1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-26 14:04:03 +03:00

61158 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
25d3a2816b meson: regenerate meson rules
Forgotten in 85bc6b05491fb4c9f40f8a0e8615ac5321efbea0.
2022-11-25 18:33:53 +01:00
Zbigniew Jędrzejewski-Szmek
10783aef2e meson: resort imports 2022-11-25 18:33:52 +01:00
Lennart Poettering
4cb8a25b04 update TODO 2022-11-25 17:34:32 +01:00
Daan De Meyer
cf9c27b18b mkfs-util: Drop batch (b) and n flags from mcopy
The batch flag is bugged on older versions of mcopy causing failures
such as:

```
Internal error, size too big
Streamcache allocation problem:: 5
```

It's also a little unclear what the batch flag actually does, so since
everything still works without it, it doesn't hurt to remove it.

The n flag only applies when copying from fat to unix which we don't do
so it doesn't make sense in this scenario.
2022-11-25 13:46:07 +01:00
Daan De Meyer
9044e5b3bf
Merge pull request #25482 from DaanDeMeyer/repart-skip-partitions
repart: Add --skip-partitions=
2022-11-25 13:31:09 +01:00
Daan De Meyer
7d505753f1 repart: Add --skip-partitions=
--include-partitions and --exclude-partitions now fully exclude
partitions from repart. Whenever a partition type is excluded, we
don't take any partitions of that type into account at all when
running systemd-repart.

--skip-partitions= is introduced to do what --exclude-partitions did
previously. Any skipped partitions are taken into acount when doing
size calculations, but are not yet populated.

Why do we need both concepts? Exclusion is needed so that we can
use shared repart definitions to generate bootable and non-bootable
images. When generating a non-bootable image, we use --exclude-partitions
to exclude the ESP partition. Skipping is needed so that we can
populate the root partition while skipping the ESP partition, get
the roothash of the root partition, use that to generate a UKI, and
finally populate the ESP partition with the UKI included.
2022-11-25 12:07:38 +01:00
Lennart Poettering
fb896517ae resolved: remove inappropriate assert()
A NULL Bitmap object is by all our code considered identical to an empty
bitmap. Hence let's remove the entirely unnecessary assert().

The assert() can be triggered if debug monitoring is used an an empty
NSEC or NSEC3 RR is included in an answer resolved returns.

it's not really a security issue since enabling debug monitoring is a
manual step requiring root privileges, that is off by default. Moreover,
it's a "clean" assert(), i.e. the worst that happens is tha a coredump
is generated and resolved restarted.

Fixes: #25449
2022-11-25 07:49:04 +09:00
Luca Boccassi
9af93d7cab
Merge pull request #25473 from yuwata/mount-tool-cleanups
mount-tool: several cleanups
2022-11-24 20:40:37 +01:00
Luca Boccassi
0f6d54ca47 units: fix typo in Condition in systemd-boot-system-token
/lib/systemd/system/systemd-boot-system-token.service:20: Unknown key name 'ConditionPathExists|' in section 'Unit', ignoring

Follow-up for 0a1d8ac77a21ae0741bdf4af08f3a71354805ff1
2022-11-24 19:17:50 +01:00
Daan De Meyer
03288a3f28
Merge pull request #25500 from DaanDeMeyer/mcopy-skip-symlinks
mkfs-util: Skip symlinks when calling mcopy
2022-11-24 16:28:01 +01:00
Daan De Meyer
c75cf0164c mkfs-util: Skip non files/directories when calling mcopy
Only files and directories are supported by vfat. When we pass a
symlink to mcopy, it will try to dereference them and copy what the
symlink points at into the vfat partition instead. Let's avoid this
by skipping all unsupported file types when establishing the list of
top level targets that mcopy should copy.

