| Commit message (Collapse) | Author | Files | Lines |
|---|
|
We already print it as part of log_syntax() internal logic, don't print
it again, and in particular, don't print it at the end of log line, such
a strange place.
Follow-up for: 142468d89508c63262dd59335ea6d4fe82267564
|
|
|
|
maps are enabled (#7298)
So far, we assumed that kernels where TRIE was on also supported
BPF/cgroup stuff. That's not a correct assumption to make, hence check
for both features separately.
Fixes: #7054
|
|
|
|
Previously it was not possible to select which controllers to enable for
a unit where Delegate=yes was set, as all controllers were enabled. With
this change, this is made configurable, and thus delegation units can
pick specifically what they want to manage themselves, and what they
don't care about.
|
|
Messages that do not indicate a failing operation, but where we continue
operation should be at LOG_WARN, not at LOG_ERR.
|
|
And let's port over a couple of users to the new APIs.
|
|
|
|
This makes things more readable and fixes some issues with incorrect
flag propagation between the various flavours of config_parse().
|
|
|
|
|
|
subtree_mask is own_mask | members_mask, let's make use of that to
shorten a few things
|
|
|
|
which v1-only
|
|
|
|
Otherwise it's a pointless excercise, as we'll set up an empty directory
tree that's never going to be used.
Hence, let's move this around a bit, so that we do the basesystem
initialization exactly when RootImage= or RootDirectory= are used, but
not otherwise.
|
|
|
|
When compiling with an old kernel on architectures for which the
number is not defined in missing.h, a warning is generated in missing.h.
Let's just skip the protection in this case, to allow build to proceed.
|
|
Follow-up for b835eeb4ec1dd122b6feff2b70881265c529fcdd.
|
|
(#7295)
MemoryDenyWriteExecution policy could be be bypassed by using pkey_mprotect
instead of mprotect to create an executable writable mapping.
The impact is mitigated by the fact that the man page says "Note that this
feature is fully available on x86-64, and partially on x86", so hopefully
people do not rely on it as a sole security measure.
Found by Karin Hossen and Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/bugs/1725348
|
|
Fixes: #7135
|
|
Let's clarify that it's not networkd that renames interfaces, but
something else (for example, udev's link builtin based on .link files)
This doesn't change any logic, it just rewords the message a bit, to
clarify that we only log this for informational purposes, not because we
execute the rename operation ourselves.
Fixes: #7143
|
|
Change python3 path from /bin/python3 to /usr/bin/python3 to make
the test work on Ubuntu Xenial.
Follow-up for #7178.
|
|
|
|
|
|
No need to set an empty string here, sd-bus serializes NULL as empty
string anway.
|
|
|
|
|
|
|
|
This makes each system call in SystemCallFilter= blacklist optionally
takes errno name or number after a colon. The errno takes precedence
over the one given by SystemCallErrorNumber=.
C.f. #7173.
Closes #7169.
|
|
|
|
|
|
In Linux kernel code, MAX_ERRNO is defined as 4095.
Here, we use that value for ERRNO_MAX.
|
|
Let's hook up the sysfs tree output with the output flags logic,
already used when dumping log lines or process trees. This way we get
very similar output handling for line breaking/ellipsation in all three
outputs of structured data.
Fixes: #7095
|
|
Let's say that (size_t) -1 (i.e. SIZE_T_MAX) is equivalent to
"unbounded" ellipsation, i.e. ellipsation as NOP. In which case the
relevant functions become little more than strdup()/strndup().
This is useful to simplify caller code in case we want to turn off
ellipsation in certain code paths with minimal caller-side handling for
this.
|
|
loginctl, machinectl, systemctl all have very similar implementations of
a get_output_flags() functions. Simplify it by merging two lines that
set the same flag.
|
|
places
Let's shorten the code a bit.
|
|
Not that we need it, but let's do this as matter of completeness.
|
|
We show journal data, hence we should install the SIGBUS handler.
Similar for machinectl, where the same applies.
|
|
There should be a way to turn this logic of, and DefaultDependencies=
appears to be the right option for that, hence let's downgrade this
dependency type from "implicit" to "default, and thus honour
DefaultDependencies=.
This also drops mount_get_fstype() as we only have a single user needing
this now.
A follow-up for #7076.
|
|
with sysfs path
This should make cases like the user's setup in #7109 a lot easier to
handle, as in that case we'll do the right escaping automatically.
|
|
|
|
right moment
Previously dependencies configured with SYSTEMD_WANTS would be collected
on a device unit as long as it was loaded. let's fix that, and remove
dependencies again when SYTEMD_WANTS changes.
|
|
Let's drop use of one variable and make the rest more explicit.
|
|
let's make use of the dependency mask, and add internal API to remove
dependencies ago, based on bits in the dependency mask.
|
|
|
|
Let's log when we can't parse the udev property, and always use the most
precise, correct types.
|
|
This replaces the dependencies Set* objects by Hashmap* objects, where
the key is the depending Unit, and the value is a bitmask encoding why
the specific dependency was created.
The bitmask contains a number of different, defined bits, that indicate
why dependencies exist, for example whether they are created due to
explicitly configured deps in files, by udev rules or implicitly.
Note that memory usage is not increased by this change, even though we
store more information, as we manage to encode the bit mask inside the
value pointer each Hashmap entry contains.
Why this all? When we know how a dependency came to be, we can update
dependencies correctly when a configuration source changes but others
are left unaltered. Specifically:
1. We can fix UDEV_WANTS dependency generation: so far we kept adding
dependencies configured that way, but if a device lost such a
dependency we couldn't them again as there was no scheme for removing
of dependencies in place.
2. We can implement "pin-pointed" reload of unit files. If we know what
dependencies were created as result of configuration in a unit file,
then we know what to flush out when we want to reload it.
3. It's useful for debugging: "systemd-analyze dump" now shows
this information, helping substantially with understanding how
systemd's dependency tree came to be the way it came to be.
|
|
|
|
On Fedora /etc/init.d is a symlink to /etc/rc.d/init.d. Our build
scripts default to /etc/init.d since that is the LSB default. Let's make
sure the build script thus follows the symlink correctly and configures
to path explicitly, since otherwise our build artifacts in $DESTDIR are
incompatible with the setup we actually need for Fedora.
|
