fileio: accept FILE* in addition to path in parse_env_file()
Most our other parsing functions do this, let's do this here too,
internally we accept that anyway. Also, the closely related
load_env_file() and load_env_file_pairs() also do this, so let's be
systematic.
process-util: add a new FORK_MOUNTNS_SLAVE flag for safe_fork()
We already have a flag for creating a new mount namespace for the child.
Let's add an extension to that: a new FORK_MOUNTNFS_SLAVE flag. When
used in combination will mark all mounts in the child namespace as
MS_SLAVE so that the child can freely mount or unmount stuff but it
won't leak into the parent.
dissect: optionally, validate that the image we dissect is a valid OS image
We already do this kind of validation in nspawn when we operate on a
plain directory, let's also do this on raw images under the same
condition: that we are about too boot the image. Also, do this when we
are about to read OS metadata from it.
fd-util: add new helper call fd_duplicate_data_fd()
This call creates an fd from another fd containing the same data.
Specifically, repeated read() on the returned fd should return the same
data as the original fd. This call is useful when we want to copy data
out of disk images and suchlike, and want to be pass fds with the data
around without having to keep the disk image continously mounted.
The implementation tries to be somewhat smart and tries to prefer
memfds/pipes over files in /tmp or /var/tmp based on the size of the
data, but has appropropriate fallbacks in place.
logind: let's change the type of the runtime directory size to uint64_t
Externally it's an uint64_t anyway, and internally we most just
initialize it to physical_memory() which returns uint64_t, hence there's
exactly zero value in using it as size_t internally. Hence, let's fix
that, and use uint64_t everywhere.
Franck Bui [Tue, 22 May 2018 12:22:53 +0000 (14:22 +0200)]
install: "user" and "global" scopes are equivalent for user presets
Otherwise querying the preset status of a unit to the user instance gives
incorrect results since in this case the scope used by the manager is
UNIT_FILE_USER.
nspawn: make sure our container PID 1 keeps logging to the original stderr as long as possible
If we log to the pty that is configured as stdin/stdout/stderr of the
container too early we risk filling it up in full before we start
processing the pty from the parent process, resulting in deadlocks.
Let's hence keep a copy of the original tty we were started on before
setting up stdin/stdout/stderr, so that we can log to it, and keep using
it as long as we can.
Since the kernel's pty internal buffer is pretty small this actually
triggered deadlocks when we debug logged at lot from nspawn's child
processes, see: https://github.com/systemd/systemd/pull/9024#issuecomment-390403674
With this change we won't use the pty at all, only the actual payload we
start will, and hence we won't deadlock on it, ever.
nspawn: make use of log_set_open_when_needed() in nspawn too
Let's make use of log_set_open_when_needed() in nspawn too, i.e. at the
point where we close logging because we are about to rearrange fds,
let's automatically reopen the logging fds when we need them, the same
way as we do that in the service manager. This makes things simpler and
more robust.
Yu Watanabe [Tue, 22 May 2018 13:26:22 +0000 (22:26 +0900)]
core: chown RuntimeDirectory= if DynamicUser= is set
When DynamicUser= is set, then RuntimeDirectory= should be always
chowned, as the service unit may enable RuntimeDirectoryPreserve=,
and the uid or gid may changed from the last run.
This also makes easier to migrate the service to use DynamicUser=.
tree-wide: port over all code to the new CONFIG_PARSER_PROTOTYPE() macro
This makes most header files easier to look at. Also Emacs gets really
slow when browsing through large sections of overly long prototypes,
which is much improved by this macro.
We should probably not do something similar with too many other cases,
as macros like this might help readability for some, but make it worse
for others. But I think given the complexity of this specific prototype
and how often we use it, it's worth doing.
config-parser: introduce new CONFIG_PARSER_PROTOTYPE() macro
This builds on the previous GENERIC_PARSER_ARGS macro work. I think in
general it is a better idea to declare macros that generate full C
statements instead of just parts of them, hence, let's introduce
CONFIG_PARSER_PROTOTYPE() which defines a full C function prototype,
instead of the pre-existing way of defining the C function prototype
manually, but then using GENERIC_PARSER_ARGS to define its arguments.
This doesn't drop GENERIC_PARSER_ARGS though, but renames it to
CONFIG_PARSER_ARGUMENTS, and changes the ConfigParserCallback function
type to use it. The new name follows more closely how the other symbols
in the header are named.
The macro is inspired by the other string table macros, and takes the
same arguments in the same order and dumps a string table to stdout.
