1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Commit Graph

1256 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
7e867138f5 Merge pull request #5600 from fbuihuu/make-logind-restartable
Make logind restartable.
2017-06-24 18:58:36 -04:00
Felipe Sateler
2221c17afb machined: add RequiresMountsFor=/var/lib/machines
Since any part of the path could be remote mounted, make sure they are
before starting machined
2017-06-21 16:20:11 -04:00
Felipe Sateler
78d1039d6b nspawn: hook var-lib-machines.mount to machines.target and remote-fs.target
/var can be on a remote filesystem, thus hooking it to local-fs.target is not correct.

Also, only install the mount unit when machined is enabled, because
machined is the one managing the underlying device, and thus makes no
sense without machined.

Fixes #1175
2017-06-21 16:19:20 -04:00
Franck Bui
aed24c4cd7 logind: save/restore session devices and their respective file descriptors
This patch ensures that session devices are saved for each session.

In order to make the revokation logic work when logind is restarted, the
session devices are now saved in the session state files and their respective
file descriptors sent to PID1's fdstore in order to keep them open accross
restart.

This is mandatory in order to keep the revokation logic working. Indeed in case
of input-devices, the same file descriptors must be shared by logind and a
given session controller in order EVIOCREVOKE to work otherwise multiple
sessions can have device access in parallel.

This should be the only remaining and missing piece for making logind fully
restartable.

Fixes: #1163
2017-06-08 16:21:36 +02:00
Josef Gajdusek
be5bd2ec62 systemd-nspawn@.service: start after /var/lib/machines is mounted (#6079)
This fixes a race condition during boot, where an nspawn container would start
before /var/lib/machines got mounted resulting in a failure.
2017-06-06 11:18:22 -04:00
Zbigniew Jędrzejewski-Szmek
9a4eeb4a0c units: make descriptions of api filesystems less generic (#5914)
All those names were very generic. Fixes #5911.
2017-05-10 13:09:52 +02:00
Zbigniew Jędrzejewski-Szmek
2c201c2140 meson: use booleans for conf.set and drop unecessary conditionals
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.

Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
2017-05-02 16:29:11 -04:00
userwithuid
1c9f131444 meson: do not install files from disabled features (#5811)
Mirror conditions from Makefile.am.
2017-04-27 13:47:04 -04:00
Zbigniew Jędrzejewski-Szmek
b884196cc1 meson: also indent scripts with 8 spaces 2017-04-25 08:49:16 -04:00
Zbigniew Jędrzejewski-Szmek
dc25d2adb5 meson: $DESTDIR might be undefined
This causes an error with -u. Just add an empty fallback.
2017-04-24 19:25:33 -04:00
Zbigniew Jędrzejewski-Szmek
08936cea45 meson: install the dbus aliases for resolve1 and network1 in /etc
This way when the units are disabled, their dbus activation is also disabled.

v2:
- fix the symlink location
2017-04-23 21:47:29 -04:00
Zbigniew Jędrzejewski-Szmek
86b3ca7a66 meson: use "sh -eu" and make .sh +x, .py -x
Shell scripts should be executable so that meson reports their
invocation succinctly (does not print 'sh' '-e').
Python scripts should not be executable so that meson does the
detection of the right python binary itself.

Add -u everywhere to catch potential errors.
2017-04-23 21:47:29 -04:00
Zbigniew Jędrzejewski-Szmek
37efbbd821 meson: reindent all files with 8 spaces
The indentation for emacs'es meson-mode is added .dir-locals.

All files are reindented automatically, using the lasest meson-mode from git.
Indentation should now be fairly consistent.
2017-04-23 21:47:29 -04:00
Zbigniew Jędrzejewski-Szmek
9ac47f3815 meson: fix condition for installation of .in units, 99-default.link
The condition to install in_units was calculated, but not used.

99-default.link should be installed uncoditionally.
2017-04-23 21:47:28 -04:00
Michael Biebl
e17e5ba9bf meson: use join_paths consistently
With -Dsplit-usr=true, we set rootprefix to /. This leads to //lib/systemd or
//lib/udev for various dir variables. Using join_paths() avoids this.
2017-04-23 21:47:28 -04:00
Zbigniew Jędrzejewski-Szmek
082ef2adbd meson: rework processing of unit files
Ideally, we would chain the m4 processing, .in substitutions, and file
installation so that the commands don't have to be repeated. Unfortunately
this does not seem currently possible, because custom_target() output cannot
be fed into install_data(), so it's necessary to use the 'install',
'install_dir' arguments to control installation. Nevertheless, rework the
rules to repeat less stuff and unify handling of conditions between the
different file types.
2017-04-23 21:47:28 -04:00
Zbigniew Jędrzejewski-Szmek
aa13df5874 meson: support (the removal of) lines with ## 2017-04-23 21:47:28 -04:00
Zbigniew Jędrzejewski-Szmek
7b76fce1a5 meson: create various symlinks
v2:
- remove bashisms
2017-04-23 21:47:27 -04:00
Zbigniew Jędrzejewski-Szmek
94e75a5409 meson: create dirs and touch /usr
This is the equivalent of $(INSTALL_DIRS) and install-touch-usr-hook.
I did not bother to create the directories into which we install files,
since they will be created anyway.

v2:
- remove bashism
2017-04-23 21:47:27 -04:00
Zbigniew Jędrzejewski-Szmek
2d9f0c6878 meson: add unit installation symlinks
This is the equivalent of $(SYSTEM_UNIT_ALIASES) and $(GENERAL_ALIASES)
in Makefile.am.

ninja-build uninstall does not remove the symlinks, see
https://github.com/mesonbuild/meson/issues/1602.
I don't consider this a blocker: after all either one installs into $DESTDIR,
where uninstallation doesn't make much sense, or into a real system, where a
successfull uninstallation would likely destroy the system.

v2:
- remove bashisms
- add various forgotten symlinks and fix service/timer/target confusions
2017-04-23 21:47:27 -04:00
Zbigniew Jędrzejewski-Szmek
5c23128dab meson: build systemd using meson
It's crucial that we can build systemd using VS2010!

... er, wait, no, that's not the official reason. We need to shed old systems
by requring python 3! Oh, no, it's something else. Maybe we need to throw out
345 years of knowlege accumulated in autotools? Whatever, this new thing is
cool and shiny, let's use it.

This is not complete, I'm throwing it out here for your amusement and critique.

- rules for sd-boot are missing. Those might be quite complicated.

- rules for tests are missing too. Those are probably quite simple and
  repetitive, but there's lots of them.

- it's likely that I didn't get all the conditions right, I only tested "full"
  compilation where most deps are provided and nothing is disabled.

- busname.target and all .busname units are skipped on purpose.

  Otherwise, installation into $DESTDIR has the same list of files and the
  autoconf install, except for .la files.

It'd be great if people had a careful look at all the library linking options.
I added stuff until things compiled, and in the end there's much less linking
then in the old system. But it seems that there's still a lot of unnecessary
deps.

meson has a `shared_module` statement, which sounds like something appropriate
for our nss and pam modules. Unfortunately, I couldn't get it to work. For the
nss modules, we need an .so version of '2', but `shared_module` disallows the
version argument. For the pam module, it also didn't work, I forgot the reason.

The handling of .m4 and .in and .m4.in files is rather awkward. It's likely
that this could be simplified. If make support is ever dropped, I think it'd
make sense to switch to a different templating system so that two different
languages and not required, which would make everything simpler yet.

v2:
- use get_pkgconfig_variable
- use sh not bash
- use add_project_arguments

v3:
- drop required:true and fix progs/prog typo

v4:
- use find_library('bz2')
- add TTY_GID definition
- define __SANE_USERSPACE_TYPES__
- use join_paths(prefix, ...) is used on all paths to make them all absolute

v5:
- replace all declare_dependency's with []
- add more conf.get guards around optional components

v6:
- drop -pipe, -Wall which are the default in meson
- use compiler.has_function() and compiler.has_header_symbol instead of the
  hand-rolled checks.
- fix duplication in 'liblibsystemd' library name
- use the right .sym file for pam_systemd
- rename 'compiler' to 'cc': shorter, and more idiomatic.

v7:
- use ENABLE_ENVIRONMENT_D not HAVE_ENVIRONMENT_D
- rename prefix to prefixdir, rootprefix to rootprefixdir
  ("prefix" is too common of a name and too easy to overwrite by mistake)
- wrap more stuff with conf.get('ENABLE...') == 1
- use rootprefix=='/' and rootbindir as install_dir, to fix paths under
  split-usr==true.

v8:
- use .split() also for src/coredump. Now everything is consistent ;)
- add rootlibdir option and use it on the libraries that require it

v9:
- indentation

v10:
- fix check for qrencode and libaudit

v11:
- unify handling of executable paths, provide options for all progs

  This makes the meson build behave slightly differently than the
  autoconf-based one, because we always first try to find the executable in the
  filesystem, and fall back to the default. I think different handling of
  loadkeys, setfont, and telinit was just a historical accident.

  In addition to checking in $PATH, also check /usr/sbin/, /sbin for programs.
  In Fedora $PATH includes /usr/sbin, (and /sbin is is a symlink to /usr/sbin),
  but in Debian, those directories are not included in the path.

  C.f. https://github.com/mesonbuild/meson/issues/1576.

- call all the options 'xxx-path' for clarity.
- sort man/rules/meson.build properly so it's stable
2017-04-23 21:47:26 -04:00
Martin Pitt
56744c037d Merge pull request #5756 from keszybz/make-cleanups
Various meson-independent cleanups from the meson patchset
2017-04-21 21:36:56 +02:00
Yu Watanabe
3e06055500 units: systemd-resolved should start before network-online.target and nss-lookup.target (#5691)
systemd-resolved provides
1. local API via NSS and D-Bus
2. kind of a local "DNS proxy" through its stub listener
The 1st item should be started before nss-lookup.target.
The 2nd item should be started before network-online.target,
because if the networking works in general, then DNS (and DNS proxy) should too.

Fixes #5650
2017-04-21 11:21:17 +02:00
Zbigniew Jędrzejewski-Szmek
fb369a5bdf Makefile.am: link dbus-org.freedesktop.network1 alias in /etc
This makes dbus-org.freedesktop.network1.service like dbus-org.freedesktop.resolve1.service.
When systemd-networkd.service is disabled, the alias is also removed.
2017-04-19 19:27:01 -04:00
Michal Sekletar
6f0e6bd253 units: drop explicit NotifyAccess setting from journald's unit file (#5749)
systemd-journald service consists of only single process and that is the
MainPID. Make unit file shorter and drop NotifyAccess=all since it is
not useful in such case.

