| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
it's like free_and_replace() but uses strv_free()
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First of all, let's rename it to read_etc_hostname(), to make clearer
what kind of configuration it actually reads: the file format defined in
/etc/hostname and nothing else.
Secondly: let's port this to use read_line(), i.e. the new way to read
lines from a file in a safe, bounded way.
Thirdly: let's strip leading/trailing whitespace from what we are
reading. Given that we are already pretty lenient what we read (comments
and empty lines), let's be permissive regarding whitespace too.
Fourthly: let's actually validate the hostname when reading it. So far
we tried to make it valid, but that's not always possible (for example,
we can't make an empty hostname valid, ever).
|
| |
|
|
|
|
|
| |
This little new command can parse, validate, normalize calendar events,
and calculate when they will elapse next. This should be useful for
anyone writing calendar events and who'd like to validate the expression
before running them as timer units.
|
| |
|
|
|
| |
As the name suggests it checks whether we are running in an UTC
timezone.
|
| |
|
|
| |
Let's make it more alike most of our other destructors.
|
| |\
| |
| | |
Add StandardInput=data, StandardInput=file:... and more
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Already, path_is_safe() refused paths container the "." dir. Doing that
isn't strictly necessary to be "safe" by most definitions of the word.
But it is necessary in order to consider a path "normalized". Hence,
"path_is_safe()" is slightly misleading a name, but
"path_is_normalize()" is more descriptive, hence let's rename things
accordingly.
No functional changes.
|
| | |
| |
| |
| |
| | |
Let's not mix function calls and variable declarations, as well as
assignments and comparison in one expression.
|
| | |
| |
| |
| |
| | |
We do a logic like that at various other places, let's do it here too,
to make this as little surprising as possible.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If the string length is specified as (size_t) -1, let's use that as
indicator for determining the length on our own. This makes it
slightlier shorter to invoke these APIs for a very common case.
Also, do some minor other coding style updates, and add assert()s here
and there.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
All this function does is place some data in an in-memory read-only fd,
that may be read back to get the original data back.
Doing this in a way that works everywhere, given the different kernels
we support as well as different privilege levels is surprisingly
complex.
|
| | |
| |
| |
| |
| |
| |
| | |
We are using the same pattern at various places: call dup2() on an fd,
and close the old fd, usually in combination with some O_CLOEXEC
fiddling. Let's add a little helper for this, and port a few obvious
cases over.
|
| | |
| |
| |
| |
| |
| |
| | |
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
|
| | | |
|
| | |
| |
| |
| |
| | |
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
|
| |/
|
|
|
|
| |
Linux doesn't have faccess(), hence let's emulate it. Linux has access()
and faccessat() but neither allows checking the access rights of an fd
passed in directly.
|
| |
|
|
|
|
| |
This patch restores the default that was changed in 2977724b09eb997fc8,
making the tools depending on it work again.
Closes: #6477 and https://github.com/lxc/lxc/issues/1669
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PID 1 to journald
And let's make use of it to implement two new unit settings with it:
1. LogLevelMax= is a new per-unit setting that may be used to configure
log priority filtering: set it to LogLevelMax=notice and only
messages of level "notice" and lower (i.e. more important) will be
processed, all others are dropped.
2. LogExtraFields= is a new per-unit setting for configuring per-unit
journal fields, that are implicitly included in every log record
generated by the unit's processes. It takes field/value pairs in the
form of FOO=BAR.
Also, related to this, one exisiting unit setting is ported to this new
facility:
3. The invocation ID is now pulled from /run/systemd/units/ instead of
cgroupfs xattrs. This substantially relaxes requirements of systemd
on the kernel version and the privileges it runs with (specifically,
cgroupfs xattrs are not available in containers, since they are
stored in kernel memory, and hence are unsafe to permit to lesser
privileged code).
/run/systemd/units/ is a new directory, which contains a number of files
and symlinks encoding the above information. PID 1 creates and manages
these files, and journald reads them from there.
Note that this is supposed to be a direct path between PID 1 and the
journal only, due to the special runtime environment the journal runs
in. Normally, today we shouldn't introduce new interfaces that (mis-)use
a file system as IPC framework, and instead just an IPC system, but this
is very hard to do between the journal and PID 1, as long as the IPC
system is a subject PID 1 manages, and itself a client to the journal.
