| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Just a minor optimization.
|
| |\
| |
| | |
Systemd controller on unified v2
|
| | |
| |
| |
| |
| | |
This isn't terribly useful because /sys/fs/cgroup will usually be mounted.
But it at least allows checking if the values make sense in this case.
|
| | |
| |
| |
| |
| | |
We should mount the hybrid hierarchy if the user disabled the unified
hierarchy on the kernel command line.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
/sys/fs/cgroups/unified on unified
If we encounter an error in proc cmdline parsing, just treat that as permanent,
i.e. the same as if the option was not specified. Realistically, it is better
to use the same condition for all related mounts, then to have e.g.
/sys/fs/cgroup mounted and /sys/fs/cgroup/unified not. If we find something is
mounted and base our answer on that, cache that result too.
Fix the conditions so that if "unified" is used, make sure any "hybrid" mounts
are not mounted.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need this to gracefully support older or strangely configured kernels.
v2:
- do not install a callback handler, just embed the right conditions into
cg_is_*_wanted()
v3:
- fix bug in cg_is_legacy_wanted()
|
| | |
| |
| |
| | |
Less typing and doesn't make the table so incredibly wide.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is pretty important, and we print this string during startup, so putting
the default hierarchy information might help with diagnosis if things go awry.
$ ./systemctl --version
systemd 232
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=legacy
v2: make the message nicer by including the ./configure option argument
directly in output
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default default is set to "legacy", with "hybrid" and "unified"
being the other two alternatives.
There invert the behaviour for systemd.legacy_systemd_cgroup_controller:
if it is not specified on the kernel command line, "hybrid" is used if
selected as the default. If this option is specified, "hybrid" is used if false,
and full "legacy" if true.
Also make all fields in the configure summary lowercase (unless they are
capitalized names) for consistency.
v2:
- update for the fixed interpreation of systemd.legacy_systemd_cgroup_controller
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
v232's cgroup hybrid mode mounted v2 on /sys/fs/cgroup/systemd, which
unfortunately broke other tools which expect v1 there. From v233 on, hybrid
mode instead mounts and uses v2 on /sys/fs/cgroup/unified and keeps
/sys/fs/cgroup/systemd on v1 for compatibility with external tools. However,
to keep systemd live upgrades working, v233+ should be able to recognize v232
layout and keep using it.
This patch adds v232 hybrid mode support. If v232 layout is detected,
cg_unified(SYSTEMD_CGRouP_CONTROLLER) keeps returning %true but
cg_hybrid_unified() returns %false. This keeps process management on cgroup v2
but turns off the parallel layout.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
hierarchy
Currently the hybrid mode mounts cgroup v2 on /sys/fs/cgroup instead of the v1
name=systemd hierarchy. While this works fine for systemd itself, it breaks
tools which expect cgroup v1 hierarchy on /sys/fs/cgroup/systemd.
This patch updates the hybrid mode so that it mounts v2 hierarchy on
/sys/fs/cgroup/unified and keeps v1 "name=systemd" hierarchy on
/sys/fs/cgroup/systemd for compatibility. systemd itself doesn't depend on the
"name=systemd" hierarchy at all. All operations take place on the v2 hierarchy
as before but the v1 hierarchy is kept in sync so that any tools which expect
it to be there can keep doing so. This allows systemd to take advantage of
cgroup v2 process management without requiring other tools to be aware of the
hybrid mode.
The hybrid mode is implemented by mapping the special systemd controller to
/sys/fs/cgroup/unified and making the basic cgroup utility operations -
cg_attach(), cg_create(), cg_rmdir() and cg_trim() - also operate on the
/sys/fs/cgroup/systemd hierarchy whenever the cgroup2 hierarchy is updated.
While a bit messy, this will allow dropping complications from using cgroup v1
for process management a lot sooner than otherwise possible which should make
it a net gain in terms of maintainability.
v2: Fixed !cgns breakage reported by @evverx and renamed the unified mount
point to /sys/fs/cgroup/unified as suggested by @brauner.
v3: chown the compat hierarchy too on delegation. Suggested by @evverx.
v4: [zj]
- drop the change to default, full "legacy" is still the default.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
cg_is_unified_systemd_contoller_wanted
1d84ad944520fc3e062ef518c4db4e1 reversed the meaning of the option.
The kernel command line option has the opposite meaning to the function,
i.e. specifying "legacy=yes" means "unifed systemd controller=no".
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SYSTEMD_CGROUP_CONTROLLER is currently defined as "name=systemd" which cgroup
utility functions interpret as a named cgroup hierarchy with the specified
named. With the planned cgroup hybrid mode changes, SYSTEMD_CGROUP_CONTROLLER
would map to different hierarchy names.
