1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

1427 Commits

Author SHA1 Message Date
Yu Watanabe
e19b0746f1 unit: use alias name of man page 2021-06-15 12:14:26 +01:00
Lennart Poettering
e68778a3ac journald: when journald namespace instances log, they can do so safely to the main journald instance
Fixes: #18951
2021-06-09 12:30:22 +09:00
Zbigniew Jędrzejewski-Szmek
dc16846c26 units: stop automount unit when shutting down
This is currently our only .automount unit. We wouldn't want to trigger it
accidentally during shutdown, so let's stop it too.
2021-06-07 13:38:28 +02:00
Lennart Poettering
86204ae145 units: make sure importd has CAP_LINUX_IMMUTABLE flag
Since d8f9686c0f we use the chattr +i flag
for marking containers in directories as reead-only. But to do so we
need the cap for it, hence grant it.

Fixes: #19115
2021-05-22 16:02:02 +09:00
Zbigniew Jędrzejewski-Szmek
fe7f113c13 units: skip some units in the initrd
I'm working on building initramfs images directly from normal packages, and it
doesn't make sense for those units to be started. Pristine system rpms need to
behave correctly as much as possible also in the initrd, and those units are
enabled by the rpms. There usually isn't enough time for the timer to actually
fire, but starting it gives a line on the console and generally looks confusing
and sloppy. Flushing the journal means that its actually lost, since the real
/var is not available yet.

Another approach would be not enable those units, but right now they are
statically enabled, and changing that would be more work, and doesn't really
seem necessary, since the condition checks are very quick.

Checking for /etc/initrd-release is the standard condition that the initrd
units use, so let's do the same here.
2021-05-22 15:58:40 +09:00
Zbigniew Jędrzejewski-Szmek
71ae5ce544 units: generate ReadWritePaths= in the template 2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
645b2b190c meson: drop unnecessary listification 2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
fa10451686 units: strip out the developer comment in .service unit again
The comment talks about upstream development steps and doesn't make
sense for users. We used special '## ' syntax to strip it out during
build, but it got inadvertently reformatted as a normal comment
in 3982becc92.
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
059cc610b7 meson: use jinja2 for unit templates
We don't need two (and half) templating systems anymore, yay!

I'm keeping the changes minimal, to make the diff manageable. Some enhancements
due to a better templating system might be possible in the future.

For handling of '## ' — see the next commit.
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
7c22f07cbd meson: revert the change to unquote commands in add_install_script
Old meson fails with:
Element not a string: [<Holder: <ExternalProgram 'sh' -> ['/bin/sh']>>, '-c', 'test -n "$DESTDIR" || /bin/journalctl --update-catalog']

I'm doing it as a revert so that it's easy to undo the revert when we require
newer meson. The effect is not so bad, maybe a dozen or so lines about finding
'sh'.
2021-05-14 19:52:25 +02:00
Zbigniew Jędrzejewski-Szmek
0f4c4f3824 meson: call find_program() once and reuse the variable everywhere
Meson 0.58 has gotten quite bad with emitting a message every time
a quoted command is used:
Program /home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh found: YES (/home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program xsltproc found: YES (/usr/bin/xsltproc)
Configuring custom-entities.ent using configuration
Message: Skipping bootctl.1 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping journal-remote.conf.5 because HAVE_MICROHTTPD is false
Message: Skipping journal-upload.conf.5 because HAVE_MICROHTTPD is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping loader.conf.5 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
...

Let's suffer one message only for each command. Hopefully we can silence
even this when https://github.com/mesonbuild/meson/issues/8642 is
resolved.
2021-05-14 14:21:27 +02:00
Lennart Poettering
8fbb1941f1 userdbd: also listen on a varlink socket io.systemd.DropIn
Let's explicitly support looking things up via dropin as a varlink
service.
2021-05-10 14:58:39 +02:00
Luca Boccassi
d4d7127d94 Revert "sysusers/firstboot: temporarily disable LoadCredential"
This reverts commit 7c20dd4b6e.

Debian has now been updated to patch the issue, so SemaphoreCI should
no longer fail. The fix has also been backported to the affected
stable branches.
2021-05-03 12:16:35 +09:00
Alexander Sverdlin
4e947bd049 systemd-coredump: Add conflict with shutdown.target
Otherwise a coredump started at the inconvinient moment can stop
shutdown.target leaving the system in a halfway-down state:

Pulling in shutdown.target/start from systemd-poweroff.service/start
Added job shutdown.target/start to transaction.
...
Keeping job shutdown.target/start because of systemd-poweroff.service/start
...
[  OK  ] Stopped target Remote File Systems.
shutdown.target: starting held back, waiting for: systemd-networkd.socket
sysinit.target: stopping held back, waiting for: remount_tmp.service
systemd-coredump.socket: Incoming traffic
...
systemd-coredump@0-243-0.service: Trying to enqueue job systemd-coredump@0-243-0.service/start/replace
Added job systemd-coredump@0-243-0.service/start to transaction.
Pulling in systemd-journald.socket/start from systemd-coredump@0-243-0.service/start
Added job systemd-journald.socket/start to transaction.
Pulling in system.slice/start from systemd-journald.socket/start
Added job system.slice/start to transaction.
Pulling in -.slice/start from system.slice/start
Added job -.slice/start to transaction.
Pulling in system-systemd\x2dcoredump.slice/start from systemd-coredump@0-243-0.service/start
Added job system-systemd\x2dcoredump.slice/start to transaction.
Pulling in system.slice/start from system-systemd\x2dcoredump.slice/start
Pulling in shutdown.target/stop from system-systemd\x2dcoredump.slice/start
Added job shutdown.target/stop to transaction.
...
Keeping job systemd-poweroff.service/stop because of umount.target/stop
Keeping job shutdown.target/stop because of systemd-coredump@0-243-0.service/start
2021-04-29 21:45:23 +02:00
Lennart Poettering
2671fbefce units: fix repart conditions to run if definitions exist in /sysroot + /sysusr
The systemd-repart code was already smart enough to look for definitions
there, but the unit file conditions made that pointless. Let's fix that.
2021-04-21 12:23:31 +01:00
Lennart Poettering
632b551ca2 units: change order of settings to match order in other similar unit 2021-04-20 19:11:07 +02:00
Lennart Poettering
29a24ab28e fstab-generator: if usr= is specified, mount it to /sysusr/usr/ first
This changes the fstab-generator to handle mounting of /usr/ a bit
differently than before. Instead of immediately mounting the fs to
/sysroot/usr/ we'll first mount it to /sysusr/usr/ and then add a
separate bind mount that mounts it from /sysusr/usr/ to /sysroot/usr/.

This way we can access /usr independently of the root fs, without for
waiting to be mounted via the /sysusr/ hierarchy. This is useful for
invoking systemd-repart while a root fs doesn't exist yet and for
creating it, with partition data read from the /usr/ hierarchy.

This introduces a new generic target initrd-usr-fs.target that may be
used to generically order services against /sysusr/ to become available.
2021-04-20 18:26:17 +02:00
sverdlin
3181521f92
systemd-networkd.socket: Add conflict with shutdown.target (#19348)
systemd-networkd.socket can re-start systemd-networkd.service in
shutdown and by doing this even stop shutdown.target leaving the
system in halfway-down state.

