summaryrefslogtreecommitdiffstats
path: root/src/coredump (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: drop msg argument for DEFINE_CONFIG_PARSE() macro and friendsYu Watanabe2024-09-011-1/+1
| | | | | This makes the macros use log_syntax_parse_error(), hopefully which provides more informative log message in general, and reduces binary size.
* shared/logs-show: introduce journal_browse_prepare()Mike Yuan2024-08-221-5/+2
| | | | which combines sigbus_install() and bumping fd limit.
* coredump: generate properly symbolized stacktrace for containerized processesMichal Sekletar2024-08-062-23/+158
|
* coredump: correctly take tmpfs size into account for compressionLuca Boccassi2024-07-031-8/+12
| | | | | | | | | | | | | We calculate the amount of uncompressed data we can write by taking the limits into account and halving it to ensure there's room for switching to compression on the fly when storing cores on a tmpfs (eg: due read-only rootfs). But the logic is flawed, as taking into account the size of the tmpfs storage was applied after the halving, so in practice when an uncompressed core file was larger than the tmpfs, we fill it and then fail. Rearrange the logic so that the halving is done after taking into account the tmpfs size.
* libsystemd: turn json.[ch] into a public APILennart Poettering2024-06-122-15/+19
| | | | | | | | | | | | | | | This is preparation for making our Varlink API a public API. Since our Varlink API is built on top of our JSON API we need to make that public first (it's a nice API, but JSON APIs there are already enough, this is purely about the Varlink angle). I made most of the json.h APIs public, and just placed them in sd-json.h. Sometimes I wasn't so sure however, since the underlying data structures would have to be made public too. If in doubt I didn#t risk it, and moved the relevant API to src/libsystemd/sd-json/json-util.h instead (without any sd_* symbol prefixes). This is mostly a giant search/replace patch.
* tree-wise: several cleanups for loggingYu Watanabe2024-04-301-3/+2
| | | | | | | | | | | - drop unnecessary SYNTHETIC_ERRNO() when the logger does not propagate error code, - drop unnecessary '%m' in error message when the error code is specified with SYNTHETIC_ERRNO(), - add missing full stop at the end of log message, - use RET_GATHER(), - add missing ", ignoring.", - upeercase the first letter, etc., etc...
* sd-journal: make sure sd_journal_add_match() also accepts SIZE_MAX as sizeLennart Poettering2024-04-101-3/+3
| | | | | | | | | | | | | | | | In many of our internal functions that take a pointer + a size we have introduced the rule that SIZE_MAX as size means: take strlen(). sd_journal_add_match() has something similar, but the special value is 0, not SIZE_MAX. This is a bit ugly, since a zero size data block is theoretically fine. The only reason sd_journal_add_match() gets away with using this special value is because valid matches must consist of at least 2 chars, hence cannot be zero. But let's make this more robust and less surprising when compared to the rest of our code, and *also* accept SIZE_MAX to mean strlen(). No actual code changes, just some clean-up.
* coredumpctl: use strv_skip()Yu Watanabe2024-03-251-3/+3
| | | | No functional change, just refactoring.
* coredumpctl: use journal_add_match_pair()Yu Watanabe2024-03-251-12/+14
| | | | | | Also, - use is_path(), - drop unused pid.
* coredump: use free_and_strdup_warn() moreZbigniew Jędrzejewski-Szmek2024-03-201-13/+6
|
* Merge pull request #30480 from keszybz/kernel-install-more-pathsZbigniew Jędrzejewski-Szmek2024-03-081-2/+2
|\ | | | | Read kernel-install config from /run/kernel too
| * various: use new config loader instead of config_parse_config_file()Zbigniew Jędrzejewski-Szmek2024-03-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This means the main config file is loaded also from /run and /usr. We should load the main config file from all the places where we load drop-ins. I realize I had a giant blind spot: I always assumed that we load config files from /etc, /run, /usr/local/lib, /usr/lib. But it turns out that we only used those paths for drop-ins. For the main config file, we only looked in /etc. The docs actually partially described this behaviour, i.e. most SYNOPSIS sections and some parts of the text, but not others. This is strange, because 6495361c7d5e8bf640841d1292ef6cfe1ea244cf was completely bogus with the behaviour before this patch. We had a huge discussion before it was merged, and clearly nobody noticed this. Similarly, in the previous version of the current pull request, we had a long discussion about the appropriate order of directories, and apparently nobody noticed that there was no order, because only looked in one directory. So the blind spot seems to have been shared. Also, systemd-analyze cat-config behaved incorrectly, i.e. its behaviour matches the new behaviour. Possibly, in the future it'll make it easier to add support for --root.