Since it's typesafe it's nice to implement this as macro rather than
regular function.
This new macro is useful for implementing commands such as "systemctl -t
help" and similar, i.e. wherever we want to dump all values of an enum
to stdout.
The use of UINT64_C() in the SettingsMask enum definition is misleading:
it does not mean that individual fields have this width. E.g., with
enum {
FOO = UINT64_C(1)
}
sizeof(FOO) gives 4. It only means that the shift is done properly. So
1 << 35 is undefined, but UINT64_C(1) << 35 is the expected 64 bit
constant. Thus, the use UINT64_C() is useful, because we know that the shifts
are done properly, no matter what the value of _RLIMIT_MAX is, but when those
fields are used in expressions, we don't know what size they will be
(probably 4). Let's add a define which "hides" the enum definition behind a
define which gives the same value but is actually 64 bit. I think this is a
nicer solution than requiring all users to cast SETTING_RLIMIT_FIRST before
use.
meson: use run_target for generating tags with ctags
In https://github.com/systemd/systemd/pull/6561, `run_target`
was changed to `custom_target`, which inadvertently caused
relative paths to be passed to ctags due to
https://github.com/mesonbuild/meson/issues/3589.
The switch to `run_target` causes absolute paths to be
passed again and makes it easier to jump from file to
file, hopefully delaying the need to exit Vim :-)
sd-resolve: tweak error assignment code a bit, use abs() and regular functions
Let's tweak the assignment of errors a bit, and automatically abs()
errnos, similar to how log_error_errno() and friends does it.
Macros are fine to use, but regular functions usually preferable if
there's no reason to use macros, because they avoid multiple evaluation
and suchlike. Hence, let's just use a regular funciton for assigning
errors, instead of macros.
David Tardon [Tue, 24 Apr 2018 13:19:38 +0000 (15:19 +0200)]
fix race between daemon-reload and other commands
When "systemctl daemon-reload" is run at the same time as "systemctl
start foo", the latter might hang. That's because commands like start
wait for JobRemoved signal to know when the job is finished. But if the
job is finished during reloading, the signal is never sent.
The hang can be easily reproduced by running
# for ((N=1; N>0; N++)) ; do echo $N ; systemctl daemon-reload ; done
# for ((N=1; N>0; N++)) ; do echo $N ; systemctl start systemd-coredump.socket ; done
in two different terminals. The start command will hang after 1-2
iterations.
This keeps track of jobs that were started before reload and finished
during it and sends JobRemoved after the reload has finished.
tmpfiles: fix up and complain paths referring to /var/run (instead of /run) automatically
tmpfiles.d relies on merging lines for the same file paths, as well as
detecting conflicts between lines for the same file paths. /var/run is a
prominent case that is an alias for /run, any many tmpfiles snippets
refer to paths in /var/run rather than /run currently, which breaks the
conflict detection and merging.
We can't really fix this comprehensively, as doing so would require us
to resolve symlinks early on, but that's precisely not what we want to
do, as tmpfiles is usually run very early on where the paths might not
be fully available yet (in particular as we might likely create them
ourselves).
Hence, let's at least detect and fix this case for the most prominent
case of this ambiguity, and also log explicitly about this, asking users
to fix the snippets in question so that the merging and conflict
detection works properly again.
tmpfiles: create /var/{lib,log,cache}/private during early boot
This directory is used by the DynamicUer= stuff when used in combination
with StateDirectory=/LogDirectory=/CacheDirectory=. Let's make sure the
dir exists early on with the right perms. This is not strictly necessary
as we'll also create the dir on demand if it is missing, but in the
interest of grabbing the name early on, and making things more explicit
let's also list this in a tmpfiles.d/ snippet.
Similar as the other options added before, this is primarily useful to
provide comprehensive OCI runtime compatbility, but might be useful
otherwise, too.
nspawn: add a new --no-new-privileges= cmdline option to nspawn
This simply controls the PR_SET_NO_NEW_PRIVS flag for the container.
This too is primarily relevant to provide OCI runtime compaitiblity, but
might have other uses too, in particular as it nicely complements the
existing --capability= and --drop-capability= flags.
nspawn: make the hostname of the container explicitly configurable with a new --hostname= switch
Previously, the container's hostname was exclusively initialized from
the machine name configured with --machine=, i.e. the internal name and
the external name used for and by the container was synchronized. This
adds a new option --hostname= that optionally allows the internal name
to deviate from the external name.
This new option is mainly useful to ultimately implement the OCI runtime
spec directly in nspawn, but it might be useful on its own for some
other usecases too.