Compare commits
1 Commits
238fa779a3
...
134217fd29
| Author | SHA1 | Date |
|---|---|---|
Sjoerd Simons
|
134217fd29 |
7
TODO
7
TODO
|
|
@ -128,13 +128,6 @@ Deprecations and removals:
|
|||
|
||||
Features:
|
||||
|
||||
* loginctl: show argv[] of "leader" process in tabular list-sessions output
|
||||
|
||||
* loginctl: show "service identifier" in tabular list-sessions output, to make
|
||||
run0 sessions easily visible.
|
||||
|
||||
* run0: maybe enable utmp for run0 sessions, so that they are easily visible.
|
||||
|
||||
* maybe replace nss-machines with logic in networkd that registers records with
|
||||
systemd-resolved, based on DHCP leases, so that we gain compat with VMs.
|
||||
Implementation idea: encode in an ifaltname the intended local name to expose this
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ compiler you want to use and which part of the test suite you want to run.
|
|||
To build with sanitizers in mkosi, create a file `mkosi/mkosi.local.conf` and add the following contents:
|
||||
|
||||
```
|
||||
[Build]
|
||||
[Content]
|
||||
Environment=SANITIZERS=address,undefined
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -398,12 +398,10 @@
|
|||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--variables=yes|no</option></term>
|
||||
<listitem><para>Controls whether to touch the firmware's boot loader list stored in EFI variables,
|
||||
and other EFI variables. If not specified defaults to no when execution in a container runtime is
|
||||
detected, yes otherwise.</para>
|
||||
<term><option>--no-variables</option></term>
|
||||
<listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v258"/></listitem>
|
||||
<xi:include href="version-info.xml" xpointer="v220"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -477,6 +477,8 @@ node /org/freedesktop/systemd1 {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly b DefaultCPUAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly b DefaultBlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly b DefaultIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly b DefaultIPAccounting = ...;
|
||||
|
|
@ -717,6 +719,8 @@ node /org/freedesktop/systemd1 {
|
|||
|
||||
<!--property DefaultCPUAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultBlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultIOAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultIPAccounting is not documented!-->
|
||||
|
|
@ -1163,6 +1167,8 @@ node /org/freedesktop/systemd1 {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultCPUAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultBlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultIPAccounting"/>
|
||||
|
|
@ -2900,6 +2906,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPerSecUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPeriodUSec = ...;
|
||||
|
|
@ -2930,6 +2940,18 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) IODeviceLatencyTargetUSec = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b BlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t BlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupBlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIODeviceWeight = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOReadBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOWriteBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t DefaultMemoryLow = ...;
|
||||
|
|
@ -2962,6 +2984,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryZSwapWriteback = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t MemoryLimit = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DevicePolicy = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(ss) DeviceAllow = [...];
|
||||
|
|
@ -3541,6 +3565,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
|
||||
<!--property StartupCPUWeight is not documented!-->
|
||||
|
||||
<!--property CPUShares is not documented!-->
|
||||
|
||||
<!--property StartupCPUShares is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPerSecUSec is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPeriodUSec is not documented!-->
|
||||
|
|
@ -3571,6 +3599,18 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
|
||||
<!--property IODeviceLatencyTargetUSec is not documented!-->
|
||||
|
||||
<!--property BlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property BlockIOWeight is not documented!-->
|
||||
|
||||
<!--property StartupBlockIOWeight is not documented!-->
|
||||
|
||||
<!--property BlockIODeviceWeight is not documented!-->
|
||||
|
||||
<!--property BlockIOReadBandwidth is not documented!-->
|
||||
|
||||
<!--property BlockIOWriteBandwidth is not documented!-->
|
||||
|
||||
<!--property MemoryAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultMemoryLow is not documented!-->
|
||||
|
|
@ -3603,6 +3643,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
|
||||
<!--property MemoryZSwapWriteback is not documented!-->
|
||||
|
||||
<!--property MemoryLimit is not documented!-->
|
||||
|
||||
<!--property DevicePolicy is not documented!-->
|
||||
|
||||
<!--property DeviceAllow is not documented!-->
|
||||
|
|
@ -4195,6 +4237,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
|
||||
|
|
@ -4225,6 +4271,18 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
|
||||
|
|
@ -4257,6 +4315,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
|
||||
|
|
@ -5053,6 +5113,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPerSecUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPeriodUSec = ...;
|
||||
|
|
@ -5083,6 +5147,18 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) IODeviceLatencyTargetUSec = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b BlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t BlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupBlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIODeviceWeight = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOReadBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOWriteBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t DefaultMemoryLow = ...;
|
||||
|
|
@ -5115,6 +5191,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryZSwapWriteback = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t MemoryLimit = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DevicePolicy = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(ss) DeviceAllow = [...];
|
||||
|
|
@ -5706,6 +5784,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<!--property StartupCPUWeight is not documented!-->
|
||||
|
||||
<!--property CPUShares is not documented!-->
|
||||
|
||||
<!--property StartupCPUShares is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPerSecUSec is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPeriodUSec is not documented!-->
|
||||
|
|
@ -5736,6 +5818,18 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<!--property IODeviceLatencyTargetUSec is not documented!-->
|
||||
|
||||
<!--property BlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property BlockIOWeight is not documented!-->
|
||||
|
||||
<!--property StartupBlockIOWeight is not documented!-->
|
||||
|
||||
<!--property BlockIODeviceWeight is not documented!-->
|
||||
|
||||
<!--property BlockIOReadBandwidth is not documented!-->
|
||||
|
||||
<!--property BlockIOWriteBandwidth is not documented!-->
|
||||
|
||||
<!--property MemoryAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultMemoryLow is not documented!-->
|
||||
|
|
@ -5768,6 +5862,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<!--property MemoryZSwapWriteback is not documented!-->
|
||||
|
||||
<!--property MemoryLimit is not documented!-->
|
||||
|
||||
<!--property DevicePolicy is not documented!-->
|
||||
|
||||
<!--property DeviceAllow is not documented!-->
|
||||
|
|
@ -6332,6 +6428,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
|
||||
|
|
@ -6362,6 +6462,18 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
|
||||
|
|
@ -6394,6 +6506,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
|
||||
|
|
@ -7022,6 +7136,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPerSecUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPeriodUSec = ...;
|
||||
|
|
@ -7052,6 +7170,18 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) IODeviceLatencyTargetUSec = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b BlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t BlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupBlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIODeviceWeight = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOReadBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOWriteBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t DefaultMemoryLow = ...;
|
||||
|
|
@ -7084,6 +7214,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryZSwapWriteback = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t MemoryLimit = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DevicePolicy = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(ss) DeviceAllow = [...];
|
||||
|
|
@ -7605,6 +7737,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
|
||||
<!--property StartupCPUWeight is not documented!-->
|
||||
|
||||
<!--property CPUShares is not documented!-->
|
||||
|
||||
<!--property StartupCPUShares is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPerSecUSec is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPeriodUSec is not documented!-->
|
||||
|
|
@ -7635,6 +7771,18 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
|
||||
<!--property IODeviceLatencyTargetUSec is not documented!-->
|
||||
|
||||
<!--property BlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property BlockIOWeight is not documented!-->
|
||||
|
||||
<!--property StartupBlockIOWeight is not documented!-->
|
||||
|
||||
<!--property BlockIODeviceWeight is not documented!-->
|
||||
|
||||
<!--property BlockIOReadBandwidth is not documented!-->
|
||||
|
||||
<!--property BlockIOWriteBandwidth is not documented!-->
|
||||
|
||||
<!--property MemoryAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultMemoryLow is not documented!-->
|
||||
|
|
@ -7667,6 +7815,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
|
||||
<!--property MemoryZSwapWriteback is not documented!-->
|
||||
|
||||
<!--property MemoryLimit is not documented!-->
|
||||
|
||||
<!--property DevicePolicy is not documented!-->
|
||||
|
||||
<!--property DeviceAllow is not documented!-->
|
||||
|
|
@ -8147,6 +8297,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
|
||||
|
|
@ -8177,6 +8331,18 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
|
||||
|
|
@ -8209,6 +8375,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
|
||||
|
|
@ -8964,6 +9132,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPerSecUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPeriodUSec = ...;
|
||||
|
|
@ -8994,6 +9166,18 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) IODeviceLatencyTargetUSec = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b BlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t BlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupBlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIODeviceWeight = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOReadBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOWriteBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t DefaultMemoryLow = ...;
|
||||
|
|
@ -9026,6 +9210,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryZSwapWriteback = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t MemoryLimit = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DevicePolicy = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(ss) DeviceAllow = [...];
|
||||
|
|
@ -9529,6 +9715,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
|
||||
<!--property StartupCPUWeight is not documented!-->
|
||||
|
||||
<!--property CPUShares is not documented!-->
|
||||
|
||||
<!--property StartupCPUShares is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPerSecUSec is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPeriodUSec is not documented!-->
|
||||
|
|
@ -9559,6 +9749,18 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
|
||||
<!--property IODeviceLatencyTargetUSec is not documented!-->
|
||||
|
||||
<!--property BlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property BlockIOWeight is not documented!-->
|
||||
|
||||
<!--property StartupBlockIOWeight is not documented!-->
|
||||
|
||||
<!--property BlockIODeviceWeight is not documented!-->
|
||||
|
||||
<!--property BlockIOReadBandwidth is not documented!-->
|
||||
|
||||
<!--property BlockIOWriteBandwidth is not documented!-->
|
||||
|
||||
<!--property MemoryAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultMemoryLow is not documented!-->
|
||||
|
|
@ -9591,6 +9793,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
|
||||
<!--property MemoryZSwapWriteback is not documented!-->
|
||||
|
||||
<!--property MemoryLimit is not documented!-->
|
||||
|
||||
<!--property DevicePolicy is not documented!-->
|
||||
|
||||
<!--property DeviceAllow is not documented!-->
|
||||
|
|
@ -10053,6 +10257,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
|
||||
|
|
@ -10083,6 +10291,18 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
|
||||
|
|
@ -10115,6 +10335,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
|
||||
|
|
@ -10723,6 +10945,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPerSecUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPeriodUSec = ...;
|
||||
|
|
@ -10753,6 +10979,18 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) IODeviceLatencyTargetUSec = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b BlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t BlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupBlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIODeviceWeight = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOReadBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOWriteBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t DefaultMemoryLow = ...;
|
||||
|
|
@ -10785,6 +11023,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryZSwapWriteback = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t MemoryLimit = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DevicePolicy = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(ss) DeviceAllow = [...];
|
||||
|
|
@ -10898,6 +11138,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
|
||||
<!--property StartupCPUWeight is not documented!-->
|
||||
|
||||
<!--property CPUShares is not documented!-->
|
||||
|
||||
<!--property StartupCPUShares is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPerSecUSec is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPeriodUSec is not documented!-->
|
||||
|
|
@ -10928,6 +11172,18 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
|
||||
<!--property IODeviceLatencyTargetUSec is not documented!-->
|
||||
|
||||
<!--property BlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property BlockIOWeight is not documented!-->
|
||||
|
||||
<!--property StartupBlockIOWeight is not documented!-->
|
||||
|
||||
<!--property BlockIODeviceWeight is not documented!-->
|
||||
|
||||
<!--property BlockIOReadBandwidth is not documented!-->
|
||||
|
||||
<!--property BlockIOWriteBandwidth is not documented!-->
|
||||
|
||||
<!--property MemoryAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultMemoryLow is not documented!-->
|
||||
|
|
@ -10960,6 +11216,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
|
||||
<!--property MemoryZSwapWriteback is not documented!-->
|
||||
|
||||
<!--property MemoryLimit is not documented!-->
|
||||
|
||||
<!--property DevicePolicy is not documented!-->
|
||||
|
||||
<!--property DeviceAllow is not documented!-->
|
||||
|
|
@ -11080,6 +11338,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
|
||||
|
|
@ -11110,6 +11372,18 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
|
||||
|
|
@ -11142,6 +11416,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
|
||||
|
|
@ -11293,6 +11569,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupCPUShares = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPerSecUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t CPUQuotaPeriodUSec = ...;
|
||||
|
|
@ -11323,6 +11603,18 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) IODeviceLatencyTargetUSec = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b BlockIOAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t BlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t StartupBlockIOWeight = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIODeviceWeight = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOReadBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(st) BlockIOWriteBandwidth = [...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryAccounting = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t DefaultMemoryLow = ...;
|
||||
|
|
@ -11355,6 +11647,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly b MemoryZSwapWriteback = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly t MemoryLimit = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DevicePolicy = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly a(ss) DeviceAllow = [...];
|
||||
|
|
@ -11488,6 +11782,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
|
||||
<!--property StartupCPUWeight is not documented!-->
|
||||
|
||||
<!--property CPUShares is not documented!-->
|
||||
|
||||
<!--property StartupCPUShares is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPerSecUSec is not documented!-->
|
||||
|
||||
<!--property CPUQuotaPeriodUSec is not documented!-->
|
||||
|
|
@ -11518,6 +11816,18 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
|
||||
<!--property IODeviceLatencyTargetUSec is not documented!-->
|
||||
|
||||
<!--property BlockIOAccounting is not documented!-->
|
||||
|
||||
<!--property BlockIOWeight is not documented!-->
|
||||
|
||||
<!--property StartupBlockIOWeight is not documented!-->
|
||||
|
||||
<!--property BlockIODeviceWeight is not documented!-->
|
||||
|
||||
<!--property BlockIOReadBandwidth is not documented!-->
|
||||
|
||||
<!--property BlockIOWriteBandwidth is not documented!-->
|
||||
|
||||
<!--property MemoryAccounting is not documented!-->
|
||||
|
||||
<!--property DefaultMemoryLow is not documented!-->
|
||||
|
|
@ -11550,6 +11860,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
|
||||
<!--property MemoryZSwapWriteback is not documented!-->
|
||||
|
||||
<!--property MemoryLimit is not documented!-->
|
||||
|
||||
<!--property DevicePolicy is not documented!-->
|
||||
|
||||
<!--property DeviceAllow is not documented!-->
|
||||
|
|
@ -11700,6 +12012,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
|
||||
|
|
@ -11730,6 +12046,18 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
|
||||
|
|
@ -11762,6 +12090,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
|
||||
|
|
|
|||
|
|
@ -1738,10 +1738,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
|||
<term><varname>FirewallMark=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the iptables firewall mark value to match (a number in the range
|
||||
0…4294967295). Optionally, the firewall mask (also a number between 0…4294967295) can be
|
||||
suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>. When the
|
||||
mark value is non-zero and no mask is explicitly specified, all bits of the mark are
|
||||
compared. </para>
|
||||
1…4294967295). Optionally, the firewall mask (also a number between 1…4294967295) can be
|
||||
suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v235"/>
|
||||
</listitem>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=arch
|
||||
|
||||
[Content]
|
||||
PrepareScripts=systemd.prepare
|
||||
VolatilePackages=
|
||||
systemd
|
||||
systemd-libs
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ for PACKAGE in "${PACKAGES[@]}"; do
|
|||
sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
|
||||
)"
|
||||
|
||||
if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
|
||||
DEPS="$DEPS $(
|
||||
pacman --sync --info "$PACKAGE" |
|
||||
sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
|
||||
|
|
@ -26,7 +25,6 @@ for PACKAGE in "${PACKAGES[@]}"; do
|
|||
sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
|
||||
tr '\n' ' ' # Transform newlines to whitespace.
