocumented).

* So in general, we can expect to see people using OnCalendar= for the same
  cases as cron.daily and cron.monthly.  Which use anacron to keep track of
  jobs which should be run even if the system was down at the time.

  Timers which are configured to run more frequently than that, are
  unlikely to mind if they get run slightly more often that the writer
  realized, relative to the amount of time the system was really running.

* From the user report above: "I only want to use remind to show a desktop
  notification, it seems excessive to wake up the computer for that. Also,
  I would like to get the reminder first thing in the morning, so the
  OnActiveSec doesn't help with that."

6 years agocore: timer_enter_waiting(): refactor `base` local variable
Alan Jenkins [Wed, 28 Feb 2018 15:07:30 +0000 (15:07 +0000)]
core: timer_enter_waiting(): refactor `base` local variable

We have two variables `b` and `base`.  `b` is declared within limited
scope; `base` is declared at the top of the function.  However `base`
is actually only used within a scope which is exclusive of `b`.  Clarify
by moving `base` inside the limited scope as well.

(Also `base` doesn't need initializing any more than `b` does.  The
declaration of `base` is now immediately followed by a case analysis of
`v->base`, which serves almost exclusively to determine the value of
`base`).

6 years agoman: shorten/reword a bit in sd_bus_get_n_queued_read
Zbigniew Jędrzejewski-Szmek [Wed, 28 Feb 2018 09:53:18 +0000 (10:53 +0100)]
man: shorten/reword a bit in sd_bus_get_n_queued_read

In particular:
- drop "when it is non-zero" to avoid implying that it can be called if the
  queue is not empty.
- "has been created" sounds like something happened in parallel,
  but what we really mean is that *this* particular object *was* created in a
  certain way.

6 years agoMerge pull request #8283 from poettering/nspawn-user-fix
Lennart Poettering [Wed, 28 Feb 2018 09:37:01 +0000 (10:37 +0100)]
Merge pull request #8283 from poettering/nspawn-user-fix

some trivial nspawn related fixes

6 years agorules: skip btrfs check if devices are not ready in 64-btrfs.rules (#8304)
Franck Bui [Wed, 28 Feb 2018 09:36:06 +0000 (10:36 +0100)]
rules: skip btrfs check if devices are not ready in 64-btrfs.rules (#8304)

If any devices are marked with 'SYSTEMD_READY=0' then we shouldn't run any
btrfs check on them.

Indeed there's no point in running "btrfs ready" on devices that already have
SYSTEMD_READY=0 set. Most probably such devices are members of a higher layer
aggregate device such as dm-multipath or software RAID. Doing IO on them wastes
time at best, and may cause delays, timeouts, or even hangs at worst (think
active-passive multipath or degraded RAID, for example).

It was initially reported at:
https://bugzilla.opensuse.org/show_bug.cgi?id=872929

6 years agokernel-install: Don't install BLS kernel images if dest dir doesn't exist (#8306)
Javier Martinez Canillas [Wed, 28 Feb 2018 09:25:19 +0000 (10:25 +0100)]
kernel-install: Don't install BLS kernel images if dest dir doesn't exist (#8306)

The script shouldn't rely on a previous script exiting with a status code
that prevents it to be executed. Instead, should check if the destination
directory for the BLS kernel image exists and exit otherwise.

6 years agomeson: install compat symlinks for systemctl and systemd (#8300)
Zbigniew Jędrzejewski-Szmek [Wed, 28 Feb 2018 09:20:48 +0000 (10:20 +0100)]
meson: install compat symlinks for systemctl and systemd (#8300)

v2:
- init is a symlink to systemd, not systemctl!

