Commit Graph

36990 Commits

Author SHA1 Message Date
Yu Watanabe
986ab0d2dc udevd: do not set buffer size if the socket is passed from pid1
Before c4b69e990f, if the socket fd is
passed from pid1, `udev_monitor_set_receive_buffer_size()` (now it is
a wrapper of `sd_device_monitor_set_receive_buffer_size()`) was not
called. Let's preserve the original logic.
2018-11-25 20:17:25 +09:00
Yu Watanabe
916707cca5 sd-device: do not call device_monitor_enable_receiving() for passed fd from pid1
Before c4b69e990f, if the socket fd is
passed from pid1, `udev_monitor_enable_receiving()` (now it is a wrapper
of `device_monitor_enable_receiving`) was not called.
Let's preserve the original logic.

Fixes #10754.
2018-11-25 20:14:17 +09:00
Yu Watanabe
f1d7b7874e sd-device: check whether filter is updated or not in sd_device_monitor_filter_update() 2018-11-25 15:26:43 +09:00
Yu Watanabe
5cee547a94 sd-device: update log message 2018-11-25 14:06:56 +09:00
Yu Watanabe
779c923467 sd-device: fix return value on error path 2018-11-25 14:06:27 +09:00
Lennart Poettering
7af002f71d units: order systemd-rfkill.socket after /var/lib/systemd/rfkill (#10904)
Otherwise we might install the socket unit early, but the service
backing it late, and then end up in strange loops when we enter rescue
mode, because we saw an event on /dev/rfkill but really can't dispatch
it nor flush it.

Fixes: #9171
2018-11-24 23:59:37 +09:00
Evgeny Vereshchagin
176ceb2c47 tests: skip test-execute on TravisCI under ASan
Unfortunately, f5f9a580dd didn't help much and now
the next subtest gets stuck from time to time. Let's skip
test-execute altogether so as not to bother anybody with
spurious failures.

https://github.com/systemd/systemd/issues/10696 is still open.
Everybody is welcome to share ideas :-)
2018-11-24 06:05:23 +03:00
nikolas
b24546706e Fix a few docs typos (#10907)
Found with [codespell](https://github.com/codespell-project/codespell)
2018-11-24 04:28:39 +09:00
Yu Watanabe
0d7f7c2fde basic/list: fix minor coding style issue 2018-11-24 04:26:10 +09:00
Yu Watanabe
1492fa526e basic/list: add missing header
Some macros use assert() which is (re)defined in macro.h
2018-11-24 04:25:10 +09:00
Yu Watanabe
0d94088e4e import: use structured initializers 2018-11-24 03:53:18 +09:00
Yu Watanabe
c3e658004a import: use _cleanup_ attribute for CURL object 2018-11-24 03:14:32 +09:00
nikolas
1e268f423c Fix typo in hacking guide: "no possible" -> "not possible" (#10905) 2018-11-24 03:01:50 +09:00
Michal Koutný
d3340e6f95 analyze: Fix build without seccomp (#10899) 2018-11-24 02:40:32 +09:00
Evgeny Vereshchagin
a4aa59bae2 tests: add a fuzzer for server_process_native_file 2018-11-23 17:29:59 +01:00
Thomas Haller
0e408b82b8 dhcp6-client: handle IAID with value zero
config_parse_iaid(), dhcp_identifier_set_iaid() and sd_dhcp6_client_set_iaid() all
allow for the IAID to be zero. Also, RFC 3315 makes no mention that zero
would be invalid.

However, client_ensure_iaid() would take an IAID of zero as a sign that
the values was unset. Fix that by keeping track whether IAID is
initialized.
2018-11-23 17:09:29 +01:00
Lennart Poettering
acf2932711
Merge pull request #10887 from poettering/run-love
systemd-run: modernizations, some new switches and let's set $INVOCATION_ID
2018-11-23 16:00:16 +01:00
Yu Watanabe
d43c37bbea
Merge pull request #10893 from keszybz/udev-cleanup-followup
Udev cleanup follow-ups
2018-11-23 23:48:44 +09:00
Lennart Poettering
43738e001e test: extend testcase to ensure controller membership doesn't regress 2018-11-23 13:41:37 +01:00
Lennart Poettering
b8b6f32104 cgroup: when we unload a unit, also update all its parent's members mask
This way we can corectly ensure that when a unit that requires some
controller goes away, we propagate the removal of it all the way up, so
that the controller is turned off in all the parents too.
2018-11-23 13:41:37 +01:00
Lennart Poettering
5af8805872 cgroup: drastically simplify caching of cgroups members mask
Previously we tried to be smart: when a new unit appeared and it only
added controllers to the cgroup mask we'd update the cached members mask
in all parents by ORing in the controller flags in their cached values.
Unfortunately this was quite broken, as we missed some conditions when
this cache had to be reset (for example, when a unit got unloaded),
moreover the optimization doesn't work when a controller is removed
anyway (as in that case there's no other way for the parent to iterate
though all children if any other, remaining child unit still needs it).
Hence, let's simplify the logic substantially: instead of updating the
cache on the right events (which we didn't get right), let's simply
invalidate the cache, and generate it lazily when we encounter it later.
This should actually result in better behaviour as we don't have to
calculate the new members mask for a whole subtree whever we have the
suspicion something changed, but can delay it to the point where we
actually need the members mask.

