shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00
Code
50,464 Commits 4 Branches 390 Tags 552 MiB
2fe2941646
Commit Graph

5 Commits

Author SHA1 Message Date
Franck Bui
b3e32582f6 Revert "units: skip modprobe@.service if the unit appears to be already loaded" 
This reverts commit 9cbf1e58f9.

The presence of /sys/module/%I directory can't be used to assert that the load
of a given module is complete and therefore the call to modprobe(8) can be
skipped. Indeed this directory is created before the init() function of the
module is called.

Users of modprobe@.service needs to be sure that once this service returns the
module is fully operational.
 2020-11-19 09:49:42 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
9cbf1e58f9 units: skip modprobe@.service if the unit appears to be already loaded 
Possible alternative to #14819.

For me, setting RemainAfterExit=yes would be OK, but if people think that it
might cause issues, then this could be a reasonable alternative that still
let's us skip the invocation of the separate binary.
 2020-03-05 18:43:50 +00:00
Lennart Poettering
d5016c21d7 units: tweaks to modprobe@.service 
Let's use uppercase wording in the description string, like we usually
do.

Let's allow using this service in early boot.

If it's pulled into the initial transaction it's better to finish
loading this before sysinit.target.

Don't bother with this in containers that lack CAP_SYS_MODULE
 2020-01-07 18:54:24 +01:00
Iain Lane
625077264b units: Split modprobing out into a separate service unit 
Devices referred to by `DeviceAllow=` sandboxing are resolved into their
corresponding major numbers when the unit is loaded by looking at
`/proc/devices`. If a reference is made to a device which is not yet
available, the `DeviceAllow` is ignored and the unit's processes cannot
access that device.

In both logind and nspawn, we have `DeviceAllow=` lines, and `modprobe`
in `ExecStartPre=` to load some kernel modules. Those kernel modules
cause device nodes to become available when they are loaded: the device
nodes may not exist when the unit itself is loaded. This means that the
unit's processes will not be able to access the device since the
`DeviceAllow=` will have been resolved earlier and denied it.

One way to fix this would be to re-evaluate the available devices and
re-apply the policy to the cgroup, but this cannot work atomically on
cgroupsv1. So we fall back to a second approach: instead of running
`modprobe` via `ExecStartPre`, we move this out to a separate unit and
order it before the units which want the module.

Closes #14322.
Fixes: #13943.
 2020-01-07 18:37:30 +01:00