1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-29 21:55:36 +03:00
Commit Graph

58964 Commits

Author SHA1 Message Date
Lennart Poettering
d8e4960bf1 import: fix format strings 2022-07-15 15:24:29 +02:00
Lennart Poettering
9fbb7df7bc
Merge pull request #24011 from poettering/condition-cred
pid1: add new condition type "ConditionCredential=" for checking for credentials passed into the system
2022-07-15 15:03:49 +02:00
Lennart Poettering
50492ce815 cgroups-agent: connect stdin/stdout/stderr to /dev/null
Inspired by https://github.com/systemd/systemd/pull/24024 this is
another user mode helper, where this might be an issue. hence let's
rather be safe than sorry, and also connect stdin/stdout/stderr
explicitly with /dev/null.
2022-07-15 14:51:41 +02:00
Lennart Poettering
81b739d258
Merge pull request #24010 from poettering/tmpfiles-base64-data
tmpfiles: optionally allow configuring file contents for f/w lines to be encoded in base64
2022-07-15 14:50:56 +02:00
Zbigniew Jędrzejewski-Szmek
17021368fc generators: accept one or three args, do not write to /tmp
Since the general generator logic was established in the rewrite in
07719a21b6, generators would always write to /tmp
by default. I think this not a good default at all, because generators write a
bunch of files and would create a mess in /tmp. And for debugging, one
generally needs to remove all the files in the output directory, because
generators will complain in the output paths are already present. Thus the
approach of disabling console logging and writing many files to /tmp when
invoked with no arguments is not nice, so let's disallow operation with no
args.

But when debugging, one generally does not care about the separate output dirs
(most generators use only one). Thus the general pattern I use is something
like:
  rm -rf /tmp/x && mkdir /tmp/x && build/some-generator /tmp/{x,x,x}
This commit allows only one directory to be specified and simplifies this to:
  rm -rf /tmp/x && mkdir /tmp/x && build/some-generator /tmp/x
2022-07-15 13:10:39 +02:00
Zbigniew Jędrzejewski-Szmek
b711a9ee18 bless-boot-generator: use DEFINE_MAIN_GENERATOR_FUNCTION()
DEFINE_MAIN_GENERATOR_FUNCTION() always sets dest*, so there should be no
change in behaviour.
2022-07-15 13:10:34 +02:00
Zbigniew Jędrzejewski-Szmek
b8110a3eb8 hibernate-resume-generator: use DEFINE_MAIN_GENERATOR_FUNCTION()
DEFINE_MAIN_GENERATOR_FUNCTION() always sets dest*, so there should be no
change in behaviour.
2022-07-15 13:09:38 +02:00
Lennart Poettering
3a632fc1eb tmpfiles: minor shortening of code 2022-07-15 11:55:45 +02:00
Lennart Poettering
708daf42d8 tmpfiles: optionally, decode string to write to files with base64
This is useful to use "f" or "w" to write arbitrary binary files to
disk, or files with newlines and similar (for example to provision SSH
host keys and similar).
2022-07-15 11:55:03 +02:00
Lennart Poettering
b89cfe8a60 update TODO 2022-07-15 11:46:20 +02:00
Daan De Meyer
1f9d2a8199 coredump: Connect stdout/stderr to /dev/null before doing anything
When invoked as the coredump handler by the kernel, systemd-coredump's
stdout and stderr streams are closed. This is dangerous as this means
the fd's can get reallocated, leading to hard to debug errors such as
log messages ending up being appended to a compressed coredump file.

To avoid such issues in the future, let's bind stdout/stderr to
/dev/null so the file descriptors can't get used for anything else.
2022-07-15 11:06:18 +02:00
Lennart Poettering
462511c8c6 man: fix copy/paste typo 2022-07-15 10:53:45 +02:00
Lennart Poettering
351f7d5143 fuzz: add ConditionCredential= to fuzz files, and sort their sections 2022-07-15 10:53:45 +02:00
Lennart Poettering
2c7b8f3dd5 update TODO 2022-07-15 10:53:45 +02:00
Lennart Poettering
4f80cfca5e pid1: add mechanism for conditionalizing units/network/netdev/link based on credentials passed in
This is useful when provisioning systems via nspawn/qemu and running
specific services only if specific data is passed into the system.
2022-07-15 10:53:45 +02:00
Lennart Poettering
5eab88a569
Merge pull request #24005 from poettering/smbios-creds
pid1: import credentials also from SMBIOS data
2022-07-15 08:50:28 +02:00
Lennart Poettering
2a8e474d95 update TODO 2022-07-15 08:31:34 +09:00
Lennart Poettering
8de7de462b pid1: import creds from SMBIOS too, not just qemu's fw_cfg
This imports credentials also via SMBIOS' "OEM vendor string" section,
similar to the existing import logic from fw_cfg.