|
||||
)"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "$DEPS" |
|
||||
|
|
@ -5,7 +5,6 @@ Distribution=|centos
|
|||
Distribution=|fedora
|
||||
|
||||
[Content]
|
||||
PrepareScripts=systemd.prepare
|
||||
VolatilePackages=
|
||||
systemd
|
||||
systemd-boot
|
||||
|
|
|
|||
|
|
@ -8,12 +8,7 @@ fi
|
|||
|
||||
mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
|
||||
|
||||
DEP_TYPES=(--requires)
|
||||
if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
|
||||
DEP_TYPES+=(--recommends --suggests)
|
||||
fi
|
||||
|
||||
for DEPS in "${DEP_TYPES[@]}"; do
|
||||
for DEPS in --requires --recommends --suggests; do
|
||||
# We need --latest-limit=1 to only consider the newest version of the packages.
|
||||
# --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
|
||||
# are not considered on x86-64.
|
||||
|
|
@ -5,7 +5,6 @@ Distribution=|debian
|
|||
Distribution=|ubuntu
|
||||
|
||||
[Content]
|
||||
PrepareScripts=systemd.prepare
|
||||
VolatilePackages=
|
||||
libnss-myhostname
|
||||
libnss-mymachines
|
||||
|
|
|
|||
|
|
@ -22,14 +22,9 @@ for PACKAGE in "${PACKAGES[@]}"; do
|
|||
# Get all the dependencies of the systemd packages including recommended and suggested dependencies.
|
||||
PATTERNS+=(
|
||||
"?and(?reverse-depends(?exact-name($PACKAGE)), $COMMON)"
|
||||
)
|
||||
|
||||
if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
|
||||
PATTERNS+=(
|
||||
"?and(?reverse-recommends(?exact-name($PACKAGE)), $COMMON)"
|
||||
"?and(?reverse-suggests(?exact-name($PACKAGE)), $COMMON)"
|
||||
)
|
||||
fi
|
||||
done
|
||||
|
||||
mkosi-install "${PATTERNS[@]}"
|
||||
|
|
@ -11,7 +11,6 @@ Repositories=non-oss
|
|||
SandboxTrees=macros.db_backend:/etc/rpm/macros.db_backend
|
||||
|
||||
[Content]
|
||||
PrepareScripts=systemd.prepare
|
||||
VolatilePackages=
|
||||
libsystemd0
|
||||
libudev1
|
||||
|
|
|
|||
|
|
@ -9,15 +9,11 @@ fi
|
|||
mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
|
||||
|
||||
DEPS=""
|
||||
DEP_TYPES=(--requires)
|
||||
if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
|
||||
DEP_TYPES+=(--recommends --suggests)
|
||||
fi
|
||||
|
||||
for PACKAGE in "${PACKAGES[@]}"; do
|
||||
# zypper's output is not machine readable so we make do with sed instead.
|
||||
DEPS="$DEPS\n$(
|
||||
zypper info "${DEP_TYPES[@]}" "$PACKAGE" |
|
||||
zypper info --requires --recommends --suggests "$PACKAGE" |
|
||||
sed '/Requires/,$!d' | # Remove everything before Requires line
|
||||
sed --quiet 's/^ //p' # All indented lines have dependencies
|
||||
)"
|
||||
|
|
@ -3,9 +3,6 @@
|
|||
[Output]
|
||||
Format=directory
|
||||
|
||||
[Build]
|
||||
Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
|
||||
|
||||
[Content]
|
||||
Bootable=no
|
||||
Locale=C.UTF-8
|
||||
|
|
@ -14,7 +11,6 @@ CleanPackageMetadata=yes
|
|||
MakeInitrd=yes
|
||||
|
||||
Packages=
|
||||
coreutils
|
||||
bash
|
||||
|
||||
[Include]
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=arch
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
|
||||
VolatilePackages=
|
||||
systemd
|
||||
systemd-libs
|
||||
|
|
|
|||
|
|
@ -5,6 +5,5 @@ Distribution=|centos
|
|||
Distribution=|fedora
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
|
||||
VolatilePackages=
|
||||
systemd-standalone-shutdown
|
||||
|
|
|
|||
|
|
@ -4,6 +4,5 @@
|
|||
Distribution=debian
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
|
||||
VolatilePackages=
|
||||
systemd-standalone-shutdown
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=opensuse
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
|
||||
Packages=
|
||||
diffutils
|
||||
grep
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=ubuntu
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
|
||||
VolatilePackages=
|
||||
libsystemd-shared
|
||||
libsystemd0
|
||||
|
|
|
|||
|
|
@ -6,14 +6,10 @@ Include=
|
|||
%D/mkosi/mkosi.sanitizers
|
||||
%D/mkosi/mkosi.coverage
|
||||
|
||||
[Build]
|
||||
Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
|
||||
|
||||
[Content]
|
||||
ExtraTrees=%D/mkosi/mkosi.extra.common
|
||||
|
||||
Packages=
|
||||
coreutils
|
||||
findutils
|
||||
grep
|
||||
sed
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=arch
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
|
||||
Packages=
|
||||
btrfs-progs
|
||||
tpm2-tools
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ Distribution=|centos
|
|||
Distribution=|fedora
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
|
||||
Packages=
|
||||
tpm2-tools
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ Distribution=|debian
|
|||
Distribution=|ubuntu
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
|
||||
Packages=
|
||||
btrfs-progs
|
||||
tpm2-tools
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=opensuse
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
|
||||
Packages=
|
||||
btrfs-progs
|
||||
kmod
|
||||
|
|
|
|||
|
|
@ -3,9 +3,6 @@
|
|||
[Output]
|
||||
Format=directory
|
||||
|
||||
[Build]
|
||||
Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
|
||||
|
||||
[Content]
|
||||
Bootable=no
|
||||
Locale=C.UTF-8
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=arch
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
|
||||
Packages=
|
||||
inetutils
|
||||
iproute
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ Distribution=|centos
|
|||
Distribution=|fedora
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
|
||||
Packages=
|
||||
hostname
|
||||
iproute
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ Distribution=|debian
|
|||
Distribution=|ubuntu
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
|
||||
Packages=
|
||||
hostname
|
||||
iproute2
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
Distribution=opensuse
|
||||
|
||||
[Content]
|
||||
PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
|
||||
Packages=
|
||||
diffutils
|
||||
grep
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
#include "nulstr-util.h"
|
||||
#include "path-util.h"
|
||||
#include "set.h"
|
||||
#include "sort-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
|
|
@ -121,22 +122,29 @@ static int files_add(
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int base_cmp(char * const *a, char * const *b) {
|
||||
assert(a);
|
||||
assert(b);
|
||||
return path_compare_filename(*a, *b);
|
||||
}
|
||||
|
||||
static int copy_and_sort_files_from_hashmap(Hashmap *fh, char ***ret) {
|
||||
_cleanup_free_ char **sv = NULL;
|
||||
char **files;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
r = hashmap_dump_sorted(fh, (void***) &sv, /* ret_n = */ NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
sv = hashmap_get_strv(fh);
|
||||
if (!sv)
|
||||
return -ENOMEM;
|
||||
|
||||
/* The entries in the array given by hashmap_dump_sorted() are still owned by the hashmap. */
|
||||
/* The entries in the array given by hashmap_get_strv() are still owned by the hashmap. */
|
||||
files = strv_copy(sv);
|
||||
if (!files)
|
||||
return -ENOMEM;
|
||||
|
||||
typesafe_qsort(files, strv_length(files), base_cmp);
|
||||
|
||||
*ret = files;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -229,7 +237,7 @@ int conf_files_insert(char ***strv, const char *root, char **dirs, const char *p
|
|||
for (i = 0; i < n; i++) {
|
||||
int c;
|
||||
|
||||
c = path_compare_filename((*strv)[i], path);
|
||||
c = base_cmp((char* const*) *strv + i, (char* const*) &path);
|
||||
if (c == 0)
|
||||
/* Oh, there already is an entry with a matching name (the last component). */
|
||||
STRV_FOREACH(dir, dirs) {
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ static ssize_t getxattr_pinned_internal(
|
|||
if (n < 0)
|
||||
return -errno;
|
||||
|
||||
assert(size == 0 || (size_t) n <= size);
|
||||
assert((size_t) n <= size);
|
||||
return n;
|
||||
}
|
||||
|
||||
|
|
@ -234,7 +234,7 @@ static int listxattr_pinned_internal(
|
|||
if (n < 0)
|
||||
return -errno;
|
||||
|
||||
assert(size == 0 || (size_t) n <= size);
|
||||
assert((size_t) n <= size);
|
||||
|
||||
if (n > INT_MAX) /* We couldn't return this as 'int' anymore */
|
||||
return -E2BIG;
|
||||
|
|
|
|||
|
|
@ -865,6 +865,17 @@ static int install_variables(
|
|||
uint16_t slot;
|
||||
int r;
|
||||
|
||||
if (arg_root) {
|
||||
log_info("Acting on %s, skipping EFI variable setup.",
|
||||
arg_image ? "image" : "root directory");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!is_efi_boot()) {
|
||||
log_warning("Not booted with EFI, skipping EFI variable setup.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = chase_and_access(path, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, F_OK, NULL);
|
||||
if (r == -ENOENT)
|
||||
return 0;
|
||||
|
|
@ -1064,7 +1075,7 @@ int verb_install(int argc, char *argv[], void *userdata) {
|
|||
|
||||
(void) sync_everything();
|
||||
|
||||
if (!touch_variables())
|
||||
if (!arg_touch_variables)
|
||||
return 0;
|
||||
|
||||
if (arg_arch_all) {
|
||||
|
|
@ -1195,6 +1206,9 @@ static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
|
|||
uint16_t slot;
|
||||
int r;
|
||||
|
||||
if (arg_root || !is_efi_boot())
|
||||
return 0;
|
||||
|
||||
r = find_slot(uuid, path, &slot);
|
||||
if (r != 1)
|
||||
return 0;
|
||||
|
|
@ -1313,7 +1327,7 @@ int verb_remove(int argc, char *argv[], void *userdata) {
|
|||
|
||||
(void) sync_everything();
|
||||
|
||||
if (!touch_variables())
|
||||
if (!arg_touch_variables)
|
||||
return r;
|
||||
|
||||
if (arg_arch_all) {
|
||||
|
|
|
|||
|
|
@ -58,9 +58,20 @@ static int set_system_token(void) {
|
|||
size_t token_size;
|
||||
int r;
|
||||
|
||||
if (!touch_variables())
|
||||
if (!arg_touch_variables)
|
||||
return 0;
|
||||
|
||||
if (arg_root) {
|
||||
log_warning("Acting on %s, skipping EFI variable setup.",
|
||||
arg_image ? "image" : "root directory");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!is_efi_boot()) {
|
||||
log_notice("Not booted with EFI, skipping EFI variable setup.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
|
||||
if (r < 0) {
|
||||
if (r != -ENXIO)
|
||||
|
|
|
|||
|
|
@ -105,20 +105,11 @@ static int parse_loader_entry_target_arg(const char *arg1, char16_t **ret_target
|
|||
int verb_set_efivar(int argc, char *argv[], void *userdata) {
|
||||
int r;
|
||||
|
||||
/* Note: changing EFI variables is the primary purpose of these verbs, hence unlike in the other
|
||||
* verbs that might touch EFI variables where we skip things gracefully, here we fail loudly if we
|
||||
* are not run on EFI or EFI variable modifications were turned off. */
|
||||
|
||||
if (arg_touch_variables < 0) {
|
||||
if (arg_root)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"Acting on %s, refusing EFI variable setup.",
|
||||
"Acting on %s, skipping EFI variable setup.",
|
||||
arg_image ? "image" : "root directory");
|
||||
|
||||
if (detect_container() > 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"'%s' operation not supported in a container.",
|
||||
argv[0]);
|
||||
if (!is_efi_boot())
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"Not booted with UEFI.");
|
||||
|
|
@ -132,9 +123,14 @@ int verb_set_efivar(int argc, char *argv[], void *userdata) {
|
|||
return log_error_errno(errno, "Failed to detect whether boot loader supports '%s' operation: %m", argv[0]);
|
||||
}
|
||||
|
||||
} else if (!arg_touch_variables)
|
||||
if (detect_container() > 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"'%s' operation not supported in a container.",
|
||||
argv[0]);
|
||||
|
||||
if (!arg_touch_variables)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"'%s' operation cannot be combined with --variables=no.",
|
||||
"'%s' operation cannot be combined with --no-variables.",
|
||||
argv[0]);
|
||||
|
||||
const char *variable;
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ bool arg_print_dollar_boot_path = false;
|
|||
bool arg_print_loader_path = false;
|
||||
bool arg_print_stub_path = false;
|
||||
unsigned arg_print_root_device = 0;
|
||||
int arg_touch_variables = -1;
|
||||
bool arg_touch_variables = true;
|
||||
bool arg_install_random_seed = true;
|
||||
PagerFlags arg_pager_flags = 0;
|
||||
bool arg_graceful = false;
|
||||
|
|
@ -213,29 +213,6 @@ static int print_loader_or_stub_path(void) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
bool touch_variables(void) {
|
||||
/* If we run in a container or on a non-EFI system, automatically turn off EFI file system access,
|
||||
* unless explicitly overriden. */
|
||||
|
||||
if (arg_touch_variables >= 0)
|
||||
return arg_touch_variables;
|
||||
|
||||
if (arg_root) {
|
||||
log_once(LOG_NOTICE,
|
||||
"Operating on %s, skipping EFI variable modifications.",
|
||||
arg_image ? "image" : "root directory");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!is_efi_boot()) { /* NB: this internally checks if we run in a container */
|
||||
log_once(LOG_NOTICE,
|
||||
"Not booted with EFI or running in a container, skipping EFI variable modifications.");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static int help(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_free_ char *link = NULL;
|
||||
int r;
|
||||
|
|
@ -294,8 +271,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||
" Specify disk image dissection policy\n"
|
||||
" --install-source=auto|image|host\n"
|
||||
" Where to pick files when using --root=/--image=\n"
|
||||
" --variables=yes|no\n"
|
||||
" Whether to modify EFI variables\n"
|
||||
" --no-variables Don't touch EFI variables\n"
|
||||
" --random-seed=yes|no\n"
|
||||
" Whether to create random-seed file during install\n"
|
||||
" --no-pager Do not pipe output into a pager\n"
|
||||
|
|
@ -351,7 +327,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
ARG_IMAGE_POLICY,
|
||||
ARG_INSTALL_SOURCE,
|
||||
ARG_VERSION,
|
||||
ARG_VARIABLES,
|
||||
ARG_NO_VARIABLES,
|
||||
ARG_RANDOM_SEED,
|
||||
ARG_NO_PAGER,
|
||||
|
|
@ -387,8 +362,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
{ "print-loader-path", no_argument, NULL, ARG_PRINT_LOADER_PATH },
|
||||
{ "print-stub-path", no_argument, NULL, ARG_PRINT_STUB_PATH },
|
||||
{ "print-root-device", no_argument, NULL, 'R' },
|
||||
{ "variables", required_argument, NULL, ARG_VARIABLES },
|
||||
{ "no-variables", no_argument, NULL, ARG_NO_VARIABLES }, /* Compability */
|
||||
{ "no-variables", no_argument, NULL, ARG_NO_VARIABLES },
|
||||
{ "random-seed", required_argument, NULL, ARG_RANDOM_SEED },
|
||||
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
|
||||
{ "graceful", no_argument, NULL, ARG_GRACEFUL },
|
||||
|
|
@ -486,12 +460,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
arg_print_root_device++;
|
||||
break;
|
||||
|
||||
case ARG_VARIABLES:
|
||||
r = parse_tristate_argument("--variables=", optarg, &arg_touch_variables);
|
||||
if (r < 0)
|
||||
return r;
|
||||
break;
|
||||
|
||||
case ARG_NO_VARIABLES:
|
||||
arg_touch_variables = false;
|
||||
break;
|
||||
|
|
@ -675,6 +643,10 @@ static int run(int argc, char *argv[]) {
|
|||
|
||||
log_setup();
|
||||
|
||||
/* If we run in a container, automatically turn off EFI file system access */
|
||||
if (detect_container() > 0)
|
||||
arg_touch_variables = false;
|
||||
|
||||
r = parse_argv(argc, argv);
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ extern char *arg_xbootldr_path;
|
|||
extern bool arg_print_esp_path;
|
||||
extern bool arg_print_dollar_boot_path;
|
||||
extern unsigned arg_print_root_device;
|
||||
extern int arg_touch_variables;
|
||||
extern bool arg_touch_variables;
|
||||
extern bool arg_install_random_seed;
|
||||
extern PagerFlags arg_pager_flags;
|
||||
extern bool arg_graceful;
|
||||
|
|
@ -54,5 +54,3 @@ static inline const char* arg_dollar_boot_path(void) {
|
|||
|
||||
int acquire_esp(int unprivileged_mode, bool graceful, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
|
||||
int acquire_xbootldr(int unprivileged_mode, sd_id128_t *ret_uuid, dev_t *ret_devid);
|
||||
|
||||
bool touch_variables(void);
|
||||
|
|
|
|||
|
|
@ -261,10 +261,11 @@ int bpf_devices_supported(void) {
|
|||
static int supported = -1;
|
||||
int r;
|
||||
|
||||
/* Checks whether BPF device controller is supported. For this, we check two things:
|
||||
/* Checks whether BPF device controller is supported. For this, we check five things:
|
||||
*
|
||||
* a) whether we are privileged
|
||||
* b) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
|
||||
* b) whether the unified hierarchy is being used
|
||||
* c) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
|
||||
*/
|
||||
|
||||
if (supported >= 0)
|
||||
|
|
@ -275,6 +276,14 @@ int bpf_devices_supported(void) {
|
|||
return supported = 0;
|
||||
}
|
||||
|
||||
r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m");
|
||||
if (r == 0) {
|
||||
log_debug("Not running with unified cgroups, BPF device control is not supported.");
|
||||
return supported = 0;
|
||||
}
|
||||
|
||||
r = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE, "sd_devices", &program);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Can't allocate CGROUP DEVICE BPF program, BPF device control is not supported: %m");
|
||||
|
|
@ -306,15 +315,38 @@ static int allow_list_device_pattern(
|
|||
|
||||
assert(IN_SET(type, 'b', 'c'));
|
||||
|
||||
if (cg_all_unified() > 0) {
|
||||
if (!prog)
|
||||
return 0;
|
||||
|
||||
if (major != UINT_MAX && minor != UINT_MAX)
|
||||
return bpf_prog_allow_list_device(prog, type, major, minor, p);
|
||||
if (major != UINT_MAX)
|
||||
else if (major != UINT_MAX)
|
||||
return bpf_prog_allow_list_major(prog, type, major, p);
|
||||
|
||||
else
|
||||
return bpf_prog_allow_list_class(prog, type, p);
|
||||
|
||||
} else {
|
||||
char buf[2+DECIMAL_STR_MAX(unsigned)*2+2+4];
|
||||
int r;
|
||||
|
||||
if (major != UINT_MAX && minor != UINT_MAX)
|
||||
xsprintf(buf, "%c %u:%u %s", type, major, minor, cgroup_device_permissions_to_string(p));
|
||||
else if (major != UINT_MAX)
|
||||
xsprintf(buf, "%c %u:* %s", type, major, cgroup_device_permissions_to_string(p));
|
||||
else
|
||||
xsprintf(buf, "%c *:* %s", type, cgroup_device_permissions_to_string(p));
|
||||
|
||||
/* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore
|
||||
* EINVAL here. */
|
||||
|
||||
r = cg_set_attribute("devices", path, "devices.allow", buf);
|
||||
if (r < 0)
|
||||
log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES, -EPERM) ? LOG_DEBUG : LOG_WARNING,
|
||||
r, "Failed to set devices.allow on %s: %m", path);
|
||||
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
int bpf_devices_allow_list_device(
|
||||
|
|
|
|||
|
|
@ -845,12 +845,23 @@ int bpf_firewall_supported(void) {
|
|||
|
||||
/* Checks whether BPF firewalling is supported. For this, we check the following things:
|
||||
*
|
||||
* - whether the unified hierarchy is being used
|
||||
* - the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_SKB programs, which we require
|
||||
* - the BPF implementation in the kernel supports the BPF_PROG_DETACH call, which we require
|
||||
*/
|
||||
if (supported >= 0)
|
||||
return supported;
|
||||
|
||||
r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "bpf-firewall: Can't determine whether the unified hierarchy is used: %m");
|
||||
if (r == 0) {
|
||||
bpf_firewall_unsupported_reason =
|
||||
log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
|
||||
"bpf-firewall: Not running with unified cgroup hierarchy, BPF firewalling is not supported.");
|
||||
return supported = BPF_FIREWALL_UNSUPPORTED;
|
||||
}
|
||||
|
||||
/* prog_name is NULL since it is supported only starting from v4.15 kernel. */
|
||||
r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, NULL, &program);
|
||||
if (r < 0) {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
#include "unit.h"
|
||||
|
||||
static inline int bpf_foreign_supported(void) {
|
||||
return cg_all_unified();
|
||||
}
|
||||
|
||||
/*
|
||||
* Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity
|
||||
* external to systemd.
