[systemd-commits] Branch 'journal' - 28 commits - Makefile.am TODO configure.ac man/systemctl.xml man/systemd.exec.xml man/systemd.service.xml man/systemd.special.xml.in man/systemd.unit.xml po/pl.po src/condition.c src/condition.h src/execute.c src/generate-kbd-model-map src/hostname-setup.c src/journal src/load-fragment-gperf.gperf.m4 src/localed.c src/logind-dbus.c src/mount.c src/nspawn.c src/pager.c src/readahead-common.h src/sd-login.h src/service.c src/special.h src/timedated.c src/tmpfiles.c src/util.c src/util.h units/local-fs-pre.target units/remote-fs-pre.target units/remount-rootfs.service units/systemd-logind.service.in units/systemd-remount-api-vfs.service.in units/systemd-stdout-syslog-bridge.service.in
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Oct 11 19:41:54 PDT 2011
Makefile.am | 4 +-
TODO | 7 +++-
configure.ac | 2 -
man/systemctl.xml | 7 ++++
man/systemd.exec.xml | 5 +++
man/systemd.service.xml | 36 +++++++++++++---------
man/systemd.special.xml.in | 26 ++++++++++++++++
man/systemd.unit.xml | 29 +++++++++++++----
po/pl.po | 10 +++---
src/condition.c | 36 +++++++++++++++++++++-
src/condition.h | 1
src/execute.c | 7 +---
src/generate-kbd-model-map | 42 ++++++++------------------
src/hostname-setup.c | 4 +-
src/journal/journal-file.c | 4 +-
src/load-fragment-gperf.gperf.m4 | 1
src/localed.c | 8 ++++
src/logind-dbus.c | 7 +++-
src/mount.c | 6 ++-
src/nspawn.c | 8 ----
src/pager.c | 2 -
src/readahead-common.h | 2 -
src/sd-login.h | 4 +-
src/service.c | 1
src/special.h | 2 +
src/timedated.c | 20 +++++++++++-
src/tmpfiles.c | 1
src/util.c | 41 +++++++++++++++++++++++--
src/util.h | 2 +
units/local-fs-pre.target | 11 ++++++
units/remote-fs-pre.target | 15 +++++++++
units/remount-rootfs.service | 3 +
units/systemd-logind.service.in | 4 ++
units/systemd-remount-api-vfs.service.in | 3 +
units/systemd-stdout-syslog-bridge.service.in | 4 ++
35 files changed, 275 insertions(+), 90 deletions(-)
New commits:
commit 38ac38b298a91c358285b7330aa66679338af874
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Oct 12 04:41:27 2011 +0200
journal: only fallocate() what we really need to avoid slowness on file systems which do not support fallocate natively
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 37e2e37..45cc0d1 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -162,7 +162,7 @@ static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size)
new_size = PAGE_ALIGN(offset + size);
/* We assume that this file is not sparse, and we know that
- * for sure, since we alway call posix_fallocate()
+ * for sure, since we always call posix_fallocate()
* ourselves */
old_size =
@@ -195,7 +195,7 @@ static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size)
if (asize > le64toh(f->header->arena_max_size))
return -E2BIG;
- if (posix_fallocate(f->fd, 0, new_size) < 0)
+ if (posix_fallocate(f->fd, old_size, new_size - old_size) < 0)
return -errno;
if (fstat(f->fd, &f->last_stat) < 0)
commit 689b9a22f7fa89686b2b5240b7ee9f449dea5630
Merge: cec736d... 64685e0...
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Oct 12 04:29:11 2011 +0200
Merge branch 'master' into journal
diff --cc src/util.c
index a3cfe86,e93e6f6..26c2f22
--- a/src/util.c
+++ b/src/util.c
@@@ -5883,20 -5704,35 +5886,52 @@@ int strdup_or_null(const char *a, char
return 0;
}
+int prot_from_flags(int flags) {
+
+ switch (flags & O_ACCMODE) {
+
+ case O_RDONLY:
+ return PROT_READ;
+
+ case O_WRONLY:
+ return PROT_WRITE;
+
+ case O_RDWR:
+ return PROT_READ|PROT_WRITE;
+
+ default:
+ return -EINVAL;
+ }
++
+ unsigned long cap_last_cap(void) {
+ static __thread unsigned long saved;
+ static __thread bool valid = false;
+ unsigned long p;
+
+ if (valid)
+ return saved;
+
+ p = (unsigned long) CAP_LAST_CAP;
+
+ if (prctl(PR_CAPBSET_READ, p) < 0) {
+
+ /* Hmm, look downwards, until we find one that
+ * works */
+ for (p--; p > 0; p --)
+ if (prctl(PR_CAPBSET_READ, p) >= 0)
+ break;
+
+ } else {
+
+ /* Hmm, look upwards, until we find one that doesn't
+ * work */
+ for (;; p++)
+ if (prctl(PR_CAPBSET_READ, p+1) < 0)
+ break;
+ }
+
+ saved = p;
+ valid = true;
+
