If read_line() returns ENOBFUS this means the line was overly long. When
we use this for checking whether an executable is a script, then this
shouldn't be propagated as-is, but simply as "this is not a script".
fileio: tweak write_string_stream_ts() to write out trailing \n in one go even if buffering is off
This tweaks write_string_stream_ts() in one minor way: when stdio
buffering has been turned off, let's append the newline we shall append
to the buffer we write ourselves so that the kernel only gets one
syscall for the result. When buffering is enabled stdio will take care
of that anyway.
journald: introduce new uid_for_system_journal() helper
We use the same check at two places, let's add a tiny helper function
for it, since it's not entirely trivialy, and we changes this before
multiple times, and it's a good thing if we can change it at one place
only instead of multiple.
Let's call getsockopt() in a loop, so that we can deal correctly with
the label changing while we are trying to read it.
(also, while we are at it, let's make sure that there's always one
trailing NUL byte at the end of the buffer, after all SO_PEERSEC has
zero documentation, and multiple implementing backends, hence let's
better be safe than sorry)
tree-wide: use {pid,uid,gid}_is_valid() where appropriate
Also, drop UID/GID validity checks from getpeercred() as the kernel will
never pass us invalid UID/GID on userns, but the overflow UID/GID
instead. Add a comment about this.
tree-wide: in all threads we fork off in library code, block all signals
This ensures that in all threads we fork off in the background in our
code we mask out all signals, so that our thread won't end up getting
signals delivered the main process should be getting.
We always set the signal mask before forking off the thread, so that the
thread has the right mask set from its earliest existance on.
pager,agent: insist that we are called from the main thread
We maintain static process-wide variables in these subsystems without
locking, hence let's refuse operation unless we are called from the main
thread (which we do anyway) just as a safety precaution.
tree-wide: make use of wait_for_terminate_and_check() at various places
Using wait_for_terminate_and_check() instead of wait_for_terminate()
let's us simplify, shorten and unify the return value checking and
logging of waitid(). Hence, let's use it all over the place.
process-spec: add another flag FORK_WAIT to safe_fork()
This new flag will cause safe_fork() to wait for the forked off child
before returning. This allows us to unify a number of cases where we
immediately wait on the forked off child, witout running any code in the
parent after the fork, and without direct interest in the precise exit
status of the process, except recgonizing EXIT_SUCCESS vs everything
else.
process-util: rework wait_for_terminate_and_warn() to take a flags parameter
This renames wait_for_terminate_and_warn() to
wait_for_terminate_and_check(), and adds a flags parameter, that
controls how much to log: there's one flag that means we log about
abnormal stuff, and another one that controls whether we log about
non-zero exit codes. Finally, there's a shortcut flag value for logging
in both cases, as that's what we usually use.
All callers are accordingly updated. At three occasions duplicate logging
is removed, i.e. where the old function was called but logged in the
caller, too.
Mike Gilbert [Thu, 4 Jan 2018 12:14:20 +0000 (07:14 -0500)]
meson: don't search PATH for telinit (#7770)
On a typical system running systemd, the telinit in PATH is very likely to be a symlink
to systemctl. Setting TELINIT to this may result in an infinite recursion if telinit is called
and sd_booted() == 0. This may commonly occur in a chroot environment.
Nowadays people use systemd on many different architectures, so we
shouldn't presuppose that they are using amd64. debootstrap defaults
to the native architecture and this should be good enough.
Patrik Flykt [Thu, 4 Jan 2018 10:02:52 +0000 (12:02 +0200)]
dhcp6: Fix DHCPv6 client file descriptor and event handling (#7796)
Close DHCPv6 client socket file descriptor when
sd_dhcp6_client_stop() is called and not when client_reset() is
called. If left in client_reset(), any internal temporary stopping
of the DHCPv6 client with client_stop() will call client_reset()
after which the DHCPv6 client will not be able to receive any further
DHCPv6 messages.
Similarly, client_start() needs to enable events for the DHCPv6
socket file descriptor since a call to client_stop() will call
client_reset() which will remove it from the main loop. Events should
be turned off when no DHCPv6 messages are expected.
Dmitry Rozhkov [Wed, 3 Jan 2018 12:42:13 +0000 (14:42 +0200)]
resolved: skip conflict notifications for DNS-SD PTR RRs
Enumerating DNS-SD PTR resource records are a special case and
are supposed to have non-unique keys pointing to services of the
same type running on different hosts. There's no need for them
to be checked for conflicts.
