chiark / gitweb /
3 years agoutil-lib: make timestamp generation and parsing reversible (#3869)
Lennart Poettering [Wed, 3 Aug 2016 23:04:53 +0000 (01:04 +0200)]
util-lib: make timestamp generation and parsing reversible (#3869)

This patch improves parsing and generation of timestamps and calendar
specifications in two ways:

- The week day is now always printed in the abbreviated English form, instead
  of the locale's setting. This makes sure we can always parse the week day
  again, even if the locale is changed. Given that we don't follow locale
  settings for printing timestamps in any other way either (for example, we
  always use 24h syntax in order to make uniform parsing possible), it only
  makes sense to also stick to a generic, non-localized form for the timestamp,

- When parsing a timestamp, the local timezone (in its DST or non-DST name)
  may be specified, in addition to "UTC". Other timezones are still not
  supported however (not because we wouldn't want to, but mostly because libc
  offers no nice API for that). In itself this brings no new features, however
  it ensures that any locally formatted timestamp's timezone is also parsable

These two changes ensure that the output of format_timestamp() may always be
passed to parse_timestamp() and results in the original input. The related
flavours for usec/UTC also work accordingly. Calendar specifications are
extended in a similar way.

The man page is updated accordingly, in particular this removes the claim that
timestamps elogind prints wouldn't be parsable by elogind. They are now.

The man page previously showed invalid timestamps as examples. This has been
removed, as the man page shouldn't be a unit test, where such negative examples
would be useful. The man page also no longer mentions the names of internal
functions, such as format_timestamp_us() or UNIX error codes such as EINVAL.

3 years agoclean-ipc: debug log about all remove IPC objects
Lennart Poettering [Tue, 2 Aug 2016 09:14:56 +0000 (11:14 +0200)]
clean-ipc: debug log about all remove IPC objects

3 years agocore: add RemoveIPC= setting
Lennart Poettering [Mon, 1 Aug 2016 17:24:40 +0000 (19:24 +0200)]
core: add RemoveIPC= setting

This adds the boolean RemoveIPC= setting to service, socket, mount and swap
units (i.e.  all unit types that may invoke processes). if turned on, and the
unit's user/group is not root, all IPC objects of the user/group are removed
when the service is shut down. The life-cycle of the IPC objects is hence bound
to the unit life-cycle.

This is particularly relevant for units with dynamic users, as it is essential
that no objects owned by the dynamic users survive the service exiting. In
fact, this patch adds code to imply RemoveIPC= if DynamicUser= is set.

In order to communicate the UID/GID of an executed process back to PID 1 this
adds a new "user lookup" socket pair, that is inherited into the forked
processes, and closed before the exec(). This is needed since we cannot do NSS
from PID 1 due to deadlock risks, However need to know the used UID/GID in
order to clean up IPC owned by it if the unit shuts down.

3 years agovirt: detect bhyve (FreeBSD hypervisor) (#3840)
Leonardo Brondani Schenkel [Mon, 1 Aug 2016 13:04:49 +0000 (15:04 +0200)]
virt: detect bhyve (FreeBSD hypervisor) (#3840)

The CPUID and DMI vendor strings do not seem to be documented.
Values were found experimentally and by inspecting the source code.

3 years agoclean-ipc: shorten code a bit
Lennart Poettering [Thu, 28 Jul 2016 07:51:47 +0000 (09:51 +0200)]
clean-ipc: shorten code a bit

3 years agoclean-ipc: don't filter out '.' and '..' twice
Lennart Poettering [Thu, 28 Jul 2016 07:51:25 +0000 (09:51 +0200)]
clean-ipc: don't filter out '.' and '..' twice

3 years agocore: inherit TERM from PID 1 for all services started on /dev/console
Lennart Poettering [Wed, 27 Jul 2016 13:25:55 +0000 (15:25 +0200)]
core: inherit TERM from PID 1 for all services started on /dev/console

This way, invoking nspawn from a shell in the best case inherits the TERM
setting all the way down into the login shell spawned in the container.

Fixes: #3697

3 years agostring-util: rework memory_erase() to not use GCC optimize attribute (#3812)
Michael Biebl [Wed, 27 Jul 2016 03:32:37 +0000 (05:32 +0200)]
string-util: rework memory_erase() to not use GCC optimize attribute (#3812)

"#pragma GCC optimize" is merely a convenience to decorate multiple
functions with attribute optimize. And the manual has this to say about
this attribute:

  This attribute should be used for debugging purposes only. It
  is not suitable in production code.

Some versions of GCC also seem to have a problem with this pragma in
combination with LTO, resulting in ICEs.

So use a different approach (indirect the memset call via a volatile
function pointer) as implemented in openssl's crypto/mem_clr.c.