Functionality-wise this is very similar to the existing fw_cfg logic,
both of which are easily settable on the qemu command line.

Pros and cons of each:

SMBIOS OEM vendor strings:
   - pro: fast, because memory mapped
   - pro: somewhat VMM independent, at least in theory
   - pro: qemu upstream sees this as the future
   - pro: no additional kernel module needed
   - con: strings only, thus binary data is base64 encoded

fw_cfg:
   - pro: has been supported for longer in qemu
   - pro: supports binary data
   - con: slow, because IO port based
   - con: only qemu
   - con: requires qemu_fw_cfg.ko kernel module
   - con: qemu upstream sees this as legacy
2022-07-15 08:31:34 +09:00
Yu Watanabe
08894b568f
Merge pull request #24021 from poettering/man-rlimit-comments
man: elaborate on the usefulness (and not-so-usefulness) of various process resource limits
2022-07-15 08:28:53 +09:00
Daan De Meyer
73897d4f3c Add systemd-hwdb to bug/RFE templates 2022-07-15 08:05:41 +09:00
Yu Watanabe
3f5ef8aeac
Merge pull request #24019 from yuwata/network-ipv4ll
network: refuse 169.254.0.0/24 and 169.254.255.0/24
2022-07-15 07:59:13 +09:00
Darsey Litzenberger
b5e17d7fed udev: add flag to allow disabling blkid probing
This can be useful for users of slow block devices.

For example, the persistent-storage rules are needed for USB floppy
drives be recognized by udisks2, but the extra blkid calls cause
thrashing for 25+ seconds after every disk change.

With this change, a user wishing to avoid the extra blkid invocation(s)
could create /etc/udev/rules.d/55-floppy-noprobe.rules as follows:

    # Don't probe PC floppy drives
    SUBSYSTEM=="block", KERNEL=="fd*", \
        ENV{UDEV_DISABLE_PERSISTENT_STORAGE_BLKID_FLAG}="1"

    # Don't probe USB floppy drives
    SUBSYSTEM=="block", SUBSYSTEMS=="usb", \
        ATTRS{bInterfaceClass}=="08", ATTRS{bInterfaceSubClass}=="04", \
        ENV{UDEV_DISABLE_PERSISTENT_STORAGE_BLKID_FLAG}="1"

I didn't exclude floppies by default in this change, because floppy
devices are also emulated by some BIOSes/hypervisors in some cases, and
I don't know how many systems would fail to boot if /dev/disk/by-uuid/*
became unavailable for 'floppy disks' on those systems.
2022-07-15 07:54:14 +09:00
Lennart Poettering
c043291774 update TODO 2022-07-15 00:15:59 +02:00
Lennart Poettering
52cd58b878 update TODO 2022-07-15 00:02:22 +02:00
Lennart Poettering
5ea8fa1db3 update TODO 2022-07-14 23:58:51 +02:00
Lennart Poettering
8c88895772 man: explain why various resource limits don't make sense and should not be used. 2022-07-14 23:53:51 +02:00
matoro
bab5d84790 README: gcc now has a minimum requirement of 4.7 2022-07-14 17:39:35 -04:00
matoro
60c040f6a7 journal: replace __sync intrinsics with __atomic 2022-07-14 17:39:26 -04:00
matoro
5ba4295bea basic: replace __sync intrinsics with __atomic
Commented reasoning on why it's safe to replace
__sync_bool_compare_and_swap with __atomic_compare_exchange_n in each
location even though the latter has an additional side effect.

