Move config_parse_join_controllers to shared, add test
config_parse_join_controllers would free the destination argument on failure,
which is contrary to our normal style, where failed parsing has no effect.
Moving it to shared also allows a test to be added.
shared/conf-parser: define a macro for the repeating argument set
The arguments have to be indentical everywhere, so let's use a macro to
make things more readable. But only in the headers, in the .c files let's
keep them verbose so that it's easy to see the argument list.
Coverity now started warning about this ("Calling unlinkat without checking
return value (as is done elsewhere 12 out of 15 times).", and it is right:
most of the time we should at list print a log message so people can figure
out something is wrong when this happens.
v2:
- use warning level in journald too (this is unlikely to happen ever, so it
should be safe to something that is visible by default).
Yu Watanabe [Mon, 19 Feb 2018 13:26:01 +0000 (22:26 +0900)]
bootspec: accept tab as the separataor in sd-boot config (#8165)
In the parse logic `line_get_key_value()` in sd-boot treats spaces
and tabs are valid spacing between key and value in the line.
So, let's use the same logic for `bootctl` and the others which read
sd-boot configs.
meson: apply defaults if /etc/login.defs doesn't exist
Apply defaults for system_{uid,gid}_max even if the /etc/login.defs file
doesn't exist (e.g. in Clear Linux with no changes).
awk returns an empty string in case the file doesn't exist, causing meson to
fail in to_int(). So set the default if output is empty. This makes the BEGIN{}
blocks unnecessary, so remove them.
The single quote working with multiple lines is likely to be unintended. With
current versions of meson, it also causes error messages after it to report the
wrong line number. Use the documented syntax instead.
meson: fix systemd-pot target when polkit-devel is not installed
To successfully extract strings from our .policy files, gettext needs
polkit.{its,loc} files provided by policykit-devel. When that package is not
installed, systemd-pot would fail to extract strings:
[0/1] Running external command systemd-pot.
xgettext: warning: file 'src/core/org.freedesktop.systemd1.policy.in.in' extension 'policy' is unknown; will try C
xgettext: warning: file 'src/hostname/org.freedesktop.hostname1.policy.in' extension 'policy' is unknown; will try C
...
We now don't need the .its and .loc files for normal building, but they are
still useful when generating the .pot file, because that way we avoid the
dependency on sufficiently new polkit. We just need to tell i18n to pass their
location to xgettext.
intltool is unnecessary since c81217920effddc93fb780cf8f9eb699d6fe1319.
But we still need gettext, because we use msgformat to generate .mo files.
(I tried to make meson depend on it, at least in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1545926, but that didn't fly,
and in Debian at least meson also has no dependency on the tools used by
its i18n module, so we need to add our own dependency anyway.)
meson: drop unnecessary "transformation" of policy files
Those files don't contain any @variables@, so the configuration step was just
copying them to build/. Let's avoid that, and fix their suffixes while at it.
pid1: properly remove references to the unit from gc queue during final cleanup
When various references to the unit were dropped during cleanup in unit_free(),
add_to_gc_queue() could be called on this unit. If the unit was previously in
the gc queue (at the time when unit_free() was called on it), this wouldn't
matter, because it'd have in_gc_queue still set even though it was already
removed from the queue. But if it wasn't set, then the unit could be added to
the queue. Then after unit_free() would deallocate the unit, we would be left
with a dangling pointer in gc_queue.
A unit could be added to the gc queue in two places called from unit_free():
in the job_install calls, and in unit_ref_unset(). The first was OK, because
it was above the LIST_REMOVE(gc_queue,...) call, but the second was not, because
it was after that. Move the all LIST_REMOVE() calls down.
pid1: free basic unit information at the very end, before freeing the unit
We would free stuff like the names of the unit first, and then recurse
into other structures to remove the unit from there. Technically this
was OK, since the code did not access the name, but this makes debugging
harder. And if any log messages are added in any of those functions, they
are likely to access u->id and such other basic information about the unit.