Closes: #3811

3 years agoutil-lib: rework /tmp and /var/tmp handling code
Lennart Poettering [Tue, 26 Jul 2016 15:23:28 +0000 (17:23 +0200)]
util-lib: rework /tmp and /var/tmp handling code

Beef up the existing var_tmp() call, rename it to var_tmp_dir() and add a
matching tmp_dir() call (the former looks for the place for /var/tmp, the
latter for /tmp).

Both calls check $TMPDIR, $TEMP, $TMP, following the algorithm Python3 uses.
All dirs are validated before use. secure_getenv() is used in order to limite
exposure in suid binaries.

This also ports a couple of users over to these new APIs.

The var_tmp() return parameter is changed from an allocated buffer the caller
will own to a const string either pointing into environ[], or into a static
const buffer. Given that environ[] is mostly considered constant (and this is
exposed in the very well-known getenv() call), this should be OK behaviour and
allows us to avoid memory allocations in most cases.

Note that $TMPDIR and friends override both /var/tmp and /tmp usage if set.

3 years agoAdd enable_disable() helper
Zbigniew Jędrzejewski-Szmek [Sun, 24 Jul 2016 18:12:58 +0000 (14:12 -0400)]
Add enable_disable() helper

In this patch "enabled" and "disabled" is used exclusively, but "enable" and
"disable" forms are need for the following patch.

3 years agobootctl: move toupper() implementation to string-util.h
Lennart Poettering [Tue, 19 Jul 2016 18:43:54 +0000 (20:43 +0200)]
bootctl: move toupper() implementation to string-util.h

We already have tolower() calls there, hence let's unify this at one place.
Also, update the code to only use ASCII operations, so that we don't end up
being locale dependant.

3 years agocore: add a concept of "dynamic" user ids, that are allocated as long as a service...
Lennart Poettering [Thu, 14 Jul 2016 10:37:28 +0000 (12:37 +0200)]
core: add a concept of "dynamic" user ids, that are allocated as long as a service is running

This adds a new boolean setting DynamicUser= to service files. If set, a new
user will be allocated dynamically when the unit is started, and released when
it is stopped. The user ID is allocated from the range 61184..65519. The user
will not be added to /etc/passwd (but an NSS module to be added later should
make it show up in getent passwd).

For now, care should be taken that the service writes no files to disk, since
this might result in files owned by UIDs that might get assigned dynamically to
a different service later on. Later patches will tighten sandboxing in order to
ensure that this cannot happen, except for a few selected directories.

A simple way to test this is:

        elogind-run -p DynamicUser=1 /bin/sleep 99999

3 years agosysusers: move various user credential validity checks to src/basic/
Lennart Poettering [Thu, 14 Jul 2016 10:23:39 +0000 (12:23 +0200)]
sysusers: move various user credential validity checks to src/basic/

This way we can reuse them for validating User=/Group= settings in unit files
(to be added in a later commit).

Also, add some tests for them.

3 years agocore: introduce MemorySwapMax=
WaLyong Cho [Mon, 4 Jul 2016 07:03:54 +0000 (07:03 +0000)]
core: introduce MemorySwapMax=

Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls
controls "memory.swap.max" attribute in unified cgroup.

3 years agocgroup: detect cgroup namespaces
Christian Brauner [Thu, 23 Jun 2016 09:52:45 +0000 (11:52 +0200)]
cgroup: detect cgroup namespaces

- add fun to detect whether cgroup namespaces are supported

3 years agoRevert "build-sys: hide magic section variables from exported symbols"
David Herrmann [Wed, 22 Jul 2015 09:16:44 +0000 (11:16 +0200)]
Revert "build-sys: hide magic section variables from exported symbols"

This reverts commit aac7c5ed8bc6ffaba417b9c0b87bcf342865431b. This
visibility bug originated in and has been fixed upstream:;h=5417c94d1a944d1a27f99240e5d62a6d7cd324f1

3 years agoMerge pull request #21 from elogind/v231-stable
Sven Eden [Mon, 3 Jul 2017 13:31:42 +0000 (15:31 +0200)]
Merge pull request #21 from elogind/v231-stable

V231 stable

3 years agoMerge pull request #19 from elogind/dev_v231
Sven Eden [Mon, 3 Jul 2017 13:28:24 +0000 (15:28 +0200)]
Merge pull request #19 from elogind/dev_v231

Merge dev_v231 into master

3 years agoVersion 231.4 Release v231.4
Sven Eden [Mon, 3 Jul 2017 13:21:43 +0000 (15:21 +0200)]
Version 231.4 Release

3 years agoRe-add the saving of the user state file when creating a new session.
Sven Eden [Mon, 3 Jul 2017 12:48:37 +0000 (14:48 +0200)]
Re-add the saving of the user state file when creating a new session.

