[systemd-commits] 2 commits - TODO man/systemd.timer.xml src/core src/libsystemd-bus units/systemd-readahead-done.timer
Lennart Poettering
lennart at kemper.freedesktop.org
Thu Nov 21 14:38:06 PST 2013
TODO | 9 ----
man/systemd.timer.xml | 62 ++++++++++++++++++++++++++++--
src/core/dbus-timer.c | 1
src/core/dbus.c | 69 ++++++++++++++++++++++++++++++++++
src/core/load-fragment-gperf.gperf.m4 | 1
src/core/timer.c | 12 +++--
src/core/timer.h | 2
src/libsystemd-bus/sd-bus.c | 2
units/systemd-readahead-done.timer | 1
9 files changed, 142 insertions(+), 17 deletions(-)
New commits:
commit 969987ea93a7fdcd2c87b551eb0adf0bd9338b32
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Nov 21 23:36:51 2013 +0100
bus: restore selinux access control to PID 1 for properties
diff --git a/TODO b/TODO
index 04d92ab..6805fd6 100644
--- a/TODO
+++ b/TODO
@@ -23,7 +23,7 @@ Bugfixes:
Fedora 20:
-* external: ps should gain colums for slice and machine
+* external: ps should gain colums for slice
* localed:
- localectl: support new converted x11→console keymaps
@@ -49,17 +49,12 @@ Features:
* sd-event: allow multiple signal handlers per signal
-* timer: expose accuracy as unit setting
-
* when we detect low battery and no AC on boot, show pretty splash and refuse boot
* move libasyncns into systemd as libsystemd-asyncns
* calendarspec: support value ranges with ".." notation. Example: 2013-4..8-1
-* pid1 porting:
- - restore selinux access control on properties
-
* sd-bus: when triggering property change events, allow a NULL strv indicate that all properties listed as such are send out as changed
* sd-bus: enforce signatures on response messages
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3d8da1e..1cb4d0f 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -42,6 +42,8 @@
#include "bus-errors.h"
#include "strxcpyx.h"
#include "dbus-client-track.h"
+#include "bus-internal.h"
+#include "selinux-access.h"
#define CONNECTIONS_MAX 512
@@ -209,6 +211,67 @@ failed:
return 0;
}
+static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
+ Manager *m = userdata;
+ const char *verb, *path;
+ Unit *u = NULL;
+ Job *j;
+ int r;
+
+ assert(bus);
+ assert(message);
+
+ /* Our own method calls are all protected individually with
+ * selinux checks, but the built-in interfaces need to be
+ * protected too. */
+
+ if (sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Properties", "Set"))
+ verb = "reload";
+ else if (sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Introspectable", NULL) ||
+ sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Properties", NULL) ||
+ sd_bus_message_is_method_call(message, "org.freedesktop.DBus.ObjectManager", NULL) ||
+ sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Peer", NULL))
+ verb = "status";
+ else
+ return 0;
+
+ path = sd_bus_message_get_path(message);
+
+ if (object_path_startswith("/org/freedesktop/systemd1", path)) {
+
+ r = selinux_access_check(bus, message, verb, error);
+ if (r < 0)
+ return r;
+
+ return 0;
+ }
+
+ if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
+ pid_t pid;
+
+ r = sd_bus_get_owner_pid(bus, sd_bus_message_get_sender(message), &pid);
+ if (r < 0)
+ return 0;
+
+ u = manager_get_unit_by_pid(m, pid);
+ } else {
+ r = manager_get_job_from_dbus_path(m, path, &j);
+ if (r >= 0)
+ u = j->unit;
+ else
+ manager_load_unit_from_dbus_path(m, path, NULL, &u);
+ }
+
+ if (!u)
+ return 0;
+
+ r = selinux_unit_access_check(u, bus, message, verb, error);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
static int bus_job_find(sd_bus *bus, const char *path, const char *interface, void **found, void *userdata) {
Manager *m = userdata;
Job *j;
@@ -458,6 +521,12 @@ static int bus_setup_api_vtables(Manager *m, sd_bus *bus) {
assert(m);
assert(bus);
+ r = sd_bus_add_filter(bus, selinux_filter, m);
+ if (r < 0) {
+ log_error("Failed to add SELinux access filter: %s", strerror(-r));
