IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It was a harmless but pointless duplication. Fixes#4655.
Note: in general we try to install as little as possible in
/etc/systemd/{system,user}. We only install .wants links there for units which
are "user configurable", i.e. which have an [Install] section. Most our units
and aliases are not user configurable, do not have an [Install] section, and
must be symlinked statically during installation. A few units do have an
[Install] section, and are enabled through symlinks in /etc/ during
installation using GENERAL_ALIASES. It *would* be possible to not create those
symlinks, and instead require 'systemctl preset' to be invoked after
installation, but GENERAL_ALIASES works well enough.
core: add new RestrictNamespaces= unit file setting
Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
We don't have plural in the name of any other -util files and this
inconsistency trips me up every time I try to type this file name
from memory. "formats-util" is even hard to pronounce.
This new setting permits restricting whether namespaces may be created and
managed by processes started by a unit. It installs a seccomp filter blocking
certain invocations of unshare(), clone() and setns().
RestrictNamespaces=no is the default, and does not restrict namespaces in any
way. RestrictNamespaces=yes takes away the ability to create or manage any kind
of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces
so that only mount and IPC namespaces may be created/managed, but no other
kind of namespaces.
This setting should be improve security quite a bit as in particular user
namespacing was a major source of CVEs in the kernel in the past, and is
accessible to unprivileged processes. With this setting the entire attack
surface may be removed for system services that do not make use of namespaces.
Fixes build error on recent toolchains:
../src/test/test-seccomp.c:35: error: undefined reference to 'seccomp_arch_native'
collect2: error: ld returned 1 exit status
Since this unit is synthesized anyway there's no point in actually shipping it
on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *"
won't be confused by the leading dash of the file name anymore.
console-shell.service was supposed to be useful for normal clean boots
(i.e. multi-user.target or so), as a replacement for logind/getty@.service for
simpler use cases.
But due to the lack of documentation and sanity check one can easily be
confused and enable this service in // with getty@.service.
In this case we end up with both services sharing the same tty which ends up in
strange results.
Even worse, console-shell.service might be failing while getty@.service tries
to acquire the terminal which ends up in the system to poweroff since
console-shell.service uses:
"ExecStopPost=-/usr/bin/systemctl poweroff".
Another issue: this service doesn't work well if plymouth is also used since it
lets the splash screen program run and mess the tty (at least a "plymouth quit"
is missing).
So let's kill it for now.
Replace move-to-rootlibdir calls in post-install hooks with explicitly
used ${rootlibdir} where needed.
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
NSS modules (libnss_*.so.*) need to be installed into
${rootlibdir} (typically /lib) in order to be used. Previously, the
modules were installed into ${libdir}, thus usually ending up in
/usr/lib, even on systems where split usr is enabled, or ${libdir} is
passed explicitly.
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
This was causing preset-all --global to create symlinks:
$ systemctl preset-all --global --root=/var/tmp/inst1
Created symlink /var/tmp/inst1/etc/systemd/user/shutdown.target → /usr/lib/systemd/user/../system/shutdown.target.
Created symlink /var/tmp/inst1/etc/systemd/user/sockets.target → /usr/lib/systemd/user/../system/sockets.target.
Created symlink /var/tmp/inst1/etc/systemd/user/timers.target → /usr/lib/systemd/user/../system/timers.target.
Created symlink /var/tmp/inst1/etc/systemd/user/paths.target → /usr/lib/systemd/user/../system/paths.target.
Created symlink /var/tmp/inst1/etc/systemd/user/bluetooth.target → /usr/lib/systemd/user/../system/bluetooth.target.
Created symlink /var/tmp/inst1/etc/systemd/user/printer.target → /usr/lib/systemd/user/../system/printer.target.
Created symlink /var/tmp/inst1/etc/systemd/user/sound.target → /usr/lib/systemd/user/../system/sound.target.
Created symlink /var/tmp/inst1/etc/systemd/user/smartcard.target → /usr/lib/systemd/user/../system/smartcard.target.