Fixes #4955.
2021-04-19 11:25:33 +09:00
Anita Zhang
b5a80aa9d8 units: install dbus-org.freedesktop.oom1.service alias
Fixes: #18469
2021-04-10 13:06:04 +02:00
Zbigniew Jędrzejewski-Szmek
5c91fdf3f8 man: document system-systemd\x2dcryptsetup.slice
As discussed in
1dc85eff1d (r606821495),
follow-up for commit 1dc85eff1d.
2021-04-09 10:38:09 +02:00
Luca Boccassi
7c20dd4b6e sysusers/firstboot: temporarily disable LoadCredential
Single-param LoadCredential= in units causes systemd v247/v248 to
assert when parsing. Disable it for now, until the fix is merged
in the stable trees, released and available (eg: in Debian
for the CI)

See: https://github.com/systemd/systemd/issues/19178
2021-04-06 12:02:42 +02:00
Lennart Poettering
f9d8325e69
Merge pull request #18971 from poettering/sysusers-creds
let's read LoadCredentials=/SetCredentials= style cred in sysusers/firstboot and when asking for passwords
2021-03-31 10:35:17 +02:00
Christian Hesse
46cfe8f50d units: make locale directory writable for systemd-localed
With 8f20232fcb systemd-localed supports
generating locales when required. This fails if the locale directory is
read-only, so make it writable.

Closes #19138
2021-03-29 12:33:36 +02:00
Lennart Poettering
416f7b3a11 firstboot: allow provisioning of firstboot params via creds too 2021-03-26 12:21:18 +01:00
Lennart Poettering
361662f434 units: make sure to query console settings before we apply them 2021-03-26 12:21:11 +01:00
Lennart Poettering
99e9f896fb sysusers: read passwords from the credentials logic
Let's make use of our own credentials infrastructure in our tools: let's
hook up systemd-sysusers with the credentials logic, so that the root
password can be provisioned this way. This is really useful when working
with stateless systems, in particular nspawn's "--volatile=yes" switch,
as this works now:

 # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password:foo

For the first time we have a nice, non-interactive way to provision the
root password for a fully stateless system from the container manager.
Yay!
2021-03-26 12:20:52 +01:00
Anita Zhang
13d0b19d4e units: add Conditions for systemd-oomd.service
Prompted by https://bugzilla.redhat.com/show_bug.cgi?id=1927148 and
https://bugzilla.redhat.com/show_bug.cgi?id=1931181.

Adds condition check for cgroups v2 and PSI, which systemd-oomd cannot
start without.
2021-02-23 02:09:21 -08:00
Yu Watanabe
3f15ce66e0 unit: ignore exit code of "udevadm trigger"
Suggested at https://github.com/systemd/systemd/pull/18559#issuecomment-781626226.

Some drivers may be broken and return unexpected errors on triggering
events. That should be logged but should not boot-up to be affected.
2021-02-21 04:40:23 +09:00
Lennart Poettering
abf4e5c1d3 units: turn off DNSSEC validation when timesyncd resolves hostnames
We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.

Let's break the cycle by excluding NTP hostname resolution from
validation for now.

Of course, this leaves NTP traffic unprotected. To cover that we need
NTPSEC support, which we can add later.

Fixes: #5873 #15607
2021-02-14 22:05:18 +01:00
Zbigniew Jędrzejewski-Szmek
9ee03516df tree-wide: add spdx header on all scripts and helpers
Even though many of those scripts are very simple, it is easier to include
the header than to try to say whether each of those files is trivial enough
not to require one.
2021-01-28 09:55:35 +01:00
Lennart Poettering
8662fcbcf1 sysext: rework command line interface to be verb-based
As suggested by @yuwata:

https://github.com/systemd/systemd/pull/18181#pullrequestreview-570826113
2021-01-20 17:50:23 +01:00
Luca Boccassi
aac5fbff0b sysext: install in rootbindir, remove template from unit
This reverts commit 71ad75f306.
2021-01-20 15:25:03 +01:00
Luca Boccassi
71ad75f306 sysext: install in /usr/lib/systemd/ for now
This is a brand new binary, and the CI packaging doesn't pick it up,
causing the upstream testrun to fail (sysext is pulled in by the unit).
2021-01-19 13:41:42 +01:00
Lennart Poettering
205e5bcc1c units: add systemd-sysext.service unit for auto-activating extensions at boot
We'll leave this as opt-in (i.e. a unit that must be enabled
explicitly), since this is supposed to be a debug/developer feature
primarily, and thus no be around in regular production systems.
2021-01-19 13:41:42 +01:00
Gaël PORTAY
08b04ec7e7 veritysetup-generator: add support for veritytab
This adds the support for veritytab.

The veritytab file contains at most five fields, the first four are
mandatory, the last one is optional:
 - The first field contains the name of the resulting verity volume; its
   block device is set up /dev/mapper/</filename>.
 - The second field contains a path to the underlying block data device,
   or a specification of a block device via UUID= followed by the UUID.
 - The third field contains a path to the underlying block hash device,
   or a specification of a block device via UUID= followed by the UUID.
 - The fourth field is the roothash in hexadecimal.
 - The fifth field, if present, is a comma-delimited list of options.
   The following options are recognized only: ignore-corruption,
   restart-on-corruption, panic-on-corruption, ignore-zero-blocks,
   check-at-most-once and root-hash-signature. The others options will
   be implemented later.

Also, this adds support for the new kernel verity command line boolean
option "veritytab" which enables the read for veritytab, and the new
environment variable SYSTEMD_VERITYTAB which sets the path to the file
veritytab to read.
2021-01-15 11:06:11 -05:00
Daan De Meyer
4ad303fddd meson: Optimize add-wants targets
Instead of invoking meson-add-wants.sh once for each wants that has
to be added, we pass all wants to a single invocation of
meson-add-wants.sh and in meson-add-wants.sh, loop over the
arguments.

This saves about 300ms on the install step.

Before:

```
‣ Running build script...
[1/418] Generating version.h with a custom command
Installing /root/build/po/be.gmo to /root/dest/usr/share/locale/be/LC_MESSAGES/systemd.mo
Installing /root/build/po/be@latin.gmo to /root/dest/usr/share/locale/be@latin/LC_MESSAGES/systemd.mo
Installing /root/build/po/bg.gmo to /root/dest/usr/share/locale/bg/LC_MESSAGES/systemd.mo
Installing /root/build/po/ca.gmo to /root/dest/usr/share/locale/ca/LC_MESSAGES/systemd.mo
Installing /root/build/po/cs.gmo to /root/dest/usr/share/locale/cs/LC_MESSAGES/systemd.mo
Installing /root/build/po/da.gmo to /root/dest/usr/share/locale/da/LC_MESSAGES/systemd.mo
Installing /root/build/po/de.gmo to /root/dest/usr/share/locale/de/LC_MESSAGES/systemd.mo
Installing /root/build/po/el.gmo to /root/dest/usr/share/locale/el/LC_MESSAGES/systemd.mo
Installing /root/build/po/es.gmo to /root/dest/usr/share/locale/es/LC_MESSAGES/systemd.mo
Installing /root/build/po/fr.gmo to /root/dest/usr/share/locale/fr/LC_MESSAGES/systemd.mo
Installing /root/build/po/gl.gmo to /root/dest/usr/share/locale/gl/LC_MESSAGES/systemd.mo
Installing /root/build/po/hr.gmo to /root/dest/usr/share/locale/hr/LC_MESSAGES/systemd.mo
Installing /root/build/po/hu.gmo to /root/dest/usr/share/locale/hu/LC_MESSAGES/systemd.mo
Installing /root/build/po/id.gmo to /root/dest/usr/share/locale/id/LC_MESSAGES/systemd.mo
Installing /root/build/po/it.gmo to /root/dest/usr/share/locale/it/LC_MESSAGES/systemd.mo
Installing /root/build/po/ja.gmo to /root/dest/usr/share/locale/ja/LC_MESSAGES/systemd.mo
Installing /root/build/po/ko.gmo to /root/dest/usr/share/locale/ko/LC_MESSAGES/systemd.mo
Installing /root/build/po/lt.gmo to /root/dest/usr/share/locale/lt/LC_MESSAGES/systemd.mo
Installing /root/build/po/pl.gmo to /root/dest/usr/share/locale/pl/LC_MESSAGES/systemd.mo
Installing /root/build/po/pt_BR.gmo to /root/dest/usr/share/locale/pt_BR/LC_MESSAGES/systemd.mo
Installing /root/build/po/ro.gmo to /root/dest/usr/share/locale/ro/LC_MESSAGES/systemd.mo
Installing /root/build/po/ru.gmo to /root/dest/usr/share/locale/ru/LC_MESSAGES/systemd.mo
Installing /root/build/po/sk.gmo to /root/dest/usr/share/locale/sk/LC_MESSAGES/systemd.mo
Installing /root/build/po/sr.gmo to /root/dest/usr/share/locale/sr/LC_MESSAGES/systemd.mo
Installing /root/build/po/sv.gmo to /root/dest/usr/share/locale/sv/LC_MESSAGES/systemd.mo
Installing /root/build/po/tr.gmo to /root/dest/usr/share/locale/tr/LC_MESSAGES/systemd.mo
Installing /root/build/po/uk.gmo to /root/dest/usr/share/locale/uk/LC_MESSAGES/systemd.mo
Installing /root/build/po/zh_CN.gmo to /root/dest/usr/share/locale/zh_CN/LC_MESSAGES/systemd.mo
Installing /root/build/po/zh_TW.gmo to /root/dest/usr/share/locale/zh_TW/LC_MESSAGES/systemd.mo
Installing /root/build/po/pa.gmo to /root/dest/usr/share/locale/pa/LC_MESSAGES/systemd.mo

real    0m1.465s
user    0m1.025s
sys     0m0.426s
```

