summaryrefslogtreecommitdiff
path: root/src/fsck
Commit message (Collapse)AuthorAgeFilesLines
* fsck: copy out device argument from argv[] before forkingLennart Poettering2019-03-291-1/+6
| | | | | | | | | | | | | | | | | | We nowadays rename our child processes, hence argv[] will be clobbered, let's hence copy the device path to dynamic memory before forking. This is fall-out from 60ffa37a65a96c3af857a3dfc4a6fd47b20cc90e since we now a lot more often end up overriding the argv[] buffer than before, simple because we know what to override. These kind of bugs kinda suck. THere are only two options here: stop overriding argv[] for all cases (or just these cases) or explicitly copying out everything we need in child processes before forking. With this patch I opt for the latter, though I am not 100% convinced this is a great solution. Just a better solution than everything else, i.e. allowing argv[] to remain out of sync with what others see. Fixes: #12135
* fsck: use symbolic names where we have themLennart Poettering2019-01-071-1/+1
|
* tree-wide: Remove O_CLOEXEC from fdopenChris Down2018-12-121-1/+1
| | | | | | | | | | | | fdopen doesn't accept "e", it's ignored. Let's not mislead people into believing that it actually sets O_CLOEXEC. From `man 3 fdopen`: > e (since glibc 2.7): > Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen() As mentioned by @jlebon in #11131.
* tree-wide: invoke rlimit_nofile_safe() before various exec{v,ve,l}() invocationsLennart Poettering2018-12-011-0/+3
| | | | | | | | | | | | | | | | Whenever we invoke external, foreign code from code that has RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024 first. This is a safety precaution for compatibility with programs using select() which cannot operate with fds > 1024. This commit adds the call to rlimit_nofile_safe() to all invocations of exec{v,ve,l}() and friends that either are in code that we know runs with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for starters) or that is part of shared code that might end up there. The calls are placed as early as we can in processes invoking a flavour of execve(), but after the last time we do fd manipulations, so that we can still take benefit of the high fd limits for that.
* basic/main-func: propagate all positive return valuesZbigniew Jędrzejewski-Szmek2018-11-201-1/+1
| | | | | | | | | | | | | | | | | | This changes DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE() to propagate positive return values as they were, i.e. stops mapping them all to EXIT_FAILURE. This was suggested in review, but I thought that we only ever return EXIT_FAILURE, so we don't need to propagate multiple return values. I was wrong. Turns out that we already *do* have multiple positive return values, when we call external binaries and propagate the result. systemd-inhibit is one example, and b453c447e0fb4a1e9eccd42120731c1700220b21 actually broke this propagation. This commit fixes it. In systemd-fsck we have the opposite case: we have only one failure value, and the code needs to be adjusted, so that it keeps returning EXIT_FAILURE. All other users of DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE() return <= 1, and are unaffected by this change.
* log: introduce new helper call log_setup_service()Lennart Poettering2018-11-201-3/+1
| | | | | Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
* util-lib: move main() definition macros to its own header fileLennart Poettering2018-11-191-0/+1
| | | | | | | | | This way, we can extend the macro a bit with stuff pulled in from other headers without this affecting everything which pulls in macro.h, which is one of our most basic headers. This is just refactoring, no change in behaviour, in prepartion for later changes.
* fsck: configure logging before use and define main through macroZbigniew Jędrzejewski-Szmek2018-11-171-60/+36
| | | | | | | There's a slight change in logic: before, when rebooting the machine, we could also request quotacheck (by touching /run/systemd/quotacheck) if the fsck helper set FSCK_ERROR_CORRECTED. This is just a race, and doesn't matter much in practice.
