1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

53460 Commits

Author SHA1 Message Date
Lennart Poettering
643006f62b man: document the new DefaultOOMScoreAdjust= setting 2021-10-04 16:27:11 +02:00
Lennart Poettering
ce7de0ba8e units: run user service managers at OOM score adjustment 100
Let's make it slightly more likely that a per-user service manager is
killed than any system service. We use a conservative 100 (from a range
that goes all the way to 1000).

Replaces: #17426

Together with the previous commit this means: system manager and system
services are placed at OOM score adjustment 0 (specifically: they
inherit kernel default of 0). User service manager (both for root and
non-root) are placed at 100. User services for non-root are placed at
200, those for root inherit 100.

Note that processes forked off the user *sessions* (i.e. not forked off
the per-user service manager) remain at 0 (e.g. the shell process
created by a tty or ssh login). This probably should be
addressed too one day (maybe in pam_systemd?), but is not covered here.
2021-10-04 16:27:10 +02:00
Lennart Poettering
d4a402e4f6 core: add a new setting DefaultOOMScoreAdjust= and set it to 100 above service manager's by default
Let's make our service managers slightly less likely to be killed by the
OOM killer by adjusting our services' OOM score adjustment to 100 above
ours. Do this conservatively, i.e. only for regular user sessions.
2021-10-04 16:27:10 +02:00
Lennart Poettering
bb2d1d8ea4 test: add test case for {get,set}_oom_score_adjust() 2021-10-04 16:27:10 +02:00
Lennart Poettering
2c37c613a7 process-util: add helper for querying oom score adjustment value 2021-10-04 16:27:10 +02:00
Luca Boccassi
9d0ad242b8 man/glib-event-glue example: relicense to CC0-1.0
All other examples were relicensed to CC0-1.0 since they are intended
to be copied and pasted anywhere without any restrictions.
Relicense the last one too.
2021-10-04 11:05:22 +02:00
Egor
936a7cb66a sleep: don't skip resume device with low priority/available space
this fixes hibernation when there's a higher priority swap preceding
the resume swap in /proc/swaps.

fixes #19486
2021-10-04 10:23:42 +02:00
Frantisek Sumsal
105bb924a9
Merge pull request #20924 from weblate/weblate-systemd-master
Translations update from Weblate
2021-10-03 16:08:50 +00:00
Slimane Selyan Amiri
2eeec9f3cc po: Translated using Weblate (Kabyle)
Currently translated at 2.1% (4 of 189 strings)

Co-authored-by: Slimane Selyan Amiri <selyan.kab@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/kab/
Translation: systemd/main
2021-10-03 18:05:00 +02:00
Gogo Gogsi
200ece8e11 po: Translated using Weblate (Croatian)
Currently translated at 100.0% (189 of 189 strings)

Co-authored-by: Gogo Gogsi <linux.hr@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/hr/
Translation: systemd/main
2021-10-03 18:05:00 +02:00
Luca Boccassi
c40671ba16
Merge pull request #20886 from bluca/license
SPDX: add README and license texts
2021-10-01 22:57:11 +01:00
Weblate
23579882e1 po: Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/
Translation: systemd/main
2021-10-01 21:07:19 +00:00
Luca Boccassi
9c6e32a294 Add all other applicable licenses under LICENSES/
License texts copied from:

