1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

74693 Commits

Author SHA1 Message Date
Mike Yuan
4918f14ada
core: do not drop CGroupRuntime when unit stops, but only on GC
Fixes #33149
Replaces #33145
2024-06-28 15:43:21 +02:00
Mike Yuan
4c1fc52d2a
core/cgroup: drop spurious ", ignoring" for unit_cgroup_is_empty 2024-06-28 15:43:21 +02:00
Mike Yuan
3849d1f56b
core/cgroup: actually make use of the cached accounting values
If cgroup is already gone, i.e. CGRuntime.cgroup_path is NULL,
do not return -ENODATA prematurely, but check for cached values
first.

For #33149
2024-06-28 15:43:21 +02:00
Mike Yuan
d3d035395e
core/cgroup: check root cgroup earlier for unit_get_memory_accounting 2024-06-28 15:43:20 +02:00
Mike Yuan
bc347edfe0
core: unify reset_accounting handling
Since the introduction of CGroupRuntime, there's no need
to call *_reset_accounting in unit_new(), hence make those
static. While at it, refrain from hardcoding default values
in cgroup_runtime_new(), but call the corresponding funcs.

This also corrects the default value of io_accounting_base.

Fixes #33482
2024-06-28 15:43:08 +02:00
Mike Yuan
5a8c2c9559
core/cgroup: call bpf_firewall_close in cgroup_runtime_free
No functional change, just deduplicate default values
in cgroup_runtime_free() and remove pointless call in
unit_free() (at the time it's called the CGRuntime has
been destroyed already).
2024-06-28 15:38:56 +02:00
Mike Yuan
4442aef08e
core/cgroup: make unit_has_host_root_cgroup take const Unit* 2024-06-28 15:38:42 +02:00
Mike Yuan
c97c79aded
core/cgroup: check CGroupRuntime.cgroup_path rather than _realized for freezer
The same check is used everywhere else.
2024-06-28 15:38:42 +02:00
Mike Yuan
8153be97c4
core/cgroup: use > 0 comparison rather than == 1 2024-06-28 15:38:41 +02:00
Mike Yuan
38f3b737dc
core/cgroup: correct macro alignment 2024-06-28 15:38:41 +02:00
Antonio Alvarez Feijoo
b268a71069 man/varlinkctl: add list-methods command to synopsis and fix typo
Follow-up for 16cfe84c24
2024-06-28 15:14:59 +02:00
Zbigniew Jędrzejewski-Szmek
cddbd730cb
Merge pull request #33370 from grawity/run-title
run: add option to prevent the setting of terminal title
2024-06-28 14:46:27 +02:00
Luca Boccassi
164e2952ec
Merge pull request #33516 from poettering/more-stub-tweaks
sd-stub: three more tweaks
2024-06-28 14:46:16 +02:00
Zbigniew Jędrzejewski-Szmek
bd7236912f LICENSES/README: expand text to summarize state for binaries and libs
We would say how *sources* are licensed, but actually most user care about the
resulting binaries. So say how the *binaries* are licensed. I used the word
"effectively" because the permissive licenses don't set any requirements on the
binaries, so the license of sources is a complex mix, but the resulting
binaries have a simple effective license.

Also, make it clear that the GPLv2 license applies to udev programs, but not
the shared library. Based on private correspondence, there's some confusion
about this.
2024-06-28 13:46:58 +02:00
Daan De Meyer
b00f44c3cf meson: Drop genkey target
In mkosi.images/system/mkosi.conf, we configure the certificate as
an extra tree so it's available inside the image. However, we pick up
the certificate from the top level repository directory and not from the
build directory where it is generated by the genkey meson target.

We currently have no way to access the build directory that mkosi was
invoked from when parsing the configuration file. Thus we have no way to
specify the correct location to the certificate when it's located in the
build directory.

For now, let's look for the key and certificate in the top level repository
root directory and drop the genkey target.

We don't have to change the Github Actions CI because it already runs genkey
manually before the image build (which is something we forgot to remove when
introducing the genkey target and is the reason this didn't cause issues before).
2024-06-28 10:20:10 +02:00
Lennart Poettering
c1451cd2a2 update TODO 2024-06-28 10:15:53 +02:00
Lennart Poettering
9e936ccf5d update TODO 2024-06-28 10:13:06 +02:00
Lennart Poettering
f829c9f7da stub: move safety check for LoadOptions into if block where we actually use it 2024-06-28 09:58:26 +02:00
Lennart Poettering
558b1600cf stub: don't mangle command line if we got it as array
There are two ways to get the command line: from the EFI shell,
preparsed, already split at whitespace. This we just combine with
spaces, since kernel wants it as one string.