3 years agoVersion v231.3 v231.3
Sven Eden [Thu, 29 Jun 2017 11:49:09 +0000 (13:49 +0200)]
Version v231.3

3 years agoPrep v231.3: does not need to be installed.
Sven Eden [Thu, 29 Jun 2017 13:20:30 +0000 (15:20 +0200)]
Prep v231.3: does not need to be installed.

3 years agoPrep v231.3: Fix typo in README
Sven Eden [Thu, 29 Jun 2017 11:36:08 +0000 (13:36 +0200)]
Prep v231.3: Fix typo in README

3 years agoPrep v231.3: libelogind-internal does not need to link against libresolv
Sven Eden [Thu, 29 Jun 2017 10:32:26 +0000 (12:32 +0200)]
Prep v231.3: libelogind-internal does not need to link against libresolv

3 years agoPrep v231.3: Add --with-cgroup-controller=name to configure
Sven Eden [Thu, 29 Jun 2017 09:14:20 +0000 (11:14 +0200)]
Prep v231.3: Add --with-cgroup-controller=name to configure

This option can be used, if elogind is built while a different cgroup
controller than planned is active.
A valid scenario could be a gentoo user switching from systemd to

3 years agoPrep v231.3: Only ask for reboot authorization when shutting down or rebooting.
Sven Eden [Thu, 29 Jun 2017 08:06:25 +0000 (10:06 +0200)]
Prep v231.3: Only ask for reboot authorization when shutting down or rebooting.

It is not needed to ask for authorization to put the system to sleep.
Such a system is most commonly a single-user laptop, and no user,
especially me, wants to enter the root password after hitting the
suspend key. ;-)

3 years agoPrep v231.3: No authorization for setting the wall message.
Sven Eden [Thu, 29 Jun 2017 08:03:32 +0000 (10:03 +0200)]
Prep v231.3: No authorization for setting the wall message.

elogind only calls this when shutting down, rebooting or cancelling a
pending shutdown/reboot. Authorization is already needed there, so do
not question the user twice, just because they forgot to sudo.

3 years agoVersion v231.2
Sven Eden [Thu, 29 Jun 2017 08:02:40 +0000 (10:02 +0200)]
Version v231.2

3 years agoPrep v231.2: Make sure logs go to syslog or kmsg if elogind was started in debug...
Sven Eden [Wed, 28 Jun 2017 16:56:23 +0000 (18:56 +0200)]
Prep v231.2: Make sure logs go to syslog or kmsg if elogind was started in debug mode, even if it was started from a tty.

3 years agoPrep v231.2: Minor changes to make future patching easier.
Sven Eden [Wed, 28 Jun 2017 08:48:10 +0000 (10:48 +0200)]
Prep v231.2: Minor changes to make future patching easier.

3 years agoPrep v231.2: Move elogind specific code in logind-dbus.c to elogind-dbus.c
Sven Eden [Wed, 28 Jun 2017 08:41:24 +0000 (10:41 +0200)]
Prep v231.2: Move elogind specific code in logind-dbus.c to elogind-dbus.c

3 years agoPrep v231.2: Do not set a wall message when suspending (none there anyway)
Sven Eden [Wed, 28 Jun 2017 05:49:45 +0000 (07:49 +0200)]
Prep v231.2: Do not set a wall message when suspending (none there anyway)

3 years agoPrep v231.2: elogind is a stand-alone daemon, so do not exit if suspending the system...
Sven Eden [Tue, 27 Jun 2017 06:25:23 +0000 (08:25 +0200)]
Prep v231.2: elogind is a stand-alone daemon, so do not exit if suspending the system fails.

3 years agoPrep v231.2: Send processes the wakeup signal, even if suspending the system failed.
Sven Eden [Tue, 27 Jun 2017 06:05:27 +0000 (08:05 +0200)]
Prep v231.2: Send processes the wakeup signal, even if suspending the system failed.

3 years agoPrep v231.2: Only check time and wall arguments for shutdown and reboot.
Sven Eden [Mon, 26 Jun 2017 17:09:25 +0000 (19:09 +0200)]
Prep v231.2: Only check time and wall arguments for shutdown and reboot.

3 years agoPrep v231.2: elogind_log_special() : Add missing case breaks.
Sven Eden [Mon, 26 Jun 2017 16:39:03 +0000 (18:39 +0200)]
Prep v231.2: elogind_log_special() : Add missing case breaks.

3 years agoPrep v231.2: Add mor debug messages to find out, why 'loginctl suspend' isn't working.
Sven Eden [Mon, 26 Jun 2017 07:03:51 +0000 (09:03 +0200)]
Prep v231.2: Add mor debug messages to find out, why 'loginctl suspend' isn't working.

