1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

45425 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
e2ea005681 core: do not touch instance from unit_choose_id()
unit_choose_id() is about marking one of the aliases of the unit as the main
name. With the preparatory work in previous patches, all aliases of the unit
must have the same instance, so the operation to update the instance is a noop.
2020-06-10 09:45:58 +02:00
Zbigniew Jędrzejewski-Szmek
934ef6a522 core: create socket service instances with the correct name from the start
Upon an incoming connection for an accepting socket, we'd create a unit like
foo@0.service, then figure out that the instance name should be e.g. "0-41-0",
and then add the name foo@0-41-0.service to the unit. This obviously violates
the rule that any service needs to have a constance instance part.

So let's reverse the order: we first determine the instance name and then
create the unit with the correct name from the start.

There are two cases where we don't know the instance name:
- analyze-verify: we just do a quick check that the instance unit can be
  created. So let's use a bogus instance string.
- selinux: the code wants to load the service unit to extract the ExecStart path
  and query it for the selinux label. Do the same as above.

Note that in both cases it is possible that the real unit that is loaded could
be different than the one with the bogus instance value, for example if there
is a dropin for a specific instance name. We can't do much about this, since we
can't figure out the instance name in advance. The old code had the same
shortcoming.
2020-06-10 09:45:55 +02:00
Zbigniew Jędrzejewski-Szmek
ada4b34ec7 core: rework error messages in unit_add_name()
They were added recently in acd1987a18. We can
make them more informative by using unit_type_to_string() and not repeating
unit names as much. Also, %m should not be used together with SYNTHETIC_ERRNO().
2020-06-10 09:42:20 +02:00
Zbigniew Jędrzejewski-Szmek
d383acad25 core: when adding names to unit, require matching instance strings
We would check that the instance is present in both units (or missing in both).
But when it is defined, it should be the same in both. The comment in the code
was explicitly saying that differing instance strings are allowed, but this
mostly seems to be a left-over from old times. The man page is pretty clear:

> the instance (if any) is always uniquely defined for a given unit and all its
> aliases.
2020-06-10 09:42:20 +02:00
Zbigniew Jędrzejewski-Szmek
4562c35527 core: store unit aliases in a separate set
We allocated the names set for each unit, but in the majority of cases, we'd
put only one name in the set:

$ systemctl show --value -p Names '*'|grep .|grep -v ' '|wc -l
564
$ systemctl show --value -p Names '*'|grep .|grep ' '|wc -l
16

So let's add a separate .id field, and only store aliases in the set, and only
create the set if there's at least one alias. This requires a bit of gymnastics
in the code, but I think this optimization is worth the trouble, because we
save one object for many loaded units.

In particular set_complete_move() wasn't very useful because the target
unit would always have at least one name defined, i.e. the optimization to
move the whole set over would never fire.
2020-06-10 09:36:58 +02:00
Zbigniew Jędrzejewski-Szmek
02939ee001
Merge pull request #16087 from mrc0mmand/travis-build-check
travis: check build with various compiler options
2020-06-10 09:06:14 +02:00
Lennart Poettering
dad28bffd6 tree-wide: check POLLNVAL everywhere
poll() sets POLLNVAL inside of the poll structures if an invalid fd is
passed. So far we generally didn't check for that, thus not taking
notice of the error. Given that this specific kind of error is generally
indication of a programming error, and given that our code is embedded
into our projects via NSS or because people link against our library,
let's explicitly check for this and convert it to EBADF.

(I ran into a busy loop because of this missing check when some of my
test code accidentally closed an fd it shouldn't close, so this is a
real thing)
2020-06-10 08:57:31 +02:00
Frantisek Sumsal
dfa64b64a7 tree-wide: mark assert()-only variables as unused
to make a compilation with -Db_ndebug=true and --werror pass once again.
2020-06-09 21:31:10 +02:00
Frantisek Sumsal
b36746c90e travis: check build with various compiler options
In the past we occasionally stumbled upon a build issue which could be
reproduced only with specific optimization level or other compilation
option. Let's try to build the current revision with several most common
compiler options causing such issues to catch them early.
2020-06-09 21:27:07 +02:00
Daan De Meyer
45204921be
Merge pull request #16104 from ssahani/dhcpv6-iaid
networkctl: Display DHCPv6 IAID
2020-06-09 21:18:28 +02:00
YmrDtnJu
2ffadd3cee AppArmor: Support for loading a set of pre-compiled profiles at startup time
Let systemd load a set of pre-compiled AppArmor profile files from a policy
cache at /etc/apparmor/earlypolicy. Maintenance of that policy cache must be
done outside of systemd.