Created symlink /var/tmp/inst1/etc/systemd/user/busnames.target → /usr/lib/systemd/user/../system/busnames.target.
It is better to create units in a state that completely matches the presets, i.e.
preset-all should do nothing when invoked immediately after installation.
I'm sure it was confusing to users too, suggesting that system and user units
may somehow alias each other.
Enable reboot.target and disable exit.target: the first is used on normal
machines, the second only in containers, and the more general one
should be enabled by default.
Also fix the Makefile to match what preset-all does.
With this and the previous commits, doing "make instal DESTDIR=…" followed
by "systemctl preset-all --root=…" doesn't result in any changes.
This adds "systemd-mount" which is for transient mount and automount units what
"systemd-run" is for transient service, scope and timer units.
The tool allows establishing mounts and automounts during runtime. It is very
similar to the usual /bin/mount commands, but can pull in additional
dependenices on access (for example, it pulls in fsck automatically), an take
benefit of the automount logic.
This tool is particularly useful for mount removable file systems (such as USB
sticks), as the automount logic (together with automatic unmount-on-idle), as
well as automatic fsck on first access ensure that the removable file system
has a high chance to remain in a fully clean state even when it is unplugged
abruptly, and returns to a clean state on the next re-plug.
This is a follow-up for #2471, as it adds a simple client-side for the
transient automount logic added in that PR.
In later work it might make sense to invoke this tool automatically from udev
rules in order to implement a simpler and safer version of removable media
management á la udisks.
This complements graphical-session.target for services which set up the
environment (e. g. dbus-update-activation-environment) and need to run before
the actual graphical session.
Udev rules cover all the necessary initializations.
As the service now is neither installed, nor installable - we can
remove explicit dependencies and RemainAfterExit=yes option.
This unit acts as a dynamic "alias" target for any concrete graphical user
session like gnome-session.target; these should declare
"BindsTo=graphical-session.target" so that both targets stop and start at the
same time.
This allows services that run in a particular graphical user session (e. g.
gnome-settings-daemon.service) to declare "PartOf=graphical-session.target"
without having to know or get updated for all/new session types. This will
ensure that stopping the graphical session will stop all services which are
associated to it.
This adds a new boolean setting DynamicUser= to service files. If set, a new
user will be allocated dynamically when the unit is started, and released when
it is stopped. The user ID is allocated from the range 61184..65519. The user
will not be added to /etc/passwd (but an NSS module to be added later should
make it show up in getent passwd).
For now, care should be taken that the service writes no files to disk, since
this might result in files owned by UIDs that might get assigned dynamically to
a different service later on. Later patches will tighten sandboxing in order to
ensure that this cannot happen, except for a few selected directories.
A simple way to test this is:
systemd-run -p DynamicUser=1 /bin/sleep 99999
With this change we'll no longer write to /etc/machine-id from nspawn, as that
breaks the --volatile= operation, as it ensures the image is never considered
in "first boot", since that's bound to the pre-existance of /etc/machine-id.
The new logic works like this:
- If /etc/machine-id already exists in the container, it is read by nspawn and
exposed in "machinectl status" and friends.
- If the file doesn't exist yet, but --uuid= is passed on the nspawn cmdline,
this UUID is passed in $container_uuid to PID 1, and PID 1 is then expected
to persist this to /etc/machine-id for future boots (which systemd already
does).
- If the file doesn#t exist yet, and no --uuid= is passed a random UUID is
generated and passed via $container_uuid.
The result is that /etc/machine-id is never initialized by nspawn itself, thus
unbreaking the volatile mode. However still the machine ID configured in the
machine always matches nspawn's and thus machined's idea of it.
Fixes: #3611
We currently have code to read and write files containing UUIDs at various
places. Unify this in id128-util.[ch], and move some other stuff there too.