* fsck: use log_device_*()Yu Watanabe2018-10-231-3/+3
|
* tree-wide: port various users over to sockaddr_un_set_path()Lennart Poettering2018-10-151-8/+5
| | | | | CID 1396140 CID 1396141
* tree-wide: do not assign unused return valuesYu Watanabe2018-09-231-2/+1
|
* fsck: use our usual syntax for defining bit masksLennart Poettering2018-08-101-8/+8
|
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-1/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* tree-wide: make use of wait_for_terminate_and_check() at various placesLennart Poettering2018-01-041-21/+12
| | | | | | Using wait_for_terminate_and_check() instead of wait_for_terminate() let's us simplify, shorten and unify the return value checking and logging of waitid(). Hence, let's use it all over the place.
* process-util: add another fork_safe() flag for enabling LOG_ERR/LOG_WARN loggingLennart Poettering2018-01-041-4/+2
|
* tree-wide: introduce new safe_fork() helper and port everything overLennart Poettering2017-12-251-8/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new safe_fork() wrapper around fork() and makes use of it everywhere. The new wrapper does a couple of things we previously did manually and separately in a safer, more correct and automatic way: 1. Optionally resets signal handlers/mask in the child 2. Sets a name on all processes we fork off right after forking off (and the patch assigns useful names for all processes we fork off now, following a systematic naming scheme: always enclosed in () – in order to indicate that these are not proper, exec()ed processes, but only forked off children, and if the process is long-running with only our own code, without execve()'ing something else, it gets am "sd-" prefix.) 3. Optionally closes all file descriptors in the child 4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe way so that the parent dying before this happens being handled safely. 5. Optionally reopens the logs 6. Optionally connects stdin/stdout/stderr to /dev/null 7. Debug logs about the forked off processes.
* tree-wide: make use of new STRLEN() macro everywhere (#7639)Lennart Poettering2017-12-141-1/+1
| | | | | Let's employ coccinelle to do this for us. Follow-up for #7625.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* Merge pull request #6974 from keszybz/clean-up-definesLennart Poettering2017-10-041-2/+2
|\ | | | | Clean up define definitions
| * build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* | tree-wide: use IN_SET macro (#6977)Yu Watanabe2017-10-041-1/+1
|/
* tree-wide: use IN_SET where possibleAndreas Rammhold2017-10-021-1/+1
| | | | | In addition to the changes from #6933 this handles cases that could be matched with the included cocci file.
* build-sys: drop automake supportZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
| | | | | v2: - also mention m4
* util-lib: various improvements to kernel command line parsingLennart Poettering2016-12-211-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
* tree-wide: make parse_proc_cmdline() strip "rd." prefix automaticallyZbigniew Jędrzejewski-Szmek2016-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | This stripping is contolled by a new boolean parameter. When the parameter is true, it means that the caller does not care about the distinction between initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed parameters in the initramfs, and only on the unprefixed parameters in real root. If the parameter is false, behaviour is the same as before. Changes by caller: log.c (systemd.log_*): changed to accept rd-dot-prefix params pid1: no change, custom logic cryptsetup-generator: no change, still accepts rd-dot-prefix params debug-generator: no change, does not accept rd-dot-prefix params fsck: changed to accept rd-dot-prefix params fstab-generator: no change, custom logic gpt-auto-generator: no change, custom logic hibernate-resume-generator: no change, does not accept rd-dot-prefix params journald: changed to accept rd-dot-prefix params modules-load: no change, still accepts rd-dot-prefix params quote-check: no change, does not accept rd-dot-prefix params udevd: no change, still accepts rd-dot-prefix params I added support for "rd." params in the three cases where I think it's useful: logging, fsck options, journald forwarding options.
* tree-wide: allow state to be passed through to parse_proc_cmdline_itemZbigniew Jędrzejewski-Szmek2016-10-221-2/+2
| | | | No functional change.
* tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhereLennart Poettering2016-05-051-1/+1
| | | | | | | | | | The macro determines the right length of a AF_UNIX "struct sockaddr_un" to pass to connect() or bind(). It automatically figures out if the socket refers to an abstract namespace socket, or a socket in the file system, and properly handles the full length of the path field. This macro is not only safer, but also simpler to use, than the usual offsetof() + strlen() logic.