6 years agonspawn: close pipe on error
Lennart Poettering [Mon, 26 Feb 2018 19:51:04 +0000 (20:51 +0100)]
nspawn: close pipe on error

6 years agoprocess-util: don't install atfork() handler more than once
Lennart Poettering [Mon, 26 Feb 2018 19:50:57 +0000 (20:50 +0100)]
process-util: don't install atfork() handler more than once

6 years agococcinelle: slightly improve run-coccinelle.sh
Lennart Poettering [Mon, 26 Feb 2018 14:42:45 +0000 (15:42 +0100)]
coccinelle: slightly improve run-coccinelle.sh

Let's include the command line to use to get the requested output. This
makes it easy to copy/paste the command line out, and add "--in-place"
to actually apply the changes "run-coccinelle.sh" outputs.

6 years agoutil: add new safe_close_above_stdio() wrapper
Lennart Poettering [Mon, 26 Feb 2018 14:41:38 +0000 (15:41 +0100)]
util: add new safe_close_above_stdio() wrapper

At various places we only want to close fds if they are not
stdin/stdout/stderr, i.e. fds 0, 1, 2. Let's add a unified helper call
for that, and port everything over.

6 years agonspawn: propagate original error. No need to make up -EIO
Lennart Poettering [Mon, 26 Feb 2018 14:30:19 +0000 (15:30 +0100)]
nspawn: propagate original error. No need to make up -EIO

6 years agonspawn: use STR_IN_SET() where we can
Lennart Poettering [Mon, 26 Feb 2018 14:30:05 +0000 (15:30 +0100)]
nspawn: use STR_IN_SET() where we can

6 years agonspawn: port some code to use read_line()
Lennart Poettering [Mon, 26 Feb 2018 14:29:30 +0000 (15:29 +0100)]
nspawn: port some code to use read_line()

This shortens our code a bit. Which is always nice.

6 years agoMerge pull request #8294 from fsateler/debian-patches
Zbigniew Jędrzejewski-Szmek [Wed, 28 Feb 2018 08:10:16 +0000 (09:10 +0100)]
Merge pull request #8294 from fsateler/debian-patches

Upstreaming some debian patches

6 years agoMerge pull request #8280 from poettering/seccomp-flags
Yu Watanabe [Wed, 28 Feb 2018 01:55:59 +0000 (10:55 +0900)]
Merge pull request #8280 from poettering/seccomp-flags

seccomp flags rework + minor other build system/repo changes

6 years agorule-syntax-check: fix handling of runaway strings in comma splitting (#8298)
Filipe Brandenburger [Wed, 28 Feb 2018 00:11:38 +0000 (16:11 -0800)]
rule-syntax-check: fix handling of runaway strings in comma splitting (#8298)

A runaway string should still be returned by the code that splits on
commas, so add a '?' to the regex so that the last '"?' in a string
still produces a valid block for the split code.

Tested:

  ACTION=="remove\"GOTO=""

Which then produced:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove\"GOTO=""
    clause: ACTION=="remove\"GOTO=""

6 years agoInclude additional directories in ProtectSystem
Ansgar Burchardt [Thu, 24 Jul 2014 17:38:07 +0000 (19:38 +0200)]
Include additional directories in ProtectSystem

6 years agoAdd note to udev.conf that changes to that file require a rebuild of the initramfs
Michael Biebl [Thu, 18 Jul 2013 13:33:51 +0000 (15:33 +0200)]
Add note to udev.conf that changes to that file require a rebuild of the initramfs

Based on debian/patches/udev_conf_comments from the old udev package.

6 years agoMerge pull request #8297 from filbranden/udevrule1
Zbigniew Jędrzejewski-Szmek [Tue, 27 Feb 2018 21:35:19 +0000 (22:35 +0100)]
Merge pull request #8297 from filbranden/udevrule1

Udev rule syntax checker updates

6 years agopo: add Japanese translation (#8289)
Yu Watanabe [Tue, 27 Feb 2018 21:18:06 +0000 (06:18 +0900)]
po: add Japanese translation (#8289)

6 years agopo: typing mistakes in Catalan translation (#8290)
Robert Antoni Buj Gelonch [Tue, 27 Feb 2018 21:16:41 +0000 (22:16 +0100)]
po: typing mistakes in Catalan translation (#8290)

6 years agorule-syntax-check: allow commas inside quoted strings
Filipe Brandenburger [Tue, 27 Feb 2018 21:11:07 +0000 (13:11 -0800)]
rule-syntax-check: allow commas inside quoted strings

Using a regex to match the groups is smarter than the split(',') that
would break in those cases.