After:

```
‣ Running build script...
[1/418] Generating version.h with a custom command
Installing /root/build/po/be.gmo to /root/dest/usr/share/locale/be/LC_MESSAGES/systemd.mo
Installing /root/build/po/be@latin.gmo to /root/dest/usr/share/locale/be@latin/LC_MESSAGES/systemd.mo
Installing /root/build/po/bg.gmo to /root/dest/usr/share/locale/bg/LC_MESSAGES/systemd.mo
Installing /root/build/po/ca.gmo to /root/dest/usr/share/locale/ca/LC_MESSAGES/systemd.mo
Installing /root/build/po/cs.gmo to /root/dest/usr/share/locale/cs/LC_MESSAGES/systemd.mo
Installing /root/build/po/da.gmo to /root/dest/usr/share/locale/da/LC_MESSAGES/systemd.mo
Installing /root/build/po/de.gmo to /root/dest/usr/share/locale/de/LC_MESSAGES/systemd.mo
Installing /root/build/po/el.gmo to /root/dest/usr/share/locale/el/LC_MESSAGES/systemd.mo
Installing /root/build/po/es.gmo to /root/dest/usr/share/locale/es/LC_MESSAGES/systemd.mo
Installing /root/build/po/fr.gmo to /root/dest/usr/share/locale/fr/LC_MESSAGES/systemd.mo
Installing /root/build/po/gl.gmo to /root/dest/usr/share/locale/gl/LC_MESSAGES/systemd.mo
Installing /root/build/po/hr.gmo to /root/dest/usr/share/locale/hr/LC_MESSAGES/systemd.mo
Installing /root/build/po/hu.gmo to /root/dest/usr/share/locale/hu/LC_MESSAGES/systemd.mo
Installing /root/build/po/id.gmo to /root/dest/usr/share/locale/id/LC_MESSAGES/systemd.mo
Installing /root/build/po/it.gmo to /root/dest/usr/share/locale/it/LC_MESSAGES/systemd.mo
Installing /root/build/po/ja.gmo to /root/dest/usr/share/locale/ja/LC_MESSAGES/systemd.mo
Installing /root/build/po/ko.gmo to /root/dest/usr/share/locale/ko/LC_MESSAGES/systemd.mo
Installing /root/build/po/lt.gmo to /root/dest/usr/share/locale/lt/LC_MESSAGES/systemd.mo
Installing /root/build/po/pl.gmo to /root/dest/usr/share/locale/pl/LC_MESSAGES/systemd.mo
Installing /root/build/po/pt_BR.gmo to /root/dest/usr/share/locale/pt_BR/LC_MESSAGES/systemd.mo
Installing /root/build/po/ro.gmo to /root/dest/usr/share/locale/ro/LC_MESSAGES/systemd.mo
Installing /root/build/po/ru.gmo to /root/dest/usr/share/locale/ru/LC_MESSAGES/systemd.mo
Installing /root/build/po/sk.gmo to /root/dest/usr/share/locale/sk/LC_MESSAGES/systemd.mo
Installing /root/build/po/sr.gmo to /root/dest/usr/share/locale/sr/LC_MESSAGES/systemd.mo
Installing /root/build/po/sv.gmo to /root/dest/usr/share/locale/sv/LC_MESSAGES/systemd.mo
Installing /root/build/po/tr.gmo to /root/dest/usr/share/locale/tr/LC_MESSAGES/systemd.mo
Installing /root/build/po/uk.gmo to /root/dest/usr/share/locale/uk/LC_MESSAGES/systemd.mo
Installing /root/build/po/zh_CN.gmo to /root/dest/usr/share/locale/zh_CN/LC_MESSAGES/systemd.mo
Installing /root/build/po/zh_TW.gmo to /root/dest/usr/share/locale/zh_TW/LC_MESSAGES/systemd.mo
Installing /root/build/po/pa.gmo to /root/dest/usr/share/locale/pa/LC_MESSAGES/systemd.mo

real    0m1.162s
user    0m0.803s
sys     0m0.338s
```
2021-01-09 22:52:55 +01:00
Lennart Poettering
d2004ee568 units: don't pull in time-sync.target from systemd-timesyncd.service
systemd-timesyncd.service only applies the much weaker monotonic clock
from file logic, i.e should pull in and order itself before
time-set.target. The strong time-sync.target unit is pulled in by
systemd-time-wait-sync.service.
2020-12-17 20:19:44 +01:00
Zbigniew Jędrzejewski-Szmek
60e4fb4240 hostnamed,shared/hostname-setup: expose the origin of the current hostname
In hostnamed this is exposed as a dbus property, and in the logs in both
places.

This is of interest to network management software and such: if the fallback
hostname is used, it's not as useful as the real configured thing. Right now
various programs try to guess the source of hostname by looking at the string.
E.g. "localhost" is assumed to be not the real hostname, but "fedora" is. Any
such attempts are bound to fail, because we cannot distinguish "fedora" (a
fallback value set by a distro), from "fedora" (received from reverse dns),
from "fedora" read from /etc/hostname.

/run/systemd/fallback-hostname is written with the fallback hostname when
either pid1 or hostnamed sets the kernel hostname to the fallback value. Why
remember the fallback value and not the transient hostname in /run/hostname
instead?
We have three hostname types: "static", "transient", fallback".
– Distinguishing "static" is easy: the hostname that is set matches what
  is in /etc/hostname.
– Distingiushing "transient" and "fallback" is not easy. And the
  "transient" hostname may be set outside of pid1+hostnamed. In particular,
  it may be set by container manager, some non-systemd tool in the initramfs,
  or even by a direct call. All those mechanisms count as "transient". Trying
  to get those cases to write /run/hostname is futile. It is much easier to
  isolate the "fallback" case which is mostly under our control.
And since the file is only used as a flag to mark the hostname as fallback,
it can be hidden inside of our /run/systemd directory.