3 years agoPrep v231.2: Really set an extra wall message (if any) and display it when cancelling...
Sven Eden [Mon, 26 Jun 2017 06:18:53 +0000 (08:18 +0200)]
Prep v231.2: Really set an extra wall message (if any) and display it when cancelling a pending shutdown/reboot

3 years agoPrep v231.2: loginctl: Move check for cancelling a scheduled shutdown to allow extra...
Sven Eden [Mon, 26 Jun 2017 06:03:24 +0000 (08:03 +0200)]
Prep v231.2: loginctl: Move check for cancelling a scheduled shutdown to allow extra wall messages.

3 years agoPrep v231.2: Add log messages for loginctl invoking system commands.
Sven Eden [Thu, 22 Jun 2017 16:22:58 +0000 (18:22 +0200)]
Prep v231.2: Add log messages for loginctl invoking system commands.

3 years agoPrep v231.2: Mask get_startup_time(), it won't work without systemd running the show...
Sven Eden [Thu, 22 Jun 2017 16:21:16 +0000 (18:21 +0200)]
Prep v231.2: Mask get_startup_time(), it won't work without systemd running the show anyway.

3 years agoPrep v231.2: Mask unsupported bus errors.
Sven Eden [Thu, 22 Jun 2017 16:20:09 +0000 (18:20 +0200)]
Prep v231.2: Mask unsupported bus errors.

3 years agoPrep v231.2: login1.policy vendor is the project, not it's description.
Sven Eden [Thu, 22 Jun 2017 16:18:07 +0000 (18:18 +0200)]
Prep v231.2: login1.policy vendor is the project, not it's description.

3 years agoPrep v321.2: Fix org.freedesktop.login1 where named org.freedesktop.elogind
Sven Eden [Thu, 22 Jun 2017 16:17:20 +0000 (18:17 +0200)]
Prep v321.2: Fix org.freedesktop.login1 where named org.freedesktop.elogind

3 years agoPrep v231.2: Fix missing/double wall msgs on scheduled shutdown/reboot
Sven Eden [Wed, 21 Jun 2017 08:57:17 +0000 (10:57 +0200)]
Prep v231.2: Fix missing/double wall msgs on scheduled shutdown/reboot

- Do not do anything in manager_setup_wall_message_timer() if wall
  messages are disabled anyway.
- Set up a wall timer in any case there is time left. The original
  sources would not even set up a timer if the next messages would
  be now. As time is measured in USEC, that's pretty rare, but
- If less than 1 Second is left to the first message, delay it.
- systemd would print out a message at once, if less than 15 minutes
  are left to the event. Do this only, if the next scheduled message
  wouldn't come within the next 3 seconds, or it might come to
  awkward double messages.

3 years agoPrep v231.2: Remove modes and states assertion in do_sleep()
Sven Eden [Wed, 21 Jun 2017 06:49:50 +0000 (08:49 +0200)]
Prep v231.2: Remove modes and states assertion in do_sleep()

It is perfectly valid to have NULL modes. The default configuration
for suspend to ram is such a case.
Having NULL states doesn't make any sense other than no suspension is
possible any more. But a user might have set any *State value to an
empty string, so better assume (and assert) nothing here.

3 years agoPrep v231.2: login/elogind.c: Remove bus_forward_agent_released()
Sven Eden [Tue, 20 Jun 2017 04:48:14 +0000 (06:48 +0200)]
Prep v231.2: login/elogind.c: Remove bus_forward_agent_released()

This method is called from a systemd manager that is the system
instance to inform all user instances of systemd about the pending
cgroup release.

elogind on the other hand is always there just once. And the release
of cgroups is handled by the local cgroups manager, which should be
provided by the running init system.

Even if there is no cgroup management, so elogind sets itself up as
a small cgroups manager itself, there aren't any user instances that
could react on the forwarding anyway.

3 years agoPrep v231.2: Remove --disable-kdbus option from configure.
Sven Eden [Mon, 19 Jun 2017 17:28:05 +0000 (19:28 +0200)]
Prep v231.2: Remove --disable-kdbus option from configure.

Support for kdbus can no longer be enabled or disabled. It is simply
there and will be used if needed and possible.
So if you have kdbus available, elogind might use it.

3 years agoPrep v231.2: Remove orphaned files
Sven Eden [Mon, 19 Jun 2017 17:27:19 +0000 (19:27 +0200)]
Prep v231.2: Remove orphaned files

3 years agoPrep v231.2: pam_elogind must be linked against libshared, not libelogind-shared.
Sven Eden [Mon, 19 Jun 2017 17:03:17 +0000 (19:03 +0200)]
Prep v231.2: pam_elogind must be linked against libshared, not libelogind-shared.

3 years agoPrep v231.2: Make elogind musl-libc-compatible again.
Sven Eden [Mon, 19 Jun 2017 09:51:42 +0000 (11:51 +0200)]
Prep v231.2: Make elogind musl-libc-compatible again.

