units: assign user-runtime-dir@.service to user-%i.slice
This service won't use much resources, but it's certainly nicer to see
it attached th the user's slice along with user@.service, so that
everything we run for a specific user is properly bound into one unit.
units: order user-runtime-dir@.service after systemd-user-sessions.service
We use systemd-user-sessions.service as barrier when to allow login
sessions. With this patch user@.service is ordered after that too, so
that any login related code (which user-runtime-dir@.service is) is
guaranteed to run after the barrier, and never before.
sd-bus: verify destination and sender values when setting
We would verify destination e.g. in sd_bus_message_new_call, but allow setting
any value later on with sd_bus_message_set_destination. I assume this check was
omitted not on purpose.
man: move more examples to stand-alone files and use 2-space indentation consistenty
Moving them out makes it easier to run them through a compiler, use automatic
indentation, and opens the possibility to provide a download link in the
future. I verified that all examples compile cleanly.
(2-space indentation is used because the examples are already significantly
indented in the man page, and we need to keep them narrow so that they display
well on standard terminals.)
resolved: change error handling for manager_etc_hosts_read()
The choice what errors to ignore is left to the caller, and the caller is
changed to ignore all errors.
On error, previously read data is kept. So if e.g. an oom error happens, we
will continue to return slightly stale data instead of pretending we have no
entries for the given address. I think that's better, for example when
/etc/hosts contains some important overrides that external DNS should not be
queried for.
resolved: keep addresses mapped to ::0 in a separate set
We'd store every 0.0.0.0 and ::0 entry as a structure without any addresses
allocated. This is a somewhat common use case, let's optimize it a bit.
This gives some memory savings and a bit faster response time too:
'time build/test-resolved-etc-hosts hosts' goes from 7.7s to 5.6s, and
memory use as reported by valgrind for ~10000 hosts is reduced
==18097== total heap usage: 29,902 allocs, 29,902 frees, 2,136,437 bytes allocated
==18240== total heap usage: 19,955 allocs, 19,955 frees, 1,556,021 bytes allocated
Also rename 'suppress' to 'found' (with reverse meaning). I think this makes
the intent clearer.
resolved: put /etc/hosts hashmaps in a structure and pass that around
This hides the details of juggling the two hashmaps from the callers a bit.
It also makes memory management a bit easier, because those two hashmaps share
some strings, so we can only free them together.
etc_hosts_parse() is made responsible to free the half-filled data structures
on error, which makes the caller a bit simpler.
No functional change. A refactoring to prepare for later changes.
- drop compatibility with autotools (/.libs/ directory)
- don't special-case "libnss_dns", just try build/libnss_foo.so.2 and libnss_foo.so.2.
This makes it possible to call e.g. build/test-nss files google.com.
Meson does not care either way, so let's use the simpler syntax. And files()
already gives a list, so nesting this in a list wouldn't be necessary even
if meson did not flatten everything.
sd-resolve: workaround for structured initialization to nested structs
When a nested struct is initialized by structured initializer, then
padding space is not cleared by zero. So, before setting values,
this makes explicitly set zero including padding.
This fixes the following false positive warning by valgrind:
```
==492== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==492== at 0x56D0CF7: sendmsg (in /usr/lib64/libpthread-2.27.so)
==492== by 0x4FDD3C5: sd_resolve_getaddrinfo (sd-resolve.c:975)
==492== by 0x110B9E: manager_connect (timesyncd-manager.c:879)
==492== by 0x10B729: main (timesyncd.c:165)
==492== Address 0x1fff0008f1 is on thread 1's stack
==492== in frame #1, created by sd_resolve_getaddrinfo (sd-resolve.c:928)
==492==
```
resolved: TCP Fast Open and TLS Session Tickets for OpenSSL
To decreae latency this add support for TFO and TLS Session Tickets. As OpenSSL wouldn't let you easily set a different function all written data is temporarily cached and therefore needs to be flushed after each SSL function which can write data.
This provides basic OpenSSL support without optimizations like TCP Fast Open and TLS Session Tickets.
Notice only a single SSL library can be enabled at a time and therefore journald functions provided by GnuTLS will be disabled when using OpenSSL.
Fixes #9531
resolved: set io events after receiving EAGAIN for TLS
During handshake and TLS session closing, messages needs to be exchanged. Therefore this patch overrides the requested IO events for the TCP stream when the TLS is waiting for sending or receiving of messages during theses periods. This fixes issues with correctly closing the TLS stream and prevents the handshake from hanging in rare cases (not seen yet).
