1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

42396 Commits

Author SHA1 Message Date
Lennart Poettering
3288ea8f32 core: set "trusted.delegate" xattr on cgroups that are delegation boundaries
Let's mark cgroups that are delegation boundaries to us. This can then
be used by tools such as "systemd-cgls" to show where the next manager
takes over.
2019-11-20 17:50:12 +01:00
Lennart Poettering
bf25f1657f cgroup-util: add new cg_remove_xattr() for removing xattr from cgroup 2019-11-20 17:50:12 +01:00
Lennart Poettering
59a49b1bcd
Merge pull request #14090 from poettering/clonenewns-fix
make sure systemd-logind.service can start if unshare() is blocked
2019-11-20 17:27:56 +01:00
Lennart Poettering
168e131b8b update NEWS 2019-11-20 16:16:46 +01:00
Zbigniew Jędrzejewski-Szmek
8490fc7aef
Merge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs
Systemctl add log-level, log-target, service-watchdogs commands
2019-11-20 16:15:09 +01:00
Zbigniew Jędrzejewski-Szmek
2d8898f564
Merge pull request #14074 from keszybz/rename-system-options
Rename system-options
2019-11-20 16:13:46 +01:00
Lennart Poettering
6d19b71876 core: don't insist on ProtectHostname= if unshare() is blocked
Previously we'd only skip ProtectHostname= if kernel support for
namespaces was lacking. With this change we also accept if unshare()
fails because it is blocked.
2019-11-20 12:49:06 +01:00
Lennart Poettering
4e67759960 core: be more lenient when checking whether sandboxing is necessary
In some containers unshare() is made unavailable entirely. Let's deal
with this that more gracefully and disable our sandboxing of services
then, so that we work in a container, under the assumption the container
manager is then responsible for sandboxing if we can't do it ourselves.

Previously, we'd insist on sandboxing as soon as any form of BindPath=
is used. With this change we only insist on it if we have a setting like
that where source and destination differ, i.e. there's a mapping
established that actually rearranges things, and thus would result in
systematically different behaviour if skipped (as opposed to mappings
that just make stuff read-only/writable that otherwise arent').

(Let's also update a test that intended to test for this behaviour with
a more specific configuration that still triggers the behaviour with
this change in place)

Fixes: #13955

(For testing purposes unshare() can easily be blocked with
systemd-nspawn --system-call-filter=~unshare.)
2019-11-20 12:30:04 +01:00
Lennart Poettering
e884e00071 errno-util: add ERRNO_IS_PRIVILEGE() helper 2019-11-20 12:29:54 +01:00
Anita Zhang
206a29b2e1 id128: fix initializer element is not constant
Was getting:

  ../src/id128/id128.c:15:1: error: initializer element is not constant
   static sd_id128_t arg_app = SD_ID128_NULL;
    ^
when building on CentOS 7.

Other parts of the code initialize `static sd_id128_t` to {} and this
was the original setting before a19fdd66c2 anyways.
2019-11-20 10:59:25 +01:00
Lennart Poettering
b82e818f5c test: make sure our tests get exclusive TTY access
This sould make our test suite a bit more robust if it is slow running.
A few of our test services use StandardOutput=tty or StandardError=tty
in the tests in order to connect test services to the container console.
This gets into conflict with the container getty which wants exclusive
access to the console. Since the container getty is started with
Type=idle it typically gets started after a timeout only if the TTY is
already used, which hence introduces a race: if the test finishes
earlier all is good, if not, then the test gets kicked off the TTY which
then causes bash to abort since it cannot write any error messages
anymore.

