[systemd-commits] 4 commits - TODO src/machine-id-setup.c src/main.c src/manager.c src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Apr 11 04:20:48 PDT 2012
TODO | 9 ---------
src/machine-id-setup.c | 19 ++++++++-----------
src/main.c | 20 +++++++++++++++-----
src/manager.c | 20 +++++++++++++++++++-
src/shared/strv.c | 25 +++++++++++++++++++++++++
src/shared/strv.h | 1 +
src/shared/util.c | 18 ------------------
src/shared/util.h | 2 --
8 files changed, 68 insertions(+), 46 deletions(-)
New commits:
commit 9543ad166338a7bef8718070f11465df4b9badd7
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 11 13:19:26 2012 +0200
main: unset some bash specific environment variables that might get leaked to us
https://bugzilla.redhat.com/show_bug.cgi?id=811537
diff --git a/src/main.c b/src/main.c
index a0bcbdf..6656cb4 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1343,6 +1343,12 @@ int main(int argc, char *argv[]) {
unsetenv("HOME");
unsetenv("TERM");
+ /* When we are invoked by a shell, these might be set,
+ * but make little sense to pass on */
+ unsetenv("PWD");
+ unsetenv("SHLVL");
+ unsetenv("_");
+
/* All other variables are left as is, so that clients
* can still read them via /proc/1/environ */
}
commit 71ecc858fa91a686a050bee51804d43865ce1acc
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 11 12:56:51 2012 +0200
main: drop container/initrd env vars from inherited set
Leave the env vars used in the container/initrd logic set for PID1, but
don't inherit them to any children.
diff --git a/TODO b/TODO
index 0bd1259..5903513 100644
--- a/TODO
+++ b/TODO
@@ -48,8 +48,6 @@ Features:
* journal: if mmap() fails for mapping window try to unmap a a few older maps
-* add flag file for shutdownd so that clients can check whether a shutdown is queued
-
* dbus upstream still refers to dbus.target and shouldn't
* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting
@@ -65,10 +63,6 @@ Features:
* Add ConditionReadWriteFileSystem= so that systemd-sysctl doesn't get executed when /proc/sys is read-only
-* unset container= and container_uuid= for child processes
-
-* when bind mounting /etc/machine-id, do so from /run/machine-id
-
* introduce mix of BindTo and Requisite
* journalctl: show multiline log messages sanely, expand tabs, and show all valid utf8 messages
@@ -172,8 +166,6 @@ Features:
* as Tom Gundersen pointed out there's a always a dep loop if people use crypto file systems with random keys
-* unset container=, container_uuid= in PID1?
-
* automatically escape unit names passed on the service (i.e. think "systemctl start serial-getty.service at serial/by-path/jshdfjsdfhkjh" being automatically escaped as necessary.
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
@@ -317,7 +309,6 @@ Features:
External:
* dbus:
- - get process transport into dbus for systemctl -P/-H (PENDING)
- dbus --user
- natively watch for dbus-*.service symlinks (PENDING)
- allow specification of socket mode/umask when allocating DBusServer
diff --git a/src/main.c b/src/main.c
index 589d9f0..a0bcbdf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1333,9 +1333,10 @@ int main(int argc, char *argv[]) {
arg_running_as == MANAGER_SYSTEM);
if (arg_running_as == MANAGER_SYSTEM) {
- /* Parse the data passed to us by the initrd and unset it */
+ /* Parse the data passed to us. We leave this
+ * variables set, but the manager later on will not
+ * pass them on to our children. */
parse_initrd_timestamp(&initrd_timestamp);
- filter_environ("RD_");
/* Unset some environment variables passed in from the
* kernel that don't really make sense for us. */
diff --git a/src/manager.c b/src/manager.c
index 971990b..312527a 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -221,6 +221,21 @@ static int manager_setup_signals(Manager *m) {
return 0;
}
+static void manager_strip_environment(Manager *m) {
+ assert(m);
+
+ /* Remove variables from the inherited set that are part of
+ * the container interface:
+ * http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface */
+ strv_remove_prefix(m->environment, "container=");
+ strv_remove_prefix(m->environment, "container_");
+
+ /* Remove variables from the inherited set that are part of
+ * the initrd interface:
+ * http://www.freedesktop.org/wiki/Software/systemd/InitrdInterface */
+ strv_remove_prefix(m->environment, "RD_");
+}
+
int manager_new(ManagerRunningAs running_as, Manager **_m) {
Manager *m;
int r = -ENOMEM;
@@ -246,9 +261,12 @@ int manager_new(ManagerRunningAs running_as, Manager **_m) {
m->signal_watch.fd = m->mount_watch.fd = m->udev_watch.fd = m->epoll_fd = m->dev_autofs_fd = m->swap_watch.fd = -1;
m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
- if (!(m->environment = strv_copy(environ)))
+ m->environment = strv_copy(environ);
+ if (!m->environment)
goto fail;