+ return p;
}
diff --cc src/util.h
index 89a7bec,a71a297..1db82f8
--- a/src/util.h
+++ b/src/util.h
@@@ -513,6 -506,6 +513,8 @@@ extern char **saved_argv
bool kexec_loaded(void);
+int prot_from_flags(int flags);
+
+ unsigned long cap_last_cap(void);
+
#endif
commit 64685e0cea62b4937f0804e47ce2cb7929f58223
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 22:30:31 2011 +0200
util: properly detect what the last capability is
diff --git a/src/execute.c b/src/execute.c
index 53e7e77..866e8bf 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -895,12 +895,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) {
}
}
- for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
+ for (i = 0; i <= cap_last_cap(); i++)
if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
if (prctl(PR_CAPBSET_DROP, i) < 0) {
- if (errno == EINVAL)
- break;
-
r = -errno;
goto finish;
}
@@ -1720,7 +1717,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
unsigned long l;
fprintf(f, "%sCapabilityBoundingSet:", prefix);
- for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
+ for (l = 0; l <= cap_last_cap(); l++)
if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
char *t;
diff --git a/src/nspawn.c b/src/nspawn.c
index 8441c05..653d7db 100644
--- a/src/nspawn.c
+++ b/src/nspawn.c
@@ -361,7 +361,7 @@ static int drop_capabilities(void) {
unsigned long l;
- for (l = 0; l <= MAX(63LU, (unsigned long) CAP_LAST_CAP); l++) {
+ for (l = 0; l <= cap_last_cap(); l++) {
unsigned i;
for (i = 0; i < ELEMENTSOF(retain); i++)
@@ -372,12 +372,6 @@ static int drop_capabilities(void) {
continue;
if (prctl(PR_CAPBSET_DROP, l) < 0) {
-
- /* If this capability is not known, EINVAL
- * will be returned, let's ignore this. */
- if (errno == EINVAL)
- break;
-
log_error("PR_CAPBSET_DROP failed: %m");
return -errno;
}
diff --git a/src/util.c b/src/util.c
index e46606d..e93e6f6 100644
--- a/src/util.c
+++ b/src/util.c
@@ -5703,3 +5703,36 @@ int strdup_or_null(const char *a, char **b) {
*b = c;
return 0;
}
+
+unsigned long cap_last_cap(void) {
+ static __thread unsigned long saved;
+ static __thread bool valid = false;
+ unsigned long p;
+
+ if (valid)
+ return saved;
+
+ p = (unsigned long) CAP_LAST_CAP;
+
+ if (prctl(PR_CAPBSET_READ, p) < 0) {
+
+ /* Hmm, look downwards, until we find one that
+ * works */
+ for (p--; p > 0; p --)
+ if (prctl(PR_CAPBSET_READ, p) >= 0)
+ break;
+
+ } else {
+
+ /* Hmm, look upwards, until we find one that doesn't
+ * work */
+ for (;; p++)
+ if (prctl(PR_CAPBSET_READ, p+1) < 0)
+ break;
+ }
+
+ saved = p;
+ valid = true;
+
+ return p;
+}
diff --git a/src/util.h b/src/util.h
index ccbe8a3..a71a297 100644
--- a/src/util.h
+++ b/src/util.h
@@ -506,4 +506,6 @@ extern char **saved_argv;
bool kexec_loaded(void);
+unsigned long cap_last_cap(void);
+
#endif
commit d2134abdd5a21bb7e4b307f403d890901628fcf9
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 20:46:56 2011 +0200
build-sys: bump release for v37
diff --git a/Makefile.am b/Makefile.am
index 3a98c5b..dabe32a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,7 +20,7 @@ ACLOCAL_AMFLAGS = -I m4
SUBDIRS = po
LIBSYSTEMD_LOGIN_CURRENT=0
-LIBSYSTEMD_LOGIN_REVISION=5
+LIBSYSTEMD_LOGIN_REVISION=6
LIBSYSTEMD_LOGIN_AGE=0
LIBSYSTEMD_DAEMON_CURRENT=0
diff --git a/configure.ac b/configure.ac
index 18dc3fe..0ec6f69 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,7 +17,7 @@
AC_PREREQ(2.63)
-AC_INIT([systemd],[36],[systemd-devel at lists.freedesktop.org])
+AC_INIT([systemd],[37],[systemd-devel at lists.freedesktop.org])
AC_CONFIG_SRCDIR([src/main.c])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h])
commit 1835f23c2a53e632959270e79dbf3143874e6111
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 20:21:06 2011 +0200
service: don't try to guess PID for SysV services anymore
As it turns out there are quite a number of SysV services too broken to
make the guessing work: instead of returning in the parent only after
the child is fully initialized they return immediately. The effect is
that the guessing in systemd might happen too early, at a time where the
final main process doesn't exist yet.