This patch cleans up a couple of types used in journal code:
specifically we switch to size_t for a couple of memory-sizing values,
as size_t is the right choice for everything that is memory.
Fixes: #4089
Fixes: #3041
Fixes: #4441
|
| |
|
|
| |
This has become very complex, let's make it a bit easier to diagnose.
|
| |
|
|
| |
The check is redundant as the whole block is only evaluated if
__IGNORE_pkey_mprotect is not defined. Change to #else.
|
| |\
| |
| | |
add a concept of delegating cgroups per unit while enabling specific controllers
|
| | |
| |
| |
| | |
And let's port over a couple of users to the new APIs.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
which v1-only
|
| |/
|
|
| |
Follow-up for b835eeb4ec1dd122b6feff2b70881265c529fcdd.
|
| |\
| |
| |
| |
| |
| |
| |
| | |
Fix loginctl seat sysfs tree ellipsation logic.
Simple reproducer:
loginctl --full seat-status seat0|cat
→ after this PR, all lines are shown in full. Before, lines were ellipsized to terminal width.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's say that (size_t) -1 (i.e. SIZE_T_MAX) is equivalent to
"unbounded" ellipsation, i.e. ellipsation as NOP. In which case the
relevant functions become little more than strdup()/strndup().
This is useful to simplify caller code in case we want to turn off
ellipsation in certain code paths with minimal caller-side handling for
this.
|
| |\ \
| | |
| | | |
rework unit dependency data structure to track why deps get created
|
| | |/ |
|
| | | |
|
| |/
|
|
|
| |
In Linux kernel code, MAX_ERRNO is defined as 4095.
Here, we use that value for ERRNO_MAX.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was dropped in 89439d4fc0d29f04ac68432fd06ab84bc4e36e20. As a result, every
process that uses a hashmap allocates and then leaks the hashmap mempools.
The mempools are only allocated in the main thread, but we don't know where
the memory is used.
So let's check if we are the last thread and free the mempools then. This is
fairly heavy, because /proc/self/status has to be opened and parsed, but we do
it only when compiled for valgrind, i.e. not by default, and compared to running
under valgrind or asan, the extra cost is acceptable. The big advantage is that
we don't have to think or filter out this false positive.
As a micro-opt, cleanup is attempted only in the main thread. We could allow
any thread to check if it is the last one and perform cleanup, but that'd mean
that we'd have to _do_ the check in every thread. We don't use threads like
that, our non-main threads are always short-lived, so let's just accept the
possibility that we'll leak memory if a thread survives. The check is also
non-atomic, but it's called in a destructor of the main thread _and_ we do
cleanup only when there are no other threads, so the risk of some library
suddenly spawning another thread is very low. All in all, this is not perfect,
but should work in 999‰ of cases.
Fixes the following valgrind warning:
==22564== HEAP SUMMARY:
==22564== in use at exit: 8,192 bytes in 2 blocks
==22564== total heap usage: 243 allocs, 241 frees, 151,905 bytes allocated
==22564==
==22564== 4,096 bytes in 1 blocks are still reachable in loss record 1 of 2
==22564== at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==22564== by 0x4F08A8C: mempool_alloc_tile (mempool.c:62)
==22564== by 0x4F08B16: mempool_alloc0_tile (mempool.c:81)
==22564== by 0x4EF8DE0: hashmap_base_new (hashmap.c:748)
==22564== by 0x4EF8ED9: internal_hashmap_new (hashmap.c:782)
==22564== by 0x11045D: test_hashmap_copy (test-hashmap-plain.c:87)
==22564== by 0x115722: test_hashmap_funcs (test-hashmap-plain.c:914)
==22564== by 0x10FC9D: main (test-hashmap.c:60)
==22564==
==22564== 4,096 bytes in 1 blocks are still reachable in loss record 2 of 2
==22564== at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==22564== by 0x4F08A8C: mempool_alloc_tile (mempool.c:62)
==22564== by 0x4F08B16: mempool_alloc0_tile (mempool.c:81)
==22564== by 0x4EF8DE0: hashmap_base_new (hashmap.c:748)
==22564== by 0x4EF8EF8: internal_ordered_hashmap_new (hashmap.c:786)
==22564== by 0x10A2A0: test_ordered_hashmap_copy (test-hashmap-ordered.c:89)
==22564== by 0x10F70F: test_ordered_hashmap_funcs (test-hashmap-ordered.c:916)
==22564== by 0x10FCA2: main (test-hashmap.c:61)
==22564==
==22564== LEAK SUMMARY:
==22564== definitely lost: 0 bytes in 0 blocks
==22564== indirectly lost: 0 bytes in 0 blocks
==22564== possibly lost: 0 bytes in 0 blocks
==22564== still reachable: 8,192 bytes in 2 blocks
==22564== suppressed: 0 bytes in 0 blocks
v2:
- check if we are the main thread
v3:
- check if there are no other threads
|
| |
|
|
|
|
|
| |
Enable systemd-firstboot to set the keymap.