| * shared/conf-parser: collapse pkgdir and conf_file args into oneZbigniew Jędrzejewski-Szmek2024-03-071-1/+1
| | | | | | | | | | | | | | | | | | | | This essentially reverts 5656cdfeeabc16b5489f5ec7a0a36025a2ec1f23. I find it much easier to understand what is going on when the path-relative-to-the-search-path is passed in full, instead of being constructed from two parts, with one of the parts being implicit in some places. Also, we call 'systemd-analyze cat-config <path>' with <path> with the same meaning, so this makes the internal and external APIs more consistent.
* | dynamically load compression librariesMatteo Croce2024-03-051-10/+5
| | | | | | | | | | | | Dynamically load liblz4, libzstd and liblzma with dlopen(). This helps to reduce the size of the initrd image when these libraries are not really needed.
* | dissect-image: add flag for explicitly enabling userspace verity signature ↵Lennart Poettering2024-02-281-1/+2
|/ | | | | | | | | | checking let's make userspace verity signature checking optional. This adds a dissection flag to enable the logic and patches through all our users to enable it by default, thus effectively not changing anything from the status quo ante. However, know we have a knob to turn this off in certain scenarios.
* tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriateYu Watanabe2024-02-111-4/+4
| | | | Co-authored-by: Costa Tsaousis <costa@netdata.cloud>
* coredump: log minimal metadata earlyHarald Brinkmann2024-02-021-1/+7
|
* tree-wide: port over various pieces of code to strv_extend_many()Lennart Poettering2024-01-171-3/+3
|
* coredumpctl: fix memory leakAntonio Alvarez Feijoo2024-01-101-0/+2
|
* src/basic: rename uid-alloc-range.[ch] to uid-classification.[ch]Zbigniew Jędrzejewski-Szmek2024-01-091-1/+1
| | | | | | | | | We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so the existing name is outdated. I think the uid-range.[ch] should stay separate because it has a bunch of helpers for parsing and printing of uid ranges. So let's rename as in $subject to better reflect the contents of the file and make the two sets of files harder to confuse.
* tree-wide: insert space after for and switchYu Watanabe2023-12-241-1/+1
|
* test: always call test_setup_logging()Yu Watanabe2023-11-171-0/+2
|
* coredumpctl: propagate SIGTERM to the debugger processFrantisek Sumsal2023-11-071-1/+16
| | | | | | | | If we're waiting for the debugger process to exit and receive SIGTERM, propagate it to all processes in our process group, including the debugger, so we can follow it up with a proper cleanup. Resolves: #28772
* process-util: add new FORK_DEATHSIG_SIGKILL flag, rename FORK_DEATHSIG → ↵Lennart Poettering2023-11-022-2/+2
| | | | | | | | | | | | | | | | | | FORK_DEATHSIG_SIGTERM Sometimes it makes sense to hard kill a client if we die. Let's hence add a third FORK_DEATHSIG flag for this purpose: FORK_DEATHSIG_SIGKILL. To make things less confusing this also renames FORK_DEATHSIG to FORK_DEATHSIG_SIGTERM to make clear it sends SIGTERM. We already had FORK_DEATHSIG_SIGINT, hence this makes things nicely symmetric. A bunch of users are switched over for FORK_DEATHSIG_SIGKILL where we know it's safe to abort things abruptly. This should make some kernel cases more robust, since we cannot get confused by signal masks or such. While we are at it, also fix a bunch of bugs where we didn't take FORK_DEATHSIG_SIGINT into account in safe_fork()
* coredump: let's always drop privilegesLennart Poettering2023-11-011-42/+39
| | | | | | | | | | | Let's unconditionally drop privileges before submitting the coredump log message. Let's make the codepaths where we acquired a coredump and where we didn't more alike: let's drop privs in both cases. This is not only safer, but means that the coredump messages are always accessible by the owner of the aborted process.