And as one command line blob which is how we are invoked otherwise and
which comes with all kinds of whitespace quite likely.

Let's only strip leading and trailing whitespace in the latter case,
given it's likely the concatenation of whitespace separated strings
generated by shell scripts and such. But let's not strip it we already
received a preparsed array.
2024-06-28 09:58:24 +02:00
Lennart Poettering
fc02ea668f stub: make sure we always mangle the cmdlines we read 2024-06-28 09:58:20 +02:00
Luca Boccassi
b22ee1010d docs: fix dead link to GNOME documentation 2024-06-28 09:39:56 +02:00
Giovanni Baratta
d108198f39 man/tmpfiles: remove outdated behavior regarding symlink ownership
Update the man page of tmpfiles.d to remove outdated comments regarding the behavior of ownership with symlinks.
The behavior has been changed in this commit 51207ca134
2024-06-27 18:24:07 +02:00
David Tardon
9c63d14771 varlink: fix license
The old license was a copy&paste mistake.
2024-06-27 17:00:00 +02:00
Daan De Meyer
93bdf553d8
Merge pull request #33506 from DaanDeMeyer/mkosi-btrfs
mkosi: Switch back to btrfs
2024-06-27 16:56:27 +02:00
Daan De Meyer
93440db8b5 mkosi: Switch back to btrfs
Now that we're running on Noble instead of Jammy btrfs has the temp_fsid
feature which means we can mount the same image multiple times so let's
switch back to btrfs instead of ext4 as the filesystem as btrfs properly
records timestamps when building filesystems from a root directory unlike
ext4.
2024-06-27 15:45:57 +02:00
Daan De Meyer
48e7d0e91e mkosi: Install btrfs-progs on CentOS as well 2024-06-27 15:45:44 +02:00
Kamil Szczęk
fd8ed7f26b cryptsetup: allow customizing cache behavior
The new "password-cache" option allows customizing behavior of the
ask-password module in regards to caching credentials in the kernel
keyring. There are 3 possible values for this option:
  * read-only - look for credentials in kernel keyring before asking
  * on - same as read-only, but also save credentials input by user
  * off - disable keyring credential cache

Currently the cache is forced upon the user and this can cause issues.
For example, if user wants to attach two volumes with two different
FIDO2 tokens in a quick succession, the attachment operation for the
second volume will use the PIN cached from the first FIDO2 token, which
of course will fail and since tokens are only attempted once, this will
cause fallback to a password prompt.
2024-06-27 13:00:49 +02:00
Kamil Szczęk
53b6c99018 cryptsetup: make key discovery more robust
Currently, if user doesn't specify a key file, /etc/cryptsetup-keys.d/
and /run/cryptsetup-keys.d/ will be searched for a key file with name
matching the volume name. But current implementation has an important
flaw. When the auto-discovered key is a socket file - it will read the
key only once, while the socket might provide different keys for
different types of tokens. The issue is fixed by trying to discover the
key on each unlock attempt, this way we can populate the socket bind
name with something the key provider might use to differentiate between
different keys it has to provide.
2024-06-27 12:58:45 +02:00
Daan De Meyer
6f1f13ca9f mkosi: Enable hyperscale-packages-experimental for CentOS
This gets us a kernel with btrfs support.
2024-06-27 12:50:41 +02:00
Lennart Poettering
db2b897a86
Merge pull request #33503 from poettering/hostnamed-polkit-fixes
hostnamed: minor corrects to Varlink polkit handling
2024-06-27 12:47:46 +02:00
Lennart Poettering
24f0d6110c
Merge pull request #32560 from poettering/varlink-double-fd
varlink: add ability to talk to remote Varlink service binary via ssh
2024-06-27 12:47:31 +02:00
Lennart Poettering
26c5eebb74 update TODO 2024-06-27 12:25:25 +02:00
Lennart Poettering
440531c839 update TODO 2024-06-27 12:17:57 +02:00
Luca Boccassi
ae4c61bacc
Merge pull request #33502 from DaanDeMeyer/opensuse
mkosi: Drop s390x console patch from opensuse spec
2024-06-27 11:49:19 +02:00
Lennart Poettering
ebc4a76a64 ci: add simple test for the new "ssh-exec:" varlink logic 2024-06-27 11:30:07 +02:00
Lennart Poettering
e44e109baa varlink: add ability to invoke and talk to remote service binary via SSH 2024-06-27 10:56:51 +02:00
Lennart Poettering
ab89c6d162 varlink: if $SYSTEMD_VARLINK_LISTEN is set to "-", listen on stdio 2024-06-27 10:52:23 +02:00
Lennart Poettering
6678b9acc6 hostnamed: make sure we can actually properly parse 'allowInteractiveAuthentication' varlink parameter
If people want they should be able to turn on this flag, to allow
interactive auth. Let's make sure this actually works. i.e. add it to
the introspection data and don't refuse the parameter in Describe().
(note the varlink handling already does parameter validation through
varlink_dispatch(), hence we can just drop any further validation)
2024-06-27 10:43:21 +02:00
Lennart Poettering
b6464e80d6 hostnamed: if polkit authentication fails for Varlink Describe() call, don't reply to client with an error
The logic of the Describe() call was supposed to be: if we can acquire
the PK priv to get the product UUID then let's return the product UUID,
and if we cannot then return the data without it.

