| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
manual/substituteAll: document filtered variables
|
| |/
|
|
| |
Some variables are filtered out as of #14907.
|
| |
|
|
| |
Security update for CVE-2016-4414 (denial of service).
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This fixes the build broken by ortp update d4d6d9d3d.
http://hydra.nixos.org/build/35224682
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The go tests get tripped up due to error messages along the lines of:
ld: warning: /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation, ignoring unexpected dylib file
Which is due to us passing that along via $NIX_LDFLAGS in the `clang` wrapper.
To keep `go` from getting confused, I create a small `clang` wrapper that
filters out that warning.
Also, the strip.patch is no longer necessary, and only causes problems when
testing DWARF support:
--- FAIL: TestDwarfAranges (0.59s)
runtime-lldb_test.go:218: Missing aranges section
FAIL
FAIL runtime 17.123s
Also, I disable the misc/cgo/errors test, as I suspect it is also due to similar
problems regarding `ld`:
##### ../misc/cgo/errors
misc/cgo/errors/test.bash: BUG: expected error output to contain "err1.go:11:" but saw:
# command-line-arguments
cannot parse gcc output $WORK/command-line-arguments/_obj//_cgo_.o as ELF, Mach-O, PE object
2016/05/07 02:07:58 Failed: exit status 1
Closes #14208
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Merges pull request #15275:
This addresses #15226 and fixes killing of processes before
switching from the initrd to the real root.
Right now, the pkill that is issued not only kills user space
processes but also sends a SIGKILL to kernel threads as well.
Usually these threads ignore signals, but some of these processes do
handle signals, like for example the md module, which happened in
#15226.
It also adds a small check for the swraid installer test and a
standalone test which checks on just that problem, so in the future
this shouldn't happen again.
This has been acked by @edolstra on IRC.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.
If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We don't want to push out a channel update whenever this test fails,
because that might have unexpected and confused side effects and it
*really* means that stage 1 of our boot up is broken.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.
So in order to do this we provide multiple canary processes which are
checked after the system has booted up:
* canary1: It's a simple forking daemon which just sleeps until it's
going to be killed. Of course we expect this process to not
be alive anymore after boot up.
* canary2: Similar to canary1, but tries to mimick a kthread to make
sure that it's going to be properly killed at the end of
stage 1.
* canary3: Like canary2, but this time using a @ in front of its
command name to actually prevent it from being killed.
* kcanary: This one is a real kthread and it runs until killed, which
shouldn't be the case.
Tested with and without 67223ee and everything works as expected, at
least on my machine.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.
Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():
drivers/isdn/mISDN/l1oip_core.c
drivers/md/md.c
drivers/misc/mic/cosm/cosm_scif_server.c
drivers/misc/mic/cosm_client/cosm_scif_client.c
drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
drivers/staging/rtl8188eu/core/rtw_cmd.c
drivers/staging/rtl8712/rtl8712_cmd.c
drivers/target/iscsi/iscsi_target.c
drivers/target/iscsi/iscsi_target_login.c
drivers/target/iscsi/iscsi_target_nego.c
drivers/usb/atm/usbatm.c
drivers/usb/gadget/function/f_mass_storage.c
fs/jffs2/background.c
fs/lockd/clntlock.c
fs/lockd/svc.c
fs/nfs/nfs4state.c
fs/nfsd/nfssvc.c
While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).
During discussion at #15226, @dezgeg suggested the following
implementation:
for pid in $(pgrep -v -f '@'); do
if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
kill -9 "$pid"
fi
done
This has a few downsides:
* User space processes which use an empty string in their command line
won't be killed.
* It results in errors during bootup because some shell-related
processes are already terminated (maybe it's pgrep itself, haven't
checked).
* The @ is searched within the full command line, not just at the
beginning of the string. Of course, we already had this until now, so
it's not a problem of his implementation.
I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:
for pid in $(pgrep -v -f '^@'); do
readlink "/proc/$pid/exe" &> /dev/null || continue
echo "$pid"
done | xargs kill -9
This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.
So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.
Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:
http://stackoverflow.com/a/12231039
We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.
The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
*reinstalls emacs*
|
| | |
| |
| |
| | |
Changes: https://launchpad.net/ubuntu/+source/stress-ng/0.06.00-1.
|
| |\ \
| | |
| | | |
dockerTools: only add "/nix" if it exists
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The /nix path in 4d200538 of the layer tar didn't exist for some
packages, such as cacert. This is because cacert just creates an /etc
directory and doesn't depend on any other /nix paths. If we tried
putting this directory in the tar and using overlayfs with it, we'd get
"Invalid argument" when trying to remove the directory.
We now check whether the closure is non-empty before telling tar to
store the /nix directory.
Fixes #14710.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.
In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:
system.extraSystemBuilderCmds = ''
ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
'';
|
| |\ \ \
| | | |
| | | | |
kernel: 4.5.2 -> 4.5.3
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
gradle: 2.12 -> 2.13
|
| |/ / / |
|
| | | | |
|
| | |/
|/| |
|
| | |
| |
| |
| | |
https://github.com/NixOS/nixpkgs/commit/07d9de713a1789b90f4153ca82afafc3a8ea1b87
|
| | |
| |
| |
| |
| |
| | |
It wants it to detect if there are filesystems present in block devices, in
case of pvcreate. Otherwise it complaints "lvm built without blkid support" and
lacks the feature of detecting/wiping.
|
| | |
| |
| |
| |
| | |
Otherwise, mountd was started exporting directories before local-fs was ready,
and it failed to start nfsd on missing fs.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
I've modified #14985 by @adnelson to take into account the update in
b68f09a520371dd53fd1ab370935a2d8001700b3
|
| | | |
|
| |\ \
| | |
| | |
| | | |
Closes #14743
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
It's a bit inconsistent now, but I want mainly unblock the channel.
/cc maintainer @aszlig.
|
| |\ \ \
| | | |
| | | | |
hub: 2.2.2 -> 2.2.3
|