After successfully loading the profiles systemd will attempt to change to a
profile named systemd.

If systemd is already confined in a profile, it will not load any profile files
and will not attempt to change it's profile.

If anything goes wrong, systemd will only log failures. It will not fail to
start.
2020-06-09 20:27:47 +02:00
Lennart Poettering
d689f0f20a
Merge pull request #16058 from Werkov/fix-memory-protection-default
Fix memory protection default setting
2020-06-09 20:02:53 +02:00
Lennart Poettering
4f4f37b20d
Merge pull request #16046 from bluca/dissect_squashfs_verity
dissect: single-filesystem verity images with external hashdevice
2020-06-09 19:52:21 +02:00
Yigal Korman
2233c2703c man: udevadm: mention non-zero exit code on settle
'udevadm settle --timeout=XY' will return 1 in case the timeout was
reached and the event queue was not empty.
The manpage should mention it.
2020-06-09 17:31:49 +02:00
Yu Watanabe
60b316b1e9 test-network: wait 2min for the bridge being in configured state
On some CIs, it may takes more than 40 seconds.

Hopefully fixes #16105.
2020-06-09 17:19:22 +02:00
Chris Down
69876f94ab doc: Try to clarify automount dependency confusion
Arch recently upgraded systemd to 245.6. Shortly afterwards, users began
reporting[0] that systemd detected an ordering cycle, and they were
unable to log in. The reason they were unable to log in was because of
ordering cycle resolution:

    [...]
    systemd[1]: sysinit.target: Job systemd-tmpfiles-setup.service/start deleted to break ordering cycle starting with sysinit.target/start
    systemd[1]: sysinit.target: Job systemd-update-done.service/start deleted to break ordering cycle starting with sysinit.target/start
    systemd[1]: sysinit.target: Job systemd-journal-catalog-update.service/start deleted to break ordering cycle starting with sysinit.target/start
    systemd[1]: sysinit.target: Job local-fs.target/start deleted to break ordering cycle starting with sysinit.target/start
    systemd[1]: sysinit.target: Job systemd-tmpfiles-setup.service/start deleted to break ordering cycle starting with sysinit.target/start
    [...]

Whether the resolution did the right thing here or not is a longer-term
discussion, but in the interim we should at least make this distinction
between automount dependencies and mount dependencies clearer in the
documentation, so that users and distribution maintainers know what's
acceptable. In this case Arch actually backed out b3d7aef5 entirely and
released a new version due to the confusion.

Also see https://github.com/systemd/systemd-stable/issues/69.

0: https://bugs.archlinux.org/task/66908
2020-06-09 17:13:59 +02:00
Michał Bartoszkiewicz
fa0e23c900 docs: use bool in varlink interface definition
Boolean type in varlink is named bool, not boolean.
2020-06-09 17:11:38 +02:00
Lennart Poettering
48b747fa03 inaccessible: move inaccessible file nodes to /systemd/ subdir in runtime dir always
Let's make sure $XDG_RUNTIME_DIR for the user instance and /run for the
system instance is always organized the same way: the "inaccessible"
device nodes should be placed in a subdir of either called "systemd" and
a subdir of that called "inaccessible".

This way we can emphasize the common behaviour, and only differ where
really necessary.

Follow-up for #13823
2020-06-09 16:23:56 +02:00
Lennart Poettering
b8c9074534 login: use ERRNO_IS_PRIVILEGE() where appropriate 2020-06-09 16:13:51 +02:00
Lennart Poettering
d582afe144 mkdir: use log_full_errno() where appropriate 2020-06-09 16:13:16 +02:00
Lennart Poettering
6b2229c6c6 udev: set fewer process properties
On systemd systems we generally don't need to chdir() to root, we don't
need to setup /dev/ ourselves (as PID 1 does that during earliest boot),
and we don't need to set the OOM adjustment values, as that's done via
unit files.

