Quite often we need to set up a number of fds as stdin/stdout/stderr of
a process we are about to start. Add a generic implementation for a
routine doing that that takes care to do so properly:
1. Can handle the case where stdin/stdout/stderr where previously
closed, and the fds to set as stdin/stdout/stderr hence likely in the
0..2 range. handling this properly is nasty, since we need to first
move the fds out of this range in order to later move them back in, to
make things fully robust.
2. Can optionally open /dev/null in case for one or more of the fds, in
a smart way, sharing the open file if possible between multiple of
the fds.
3. Guarantees that O_CLOEXEC is not set on the three fds, even if the fds
already were in the 0..2 range and hence possibly weren't moved.
"-m" is specified as a short form of "--monitor" in the option struct,
but not included in getopt_long's optstring. Update the optstring
to be consistent with the option struct.
By default, we detect if the real root has a separate /usr/sbin directory, but
this can be overrides with -Dsplit-bin=true|false. The check assumes that
/usr/sbin is split if it is not a symlink, so it'll return a false negative
with some more complicated setups. But that's OK, in those cases this should be
configured explicitly.
This will copy the structure of the directories in the root file system to
$DESTDIR. If a directory is a directory in $DESTDIR but a symlink in the root
file system, this script will fail. This means that it's not possible to reuse
a $DESTDIR from between ba7f4ae61 and this patch.
Franck Bui [Thu, 1 Mar 2018 09:58:03 +0000 (10:58 +0100)]
units: delegate "memory" instead of "cpu" by default for user instances (#8320)
CPU accounting has a too bad impact on performance to be enabled by
default. Therefore we should not delegate "cpu" for now.
OTOH since commit e0c46a736412b79b94a21f8512a769b9212b9adf, memory accounting
has been turned on for all units by default so it makes sense to delegate this
controller by default.
man: shorten/reword a bit in sd_bus_get_n_queued_read
In particular:
- drop "when it is non-zero" to avoid implying that it can be called if the
queue is not empty.
- "has been created" sounds like something happened in parallel,
but what we really mean is that *this* particular object *was* created in a
certain way.
Franck Bui [Wed, 28 Feb 2018 09:36:06 +0000 (10:36 +0100)]
rules: skip btrfs check if devices are not ready in 64-btrfs.rules (#8304)
If any devices are marked with 'SYSTEMD_READY=0' then we shouldn't run any
btrfs check on them.
Indeed there's no point in running "btrfs ready" on devices that already have
SYSTEMD_READY=0 set. Most probably such devices are members of a higher layer
aggregate device such as dm-multipath or software RAID. Doing IO on them wastes
time at best, and may cause delays, timeouts, or even hangs at worst (think
active-passive multipath or degraded RAID, for example).
It was initially reported at:
https://bugzilla.opensuse.org/show_bug.cgi?id=872929
kernel-install: Don't install BLS kernel images if dest dir doesn't exist (#8306)
The script shouldn't rely on a previous script exiting with a status code
that prevents it to be executed. Instead, should check if the destination
directory for the BLS kernel image exists and exit otherwise.
Let's include the command line to use to get the requested output. This
makes it easy to copy/paste the command line out, and add "--in-place"
to actually apply the changes "run-coccinelle.sh" outputs.
At various places we only want to close fds if they are not
stdin/stdout/stderr, i.e. fds 0, 1, 2. Let's add a unified helper call
for that, and port everything over.
rule-syntax-check: fix handling of runaway strings in comma splitting (#8298)
A runaway string should still be returned by the code that splits on
commas, so add a '?' to the regex so that the last '"?' in a string
still produces a valid block for the split code.
Tested:
ACTION=="remove\"GOTO=""
Which then produced:
$ test/rule-syntax-check.py src/login/70-uaccess.rules
# looking at src/login/70-uaccess.rules
Invalid line src/login/70-uaccess.rules:10: ACTION=="remove\"GOTO=""
clause: ACTION=="remove\"GOTO=""
seccomp: rework functions for parsing system call filters
This reworks system call filter parsing, and replaces a couple of "bool"
function arguments by a single flags parameter.