https://lists.freedesktop.org/archives/systemd-devel/2017-April/038667.html
2017-04-19 08:52:40 +02:00
Yu Watanabe
b0b46a2c12 journal-upload: add state file directory to ReadWritePaths (#5578)
The commit c7fb922d62 prohibits
journal-upload to save its state in /var/lib/systemd/journal-upload/state,
thus the daemon fails and outputs the following error message even if
the directory is not read-only file system
```Cannot save state to /var/lib/systemd/journal-upload/state: Read-only file system```
This commit adds the permission the daemon to write the state file.
2017-03-30 18:01:03 +02:00
tblume
4e6f13af93 units: move Before deps for quota services to remote-fs.target (#5627)
Creating quota on an iscsi device is causing dependency loops at next reboot.
Reason is that systemd-quotacheck and quotaon.service are ordered before
local-fs.target and quota enabled mounts have a before dependency to them.
This cannot work for _netdev mounts, because network activation is ordered
after local-fs.target.
Moving the Before dependency for systemd-quotacheck and quotaon.service
to remote-fs.target fixes this.
2017-03-30 11:21:18 +02:00
Franck Bui
9aeac5c623 serial-getty@.service.m4: add Conflicts=/Before= against rescue.service (#5632)
Commit 5ed020d8d1 already fixed this issue for
getty@.service but forgot serial console.

Note that this is not needed for emergency target as the sysinit target
conflicts against this target already.
2017-03-30 10:39:16 +02:00
Zbigniew Jędrzejewski-Szmek
9e49656037 units: make enablement of s-n-wait-online.service follow systemd-networkd.service (#5635)
In 58a6dd1558 s-n-wait-online.service was added
to presets to synchronize the presets with the state after installation. But it
is harmful to have s-n-wait-online.service enabled when s-n.service is
disabled, because s-n-wait-online.service has Requsite=s-n.service and cannot
be activated. Thus remove s-n-wait-online.service from presets again, and let
it be enabled whenever s-n.service is enabled.

During installation we create enablement symlinks by hand, and since s-n.service
is enabled, s-n-w-o.service should be enabled too, so the symlink should still
be created during installation.

https://bugzilla.redhat.com/show_bug.cgi?id=1433459#c15
2017-03-27 12:55:55 +02:00
Michael Biebl
29f3265584 units: simplify rescue.service and emergency.service (#5623)
The emergency.service and rescue.service units have become rather
convoluted. We spawn multiple shells and the help text spans multiple lines
which makes the units hard to read.

Move the logic into a single shell script and call that via ExecStart.
2017-03-22 23:37:06 -04:00
Daniel Molkentin
03bf096ba2 units: apply plymouth warning fix to in rescue mode as well (#5615)
Follow up for #5528.
2017-03-20 22:26:05 -04:00
Daniel Molkentin
7e3ba38919 units: do not throw a warning in emergency mode if plymouth is not installed (#5528)
Ideally, plymouth should only be referenced via dependencies,
not ExecStartPre's. This at least avoids the confusing error message
on minimal installations that do not carry plymouth.
2017-03-17 12:13:19 +01:00
Lennart Poettering
268b6e1932 Merge pull request #5283 from poettering/tighten-sandbox
Tighten sandbox of long-running services
2017-03-01 23:35:06 +01:00
Lennart Poettering
dec718065b units: order systemd-nspawn@.service after systemd-resolved.service
This way, the nspawn internal check whether resolved is running will
succeed if it is enabled.

Fixes: #4649
2017-02-17 16:06:31 -05:00
Lennart Poettering
4d1f490c93 units: enable resolved bus activation though a symlink in /etc
The change:
-/usr/lib/systemd/system/dbus-org.freedesktop.resolve1.service
+/etc/systemd/system/dbus-org.freedesktop.resolve1.service

If resolved is disabled, without this, talking to the resolved bus API will
activate it regardless whether it is enabled or not, let's fix that.
2017-02-17 16:03:47 -05:00
Zbigniew Jędrzejewski-Szmek
9c0f732c62 Introduce '## ' as internal comment prefix in .in files and filter out a comment (#5289)
Sometimes we have comments which don't make sense outside of the systemd
codebase, so let's filter them out from the user-visible files.

Fixes #5286.
2017-02-09 16:28:37 +01:00
Lennart Poettering
6489ccfe48 units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings
Tighten security up a bit more.
2017-02-09 16:12:03 +01:00
Lennart Poettering
924453c225 units: lock down coredump service a bit
Dissecting a coredump is possibly risky and might take a while, hence
lock down the unit as much as we can.
2017-02-09 16:12:03 +01:00
Lennart Poettering
b6c7278c38 units: turn on ProtectKernelModules= for most long-running services 2017-02-09 16:12:03 +01:00
Lennart Poettering
c7fb922d62 units: switch on ProtectSystem=strict for our long running services
Let's step up the protection a notch
2017-02-09 16:12:03 +01:00
Lennart Poettering
3c19d0b46b units: restrict namespace for a good number of our own services
Basically, we turn it on for most long-running services, with the
exception of machined (whose child processes need to join containers
here and there), and importd (which sandboxes tar in a CLONE_NEWNET
namespace). machined is left unrestricted, and importd is restricted to
use only "net"
2017-02-09 16:12:03 +01:00
Lennart Poettering
7f396e5f66 units: set SystemCallArchitectures=native on all our long-running services 2017-02-09 16:12:03 +01:00
Zbigniew Jędrzejewski-Szmek
750e550eba units: restore Before dependencies for systemd-vconsole-setup.service
When the service is run in the initramfs, it is possible for it to get started
and not be fast enough to exit before the root switch happens. It is started
multiple times (depending on the consoles being detected), and runs
asynchronously, so this is quite likely. It'll then get killed by killall(),
and systemd will consider the service failed. To avoid all this, just wait
for the service to terminate on it's own.

Before=initrd-switch-root.target should be good for the initramfs, and
Before=shutdown.tuarget should be good for the real system, although it's
unlikely to make any difference there.
2017-01-31 01:34:40 -05:00
Zbigniew Jędrzejewski-Szmek
0af9a194ca units: drop KillMode= from initrd-switch-root.service
The service already has DefaultDeps disabled, so systemd should not try to stop
it. And if it *does* get stopped, we don't want the zombie process around.
KillMode=none does not change anything in the killall() phase, and we already
use argv[0][0] = '@' to protect against that anyway. KillMode=none should not
be useful in normal operation, so let's leave it out.
2017-01-31 01:34:40 -05:00
Zbigniew Jędrzejewski-Szmek
6b3d378331 Merge pull request #4879 from poettering/systemd 2017-01-14 21:29:27 -05:00
Lennart Poettering
73c729d768 units: fix condition for systemd-journal-catalog-update.service (#4990)
The service is supposed to regenerate the catalog index whenever /usr is
updated, but /var is not. Hence the ConditionNeedsUpdate= line should
actually reference /var, as that's where the index file is located.
2016-12-29 10:38:52 +01:00
Lennart Poettering
91214a37ef fstab-generator: add support for volatile boots
This adds support for a new kernel command line option "systemd.volatile=" that
provides the same functionality that systemd-nspawn's --volatile= switch
provides, but for host systems (i.e. systems booting with a kernel).

It takes the same parameter and has the same effect.

In order to implement systemd.volatile=yes a new service
systemd-volatile-root.service is introduced that only runs in the initrd and
rearranges the root directory as needed to become a tmpfs instance. Note that
systemd.volatile=state is implemented different: it simply generates a
var.mount unit file that is part of the normal boot and has no effect on the
initrd execution.

The way this is implemented ensures that other explicit configuration for /var
can always override the effect of these options.  Specifically, the var.mount
unit is generated in the "late" generator directory, so that it only is in
effect if nothing else overrides it.
2016-12-21 19:09:29 +01:00
Lennart Poettering
6f4e2f97d7 units: drop --fail parameter from "systemctl switch-root" invocation
This parameter has no effect on switch root hence we shouldn't specify it.
2016-12-20 20:00:09 +01:00
Zbigniew Jędrzejewski-Szmek
953bf4604f units: add system-update-cleanup.service to guard against offline-update loops
Note: the name is "system-update-cleanup.service" rather than
"system-update-done.service", because it should not run normally, and also
because there's already "systemd-update-done.service", and having them named
so similarly would be confusing.

In https://bugzilla.redhat.com/show_bug.cgi?id=1395686 the system repeatedly
entered system-update.target on boot. Because of a packaging issue, the tool
that created the /system-update symlink could be installed without the service
unit that was supposed to perform the upgrade (and remove the symlink). In
fact, if there are no units in system-update.target, and /system-update symlink
is created, systemd always "hangs" in system-update.target. This is confusing
for users, because there's no feedback what is happening, and fixing this
requires starting an emergency shell somehow, and also knowing that the symlink
must be removed. We should be more resilient in this case, and remove the
symlink automatically ourselves, if there are no upgrade service to handle it.

This adds a service which is started after system-update.target is reached and
the symlink still exists. It nukes the symlink and reboots the machine. It
should subsequently boot into the default default.target.

This is a more general fix for
https://bugzilla.redhat.com/show_bug.cgi?id=1395686 (the packaging issue was
already fixed).
2016-11-29 01:40:34 -05:00
Zbigniew Jędrzejewski-Szmek
2b656050b6 man: update the description of offline updates
- use "service" instead of "script", because various offline updaters that we have
  aren't really scripts, e.g. dnf-plugin-system-upgrade, packagekit-offline-update,
 fwupd-offline-update.
- strongly recommend After=sysinit.target, Wants=sysinit.target
- clarify a bit what should happen when multiple update services are started
- replace links to the wiki with refs to the man page that replaced it.
2016-11-29 01:40:34 -05:00
Franck Bui
acc28e2e30 core: make sure initrd-switch-root command survives PID1's killing spree (#4730)
This is a different way to implement the fix proposed by commit
a4021390fe suggested by Lennart Poettering.

In this patch we instruct PID1 to not kill "systemctl switch-root" command
started by initrd-switch-root service using the "argv[0][0]='@'" trick.

See: https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ for
more details.

We had to backup argv[0] because argv is modified by dispatch_verb().
2016-11-24 18:52:04 +01:00
Lennart Poettering
bbe16abb61 Merge pull request #4710 from martinpitt/networkd-dbus
networkd: allow networkd to start in early boot
2016-11-24 01:58:33 +01:00
Martin Pitt
5f004d1e32 networkd: allow networkd to start in early boot
With the previous improvements, networkd.service's "After=dbus.service" can now
be dropped. That ordering effectively forced networkd.service to run in late
boot only (dbus.service was rejected to run in early boot in
https://bugs.freedesktop.org/show_bug.cgi?id=98254).

Fixes #4504
2016-11-23 17:05:11 +01:00
Franck Bui
a4021390fe core: consider SIGTERM as a clean exit status for initrd-switch-root.service (#4713)
Since commit 1f0958f640, systemd considers SIGTERM for short-running
services (aka Type=oneshot) as a failure.

This can be an issue with initrd-switch-root.service as the command run by this
service (in order to switch to the new rootfs) may still be running when
systemd does the switch.

However PID1 sends SIGTERM to all remaining processes right before
switching and initrd-switch-root.service can be one of those.

After systemd is reexecuted and its previous state is deserialized, systemd
notices that initrd-switch-root.service was killed with SIGTERM and considers
this as a failure which leads to the emergency shell.

To prevent this, this patch teaches systemd to consider a SIGTERM exit as a
clean one for this service.

It also removes "KillMode=none" since this is pretty useless as the service is
never stopped by systemd but it either exits normally or it's killed by a
SIGTERM as described previously.
2016-11-23 16:31:24 +01:00
Zbigniew Jędrzejewski-Szmek
b878b618ad units: disable /sys/fs/fuse/connections in private user namespaces (#4592)
The mount fails, even though CAP_SYS_ADMIN is granted.

Only file systems with FU_USERNS_MOUNT in .fs_flags may be mounted in userns,
and the patch to add that fusectl was rejected [1]. It would be nice if we
could check if the kernel has FU_USERNS_MOUNT for a given fs type, since this
could change over time, but this information doesn't seem to be exported.
So let's just skip this mount in userns to avoid an error during boot.

[1] https://patchwork.kernel.org/patch/2828269/
2016-11-11 19:00:33 +01:00
Evgeny Vereshchagin
492466c1b5 Merge pull request #4442 from keszybz/detect-virt-userns
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
2016-10-27 13:16:16 +03:00
Zbigniew Jędrzejewski-Szmek
4bb30aeaf8 units: disable /dev/hugepages in private user namespaces
The mount fails, even though CAP_SYS_ADMIN is granted.
2016-10-26 20:12:52 -04:00
Lennart Poettering
828d92acbc core: drop -.slice from shipped units
Since this unit is synthesized anyway there's no point in actually shipping it
on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *"
won't be confused by the leading dash of the file name anymore.
2016-10-24 20:49:48 +02:00
Lennart Poettering
411e869f49 sysctl: run sysctl service if /proc/sys/net is writable (#4425)
This simply changes this line:

    ConditionPathIsReadWrite=/proc/sys/

to this:

     ConditionPathIsReadWrite=/proc/sys/net/

The background for this is that the latter is namespaced through network
namespacing usually and hence frequently set as writable in containers, even
though the former is kept read-only. If /proc/sys is read-only but
/proc/sys/net is writable we should run the sysctl service, as useful settings
may be made in this case.

Fixes: #4370
2016-10-20 19:36:28 +02:00
Lennart Poettering
2fa4f10835 units: extend stop timeout for user@.service to 120s (#4426)
By default all user and all system services get stop timeouts for 90s. This is
problematic as the user manager of course is run as system service. Thus, if
the default time-out is hit for any user service, then it will also be hit for
user@.service as a whole, thus making the whole concept useless for user
services.

This patch extends the stop timeout to 120s for user@.service hence, so that
that the user service manager has ample time to process user services timing
out.

(The other option would have been to shorten the default user service timeout,
but I think a user service should get the same timeout by default as a system
service)

Fixes: #4206
2016-10-20 17:45:27 +02:00
Yu Watanabe
3f2a3726d0 units: journal-upload Wants= and After=network-online.target (#4354)
To upload journal entries to a remote server, it is required that
the network is online.
2016-10-12 11:13:13 +02:00
Yu Watanabe
a8cb1dc3e0 units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345)