3 years agoPrep v231.2: basic/stdio-util.h must include parse-printf-format.h instead of printf.h
Sven Eden [Mon, 19 Jun 2017 09:04:44 +0000 (11:04 +0200)]
Prep v231.2: basic/stdio-util.h must include parse-printf-format.h instead of printf.h

3 years agoPrep v231.2: Apply some minor style fixes
Sven Eden [Mon, 19 Jun 2017 08:17:56 +0000 (10:17 +0200)]
Prep v231.2: Apply some minor style fixes

3 years agosd-event: "when exiting no signal event are pending" is a wrong assertion (#5271)
Franck Bui [Wed, 8 Feb 2017 19:56:22 +0000 (20:56 +0100)]
sd-event: "when exiting no signal event are pending" is a wrong assertion (#5271)

The code make the following assertion: when freeing a event loop object
(usually it's done after exiting from the main event loop), no signal events
are still queued and are pending.

This assertion can be found in event_unmask_signal_data() with
"assert(!d->current);" assertion.

It appears that this assertion can be wrong at least in a specific case
described below.

Consider the following example which is inspired from udev: a process defines 3
source events: 2 are created by sd_event_add_signal() and 1 is created by

 1. the process receives the 2 signals consecutively so that signal 'A' source
     event is queued and pending. Consequently the post source event is also
     queued and pending. This is done by sd_event_wait().

 2. The callback for signal 'A' is called by sd_event_dispatch().

 3. The next call to sd_event_wait() will queue signal 'B' source event.

 4. The callback for the post source event is called and calls sd_event_exit().

 5. the event loop is exited.

 6. freeing the event loop object will lead to the assertion failure in

This patch simply removes this assertion as it doesn't seem to be a
bug if the signal data still reference a signal source at this point.

(cherry picked from commit 4470860388e12a5dda1d65773e411a349221a3e9)

3 years agoacl-util: fix memleak
Evgeny Vereshchagin [Thu, 3 Nov 2016 22:04:40 +0000 (22:04 +0000)]
acl-util: fix memleak

$ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null
==22309== Memcheck, a memory error detector
==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22309== Command: /home/vagrant/elogind/.libs/lt-journalctl
Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'elogind-journal', 'wheel' can see all messages.
      Pass -q to turn off this notice.
==22309== HEAP SUMMARY:
==22309==     in use at exit: 8,680 bytes in 4 blocks
==22309==   total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated
==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4
==22309==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==22309==    by 0x6F37A0A: __new_var_obj_p (__libobj.c:36)
==22309==    by 0x6F362F7: __acl_init_obj (acl_init.c:28)
==22309==    by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54)
==22309==    by 0x6F36087: acl_get_file (acl_get_file.c:69)
==22309==    by 0x4F15752: acl_search_groups (acl-util.c:172)
==22309==    by 0x113A1E: access_check_var_log_journal (journalctl.c:1836)
==22309==    by 0x113D8D: access_check (journalctl.c:1889)
==22309==    by 0x115681: main (journalctl.c:2236)
==22309== LEAK SUMMARY:
==22309==    definitely lost: 56 bytes in 1 blocks
==22309==    indirectly lost: 432 bytes in 1 blocks
==22309==      possibly lost: 0 bytes in 0 blocks
==22309==    still reachable: 8,192 bytes in 2 blocks
==22309==         suppressed: 0 bytes in 0 blocks

(cherry picked from commit 29d87223d54fc13e16f444677f0a94ed0755bd88)

3 years agologind: don't hit assert when we try to free NULL manager object
Lennart Poettering [Thu, 20 Oct 2016 17:19:46 +0000 (19:19 +0200)]
logind: don't hit assert when we try to free NULL manager object

Fixes: #4431
(cherry picked from commit 84a4e6608dbda38c724ab196a226db209a50b224)

3 years agoelogind: ignore lack of tty when checking whether colors should be enabled
Zbigniew Jędrzejewski-Szmek [Fri, 19 Aug 2016 02:03:56 +0000 (22:03 -0400)]
elogind: ignore lack of tty when checking whether colors should be enabled

When started by the kernel, we are connected to the console, and we'll set TERM
properly to some value in fixup_environment(). We'll then enable or disable
colors based on the value of $SYSTEMD_COLORS and $TERM.

When reexecuting, TERM should be already set, so we can use this value.
Effectively, behaviour is the same as before affd7ed1a was reverted, but instead
of reopening the console before configuring color output, we just ignore what
stdout is connected to and decide based on the variables only.

(cherry picked from commit 158fbf7661912adf0f42c93155499119811dde82)

3 years agoman: explain that *KeyIgnoreInhibited only apply to a subset of locks
Zbigniew Jędrzejewski-Szmek [Sun, 14 Aug 2016 20:27:59 +0000 (16:27 -0400)]
man: explain that *KeyIgnoreInhibited only apply to a subset of locks

Follow-up for #3924.