For https://bugzilla.redhat.com/show_bug.cgi?id=1892235.
2020-12-16 11:03:36 +01:00
Yu Watanabe
9e36b885b8 unit: make systemd-networkd.service support reload command 2020-12-09 12:55:51 +09:00
Daan De Meyer
09422f9a28 meson: Respect MESON_INSTALL_QUIET
MESON_INSTALL_QUIET is set when --quiet is passed to meson install.
Make sure we check the variable in our custom install scripts and
don't output anything if it is set.
2020-12-06 22:11:11 +00:00
Lennart Poettering
cb42e63179 units: typo fix /proc/<pid>/exec → /proc/<pid>/exe
Fix a pretty relevant typo introduced in
c7faa23235.
2020-11-25 11:23:38 +01:00
Franck Bui
c7faa23235 units: document why CAP_SYS_PTRACE is needed by journald 2020-11-25 09:54:28 +01:00
Yu Watanabe
6671ff5bad unit: update comment about OOM score
Follow-up for 6b2229c6c6.
2020-11-23 22:21:40 +01:00
Franck Bui
07ccf434e7 units: restore sysfs conditions in sys-fs-fuse-connections.mount and sys-kernel-config.mount
Commit 42cc2855ba incorrectly removed the condition on sysfs in both
sys-fs-fuse-connections.mount and sys-kernel-config.mount. However there are
still needed in case modprobe of one of these modules is intentionally skipped
(due to lack of privs for example).

This patch restores the 2 conditions which should be safe for the common case,
since all conditions are only checked after all deps ordered before are
complete.

Follow-up for 42cc2855ba.
2020-11-21 01:10:17 +09:00
Franck Bui
42cc2855ba units: wait until some fs modules are entirely loaded before mounting their corresponding filesystem
udev requests to start the fs mount units when their respective module is
loaded. For that it monitors uevents of type "ADD" for the relevant fs modules.

However the uevent is sent by the kernel too early, ie before the init() of the
module is called hence before directories in /sys/fs/ are created.

This patch workarounds adds "Requires/After=modprobe@<fs-module>.service" to
the mount unit, which means that modprobe(8) will be called once the fs module
is announced to be loaded. This sounds pointless, but given that modprobe only
returns after the initialization of the module is complete, it should
workaround the issue.

As a side effect, the module will be automatically loaded if the mount unit is
started manually.

Fixes #17586.
2020-11-19 11:50:52 +01:00
Franck Bui
b3e32582f6 Revert "units: skip modprobe@.service if the unit appears to be already loaded"
This reverts commit 9cbf1e58f9.

The presence of /sys/module/%I directory can't be used to assert that the load
of a given module is complete and therefore the call to modprobe(8) can be
skipped. Indeed this directory is created before the init() function of the
module is called.

Users of modprobe@.service needs to be sure that once this service returns the
module is fully operational.
2020-11-19 09:49:42 +01:00
Jörg Thalheim
d7aa78c32f meson: add option to skip installing to $sysconfdir
This is useful for development where overwriting files out side
the configured prefix will affect the host as well as stateless
systems such as NixOS that don't let packages install to /etc but handle
configuration on their own.

Alternative to https://github.com/systemd/systemd/pull/17501

tested with:

$ mkdir inst build && cd build
$ meson \
  -Dcreate-log-dirs=false \
  -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \
  -Dsysvinit-path=$(realpath ../inst)/etc/init.d \
  -Drootprefix=$(realpath ../inst) \
  -Dinstall-sysconfdir=false \
  --prefix=$(realpath ../inst) ..
$ ninja install
2020-11-12 11:21:46 +01:00
Yu Watanabe
faa73d4e0c license: LGPL-2.1+ -> LGPL-2.1-or-later
Follow-up for db9ecf0501.
2020-11-12 10:50:23 +01:00
Lennart Poettering
23dce98e89
Merge pull request #16603 from benzea/benzea/special-app-slice
Use app.slice by default in user manager (and define special user slices)
2020-11-11 14:11:02 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
32c3a623ce
Merge pull request #17467 from keszybz/unconditionally-pull-in-cryptsetup-remote
Unconditionally pull in cryptsetup-remote.target in the initramfs
2020-10-28 18:00:04 +01:00
Lennart Poettering
02229dff2b units: turn on timestamping for journald sockets
To make things simple and robust when debugging journald, we'll leave
the SO_TIMESTAMP invocations in the C code in place, even if they are
now typically redundant, given that the sockets are already passed into
the process with SO_TIMESTAMP turned on now.
2020-10-27 14:13:03 +01:00
Jonathan Lebon
e921ebb57e units: unconditionally pull in remote-cryptsetup.target in the initramfs
[zjs: Replaces #17149.

I took half of the patch in
https://github.com/systemd/systemd/pull/17149#issuecomment-698399194,
hence I'm keeping Jonathan's authorship.

The original reasoning for 6c5496c492 was that we
enable remote-cryptsetup.target via presets, and since presets are not used for
the initrd, we need a different target. But since parts of the unit and target
tree are shared between the initramfs and the main system, we can't just create
a separate target for the initramfs. All the targets that depend on this one
would need to be split also. That condition is true for initrd-fs.target, but
not for sysinit.target.

So let's instead just uncoditionally pull in remote-cryptsetup.target in the
initramfs. It should normally be empty, so there should be no impact on boots
that don't have units in the target.

Jonathan's patch used initrd-root-fs.target, this version instead uses
initrd-root-device.target. initrd-root-device.target is ordered before
sysroot.mount, which means that the decrypted devices will be available earlier
too.]
2020-10-27 13:49:01 +01:00
Zbigniew Jędrzejewski-Szmek
6bdcb72086 Revert "units: add initrd-cryptsetup.target"
This reverts commit 6c5496c492.

sysinit.target is shared between the initrd and the host system. Pulling in
initrd-cryptsetup.target into sysinit.target causes the following warning at
boot:
Oct 27 10:42:30 workstation-uefi systemd[1]: initrd-cryptsetup.target: Starting requested but asserts failed.
Oct 27 10:42:30 workstation-uefi systemd[1]: Assertion failed for initrd-cryptsetup.target.
2020-10-27 13:36:22 +01:00
Zbigniew Jędrzejewski-Szmek
d5816b6138 meson: simplify with_runlevels ternany op usage 2020-10-27 13:36:22 +01:00
Benjamin Berg
1c2fd33d84 units: Move user tmpfiles clean service into background.slice 2020-10-23 10:32:02 +02:00
Benjamin Berg
a3081a7a89 units: Add special Desktop Environment user related units
This adds app.slice, session.slice and background.slice.
2020-10-23 09:58:41 +02:00
Jonathan Lebon
6c5496c492 units: add initrd-cryptsetup.target
For encrypted block devices that we need to unlock from the initramfs,
we currently rely on dracut shipping `cryptsetup.target`. This works,
but doesn't cover the case where the encrypted block device requires
networking (i.e. the `remote-cryptsetup.target` version). That target
however is traditionally dynamically enabled.

Instead, let's rework things here by adding a `initrd-cryptsetup.target`
specifically for initramfs encrypted block device setup. This plays the
role of both `cryptsetup.target` and `remote-cryptsetup.target` in the
initramfs.

