diff --git a/ENVIRONMENT.md b/ENVIRONMENT.md index 4ae561a892..581bf3c238 100644 --- a/ENVIRONMENT.md +++ b/ENVIRONMENT.md @@ -13,10 +13,21 @@ documented in the proper man pages. All tools: +* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will + refrain from talking to PID 1; this has the same effect as the historical + detection of `chroot()`. Setting this variable to `0` instead has a similar + effect as `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to + communicate with PID 1 even if a `chroot()` environment is detected. + You almost certainly want to set this to `1` if you maintain a package build system + or similar and are trying to use a modern container system and not plain + `chroot()`. + * `$SYSTEMD_IGNORE_CHROOT=1` — if set, don't check whether being invoked in a - chroot() environment. This is particularly relevant for systemctl, as it will - not alter its behaviour for chroot() environments if set. (Normally it - refrains from talking to PID 1 in such a case.) + `chroot()` environment. This is particularly relevant for systemctl, as it + will not alter its behaviour for `chroot()` environments if set. Normally it + refrains from talking to PID 1 in such a case; turning most operations such + as `start` into no-ops. If that's what's explicitly desired, you might + consider setting `SYSTEMD_OFFLINE=1`. * `$SD_EVENT_PROFILE_DELAYS=1` — if set, the sd-event event loop implementation will print latency information at runtime. diff --git a/src/basic/verbs.c b/src/basic/verbs.c index cb42e6dd08..d8ebf89d03 100644 --- a/src/basic/verbs.c +++ b/src/basic/verbs.c @@ -23,12 +23,54 @@ #include #include +#include "env-util.h" #include "log.h" #include "macro.h" #include "string-util.h" #include "verbs.h" #include "virt.h" +/* Wraps running_in_chroot() which is used in various places, + * but also adds an environment variable check so external processes + * can reliably force this on. + */ +bool running_in_chroot_or_offline(void) { + int r; + + /* Added to support use cases like rpm-ostree, where from %post + * scripts we only want to execute "preset", but not "start"/"restart" + * for example. + * + * See ENVIRONMENT.md for docs. + */ + r = getenv_bool("SYSTEMD_OFFLINE"); + if (r < 0) + log_debug_errno(r, "Parsing SYSTEMD_OFFLINE: %m"); + else if (r == 0) + return false; + else + return true; + + /* We've had this condition check for a long time which basically + * checks for legacy chroot case like Fedora's + * "mock", which is used for package builds. We don't want + * to try to start systemd services there, since without --new-chroot + * we don't even have systemd running, and even if we did, adding + * a concept of background daemons to builds would be an enormous change, + * requiring considering things like how the journal output is handled, etc. + * And there's really not a use case today for a build talking to a service. + * + * Note this call itself also looks for a different variable SYSTEMD_IGNORE_CHROOT=1. + */ + r = running_in_chroot(); + if (r < 0) + log_debug_errno(r, "running_in_chroot(): %m"); + else if (r > 0) + return true; + + return false; +} + int dispatch_verb(int argc, char *argv[], const Verb verbs[], void *userdata) { const Verb *verb; const char *name; @@ -84,12 +126,15 @@ int dispatch_verb(int argc, char *argv[], const Verb verbs[], void *userdata) { return -EINVAL; } - if ((verb->flags & VERB_NOCHROOT) && running_in_chroot() > 0) { - log_info("Running in chroot, ignoring request."); + if ((verb->flags & VERB_ONLINE_ONLY) && running_in_chroot_or_offline()) { + if (name) + log_info("Running in chroot, ignoring request: %s", name); + else + log_info("Running in chroot, ignoring request."); return 0; } - if (verb->flags & VERB_MUSTBEROOT) { + if (verb->flags & VERB_MUST_BE_ROOT) { r = must_be_root(); if (r < 0) return r; diff --git a/src/basic/verbs.h b/src/basic/verbs.h index 5f44a18f8e..d9259fc45f 100644 --- a/src/basic/verbs.h +++ b/src/basic/verbs.h @@ -23,9 +23,9 @@ #define VERB_ANY ((unsigned) -1) typedef enum VerbFlags { - VERB_DEFAULT = 1 << 0, - VERB_NOCHROOT = 1 << 1, - VERB_MUSTBEROOT = 1 << 2, + VERB_DEFAULT = 1 << 0, + VERB_ONLINE_ONLY = 1 << 1, + VERB_MUST_BE_ROOT = 1 << 2, } VerbFlags; typedef struct { @@ -35,4 +35,6 @@ typedef struct { int (* const dispatch)(int argc, char *argv[], void *userdata); } Verb; +bool running_in_chroot_or_offline(void); + int dispatch_verb(int argc, char *argv[], const Verb verbs[], void *userdata); diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index 59c1af73de..525470f096 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -1139,12 +1139,12 @@ static int verb_remove(int argc, char *argv[], void *userdata) { static int bootctl_main(int argc, char *argv[]) { static const Verb verbs[] = { - { "help", VERB_ANY, VERB_ANY, 0, help }, - { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status }, - { "list", VERB_ANY, 1, 0, verb_list }, - { "install", VERB_ANY, 