The new files are located in src/libsystemd/sd-id128/ (instead of src/shared/),
because they are actually the backend of sd_id128_get_machine() and
sd_id128_get_boot().
In follow-up patches we can use this reduce the code in nspawn and
machine-id-setup by adopted the common implementation.
Add a new key ID_INPUT_TOUCHPAD_INTEGRATION=internal|external so we have a
single source for figuring out which touchpads are built-in.
Fairly simple approach: bluetooth is external, usb is external unless it's an
Apple touchpad. Everything else is internal.
Let's allow distros to change the support URL to expose in catalog entries by
default. It doesn't make sense to direct end-users to the upstream project for
common errors.
This adds a --with-support-url= switch to configure, which allows overriding
the default at build-time.
Fixes: #2516
Link as many binaries as possible with it, to save storage space.
Preserve the static libshared and libbasic for use in libraries, nss
modules and udev.
Libraries need to be static in order to avoid polluting the symbol
namespace.
Udev needs to be static so downstream can avoid strict version dependencies
with the systemd package, and this can complicate upgrade scenarios.
It makes use of the sd_listen_fds() call, and as such should live in
src/shared, as the distinction between src/basic and src/shared is that the
latter may use libsystemd APIs, the former does not.
Note that btrfs-util.[ch] and log.[ch] also include header files from
libsystemd, but they only need definitions, they do not invoke any function
from it. Hence they may stay in src/basic.
In order to improve compatibility with local clients that speak DNS directly
(and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process
any queries made that way.
Note that resolved does not implement a full DNS server on this port, but
simply enough to allow normal, local clients to resolve RRs through resolved.
Specifically it does not implement queries without the RD bit set (these are
requests where recursive lookups are explicitly disabled), and neither queries
with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with
validation turned off). It also refuses zone transfers and obsolete RR types.
All lookups done this way will be rejected with a clean error code, so that the
client side can repeat the query with a reduced feature set.
The code will set the DNSSEC AD flag however, depending on whether the data
resolved has been validated (or comes from a local, trusted source).
Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary,
but this is only partially useful as DNS packets cannot carry IP scope data
(i.e. the ifindex), and hence link-local addresses returned cannot be used
properly (and given that LLMNR/mDNS are mostly about link-local communication
this is quite a limitation). Also, given that DNS tends to use IDNA for
non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1.
In general this should improve compatibility with clients bypassing NSS but
it is highly recommended for clients to instead use NSS or our native bus API.
This patch also beefs up the DnsStream logic, as it reuses the code for local
TCP listening. DnsStream now provides proper reference counting for its
objects.
In order to avoid feedback loops resolved will no silently ignore 127.0.0.53
specified as DNS server when reading configuration.
resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave
the latter free for local, external DNS servers or forwarders.
This also changes the "etc.conf" tmpfiles snippet to create a symlink from
/etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this
stub the default mode of operation if /etc is not populated.
Delete the dbus1 generator and some critical wiring. This prevents
kdbus from being loaded or detected. As such, it will never be used,
even if the user still has a useful kdbus module loaded on their system.
Sort of fixes#3480. Not really, but it's better than the current state.
This adds (undocumented) environment variables SYSTEMD_KBD_MODEL_MAP
and SYSTEMD_LANGUAGE_FALLBACK_MAP, which, if set, override compiled-in
locations of those two files.
Instead of skipping tests when the maps are not installed, just use
the one from the source dir. We still cannot do the mappings the other
way if /usr/lib/kbd/keymaps is not present, so truncate the tests in
that case.
Also tweak the debug messages a bit to make it easier to see
which function is failing.
Let's hook up the ACPI database we maintain from the upstream UEFI sources.
This adds a tool to convert the database provided upstream to our native
format, similar to how this is handled for the PCI and USB databases.
Note that the upstream web site claims to offer an XLS download, but the actual
data made available is an HTML file in reality, just one with the ".xls"
suffix...