This allows us to simplify things quite a bit, which is good, since
validating this cache for correctness is hard enough.

Fixes: #9512
2018-11-23 13:41:37 +01:00
Lennart Poettering
8a0d538815 cgroup: extend comment on what unit_release_cgroup() is for 2018-11-23 13:41:37 +01:00
Lennart Poettering
1fd3a10c38 cgroup: extend reasons when we realize the enable mask
After creating a cgroup we need to initialize its
"cgroup.subtree_control" file with the controllers its children want to
use. Currently we do so whenever the mkdir() on the cgroup succeeded,
i.e. when we know the cgroup is "fresh". Let's update the condition
slightly that we also do so when internally we assume a cgroup doesn't
exist yet, even if it already does (maybe left-over from a previous
run).

This shouldn't change anything IRL but make things a bit more robust.
2018-11-23 13:41:37 +01:00
Lennart Poettering
d5095dcd30 cgroup: tighten call that detects whether we need to realize a unit's cgroup a bit, and comment why 2018-11-23 13:41:37 +01:00
Lennart Poettering
5a62e5e2ac cgroup: document what the various masks variables are used for 2018-11-23 13:41:37 +01:00
Lennart Poettering
67558d15ec cgroup: extend cg_mask_supported() comment a bit 2018-11-23 13:41:37 +01:00
Lennart Poettering
27c4ed790a cgroup: simplify check whether it makes sense to realize a cgroup 2018-11-23 13:41:37 +01:00
Lennart Poettering
e00068e71f cgroup: in unit_invalidate_cgroup() actually modify invalidation mask
Previously this would manipulate the realization mask for invalidating
the realization. This is a bit ugly though as the realization mask's
primary purpose to is to reflect in which hierarchies a cgroup currently
exists, and it's probably a good idea to keep that in sync with
realities.

We nowadays have the an explicit fields for invalidating cgroup
controller information, the "cgroup_invalidated_mask", let's use this
one instead.

The effect is pretty much the same, as the main consumer of these masks
(unit_has_mask_realize()) checks both anyway.
2018-11-23 13:41:37 +01:00
Lennart Poettering
27adcc9737 cgroup: be more careful with which controllers we can enable/disable on a cgroup
This changes cg_enable_everywhere() to return which controllers are
enabled for the specified cgroup. This information is then used to
correctly track the enablement mask currently in effect for a unit.
Moreover, when we try to turn off a controller, and this works, then
this is indicates that the parent unit might succesfully turn it off
now, too as our unit might have kept it busy.

So far, when realizing cgroups, i.e. when syncing up the kernel
representation of relevant cgroups with our own idea we would strictly
work from the root to the leaves. This is generally a good approach, as
when controllers are enabled this has to happen in root-to-leaves order.
However, when controllers are disabled this has to happen in the
opposite order: in leaves-to-root order (this is because controllers can
only be enabled in a child if it is already enabled in the parent, and
if it shall be disabled in the parent then it has to be disabled in the
child first, otherwise it is considered busy when it is attempted to
remove it in the parent).

To make things complicated when invalidating a unit's cgroup membershup
systemd can actually turn off some controllers previously turned on at
the very same time as it turns on other controllers previously turned
off. In such a case we have to work up leaves-to-root *and*
root-to-leaves right after each other. With this patch this is
implemented: we still generally operate root-to-leaves, but as soon as
we noticed we successfully turned off a controller previously turned on
for a cgroup we'll re-enqueue the cgroup realization for all parents of
a unit, thus implementing leaves-to-root where necessary.
2018-11-23 13:41:37 +01:00
Zbigniew Jędrzejewski-Szmek
e5e0a79623 pid1,sd-device: use PATH_STARTSWITH_SET more 2018-11-23 13:37:47 +01:00
Zbigniew Jędrzejewski-Szmek
f5a9bd21b9 basic/path-util: add missing header
PATH_STARTSWITH_SET uses STRV_FOREACH...
2018-11-23 13:37:40 +01:00
Lennart Poettering
00f8eea8fc run: set $INVOCATION_ID for scope units
Services invoked by PID1 have $INVOCATION_ID initialized, hence let's do
that for scope units (where the payload process is invoked by us on the
client side) too, to minimize needless differences.