So let's move the removal of this "basic" information towards the end
of unit_free().
pid1: fix collection of cycles of units which reference one another
A .socket will reference a .service unit, by registering a UnitRef with the
.service unit. If this .service unit has the .socket unit listed in Wants or
Sockets or such, a cycle will be created. We would not free this cycle
properly, because we treated any unit with non-empty refs as uncollectable. To
solve this issue, treats refs with UnitRef in u->refs_by_target similarly to
the refs in u->dependencies, and check if the "other" unit is known to be
needed. If it is not needed, do not treat the reference from it as preventing
the unit we are looking at from being freed.
The source unit manages the reference. It allocates the UnitRef structure and
registers it in the target unit, and then the reference must be destroyed
before the source unit is destroyed. Thus, is should be OK to include the
pointer to the source unit, it should be live as long as the reference exists.
Jakub Filak [Thu, 15 Feb 2018 11:12:46 +0000 (12:12 +0100)]
coredump: accept hostname on command line (#8033)
This commint adds a new command line parameter to sytemd-coredump. The
parameter should be mappend to core_pattern's placeholder %h - hostname.
The field _HOSTNAME holds the name from the kernel's namespaces which might be
different then the one comming from process' namespaces.
It is true that the real hostname is usually available in the field
COREDUMP_ENVIRON (environment variables) but I believe it is more reliable to
use the value passed by kernel.
----
The length of iovec is no longer static and hence I corrected the declarations
of the functions set_iovec_field and set_iovec_field_free.
Ever since the initial implementation in 631bbe71298ec892f77f44f94feb612646fe6853,
client_parse_message() was supposed to check that the message contains exactly
one serverid. The check that no more than one is given was implemented
correctly, but the check that at least one is given was not. Simplify the whole
thing by making dhcp6_lease_get_serverid() return an error if the id is not
set, and do not require the arguments to be present if the contents of the id
are not needed.
ask-password-api: many fixes to ask_password_tty()
A couple of fixes:
1. always bzero_explicit() away what we remove from the passphrase
buffer. The UTF-8 code assumes the string remains NUL-terminated, and
we hence should enforce that. memzero() would do too here, but let's
be paranoid after all this is key material.
2. when clearing '*' characters from string, do so counting UTF-8
codepoints properly. We already have code in place to count UTF-8
codepoints when generating '*' characters, hence we should take the
same care when clearing them again.
3. Treat NUL on input as an alternative terminator to newline or EOF.
4. When removing characters from the password always also reset the
"codepoint" index properly.
tty-ask-password-agent: don't open terminal multiple times
We already have the terminal open, hence pass the fd we got to
ask_password_tty(), so that it doesn't have to reopen it a second time.
This is mostly an optimization, but it has the nice benefit of making us
independent from RLIMIT_NOFILE issues and so on, as we don't need to
allocate another fd needlessly.
ask-password: round up when determining sleep time
We should rather sleep to much than too little. This otherwise might
result in a busy loop, because we slept too little and then recheck
again coming to the conclusion we need to go to sleep again, and so on.
tty-ask-password-agent: assing sendto() result to a ssize_t variable, not an int
We should be careful with these types, and if we do convert between
"int" and "ssize_t" we should do so explicitly rather than implicitly.
Otherwise this just looks like a bug.
terminal-util: when making /dev/null or the console stdio, forget cached terminal features
Let's forget all relevant terminal features we learnt when we make a
console or /dev/null stdin/stdout/stderr.
Also, while we are at it, let's drop the various _unlikely_ and
_likely_ annotiations around the terminal feature caches. In many cases
we call the relevant functions only once in which cases the annotations
are likely to do just harm and no good. After all we can't know if the
specific code will call us just once or many times...
Alan Jenkins [Tue, 13 Feb 2018 18:04:31 +0000 (18:04 +0000)]
manager: avoid infinite loop for unexpected waitid() error (#8168)
I think if we log the error as being _ignored_, we should also consider
the event as handled and clear it. This was the behaviour prior to 575b300b (PR #7968).
I don't think we particularly wanted to change behaviour and keep retrying.
Sometimes that's useful, other times you cause more problems by filling the
logs.
core: add new new bus call for migrating foreign processes to scope/service units
This adds a new bus call to service and scope units called
AttachProcesses() that moves arbitrary processes into the cgroup of the
unit. The primary user for this new API is systemd itself: the systemd
--user instance uses this call of the systemd --system instance to
migrate processes if itself gets the request to migrate processes and
the kernel refuses this due to access restrictions.
