Michal Schmidt [Tue, 12 Aug 2014 23:00:18 +0000 (01:00 +0200)]
hashmap: introduce hash_ops to make struct Hashmap smaller
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
Michal Schmidt [Fri, 15 Aug 2014 14:33:03 +0000 (16:33 +0200)]
build: colorize gcc only if on tty
Rather than forcing gcc to always produce colorized error messages
whether on tty or not, enable automatic colorization by ensuring
GCC_COLORS is set to a non-empty string.
Doing it this way removes the need for workarounds in ~/.emacs or
~/.vimrc for "M-x compile" or ":make", respectively, to work.
core: smack-setup: Actually allow for succesfully loading CIPSO policy
The line under the last switch statement *loaded_policy = true;
would never be executed. As all switch cases return 0. Thus the
policy would never be marked as loaded.
David Herrmann [Thu, 11 Sep 2014 15:37:30 +0000 (17:37 +0200)]
test: fix mem-leak in fdopen() test
We must free FILE* after function return to not leak resources. Note that
this also closes our fd as fdopen() takes ownership of it.
Reported by Philippe De Swert (via coverity).
Actually unref the buscreds when we are not going to return a
pointer to them. As when bus_creds_add_more fails we immediately
return the error code otherwise and leak the new buscreds.
Found with coverity. Fixes: CID#1237761
After a section of memory is succesfully allocated, some of the following
actions can still fail due to lack of memory. In this case -ENOMEM is
returned without actually freeing the already mapped memory.
Found with coverity. Fixes: CID#1237762
David Herrmann [Thu, 11 Sep 2014 15:20:11 +0000 (17:20 +0200)]
terminal: fix uninitialized variable in strerror() log message
We currently print weird error-messages if xkbcommon fails (which cannot
fail so far, but might in the future). Fix the uninitialized variable
warnings by setting 'r' correctly.
Thanks to Philippe De Swert for catching this (via coverity).
journal: do not dereference already freed patterns
In case set_consume goes wrong, the pattern name has already been
freed. So we do not try to print it in the logs, assuming the pattern
addition print will be printed just before the failure anyway. Found
with coverity. Fixes: CID#1237798
David Herrmann [Thu, 11 Sep 2014 13:28:37 +0000 (15:28 +0200)]
terminal: enable sessions in evcat after taking control
If we enable a session, any probed device might get immediately enabled.
This might cause TakeDevice() messages to be sent before we call
TakeControl(). Therefore, enable sessions *after* sending TakeControl() so
we always succeed if TakeControl() succeeds.
David Herrmann [Thu, 11 Sep 2014 13:27:56 +0000 (15:27 +0200)]
terminal: remove unused set.h inclusion in idev
We don't use set.h so no need to include it. We used to include it for
temporary refs on all idev devices of a session, but that never was pushed
upstream.
David Herrmann [Thu, 11 Sep 2014 11:25:21 +0000 (13:25 +0200)]
udev: allow removing tags via TAG-="foobar"
This extends the udev parser to support OP_REMOVE (-=) and adds support
for TAG-= to remove previously set tags. We don't fail if the tag didn't
exist.
This is pretty handy if we ship default rules for seat-assignments and
users want to exclude specific devices from that. They can easily add
rules that drop any automatically added "seat" tags again.
David Herrmann [Tue, 2 Sep 2014 12:17:59 +0000 (14:17 +0200)]
terminal: discard async read() errors for evdev
If read() fails on evdev devices, we deal with this in idev_evdev_hup().
It is very likely this is an async revoke, therefore, we must not abort.
Fix our io helper to discard such errors after passing them to
idev_evdev_hup(), so we don't bail out of the event loop.
Tom Gundersen [Wed, 10 Sep 2014 08:56:26 +0000 (10:56 +0200)]
udev: timeout - increase timeout
Some kernel modules still take more than one minute to insmod, we no longer rely on the timeout
killing insmod within a given period of time, so just bump this to a much higher value. Its only
purpose is to make sure that nothing stays aronud forever.
Implement Elapsed Time option as it is defined as MUST in RFC 3315,
section 22.9. The elapsed time value is a 1/100th of a second with
a max value of 0xffff, i.e. 655.35 seconds.
As the main loop might not be running yet when sd_dhcp6_client_start() is
called, fetch the monotonic time directly and not from the event loop
while in state DHCP6_STATE_STOPPED.
Dave Reisner [Mon, 8 Sep 2014 13:27:41 +0000 (09:27 -0400)]
machined: remove redundant sd_notify
We already call this on via bus_event_loop_with_idle on exit. This
makes machined consistent with other similar daemons: localed,
hostnamed, timedated.
networkd: allow specification of DHCP route metric
This lets the routing metric for links to be specified per-network,
still defaulting to DHCP_ROUTE_METRIC (1024) if unspecified. Hopefully
this helps with multiple interfaces configured via DHCP.
Tom Gundersen [Sat, 6 Sep 2014 20:37:31 +0000 (22:37 +0200)]
units: networkd - order after udev
This way we are sure that /dev/net/tun has been given the right permissions before we try to connect to it.