Fixes: #8082
2018-11-23 12:49:00 +01:00
Lennart Poettering
0565120f00 run: port to static destructors 2018-11-23 12:49:00 +01:00
Lennart Poettering
ef08ad7aa8 run: port to DEFINE_MAIN_FUNCTION() 2018-11-23 12:49:00 +01:00
Lennart Poettering
badd28e158 run: add new --shell switch for spawning a shell as service
I keep running "systemd-run -t /bin/bash" to quickly get a shell running
in service context. I suspect I am not the only one, hence let's add a
shortcut for it. While we are at it, let's make it smarter, and
automatically inherit the $SHELL of the invoking user as well as the
working directory, and let's imply --pty. --shell (or -S) is hence
equivalent to "-t -d $SHELL".
2018-11-23 12:49:00 +01:00
Lennart Poettering
2d21165a4e run: add a switch for specifiying the working directory of a service
I find myself testing service management quite often with "systemd-run
-t /bin/bash". For that it is handy if the invoked shell would use the
working directory I am currently in. Hence introduce a shorthand for
that:

        $ systemd-run -dt /bin/bash

This will automatically insert a WorkingDirectory= property into the
transient service, pointing to the working directory of the caller.
2018-11-23 12:49:00 +01:00
Lennart Poettering
94f344fb03 cgroup: tweak log message, so that it doesn't claim we always enable controllers when we actually disable them 2018-11-23 12:24:37 +01:00
Lennart Poettering
54b5ba1d1f cgroup: propagate errors when we cannot open cgroup.subtree_control 2018-11-23 12:24:37 +01:00
Lennart Poettering
26a17ca280 cgroup: add explanatory comment 2018-11-23 12:24:37 +01:00
Lennart Poettering
442ce7759c cgroup: units that aren't loaded properly should not result in cgroup controllers being pulled in
This shouldn't make much difference in real life, but is a bit cleaner.
2018-11-23 12:24:37 +01:00
Lennart Poettering
0adf88b68c cgroup: dump delegation mask too 2018-11-23 12:24:37 +01:00
Lennart Poettering
1649244588 cgroup: make unit_get_needs_bpf_firewall() static too 2018-11-23 12:24:37 +01:00
Lennart Poettering
53aea74a60 cgroup: make some functions static 2018-11-23 12:24:37 +01:00
Lennart Poettering
52fecf20b9 cgroup: fine tune when to apply cgroup attributes to the root cgroup
Let's tweak when precisely to apply cgroup attributes on the root
cgroup.

With this we now follow the following rules:

1. On cgroupsv2 we never apply any regular cgroups to the host root,
   since the attributes generally do not exist there.

2. On cgroupsv1 we do not apply any "weight" or "shares" style
   attributes to the host root cgroup, since they don't make much sense
   on the top level where there's only one group, hence no need to
   compare weights against each other. The other attributes are applied
   to the host root cgroup however.

3. In any case we don't apply attributes to the root of container
   environments (and --user roots), under the assumption that this is
   managed by the manager further up. (Note that on cgroupsv2 this is
   even enforced by the kernel)

4. BPF pseudo-attributes are applied in all cases (since we can have as
   many of them as we want)
2018-11-23 12:24:37 +01:00
Lennart Poettering
589a5f7a38 cgroup: append \n to static strings we write to cgroup attributes
This is a bit cleaner since we when we format numeric limits we append
it. And this way write_string_file() doesn't have to append it.
2018-11-23 12:24:37 +01:00
Lennart Poettering
28cfdc5aeb cgroup: tighten manager_owns_host_root_cgroup() a bit
This tightening is not strictly necessary (as the m->cgroup_root check
further down does the same), but let's make this explicit.
2018-11-23 12:24:37 +01:00
Lennart Poettering
611c4f8afb cgroup: rename {manager_owns|unit_has}_root_cgroup() → .._host_root_cgroup()
Let's emphasize that this function checks for the host root cgroup, i.e.
returns false for the root cgroup when we run in a container where
CLONE_NEWCGROUP is used. There has been some confusion around this
already, for example cgroup_context_apply() uses the function
incorrectly (which we'll fix in a later commit).

Just some refactoring, not change in behaviour.
2018-11-23 12:24:37 +01:00
Lennart Poettering
293d32df39 cgroup: add a common routine for writing to attributes, and logging about it
We can use this at quite a few places, and this allows us to shorten our
code quite a bit.
2018-11-23 12:24:37 +01:00
Lennart Poettering
39b9fefb2e cgroup: add a new macro for determining log level for cgroup attr write failures
For now, let's use it only at one place, but a follow-up commit will
make more use of it.
2018-11-23 12:24:37 +01:00
Lennart Poettering
2c74e12bb3 cgroup: ignore EPERM for a couple of more attribute writes 2018-11-23 12:24:37 +01:00