* coredump: tweak coredump log messageLennart Poettering2023-11-011-8/+19
| | | | | | | | | | Let's not claim a process dumped core if that was disabled via resource limits. While we are at it, switch from stack to heap allocation for the log message, as it includes a stack trace which can be arbitrarily large. Fixes: #28559
* fd-uitl: rename PIPE_EBADF → EBADF_PAIR, and add EBADF_TRIPLETLennart Poettering2023-10-261-1/+1
| | | | | | | | We use it for more than just pipe() arrays. For example also for socketpair(). Hence let's give it a generic name. Also add EBADF_TRIPLET to mirror this for things like stdin/stdout/stderr arrays, which we use a bunch of times.
* Merge pull request #29601 from yuwata/mmap-check-overflowLuca Boccassi2023-10-241-3/+3
|\ | | | | mmap: check offset and size more carefully
| * tree-wide: check if return value of lseek() and friends is negativeYu Watanabe2023-10-191-3/+3
| | | | | | | | | | | | | | | | | | We usually check return value of syscalls or glibc functions by it is negative or not, something like that `if (stat(path, &st) < 0)`. Let's also use the same style for lseek() and friends even the type of their return value is off_t. Note, fseeko() returns int, instead of off_t.
* | io-util: split out "struct iovec" related calls into their own .c/.h filesLennart Poettering2023-10-201-1/+1
|/ | | | | | | | | This is preparation for #28891, which adds a bunch more helpers around "struct iovec", at which point this really deserves its own .c/.h file. The idea is that we sooner or later can consider "struct iovec" as an entirely generic mechanism to reference some binary blob, and is the go-to type for this purpose whenever we need one.
* process-util: add pidref_get_comm() and rename get_process_comm() to ↵Lennart Poettering2023-10-181-1/+1
| | | | pid_get_comm()
* process-util: add pidref_get_cmdline()Lennart Poettering2023-10-181-2/+2
|
* meson: add build option for install path of main config filesFranck Bui2023-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows distros to install configuration file templates in /usr/lib/systemd for example. Currently we install "empty" config files in /etc/systemd/. They serve two purposes: - The file contains commented-out values that show the default settings. - It is easier to edit the right file if it is already there, the user doesn't have to type in the path correctly, and the basic file structure is already in place so it's easier to edit. Things that have happened since this approach was put in place: - We started supporting drop-ins for config files, and drop-ins are the recommended way to create local configuration overrides. - We have systemd-analyze cat-config which takes care of iterating over all possible locations (/etc, /run, /usr, /usr/local) and figuring out the right file. - Because of the first two points, systemd-analyze cat-config is much better, because it takes care of finding all the drop-ins and figuring out the precedence. Looking at files manually is still possible of course, but not very convenient. The disadvantages of the current approach with "empty" files in /etc: - We clutter up /etc so it's harder to see what the local configuration actually is. - If a user edits the file, package updates will not override the file (e.g. systemd.rpm uses %config(noreplace). This means that the "documented defaults" will become stale over time, if the user ever edits the main config file. Thus, I think that it's reasonable to: - Install the main config file to /usr/lib so that it serves as reference for syntax and option names and default values and is properly updated on package upgrades. - Recommend to users to always use drop-ins for configuration and systemd-analyze cat-config to view the documentation. This setting makes this change opt-in. Fixes #18420. [zjs: add more text to the description]
* Merge pull request #29242 from fbuihuu/update-main-config-file-headersZbigniew Jędrzejewski-Szmek2023-10-171-3/+5
|\ | | | | config files: update their header to reflect that they can be install…
| * config files: update their header to reflect that they can be installed in /usrFranck Bui2023-09-211-3/+5
| | | | | | | | Follow-up for c76f2fb0e59340222ce21f85c17d384c114db9de.