Tested:

  SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*,*:070202:*", TAG+="uaccess"

Rule checker doesn't break there after this commit.

6 years agorule-syntax-check: add support for escaped double quotes
Filipe Brandenburger [Tue, 27 Feb 2018 19:12:18 +0000 (11:12 -0800)]
rule-syntax-check: add support for escaped double quotes

Add support to backslash-escaped double quote inside a string.

Tested by modifying src/login/70-uaccess.rules to include:

  ACTION=="remove" it", GOTO="uaccess_end"

And had the rule checker complain about it:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove" it", GOTO="uaccess_end"
    clause: ACTION=="remove" it"

6 years agoseccomp: rework functions for parsing system call filters
Lennart Poettering [Mon, 26 Feb 2018 11:51:35 +0000 (12:51 +0100)]
seccomp: rework functions for parsing system call filters

This reworks system call filter parsing, and replaces a couple of "bool"
function arguments by a single flags parameter.

This shouldn't change behaviour, except for one case: when we
recursively call our parsing function on our own syscall list, then
we'll lower the log level to LOG_DEBUG from LOG_WARNING, because at that
point things are just a problem in our own code rather than in the user
configuration we are parsing, and we shouldn't hence generate confusing
warnings about syntax errors.

Fixes: #8261

6 years agosystemd-sysv-install: unset ROOT rather than setting it to ""
Lennart Poettering [Mon, 26 Feb 2018 11:01:45 +0000 (12:01 +0100)]
systemd-sysv-install: unset ROOT rather than setting it to ""

Follow-up for #8264.

It's cleaner to pass no env var at all to forked off processes rather
than an empty one.

6 years agococcinelle: drop empty-if.cocci script
Lennart Poettering [Mon, 26 Feb 2018 10:50:12 +0000 (11:50 +0100)]
coccinelle: drop empty-if.cocci script

It doesn't work, spits out only rubbish and was already excluded of
run-coccinelle.sh. It's a pitty it doesn't work, but let's drop this
dead piece of code for now.

6 years agodoc: add a new doc/ directory, and move two markdown docs into them
Lennart Poettering [Mon, 26 Feb 2018 10:48:46 +0000 (11:48 +0100)]
doc: add a new doc/ directory, and move two markdown docs into them

I figure sooneror later we'll have more of these docs, hence let's give
them a clean place to be.

This leaves NEWS and README/README.md as well as the LICENSE texts in
the root directory of the project since that appears to be customary for
Free Software projects.

6 years agocore: don't process dbus unit and job queue when there are already too many messages...
Lennart Poettering [Tue, 13 Feb 2018 17:30:34 +0000 (18:30 +0100)]
core: don't process dbus unit and job queue when there are already too many messages pending

We maintain a queue of units and jobs that we are supposed to generate
change/new notifications for because they were either just created or
some of their property has changed. Let's throttle processing of this
queue a bit: as soon as > 1K of bus messages are queued for writing
let's skip processing the queue, and then recheck on the next
iteration again.

Moreover, never process more than 100 units in one go, return to the
event loop after that. Both limits together should put effective limits
on both space and time usage of the function, delaying further
operations until a later moment, when the queue is empty or the the
event loop is sufficiently idle again.

This should keep the number of generated messages much lower than
before on busy systems or where some client is hanging.

Note that this also means a bad client can slow down message dispatching
substantially for up to 90s if it likes to, for all clients. But that
should be acceptable as we only allow trusted bus clients, anyway.