+ return r;
+ }
+
r = sd_bus_add_object_vtable(bus, "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager", bus_manager_vtable, m);
if (r < 0) {
log_error("Failed to register Manager vtable: %s", strerror(-r));
diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index 2604434..4df649c 100644
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -1945,7 +1945,7 @@ static int process_filter(sd_bus *bus, sd_bus_message *m) {
if (r < 0)
return r;
- r = l->callback(bus, m, &error_buffer, l->userdata);
+ r = l->callback(bus, m, l->userdata, &error_buffer);
r = bus_maybe_reply_error(m, r, &error_buffer);
if (r != 0)
return r;
commit 9f5eb56a13dee1085cbf2560ac3afd73f72402cb
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Nov 21 22:07:51 2013 +0100
timer: make timer accuracy configurable
And make it default to 1min
diff --git a/TODO b/TODO
index f84a247..04d92ab 100644
--- a/TODO
+++ b/TODO
@@ -466,8 +466,6 @@ Features:
* deal with sendmail/postfix exclusivity
* timer units:
- - configurable jitter for timer events
- - Adjust timers to be triggered at the same time as sd-event timers
- timer events with system resume
- timer units should get the ability to trigger when:
o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET)
diff --git a/man/systemd.timer.xml b/man/systemd.timer.xml
index 659bc81..484287c 100644
--- a/man/systemd.timer.xml
+++ b/man/systemd.timer.xml
@@ -163,7 +163,14 @@
to any of these options, the list of
timers is reset, and all prior
assignments will have no
- effect.</para></listitem>
+ effect.</para>
+
+ <para>Note that timers are not
+ necessarily expired at the precise
+ time configured with these settings,
+ as they are subject to the
+ <varname>AccuracySec=</varname>
+ setting below.</para></listitem>
</varlistentry>
@@ -171,17 +178,62 @@
<term><varname>OnCalendar=</varname></term>
<listitem><para>Defines realtime
- (i.e. wallclock) timers via calendar
+ (i.e. wallclock) timers with calendar
event expressions. See
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for more information on the syntax of
calendar event expressions. Otherwise
the semantics are similar to
<varname>OnActiveSec=</varname> and
- related settings.</para></listitem>
+ related settings.</para>
+
+ <para>Note that timers are not
+ necessarily expired at the precise
+ time configured with this setting,
+ as it is subject to the
+ <varname>AccuracySec=</varname>
+ setting below.</para></listitem>
</varlistentry>
<varlistentry>
+ <term><varname>AccuracySec=</varname></term>
+
+ <listitem><para>Specify the accuracy
+ the timer shall elapse with. Defaults
+ to 1min. The timer is scheduled to
+ expire within a time window starting
+ with the time specified in
+ <varname>OnCalendar=</varname>,
+ <varname>OnActiveSec=</varname>,
+ <varname>OnBootSec=</varname>,
+ <varname>OnStartupSec=</varname>,
+ <varname>OnUnitActiveSec=</varname> or
+ <varname>OnUnitInactiveSec=</varname>
+ and ending the time configured with
+ <varname>AccuracySec=</varname>
+ later. Within this time window the
+ expiry time will be placed at a
+ host-specific, randomized but stable
+ position, that is synchronized between
+ all local timer units. This is done in
+ order to distribute the wake-up time
+ in networked installations, as well as
+ optimizing power consumption to
+ suppress unnecessary CPU wake-ups. To
+ get best accuracy set this option to
+ 1us. Note that the timer is still
+ subject to the timer slack configured
+ via
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
+ <varname>TimerSlackNSec=</varname>
+ setting. See
+ <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ for details. To optimize power
+ consumption make sure to set this
+ value as high as possible and as low
+ as necessary.</para></listitem>
+ </varlistentry>
+ <varlistentry>
<term><varname>Unit=</varname></term>
<listitem><para>The unit to activate