(cherry picked from commit 05b2a8fd7a0533758d2f532df798cabc3c442683)

3 years agoRevert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
Mantas Mikulėnas [Mon, 8 Aug 2016 08:07:38 +0000 (11:07 +0300)]
Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"

This reverts commit 8121f4d209eca85dcb11830800483cdfafbef9b7.

The special 'key handling' inhibitors should always work regardless of
any *IgnoreInhibited settings – otherwise they're nearly useless.

Reverts: #3470
Fixes: #3897
(cherry picked from commit 06a70b918d4d753769a727239f75af8896006467)

3 years agologind: 0% and 100% should be valid for UserTasksMax (#3836)
Tejun Heo [Mon, 1 Aug 2016 01:38:47 +0000 (21:38 -0400)]
logind: 0% and 100% should be valid for UserTasksMax (#3836)

config_parse_user_tasks_max() was incorrectly accepting percentage value
between 1 and 99.  Update it to accept 0% and 100%.  This brings it in line
with TasksMax handling in elogind.
(cherry picked from commit cb3e4417590196bd30e1b8097348dca6ba34bd15)

3 years agov231.1 - mark commit before applying upstream stable patches.
Sven Eden [Mon, 19 Jun 2017 06:59:37 +0000 (08:59 +0200)]
v231.1 - mark commit before applying upstream stable patches.

3 years agoPrep v229.6: Send wakeup call to suspended processes.
Sven Eden [Thu, 15 Jun 2017 14:51:11 +0000 (16:51 +0200)]
Prep v229.6: Send wakeup call to suspended processes.

Somewhere in the update stream from 227.x to 228.x the sending of the
wakeup signal to sleeping processes got lost.

Re-add the sending of the wakeup signal.

Fixes issue 17
 ( )

3 years agoPrep v231: Add missing line breaks in loginctl help text
Sven Eden [Wed, 14 Jun 2017 15:57:24 +0000 (17:57 +0200)]
Prep v231: Add missing line breaks in loginctl help text

3 years agoPrep v231: Update man pages to include upstream changes
Sven Eden [Wed, 14 Jun 2017 15:42:55 +0000 (17:42 +0200)]
Prep v231: Update man pages to include upstream changes

3 years agoPrep v231: Updated POT-Files to upstream version
Sven Eden [Mon, 12 Jun 2017 14:47:56 +0000 (16:47 +0200)]
Prep v231: Updated POT-Files to upstream version

3 years agoPrep v231: Add new files to and Code::Blocks project file.
Sven Eden [Wed, 14 Jun 2017 15:45:33 +0000 (17:45 +0200)]
Prep v231: Add new files to and Code::Blocks project file.

3 years agoPrep v231: Move elogind specific code in login/loginctl.c to login/eloginctl.c
Sven Eden [Wed, 14 Jun 2017 15:41:36 +0000 (17:41 +0200)]
Prep v231: Move elogind specific code in login/loginctl.c to login/eloginctl.c

3 years agoPrep v231: Reorganize elogind specific code in login/logind-action.c
Sven Eden [Wed, 14 Jun 2017 15:23:00 +0000 (17:23 +0200)]
Prep v231: Reorganize elogind specific code in login/logind-action.c

- Move elogind specific code in login/logind-action.c to
- Remove login/logind-sleep.*
- Add src/sleep from upstream
- Integrate the systemd-sleep utility, so future fixes and updates
  will be easier to spot and to apply.

3 years agoPrep v231: Move elogind specific code in login/logind.c to login/elogind.c
Sven Eden [Wed, 14 Jun 2017 15:39:24 +0000 (17:39 +0200)]
Prep v231: Move elogind specific code in login/logind.c to login/elogind.c

3 years agoPrep v231: Move can_sleep() back to src/shared/sleep-config.c
Sven Eden [Wed, 14 Jun 2017 15:37:58 +0000 (17:37 +0200)]
Prep v231: Move can_sleep() back to src/shared/sleep-config.c

3 years agoPrep v231: Update build root files to upstream
Sven Eden [Mon, 12 Jun 2017 14:29:59 +0000 (16:29 +0200)]
Prep v231: Update build root files to upstream

3 years agoPrep v231: Minor fix for update-utmp
Sven Eden [Wed, 14 Jun 2017 15:21:19 +0000 (17:21 +0200)]
Prep v231: Minor fix for update-utmp

3 years agoPrep v231: Apply missing fixes from upstream (6/6) src/systemd
Sven Eden [Wed, 14 Jun 2017 15:44:53 +0000 (17:44 +0200)]
Prep v231: Apply missing fixes from upstream (6/6) src/systemd

