mount-setup: add a comment that the character/block device nodes are "optional" (#8893)
if we lack privs to create device nodes that's fine, and creating
/run/systemd/inaccessible/chr or /run/systemd/inaccessible/blk won't
work then. Document this in longer comments.
test: don't send image building output to /dev/null (#8886)
Yes, the output is sometimes annyoing, but /dev/null is not the right
place...
I figure this redirection was left in from some debugging session, let's
fix it, and make the setup_basic_environment invocation like in all
other test scripts.
timesync: try to reload DBus configuration when RequestName() fails
If dbus.service starts earlier than the dynamic user systemd-timesync
is realized, then the dbus policy file for timesyncd does not loaded
and timesyncd fails to request name.
To support such case, try to reload dbus configuration when requesting
name fails.
Yu Watanabe [Thu, 3 May 2018 07:40:02 +0000 (16:40 +0900)]
util: make signal_from_string() accept RTMIN, RTMAX, and RTMAX-n
Before this, `signal_from_string()` accepts simple signal name
or RTMIN+n. This makes the function also accept RTMIN, RTMAX,
and RTMAX-n.
Note that RTMIN+0 is equivalent to RTMIN, and RTMAX-0 is to RTMAX.
This also fixes the integer overflow reported by oss-fuzz #8064.
https://oss-fuzz.com/v2/testcase-detail/5648573352902656
Nested KVM is very flaky as we learnt from our CI. Hence, let's avoid
KVM whenever we detect we are already running inside of KVM.
Maybe one day nested KVM is fixed, at which point we can turn this on
again, but for now let's simply avoid nested KVM, since reliable CI is
more important than quick CI, I guess.
And yes, avoiding KVM for our qemu runs does make things substantially
slower, but I think it's not a complete loss.
man: suffix all dir paths in file-hierarchy(7) with "/"
Our CODING_STYLE document suggests to suffix all paths referring to dirs
rather than regular files with a "/" in our docs and log messages.
Update file-hierarchy(7) to do just that.
man: document the XDG specs as further sources of specifications for file-hierarchy(7)
We document this further down in the text, but let's also list this
early on, where we mention the FHS as major influence too, so that it is
clear we incorporate all that thinking.
Direct leak of 56 byte(s) in 1 object(s) allocated from:
*0 0x7fd6adf72850 in malloc (/lib64/libasan.so.4+0xde850)
*1 0x7fd6ad2b93d2 in malloc_multiply ../src/basic/alloc-util.h:69
*2 0x7fd6ad2bafd2 in strv_split ../src/basic/strv.c:269
*3 0x7fd6ad42ba67 in search_from_environment ../src/libsystemd/sd-path/sd-path.c:409
*4 0x7fd6ad42bffe in get_search ../src/libsystemd/sd-path/sd-path.c:482
*5 0x7fd6ad42c55b in sd_path_search ../src/libsystemd/sd-path/sd-path.c:607
*6 0x7fd6ad42b3a2 in sd_path_home ../src/libsystemd/sd-path/sd-path.c:348
*7 0x55f59c65ebea in print_home ../src/path/path.c:97
*8 0x55f59c65f157 in main ../src/path/path.c:177
*9 0x7fd6abaea009 in __libc_start_main (/lib64/libc.so.6+0x21009)
Indirect leak of 68 byte(s) in 5 object(s) allocated from:
*0 0x7fd6adf72850 in malloc (/lib64/libasan.so.4+0xde850)
*1 0x7fd6abb5f689 in strndup (/lib64/libc.so.6+0x96689)
Indirect leak of 25 byte(s) in 1 object(s) allocated from:
*0 0x7fd6adf72850 in malloc (/lib64/libasan.so.4+0xde850)
*1 0x7fd6abb5f689 in strndup (/lib64/libc.so.6+0x96689)
*2 0x6c2e2f746e617266 (<unknown module>)
SUMMARY: AddressSanitizer: 149 byte(s) leaked in 7 allocation(s).
systemctl: make sure legacy "reboot", "suspend" and friends are always asynchronous (#8848)
Currently, "reboot" behaves differently in setups with and without logind.
If logind is used (which is probably the more common case) the operation
is asynchronous, we should behave in the same way as "systemctl <verb>".
Let's clean this up, and always expose the same behaviour, regardless if
logind is used or not: let's always make it asynchronous.
Let's simplify the code a bit. Let's reduce the number of redundant if
checks a bit, (i.e. if we want to check for equality with
VIRTUALIZATION_VM_OTHER there's no need to check for non-equality with
VIRTUALIZATION_NONE first). As a very welcome side-effect this means we
lose some lines of code and our level of indentation is reduced.
core: enforce that scope units can be started only once
Scope units are populated from PIDs specified by the bus client. We do
that when a scope is started. We really shouldn't allow scopes to be
started multiple times, as the PIDs then might be heavily out of date.
Moreover, clients should have the guarantee that any scope they allocate
has a clear runtime cycle which is not repetitive.