Then, adapt `systemd-cryptsetup-generator` to hook all generated
services to this new unit when running from the initrd. This is
analogous to `systemd-fstab-generator` hooking all mounts to
`initrd-fs.target`, regardless of whether they're network-backed or not.
2020-10-21 22:08:19 +02:00
Yu Watanabe
0ce8a9d6e5
Merge pull request #16939 from Rahix/robust-first-boot-machine-id
Make ConditionFirstBoot safe against power failures
2020-10-20 14:01:41 +09:00
Yu Watanabe
4b28e50f9e
Merge pull request #17390 from keszybz/logind-notifications-and-links
Fix sd_notify() usage in various daemons and update some documentation links
2020-10-20 13:44:52 +09:00
Harald Seiler
3af54f9bbe units: order systemd-random-seed.service before first-boot-complete.target
Ensure that systemd-random-seed.service has completed before marking
a first boot as completed to guarantee that a saved seed will only be
used after it has been initialized at least once.
2020-10-19 16:28:22 +02:00
Harald Seiler
a1e3787148 units: order systemd-firstboot.service before first-boot-complete.target
Make sure systemd-firstboot completes before reaching first-boot-complete.target
and thus marking the first boot as completed.  This way, it is
guaranteed that systemd-firstboot has a chance to complete provisioning
at least once, even in cases of the first boot getting aborted early.
2020-10-19 16:28:22 +02:00
Harald Seiler
f4466bdbf9 units: add first-boot-complete.target for first boot ordering
Add a new target for synchronizing units that wish to run once during
the first boot of the system.  The machine-id will be committed to disk
only after the target has been reached, thus ensuring that all units
ordered before it had a chance to complete.
2020-10-19 16:28:22 +02:00
Zbigniew Jędrzejewski-Szmek
515736d0f3 tree-wide: update web link to logind description
https://www.freedesktop.org/wiki/Software/systemd/multiseat/ says that it
is obsoleted by sd-login(3), so it doesn't make much sense to link to the former.
2020-10-19 15:23:37 +02:00
Anita Zhang
32ae9b1400 units: drop ConditionCapability from systemd-oomd.service
Another suggestion from #15206
2020-10-19 02:46:07 -07:00
Zbigniew Jędrzejewski-Szmek
69c0807432
Merge pull request #15206 from anitazha/systoomd-v0
systemd-oomd
2020-10-15 14:16:52 +02:00
Bjørn Mork
7fe7547ba3 units: update serial-getty@.service to support 57600 baud rate
Fixes: #17306
2020-10-13 21:00:11 +02:00
Anita Zhang
87e2bafff9 systemd-oomd: service files 2020-10-07 17:12:24 -07:00
Lennart Poettering
d1f6e01e47 homed: explicitly deactivate all home directories on shutdown
Let's explicitly deactivate all home dirs on shutdown, in order to
properly synchronizing unmounting and avoiding blocking devices.

Previously, we'd rely on automatic deactivation when home directories
become unused. However, that scheme is asynchronous, and ongoing
deactviations might conflicts with attempts to unmount /home. Let's fix
that by providing an explicit service systemd-homed-activate.service
whose only job is to have a ExecStop= line that explicitly deactivates
all home directories on shutdown. This service can the be ordered after
home.mount and similar, ensuring that we'll first deactivate all homes
before deactivating /home itself during shutdown.

This is kept separate from systemd-homed.service so that it is possible
to restart systemd-homed.service without deactivating all home
directories.

Fixes: #16842
2020-09-30 14:37:52 +02:00
Zbigniew Jędrzejewski-Szmek
21006e0e3e man,units: link to the new dbus-api man pages 2020-09-30 10:30:03 +02:00
Lennart Poettering
c9ef77ec5f units: pass CAP_SYS_RESOURCE to homed
The ext4 fs resize ioctl needs CAP_SYS_RESOURCE, irritatingly. Let's
grant it to homed hence.

Fixes: #15115
2020-09-18 22:35:36 +02:00
Zbigniew Jędrzejewski-Szmek
452d2dfd52 meson: RC_LOCAL_SCRIPT_PATH_START to RC_LOCAL_PATH
RC_LOCAL_SCRIPT_PATH_START and RC_LOCAL_SCRIPT_PATH_STOP were was originally
added in the conversion to meson based on the autotools name. In
4450894653 RC_LOCAL_SCRIPT_PATH_STOP was dropped.
We don't need to use such a long name.
2020-09-15 17:44:26 +02:00
Lennart Poettering
e67b818c2f unit: declare BusName= in all our units that are on the bus, event if they don't use Type=dbus
This information is always useful, so let's always declare it,
particular in the light of #16976.
2020-09-11 16:01:22 +02:00
Michael Biebl
9654645b62
Merge pull request #16850 from mbiebl/networkd-socket-activation
networkd: use socket activation when starting networkd
2020-08-29 16:12:46 +02:00
Kyle Russell
dd05042039 units: add missing usb-gadget.target 2020-08-28 18:57:58 +02:00
Michael Biebl
2c0dffe82d networkd: use socket activation when starting networkd
Add After=systemd-networkd.socket to avoid a race condition and networkd
falling back to the non-socket activation code.

Also add Wants=systemd-networkd.socket, so the socket is started when
networkd is started via `systemctl start systemd-networkd.service`.
A Requires is not strictly necessary, as networkd still ships the
non-socket activation code. Should this code be removed one day, the
Wants should be bumped to Requires accordingly.

See also 5544ee8516.

Fixes: #16809
2020-08-26 16:54:45 +02:00
Lennart Poettering
24da96a1bd units: turn on ProtectProc= wherever suitable 2020-08-24 20:11:14 +02:00
Lennart Poettering
7e31e90e58 units: order volatile-root after repart
Let's make sure systemd-repart can still see the real device before we
replace its mount with an overlay mount, and thus order repart before
volatile-root.

See: https://lists.freedesktop.org/archives/systemd-devel/2020-July/044896.html
2020-08-11 09:12:56 +02:00
Lennart Poettering
bbac7da2b3 units: order systemd-user-sessions.service after home.mount
This should make /home as automount work reasonably well.

If /home is an automount this has little effect at boot, because if the
automount is not triggered it doesn't matter how the associated mount is
ordered.

It does matter at shutdown however, where home.mount is likely active
now. There the ordering means we'll end sessions first, and only then
deactivate home.mount.

Fixes: #16291
2020-08-07 10:02:05 +02:00
Lennart Poettering
b89f5f7b03 units: downgrade Requires= to Wants=
Combining Requires= with Before= doesn't really make sense, since this
means we are requiring something that runs after us, which logically
cannot be fulfilled.

Let's hence downgrade Requires= to Wants= so that the ordering is kept
but no failure propagation implied.
2020-07-29 16:32:45 +02:00
Lennart Poettering
78490efca3 units: upgrade initrd check Conditions to Asserts
It's a bug if an initrd unit is run on the host. Hence let's upgrade the
conditions to asserts.
2020-07-29 16:32:03 +02:00
Zbigniew Jędrzejewski-Szmek
362a55fc14 Bump /tmp size back to 50% of RAM
This should be enough to fix https://bugzilla.redhat.com/show_bug.cgi?id=1856514.
But the limit should be significantly higher than 10% anyway. By setting a
limit on /tmp at 10% we'll break many reasonable use cases, even though the
machine would deal fine with a much larger fraction devoted to /tmp.
(In the first version of this patch I made it 25% with the comment that
"Even 25% might be too low.". The kernel default is 50%, and we have been using
that seemingly without trouble since https://fedoraproject.org/wiki/Features/tmp-on-tmpfs.
So let's just make it 50% again.)

See 7d85383edb.