We also use RECURSE_DIR_SORT everywhere when iterating directories
to make things more reproducible.
2022-11-24 14:02:22 +01:00
Daan De Meyer
a0a4c57818 recurse-dir: Handle RECURSE_DIR_ENSURE_TYPE in readdir_all() 2022-11-24 14:02:19 +01:00
Daan De Meyer
06da125ea1 dirent-util: Expose dirent_ensure_type() 2022-11-24 13:18:00 +01:00
Daan De Meyer
fe5779cf3f mkfs-util: Check if mcopy is installed 2022-11-24 12:19:53 +01:00
Luca Boccassi
9f5bf99f1b
Merge pull request #25509 from enr0n/oomd-unpriv-container-fix
Fix `oomd_fetch_cgroup_oom_preference()` for unprivileged LXD containers
2022-11-24 11:21:16 +01:00
Christian Brauner
2e776ed6c8 shared: use move_pivot_root() for services
Currently, services use mount_move_root() in order to setup the root
directory of services using a mount namespace. This relies on MS_MOVE
and chroot(). However, this has serious drawbacks even for relatively
simple mount propagation scenarios.

What systemd currently does is roughly equivalent to the following shell
code:

  unshare --mount --propagation=shared
  cd /
  mount --make-rslave /
  mkdir /new-root
  mount --rbind / /new-root
  cd /new-root
  mount --move /new-root /
  chroot .

This looks simple enough but has the consequence that two separate mount
trees exist for the lifetime of the service. The first one was created
when the mount namespace was created, and the second one when a new
mount for the rootfs was created. The first mount tree sticks around as
a shadow mount tree. Both mount trees are dependent mounts with the host
rootfs as their dominating mount.

Now, when mount propagation is triggered by the host by e.g.,

   mount --bind /opt /mnt

it means that two propagation events are generated. I'm skipping over
the exact kernel details as they aren't that important. The gist is that
for every propagation event that is generated a second one is generated
for the shadow mount tree. In other words, the kernel creates two copies
for each mount that is propagated instead of one.

This isn't necessary. We can simply change the sequence above to:

  unshare --mount --propagation=shared
  cd /
  mount --make-rslave /
  mkdir /new-root
  # stash fd to old rootfs
  # stash fd to new rootfs
  mount --rbind / /new-root
  mkdir /new-root
  cd /new-root
  pivot_root . .
  # new root is tucked under old root
  # chdir into old rootfs via stashed fd
  umount -l /old-root

The pivot_root allows us to get rid of the old mount tree that was
created when the mount namespace was created. So after this sequence
only one mount tree is alive. Plus, it's safer and nicer. Moving mounts
isn't pleasnt.

This patch doesn't convert nspawn yet as the requirements are more
tricky given that it wants to preserve the rootfs as a shared mount
which goes against pivot_root() requirements.

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-11-24 10:58:26 +01:00
Yu Watanabe
1480c23199 mount: use device enumerator to find matching loopback block device
No functional change, just refactoring.
2022-11-24 14:17:35 +09:00
Yu Watanabe
961d08cadb mount: split umount_by_device() into two
No functional change, just refactoring and preparation for later
commits.
2022-11-24 14:17:35 +09:00
Yu Watanabe
95a45a87d6 mount: make acquire_mount_where_for_loop_dev() take sd-device object
No functional change, just refactoring.
2022-11-24 14:17:22 +09:00
Yu Watanabe
00a60eaf5f
Merge pull request #25483 from poettering/ppoll-usec-eintr
ppoll() + EINTR fixes
2022-11-24 09:42:48 +09:00
Michal Sekletar
88e4bfa62b core: add possibility to not track certain unit types 2022-11-24 09:28:22 +09:00
Luca Boccassi
80d95fcd6e portable: add a few more useful debug log messages
When attaching and /etc/systemd/system.attached can't be created or used
(eg: dead symlink) the logs are pretty much useless as even at debug
level there's no indication of what is going wrong.
Add some debug logs, and return a more specific error string over D-Bus.
2022-11-23 23:02:07 +01:00
Nick Rosbrook
f05bcc1894 oomd: fix unreachable test case in test-oomd-util
This conditional with !empty_or_root(ctx->path) always returns false
because the most recent oomd_cgroup_context_acquire() call was with the
root cgroup. Make sure this test case can be reached by checking cgroup
instead of ctx->path.