This patch makes SYSTEMD_CGROUP_CONTROLLER a special string "_systemd" which is
substituted to "name=systemd" by the cgroup utility functions. This allows the
callers to address the systemd hierarchy without actually specifying the
hierarchy name allowing the cgroup utility functions to map it to whatever is
appropriate.
Note that SYSTEMD_CGROUP_CONTROLLER was already special on full unified cgroup
hierarchy even before this patch.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cg_[all_]unified() test whether a specific controller or all controllers are on
the unified hierarchy. While what's being asked is a simple binary question,
the callers must assume that the functions may fail any time, which
unnecessarily complicates their usages. This complication is unnecessary.
Internally, the test result is cached anyway and there are only a few places
where the test actually needs to be performed.
This patch simplifies cg_[all_]unified().
* cg_[all_]unified() are updated to return bool. If the result can't be
decided, assertion failure is triggered. Error handlings from their callers
are dropped.
* cg_unified_flush() is updated to calculate the new result synchrnously and
return whether it succeeded or not. Places which need to flush the test
result are updated to test for failure. This ensures that all the following
cg_[all_]unified() tests succeed.
* Places which expected possible cg_[all_]unified() failures are updated to
call and test cg_unified_flush() before calling cg_[all_]unified(). This
includes functions used while setting up mounts during boot and
manager_setup_cgroup().
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cgroup mode detection is broken in two different ways.
* detect_unified_cgroup_hierarchy() is called too nested in outer_child().
sync_cgroup() which is used by run() also needs to know the requested cgroup
mode but it's currently always getting CGROUP_UNIFIED_UNKNOWN. This makes it
skip syncing the inner cgroup hierarchy on some config combinations.
$ cat /proc/self/cgroup | grep systemd
1:name=systemd:/user.slice/user-0.slice/session-c1.scope
$ UNIFIED_CGROUP_HIERARCHY=0 SYSTEMD_NSPAWN_USE_CGNS=0 systemd-nspawn -M container
...
[root@container ~]# cat /proc/self/cgroup | grep systemd
1:name=systemd:/machine.slice/machine-container.x86_64.scope
$ exit
$ UNIFIED_CGROUP_HIERARCHY=1 SYSTEMD_NSPAWN_USE_CGNS=0 systemd-nspawn -M container
[root@container ~]# cat /proc/self/cgroup | grep 0::
0::/
$ exit
Note how the unified hierarchy case's path is not synchronized with the host.
This for example can cause issues when there are multiple such containers.
Fixed by moving detect_unified_cgroup_hierarchy() invocation to main().
* inner_child() was invoking cg_unified_flush(). inner_child() executes fully
scoped and can't determine which cgroup mode the host was in. It doesn't
make sense to keep flushing the detected mode when the host mode can't
change.
Fixed by replacing cg_unified_flush() invocations in outer_child() and
inner_child() with one in main().
|
| |\ \
| | |
| | | |
Udev log revert
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit c22569eeeafa94cf510267071f5b75c4ab714e09.
Let's revert this for now, since it apparently doesn't fix the problem
at hand.
|
| |/ /
| |
| |
| |
| | |
The cg_pid_get_path_shifted() is called twice during
server_dispatch_message(). We can get rid of the second by passing the
path to dispatch_message_real().
|
| | |
| |
| |
| | |
We not looking for hashmap_put return error code.
|
| | |
| |
| |
| |
| |
| |
| | |
fd45e52 sets
n to NULL which leads to crash.
fixes: #5418
|
| |\ \
| | |
| | | |
test-env-util: fix typo leading to memleak
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fixes #5405.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Partially fixes #5405.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As per commit 25e773e "udev: switch to systemd logging functions"
Now log_set_max_level() in udev_new() overwites system wide log level.
Propagate the udev.conf setting to log_set_max_level()
only if udev_new() is called from within udevd or one of its helpers.
Introduce a UDEV_PROPAGATE_LOG macro that we set with -D on
the gcc command line for all udev binaries we build, but not
for any others. The log_set_max_level() call is guarded by an
ifdef check for that macro, so that it only effects the various
udev binaries.
closes: #4525
|
| | | |
| | |
| | | |
From: #5393
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 18f71a3c8174774c5386c4aba94d54f3b5c36a84.
According to @keszybz we don't need this anymore, hence drop it:
https://github.com/systemd/systemd/pull/5131/commits/18f71a3c8174774c5386c4aba94d54f3b5c36a84#r102232368
|
| | | |
| | |
| | |
| | | |
Fixes: #5401
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the snippet aleady exists, don't do anything, as the file was already
installed then.
