sleep: use SleepOperation enum everywhere and drop sleep_settings()
Instead of comparing strings everywhere, let's use the new enum. This
allows us to drop sleep_settings(), since the operation enum can be
directly used as index into the config settings.
Some minor other refactoring is done, but mostly just shifting thing
around a bit, no actual change in behaviour.
units: make sure importd has CAP_LINUX_IMMUTABLE flag
Since d8f9686c0f1f276c0a687d9bd69f3adf33f15a95 we use the chattr +i flag
for marking containers in directories as reead-only. But to do so we
need the cap for it, hence grant it.
I'm working on building initramfs images directly from normal packages, and it
doesn't make sense for those units to be started. Pristine system rpms need to
behave correctly as much as possible also in the initrd, and those units are
enabled by the rpms. There usually isn't enough time for the timer to actually
fire, but starting it gives a line on the console and generally looks confusing
and sloppy. Flushing the journal means that its actually lost, since the real
/var is not available yet.
Another approach would be not enable those units, but right now they are
statically enabled, and changing that would be more work, and doesn't really
seem necessary, since the condition checks are very quick.
Checking for /etc/initrd-release is the standard condition that the initrd
units use, so let's do the same here.
Previously we'd pass all return values of read_virtual_file() to
log_info_errno() as error, but that makes no sense, given that we
sometimes return positive one with means "not truncated" but we'd show
as "Permission denied. Let's fix this, and log differently for sucess
and error.
Using format strings for concatenating strings is pretty unefficient,
and using PATH_MAX buffers unpretty as well. Let's revert to using
strjoina() as before.
However, to fix the fuzz issue at hand, let's explicitly verify the two
input strings ensuring they are valid path names. This includes a length
check (to 2K each), thus making things prettier, faster and using less
memory again.
Dan Streetman [Fri, 14 May 2021 12:08:33 +0000 (08:08 -0400)]
oom: log one-time warning if kernel doesn't provide memory.swap.current
The kernel can be compiled without support for any memory.swap.* files, or
it can be disabled at boot time with the 'swapaccount=0' boot parameter,
so if the file doesn't exist log warning indicating the kernel doesn't
support the file and the user may need to try using the 'swapaccount=1'
boot param.
Note that the actual error from the call to fopen() is ENOENT, but
that is translated into ENODATA in cg_get_attribute_as_uint64()
Dan Streetman [Wed, 19 May 2021 18:22:28 +0000 (14:22 -0400)]
psi: update is_pressure_supported to read file
The kernel still provides the /proc and cgroup pressure files even
if its psi support is disabled, so we need to actually read the files
to verify they don't return -EOPNOTSUPP
Dan Streetman [Wed, 19 May 2021 14:22:21 +0000 (10:22 -0400)]
log: add log_once() and log_once_errno() macros
These macros will log a message at the specified level only the first time
they are called. On all later calls, if the specified level is debug, the
logs will be suppressed; otherwise the message will be logged at debug.
Luca Boccassi [Thu, 20 May 2021 09:35:36 +0000 (10:35 +0100)]
journal: fix uninitialized variable use
If the journal file being processed is archivied, seqnum_id will not be
initialized before being passed on, and coverity complains.
Initialize it to zero.
This ensures that the fuzz test code is also built by default.
It also increases the test coverage a bit. Compiling the tests
*with* sanitizers is painfully slow, so this is not enabled. But
just compiling them sauté is hardly noticable. Running the tests
increases the test count and runtime:
622 tests, 26 s
to
922 tests, 35 s
I think this is acceptable.
Frantisek Sumsal [Wed, 19 May 2021 18:15:53 +0000 (20:15 +0200)]
ci: work around #19442 to make CI happy again
Let's introduce a somewhat ugly workaround for #19442 and retry
the systemd-nspawn image boot test up to three times in case it dies
with the dissect timeout. Since this issue occurs only in the Arch job,
limit the workaround to this job only.
Hardcoding major numbers sucks. And we generally don't do it, except
when determining whether something is a PTY. Thing though is that we
don't actually need to do that here either, hence don#t.
nspawn: add new --bind-user= option for binding a host user into the container
This new option does three things for a host user specified via
--bind-user=:
1. Bind mount the home directory from the host directory into
/run/host/home/<username>
2. Install an additional user namepace UID/GID mapping mapping the host
UID/GID of the host user to an unused one from the container in the range
60514…60577.
3. Synthesize a user/group record for the user/group under the same name
as on the host, with minimized information, and the UID/GID set to
the mapped UID/GID. This data is written to /run/host/userdb/ where
nss-system will pick it up.
This should make sharing users and home directories from host into the
container pretty seamless, under some conditions:
1. User namespacing must be used.
2. The host UID/GID of the user/group cannot be in the range assigned to
the container (kernel already refuses this, as this would mean two
host UIDs/GIDs might end up being mapped to the same continer
UID/GID.
3. There's a free UID/GID in the aforementioned range in the container,
and the name of the user/group is not used in the container.
4. Container payload is new enough to include an nss-systemd version
that picks up records from /run/host/userdb/
alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()
We recently started making more use of malloc_usable_size() and rely on
it (see the string_erase() story). Given that we don't really support
sytems where malloc_usable_size() cannot be trusted beyond statistics
anyway, let's go fully in and rework GREEDY_REALLOC() on top of it:
instead of passing around and maintaining the currenly allocated size
everywhere, let's just derive it automatically from
malloc_usable_size().
I am mostly after this for the simplicity this brings. It also brings
minor efficiency improvements I guess, but things become so much nicer
to look at if we can avoid these allocation size variables everywhere.
Note that the malloc_usable_size() man page says relying on it wasn't
"good programming practice", but I think it does this for reasons that
don't apply here: the greedy realloc logic specifically doesn't rely on
the returned extra size, beyond the fact that it is equal or larger than
what was requested.
(This commit was supposed to be a quick patch btw, but apparently we use
the greedy realloc stuff quite a bit across the codebase, so this ends
up touching *a*lot* of code.)
It's a wrapper around malloc_usable_size() that is supposed to be
compatible with _FORTIFY_SOURCES=1, by taking the
__builtin_object_size() data into account, the same way as the
_FORTIFY_SOURCES=1 logic does.
docs: use {% raw %} to wrap jinja2 tags in documentation
As reported by @mrc0mmand:
> Since https://github.com/systemd/systemd/commit/89f52a780e54b2eb0905a6e613f6d4afcb22256b#diff-b842e6ab4a95a695d9449d106f091e6a134d9eac8d2aee1cd8b169fcb6b3a98bR109
> the GH pages fail to build, since they use the Liquid templating language,
> which coincidentally uses a very similar tags as jinja:
> https://shopify.github.io/liquid/tags/control-flow/
>
>> The tag elif on line 112 in HACKING.md is not a recognized Liquid tag.
mkosi/fedora: use pkgconfig virtual provides to refer to packages
... and /usr/bin/ path for a library package which provides an executable we
care about (libxslt).
This way the mkosi dependency list corresponds directly to the names which are
used in the dependency() and find_program() lines in meson.build. It also makes
the thing more resilient to package splits and renames.
projects / thirdparty / systemd.git / log
