core: make sure to always go through both SIGTERM and SIGKILL states of units
Given that we now have KillMode=mixed where SIGTERM might kill a smaller
set than SIGKILL we need to make sure to always go explicitly throught
the SIGKILL state to get the right end result.
core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes
This should fix some race with terminating systemd --user, where the
system systemd instance might race against the user systemd instance
when sending SIGTERM.
In (v1) I changed the job start timestamp to be always set, so the
start time can be reported in the cylon eye message. The bug was that
when deserializing jobs, they would be ignored if their start
timestamp was unset which was synonymous with no timeout. But after
the change, jobs would have a start timestamp set despite having no
timeout. After deserialization they would be considered immediately
expired. Fix this by checking if the timeout is not zero when
considering jobs for expiration.
Current glibc implementation is safe. Kernel does this atomically,
and write is actually implemented through writev. So if write is
async-signal-safe, than writev pretty much must be too.
When set to auto, status will shown when the first ephemeral message
is shown (a job has been running for five seconds). Then until the
boot or shutdown ends, status messages will be shown.
No indication about the switch is done: I think it should be clear
for the user that first the cylon eye and the ephemeral messages appear,
and afterwards messages are displayed.
The initial arming of the event source was still wrong, but now should
really be fixed.
journal: guarantee async-signal-safety in sd_journald_sendv
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
bus: rework bloom filter logic to operate with variable bloom filter
sizes and numbers of hash functions
In order to make the bloom filter logic more future proof communicate
bloom filter parameters from the original bus creator to the clients,
and allow them to be variable within certain ranges.
Add new calls sd_bus_open() and sd_bus_default() for connecting to the
starter bus a service was invoked for, or -- if the process is not a
bus-activated service -- the appropriate bus for the scope the process
has been started in.
core: require mounts for the root and working directories
We know that launching a unit will fail if some required directories
haven't been mounted yet. There's no point in starting it just to
have it fail even before it gets a chance to run.
Decrease the switching interval to 1/3 s, so that when the time
remaining is displayed with 1s precision, it doesn't jump by 2s every
once in a while. Also, the system is feels noticably faster when the
status changes couple of times per second instead of every few
seconds.
Elia Pinto [Wed, 22 Jan 2014 11:28:43 +0000 (03:28 -0800)]
build-sys: add a phony target for cppcheck
The cppcheck target was introduced by commit 16f4efb4150c65e3c61adaa8ea512489de49f532
"build-sys: add cppcheck target". But it is preferable to use a make phony target
for it, as this patch does.
There are two general reasons to use a phony target: to avoid a
conflict with a file of the same name, and to improve performance. In
this case the first reason is obvious, and the second is that make
skips the implicit rule search for phony targets, since it knows that
phony targets do not name actual files that could be remade from other
files (as described in the "Gnu Make" Manual).
Christian Seiler [Sun, 26 Jan 2014 11:02:49 +0000 (12:02 +0100)]
cryptsetup: Support key-slot option
Debian recently introduced the option key-slot to /etc/crypttab to
specify the LUKS key slot to be used for decrypting the device. On
systems where a keyfile is used and the key is not in the first slot,
this can speed up the boot process quite a bit, since cryptsetup does
not need to try all of the slots sequentially. (Unsuccessfully testing
a key slot typically takes up to about 1 second.)
This patch makes systemd aware of this option.
Debian bug that introduced the feature:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
A compatibility libsystemd-login library is created which uses
.symver and ifunc magic proposed by Lennart to make programs linked
to the old library name continue to work seamlessly.
Unfortunately the bfd linker crashes:
https://sourceware.org/bugzilla/show_bug.cgi?id=16467
This will be fixed in binutils 2.25.
As a work-around, gold can be used:
LDFLAGS=-Wl,-fuse-ld=gold
Unfortunately the switch to pick the linker appeared in gcc 4.8.
This also doesn't work with LLVM:
http://llvm.org/bugs/show_bug.cgi?id=11897
Kay Sievers [Sat, 25 Jan 2014 20:04:39 +0000 (21:04 +0100)]
dbus1-generator: add missing "path=" and "unix:*" to DBUS environment variables
This works around the goa daemon crash:
Jan 25 20:54:24 lon goa[1363]: goa-daemon version 3.10.2 starting [main.c:117, main()]
Jan 25 20:54:24 lon systemd[424]: Starting Legacy D-Bus Protocol Compatibility Daemon (PID 1363/UID 2702)...