`systemctl isolate initrd-switch-root.target` called by initrd-cleanup.service
kills initrd-cleanup.service itself. Then, initrd-cleanup.service failed and
system goes to emergency shell.
To prevent this problem, this commit adds `Wants=initrd-cleanup.service` to
initrd-switch-root.target.

fixes: #4343.
2016-10-11 14:36:14 +02:00
Franck Bui
84a69ca9ba unit: drop console-shell.service (#4298) (#4325)
console-shell.service was supposed to be useful for normal clean boots
(i.e. multi-user.target or so), as a replacement for logind/getty@.service for
simpler use cases.

But due to the lack of documentation and sanity check one can easily be
confused and enable this service in // with getty@.service.

In this case we end up with both services sharing the same tty which ends up in
strange results.

Even worse, console-shell.service might be failing while getty@.service tries
to acquire the terminal which ends up in the system to poweroff since
console-shell.service uses:

  "ExecStopPost=-/usr/bin/systemctl poweroff".

Another issue: this service doesn't work well if plymouth is also used since it
lets the splash screen program run and mess the tty (at least a "plymouth quit"
is missing).

So let's kill it for now.
2016-10-10 12:06:26 +02:00
Yu Watanabe
94f42fe3a6 units: systemd-udevd: add AF_INET and AF_INET6 to RestrictAddressFamilies= (#4296)
The udev builtin command `net_setup_link` requires AF_INET and AF_INET6.

Fixes #4293.
2016-10-06 15:40:53 +02:00
Lennart Poettering
0c28d51ac8 units: further lock down our long-running services
Let's make this an excercise in dogfooding: let's turn on more security
features for all our long-running services.

Specifically:

- Turn on RestrictRealtime=yes for all of them

- Turn on ProtectKernelTunables=yes and ProtectControlGroups=yes for most of
  them

- Turn on RestrictAddressFamilies= for all of them, but different sets of
  address families for each

Also, always order settings in the unit files, that the various sandboxing
features are close together.

Add a couple of missing, older settings for a numbre of unit files.

Note that this change turns off AF_INET/AF_INET6 from udevd, thus effectively
turning of networking from udev rule commands. Since this might break stuff
(that is already broken I'd argue) this is documented in NEWS.
2016-09-25 10:52:57 +02:00
Lennart Poettering
f6eb19a474 units: permit importd to mount stuff
Fixes #3996
2016-09-25 10:52:57 +02:00
Michal Sekletar
51bce29f8e units: remove udev control socket when systemd stops the socket unit (#4039)
Mere presence of the socket in the filesystem makes
udev_queue_get_udev_is_active() return that udev is running. Note that,
udev on exit doesn't unlink control socket nor does systemd. Thus socket
stays around even when both daemon and socket are stopped. This causes
problems for cryptsetup because when it detects running udev it launches
synchronous operations that *really* require udev. This in turn may
cause blocking and subsequent timeout in systemd-cryptsetup on reboot
while machine is in a state that udev and its control socket units are
stopped, e.g. emergency mode.

Fixes #2477
2016-08-26 00:07:58 +02:00
Lennart Poettering
a457bd26cc Merge pull request #3955 from keszybz/fix-preset-all
Fix preset-all
2016-08-19 19:10:30 +02:00
Zbigniew Jędrzejewski-Szmek
de78fa9ba0 units: install user units as real files, not symlinks to ../system/
This was causing preset-all --global to create symlinks:

$ systemctl preset-all --global --root=/var/tmp/inst1
Created symlink /var/tmp/inst1/etc/systemd/user/shutdown.target → /usr/lib/systemd/user/../system/shutdown.target.
Created symlink /var/tmp/inst1/etc/systemd/user/sockets.target → /usr/lib/systemd/user/../system/sockets.target.
Created symlink /var/tmp/inst1/etc/systemd/user/timers.target → /usr/lib/systemd/user/../system/timers.target.
Created symlink /var/tmp/inst1/etc/systemd/user/paths.target → /usr/lib/systemd/user/../system/paths.target.
Created symlink /var/tmp/inst1/etc/systemd/user/bluetooth.target → /usr/lib/systemd/user/../system/bluetooth.target.
Created symlink /var/tmp/inst1/etc/systemd/user/printer.target → /usr/lib/systemd/user/../system/printer.target.
Created symlink /var/tmp/inst1/etc/systemd/user/sound.target → /usr/lib/systemd/user/../system/sound.target.
Created symlink /var/tmp/inst1/etc/systemd/user/smartcard.target → /usr/lib/systemd/user/../system/smartcard.target.
Created symlink /var/tmp/inst1/etc/systemd/user/busnames.target → /usr/lib/systemd/user/../system/busnames.target.

It is better to create units in a state that completely matches the presets, i.e.
preset-all should do nothing when invoked immediately after installation.

I'm sure it was confusing to users too, suggesting that system and user units
may somehow alias each other.
2016-08-19 09:55:55 -04:00
Zbigniew Jędrzejewski-Szmek
04d0f7e9f9 units: do not start load-random-seed in containers (#3941)
Random numbers are provided by the host kernel, we don't need to do anything.

https://bugzilla.redhat.com/show_bug.cgi?id=1329124
2016-08-13 17:15:19 +02:00
Martin Pitt
98d2d46876 units: add graphical-session-pre.target user unit (#3848)
This complements graphical-session.target for services which set up the
environment (e. g. dbus-update-activation-environment) and need to run before
the actual graphical session.
2016-08-02 08:56:45 -04:00
tblume
7633f8ef37 systemd-ask-password: make sure directory watch is started before cryptsetup (#3850)
The password directory watch should get ordered before cryptsetup to make sure
that the password for unlocking the crypt device gets prompted.
2016-08-02 08:55:25 -04:00
Zbigniew Jędrzejewski-Szmek
0fbd465f41 Merge pull request #3742 from msoltyspl/vconfix2
vconsole-setup: updates & fixes V2
2016-07-28 23:59:06 -04:00
Michal Soltys
8125e8d38e vconsole: Don't do static installation under sysinit.target
Udev rules cover all the necessary initializations.

As the service now is neither installed, nor installable - we can
remove explicit dependencies and RemainAfterExit=yes option.
2016-07-27 00:57:01 +02:00
Martin Pitt
c92fcc4f43 units: add graphical-session.target user unit (#3678)
This unit acts as a dynamic "alias" target for any concrete graphical user
session like gnome-session.target; these should declare
"BindsTo=graphical-session.target" so that both targets stop and start at the
same time.

This allows services that run in a particular graphical user session (e. g.
gnome-settings-daemon.service) to declare "PartOf=graphical-session.target"
without having to know or get updated for all/new session types. This will
ensure that stopping the graphical session will stop all services which are
associated to it.
2016-07-25 22:01:35 +02:00
Michal Soltys
5ed020d8d1 getty@.service.m4: add Conflicts=/Before= against rescue.service (#3792)
If user isolates rescue target from multi-user or graphical target (or just
starts the service), IgnoreOnIsolate will cause issues with sulogin which is
directly started on current virtual console. This patch adds necessary
Conflicts= and Before= against rescue.service.

Note that this is not needed for emergency target, as implicit Requires= and
After= against sysinit.target is in effect for this service
(DefaultDependencies=yes).
2016-07-25 16:18:00 +02:00
Alessandro Puccetti
54cd6556b3 nspawn: set DevicesPolicy closed and clean up duplicated devices 2016-07-22 16:08:26 +02:00
Martin Pitt
5c3c778014 Merge pull request #3764 from poettering/assorted-stuff-2
Assorted fixes
2016-07-22 09:10:04 +02:00
Alessandro Puccetti
31d28eabc1 nspawn: enable major=0/minor=0 devices inside the container (#3773)
https://github.com/systemd/systemd/pull/3685 introduced
/run/systemd/inaccessible/{chr,blk} to map inacessible devices,
this patch allows systemd running inside a nspawn container to create
/run/systemd/inaccessible/{chr,blk}.
2016-07-21 17:39:38 +02:00
Lennart Poettering
8d36b53a2d units: fix TasksMax=16384 for systemd-nspawn@.service
When a container scope is allocated via machined it gets 16K set already since
cf7d1a30e4. Make sure when a container is run as
system service it gets the same values.
2016-07-20 14:53:15 +02:00
Martin Pitt
bed48d6655 Merge pull request #3572 from poettering/machinectl-shell-fix
machinectl: interpret options placed between "shell" verb and machine name
2016-06-26 17:46:23 +02:00
Tom Gundersen
a2c28c6451 Merge pull request #3549 from poettering/resolved-more
resolved: more fixes, among them "systemctl-resolve --status" to see DNS configuration in effect, and a local DNS stub listener on 127.0.0.53
2016-06-24 01:26:25 +02:00
Franck Bui
de2edc008a udev: bump TasksMax to inifinity (#3593)
udevd already limits its number of workers/children: the max number is actually
twice the number of CPUs the system is using.

(The limit can also be raised with udev.children-max= kernel command line
option BTW).

On some servers, this limit can easily exceed the maximum number of tasks that
systemd put on all services, which is 512 by default.

Since udevd has already its limitation logic, simply disable the static
limitation done by TasksMax.
2016-06-23 22:31:01 +02:00
Martin Pitt
2f9df7c96a units: add nosuid and nodev options to tmp.mount (#3575)
This makes privilege escalation attacks harder by putting traps and exploits
into /tmp.

https://bugs.debian.org/826377
2016-06-22 12:32:59 +02:00
Lennart Poettering
5b566d2475 units: machined needs mount-related syscalls for its namespacing operations
Specifically "machinectl shell" (or its OpenShell() bus call) is implemented by
entering the file system namespace of the container  and opening a TTY there.
In order to enter the file system namespace, chroot() is required, which is
filtered by SystemCallFilter='s @mount group. Hence, let's make this work again
and drop @mount from the filter list.
2016-06-21 21:32:17 +02:00
Lennart Poettering
6f696ca30c emergency.service: Don't say "Welcome" when it's an emergency (#3569)
Quoting @cgwalters:

        Just uploading this as an RFC.  Now I know reading the code that systemd says
        `Welcome to $OS` as a generic thing, but my initial impression on seeing this
        was that it was almost sarcastic =)

        Let's say "You are in emergency mode" as a more neutral/less excited phrase.

This patch is based on #3556, but makes the same change for rescue mode.
2016-06-21 16:09:47 +02:00
Lennart Poettering
b30bf55d5c resolved: respond to local resolver requests on 127.0.0.53:53
In order to improve compatibility with local clients that speak DNS directly
(and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process
any queries made that way.

Note that resolved does not implement a full DNS server on this port, but
simply enough to allow normal, local clients to resolve RRs through resolved.
Specifically it does not implement queries without the RD bit set (these are
requests where recursive lookups are explicitly disabled), and neither queries
with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with
validation turned off). It also refuses zone transfers and obsolete RR types.
All lookups done this way will be rejected with a clean error code, so that the
client side can repeat the query with a reduced feature set.

The code will set the DNSSEC AD flag however, depending on whether the data
resolved has been validated (or comes from a local, trusted source).

Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary,
but this is only partially useful as DNS packets cannot carry IP scope data
(i.e. the ifindex), and hence link-local addresses returned cannot be used
properly (and given that LLMNR/mDNS are mostly about link-local communication
this is quite a limitation). Also, given that DNS tends to use IDNA for
non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1.

In general this should improve compatibility with clients bypassing NSS but
it is highly recommended for clients to instead use NSS or our native bus API.

This patch also beefs up the DnsStream logic, as it reuses the code for local
TCP listening. DnsStream now provides proper reference counting for its
objects.

In order to avoid feedback loops resolved will no silently ignore 127.0.0.53
specified as DNS server when reading configuration.

resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave
the latter free for local, external DNS servers or forwarders.

This also changes the "etc.conf" tmpfiles snippet to create a symlink from
/etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this
stub the default mode of operation if /etc is not populated.
2016-06-21 14:15:23 +02:00
Lennart Poettering
4e069746fe units: tighten system call filters a bit
Take away kernel keyring access, CPU emulation system calls and various debug
system calls from the various daemons we have.
2016-06-13 16:25:54 +02:00
Topi Miettinen
40093ce5dd units: add a basic SystemCallFilter (#3471)
Add a line
SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace
for daemons shipped by systemd. As an exception, systemd-timesyncd
needs @clock system calls and systemd-localed is not privileged.
ptrace(2) is blocked to prevent seccomp escapes.
2016-06-09 09:32:04 +02:00
Topi Miettinen
40652ca479 units: enable MemoryDenyWriteExecute (#3459)
Secure daemons shipped by systemd by enabling MemoryDenyWriteExecute.

Closes: #3459
2016-06-08 14:23:37 +02:00
Franck Bui
ce3eb7790c units: wait for plymouth to shut down in rescue.sevice (#3367)
In the same vein as commit ac59f0c12c which added
the --wait option to the emergency service, this patch makes sure that plymouth
has exited before entering into the rescue mode.
2016-06-01 11:52:35 +02:00
Lennart Poettering
0525107594 units: restore ConditionNeesUpdate=/etc in ldconfig.service (#3311)
In order to support stateless systems that support offline /usr updates
properly, let's restore the ConditionNeesUpdate=/etc line that makes sure we
are run when /usr is updated and this update needs to be propagated to the
/etc/ld.so.conf file stored in /etc.

This reverts part of #2859, which snuck this change in, but really shouldn't
have.
2016-05-21 17:09:18 -04:00
Daniel Drake
7163e1ca11 Create initrd-root-device.target synchronization point (#3239)
Add a synchronization point so that custom initramfs units can run
after the root device becomes available, before it is fsck'd and
mounted.

This is useful for custom initramfs units that may modify the
root disk partition table, where the root device is not known in
advance (it's dynamically selected by the generators).
2016-05-12 18:42:39 +02:00
tblume
2a44df950f units: make sure that fsck is executed before quotacheck
fsck determines wheter an automatic quotacheck should be executed.
Hence fsck service needs to run before quotacheck service.
2016-05-10 14:10:17 +02:00
Martin Pitt
3136ec90ad Stop syslog.socket when entering emergency mode (#3130)
When enabling ForwardToSyslog=yes, the syslog.socket is active when entering
emergency mode. Any log message then triggers the start of rsyslog.service (or
other implementation) along with its dependencies such as local-fs.target and
sysinit.target. As these might fail themselves (e. g. faulty /etc/fstab), this
breaks the emergency mode.

This causes syslog.socket to fail with "Failed to queue service startup job:
Transition is destructive".