Hence, drop this. if people want to use udev from other init systems
they should do this on their own, I am very sure it's a good thing to do
it from outside of udevd, so that fewer privileges are required by udevd. In
particular the dev_setup() stuff is something that people who build
their own non-systemd distros want to set up themselves anyway, in
particular as they already have to mount devtmpfs themselves anyway.

Note that this only drops stuff that isn't really necessary for testing
stuff, i.e. process properties and settings that don't matter if you
quickly want to invoke udev from a terminal session to test something.
2020-06-09 15:40:20 +02:00
Lennart Poettering
fe56acd8e0 udevd: use cpus_in_affinity_mask()
Let's make use of our own helpers. This has the benefit that we can deal
with arbitrarily sized affinity masks.
2020-06-09 15:39:53 +02:00
Lennart Poettering
57b611a5bf
Merge pull request #16074 from msekletar/freezer-test-flakes
Freezer test flakes
2020-06-09 14:38:40 +02:00
Lennart Poettering
6930d069a3 cryptsetup: pass selected mode to crypt_load() when doing LUKS
This doesn't fix anything IRL, but is a bit cleaner, since it makes sure
that arg_type is properly passed to crypt_load() in all cases.

We actually never set arg_type to CRYPT_LUKS2, which is why this wasn't
noticed before, but theoretically this might change one day, and
existing comments suggest it as possible value for arg_type, hence let's
process it properly.
2020-06-09 14:24:21 +02:00
Lennart Poettering
5af39ac850 cryptsetup: try to load bitlocker superblock only if requested
let's do automatic discovery only for our native LUKS/LUKS2 headers,
since they are Linux stuff, and let's require that BitLocker to be
requested explicitly.

This makes sure cryptsetup without either "luks" nor "bitlk" in the
option string will work. Right now it would fail because we'd load the
superblock once with luks and once with bitlk and one of them would
necessarily fail.

Follow-up for #15979
2020-06-09 14:24:15 +02:00
Yegor Vialov
8b8ae7959d
hwbd entry for Dell Inspiron Chromebook 14 2-in-1 sensor (#16109) 2020-06-09 13:31:58 +02:00
Adam Nielsen
f01994380e login: allow individual USB ports to be assigned to seats
Assigning seats to specific USB ports lets the devices plugged into them
inherit the port's seat assignment.
2020-06-09 13:30:59 +02:00
Luca Boccassi
e7cbe5cb9e dissect: support single-filesystem verity images with external verity hash
dm-verity support in dissect-image at the moment is restricted to GPT
volumes.
If the image a single-filesystem type without a partition table (eg: squashfs)
and a roothash/verity file are passed, set the verity flag and mark as
read-only.
2020-06-09 12:19:21 +01:00
Susant Sahani
331ee15f18 networkctl: DHCPv6 - display IAID 2020-06-09 19:58:36 +09:00
Susant Sahani
01dd138031 sd-network: Introduce API to get DHCPv6 IAID 2020-06-09 19:58:36 +09:00
Susant Sahani
18d8a2cf30 network: DHCPv6 - export IAID to state file 2020-06-09 19:58:31 +09:00
Susant Sahani
d69d4038ec dhcp6: Provide method to access IAID 2020-06-09 19:57:38 +09:00
Lennart Poettering
ed66590d15
Merge pull request #16080 from YmrDtnJu/9p
9p is a network filesystem
2020-06-09 10:51:20 +02:00
Jan Klötzke
bf76080180 core: let user define start-/stop-timeout behaviour
The usual behaviour when a timeout expires is to terminate/kill the
service. This is what user usually want in production systems. To debug
services that fail to start/stop (especially sporadic failures) it
might be necessary to trigger the watchdog machinery and write core
dumps, though. Likewise, it is usually just a waste of time to
gracefully stop a stuck service. Instead it might save time to go
directly into kill mode.