* | coredump: add support for forwarding coredump to containersNick Rosbrook2023-10-131-3/+247
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a process crashes within a container, try and forward the coredump to that container. To do this, check if the crashing process is in a different pidns, and if so, find the PID of the namespace leader. We only proceed with forwarding if that PID belongs to a cgroup that is descendant of another cgroup with user.delegate=1 and user.coredump_receive=1 (i.e. Delegate=yes and CoredumpReceive=yes). If we proceed, attach to the namespaces of the leader, and send the coredump to systemd-coredump.socket in the container. Before this is done, we need to translate the PID, UID, and GID, and also re-gather procfs metadata. Translate the PID, UID, and GID to the perspective of the container by sending an SCM_CREDENTIALS message over a socket pair from the original systemd-coredump process, to the process forked in the container. If we cannot successfully forward the coredump, fallback to the current behavior so that there is still a record of the crash on the host.
* | process-util: introduce namespace_get_leader helperNick Rosbrook2023-10-131-51/+1
| | | | | | | | | | | | | | | | For a given PID and namespace type, this helper function gives the PID of the leader of the namespace containing the given PID. Use this in systemd-coredump instead of using the existing get_mount_namespace_leader. This helper will be used again in a later commit.
* | coredump: store crashing process UID and GID in ContextNick Rosbrook2023-10-131-19/+15
|/ | | | | | | | | | For convenience, store the crashing process's UID and GID in Context (as uid_t and gid_t, respectively), as is currently done for the PID. This means we can just parse the UID/GID once in save_context(), and use those values in other places. This is just re-factoring, and is a preparation commit for container support.
* coredump: fix various invalid memory accessYu Watanabe2023-08-101-19/+14
| | | | | | | | | Previously, we did not check error from iovw_put(). If it fails, the target iovw may have no iov or partial iovs from the journal importar. So, the finalization may cause underflow and may access and free invalid memory. Follow-up for 946dc7c635f050129896d1515c08a81504af2421.
* coredump: let's use FOREACH_ARRAY() at once very obvious placeLennart Poettering2023-08-101-4/+1
|
* coredump: fix error pathLennart Poettering2023-08-101-1/+1
| | | | | We must go through finish, to undo the destruction of the final elements of the iovw properly.
* coredump: rename gather_pid_metadata() → gather_pid_metadata_from_procfs()Lennart Poettering2023-08-101-3/+3
| | | | | Let's make clear what this function does, and what it distinguishes with the more precisely named gather_pid_metadata_from_argv().
* coredump: add four assert()sLennart Poettering2023-08-101-0/+6
|
* coredump: use a cleanup handler for destroying iovw objectsLennart Poettering2023-08-101-9/+5
|
* meson: merge declarations of normal and test executablesYu Watanabe2023-08-031-9/+6
|
* meson: move declarations of coredumpd and friendsYu Watanabe2023-08-011-1/+29
|
* coredumpctl: cleanup use of ERRNO_IS_PRIVILEGE()Dmitry V. Levin2023-07-281-7/+8
| | | | | | | | | | | Given that ERRNO_IS_PRIVILEGE() also matches positive values, make sure this macro is not called with arguments that do not have errno semantics. In this case the argument passed to ERRNO_IS_PRIVILEGE() is the value returned by access_fd() which is not expected to return any positive values, but let's be consistent anyway and move the ERRNO_IS_PRIVILEGE() invocation to the branch where the return value is known to be negative.
* coredump: use RET_NERRNO and RET_GATHERZbigniew Jędrzejewski-Szmek2023-07-131-5/+3
| | | | No functional change indended.
* tree-wide: "<n>bit" → "<n>-bit"Zbigniew Jędrzejewski-Szmek2023-07-021-1/+1
| | | | In some places, "<n> bits" is used when more appropriate.
* coredump: clamp JournalSizeMax= to maximum journald would acceptLennart Poettering2023-06-231-3/+21
| | | | See: #26748
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 03:33:09 +0100