Refcounting for a RR's key is done separately from refcounting
for the RR itself, but in dns_scope_notify_conflict() we don't
do that. This may lead to a situation when a RR key put in the
conflict_queue hash as a value's key gets freed upon
cache reduction when it's still referenced by the hash.
Thus increase refcount for the key when putting it into the hash
and unreference it upon removing from the hash.
meson: use a convenience lib for shared resolve files
This reduces the man=false meson target count from 1281 to 1253.
--
A fully scientific test:
git grep _sources, :/*.build|cut -d: -f2|tr -d ' '|sort|uniq -c
reveals that libudev_sources is the only source list now reused twice. There's
some ugly circular dependency between libudev and libshared, and anyway I'm not
sure if we don't want to use different compilation options (LOG_REALM_…) in
those two cases, so I'm leaving that alone for now.
meson: rename libudev_internal to libudev_static and link into libudev
This reduces the meson man=false target count to 1281.
v2:
- link test-engine with libshared instead of libsystemd_static
Previous version built fine on F27, but fails on F26 with the following error:
/usr/bin/ld: /tmp/ccr8HRGw.ltrans6.ltrans.o: undefined reference to symbol '__start_BUS_ERROR_MAP@@SD_SHARED'
/home/zbyszek/fedora/systemd/systemd-9d5aae75c64f5583a110f03b94816aacc03bbf4d/x86_64-redhat-linux-gnu/src/shared/libsystemd-shared-236.so: error adding symbols: DSO missing from command line
meson: use a convenience lib for journal user sources
Instead of compiling those files twice, once for libsystemd and once for
libshared, compile once as a static archive and then link into both.
This reduce the meson target for man=no compile to 1291.
We were including gcrypt-util.[ch] by hand in the few places where it
was used. Create a convenience library to avoid compiling the same
files multiple times.
v2:
- use a separate static library instead of mergin into libbasic
meson: link libbasic and libshared_static into libshared
gcrypt_util_sources had to be moved because otherwise they appeared twice
in libshared.so halfproducts, causing an error.
-fvisibility=default is added to libbasic, libshared_static so that the symbols
appear properly in the exported symbol list in libshared.
The advantage is that files are not compiled twice. When configured with -Dman=false,
the ninja target list is reduced from 1588 to 1347 targets. The difference in compilation
time is small (<10%). I think this is because of -O0 and ccache and multiple cores, and
in different settings the compilation time could be reduced. The main advantage is that
errors and warnings are not reported twice.
Yu Watanabe [Fri, 29 Dec 2017 08:13:23 +0000 (17:13 +0900)]
core: rename dbus property StartLimitIntervalSec= to StartLimitIntervalUSec=
StartLimitIntervalSec= and DefaultStartLimitIntervalSec= are the
last options whose suffix is 'Sec' instead of 'USec'.
All the other option has suffix 'USec'. So, let's rename them.
Susant Sahani [Fri, 29 Dec 2017 14:18:05 +0000 (19:48 +0530)]
networkd: allow to configure default/initial send/recv congestion window and store persistentl (#7750)
Currently we can only change initcwnd/initrwnd in the following way, and it does not store persistently:
sudo ip route change default via 192.168.1.1 dev tun0 initcwnd 20
sudo ip route change default via 192.168.1.1 dev tun0 initrwnd 20
For more details about initcwnd/initrwnd, please look at:
http://hjzhao.blogspot.com/2012/05/increase-initcwnd-for-performance.html
http://www.cdnplanet.com/blog/tune-tcp-initcwnd-for-optimum-performance
or google 'initcwnd initrwnd'
This work allows to configure the initcwnd and initrwnd.
It's a bit weird to test these strings after the fact instead of before.
Let's make sure that we don't even attempt the string escaping if the
strings are NULL.
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
man: further file-hierarchy *Directory= improvements
Follow-up to @poettering’s comments in #7723:
- Slightly expand on the difference between using tmpfiles.d and service
directives
- Mention CacheDirectory=
- Mention LogsDirectory=
- Abbreviate and unify some later descriptions
ConfigDirectory= is not mentioned, since it does not support the
functionality mentioned in the manpage which tmpfiles.d provides:
copying or symlinking default configuration from /usr/share/factory. And
the user package variable file locations don’t mention the directives
because in user units the service can always create the directories
itself (whereas in system units lesser-privileged services lack
permission to create them).
projects / thirdparty / systemd.git / log
