core/execute: refactor creation of array with fds to keep during execution
We close fds in two phases, first some and then the some more. When passing
a list of fds to exclude from closing to the closing function, we would
pass some in an array and the rest as separate arguments. For the fds which
should be excluded in both closing phases, let's always create the array
and put the relevant fds there. This has the advantage that if more fds to
exclude in both phases are added later, we don't need to add more positional
arguments.
The list passed to setup_pam() is not changed. I think we could pass more fds
to close there, but I'm leaving that unchanged.
The setting of FD_CLOEXEC on an already open fds is dropped. The fd is opened
in service_allocate_exec_fd() and there is no reason to suspect that it might
have been opened incorrectly. If some rogue code is unsetting our FD_CLOEXEC
bits, then it might flip any fd, no reason to single this one out.
Yu Watanabe [Tue, 13 Oct 2020 07:47:10 +0000 (16:47 +0900)]
network: start dynamic addressing clients like DHCP after setting netdevs
The function link_acquire_conf() may make the link state 'configuring'
when DHCP6 PD is enabled. Previously link_acquire_conf() was called
before link_enter_join_netdev(), and thus the assertion in the function
might be triggered.
analyze: show ungrouped syscalls separately (#17343)
This updates the "systemd-analyze syscall-filter" command to show a
special section of syscalls that are included in @known but in no other
group. Typically this should show syscalls we either should add to any
of the existing groups or where we unsure were they best fit in.
Right now, it mostly shows arch-specific compat syscalls, we probably
should move "@obsolete". This patch doesn't add thta however.
Yu Watanabe [Sun, 11 Oct 2020 23:51:02 +0000 (08:51 +0900)]
network: directly compare with in_addr element for IPv4 case
When peer address is set, address_compare_func() (or address_equal())
does not work in link_is_static_address_configured(), as an Address object
stored in a Link does not contain peer addresses. So, we need to also
compare with in_addr element for IPv4 case.
We need to make sure that our coredump pattern handler manages to read
process metadata from /proc/$PID/ before the kernel reaps the crashed
process. By default the kernel will reap the process as soon as it can.
By setting kernel.core_pipe_limit to a non-zero the kernel will wait for
userspace to finish before reaping.
We'll set the value to 16, which allows 16 crashes to be
processed in parallel. This matches the MaxConnections= setting in
systemd-coredump.socket.
See: #17301
(This doesn't close 17301, since we probably should also gracefully
handle if /proc/$PID/ vanished already while our coredump handler runs,
just in case people loclly set the sysctl back to zero. i.e. we should
collect what we can and rather issue an incomplete log record than
none.)
Latest glibc has deprecated mallinfo(), so it might become unavailable at some point
in the future. There is malloc_info(), but it returns XML, ffs. I think the information
that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and
not otherwise.
Benjamin Berg [Mon, 12 Oct 2020 09:02:26 +0000 (11:02 +0200)]
xdg-autostart: Lower most info messages to debug level
It is expected for numerous autostart files to not be convertible to
corresponding units. The information is only useful for someone
debugging why a file might not be started, but it is not generally
useful for users in most situations.
As such, lower the warnings. Anyone wondering why an application is not
started will easily notice that the unit is not generated. From there it
will be somewhat harder to figure out why, but the overall trade-off is
still improved.
resolved: don't append RFC6975 data to stub replies
We previously checked the QR bit to decide whether the RFC6975 algorithm
data in our packets. But that doesn't work in many cases, since we
initialize the QR flags along with the other flags usually only after
appending OPT (since success to do so propagates into flags). Hence,
let's add an explicit parameter that controls whether to include RFC6975
data in DNS packets, and set it to false for stub reply, and on true for
upstream queries.
My logs have lines like this:
Oct 10 09:38:38 krowka systemd-logind[1889]: External (2) displays connected.
Oct 10 09:38:38 krowka systemd-logind[1889]: Refusing operation, as it is turned off.
Without some hint *what* operation is ignored, this is not very informative.
(I remember this came up before, but I don't remember why we didn't change this
log line back then...)
to drop braces around single-line if statements. Also, prefix it with
zz- so it runs as the last one, so it's able to fix stuff tweaked by
previous transformations.
Coccinelle can't do this automagically and requires we supply it
respective header files. Unfortunately, the option for this
(--macro-file=) can be used only once, so let's create our own
macro file by collecting macros needed for the semantic parser
to be happy.
udev: make sure to install an inotify watch whenever we find a block device locked
This fixes a race where a block device that pops up and immediately is
locked (such as a loopback device in preparation) might result in
udev never run any rules for it, and thus never turn on inotify watching
for it (as inotify watching is controlled via an option set via udev
rules), thus not noticing when the device is unlocked/closed again
(which is noticed via IN_CLOSE_WRITE inotify events).
This changes two things:
1. Whenever we encounter a locked block device we'll now inotify watch
it, so that it is guaranteed we'll notice when the BSD lock fd is
closed again, and will reprobe.
2. We'll now turn off inotify watching again once we realise the
udev rules don't actually want that. Previously, once watching a
device was enabled via a udev rule, it would be watched forever until
the device disappeared, even if the option was dropped by the rules
for later events.
Together this will make sure that we'll watch the device via inotify
in both of the following cases:
a) The block device has been BSD locked when udev wanted to look at it
b) The udev rules run for the last seen event for the device say so
In all other cases inotify is off for block devices.
This new behaviour both fixes the race, but also makes the most sense,
as the rules (when they are run) actually really control the watch state
now. And if someone BSD locks a block device then it should be OK to
inotify watch it briefly until the lock is released again as the user
this way more or less opts into the locking protocol.
Benjamin Berg [Thu, 8 Oct 2020 13:58:37 +0000 (15:58 +0200)]
xdg-autostart: Ignore more common XDG Desktop Entry fields
It makes sense to ignore all the common fields that are expected and
that we can safely ignore. Note that it is fine to ignore URL as we will
already warn about the type= being wrong in that case.
This helper alone doesn't make too much sense, but it's preparatory work
for #17274, and I guess it can't hurt to land it early, it does make the
ratelimit code a tiny bit prettier after all.
This is just some refactoring: shifting around of code, not change in
codeflow.
This splits up the way too huge systemctl.c in multiple more easily
digestable files. It roughly follows the rule that each family of verbs
gets its own .c/.h file pair, and so do all the compat executable names
we support. Plus three extra files for sysv compat (which existed before
already, but I renamed slightly, to get the systemctl- prefix lik
everything else), a -util file with generic stuff everything uses, and a
-logind file with everything that talks directly to logind instead of
PID1.
systemctl is still a bit too complex for my taste, but I think this way
itc omes in a more digestable bits at least.
No change of behaviour, just reshuffling of some code.
systemctl: move compare_unit_info() to bus-unit-util.[ch]
It's an auxiliary function to the UnitInfo structures, and very generic.
Let's hence move it over to the other code operating with UnitInfo, even
if it's not used by code outside of systemctl (yet).
Document some reasonable DNS servers in the example config file
We have an option to set the fallback list, so we don't know what the contents
are. It may in fact be empty. Let's add some examples to make it easy for a user
stranded without any DNS to fill in something that would work. As a bonus, this
also gives names to the entries we provide by default.
(I added google and cloudflare because that's what we have currently, and quad9
because it seems to be a good privacy-concious and fast choice and was requested
in #12499. As a minimum, things we should include should be well-known global
services with a documented privacy policy and both IPv4 and IPv6 support and
decent response times.)