shared/user-util: allow usernames with dots in specific fields
People do have usernames with dots, and it makes them very unhappy that systemd
doesn't like their that. It seems that there is no actual problem with allowing
dots in the username. In particular chown declares ":" as the official
separator, and internally in systemd we never rely on "." as the seperator
between user and group (nor do we call chown directly). Using dots in the name
is probably not a very good idea, but we don't need to care. Debian tools
(adduser) do not allow users with dots to be created.
This patch allows *existing* names with dots to be used in User, Group,
SupplementaryGroups, SocketUser, SocketGroup fields, both in unit files and on
the command line. DynamicUsers and sysusers still follow the strict policy.
user@.service and tmpfiles already allowed arbitrary user names, and this
remains unchanged.
shared/user-util: add compat forms of user name checking functions
New functions are called valid_user_group_name_compat() and
valid_user_group_name_or_id_compat() and accept dots in the user
or group name. No functional change except the tests.
test: print an error when networkctl returns an unexpected EC
If networkctl crashes, like recently with SIGABRT, it returns absolutely
no output, which may be confusing during debugging. Help it a little
with a short informative message.
test-execute: skip test_exec_systemcallfilter_system under ASan
This particular test case keeps intermittently failing due to crashing
LSan when running under clang+ASan. Generally, sanitizers don't
like seccomp filters, so the best option here is to just switch this
test off for this scenario.
`adduser` is in certain cases a standalone package which provides a
better user experience. In other cases it's just a symlink to `useradd`.
And some distributions don't have `adduser` at all, like Arch Linux.
Let's use the `useradd` binary instead, which should provide the same
functionality everywhere.
v2:
- do not watch mtime of transient and generated dirs
We'd reload the map after every transient unit we created, which we don't
need to do, since we create those units ourselves and know their fragment
path.
This reworks how we load units from disk. Instead of chasing symlinks every
time we are asked to load a unit by name, we slurp all symlinks from disk
and build two hashmaps:
1. from unit name to either alias target, or fragment on disk
(if an alias, we put just the target name in the hashmap, if a fragment
we put an absolute path, so we can distinguish both).
2. from a unit name to all aliases
Reading all this data can be pretty costly (40 ms) on my machine, so we keep it
around for reuse.
The advantage is that we can reliably know what all the aliases of a given unit
are. This means we can reliably load dropins under all names. This fixes #11972.
TEST-15-DROPIN: add test for details of unit aliasing
I adjusted the tests to pass. I don't think the behaviour makes much sense,
even if we ignore the issue with "lazy loading" of aliases. E.g. in the
last section, the fact that dropins for yup@.service and yup@3.service are
not loaded seems to be a plain old bug.
waitid(2) and the libc function signature calls this "exit status", and
uses "exit code" for something different. Let's stick to the same
nomenclature hence.
pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message
We now log at LOG_INFO for any unit. Let's vary the log level
a bit, so that for normal short lived-units (less than 1 sec CPU),
we only log if debugging is enabled.
systemctl: do print all statuses/signals received from pid1
If for some reason we do not know some signal, instead of silently
skipping it, let's print it numerically. Likewise, 'show' is not the
right place to do value filtering for exit codes. If pid1 accepted it,
let's just print it with no fuss.
shared/bus-util: fix dbus serialization of {RestartPrevent,RestartForce,Success}ExitStatus
We were passing 1/4th of the size in bytes as argument. So depending
on the size of the array, either we'd only transfer a subset of values,
or we'd get an alignment error.
bus-util: convert bus_log_{parse,create}_error into defines
With SYSTEMD_LOG_LOCATION=1, it is much more useful to see the location
where the call to bus_log_{parse,create}_error() was made, rather then
the one-line body of the helper function. Also, it's our internal code,
so having a one-line non-inline function doesn't make much sense anyway.
I opted to embed the Bitmap structure directly in the ExitStatusSet.
This means that memory usage is a bit higher for units which don't define
this setting:
Service changes:
/* size: 2720, cachelines: 43, members: 73 */
/* sum members: 2680, holes: 9, sum holes: 39 */
/* sum bitfield members: 7 bits, bit holes: 1, sum bit holes: 1 bits */
/* last cacheline: 32 bytes */
/* size: 2816, cachelines: 44, members: 73 */
/* sum members: 2776, holes: 9, sum holes: 39 */
/* sum bitfield members: 7 bits, bit holes: 1, sum bit holes: 1 bits */
But this way the code is simpler and we do less pointer chasing.
Zach Smith [Mon, 15 Jul 2019 03:01:20 +0000 (20:01 -0700)]
systemd-sleep: use swaps in priority order
In situations where hibernation is requested but resume= and
resume_offset= kernel parameters are not configured, systemd
will attempt to locate a suitable swap location by inspecting
/proc/swaps. This change will use the first suitable swap with
the highest configured priority.