(Another consideration is that we learned from from the whole initiative with
zram in Fedora that a reasonable size for zram is 0.5-1.5 of RAM, and that pretty
much all systems benefit from having zram or zswap enabled. Thus it is reasonable
to assume that it'll become widely used. Taking the usual compression effectiveness
of 0.2 into account, machines have effective memory available of between
1.0 - 0.2*0.5 + 0.5 = 1.4 (for zram sized to 0.5 of RAM) and
1.0 - 0.2*1.5 + 1.5 = 2.2 (for zram 1.5 sized to 1.5 of RAM) times RAM size.
This means that the 10% was really like 7-4% of effective memory.)

A comment is added to mount-util.h to clarify that tmp.mount is separate.
2020-07-29 11:07:04 +02:00
Zbigniew Jędrzejewski-Szmek
74c8e3c4e0 Revert "units: drop OnFailure= from .target units"
This reverts commit c7220ca802.

The removal was done as a reaction to the messages from systemd:
initrd-root-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
initrd.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
initrd-root-device.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
initrd-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
local-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
...
But it seems that the messages themselves are wrong, and the units were OK.
2020-07-22 17:58:12 +02:00
Norbert Lange
55678b9eae build: skip installation of 2 files if feature is disabled
dont install systemd-update-utmp if utmp is disabled.
dont install systemd-initctl.service if sysv is disabled.
2020-07-18 13:50:39 +09:00
Lennart Poettering
048b4dc2e1 units: tweak udev unit descriptions 2020-06-08 16:53:37 +02:00
Zbigniew Jędrzejewski-Szmek
41a7c3bf5d units: uppercase the description
https://github.com/systemd/systemd/pull/15982#pullrequestreview-422536495
2020-06-02 14:14:20 +02:00
Zbigniew Jędrzejewski-Szmek
d1109e12c0 udevd: update snippet string
Repeating the unit name in the description is not useful, and "manages devices"
is too cryptic.
2020-05-30 17:15:20 +02:00
Yu Watanabe
27cd09442f
Merge pull request #15942 from poettering/pass-pktinfo
disable PassCredentials= on networkd netlink socket, enable NETLINK_PKTINFO instead
2020-05-29 15:23:15 +09:00
Lennart Poettering
871dc8d644 homed: enable userdb too if homed is requested
Strictly speaking you can run homed without userdb. But it doesn't
really make much sense: they go hand in hand and implement the same
concepts, just for different sets of users. Let's hence disable both
automatically by default if homed is requested.

(We don't do the reverse: opting into userdbd shouldn't mean that you
are OK with homed.)

And of course, users can always deviate from our defaults easily, and
turn off userbd again right-away if they don't like it, and things will
generally work.
2020-05-28 23:38:29 +02:00
Lennart Poettering
43007b302e networkd: clean up NETLINK_PKTINFO vs. SO_PASSCRED confusion
We actually care for NETLINK_PKTINFO, not for SO_PASSCRED, hence when
allocating the netlink socket, configure things accordingly.

Tracked down by Benjamin Robin, see:

https://github.com/systemd/systemd/pull/15571#issuecomment-633213747
2020-05-27 22:40:56 +02:00
Lennart Poettering
6bce17455e
Merge pull request #15226 from benzea/benzea/xdg-autostart-generator
xdg-autostart-generator: a generator for XDG autostart files
2020-05-27 18:41:01 +02:00
Benjamin Berg
8feca2472c xdg-autostart-generator: Add a generator for XDG autostart files
This generator can be used by desktop environments to launch autostart
applications and services. The feature is an opt-in, triggered by
xdg-desktop-autostart.target being activated.

Also included is the new binary xdg-autostart-condition. This binary is
used as an ExecCondition to test the OnlyShowIn and NotShowIn XDG
desktop file keys. These need to be evaluated against the
XDG_CURRENT_DESKTOP environment variable which may not be known at
generation time.

Co-authored-by: Henri Chain <henri.chain@enioka.com>
2020-05-27 09:02:10 +02:00
Lennart Poettering
021acbc188 units: remove KillMode=process in our regular gettys
In our regular gettys the actual shell commands live the the session
scope anyway (as long as logind is used). Hence, let's avoid
KillMode=process, it serves no purpose and is simply unsafe since it
disables systemd's own process lifecycle management.
2020-05-26 23:52:09 +02:00
Lennart Poettering
48432791ac units: don't set PrivateNetwork= in systemd-homed.service
We want to watch USB sticks being plugged in, and that requires
AF_NETLINK to work correctly and get the host's events. But if we live
in a network namespace AF_NETLINK is disconnected too and we'll not get
the host udev events.

Fixes: #15287
2020-05-26 23:37:44 +02:00
Lennart Poettering
7257f717c1
Merge pull request #15920 from keszybz/userwork-proc-title
Avoid log noise when setting proc titles and some doc updates
2020-05-26 18:29:06 +02:00
Norbert Lange
6589a56972 dont install systemd-initctl, runlevel, telinit if no SYSV compat
systemd-initctl executable is still built.
2020-05-26 15:04:36 +02:00
Zbigniew Jędrzejewski-Szmek
201632e314 tree-wide: s/time-out/timeout/g
See 3f9a0a522f for justification.
2020-05-26 10:28:59 +02:00
Norbert Lange
cdf7ad38b6 allow removal of initrd services 2020-05-19 10:19:18 +02:00
Topi Miettinen
7d85383edb tree-wide: add size limits for tmpfs mounts
Limit size of various tmpfs mounts to 10% of RAM, except volatile root and /var
to 25%. Another exception is made for /dev (also /devs for PrivateDevices) and
/sys/fs/cgroup since no (or very few) regular files are expected to be used.

In addition, since directories, symbolic links, device specials and xattrs are
not counted towards the size= limit, number of inodes is also limited
correspondingly: 4MB size translates to 1k of inodes (assuming 4k each), 10% of
RAM (using 16GB of RAM as baseline) translates to 400k and 25% to 1M inodes.

Because nr_inodes option can't use ratios like size option, there's an
unfortunate side effect that with small memory systems the limit may be on the
too large side. Also, on an extremely small device with only 256MB of RAM, 10%
of RAM for /run may not be enough for re-exec of PID1 because 16MB of free
space is required.
2020-05-13 00:37:18 +02:00
Zbigniew Jędrzejewski-Szmek
cd7e1e1a7f units: change description of systemd-logind.service
"Login Service" doesn''t explain much, esp. considering that logind is actually is
for logins. I think "User Login Management" is better, but not that great either.
Suggestions welcome.
2020-05-05 22:34:17 +02:00
Lennart Poettering
846acb6798 binfmt: also unregister binfmt entries from unit
We unregister binfmt_misc twice during shutdown with this change:

1. A previous commit added support for doing that in the final shutdown
   phase, i.e. when we do the aggressive umount loop. This is the robust
   thing to do, in case the earlier ("clean") shutdown phase didn't work
   for some reason.

2. This commit adds support for doing that when systemd-binfmt.service
   is stopped. This is a good idea so that people can order mounts
   before the service if they want to register binaries from such
   mounts, as in that case we'll undo the registration on shutdown
   again, before unmounting those mounts.

And all that, just because of that weird "F" flag the kernel introduced
that can pin files...

Fixes: #14981
2020-04-23 17:14:45 +02:00
Lennart Poettering
e46736fbb6 units: use correct path to refer to plymouth
This doesn't really matter, since in non-/usr-merged systems plymouth
needs to be in /bin and on merged ones it doesn't matter, but it is
still prettier to insert the right path, and avoid /bin on merged
systems, since it's just a compat symlink.

