Evolinx/internal_systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
37,151 Commits 1 Branch 0 Tags 198 MiB
c72703e26d
Commit Graph

37151 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Down
c72703e26d cgroup: Add DisableControllers= directive to disable controller in subtree 
Some controllers (like the CPU controller) have a performance cost that
is non-trivial on certain workloads. While this can be mitigated and
improved to an extent, there will for some controllers always be some
overheads associated with the benefits gained from the controller.
Inside Facebook, the fix applied has been to disable the CPU controller
forcibly with `cgroup_disable=cpu` on the kernel command line.

This presents a problem: to disable or reenable the controller, a reboot
is required, but this is quite cumbersome and slow to do for many
thousands of machines, especially machines where disabling/enabling a
stateful service on a machine is a matter of several minutes.

Currently systemd provides some configuration knobs for these in the
form of `[Default]CPUAccounting`, `[Default]MemoryAccounting`, and the
like. The limitation of these is that Default*Accounting is overrideable
by individual services, of which any one could decide to reenable a
controller within the hierarchy at any point just by using a controller
feature implicitly (eg. `CPUWeight`), even if the use of that CPU
feature could just be opportunistic. Since many services are provided by
the distribution, or by upstream teams at a particular organisation,
it's not a sustainable solution to simply try to find and remove
offending directives from these units.

This commit presents a more direct solution -- a DisableControllers=
directive that forcibly disallows a controller from being enabled within
a subtree.
 2018-12-03 15:40:31 +00:00
Chris Down
4f6f62e468 cgroup: Traverse leaves to realised cgroup to release controllers 
This adds a depth-first version of unit_realize_cgroup_now which can
only do depth-first disabling of controllers, in preparation for the
DisableController= directive.
 2018-12-03 14:37:39 +00:00
Chris Down
a57669d290 cgroup: Rework unit_realize_cgroup_now to explicitly be breadth-first 
systemd currently doesn't really expend much effort in disabling
controllers. unit_realize_cgroup_now *may* be able to disable a
controller in the basic case when using cgroup v2, but generally won't
manage as downstream dependents may still use it.

This code doesn't add any logic to fix that, but it starts the process
of moving to have a breadth-first version of unit_realize_cgroup_now for
enabling, and a depth-first version of unit_realize_cgroup_now for
disabling.
 2018-12-03 14:37:39 +00:00
Chris Down
0d2d6fbf15 cgroup: Move attribute application into unit_create_cgroup 
We always end up doing these together, so just colocate them and require
manager state for unit_create_cgroup.
 2018-12-03 14:37:38 +00:00
Yu Watanabe
7934dede41 network: drop unnecessary buffers 2018-12-03 12:15:26 +01:00
Lennart Poettering
ad2bf5df89
Merge pull request #10992 from yuwata/follow-up-10948 
network: make fib rule accept arbitrary ip protocol
 2018-12-03 11:09:04 +01:00
Yu Watanabe
9714c020fc missing: split network related entries 
Also adds comments which kernel version added the entries.

Closes #10553.
 2018-12-03 10:31:05 +01:00
Harald Hoyer
4a3b569445 sd-boot: remove Stall() call (#11029) 
This is left-over from debugging.
 2018-12-03 10:27:26 +01:00
Susant Sahani
7b3b982217 vxlan: minor coding style fixes. 2018-12-03 02:05:12 +09:00
Yu Watanabe
c818721579
Merge pull request #11011 from poettering/tmpfile-util 
split up fileio.c a bit
 2018-12-03 02:04:31 +09:00
Lennart Poettering
29e719ced0 resolved: sort headers again 2018-12-02 13:22:29 +01:00
Lennart Poettering
686d13b9f2 util-lib: split out env file parsing code into env-file.c 
It's quite complex, let's split this out.

No code changes, just some file rearranging.
 2018-12-02 13:22:29 +01:00
Lennart Poettering
0a2152f005 util-lib: move open_serialization_fd() to serialize.c 
It definitely fits better there.

No code changes, just some rearranging.
 2018-12-02 13:22:29 +01:00
Lennart Poettering
a12a00c857 resolved: remove duplicate #include 2018-12-02 13:22:29 +01:00
Lennart Poettering
2d9c643b1d test: remove duplicate #include 2018-12-02 13:22:29 +01:00
Lennart Poettering
e4de72876e util-lib: split out all temporary file related calls into tmpfiles-util.c 
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.