https://github.com/spdx/license-list-data/blob/master/text/
2021-10-01 17:27:34 +01:00
Luca Boccassi
7fe57498de add LICENSES/README.md explaining the license situation 2021-10-01 17:27:34 +01:00
Luca Boccassi
f4d74c6105 man: add licenses to all files that lack one
Documentation is licensed under LGPL-2.1-or-later.
Scripts are MIT to facilitate reuse.
Examples are relicensed to CC0-1.0 to maximise copy-and-paste
for users, with permission from authors.
2021-10-01 17:27:34 +01:00
Luca Boccassi
948def4af6 tree-wide: fix SPDX short identifier for LGPL-2.1-or-later
https://spdx.dev/ids/#:~:text=Allowing%20later%20versions%20of%20a%20license
https://spdx.org/licenses/LGPL-2.1-or-later.html
2021-10-01 17:27:34 +01:00
Luca Boccassi
ab885bedbf
Merge pull request #20907 from keszybz/licensing-cleanup
Licensing cleanup
2021-10-01 17:26:08 +01:00
Zbigniew Jędrzejewski-Szmek
0aee5e3dc0 xorg/50-systemd-user: add a full license header
This file is installed onto user systems, so it should have the full
header that says where it came from.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
8f5bcd615b licensing: add forgotten spdx headers
Those are all "our" files, but we forgot to add the headers,
most likely because of non-standard file extensions.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
098621aff3 licensing: add missing header to one .network file
It should have the full header because it will be installed onto
user systems like the other .network files.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
090ade7ee7 licensing: add spdx header to chromiumos helper, move license file
It makes it easier to process the license automatically like other files.
The text of the license in tools/chromiumos/LICENSE matches
https://spdx.org/licenses/BSD-3-Clause.html exactly.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
64b92d637c licensing: add spdx to our .cocci files
Since those are chunks of code based on our codebase, it's easiest to use the
same license.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
ed77c2de1f licensing: add header to POTFILES.in
This is just a stupid file list, but without the header the file shows
up on the list of files without a header. I checked that 'systemd-update-po'
still works, so I think it's OK to add this.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
6f2c7dd7cd licensing: add missing license headers on translation files
Also make the headers more alike for consistency.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
186b9041ae ci: use LGPLv2+ for all our ci configuration 2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
43d6fcc09f github: use the same headers on yaml files
Also adjust the mention of location of mkosi files,
follow-up for d55ad7fe96.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
d8aaa71699 licensing: say that our github docs are LGPLv2.1+
This mirros what 0aff7b7584 did for docs/.
2021-10-01 14:45:00 +02:00
Franck Bui
964ccab828 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs
The second call to name_to_handle_at_loop() didn't check for the specific
errors that can happen when the parent dir is mounted by nfs and instead of
falling back like it's done for the child dir, fd_is_mount_point() failed in
this case.
2021-10-01 11:11:45 +02:00
Zbigniew Jędrzejewski-Szmek
8e9b3bcf12
Merge pull request #20894 from andir/editorconfig
Set maximum line length in editorconfig for C and XML files
2021-10-01 10:51:48 +02:00
Lukas Senionis
6ca3d087e2 reduce the fuzz values in evdev hwdb for Asus UX362FA 2021-10-01 10:49:01 +02:00
Yu Watanabe
1924f26d2a
Merge pull request #20777 from benzea/benzea/fix-seccomp-filter
seccomp: Always install filters for native architecture
2021-10-01 15:12:55 +09:00
Michael Biebl
528dd6a423 networkd-test: fix resolved_domain_restricted_dns
megasearch.net was meant to be a non-existing bogus domain, and had been
for a long time. But it seems some domain grabber recently registered
it, and it's an actual thing now:

  $ host megasearch.net
  megasearch.net has address 207.148.248.143

This causes the test to fail randomly.

Use search.example.com instead which yields

  $ host search.example.com
  Host search.example.com not found: 3(NXDOMAIN)