|
||||
|
|
|
|||
|
|
@ -13,6 +13,17 @@ bool cgroup_bpf_supported(void) {
|
|||
if (supported >= 0)
|
||||
return supported;
|
||||
|
||||
r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
|
||||
return (supported = false);
|
||||
}
|
||||
|
||||
if (r == 0) {
|
||||
log_info("Not running with unified cgroup hierarchy, disabling cgroup BPF features.");
|
||||
return (supported = false);
|
||||
}
|
||||
|
||||
r = dlopen_bpf();
|
||||
if (r < 0) {
|
||||
log_full_errno(in_initrd() ? LOG_DEBUG : LOG_INFO,
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -34,6 +34,8 @@ typedef struct CGroupDeviceAllow CGroupDeviceAllow;
|
|||
typedef struct CGroupIODeviceWeight CGroupIODeviceWeight;
|
||||
typedef struct CGroupIODeviceLimit CGroupIODeviceLimit;
|
||||
typedef struct CGroupIODeviceLatency CGroupIODeviceLatency;
|
||||
typedef struct CGroupBlockIODeviceWeight CGroupBlockIODeviceWeight;
|
||||
typedef struct CGroupBlockIODeviceBandwidth CGroupBlockIODeviceBandwidth;
|
||||
typedef struct CGroupBPFForeignProgram CGroupBPFForeignProgram;
|
||||
typedef struct CGroupSocketBindItem CGroupSocketBindItem;
|
||||
typedef struct CGroupRuntime CGroupRuntime;
|
||||
|
|
@ -96,6 +98,19 @@ struct CGroupIODeviceLatency {
|
|||
usec_t target_usec;
|
||||
};
|
||||
|
||||
struct CGroupBlockIODeviceWeight {
|
||||
LIST_FIELDS(CGroupBlockIODeviceWeight, device_weights);
|
||||
char *path;
|
||||
uint64_t weight;
|
||||
};
|
||||
|
||||
struct CGroupBlockIODeviceBandwidth {
|
||||
LIST_FIELDS(CGroupBlockIODeviceBandwidth, device_bandwidths);
|
||||
char *path;
|
||||
uint64_t rbps;
|
||||
uint64_t wbps;
|
||||
};
|
||||
|
||||
struct CGroupBPFForeignProgram {
|
||||
LIST_FIELDS(CGroupBPFForeignProgram, programs);
|
||||
uint32_t attach_type;
|
||||
|
|
@ -125,6 +140,7 @@ typedef enum CGroupPressureWatch {
|
|||
struct CGroupContext {
|
||||
bool cpu_accounting;
|
||||
bool io_accounting;
|
||||
bool blockio_accounting;
|
||||
bool memory_accounting;
|
||||
bool tasks_accounting;
|
||||
bool ip_accounting;
|
||||
|
|
@ -196,6 +212,17 @@ struct CGroupContext {
|
|||
Set *restrict_network_interfaces;
|
||||
bool restrict_network_interfaces_is_allow_list;
|
||||
|
||||
/* For legacy hierarchies */
|
||||
uint64_t cpu_shares;
|
||||
uint64_t startup_cpu_shares;
|
||||
|
||||
uint64_t blockio_weight;
|
||||
uint64_t startup_blockio_weight;
|
||||
LIST_HEAD(CGroupBlockIODeviceWeight, blockio_device_weights);
|
||||
LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths);
|
||||
|
||||
uint64_t memory_limit;
|
||||
|
||||
CGroupDevicePolicy device_policy;
|
||||
LIST_HEAD(CGroupDeviceAllow, device_allow);
|
||||
|
||||
|
|
@ -369,6 +396,8 @@ void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
|
|||
void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w);
|
||||
void cgroup_context_free_io_device_limit(CGroupContext *c, CGroupIODeviceLimit *l);
|
||||
void cgroup_context_free_io_device_latency(CGroupContext *c, CGroupIODeviceLatency *l);
|
||||
void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w);
|
||||
void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b);
|
||||
void cgroup_context_remove_bpf_foreign_program(CGroupContext *c, CGroupBPFForeignProgram *p);
|
||||
void cgroup_context_remove_socket_bind(CGroupSocketBindItem **head);
|
||||
|
||||
|
|
@ -388,6 +417,8 @@ static inline int cgroup_context_add_bpf_foreign_program_dup(CGroupContext *c, c
|
|||
int cgroup_context_add_io_device_limit_dup(CGroupContext *c, const CGroupIODeviceLimit *l);
|
||||
int cgroup_context_add_io_device_weight_dup(CGroupContext *c, const CGroupIODeviceWeight *w);
|
||||
int cgroup_context_add_io_device_latency_dup(CGroupContext *c, const CGroupIODeviceLatency *l);
|
||||
int cgroup_context_add_block_io_device_weight_dup(CGroupContext *c, const CGroupBlockIODeviceWeight *w);
|
||||
int cgroup_context_add_block_io_device_bandwidth_dup(CGroupContext *c, const CGroupBlockIODeviceBandwidth *b);
|
||||
int cgroup_context_add_device_allow_dup(CGroupContext *c, const CGroupDeviceAllow *a);
|
||||
int cgroup_context_add_socket_bind_item_allow_dup(CGroupContext *c, const CGroupSocketBindItem *i);
|
||||
int cgroup_context_add_socket_bind_item_deny_dup(CGroupContext *c, const CGroupSocketBindItem *i);
|
||||
|
|
@ -407,6 +438,7 @@ void unit_invalidate_cgroup_members_masks(Unit *u);
|
|||
|
||||
void unit_add_family_to_cgroup_realize_queue(Unit *u);
|
||||
|
||||
const char* unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);
|
||||
int unit_default_cgroup_path(const Unit *u, char **ret);
|
||||
int unit_set_cgroup_path(Unit *u, const char *path);
|
||||
int unit_pick_cgroup_path(Unit *u);
|
||||
|
|
|
|||
|
|
@ -35,8 +35,6 @@ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_de
|
|||
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode);
|
||||
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);
|
||||
|
||||
static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_blockio_ast, "a(st)", 0);
|
||||
|
||||
static int property_get_cgroup_mask(
|
||||
sd_bus *bus,
|
||||
const char *path,
|
||||
|
|
@ -198,6 +196,72 @@ static int property_get_io_device_latency(
|
|||
return sd_bus_message_close_container(reply);
|
||||
}
|
||||
|
||||
static int property_get_blockio_device_weight(
|
||||
sd_bus *bus,
|
||||
const char *path,
|
||||
const char *interface,
|
||||
const char *property,
|
||||
sd_bus_message *reply,
|
||||
void *userdata,
|
||||
sd_bus_error *error) {
|
||||
|
||||
CGroupContext *c = ASSERT_PTR(userdata);
|
||||
int r;
|
||||
|
||||
assert(bus);
|
||||
assert(reply);
|
||||
|
||||
r = sd_bus_message_open_container(reply, 'a', "(st)");
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
|
||||
r = sd_bus_message_append(reply, "(st)", w->path, w->weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
return sd_bus_message_close_container(reply);
|
||||
}
|
||||
|
||||
static int property_get_blockio_device_bandwidths(
|
||||
sd_bus *bus,
|
||||
const char *path,
|
||||
const char *interface,
|
||||
const char *property,
|
||||
sd_bus_message *reply,
|
||||
void *userdata,
|
||||
sd_bus_error *error) {
|
||||
|
||||
CGroupContext *c = ASSERT_PTR(userdata);
|
||||
int r;
|
||||
|
||||
assert(bus);
|
||||
assert(reply);
|
||||
|
||||
r = sd_bus_message_open_container(reply, 'a', "(st)");
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
|
||||
uint64_t v;
|
||||
|
||||
if (streq(property, "BlockIOReadBandwidth"))
|
||||
v = b->rbps;
|
||||
else
|
||||
v = b->wbps;
|
||||
|
||||
if (v == CGROUP_LIMIT_MAX)
|
||||
continue;
|
||||
|
||||
r = sd_bus_message_append(reply, "(st)", b->path, v);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
return sd_bus_message_close_container(reply);
|
||||
}
|
||||
|
||||
static int property_get_device_allow(
|
||||
sd_bus *bus,
|
||||
const char *path,
|
||||
|
|
@ -386,6 +450,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
|
|||
SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpu_accounting), 0),
|
||||
SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0),
|
||||
SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0),
|
||||
SD_BUS_PROPERTY("CPUShares", "t", NULL, offsetof(CGroupContext, cpu_shares), 0),
|
||||
SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0),
|
||||
SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0),
|
||||
SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0),
|
||||
SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0),
|
||||
|
|
@ -401,6 +467,12 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
|
|||
SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
|
||||
SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
|
||||
SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0),
|
||||
SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, blockio_accounting), 0),
|
||||
SD_BUS_PROPERTY("BlockIOWeight", "t", NULL, offsetof(CGroupContext, blockio_weight), 0),
|
||||
SD_BUS_PROPERTY("StartupBlockIOWeight", "t", NULL, offsetof(CGroupContext, startup_blockio_weight), 0),
|
||||
SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_device_weight, 0, 0),
|
||||
SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0),
|
||||
SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0),
|
||||
SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0),
|
||||
SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0),
|
||||
SD_BUS_PROPERTY("DefaultStartupMemoryLow", "t", NULL, offsetof(CGroupContext, default_startup_memory_low), 0),
|
||||
|
|
@ -417,6 +489,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
|
|||
SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0),
|
||||
SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0),
|
||||
SD_BUS_PROPERTY("MemoryZSwapWriteback", "b", bus_property_get_bool, offsetof(CGroupContext, memory_zswap_writeback), 0),
|
||||
SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0),
|
||||
SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0),
|
||||
SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0),
|
||||
SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0),
|
||||
|
|
@ -440,16 +513,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
|
|||
SD_BUS_PROPERTY("MemoryPressureThresholdUSec", "t", bus_property_get_usec, offsetof(CGroupContext, memory_pressure_threshold_usec), 0),
|
||||
SD_BUS_PROPERTY("NFTSet", "a(iiss)", property_get_cgroup_nft_set, 0, 0),
|
||||
SD_BUS_PROPERTY("CoredumpReceive", "b", bus_property_get_bool, offsetof(CGroupContext, coredump_receive), 0),
|
||||
/* deprecated cgroup v1 properties */
|
||||
SD_BUS_PROPERTY("MemoryLimit", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("CPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("StartupCPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("BlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("StartupBlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_VTABLE_END
|
||||
};
|
||||
|
||||
|
|
@ -714,6 +777,17 @@ static int bus_cgroup_set_transient_property(
|
|||
return r;
|
||||
|
||||
unit_write_setting(u, flags, name, buf);
|
||||
|
||||
if (c->bpf_foreign_programs) {
|
||||
r = bpf_foreign_supported();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
log_full(LOG_DEBUG,
|
||||
"Transient unit %s configures a BPF program pinned to BPF "
|
||||
"filesystem, but the local system does not support that.\n"
|
||||
"Starting this unit will fail!", u->id);
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
|
@ -919,7 +993,9 @@ static int bus_cgroup_set_boolean(
|
|||
}
|
||||
|
||||
DISABLE_WARNING_TYPE_LIMITS;
|
||||
BUS_DEFINE_SET_CGROUP_WEIGHT(cpu_shares, CGROUP_MASK_CPU, CGROUP_CPU_SHARES_IS_OK, CGROUP_CPU_SHARES_INVALID);
|
||||
BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID);
|
||||
BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEIGHT_IS_OK, CGROUP_BLKIO_WEIGHT_INVALID);
|
||||
BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1);
|
||||
BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
|
||||
BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
|
||||
|
|
@ -1051,6 +1127,12 @@ int bus_cgroup_set_property(
|
|||
if (streq(name, "StartupCPUWeight"))
|
||||
return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error);
|
||||
|
||||
if (streq(name, "CPUShares"))
|
||||
return bus_cgroup_set_cpu_shares(u, name, &c->cpu_shares, message, flags, error);
|
||||
|
||||
if (streq(name, "StartupCPUShares"))
|
||||
return bus_cgroup_set_cpu_shares(u, name, &c->startup_cpu_shares, message, flags, error);
|
||||
|
||||
if (streq(name, "IOAccounting"))
|
||||
return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error);
|
||||
|
||||
|
|
@ -1060,6 +1142,15 @@ int bus_cgroup_set_property(
|
|||
if (streq(name, "StartupIOWeight"))
|
||||
return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error);
|
||||
|
||||
if (streq(name, "BlockIOAccounting"))
|
||||
return bus_cgroup_set_boolean(u, name, &c->blockio_accounting, CGROUP_MASK_BLKIO, message, flags, error);
|
||||
|
||||
if (streq(name, "BlockIOWeight"))
|
||||
return bus_cgroup_set_blockio_weight(u, name, &c->blockio_weight, message, flags, error);
|
||||
|
||||
if (streq(name, "StartupBlockIOWeight"))
|
||||
return bus_cgroup_set_blockio_weight(u, name, &c->startup_blockio_weight, message, flags, error);
|
||||
|
||||
if (streq(name, "MemoryAccounting"))
|
||||
return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error);
|
||||
|
||||
|
|
@ -1145,6 +1236,9 @@ int bus_cgroup_set_property(
|
|||
return r;
|
||||
}
|
||||
|
||||
if (streq(name, "MemoryLimit"))
|
||||
return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error);
|
||||
|
||||
if (streq(name, "MemoryMinScale")) {
|
||||
r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error);
|
||||
if (r > 0)
|
||||
|
|
@ -1185,6 +1279,9 @@ int bus_cgroup_set_property(
|
|||
if (streq(name, "MemoryMaxScale"))
|
||||
return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error);
|
||||
|
||||
if (streq(name, "MemoryLimitScale"))
|
||||
return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error);
|
||||
|
||||
if (streq(name, "MemoryZSwapWriteback"))
|
||||
return bus_cgroup_set_boolean(u, name, &c->memory_zswap_writeback, CGROUP_MASK_MEMORY, message, flags, error);
|
||||
|
||||
|
|
@ -1525,6 +1622,180 @@ int bus_cgroup_set_property(
|
|||
|
||||
return 1;
|
||||
|
||||
} else if (STR_IN_SET(name, "BlockIOReadBandwidth", "BlockIOWriteBandwidth")) {
|
||||
const char *path;
|
||||
unsigned n = 0;
|
||||
uint64_t u64;
|
||||
bool read;
|
||||
|
||||
read = streq(name, "BlockIOReadBandwidth");
|
||||
|
||||
r = sd_bus_message_enter_container(message, 'a', "(st)");
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) {
|
||||
|
||||
if (!path_is_normalized(path))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
|
||||
|
||||
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
|
||||
CGroupBlockIODeviceBandwidth *a = NULL;
|
||||
|
||||
LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
|
||||
if (path_equal(path, b->path)) {
|
||||
a = b;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!a) {
|
||||
a = new0(CGroupBlockIODeviceBandwidth, 1);
|
||||
if (!a)
|
||||
return -ENOMEM;
|
||||
|
||||
a->rbps = CGROUP_LIMIT_MAX;
|
||||
a->wbps = CGROUP_LIMIT_MAX;
|
||||
a->path = strdup(path);
|
||||
if (!a->path) {
|
||||
free(a);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
LIST_APPEND(device_bandwidths, c->blockio_device_bandwidths, a);
|
||||
}
|
||||
|
||||
if (read)
|
||||
a->rbps = u64;
|
||||
else
|
||||
a->wbps = u64;
|
||||
}
|
||||
|
||||
n++;
|
||||
}
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_bus_message_exit_container(message);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
|
||||
_cleanup_(memstream_done) MemStream m = {};
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
FILE *f;
|
||||
|
||||
if (n == 0)
|
||||
LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) {
|
||||
if (read)
|
||||
a->rbps = CGROUP_LIMIT_MAX;
|
||||
else
|
||||
a->wbps = CGROUP_LIMIT_MAX;
|
||||
}
|
||||
|
||||
unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO);
|
||||
|
||||
f = memstream_init(&m);