Jan 25 20:54:24 lon systemd[424]: Started Legacy D-Bus Protocol Compatibility Daemon (PID 1363/UID 2702).
Jan 25 20:54:24 lon kernel: goa-daemon[1363]: segfault at 20 ip 00007f46914b26d5 sp 00007fff1ae6d9a0 error 4 in libtelepathy-glib.so.0.80.1[7f469144f000+228000]
Jan 25 20:54:24 lon systemd-coredump[1368]: Process 1363 (goa-daemon) dumped core.
Jan 25 20:54:32 lon goa[1375]: goa-daemon version 3.10.2 starting [main.c:117, main()]
bus: rename sd_bus_get_realtime_timestamp() to sd_bus_get_realtime_usec()
This brings the calls into similar style as the respective functions in
libsystemd-journal, and also is a bi shorter and more descriptive since
it clarifies the time unit used.
David Herrmann [Sat, 30 Nov 2013 10:39:48 +0000 (11:39 +0100)]
logind: introduce session "positions"
logind has no concept of session ordering. Sessions have a unique name,
some attributes about the capabilities and that's already it. There is
currently no stable+total order on sessions. If we use the logind API to
switch between sessions, we are faced with an unordered list of sessions
we have no clue of.
This used to be no problem on seats with VTs or on seats with only a
single active session. However, with the introduction of multi-session
capability for seats without VTs, we need to find a way to order sessions
in a stable way.
This patch introduces session "positions". A position is a simple integer
assigned to a session which is never changed implicitly (currently, we
also don't change it explicitly, but that may be changed someday). For
seats with VTs, we force the position to be the same as the VTnr. Without
VTs, we simply find the lowest unassigned number and use it as position.
If position-assignment fails or if, for any reason, we decide to not
assign a position to a session, the position is set to 0 (which is treated
as invalid position).
During session_load() or if two sessions have the same VTnr, we may end up
with two sessions with the same position (this shouldn't happen, but lets
be fail-safe in case some other part of the stack fails). This case is
dealt with gracefully by ignoring any session but the first session
assigned to the position. Thus, session->pos is a hint, seat->positions[i]
is the definite position-assignment. Always verify both match in case you
need to modify them!
Additionally, we introduce SwitchTo(unsigned int) on the seat-dbus-API.
You can call it with any integer value != 0 and logind will try to switch
to the request position. If you implement a compositor or any other
session-controller, you simply watch for ctrl+alt+F1 to F12 and call
SwitchTo(Fx). logind will figure a way out deal with this number.
For convenience, we also introduce SwitchToNext/Previous(). It should be
called on ctrl+alt+Left/Right (like the kernel-console used to support).
Note that the public API (SwitchTo*()) is *not* bound to the underlying
logic that is implemented now. We don't export "session-positions" on the
dbus/C API! They are an implementation detail. Instead, the SwitchTo*()
API is supposed to be a hint to let logind choose the session-switching
logic. Any foreground session-controller is free to enumerate/order
existing sessions according to their needs and call Session.Activate()
manually. But the SwitchTo*() API provides a uniform behavior across
session-controllers.
Background: Session-switching keys depend on the active keymap. The XKB
specification provides the XKB_KEY_XF86Switch_VT_1-12 key-symbols which
have to be mapped by all keymaps to allow session-switching. It is usually
bound to ctrl+alt+Fx but may be set differently. A compositor passes any
keyboard input to XKB before passing it to clients. In case a key-press
invokes the XKB_KEY_XF86Switch_VT_x action, the keypress is *not*
forwarded to clients, but instead a session-switch is scheduled.
This actually prevents us from handling these keys outside of the session.
If an active compositor has a keymap with a different mapping of these
keys, and logind itself tries to catch these combinations, we end up with
the key-press sent to the compositor's clients *and* handled by logind.
This is *bad* and we must avoid this. The only situation where a
background process is allowed to handle key-presses is debugging and
emergency-keys. In these cases, we don't care for keymap mismatches and
accept the double-event. Another exception is unmapped keys like
PowerOff/Suspend (even though this one is controversial).
exec: introduce PrivateDevices= switch to provide services with a private /dev
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that
sets up a private /dev with only the API pseudo-devices like /dev/null,
/dev/zero, /dev/random, but not any physical devices in them.
projects / thirdparty / systemd.git / log
