meson: use run_target for generating tags with ctags
In https://github.com/systemd/systemd/pull/6561, `run_target`
was changed to `custom_target`, which inadvertently caused
relative paths to be passed to ctags due to
https://github.com/mesonbuild/meson/issues/3589.
The switch to `run_target` causes absolute paths to be
passed again and makes it easier to jump from file to
file, hopefully delaying the need to exit Vim :-)
sd-resolve: tweak error assignment code a bit, use abs() and regular functions
Let's tweak the assignment of errors a bit, and automatically abs()
errnos, similar to how log_error_errno() and friends does it.
Macros are fine to use, but regular functions usually preferable if
there's no reason to use macros, because they avoid multiple evaluation
and suchlike. Hence, let's just use a regular funciton for assigning
errors, instead of macros.
David Tardon [Tue, 24 Apr 2018 13:19:38 +0000 (15:19 +0200)]
fix race between daemon-reload and other commands
When "systemctl daemon-reload" is run at the same time as "systemctl
start foo", the latter might hang. That's because commands like start
wait for JobRemoved signal to know when the job is finished. But if the
job is finished during reloading, the signal is never sent.
The hang can be easily reproduced by running
# for ((N=1; N>0; N++)) ; do echo $N ; systemctl daemon-reload ; done
# for ((N=1; N>0; N++)) ; do echo $N ; systemctl start systemd-coredump.socket ; done
in two different terminals. The start command will hang after 1-2
iterations.
This keeps track of jobs that were started before reload and finished
during it and sends JobRemoved after the reload has finished.
tmpfiles: fix up and complain paths referring to /var/run (instead of /run) automatically
tmpfiles.d relies on merging lines for the same file paths, as well as
detecting conflicts between lines for the same file paths. /var/run is a
prominent case that is an alias for /run, any many tmpfiles snippets
refer to paths in /var/run rather than /run currently, which breaks the
conflict detection and merging.
We can't really fix this comprehensively, as doing so would require us
to resolve symlinks early on, but that's precisely not what we want to
do, as tmpfiles is usually run very early on where the paths might not
be fully available yet (in particular as we might likely create them
ourselves).
Hence, let's at least detect and fix this case for the most prominent
case of this ambiguity, and also log explicitly about this, asking users
to fix the snippets in question so that the merging and conflict
detection works properly again.
tmpfiles: create /var/{lib,log,cache}/private during early boot
This directory is used by the DynamicUer= stuff when used in combination
with StateDirectory=/LogDirectory=/CacheDirectory=. Let's make sure the
dir exists early on with the right perms. This is not strictly necessary
as we'll also create the dir on demand if it is missing, but in the
interest of grabbing the name early on, and making things more explicit
let's also list this in a tmpfiles.d/ snippet.
Similar as the other options added before, this is primarily useful to
provide comprehensive OCI runtime compatbility, but might be useful
otherwise, too.
nspawn: add a new --no-new-privileges= cmdline option to nspawn
This simply controls the PR_SET_NO_NEW_PRIVS flag for the container.
This too is primarily relevant to provide OCI runtime compaitiblity, but
might have other uses too, in particular as it nicely complements the
existing --capability= and --drop-capability= flags.
nspawn: make the hostname of the container explicitly configurable with a new --hostname= switch
Previously, the container's hostname was exclusively initialized from
the machine name configured with --machine=, i.e. the internal name and
the external name used for and by the container was synchronized. This
adds a new option --hostname= that optionally allows the internal name
to deviate from the external name.
This new option is mainly useful to ultimately implement the OCI runtime
spec directly in nspawn, but it might be useful on its own for some
other usecases too.
nspawn: add new --rlimit= switch, and always set resource limits explicitly for our container payloads
This ensures we set the various resource limits of our container
explicitly on each invocation so that we inherit less from our callers
into the payload.
By default resource limits are now set to the same values Linux
generally passes to the host PID 1, thus minimizing needless differences
between host and container environments.
The limits are now also configurable using a new --rlimit= switch. This
is preparation for teaching nspawn native OCI runtime support as OCI
permits setting resource limits for container payloads, and it hence
probably makes sense if we do too.