The data provided from the UEFI folks is not very high quality nor complete,
hence apply a patch after the conversion step that fixes up a few things and
adds in more entries from various sources. For example, the EDID ids maintained
by GNOME and other sources have been added too, as they all appear to use the
same ID namespace.
This also adds explicit support for 4 character ACPI ids, in addition to the
normal 3 character PNP ids.
Also fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=90524
Let's add a generic parser for VLAN ids, which should become handy as
preparation for PR #3428. Let's also make sure we use uint16_t for the vlan ID
type everywhere, and that validity checks are already applied at the time of
parsing, and not only whne we about to prepare a netdev.
Also, establish a common definition VLANID_INVALID we can use for
non-initialized VLAN id fields.
This reworks sd-ndisc and networkd substantially to support IPv6 RA much more
comprehensively. Since the API is extended quite a bit networkd has been ported
over too, and the patch is not as straight-forward as one could wish. The
rework includes:
- Support for DNSSL, RDNSS and RA routing options in sd-ndisc and networkd. Two
new configuration options have been added to networkd to make this
configurable.
- sd-ndisc now exposes an sd_ndisc_router object that encapsulates a full RA
message, and has direct, friendly acessor functions for the singleton RA
properties, as well as an iterative interface to iterate through known and
unsupported options. The router object may either be retrieved from the wire,
or generated from raw data. In many ways the sd-ndisc API now matches the
sd-lldp API, except that no implicit database of seen data is kept. (Note
that sd-ndisc actually had a half-written, but unused implementaiton of such
a store, which is removed now.)
- sd-ndisc will now collect the reception timestamps of RA, which is useful to
make sd_ndisc_router fully descriptive of what it covers.
Fixes: #1079
When converting an empty x11 variant, we would not delete vconsole mapping
properly.
find_legacy_keymap() is made non-static. I think it's important to be able to
test it. In principle we could also test it through the higher-level interface
of x11_convert_to_vconsole, but x11_convert_to_vconsole also uses
find_converted_keymap, and it's better to test at this lower level.
Note that find_legacy_keymap might be a bit of a misnomer, because we'd probably
want to keep kbd-model-map even if the "legacy" layouts went away. So we might
want to change this name, but I'm leaving that for another commit.
The current raw_clone function takes two arguments, the cloning flags and
a pointer to the stack for the cloned child. The raw cloning without
passing a "thread main" function does not make sense if a new stack is
specified, as it returns in both the parent and the child, which will fail
in the child as the stack is virgin. All uses of raw_clone indeed pass NULL
for the stack pointer which indicates that both processes should share the
stack address (so you better don't pass CLONE_VM).
This commit refactors the code to not require the caller to pass the stack
address, as NULL is the only sensible option. It also adds the magic code
needed to make raw_clone work on sparc64, which does not return 0 in %o0
for the child, but indicates the child process by setting %o1 to non-zero.
This refactoring is not plain aesthetic, because non-NULL stack addresses
need to get mangled before being passed to the clone syscall (you have to
apply STACK_BIAS), whereas NULL must not be mangled. Implementing the
conditional mangling of the stack address would needlessly complicate the
code.
raw_clone is moved to a separete header, because the burden of including
the assert machinery and sched.h shouldn't be applied to every user of
missing_syscalls.h
Split seccomp into nspawn-seccomp.[ch]. Currently there are no changes,
but this will make it easy in the future to share or use the seccomp logic
from systemd core.
Add a synchronization point so that custom initramfs units can run
after the root device becomes available, before it is fsck'd and
mounted.
This is useful for custom initramfs units that may modify the
root disk partition table, where the root device is not known in
advance (it's dynamically selected by the generators).
Cloning an image can be slow, if the image is not on a btrfs subvolume, hence
let's make sure we do this asynchronously in a child process, so that machined
isn't blocked as long as we process the client request.
This adds a new, generic "Operation" object to machined, that is used to track
these kind of background processes.
This is inspired by the MachineOperation object that already exists to make
copy operations asynchronous. A later patch will rework the MachineOperation
logic to use the generic Operation instead.