The primary use-case of this is to make "systemd-run --scope --user …"
invoked from user session scopes work correctly on pure cgroupsv2
environments. There, the kernel refuses to migrate processes between two
unprivileged-owned cgroups unless the requestor as well as the ownership
of the closest parent cgroup all match. This however is not the case
between the session-XYZ.scope unit of a login session and the
user@ABC.service of the systemd --user instance.
The new logic always tries to move the processes on its own, but if
that doesn't work when being the user manager, then the system manager
is asked to do it instead.
The new operation is relatively restrictive: it will only allow to move
the processes like this if the caller is root, or the UID of the target
unit, caller and process all match. Note that this means that
unprivileged users cannot attach processes to scope units, as those do
not have "owning" users (i.e. they have now User= field).
core: in bus_init_system() make sure we setup the system bus even if we inherit the API bus
This corrects the control flow: when we reuse the API bus as system bus,
let's definitely invoke bus_init_system() too, so that it is called
regardless how we acquired the bus object.
(Note that this doesn't actually change anything, as we only inherit the
bus like this in system mode, and bus_init_system() doesn't do anything
in system bus, besides writing a log message)
bus: in bus_foreach_bus() don't bother with api_bus if it is NULL
Let's better be safe than sorry, and validate that api_bus is not NULL
before we send messages to it. Of course, strictly speaking this
shouldn't actually be necessary, as the tracker object should not exist
without the bus, but let's be extra sure.
core: delay bus name synchronization after reload/reexec into a later event loop iteration
Previously, we'd synchronize bus names immediately when we succeeded
connecting to the bus, potentially even before coldplugging the units.
This was problematic, as synchronizing bus names meant invoking the
per-unit name change handler function which might change the unit's
state — which will result in consistency when done before we coldplug
things.
With this change we instead enqueue a job for the event loop to resync
the names in a later loop iteration, i.e. at a point where we know
coldplugging has finished.
core: generalize how we acquire the Unit objects for unit names in bus calls
This splits out the code that translates a unit name into a Unit* object
from method_get_unit(), and reuses it all other functions that operate
similar to it. This effectively means all those calls now optionally
take an empty unit string which now means the same as the client's unit.
This useful behaviour of the GetUnit() bus call is thus extended to all
other matching bus calls.
Similar, the same logic from method_load_unit() is also generalized and
reused wherever appropriate.
core: tweak manager_journal_is_running() a bit more
Let's also use the journal if it is currently reloading. In that state
it should also be able to process our requests. Moreover, we might
otherwise end up disconnecting/reconnecting from the journal without
really any need to hence, relax the check accordingly.
This removes the current bus_init() call, as it had multiple problems:
it munged handling of the three bus connections we care about (private,
"api" and system) into one, even though the conditions when which was
ready are very different. It also added redundant logging, as the
individual calls it called all logged on their own anyway.
The three calls bus_init_api(), bus_init_private() and bus_init_system()
are now made public. A new call manager_dbus_is_running() is added that
works much like manager_journal_is_running() and is a lot more careful
when checking whether dbus is around. Optionally it checks the unit's
deserialized_state rather than state, in order to accomodate for cases
where we cant to connect to the bus before deserializing the
"subscribed" list, before coldplugging the units.
manager_recheck_dbus() is added, that works a lot like
manager_recheck_journal() and is invoked in unit_notify(), i.e. when
units change state.
All in all this should make handling a bit more alike to journal
handling, and it also fixes one major bug: when running in user mode
we'll now connect to the system bus early on, without conditionalizing
this in anyway.
I figure saying "systemd" here was a typo, and it should have been
"system". (Yes, it becomes very hard after a while typing "system"
correctly if you type "systemd" so often.) That said, "systemd" in some
ways is actually more correct, since BPF might be available for the
system instance but not in the user instance.
Either way, talking of "this systemd" is weird, let's reword this to be
"this manager", to emphasize that it's the local instance of systemd
where BPF is not available, but that it might be available otherwise.
projects / thirdparty / systemd.git / log