Fixes: #8166

6 years agocore: don't bother enqueuing signal messages into busses that aren't ready yet
Lennart Poettering [Tue, 13 Feb 2018 17:27:47 +0000 (18:27 +0100)]
core: don't bother enqueuing signal messages into busses that aren't ready yet

This is an optimization: there's no point in enqueuing unit and job
change notificiation signal messages into bus connection that aren't
fully set up yet.

This doesn't fix #8166 but should lower the load of messages enqueued
but not processed yet a bit.

6 years agosd-bus: add APIs to query the current read and write queue size
Lennart Poettering [Tue, 13 Feb 2018 17:27:05 +0000 (18:27 +0100)]
sd-bus: add APIs to query the current read and write queue size

6 years agorule-syntax-check: values can contain escaped double quotes
Franck Bui [Fri, 23 Feb 2018 16:12:50 +0000 (17:12 +0100)]
rule-syntax-check: values can contain escaped double quotes

This is true since commit 7e760b79ad143b26a5c937afa7666a7c40508f85.

Note that the changes in the regex expressions relies on the fact that the
script assumes that the comma separator is mandatory.

Add a comment in the script to clarify this.

6 years agorule-syntax-check: PROGRAM is not supposed to get value assigned
Franck Bui [Fri, 23 Feb 2018 15:54:40 +0000 (16:54 +0100)]
rule-syntax-check: PROGRAM is not supposed to get value assigned

In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".

Actually it doesn't really make sense to assign it a value.

udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.

No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.

6 years agorules: add a missing comma in 70-uaccess.rules since it improves readability
Franck Bui [Fri, 23 Feb 2018 15:49:17 +0000 (16:49 +0100)]
rules: add a missing comma in 70-uaccess.rules since it improves readability

rule-syntax-check.py failed with the following error:

$ ./test/rule-syntax-check.py ./src/login/70-uaccess.rules
Invalid line ./src/login/70-uaccess.rules:31: SUBSYSTEM=="sound", TAG+="uaccess"   OPTIONS+="static_node=snd/timer", OPTIONS+="static_node=snd/seq"
  clause: TAG+="uaccess"   OPTIONS+="static_node=snd/timer"

The comma is actually optional but the script makes it mandatory which seems a
good thing since it improves readability.

6 years agomissing_syscall: add pkey_mprotect for ppc (#8292)
Zbigniew Jędrzejewski-Szmek [Tue, 27 Feb 2018 12:33:00 +0000 (13:33 +0100)]
missing_syscall: add pkey_mprotect for ppc (#8292)

Accurate for both ppc and ppc64 according to https://fedora.juszkiewicz.com.pl/syscalls.html.

6 years agoMerge pull request #8282 from poettering/khash-enokey
Evgeny Vereshchagin [Tue, 27 Feb 2018 09:34:41 +0000 (12:34 +0300)]
Merge pull request #8282 from poettering/khash-enokey

deal with borked ENOKEY on centos kernel's AF_ALG support

6 years agopo: update Catalan translation (#8267)
Robert Antoni Buj Gelonch [Tue, 27 Feb 2018 08:20:40 +0000 (09:20 +0100)]
po: update Catalan translation (#8267)

6 years agoman: suggests TemporaryFileSystem= when people want to nest bind mounts inside Inacce...
Yu Watanabe [Tue, 27 Feb 2018 07:59:03 +0000 (16:59 +0900)]
man: suggests TemporaryFileSystem= when people want to nest bind mounts inside InaccessiblePaths= (#8288)

Suggested by @sourcejedi in #8242.
Closes #7895, #7153, and #2780.

6 years agoMerge pull request #8285 from poettering/logind-close-fixes
Zbigniew Jędrzejewski-Szmek [Tue, 27 Feb 2018 07:55:40 +0000 (08:55 +0100)]
Merge pull request #8285 from poettering/logind-close-fixes

various smaller logind fixes

6 years agofstab-generator: downgrade message when we can't canonicalize fstab entries (#8281)
Lennart Poettering [Tue, 27 Feb 2018 06:58:19 +0000 (07:58 +0100)]
fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281)

Let's make this LOG_DEBUG, as this didn't used to be an issue, and
shouldn't really be still.