RFE:
https://github.com/systemd/systemd/issues/6346
|
| |
|
|
|
|
| |
_unused_ means "the variable is meant to be possible unused and gcc
will not generate a warning about it", which is exactly what we need here,
since we're only declaring it for the side effect of _cleanup_.
|
| |
|
|
|
| |
gcc does not warn about those, because of the _cleanup_ usage.
clang is smarter here.
|
| |
|
|
|
|
|
|
| |
If we follow an absolute symlink there's no need to prefix the path with
a "/", since by definition it already has one.
This helps suppressing double "/" in resolved paths containing absolute
symlinks.
|
| |
|
|
|
|
|
|
|
|
|
| |
Some of the btrfs utility functions already used O_NOFOLLOW others
didn't. Let's streamline this, and refuse operation when we are called
for symlinks on "remove" and "snapshot" too.
In particular in the "remove" case following symlinks is a bad idea, and
is quite different from how unlink() and friends work, which always
remove the symlink, and not the destination, a logic we should follow
here too.
|
| |
|
|
|
| |
Continue to try to get more details about the actual underlying
hypervisor with successive tests until none are available.
This fixes issue #7165.
|
| |\
| |
| | |
Various unrelated small patches
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using strftime in arbitrary locales, we cannot really say how big the
buffer should be. Let's make the buffer "large", which will work fine pretty
much always, and just print n/a if the timestamp does not fit. strftime returns
0 if the buffer is too small and a NUL-terminated string otherwise, so we
can drop the size specifications in string formatting.
$ export LANG=fa_IR.UTF-8
$ date
چهارشنبه ۱۸ اكتبر ۱۷، ساعت ۱۰:۵۴:۲۴ (+0330)
$ timedatectl
Assertion 'xstrftime: a[] must be big enough' failed at ../src/timedate/timedatectl.c:105, function print_status_info(). Aborting.
now:
$ timedatectl
Local time: چهارشنبه 2017-10-18 16:29:40 CEST
Universal time: چهارشنبه 2017-10-18 14:29:40 UTC
RTC time: چهارشنبه 2017-10-18 14:29:40
…
https://bugzilla.redhat.com/show_bug.cgi?id=1503452
|
| |\
| |
| | |
Environment serialization/deserialization inconsistently validates the variables
|
| | |
| |
| |
| | |
We wrote them ourselves -- they shouldn't contain invalid sequences.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The environment variables we've serialized can quite possibly contain
characters outside the set allowed by env_assignment_is_valid(). In
fact, my environment seems to contain a couple of these:
* TERMCAP set by screen contains a '\x7f' character
* BASH_FUNC_module%% variable has a '%' character in name
Strict check of environment variables name and value certainly makes sense for
unit files, but not so much for deserialization of values we already had
in our environment.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It always bothered me a bit that unit-name.[ch] contains so many
definitions that aren't really have much to do with unit nameing, for
example all the unit state definitions.
With this patch unit-name.[ch] is split into two: the file now contains
only the unit naming related operations, and everything else is split
out into a new set of files unit-def.[ch]. That's mostly unit state
stuff as well as dbus path and interface name operations.
No functional changes. This just moves code around.
(Note as both .c files include each other's headers this doesn't make
the build simpler or anything. All it does is make the C files a bit
shorter, and medicate my pretend OCD)
|
| |
|
|
|
| |
v2:
- cast the fstype_t type to ull, because it varies between arches.
Making it long long should be on the safe side.
|
| |\
| |
| | |
timesyncd, journal-upload: Enable DynamicUser=
|
| | | |
|
