- Rely everywhere that we use abs() on the error code passed in anyway,
thus don't need to explicitly negate what we pass in
- Never attach synthetic error number information to log messages. Only
log about errors we *receive* with the error number we got there,
don't log any synthetic error, that don#t even propagate, but just eat
up.
- Be more careful with attaching exactly the error we get, instead of
errno or unrelated errors randomly.
- Fix one occasion where the error number and line number got swapped.
- Make sure we never tape over OOM issues, or inability to resolve
specifiers
mq_getattr returns -1/EBADF for file descriptors which are not mq.
But we should return 0 in this case.
We first check that fd is a valid fd, so we can assume that if
mq_getattr returns EBADF, it is simply a non-mq fd. There is a slight
race, but there doesn't seem to be a nice way to fix it.
exit.target is now used for both system and user sessions,
so remove "on user service manager exit". Also reword that
paragraph: services will be killed before the manager exits,
even if they do not conflict with shutdown target, but we
recommend that they conflict with shutdown target so that
systemd schedules them to be stopped immediately when starting
to exit.
In the first paragraph, containers should be mentioned last,
and the more general systems first.
nspawn: mount /sys as tmpfs, and then mount only select subdirs of the real sysfs below it
This way we can hide things like /sys/firmware or /sys/hypervisor from
the container, while keeping the device tree around.
While this is a security benefit in itself it also allows us to fix
issue #1277.
Previously we'd mount /sys before creating the user namespace, in order
to be able to mount /sys/fs/cgroup/* beneath it (which resides in it),
which we can only mount outside of the user namespace. To ensure that
the user namespace owns the network namespace we'd set up the network
namespace at the same time as the user namespace. Thus, we'd still see
the /sys/class/net/ from the originating network namespace, even though
we are in our own network namespace now. With this patch, /sys is
mounted before transitioning into the user namespace as tmpfs, so that
we can also mount /sys/fs/cgroup/* into it this early. The directories
such as /sys/class/ are then later added in from the real sysfs from
inside the network and user namespace so that they actually show whatis
available in it.
Aaro Koskinen [Wed, 30 Sep 2015 12:57:55 +0000 (15:57 +0300)]
fileio: make get_status_field() more generic
All users of get_status_field() expect the field pattern to occur in
the beginning of a line, and the delimiter is ':'.
Hardcode this into the function, and also skip any whitespace before ':'
to support fields in files like /proc/cpuinfo. Add support for returning
the full field value (currently stops on first whitespace).
Rename the function so it's easier to ensure all callers switch to new
semantics.
Sometimes we have to connect to the system manager directly (early boot,
initrd, late boot, ...), sometimes through the system bus (unprivileged,
remote, logind, ...). Instead of guessing in advance, which kind of
connection we require (and sometimes guessing incorrectly), let's make
sure each time we need bus connection we request the right bus
explicitly.
This way, we set up exactly the bus connections require, never guess
incorrectly, and do so only immediately when necessary.
As effect this reworks avoid_bus() into install_client_side(), since
that's all it determines now: whether to install unit files client-side
or server-side (i.e. in PID 1).
core: add a "Requires=" dependency between units and the slices they are located in
We place the processes we fork off in the cgroup anyway, and we probably
shouldn't be able to get that far if we couldn't set up the slice due to
resource problems or unmet conditions. Hence upgrade the dependency
between units and the slices they are located in from Wants= to
Requires=.
bus-util: rename bus_open_transport() to bus_connect_transport()
In sd-bus, the sd_bus_open_xyz() family of calls allocates a new bus,
while sd_bus_default_xyz() family tries to reuse the thread's default
bus. bus_open_transport() sometimes internally uses the former,
sometimes the latter family, but suggests it only calls the former via
its name. Hence, let's avoid this confusion, and generically rename the
call to bus_connect_transport().
Similar for all related calls.
And while we are at it, also change cgls + cgtop to do direct systemd
connections where possible, since all they do is talk to systemd itself.
Previously, we'd allocate it sometimes from the heap, but otherwise let
it point directly int argv[]. Let's clean this up, so that we know
exactly how to release its resources, and do so at the end.
systemctl: remove client-side wall message support
logind sends out wall messages now, let's remove this from the systemctl
client side hence. If people build systemd without logind support they
won't get wall messages now, but that's OK.
This introduces a new systemd.crash_reboot=1 kernel command line option
that triggers a reboot after crashing.
This also cleans up crash VT handling. Specifically, it cleans up the
configuration setting, to be between 1..63 or a boolean. This is to
replace the previous logic where "-1" meant disabled. We continue to
accept that setting, but only document the boolean syntax instead.
This also brings the documentation of the default settings in sync with
what actually happens.
The CrashChVT= configuration file setting is renamed to CrashChangeVT=,
following our usual logic of not abbreviating unnecessarily. The old
setting stays support for compat reasons.
machine-id-commit: merge machine-id-commit functionality into machine-id-setup
And remove machine-id-commit as separate binary.
There's really no point in keeping this separate, as the sources are
pretty much identical, and have pretty identical interfaces. Let's unify
this in one binary.
Given that machine-id-commit was a private binary of systemd (shipped in
/usr/lib/) removing the tool is not an API break.
While we are at it, improve the documentation of the command substantially.
units: increase watchdog timeout to 3min for all our services
Apparently, disk IO issues are more frequent than we hope, and 1min
waiting for disk IO happens, so let's increase the watchdog timeout a
bit, for all our services.
We can just use access() to check whether /run/system/system/ is a
directory, no need to involve stat(). The trick is to suffix the path
name with a dash.
systemctl: make "systemctl is-system-running" return "offline" if we are not booted with systemd
This sounds like the better place to expose this than in "systemd-notify
--booted".
Also document the so far undocumented "unknown" state the command might
return. And rearrange the table of states documented to be more like the
one for "is-running".
Also, don't document the precise exit code of this function, just say
errors are reported != 0 or > 0...