By turning this off we won't try to detect the main pid anymore, with
the effect that all processes of the service in question are considered
equally likely to be the main process.
diff --git a/src/service.c b/src/service.c
index c2053ce..e64d289 100644
--- a/src/service.c
+++ b/src/service.c
@@ -829,6 +829,7 @@ static int service_load_sysv_path(Service *s, const char *path) {
/* Special setting for all SysV services */
s->type = SERVICE_FORKING;
s->remain_after_exit = !s->pid_file;
+ s->guess_main_pid = false;
s->restart = SERVICE_RESTART_NO;
if (s->meta.manager->sysv_console)
commit c70ac211b486c70271e265d142f3b73e323faf6e
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 20:20:01 2011 +0200
localed: make sure s-s-k doesn't create any X11 config files anymore
diff --git a/src/localed.c b/src/localed.c
index e627c3a..c6b48de 100644
--- a/src/localed.c
+++ b/src/localed.c
@@ -574,6 +574,10 @@ static int write_data_x11(void) {
#ifdef TARGET_FEDORA
unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
+
+ /* Symlink this to /dev/null, so that s-s-k (if it is
+ * still running) doesn't recreate this. */
+ symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
#endif
if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
@@ -619,6 +623,10 @@ static int write_data_x11(void) {
#ifdef TARGET_FEDORA
unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
+
+ /* Symlink this to /dev/null, so that s-s-k (if it is
+ * still running) doesn't recreate this. */
+ symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
#endif
r = 0;
commit 30fa6468353443318500c1783f5b1b164a32de0b
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 11 12:34:14 2011 +0200
localed: shorten generate-kbd-model-map
Output is identical.
diff --git a/src/generate-kbd-model-map b/src/generate-kbd-model-map
index 4fcf785..624c517 100755
--- a/src/generate-kbd-model-map
+++ b/src/generate-kbd-model-map
@@ -1,49 +1,33 @@
#!/usr/bin/python
-import system_config_keyboard.keyboard_models, sys
+import sys
+import system_config_keyboard.keyboard_models
def strdash(s):
- r = s.strip()
-
- if r == "":
- return "-"
-
- return r
-
-def tab_extend(s, n = 1):
+ return s.strip() or '-'
+def tab_extend(s, n=1):
s = strdash(s)
- k = len(s) / 8
+ k = len(s) // 8
if k >= n:
f = 1
else:
f = n - k
- for x in range(0, f):
- s = s + "\t"
-
- return s
-
+ return s + '\t'*f
models = system_config_keyboard.keyboard_models.KeyboardModels().get_models()
print "# Generated from system-config-keyboard's model list"
-
print "# consolelayout\t\txlayout\txmodel\t\txvariant\txoptions"
-k = models.keys()
-
-k.reverse()
-
-for key in k:
- value = models[key]
-
- options = value[4]
- if len(options) > 0:
- options = "terminate:ctrl_alt_bksp," + options
- else:
- options = "terminate:ctrl_alt_bksp"
+for key, value in reversed(models.items()):
+ options = "terminate:ctrl_alt_bksp"
+ if value[4]:
+ options += ',' + value[4]
- print "%s%s%s%s%s" % (tab_extend(key, 3), tab_extend(value[1]), tab_extend(value[2], 2), tab_extend(value[3], 2), options)
+ print ''.join((tab_extend(key, 3), tab_extend(value[1]),
+ tab_extend(value[2], 2), tab_extend(value[3], 2),
+ options))
commit adda7d8b9715a5090d9189144828ef4d3f51348c
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 11 11:27:06 2011 +0200
pager: add _noreturn_ to pager_fallback()
src/pager.c: In function ‘pager_fallback’:
src/pager.c:35:13: warning: function might be possible candidate for attribute ‘noreturn’ [-Wmissing-noreturn]
diff --git a/src/pager.c b/src/pager.c
index 6e2bb49..3fc8182 100644
--- a/src/pager.c
+++ b/src/pager.c
@@ -32,7 +32,7 @@
static pid_t pager_pid = 0;
-static void pager_fallback(void) {
+_noreturn_ static void pager_fallback(void) {
ssize_t n;
do {
n = splice(STDIN_FILENO, NULL, STDOUT_FILENO, NULL, 64*1024, 0);
commit 62590f23c14d06e33bb1712a5e3cf04f12f189cb
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 15:16:52 2011 +0200
unit: introduce ConditionCapability
diff --git a/TODO b/TODO
index 99e026e..9149018 100644
--- a/TODO
+++ b/TODO
@@ -19,7 +19,7 @@ Bugfixes:
Features:
-* ConditionCapability=
+* unset container= in PID1?
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
for every user in /run/user/$USER with a configured maximum size
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index e47c146..897f99f 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -673,6 +673,7 @@
<term><varname>ConditionKernelCommandLine=</varname></term>
<term><varname>ConditionVirtualization=</varname></term>
<term><varname>ConditionSecurity=</varname></term>
+ <term><varname>ConditionCapability=</varname></term>
<term><varname>ConditionNull=</varname></term>
<listitem><para>Before starting a unit
@@ -749,9 +750,9 @@
value to check if being executed in
any virtualized environment, or one of
<varname>vm</varname> and
- <varname>container</varname> to test against
- a specific type of virtualization
- solution, or one of
+ <varname>container</varname> to test
+ against a specific type of
+ virtualization solution, or one of
<varname>qemu</varname>,
<varname>kvm</varname>,
<varname>vmware</varname>,
@@ -775,7 +776,19 @@
system. Currently the only recognized
value is <varname>selinux</varname>.