|
||||
if (!f)
|
||||
return -ENOMEM;
|
||||
|
||||
if (read) {
|
||||
fputs("BlockIOReadBandwidth=\n", f);
|
||||
LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths)
|
||||
if (a->rbps != CGROUP_LIMIT_MAX)
|
||||
fprintf(f, "BlockIOReadBandwidth=%s %" PRIu64 "\n", a->path, a->rbps);
|
||||
} else {
|
||||
fputs("BlockIOWriteBandwidth=\n", f);
|
||||
LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths)
|
||||
if (a->wbps != CGROUP_LIMIT_MAX)
|
||||
fprintf(f, "BlockIOWriteBandwidth=%s %" PRIu64 "\n", a->path, a->wbps);
|
||||
}
|
||||
|
||||
r = memstream_finalize(&m, &buf, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
unit_write_setting(u, flags, name, buf);
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
} else if (streq(name, "BlockIODeviceWeight")) {
|
||||
const char *path;
|
||||
uint64_t weight;
|
||||
unsigned n = 0;
|
||||
|
||||
r = sd_bus_message_enter_container(message, 'a', "(st)");
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) {
|
||||
|
||||
if (!path_is_normalized(path))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
|
||||
|
||||
if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID)
|
||||
return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range");
|
||||
|
||||
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
|
||||
CGroupBlockIODeviceWeight *a = NULL;
|
||||
|
||||
LIST_FOREACH(device_weights, b, c->blockio_device_weights)
|
||||
if (path_equal(b->path, path)) {
|
||||
a = b;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!a) {
|
||||
a = new0(CGroupBlockIODeviceWeight, 1);
|
||||
if (!a)
|
||||
return -ENOMEM;
|
||||
|
||||
a->path = strdup(path);
|
||||
if (!a->path) {
|
||||
free(a);
|
||||
return -ENOMEM;
|
||||
}
|
||||
LIST_APPEND(device_weights, c->blockio_device_weights, a);
|
||||
}
|
||||
|
||||
a->weight = weight;
|
||||
}
|
||||
|
||||
n++;
|
||||
}
|
||||
|
||||
r = sd_bus_message_exit_container(message);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
|
||||
_cleanup_(memstream_done) MemStream m = {};
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
FILE *f;
|
||||
|
||||
if (n == 0)
|
||||
while (c->blockio_device_weights)
|
||||
cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
|
||||
|
||||
unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO);
|
||||
|
||||
f = memstream_init(&m);
|
||||
if (!f)
|
||||
return -ENOMEM;
|
||||
|
||||
fputs("BlockIODeviceWeight=\n", f);
|
||||
LIST_FOREACH(device_weights, a, c->blockio_device_weights)
|
||||
fprintf(f, "BlockIODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight);
|
||||
|
||||
r = memstream_finalize(&m, &buf, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
unit_write_setting(u, flags, name, buf);
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
} else if (streq(name, "DevicePolicy")) {
|
||||
const char *policy;
|
||||
CGroupDevicePolicy p;
|
||||
|
|
@ -2048,26 +2319,6 @@ int bus_cgroup_set_property(
|
|||
return 1;
|
||||
}
|
||||
|
||||
/* deprecated CGroup v1 properties */
|
||||
if (STR_IN_SET(name,
|
||||
"MemoryLimit",
|
||||
"MemoryLimitScale",
|
||||
"CPUShares",
|
||||
"StartupCPUShares",
|
||||
"BlockIOAccounting",
|
||||
"BlockIOWeight",
|
||||
"StartupBlockIOWeight",
|
||||
"BlockIODeviceWeight",
|
||||
"BlockIOReadBandwidth",
|
||||
"BlockIOWriteBandwidth")) {
|
||||
|
||||
r = sd_bus_message_skip(message, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* must be last */
|
||||
if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB))
|
||||
return bus_cgroup_set_transient_property(u, c, name, message, flags, error);
|
||||
|
|
|
|||
|
|
@ -3057,6 +3057,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
|
|||
SD_BUS_PROPERTY("DefaultStartLimitInterval", "t", bus_property_get_usec, offsetof(Manager, defaults.start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
|
||||
SD_BUS_PROPERTY("DefaultStartLimitBurst", "u", bus_property_get_unsigned, offsetof(Manager, defaults.start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultCPUAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpu_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.io_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
|
|
@ -3101,8 +3102,6 @@ const sd_bus_vtable bus_manager_vtable[] = {
|
|||
SD_BUS_PROPERTY("DefaultOOMScoreAdjust", "i", property_get_oom_score_adjust, 0, SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("CtrlAltDelBurstAction", "s", bus_property_get_emergency_action, offsetof(Manager, cad_burst_action), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("SoftRebootsCount", "u", bus_property_get_unsigned, offsetof(Manager, soft_reboots_count), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
/* deprecated cgroup v1 property */
|
||||
SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
|
||||
|
||||
SD_BUS_METHOD_WITH_ARGS("GetUnit",
|
||||
SD_BUS_ARGS("s", name),
|
||||
|
|
|
|||
|
|
@ -4967,7 +4967,7 @@ int exec_invoke(
|
|||
return log_exec_error_errno(context, params, r, "Failed to acquire cgroup path: %m");
|
||||
}
|
||||
|
||||
r = cg_attach(p, 0);
|
||||
r = cg_attach_everywhere(params->cgroup_supported, p, 0);
|
||||
if (r == -EUCLEAN) {
|
||||
*exit_status = EXIT_CGROUP;
|
||||
return log_exec_error_errno(context, params, r,
|
||||
|
|
@ -5190,7 +5190,7 @@ int exec_invoke(
|
|||
if (params->flags & EXEC_CGROUP_DELEGATE) {
|
||||
_cleanup_free_ char *p = NULL;
|
||||
|
||||
r = cg_set_access(params->cgroup_path, uid, gid);
|
||||
r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, uid, gid);
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_CGROUP;
|
||||
return log_exec_error_errno(context, params, r, "Failed to adjust control group access: %m");
|
||||
|
|
@ -5202,7 +5202,7 @@ int exec_invoke(
|
|||
return log_exec_error_errno(context, params, r, "Failed to acquire cgroup path: %m");
|
||||
}
|
||||
if (r > 0) {
|
||||
r = cg_set_access_recursive(p, uid, gid);
|
||||
r = cg_set_access_recursive(SYSTEMD_CGROUP_CONTROLLER, p, uid, gid);
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_CGROUP;
|
||||
return log_exec_error_errno(context, params, r, "Failed to adjust control subgroup access: %m");
|
||||
|
|
@ -5210,7 +5210,7 @@ int exec_invoke(
|
|||
}
|
||||
}
|
||||
|
||||
if (is_pressure_supported() > 0) {
|
||||
if (cg_unified() > 0 && is_pressure_supported() > 0) {
|
||||
if (cgroup_context_want_memory_pressure(cgroup_context)) {
|
||||
r = cg_get_path("memory", params->cgroup_path, "memory.pressure", &memory_pressure_path);
|
||||
if (r < 0) {
|
||||
|
|
|
|||
|
|
@ -40,6 +40,10 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = serialize_bool_elide(f, "exec-cgroup-context-block-io-accounting", c->blockio_accounting);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = serialize_bool_elide(f, "exec-cgroup-context-memory-accounting", c->memory_accounting);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
@ -68,6 +72,18 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
|
|||
return r;
|
||||
}
|
||||
|
||||
if (c->cpu_shares != CGROUP_CPU_SHARES_INVALID) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-cpu-shares", "%" PRIu64, c->cpu_shares);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-startup-cpu-shares", "%" PRIu64, c->startup_cpu_shares);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (c->cpu_quota_per_sec_usec != USEC_INFINITY) {
|
||||
r = serialize_usec(f, "exec-cgroup-context-cpu-quota-per-sec-usec", c->cpu_quota_per_sec_usec);
|
||||
if (r < 0)
|
||||
|
|
@ -124,6 +140,18 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
|
|||
return r;
|
||||
}
|
||||
|
||||
if (c->blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-block-io-weight", "%" PRIu64, c->blockio_weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-startup-block-io-weight", "%" PRIu64, c->startup_blockio_weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (c->default_memory_min > 0) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-default-memory-min", "%" PRIu64, c->default_memory_min);
|
||||
if (r < 0)
|
||||
|
|
@ -206,6 +234,12 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (c->memory_limit != CGROUP_LIMIT_MAX) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-memory-limit", "%" PRIu64, c->memory_limit);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (c->tasks_max.value != UINT64_MAX) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-tasks-max-value", "%" PRIu64, c->tasks_max.value);
|
||||
if (r < 0)
|
||||
|
|
@ -356,6 +390,31 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
|
|||
return r;
|
||||
}
|
||||
|
||||
LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-blockio-device-weight", "%s %" PRIu64,
|
||||
w->path,
|
||||
w->weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
|
||||
if (b->rbps != CGROUP_LIMIT_MAX) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-blockio-read-bandwidth", "%s %" PRIu64,
|
||||
b->path,
|
||||
b->rbps);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
if (b->wbps != CGROUP_LIMIT_MAX) {
|
||||
r = serialize_item_format(f, "exec-cgroup-context-blockio-write-bandwidth", "%s %" PRIu64,
|
||||
b->path,
|
||||
b->wbps);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
SET_FOREACH(iaai, c->ip_address_allow) {
|
||||
r = serialize_item(f,
|
||||
"exec-cgroup-context-ip-address-allow",
|
||||
|
|
@ -453,6 +512,11 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
c->io_accounting = r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-block-io-accounting="))) {
|
||||
r = parse_boolean(val);
|
||||
if (r < 0)
|
||||
return r;
|
||||
c->blockio_accounting = r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-memory-accounting="))) {
|
||||
r = parse_boolean(val);
|
||||
if (r < 0)
|
||||
|
|
@ -481,6 +545,14 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
|
|||
r = safe_atou64(val, &c->startup_cpu_weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-cpu-shares="))) {
|
||||
r = safe_atou64(val, &c->cpu_shares);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-startup-cpu-shares="))) {
|
||||
r = safe_atou64(val, &c->startup_cpu_shares);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-cpu-quota-per-sec-usec="))) {
|
||||
r = deserialize_usec(val, &c->cpu_quota_per_sec_usec);
|
||||
if (r < 0)
|
||||
|
|
@ -553,6 +625,14 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
|
|||
r = safe_atou64(val, &c->startup_io_weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-block-io-weight="))) {
|
||||
r = safe_atou64(val, &c->blockio_weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-startup-block-io-weight="))) {
|
||||
r = safe_atou64(val, &c->startup_blockio_weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-default-memory-min="))) {
|
||||
r = safe_atou64(val, &c->default_memory_min);
|
||||
if (r < 0)
|
||||
|
|
@ -610,6 +690,10 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
c->memory_zswap_writeback = r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-memory-limit="))) {
|
||||
r = safe_atou64(val, &c->memory_limit);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-tasks-max-value="))) {
|
||||
r = safe_atou64(val, &c->tasks_max.value);
|
||||
if (r < 0)
|
||||
|
|
@ -828,6 +912,87 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
|
|||
r = safe_atou64(limits, &limit->limits[t]);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-block-io-device-weight="))) {
|
||||
_cleanup_free_ char *path = NULL, *weight = NULL;
|
||||
CGroupBlockIODeviceWeight *a = NULL;
|
||||
|
||||
r = extract_many_words(&val, " ", 0, &path, &weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r != 2)
|
||||
return -EINVAL;
|
||||
|
||||
a = new0(CGroupBlockIODeviceWeight, 1);
|
||||
if (!a)
|
||||
return log_oom_debug();
|
||||
|
||||
a->path = TAKE_PTR(path);
|
||||
|
||||
LIST_PREPEND(device_weights, c->blockio_device_weights, a);
|
||||
|
||||
r = safe_atou64(weight, &a->weight);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-block-io-read-bandwidth="))) {
|
||||
_cleanup_free_ char *path = NULL, *bw = NULL;
|
||||
CGroupBlockIODeviceBandwidth *a = NULL;
|
||||
|
||||
r = extract_many_words(&val, " ", 0, &path, &bw);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r != 2)
|
||||
return -EINVAL;
|
||||
|
||||
LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
|
||||
if (path_equal(b->path, path)) {
|
||||
a = b;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!a) {
|
||||
a = new0(CGroupBlockIODeviceBandwidth, 1);
|
||||
if (!a)
|
||||
return log_oom_debug();
|
||||
|
||||
a->path = TAKE_PTR(path);
|
||||
a->wbps = CGROUP_LIMIT_MAX;
|
||||
|
||||
LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a);
|
||||
}
|
||||
|
||||
r = safe_atou64(bw, &a->rbps);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-block-io-write-bandwidth="))) {
|
||||
_cleanup_free_ char *path = NULL, *bw = NULL;
|
||||
CGroupBlockIODeviceBandwidth *a = NULL;
|
||||
|
||||
r = extract_many_words(&val, " ", 0, &path, &bw);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r != 2)
|
||||
return -EINVAL;
|
||||
|
||||
LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
|
||||
if (path_equal(b->path, path)) {
|
||||
a = b;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!a) {
|
||||
a = new0(CGroupBlockIODeviceBandwidth, 1);
|
||||
if (!a)
|
||||
return log_oom_debug();
|
||||
|
||||
a->path = TAKE_PTR(path);
|
||||
a->rbps = CGROUP_LIMIT_MAX;
|
||||
|
||||
LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a);
|
||||
}
|
||||
|
||||
r = safe_atou64(bw, &a->wbps);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "exec-cgroup-context-ip-address-allow="))) {
|
||||
struct in_addr_prefix a;
|
||||
|
||||
|
|
|
|||
|
|
@ -508,7 +508,7 @@ int exec_spawn(
|
|||
/* If there's a subcgroup, then let's create it here now (the main cgroup was already
|
||||
* realized by the unit logic) */
|
||||
|
||||
r = cg_create(subcgroup_path);
|
||||
r = cg_create(SYSTEMD_CGROUP_CONTROLLER, subcgroup_path);
|
||||
if (r < 0)
|
||||
return log_unit_error_errno(unit, r, "Failed to create subcgroup '%s': %m", subcgroup_path);
|
||||
}
|
||||
|
|
@ -576,7 +576,7 @@ int exec_spawn(
|
|||
"--log-level", max_log_levels,
|
||||
"--log-target", log_target_to_string(manager_get_executor_log_target(unit->manager))),
|
||||
environ,
|
||||
subcgroup_path,
|
||||
cg_unified() > 0 ? subcgroup_path : NULL,
|
||||
&pidref);
|
||||
|
||||
/* Drop the ambient set again, so no processes other than sd-executore spawned from the manager inherit it. */
|
||||
|
|
@ -593,7 +593,7 @@ int exec_spawn(
|
|||
* executed outside of the cgroup) and in the parent (so that we can be sure that when we kill the cgroup the
|
||||
* process will be killed too). */
|
||||
if (r == 0 && subcgroup_path)
|
||||
(void) cg_attach(subcgroup_path, pidref.pid);
|
||||
(void) cg_attach(SYSTEMD_CGROUP_CONTROLLER, subcgroup_path, pidref.pid);
|
||||
/* r > 0: Already in the right cgroup thanks to CLONE_INTO_CGROUP */
|
||||
|
||||
log_unit_debug(unit, "Forked %s as " PID_FMT " (%s CLONE_INTO_CGROUP)",
|
||||
|
|
|
|||
|
|
@ -204,8 +204,8 @@
|
|||
{{type}}.CPUAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpu_accounting)
