0xAX [Mon, 1 Aug 2016 15:39:27 +0000 (18:39 +0300)]
machinectl: hide legend in a case when no data (#3839)
For this moment machinectl prints legend and count of machines/images/etc.
But in a case when we have no images,machines,etc., there is no sense to
show legend:
~$ machinectl
MACHINE CLASS SERVICE
0 machines listed.
Let's print only 'No machines', 'No images', 'No transfers' in this case.
0xAX [Mon, 1 Aug 2016 10:38:25 +0000 (13:38 +0300)]
main: get rid of ACTION_DONE (#3849)
the ACTION_DONE was introduced in the 4288f61921 (dbus: automatically
generate and install introspection files ) commit and was used in
systemd --introspect command.
Later 'introspect' command was removed in the ca2871d9b (bus: remove
static introspection file export) commit and have no users anymore.
Tejun Heo [Mon, 1 Aug 2016 01:38:47 +0000 (21:38 -0400)]
logind: 0% and 100% should be valid for UserTasksMax (#3836)
config_parse_user_tasks_max() was incorrectly accepting percentage value
between 1 and 99. Update it to accept 0% and 100%. This brings it in line
with TasksMax handling in systemd.
Steve Muir [Wed, 27 Jul 2016 21:19:37 +0000 (14:19 -0700)]
tests: don't test hostname if it looks like an id128
The condition tests for hostname will fail if hostname looks like an id128.
The test function attempts to convert hostname to an id128, and if that
succeeds compare it to the machine ID (presumably because the 'hostname'
condition test is overloaded to also test machine ID). That will typically
fail, and unfortunately the 'mock' utility generates a random hostname that
happens to have the same format as an id128, thus causing a test failure.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X260 models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T560 models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T460s models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the L460 models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X250 models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T450s models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the L450 models.
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T440p models.
Michael Biebl [Wed, 27 Jul 2016 03:32:37 +0000 (05:32 +0200)]
string-util: rework memory_erase() to not use GCC optimize attribute (#3812)
"#pragma GCC optimize" is merely a convenience to decorate multiple
functions with attribute optimize. And the manual has this to say about
this attribute:
This attribute should be used for debugging purposes only. It
is not suitable in production code.
Some versions of GCC also seem to have a problem with this pragma in
combination with LTO, resulting in ICEs.
So use a different approach (indirect the memset call via a volatile
function pointer) as implemented in openssl's crypto/mem_clr.c.
Michal Soltys [Tue, 26 Jul 2016 22:57:01 +0000 (00:57 +0200)]
vconsole: add two new toggle functions, remove old enable/disable ones
Add toggle_utf8() and toggle_utf8_sysfs() and use them in place of old
enable/disable functions. toggle_utf8() also adds iutf8 setting and is
set up to be called per-console (in subsequent patches).
Note, that old disable_utf8() didn't bother checking if it was ok
to change the kbdmode.
Michal Soltys [Tue, 26 Jul 2016 22:57:01 +0000 (00:57 +0200)]
vconsole: don't do GIO_SCRNMAP / GIO_UNISCRNMAP
GIO_SCRNMAP / GIO_UNISCRNMAP are related to what setfont does with -m
option - namely setting intermediate map from 8bit values into unicode
values. This map is global, so single setfont invocation sets it for
all applicable consoles.
Furthermore calling GIO_SCRNMAP before GIO_UNISCRNMAP causes issues as
the former corrupts values > 255 (UNI alone would be sufficient).
The bug can be easily tested with the following conf:
Michal Sekletar [Tue, 26 Jul 2016 12:25:52 +0000 (14:25 +0200)]
systemctl: allow disable on the unit file path, but warn about it (#3806)
systemd now returns an error when it is asked to perform disable on the
unit file path. In the past this was allowed, but systemd never really
considered an actual content of the [Install] section of the unit
file. Instead it performed disable on the unit name, i.e. purged all
symlinks pointing to the given unit file (undo of implicit link action
done by systemd when enable is called on the unit file path) and all
symlinks that have the same basename as the given unit file.
However, to notice that [Install] info of the file is not consulted one
must create additional symlinks manually. I argue that in most cases
users do not create such links. Let's be nice to our users and don't
break existing scripts that expect disable to work with the unit file
path.
In this mode, messages from processes which are not part of the session
land in the main journal file, and only output of processes which are
properly part of the session land in the user's journal. This is
confusing, in particular because systemd-coredump runs outside of the
login session.
"Deprecate" SplitMode=login by removing it from documentation, to
discourage people from using it.
Martin Pitt [Mon, 25 Jul 2016 20:01:35 +0000 (22:01 +0200)]
units: add graphical-session.target user unit (#3678)
This unit acts as a dynamic "alias" target for any concrete graphical user
session like gnome-session.target; these should declare
"BindsTo=graphical-session.target" so that both targets stop and start at the
same time.
This allows services that run in a particular graphical user session (e. g.
gnome-settings-daemon.service) to declare "PartOf=graphical-session.target"
without having to know or get updated for all/new session types. This will
ensure that stopping the graphical session will stop all services which are
associated to it.
sd-id128: be more liberal when reading files with 128bit IDs
Accept both files with and without trailing newlines. Apparently some rkt
releases generated them incorrectly, missing the trailing newlines, and we
shouldn't break that.
Michael Olbrich [Mon, 25 Jul 2016 18:04:02 +0000 (20:04 +0200)]
automount: don't cancel mount/umount request on reload/reexec (#3670)
All pending tokens are already serialized correctly and will be handled
when the mount unit is done.
Without this a 'daemon-reload' cancels all pending tokens. Any process
waiting for the mount will continue with EHOSTDOWN.
This can happen when the mount unit waits for it's dependencies, e.g.
network, devices, fsck, etc.