The test may be negated by prepending
- an exclamation mark. Finally,
+ an exclamation
+ mark. <varname>ConditionCapability=</varname>
+ may be used to check whether the given
+ capability exists in the capability
+ bounding set of the service manager
+ (i.e. this does not check whether
+ capability is actually available in
+ the permitted or effective sets, see
+ <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details). Pass a capability name
+ such as <literal>CAP_MKNOD</literal>,
+ possibly prefixed with an exclamation
+ mark to negate the check. Finally,
<varname>ConditionNull=</varname> may
be used to add a constant condition
check value to the unit. It takes a
@@ -932,7 +945,8 @@
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>
diff --git a/src/condition.c b/src/condition.c
index 07624c8..f18c454 100644
--- a/src/condition.c
+++ b/src/condition.c
@@ -23,6 +23,7 @@
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <sys/capability.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
@@ -159,6 +160,36 @@ static bool test_security(const char *parameter) {
return false;
}
+static bool test_capability(const char *parameter) {
+ cap_value_t value;
+ FILE *f;
+ char line[LINE_MAX];
+ unsigned long long capabilities = (unsigned long long) -1;
+
+ /* If it's an invalid capability, we don't have it */
+
+ if (cap_from_name(parameter, &value) < 0)
+ return false;
+
+ /* If it's a valid capability we default to assume
+ * that we have it */
+
+ f = fopen("/proc/self/status", "re");
+ if (!f)
+ return true;
+
+ while (fgets(line, sizeof(line), f)) {
+ truncate_nl(line);
+
+ if (startswith(line, "CapBnd:")) {
+ (void) sscanf(line+7, "%llx", &capabilities);
+ break;
+ }
+ }
+
+ return !!(capabilities & (1ULL << value));
+}
+
bool condition_test(Condition *c) {
assert(c);
@@ -214,6 +245,9 @@ bool condition_test(Condition *c) {
case CONDITION_SECURITY:
return test_security(c->parameter) == !c->negate;
+ case CONDITION_CAPABILITY:
+ return test_capability(c->parameter) == !c->negate;
+
case CONDITION_NULL:
return !c->negate;
diff --git a/src/condition.h b/src/condition.h
index dd65aa6..71b1c67 100644
--- a/src/condition.h
+++ b/src/condition.h
@@ -37,6 +37,7 @@ typedef enum ConditionType {
CONDITION_KERNEL_COMMAND_LINE,
CONDITION_VIRTUALIZATION,
CONDITION_SECURITY,
+ CONDITION_CAPABILITY,
CONDITION_NULL,
_CONDITION_TYPE_MAX,
_CONDITION_TYPE_INVALID = -1
diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4
index 7749b88..41797d2 100644
--- a/src/load-fragment-gperf.gperf.m4
+++ b/src/load-fragment-gperf.gperf.m4
@@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable, config_parse_unit_condition_path, CONDITION_F
Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0
Unit.ConditionVirtualization, config_parse_unit_condition_string, CONDITION_VIRTUALIZATION, 0
Unit.ConditionSecurity, config_parse_unit_condition_string, CONDITION_SECURITY, 0
+Unit.ConditionCapability, config_parse_unit_condition_string, CONDITION_CAPABILITY, 0
Unit.ConditionNull, config_parse_unit_condition_null, 0, 0
m4_dnl
Service.PIDFile, config_parse_unit_path_printf, 0, offsetof(Service, pid_file)
commit 822b18599d1c9465449c7111fe7e7b86fbf44a57
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 14:26:20 2011 +0200
units: forgot target units
diff --git a/units/local-fs-pre.target b/units/local-fs-pre.target
new file mode 100644
index 0000000..11e67ba
--- /dev/null
+++ b/units/local-fs-pre.target
@@ -0,0 +1,11 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# See systemd.special(7) for details
+
+[Unit]
+Description=Local File Systems (Pre)
diff --git a/units/remote-fs-pre.target b/units/remote-fs-pre.target
new file mode 100644
index 0000000..5406aa2
--- /dev/null
+++ b/units/remote-fs-pre.target
@@ -0,0 +1,15 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# See systemd.special(7) for details
+
+[Unit]
+Description=Remote File Systems (Pre)
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
commit f84aea434f2b014716ce9067f0af4db24a91a7c4
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 04:43:29 2011 +0200
units: increase LimitNOFILE a bit
since we need one fd per session (for logind) and one fd per service
(for stdout-syslog-bridge) increase the default rlimit a bit.
diff --git a/TODO b/TODO
index 779d1a3..99e026e 100644
--- a/TODO
+++ b/TODO
@@ -26,8 +26,6 @@ Features:
* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max
-* increase RLIMIT_NOFILE for logind, logger by default
-
* add an option to make mounts private/shareable and so on, enable this for root by default
* internal restart counter for units (focus on auto-respawn)
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 82a2c6a..4241b8b 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -16,3 +16,7 @@ Type=dbus
BusName=org.freedesktop.login1
CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER
StandardOutput=syslog
+
+# Increase the default a bit in order to allow many simultaneous
+# logins since we keep one fd open per session.