While here, use an unused uid (61183) instead of the nobody uid so the
test case does not fail in unprivileged LXD containers.
2022-11-23 15:45:54 -05:00
Nick Rosbrook
8918609348 oomd: always allow root-owned cgroups to set ManagedOOMPreference
Commit 652a4efb66a ("oomd: loosen the restriction on ManagedOOMPreference")
made the change to allow ManagedOOMPreference on a cgroup candidate when
the monitored cgroup and cgroup candidate are owned by the same user.

The commit assumed that this check was sufficient to continue allowing
ManagedOOMPreference on all cgroups owned by root. However, it caused a
regression for unprivileged LXD containers where e.g. /sys/fs/cgroup is
owned by nobody (uid=65534).

Fix this by explicitly allowing the ManagedOOMPreference if uid == 0 in
oomd_fetch_cgroup_oom_preference().
2022-11-23 15:43:51 -05:00
Daan De Meyer
3f9b0e1343 Revert "find-esp: Relax filesystem root directory check"
This reverts commit d91a5f6481d35e28148fe46bc490bb4f34656947.

This is the wrong approach as we don't detect the UUID and devid
of valid ESP/XBOOTLDR partitions.
2022-11-23 21:22:07 +01:00
Bernd Steinhauser
f5ae7f4c77 hwdb: remove fuzz and deadzone for Simucube wheel bases.
For these devices the axes are setup via a special
configuration tool. udev should not apply additional
fuzz or deadzone.

Reference for the product IDs:
https://granitedevices.com/wiki/Simucube_product_USB_interface_documentation
This also indicates that there are a total of 8 axes.
2022-11-23 21:18:55 +01:00
Lennart Poettering
2ed2c52ace
Merge pull request #25486 from keszybz/kernel-install-header
Add "File created by …" header to BLS entries
2022-11-23 17:36:44 +01:00
Zbigniew Jędrzejewski-Szmek
ca4249847b TODO: add item about mnt_fstype_is_netfs() 2022-11-23 12:43:28 +01:00
Daan De Meyer
220780db86 repart: Make parse_filter_partitions() more generic 2022-11-23 12:41:23 +01:00
Daan De Meyer
d989dd7631 repart: Rename arg_filter_partitions_size to arg_n_filter_partitions 2022-11-23 12:41:23 +01:00
Zbigniew Jędrzejewski-Szmek
0be160136e kernel-install: add header to generate entry files
I was looking at a bug in bugzilla about some boot loader issue, and it was
hard to say if the boot entry files were generated by our plugin or something
else. Add a header to make this clear.

kernel-install invokes the plugins via absolute path always, so $0 gives as
the full path the location where the plugin is installed. This is what we want:

  title      Fedora Linux 37 (Workstation Edition)
  # Boot Loader Specification type#1 entry
  # File created by /usr/lib/kernel/install.d/90-loaderentry.install (systemd 252-409-g5028904^)
2022-11-23 10:14:25 +01:00
Daan De Meyer
d91a5f6481 find-esp: Relax filesystem root directory check
When relaxed checks are requested, let's not require the efi/xbootldr
directory to be the root of the filesystem. When building images, image
builders might install all efi/xbootldr files to a regular directory
first before packing them up into a partition. To allow bootctl to be
used in such scenarios to install systemd-boot, we need to relax the
fsroot check.
2022-11-23 09:20:10 +01:00
Luca Boccassi
0dce448bbc repart: respect --discard=no also for block devices
It's only used to avoid BLKDISCARD on individual partitions at the moment.
It can take a lot of time to run on very slow devices, so avoid it for
them too.
2022-11-23 01:33:26 +01:00
Jason A. Donenfeld
da403fd38a Update changelog with latest sd-boot, sd-stub, and bootctl changes 2022-11-23 01:33:05 +01:00
Jason A. Donenfeld
0a1d8ac77a stub: handle random seed like sd-boot does
sd-stub has an opportunity to handle the seed the same way sd-boot does,
which would have benefits for UKIs when sd-boot is not in use. This
commit wires that up.

