1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

42326 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
58c0663b97
Merge pull request #14099 from keszybz/machine-ref-unref-fix
Fix for the issue when machine cannot be started second time, and better nspawn logging
2019-11-22 14:33:27 +01:00
Pascal de Bruijn
b4e2236a72 systemd-tmpfiles: don't install timer when service isn't installed either
Fixes: systemd-tmpfiles-clean.timer: Refusing to start, unit
systemd-tmpfiles-clean.service to trigger not loaded.
2019-11-22 14:30:37 +01:00
Zbigniew Jędrzejewski-Szmek
62092b2fae
Merge pull request #14109 from poettering/varlink-tweaks
varlink: fix more/continues method calls, and correctly apply method call timeout
2019-11-22 14:30:16 +01:00
Lennart Poettering
f1194f5d59 varlink: fix enablement of varlink timeout event source 2019-11-22 10:54:52 +01:00
Lennart Poettering
c4fe0cbc17 varlink: drop too much whitespace 2019-11-22 10:54:52 +01:00
Lennart Poettering
88a36d3690 varlink: port varlink code over to use getdtablesize() for sizing number of concurrent connections
Use the official glibc API for determining this parameter. In most other
cases in our tree it's better to go directly for RLIMIT_NOFILE since
it's semantically what we want, but for this case it appears more
appropriate to use the friendlier, shorter, explicit API.
2019-11-22 10:54:52 +01:00
Lennart Poettering
a0c41de277 varlink: move connection fds > fd2
We want to use this code in NSS modules, and we never know the execution
environment we are run in there, hence let's move our fds up to ensure
we won't step into dangerous fd territory.

This is similar to how we already do it in sd-bus for client connection
fds.
2019-11-22 10:54:52 +01:00
Lennart Poettering
45a6c96598 varlink: fix support for more/continues method calls 2019-11-22 10:54:52 +01:00
Zbigniew Jędrzejewski-Szmek
698876640d machine: fold machine_stop_scope() into machine_stop()
No functional change.
2019-11-22 10:24:32 +01:00
Zbigniew Jędrzejewski-Szmek
eec12b7756 machined: simplify reference handling for units
Before, we'd unref from machine_stop_unit, still keeping the unit name around,
and only forget the name later, when garbage collecting. If we didn't call
manager_stop_unit(), then we wouldn't do the unref. Let's unref at the same
point where we do garbage collection, so that it is always true that
iff we have the name generated with AddRef=1, then have a reference to the unit,
and as soon as we forget the name, we drop the reference.

This should fix the issue when repeated systemd-nspawn --register=yes fails
with "scope already exists" error.

Incidentally, this fixes an error in the code path where r was used instead of q.
2019-11-22 10:24:32 +01:00
Zbigniew Jędrzejewski-Szmek
a01ecfa982 machine: simplify machine_start_scope()
It is called from only one place, and we can make things simpler by calculating the
necessary stuff directly in the function. No functional change.
2019-11-22 10:24:29 +01:00
Zbigniew Jędrzejewski-Szmek
af22794712 machine: make machine_start_scope() static
Having this function which is called only from one place in a separate file
makes the code harder to follow. In preparation for subsequent changes, let's
make it static.
2019-11-22 10:23:32 +01:00
Zbigniew Jędrzejewski-Szmek
f47bd09749 nspawn: log syscalls we cannot add at debug level
Without out at least a debug log line it is hard to figure out when something
goes wrong.