+LimitNOFILE=16384
diff --git a/units/systemd-stdout-syslog-bridge.service.in b/units/systemd-stdout-syslog-bridge.service.in
index 23a5137..4626145 100644
--- a/units/systemd-stdout-syslog-bridge.service.in
+++ b/units/systemd-stdout-syslog-bridge.service.in
@@ -18,3 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-stdout-syslog-bridge
NotifyAccess=all
StandardOutput=null
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID
+
+# Increase the default a bit in order to allow many simultaneous
+# services being run since we keep one fd open per service.
+LimitNOFILE=16384
commit 688c56ff7d124124007761f917a2950364509043
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 04:43:01 2011 +0200
logind: fail gracefully if too many sessions are created
https://bugzilla.redhat.com/show_bug.cgi?id=744726
diff --git a/TODO b/TODO
index aa51332..779d1a3 100644
--- a/TODO
+++ b/TODO
@@ -17,14 +17,10 @@ Bugfixes:
* make polkit checks async
-* fail gracefully if logind reaches it RLIMIT_NFILES for fifos
-
Features:
* ConditionCapability=
-* read fedora style timezone name config for compat
-
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
for every user in /run/user/$USER with a configured maximum size
diff --git a/src/logind-dbus.c b/src/logind-dbus.c
index bc1e49d..0550d1b 100644
--- a/src/logind-dbus.c
+++ b/src/logind-dbus.c
@@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler(
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) {
r = bus_manager_create_session(m, message, &reply);
- if (r == -ENOMEM)
- goto oom;
+
+ /* Don't delay the work on OOM here, since it might be
+ * triggered by a low RLIMIT_NOFILE here (since we
+ * send a dupped fd to the client), and we'd rather
+ * see this fail quickly then be retried later */
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
commit a724d2ed799a8985193ba70c5c3e76f621815e10
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 04:23:35 2011 +0200
timedate: fall back to /etc/sysconfig/clock on Fedora, for compatibility with legacy
diff --git a/TODO b/TODO
index f662104..aa51332 100644
--- a/TODO
+++ b/TODO
@@ -17,21 +17,17 @@ Bugfixes:
* make polkit checks async
-* logind is leaking fifos?
+* fail gracefully if logind reaches it RLIMIT_NFILES for fifos
Features:
* ConditionCapability=
-* order network mounts after network-fs-ready.target or so
-
* read fedora style timezone name config for compat
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
for every user in /run/user/$USER with a configured maximum size
-* bind mounts should be ordered after remount-root-fs.service
-
* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max
* increase RLIMIT_NOFILE for logind, logger by default
diff --git a/src/timedated.c b/src/timedated.c
index f6fe2d8..16f54b5 100644
--- a/src/timedated.c
+++ b/src/timedated.c
@@ -170,8 +170,24 @@ static int read_data(void) {
free_data();
r = read_one_line_file("/etc/timezone", &zone);
- if (r < 0 && r != -ENOENT)
- return r;
+ if (r < 0) {
+ if (r != -ENOENT)
+ log_warning("Failed to read /etc/timezone: %s", strerror(-r));
+
+#ifdef TARGET_FEDORA
+ r = parse_env_file("/etc/sysconfig/clock", NEWLINE,
+ "ZONE", &zone,
+ NULL);
+
+ if (r < 0 && r != -ENOENT)
+ log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r));
+#endif
+ }
+
+ if (isempty(zone)) {
+ free(zone);
+ zone = NULL;
+ }
verify_timezone();
commit 8266f984df0b069a345bf959628bac70877ce5e1
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 03:41:04 2011 +0200
units: remount root and API FS before all mount units are applied
In order to ensure that bind mounts copy the final mount settings to the
new bind mount make the root and API FS mount options are applied before
the other file systems are mounted.
https://bugzilla.redhat.com/show_bug.cgi?id=718464
diff --git a/units/remount-rootfs.service b/units/remount-rootfs.service
index e95023f..89a16c8 100644
--- a/units/remount-rootfs.service
+++ b/units/remount-rootfs.service
@@ -10,7 +10,8 @@ Description=Remount Root FS
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service fsck-root.service
-Before=local-fs.target shutdown.target
+Before=local-fs-pre.target local-fs.target shutdown.target
+Wants=local-fs-pre.target
[Service]
Type=oneshot
diff --git a/units/systemd-remount-api-vfs.service.in b/units/systemd-remount-api-vfs.service.in
index 2ccbe23..6339ee6 100644
--- a/units/systemd-remount-api-vfs.service.in
+++ b/units/systemd-remount-api-vfs.service.in
@@ -10,7 +10,8 @@ Description=Remount API VFS
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service
-Before=local-fs.target shutdown.target
+Before=local-fs-pre.target local-fs.target shutdown.target
+Wants=local-fs-pre.target
[Service]
Type=oneshot
commit 21e557edcc1894ce4eeb70b71ca16e82e95bc0df
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 03:33:53 2011 +0200
units: introduce local-fs-pre.target and remote-fs-pre.target
This hook target enables services to order themselves between
network.target and remote mounts, which is needed for GFS2 and similar
systems.