This shouldn't change behaviour, except for one case: when we
recursively call our parsing function on our own syscall list, then
we'll lower the log level to LOG_DEBUG from LOG_WARNING, because at that
point things are just a problem in our own code rather than in the user
configuration we are parsing, and we shouldn't hence generate confusing
warnings about syntax errors.
It doesn't work, spits out only rubbish and was already excluded of
run-coccinelle.sh. It's a pitty it doesn't work, but let's drop this
dead piece of code for now.
doc: add a new doc/ directory, and move two markdown docs into them
I figure sooneror later we'll have more of these docs, hence let's give
them a clean place to be.
This leaves NEWS and README/README.md as well as the LICENSE texts in
the root directory of the project since that appears to be customary for
Free Software projects.
core: don't process dbus unit and job queue when there are already too many messages pending
We maintain a queue of units and jobs that we are supposed to generate
change/new notifications for because they were either just created or
some of their property has changed. Let's throttle processing of this
queue a bit: as soon as > 1K of bus messages are queued for writing
let's skip processing the queue, and then recheck on the next
iteration again.
Moreover, never process more than 100 units in one go, return to the
event loop after that. Both limits together should put effective limits
on both space and time usage of the function, delaying further
operations until a later moment, when the queue is empty or the the
event loop is sufficiently idle again.
This should keep the number of generated messages much lower than
before on busy systems or where some client is hanging.
Note that this also means a bad client can slow down message dispatching
substantially for up to 90s if it likes to, for all clients. But that
should be acceptable as we only allow trusted bus clients, anyway.
core: don't bother enqueuing signal messages into busses that aren't ready yet
This is an optimization: there's no point in enqueuing unit and job
change notificiation signal messages into bus connection that aren't
fully set up yet.
This doesn't fix #8166 but should lower the load of messages enqueued
but not processed yet a bit.
Franck Bui [Fri, 23 Feb 2018 15:54:40 +0000 (16:54 +0100)]
rule-syntax-check: PROGRAM is not supposed to get value assigned
In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".
Actually it doesn't really make sense to assign it a value.
udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.
No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.
gcc warns about unitialized memory access because it notices that ssize_t which
is < 0 could be cast to positive int value. We know that this can't really
happen because only -1 can be returned, but OTOH, in principle a large
*positive* value cannot be cast properly. This is unlikely too, since xattrs
cannot be too large, but it seems cleaner to just use a size_t to return the
value and avoid the cast altoghter. This makes the code simpler and gcc is
happy too.
The following warning goes away:
[113/1502] Compiling C object 'src/basic/basic@sta/xattr-util.c.o'.
In file included from ../src/basic/alloc-util.h:28:0,
from ../src/basic/xattr-util.c:30:
../src/basic/xattr-util.c: In function ‘fd_getcrtime_at’:
../src/basic/macro.h:207:60: warning: ‘b’ may be used uninitialized in this function [-Wmaybe-uninitialized]
UNIQ_T(A,aq) < UNIQ_T(B,bq) ? UNIQ_T(A,aq) : UNIQ_T(B,bq); \
^
../src/basic/xattr-util.c:155:19: note: ‘b’ was declared here
usec_t a, b;
^
Before
systemd-detect-virt[18498]: No virtualization found in DMI
systemd-detect-virt[18498]: No virtualization found in CPUID
systemd-detect-virt[18498]: Virtualization XEN not found, /proc/xen does not exist
systemd-detect-virt[18498]: This platform does not support /proc/device-tree
systemd-detect-virt[18498]: Failed to check for virtualization: No such file or directory
The first four lines are at debug level, so the user would only see that last
one usually, which is not very enlightening.
