tmpfiles: automatically remove old machine snapshots at boot
Remove old temporary snapshots, but only at boot. Ideally we'd have
"self-destroying" btrfs snapshots that go away if the last last
reference to it does. To mimic a scheme like this at least remove the
old snapshots on fresh boots, where we know they cannot be referenced
anymore. Note that we actually remove all temporary files in
/var/lib/machines/ at boot, which should be safe since the directory has
defined semantics. In the root directory (where systemd-nspawn
--ephemeral places snapshots) we are more strict, to avoid removing
unrelated temporary files.
This also splits out nspawn/container related tmpfiles bits into a new
tmpfiles snippet to systemd-nspawn.conf
util: when creating temporary file names, allow including extra id string in it
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(),
tempfn_ranomd_child(). If non-NULL this string is included in the middle
of the newly created file name. This is useful for being able to
distuingish the kind of temporary file when we see one.
This also adds tests for the three call.
For now, we don't make use of this at all, but port all users over.
btrfs-util: when snapshotting make sure we don't descent into subvolumes we just created
We already had a safety check in place that we don't end up descending
to the original subvolume again, but we also should avoid descending in
the newly created one.
This is particularly important if we make a snapshot below its source,
like we do in "systemd-nspawn --ephemeral -D /".
seccomp_load returns -EINVAL when seccomp support is not enabled in the
kernel [1]. This should be a debug log, not an error that interrupts nspawn.
If the seccomp filter can't be set and audit is enabled, the user will
get an error message anyway.
Martin Pitt [Mon, 15 Jun 2015 06:59:44 +0000 (08:59 +0200)]
sysv-generator test: always log to console
Set $SYSTEMD_LOG_TARGET so that the output always goes to stdout/stderr. This
fixes running the test as root, as that logged to the journal previously.
David Herrmann [Sun, 14 Jun 2015 13:08:52 +0000 (15:08 +0200)]
tree-wide: fix memory leaks in users of bus_map_all_properties()
If you use bus_map_all_properties(), you must be aware that it might
touch output variables even though it may fail. This is, because we parse
many different bus-properties and cannot tell how to clean them up, in
case we fail deep down in the parser.
Fix all callers of bus_map_all_properties() to correctly cleanup any
context structures at all times.
David Herrmann [Sun, 14 Jun 2015 11:22:44 +0000 (13:22 +0200)]
Merge pull request #178 from utezduyar/man-sd_bus_message_get_creds
Improve the documentation of bus credentials by mentioning send-time metadata. This needs more love, we should really clarify metadata details here. However, this is still better than nothing, so it's fine.
David Herrmann [Sun, 14 Jun 2015 11:07:20 +0000 (13:07 +0200)]
Merge pull request #189 from teg/rtnl-rename
Rename sd_rtnl to sd_netlink to prepare for further netlink-protocol support. Anything rtnl specific still uses the sd_rtnl prefix, but the generic parts (including the bus and message objects) are now called sd_netlink.
Nick Owens [Fri, 1 May 2015 18:48:08 +0000 (11:48 -0700)]
networkd: create "kernel" setting for IPForwarding
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
Daniel Mack [Thu, 11 Jun 2015 11:10:39 +0000 (13:10 +0200)]
kmod-setup: don't print warning on -ENOSYS
-ENOSYS is returned from kmod_module_probe_insert_module() if a module isn't
available, not -ENOENT. Don't spit out a warning in that case unless the
warn_if_unavailable flag is set.
Also factor out the condition into an own variable for better readability.
ima_write_policy() expects data to be written as one or more
rules, no more than PAGE_SIZE at a time. Easiest way to ensure
that we are not splitting rules is to read and write one line at
a time.
Werner Fink [Wed, 10 Jun 2015 12:36:50 +0000 (14:36 +0200)]
core: Let two more booleans survive a daemon-reload
Without the boolean bus_name_good services as well as cgroup_realized
for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID
will be terminated if systemd will be daemon reloaded.
Unfortunately, gcc keeps warning about those even when we use an
explicit (void) cast to indicate we are not interested in the result.
LLVM's clang does not have that issue and works fine with the casts.
GCC bug being tracked at:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
Until that GCC bug is fixed (and the version with the fix is in
many/most distributions) or we switch to LLVM as the default compiler,
it looks like we'll have to disable this warning by default...
Tested by building files known to present warnings about unused results
without the suppression, confirmed that the warnings were no longer
present with this patch applied.
This partially reverts commit 00c11bc53a1d37 ("build-sys: don't suppress irrelevant warnings").
journald: do not strip leading whitespace from messages
Keep leading whitespace for compatibility with older syslog
implementations. Also useful when piping formatted output to the
`logger` command. Keep removing trailing whitespace.
Tested with `pstree | logger` and checking that the output of
`journalctl | tail` included aligned and formatted output.
Confirmed that all test cases still pass as expected.
Daniel Mack [Wed, 10 Jun 2015 18:42:56 +0000 (20:42 +0200)]
build-sys: make man/systemd.directives.xml depend on man/custom-entities.ent
Currently, the following command sequence fails:
make distclean
./autogen.sh c
make distcheck
That's because the command invoked to build man/systemd.directives.xml needs
man/custom-entities.ent to function, which itself isn't a dependency.
The $(filter-out $<,$^) logic used to filter out everything from the
prerequisites except for the first word, which doesn't work anymore
now. Use $(SOURCE_XML_FILES) instead.