diff --git a/Makefile.am b/Makefile.am
index f4a17aa..3a98c5b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -337,7 +337,9 @@ dist_systemunit_DATA = \
units/halt.target \
units/kexec.target \
units/local-fs.target \
+ units/local-fs-pre.target \
units/remote-fs.target \
+ units/remote-fs-pre.target \
units/cryptsetup.target \
units/network.target \
units/nss-lookup.target \
diff --git a/man/systemd.special.xml.in b/man/systemd.special.xml.in
index 2187540..116a43c 100644
--- a/man/systemd.special.xml.in
+++ b/man/systemd.special.xml.in
@@ -59,6 +59,7 @@
<filename>halt.target</filename>,
<filename>kbrequest.target</filename>,
<filename>local-fs.target</filename>,
+ <filename>local-fs-pre.target</filename>,
<filename>mail-transfer-agent.target</filename>,
<filename>multi-user.target</filename>,
<filename>network.target</filename>,
@@ -66,6 +67,7 @@
<filename>poweroff.target</filename>,
<filename>reboot.target</filename>,
<filename>remote-fs.target</filename>,
+ <filename>remote-fs-pre.target</filename>,
<filename>rescue.target</filename>,
<filename>rpcbind.target</filename>,
<filename>runlevel2.target</filename>,
@@ -261,6 +263,18 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><filename>local-fs-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is
+ automatically ordered before
+ all local mount points marked
+ with <option>auto</option>
+ (see above). It can be used to
+ execute certain units before
+ all local mounts.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><filename>mail-transfer-agent.target</filename></term>
<listitem>
<para>The mail transfer agent
@@ -374,6 +388,18 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><filename>remote-fs-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is
+ automatically ordered before
+ all remote mount points marked
+ with <option>auto</option>
+ (see above). It can be used to
+ execute certain units before
+ all remote mounts.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><filename>rescue.target</filename></term>
<listitem>
<para>A special target unit
diff --git a/src/mount.c b/src/mount.c
index 2fc799a..ef953f0 100644
--- a/src/mount.c
+++ b/src/mount.c
@@ -357,9 +357,11 @@ static int mount_add_fstab_links(Mount *m) {
if (mount_is_network(p)) {
target = SPECIAL_REMOTE_FS_TARGET;
- after = SPECIAL_NETWORK_TARGET;
- } else
+ after = SPECIAL_REMOTE_FS_PRE_TARGET;
+ } else {
target = SPECIAL_LOCAL_FS_TARGET;
+ after = SPECIAL_LOCAL_FS_PRE_TARGET;
+ }
if (!path_equal(m->where, "/"))
if ((r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true)) < 0)
diff --git a/src/special.h b/src/special.h
index 614e53c..3fe34c9 100644
--- a/src/special.h
+++ b/src/special.h
@@ -45,7 +45,9 @@
#define SPECIAL_SYSINIT_TARGET "sysinit.target"
#define SPECIAL_SOCKETS_TARGET "sockets.target"
#define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */
+#define SPECIAL_LOCAL_FS_PRE_TARGET "local-fs-pre.target"
#define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */
+#define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target"
#define SPECIAL_SWAP_TARGET "swap.target"
#define SPECIAL_BASIC_TARGET "basic.target"
commit 80cc5aeebaf5be112050e851491b13ff7c60ad72
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Sep 20 09:09:15 2011 +0200
l10n: Reword the polish translation a bit
s/siedzenie/stanowisko/: they both translate to seat in English, but 'stanowisko'
is a place where you work, while 'siedzenie' is like a chair.
s/podłączanie/podłączenie/: we are doing it now, now sometime in the future.
diff --git a/po/pl.po b/po/pl.po
index 52a21c8..3816864 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -53,7 +53,7 @@ msgstr "Ustawienie lokalizacji systemu"
#: ../src/org.freedesktop.login1.policy.in.h:1
msgid "Allow attaching devices to seats"
-msgstr "Zezwolenie na podłączanie urządzeń do siedzeń"
+msgstr "Zezwolenie na podłączanie urządzeń do stanowisk"
#: ../src/org.freedesktop.login1.policy.in.h:2
msgid "Allow non-logged-in users to run programs"
@@ -69,8 +69,8 @@ msgstr ""
#: ../src/org.freedesktop.login1.policy.in.h:4
msgid "Authentication is required to allow attaching a device to a seat"
msgstr ""
-"Wymagane jest uwierzytelnienie, aby zezwolić na podłączanie urządzeń do "
-"siedzeń"
+"Wymagane jest uwierzytelnienie, aby zezwolić na podłączenie urządzenia do "
+"stanowiska"
#: ../src/org.freedesktop.login1.policy.in.h:5
msgid "Authentication is required to allow powering off the system"
@@ -103,11 +103,11 @@ msgid ""
"seats"
msgstr ""
"Wymagane jest uwierzytelnienie, aby zezwolić na ponowne ustawianie sposobu "
-"podłączenia urządzeń do siedzeń"
+"podłączenia urządzeń do stanowisk"
#: ../src/org.freedesktop.login1.policy.in.h:10
msgid "Flush device to seat attachments"
-msgstr "Czyszczenie podłączeń urządzeń do siedzeń"
+msgstr "Usunięcie podłączenia urządzeń do stanowisk"
#: ../src/org.freedesktop.login1.policy.in.h:11
msgid "Power off the system"
commit 7e13bea0e1c0c4fd5175245e9348532d0f307618
Author: Ran Benita <ran234 at gmail.com>
Date: Sat Sep 24 12:04:16 2011 +0300
man: document list-unit-files
It's documented in the --help, but not in the manpage.
