nspawn: create empty /etc/resolv.conf if necessary
nspawn will overmount resolv.conf if it exists. Since e.g.
default install with yum doesn't create /etc/resolv.conf,
a container created with yum will not have network. This
seems undesirable, and since we overmount the file anyway,
let's create it too.
Also, mounting a read-write /etc/resolv.conf in the container
is treated as a failure, since it makes it possible to
modify hosts /etc/resolv.conf from inside the container.
systemd-logind: Fix linking by reordering libraries in LDADD
libsystemd-audit needs functions from libsystemd-shared, so
libsystemd-audit needs to appear first. Otherwise:
CCLD systemd-logind
./.libs/libsystemd-audit.a(audit.o): In function `audit_session_from_pid':
/home/josh/src/systemd/src/shared/audit.c:50: undefined reference to `detect_container'
buildsys: Add --disable-tests to avoid building tests
This patch adds --disable-tests to configure. It is based on a patch
posted by Thierry Reding in 2010. The motivation for adding it is that
some tests fail link-time when cross-compiling.
The patch adds a new Makefile variable -- manual_tests -- and uses
that instead of noinst_PROGRAMS. However, if ENABLE_TESTS is true,
the former is added to the latter. It also renames noinst_tests to
simply tests.
Harald Hoyer [Thu, 18 Apr 2013 08:15:25 +0000 (10:15 +0200)]
fileio.c: do not parse comments after non-whitespace chars
systemd does not want to understand comments after the first
non-whitespace char occured.
key=foo #comment will result into key == "foo #comment"
key="foo" #comment will result into key == "foo#comment"
"key= #comment" will result into key == "#comment"
"key #comment" is an invalid line
Harald Hoyer [Thu, 18 Apr 2013 05:34:25 +0000 (07:34 +0200)]
Add ugly CMP_F_TYPE() macro
On some architectures (like s390x) the kernel has the type int for
f_type, but long in userspace.
Assigning the 32 bit magic constants from linux/magic.h to the 31 bit
signed f_type in the kernel, causes f_type to be negative for some
constants.
glibc extends the int to long for those architecures in 64 bit mode, so
the negative int becomes a negative long, which cannot be simply
compared to the original magic constant, because the compiler would
automatically cast the constant to long.
To workaround this issue, we also compare to the (int)MAGIC value in a
macro. Of course, we could do #ifdef with the architecure, but it has to
be maintained, and the magic constants are 32 bit anyway.
Someday, when the int is unsigned or long for all architectures, we can
remove this macro again. Until then, keep it as simple as it can be.
bus: replace aligned_alloc() with memalign() everywhere
aligned_alloc() is C11 and not available everywhere. Also it would
require us to align the size value. So let's just invoke memalign()
instead, which is universally available and doesn't have any alignment
restrictions on the size parameter.
ExecContext isn't used in this header file, and everything seems to
build just fine without this typedef. The typedef doesn't really belong
here, and at least my gcc-4.4.6 gives an error on type redefined.
Harald Hoyer [Thu, 11 Apr 2013 13:27:55 +0000 (15:27 +0200)]
journal: add one more level on top with AND
When using "-p" and "-b" in combination with "-u", the output is not
what you would expect. The reason is the sd_journal_add_disjunction()
call in add_matches_for_unit() and add_matches_for_user_unit(), which
adds two ORs without taking the other conditions to every OR.
Adding another level on top with AND and sd_journal_add_conjunction()
solves the problem.
-- Reboot --
[ 3.216305] lenovo systemd[1]: Starting OpenSSH server daemon...
-- Reboot --
[ 3.168666] lenovo systemd[1]: Starting OpenSSH server daemon...
[ 3.169639] lenovo systemd[1]: Started OpenSSH server daemon.
[36285.635389] lenovo systemd[1]: Stopped OpenSSH server daemon.
-- Reboot --
[ 10.838657] lenovo systemd[1]: Starting OpenSSH server daemon...
[ 10.913698] lenovo systemd[1]: Started OpenSSH server daemon.
[ 6881.035183] lenovo systemd[1]: Stopped OpenSSH server daemon.
-- Reboot --
[ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon...
[ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon.
[ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22.
[ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
As we see, the output is from _every_ boot and priority 0 is not taken
into account.
Output after patch:
$ journalctl -o short-monotonic -ab -p 0 -u sshd.service
-- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:58:21 CET. --
Increasing the priority:
$ journalctl -o short-monotonic -ab -p 6 -u sshd.service
-- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:59:12 CET. --
[ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon...
[ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon.
[ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22.
[ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
Martin Jansa [Tue, 16 Apr 2013 12:26:30 +0000 (14:26 +0200)]
configure: use AC_CHECK_TOOL for objcopy, strings and gperf
* using AC_PATH_TOOL does not allow to override it from shell environment
which is useful when cross-compiling
* with external toolchain I have different HOST_PREFIX and HOST_SYS
AC_PATH_TOOL is using HOST_SYS as prefix and fails to find objcopy
which is available only as ${TARGET_PREFIX}-objcopy then it tries
objcopy without prefix which is found on host, but that objcopy
does not work for !host (e.g. arm when building on x86) libs
journalctl: show fields requested with --field in full
I see little point in silently truncating fields when
they are explictly requested. With this change e.g.
journalctl -b MESSAGE_ID=9f26aa562cf440c2b16c773d0479b518 --field=BOOTCHART
works as expected.
Apparently nsenter doesn't handle options concatenated together.
I'm pretty sure it worked at one point, but it seems like magic,
since each of those options can take arguments.
The information about the unit for which files are being parsed
is passed all the way down. This way messages land in the journal
with proper UNIT=... or USER_UNIT=... attribution.
'systemctl status' and 'journalctl -u' not displaying those messages
has been a source of confusion for users, since the journal entry for
a misspelt setting was often logged quite a bit earlier than the
failure to start a unit.
conf-parser: generate 7 parsing functions from a macro
Those functions were identical, apart from typos. Log message
is modified to contain the type of destination var (int, double,
...). I think this might make it easier to understand why a value
was rejected (e.g. a minus from an unsigned type).
Steven Hiscocks [Sun, 14 Apr 2013 19:55:08 +0000 (20:55 +0100)]
python-systemd: Reader return special fields and _Reader changes
Changes to _Reader make it match closer to C API, by removing `get_next`
and `get_previous`. A `get_all` method added, which returns dictionary
of fields using C API SD_JOURNAL_FOREACH_DATA macro, which can be used
in conjunction with `next`.
_Reader `get`, `next`, `get_{realtime,monotonic,cursor}` and new
`previous` methods are made private. This is so the traversal and
getting of journal fields can be made transparent in the python
interface.
Reader now solely implements `get_next` and `get_previous`, returning a
standard dictionary (future: other mapping types?) with all standard and
special fields through the converters. This makes the output the same as
journalctl json/export format output.
Iterator methods also moved to Reader, as they do not function as intend
with changes to _Reader.
These changes also mean that more optimised journal interfaces can be
made more easily from _Reader, by avoiding getting of unrequired fields
by using the `_get` method, and avoiding field conversions.
systemd-python: export new sd_journal_{process,get_events,get_timeout}
get_timeout_ms is added as a convenience function, since
it is abysmally hard to call clock_gettime() in Python
versions lower than 3.3. And even for Python 3.3 users
it saves a few lines.
There's now a generic _cleanup_ macro with an argument. The macros for
specific types are now defined using this macro, and in the header files
where they belong.
nspawn: introduce the new /machine/ tree in the cgroup tree and move containers there
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
Kay Sievers [Mon, 15 Apr 2013 21:39:42 +0000 (23:39 +0200)]
bus: fix missing macro argument renaming
<fdo-vcs> systemd kay master * b1454bf src/libsystemd-bus/ bus-kernel.c kdbus.h
<fdo-vcs> systemd bus: catch up with kernel changes
<kmacleod> kay: randomly looked at your commit, it looks like in KDBUS_FOREACH_ITEM
you missed changing a (d) to an (i) in (uint8_t*) (d) < (uint8_t*) (k) + (k)->size; ?
<kay> kmacleod: hah, so there *is* a reason for using _foo in macros :)
<kay> kmacleod: thanks!
audit: since nspawn now sets CAP_AUDIT_CONTROL for containers we cannot user this anymore to skip audit session ID retrieval
As audit is still broken in containers we need a reliable way how we can
determine whether the audit data we read from 7proc is actually useful.
Previously we used CAP_AUDIT_CONTROL for this, since nspawn removed that
from the nspawn container. This has changed a while back however, which
means we used audit data of host system in the container.
This adds an explicit container check to the audit calls, so that all
audit data is turned off in containers.
This should fix session creation with pam_systemd/logind in nspawn containers.
core: always create /user and /machine top-level cgroup dirs
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
b8a2b0f76 'use initalization instead of explicit zeroing'
introduced a bug where only the first sizeof(uint_t*) bytes
would be zeroed out, instead of the whole array.