__sync_synchronize should be equivalent to __atomic_thread_fence with
__ATOMIC_SEQ_CST memory ordering.
2022-07-14 17:34:15 -04:00
matoro
9ddb63f5cf fundamental: replace __sync with __atomic in ONCE macro
For this one, we can actually just use __atomic_exchange_n since we
don't need the "compare" part of __atomic_compare_exchange_n.
2022-07-14 17:34:15 -04:00
matoro
8a75ba0a7f process-util: replace __sync intrinsics to __atomic
This one is rather tricky, but changing the initialization of
current_val should give this the same effect.  Based on ffmpeg's change
here: https://ffmpeg.org/pipermail/ffmpeg-devel/2014-October/164556.html

Quoting from them:
> The second reason is __atomic_compare_exchange_n(), and how it differs from
> __sync_val_compare_and_swap().
> While the latter returns *ptr as it was before the operation, the former
> doesn't and instead copies *ptr to oldval if the result of the
> comparison is false. This means that returning oldval will match the old behavoir
> without having to change the wrapper.
> A disassemble example from libavutil/buffer.o however hints that the
> __atomic function may be slower because of it writting oldval.
2022-07-14 17:34:10 -04:00
Yu Watanabe
dfeb5a076a
Merge pull request #24016 from poettering/sysctl-cred-extra
sysctl: also process sysctl requests via the "sysctl.extra" credential
2022-07-15 04:20:35 +09:00
asavah
c3d8a7e21c smack: fix build failure with -Dsmack=false 2022-07-15 04:19:36 +09:00
Yu Watanabe
72c747e6d1 test-network: add a test case for IPv4LLStartAddress= 2022-07-15 04:01:56 +09:00
Yu Watanabe
d3efcd2def network: refuse 169.254.0.0/24 and 169.254.255.0/24 for IPv4LLStartAddress=
Follow-up for #23927.
2022-07-15 03:37:09 +09:00
Yu Watanabe
c1dd250f18
Merge pull request #23927 from AndreKalb/feature/ipv4-link-local-start-address
network: Feature IPv4 link-local start address
2022-07-15 03:21:26 +09:00
Yu Watanabe
e3979a6256
Merge pull request #23999 from msekletar/revert-background-session-no-user-instance
Revert of recent changes in handling of background sessions
2022-07-15 03:18:08 +09:00
Zbigniew Jędrzejewski-Szmek
78f8ce6d90 environment-d-generator: use DEFINE_MAIN_FUNCTION() 2022-07-14 19:25:15 +02:00
Zbigniew Jędrzejewski-Szmek
9cfc294fe0 man: fix formatting of "BARRIER=1"
Whitespace inside of the <varname> field was propagated to the displayed form,
causing strange indentation.
2022-07-14 19:25:15 +02:00
Zbigniew Jędrzejewski-Szmek
8f41e6b636 core: wrap long comments and capitalize sentences 2022-07-14 19:25:15 +02:00
Lennart Poettering
93cbc9ca12 base-filesystem: pick more conservative access mode for /root/
Let's not allow anyone to look into /root/ if we create it via the
base-filesystem logic. i.e. change 0755 → 0750 as default access mode
for /root/, in case we create it if it happens to be missing.
2022-07-14 18:18:34 +02:00
Lennart Poettering
6ecc6c4536
Merge pull request #24008 from poettering/tmpfiles-is-dir-fix
tmpfiles: fix wrong is_dir_fd() call
2022-07-14 18:16:07 +02:00
undef
e9a28b8ccd growfs: Expand FS even if underlying block expansion fails
This allows growfs to expand the filesystem even when the underlying
block device cannot be expanded. This has been useful for example on
LUKS devices that have already been expanded using systemd-repart.

This works around the following error:
```
root@mobian:/home/mobian# /usr/lib/systemd/systemd-growfs /
crypt_resize() of /dev/block/179:2 failed: Operation not permitted
```
2022-07-14 18:13:23 +02:00
Lennart Poettering
0541980587
Merge pull request #24015 from poettering/growfs-fd-tweaks
growfs fd handling tweaks
2022-07-14 18:09:18 +02:00
Lennart Poettering
3840b14781 man: drop misplaced ',' 2022-07-14 18:04:01 +02:00
Lennart Poettering
39f0d1d2e7 sysctl: also process sysctl requests via the "sysctl.extra" credential 2022-07-14 18:02:58 +02:00
Lennart Poettering
bbe29ca29b update TODO 2022-07-14 17:11:43 +02:00
Zbigniew Jędrzejewski-Szmek
b33c2757d8 kernel-install: add helper for logging 2022-07-14 22:20:49 +09:00
Lennart Poettering
1ab8cd794c import-ceds: use the right error variables at four places 2022-07-14 21:52:11 +09:00
Lennart Poettering
0fde330d66 update TODO 2022-07-14 14:45:56 +02:00