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 2ea6fe9..5adee45 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -603,6 +603,13 @@
</varlistentry>
<varlistentry>
+ <term><command>list-unit-files</command></term>
+
+ <listitem><para>List installed unit files.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>enable [NAME...]</command></term>
<listitem><para>Enable one or more
commit e8fbe35df8e498ce4dc3d9f1010755538e041cf3
Author: Dave Reisner <d at falconindy.com>
Date: Mon Sep 26 09:25:27 2011 -0400
sd-login.h: correct spelling mistakes in comments
diff --git a/src/sd-login.h b/src/sd-login.h
index 7102eb8..0cb0bf0 100644
--- a/src/sd-login.h
+++ b/src/sd-login.h
@@ -83,7 +83,7 @@ int sd_session_get_seat(const char *session, char **seat);
int sd_seat_get_active(const char *seat, char **session, uid_t *uid);
/* Return sessions and users on seat. Returns number of sessions as
- * return value. If sessions is NULL returs only the number of
+ * return value. If sessions is NULL returns only the number of
* sessions. */
int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uid, unsigned *n_uids);
@@ -94,7 +94,7 @@ int sd_seat_can_multi_session(const char *seat);
* seats is NULL only returns number of seats. */
int sd_get_seats(char ***seats);
-/* Get all sessions, store in *seessions. Returns the number of
+/* Get all sessions, store in *sessions. Returns the number of
* sessions. If sessions is NULL only returns number of sessions. */
int sd_get_sessions(char ***sessions);
commit b5dc29c079bd8dbeb5cb86e6b1a5906bfeb49e90
Author: Miklos Vajna <vmiklos at frugalware.org>
Date: Tue Sep 27 20:45:51 2011 +0200
hostname-setup: Frugalware switched to /etc/hostname
diff --git a/src/hostname-setup.c b/src/hostname-setup.c
index 57db9fb..7216b75 100644
--- a/src/hostname-setup.c
+++ b/src/hostname-setup.c
@@ -32,7 +32,7 @@
#if defined(TARGET_FEDORA) || defined(TARGET_ALTLINUX) || defined(TARGET_MANDRIVA) || defined(TARGET_MEEGO)
#define FILENAME "/etc/sysconfig/network"
-#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE)
+#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)
#define FILENAME "/etc/HOSTNAME"
#elif defined(TARGET_ARCH)
#define FILENAME "/etc/rc.conf"
@@ -114,7 +114,7 @@ finish:
fclose(f);
return r;
-#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE)
+#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)
return read_and_strip_hostname(FILENAME, hn);
#else
return -ENOENT;
commit 53273a6aefeb27f62c439e25f28c26859023c7df
Author: Paolo Bonzini <bonzini at gnu.org>
Date: Tue Oct 11 01:43:58 2011 +0200
readahead: lower max file size for readahead
https://bugs.freedesktop.org/show_bug.cgi?id=41336
diff --git a/src/readahead-common.h b/src/readahead-common.h
index 167df31..9547ad2 100644
--- a/src/readahead-common.h
+++ b/src/readahead-common.h
@@ -27,7 +27,7 @@
#include "macro.h"
-#define READAHEAD_FILE_SIZE_MAX (128*1024*1024)
+#define READAHEAD_FILE_SIZE_MAX (10*1024*1024)
int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st);
commit a70d9a77d9dc9efd2a122ef73095733b6fe6acdf
Author: Barry Scott <barry.scott at onelan.co.uk>
Date: Mon Oct 3 11:50:10 2011 +0100
man: .include directive does not include as textual include it includes by parsing the include file.
This means that section headers must be used inside of
a .include file otherwise all the lines are ignored.
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index bf8de32..e47c146 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -121,8 +121,9 @@
<para>If a line starts with <option>.include</option>
followed by a file name, the specified file will be
- read as if its contents were listed in place of the
- <option>.include</option> directive.</para>
+ parsed at this point. Make sure that the file that is
+ included has the appropiate section headers before
+ any directives.</para>
<para>Along with a unit file
<filename>foo.service</filename> a directory
commit 7734f77373a871ffb755a99b381fd93682052b8c
Author: Barry Scott <barry.scott at onelan.co.uk>
Date: Mon Oct 3 11:50:09 2011 +0100
man: for ExecStart= provide more details on env var substitution and how that turns into arguments.
For EnvironmentFile= explain that double quotes can be used
to protect whitespace.
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 609484b..230c4a3 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -279,6 +279,11 @@
assignments. Empty lines and lines
starting with ; or # will be ignored,
which may be used for commenting. The
+ parser strips leading and
+ trailing whitespace from the values
+ of assignments, unless you use
+ double quotes (").