POSIX doesn't declare too clearly how RLIM_INFINITY is set. Let's hence
filter it out explicitly early on, just as safety precaution should it
be defined weirdly on some arch, for example negative or below the
maximum value of the rlim_t type.
Turn VALGRIND variable into a meson configuration switch
Configuration through environment variable is inconvenient with meson, because
they cannot be convieniently changed and/or are not preserved during
reconfiguration (https://github.com/mesonbuild/meson/issues/1503).
This adds -Dvalgrind=true/false, which has the advantage that it can be set
at any time with meson configure -Dvalgrind=... and ninja will rebuild targets
as necessary. Additional minor advantages are better consistency with the
options for hashmap debugging, and typo avoidance with '#if' instead of '#ifdef'.
man: fix ProcessSizeMax= description, describe how to disable coredumps
What the man page said was different than what the code did.
save_external_coredump() will store the core temporarily for backtrace
generation, and will delete if afterwards if it is too large. So to disable
processing, it's necessary to both set
Storage=none/Storage=journal+JournalSizeMax=0/Storage=external+ExternalSizeMax=0
and ProcessSizeMax=0. This updates the man page to reflect the code.
The man pages are extended to describe that Storage=none + ProcessSizeMax=0 is
the simplest way to disable coredump processing. All the storage and processing
options make this quite complicated, so let's add a copy-and-pasteable example
of how to disable coredump. Doing it through coredump.conf has the advantage
that we still log, and the effect is immediate, unlike masking the sysconf
file.
Yu Watanabe [Thu, 17 May 2018 14:56:40 +0000 (23:56 +0900)]
timedatectl: do not wrap polkit policy message
If messages are wrapped, then only the last line is shown in the
dialog, at least polkit gui for Xfce. It may be a bug of polkit or
Xfce. But it is not necessary to wrap the message in the policy
file. So, let's fix them.
Alan Jenkins [Mon, 14 May 2018 14:45:09 +0000 (15:45 +0100)]
service: FileDescriptorStoreMax should also imply NotifyAccess
Commenting out "WatchdogTimeout=3min" in systemd-logind.service causes
NotifyAccess to go from "main" to "none", breaking support for logind
restart. Let's fix that.
The protocol is that a string is serialized with the nul byte at the end, and
the terminator is included in length. We'd call strndup with offset 0, length
len1-1, and then a second time with offset len1, length len2-1, so in the end
the check was off by one. But let's require the terminating nul too, even if
we don't access it.
sd-resolve: do not assert on packet size received over a socket
This is external data, even if trusted. We should not assert on it, but verify
and return proper error instead, which assert_return does. In particular,
write(2) says that a partial write could occur when interupted by a signal.
When compiled with asserts disabled, we could access memory outside of the
allocated buffer.
Initializing just some of the values doesn't make sense. We should handle them
all in the same way. In those tests there are no jumps, all steps are covered
with assert_se(), so we know everything will be set if we get to the end of the
function. And _not_ initializing those variables has the advantage that it
allows valgrind to catch potential initalization errors in the function being
tested.
tree-wide: do not wrap assert_se in extra parentheses
We were inconsitently using them in some cases, but in majority not.
Using assignment in assert_se is very common, not an exception like in
'if', so let's drop the extra parens everywhere.
bash-completion: redirect introspection errors to null
If completion is attempted on an invalid path, busctl might respond with an error.
This shouldn't be seen, introspection is supposed to just fail silently.
Since StandardOutput=file:path is more similar to StandardInput= than
StandardInputText=, and only StandardInput= is actually documented above
StandardOutput= whereas StandardInputText= is documented below it, I
assume the intention was to refer to the former.
When I see "test", I have to think three times what the return value
means. With "below" this is immediately clear. ratelimit_below(&limit)
sounds almost like English and is imho immediately obvious.
(I also considered ratelimit_ok, but this strongly implies that being under the
limit is somehow better. Most of the times this is true, but then we use the
ratelimit to detect triple-c-a-d, and "ok" doesn't fit so well there.)