Apparently there are a myriad of netcat implementations around, and they
all behave slightly differently. The one I have on my Fedora 27
installation will cause a failure when invoked as "nc -U" on an AF_UNIX
socket whose connections are immediately disconnected, thus causing the
test to fail.
Let's avoid all ambiguities in this regard, and drop usage of netcat
altoegther. Instead let's use a FIFO in the file system, which we can
connect to with only shell commands, and is hence much simpler and
more reliable to test with.
The actual test is supposed to validate that PID 1 doesn't hang when
activation of a socket-activated service fails, hence which transport
mechanism is used ultimately doesn't matter, as long as we activate the
service, and we do here...
If user namespacing is used, let's make sure that the root user in the
container gets access to both /sys/fs/cgroup/systemd and
/sys/fs/cgroup/unified.
This matches similar logic in cg_set_access().
In -U mode we might need to re-chown() all files and directories to
match the UID shift we want for the image. That's problematic on fat
partitions, such as the ESP (and which is generated by mkosi's
--bootable switch), because fat of course knows no UID/GID file
ownership natively.
With this change we take benefit of the uid= and gid= mount options FAT
knows: instead of chown()ing all files and directories we can just
specify the right UID/GID to use at mount time.
This beefs up the image dissection logic in two ways:
1. First of all support for mounting relevant file systems with
uid=/gid= is added: when a UID is specified during mount it is used for
all applicable file systems.
2. Secondly, two new mount flags are added:
DISSECT_IMAGE_MOUNT_ROOT_ONLY and DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY.
If one is specified the mount routine will either only mount the root
partition of an image, or all partitions except the root partition.
This is used by nspawn: first the root partition is mounted, so that
we can determine the UID shift in use so far, based on ownership of
the image's root directory. Then, we mount the remaining partitions
in a second go, this time with the right UID/GID information.
This adds a new flavour of strextend(), called
strextend_with_separator(), which takes an optional separator string. If
specified, the separator is inserted between each appended string, as
well as before the first one, but only if the original string was
non-empty.
This new call is particularly useful when appending new options to mount
option strings and suchlike, which need to be comma-separated, and
initially start out from an empty string.
Also, add "cgroups.stat". It's read-only anyway, hence its UID/GID
ownership matters little, but it's probably a good idea to keep it
ownership in sync with the other read-only files such as
"cgroups.controllers".
Also, order the list of files alphabetically.
If we operate on a disk image (i.e. --image=) then it's pointless to
look into the mount directory before it is actually mounted to see which
systemd version is running inside...
Unfortunately we only mount the disk image in the child process, but the
parent needs to know the cgroup mode, hence add some IPC for this
purpose and communicate the cgroup mode determined from the image back
to the parent.
This suppresses the following warning
```
execute.c:2149:12: warning: ‘setup_smack’ defined but not used [-Wunused-function]
static int setup_smack(
^~~~~~~~~~~
```
Let's optimize things a bit, and instead of having to strip whitespace
first before decoding base64, let's do that implicitly while doing so.
Given that base64 was designed the way it was designed specifically to
be tolerant to whitespace changes, it's a good idea to do this
automatically and implicitly.
To allow better integration with distributions requiring an explicitly
set gid for the `users` group, provide the new `-Dusers-gid` option to
set to a new numeric value.
In the absence of a specified gid, we'll fallback to the default existing
behaviour of `-` as the gid value, to automatically assign the next available
gid on the system.
If we'd use the system header's version of MAX_HANDLE_SZ then our code
would break on older kernels as soon as the value is increased, as old
kernels refuse larger buffers with EINVAL.
If the specified direcotry does not exist, then systemd creates it
when the mount unit starts. So, it is not necessary to check the
existence in the client tool.
The command `systemd-mount -u` tries to stop both mount and automount
units. If the corresponding mount unit does not exist, then it is
user's fault, that is, the specified path is not a mount point.
However, not all mount units have corresponding autmount units.
Thus, the error about non-existing automount unit is not user's falut,
and showing the error may confuse users.
So, let's ignore the error of such case.
This usually happens for device units with long
path in /sys. But users can't even create such drop-ins,
so lets just ignore the error here.
Fixes#6867
This fixes various typos, removes some duplications, and adds a bit more
detail in the few places which are potential pitfalls for users.
Also change the way the paragraphs about new options begin, because having
a paragraph saying "Two new options have been added", and then bit lower
again "Two new options have been added" is confusing.
Apparently, the kernel returns EINVAL on NFS4 sometimes, even if we do
everything right, let's fallback in that case and find a different
approach to determine if something's a mount point.
See discussion at:
https://github.com/systemd/systemd/issues/7082#issuecomment-348001289
Let's not use local process data for remote processes, that can only
show nonsense.
Maybe one day we should add a bus API to query the comm field of a
process remotely, but for now, let's not bother, the information is
redundant anyway, as the cgroup data shows it too (and the cgroup tree
is show as part of status as well, and is requested from remote through
dbus, without local kernel calls).
Fixes: #7516
Now the function returns an empty string when given an empty string.
Not sure if this is the best option (maybe this should be an error?),
but at least the behaviour is well defined.