@@ -208,7 +260,9 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
</para>
</refsect1>
diff --git a/src/core/dbus-timer.c b/src/core/dbus-timer.c
index 9e4070a..b715521 100644
--- a/src/core/dbus-timer.c
+++ b/src/core/dbus-timer.c
@@ -143,6 +143,7 @@ const sd_bus_vtable bus_timer_vtable[] = {
SD_BUS_PROPERTY("NextElapseUSecRealtime", "t", bus_property_get_usec, offsetof(Timer, next_elapse_monotonic), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("NextElapseUSecMonotonic", "t", bus_property_get_usec, offsetof(Timer, next_elapse_realtime), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Timer, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+ SD_BUS_PROPERTY("AccuracyUSec", "t", bus_property_get_usec, offsetof(Timer, accuracy_usec), 0),
SD_BUS_VTABLE_END
};
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 22dc536..fbf8381 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -247,6 +247,7 @@ Timer.OnBootSec, config_parse_timer, 0,
Timer.OnStartupSec, config_parse_timer, 0, 0
Timer.OnUnitActiveSec, config_parse_timer, 0, 0
Timer.OnUnitInactiveSec, config_parse_timer, 0, 0
+Timer.AccuracySec, config_parse_sec, 0, offsetof(Timer, accuracy_usec)
Timer.Unit, config_parse_trigger_unit, 0, 0
m4_dnl
Path.PathExists, config_parse_path_spec, 0, 0
diff --git a/src/core/timer.c b/src/core/timer.c
index 5bc01a2..f23582c 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -47,6 +47,7 @@ static void timer_init(Unit *u) {
t->next_elapse_monotonic = (usec_t) -1;
t->next_elapse_realtime = (usec_t) -1;
+ t->accuracy_usec = USEC_PER_MINUTE;
}
void timer_free_values(Timer *t) {
@@ -144,6 +145,7 @@ static int timer_load(Unit *u) {
}
static void timer_dump(Unit *u, FILE *f, const char *prefix) {
+ char buf[FORMAT_TIMESPAN_MAX];
Timer *t = TIMER(u);
Unit *trigger;
TimerValue *v;
@@ -153,10 +155,12 @@ static void timer_dump(Unit *u, FILE *f, const char *prefix) {
fprintf(f,
"%sTimer State: %s\n"
"%sResult: %s\n"
- "%sUnit: %s\n",
+ "%sUnit: %s\n"
+ "%sAccuracy: %s\n",
prefix, timer_state_to_string(t->state),
prefix, timer_result_to_string(t->result),
- prefix, trigger ? trigger->id : "n/a");
+ prefix, trigger ? trigger->id : "n/a",
+ prefix, format_timespan(buf, sizeof(buf), t->accuracy_usec, 1));
LIST_FOREACH(value, v, t->values) {
@@ -346,7 +350,7 @@ static void timer_enter_waiting(Timer *t, bool initial) {
r = sd_event_source_set_enabled(t->monotonic_event_source, SD_EVENT_ONESHOT);
} else
- r = sd_event_add_monotonic(UNIT(t)->manager->event, t->next_elapse_monotonic, 0, timer_dispatch, t, &t->monotonic_event_source);
+ r = sd_event_add_monotonic(UNIT(t)->manager->event, t->next_elapse_monotonic, t->accuracy_usec, timer_dispatch, t, &t->monotonic_event_source);
if (r < 0)
goto fail;
@@ -372,7 +376,7 @@ static void timer_enter_waiting(Timer *t, bool initial) {
r = sd_event_source_set_enabled(t->realtime_event_source, SD_EVENT_ONESHOT);
} else
- r = sd_event_add_realtime(UNIT(t)->manager->event, t->next_elapse_realtime, 0, timer_dispatch, t, &t->realtime_event_source);
+ r = sd_event_add_realtime(UNIT(t)->manager->event, t->next_elapse_realtime, t->accuracy_usec, timer_dispatch, t, &t->realtime_event_source);
if (r < 0)
goto fail;
diff --git a/src/core/timer.h b/src/core/timer.h
index b3722f0..3e7efa4 100644
--- a/src/core/timer.h
+++ b/src/core/timer.h
@@ -69,6 +69,8 @@ typedef enum TimerResult {
struct Timer {
Unit meta;
+ usec_t accuracy_usec;
+
LIST_HEAD(TimerValue, values);
usec_t next_elapse_monotonic;
usec_t next_elapse_realtime;
diff --git a/units/systemd-readahead-done.timer b/units/systemd-readahead-done.timer
index 41bfb2b..bdfd465 100644
--- a/units/systemd-readahead-done.timer
+++ b/units/systemd-readahead-done.timer
@@ -15,6 +15,7 @@ Before=shutdown.target
[Timer]
OnActiveSec=30s
+AccuracySec=1s
[Install]
Also=systemd-readahead-collect.service
More information about the systemd-commits
mailing list