No code changes, just some rearranging of source files.
 2018-12-02 13:22:29 +01:00
Lennart Poettering
ee228be10c util-lib: don't include fileio.h from fileio-label.h 
There's no reason for doing that, hence simply don't.
 2018-12-02 13:22:29 +01:00
Lennart Poettering
928b3da0f1 test: remove unnecessary include 2018-12-02 13:22:29 +01:00
Lennart Poettering
f4f84a8a62 test: (void)ify unlink() call 2018-12-02 13:22:29 +01:00
Lennart Poettering
603772810c fileio: remove unnecessary initialization 2018-12-02 13:22:28 +01:00
Lennart Poettering
8bdc9a90db fileio: include ctype.h with <> rather than "" 
It's a system header after all.
 2018-12-02 13:22:28 +01:00
Yu Watanabe
d2b42d63c4 core,run: make SocketProtocol= accept protocol name in upper case an protocol number 2018-12-02 06:13:47 +01:00
Yu Watanabe
3a269dcf51 network: make IPProtocol= also accept IP protocol number 2018-12-02 06:13:47 +01:00
Yu Watanabe
97f9df9e30 network: rename Protocol= in [RoutingPolicyRule] to IPProtocol= 2018-12-02 06:13:47 +01:00
Yu Watanabe
dca2309108 test: add tests for ip_protocol_{from,to}_name() 2018-12-02 06:13:47 +01:00
Yu Watanabe
0667a0c497 util: introduce parse_ip_protocol() 
Not only protocol name in lower case, but it optionally accepts
IP protocol name in upper case and IP protocol number.
 2018-12-02 06:13:41 +01:00
Yu Watanabe
cedfe0b02b util: cast smaller type to large type 2018-12-02 05:58:18 +01:00
Yu Watanabe
da96ad5ae2 util: rename socket_protocol_{from,to}_name() to ip_protocol_{from,to}_name() 2018-12-02 05:48:27 +01:00
Lennart Poettering
5dd9527883 tree-wide: remove various unused functions 
All found with "cppcheck --enable=unusedFunction".
 2018-12-02 13:35:34 +09:00
Evgeny Vereshchagin
c26ae3013d
Merge pull request #11013 from evverx/travis-clang 
travis: also build systemd with clang
 2018-12-02 03:54:21 +03:00
Susant Sahani
58a02e4c97 ip rule: fix clang warning. 
```
[2/1209] Compiling C object 'src/network/src@network@@networkd-core@sta/networkd-routing-policy-rule.c.o'.
FAILED: src/network/src@network@@networkd-core@sta/networkd-routing-policy-rule.c.o
clang -Isrc/network/src@network@@networkd-core@sta -Isrc/network -I../src/network -Isrc/basic -I../src/basic -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -Isrc/libsystemd-network -I../src/libsystemd-network -I. -I../ -Xclang -fcolor-diagnostics -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=gnu99 -O0 -g -Wextra -Werror=undef -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Wdate-time -Wnested-externs -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-error=nonnull -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -fPIE -Wno-typedef-redefinition -Wno-gnu-variable-sized-type-not-at-end -Werror=shadow -include config.h -fPIC  -MD -MQ 'src/network/src@network@@networkd-core@sta/networkd-routing-policy-rule.c.o' -MF 'src/network/src@network@@networkd-core@sta/networkd-routing-policy-rule.c.o.d' -o 'src/network/src@network@@networkd-core@sta/networkd-routing-policy-rule.c.o' -c ../src/network/networkd-routing-policy-rule.c
../src/network/networkd-routing-policy-rule.c:1071:33: error: format specifies type 'unsigned char' but the argument has type '__u16' (aka 'unsigned short') [-Werror,-Wformat]
                                rule->sport.start, rule->sport.end);
                                ^~~~~~~~~~~~~~~~~
../src/network/networkd-routing-policy-rule.c:1071:52: error: format specifies type 'unsigned char' but the argument has type '__u16' (aka 'unsigned short') [-Werror,-Wformat]
                                rule->sport.start, rule->sport.end);
                                                   ^~~~~~~~~~~~~~~
../src/network/networkd-routing-policy-rule.c:1078:33: error: format specifies type 'unsigned char' but the argument has type '__u16' (aka 'unsigned short') [-Werror,-Wformat]
                                rule->dport.start, rule->dport.end);
                                ^~~~~~~~~~~~~~~~~
../src/network/networkd-routing-policy-rule.c:1078:52: error: format specifies type 'unsigned char' but the argument has type '__u16' (aka 'unsigned short') [-Werror,-Wformat]
                                rule->dport.start, rule->dport.end);
                                                   ^~~~~~~~~~~~~~~
4 errors generated.
```
 2018-12-01 15:45:12 +01:00
Aleksei Timofeyev
09e5c07fbd resolved: add missed io-util.h header to resolved-dnstls-openssl.c 
Regression after commit 5cfa2c3dc0
 2018-12-01 12:49:01 +01:00
Evgeny Vereshchagin
37cbcd4642 travis: also build systemd with clang 2018-12-01 04:53:11 +01:00
Evgeny Vereshchagin
f5e75e08b0 travis: use latest instead of rawhide 2018-12-01 06:45:45 +03:00
Lennart Poettering
2c8f15aeca
Merge pull request #11006 from poettering/conf-file-fix 
minor fixes for conf-files.c
 2018-12-01 00:47:22 +01:00
Lennart Poettering
ac20048fc0
Merge pull request #11002 from keszybz/path_join-merging 
Path join merging
 2018-12-01 00:44:58 +01:00
Lennart Poettering
f8ee4eaa48
Merge pull request #11004 from keszybz/remove-fixme-comment 
socket-util: drop obsolete FIXME comment and add test
 2018-12-01 00:01:11 +01:00
Zbigniew Jędrzejewski-Szmek
652ef29887 path-util: allow NULLs in arguments to path_join() 
This removes the need to remember to put strempty() in places, thus reducing
the likelihood of a stupid mistake.
 2018-11-30 22:21:17 +01:00
Lennart Poettering
59ea6e57a5 networkd: refuse IPv6 RADV prefixes that lack Prefix= setting 
Fixes: #9589
 2018-11-30 22:19:28 +01:00
Zbigniew Jędrzejewski-Szmek
15dca3711d basic/socket-util: use c-escaping to print unprintable socket paths 
We are pretty careful to reject abstract sockets that are too long to fit in
the address structure as a NUL-terminated string. And since we parse sockets as
strings, it is not possible to embed a NUL in the the address either.  But we
might receive an external socket (abstract or not), and we want to be able to
print its address in all cases. We would call socket_address_verify() and
refuse to print various sockets that the kernel considers legit.