Replaces: #15351
2020-04-16 16:33:01 +02:00
Lennart Poettering
b0c1a07654 units: make sure systemd-pstore stops at shutdown
This doesn't matter too much given that the service doesn't do anything
on shutdown, but let's still stop it to make things cleaner.
2020-04-08 16:29:58 +02:00
Lennart Poettering
e0f968ad96 units: drop systemd-remount-fs.service dependency from more services
All services using StateDirectory= don't need the explicit dep anymore,
let's hence drop it everywhere.
2020-04-08 16:29:41 +02:00
Lennart Poettering
0c978faa16 units: drop dependency on systemd-remount-fs.service from systemd-pstore.service
This dependency is now generated automatically given we use
StateDirectory=. Moreover the combination of Wants= and After= was too
strong anway, as whether remount-fs is pulled in or not should not be up
to systemd-pstore.service, and in fact is part of the initial
transaction anyway.
2020-04-08 16:29:40 +02:00
Lennart Poettering
167241912f units: pull in systemd-pstore.service from sysinit.target
sysinit.target is the target our early boot services are generally
pulled in from, make systemd-pstore.service not an exception of that.

Effectively this doesn't mean much, either way our unit is part of the
initial transaction.
2020-04-08 16:29:24 +02:00
Topi Miettinen
cabc1c6d7a units: add ProtectClock=yes
Add `ProtectClock=yes` to systemd units. Since it implies certain
`DeviceAllow=` rules, make sure that the units have `DeviceAllow=` rules so
they are still able to access other devices. Exclude timesyncd and timedated.
2020-04-07 15:37:14 +02:00
Lennart Poettering
fdfe909123 units: run systemd-repart only if there's configuration for it 2020-04-02 17:07:48 +02:00
Lennart Poettering
aade0c3b6e Revert "units: make systemd-repart.service installable"
This reverts commit 7e1ed1f3b2.

systemd-repart is not a user service that should be something people
enable/disable, instead it should just work if there's configuration for
it. It's like systemd-tmpfiles, systemd-sysusers, systemd-load-modules,
systemd-binfmt, systemd-systemd-sysctl which are NOPs if they have no
configuration, and thus don't hurt, but cannot be disabled since they
are too deep part of the OS.

This doesn't mean people couldn't disable the service if they really
want to, there's after all "systemctl mask" and build-time disabling,
but those are OS developer facing instead of admin facing, that's how it
should be.

Note that systemd-repart is in particular an initrd service, and so far
enable/disable state of those is not managed anyway via "systemctl
enable/disable" but more what dracut decides to package up and what not.
2020-04-02 17:04:59 +02:00
Zbigniew Jędrzejewski-Szmek
4e561c6200
Merge pull request #15109 from keszybz/units-make-installable
Make homed/userdbd/repart services installable (to allow uninstalling)
2020-04-02 10:21:29 +02:00
Lennart Poettering
286fe8ee21 units: do not pull in home.mount from systemd-homed.service
/home is posibly a remote file system. it makes sense to order homed
after it, so that we can properly enumerate users in it, but we probably
shouldn't pull it in ourselves, and leave that to users to configure
otherwise.

Fixes: #15102
2020-03-31 15:22:48 +02:00
Zbigniew Jędrzejewski-Szmek
ead7af3093 units: make systemd-userdbd.{socket,service} installable
It's lightweight and generally useful, so it should be enabled by default. But
users might want to disable it for whatever reason, and things should be fine
without it, so let's make it installable so it can be disabled if wanted.

Fixes #15175.
2020-03-31 14:55:16 +02:00
Zbigniew Jędrzejewski-Szmek
5ef9eda17f units: make systemd-homed.service installable
Fixes #15083. Users might want to disable homed if not used to save resources.
2020-03-31 14:55:14 +02:00
Zbigniew Jędrzejewski-Szmek
7e1ed1f3b2 units: make systemd-repart.service installable
This essentially adds another layer of configurability:
build disable, this, presence of configuration. The default is
set to enabled, because the service does nothing w/o config.
2020-03-31 14:51:04 +02:00
Franck Bui
e730db6c90 systemd-network-generator.service: network-pre.target is a passive target unit 2020-03-27 18:30:57 +01:00
Balint Reczey
cdc6c95737 units: Don't mount tracefs in LXC
Mounting tracefs fails in unprivileged LXC containers and latest LXD
(3.23) bind mounts tracefs already.

Fixes https://github.com/lxc/lxd/issues/7059
2020-03-23 08:34:48 +01:00
Zbigniew Jędrzejewski-Szmek
b5947b5b10 homed: replace "home directory" with "home area" in a few places 2020-03-11 13:43:19 +01:00
Yu Watanabe
5197b41fac
Merge pull request #15022 from keszybz/make-units-remain-after-exit
Make units remain after exit
2020-03-06 21:14:36 +09:00
Zbigniew Jędrzejewski-Szmek
9cbf1e58f9 units: skip modprobe@.service if the unit appears to be already loaded
Possible alternative to #14819.

For me, setting RemainAfterExit=yes would be OK, but if people think that it
might cause issues, then this could be a reasonable alternative that still
let's us skip the invocation of the separate binary.
2020-03-05 18:43:50 +00:00
Zbigniew Jędrzejewski-Szmek
d48eea583f units: make systemd-network-generator.service stay around
Once done, its done, and shouldn't be run again.
2020-03-05 15:15:08 +01:00
Yu Watanabe
c1817e2528
Merge pull request #15023 from keszybz/network-generator-man
Man page for systemd-network-generator
2020-03-05 20:54:32 +09:00
Zbigniew Jędrzejewski-Szmek
4a29c185b7 man: add systemd-network-generator.service(8)
It's a bit bare-bones, but it should be enough to point the reader in the right
direction.
2020-03-05 08:20:06 +01:00
Zbigniew Jędrzejewski-Szmek
9fd32ff7d3 units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
This reverts the second part of 8125e8d38e.
The first part was reverted in 750e550eba.
The problem starts when s-v-s.s is pulled in by something that is then pulled
in by sysinit.target. Every time a unit is started, systemd recursively checks
all dependencies, and since sysinit.target is pull in by almost anything, we'll
start s-v-s.s over and over. In particular, plymouth-start.service currently
has Wants=s-v-s.s and After=s-v-s.s.
2020-03-05 08:13:49 +01:00
Zbigniew Jędrzejewski-Szmek
a3558e7952 units: do not ignore return value from systemd --user
This minus has been there since the unit was added in
d42d27ead9. I think the idea was not cause things
to fail if the user instance doesn't work. But ignoring the return value
doesn't seem to be the right way to approach the problem. In particular, if
the program fails to run, we'll get a bogus fail state, see
https://bugzilla.redhat.com/show_bug.cgi?id=1727895#c1:

with the minus:
$ systemctl start user@1002
Job for user@1002.service failed because the service did not take the steps required by its unit configuration.
See "systemctl status user@1002.service" and "journalctl -xe" for details.

without the minus:
$ systemctl start user@1002
Job for user@1002.service failed because the control process exited with error code.
See "systemctl status user@1002.service" and "journalctl -xe" for details.
2020-03-05 04:49:37 +09:00
Kevin P. Fleming
3b355677b8 RequireMountsFor in systemd-nspawn should wait for machine mount
This patch modifies the RequireMountsFor setting in systemd-nspawn@.service to wait for the machine instance directory to be mounted, not just /var/lib/machines.

Closes #14931
2020-03-02 19:37:51 +09:00
Guillaume Douézan-Grard
f4665664c4 units: disable ProtectKernelLogs for machined
machined needs access to the host mount namespace to propagate bind
mounts created with the "machinectl bind" command. However, the
"ProtectKernelLogs" directive relies on mount namespaces to make the
kernel ring buffer inaccessible. This commit removes the
"ProtectKernelLogs=yes" directive from machined service file introduced
in 6168ae5.