+ The
argument passed should be an absolute
file name, optionally prefixed with
"-", which indicates that if the file
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 4f11020..7b6f12d 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -311,20 +311,28 @@
main process of the daemon. The
command line accepts % specifiers as
described in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. On
- top of that basic environment variable
- substitution is supported, where
- <literal>${FOO}</literal> is replaced
- by the string value of the environment
- variable of the same name. Also
- <literal>$FOO</literal> may appear as
- separate word on the command line in
- which case the variable is replaced by
- its value split at whitespaces. Note
- that the first argument (i.e. the
- binary to execute) may not be a
- variable, and must be a literal and
- absolute path name.</para></listitem>
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <para>On top of that basic environment
+ variable substitution is
+ supported. Use
+ <literal>${FOO}</literal> as part of a
+ word, or as word of its own on the
+ command line, in which case it will be
+ replaced by the value of the
+ environment variable including all
+ whitespace it contains, resulting in a
+ single argument. Use
+ <literal>$FOO</literal> as a separate
+ word on the command line, in which
+ case it will be replaced by the value
+ of the environment variable split up
+ at whitespace, resulting in no or more
+ arguments. Note that the first
+ argument (i.e. the program to execute)
+ may not be a variable, and must be a
+ literal and absolute path
+ name.</para></listitem>
</varlistentry>
<varlistentry>
commit effe639c6a66123a7c6626cb9129f6bcbb41b3ae
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Oct 11 01:00:08 2011 +0200
update TODO
diff --git a/TODO b/TODO
index 2d1cde5..f662104 100644
--- a/TODO
+++ b/TODO
@@ -20,6 +20,13 @@ Bugfixes:
* logind is leaking fifos?
Features:
+
+* ConditionCapability=
+
+* order network mounts after network-fs-ready.target or so
+
+* read fedora style timezone name config for compat
+
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
for every user in /run/user/$USER with a configured maximum size
commit 678abaf91e2308f02fb679c2dc2679a3b6a5b8be
Author: Thomas Jarosch <thomas.jarosch at intra2net.com>
Date: Wed Oct 5 22:31:41 2011 +0200
util: fix close() call on wrong variable
Detected by "cppcheck" (actually it detected a file descriptor leak)
diff --git a/src/util.c b/src/util.c
index 7977ee4..e46606d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -2307,8 +2307,10 @@ int chvt(int vt) {
0
};
- if (ioctl(fd, TIOCLINUX, tiocl) < 0)
- return -errno;
+ if (ioctl(fd, TIOCLINUX, tiocl) < 0) {
+ r = -errno;
+ goto fail;
+ }
vt = tiocl[0] <= 0 ? 1 : tiocl[0];
}
@@ -2316,7 +2318,8 @@ int chvt(int vt) {
if (ioctl(fd, VT_ACTIVATE, vt) < 0)
r = -errno;
- close_nointr_nofail(r);
+fail:
+ close_nointr_nofail(fd);
return r;
}
commit 10d975f54c88223fb8762a226fd011ec3f30f2eb
Author: Thomas Jarosch <thomas.jarosch at intra2net.com>
Date: Wed Oct 5 22:30:49 2011 +0200
tmpfiles: fix file descriptor leak
Detected by "cppcheck"
diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index a6b8f85..21bf44d 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -157,6 +157,7 @@ static void load_unix_sockets(void) {
}
}
+ fclose(f);
return;
fail:
commit 65c0cf7108ae3537a357c74b4586a783baba82f9
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Oct 10 22:22:47 2011 +0200
update TODO
diff --git a/TODO b/TODO
index e08097c..2d1cde5 100644
--- a/TODO
+++ b/TODO
@@ -17,12 +17,18 @@ Bugfixes:
* make polkit checks async
+* logind is leaking fifos?
+
Features:
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
for every user in /run/user/$USER with a configured maximum size
* bind mounts should be ordered after remount-root-fs.service
+* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max
+
+* increase RLIMIT_NOFILE for logind, logger by default
+
* add an option to make mounts private/shareable and so on, enable this for root by default
* internal restart counter for units (focus on auto-respawn)
commit e5396fed3f33cb80699561b55090dc3ba7c95de8
Author: Kay Sievers <kay.sievers at vrfy.org>
Date: Sun Oct 9 16:36:45 2011 +0200
test_virtualization: do not try to compare id in !virt context
diff --git a/src/condition.c b/src/condition.c
index e978656..07624c8 100644
--- a/src/condition.c
+++ b/src/condition.c
@@ -148,7 +148,7 @@ static bool test_virtualization(const char *parameter) {
return true;
/* Finally compare id */
- return streq(parameter, id);
+ return v > 0 && streq(parameter, id);
}
static bool test_security(const char *parameter) {
commit b011116d1829bde044a638cbabfb070a7e0e8fa7
Author: Kay Sievers <kay.sievers at vrfy.org>
Date: Sun Oct 9 15:54:20 2011 +0200
update TODO
diff --git a/TODO b/TODO
index efe27bb..e08097c 100644
--- a/TODO
+++ b/TODO
@@ -18,6 +18,8 @@ Bugfixes:
* make polkit checks async
Features:
+* if we can not get user quota for tmpfs, mount a separate tmpfs instance
+ for every user in /run/user/$USER with a configured maximum size
* bind mounts should be ordered after remount-root-fs.service
More information about the systemd-commits
mailing list