1, VERB_MUSTBEROOT, verb_install }, - { "update", VERB_ANY, 1, VERB_MUSTBEROOT, verb_install }, - { "remove", VERB_ANY, 1, VERB_MUSTBEROOT, verb_remove }, + { "help", VERB_ANY, VERB_ANY, 0, help }, + { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status }, + { "list", VERB_ANY, 1, 0, verb_list }, + { "install", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_install }, + { "update", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_install }, + { "remove", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_remove }, {} }; diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 18c64241ba..6d3adc5803 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -332,7 +332,7 @@ static bool install_client_side(void) { /* Decides when to execute enable/disable/... operations * client-side rather than server-side. */ - if (running_in_chroot() > 0) + if (running_in_chroot_or_offline()) return true; if (sd_booted() <= 0) @@ -8401,72 +8401,72 @@ static int talk_initctl(void) { static int systemctl_main(int argc, char *argv[]) { static const Verb verbs[] = { - { "list-units", VERB_ANY, VERB_ANY, VERB_DEFAULT|VERB_NOCHROOT, list_units }, - { "list-unit-files", VERB_ANY, VERB_ANY, 0, list_unit_files }, - { "list-sockets", VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_sockets }, - { "list-timers", VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_timers }, - { "list-jobs", VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_jobs }, - { "list-machines", VERB_ANY, VERB_ANY, VERB_NOCHROOT|VERB_MUSTBEROOT, list_machines }, - { "clear-jobs", VERB_ANY, 1, VERB_NOCHROOT, trivial_method }, - { "cancel", VERB_ANY, VERB_ANY, VERB_NOCHROOT, cancel_job }, - { "start", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "stop", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "condstop", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, /* For compatibility with ALTLinux */ - { "reload", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "restart", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "try-restart", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "reload-or-restart", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "reload-or-try-restart", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, /* For compatbility with old systemctl <= 228 */ - { "try-reload-or-restart", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, - { "force-reload", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, /* For compatibility with SysV */ - { "condreload", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, /* For compatibility with ALTLinux */ - { "condrestart", 2, VERB_ANY, VERB_NOCHROOT, start_unit }, /* For compatibility with RH */ - { "isolate", 2, 2, VERB_NOCHROOT, start_unit }, - { "kill", 2, VERB_ANY, VERB_NOCHROOT, kill_unit }, - { "is-active", 2, VERB_ANY, VERB_NOCHROOT, check_unit_active }, - { "check", 2, VERB_ANY, VERB_NOCHROOT, check_unit_active }, - { "is-failed", 2, VERB_ANY, VERB_NOCHROOT, check_unit_failed }, - { "show", VERB_ANY, VERB_ANY, VERB_NOCHROOT, show }, - { "cat", 2, VERB_ANY, VERB_NOCHROOT, cat }, - { "status", VERB_ANY, VERB_ANY, VERB_NOCHROOT, show }, - { "help", VERB_ANY, VERB_ANY, VERB_NOCHROOT, show }, - { "daemon-reload", VERB_ANY, 1, VERB_NOCHROOT, daemon_reload }, - { "daemon-reexec", VERB_ANY, 1, VERB_NOCHROOT, daemon_reload }, - { "show-environment", VERB_ANY, 1, VERB_NOCHROOT, show_environment }, - { "set-environment", 2, VERB_ANY, VERB_NOCHROOT, set_environment }, - { "unset-environment", 2, VERB_ANY, VERB_NOCHROOT, set_environment }, - { "import-environment", VERB_ANY, VERB_ANY, VERB_NOCHROOT, import_environment }, - { "halt", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "poweroff", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "reboot", VERB_ANY, 2, VERB_NOCHROOT, start_system_special }, - { "kexec", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "suspend", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "hibernate", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "hybrid-sleep", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "default", VERB_ANY, 1, VERB_NOCHROOT, start_special }, - { "rescue", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "emergency", VERB_ANY, 1, VERB_NOCHROOT, start_system_special }, - { "exit", VERB_ANY, 2, VERB_NOCHROOT, start_special }, - { "reset-failed", VERB_ANY, VERB_ANY, VERB_NOCHROOT, reset_failed }, - { "enable", 2, VERB_ANY, 0, enable_unit }, - { "disable", 2, VERB_ANY, 0, enable_unit }, - { "is-enabled", 2, VERB_ANY, 0, unit_is_enabled }, - { "reenable", 2, VERB_ANY, 0, enable_unit }, - { "preset", 2, VERB_ANY, 0, enable_unit }, - { "preset-all", VERB_ANY, 1, 0, preset_all }, - { "mask", 2, VERB_ANY, 0, enable_unit }, - { "unmask", 2, VERB_ANY, 0, enable_unit }, - { "link", 2, VERB_ANY, 0, enable_unit }, - { "revert", 2, VERB_ANY, 0, enable_unit }, - { "switch-root", 2, VERB_ANY, VERB_NOCHROOT, switch_root }, - { "list-dependencies", VERB_ANY, 2, VERB_NOCHROOT, list_dependencies }, - { "set-default", 2, 2, 0, set_default }, - { "get-default", VERB_ANY, 1, 0, get_default }, - { "set-property", 3, VERB_ANY, VERB_NOCHROOT, set_property }, - { "is-system-running", VERB_ANY, 1, 0, is_system_running }, - { "add-wants", 3, VERB_ANY, 0, add_dependency }, - { "add-requires", 3, VERB_ANY, 0, add_dependency }, - { "edit", 2, VERB_ANY, VERB_NOCHROOT, edit }, + { "list-units", VERB_ANY, VERB_ANY, VERB_DEFAULT|VERB_ONLINE_ONLY, list_units }, + { "list-unit-files", VERB_ANY, VERB_ANY, 0, list_unit_files }, + { "list-sockets", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, list_sockets }, + { "list-timers", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, list_timers }, + { "list-jobs", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, list_jobs }, + { "list-machines", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY|VERB_MUST_BE_ROOT, list_machines }, + { "clear-jobs", VERB_ANY, 1, VERB_ONLINE_ONLY, trivial_method }, + { "cancel", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, cancel_job }, + { "start", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "stop", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "condstop", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, /* For compatibility with ALTLinux */ + { "reload", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "restart", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "try-restart", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "reload-or-restart", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "reload-or-try-restart", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, /* For compatbility with old systemctl <= 228 */ + { "try-reload-or-restart", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, + { "force-reload", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, /* For compatibility with SysV */ + { "condreload", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, /* For compatibility with ALTLinux */ + { "condrestart", 2, VERB_ANY, VERB_ONLINE_ONLY, start_unit }, /* For compatibility with RH */ + { "isolate", 2, 2, VERB_ONLINE_ONLY, start_unit }, + { "kill", 2, VERB_ANY, VERB_ONLINE_ONLY, kill_unit }, + { "is-active", 2, VERB_ANY, VERB_ONLINE_ONLY, check_unit_active }, + { "check", 2, VERB_ANY, VERB_ONLINE_ONLY, check_unit_active }, + { "is-failed", 2, VERB_ANY, VERB_ONLINE_ONLY, check_unit_failed }, + { "show", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, show }, + { "cat", 2, VERB_ANY, VERB_ONLINE_ONLY, cat }, + { "status", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, show }, + { "help", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, show }, + { "daemon-reload", VERB_ANY, 1, VERB_ONLINE_ONLY, daemon_reload }, + { "daemon-reexec", VERB_ANY, 1, VERB_ONLINE_ONLY, daemon_reload }, + { "show-environment", VERB_ANY, 1, VERB_ONLINE_ONLY, show_environment }, + { "set-environment", 2, VERB_ANY, VERB_ONLINE_ONLY, set_environment }, + { "unset-environment", 2, VERB_ANY, VERB_ONLINE_ONLY, set_environment }, + { "import-environment", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, import_environment }, + { "halt", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "poweroff", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "reboot", VERB_ANY, 2, VERB_ONLINE_ONLY, start_system_special }, + { "kexec", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "suspend", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "hibernate", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "hybrid-sleep", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "default", VERB_ANY, 1, VERB_ONLINE_ONLY, start_special }, + { "rescue", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "emergency", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "exit", VERB_ANY, 2, VERB_ONLINE_ONLY, start_special }, + { "reset-failed", VERB_ANY, VERB_ANY, VERB_ONLINE_ONLY, reset_failed }, + { "enable", 2, VERB_ANY, 0, enable_unit }, + { "disable", 2, VERB_ANY, 0, enable_unit }, + { "is-enabled", 2, VERB_ANY, 0, unit_is_enabled }, + { "reenable", 2, VERB_ANY, 0, enable_unit }, + { "preset", 2, VERB_ANY, 0, enable_unit }, + { "preset-all", VERB_ANY, 1, 0, preset_all }, + { "mask", 2, VERB_ANY, 0, enable_unit }, + { "unmask", 2, VERB_ANY, 0, enable_unit }, + { "link", 2, VERB_ANY, 0, enable_unit }, + { "revert", 2, VERB_ANY, 0, enable_unit }, + { "switch-root", 2, VERB_ANY, VERB_ONLINE_ONLY, switch_root }, + { "list-dependencies", VERB_ANY, 2, VERB_ONLINE_ONLY, list_dependencies }, + { "set-default", 2, 2, 0, set_default }, + { "get-default", VERB_ANY, 1, 0, get_default }, + { "set-property", 3, VERB_ANY, VERB_ONLINE_ONLY, set_property }, + { "is-system-running", VERB_ANY, 1, 0, is_system_running }, + { "add-wants", 3, VERB_ANY, 0, add_dependency }, + { "add-requires", 3, VERB_ANY, 0, add_dependency }, + { "edit", 2, VERB_ANY, VERB_ONLINE_ONLY, edit }, {} };