[systemd-commits] 4 commits - man/sysctl.d.xml man/systemd.unit.xml src/core src/sysctl src/test
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Wed Apr 16 19:24:27 PDT 2014
man/sysctl.d.xml | 29 +++++++++++++++++++++--------
man/systemd.unit.xml | 25 +++++++++++++++++++------
src/core/socket.c | 24 ++++++++++++++----------
src/sysctl/sysctl.c | 18 ++++++++++++++++--
src/test/test-path-util.c | 8 ++++----
5 files changed, 74 insertions(+), 30 deletions(-)
New commits:
commit 9754d56e9b21bfe89fc18f47987d6bef491b8521
Author: Eelco Dolstra <eelco.dolstra at logicblox.com>
Date: Wed Apr 16 18:39:07 2014 +0200
Handle Unix domain socket connections from outside our namespace
NixOS uses Unix domain sockets for certain host <-> container
interaction; i.e. the host connects to a socket visible in the
container's directory tree, where the container uses a .socket unit to
spawn the handler program on demand. This worked in systemd 203, but
in 212 fails with "foo.socket failed to queue service startup job
(Maybe the service file is missing or not a template unit?): No data
available".
The reason is that getpeercred() now returns ENODATA if it can't get
the PID of the client, which happens in this case because the client
is not in the same PID namespace. Since getpeercred() is only used to
generate the instance name, this patch simply handles ENODATA by
creating an instance name "<nr>-unknown".
[zj: reorder clauses and remove (unsigned long) casts.]
diff --git a/src/core/socket.c b/src/core/socket.c
index 7c18a2b..d57e770 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -663,17 +663,21 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
int k;
k = getpeercred(fd, &ucred);
- if (k < 0)
+ if (k >= 0) {
+ if (asprintf(&r,
+ "%u-"PID_FMT"-"UID_FMT,
+ nr, ucred.pid, ucred.uid) < 0)
+ return -ENOMEM;
+ } else if (k == -ENODATA) {
+ /* This handles the case where somebody is
+ * connecting from another pid/uid namespace
+ * (e.g. from outside of our container). */
+ if (asprintf(&r,
+ "%u-unknown",
+ nr) < 0)
+ return -ENOMEM;
+ } else
return k;
-
- if (asprintf(&r,
- "%u-%lu-%lu",
- nr,
- (unsigned long) ucred.pid,
- (unsigned long) ucred.uid) < 0)
- return -ENOMEM;
-
- break;
}
default:
commit 5d2abc04fc95f5c5f6d0eaf2f9b06c70d504019f
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Apr 16 22:15:42 2014 -0400
man: document relationship between RequiresMountsFor and noauto
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index bcd4ba8..30b6ea1 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -705,13 +705,26 @@
<varlistentry>
<term><varname>RequiresMountsFor=</varname></term>
- <listitem><para>Takes a space-separated
- list of absolute paths. Automatically
- adds dependencies of type
- <varname>Requires=</varname> and
- <varname>After=</varname> for all
+ <listitem><para>Takes a
+ space-separated list of absolute
+ paths. Automatically adds dependencies
+ of type <varname>Requires=</varname>
+ and <varname>After=</varname> for all
mount units required to access the
- specified path.</para></listitem>
+ specified path.</para>
+
+ <para>Mount points marked with
+ <option>noauto</option> are not
+ mounted automatically and will be
+ ignored for the purposes of this
+ option. If such a mount should be a
+ requirement for this unit,
+ direct dependencies on the mount
+ units may be added
+ (<varname>Requires=</varname> and
+ <varname>After=</varname> or
+ some other combination).
