[systemd-commits] 4 commits - TODO man/systemd-nspawn.xml src/import src/nspawn src/run src/shared src/shutdownd src/udev
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Feb 18 11:00:53 PST 2015
TODO | 6 ------
man/systemd-nspawn.xml | 17 ++++++++++++++++-
src/import/importd.c | 8 +++-----
src/nspawn/nspawn.c | 37 +++++++++++++++++++++++++++++++------
src/run/run.c | 9 ++-------
src/shared/ask-password-api.c | 2 ++
src/shared/util.c | 10 ++++++++++
src/shared/util.h | 2 ++
src/shutdownd/shutdownd.c | 14 ++++++++------
src/udev/udev-ctrl.c | 3 +++
10 files changed, 77 insertions(+), 31 deletions(-)
New commits:
commit ac49d36faef5739d0e9db5742b780c4fb88e68bf
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Feb 18 19:39:54 2015 +0100
update TODO
diff --git a/TODO b/TODO
index 35a3198..7ad9e78 100644
--- a/TODO
+++ b/TODO
@@ -38,9 +38,6 @@ Features:
written to as FAIL, but instead show that their are being written
to.
-* nspawn: allow configuring cgroup (and other) properties via
- --property= when invoking from the command line.
-
* add udev rule construct SYSCTL{} to write to sysctls
* assign MESSAGE_ID to log messages about failed services
@@ -50,9 +47,6 @@ Features:
infinity by default for all services. This then allows per-service
control of coredumping.
-* introduce some call that iterates through cmsg and closes all fds
- passed in, and use it everywhere...
-
* generate better errors when people try to set transient properties
that are not supported...
http://lists.freedesktop.org/archives/systemd-devel/2015-February/028076.html
commit 8962620e5e7d6a8ffde1fe363f13dd82b1a15661
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Feb 18 19:39:40 2015 +0100
run: if we fail to set a property assignment then really fail
diff --git a/src/run/run.c b/src/run/run.c
index 0661b3b..32191a6 100644
--- a/src/run/run.c
+++ b/src/run/run.c
@@ -241,14 +241,12 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_SETENV:
-
if (strv_extend(&arg_environment, optarg) < 0)
return log_oom();
break;
case 'p':
-
if (strv_extend(&arg_property, optarg) < 0)
return log_oom();
@@ -389,11 +387,8 @@ static int transient_unit_set_properties(sd_bus_message *m, char **properties) {
return r;
r = bus_append_unit_property_assignment(m, *i);
- if (r < 0) {
- r = sd_bus_message_append(m, "sv", 0);
- if (r < 0)
- return r;
- }
+ if (r < 0)
+ return r;
r = sd_bus_message_close_container(m);
if (r < 0)
commit f36933fef605a7dccce8e3aecccff5152e522fa6
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Feb 18 19:38:55 2015 +0100
nspawn: add support for --property= to set scope properties
This is similar to systemd-run's --property= setting.
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 4a936d3..e84d2b7 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -297,7 +297,22 @@
<listitem><para>Make the container part of the specified
slice, instead of the default
- <filename>machine.slice</filename>.</para>
+ <filename>machine.slice</filename>. This is only applies if
+ the machine is run in its own scope unit, i.e. if
+ <option>--keep-unit</option> is not used.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--property=</option></term>
+
+ <listitem><para>Set a unit property on the scope unit to
+ register for the machine. This only applies if the machine is
+ run in its own scope unit, i.e. if
+ <option>--keep-unit</option> is not used. Takes unit property
+ assignments in the same format as <command>systemctl
+ set-property</command>. This is useful to set memory limits
+ and similar for machines.</para>
</listitem>
</varlistentry>
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index fb67251..232629d 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -187,6 +187,7 @@ static unsigned long arg_personality = 0xffffffffLU;
static char *arg_image = NULL;
static Volatile arg_volatile = VOLATILE_NO;
static ExposePort *arg_expose_ports = NULL;
+static char **arg_property = NULL;
static void help(void) {
printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
@@ -205,6 +206,7 @@ static void help(void) {
" -M --machine=NAME Set the machine name for the container\n"
" --uuid=UUID Set a specific machine UUID for the container\n"
" -S --slice=SLICE Place the container in the specified slice\n"
+ " --property=NAME=VALUE Set scope unit property\n"
" --private-network Disable network in container\n"
" --network-interface=INTERFACE\n"
" Assign an existing network interface to the\n"
@@ -294,6 +296,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_PERSONALITY,
ARG_VOLATILE,
ARG_TEMPLATE,
+ ARG_PROPERTY,
};
static const struct option options[] = {
@@ -331,6 +334,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "image", required_argument, NULL, 'i' },
{ "volatile", optional_argument, NULL, ARG_VOLATILE },
{ "port", required_argument, NULL, 'p' },
+ { "property", required_argument, NULL, ARG_PROPERTY },
{}
};
@@ -731,6 +735,12 @@ static int parse_argv(int argc, char *argv[]) {
break;
}
+ case ARG_PROPERTY:
+ if (strv_extend(&arg_property, optarg) < 0)
+ return log_oom();
+
+ break;
+
case '?':
return -EINVAL;
@@ -1897,6 +1907,7 @@ static int register_machine(pid_t pid, int local_ifindex) {
local_ifindex > 0 ? 1 : 0, local_ifindex);
} else {
_cleanup_bus_message_unref_ sd_bus_message *m = NULL;
+ char **i;
r = sd_bus_message_new_method_call(
bus,