Add Conflicts=syslog.socket to emergency.service to make sure the socket is
stopped when emergency.service is started.

Fixes #266
2016-04-27 10:34:24 +02:00
Lennart Poettering
d7fe83bbc2 Merge pull request #3093 from poettering/nspawn-userns-magic
nspawn automatic user namespaces
2016-04-26 14:57:04 +02:00
Lennart Poettering
c34b73d050 machined: add CAP_MKNOD to capabilities to run with (#3116)
Container images from Debian or suchlike contain device nodes in /dev. Let's
make sure we can clone them properly, hence pass CAP_MKNOD to machined.

Fixes: #2867 #465
2016-04-25 15:38:56 -04:00
Lennart Poettering
af88764ff8 units: turn on user namespace by default in systemd-nspawn@.service
Now that user namespacing is supported in a pretty automatic way, actually turn
it on by default if the systemd-nspawn@.service template is used.
2016-04-25 12:16:03 +02:00
Lennart Poettering
8c85680478 units: order systemd-user-sessions.service after network.target
That way we can be sure that local users are logged out before the network is
shut down when the system goes down, so that SSH session should be ending
cleanly before the system goes down.

Fixes: #2390
2016-04-22 16:17:00 +02:00
frankheckenbach
a11fe93e04 tmp.mount.hm4: After swap.target (#3087)
fix issue #2930
2016-04-22 14:21:30 +02:00
Calvin Owens
7797fd2470 units: Add "GuessMainPID=no" to compatibility unit for rc-local (#3018)
With the current "Type=forking", systemd tries to guess the PID it
should wait on at reboot (because we have no "PIDFile="). Depending on
how wrong the guess is, we can end up hanging forever at reboot.

Asking it not to do that eliminates the problem.
2016-04-21 19:16:28 +02:00
Michal Sekletar
f66a1c48cf units: run ldconfig.service after we have mounted all local file systems
Also drop ConditionNeedsUpdate=|/etc. Regardless if system is updated
online or offline, updating dynamic loader cache should always be
responsibility of packaging tools/scripts.
2016-03-17 14:41:26 +01:00
Elias Probst
7a8c9e4457
Don't escape the name of the container in instances of
When using `%I` for instances of `systemd-nspawn@.service`, the result
will be `systemd-nspawn` trying to launch a container named e.g.
`fedora/23` instead of `fedora-23`.
Using `%i` instead prevents escaping `-` in a container name and uses
the unmodified container name from the machine store.
2016-02-26 20:39:10 +01:00
Lennart Poettering
c550f7a9b8 Merge pull request #2664 from zonque/bootchart-removal
Remove systemd-bootchart
2016-02-23 20:27:59 +01:00
Lennart Poettering
45bd485454 man: link some unit files to their online bus API documentation 2016-02-23 16:24:01 +01:00
Daniel Mack
232c84b2d2 Remove systemd-bootchart
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
2016-02-23 13:30:09 +01:00
Daniel Mack
798c486fbc remove bus-proxyd
As kdbus won't land in the anticipated way, the bus-proxy is not needed in
its current form. It can be resurrected at any time thanks to the history,
but for now, let's remove it from the sources. If we'll have a similar tool
in the future, it will look quite differently anyway.

Note that stdio-bridge is still available. It was restored from a version
prior to f252ff17, and refactored to make use of the current APIs.
2016-02-12 19:10:01 +01:00
Lennart Poettering
b8eefa012d Merge pull request #2581 from evverx/dev-mqueue-cond
units: don't try to mount the mqueue fs if we lack the privileges for it
2016-02-11 13:55:59 +01:00
Evgeny Vereshchagin
6cfc79632f units: don't try to mount the mqueue fs if we lack the privileges for it
See https://github.com/systemd/systemd/pull/2576#discussion-diff-52592680
2016-02-11 02:45:11 +00:00
Lennart Poettering
03a7868805 units: don't try to mount the FUSE fs if we lack the privileges for it
See:

https://lists.freedesktop.org/archives/systemd-devel/2016-February/035740.html
2016-02-10 23:42:39 +01:00
Lennart Poettering
3c171f0b1e coredump: rework coredumping logic
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data
about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a
stacktrace and writes the coredump to disk.

This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and
hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust=
and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally
priorized processes.

This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until
/var/systemd/coredump is mounted and writable.

Fixes: #2286
2016-02-10 16:08:32 +01:00
Zbigniew Jędrzejewski-Szmek
9c6d5a179e Merge pull request #2565 from poettering/fix-2315 2016-02-09 19:13:15 -05:00
Lennart Poettering
8222cf9145 units: downgrade dependency on /tmp in basic.target to Wants=
Now that requiring of a masked unit results in failure again, downgrade the dependency on /tmp to Wants= again, so that
our suggested way to disable /tmp-on-tmpfs by masking doesn't result in a failing boot.

References: #2315
2016-02-09 20:34:27 +01:00
Indrajit Raychaudhuri
5e41590b70 Fix typo in rescue shell 2016-02-05 11:28:53 +05:30
Daniel Mack
efda7e594e Merge pull request #2331 from yuwata/journal-remote-unit-v2
journal-remote: add SupplementaryGroups to systemd-journal-upload.service
2016-01-22 09:56:54 +01:00
Lennart Poettering
cde3d68750 units: don't fail if /root doesn't exist for shell units
As discussed on the ML:

http://lists.freedesktop.org/archives/systemd-devel/2016-January/035594.html
2016-01-17 20:47:46 +01:00
Yu Watanabe
d70698b7e6 journal-remote: add SupplementaryGroups to systemd-journal-upload.service 2016-01-15 15:25:36 +09:00
Martin Pitt
6233c794b2 kmod-static-nodes: don't run if module list is empty
With this kmod commit, modules.devname will be empty by default instead of
containing just a comment:

  https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/?id=4c30a11d5f

Refine the startup condition of kmod-static-nodes.service to not run needlessly
if the list is empty.
2016-01-11 16:26:17 +01:00
Yu Watanabe
c9d493281d journal-remote: add documents in the unit files 2015-12-15 10:51:12 +09:00
Jan Alexander Steffens (heftig)
8c277ddd27 Set user@.service TasksMax=infinity
The user manager is still limited by its parent slice user-UID.slice,
which defaults to 4096 tasks. However, it no longer has an additional
limit of 512 tasks.

Fixes #1955.
2015-11-22 23:05:23 +01:00
Lennart Poettering
541ec33075 nspawn: set TasksMax= for containers to 8192 by default 2015-11-16 11:58:04 +01:00
Lennart Poettering
2a2e1b36a0 core: remove SmackFileSystemRootLabel= again
Apparently, util-linux' mount command implicitly drops the smack-related
options anyway before passing them to the kernel, if the kernel doesn't
know SMACK, hence there's no point in duplicating this in systemd.

Fixes #1696
2015-11-12 12:50:59 +01:00
Lennart Poettering
85ae4be4f1 units: fix system.slice to require -.slice, instead of just want it 2015-11-11 16:04:16 +01:00
Lennart Poettering
119e9655dc journal: restore watchdog support 2015-11-03 17:45:12 +01:00
Daniel Mack
4084052911 Merge pull request #1726 from teg/networkd-2
networkd: (de)serialize more state and support expiring routes
2015-11-03 15:03:50 +01:00
Lennart Poettering
e22aa3d328 journald: never block when sending messages on NOTIFY_SOCKET socket
Otherwise we might run into deadlocks, when journald blocks on the
notify socket on PID 1, and PID 1 blocks on IPC to dbus-daemon and
dbus-daemon blocks on logging to journald. Break this cycle by making
sure that journald never ever blocks on PID 1.

Note that this change disables support for event loop watchdog support,
as these messages are sent in blocking style by sd-event. That should
not be a big loss though, as people reported frequent problems with the
watchdog hitting journald on excessively slow IO.

Fixes: #1505.
2015-11-01 22:12:29 +01:00
Tom Gundersen
1c8e710c2b networkd: route - track routes 2015-10-30 12:32:48 +01:00
Lennart Poettering
7cb48925dc core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=
That way it's in sync with the other SMACK label settings.

https://github.com/systemd/systemd/pull/1664#issuecomment-150891270
2015-10-26 01:24:39 +01:00
Sangjung Woo
5dfcb8d200 units: add 'SmackFileSystemRoot=*' option into tmp.mount
If SMACK is enabled, 'smackfsroot=*' option should be specified when
/tmp is mounted since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.

In order to do that, 'SmackFileSystemRoot=*' is newly added into
tmp.mount.
2015-10-24 20:54:21 +09:00
Lennart Poettering
a2c90f05f1 units: also whitelist "blkext" block devices for nspawn service
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop,
hence whitelist this too.

Fixes #1446
2015-10-22 01:59:25 +02:00
Kay Sievers
29a3f0d4c5 Revert "units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled"
This reverts commit 409c2a13fd.

It breaks the bootup of systems which enable smack at compile time, but have no
smack enabled in the kernel. This needs a different solution.
2015-10-18 12:21:21 +02:00
Tom Gundersen
8ee07361d0 units: .gitignore: units - ignore tmp.mount
This is a follow-up to 409c2a13fd.
2015-10-15 19:28:07 +02:00
Lennart Poettering
2ac3f19a51 Merge pull request #1572 from again4you/devel/tmp-smack
units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
2015-10-15 13:09:57 +02:00
Sangjung Woo
409c2a13fd units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
2015-10-15 14:02:44 +09:00
Lennart Poettering
be3270ebd3 unit: remove [Install] section from the user exit.target unit
There's no concept of ctrl-alt-del for user systemd instances, hence
don't suggest it woud make sense to symlink the unit to it.

Fixes #1525.
2015-10-14 16:25:23 +02:00
Tom Gundersen
e1719ef19d Merge pull request #1468 from poettering/fdnames
Add support for naming fds for socket activation and more
2015-10-06 12:06:56 +02:00
Lennart Poettering
df9d6993b6 unit: give systemd-networkd.socket a better description
Usually we try to properly uppercase first characters in the
description, do so here, too. Also, keep it close to the string used in
systemd-networkd.service.
2015-10-06 11:52:48 +02:00
Lennart Poettering
988a479642 nspawn: fix --image= when nspawn is run as service
nspawn needs access to /dev/loop to implement --image=, hence grant that
in the service file.

Fixes #1446.
2015-10-03 11:23:52 +02:00
Lennart Poettering
d35c1bb1f4 rfkill: rework and make it listen on /dev/rfkill
With this rework we introduce systemd-rfkill.service as singleton that
is activated via systemd-rfkill.socket that listens on /dev/rfkill. That
way, we get notified each time a new rfkill device shows up or changes
state, in which case we restore and save its current setting to disk.

This is nicer than the previous logic, as this means we save/restore
state even of rfkill devices that are around only intermittently, and
save/restore the state even if the system is shutdown abruptly instead
of cleanly.

This implements what I suggested in #1019 and obsoletes it.
2015-10-01 16:21:09 +02:00
Lennart Poettering
4a9b1dd4ad machine-id-commit: merge machine-id-commit functionality into machine-id-setup
And remove machine-id-commit as separate binary.

There's really no point in keeping this separate, as the sources are
pretty much identical, and have pretty identical interfaces. Let's unify
this in one binary.

Given that machine-id-commit was a private binary of systemd (shipped in
/usr/lib/) removing the tool is not an API break.

While we are at it, improve the documentation of the command substantially.
2015-09-29 21:55:51 +02:00
Lennart Poettering
c2fc2c2560 units: increase watchdog timeout to 3min for all our services
Apparently, disk IO issues are more frequent than we hope, and 1min
waiting for disk IO happens, so let's increase the watchdog timeout a
bit, for all our services.

See #1353 for an example where this triggers.
2015-09-29 21:55:51 +02:00
Michal Sekletar
92eab5dea4 units: run ldconfig also when cache is unpopulated 2015-09-23 19:27:45 +02:00
Alban Crequy
287419c119 containers: systemd exits with non-zero code
When a systemd service running in a container exits with a non-zero
code, it can be useful to terminate the container immediately and get
the exit code back to the host, when systemd-nspawn returns. This was
not possible to do. This patch adds the following to make it possible:

- Add a read-only "ExitCode" property on PID 1's "Manager" bus object.
  By default, it is 0 so the behaviour stays the same as previously.
- Add a method "SetExitCode" on the same object. The method fails when
  called on baremetal: it is only allowed in containers or in user
  session.
- Add support in systemctl to call "systemctl exit 42". It reuses the
  existing code for user session.
- Add exit.target and systemd-exit.service to the system instance.
- Change main() to actually call systemd-shutdown to exit() with the
  correct value.
- Add verb 'exit' in systemd-shutdown with parameter --exit-code
- Update systemctl manpage.

I used the following to test it:

| $ sudo rkt --debug --insecure-skip-verify run \
|            --mds-register=false --local docker://busybox \
|            --exec=/bin/chroot -- /proc/1/root \
|            systemctl --force exit 42
| ...
| Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42.
| $ echo $?
| 42

Fixes https://github.com/systemd/systemd/issues/1290
2015-09-21 17:32:45 +02:00
Lennart Poettering
08acb521f3 units: make sure that .nspawn files override the default settings in systemd-nspawn@.service 2015-09-06 01:49:06 +02:00
David Herrmann
ed15589c98 bus-proxy: increase NOFILE limit
The bus-proxy manages the kdbus connections of all users on the system
(regarding the system bus), hence, it needs an elevated NOFILE.
Otherwise, a single user can trigger ENFILE by opening NOFILE connections
to the bus-proxy.

Note that the bus-proxy still does per-user accounting, indirectly via
the proxy/fake API of kdbus. Hence, the effective per-user limit is not
raised by this. However, we now prevent one user from consuming the whole
FD limit of the shared proxy.

Also note that there is no *perfect* way to set this. The proxy is a
shared object, so it needs a larger NOFILE limit than the highest limit
of all users. This limit can be changed dynamically, though. Hence, we
cannot protect against it. However, a raised NOFILE limit is a privilege,
so we just treat it as such and basically allow these privileged users to
be able to consume more resources than normal users (and, maybe, cause
some limits to be exceeded by this).

Right now, kdbus hard-codes 1024 max connections per user on each bus.
However, we *must not* rely on this. This limits could be easily dropped
entirely, as the NOFILE limit is a suitable limit on its on.
2015-09-04 11:13:32 +02:00
David Herrmann
c9bdeccd5d bus-proxy: add ExecReload=
Make sure we support ExecReload= for bus-proxyd to reload configuration
during runtime. This is *really* handy when hacking on kdbus.

Package-managers are still recommended to run
 `busctl --address=unix:path=` directly.
2015-08-04 13:19:50 +02:00
David Herrmann
d537694a98 terminal: drop unfinished code
This drops the libsystemd-terminal and systemd-consoled code for various
reasons:

 * It's been sitting there unfinished for over a year now and won't get
   finished any time soon.

 * Since its initial creation, several parts need significant rework: The
   input handling should be replaced with the now commonly used libinput,