Reduce scope of a variable while at it.
2019-11-22 10:23:32 +01:00
Zbigniew Jędrzejewski-Szmek
ec56251533 man: use <constant> for capability names in nspawn page 2019-11-22 10:23:32 +01:00
Zbigniew Jędrzejewski-Szmek
8a99bd0c46 nspawn: dump capability list with --capabilities=help 2019-11-22 10:15:46 +01:00
Zbigniew Jędrzejewski-Szmek
bdf2357c12 NEWS: add contributors for v244 2019-11-22 09:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
6df086019c mailmap: update 2019-11-22 09:33:40 +01:00
Zbigniew Jędrzejewski-Szmek
353a6f293e
Merge pull request #14081 from poettering/xattr-list-rework
xattr-util rework and addition of flistxattr_malloc() helper plus test
2019-11-22 09:18:24 +01:00
Zbigniew Jędrzejewski-Szmek
fd0d10f783
Merge pull request #14105 from keszybz/man-directives-cleanup
Man formatting and sorting fixes
2019-11-22 09:06:28 +01:00
ksbex
80fc3166e0 hwdb: Dell venue 10 pro 5055 accel mount matrix (#14104) 2019-11-22 08:51:44 +01:00
Zbigniew Jędrzejewski-Szmek
8c6c56c36f man: sort options without "=" in the directives index
Some options would appear twice in the index, e.g. --collect= and
--collect. Some man pages use one form, some the other, and the argument
might be mandatory for some commands but not others. Anyway, let's display
them as one entry, to reduce the total number of items listed.
2019-11-21 22:06:30 +01:00
Zbigniew Jędrzejewski-Szmek
f8b68539d0 man: fix a few bogus entries in directives index
When wrong element types are used, directives are sometimes placed in the wrong
section. Also, strip part of text starting with "'", which is used in a few
places and which is displayed improperly in the index.
2019-11-21 22:06:30 +01:00
Zbigniew Jędrzejewski-Szmek
b0343f8c96 man: change noindex="true" to index="false"
We nowadays prefer positive options over negative.
2019-11-21 22:03:57 +01:00
Zbigniew Jędrzejewski-Szmek
8eb6e6ed09 man: use <command> not <option> for commands in resolvectl(1) 2019-11-21 22:03:57 +01:00
Lennart Poettering
351de38e4b bootctl: make 'random-seed' handle inability to write system token EFI variable gracefully
Apparently some firmwares don't allow us to write this token, and refuse
it with EINVAL. We should normally consider that a fatal error, but not
really in the case of "bootctl random-seed" when called from the
systemd-boot-system-token.service since it's called as "best effort"
service after boot on various systems, and hence we shouldn't fail
loudly.

Similar, when we cannot find the ESP don't fail either, since there are
systems (arch install ISOs) that carry a boot loader capable of the
random seed logic but don't mount it after boot.

Fixes: #13603
2019-11-21 19:55:17 +01:00
Zbigniew Jędrzejewski-Szmek
7f95bb22d3 resolve: rename define fixing a typo 2019-11-21 12:45:25 +01:00
Zbigniew Jędrzejewski-Szmek
9389a3cdc8
Merge pull request #14093 from poettering/cgroups-delegate-xattr
mark delegated cgroups via xattr, and visualize the cut points in cgls
2019-11-20 23:53:03 +01:00
Lennart Poettering
7daa88ee5d update TODO 2019-11-20 17:51:28 +01:00
Lennart Poettering
a2e361dc27 cgls: visually separate processes from cgroups
Let's show them in grey, since we generally want to focus on showing the
cgroups much less than the processes in them.
2019-11-20 17:51:28 +01:00
Lennart Poettering
74d8ccd451 cgls: show delegation boundaries by underlining the cgroup in the output
This should help visualize where one manager's territory begins and
another's starts. Do this by underlining (since it's a "cut" point an
underline made most sense to me). Since underlining is not visible on
the console let's also show an ellipses for all lines that are
delegation boundaries.

Unfortunately this all is not as useful as it appears. The
"trusted.delegate" xattr is only visible to roo, which means
"systemd-cgls" has be called as root to show the boundaries.
Unfortunately cgroupfs doesn't support unprivileged xattrs on cgroups.
2019-11-20 17:50:12 +01:00
Lennart Poettering
3288ea8f32 core: set "trusted.delegate" xattr on cgroups that are delegation boundaries
Let's mark cgroups that are delegation boundaries to us. This can then
be used by tools such as "systemd-cgls" to show where the next manager
takes over.
2019-11-20 17:50:12 +01:00
Lennart Poettering
bf25f1657f cgroup-util: add new cg_remove_xattr() for removing xattr from cgroup 2019-11-20 17:50:12 +01:00
Lennart Poettering
59a49b1bcd
Merge pull request #14090 from poettering/clonenewns-fix
make sure systemd-logind.service can start if unshare() is blocked
2019-11-20 17:27:56 +01:00
Lennart Poettering
168e131b8b update NEWS 2019-11-20 16:16:46 +01:00
Zbigniew Jędrzejewski-Szmek
8490fc7aef
Merge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs
Systemctl add log-level, log-target, service-watchdogs commands
2019-11-20 16:15:09 +01:00
Zbigniew Jędrzejewski-Szmek
2d8898f564
Merge pull request #14074 from keszybz/rename-system-options
Rename system-options
2019-11-20 16:13:46 +01:00
Lennart Poettering
6d19b71876 core: don't insist on ProtectHostname= if unshare() is blocked
Previously we'd only skip ProtectHostname= if kernel support for
namespaces was lacking. With this change we also accept if unshare()
fails because it is blocked.
2019-11-20 12:49:06 +01:00
Lennart Poettering
4e67759960 core: be more lenient when checking whether sandboxing is necessary
In some containers unshare() is made unavailable entirely. Let's deal
with this that more gracefully and disable our sandboxing of services
then, so that we work in a container, under the assumption the container
manager is then responsible for sandboxing if we can't do it ourselves.