@@ -1906,7 +1917,7 @@ static int register_machine(pid_t pid, int local_ifindex) {
"org.freedesktop.machine1.Manager",
"CreateMachineWithNetwork");
if (r < 0)
- return log_error_errno(r, "Failed to create message: %m");
+ return bus_log_create_error(r);
r = sd_bus_message_append(
m,
@@ -1919,21 +1930,21 @@ static int register_machine(pid_t pid, int local_ifindex) {
strempty(arg_directory),
local_ifindex > 0 ? 1 : 0, local_ifindex);
if (r < 0)
- return log_error_errno(r, "Failed to append message arguments: %m");
+ return bus_log_create_error(r);
r = sd_bus_message_open_container(m, 'a', "(sv)");
if (r < 0)
- return log_error_errno(r, "Failed to open container: %m");
+ return bus_log_create_error(r);
if (!isempty(arg_slice)) {
r = sd_bus_message_append(m, "(sv)", "Slice", "s", arg_slice);
if (r < 0)
- return log_error_errno(r, "Failed to append slice: %m");
+ return bus_log_create_error(r);
}
r = sd_bus_message_append(m, "(sv)", "DevicePolicy", "s", "strict");
if (r < 0)
- return log_error_errno(r, "Failed to add device policy: %m");
+ return bus_log_create_error(r);
r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9,
/* Allow the container to
@@ -1959,9 +1970,23 @@ static int register_machine(pid_t pid, int local_ifindex) {
if (r < 0)
return log_error_errno(r, "Failed to add device whitelist: %m");
+ STRV_FOREACH(i, arg_property) {
+ r = sd_bus_message_open_container(m, 'r', "sv");
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = bus_append_unit_property_assignment(m, *i);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_close_container(m);
+ if (r < 0)
+ return bus_log_create_error(r);
+ }
+
r = sd_bus_message_close_container(m);
if (r < 0)
- return log_error_errno(r, "Failed to close container: %m");
+ return bus_log_create_error(r);
r = sd_bus_call(bus, m, 0, &error, NULL);
}
commit 1c8da044469acabcfc479ba3276954da53210830
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Feb 18 19:20:47 2015 +0100
shared: introduce cmsg_close_all() call
The call iterates through cmsg list and closes all fds passed via
SCM_RIGHTS.
This patch also ensures the call is used wherever appropriate, where we
might get spurious fds sent and we should better close them, then leave
them lying around.
diff --git a/src/import/importd.c b/src/import/importd.c
index 2eef476..eaf04e6 100644
--- a/src/import/importd.c
+++ b/src/import/importd.c
@@ -518,12 +518,10 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void
return -errno;
}
+ cmsg_close_all(&msghdr);
+
for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
- if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
- close_many((int*) CMSG_DATA(cmsg), (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int));
- log_warning("Somebody sent us unexpected fds, ignoring.");
- return 0;
- } else if (cmsg->cmsg_level == SOL_SOCKET &&
+ if (cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_CREDENTIALS &&
cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 0a61daf..44ebc58 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -475,6 +475,8 @@ int ask_password_agent(
goto finish;
}
+ cmsg_close_all(&msghdr);
+
if (n <= 0) {
log_error("Message too short");
continue;
diff --git a/src/shared/util.c b/src/shared/util.c
index deb9839..dc65280 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -8110,3 +8110,13 @@ ssize_t string_table_lookup(const char * const *table, size_t len, const char *k
return -1;
}
+
+void cmsg_close_all(struct msghdr *mh) {
+ struct cmsghdr *cmsg;
+
+ assert(mh);
+
+ for (cmsg = CMSG_FIRSTHDR(mh); cmsg; cmsg = CMSG_NXTHDR(mh, cmsg))
+ if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
+ close_many((int*) CMSG_DATA(cmsg), (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int));
+}
diff --git a/src/shared/util.h b/src/shared/util.h
index 45cb094..759d053 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -1080,3 +1080,5 @@ void sigkill_wait(pid_t *pid);
#define _cleanup_sigkill_wait_ _cleanup_(sigkill_wait)
int syslog_parse_priority(const char **p, int *priority, bool with_facility);
+
+void cmsg_close_all(struct msghdr *mh);
diff --git a/src/shutdownd/shutdownd.c b/src/shutdownd/shutdownd.c
index 701882b..60a6468 100644
--- a/src/shutdownd/shutdownd.c
+++ b/src/shutdownd/shutdownd.c
@@ -70,12 +70,7 @@ static int read_packet(int fd, union shutdown_buffer *_b) {
assert(_b);
n = recvmsg(fd, &msghdr, MSG_DONTWAIT);
- if (n <= 0) {
- if (n == 0) {
- log_error("Short read");
- return -EIO;
- }
-
+ if (n < 0) {
if (errno == EAGAIN || errno == EINTR)
return 0;
@@ -83,6 +78,13 @@ static int read_packet(int fd, union shutdown_buffer *_b) {
return -errno;
}
+ cmsg_close_all(&msghdr);
+
+ if (n == 0) {
+ log_error("Short read");
+ return -EIO;
+ }
+
if (msghdr.msg_controllen < CMSG_LEN(sizeof(struct ucred)) ||
control.cmsghdr.cmsg_level != SOL_SOCKET ||
control.cmsghdr.cmsg_type != SCM_CREDENTIALS ||
diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
index 7b5ef6b..59a3ece 100644
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -377,6 +377,9 @@ struct udev_ctrl_msg *udev_ctrl_receive_msg(struct udev_ctrl_connection *conn) {
log_error_errno(errno, "unable to receive ctrl message: %m");
goto err;
}
+
+ cmsg_close_all(&smsg);
+
cmsg = CMSG_FIRSTHDR(&smsg);
cred = (struct ucred *) CMSG_DATA(cmsg);
More information about the systemd-commits
mailing list