loop_write() didn't follow the usual systemd rules and returned status
partially in errno and required extensive checks from callers. Some of
the callers dealt with this properly, but many did not, treating
partial writes as successful. Simplify things by conforming to usual rules.
Peter Hutterer [Sun, 7 Dec 2014 23:17:26 +0000 (09:17 +1000)]
hwdb: add more mouse DPI entries
Plus a note for Logitech devices using the unified receiver: these devices
include their wireless PID in the name, the usb PID/VID is the same for all.
In kernel 3.19 the actual model number will be the name, but the patches are
still a bit in flux at this point. In the future each device will need two
entries for pre+3.19 and 3.19.
Michal Schmidt [Tue, 9 Dec 2014 19:27:26 +0000 (20:27 +0100)]
journal: optimize iteration: skip files that cannot improve current candidate entry
Suppose that while iterating we have already looked into a journal file
and got a candidate for the next entry. And we are considering to look
into another journal file because it may contain an entry that is nearer
to the current location than the candidate.
We should skip the whole journal file if we can tell by looking at its
header that none of its entries can precede the candidate.
Before:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 0m20.518s
user 0m19.989s
sys 0m0.328s
After:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
Michal Schmidt [Tue, 9 Dec 2014 19:27:19 +0000 (20:27 +0100)]
journal: optimize iteration: skip whole files behind current location
Interleaving of entries from many journal files is expensive. But there
is room for optimization.
We can skip looking into journal files whose entries all lie before the
current iterating location. We can tell if that's the case from looking
at the journal file header. This saves a huge amount of work if one has
many of mostly not interleaved journal files.
On my workstation with 90 journal files in /var/log/journal/ID/
totalling 3.4 GB I get these results:
Before:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 5m54.258s
user 2m4.263s
sys 3m48.965s
After:
$ time ./journalctl --since=2014-06-01 --until=2014-07-01 > /dev/null
real 0m20.518s
user 0m19.989s
sys 0m0.328s
The high "sys" time in the original was caused by putting more stress on
the mmap-cache than it could handle. With the patch the working set
now consists of fewer mmap windows and mmap-cache is not thrashing.
WaLyong Cho [Tue, 9 Dec 2014 12:46:30 +0000 (21:46 +0900)]
unit: update unit dropin paths and time when dropin file is written.
If a unit is set property by "systemctl set-property", a new dropin
file is generated. But the unit's dropin_paths and dropin_mtime are
not updated. So the unit is shown as need daemon reload.
Update unit dropin_paths and dropin_mtime also when dropin file is
written.
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.
It is done before and independent of dropping privileges.
The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.
The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.
In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.
In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
WaLyong Cho [Tue, 9 Dec 2014 07:07:16 +0000 (16:07 +0900)]
run: introduce timer support option
Support timer options --on-active=, --on-boot=, --on-startup=,
--on-unit-active=, --on-unit-inactive=, --on-calendar=. Each options
corresponding with OnActiveSec=, OnBootSec=, OnStartupSec=,
OnUnitActiveSec=, OnUnitInactiveSec=, OnCalendar= of timer
respectively. And OnCalendar= and WakeSystem= supported by
--timer-property= option like --property= of systemd-run.
And if --unit= option and timer options are specified the command can
be omitted. In this case, systemd-run assumes the target service is
already loaded. And just try to generate transient timer unit only.
David Herrmann [Tue, 9 Dec 2014 10:12:41 +0000 (11:12 +0100)]
bus: sync with kdbus-git (ABI break)
kdbus-git gained two new features:
* memfd offsets: This allows to specify a 'start' offset in kdbus_memfd
so you can send partial memfd hunks instead of always
the full memfd
* KDBUS_HELLO_UNPRIVILEGED: If passed during HELLO, the client will be
treated as unprivileged.
Wesley Dawson [Mon, 1 Dec 2014 07:27:00 +0000 (23:27 -0800)]
journalctl: respect --after-cursor semantics with --follow in all cases
In the case where no entries have been added to the journal after the specified
cursor, set need_seek before the main loop to prevent display of the entry at
said cursor.
Ross Lagerwall [Sat, 29 Nov 2014 15:27:14 +0000 (15:27 +0000)]
cgroup: Handle error when destroying cgroup
If a cgroup fails to be destroyed (most likely because there are still
processes running as part of a service after the main pid exits), don't
free and remove the cgroup unit from the manager. This fixes a
regression introduced by the cgroup rework in v205 where systemd would
forget about processes still running after the unit becomes inactive.
(This can happen when the main pid exits and KillMode=process or none).
fstab-generator: Allow mount.usr without mount.usrflags, honor rw/ro
There is no need to require mount.usrflags. The original implementation
assumed that a btrfs subvolume would always be needed but that is not
applicable to systems that do not use btrfs for /usr.
Similar to using rootflags= for the default of mount.usrflags=, append
the classic 'ro' and 'rw' flags to the mount options.
Olivier Brunel [Fri, 5 Dec 2014 15:06:45 +0000 (16:06 +0100)]
journal: Fix navigating backwards missing entries
With DIRECTION_UP (i.e. navigating backwards) in generic_array_bisect() when the
needle was found as the last item in the array, it wasn't actually processed as
match, resulting in entries being missed.
The ELF magic cannot work for consumers of our shard library, since they
are in a different module. Hence make all the ELF magic private, and
instead introduce a public function to register additional static
mapping table.
Maciej Wereski [Thu, 4 Dec 2014 09:32:10 +0000 (10:32 +0100)]
tmpfiles, man: Add xattr support to tmpfiles
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.
It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:
name=value
All other fields are ignored.
If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.
Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
Tom Gundersen [Thu, 4 Dec 2014 17:12:55 +0000 (18:12 +0100)]
udev: net_setup - allow matching on OriginalName=
This has been requested repeatedly, so let's give it a go. We explicitly do not allow matching
on names that have already been changed (from a previous udev run, or otherwise), and matching
on unpredictable names (ethX) is discouraged (but not currently disallowed).
We also currently allow:
[Match]
Name=veth0
[Link]
Name=my-name0
SomeOtherSetting=true
Which means that the link file will be applied the first time it is invoked, but
not on subsequent invocations, which may be surprising.
David Herrmann [Thu, 4 Dec 2014 15:45:00 +0000 (16:45 +0100)]
missing: apparently, there's a world beyond x86..
..so make them cry and print a warning if __NR_memfd_create is not
defined. This should make syscall() fail with -ENOSYS, thus trigger a
suitable runtime error-path.
udevd: SAS: use SAS addr + PHY id in by-path whenever possible.
This patch changes the naming scheme for sas disks. The original names used
disk's sas address and lun, the new scheme uses sas address of the
nearest expander (if available) and a phy id of the used connection.
If no expander is used, the phy id of hba phy is used.
Note that names that refer to RAID or other abstract devices are
unchanged.
Name in raid configuration:
hba_pci_address-sas-raid_sas_address-lunY-partZ
Name in expander bare disk configuration:
hba_pci_address-sas-expander_sas_address-phyX-lunY-partZ
Name format without expanders:
hba_pci_address-sas-phyX-lunY-partZ
Michal Sekletar [Wed, 12 Nov 2014 12:53:27 +0000 (13:53 +0100)]
selinux: figure out selinux context applied on exec() before closing all fds
We need original socket_fd around otherwise mac_selinux_get_child_mls_label
fails with -EINVAL return code. Also don't call setexeccon twice but rather pass
context value of SELinuxContext option as an extra argument.