Let's fix this hence: all tests that connect to the tty are now
synchronized to getty-pre.target, so they finish before any getty is
started.
2019-11-20 09:39:54 +01:00
Lennart Poettering
faf1bb8244
Merge pull request #14085 from poettering/ask-password-api
make sure asking for a pw works in a container too if keyctl() and friends are blocked
2019-11-20 00:54:28 +01:00
Lennart Poettering
fbcb630045 pam_systemd: prolong method call timeout when allocating session
Starting a session might involve starting the user@.service instance,
hence let's make the bus call timeout substantially longer.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=83828
2019-11-19 21:05:03 +01:00
Zbigniew Jędrzejewski-Szmek
cbfc32819a
Merge pull request #14078 from poettering/cryptsetup-fixlets
trivial cryptsetup fixlets (mostly: use more STR_IN_SET())
2019-11-19 20:46:53 +01:00
Zbigniew Jędrzejewski-Szmek
321c911fc2
Merge pull request #14079 from poettering/pam-systemd-fixlets
trivial pam_systemd fixlets
2019-11-19 20:45:15 +01:00
Yu Watanabe
08de195825 udev: do not propagate error in executing PROGRAM and IMPORT{program}
Also, this adds more logs.

Fixes #14027.
2019-11-19 20:20:46 +01:00
Lennart Poettering
09a6b4f34f ask-password: skip kernel keyring logic if we see EPERM
Let's improve compat with container managers that block the keyring
logic and return EPERM for them.
2019-11-19 19:12:09 +01:00
Lennart Poettering
e6376b6a41 errno: add new ERRNO_IS_NOT_SUPPORTED() helper 2019-11-19 19:12:09 +01:00
Lennart Poettering
83412d39de test-copy: test that xattrs are properly copied 2019-11-19 15:44:58 +01:00
Lennart Poettering
f9bbb4dcec copy: port over to flistxattr_malloc() and fgetxattr_malloc() 2019-11-19 15:44:58 +01:00
Lennart Poettering
7de2d2e17d xattr-util: add flistxattr_malloc() that returns a NULSTR 2019-11-19 15:44:58 +01:00
Lennart Poettering
6ac99d9d5f xattr-util: modernize getxattr_malloc() a bit
Let's use automatic cleanup/TAKE_PTR where appropriate
2019-11-19 15:44:58 +01:00
Lennart Poettering
25f9288e31 update TODO 2019-11-19 15:42:55 +01:00
Zbigniew Jędrzejewski-Szmek
c336dc29ff
Merge pull request #14080 from poettering/table-uid-pid
format-table: introduce TABLE_UID/TABLE_GID to match TABLE_PID and use it
2019-11-19 15:35:25 +01:00
Lennart Poettering
9120aa820b cryptsetup: use STR_IN_SET() where appropriate
Note that this slightly changes behaviour: "none" is only allowed as
option, if it's the only option specified, but not in combination with
other options. I think this makes more sense, since it's the choice when
no options shall be specified.
2019-11-19 15:34:09 +01:00
Lennart Poettering
9c5253ffec cryptsetup: minor coding style clean-ups 2019-11-19 15:34:09 +01:00
Lennart Poettering
dca81e2851 pam_systemd: add one more assert 2019-11-19 15:26:45 +01:00
Lennart Poettering
8d46418e93 pam_systemd: don't use PAM_SYSTEM_ERR for something that isn't precisely a system error
It's not really clear which PAM errors to use for which conditions, but
something called PAM_SYSTEM_ERR should probably not be used when the
error is not the result of some system call failure.
2019-11-19 15:26:45 +01:00
Lennart Poettering
1798f5afe3 pam-systemd: voidify pam_get_item() calls 2019-11-19 15:26:45 +01:00
Lennart Poettering
42e6680976 pam-systemd: remove duplicate error logging 2019-11-19 15:26:45 +01:00
Lennart Poettering
805f2df11f login: port tables over to use TABLE_UID/TABLE_PID 2019-11-19 12:11:06 +01:00
Lennart Poettering
b26c0b68a4 format-table: add UID/GID output support to format-table.h 2019-11-19 12:10:44 +01:00
Lennart Poettering
d9608d40bc pam-systemd: include PAM error code in all our log messages where that makes sense 2019-11-19 11:53:15 +01:00
Yu Watanabe
88b860034e NEWS: SendRawOption= -> SendOption= 2019-11-19 11:52:36 +01:00
Zbigniew Jędrzejewski-Szmek
b014a6161a
Merge pull request #14064 from yuwata/network-unify-send-option-and-send-raw-option
network: unify SendOption= and SendRawOption=
2019-11-18 22:21:37 +01:00
Zbigniew Jędrzejewski-Szmek
3049e6a233
Merge pull request #14030 from keszybz/path-no-trigger
Fix spurious triggering of PathExists=
2019-11-18 22:20:07 +01:00
Zbigniew Jędrzejewski-Szmek
fe67137895
Merge pull request #14007 from keszybz/tasks-max-dynamic
Calculate fractional TasksMax= before actual use
2019-11-18 22:18:33 +01:00
Zbigniew Jędrzejewski-Szmek
2536752dda Rename "system-options" to "systemd-efi-options"
This makes the naming more consistent: we now have
bootctl systemd-efi-options,
$SYSTEMD_EFI_OPTIONS
and the SystemdOptions EFI variable.