|
||||
{{type}}.CPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.cpu_weight)
|
||||
{{type}}.StartupCPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.startup_cpu_weight)
|
||||
{{type}}.CPUShares, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.StartupCPUShares, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.CPUShares, config_parse_cpu_shares, 0, offsetof({{type}}, cgroup_context.cpu_shares)
|
||||
{{type}}.StartupCPUShares, config_parse_cpu_shares, 0, offsetof({{type}}, cgroup_context.startup_cpu_shares)
|
||||
{{type}}.CPUQuota, config_parse_cpu_quota, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.CPUQuotaPeriodSec, config_parse_sec_def_infinity, 0, offsetof({{type}}, cgroup_context.cpu_quota_period_usec)
|
||||
{{type}}.MemoryAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.memory_accounting)
|
||||
|
|
@ -224,7 +224,7 @@
|
|||
{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.MemoryZSwapWriteback, config_parse_bool, 0, offsetof({{type}}, cgroup_context.memory_zswap_writeback)
|
||||
{{type}}.MemoryLimit, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy)
|
||||
{{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting)
|
||||
|
|
@ -236,12 +236,12 @@
|
|||
{{type}}.IOReadIOPSMax, config_parse_io_limit, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.IOWriteIOPSMax, config_parse_io_limit, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.IODeviceLatencyTargetSec, config_parse_io_device_latency, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.BlockIOAccounting, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.BlockIOWeight, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.StartupBlockIOWeight, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.BlockIODeviceWeight, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.BlockIOReadBandwidth, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.BlockIOWriteBandwidth, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
{{type}}.BlockIOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.blockio_accounting)
|
||||
{{type}}.BlockIOWeight, config_parse_blockio_weight, 0, offsetof({{type}}, cgroup_context.blockio_weight)
|
||||
{{type}}.StartupBlockIOWeight, config_parse_blockio_weight, 0, offsetof({{type}}, cgroup_context.startup_blockio_weight)
|
||||
{{type}}.BlockIODeviceWeight, config_parse_blockio_device_weight, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.BlockIOReadBandwidth, config_parse_blockio_bandwidth, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof({{type}}, cgroup_context)
|
||||
{{type}}.TasksAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.tasks_accounting)
|
||||
{{type}}.TasksMax, config_parse_tasks_max, 0, offsetof({{type}}, cgroup_context.tasks_max)
|
||||
{{type}}.Delegate, config_parse_delegate, 0, offsetof({{type}}, cgroup_context)
|
||||
|
|
|
|||
|
|
@ -153,13 +153,38 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy);
|
|||
DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);
|
||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch);
|
||||
DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1);
|
||||
DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t);
|
||||
DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t);
|
||||
DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight, cg_cpu_weight_parse, uint64_t);
|
||||
static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal, cg_cpu_shares_parse, uint64_t);
|
||||
DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag, mount_propagation_flag_from_string, unsigned long);
|
||||
DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1);
|
||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat);
|
||||
DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping);
|
||||
|
||||
int config_parse_cpu_shares(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
assert(rvalue);
|
||||
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
|
||||
lvalue, lvalue);
|
||||
|
||||
return config_parse_cpu_shares_internal(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
|
||||
}
|
||||
|
||||
bool contains_instance_specifier_superset(const char *s) {
|
||||
const char *p, *q;
|
||||
bool percent = false;
|
||||
|
|
@ -3874,6 +3899,10 @@ int config_parse_memory_limit(
|
|||
else if (streq(lvalue, "StartupMemoryZSwapMax")) {
|
||||
c->startup_memory_zswap_max = bytes;
|
||||
c->startup_memory_zswap_max_set = true;
|
||||
} else if (streq(lvalue, "MemoryLimit")) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
|
||||
c->memory_limit = bytes;
|
||||
} else
|
||||
return -EINVAL;
|
||||
|
||||
|
|
@ -4448,6 +4477,177 @@ int config_parse_io_limit(
|
|||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_blockio_device_weight(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *path = NULL, *resolved = NULL;
|
||||
CGroupBlockIODeviceWeight *w;
|
||||
CGroupContext *c = data;
|
||||
const char *p = ASSERT_PTR(rvalue);
|
||||
uint64_t u;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
|
||||
lvalue, lvalue);
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
while (c->blockio_device_weights)
|
||||
cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed to extract device node and weight from '%s', ignoring.", rvalue);
|
||||
return 0;
|
||||
}
|
||||
if (r == 0 || isempty(p)) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Invalid device node or weight specified in '%s', ignoring.", rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = unit_path_printf(userdata, path, &resolved);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
|
||||
if (r < 0)
|
||||
return 0;
|
||||
|
||||
r = cg_blkio_weight_parse(p, &u);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
|
||||
return 0;
|
||||
}
|
||||
|
||||
assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
|
||||
|
||||
w = new0(CGroupBlockIODeviceWeight, 1);
|
||||
if (!w)
|
||||
return log_oom();
|
||||
|
||||
w->path = TAKE_PTR(resolved);
|
||||
w->weight = u;
|
||||
|
||||
LIST_APPEND(device_weights, c->blockio_device_weights, w);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_blockio_bandwidth(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *path = NULL, *resolved = NULL;
|
||||
CGroupBlockIODeviceBandwidth *b = NULL;
|
||||
CGroupContext *c = data;
|
||||
const char *p = ASSERT_PTR(rvalue);
|
||||
uint64_t bytes;
|
||||
bool read;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
|
||||
lvalue, lvalue);
|
||||
|
||||
read = streq("BlockIOReadBandwidth", lvalue);
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
|
||||
t->rbps = CGROUP_LIMIT_MAX;
|
||||
t->wbps = CGROUP_LIMIT_MAX;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
|
||||
return 0;
|
||||
}
|
||||
if (r == 0 || isempty(p)) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = unit_path_printf(userdata, path, &resolved);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
|
||||
if (r < 0)
|
||||
return 0;
|
||||
|
||||
r = parse_size(p, 1000, &bytes);
|
||||
if (r < 0 || bytes <= 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
|
||||
return 0;
|
||||
}
|
||||
|
||||
LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths)
|
||||
if (path_equal(resolved, t->path)) {
|
||||
b = t;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!b) {
|
||||
b = new0(CGroupBlockIODeviceBandwidth, 1);
|
||||
if (!b)
|
||||
return log_oom();
|
||||
|
||||
b->path = TAKE_PTR(resolved);
|
||||
b->rbps = CGROUP_LIMIT_MAX;
|
||||
b->wbps = CGROUP_LIMIT_MAX;
|
||||
|
||||
LIST_APPEND(device_bandwidths, c->blockio_device_bandwidths, b);
|
||||
}
|
||||
|
||||
if (read)
|
||||
b->rbps = bytes;
|
||||
else
|
||||
b->wbps = bytes;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_job_mode_isolate(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
|
|
@ -6172,6 +6372,7 @@ void unit_dump_config_items(FILE *f) {
|
|||
#endif
|
||||
{ config_parse_namespace_flags, "NAMESPACES" },
|
||||
{ config_parse_restrict_filesystems, "FILESYSTEMS" },
|
||||
{ config_parse_cpu_shares, "SHARES" },
|
||||
{ config_parse_cg_weight, "WEIGHT" },
|
||||
{ config_parse_cg_cpu_weight, "CPUWEIGHT" },
|
||||
{ config_parse_memory_limit, "LIMIT" },
|
||||
|
|
@ -6180,6 +6381,9 @@ void unit_dump_config_items(FILE *f) {
|
|||
{ config_parse_io_limit, "LIMIT" },
|
||||
{ config_parse_io_device_weight, "DEVICEWEIGHT" },
|
||||
{ config_parse_io_device_latency, "DEVICELATENCY" },
|
||||
{ config_parse_blockio_bandwidth, "BANDWIDTH" },
|
||||
{ config_parse_blockio_weight, "WEIGHT" },
|
||||
{ config_parse_blockio_device_weight, "DEVICEWEIGHT" },
|
||||
{ config_parse_long, "LONG" },
|
||||
{ config_parse_socket_service, "SERVICE" },
|
||||
#if HAVE_SELINUX
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_unset_environ);
|
|||
CONFIG_PARSER_PROTOTYPE(config_parse_unit_slice);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_delegate);
|
||||
|
|
@ -94,6 +95,9 @@ CONFIG_PARSER_PROTOTYPE(config_parse_device_allow);
|
|||
CONFIG_PARSER_PROTOTYPE(config_parse_io_device_latency);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_io_device_weight);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_io_limit);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_blockio_weight);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_blockio_device_weight);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_blockio_bandwidth);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_job_mode);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_job_mode_isolate);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_exec_selinux_context);
|
||||
|
|
|
|||
|
|
@ -794,7 +794,7 @@ static int parse_config_file(void) {
|
|||
{ "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_defaults.cpu_accounting },
|
||||
{ "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_defaults.io_accounting },
|
||||
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting },
|
||||
{ "Manager", "DefaultBlockIOAccounting", config_parse_warn_compat, DISABLED_LEGACY, NULL },
|
||||
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting },
|
||||
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting },
|
||||
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting },
|
||||
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max },
|
||||
|
|
|
|||
|
|
@ -371,7 +371,7 @@ static int scope_enter_start_chown(Scope *s) {
|
|||
}
|
||||
}
|
||||
|
||||
r = cg_set_access(s->cgroup_runtime->cgroup_path, uid, gid);
|
||||
r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_runtime->cgroup_path, uid, gid);
|
||||
if (r < 0) {
|
||||
log_unit_error_errno(UNIT(s), r, "Failed to adjust control group access: %m");
|
||||
_exit(EXIT_CGROUP);
|
||||
|
|
|
|||
|
|
@ -729,6 +729,9 @@ static int service_verify(Service *s) {
|
|||
if (s->type == SERVICE_SIMPLE && s->exec_command[SERVICE_EXEC_START_POST] && exec_context_has_credentials(&s->exec_context))
|
||||
log_unit_warning(UNIT(s), "Service uses a combination of Type=simple, ExecStartPost=, and credentials. This could lead to race conditions. Continuing.");
|
||||
|
||||
if (s->exit_type == SERVICE_EXIT_CGROUP && cg_unified() < CGROUP_UNIFIED_SYSTEMD)
|
||||
log_unit_warning(UNIT(s), "Service has ExitType=cgroup set, but we are running with legacy cgroups v1, which might not work correctly. Continuing.");
|
||||
|
||||
if (s->restart_max_delay_usec == USEC_INFINITY && s->restart_steps > 0)
|
||||
log_unit_warning(UNIT(s), "Service has RestartSteps= but no RestartMaxDelaySec= setting. Ignoring.");
|
||||
|
||||
|
|
|
|||
|
|
@ -173,6 +173,7 @@ static void unit_init(Unit *u) {
|
|||
|
||||
cc->cpu_accounting = u->manager->defaults.cpu_accounting;
|
||||
cc->io_accounting = u->manager->defaults.io_accounting;
|
||||
cc->blockio_accounting = u->manager->defaults.blockio_accounting;
|
||||
cc->memory_accounting = u->manager->defaults.memory_accounting;
|
||||
cc->tasks_accounting = u->manager->defaults.tasks_accounting;
|
||||
cc->ip_accounting = u->manager->defaults.ip_accounting;
|
||||
|
|
@ -1571,6 +1572,9 @@ static int unit_add_oomd_dependencies(Unit *u) {
|
|||
if (!wants_oomd)
|
||||
return 0;
|
||||
|
||||
if (!cg_all_unified())
|
||||
return 0;
|
||||
|
||||
r = cg_mask_supported(&mask);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to determine supported controllers: %m");
|
||||
|
|
@ -4805,6 +4809,15 @@ int unit_kill_context(Unit *u, KillOperation k) {
|
|||
|
||||
} else if (r > 0) {
|
||||
|
||||
/* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
|
||||
* we are running in a container or if this is a delegation unit, simply because cgroup
|
||||
* notification is unreliable in these cases. It doesn't work at all in containers, and outside
|
||||
* of containers it can be confused easily by left-over directories in the cgroup — which
|
||||
* however should not exist in non-delegated units. On the unified hierarchy that's different,
|
||||
* there we get proper events. Hence rely on them. */
|
||||
|
||||
if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
|
||||
(detect_container() == 0 && !unit_cgroup_delegate(u)))
|
||||
wait_for_exit = true;
|
||||
|
||||
if (send_sighup) {
|
||||
|
|
@ -5405,7 +5418,7 @@ int unit_fork_helper_process(Unit *u, const char *name, bool into_cgroup, PidRef
|
|||
(void) ignore_signals(SIGPIPE);
|
||||
|
||||
if (crt && crt->cgroup_path) {
|
||||
r = cg_attach(crt->cgroup_path, 0);
|
||||
r = cg_attach_everywhere(u->manager->cgroup_supported, crt->cgroup_path, 0);
|
||||
if (r < 0) {
|
||||
log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", empty_to_root(crt->cgroup_path));
|
||||
_exit(EXIT_CGROUP);
|
||||
|
|
|
|||
|
|
@ -161,13 +161,12 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
|
|||
assert(fd >= 0);
|
||||
assert(peek || (buf && buf_size > 0));
|
||||
|
||||
/* Note: this might return successfully, but with a zero size under some transient conditions, such
|
||||
* as the reception of a non-kernel message. In such a case the passed buffer might or might not be
|
||||
* modified. Caller must treat a zero return as "no message, but also not an error". */
|
||||
|
||||
n = recvmsg_safe(fd, &msg, peek ? (MSG_PEEK|MSG_TRUNC) : 0);
|
||||
if (ERRNO_IS_NEG_TRANSIENT(n))
|
||||
goto transient;
|
||||
if (ERRNO_IS_NEG_TRANSIENT(n)) {
|
||||
if (ret_mcast_group)
|
||||
*ret_mcast_group = 0;
|
||||
return 0;
|
||||
}
|
||||
if (n == -ENOBUFS)
|
||||
return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
|
||||
if (n == -ECHRNG)
|
||||
|
|
@ -182,16 +181,15 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
|
|||
log_debug("sd-netlink: ignoring message from PID %"PRIu32, sender.nl.nl_pid);
|
||||
|
||||
if (peek) {
|
||||
/* Drop the message. Note that we ignore ECHRNG/EXFULL errors here, which
|
||||
* recvmsg_safe() returns in case the payload or cdata is truncated. Given we just
|
||||
* want to drop the message we also don't care if its payload or cdata was
|
||||
* truncated. */
|
||||
/* drop the message */
|
||||
n = recvmsg_safe(fd, &msg, 0);
|
||||
if (n < 0 && !IN_SET(n, -ECHRNG, -EXFULL))
|
||||
if (n < 0)
|
||||
return (int) n;
|