Ideally, we should create tun/tap devices over netlink, and then this whole issue would go away.
Daniel Mack [Fri, 22 Aug 2014 17:02:03 +0000 (19:02 +0200)]
service: hook up custom endpoint logic
If BusPolicy= was passed, the parser function will have created
an ExecContext->bus_endpoint object, along with policy information.
In that case, create a kdbus endpoint, and pass its path name to the
namespace logic, to it will be mounted over the actual 'bus' node.
At endpoint creation time, no policy is updloaded. That is done after
fork(), through a separate call. This is necessary because we don't
know the real uid of the process earlier than that.
Daniel Mack [Fri, 22 Aug 2014 16:55:21 +0000 (18:55 +0200)]
namespace: add support for custom kdbus endpoint
If a path to a previously created custom kdbus endpoint is passed in,
bind-mount a new devtmpfs that contains a 'bus' node, which in turn in
bind-mounted with the custom endpoint. This tmpfs then mounted over the
kdbus subtree that refers to the current bus.
This way, we can fake the bus node in order to lock down services with
a kdbus custom endpoint policy.
Daniel Mack [Mon, 18 Aug 2014 20:42:28 +0000 (22:42 +0200)]
bus: parse BusPolicy directive in service files
Add a new directive called BusPolicy to define custom endpoint policies. If
one such directive is given, an endpoint object in the service's ExecContext is
created and the given policy is added to it.
Daniel Mack [Sat, 23 Aug 2014 14:02:21 +0000 (16:02 +0200)]
exec: move code executed after fork into exec_child()
This factors out one conditional branch that has grown way too big, and
makes the code more readable by using return statements rather than jump
labels.
Daniel Mack [Sat, 23 Aug 2014 13:28:37 +0000 (15:28 +0200)]
exec: factor out most function arguments of exec_spawn() to ExecParameters
This way, the list of arguments to that function gets more comprehensive,
and we can get around passing lots of NULL and 0 arguments from socket.c,
swap.c and mount.c.
It also allows for splitting up the code in exec_spawn().
localed: check for partially matching converted keymaps
If a user specifies multiple X11 keymaps, with a (at least the first
one) nonempty variant, and we don't match the whole combo, use
a converted keymap which includes the variant in preference to
the default, variantless, keymap.
E.g.: We would convert X11 config "layout=fr variant=mac" to "fr-mac",
but "layout=fr,us variant=mac," to "fr", because we don't have a
converted keymap which would match "fr,us", and we don't have a legacy
mapping for "fr,us". This is unexpected, and if we cannot match both,
it is still better to match the primary mapping and use "fr-mac".
Converting X11 to legacy keymaps and back is a fucking mess. Let's
make it at least possible to request detailed logs of what is being
changed and why (LOG_DEBUG level).
At LOG_INFO level, we would log the requested change of X11 or console
keymap, but not the resulting change after conversion to console or X11.
Make sure that every change of configuration on disk has a matching
line in the logs.
Functions either should generate error messages for everything they do
themselves, or for nothing and let the caller do it. But they certainly
shouldn't generate errors for some messages but not for others. Since
the function in this case is one that generates messages on its own, it
really should do that for everything, not just for some things, hence.
Yum was creating <container>/var/run/yum.pid and hence this directory
was created before filesystem package could create the symlink
/var/run -> /run.
This should be now fixed in yum.
Harald Hoyer [Wed, 3 Sep 2014 11:28:31 +0000 (13:28 +0200)]
initrd-parse-etc.service: ignore return code of daemon-reload
It seems the return code of systemctl daemon-reload can be !=0 in some
circumstances, which causes a failure of the unit and breaks booting in
the initrd.
Harald Hoyer [Wed, 3 Sep 2014 11:22:40 +0000 (13:22 +0200)]
base_filesystem_create: do not try to create "/root" if it exists
The check, if the directory/file already exists is only executed, if
there is a symlink target specified. In case of "/root", there is none,
so it is unconditionally tried to create the directory.
In case of a readonly filesystem, errno != EEXIST, but errno == EROFS,
so base_filesystem_create() and switch_root does not succeed.
This patch checks for existance not only in the symlink case.
On Tue, Sep 2, 2014 at 3:17 PM, Miroslav Lichvar <mlichvar@redhat.com> wrote:
>
> With the other patch allowing missed replies included it's now getting
> stuck as there is no timer to send the 2nd and 3rd request.
timesyncd: allow two missed replies before reselecting server
After receiving a reply from the server, allow two missed replies before
switching to another server to avoid unnecessary clock hopping when
packets are getting lost in the network.
Miroslav Lichvar [Wed, 27 Aug 2014 14:47:24 +0000 (16:47 +0200)]
timesyncd: wait before reconnecting to first server
When all servers are exhausted, wait for one poll interval before trying
to connect again to the first server in the list. Also, keep increasing
the polling interval to make sure a client not getting any valid replies
will not send requests to any server more frequently than is allowed by
the maximum polling interval.