This commit adds two new options to services: TimeoutStartFailureMode=
and TimeoutStopFailureMode=. Both take the same values and tweak the
behavior of systemd when a start/stop timeout expires:

 * 'terminate': is the default behaviour as it has always been,
 * 'abort': triggers the watchdog machinery and will send SIGABRT
   (unless WatchdogSignal was changed) and
 * 'kill' will directly send SIGKILL.

To handle the stop failure mode in stop-post state too a new
final-watchdog state needs to be introduced.
2020-06-09 10:04:57 +02:00
Lennart Poettering
8b5616fa91
Merge pull request #16073 from keszybz/shell-completion
Bash completion for homectl and help improvement for kernel-install
2020-06-09 09:33:41 +02:00
Lennart Poettering
d3d0b763b4
Merge pull request #15953 from keszybz/gdb-script
Update gdb script to match current sources and other hashmap improvements
2020-06-09 09:31:49 +02:00
Franck Bui
44a419540e pid1: rework handling of m->show_status
The fact that m->show_status was serialized/deserialized made impossible any
further customisation of this setting via system.conf. IOW the value was
basically always locked unless it was changed via signals.

This patch reworks the handling of m->show_status but also makes sure that if a
new value was changed via the signal API then this value is kept and preserved
accross PID1 reexecuting or reloading.

Note: this effectively means that once the value is set via the signal
interface, it can be changed again only through the signal API.
2020-06-09 09:16:54 +02:00
Franck Bui
0d6d3cf055 pid1: rename manager_get_show_status() to manager_should_show_status()
The name 'manager_get_show_status()' suggests that the function simply reads
the property 'show_status' of the manager and hence returns a 'StatusType'
value.

However it was doing more than that since it contained the logic (based on
'show_status' but also on the state of the manager) to figure out if status
message could be emitted to the console.

Hence this patch renames the function to 'manager_should_show_status()'. The
previous name will be reused in a later patch to effectively return the value
of 'show_status' property.

No functional change.
2020-06-09 09:16:54 +02:00
Franck Bui
b309078ab9 pid1: make more use of show_status_on()
No functional change.
2020-06-09 09:16:54 +02:00
Lennart Poettering
5a36324962
Merge pull request #16047 from poettering/udev-ro-block
udev: optionally mark all block devices popping up read-only by default
2020-06-09 09:09:32 +02:00
Lennart Poettering
707dc7949c update TODO 2020-06-09 08:54:48 +02:00
Yu Watanabe
a4d1bef73f
Merge pull request #16085 from ssahani/network-client-id
networkctl: add support to display DHCPv4 client ID
2020-06-09 15:30:23 +09:00
Maxim Fomin
6cc27c29ad Add 'bitlk' option to mount Bitlocker drives with cryptsetup. 2020-06-09 08:12:55 +02:00
YmrDtnJu
c15ab81ed9
mount-tool: Replace fstype_is_{network,api_vfs} with fstype_is_blockdev_backed
Not every filesystem that is not a network filesystem and also not an API VFS
filesystem has a corresponding block device.
2020-06-08 19:36:42 +02:00
YmrDtnJu
ac2474e4ff
basic: New function fstype_is_blockdev_backed for fstypes that need a blockdev
The function returns true if the specified filesystem requires a block device.
2020-06-08 19:36:42 +02:00
Niccolò Maggioni
b11e98037c hwdb: add HP Spectre x360's mic mute switch
Tested on HP Spectre x360 Convertible 13-aw0xxx
2020-06-08 18:15:20 +02:00
Lennart Poettering
b1481b2092
Merge pull request #16092 from yuwata/network-accept-local-16090
network: introduce IPv4AcceptLocal= setting
2020-06-08 18:15:03 +02:00
Lennart Poettering
a34a2933e9 man: single-char parameters take no '='
The suggested syntax is simply not valid and results in an error.
2020-06-08 16:53:37 +02:00
Lennart Poettering
048b4dc2e1 units: tweak udev unit descriptions 2020-06-08 16:53:37 +02:00
Lennart Poettering
95ac523030 udev: optionally mark all block devices read-only as they pop up 2020-06-08 16:53:37 +02:00