tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

core: make the StartLimitXYZ= settings generic and apply to any kind of unit, not just services This moves the StartLimitBurst=, StartLimitInterval=, StartLimitAction=, RebootArgument= from the [Service] section into the [Unit] section of unit files, and thus support it in all unit types, not just in services. This way we can enforce the start limit much earlier, in particular before testing the unit conditions, so that repeated start-up failure due to failed conditions is also considered for the start limit logic. For compatibility the four options may also be configured in the [Service] section still, but we only document them in their new section [Unit]. This also renamed the socket unit failure code "service-failed-permanent" into "service-start-limit-hit" to express more clearly what it is about, after all it's only triggered through the start limit being hit. Finally, the code in busname_trigger_notify() and socket_trigger_notify() is altered to become more alike. Fixes: #2467

tree-wide: sort includes in *.h This is a continuation of the previous include sort patch, which only sorted for .c files.

socket: Add support for socket protcol Now we don't support the socket protocol like sctp and udplite . This patch add a new config param SocketProtocol: udplite/sctp With this now we can configure the protocol as udplite = IPPROTO_UDPLITE sctp = IPPROTO_SCTP Tested with nspawn:

core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.

core: simplify fd collection code, return number of fds as return value Let's simplify the fd collection code a bit, and return the number of collected fds as positive integer, the way it's customary in our usual code.

core: add new setting Writable= to ListenSpecial= socket units Writable= is a new boolean setting. If ture, then ListenSpecial= will open the specified path in O_RDWR mode, rather than just O_RDONLY. This is useful for implementing services like rfkill, where /dev/rfkill is more useful when opened in write mode, if we want to not only save but also restore its state.

Move all unit states to basic/ and extend systemctl --state=help

core: Add socket type for usb functionfs endpoints For handling functionfs endpoints additional socket type is added.

core: Add list of additional file descriptors to socket port Some additional files related to single socket may appear in the filesystem and they should be opened and passed to related service. This commit adds optional list of file descriptors, which are dynamically discovered and opened.

core: expose consumed CPU time per unit This adds support for showing the accumulated consumed CPU time per-unit in the "systemctl status" output. The property is also readable via the bus.

remove unused includes This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.

socket: introduce SELinuxContextFromNet option This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>

Revert "socket: introduce SELinuxLabelViaNet option" This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.

socket: introduce SELinuxLabelViaNet option This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>

socket: Add support for TCP defer accept TCP_DEFER_ACCEPT Allow a listener to be awakened only when data arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side listening socket, the TCP/IP stack will not to wait for the final ACK packet and not to initiate the process until the first packet of real data has arrived. After sending the SYN/ACK, the server will then wait for a data packet from a client. Now, only three packets will be sent over the network, and the connection establishment delay will be significantly reduced.

socket: Add Support for TCP keep alive variables The tcp keep alive variables now can be configured via conf parameter. Follwing variables are now supported by this patch. tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes tcp_keepalive_probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end. tcp_keepalive_time: The number of seconds a connection needs to be idle before TCP begins sending out keep-alive probes.

Revert "socket: add support for TCP fast Open" This reverts commit 9528592ff8d7ff361da430285deba8196e8984d5. Apparently TFO is actually the default at least for the server side now. Also the setsockopt doesn't actually take a bool, but a qlen integer.

socket: add support for TCP fast Open TCP Fast Open (TFO) speeds up the opening of successiveTCP) connections between two endpoints.It works by using a TFO cookie in the initial SYN packet to authenticate a previously connected client. It starts sending data to the client before the receipt of the final ACK packet of the three way handshake is received, skipping a round trip and lowering the latency in the start of transmission of data.

socket: add support for tcp nagle This patch adds support for TCP TCP_NODELAY socket option. This can be configured via NoDelay conf parameter. TCP Nagle's algorithm works by combining a number of small outgoing messages, and sending them all at once. This controls the TCP_NODELAY socket option.

systemd-verify: a simple tool for offline unit verification This tool will warn about misspelt directives, unknown sections, and non-executable commands. It will also catch the common mistake of using Accept=yes with a non-template unit and vice versa. https://bugs.freedesktop.org/show_bug.cgi?id=56607

socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.

socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.

socket: optionally remove sockets/FIFOs in the file system after use

service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces

core: convert PID 1 to libsystemd-bus This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.

core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740

core: notify triggered by socket of a service

basic SO_REUSEPORT support

core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).

Rearrange a few fields to reduce holes

Add __attribute__((const, pure, format)) in various places I'm assuming that it's fine if a _const_ or _pure_ function calls assert. It is assumed that the assert won't trigger, and even if it does, it can only trigger on the first call with a given set of parameters, and we don't care if the compiler moves the order of calls.

Add Listen* to dbus properties sockets.socket - Test Loaded: loaded (/home/alxchk/.config/systemd/user/sockets.socket; static) Active: inactive (dead) Listen: Stream: /tmp/stream1 Stream: @stream4 Stream: [::]:9999 Stream: 127.0.0.2:9996 Stream: [::1]:9996 Datagram: /tmp/stream2 Datagram: @stream5 Datagram: [::]:9998 Datagram: 127.0.0.2:9995 Datagram: [::1]:9995 SequentialPacket: @stream6 SequentialPacket: /tmp/stream3 FIFO: /tmp/fifo1 Special: /dev/input/event9 Netlink: kobject-uevent 0 MessageQueue: /msgqueue1 [zj: - minor cleanups, - free i.listen, - remove sorting, because the order or sockets matters.]

units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787

Revert "Implement SocketUser= and SocketGroup= for [Socket]" This was never intended to be pushed. This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e.

Implement SocketUser= and SocketGroup= for [Socket] Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.

SMACK: Add configuration options. (v3) This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.

unit: split off KillContext from ExecContext containing only kill definitions

use #pragma once instead of foo*foo #define guards #pragma once has been "un-deprecated" in gcc since 3.3, and is widely supported in other compilers. I've been using and maintaining (rebasing) this patch for a while now, as it annoyed me to see #ifndef fooblahfoo, etc all over the place, almost arrogant about the annoyance of having to define all these names to perform a commen but neccicary functionality, when a completely superior alternative exists. I havn't sent it till now, cause its kindof a style change, and it is bad voodoo to mess with style that has been established by more established editors. So feel free to lambast me as a crazy bafoon. v2 - preserve externally used headers

relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.

move libsystemd_core.la sources into core/