||||
}
|
||||
|
||||
goto transient;
|
||||
if (ret_mcast_group)
|
||||
*ret_mcast_group = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ret_mcast_group) {
|
||||
|
|
@ -205,12 +203,6 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
|
|||
}
|
||||
|
||||
return (int) n;
|
||||
|
||||
transient:
|
||||
if (ret_mcast_group)
|
||||
*ret_mcast_group = 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
|
|
|
|||
|
|
@ -54,11 +54,6 @@ static L2tpSession* l2tp_session_free(L2tpSession *s) {
|
|||
|
||||
DEFINE_SECTION_CLEANUP_FUNCTIONS(L2tpSession, l2tp_session_free);
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
l2tp_session_hash_ops_by_section,
|
||||
ConfigSection, config_section_hash_func, config_section_compare_func,
|
||||
L2tpSession, l2tp_session_free);
|
||||
|
||||
static int l2tp_session_new_static(L2tpTunnel *t, const char *filename, unsigned section_line, L2tpSession **ret) {
|
||||
_cleanup_(config_section_freep) ConfigSection *n = NULL;
|
||||
_cleanup_(l2tp_session_freep) L2tpSession *s = NULL;
|
||||
|
|
@ -89,7 +84,7 @@ static int l2tp_session_new_static(L2tpTunnel *t, const char *filename, unsigned
|
|||
.section = TAKE_PTR(n),
|
||||
};
|
||||
|
||||
r = ordered_hashmap_ensure_put(&t->sessions_by_section, &l2tp_session_hash_ops_by_section, s->section, s);
|
||||
r = ordered_hashmap_ensure_put(&t->sessions_by_section, &config_section_hash_ops, s->section, s);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -909,7 +904,7 @@ static int netdev_l2tp_tunnel_get_ifindex(NetDev *netdev, const char *name) {
|
|||
static void l2tp_tunnel_done(NetDev *netdev) {
|
||||
L2tpTunnel *t = L2TP(netdev);
|
||||
|
||||
ordered_hashmap_free(t->sessions_by_section);
|
||||
ordered_hashmap_free_with_destructor(t->sessions_by_section, l2tp_session_free);
|
||||
free(t->local_ifname);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,12 +20,6 @@
|
|||
#include "string-util.h"
|
||||
#include "unaligned.h"
|
||||
|
||||
#define SECURITY_ASSOCIATION_NULL \
|
||||
(SecurityAssociation) { \
|
||||
.activate = -1, \
|
||||
.use_for_encoding = -1, \
|
||||
}
|
||||
|
||||
static void security_association_clear(SecurityAssociation *sa) {
|
||||
if (!sa)
|
||||
return;
|
||||
|
|
@ -35,6 +29,13 @@ static void security_association_clear(SecurityAssociation *sa) {
|
|||
free(sa->key_file);
|
||||
}
|
||||
|
||||
static void security_association_init(SecurityAssociation *sa) {
|
||||
assert(sa);
|
||||
|
||||
sa->activate = -1;
|
||||
sa->use_for_encoding = -1;
|
||||
}
|
||||
|
||||
static ReceiveAssociation* macsec_receive_association_free(ReceiveAssociation *c) {
|
||||
if (!c)
|
||||
return NULL;
|
||||
|
|
@ -50,11 +51,6 @@ static ReceiveAssociation* macsec_receive_association_free(ReceiveAssociation *c
|
|||
|
||||
DEFINE_SECTION_CLEANUP_FUNCTIONS(ReceiveAssociation, macsec_receive_association_free);
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
receive_association_hash_ops_by_section,
|
||||
ConfigSection, config_section_hash_func, config_section_compare_func,
|
||||
ReceiveAssociation, macsec_receive_association_free);
|
||||
|
||||
static int macsec_receive_association_new_static(MACsec *s, const char *filename, unsigned section_line, ReceiveAssociation **ret) {
|
||||
_cleanup_(config_section_freep) ConfigSection *n = NULL;
|
||||
_cleanup_(macsec_receive_association_freep) ReceiveAssociation *c = NULL;
|
||||
|
|
@ -82,14 +78,16 @@ static int macsec_receive_association_new_static(MACsec *s, const char *filename
|
|||
*c = (ReceiveAssociation) {
|
||||
.macsec = s,
|
||||
.section = TAKE_PTR(n),
|
||||
.sa = SECURITY_ASSOCIATION_NULL,
|
||||
};
|
||||
|
||||
r = ordered_hashmap_ensure_put(&s->receive_associations_by_section, &receive_association_hash_ops_by_section, c->section, c);
|
||||
security_association_init(&c->sa);
|
||||
|
||||
r = ordered_hashmap_ensure_put(&s->receive_associations_by_section, &config_section_hash_ops, c->section, c);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*ret = TAKE_PTR(c);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -112,16 +110,6 @@ static ReceiveChannel* macsec_receive_channel_free(ReceiveChannel *c) {
|
|||
|
||||
DEFINE_SECTION_CLEANUP_FUNCTIONS(ReceiveChannel, macsec_receive_channel_free);
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
receive_channel_hash_ops,
|
||||
uint64_t, uint64_hash_func, uint64_compare_func,
|
||||
ReceiveChannel, macsec_receive_channel_free);
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
receive_channel_hash_ops_by_section,
|
||||
ConfigSection, config_section_hash_func, config_section_compare_func,
|
||||
ReceiveChannel, macsec_receive_channel_free);
|
||||
|
||||
static int macsec_receive_channel_new(MACsec *s, uint64_t sci, ReceiveChannel **ret) {
|
||||
ReceiveChannel *c;
|
||||
|
||||
|
|
@ -166,11 +154,12 @@ static int macsec_receive_channel_new_static(MACsec *s, const char *filename, un
|
|||
|
||||
c->section = TAKE_PTR(n);
|
||||
|
||||
r = ordered_hashmap_ensure_put(&s->receive_channels_by_section, &receive_channel_hash_ops_by_section, c->section, c);
|
||||
r = ordered_hashmap_ensure_put(&s->receive_channels_by_section, &config_section_hash_ops, c->section, c);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*ret = TAKE_PTR(c);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -189,11 +178,6 @@ static TransmitAssociation* macsec_transmit_association_free(TransmitAssociation
|
|||
|
||||
DEFINE_SECTION_CLEANUP_FUNCTIONS(TransmitAssociation, macsec_transmit_association_free);
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
transmit_association_hash_ops_by_section,
|
||||
ConfigSection, config_section_hash_func, config_section_compare_func,
|
||||
TransmitAssociation, macsec_transmit_association_free);
|
||||
|
||||
static int macsec_transmit_association_new_static(MACsec *s, const char *filename, unsigned section_line, TransmitAssociation **ret) {
|
||||
_cleanup_(config_section_freep) ConfigSection *n = NULL;
|
||||
_cleanup_(macsec_transmit_association_freep) TransmitAssociation *a = NULL;
|
||||
|
|
@ -221,14 +205,16 @@ static int macsec_transmit_association_new_static(MACsec *s, const char *filenam
|
|||
*a = (TransmitAssociation) {
|
||||
.macsec = s,
|
||||
.section = TAKE_PTR(n),
|
||||
.sa = SECURITY_ASSOCIATION_NULL,
|
||||
};
|
||||
|
||||
r = ordered_hashmap_ensure_put(&s->transmit_associations_by_section, &transmit_association_hash_ops_by_section, a->section, a);
|
||||
security_association_init(&a->sa);
|
||||
|
||||
r = ordered_hashmap_ensure_put(&s->transmit_associations_by_section, &config_section_hash_ops, a->section, a);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*ret = TAKE_PTR(a);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -1032,7 +1018,7 @@ static int macsec_receive_channel_verify(ReceiveChannel *c) {
|
|||
"Ignoring [MACsecReceiveChannel] section from line %u",
|
||||
c->section->filename, c->section->line);
|
||||
|
||||
r = ordered_hashmap_ensure_put(&c->macsec->receive_channels, &receive_channel_hash_ops, &c->sci.as_uint64, c);
|
||||
r = ordered_hashmap_ensure_put(&c->macsec->receive_channels, &uint64_hash_ops, &c->sci.as_uint64, c);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r == -EEXIST)
|
||||
|
|
@ -1122,7 +1108,7 @@ static int macsec_receive_association_verify(ReceiveAssociation *a) {
|
|||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
r = ordered_hashmap_ensure_put(&a->macsec->receive_channels, &receive_channel_hash_ops, &new_channel->sci.as_uint64, new_channel);
|
||||
r = ordered_hashmap_ensure_put(&a->macsec->receive_channels, &uint64_hash_ops, &new_channel->sci.as_uint64, new_channel);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r < 0)
|
||||
|
|
@ -1217,10 +1203,10 @@ static void macsec_init(NetDev *netdev) {
|
|||
static void macsec_done(NetDev *netdev) {
|
||||
MACsec *v = MACSEC(netdev);
|
||||
|
||||
ordered_hashmap_free(v->receive_channels);
|
||||
ordered_hashmap_free(v->receive_channels_by_section);
|
||||
ordered_hashmap_free(v->transmit_associations_by_section);
|
||||
ordered_hashmap_free(v->receive_associations_by_section);
|
||||
ordered_hashmap_free_with_destructor(v->receive_channels, macsec_receive_channel_free);
|
||||
ordered_hashmap_free_with_destructor(v->receive_channels_by_section, macsec_receive_channel_free);
|
||||
ordered_hashmap_free_with_destructor(v->transmit_associations_by_section, macsec_transmit_association_free);
|
||||
ordered_hashmap_free_with_destructor(v->receive_associations_by_section, macsec_receive_association_free);
|
||||
}
|
||||
|
||||
const NetDevVTable macsec_vtable = {
|
||||
|
|
|
|||
|
|
@ -72,11 +72,6 @@ static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
|
|||
|
||||
DEFINE_SECTION_CLEANUP_FUNCTIONS(WireguardPeer, wireguard_peer_free);
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
wireguard_peer_hash_ops_by_section,
|
||||
ConfigSection, config_section_hash_func, config_section_compare_func,
|
||||
WireguardPeer, wireguard_peer_free);
|
||||
|
||||
static int wireguard_peer_new_static(Wireguard *w, const char *filename, unsigned section_line, WireguardPeer **ret) {
|
||||
_cleanup_(config_section_freep) ConfigSection *n = NULL;
|
||||
_cleanup_(wireguard_peer_freep) WireguardPeer *peer = NULL;
|
||||
|
|
@ -109,7 +104,7 @@ static int wireguard_peer_new_static(Wireguard *w, const char *filename, unsigne
|
|||
|
||||
LIST_PREPEND(peers, w->peers, peer);
|
||||
|
||||
r = hashmap_ensure_put(&w->peers_by_section, &wireguard_peer_hash_ops_by_section, peer->section, peer);
|
||||
r = hashmap_ensure_put(&w->peers_by_section, &config_section_hash_ops, peer->section, peer);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -1082,7 +1077,7 @@ static void wireguard_done(NetDev *netdev) {
|
|||
explicit_bzero_safe(w->private_key, WG_KEY_LEN);
|
||||
free(w->private_key_file);
|
||||
|
||||
hashmap_free(w->peers_by_section);
|
||||
hashmap_free_with_destructor(w->peers_by_section, wireguard_peer_free);
|
||||
|
||||
set_free(w->routes);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -615,7 +615,7 @@ static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (rule->fwmark > 0 || rule->fwmask > 0) {
|
||||
if (rule->fwmark > 0) {
|
||||
r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
@ -1315,12 +1315,14 @@ static int parse_fwmark_fwmask(const char *s, uint32_t *ret_fwmark, uint32_t *re
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (fwmark > 0) {
|
||||
if (slash) {
|
||||
r = safe_atou32(slash + 1, &fwmask);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else if (fwmark > 0)
|
||||
} else
|
||||
fwmask = UINT32_MAX;
|
||||
}
|
||||
|
||||
*ret_fwmark = fwmark;
|
||||
*ret_fwmask = fwmask;
|
||||
|
|
|
|||
|
|
@ -88,9 +88,9 @@ int create_subcgroup(
|
|||
return log_oom();
|
||||
|
||||
if (userns_mode != USER_NAMESPACE_MANAGED)
|
||||
r = cg_create_and_attach(payload, pid);
|
||||
r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, payload, pid);
|
||||
else
|
||||
r = cg_create(payload);
|
||||
r = cg_create(SYSTEMD_CGROUP_CONTROLLER, payload);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create %s subcgroup: %m", payload);
|
||||
|
||||
|
|
@ -125,13 +125,13 @@ int create_subcgroup(
|
|||
if (!supervisor)
|
||||
return log_oom();
|
||||
|
||||
r = cg_create_and_attach(supervisor, 0);
|
||||
r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, supervisor, 0);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create %s subcgroup: %m", supervisor);
|
||||
}
|
||||
|
||||
/* Try to enable as many controllers as possible for the new payload. */
|
||||
(void) cg_enable(supported, supported, cgroup, NULL);
|
||||
(void) cg_enable_everywhere(supported, supported, cgroup, NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ static void test_oomd_cgroup_kill(void) {
|
|||
* by the test so that pid1 doesn't delete it before we can read the xattrs. */
|
||||
cgroup = path_join(cgroup_root, "oomdkilltest");
|
||||
assert_se(cgroup);
|
||||
assert_se(cg_create(cgroup) >= 0);
|
||||
assert_se(cg_create(SYSTEMD_CGROUP_CONTROLLER, cgroup) >= 0);
|
||||
|
||||
/* If we don't have permissions to set xattrs we're likely in a userns or missing capabilities */
|
||||
r = cg_set_xattr(cgroup, "user.oomd_test", "test", 4, 0);
|
||||
|
|
@ -65,7 +65,7 @@ static void test_oomd_cgroup_kill(void) {
|
|||
|
||||
for (int j = 0; j < 2; j++) {
|
||||
pid[j] = fork_and_sleep(5);
|
||||
assert_se(cg_attach(cgroup, pid[j]) >= 0);
|
||||
assert_se(cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup, pid[j]) >= 0);
|
||||
}
|
||||
|
||||
r = oomd_cgroup_kill(cgroup, false /* recurse */, false /* dry run */);
|
||||
|
|
@ -477,7 +477,7 @@ static void test_oomd_fetch_cgroup_oom_preference(void) {
|
|||
* owned by the same user. */
|
||||
if (test_xattrs && !empty_or_root(cgroup)) {
|
||||
ctx = oomd_cgroup_context_free(ctx);
|
||||
assert_se(cg_set_access(cgroup, 61183, 0) >= 0);
|
||||
assert_se(cg_set_access(SYSTEMD_CGROUP_CONTROLLER, cgroup, 61183, 0) >= 0);
|
||||
assert_se(oomd_cgroup_context_acquire(cgroup, &ctx) == 0);
|
||||
|
||||
assert_se(oomd_fetch_cgroup_oom_preference(ctx, NULL) == 0);
|
||||
|
|
|
|||
|
|
@ -548,12 +548,3 @@ int dns_question_merge(DnsQuestion *a, DnsQuestion *b, DnsQuestion **ret) {
|
|||
*ret = TAKE_PTR(k);
|
||||
return 0;
|
||||
}
|
||||
|
||||
bool dns_question_contains_key_type(DnsQuestion *q, uint16_t type) {
|
||||
DnsResourceKey *t;
|
||||
DNS_QUESTION_FOREACH(t, q)
|
||||
if (t->type == type)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,8 +61,6 @@ static inline bool dns_question_isempty(DnsQuestion *q) {
|
|||
|
||||
int dns_question_merge(DnsQuestion *a, DnsQuestion *b, DnsQuestion **ret);
|
||||
|
||||
bool dns_question_contains_key_type(DnsQuestion *q, uint16_t type);
|
||||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuestion*, dns_question_unref);
|
||||
|
||||
#define _DNS_QUESTION_FOREACH(u, k, q) \
|
||||
|
|
|
|||
|
|
@ -713,11 +713,6 @@ DnsScopeMatch dns_scope_good_domain(
|
|||
if (!dns_scope_get_dns_server(s))
|
||||
return DNS_SCOPE_NO;
|
||||
|
||||
/* Route DS requests to the parent */
|
||||
const char *route_domain = domain;
|
||||
if (dns_question_contains_key_type(question, DNS_TYPE_DS))
|
||||
(void) dns_name_parent(&route_domain);
|
||||
|
||||
/* Always honour search domains for routing queries, except if this scope lacks DNS servers. Note that
|
||||
* we return DNS_SCOPE_YES here, rather than just DNS_SCOPE_MAYBE, which means other wildcard scopes
|
||||
* won't be considered anymore. */
|
||||
|
|
@ -726,7 +721,7 @@ DnsScopeMatch dns_scope_good_domain(
|
|||
if (!d->route_only && !dns_name_is_root(d->name))
|
||||
has_search_domains = true;
|
||||
|
||||
if (dns_name_endswith(route_domain, d->name) > 0) {
|
||||
if (dns_name_endswith(domain, d->name) > 0) {
|
||||
int c;
|
||||
|
||||
c = dns_name_count_labels(d->name);
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
#include "resolved-dns-dnssec.h"
|
||||
#include "resolved-dns-trust-anchor.h"
|
||||
#include "set.h"
|
||||
#include "sort-util.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