It refactors the XBOOTLDR partition discovery to also find the ESP
partition, so that it access the random seed there.
2022-11-23 00:56:45 +01:00
Lennart Poettering
0c14c45e5c sd-event: reenable epoll_pwait2()
This reenables epoll_pwait2() use, i.e. undoes the effect of
39f756d3ae4765b8bf017567a12b8a4b358eaaf5.

Instead of just reverting that, this PR will change things so that we
strictly rely on glibc's new epoll_pwait2() wrapper (which was added
earlier this year), and drop our own manual fallback syscall wrapper.
That should nicely side-step any issues with correct syscall wrapping
definitions (which on some arch seem not to be easy, given the sigset_t
size final argument), by making this a glibc problem, not ours.

Given that the only benefit this delivers are time-outs more granular
than msec, it shouldn't really matter that we'll miss out on support
for this on systems with older glibcs.
2022-11-23 00:54:23 +01:00
Daan De Meyer
c9bb7438db
Merge pull request #25485 from DaanDeMeyer/gpt-fix
gpt: Specify designator array sizes explicitly
2022-11-22 22:29:50 +01:00
Zbigniew Jędrzejewski-Szmek
04fea8407c kernel-install: make 90-loadentry.install templated
It's a bit annoying that this causes so much churn, but I don't see a different
way to do this.
2022-11-22 16:12:09 +01:00
Daan De Meyer
df655bf34c gpt: Drop PARTITION_LINUX_GENERIC and PARTITION_USER_HOME
These don't have an inherent purpose, and aren't used throughout
the codebase, so let's simplify things and remove these.

See https://github.com/systemd/systemd/pull/24803#discussion_r1028190421
for more information.
2022-11-22 15:59:50 +01:00
Daan De Meyer
3cde36ffa3 gpt: Specify designator array sizes explicitly
Avoid users accidentally accessing uninitialized memory by always
making sure the array size covers all possible enum values.
2022-11-22 15:53:02 +01:00
Lennart Poettering
ffbcc8d423 io-util: document EINTR situation a bit 2022-11-22 15:23:34 +01:00
Luca Boccassi
d4b3ae65f3
Merge pull request #25477 from yuwata/network-wifi-reconfigure-on-connect
network: wifi: try to reconfigure when connected
2022-11-22 13:37:15 +01:00
Zbigniew Jędrzejewski-Szmek
70b9ea26b6 man/journalctl: mention systemd-cat, make the description more direct
We said "query the journal". This is true but also very generic. Let's say
"print log entries from the journal" instead, so that users who are looking for
"logging" are more likely to figure out that the journalctl is the tool for
them.

Also, mention systemd-journal-remote.service which can write the journal too.
And give some hints how to figure out how to write *to* the journal.
2022-11-22 13:31:04 +01:00
Lennart Poettering
22ecfa8312 utmp-wtmp: handle EINTR gracefully when waiting to write to tty 2022-11-22 13:11:04 +01:00
Lennart Poettering
80b780ba17 utmp-wtmp: fix error in case isatty() fails 2022-11-22 13:10:29 +01:00
Lennart Poettering
f3d9278f38 homed: handle EINTR gracefully when waiting for device node 2022-11-22 13:09:53 +01:00
Lennart Poettering
6d66a22168 resolved: handle -EINTR returned from fd_wait_for_event() better
We might get signals for various reasons (for example, somebody asking
us to reload caches via a signal), hence let's handle this gracefully.
2022-11-22 13:09:17 +01:00
Lennart Poettering
6985878533 sd-netlink: handle EINTR from poll() gracefully, as success 2022-11-22 13:08:41 +01:00
Lennart Poettering
6976bf5cd6 varlink: also handle EINTR gracefully when waiting for EIO via ppoll() 2022-11-22 13:08:05 +01:00
Lennart Poettering
7c75f34131 stdio-bridge: don't be bothered with EINTR
We handle signals via signal handlers, hence no need to be concerned
about EINTR.
2022-11-22 13:07:27 +01:00