Closes #14559.
2020-03-02 14:49:14 +09:00
Balint Reczey
287f506c32 pstore: Don't start systemd-pstore.service in containers
Usually it is not useful and can also fail making
boot-and-services autopkgtest fail.
2020-02-27 14:26:34 +01:00
Norbert Lange
aaaf42cb44 units: add mount for tracefs
Kernel 4.1 separated the tracing system from the debugfs,
actual documentation already points to a different path
that needs this new mount to exist.

the old sysfs path will still be an automount in the debugfs,
created by the kernel (for now).

Signed-off-by: Norbert Lange <nolange79@gmail.com>
2020-02-26 23:40:44 +01:00
Zbigniew Jędrzejewski-Szmek
c7220ca802 units: drop OnFailure= from .target units
See c80a9a33d0, target units can't fail.
I guess we need to figure out some replacement functionality, but at least
let's avoid the warning from systemd for now.
2020-02-05 18:34:30 +01:00
Zbigniew Jędrzejewski-Szmek
dc9fd22d3d Merge pull request #14398 from poettering/mount-prep 2020-02-04 16:28:51 +01:00
Lennart Poettering
340cb115b3 units: define RuntimeDirectory= in systemd-journald.service
It doesn't get us much, but makes the differences between the templated
and non-templated versions a bit smaller.
2020-01-31 15:04:24 +01:00
Lennart Poettering
5591cd4e20 units: sort settings in systemd-journald.service again 2020-01-31 15:04:15 +01:00
Lennart Poettering
dc5437c78b journald: add ability to activate by varlink socket
If we have exit on idle, then operations such as "journalctl
--namespace=foo --rotate" should work even if the journal daemon is
currently not running.

(Note that we don't do activation by varlink for the main instance of
journald, I am not sure the deadlocks it might introduce are worth it)
2020-01-31 15:03:55 +01:00
Lennart Poettering
65c398c031 journald: add exit on idle 2020-01-31 15:03:44 +01:00
Lennart Poettering
1ee51fbd70 units: add unit files for instantiated journal daemons 2020-01-31 15:01:30 +01:00
Lennart Poettering
70a5db5822 home: add new systemd-homed service that can manage LUKS homes
Fixes more or less: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:07 +01:00
Yu Watanabe
1b3cccfdac unit: add AF_ALG to systemd-networkd.service
networkd uses khash, and khash requires AF_ALG.
2020-01-28 15:34:04 +01:00
Lennart Poettering
a7e8855879 units: introduce blockdev@.target for properly ordering mounts/swaps against cryptsetup
Let's hook it into both cryptsetup-generator and gpt-auto-generator with
a shared implementation in generator.c

Fixes: #8472
2020-01-21 20:23:13 +01:00
Lennart Poettering
29ee6541a4 units: add unit file for systemd-repart to automatically run at boot 2020-01-20 17:42:03 +01:00
Zbigniew Jędrzejewski-Szmek
cdc6804b60 units: drop full paths for utilities in $PATH
This makes things a bit simpler and the build a bit faster, because we don't
have to rewrite files to do the trivial substitution. @rootbindir@ is always in
our internal $PATH that we use for non-absolute paths, so there should be no
functional change.
2020-01-20 16:50:16 +01:00
Lennart Poettering
d093b62c94 userdbd: add new service that can merge userdb queries from multiple clients 2020-01-15 15:28:17 +01:00
Lennart Poettering
d5016c21d7 units: tweaks to modprobe@.service
Let's use uppercase wording in the description string, like we usually
do.

Let's allow using this service in early boot.

If it's pulled into the initial transaction it's better to finish
loading this before sysinit.target.

Don't bother with this in containers that lack CAP_SYS_MODULE
2020-01-07 18:54:24 +01:00
Iain Lane
625077264b units: Split modprobing out into a separate service unit
Devices referred to by `DeviceAllow=` sandboxing are resolved into their
corresponding major numbers when the unit is loaded by looking at
`/proc/devices`. If a reference is made to a device which is not yet
available, the `DeviceAllow` is ignored and the unit's processes cannot
access that device.

In both logind and nspawn, we have `DeviceAllow=` lines, and `modprobe`
in `ExecStartPre=` to load some kernel modules. Those kernel modules
cause device nodes to become available when they are loaded: the device
nodes may not exist when the unit itself is loaded. This means that the
unit's processes will not be able to access the device since the
`DeviceAllow=` will have been resolved earlier and denied it.

One way to fix this would be to re-evaluate the available devices and
re-apply the policy to the cgroup, but this cannot work atomically on
cgroupsv1. So we fall back to a second approach: instead of running
`modprobe` via `ExecStartPre`, we move this out to a separate unit and
order it before the units which want the module.

Closes #14322.
Fixes: #13943.
2020-01-07 18:37:30 +01:00
Yu Watanabe
48d0248e6d network: bump netlink receive buffer size to 128M
Prompted by #14417.
2020-01-02 10:29:41 +01:00
Lennart Poettering
b895fa08e6 Revert "Drop dbus activation stub service"
This reverts commit 07125d24ee.

In contrast to what is claimed in #13396 dbus-broker apparently does
care for the service file to be around, and otherwise will claim
"Service Not Activatable" in the time between systemd starting up the
broker and connecting to it, which the stub service file is supposed to
make go away.

Reverting this makes the integration test suite pass again on host with
dbus-broker (i.e. current Fedora desktop).

Tested with dbus-broker-21-6.fc31.x86_64.
2019-12-20 17:28:12 +01:00
Zbigniew Jędrzejewski-Szmek
4186441bbd Revert "cryptsetup: umount encrypted devices before detaching it during shutdown"
This reverts commit 362c378291.

This commit introduced an ordering loop: remote-cryptsetup.target was both
before and after remote-fs-pre.target. It also globally ordered all cryptsetup
volumes before all mounts. Such global ordering is problematic if people have
stacked storage. Let's look for a different solution.

See https://github.com/systemd/systemd/pull/14378#discussion_r359460109.
2019-12-19 10:42:14 +01:00
Dimitri John Ledkov
f27bb6abd3 initrd: make udev cleanup service confict trigger and settle too
Otherwise, systemd-udev-trigger|settle.service that ran in the initrd may
ramain active, and never re-run again from the system root.

This is observed by forexample examining ESP with udevadm info, which in the
initrd has all the ID_* variables, and none of them in fully booted system.
2019-12-17 21:38:11 +01:00
Franck Bui
362c378291 cryptsetup: umount encrypted devices before detaching it during shutdown
This is done by ordering local-fs-pre.target and remote-fs-pre.target after
cryptsetup.target and remote-cryptsetup.target respectively.

Fixes: #8472
2019-12-05 11:43:05 +01:00
Franck Bui
1dc85eff1d crypsetup: introduce x-initrd.attach option
This option is an indication for PID1 that the entry in crypttab is handled by
initrd only and therefore it shouldn't interfer during the usual start-up and
shutdown process.

It should be primarily used with the encrypted device containing the root FS as
we want to keep it (and thus its encrypted device) until the very end of the
shutdown process, i.e. when initrd takes over.

This option is the counterpart of "x-initrd.mount" used in fstab.

Note that the slice containing the cryptsetup services also needs to drop the
usual shutdown dependencies as it's required by the cryptsetup services.

Fixes: #14224
2019-12-05 11:43:02 +01:00
Pascal de Bruijn
b4e2236a72 systemd-tmpfiles: don't install timer when service isn't installed either
Fixes: systemd-tmpfiles-clean.timer: Refusing to start, unit
systemd-tmpfiles-clean.service to trigger not loaded.
2019-11-22 14:30:37 +01:00