Let's properly terminate on SIGTERM or SIGINT. Previously we'd just rely
on the implicit process clean-up logic on UNIX. By shutting down
properly on SIGTERM/SIGINT we make it easier to track down memory leaks
by employing valgrind.
logind: modernize Manager object allocation and freeing
Let's propagate errors correctly, and stick to the usual naming and
behaviour of these functions. Or in other words, make this closer to the
matching code in machined.
basic/log: always ignore errno from the enviornment (#8841)
This extends the change done in b29f6480ec to other logging functions.
This actually fixes some bugs in callers of log_struct(), for example
config_parse_alias() called 'return log_syntax(..., 0, ...)' which could result
in a bogus non-zero return value.
Calls to log_object() and log_format_iovec() — which is only used by
server_driver_message() — appear correct.
man: don't claim we'd set XDG_SEAT and XDG_VTNR as part of service management
Previously, reading through systemd.exec(5) one might get the idea that
XDG_SEAT and XDG_VTNR are part of the service management logic, but they
are not, they are only set if pam_systemd is part of a PAM stack an
pam_systemd is used.
Hence, let's drop these env vars from the list of env vars, and instead
add a paragraph after the list mentioning that pam_systemd might add
more systemd-specific env vars if included in the PAM stack for a
service that uses PAMName=.
Let's optionally translate BSD exit codes to error strings too.
My first approach on adding this was to turn ExitStatusLevel into a
bitmask rather than a linear level, with one bit for the various feature
bits. However, the exit code ranges are generally not defined
independently from each other, i.e. our own ones are defined with the
LSB ones in mind, and most sets are defined with the ISO C ones.
Hence, instead I changed the existing hierarchy of MINIMAL, SYSTEMD, LSB
with an alias of FULL == LSB, only slightly by seperating FULL and LSB
into two separate levels, so that there's now:
1. MINIMAL (only EXIT_SUCCESS/EXIT_FAILURE)
2. SYSTEMD (incorporating our own exit codes)
3. LSB (like SYSTEMD but adding in LSB service exit codes)
4. FULL (like FULL but adding BSD exit codes)
Note that across the codebase only FULL, SYSTEMD, and MINIMAL are used,
depending on context, how much we know about the process and whether we
are logging for debugging purposes or not. This means the LSB level
wouldn't really have to be separate, but it appeared careless to me to
fold it into FULL along with the BSD exit codes.
Note that this commit doesn't change much for regular codepaths: the
FULL exit status level is only used during debug logging, as a helper to
the user reading the debug logs.
tree-wide: be more careful with the type of array sizes
Previously we were a bit sloppy with the index and size types of arrays,
we'd regularly use unsigned. While I don't think this ever resulted in
real issues I think we should be more careful there and follow a
stricter regime: unless there's a strong reason not to use size_t for
array sizes and indexes, size_t it should be. Any allocations we do
ultimately will use size_t anyway, and converting forth and back between
unsigned and size_t will always be a source of problems.
Note that on 32bit machines "unsigned" and "size_t" are equivalent, and
on 64bit machines our arrays shouldn't grow that large anyway, and if
they do we have a problem, however that kind of overly large allocation
we have protections for usually, but for overflows we do not have that
so much, hence let's add it.
So yeah, it's a story of the current code being already "good enough",
but I think some extra type hygiene is better.
This patch tries to be comprehensive, but it probably isn't and I missed
a few cases. But I guess we can cover that later as we notice it. Among
smaller fixes, this changes:
1. strv_length()' return type becomes size_t
2. the unit file changes array size becomes size_t
network: recreate link if its interface name is changed (#8795)
If an interface name is changed, then the link state, especially
managed or not, may need to be updated, as its corresponding
.link or .network files may be different. So, let's once drop
the link and recreate a new link object.
This cleans up handling of MTU values across the codebase. Previously
MTU values where stored sometimes in uint32_t, sometimes in uint16_t,
sometimes unsigned and sometimes in size_t. This now unifies this to
uint32_t across the codebase, as that's what netlink spits out, and what
the majority was already using.
Also, all MTU parameters are now parsed with config_parse_mtu() and
config_parse_ipv6_mtu() is dropped as it is now unneeded.
(Note there is one exception for the MTU typing: in the DCHPv4 code we
continue to process the MTU as uint16_t value, as it is encoded like
that in the protocol, and it's probably better stay close to the
protocol there.)
We use MTUs all over the place, let's add a unified, strict parser for
it, that takes MTU ranges into account.
We already have parse_ifindex() close-by, hence this appears to be a
natural addition, in particular as the range checking is not entirely
trivial to do, as it depends on the protocol used.
If enabling controller for some reason fails we need to clear error
for the FILE stream. Enabling remaining controllers would otherwise
fail because write_string_stream_ts() checks for ferror(f) and returns
-EIO if there is one.
meson: drop 'name' argument in cc.has_argument() (#8823)
This fixes the following warning with clang and meson-0.46.0,
```
WARNING: Passed invalid keyword argument "name".
WARNING: This will become a hard error in the future.
WARNING: Passed invalid keyword argument "name".
WARNING: This will become a hard error in the future.
Compiler for C supports arguments -Wno-typedef-redefinition: YES
WARNING: Passed invalid keyword argument "name".
WARNING: This will become a hard error in the future.
WARNING: Passed invalid keyword argument "name".
WARNING: This will become a hard error in the future.
Compiler for C supports arguments -Wno-gnu-variable-sized-type-not-at-end: YES
```