(This also reworks the code to create the file atomically)
Fixes: #5396
|
| | | |
| | |
| | |
| | | |
Also, make sure to reuse temporary file handling used elsewhere.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If our netlink input buffer overruns the kernel will send us ENOBUFS on
the next recvmsg(). Don't consider this a complete failure resulting in
closing of the netlink socket. Instead, simply continue (after debug
logging).
Of course, ideally we'd have a better strategy for this, and would have
a way to resync if this happens (as well as a scheme for cancelling all
ongoing asynchronous transactions), but for now let's at least not choke
fatally, and simply accept that we lost some messages and continue.
Note that if we lose messages when synchronously waiting for an
operation to complete, we'll still propagate the ENOBUFS up, to make the
individual transaction fail.
See: #5398
(This bug does not properly fix the issue, hence we should leave the bug
open.)
|
| | | |
| | |
| | |
| | | |
Fixes: #5408
|
| |/ /
| |
| |
| |
| |
| | |
IN_SET(SIGCONT, SIGKILL) will always evaluate to false.
The signal needs to be included as the first argument.
Fixup for 26f417d3e8dd2522adfdc4c8fed4c36fa40f48fc.
|
| | |
| |
| |
| |
| | |
Just to clarify, that these options expect arguments, following our
usual style.
|
| |\ \
| | |
| | | |
Environment generators
|
| | | |
| | |
| | |
| | |
| | | |
This is only the tip of the iceberg. It would be great to test all kinds of nesting, handling
of invalid syntax, etc., but I'm leaving that for later.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sometimes it's useful to provide a default value during an environment
expansion, if the environment variable isn't already set.
For instance $XDG_DATA_DIRS is suppose to default to:
/usr/local/share/:/usr/share/
if it's not yet set. That means callers wishing to augment
XDG_DATA_DIRS need to manually add those two values.
This commit changes replace_env to support the following shell
compatible default value syntax:
XDG_DATA_DIRS=/foo:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share}
Likewise, it's useful to provide an alternate value during an
environment expansion, if the environment variable isn't already set.
For instance, $LD_LIBRARY_PATH will inadvertently search the current
working directory if it starts or ends with a colon, so the following
is usually wrong:
LD_LIBRARY_PATH=/foo/lib:${LD_LIBRARY_PATH}
To address that, this changes replace_env to support the following
shell compatible alternate value syntax:
LD_LIBRARY_PATH=/foo/lib${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
[zj: gate the new syntax under REPLACE_ENV_ALLOW_EXTENDED switch, so
existing callers are not modified.]
|
| | | |
| | |
| | |
| | | |
It's like replace_env, but lets you pass in a substring.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
In the future we might want to allow additional syntax (for example
"unset VAR". But let's check that the data we're getting does not contain
anything unexpected.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(Only in environment.d files.)
We have only basic compatibility with shell syntax, but specifying variables
without using braces is probably more common, and I think a lot of people would
be surprised if this didn't work.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Why the strange name: the prefix is necessary to follow our own advice that
environment generators should have numerical prefixes. I also put -d- in the
name because otherwise the name was very easy to mistake with
systemd.environment-generator. This additional letter clarifies that this
on special generator that supports environment.d files.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
merge_env_file is a new function, that's like load_env_file, but takes a
pre-existing environment as an input argument. New environment entries are
merged. Variable expansion is performed.
Falling back to the process environment is supported (when a flag is set).
Alternatively this could be implemented as passing an additional fallback
environment array, but later on we're adding another flag to allow braceless
expansion, and the two flags can be combined in one arg, so there's less
stuff to pass around.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
strempty() converts a NULL value to empty string, so
that it can be passed on to functions that don't support NULL.
replace_env calls strempty before passing its value on to strappend.
strappend supports NULL just fine, though, so this commit drops the
strempty call.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
If an environment array has duplicates, strv_env_get_n returns
the results for the first match. This is wrong, because later
entries in the environment are supposed to replace earlier
entries.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Environment file generators are a lot like unit file generators, but not
exactly:
1. environment file generators are run for each manager instance, and their
output is (or at least can be) individualized.
The generators themselves are system-wide, the same for all users.
2. environment file generators are run sequentially, in priority order.
Thus, the lifetime of those files is tied to lifecycle of the manager
instance. Because generators are run sequentially, later generators can use or
modify the output of earlier generators.
Each generator is run with no arguments, and the whole state is stored in the
environment variables. The generator can echo a set of variable assignments to
standard output:
VAR_A=something
VAR_B=something else
This output is parsed, and the next and subsequent generators run with those
updated variables in the environment. After the last generator is done, the
environment that the manager itself exports is updated.
Each generator must return 0, otherwise the output is ignored.
The generators in */user-env-generator are for the user session managers,
including root, and the ones in */system-env-generator are for pid1.
|
| | | |
| | |
| | |
| | | |
Only tests are added, otherwise the new code is unused.
|