   the drm accessors should coordinate the handling of mode-object
   hotplugging (including split connectors) with other DRM users, and the
   internal library users should be converted to sd-device and friends.

 * There is still significant kernel work required before sd-console is
   really useful. This includes, but is not limited to, simpledrm and
   drmlog.

 * The authority daemon is needed before all this code can be used for
   real. And this will definitely take a lot more time to get done as
   no-one else is currently working on this, but me.

 * kdbus maintenance has taken up way more time than I thought and it has
   much higher priority. I don't see me spending much time on the
   terminal code in the near future.

If anyone intends to hack on this, please feel free to contact me. I'll
gladly help you out with any issues. Once kdbus and authorityd are
finished (whenever that will be..) I'll definitely pick this up again. But
until then, lets reduce compile times and maintenance efforts on this code
and drop it for now.
2015-07-27 20:15:34 +02:00
Lennart Poettering
b242faae06 units: add more caps to machined
Otherwise copying full directory trees between container and host won't
work, as we cannot access some fiels and cannot adjust the ownership
properly on the destination.

Of course, adding these many caps to the daemon kinda defeats the
purpose of the caps lock-down... but well...

Fixes #433
2015-07-27 17:45:45 +02:00
Tom Gundersen
d2d1e36bee units: order networkd after sysctl
This way networkd will correctly and race-freely inherit the default settings
applied by sysctl.

Suggested in issue #468.
2015-07-23 21:04:58 +02:00
Martin Pitt
ac59f0c12c units: emergency.service: wait for plymouth to shut down
Merely calling "plymouth quit" isn't sufficient, as plymouth needs some time to
shut down. This needs plymouth --wait (which is a no-op when it's not running).

Fixes invisible emergency shell with plymouth running endlessly.

https://launchpad.net/bugs/1471258
2015-07-10 05:43:52 +02:00
Kay Sievers
1b09f548c7 turn kdbus support into a runtime option
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.

If no kdbus kernel support is available, dbus-dameon will be used.

With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.

With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support.
2015-06-17 18:01:49 +02:00
Lennart Poettering
efbea94798 Revert "hwdb: actually search /run/udev/hwdb.d" 2015-06-09 11:26:06 +02:00
Peter Hutterer
03dfe7b749 hwdb: actually search /run/udev/hwdb.d
The documentation claims hwdb entries may be placed in the volatile
/run/udev/hwdb.d directory but nothing actually looked at it.
2015-06-09 11:52:10 +10:00
Tom Gundersen
62f908b53c udevd: hook up watchdog support
We are already sending watchdog notification, this tells PID1 to actually listen for
them and restart udevd in case it gets stuck.
2015-05-29 18:52:13 +02:00
Lennart Poettering
01906c76c1 units: conditionalize audit multicast socket on CAP_AUDIT_READ
The multicast logic can only work if the capability is available, hence
require it.
2015-05-20 17:40:05 +02:00
Lennart Poettering
45d383a3b8 units: make sure systemd-nspawn@.slice instances are actually located in machine.slice
https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
2015-05-19 19:49:01 +02:00
Zbigniew Jędrzejewski-Szmek
903e7c37ca Use "new" --job-mode= option in more places
--irreversible/--ignore-dependencies/--fail are deprececated since 4dc5b821ae.

Also add shell completions for --jobs-mode.
2015-05-18 01:08:09 -04:00
Tom Gundersen
b5acb956d1 units: make networkd pull in its own .busname unit
The daemon requires the busname unit to operate (on kdbus systems),
since it contains the policy that allows it to acquire its service
name.

This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90287
2015-05-15 22:59:43 +02:00
Lennart Poettering
1dff320294 units: fix typo in systemd-resolved.service
There's no network.service unit, we actually mean network.target here.

Reported by Fco. Eduardo Ramírez.
2015-05-14 22:32:35 +02:00
Lennart Poettering
d3650f0c4b units: order nspawn containers after network.target
This way we know that any bridges and other user-created network devices
are in place, and can be properly added to the container.

In the long run this should be dropped, and replaced by direct calls
inside nspawn that cause the devices to be created when necessary.
2015-05-11 22:18:20 +02:00
Lennart Poettering
773ce3d89c nspawn: make sure we install the device policy if nspawn is run as unit as on the command line 2015-04-28 21:34:23 +02:00
Lennart Poettering
96d9117ad2 fsck: remove fsckd again, but keep the door open for external replacement
For a longer discussion see this:

http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html

This introduces /run/systemd/fsck.progress as a simply
AF_UNIX/SOCK_STREAM socket. If it exists and is connectable we'll
connect fsck's -c switch with it. If external programs want to get
progress data they should hence listen on this socket and will get
all they need via that socket. To get information about the connecting
fsck client they should use SO_PEERCRED.

Unless /run/systemd/fsck.progress is around and connectable this change
reverts back to v219 behaviour where we'd forward fsck output to
/dev/console on our own.
2015-04-28 17:30:00 +02:00
Zbigniew Jędrzejewski-Szmek
b53374f99b units: specify timeouts for more oneshot services
Even trivial service occasionally get stuck, for example when
there's a problem with the journal. There's nothing more annoying
that looking at the cylon eye for a job with an infinite timeout.

Use standard 90s for jobs that do some work, and 30s for those which
should be almost instantenous.
2015-04-28 08:52:17 -04:00
Daniel Mack
d6b07ef796 shutdownd: kill the old implementation
Not that all functionality has been ported over to logind, the old
implementation can be removed. There goes one of the oldest parts of
the systemd code base.
2015-04-24 17:48:12 +02:00
Lennart Poettering
658f26b828 units: set KillMode=mixed for our daemons that fork worker processes
The daemons should really have the time to kill the workers first,
before systemd does it, hence use KillMode=mixed for these daemons.

https://bugs.freedesktop.org/show_bug.cgi?id=90051
2015-04-24 16:14:46 +02:00
Lubomir Rintel
15d7b51724 importd: add CAP_DAC_OVERRIDE capability
Fedora's filesystem package ships /usr/bin (and other directories) which are
not writable by its owner. machinectl pull-dkr (and possibly others) are not
able to extract those:

  14182 mkdirat(3, "usr", 0700)           = 0
  14182 mkdirat(3, "usr/bin", 0500)       = 0
  14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied)
  ...
2015-04-21 02:45:34 +02:00
Lennart Poettering
49d7fc99b9 units: explicitly require /var, /tmp and /var/tmp to be mounted before basic.target
We support /var, /tmp and /var/tmp on NFS. NFS shares however are by
default ordered only before remote-fs.target which is a late-boot
service. /var, /tmp, /var/tmp need to be around earlier though, hence
explicitly order them before basic.target.

Note that this change simply makes explicit what was implicit before,
since many early-boot services pulled in parts of /var anyway early.
2015-04-03 14:32:32 +02:00
Lennart Poettering
efb3e19be9 units: explicitly order systemd-user-sessions.service after nss-user-lookup.target
We should not allow logins before NIS/LDAP users are available.
2015-04-03 14:31:35 +02:00
Lennart Poettering
d8f0930eec units: move After=systemd-hwdb-update.service dependency from udev to udev-trigger
Let's move the hwdb regeneration a bit later. Given that hwdb is
non-essential it should be OK to allow udev to run without it until we
do the full trigger.

http://lists.freedesktop.org/archives/systemd-devel/2015-April/030074.html
2015-04-03 14:27:16 +02:00
Dimitri John Ledkov
defa8e675b resolved: Do not add .busname dependencies, when compiling without kdbus. 2015-03-19 17:27:39 +01:00
Jan Pazdziora
1b41981d9a console-getty.service: don't start when /dev/console is missing
Create minimal image which runs systemd

   FROM rhel7.1
   RUN yum install -y /usr/bin/ps
   ENV container docker
   CMD [ "/usr/sbin/init" ]

When you run the container without -t, the process

   /sbin/agetty --noclear --keep-baud console 115200 38400 9600

is not happy and checking the journal in the container, there is a stream of

Mar 13 04:50:15 11bf07f59fff agetty[66]: /dev/console: No such file or directory
Mar 13 04:50:25 11bf07f59fff systemd[1]: console-getty.service holdoff time over, scheduling restart.
Mar 13 04:50:25 11bf07f59fff systemd[1]: Stopping Console Getty...
Mar 13 04:50:25 11bf07f59fff systemd[1]: Starting Console Getty...
Mar 13 04:50:25 11bf07f59fff systemd[1]: Started Console Getty.
Mar 13 04:50:25 11bf07f59fff agetty[67]: /dev/console: No such file or directory
Mar 13 04:50:35 11bf07f59fff systemd[1]: console-getty.service holdoff time over, scheduling restart.
Mar 13 04:50:35 11bf07f59fff systemd[1]: Stopping Console Getty...
Mar 13 04:50:35 11bf07f59fff systemd[1]: Starting Console Getty...
Mar 13 04:50:35 11bf07f59fff systemd[1]: Started Console Getty.
Mar 13 04:50:35 11bf07f59fff agetty[74]: /dev/console: No such file or directory
Mar 13 04:50:45 11bf07f59fff systemd[1]: console-getty.service holdoff time over, scheduling restart.
Mar 13 04:50:45 11bf07f59fff systemd[1]: Stopping Console Getty...
Mar 13 04:50:45 11bf07f59fff systemd[1]: Starting Console Getty...
2015-03-17 12:40:56 +01:00
Kay Sievers
4b16233e59 timesyncd: enable timesyncd in virtual machines
On Fri, Mar 13, 2015 at 8:25 PM, Michael Marineau <michael.marineau@coreos.com> wrote:
> Currently systemd-timesyncd.service includes
> ConditionVirtualization=no, disabling it in both containers and
> virtual machines. Each VM platform tends to deal with or ignore the
> time problem in their own special ways, KVM/QEMU has the kernel time
> source kvm-clock, Xen has had different schemes over the years, VMware
> expects a userspace daemon sync the clock, and other platforms are
> content to drift with the wind as far as I can tell.
>
> I don't know of a robust way to know if a platform needs a little
> extra help from userspace to keep the clock sane or not but it seems
> generally safer to try than to risk drifting. Does anyone know of a
> reason to leave timesyncd off by default? Otherwise switching to
> ConditionVirtualization=!container should be reasonable.
2015-03-15 19:44:59 +01:00
Zbigniew Jędrzejewski-Szmek
d99ce93383 units: there is no systemd-udev-hwdb-update.service 2015-03-14 23:03:21 -04:00
Lennart Poettering
35682f425f fsckd: make sure unprivileged clients cannot play games with fsckd 2015-03-09 19:38:23 +01:00
Lennart Poettering
4f3c168202 units: add missing unit file 2015-02-24 18:46:49 +01:00
Lennart Poettering
113b3fc1a8 importd: create a loopback btrfs file system for /var/lib/machines, if necessary
When manipulating container and VM images we need efficient and atomic
directory snapshots and file copies, as well as disk quota. btrfs
provides this, legacy file systems do not. Hence, implicitly create a
loopback file system in /var/lib/machines.raw and mount it to
/var/lib/machines, if that directory is not on btrfs anyway.

This is done implicitly and transparently the first time the user
invokes "machinectl import-xyz".

This allows us to take benefit of btrfs features for container
management without actually having the rest of the system use btrfs.

The loopback is sized 500M initially. Patches to grow it dynamically are
to follow.
2015-02-24 17:27:53 +01:00
Didier Roche
a80170f55c Add man page and references to it.
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part.
Adapt existing fsck man page.
2015-02-18 16:33:46 +01:00
Didier Roche
66f2ff06ca Add fsckd service and socket, retarget systemd-fsck
systemd-fsckd can be socket-activated by systemd-fsck process. Reflect that
in the different unit files.
2015-02-18 16:33:46 +01:00
Lennart Poettering
90adaa25e8 machined: move logic for bind mounting into containers from machinectl to machined
This extends the bus interface, adding BindMountMachine() for bind
mounting directories from the host into the container.
2015-02-17 17:49:21 +01:00
Lennart Poettering
7d5fed66a6 units: turn on --network-veth by default for systemd-nspawn@.service
Given the recent improvements in networkd, it's probably the better
default now.
2015-02-13 14:35:50 +01:00
Lennart Poettering
93391a8bad units: fix systemd-networkd.service in containers lacking CAP_NET_ADMIN 2015-02-13 14:30:05 +01:00
Lennart Poettering
a24111cea6 Revert "units: add SecureBits"
This reverts commit 6a716208b3.

Apparently this doesn't work.

http://lists.freedesktop.org/archives/systemd-devel/2015-February/028212.html
2015-02-11 18:28:06 +01:00
Topi Miettinen
6a716208b3 units: add SecureBits
No setuid programs are expected to be executed, so add
SecureBits=noroot noroot-locked
to unit files.
2015-02-11 17:33:36 +01:00
Tom Gundersen
30ae637af3 units: networkd - fix busname to work on kdbus 2015-02-06 12:12:13 +01:00
Tom Gundersen
a97dcc12e4 networkd: exit on idle
We will be woken up on rtnl or dbus activity, so let's just quit if some time has passed and that is the only thing that can happen.

Note that we will always stay around if we expect network activity (e.g. DHCP is enabled), as we are not restarted on that.
2015-02-05 12:04:19 +01:00
Tom Gundersen
e331e24649 networkd: add basic dbus API
Only the very basics, more to come.

For now:

$ busctl tree org.freedesktop.network1
└─/org/freedesktop/network1
  └─/org/freedesktop/network1/link
    ├─/org/freedesktop/network1/link/1
    ├─/org/freedesktop/network1/link/2
    ├─/org/freedesktop/network1/link/3
    ├─/org/freedesktop/network1/link/4
    ├─/org/freedesktop/network1/link/5
    ├─/org/freedesktop/network1/link/6
    ├─/org/freedesktop/network1/link/7
    ├─/org/freedesktop/network1/link/8
    └─/org/freedesktop/network1/link/9

$ busctl introspect org.freedesktop.network1 /org/freedesktop/network1
NAME                                TYPE      SIGNATURE RESULT/VALUE FLAGS
org.freedesktop.network1.Manager    interface -         -            -
.OperationalState                   property  s         "carrier" emits-change

$ busctl introspect org.freedesktop.network1 /org/freedesktop/network1/link/1
NAME                                TYPE      SIGNATURE RESULT/VALUE FLAGS
org.freedesktop.network1.Link       interface -         -            -
.AdministrativeState                property  s         "unmanaged" emits-change
.OperationalState                   property  s         "carrier" emits-change
2015-02-05 11:50:34 +01:00
Lennart Poettering
75f709fbf2 units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too
Fewer surprises, and stuff...
2015-02-02 21:34:32 +01:00
Tom Gundersen
5544ee8516 networkd: support socket activation
Still keep the non-socket activation code around for starting from the commandline, but
will likely drop that too in the future.
2015-02-02 11:57:52 +01:00
Zbigniew Jędrzejewski-Szmek
0775b9b611 units: set TimeoutSec on some oneshot services
Services which are not crucial to system bootup, and have Type=oneshot
can effectively "hang" the system if they fail to complete for whatever
reason. To allow the boot to continue, kill them after a timeout.