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering2015-11-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
* tree-wide: sort includesThomas Hindoe Paaboel Andersen2015-11-161-4/+4
| | | | Sort the includes accoding to the new coding style.
* util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: split out printf() helpers to stdio-util.hLennart Poettering2015-10-271-0/+1
|
* util-lib: move /proc/cmdline parsing code to proc-cmdline.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: move a number of fs operations into fs-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering2015-10-251-6/+7
| | | | | There are more than enough to deserve their own .c file, hence move them over.
* path-util: rework find_binary(), fsck_exists() and mkfs_exists()Lennart Poettering2015-10-241-5/+5
| | | | | | | | | | | | | | | | | | | | | Modernize the code a bit: - Get rid of FOREACH_WORD_SEPARATOR() loop in favour of a extract_first_word() loop. - Remove find_binary()'s "local" flag. It's not reasonably possible to look for binaries on remote systems, we hence should not pretend we could. - When we cannot find a suitable binary, return the last error returned from access() rather than ENOENT unconditionally. - Rework fsck_exists() and mkfs_exists() to return 1 on success, 0 if the implementation is missing and negative on real errors. This is more like we do it in other functions. - Make sure we also detect direct fsck symlinks to "true", rather than just absolute ones to /bin/true.
* Merge pull request #1394 from steelman/fsck-force-rebootLennart Poettering2015-09-301-4/+4
|\ | | | | fsck: start reboot.target irreversibly
| * fsck: start reboot.target irreversiblyŁukasz Stelmach2015-09-271-4/+4
| | | | | | | | | | | | | | In some situations rebooting after fixing rootfs fails because the job for reboot.target gets canceled. To avoid this the "mode" parameter of the StartUnitReplace() call needs to be set to "replace-irreversibly".
* | bus-util: rename bus_open_transport() to bus_connect_transport()Lennart Poettering2015-09-291-1/+1
|/ | | | | | | | | | | | | | In sd-bus, the sd_bus_open_xyz() family of calls allocates a new bus, while sd_bus_default_xyz() family tries to reuse the thread's default bus. bus_open_transport() sometimes internally uses the former, sometimes the latter family, but suggests it only calls the former via its name. Hence, let's avoid this confusion, and generically rename the call to bus_connect_transport(). Similar for all related calls. And while we are at it, also change cgls + cgtop to do direct systemd connections where possible, since all they do is talk to systemd itself.
* sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering2015-07-031-1/+1
| | | | | | | | | | | | | | | | sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
* tree-wide: whenever we fork off a foreign child process reset signal ↵Lennart Poettering2015-06-101-2/+2
| | | | | | | | | | mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
* util: split out signal-util.[ch] from util.[ch]Lennart Poettering2015-05-291-0/+1
| | | | No functional changes.
* fsck: add enum with fsck exit codesThomas Hindoe Paaboel Andersen2015-05-121-4/+16
|
* fsck: remove fsckd again, but keep the door open for external replacementLennart Poettering2015-04-281-89/+165
| | | | | | | | | | | | | | | | | For a longer discussion see this: http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html This introduces /run/systemd/fsck.progress as a simply AF_UNIX/SOCK_STREAM socket. If it exists and is connectable we'll connect fsck's -c switch with it. If external programs want to get progress data they should hence listen on this socket and will get all they need via that socket. To get information about the connecting fsck client they should use SO_PEERCRED. Unless /run/systemd/fsck.progress is around and connectable this change reverts back to v219 behaviour where we'd forward fsck output to /dev/console on our own.
* fsck: minor improvementsLennart Poettering2015-04-281-9/+16
| | | | | Among other smaller fixes, explicitly check if we are invoked on a block device before making use of st.st_rdev.
* fsck: parse kernel cmdline booleans the same ways as the restLennart Poettering2015-04-281-7/+13
|
View Lorry Controller Status