Michael Olbrich [Mon, 25 Jul 2016 18:02:55 +0000 (20:02 +0200)]
transaction: don't cancel jobs for units with IgnoreOnIsolate=true (#3671)
This is important if a job was queued for a unit but not yet started.
Without this, the job will be canceled and is never executed even though
IgnoreOnIsolate it set to 'true'.
systemctl: avoid "leaking" some strings in UnitStatusInfo
% valgrind --leak-check=full systemctl status multipathd.service --no-pager -n0
...
==431== 16 bytes in 2 blocks are definitely lost in loss record 1 of 2
==431== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==431== by 0x534AF19: strdup (in /usr/lib64/libc-2.23.so)
==431== by 0x4E81AEE: free_and_strdup (string-util.c:794)
==431== by 0x4EF66C1: map_basic (bus-util.c:1030)
==431== by 0x4EF6A8E: bus_message_map_all_properties (bus-util.c:1153)
==431== by 0x120487: show_one (systemctl.c:4672)
==431== by 0x1218F3: show (systemctl.c:4990)
==431== by 0x4EC359E: dispatch_verb (verbs.c:92)
==431== by 0x12A3AE: systemctl_main (systemctl.c:7742)
==431== by 0x12B1A8: main (systemctl.c:8011)
==431==
==431== LEAK SUMMARY:
==431== definitely lost: 16 bytes in 2 blocks
This happens because map_basic() strdups the strings. Other code in systemctl
assigns strings to UnitStatusInfo without copying them, relying on the fact
that the message is longer lived than UnitStatusInfo. Add a helper function
that is similar to map_basic, but only accepts strings and does not copy them.
The alternative of continuing to use map_basic() but adding proper cleanup
to free fields in UnitStatusInfo seems less attractive because it'd require
changing a lot of code and doing a lot of more allocations for little gain.
(I put "leaking" in quotes, because systemctl is short lived anyway.)
core: change ExecStart=! syntax to ExecStart=+ (#3797)
As suggested by @mbiebl we already use the "!" special char in unit file
assignments for negation, hence we should not use it in a different context for
privileged execution. Let's use "+" instead.
To "search something", in the meaning of looking for it, is valid,
but "search _for_ something" is much more commonly used, especially when
the meaning could be confused with "looking _through_ something"
(for some other object).
(C.f. "the police search a person", "the police search for a person".)
Also reword the rest of the paragraph to avoid using "automatically"
three times.
"strict versioned dependency" suggests that version "231" of the library
is stable. But the ABI or API might be changed in any patch, so reword
the text to avoid using "version".
shared/install: allow "enable" on linked unit files (#3790)
User expectations are broken when "systemctl enable /some/path/service.service"
behaves differently to "systemctl link ..." followed by "systemctl enable".
From user's POV, "enable" with the full path just combines the two steps into
one.
Michal Soltys [Mon, 25 Jul 2016 14:18:00 +0000 (16:18 +0200)]
getty@.service.m4: add Conflicts=/Before= against rescue.service (#3792)
If user isolates rescue target from multi-user or graphical target (or just
starts the service), IgnoreOnIsolate will cause issues with sulogin which is
directly started on current virtual console. This patch adds necessary
Conflicts= and Before= against rescue.service.
Note that this is not needed for emergency target, as implicit Requires= and
After= against sysinit.target is in effect for this service
(DefaultDependencies=yes).
Alban Crequy [Mon, 25 Jul 2016 13:39:46 +0000 (15:39 +0200)]
namespace: don't fail on masked mounts (#3794)
Before this patch, a service file with ReadWriteDirectories=/file...
could fail if the file exists but is not a mountpoint, despite being
listed in /proc/self/mountinfo. It could happen with masked mounts.
man: update systemctl man page for unit file commands, in particular "systemctl enable"
Clarify that "systemctl enable" can operate either on unit names or on unit
file paths (also, adjust the --help text to clarify this). Say that "systemctl
enable" on unit file paths also links the unit into the search path.
Many other fixes.
This should improve the documentation to avoid further confusion around #3706.
Let's not mention the supposed security benefit of turning off caching. It is
really questionnable, and I#d rather not create the impression that we actually
believed turning off caching would be a good idea.
Instead, mention that Cache=no is implicit if a DNS server on the local host is
used.
systemctl: never check inhibitors if -H or -M are used (#3781)
Don't check inhibitors when operating remotely. The interactivity inhibitors
imply can#t be provided anyway, and the current code checks for local sessions
directly, via various sd_session_xyz() APIs, hence bypass it entirely if we
operate on remote systems.
cgroup: whitelist inaccessible devices for "auto" and "closed" DevicePolicy.
https://github.com/systemd/systemd/pull/3685 introduced
/run/systemd/inaccessible/{chr,blk} to map inacessible devices,
this patch allows systemd running inside a nspawn container to create
/run/systemd/inaccessible/{chr,blk}.
namespace: ensure to return a valid inaccessible nodes (#3778)
Because /run/systemd/inaccessible/{chr,blk} are devices with
major=0 and minor=0 it might be possible that these devices cannot be created
so we use /run/systemd/inaccessible/sock instead to map them.
core: add a concept of "dynamic" user ids, that are allocated as long as a service is running
This adds a new boolean setting DynamicUser= to service files. If set, a new
user will be allocated dynamically when the unit is started, and released when
it is stopped. The user ID is allocated from the range 61184..65519. The user
will not be added to /etc/passwd (but an NSS module to be added later should
make it show up in getent passwd).
For now, care should be taken that the service writes no files to disk, since
this might result in files owned by UIDs that might get assigned dynamically to
a different service later on. Later patches will tighten sandboxing in order to
ensure that this cannot happen, except for a few selected directories.