In case of systemd-journal-flush the flush will continue in the background,
and in the other two cases the job will be aborted, but this should not
result in any permanent problem.
2015-02-01 12:44:03 -05:00
Lennart Poettering
0ef403877a units: turn on watchdog for resolved 2015-01-27 14:31:44 +01:00
Lennart Poettering
e87bc3ef67 units: fix all TTY paths for container gettys
Spotted by Christian Seiler:

http://lists.freedesktop.org/archives/systemd-devel/2015-January/027441.html
2015-01-27 14:31:44 +01:00
Cristian Rodríguez
66b0e0e0e3 build-sys: lookup for sulogin, it might not be in /sbin 2015-01-23 19:09:37 +01:00
Lennart Poettering
e57565dd5b importd: run daemon at minimal capabilities 2015-01-22 18:55:08 +01:00
Lennart Poettering
3d7415f43f import: introduce new mini-daemon systemd-importd, and make machinectl a client to it
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.

machinectl now has verbs for pulling down images, cancelling them and
listing them.
2015-01-22 04:02:07 +01:00
David Herrmann
a8a1a43f48 bus-proxy: turn into multi-threaded daemon
Instead of using Accept=true and running one proxy for each connection, we
now run one proxy-daemon with a thread per connection. This will enable us
to share resources like policies in the future.
2015-01-17 14:00:19 +01:00
Lennart Poettering
de45d72603 journal: bump RLIMIT_NOFILE when journal files to 16K (if possible)
When there are a lot of split out journal files, we might run out of fds
quicker then we want. Hence: bump RLIMIT_NOFILE to 16K if possible.

Do these even for journalctl. On Fedora the soft RLIMIT_NOFILE is at 1K,
the hard at 4K by default for normal user processes, this code hence
bumps this up for users to 4K.

https://bugzilla.redhat.com/show_bug.cgi?id=1179980
2015-01-08 03:20:45 +01:00
Lennart Poettering
78ad7cf1b9 units: make resolved pull in its own .busname unit, but only on kdbus systems
The daemon requires the busname unit to operate, since it contains the
policy that allows it to acquire its service name.
2015-01-07 23:44:08 +01:00
Lennart Poettering
1535ef321f units: improve Description= for systemd's own busname unit 2015-01-07 23:44:08 +01:00
Lennart Poettering
13790add4b journald: allow restarting journald without losing stream connections
Making use of the fd storage capability of the previous commit, allow
restarting journald by serilizing stream state to /run, and pushing open
fds to PID 1.
2015-01-06 03:16:39 +01:00
Lennart Poettering
6a140df004 units: rework systemd-nspawn@.service unit
- Unescape instance name so that we can take almost anything as instance
  name.

- Introduce "machines.target" which consists of all enabled nspawns and
  can be used to start/stop them altogether

- Look for container directory using -M instead of harcoding the path in
  /var/lib/container
2014-12-29 17:00:05 +01:00
Lennart Poettering
8fa844dccf units: make graphical.target dependencies more complete and similar to those of multi-user.target 2014-12-29 17:00:05 +01:00
Lennart Poettering
cd61c3bfd7 machined/machinectl: add logic to show list of available images
This adds a new bus call to machined that enumerates /var/lib/container
and returns all trees stored in it, distuingishing three types:

        - GPT disk images, which are files suffixed with ".gpt"
        - directory trees
        - btrfs subvolumes
2014-12-19 19:19:29 +01:00
Tom Gundersen
65eb4378c3 systemd-hwdb: introduce new tool
This pulls out the hwdb managment from udevadm into an independent tool.

The old code is left in place for backwards compatibility, and easy of
testing, but all documentation is dropped to encourage use of the new
tool instead.
2014-12-18 15:37:27 +01:00
Mantas Mikulėnas
cf5a899751 build-sys: remove commented-out m4 from user@.service
Otherwise this actually remains in the generated unit in /usr/lib.

If you want to keep it commented out, a m4-compatible way would be:

    m4_ifdef(`HAVE_SMACK',
    dnl Capabilities=cap_mac_admin=i
    dnl SecureBits=keep-caps
    )
2014-12-14 12:54:16 -05:00
Lennart Poettering
1f3ba2bb4f build-sys: turn off SMACK capabilities stuff for now, since it is incompatible with nspawn 2014-12-10 22:14:19 +01:00
Lennart Poettering
795bc7e791 gitignore: hide some more files 2014-12-10 00:49:35 +01:00
Przemyslaw Kedzierski
dd5ae4c36c bus-proxy: cloning smack label
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.

It is done before and independent of dropping privileges.

The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.

The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.

In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.

In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
2014-12-09 18:23:24 +01:00
Lennart Poettering
68ac53e62f units: make sure container-getty@.service stops restarting when the pts device it is bound to is gone
We only want to restart the getty as long as the pts device is still
around. As soon as it is gone, the service should be removed to.

http://lists.freedesktop.org/archives/systemd-devel/2014-December/026048.html
2014-12-09 02:12:11 +01:00
WaLyong Cho
c18c2a0ea1 gitignore: ignore generated systemd-bootchart.service 2014-12-04 20:43:28 +01:00
Michal Sekletar
fe0b9cd3ba units: skip mounting /dev/hugepages if we don't have CAP_SYS_ADMIN
Preparation for allowing systemd to run gracefully in containers lacking
CAP_SYS_ADMIN.
2014-12-04 02:43:02 +01:00
WaLyong Cho
da64a1fc41 bootchart: add standalone bootchart service 2014-12-04 01:55:01 +01:00
Didier Roche
a1405db67c machine-id-commit: add unit file
The unit file only active the machine-id-commit helper if /etc is mounted
writable and /etc/machine-id is an independant mount point (should be a tmpfs).
2014-12-03 03:41:19 +01:00
Lennart Poettering
92ac127007 rc-local: drop SysVStartPriority= field which is now obsolete 2014-12-02 13:23:04 +01:00
Lennart Poettering
2e43ad9ca6 bus-proxy: automatically detect scope of bus and derive which XML snippets to load from that 2014-11-28 16:18:17 +01:00
Martin Pitt
574edc9006 nspawn: Add try-{host,guest} journal link modes
--link-journal={host,guest} fail if the host does not have persistent
journalling enabled and /var/log/journal/ does not exist. Even worse, as there
is no stdout/err any more, there is no error message to point that out.

Introduce two new modes "try-host" and "try-guest" which don't fail in this
case, and instead just silently skip the guest journal setup.

Change -j to mean "try-guest" instead of "guest", and fix the wrong --help
output for it (it said "host" before).

Change systemd-nspawn@.service.in to use "try-guest" so that this unit works
with both persistent and non-persistent journals on the host without failing.

https://bugs.debian.org/770275
2014-11-21 14:27:26 +01:00
Lennart Poettering
812bd1e6ab units: make sure rfkill service is bount to the actual hardware 2014-11-21 01:20:57 +01:00
Lennart Poettering
eab459bc06 Revert "systemd-logind.service: set Type=notify"
This reverts commit a4962513c5.

logind.service is a D-Bus service, hence we should use the dbus name as
indication that we are up. Type=dbus is implied if BusName= is
specified, as it is in this case.

This removes a warning that is printed because a BusName= is specified
for a Type=notify unit.
2014-11-21 01:17:52 +01:00
Dave Reisner
a4962513c5 systemd-logind.service: set Type=notify
The code already calls sd_notify("READY=1"), so we may as well take
advantage of the startup behavior in the unit. The same was done for
the journal in a87a38c20.
2014-11-19 08:13:34 -05:00
Daniel Mack
63cc4c3138 sd-bus: sync with kdbus upstream (ABI break)
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:

 * Each time a file system of this type is mounted, a new kdbus
   domain is created.

 * The layout inside each mount point is the same as before, except
   that domains are not hierarchically nested anymore.

 * Domains are therefore also unnamed now.

 * Unmounting a kdbusfs will automatically also detroy the
   associated domain.

 * Hence, the action of creating a kdbus domain is now as
   privileged as mounting a filesystem.

 * This way, we can get around creating dev nodes for everything,
   which is last but not least something that is not limited by
   20-bit minor numbers.

The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.

A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
2014-11-13 20:41:52 +01:00
Zbigniew Jędrzejewski-Szmek
58f2fab16d units: restore job timeouts for poweroff and reboot
It seems that there actually aren't any long running tasks which are
performed at shutdown. If it turns out that there actually are, this
should be revisited.

This reverts most of commit 038193efa6.
2014-11-06 08:17:45 -05:00
Zbigniew Jędrzejewski-Szmek
038193efa6 units: disable job timeouts
For boot, we might kill fsck in the middle, with likely catastrophic
consequences.

On shutdown there might be other jobs, like downloading of updates for
installation, and other custom jobs. It seems better to schedule an
individual timeout on each one separately, when it is known what
timeout is useful.

Disable the timeouts for now, until we have a clearer picture of how
we can deal with long-running jobs.
2014-11-05 20:45:10 -05:00
Lennart Poettering
a931ad47a8 core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.

For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.

Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.

Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.

This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
2014-11-05 18:49:14 +01:00
Michal Schmidt
a87a38c201 units: make systemd-journald.service Type=notify
It already calls sd_notify(), so it looks like an oversight.

Without it, its ordering to systemd-journal-flush.service is
non-deterministic and the SIGUSR1 from flushing may kill journald before
it has its signal handlers set up.

https://bugs.freedesktop.org/show_bug.cgi?id=85871
https://bugzilla.redhat.com/show_bug.cgi?id=1159641
2014-11-04 20:32:42 +01:00
Lennart Poettering
d5d78543a2 units: make ReceiveBuffer= line more readable by using M suffix 2014-11-03 21:51:28 +01:00
Lennart Poettering
cfb1f5df7c core: introduce ConditionSecurity=audit
And conditionalize journald audit support with it
2014-11-03 21:51:28 +01:00
Lennart Poettering
875c2e220e journald: if available pull audit messages from the kernel into journal logs 2014-11-03 21:51:28 +01:00
Zbigniew Jędrzejewski-Szmek
1f1926aa5e units: order sd-journal-flush after sd-remount-fs
Otherwise we could attempt to flush the journal while /var/log/ was
still ro, and silently skip journal flushing.

The way that errors in flushing are handled should still be changed to
be more transparent and robust.
2014-11-02 21:52:56 -05:00
Zbigniew Jędrzejewski-Szmek
3b02170360 unit: do not order timers.target before basic.target
Since commit 19f8d03783 'timer: order OnCalendar units after
timer-sync.target if DefaultDependencies=no' timers might get a
dependency on time-sync.target, which does not really belong in early
boot. If ntp is enabled, time-sync.target might be delayed until a
network connection is established.

It turns out that majority of timer units found in the wild do not
need to be started in early boot. Out of the timer units available in
Fedora 21, only systemd-readahead-done.timer and mdadm-last-resort@.timer
should be started early, but they both have DefaultDependencies=no,
so are not part of timers.target anyway. All the rest look like they
will be fine with being started a bit later (and the majority even
much later, since they run daily or weekly).

Let timers.target be pulled in by basic.target, but without the
temporal dependency. This means timer units are started on a "best
effort" schedule.

https://bugzilla.redhat.com/show_bug.cgi?id=1158206
2014-11-02 12:33:54 -05:00
Zbigniew Jędrzejewski-Szmek
a65b824577 systemd-journal-flush.service: remove "trigger" from description
This service is now synchronous, so "trigger" is misleading.
2014-11-01 14:39:48 -04:00
Lennart Poettering
919699ec30 units: don't order journal flushing afte remote-fs.target
Instead, only depend on the actual file systems we need.

This should solve dep loops on setups where remote-fs.target is moved
into late boot.
2014-10-31 16:23:39 +01:00
Martin Pitt
33488f1979 udev hwdb: Support shipping pre-compiled database in system images
In some cases it is preferable to ship system images with a pre-generated
binary hwdb database, to avoid having to build it at runtime, avoid shipping
the source hwdb files, or avoid storing large binary files in /etc.

So if hwdb.bin does not exist in /etc/udev/, fall back to looking for it in
UDEVLIBEXECDIR. This keeps the possibility to add files to /etc/udev/hwdb.d/
and re-generating the database which trumps the one in /usr/lib.

Add a new --usr flag to "udevadm hwdb --update" which puts the database
into UDEVLIBEXECDIR.

Adjust systemd-udev-hwdb-update.service to not generate the file in /etc if we
already have it in /usr.
2014-10-28 14:28:18 +01:00
Lennart Poettering
3898b80d40 units: define appropriate job timeout actions when boot or shutdown timeouts are hit
Using the new JobTimeoutAction= setting make sure we power off the
machine after basic.target is queued for longer than 15min but not
executed. Similar, if poweroff.target is queued for longer than 30min
but does not complete, forcibly turn off the system. Similar, if
reboot.target is queued for longer than 30min but does not complete,
forcibly reboot the system.
2014-10-28 02:19:55 +01:00
Tom Gundersen
8c94052ee5 units: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot
This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot.
2014-10-27 17:40:24 +01:00
Lennart Poettering
b825ab1a99 units: run firstboot before sysusers, so that firstboot can initialize the root password 2014-10-23 01:24:59 +02:00
Lennart Poettering
74055aa762 journalctl: add new --flush command and make use of it in systemd-journal-flush.service
This new command will ask the journal daemon to flush all log data
stored in /run to /var, and wait for it to complete. This is useful, so
that in case of Storage=persistent we can order systemd-tmpfiles-setup
afterwards, to ensure any possibly newly created directory in /var/log
gets proper access mode and owners.
2014-10-23 00:39:42 +02:00
Juho Son
f2a474aea8 journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
systemd-journald check the cgroup id to support rate limit option for
every messages. so journald should be available to access cgroup node in
each process send messages to journald.
In system using SMACK, cgroup node in proc is assigned execute label
as each process's execute label.
so if journald don't want to denied for every process, journald
should have all of access rule for all process's label.
It's too heavy. so we could give special smack label for journald te get
all accesses's permission.
'^' label.
When assign '^' execute smack label to systemd-journald,
systemd-journald need to add  CAP_MAC_OVERRIDE capability to get that smack privilege.

so I want to notice this information and set default capability to
journald whether system use SMACK or not.
because that capability affect to only smack enabled kernel
2014-10-22 19:12:06 +02:00
Ivan Shapovalov
5516ae4419 systemd-hibernate-resume@.service: remove unnecessary ordering
