Franck Bui [Fri, 22 Mar 2019 10:09:08 +0000 (11:09 +0100)]
meson: add libseccomp as a nspawn dep (#12067)
Due to this specific change: d0b6a10#diff-0203416587516c224c8fcfe8129e7caeR8,
systemd-nspawn uses libseccomp now if it is available. We we need to pass -I/usr/include
/libseccomp (or wherever seccomp.h is located) when compiling systemd-nspawn because
nspawn-settings.h does #include <seccomp.h>.
hwdb: make ids_parser.py compatible with pyparsing-2.3.0+
https://github.com/pyparsing/pyparsing/blob/master/CHANGES#L175
says something about fixing erroneously created levels in the hierarchy.
I don't have the faintest idea what this means, but with the change in
this patch we generate output that is unchanged from pre-2.3.0 versions.
Tested with python3-pyparsing-2.3.1-1.fc30.noarch and
python3-pyparsing-2.2.0-3.fc29.noarch.
man: make separate "Errors" sections subsection of "Return value"
Logically, this is better, because we're describing a subset of possible
return values. Visually this also looks quite good because groff renders
refsect2 much less prominently.
Also rewrap things, add <constant> in various places, fix some typos.
man: adjust nspawn man page to follow same section/order as --help text
No other changes, just some reshuffling and adding of section headers
(well, admittedly, I changed some "see above" and "see below" in the
text to match the new order.)
sd-id128: look for invocation id in environment first, keyring second
As general principle, we generally check command line args first, the
enviroment second, and external configuration and system state only later.
In case of the invocation ID, checking the keyring before the environment
was implemented as a poor-man's security measure. But this is not really
useful, since we're moving within the same security boundary. So let's just
do the expected thing, and check environment first.
Prompted by https://github.com/systemd/systemd/pull/11991#issuecomment-474647652.
core: rework how we reset the TTY after use by a service
This makes two changes:
1. Instead of resetting the configured service TTY each time after a
process exited, let's do so only when the service goes back to "dead"
state. This should be preferable in case the started processes leave
background child processes around that still reference the TTY.
2. chmod() and chown() the TTY at the same time. This should make it
safe to run "systemd-run -p DynamicUser=1 -p StandardInput=tty -p
TTYPath=/dev/tty8 /bin/bash" without leaving a TTY owned by a dynamic
user around.
David Michael [Wed, 20 Mar 2019 15:14:32 +0000 (15:14 +0000)]
shared/install: Preserve escape characters for escaped unit names
Since switching to extract_first_word with no flags for parsing
unit names in 4c9565eea534cd233a913c8c21f7920dba229743, escape
characters will be stripped from escaped unit names such as
"mnt-persistent\x2dvolume.mount" resulting in the unit not being
configured as defined. Preserve escape characters again for
compatibility with existing preset definitions.
test-fileio: avoid warning about ineffective comparison
On arm64 with gcc-8.2.1-5.fc29.aarch64:
../src/test/test-fileio.c:645:29: warning: comparison is always false due to limited range of data type [-Wtype-limits]
assert_se(c == EOF || safe_fgetc(f, &c) == 1);
^~
Casting c to int is not enough, gcc is able to figure out that the original
type was unsigned and still warns. So let's just silence the warning like
in test-sizeof.c.
sd-bus: avoid IN_SET() invocation with two identical values
Fixes #12036.
../../../src/systemd/src/libsystemd/sd-bus/bus-objects.c: In function ‘add_object_vtable_internal’:
../../../src/systemd/src/basic/macro.h:423:19: error: duplicate case value
Chris Morin [Wed, 20 Mar 2019 08:34:23 +0000 (01:34 -0700)]
journal-file: handle SIGBUS on offlining thread
The thread launched in journal_file_set_offline() accesses a memory
mapped file, so it needs to handle SIGBUS. Leave SIGBUS unblocked on the
offlining thread so that it uses the same handler as the main thread.
The result of triggering SIGBUS in a thread where it's blocked is
undefined in Linux. The tested implementations were observed to cause
the default handler to run, taking down the whole journald process.
We can leave SIGBUS unblocked in multiple threads since it's handler is
thread-safe. If SIGBUS is sent to the journald process asynchronously
(i.e. with kill, sigqueue, or raise), either thread handling it will
result in the same behavior: it will install the default handler and
reraise the signal, killing the process.
Franck Bui [Tue, 19 Mar 2019 09:59:26 +0000 (10:59 +0100)]
core: only watch processes when it's really necessary
If we know that main pid is our child then it's unnecessary to watch all
other processes of a unit since in this case we will get SIGCHLD when the main
process will exit and will act upon accordingly.
So let's watch all processes only if the main process is not our child since in
this case we need to detect when the cgroup will become empty in order to
figure out when the service becomes dead. This is only needed by cgroupv1.
Franck Bui [Mon, 18 Mar 2019 19:59:36 +0000 (20:59 +0100)]
core: reduce the number of stalled PIDs from the watched processes list when possible
Some PIDs can remain in the watched list even though their processes have
exited since a long time. It can easily happen if the main process of a forking
service manages to spawn a child before the control process exits for example.
However when a pid is about to be mapped to a unit by calling unit_watch_pid(),
the caller usually knows if the pid should belong to this unit exclusively: if
we just forked() off a child, then we can be sure that its PID is otherwise
unused. In this case we take this opportunity to remove any stalled PIDs from
the watched process list.
If we learnt about a PID in any other form (for example via PID file, via
searching, MAINPID= and so on), then we can't assume anything.
alloc-util: use malloc_usable_size() to determine allocated size
It's a glibc-specific API, but supported on FreeBSD and musl too at
least, hence fairly common. This way we can reduce our calls to
realloc() as much as possible.
units: turn off keyring handling for user@.service
This service uses PAM anyway, hence let pam_keyring set things up for
us. Moreover, this way we ensure that the invocation ID is not set for
this service as key, and thus can't confuse the user service's
invocation ID.