3 years agoPrep v231: Apply missing fixes from upstream (5/6) src/shared
Sven Eden [Wed, 14 Jun 2017 15:44:53 +0000 (17:44 +0200)]
Prep v231: Apply missing fixes from upstream (5/6) src/shared

3 years agoPrep v231: Apply missing fixes from upstream (4/6) src/login
Sven Eden [Wed, 14 Jun 2017 15:44:53 +0000 (17:44 +0200)]
Prep v231: Apply missing fixes from upstream (4/6) src/login

3 years agoPrep v231: Apply missing fixes from upstream (3/6) src/libelogind
Sven Eden [Wed, 14 Jun 2017 15:44:53 +0000 (17:44 +0200)]
Prep v231: Apply missing fixes from upstream (3/6) src/libelogind

3 years agoPrep v231: Apply missing fixes from upstream (2/6) src/core
Sven Eden [Wed, 14 Jun 2017 15:44:53 +0000 (17:44 +0200)]
Prep v231: Apply missing fixes from upstream (2/6) src/core

3 years agoPrep v231: Apply missing fixes from upstream (1/6) src/basic
Sven Eden [Wed, 14 Jun 2017 15:44:53 +0000 (17:44 +0200)]
Prep v231: Apply missing fixes from upstream (1/6) src/basic

3 years agoPrep v231: Cleaned up tree
Sven Eden [Mon, 12 Jun 2017 14:47:37 +0000 (16:47 +0200)]
Prep v231: Cleaned up tree

3 years agofileio: imply /tmp as directory if passed as NULL to open_tmpfile_unlinkable()
Lennart Poettering [Mon, 25 Jul 2016 18:35:04 +0000 (20:35 +0200)]
fileio: imply /tmp as directory if passed as NULL to open_tmpfile_unlinkable()

We can make this smarter one day, to honour $TMPDIR and friends, but for now,
let's just use /tmp.

3 years agonamespace: don't fail on masked mounts (#3794)
Alban Crequy [Mon, 25 Jul 2016 13:39:46 +0000 (15:39 +0200)]
namespace: don't fail on masked mounts (#3794)

Before this patch, a service file with ReadWriteDirectories=/file...
could fail if the file exists but is not a mountpoint, despite being
listed in /proc/self/mountinfo. It could happen with masked mounts.


3 years agoUse "return log_error_errno" in more places"
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 00:27:45 +0000 (20:27 -0400)]
Use "return log_error_errno" in more places"

3 years agocgroup: whitelist inaccessible devices for "auto" and "closed" DevicePolicy.
Alessandro Puccetti [Fri, 22 Jul 2016 10:00:49 +0000 (12:00 +0200)]
cgroup: whitelist inaccessible devices for "auto" and "closed" DevicePolicy. introduced
/run/elogind/inaccessible/{chr,blk} to map inacessible devices,
this patch allows elogind running inside a nspawn container to create

3 years agosd-id128: handle NULL return parameter in sd_id128_from_string() nicer
Lennart Poettering [Thu, 21 Jul 2016 18:23:51 +0000 (20:23 +0200)]
sd-id128: handle NULL return parameter in sd_id128_from_string() nicer

If the return parameter is NULL, simply validate the string, and return no

3 years agosd-id128: split UUID file read/write code into new id128-util.[ch]
Lennart Poettering [Thu, 21 Jul 2016 15:57:57 +0000 (17:57 +0200)]
sd-id128: split UUID file read/write code into new id128-util.[ch]

We currently have code to read and write files containing UUIDs at various
places. Unify this in id128-util.[ch], and move some other stuff there too.

The new files are located in src/libelogind/sd-id128/ (instead of src/shared/),
because they are actually the backend of sd_id128_get_machine() and

In follow-up patches we can use this reduce the code in nspawn and
machine-id-setup by adopted the common implementation.

3 years agotree-wide: use sd_id128_is_null() instead of sd_id128_equal where appropriate
Lennart Poettering [Thu, 21 Jul 2016 14:06:31 +0000 (16:06 +0200)]
tree-wide: use sd_id128_is_null() instead of sd_id128_equal where appropriate

It's a bit easier to read because shorter. Also, most likely a tiny bit faster.

3 years agomissing_syscall: add __NR_copy_file_range for powerpc architecture (#3772)
Alessio Igor Bogani [Thu, 21 Jul 2016 09:40:35 +0000 (11:40 +0200)]
missing_syscall: add __NR_copy_file_range for powerpc architecture (#3772)

3 years agocore: remove duplicate includes (#3771)
Thomas H. P. Andersen [Thu, 21 Jul 2016 08:52:07 +0000 (10:52 +0200)]
core: remove duplicate includes (#3771)

3 years agocgroup: suppress sending follow-up SIGCONT after sending SIGCONT/SIGKILL anyway
Lennart Poettering [Wed, 20 Jul 2016 09:16:53 +0000 (11:16 +0200)]
cgroup: suppress sending follow-up SIGCONT after sending SIGCONT/SIGKILL anyway

3 years agocore: when forcibly killing/aborting left-over unit processes log about it
Lennart Poettering [Wed, 20 Jul 2016 09:16:05 +0000 (11:16 +0200)]
core: when forcibly killing/aborting left-over unit processes log about it

Let's lot at LOG_NOTICE about any processes that we are going to
SIGKILL/SIGABRT because clean termination of them didn't work.