This didn't work however, since the polkit varlink glue would
immediately propagate the error it acquired from polkit its own client.
Let's turn this off, optionally, so that hostnamed can handle this
nicely.
2024-06-27 10:43:21 +02:00
Daan De Meyer
21942c008e mkosi: Drop leftover systemd-coredump-debuginfo package for opensuse
The package was merged into the main systemd package in
23bfa9d83b.
2024-06-27 10:14:32 +02:00
Daan De Meyer
f92a005cd1 mkosi: Drop s390x console patch from opensuse spec
This patch does not apply anymore on upstream, so let's remove it
from the spec before building until the spec is fixed.
2024-06-27 09:49:40 +02:00
Lennart Poettering
4120151f7b varlink: add helper that adds a connection via stdio to a varlink server
This adds varlink_server_add_connection_stdio() as wrapper around
varlink_server_add_connection_pair(), that steals stdin/stdout fds and
turns them into a varlink connection. To be safe it replaces
stdin/stdout with /dev/null fds.
2024-06-27 09:41:54 +02:00
Lennart Poettering
e73ae07b52 varlink: add new call varlink_server_add_connection_pair() for two-fd servers
This adds the server-side for varlink connections over two distinct fds.
2024-06-27 09:41:54 +02:00
Lennart Poettering
6f24e09006 varlink: add new call varlink_connect_fd_pair() helper for two-fd clients
This makes use of the functionality added in the previous commit to
implement the client-side functionality for talking to servers via a
pair of fds.
2024-06-27 09:41:54 +02:00
Lennart Poettering
2ac1fb14d9 varlink: support varlink communication via distinct input/output fds
When invoking another process via a pair of pipes it makes sense to
allow reading from one fd, and writing from another. Teach our varlink
code to do so optionally.

(sd-bus supports something similar, fill the gap).

This is preparation for a later commit that uses this to talk to remote
SSH invocations via pipes.
2024-06-27 09:41:54 +02:00
Lennart Poettering
fbdb7854a5
Merge pull request #33493 from poettering/stub-refactor
sd-stub: clean-up codebase/refactoring
2024-06-27 09:18:39 +02:00
Luca Boccassi
8e6d95846b
Merge pull request #33491 from keszybz/allow-interactive-auth-in-inhibit
Allow interactive auth in inhibit
2024-06-26 23:01:22 +02:00
Luca Boccassi
d031b5876b
Merge pull request #33338 from ml-/specifiers
tmpfiles: add %q, %A, %M specifiers
2024-06-26 21:40:15 +02:00
Florian Schmaus
016e9d8d08 core/exec-invoke: use sched_setattr instead of sched_setscheduler
The kernel's sched_setattr interface allows for more control over a processes
scheduling attributes as the previously used sched_setscheduler interface.

Using sched_setattr is also the prerequisite for support of utilization
clamping (UCLAMP [1], see #26705) and allows to set sched_runtime. The latter,
sched_runtime, will probably become a relevant scheduling parameter of the
EEVDF scheduler [2, 3], and therefore will not only apply to processes
scheduled via SCHED_DEADLINE, but also for processes scheduled via
SCHED_OTHER/SCHED_BATCH (i.e., most processes).

1: https://docs.kernel.org/next/scheduler/sched-util-clamp.html
2: https://lwn.net/Articles/969062/
3: https://lwn.net/ml/linux-kernel/20240405110010.934104715@infradead.org/
2024-06-26 20:54:53 +02:00
Kamil Szczęk
0828c6a2bf cryptsetup: improve TPM2 blob display
Just a tiny change to fix an eyesore in cryptsetup luksDump display :)
2024-06-26 20:52:31 +02:00