+ manager_strip_environment(m);
+
if (running_as == MANAGER_SYSTEM) {
m->default_controllers = strv_new("cpu", NULL);
if (!m->default_controllers)
diff --git a/src/shared/strv.c b/src/shared/strv.c
index bb309d9..f61680d 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -386,6 +386,31 @@ char **strv_remove(char **l, const char *s) {
return l;
}
+char **strv_remove_prefix(char **l, const char *s) {
+ char **f, **t;
+
+ if (!l)
+ return NULL;
+
+ assert(s);
+
+ /* Drops every occurrence of a string prefixed with s in the
+ * string list, edits in-place. */
+
+ for (f = t = l; *f; f++) {
+
+ if (startswith(*f, s)) {
+ free(*f);
+ continue;
+ }
+
+ *(t++) = *f;
+ }
+
+ *t = NULL;
+ return l;
+}
+
static int env_append(char **r, char ***k, char **a) {
assert(r);
assert(k);
diff --git a/src/shared/strv.h b/src/shared/strv.h
index d038c9f..9becf9b 100644
--- a/src/shared/strv.h
+++ b/src/shared/strv.h
@@ -39,6 +39,7 @@ char **strv_merge_concat(char **a, char **b, const char *suffix);
char **strv_append(char **l, const char *s);
char **strv_remove(char **l, const char *s);
+char **strv_remove_prefix(char **l, const char *s);
char **strv_uniq(char **l);
#define strv_contains(l, s) (!!strv_find((l), (s)))
diff --git a/src/shared/util.c b/src/shared/util.c
index fef58d5..73e0a29 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -4276,24 +4276,6 @@ char *fstab_node_to_udev_node(const char *p) {
return strdup(p);
}
-void filter_environ(const char *prefix) {
- int i, j;
- assert(prefix);
-
- if (!environ)
- return;
-
- for (i = 0, j = 0; environ[i]; i++) {
-
- if (startswith(environ[i], prefix))
- continue;
-
- environ[j++] = environ[i];
- }
-
- environ[j] = NULL;
-}
-
bool tty_is_vc(const char *tty) {
assert(tty);
diff --git a/src/shared/util.h b/src/shared/util.h
index a45f54d..e0934e5 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -409,8 +409,6 @@ void dual_timestamp_deserialize(const char *value, dual_timestamp *t);
char *fstab_node_to_udev_node(const char *p);
-void filter_environ(const char *prefix);
-
bool tty_is_vc(const char *tty);
bool tty_is_vc_resolve(const char *tty);
int vtnr_from_tty(const char *tty);
commit 6996295f85a0402b8a72d76c1eab02fb8152f81d
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 11 12:49:52 2012 +0200
machine-id: don't delete runtime machine-id, and place it in /run
diff --git a/src/machine-id-setup.c b/src/machine-id-setup.c
index 0ee3cd7..94198cb 100644
--- a/src/machine-id-setup.c
+++ b/src/machine-id-setup.c
@@ -235,28 +235,25 @@ int machine_id_setup(void) {
fd = -1;
/* Hmm, we couldn't write it? So let's write it to
- * /run/systemd/machine-id as a replacement */
-
- mkdir_p("/run/systemd", 0755);
+ * /run/machine-id as a replacement */
m = umask(0022);
- r = write_one_line_file("/run/systemd/machine-id", id);
+ r = write_one_line_file("/run/machine-id", id);
umask(m);
if (r < 0) {
- log_error("Cannot write /run/systemd/machine-id: %s", strerror(-r));
+ log_error("Cannot write /run/machine-id: %s", strerror(-r));
- unlink("/run/systemd/machine-id");
+ unlink("/run/machine-id");
goto finish;
}
/* And now, let's mount it over */
- r = mount("/run/systemd/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
- unlink("/run/systemd/machine-id");
-
- if (r < 0)
+ r = mount("/run/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
+ if (r < 0) {
+ unlink("/run/machine-id");
log_error("Failed to mount /etc/machine-id: %s", strerror(-r));
- else
+ } else
log_info("Installed transient /etc/machine-id file.");
finish:
commit 966a5d37c3405afe105fbdb4209c4de64747e00f
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 11 12:48:27 2012 +0200
main: add URL to cgroups check message
diff --git a/src/main.c b/src/main.c
index 40be2b2..589d9f0 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1097,7 +1097,8 @@ static struct dual_timestamp* parse_initrd_timestamp(struct dual_timestamp *t) {
assert(t);
- if (!(e = getenv("RD_TIMESTAMP")))
+ e = getenv("RD_TIMESTAMP");
+ if (!e)
return NULL;
if (sscanf(e, "%llu %llu", &a, &b) != 2)
@@ -1150,7 +1151,8 @@ static void test_cgroups(void) {
"Systems without control groups are not supported. "
"We will now sleep for 10s, and then continue boot-up. "
"Expect breakage and please do not file bugs. "
- "Instead fix your kernel and enable CONFIG_CGROUPS." );
+ "Instead fix your kernel and enable CONFIG_CGROUPS. "
+ "Consult http://0pointer.de/blog/projects/cgroups-vs-cgroups.html for more information.");
sleep(10);
}
@@ -1311,7 +1313,8 @@ int main(int argc, char *argv[]) {
/* Remember open file descriptors for later deserialization */
if (serialization) {
- if ((r = fdset_new_fill(&fds)) < 0) {
+ r = fdset_new_fill(&fds);
+ if (r < 0) {
log_error("Failed to allocate fd set: %s", strerror(-r));
goto finish;
}
More information about the systemd-commits
mailing list