Previously, we'd insist on sandboxing as soon as any form of BindPath=
is used. With this change we only insist on it if we have a setting like
that where source and destination differ, i.e. there's a mapping
established that actually rearranges things, and thus would result in
systematically different behaviour if skipped (as opposed to mappings
that just make stuff read-only/writable that otherwise arent').

(Let's also update a test that intended to test for this behaviour with
a more specific configuration that still triggers the behaviour with
this change in place)

Fixes: #13955

(For testing purposes unshare() can easily be blocked with
systemd-nspawn --system-call-filter=~unshare.)
2019-11-20 12:30:04 +01:00
Lennart Poettering
e884e00071 errno-util: add ERRNO_IS_PRIVILEGE() helper 2019-11-20 12:29:54 +01:00
Anita Zhang
206a29b2e1 id128: fix initializer element is not constant
Was getting:

  ../src/id128/id128.c:15:1: error: initializer element is not constant
   static sd_id128_t arg_app = SD_ID128_NULL;
    ^
when building on CentOS 7.

Other parts of the code initialize `static sd_id128_t` to {} and this
was the original setting before a19fdd66c2 anyways.
2019-11-20 10:59:25 +01:00
Lennart Poettering
b82e818f5c test: make sure our tests get exclusive TTY access
This sould make our test suite a bit more robust if it is slow running.
A few of our test services use StandardOutput=tty or StandardError=tty
in the tests in order to connect test services to the container console.
This gets into conflict with the container getty which wants exclusive
access to the console. Since the container getty is started with
Type=idle it typically gets started after a timeout only if the TTY is
already used, which hence introduces a race: if the test finishes
earlier all is good, if not, then the test gets kicked off the TTY which
then causes bash to abort since it cannot write any error messages
anymore.

Let's fix this hence: all tests that connect to the tty are now
synchronized to getty-pre.target, so they finish before any getty is
started.
2019-11-20 09:39:54 +01:00
Lennart Poettering
faf1bb8244
Merge pull request #14085 from poettering/ask-password-api
make sure asking for a pw works in a container too if keyctl() and friends are blocked
2019-11-20 00:54:28 +01:00
Lennart Poettering
fbcb630045 pam_systemd: prolong method call timeout when allocating session
Starting a session might involve starting the user@.service instance,
hence let's make the bus call timeout substantially longer.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=83828
2019-11-19 21:05:03 +01:00
Zbigniew Jędrzejewski-Szmek
cbfc32819a
Merge pull request #14078 from poettering/cryptsetup-fixlets
trivial cryptsetup fixlets (mostly: use more STR_IN_SET())
2019-11-19 20:46:53 +01:00
Zbigniew Jędrzejewski-Szmek
321c911fc2
Merge pull request #14079 from poettering/pam-systemd-fixlets
trivial pam_systemd fixlets
2019-11-19 20:45:15 +01:00
Yu Watanabe
08de195825 udev: do not propagate error in executing PROGRAM and IMPORT{program}
Also, this adds more logs.

Fixes #14027.
2019-11-19 20:20:46 +01:00
Lennart Poettering
09a6b4f34f ask-password: skip kernel keyring logic if we see EPERM
Let's improve compat with container managers that block the keyring
logic and return EPERM for them.
2019-11-19 19:12:09 +01:00
Lennart Poettering
e6376b6a41 errno: add new ERRNO_IS_NOT_SUPPORTED() helper 2019-11-19 19:12:09 +01:00
Lennart Poettering
83412d39de test-copy: test that xattrs are properly copied 2019-11-19 15:44:58 +01:00
Lennart Poettering
f9bbb4dcec copy: port over to flistxattr_malloc() and fgetxattr_malloc() 2019-11-19 15:44:58 +01:00