Replaces: #8132

6 years agoMerge pull request #8284 from keszybz/gcc-warning-fixes
Lennart Poettering [Mon, 26 Feb 2018 20:20:13 +0000 (21:20 +0100)]
Merge pull request #8284 from keszybz/gcc-warning-fixes

Gcc warning fixes

6 years agotree-wide: use reallocarray instead of our home-grown realloc_multiply (#8279)
Zbigniew Jędrzejewski-Szmek [Mon, 26 Feb 2018 20:20:00 +0000 (21:20 +0100)]
tree-wide: use reallocarray instead of our home-grown realloc_multiply (#8279)

There isn't much difference, but in general we prefer to use the standard
functions. glibc provides reallocarray since version 2.26.

I moved explicit_bzero is configure test to the bottom, so that the two stdlib
functions are at the bottom.

6 years agosd-login: make use of _cleanup_close_ where possible
Lennart Poettering [Mon, 26 Feb 2018 17:45:45 +0000 (18:45 +0100)]
sd-login: make use of _cleanup_close_ where possible

6 years agojournal-upload: make use of safe_close() where appropriate
Lennart Poettering [Mon, 26 Feb 2018 17:45:28 +0000 (18:45 +0100)]
journal-upload: make use of safe_close() where appropriate

6 years agologind: make sure we don't trip up on half-initialized session devices
Lennart Poettering [Mon, 26 Feb 2018 17:34:49 +0000 (18:34 +0100)]
logind: make sure we don't trip up on half-initialized session devices

Fixes: #8035

6 years agologind: check file is device node before using .st_rdev
Lennart Poettering [Mon, 26 Feb 2018 17:34:43 +0000 (18:34 +0100)]
logind: check file is device node before using .st_rdev

6 years agologind: let's pack a few struct fields we can pack
Lennart Poettering [Mon, 26 Feb 2018 17:34:13 +0000 (18:34 +0100)]
logind: let's pack a few struct fields we can pack

6 years agologind: fd 0 is a valid fd
Lennart Poettering [Mon, 26 Feb 2018 17:33:51 +0000 (18:33 +0100)]
logind: fd 0 is a valid fd

6 years agologind: let's reduce one level of indentation
Lennart Poettering [Mon, 26 Feb 2018 17:33:20 +0000 (18:33 +0100)]
logind: let's reduce one level of indentation

6 years agologind: propagate the right error, don't make up ENOMEM
Lennart Poettering [Mon, 26 Feb 2018 17:33:05 +0000 (18:33 +0100)]
logind: propagate the right error, don't make up ENOMEM

6 years agologind: rework sd_eviocrevoke()
Lennart Poettering [Mon, 26 Feb 2018 17:32:07 +0000 (18:32 +0100)]
logind: rework sd_eviocrevoke()

Let's initialize static variables properly and get rid of redundant
variables.

6 years agologind: trivial improvements
Lennart Poettering [Mon, 26 Feb 2018 17:31:06 +0000 (18:31 +0100)]
logind: trivial improvements

Just some addition whitespace, some additional assert()s, and removal of
redundant variables.

6 years agokhash: try to detect broken AF_ALG support in centos kernels
Lennart Poettering [Mon, 26 Feb 2018 12:46:58 +0000 (13:46 +0100)]
khash: try to detect broken AF_ALG support in centos kernels

Fixes: #8278

6 years agocore/unit: voidify one snprintf statement
Zbigniew Jędrzejewski-Szmek [Mon, 26 Feb 2018 14:47:54 +0000 (15:47 +0100)]
core/unit: voidify one snprintf statement

One more follow-up for f810b631cd.