This turns the various boolean flag parameters to cg_kill(), cg_migrate() and
related calls into a single binary flags parameter, simply because the function
now gained even more parameters and the parameter listed shouldn't get too

Logging for killing processes is done either when the kill signal is SIGABRT or
SIGKILL, or on explicit request if KILL_TERMINATE_AND_LOG instead of LOG_TERMINATE
is passed. This isn't used yet in this patch, but is made use of in a later

3 years agoutil: don't send SIGCONT following a SIGCONT or SIGKILL in kill_and_sigcont()
Lennart Poettering [Wed, 20 Jul 2016 09:14:48 +0000 (11:14 +0200)]
util: don't send SIGCONT following a SIGCONT or SIGKILL in kill_and_sigcont()

3 years agologind: change TasksMax= value for user logins to 33%
Lennart Poettering [Tue, 19 Jul 2016 15:19:58 +0000 (17:19 +0200)]
logind: change TasksMax= value for user logins to 33%

Let's change from a fixed value of 12288 tasks per user to a relative value of
33%, which with the kernel's default of 32768 translates to 10813. This is a
slight decrease of the limit, for no other reason than "33%" sounding like a nice
round number that is close enough to 12288 (which would translate to 37.5%).
(Well, it also has the nice effect of still leaving a bit of room in the PID
space if there are 3 cooperating evil users that try to consume all PIDs...
Also, I like my bikesheds blue).

Since the new value is taken relative, and machined's TasksMax= setting
defaults to 16384, 33% inside of containers is usually equivalent to 5406,
which should still be ample space.

To summarize:

               | on the host | in the container
   old default |       12288 |            12288
   new default |       10813 |             5406

3 years agobasic: fix whitespace
Thomas Hindoe Paaboel Andersen [Mon, 18 Jul 2016 20:14:23 +0000 (22:14 +0200)]
basic: fix whitespace

3 years agotree-wide: get rid of selinux_context_t (#3732)
Zbigniew Jędrzejewski-Szmek [Fri, 15 Jul 2016 16:44:02 +0000 (12:44 -0400)]
tree-wide: get rid of selinux_context_t (#3732)
deprecated selinux_context_t. Replace with a simple char* everywhere.

Alternative fix for #3719.

3 years agoconf-parser: minor coding style improvements
Lennart Poettering [Thu, 14 Jul 2016 10:24:59 +0000 (12:24 +0200)]
conf-parser: minor coding style improvements

3 years agobasic/mount-util: recognize ocfs2 as network fs (#3713)
Valentin Vidić [Thu, 14 Jul 2016 05:34:36 +0000 (07:34 +0200)]
basic/mount-util: recognize ocfs2 as network fs (#3713)

3 years agoVarious fixes for typos found by lintian (#3705)
Michael Biebl [Tue, 12 Jul 2016 10:52:11 +0000 (12:52 +0200)]
Various fixes for typos found by lintian (#3705)

3 years agotreewide: fix typos and remove accidental repetition of words
Torstein Husebø [Sun, 10 Jul 2016 12:48:23 +0000 (14:48 +0200)]
treewide: fix typos and remove accidental repetition of words

3 years agobasic: log: Increase static buffer for source file location (#3674)
Daniel Mack [Thu, 7 Jul 2016 04:30:34 +0000 (06:30 +0200)]
basic: log: Increase static buffer for source file location (#3674)

Commit d054f0a4 ("tree-wide: use xsprintf() where applicable") used a
semantic patch approach to change a number of locations from

  snprintf(buf, sizeof(buf), FMT, ...)


  xsprintf(buf, FMT, ...)

The problem is that xsprintf() wraps the snprintf() in an
assert_message_se(), so if snprintf() reports an overflow of the
destination buffer, the binary will now terminate.

This hit a user running a version of elogind that was built from a
deeply nested system path.

Fix this by

a) Switching back to snprintf() for this particular case. We should really
rather truncate the location string than crash in such situations.

b) Increasing the size of that static string buffer, to make the event more

3 years agonamespace: unify limit behavior on non-directory paths
Alessandro Puccetti [Wed, 6 Jul 2016 07:48:58 +0000 (09:48 +0200)]
namespace: unify limit behavior on non-directory paths

Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/elogind/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.

Based on Luca's patch from