This now becomes:
systemd-detect-virt[21172]: No virtualization found in DMI
systemd-detect-virt[21172]: No virtualization found in CPUID
systemd-detect-virt[21172]: Virtualization XEN not found, /proc/xen does not exist
systemd-detect-virt[21172]: This platform does not support /proc/device-tree
systemd-detect-virt[21172]: /proc/cpuinfo not found, assuming no UML virtualization.
systemd-detect-virt[21172]: This platform does not support /proc/sysinfo
systemd-detect-virt[21172]: Found VM virtualization none
systemd-detect-virt[21172]: none
basic/log: add an assert that does not recurse into logging functions
Then it can be used in the asserts in logging functions without causing
infinite recursion. The error is just printed to stderr, it should be
good enough for the common case.
gcc-8 throws an error if it knows snprintf might truncate output and the
return value is ignored:
../src/udev/udev-builtin-net_id.c: In function 'dev_pci_slot':
../src/udev/udev-builtin-net_id.c:297:47: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Werror=format-truncation=]
snprintf(str, sizeof str, "%s/%s/address", slots, dent->d_name);
^~
../src/udev/udev-builtin-net_id.c:297:17: note: 'snprintf' output between 10 and 4360 bytes into a destination of size 4096
snprintf(str, sizeof str, "%s/%s/address", slots, dent->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
Let's check all return values. This actually makes the code better, because there's
no point in trying to open a file when the name has been truncated, etc.
basic/log: make sure header is printed correctly, add test
If log_do_header() was called with overly long parameters, it'd generate
improper output. Essentially, it'd be truncated at random point, in particular
missing a newline at the end, so it'd run with the next field, usually MESSAGE=.
log_do_header is called with parameters from compiled code (file name, lien
nubmer, etc), so in practice this was unlikely to ever be a problem, but it is
possible. In particular, if systemd was compiled from sources in some deeply
nested directory (which happens for example in mock and other build roots), the
filename could be very long.
As a safety measure, let's truncate all parameters to 256 bytes. So we have
5 fields which are 256 bytes (plus the field name prefix), and a few other
fields with fixed width. This must always fit in the 2048 byte buffer.
I don't think there's much gain in calculating the required length precisely,
since it's a lot of fields and a few bytes allocated on the stack don't matter.
basic/log: fix confusion with parameters to log_dispatch_internal
log_dispatch_internal has only one caller where the extra_field/extra
params are not null: log_unit_full. When log_unit_full() was called,
when we got to log_dispatch_internal, our header would look like this:
PRIORITY=7
SYSLOG_FACILITY=3
CODE_FILE=../src/core/manager.c
CODE_LINE=2145
CODE_FUNC=manager_invoke_sigchld_event
USER_UNIT=gnome-terminal-server.service
65dffa7a3b984a6d9a46f0b8fb57710bUSER_INVOCATION_ID=
SYSLOG_IDENTIFIER=systemd
It took me a while to understand why I'm not seeing mangled messages in the
journal (after all, "" is a valid rvalue for log messages). The answer is that
journald rejects any field name which starts with a digit, and the MESSAGE_ID
that was used here starts with a digit. Hence, those lines would be silently
filtered out.
Peter Hutterer [Fri, 23 Feb 2018 08:36:45 +0000 (18:36 +1000)]
udev: don't assign INPUT_ID_MOUSE to a touchpad/joystick/touchscreen (#8259)
If a touchpad has MT axes only but not ABS_X/ABS_Y (DualShock 4 controller),
then we hit both the conditions is_touchpad and the later check for
!has_abs_axes here, assigning is_mouse and ID_INPUT_MOUSE later.
This is a bug, we historically only assigned either of of the pointing device
tags ID_INPUT_MOUSE/TOUCHPAD/JOYSTICK/TOUCHSCREEN, never multiple of them.
Note that we cannot just check for has_abs_axes and has_mt_coordinates because
the apple touch mouse has both. We really need to check if the device has
already been assigned something else.