Michael Biebl [Wed, 25 Jul 2018 11:58:00 +0000 (13:58 +0200)]
test: Increase qemu timeout from 90s to 180s
The usage of an initrd made TEST-09-ISSUE-2691 more likely to fail with
a timeout, so increase the timeout by 90s and adjust TimeoutStopSec=
accordingly.
sleep: offer hibernation only if the kernel image still exists
This makes hibernation unavailable if the kernel image we are currently
running was removed. This is supposed to be superficial protection
against hibernating a system we can never return from because the kernel
has been updated and the kernel we currently run is not available
anymore.
We look at a couple of places for the kernel, which should cover all
distributions I know off. Should I have missed a path I am sure people
will quickly notice and we can add more places to check. (or maybe
convince those distros to stick their kernels at a standard place)
Andrew Jorgensen [Wed, 25 Jul 2018 15:06:57 +0000 (08:06 -0700)]
shared/sleep-config: exclude zram devices from hibernation candidates
On a host with sufficiently large zram but with no actual swap, logind will
respond to CanHibernate() with yes. With this patch, it will correctly respond
no, unless there are other swap devices to consider.
core: fix gid when DynamicUser=yes with static User=
When DynamicUser=yes and static User= are set, and the user has
different uid and gid, then as the storage socket for the dynamic
user does not contains gid, we need to obtain gid.
timedate: defer the property changed signal until job of starting/stopping NTP service is finished
Before this, the property changed signal is emitted immediately after
StartUnit/StopUnit method is called. So, the running state of the NTP
client service may not updated.
This makes the timing of emitting property changed signal is deferred
until job of starting/stopping NTP client service is completed.
timedate: increment reference count of sd_bus_message
The commit 5d280742b645a69a19e7f9131adc0c95f5c7fa07 introduces a
barrier to suppress calling context_update_ntp_status() multiple times.
However, it just stores the address of sd_bus_message object. So,
when an address is reused on the subsequent message, then the status
of NTP clients are not updated.
This makes the stored message object is referenced by the context
object. So, the subsequent message is on cirtainly different address.
And while we are at it, let's rearrange and extend the Type=
documentation a bit. Let's make it an itemized list, and let's add a
paragraph explaining which type best to use.
Users are often surprised that "systemd-run" command lines like
"systemd-run -p User=idontexist /bin/true" will return successfully,
even though the logs show that the process couldn't be invoked, as the
user "idontexist" doesn't exist. This is because Type=simple will only
wait until fork() succeeded before returning start-up success.
This patch adds a new service type Type=exec, which is very similar to
Type=simple, but waits until the child process completed the execve()
before returning success. It uses a pipe that has O_CLOEXEC set for this
logic, so that the kernel automatically sends POLLHUP on it when the
execve() succeeded but leaves the pipe open if not. This means PID 1
waits exactly until the execve() succeeded in the child, and not longer
and not shorter, which is the desired functionality.
Making use of this new functionality, the command line
"systemd-run -p User=idontexist -p Type=exec /bin/true" will now fail,
as expected.
core: swap order of "n_storage_fds" and "n_socket_fds" parameters
When process fd lists to pass to activated programs we always place the
socket activation fds first, and the storage fds last. Irritatingly in
almost all calls the "n_storage_fds" parameter (i.e. the number of
storage fds to pass) came first so far, and the "n_socket_fds" parameter
second. Let's clean this up, and specify the number of fds in the order
the fds themselves are passed.
(Also, let's fix one more case where "unsigned" was used to size an
array, while we should use "size_t" instead.)
sd-bus: allow connecting to the pseudo-container ".host"
machined exposes the pseudo-container ".host" as a reference to the host
system, and this means "machinectl login .host" and "machinectl shell
.host" get your a login/shell on the host. systemd-run currently doesn't
allow that. Let's fix that, and make sd-bus understand ".host" as an
alias for connecting to the host system.
tree-wide: increase granularity of percent specifications all over the place to permille
We so far had various placed we'd parse percentages with
parse_percent(). Let's make them use parse_permille() instead, which is
downward compatible (as it also parses percent values), and increases
the granularity a bit. Given that on the wire we usually normalize
relative specifications to something like UINT32_MAX anyway changing
from base-100 to base-1000 calculations can be done easily without
breaking compat.
This commit doesn't document this change in the man pages. While
allowing more precise specifcations permille is not as commonly
understood as perent I guess, hence let's keep this out of the docs for
now.
parse-util: in parse_permille() check negative earlier
If 'v' is negative, it's wrong to add the decimal to it, as we'd
actually need to subtract it in this case. But given that we don't want
to allow negative vaues anyway, simply check earlier whether what we
have parsed so far was negative, and react to that before adding the
decimal to it.