+ </para></listitem>
</varlistentry>
<varlistentry>
commit 7f076504b8291d03063ccaee5b40f642df48f8b1
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Apr 16 22:04:31 2014 -0400
test-path-util: fix running with separate build dir
test-path-utils attempts to find itself, but if the binary is not
in current directory, the test would fail.
diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
index 527b275..0aa0bf1 100644
--- a/src/test/test-path-util.c
+++ b/src/test/test-path-util.c
@@ -83,7 +83,7 @@ static void test_path(void) {
}
}
-static void test_find_binary(void) {
+static void test_find_binary(const char *self) {
char *p;
assert(find_binary("/bin/sh", &p) == 0);
@@ -91,7 +91,7 @@ static void test_find_binary(void) {
assert(streq(p, "/bin/sh"));
free(p);
- assert(find_binary("./test-path-util", &p) == 0);
+ assert(find_binary(self, &p) == 0);
puts(p);
assert(endswith(p, "/test-path-util"));
assert(path_is_absolute(p));
@@ -170,9 +170,9 @@ static void test_fsck_exists(void) {
assert_se(fsck_exists("AbCdE") == -ENOENT);
}
-int main(void) {
+int main(int argc, char **argv) {
test_path();
- test_find_binary();
+ test_find_binary(argv[0]);
test_prefixes();
test_fsck_exists();
return 0;
commit 2e573fcf8754fdfe0db0a783b1631ec1679b063a
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Apr 16 21:33:46 2014 -0400
sysctl: replaces some slashes with dots
It turns out that plain sysctl understands a.b/c syntax to write to
/proc/sys/a/b.c. Support this for compatibility.
https://bugs.freedesktop.org/show_bug.cgi?id=77466
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
index 00a857b..db53b49 100644
--- a/man/sysctl.d.xml
+++ b/man/sysctl.d.xml
@@ -68,13 +68,26 @@
<para>The configuration files contain a list of
variable assignments, separated by newlines. Empty
lines and lines whose first non-whitespace character
- is # or ; are ignored.</para>
-
- <para>Note that both / and . are accepted as label
- separators within sysctl variable
- names. <literal>kernel.domainname=foo</literal> and
- <literal>kernel/domainname=foo</literal> hence are
- entirely equivalent.</para>
+ is <literal>#</literal> or <literal>;</literal> are
+ ignored.</para>
+
+ <para>Note that either <literal>/</literal> or
+ <literal>.</literal> may be used as separators within
+ sysctl variable names. If the first separator is a
+ slash, remaining slashes and dots are left intact. If
+ the first separator is a dot, dots and slashes are
+ interchanged. <literal>kernel.domainname=foo</literal>
+ and <literal>kernel/domainname=foo</literal> are
+ equivalent and will cause <literal>foo</literal> to
+ be written to
+ <filename>/proc/sys/kernel/domainname</filename>.
+ Either
+ <literal>net.ipv4.conf.enp3s0/200.forwarding</literal>
+ or
+ <literal>net/ipv4/conf/enp3s0.200/forwarding</literal>
+ may be used to refer to
+ <filename>/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</filename>.
+ </para>
<para>Each configuration file shall be named in the
style of <filename><replaceable>program</replaceable>.conf</filename>.
@@ -109,7 +122,7 @@
early on boot. The network interface-specific options
will also be applied individually for each network
interface as it shows up in the system. (More
- specifically, that is
+ specifically,
<filename>net.ipv4.conf.*</filename>,
<filename>net.ipv6.conf.*</filename>,
<filename>net.ipv4.neigh.*</filename> and <filename>net.ipv6.neigh.*</filename>)</para>
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
index 283eefe..06defa5 100644
--- a/src/sysctl/sysctl.c
+++ b/src/sysctl/sysctl.c
@@ -48,12 +48,26 @@ static const char conf_file_dirs[] =
#endif
;
-static char *normalize_sysctl(char *s) {
+static char* normalize_sysctl(char *s) {
char *n;
- for (n = s; *n; n++)
+ n = strpbrk(s, "/.");
+ /* If the first separator is a slash, the path is
+ * assumed to be normalized and slashes remain slashes
+ * and dots remains dots. */
+ if (!n || *n == '/')
+ return s;
+
+ /* Otherwise, dots become slashes and slashes become
+ * dots. Fun. */
+ while (n) {
if (*n == '.')
*n = '/';
+ else
+ *n = '.';
+
+ n = strpbrk(n + 1, "/.");
+ }
return s;
}
More information about the systemd-commits
mailing list