Fixes: #18357
2021-10-01 14:34:00 +09:00
Luca Boccassi
2e016f3a0b
Merge pull request #20884 from mrc0mmand/to-shellcheck-or-not-to-shellcheck
tree-wide: the last batch of shellcheck shenanigans
2021-09-30 20:53:00 +01:00
Frantisek Sumsal
e72be068b1 test: use a less restrictive portable profile when running w/ sanitizers
Since f833df3 we now actually use the seccomp rules defined in portable
profiles. However, the default one is too restrictive for sanitizers, as
it blocks certain syscall required by LSan. Mitigate this by using the
'trusted' profile when running TEST-29-PORTABLE under sanitizers.
2021-09-30 14:23:27 +02:00
Andreas Rammhold
c5f26a0250
editorconfig: set maximum line length to 109 for man/*.xml files 2021-09-30 13:45:34 +02:00
Andreas Rammhold
83f0ec7978
editorconfig: enforce maximum line length in .c and .h files 2021-09-30 13:45:34 +02:00
Frantisek Sumsal
1c46b3c24d ci: introduce Super-Linter for shell scripts
See: https://github.com/marketplace/actions/super-linter
2021-09-30 12:27:08 +02:00
Frantisek Sumsal
f7e0d22d76 tools: shellcheck-ify tool scripts 2021-09-30 12:27:06 +02:00
Frantisek Sumsal
1c3f490f23 test: shellcheck-ify test scripts 2021-09-30 12:12:00 +02:00
Frantisek Sumsal
91c64ad620 test: drop an unused file 2021-09-30 12:11:27 +02:00
Benjamin Berg
e975a94559 test: Add failing/non-failing syscall filter test setting architecture
This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.
2021-09-30 08:06:25 +09:00
Benjamin Berg
08bf703cc1 test: Check that "native" architecture is always filtered 2021-09-30 08:06:19 +09:00
Benjamin Berg
f833df3848 seccomp: Always install filters for native architecture
The commit 6597686865 ("seccomp: don't install filters for archs that
can't use syscalls") introduced a regression where filters may not be
installed for the "native" architecture. This means that setting
SystemCallArchitectures=native for a unit effectively disables the
SystemCallFilter= and SystemCallLog= options.

Conceptually, we have two filter stages:
 1. architecture used for syscall (SystemCallArchitectures=)
 2. syscall + architecture combination (SystemCallFilter=)

The above commit tried to optimize the filter generation by skipping the
second level filtering when it is not required.

However, systemd will never fully block the "native" architecture using
the first level filter. This makes the code a lot simpler, as systemd
can execve() the target binary using its own architecture. And, it
should be perfectly fine as the "native" architecture will always be the
one with the most restrictive seccomp filtering.

Said differently, the bug arises because (on x86_64):
 1. x86_64 is permitted by libseccomp already
 2. native != x86_64
 3. the loop wants to block x86_64 because the permitted set only
    contains "native" (i.e. "native" != "x86_64")
 4. x86_64 is marked as blocked in seccomp_local_archs

Thereby we have an inconsistency, where it is marked as blocked in the
seccomp_local_archs array but it is allowed by libseccomp. i.e. we will
skip generating filter stage 2 without having stage 1 in place.

The fix is simple, we just skip the native architecture when looping
seccomp_local_archs. This way the inconsistency cannot happen.
2021-09-30 08:04:59 +09:00
alexlzhu
fab79a85af docs: Fixing typo in systemd.device man page and README.
systemd-udevd.service listens to kernel uevents and is needed for device
units to be available.

systemd-udevd.service is misspelled as systemd-udev.service in a couple places.

Fixing typo.
2021-09-29 22:18:38 +01:00
Frantisek Sumsal
8370da9ea6 ci: shellcheck-ify CI scripts 2021-09-29 22:24:12 +02:00
Yu Watanabe
200f77f933
Merge pull request #20876 from poettering/openssl3-creds
creds-util: switch to OpenSSL 3.0 APIs
2021-09-30 04:01:57 +09:00
Luca Boccassi
5386e247f8
Merge pull request #20883 from bluca/bpf_header_license
headers: update bpf_insn.h to dual license
2021-09-29 18:05:28 +01:00
Lennart Poettering
721956f3e9
Merge pull request #20219 from khfeng/use-intel-hid-rfkill
hwdb: Remove intel-hid rfkill mask
2021-09-29 18:53:22 +02:00
Luca Boccassi
f59a1ab4b0 docs: mention that contributed code must be compatible with GPL-2.0-or-later explicitly 2021-09-29 17:42:51 +01:00
Luca Boccassi
13b7d99dad headers: update bpf_insn.h to dual license
This header is copied from the kernel. It was relicensed from GPL-2.0-only
to GPL-2.0-only OR BSD-2-Clause, so update our SPDX tag accordingly.

For more details and ACKS from all copyright holders authorizing the
license change see:

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=d75fe9cb1dd062684c9fb8a4581738170365dc06
2021-09-29 17:40:55 +01:00