They were left from an early review iteration, when hibernate-resume
functionality was intended to work also outside of initramfs.
Now this is not the case, and these dependencies became redundant
as systemd-fsck-root.service can never be part of initramfs, and
systemd-remount-fs.service makes little sense in it.
2014-10-09 23:53:15 -04:00
Lukasz Skalski
374738d55b logind: mount per-user tmpfs with 'smackfsroot=*' for smack enabled systems 2014-10-09 11:38:59 +02:00
Tom Gundersen
2355af60dc consoled: add a unit file
The unit file is statically enabled, but still requires --enable-terminal
to actually get installed.
2014-10-04 13:19:18 +02:00
Daniel Buch
d6bc8348d5 readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
Tom Gundersen
4bd5ace3e7 units: networkd - order after udev
This way we are sure that /dev/net/tun has been given the right permissions before we try to connect to it.
Ideally, we should create tun/tap devices over netlink, and then this whole issue would go away.
2014-09-08 15:07:51 +02:00
Harald Hoyer
f3b8fbb1da initrd-parse-etc.service: ignore return code of daemon-reload
It seems the return code of systemctl daemon-reload can be !=0 in some
circumstances, which causes a failure of the unit and breaks booting in
the initrd.
2014-09-03 13:28:31 +02:00
Zbigniew Jędrzejewski-Szmek
42377d6bb7 units: update rescue.service and emergency.service
^D works in emergency.service too. One needs to log in when in rescue
mode too.
2014-08-31 00:04:44 -04:00
Zbigniew Jędrzejewski-Szmek
9c0804278b units: m4 is not needed for rescue.service 2014-08-31 00:00:06 -04:00
Zbigniew Jędrzejewski-Szmek
87502e5868 units: make emergency.service conflict with rescue.service
They both use StandardInput=tty-force so they cannot be run
concurrently.

https://bugs.freedesktop.org/show_bug.cgi?id=82778
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757072
2014-08-30 22:33:40 -04:00
Marius Tessmann
fd5ab841e7 systemd-journal-upload: fix invalid After=
After= belongs into [Unit], not [Install]. Found with systemd-analyze
verify.
2014-08-28 18:06:02 -04:00
Marius Tessmann
47542dc8b6 systemd-firstboot.service: fix man page section
Found with systemd-analyze verify.
2014-08-28 18:06:02 -04:00
Ivan Shapovalov
42483a7474 hibernate-resume: add a tool to write a device node's major:minor to /sys/power/resume.
This can be used to initiate a resume from hibernation by path to a swap
device containing the hibernation image.

The respective templated unit is also added. It is instantiated using
path to the desired resume device.
2014-08-26 22:19:54 +02:00
Ivan Shapovalov
66f311206e units: order systemd-fsck@.service after local-fs-pre.target.
With this change, it becomes possible to order a unit to activate before any
modifications to the file systems. This is especially useful for supporting
resume from hibernation.
2014-08-26 22:19:50 +02:00
Lennart Poettering
c22bf27bee unit: remove spurious newline 2014-08-15 13:19:03 +02:00
Umut Tezduyar Lindskog
12e34d9d58 ldconfig: add configure option to disable 2014-08-14 01:01:43 +02:00
Lennart Poettering
5e8b767df6 journald: also increase the SendBuffer of /dev/log to 8M
http://lists.freedesktop.org/archives/systemd-devel/2014-August/021825.html
2014-08-13 18:53:05 +02:00
Umut Tezduyar Lindskog
e72f054eb5 ldconfig: dont run it if ldconfig is not installed 2014-08-03 00:33:01 -04:00
Zbigniew Jędrzejewski-Szmek
fa8b8030a4 units: fix typo
vrutkovs> zbyszek:
http://cgit.freedesktop.org/systemd/systemd/diff/units/systemd-journal-upload.service.in?id=ad95fd1d2b9c6344864857c2ba7634fd87753f8e - typo in Group name
2014-07-17 08:08:38 -04:00
Michael Olbrich
4bf04322b8 units/serial-getty@.service: use the default RestartSec
For pluggable ttys such as USB serial devices, the getty is restarted
and exits in a loop until the remove event reaches systemd. Under
certain circumstances the restart loop can overload the system in a
way that prevents the remove event from reaching systemd for a long
time (e.g. at least several minutes on a small embedded system).

Use the default RestartSec to prevent the restart loop from
overloading the system. Serial gettys are interactive units, so
waiting an extra 100ms really doesn't make a difference anyways
compared to the time it takes the user to log in.
2014-07-15 23:51:10 -04:00
Zbigniew Jędrzejewski-Szmek
ad95fd1d2b journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
Kay Sievers
b7e6c03d3b resolved: add busname unit file 2014-07-16 04:12:03 +02:00
Michal Sekletar
d338151228 units: make ExecStopPost action part of ExecStart
Currently after exiting rescue shell we isolate default target. User
might want to isolate to some other target than default one. However
issuing systemctl isolate command to desired target would bring system
to default target as a consequence of running ExecStopPost action.

Having common ancestor for rescue shell and possible followup systemctl
default command should fix this. If user exits rescue shell we will
proceed with isolating default target, otherwise, on manual isolate,
parent shell process is terminated and we don't isolate default target,
but target chosen by user.

Suggested-by: Michal Schmidt <mschmidt@redhat.com>
2014-07-09 18:21:04 +02:00
Lennart Poettering
e26807239b firstboot: get rid of firstboot generator again, introduce ConditionFirstBoot= instead
As Zbigniew pointed out a new ConditionFirstBoot= appears like the nicer
way to hook in systemd-firstboot.service on first boots (those with /etc
unpopulated), so let's do this, and get rid of the generator again.
2014-07-07 21:05:09 +02:00
Lennart Poettering
418b9be500 firstboot: add new component to query basic system settings on first boot, or when creating OS images offline
A new tool "systemd-firstboot" can be used either interactively on boot,
where it will query basic locale, timezone, hostname, root password
information and set it. Or it can be used non-interactively from the
command line when prepareing disk images for booting. When used
non-inertactively the tool can either copy settings from the host, or
take settings on the command line.

$ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi

The tool will be automatically invoked (interactively) now on first boot
if /etc is found unpopulated.

This also creates the infrastructure for generators to be notified via
an environment variable whether they are running on the first boot, or
not.
2014-07-07 15:25:55 +02:00
Lennart Poettering
fa229d0928 units: conditionalize configfs and debugfs with CAP_SYS_RAWIO
We really don't want these in containers as they provide a too lowlevel
look on the system.

Conditionalize them with CAP_SYS_RAWIO since that's required to access
/proc/kcore, /dev/kmem and similar, which feel similar in style. Also,
npsawn containers lack that capability.
2014-07-04 03:24:42 +02:00
Lennart Poettering
e0c74691c4 units: conditionalize static device node logic on CAP_SYS_MODULES instead of CAP_MKNOD
npsawn containers generally have CAP_MKNOD, since this is required
to make PrviateDevices= work. Thus, it's not useful anymore to
conditionalize the kmod static device node units.

Use CAP_SYS_MODULES instead which is not available for nspawn
containers. However, the static device node logic is only done for being
able to autoload modules with it, and if we can't do that there's no
point in doing it.
2014-07-04 03:24:41 +02:00
Lennart Poettering
717603e391 machinectl: show /etc/os-release information of container in status output 2014-07-03 17:54:24 +02:00
Lennart Poettering
ce38dbc84b nspawn: when running in a service unit, use systemd for restarts
THis way we can remove cgroup priviliges after setup, but get them back
for the next restart, as we need it.
2014-07-03 12:51:07 +02:00
Lennart Poettering
7caa86ac4d man: document systemd-update-done.service 2014-07-01 00:16:48 +02:00
Lennart Poettering
8ebf02d6f3 units: skip mounting /tmp if it is a symlink
We shouldn't get confused if people have symlinked /tmp somewhere, so
let's simply skip the mount then.
2014-06-30 22:49:10 +02:00
Tom Gundersen
3005a221f1 units: networkd - don't order wait-online.service before network.target
Reported by Michael Olbrich.
2014-06-30 13:06:33 +02:00
Tom Gundersen
1f87d09e98 units: local-fs.target - don't pull in default dependencies
Reported by Gerardo Exequiel Pozzi:

Looks like [commit a4a878d0] also changes a unrelated file
(units/local-fs.target) [partially]reverting the commit
40f862e3 (filesystem targets: disable default dependencies)

The side effect, at least in my case is that the "nofail" option in both
"crypttab" and "fstab" has partial effect does the default timeout
instead of continue normal boot without timeout.
2014-06-29 16:20:33 +02:00
Zbigniew Jędrzejewski-Szmek
0fdeb6e011 units: remove RefuseManualStart from units which are always around
In a normal running system, non-passive targets and units used during
early bootup are always started. So refusing "manual start" for them
doesn't make any difference, because a "start" command doesn't cause
any action.

In early boot however, the administrator might want to start on
of those targets or services by hand. We shouldn't interfere with that.

Note: in case of systemd-tmpfiles-setup.service, really running the
unit after system is up would break the system. So e.g. restarting
should not be allowed. The unit has "RefuseManualStop=yes", which
prevents restart too.
2014-06-28 00:06:30 -04:00
Cristian Rodríguez
0b73eab7a2 units/systemd-sysctl.service.in: run after load-modules
Modules might or will register new sysctl options.

[zj: This mechanism of adding modules just to reliably set sysctl
attributes is not ideal. Nevertheless, sysctl for dynamically created
attributes is simply broken, and this is the easiest workaround.]

https://bugzilla.redhat.com/show_bug.cgi?id=1022977
https://bugzilla.novell.com/show_bug.cgi?id=725412
2014-06-19 20:21:24 -04:00
Lennart Poettering
497d1986c1 units: order systemd-tmpfiles-clean.service after time-sync.target
That way, on systems lacking an RTC we don't false start removing aged
files too early.
2014-06-20 00:15:39 +02:00
Lennart Poettering
a55954297d units: add missing caps so that GetAddresses() can work 2014-06-19 19:53:16 +02:00
Lennart Poettering
9542239eaf cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup
https://bugzilla.redhat.com/show_bug.cgi?id=1097938
2014-06-18 00:09:46 +02:00
Kay Sievers
01b85ba3ad timesyncd: do not start in virtualized environments 2014-06-17 03:34:09 +02:00
Lennart Poettering
689d781b87 units: minor cleanups 2014-06-17 02:43:44 +02:00
Lennart Poettering
324d7a53b9 networkd: don't pull in systemd-networkd-wait-online service from systemd-networkd when enabling
networkd-wait-online should never exist in the default transaction,
unless explicitly enable or pulled in via things like NFS. However, just
enabling networkd shouldn't enable networkd-wait-online, since it's
common to use the former without the latter.
2014-06-17 02:43:44 +02:00
Lennart Poettering
d54c499369 install: introduce new DefaultInstance= field for [Install] sections
The DefaultInstance= name is used when enabling template units when only
specifying the template name, but no instance.

Add DefaultInstance=tty1 to getty@.service, so that when the template
itself is enabled an instance for tty1 is created.

This is useful so that we "systemctl preset-all" can work properly,
because we can operate on getty@.service after finding it, and the right
instance is created.
2014-06-17 02:43:43 +02:00
Lennart Poettering
137243fd13 units: add a service to invoke ldconfig on system updates at boot 2014-06-16 12:33:22 +02:00
Lennart Poettering
b63bb8a724 units: drop RefuseManualStart= from a couple of update services
The only update service we really need to guard like this is
systemd-tmpfiles-setup.service since if invoked manually might create
/var/run/nologin and thus blocking the user from login. The other
services are pretty much idempotent and don't suffer by this problem,
hence let's simplify them.
2014-06-16 12:25:49 +02:00
Lennart Poettering
2db7648aa8 units: bring systemd-tmpfiles-setup-dev.service closer to systemd-tmpfiles-setup.service
Among other things, order both services relative to
systemd-sysusers.service in the same direction.
2014-06-15 23:42:53 +02:00
Kay Sievers
3a0efd7030 sysusers: order before tmpfiles which need the ids 2014-06-14 22:17:15 +02:00
Lennart Poettering
b532bdeae9 rpm: add RPM macros to apply sysusers, sysctl, and binfmt drop-ins
With this in place RPMs can make sure that whatever they drop in is
immeidately applied, and not delayed until next reboot.

This also moves systemd-sysusers back to /usr/bin, since hardcoding the
path to /usr/lib in the macros would mean compatibility breaks in
future, should we turn sysusers into a command that is actually OK for
people to call directly. And given that that is quite likely to happen
(since it is useful to prepare images with its --root= switch), let's
just prepare for it.
2014-06-13 20:11:59 +02:00
Lennart Poettering
ecde7065f7 units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on boot
Only when necessary of course, nicely guarded with the new
ConditionNeedsUpdate= condition we added.
2014-06-13 13:26:32 +02:00
Lennart Poettering
a55654d598 core: add new ConditionNeedsUpdate= unit condition
This new condition allows checking whether /etc or /var are out-of-date
relative to /usr. This is the counterpart for the update flag managed by
systemd-update-done.service. Services that want to be started once after
/usr got updated should use:

        [Unit]
        ConditionNeedsUpdate=/etc
        Before=systemd-update-done.service

This makes sure that they are only run if /etc is out-of-date relative
to /usr. And that it will be executed after systemd-update-done.service
which is responsible for marking /etc up-to-date relative to the current
/usr.

ConditionNeedsUpdate= will also checks whether /etc is actually
writable, and not trigger if it isn't, since no update is possible then.
2014-06-13 13:26:32 +02:00
Lennart Poettering
8ea48dfcd3 update-done: add minimal tool to manage system updates for /etc and /var, if /usr has changed
In order to support offline updates to /usr, we need to be able to run
certain tasks on next boot-up to bring /etc and /var in line with the
updated /usr. Hence, let's devise a mechanism how we can detect whether
/etc or /var are not up-to-date with /usr anymore: we keep "touch
files" in /etc/.updated and /var/.updated that are mtime-compared with
/usr. This means:

Whenever the vendor OS tree in /usr is updated, and any services that
shall be executed at next boot shall be triggered, it is sufficient to
update the mtime of /usr itself. At next boot, if /etc/.updated and/or
/var/.updated is older than than /usr (or missing), we know we have to
run the update tools once. After that is completed we need to update the
mtime of these files to the one of /usr, to keep track that we made the
necessary updates, and won't repeat them on next reboot.

A subsequent commit adds a new ConditionNeedsUpdate= condition that
allows checking on boot whether /etc or /var are outdated and need
updating.

This is an early step to allow booting up with an empty /etc, with
automatic rebuilding of the necessary cache files or user databases
therein, as well as supporting later updates of /usr that then propagate