(SystemdEFIOptions would be redundant, because it is only used in the context
of efivars, and users don't interact with that name directly.)

bootctl is adjusted to use 2sp indentation, similarly to systemctl and other
programs.

Remove the prefix with the old name from 'bootctl systemd-efi-options' output,
since it's redundant and we don't want the old name anyway.
2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
cc560ac064 NEWS: fix antique typo 2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
b289de2b06 bootctl: update --help text 2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
93e63b2a35 core/path: minor simplification 2019-11-18 20:18:34 +01:00
Yu Watanabe
c9fdaed079 man: add entry about SpeedMeter=
Closes #14002.
2019-11-18 16:47:26 +01:00
Yu Watanabe
f0beb6f816 udev: silence warning about PROGRAM+= or IMPORT+= rules
Closes #14062.
2019-11-18 16:46:12 +01:00
Zbigniew Jędrzejewski-Szmek
a1db5bbc97 man: add entry for systemd-id128 --uuid 2019-11-18 16:44:10 +01:00
Zbigniew Jędrzejewski-Szmek
4d985a317a systemctl: whitespace optimization of --help
Move the explanation of options three columns to the right: then almost
all options fit and we do not need to break lines so often.

When a multi-line explanation precedes a section break, i.e. there is a
half-line on the right side, do not use an empty space. This saves a line,
and actually looks visually better because the text is still clearly
separated, but we don't get the big vertical white space.
2019-11-18 16:41:13 +01:00
Zbigniew Jędrzejewski-Szmek
26e1e97345 analyze: deprecate the commands moved to systemctl
This just removes the commands from --help and the man pages, everything works
as before.
2019-11-18 16:28:38 +01:00
Zbigniew Jędrzejewski-Szmek
6ab863190d systemctl: add service-watchdogs command
The rationale is the same as for log-level/log-target: this controls the behaviour
of the manager, and belongs in systemctl.
2019-11-18 16:28:38 +01:00
Zbigniew Jędrzejewski-Szmek
6962cf2e2a analyze: adjust the description of the default verb 2019-11-18 16:27:15 +01:00
Zbigniew Jędrzejewski-Szmek
38fcb7f766 systemctl: add log-level and log-target commands
This copies the commands log-level and log-target (to query and set the current
settings) from systemd-analyze to systemctl, essentially reverting
a65615ca5d. Controllling the log level settings
of the manager is basic functionality, that should be available even if
systemd-analyze (which is more of an analysis tool) is not installed. This is
like dmesg and journalctl, which should be available even if a debugger and
more advanced tools to analyze the kernel are not available. (Note that dmesg
is used to control the log level too, not just to browse the kernel logs.)

I chose to copy&paste the methods from analyze.c to the new location. There
isn't enough code to share, because acquire_bus() in both places has a
different signature despite the same name, so the only part that is common
is the invocation of sd_bus_set_property().
2019-11-18 16:26:17 +01:00
Yu Watanabe
dc11d2bf66 udevadm: ignore EROFS and return earlier
Fixes #14060.
2019-11-18 16:07:21 +01:00