Let's do the strict verification only in case of socket addresses we parse and
open ourselves, and do less strict verification when printing addresses of
existing sockets, and use c-escaping to print embedded NULs and such.

More tests are added.

This should make LGTM happier because on FIXME comment is removed.
 2018-11-30 21:58:47 +01:00
Zbigniew Jędrzejewski-Szmek
3a48499153 shared/socket-util: do not print empty CID 
That's just ugly.
 2018-11-30 21:40:04 +01:00
Zbigniew Jędrzejewski-Szmek
39e73acb9b test-socket-util: add test for socket_address_print 2018-11-30 21:40:02 +01:00
Zbigniew Jędrzejewski-Szmek
041103a688 test-socket-util: the usual modernization 2018-11-30 21:37:44 +01:00
Lennart Poettering
b806f0b0aa
Merge pull request #10701 from poettering/analyze-security 
systemd-analyze: add a new "security" verb for analyzing unit sandboxing options
 2018-11-30 19:41:59 +01:00
Lennart Poettering
380b82d678 conf-files: remove unused function 2018-11-30 16:56:35 +01:00
Lennart Poettering
a7181c671a conf-files: remove misplaced log_oom() 
The caller should log in this case (and all callers in fact already do),
hence let's remove the duplicate logging here.
 2018-11-30 16:55:57 +01:00
Lennart Poettering
243dd6ae1d conf-files: improve algorithm O(n²) → O(n) 2018-11-30 16:55:33 +01:00
Lennart Poettering
d96c081aa5 update TODO 2018-11-30 16:48:09 +01:00
Lennart Poettering
ee93c1e664 man: document systemd-analyze security 2018-11-30 16:48:09 +01:00
Lennart Poettering
ec16f3b6dd analyze: add new security verb 2018-11-30 16:48:09 +01:00