to /etc and /var again.
2014-06-13 13:26:32 +02:00
Lennart Poettering
d4c049bfcd units: don't conditionalize sysctl service
We install two sysctl snippets ourselves, hence the condition will
always trigger, so no point in tryng to optimize things with this, it
just will make things slower, if anything.
2014-06-13 13:26:32 +02:00
Lennart Poettering
db62b5b37e units: remove conditions from systemd-tmpfiles-setup
There's no point in conditionalizing systemd-tmpfiles at boot, since we
ship tmpfiles snippets ourselves, hence they will always trigger anyway.

Also, there's no reason to pull in local-fs.target from the service,
hence drop that.
2014-06-13 13:26:32 +02:00
Kay Sievers
0138a2dcc5 debug-shell: add condition for tty device to run on 2014-06-12 22:26:43 +02:00
Lennart Poettering
58e027023b units: order network-online.target after network.target
There might be implementations around where the network-online logic
might not talk to any network configuration service (and thus not have
to wait for it), hence let's explicitly order network-online.target
after network.target to avoid any ambiguities.
2014-06-11 15:00:45 +02:00
Lennart Poettering
96bf4ee252 units: time-sync.target probably makes sense, is not just sysv compat 2014-06-11 12:14:55 +02:00
Lennart Poettering
a4a878d040 units: introduce network-pre.target as place to hook in firewalls
network-pre.target is a passive target that should be pulled in by
services that want to be executed before any network is configured (for
example: firewall scrips).

network-pre.target should be ordered before all network managemet
services (but not be pulled in by them).

network-pre.target should be order after all services that want to be
executed before any network is configured (and be pulled in by them).
2014-06-11 12:14:55 +02:00
Mantas Mikulėnas
62be1c9aab bus-proxy: fix misplaced s/system/session/ 2014-06-10 19:34:34 +02:00
Lennart Poettering
2e2b36084a bus-proxy: read the right policy when running in user mode 2014-06-10 17:56:51 +02:00
Lennart Poettering
55152b6ede units: pull in time-sync.target from systemd-timedated.service
After all, that's what we document for time-sync.target in
systemd.special(5), hence let's follow our own suggestion.
2014-06-06 16:20:33 +02:00
Lennart Poettering
3c52ad9237 units: fix minor typo 2014-06-06 14:38:04 +02:00
Lennart Poettering
1b8689f949 core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.

With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
2014-06-04 18:12:55 +02:00
Lennart Poettering
7e9f159ca7 initctl: move /dev/initctl fifo into /run, replace it by symlink
With this change we have no fifos/sockets remaining in /dev.
2014-06-04 16:53:58 +02:00
Lennart Poettering
03ee5c38cb journald: move /dev/log socket to /run
This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.
2014-06-04 16:53:58 +02:00
Lennart Poettering
6a010ac9e5 bus-proxy: drop priviliges if we can
Either become uid/gid of the client we have been forked for, or become
the "systemd-bus-proxy" user if the client was root. We retain
CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-04 11:13:08 +02:00
Kay Sievers
72543b361d remove ReadOnlySystem and ProtectedHome from udevd and logind
logind needs access to /run/user/, udevd fails during early boot
with these settings
2014-06-04 01:41:15 +02:00
Lennart Poettering
417116f234 core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
2014-06-03 23:57:51 +02:00
Tom Gundersen
682265d5e2 resolved: run as unpriviliged "systemd-resolve" user
This service is not yet network facing, but let's prepare nonetheless.
Currently all caps are dropped, but some may need to be kept in the
future.
2014-06-03 10:40:28 +02:00
Tom Gundersen
bddfc8afd3 networkd: drop CAP_SYS_MODULE
Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.
2014-06-03 00:40:23 +02:00
Lennart Poettering
d3cf48f4bd networkd: run as unpriviliged "systemd-network" user
This allows us to run networkd mostly unpriviliged with the exception of
CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter
though...
2014-06-01 09:12:00 +02:00
Lennart Poettering
40393d5247 units: remove CAP_SYS_PTRACE capability from hostnamed/networkd
The ptrace capability was only necessary to detect virtualizations
environments. Since we changed the logic to determine this to not
require priviliges, there's no need to carry the CAP_SYS_PTRACE
capability anymore.
2014-06-01 08:54:09 +02:00
Jonathan Liu
d8e40d62ab units: use KillMode=mixed for systemd-nspawn@.service
This causes the container to shut down cleanly when the service is
stopped.
2014-05-30 09:36:29 -04:00
Kay Sievers
d636d37679 timesyncd: only update stamp file when we are synchronized
Create initial stamp file with compiled-in time to prevent bootups
with clocks in the future from storing invalid timestamps.

At shutdown, only update the timestamp if we got an authoritative
time to store.
2014-05-24 08:04:56 +08:00
Kay Sievers
52ffb444cb timesyncd: order after tmpfiles to get a working network monitor 2014-05-22 07:57:33 +09:00
Lennart Poettering
ece6e766cf timesyncd: save clock to disk everytime we get an NTP fix, and bump clock at boot using this
This is useful to make sure the system clock stays monotonic even on
systems that lack an RTC.

Also, why we are at it, also use the systemd release time for bumping
the clock, since it's a slightly less bad than starting with jan 1st,
1970.

This also moves timesyncd into the early bootphase, in order to make
sure this initial bump is guaranteed to have finished by the time we
start real daemons which might write to the file systemd and thus
shouldn't leave 1970's timestamps all over the place...
2014-05-21 00:23:39 +09:00
Tom Gundersen
091a364c80 resolved: add daemon to manage resolv.conf
Also remove the equivalent functionality from networkd.
2014-05-19 18:14:56 +02:00
Lennart Poettering
9f7115498b timesyncd: enable watchdog support 2014-05-18 20:52:49 +09:00
Lennart Poettering
a349eb10d3 timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still with CAP_SYS_TIME) 2014-05-18 20:52:49 +09:00
Tom Gundersen
7da489e630 Revert "networkd: order after udev kernel socket"
This reverts commit a555350d47.

This did not fix the problem, just made it harder to hit.
2014-05-16 14:52:02 +02:00
Lennart Poettering
e3ad07d21c timesyncd: limit capabilities to CAP_SYS_TIME 2014-05-15 18:55:19 +02:00
Tom Gundersen
0968137439 timesyncd: start after networkd
This is needed for the network monitor to work (as it requires networkd to set up the correct directories first).
2014-05-13 12:44:22 +02:00
Tom Gundersen
7c8ec321e7 networkd: unit - add cap to load modules
Remember to drop this when the kernel gains autoloading for all netdev kinds.
2014-05-12 17:37:52 +02:00
Kay Sievers
a91df40e69 timesyncd: add unit and man page 2014-04-29 09:51:53 +02:00
Tom Gundersen
3a67e927e3 networkd-wait-online: improve interoptability and enable by default
To make sure we don't delay boot on systems where (some) network links are managed by someone else
we don't block if something else has successfully brought up a link.

We will still block until all links we are aware of that are  managed by networkd have been
configured, but if no such links exist, and someone else have configured a link sufficiently
that it has a carrier, it may be that the link is ready so we should no longer block.

Note that in all likelyhood the link is not ready (no addresses/routes configured),
so whatever network managment daemon configured it should provide a similar wait-online
service to block network-online.target until it is ready.

The aim is to block as long as we know networking is not fully configured, but no longer. This
will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't
know whether networkd is the main/only network manager.

Even in the case networking is fully configured by networkd, the default behavior may not be
sufficient: if two links need to be configured, but the first is fully configured before the
second one appears we will assume the network is up. To work around that, we allow specifying
specific devices to wait for before considering the network up.

This unit is enabled by default, just like systemd-networkd, but will only be pulled in if
anyone pulls in network-online.target.
2014-04-24 00:23:07 +02:00
Kay Sievers
0fbedd1fdc remove bus-driverd, the interface is now handled natively by bus-proxyd 2014-04-22 19:31:26 +02:00
Tom Gundersen
a555350d47 networkd: order after udev kernel socket
Otherwise we will not be able to queuery whether devices are initialized on kdbus enabled systems.
2014-04-19 22:13:49 +02:00
Kay Sievers
4851ac4526 bus: provide org.freedesktop.systemd1.busname for systemd --user 2014-03-26 03:38:48 +01:00
Tom Gundersen
6c7c89dfc6 networkd: add CapabilityBoundingSet 2014-03-24 17:13:24 +01:00
Lennart Poettering
48791a98be units: networkd shouldn't have PrivateTmp= set, since it runs in early-boot
/tmp is only available in later boot, and we shouldn't create private
subdirs in it hence, while we are still in early boot.
2014-03-24 16:48:39 +01:00
Lennart Poettering
c2c13f2df4 unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
2014-03-20 04:16:39 +01:00
Lennart Poettering
f21a71a907 core: enable PrivateNetwork= for a number of our long running services where this is useful 2014-03-19 23:25:28 +01:00
Lennart Poettering
d99a705296 units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons 2014-03-19 19:09:00 +01:00
Daniel Mack
5892a914d1 busname: introduce Activating directive
Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.

If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running.
2014-03-19 02:25:36 +01:00
Hendrik Brueckner
fc6c7fe9be getty: Start getty on 3270 terminals available on Linux on System z
Add the first 3270 terminal device that is associated with the Linux preferred
console to the list of virtualization consoles.  This is required to
automatically start a getty if the conmode=3270 kernel parameter is specified
for Linux on z/VM instances.  Note that a queued upstream patch also enable
the 3270 terminal device if it is associated with the Linux preferred console.
How

To successfully start agetty on a 3270 terminal, a change in the agetty
parameter order is required.  Previously, agetty would started like this:

    /sbin/agetty --keep-baud 3270/tty1 115200,38400,9600 TERM

The agetty program interprets the "3270/tty1" as baud rate and fails to start
with the "bad speed: 3270/tty1" error message.  Fixing this in agetty is more
complex rather than reordering the command line parameters like this:

    /sbin/agetty --keep-baud 115200,38400,9600 3270/tty1 TERM

According to agetty sources and "agetty --help", agetty accepts the "tty",
"baudrate tty", and "tty baudrate" specifications.

P.S. The "tty: Set correct tty name in 'active' sysfs attribute" introduces
     a change to display the terminal device which is associated with the
     Linux preferred console.  This change helps to let systemd handle this
     particular case only.  Without the changes of this commit, no additional
     3270 terminal device can be managed by systemd.

     https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?id=723abd87f6e536f1353c8f64f621520bc29523a3
2014-03-13 10:42:26 +01:00
Kay Sievers
d5ce683c07 units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
Daniel Mack
fe8d029277 units: set 'AllowUser=root own' and 'AllowWorld=talk' own for all .busname files 2014-03-07 19:19:02 +01:00
Thomas Bächler
6c49212741 units: Do not unescape instance name in systemd-backlight@.service
The instance name is never escaped in the udev rule, but unescaped in the unit.
This results in the following error message on Asus boards:

  Failed to get backlight or LED device 'backlight:eeepc/wmi': No such file or directory
2014-03-07 00:30:56 -05:00
Lennart Poettering
9533ad1f42 units: don't use the word 'Reboot' for Startup, but simply 'Boot' 2014-03-06 05:04:51 +01:00
Lennart Poettering
d1a6f44125 units: properly capitalize the unit description 2014-03-06 05:04:51 +01:00
Zbigniew Jędrzejewski-Szmek
1ae383a8a3 Use /var/run/dbus/system_bus_socket for the D-Bus socket 2014-02-25 21:26:42 -05:00
Zbigniew Jędrzejewski-Szmek
7143555ce8 units/serial-getty@.service: add [Install] section
This makes it easier to manually enable and disable
specific gettys, and also mirrors getty@.service.

http://lists.freedesktop.org/archives/systemd-devel/2014-February/017329.html
2014-02-24 08:07:34 -05:00
Jason A. Donenfeld
c4a0b20c7a install: do not statically enable systemd-networkd
[tomegun: pruned the commit message as not to contradict the follow-up commit]
2014-02-21 14:37:53 +01:00
Zbigniew Jędrzejewski-Szmek
8f9c6fe5ff units: systemd-logind fails hard without dbus
That is, without --enable-kdbus and kdbus running.

With --enable-kdbus things are more complicated, because dbus might be
necessary, if kdbus is missing at runtime. If it is not necessary,
the socket will be started, which is not imporant, but not the service.
2014-02-14 19:00:32 -05:00
Lennart Poettering
c480d2f8bc units: make use of nspawn's --keep-unit switch in systemd-nspawn@.service 2014-02-11 21:13:51 +01:00
Lennart Poettering
58ea275a68 core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes
This should fix some race with terminating systemd --user, where the
system systemd instance might race against the user systemd instance
when sending SIGTERM.
2014-01-29 13:42:06 +01:00
Tom Gundersen
bcbca8291f networkd: don't hard depend on system bus
We may not have a dbus daemon in the initrd (until we can rely on kdbus). In
this case, simply ignore any attempts at using the bus. There is only one user
for now, but surely more to come.

In order to work reliably in the real root without kdbus, but at the same time
don't delay boot when kdbus is in use, order ourselves after dbus.service.
2014-01-18 01:56:41 +01:00
Lennart Poettering
02ebe178a2 units: drop [Install] section from multi-user.target and graphical.target
They were supposed to make it easy to make the default.target a symlink
to these targets, but this was never advertised and we have a better
command for this now in "systemctl set-default". Since the install
section makes the output of "systemctl list-unit-files" confusing (since
it makes the units appear as "disabled"), let's drop the sections.
2014-01-17 20:27:35 +01:00
Tom Gundersen
1346b1f038 sd-dhcp-client/networkd: add transient hostname support 2014-01-16 20:32:08 +01:00
Zbigniew Jędrzejewski-Szmek
d8160f21fd Improve messages about user mode a bit 2014-01-08 22:15:27 -05:00
Kay Sievers
8b255ecd99 pam_systemd: export DBUS_SESSION_BUS_ADDRESS 2014-01-08 18:11:37 +08:00
Kay Sievers
54142c6af1 bus-driverd: support user mode 2014-01-08 08:38:39 +08:00
Kay Sievers
7ca7b61f70 bus-proxyd: support --user bus address 2014-01-08 08:38:39 +08:00
Kay Sievers
1bc86acd10 bus-proxyd: --user -- add Accept=yes to socket 2014-01-07 06:44:55 +08:00
Kay Sievers
fccd44ec3a core: --user -- add basic.target an sort against it like --system does 2014-01-07 01:35:25 +08:00
Kay Sievers
734624951b bus-proxyd: fix socket path 2014-01-07 01:33:58 +08:00
Zbigniew Jędrzejewski-Szmek
8181565124 tmpfiles: rename --unsafe to --boot
As suggested by Kay, it is better to describe what is done,
not what might happen.
2013-12-30 13:01:27 -05:00