Fix a bug in systemd-cryptsetup-generator which caused the drop-in
setting the job timeout for the dm device unit to be written with a
name different than the unit name.
Marius Tessmann [Fri, 29 Aug 2014 15:51:45 +0000 (17:51 +0200)]
shutdown: pass own argv to /run/initramfs/shutdown
Since commit b1e90ec515408aec2702522f6f68c4920b56375b systemd passes
its log settings to systemd-shutdown via command line parameters.
However, systemd-shutdown doesn't pass these parameters to
/run/initramfs/shutdown, causing it to fall back to the default log
settings.
This fixes the following bugs about the shutdown not being quiet
despite "quiet" being in the kernel parameters:
previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.
Michal Schmidt [Tue, 14 Oct 2014 22:17:51 +0000 (00:17 +0200)]
hashmap: allow hashmap_move() to fail
It cannot fail in the current hashmap implementation, but it may fail in
alternative implementations (unless a sufficiently large reservation has
been placed beforehand).
Michal Schmidt [Sat, 4 Oct 2014 19:29:10 +0000 (21:29 +0200)]
install, cgtop: adjust hashmap_move_one() callers for -ENOMEM possibility
That hashmap_move_one() currently cannot fail with -ENOMEM is an
implementation detail, which is not possible to guarantee in general.
Hashmap implementations based on anything else than chaining of
individual entries may have to allocate.
hashmap_move_one will not fail with -ENOMEM if a proper reservation has
been made beforehand. Use reservations in install.c.
In cgtop.c simply propagate the error instead of asserting.
Michal Schmidt [Tue, 14 Oct 2014 21:35:24 +0000 (23:35 +0200)]
hashmap: introduce hashmap_reserve()
With the current hashmap implementation that uses chaining, placing a
reservation can serve two purposes:
- To optimize putting of entries if the number of entries to put is
known. The reservation allocates buckets, so later resizing can be
avoided.
- To avoid having very long bucket chains after using
hashmap_move(_one).
In an alternative hashmap implementation it will serve an additional
purpose:
- To guarantee a subsequent hashmap_move(_one) will not fail with
-ENOMEM (this never happens in the current implementation).
Michal Schmidt [Mon, 13 Oct 2014 16:14:07 +0000 (18:14 +0200)]
hashmap: hashmap_move_one() should return -ENOENT when 'other' is NULL
-ENOENT is the same return value as if 'other' were an allocated hashmap
that does not contain the key. A NULL hashmap is a possible way of
expressing a hashmap that contains no key.
Michal Schmidt [Wed, 15 Oct 2014 09:00:46 +0000 (11:00 +0200)]
test: generate tests for OrderedHashmap from Hashmap tests
test-hashmap-ordered.c is generated from test-hashmap-plain.c simply by
substituting "ordered_hashmap" for "hashmap" etc.
In the cases where tests rely on the order of entries, a distinction
between plain and ordered hashmaps is made using the ORDERED macro,
which is defined only for test-hashmap-ordered.c.
Michal Schmidt [Mon, 13 Oct 2014 16:11:16 +0000 (18:11 +0200)]
hashmap: add OrderedHashmap as a distinct type
Few Hashmaps/Sets need to remember the insertion order. Most don't care
about the order when iterating. It would be possible to use more compact
hashmap storage in the latter cases.
Add OrderedHashmap as a distinct type from Hashmap, with functions
prefixed with "ordered_". For now, the functions are nothing more than
inline wrappers for plain Hashmap functions.
shared/log: add log_trace as compile-time optional debugging
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
Systemd 209 started setting $WATCHDOG_PID, and sd-daemon watch was
modified to check for this variable. This means that
sd_watchdog_enabled() stopped working with previous versions of
systemd. But sd-event is a public library and API and we must keep it
working even when a program compiled with a newer version of the
libary is used on a system running an older version of the manager.
getenv() and unsetenv() are fairly expensive calls, so optimize
sd_watchdog_enabled() by not calling them when unnecessary.
man: centralize the description of $WATCHDOG_PID and $WATCHDOG_USEC in
the sd_watchdog_enabled manpage. It is better not to repeat the same
stuff in two places.
journalctl: add new --flush command and make use of it in systemd-journal-flush.service
This new command will ask the journal daemon to flush all log data
stored in /run to /var, and wait for it to complete. This is useful, so
that in case of Storage=persistent we can order systemd-tmpfiles-setup
afterwards, to ensure any possibly newly created directory in /var/log
gets proper access mode and owners.
WaLyong Cho [Thu, 28 Aug 2014 12:33:03 +0000 (21:33 +0900)]
journal: do server_vacuum for sigusr1
runtime journal is migrated to system journal when only
"/run/systemd/journal/flushed" exist. It's ok but according to this
the system journal directory size(max use) can be over the config. If
journal is not rotated during some time the journal directory can be
remained as over the config(or default) size. To avoid, do
server_vacuum just after the system journal migration from runtime.
Daniel Mack [Wed, 22 Oct 2014 16:44:40 +0000 (18:44 +0200)]
sd-bus: sync kdbus.h
kdbus learned a new command to query a bus creator's credentials. Sync
kdbus.h first, which also renames some struct to more generic terms.
That is, however, not an ABI break this time.
Juho Son [Thu, 11 Sep 2014 07:06:38 +0000 (16:06 +0900)]
journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
systemd-journald check the cgroup id to support rate limit option for
every messages. so journald should be available to access cgroup node in
each process send messages to journald.
In system using SMACK, cgroup node in proc is assigned execute label
as each process's execute label.
so if journald don't want to denied for every process, journald
should have all of access rule for all process's label.
It's too heavy. so we could give special smack label for journald te get
all accesses's permission.
'^' label.
When assign '^' execute smack label to systemd-journald,
systemd-journald need to add CAP_MAC_OVERRIDE capability to get that smack privilege.
so I want to notice this information and set default capability to
journald whether system use SMACK or not.
because that capability affect to only smack enabled kernel
resolved: simplify detection of packets from the loopback device
We can simplify our code quite a bit if we explicitly check for the
ifindex being 1 on Linux as a loopback check. Apparently, this is
hardcoded on Linux on the kernel, and effectively exported to userspace
via rtnl and such, hence we should be able to rely on it.
Daniel Mack [Tue, 21 Oct 2014 17:19:44 +0000 (19:19 +0200)]
sd-bus: sync kdbus.h (ABI break)
In kdbus.h, the following details changed:
* All commands gained a 'kernel_flags' field to report the flags supported
by the driver. Before, this was done in the 'flags' field in a
bidirectional way, which turned out to be a problem for the code in
sd-bus, as many parts of it reuse the same ioctl struct more than once
and consider them to be owned by userspace.
* Name listings are now returned by a new struct instead of reusing struct
kdbus_cmd_name for that matter. This way, we don't add more unneeded
fields to it and make the API cleaner.
* 'conn_flags' was renamed to 'flags' in struct kdbus_cmd_hello to make
the API a bit more unified.