This adds a new --private-userns-chown switch that may be used in combination
with --private-userns. If it is passed a recursive chmod() operation is run on
the OS tree, fixing all file owner UID/GIDs to the right ranges. This should
make user namespacing pretty workable, as the OS trees don't need to be
prepared manually anymore.
This adds a new GetProcesses() bus call to the Unit object which returns an
array consisting of all PIDs, their process names, as well as their full cgroup
paths. This is then used by "systemctl status" to show the per-unit process
tree.
This has the benefit that the client-side no longer needs to access the
cgroupfs directly to show the process tree of a unit. Instead, it now uses this
new API, which means it also works if -H or -M are used correctly, as the
information from the specific host is used, and not the one from the local
system.
Fixes: #2945
We don#t really support systems where XDG_RUNTIME_DIR is not supported for
systemd --user. Hence, let's always set our own XDG_RUNTIME_DIR for tests that
involve systemd --user, so that we know it is set, and that it doesn't polute
the user's actual runtime dir.
Previously, libxkbcommon was a compile-time option. When enabled the localed
binary would strictly depend on it, thus pulling in libxkbcommon and its
dependencies, which are non-trivial in size.
With this change we dlopen() libxkbcommon when it is available instead. If the
library is available behaviour is as before. However, if it isn't the system is
considered "headless", i.e. without local hardware and all attempts to set the
local keyboard configuration will be refused.
This is useful for general-purpose distributions which want to support
"headless" (such as container systems) and "full" systems with the same build.
We check /etc/machine-id of the container and if it is already populated
we use value from there, possibly ignoring value of --uuid option from
the command line. When dealing with R/O image we setup transient machine
id.
Once we determined machine id of the container, we use this value for
registration with systemd-machined and we also export it via
container_uuid environment variable.
As registration with systemd-machined is done by the main nspawn process
we communicate container machine id established by setup_machine_id from
outer child to the main process by unix domain socket. Similarly to PID
of inner child.
We don't want to actually install it anywhere, because it
is only usable copied or %included directly into a spec file,
and must be available before %prep is run. But still, it's
useful to generate it automatically so it's easier to copy
and it doesn't go stale.
- Move gcrypt.h include inside grcrypt-util.h.
- Allow gcrypt-util.[ch] to be compiled even without gcrypt.
This allows the logic in files using gcrypt to be simplified.
- Fix compilation of systemd-resolve without gcrypt.
systemd-resolved already supported that.
Fixes#2711.
lldp.h contains definitions of LLDP types, subtypes and capabilities which
should be exposed in public headers. Get rid of the file and move those
definitions to sd-lldp.h with the SD_ prefix.
journal-upload doesn't really need microhttpd to run.
Without the dependency, we can cross compile systemd
without microhttpd and get the uploader part of the
remote logging.
Change-Id: I28dfa5ad2aae94e50de1d32713e1827623c3fd1d
We have a bunch of syscall wrapper definitions and it's easier to
see that they follow the same pattern if they are not interspersed
with other defines.
Change the wrappers to be uniform:
- if __NR_XXX is not defined, do not bother to call the syscall,
and return -1/ENOSYS immediately.
- do not check __NR_XXX defines if we detect the symbol as defined,
since we don't need them anyway
- reindent stuff for readability
New file basic/missing_syscall.h is included at the end of missing.h
because it might make use of some of the definitions in missing.h.
The source file name and the binary name were mismatched.
Rename binary to match.
Make the test exit with TEST_SKIP if the data is missing or we
have no permissions. Otherwise, the data will be printed, which
should be safe to enable by default.
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
Add path argument to clock_is_localtime() and default to "/etc/adjtime" if it's
NULL. This makes the function testable.
Add test-clock: initial test cases for some scenarios, using a temporary file.
This also checks the behaviour with a NULL (i. e. the system's /etc/adjtime)
file.
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