|
|
@ -414,7 +415,7 @@ static int dns_trust_anchor_load_negative(DnsTrustAnchor *d, const char *path, u
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
r = set_ensure_consume(&d->negative_by_name, &dns_name_hash_ops_free, TAKE_PTR(domain));
|
||||
r = set_ensure_consume(&d->negative_by_name, &dns_name_hash_ops, TAKE_PTR(domain));
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
|
|
@ -476,6 +477,10 @@ static int dns_trust_anchor_load_files(
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int domain_name_cmp(char * const *a, char * const *b) {
|
||||
return dns_name_compare_func(*a, *b);
|
||||
}
|
||||
|
||||
static int dns_trust_anchor_dump(DnsTrustAnchor *d) {
|
||||
DnsAnswer *a;
|
||||
|
||||
|
|
@ -498,9 +503,12 @@ static int dns_trust_anchor_dump(DnsTrustAnchor *d) {
|
|||
else {
|
||||
_cleanup_free_ char **l = NULL, *j = NULL;
|
||||
|
||||
if (set_dump_sorted(d->negative_by_name, (void***) &l, /* ret_n = */ NULL) < 0)
|
||||
l = set_get_strv(d->negative_by_name);
|
||||
if (!l)
|
||||
return log_oom();
|
||||
|
||||
typesafe_qsort(l, set_size(d->negative_by_name), domain_name_cmp);
|
||||
|
||||
j = strv_join(l, " ");
|
||||
if (!j)
|
||||
return log_oom();
|
||||
|
|
|
|||
|
|
@ -6,9 +6,6 @@
|
|||
#include "stdio-util.h"
|
||||
#include "string-util.h"
|
||||
|
||||
BUS_DEFINE_PROPERTY_GET_GLOBAL(bus_property_get_bool_false, "b", 0);
|
||||
BUS_DEFINE_PROPERTY_GET_GLOBAL(bus_property_get_uint64_max, "t", UINT64_MAX);
|
||||
|
||||
int bus_property_get_bool(
|
||||
sd_bus *bus,
|
||||
const char *path,
|
||||
|
|
|
|||
|
|
@ -5,10 +5,6 @@
|
|||
|
||||
#include "macro.h"
|
||||
|
||||
/* For deprecated properties. */
|
||||
int bus_property_get_bool_false(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
|
||||
int bus_property_get_uint64_max(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
|
||||
|
||||
int bus_property_get_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
|
||||
int bus_property_set_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *error);
|
||||
int bus_property_get_tristate(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
|
||||
|
|
|
|||
|
|
@ -126,6 +126,8 @@ DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, ioprio_parse_priority);
|
|||
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, parse_nice);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, safe_atoi);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, nsec_t, parse_nsec);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_blkio_weight_parse);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_cpu_shares_parse);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_weight_parse);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_cpu_weight_parse);
|
||||
DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, unsigned long, mount_propagation_flag_from_string);
|
||||
|
|
@ -570,6 +572,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
|
|||
"MemoryAccounting",
|
||||
"MemoryZSwapWriteback",
|
||||
"IOAccounting",
|
||||
"BlockIOAccounting",
|
||||
"TasksAccounting",
|
||||
"IPAccounting",
|
||||
"CoredumpReceive"))
|
||||
|
|
@ -583,6 +586,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
|
|||
"StartupIOWeight"))
|
||||
return bus_append_cg_weight_parse(m, field, eq);
|
||||
|
||||
if (STR_IN_SET(field, "CPUShares",
|
||||
"StartupCPUShares"))
|
||||
return bus_append_cg_cpu_shares_parse(m, field, eq);
|
||||
|
||||
if (STR_IN_SET(field, "AllowedCPUs",
|
||||
"StartupAllowedCPUs",
|
||||
"AllowedMemoryNodes",
|
||||
|
|
@ -602,6 +609,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
|
|||
return bus_append_byte_array(m, field, array, allocated);
|
||||
}
|
||||
|
||||
if (STR_IN_SET(field, "BlockIOWeight",
|
||||
"StartupBlockIOWeight"))
|
||||
return bus_append_cg_blkio_weight_parse(m, field, eq);
|
||||
|
||||
if (streq(field, "DisableControllers"))
|
||||
return bus_append_strv(m, "DisableControllers", eq, /* separator= */ NULL, EXTRACT_UNQUOTE);
|
||||
|
||||
|
|
@ -625,6 +636,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
|
|||
"MemoryMax",
|
||||
"MemorySwapMax",
|
||||
"MemoryZSwapMax",
|
||||
"MemoryLimit",
|
||||
"TasksMax")) {
|
||||
|
||||
if (streq(eq, "infinity")) {
|
||||
|
|
@ -723,7 +735,9 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (cgroup_io_limit_type_from_string(field) >= 0) {
|
||||
if (cgroup_io_limit_type_from_string(field) >= 0 ||
|
||||
STR_IN_SET(field, "BlockIOReadBandwidth",
|
||||
"BlockIOWriteBandwidth")) {
|
||||
|
||||
if (isempty(eq))
|
||||
r = sd_bus_message_append(m, "(sv)", field, "a(st)", 0);
|
||||
|
|
@ -757,7 +771,8 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (streq(field, "IODeviceWeight")) {
|
||||
if (STR_IN_SET(field, "IODeviceWeight",
|
||||
"BlockIODeviceWeight")) {
|
||||
if (isempty(eq))
|
||||
r = sd_bus_message_append(m, "(sv)", field, "a(st)", 0);
|
||||
else {
|
||||
|
|
|
|||
|
|
@ -51,6 +51,52 @@ int cg_cpu_weight_parse(const char *s, uint64_t *ret) {
|
|||
return cg_weight_parse(s, ret);
|
||||
}
|
||||
|
||||
int cg_cpu_shares_parse(const char *s, uint64_t *ret) {
|
||||
uint64_t u;
|
||||
int r;
|
||||
|
||||
assert(s);
|
||||
assert(ret);
|
||||
|
||||
if (isempty(s)) {
|
||||
*ret = CGROUP_CPU_SHARES_INVALID;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = safe_atou64(s, &u);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (u < CGROUP_CPU_SHARES_MIN || u > CGROUP_CPU_SHARES_MAX)
|
||||
return -ERANGE;
|
||||
|
||||
*ret = u;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int cg_blkio_weight_parse(const char *s, uint64_t *ret) {
|
||||
uint64_t u;
|
||||
int r;
|
||||
|
||||
assert(s);
|
||||
assert(ret);
|
||||
|
||||
if (isempty(s)) {
|
||||
*ret = CGROUP_BLKIO_WEIGHT_INVALID;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = safe_atou64(s, &u);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (u < CGROUP_BLKIO_WEIGHT_MIN || u > CGROUP_BLKIO_WEIGHT_MAX)
|
||||
return -ERANGE;
|
||||
|
||||
*ret = u;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int trim_cb(
|
||||
RecurseDirEvent event,
|
||||
const char *path,
|
||||
|
|
@ -70,11 +116,13 @@ static int trim_cb(
|
|||
return RECURSE_DIR_CONTINUE;
|
||||
}
|
||||
|
||||
int cg_trim(const char *path, bool delete_root) {
|
||||
int cg_trim(const char *controller, const char *path, bool delete_root) {
|
||||
_cleanup_free_ char *fs = NULL;
|
||||
int r;
|
||||
int r, q;
|
||||
|
||||
r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
|
||||
assert(controller);
|
||||
|
||||
r = cg_get_path(controller, path, NULL, &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -101,17 +149,25 @@ int cg_trim(const char *path, bool delete_root) {
|
|||
RET_GATHER(r, -errno);
|
||||
}
|
||||
|
||||
q = cg_hybrid_unified();
|
||||
if (q < 0)
|
||||
return q;
|
||||
if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER))
|
||||
(void) cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Create a cgroup in the hierarchy of controller.
|
||||
* Returns 0 if the group already existed, 1 on success, negative otherwise.
|
||||
*/
|
||||
int cg_create(const char *path) {
|
||||
int cg_create(const char *controller, const char *path) {
|
||||
_cleanup_free_ char *fs = NULL;
|
||||
int r;
|
||||
|
||||
r = cg_get_path_and_check(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
|
||||
assert(controller);
|
||||
|
||||
r = cg_get_path_and_check(controller, path, NULL, &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -125,18 +181,28 @@ int cg_create(const char *path) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = cg_hybrid_unified();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
||||
r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to create compat systemd cgroup '%s', ignoring: %m", path);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int cg_attach(const char *path, pid_t pid) {
|
||||
int cg_attach(const char *controller, const char *path, pid_t pid) {
|
||||
_cleanup_free_ char *fs = NULL;
|
||||
char c[DECIMAL_STR_MAX(pid_t) + 2];
|
||||
int r;
|
||||
|
||||
assert(controller);
|
||||
assert(path);
|
||||
assert(pid >= 0);
|
||||
|
||||
r = cg_get_path_and_check(SYSTEMD_CGROUP_CONTROLLER, path, "cgroup.procs", &fs);
|
||||
r = cg_get_path_and_check(controller, path, "cgroup.procs", &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -152,6 +218,15 @@ int cg_attach(const char *path, pid_t pid) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = cg_hybrid_unified();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
||||
r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup '%s', ignoring: %m", pid, path);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -169,18 +244,43 @@ int cg_fd_attach(int fd, pid_t pid) {
|
|||
return write_string_file_at(fd, "cgroup.procs", c, WRITE_STRING_FILE_DISABLE_BUFFER);
|
||||
}
|
||||
|
||||
int cg_create_and_attach(const char *path, pid_t pid) {
|
||||
int cg_attach_fallback(const char *controller, const char *path, pid_t pid) {
|
||||
int r;
|
||||
|
||||
assert(controller);
|
||||
assert(path);
|
||||
assert(pid >= 0);
|
||||
|
||||
r = cg_attach(controller, path, pid);
|
||||
if (r < 0) {
|
||||
char prefix[strlen(path) + 1];
|
||||
|
||||
/* This didn't work? Then let's try all prefixes of the destination */
|
||||
|
||||
PATH_FOREACH_PREFIX(prefix, path) {
|
||||
int q;
|
||||
|
||||
q = cg_attach(controller, prefix, pid);
|
||||
if (q >= 0)
|
||||
return q;
|
||||
}
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
|
||||
int r, q;
|
||||
|
||||
/* This does not remove the cgroup on failure */
|
||||
|
||||
assert(pid >= 0);
|
||||
|
||||
r = cg_create(path);
|
||||
r = cg_create(controller, path);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
q = cg_attach(path, pid);
|
||||
q = cg_attach(controller, path, pid);
|
||||
if (q < 0)
|
||||
return q;
|
||||
|
||||
|
|
@ -188,31 +288,54 @@ int cg_create_and_attach(const char *path, pid_t pid) {
|
|||
}
|
||||
|
||||
int cg_set_access(
|
||||
const char *controller,
|
||||
const char *path,
|
||||
uid_t uid,
|
||||
gid_t gid) {
|
||||
|
||||
static const struct {
|
||||
struct Attribute {
|
||||
const char *name;
|
||||
bool fatal;
|
||||
} attributes[] = {
|
||||
};
|
||||
|
||||
/* cgroup v1, aka legacy/non-unified */
|
||||
static const struct Attribute legacy_attributes[] = {
|
||||
{ "cgroup.procs", true },
|
||||
{ "tasks", false },
|
||||
{ "cgroup.clone_children", false },
|
||||
{},
|
||||
};
|
||||
|
||||
/* cgroup v2, aka unified */
|
||||
static const struct Attribute unified_attributes[] = {
|
||||
{ "cgroup.procs", true },
|
||||
{ "cgroup.subtree_control", true },
|
||||
{ "cgroup.threads", false },
|
||||
{ "memory.oom.group", false },
|
||||
{ "memory.reclaim", false },
|
||||
{},
|
||||
};
|
||||
|
||||
static const struct Attribute* const attributes[] = {
|
||||
[false] = legacy_attributes,
|
||||
[true] = unified_attributes,
|
||||
};
|
||||
|
||||
_cleanup_free_ char *fs = NULL;
|
||||
int r;
|
||||
const struct Attribute *i;
|
||||
int r, unified;
|
||||
|
||||
assert(path);
|
||||
|
||||
if (uid == UID_INVALID && gid == GID_INVALID)
|
||||
return 0;
|
||||
|
||||
unified = cg_unified_controller(controller);
|
||||
if (unified < 0)
|
||||
return unified;
|
||||
|
||||
/* Configure access to the cgroup itself */
|
||||
r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
|
||||
r = cg_get_path(controller, path, NULL, &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -221,17 +344,31 @@ int cg_set_access(
|
|||
return r;
|
||||
|
||||
/* Configure access to the cgroup's attributes */
|
||||
FOREACH_ELEMENT(i, attributes) {
|
||||
_cleanup_free_ char *a = path_join(fs, i->name);
|
||||
if (!a)
|
||||
return -ENOMEM;
|
||||
for (i = attributes[unified]; i->name; i++) {
|
||||
fs = mfree(fs);
|
||||
|
||||
r = chmod_and_chown(a, 0644, uid, gid);
|
||||
r = cg_get_path(controller, path, i->name, &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = chmod_and_chown(fs, 0644, uid, gid);
|
||||
if (r < 0) {
|
||||
if (i->fatal)
|
||||
return r;
|
||||
|
||||
log_debug_errno(r, "Failed to set access on cgroup %s, ignoring: %m", a);
|
||||
log_debug_errno(r, "Failed to set access on cgroup %s, ignoring: %m", fs);
|
||||
}
|
||||
}
|
||||
|
||||
if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
||||
r = cg_hybrid_unified();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0) {
|
||||
/* Always propagate access mode from unified to legacy controller */
|
||||
r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, uid, gid);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to set access on compatibility systemd cgroup %s, ignoring: %m", path);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -268,6 +405,7 @@ static int access_callback(
|
|||
}
|
||||
|
||||
int cg_set_access_recursive(
|
||||
const char *controller,
|
||||
const char *path,
|
||||
uid_t uid,
|
||||
gid_t gid) {
|
||||
|
|
@ -276,6 +414,7 @@ int cg_set_access_recursive(
|
|||
_cleanup_free_ char *fs = NULL;
|
||||
int r;
|
||||
|
||||
assert(controller);
|
||||
assert(path);
|
||||
|
||||
/* A recursive version of cg_set_access(). But note that this one changes ownership of *all* files,
|
||||
|
|
@ -285,7 +424,7 @@ int cg_set_access_recursive(
|
|||
if (!uid_is_valid(uid) && !gid_is_valid(gid))
|
||||
return 0;
|
||||
|
||||
r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
|
||||
r = cg_get_path(controller, path, NULL, &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -313,16 +452,20 @@ int cg_set_access_recursive(
|
|||
}
|
||||
|
||||
int cg_migrate(
|
||||
const char *from,
|
||||
const char *to,
|
||||
const char *cfrom,
|
||||
const char *pfrom,
|
||||
const char *cto,
|
||||
const char *pto,
|
||||
CGroupFlags flags) {
|
||||
|
||||
_cleanup_set_free_ Set *s = NULL;
|
||||
bool done;
|
||||
int r, ret = 0;
|
||||
|
||||
assert(from);
|
||||
assert(to);
|
||||
assert(cfrom);
|
||||
assert(pfrom);
|
||||
assert(cto);
|
||||
assert(pto);
|
||||
|
||||
do {
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
|
|
@ -330,7 +473,7 @@ int cg_migrate(
|
|||
|
||||
done = true;
|
||||
|
||||
r = cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, from, &f);
|
||||
r = cg_enumerate_processes(cfrom, pfrom, &f);
|
||||
if (r < 0)
|
||||
return RET_GATHER(ret, r);
|
||||
|
||||
|
|
@ -350,7 +493,7 @@ int cg_migrate(
|
|||
if (pid_is_kernel_thread(pid) > 0)
|
||||
continue;
|
||||
|
||||
r = cg_attach(to, pid);
|
||||
r = cg_attach(cto, pto, pid);
|
||||
if (r < 0) {
|
||||
if (r != -ESRCH)
|
||||
RET_GATHER(ret, r);
|
||||
|
|
@ -370,7 +513,112 @@ int cg_migrate(
|
|||
return ret;
|
||||
}
|
||||
|
||||
int cg_enable(
|
||||
int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path) {
|
||||
CGroupController c;
|
||||
CGroupMask done;
|
||||
bool created;
|
||||
int r;
|
||||
|
||||
/* This one will create a cgroup in our private tree, but also
|
||||
* duplicate it in the trees specified in mask, and remove it
|
||||
* in all others.
|
||||
*
|
||||
* Returns 0 if the group already existed in the systemd hierarchy,
|
||||
* 1 on success, negative otherwise.
|
||||
*/
|
||||
|
||||
/* First create the cgroup in our own hierarchy. */
|
||||
r = cg_create(SYSTEMD_CGROUP_CONTROLLER, path);
|
||||
if (r < 0)
|
||||
return r;
|
||||
created = r;
|
||||
|
||||
/* If we are in the unified hierarchy, we are done now */
|
||||
r = cg_all_unified();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
return created;
|
||||
|
||||
supported &= CGROUP_MASK_V1;
|
||||
mask = CGROUP_MASK_EXTEND_JOINED(mask);
|
||||
done = 0;
|
||||
|
||||
/* Otherwise, do the same in the other hierarchies */
|
||||
for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
|
||||
CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
|
||||
const char *n;
|
||||
|
||||
if (!FLAGS_SET(supported, bit))
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(done, bit))
|
||||
continue;
|
||||
|
||||
n = cgroup_controller_to_string(c);
|
||||
if (FLAGS_SET(mask, bit))
|
||||
(void) cg_create(n, path);
|
||||
|
||||
done |= CGROUP_MASK_EXTEND_JOINED(bit);
|
||||
}
|
||||
|
||||
return created;
|
||||
}
|
||||
|
||||
int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid) {
|
||||
int r;
|
||||
|
||||
assert(path);
|
||||
assert(pid >= 0);
|
||||
|
||||
r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, path, pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = cg_all_unified();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
return 0;
|
||||
|
||||
supported &= CGROUP_MASK_V1;
|
||||
CGroupMask done = 0;
|
||||
|
||||
for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
|
||||
CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
|
||||
|
||||
if (!FLAGS_SET(supported, bit))
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(done, bit))
|
||||
continue;
|
||||
|
||||
(void) cg_attach_fallback(cgroup_controller_to_string(c), path, pid);
|
||||
done |= CGROUP_MASK_EXTEND_JOINED(bit);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) {
|
||||
int r, q;
|
||||
|
||||
assert(path);
|
||||
|
||||
r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
q = cg_all_unified();
|
||||
if (q < 0)
|
||||
return q;
|
||||
if (q > 0)
|
||||
return r;
|
||||
|
||||
return cg_trim_v1_controllers(supported, _CGROUP_MASK_ALL, path, delete_root);
|
||||
}
|
||||
|
||||
int cg_enable_everywhere(
|
||||
CGroupMask supported,
|
||||
CGroupMask mask,
|
||||
const char *p,
|
||||
|
|
@ -390,6 +638,26 @@ int cg_enable(
|
|||
return 0;
|
||||
}
|
||||
|
||||
r = cg_all_unified();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
/* On the legacy hierarchy there's no concept of "enabling" controllers in cgroups defined. Let's claim
|
||||
* complete success right away. (If you wonder why we return the full mask here, rather than zero: the
|
||||
* caller tends to use the returned mask later on to compare if all controllers where properly joined,
|
||||
* and if not requeues realization. This use is the primary purpose of the return value, hence let's
|
||||
* minimize surprises here and reduce triggers for re-realization by always saying we fully
|
||||
* succeeded.) */
|
||||
if (ret_result_mask)
|
||||
*ret_result_mask = mask & supported & CGROUP_MASK_V2; /* If you wonder why we mask this with
|
||||
* CGROUP_MASK_V2: The 'supported' mask
|
||||
* might contain pure-V1 or BPF
|
||||
* controllers, and we never want to
|
||||
* claim that we could enable those with
|
||||
* cgroup.subtree_control */
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
@ -458,6 +726,148 @@ int cg_enable(
|
|||
return 0;
|
||||
}
|
||||
|
||||
int cg_migrate_recursive(
|
||||
const char *cfrom,
|
||||
const char *pfrom,
|
||||
const char *cto,
|
||||
const char *pto,
|
||||
CGroupFlags flags) {
|
||||
|
||||
_cleanup_closedir_ DIR *d = NULL;
|
||||
int r, ret = 0;
|
||||
char *fn;
|
||||
|
||||
assert(cfrom);
|
||||
assert(pfrom);
|
||||
assert(cto);
|
||||
assert(pto);
|
||||
|
||||
ret = cg_migrate(cfrom, pfrom, cto, pto, flags);
|
||||
|
||||
r = cg_enumerate_subgroups(cfrom, pfrom, &d);
|
||||
if (r < 0) {
|
||||
if (ret >= 0 && r != -ENOENT)
|
||||
return r;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
while ((r = cg_read_subgroup(d, &fn)) > 0) {
|
||||
_cleanup_free_ char *p = NULL;
|
||||
|
||||
p = path_join(empty_to_root(pfrom), fn);
|
||||
free(fn);
|
||||
if (!p)
|
||||
return -ENOMEM;
|
||||
|
||||
r = cg_migrate_recursive(cfrom, p, cto, pto, flags);
|
||||
if (r != 0 && ret >= 0)
|
||||
ret = r;
|
||||
}
|
||||
|
||||
if (r < 0 && ret >= 0)
|
||||
ret = r;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int cg_migrate_recursive_fallback(
|
||||
const char *cfrom,
|
||||
const char *pfrom,
|
||||
const char *cto,
|
||||
const char *pto,
|
||||
CGroupFlags flags) {
|
||||
|
||||
int r;
|
||||
|
||||
assert(cfrom);
|
||||
assert(pfrom);
|
||||
assert(cto);
|
||||
assert(pto);
|
||||
|
||||
r = cg_migrate_recursive(cfrom, pfrom, cto, pto, flags);
|
||||
if (r < 0) {
|
||||
char prefix[strlen(pto) + 1];
|
||||
|
||||
/* This didn't work? Then let's try all prefixes of the destination */
|
||||
|
||||
PATH_FOREACH_PREFIX(prefix, pto) {
|
||||
int q;
|
||||
|
||||
q = cg_migrate_recursive(cfrom, pfrom, cto, prefix, flags);
|
||||
if (q >= 0)
|
||||
return q;
|
||||
}
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
int cg_migrate_v1_controllers(CGroupMask supported, CGroupMask mask, const char *from, cg_migrate_callback_t to_callback, void *userdata) {
|
||||
CGroupController c;
|
||||
CGroupMask done;
|
||||
int r = 0, q;
|
||||
|
||||
assert(to_callback);
|
||||
|
||||
supported &= CGROUP_MASK_V1;
|
||||
mask = CGROUP_MASK_EXTEND_JOINED(mask);
|
||||
done = 0;
|
||||
|
||||
for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
|
||||
CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
|
||||
const char *to = NULL;
|
||||
|
||||
if (!FLAGS_SET(supported, bit))
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(done, bit))
|
||||
continue;
|
||||
|
||||
if (!FLAGS_SET(mask, bit))
|
||||
continue;
|
||||
|
||||
to = to_callback(bit, userdata);
|
||||
|
||||
/* Remember first error and try continuing */
|
||||
q = cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, from, cgroup_controller_to_string(c), to, 0);
|
||||
r = (r < 0) ? r : q;
|
||||
|
||||
done |= CGROUP_MASK_EXTEND_JOINED(bit);
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
int cg_trim_v1_controllers(CGroupMask supported, CGroupMask mask, const char *path, bool delete_root) {
|
||||
CGroupController c;
|
||||
CGroupMask done;
|
||||
int r = 0, q;
|
||||
|
||||
supported &= CGROUP_MASK_V1;
|
||||
mask = CGROUP_MASK_EXTEND_JOINED(mask);
|
||||
done = 0;
|
||||
|
||||
for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
|
||||
CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
|
||||
|
||||
if (!FLAGS_SET(supported, bit))
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(done, bit))
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(mask, bit)) {
|
||||
/* Remember first error and try continuing */
|
||||
q = cg_trim(cgroup_controller_to_string(c), path, delete_root);
|
||||
r = (r < 0) ? r : q;
|
||||
}
|
||||
done |= CGROUP_MASK_EXTEND_JOINED(bit);
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
int cg_has_legacy(void) {
|
||||
struct statfs fs;
|
||||
|
||||
|
|
|
|||
|
|
@ -9,19 +9,33 @@
|
|||
|
||||
int cg_weight_parse(const char *s, uint64_t *ret);
|
||||
int cg_cpu_weight_parse(const char *s, uint64_t *ret);
|
||||
int cg_cpu_shares_parse(const char *s, uint64_t *ret);
|
||||
int cg_blkio_weight_parse(const char *s, uint64_t *ret);
|
||||
|
||||
int cg_trim(const char *path, bool delete_root);
|
||||
int cg_trim(const char *controller, const char *path, bool delete_root);
|
||||
|
||||
int cg_create(const char *path);
|
||||
int cg_attach(const char *path, pid_t pid);
|
||||
int cg_create(const char *controller, const char *path);
|
||||
int cg_attach(const char *controller, const char *path, pid_t pid);
|
||||
int cg_fd_attach(int fd, pid_t pid);
|
||||
int cg_create_and_attach(const char *path, pid_t pid);
|
||||
int cg_attach_fallback(const char *controller, const char *path, pid_t pid);
|
||||
int cg_create_and_attach(const char *controller, const char *path, pid_t pid);
|
||||
|
||||
int cg_set_access(const char *path, uid_t uid, gid_t gid);
|
||||
int cg_set_access_recursive(const char *path, uid_t uid, gid_t gid);
|
||||
int cg_set_access(const char *controller, const char *path, uid_t uid, gid_t gid);
|
||||
int cg_set_access_recursive(const char *controller, const char *path, uid_t uid, gid_t gid);
|
||||
|
||||
int cg_enable(CGroupMask supported, CGroupMask mask, const char *p, CGroupMask *ret_result_mask);
|
||||
int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path);
|
||||
int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid);
|
||||
int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root);
|
||||
int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p, CGroupMask *ret_result_mask);
|
||||
|
||||
int cg_migrate(const char *from, const char *to, CGroupFlags flags);
|
||||
int cg_migrate(const char *cfrom, const char *pfrom, const char *cto, const char *pto, CGroupFlags flags);
|
||||
|
||||
typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata);
|
||||
|
||||
/* CGroup V1 specific */
|
||||
int cg_migrate_recursive(const char *cfrom, const char *pfrom, const char *cto, const char *pto, CGroupFlags flags);
|
||||
int cg_migrate_recursive_fallback(const char *cfrom, const char *pfrom, const char *cto, const char *pto, CGroupFlags flags);
|
||||
int cg_migrate_v1_controllers(CGroupMask supported, CGroupMask mask, const char *from, cg_migrate_callback_t to_callback, void *userdata);
|
||||
int cg_trim_v1_controllers(CGroupMask supported, CGroupMask mask, const char *path, bool delete_root);
|
||||
|
||||
int cg_has_legacy(void);
|
||||
|
|
|
|||
|
|
@ -306,7 +306,11 @@ static int enter_cgroup(char **ret_cgroup, bool enter_subroot) {
|
|||
/* If this fails, then we don't mind as the later cgroup operations will fail too, and it's fine if
|
||||
* we handle any errors at that point. */
|
||||
|
||||
r = cg_create_and_attach(cgroup_subroot, 0);
|
||||
r = cg_create_everywhere(supported, _CGROUP_MASK_ALL, cgroup_subroot);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = cg_attach_everywhere(supported, cgroup_subroot, 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
|||
|
|
@ -466,7 +466,7 @@ int main(int argc, char *argv[]) {
|
|||
/* Let's trim the cgroup tree on each iteration so that we leave an empty cgroup tree around,
|
||||
* so that container managers get a nice notify event when we are down */
|
||||
if (cgroup)
|
||||
(void) cg_trim(cgroup, false);
|
||||
(void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, cgroup, false);
|
||||
|
||||
if (need_umount) {
|
||||
log_info("Unmounting file systems.");
|
||||
|
|
|
|||
|
|
@ -299,7 +299,8 @@ int main(int argc, char *argv[]) {
|
|||
ASSERT_OK(path_extract_directory(cgroup, &parent));
|
||||
|
||||
ASSERT_OK(cg_mask_supported(&supported));
|
||||
ASSERT_OK(cg_attach(parent, 0));
|
||||
r = cg_attach_everywhere(supported, parent, 0);
|
||||
ASSERT_OK(r);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,32 +63,32 @@ TEST(cg_create) {
|
|||
log_info("Paths for test:\n%s\n%s", test_a, test_b);
|
||||
|
||||
/* Possibly clean up left-overs from aboted previous runs */
|
||||
(void) cg_trim(test_a, /* delete_root= */ true);
|
||||
(void) cg_trim(test_b, /* delete_root= */ true);
|
||||
(void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_a, /* delete_root= */ true);
|
||||
(void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_b, /* delete_root= */ true);
|
||||
|
||||
r = cg_create(test_a);
|
||||
r = cg_create(SYSTEMD_CGROUP_CONTROLLER, test_a);
|
||||
if (IN_SET(r, -EPERM, -EACCES, -EROFS)) {
|
||||
log_info_errno(r, "Skipping %s: %m", __func__);
|
||||
return;
|
||||
}
|
||||
|
||||
ASSERT_OK_EQ(r, 1);
|
||||
ASSERT_OK_ZERO(cg_create(test_a));
|
||||
ASSERT_OK_EQ(cg_create(test_b), 1);
|
||||
ASSERT_OK_EQ(cg_create(test_c), 1);
|
||||
ASSERT_OK_ZERO(cg_create_and_attach(test_b, 0));
|
||||
ASSERT_OK_ZERO(cg_create(SYSTEMD_CGROUP_CONTROLLER, test_a));
|
||||
ASSERT_OK_EQ(cg_create(SYSTEMD_CGROUP_CONTROLLER, test_b), 1);
|
||||
ASSERT_OK_EQ(cg_create(SYSTEMD_CGROUP_CONTROLLER, test_c), 1);
|
||||
ASSERT_OK_ZERO(cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, test_b, 0));
|
||||
|
||||
ASSERT_OK_ZERO(cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, getpid_cached(), &path));
|
||||
ASSERT_STREQ(path, test_b);
|
||||
free(path);
|
||||
|
||||
ASSERT_OK_ZERO(cg_attach(test_a, 0));
|
||||
ASSERT_OK_ZERO(cg_attach(SYSTEMD_CGROUP_CONTROLLER, test_a, 0));
|
||||
|
||||
ASSERT_OK_ZERO(cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, getpid_cached(), &path));
|
||||
ASSERT_TRUE(path_equal(path, test_a));
|
||||
free(path);
|
||||
|
||||
ASSERT_OK_EQ(cg_create_and_attach(test_d, 0), 1);
|
||||
ASSERT_OK_EQ(cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, test_d, 0), 1);
|
||||
|
||||
ASSERT_OK_ZERO(cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, getpid_cached(), &path));
|
||||
ASSERT_TRUE(path_equal(path, test_d));
|
||||
|
|
@ -114,8 +114,15 @@ TEST(cg_create) {
|
|||
ASSERT_OK_ZERO(cg_kill_recursive(test_a, 0, 0, NULL, NULL, NULL));
|
||||
ASSERT_OK_POSITIVE(cg_kill_recursive(test_b, 0, 0, NULL, NULL, NULL));
|
||||
|
||||
ASSERT_OK(cg_trim(test_a, true));
|
||||
ASSERT_ERROR(cg_trim(test_b, true), EBUSY);
|
||||
ASSERT_OK_POSITIVE(cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, test_b, SYSTEMD_CGROUP_CONTROLLER, test_a, 0));
|
||||
|
||||
ASSERT_OK_ZERO(cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, test_a));
|
||||
ASSERT_OK_POSITIVE(cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, test_b));
|
||||
|
||||
ASSERT_OK_POSITIVE(cg_kill_recursive(test_a, 0, 0, NULL, NULL, NULL));
|
||||
ASSERT_OK_ZERO(cg_kill_recursive(test_b, 0, 0, NULL, NULL, NULL));
|
||||
|
||||
ASSERT_OK(cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_b, true));
|
||||
}
|
||||
|
||||
TEST(id) {
|
||||
|
|
|
|||
|
|
@ -48,24 +48,6 @@ From=10.1.0.0/16
|
|||
Priority=104
|
||||
Table=12
|
||||
|
||||
[RoutingPolicyRule]
|
||||
IncomingInterface=test1
|
||||
FirewallMark=0/1
|
||||
Priority=200
|
||||
Table=20
|
||||
|
||||
[RoutingPolicyRule]
|
||||
IncomingInterface=test1
|
||||
FirewallMark=7/255
|
||||
Priority=201
|
||||
Table=21
|
||||
|
||||
[RoutingPolicyRule]
|
||||
IncomingInterface=test1
|
||||
FirewallMark=9999
|
||||
Priority=202
|
||||
Table=22
|
||||
|
||||
# The four routing policy rules below intentionally have the same config
|
||||
# excepts for their To= addresses. See issue #35874.
|
||||
[RoutingPolicyRule]
|
||||
|
|
|
|||
|
|
@ -3890,18 +3890,6 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
|||
print(output)
|
||||
self.assertIn('104: from 10.1.0.0/16 iif test1 lookup 12 nop', output)
|
||||
|
||||
output = check_output('ip rule list iif test1 priority 200')
|
||||
print(output)
|
||||
self.assertIn('200: from all fwmark 0/0x1 iif test1 lookup 20', output)
|
||||
|
||||
output = check_output('ip rule list iif test1 priority 201')
|
||||
print(output)
|
||||
self.assertIn('201: from all fwmark 0x7/0xff iif test1 lookup 21', output)
|
||||
|
||||
output = check_output('ip rule list iif test1 priority 202')
|
||||
print(output)
|
||||
self.assertIn('202: from all fwmark 0x270f iif test1 lookup 22', output)
|
||||
|
||||
output = check_output('ip rule list to 192.0.2.0/26')
|
||||
print(output)
|
||||
self.assertIn('to 192.0.2.0/26 lookup 1001', output)
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@
|
|||
Description=Deeper Parent Slice
|
||||
|
||||
[Slice]
|
||||
MemoryAccounting=yes
|
||||
MemoryLimit=3G
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ Description=Son Service
|
|||
Slice=parent.slice
|
||||
Type=oneshot
|
||||
ExecStart=true
|
||||
CPUWeight=100
|
||||
CPUShares=100
|
||||
|
|
|
|||
|
|
@ -611,9 +611,7 @@ def elf2efi(args: argparse.Namespace):
|
|||
|
||||
coff.Machine = pe_arch
|
||||
coff.NumberOfSections = len(sections)
|
||||
coff.TimeDateStamp = int(
|
||||
os.environ.get("SOURCE_DATE_EPOCH") if os.environ.get("SOURCE_DATE_EPOCH") else time.time()
|
||||
)
|
||||
coff.TimeDateStamp = int(sde if (sde := os.environ.get("SOURCE_DATE_EPOCH")) else time.time())
|
||||
coff.SizeOfOptionalHeader = sizeof(opt)
|
||||
# EXECUTABLE_IMAGE|LINE_NUMS_STRIPPED|LOCAL_SYMS_STRIPPED|DEBUG_STRIPPED
|
||||
# and (32BIT_MACHINE or LARGE_ADDRESS_AWARE)
|
||||
|
|
|
|||
Loading…
Reference in New Issue