1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

1210 Commits

Author SHA1 Message Date
Luca Boccassi
665a3d6d15 systemctl: automatically softreboot/kexec if set up on reboot
Automatically softreboot if the nextroot has been set up with an OS
tree, or automatically kexec if a kernel has been loaded with kexec
--load.

Add SYSTEMCTL_SKIP_AUTO_KEXEC and SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT to
skip the automated switchover.
2023-10-20 11:45:37 +01:00
Luca Boccassi
f5a7476677
Merge pull request #29628 from mrc0mmand/systemd-executor-test
test: slightly improve sd-executor's coverage
2023-10-19 19:39:39 +01:00
Frantisek Sumsal
e98f7f9122 test: skip Protect{Home,System}= tests with coverage builds
With coverage builds we disable Protect{Home,System}= via a service.d
dropin in /etc, which has, unfortunately, higher priority than our
transient systemd-run stuff. Let's just skip the affected tests in that
case instead of making the test setup even more complicated.
2023-10-19 18:03:57 +01:00
Frantisek Sumsal
a2dd592002 test: unify checking for user xattrs support in cgroupfs
Also, run the coredump forwarding test only if user xattrs are
supported.
2023-10-19 18:01:07 +01:00
Frantisek Sumsal
4701425dd5 test: add coverage for #29610
As reproducing it is actually pretty easy, with the benefit of hindsight:

~# systemd-run -P -p MountImages="/this/should/definitely/not/exist.img:/run/img2\:3:nosuid" false
Running as unit: run-u42.service
free(): double free detected in tcache 2
2023-10-19 16:23:28 +02:00
Mike Yuan
2ee346160c
systemctl: is-failed: check if system is degraded when no unit given
Closes #3335
2023-10-19 00:12:28 +08:00
Frantisek Sumsal
7e9c7d6f5b test: use Type=exec for the test unit
Make sure everything we need is set up before continuing further with
the test. This should, hopefully, help with a race where we check
a dynamic user before it's created by NFTSet= stuff.

Before:
$ journalctl -o short-monotonic --grep '(test-nft|NFT|testsuite-75)' --no-hostname
...
[ 3657.929223] testsuite-75.sh[48]: + systemd-run -u test-nft.service -p DynamicUser=yes -p 'NFTSet=cgroup:inet:sd_test:c user:inet:sd_test:u group:inet:sd_test:g' sleep 10000
...
[ 3657.977372] systemd[1]: test-nft.service: Changed dead -> running
[ 3657.977388] systemd[1]: test-nft.service: Job 376 test-nft.service/start finished, result=done
[ 3657.977407] testsuite-75.sh[853]: Running as unit: test-nft.service; invocation ID: 8776af2ec7864a60a058cb5d403d1ca6
[ 3657.982437] testsuite-75.sh[856]:                 elements = { "system.slice/test-nft.service" }
[ 3657.984570] testsuite-75.sh[48]: + grep -qF test-nft.service /tmp/tmp.uqXKfyzcpJ
[ 3657.985400] testsuite-75.sh[859]: ++ getent passwd test-nft
[ 3657.986434] systemd[1]: varlink-12: New incoming message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"userName":"test-nft","service":"io.systemd.DynamicUser"}}
[ 3657.986503] systemd[1]: varlink-12: Sending message: {"error":"io.systemd.UserDatabase.NoRecordFound","parameters":{}}
[ 3657.986643] systemd[1]: testsuite-75.service: Child 48 belongs to testsuite-75.service.
[ 3657.986660] systemd[1]: testsuite-75.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
[ 3657.986681] systemd[1]: testsuite-75.service: Failed with result 'exit-code'.
...
[ 3657.989885] systemd[1]: test-nft.service: User lookup succeeded: uid=64568 gid=64568
[ 3657.989936] systemd[1]: Added NFT set: family inet, table sd_test, set u, ID 64568
[ 3657.989965] systemd[1]: Added NFT set: family inet, table sd_test, set g, ID 64568

After:
$ journalctl -o short-monotonic --grep '(test-nft|NFT|testsuite-75)' --no-hostname
[ 1523.874408] testsuite-75.sh[49]: + systemd-run -u test-nft.service --service-type=exec -p DynamicUser=yes -p 'NFTSet=cgroup:inet:sd_test:c user:inet:sd_test:u group:inet:sd_test:g' sleep 10000
...
[ 1523.924091] systemd[1]: Starting test-nft.service...
[ 1523.928891] systemd[1]: test-nft.service: User lookup succeeded: uid=64568 gid=64568
[ 1523.929102] systemd[1]: Added NFT set: family inet, table sd_test, set u, ID 64568
[ 1523.929220] systemd[1]: Added NFT set: family inet, table sd_test, set g, ID 64568
...
[ 1523.933263] systemd[1]: Started test-nft.service.
[ 1523.933626] testsuite-75.sh[849]: Running as unit: test-nft.service; invocation ID: d1a5c3eacbc647a7a5fcbd46c7b2f863
[ 1523.940810] testsuite-75.sh[852]:                 elements = { "system.slice/test-nft.service" }
[ 1523.942880] testsuite-75.sh[49]: + grep -qF test-nft.service /tmp/tmp.gWka2x3mQq
[ 1523.944031] testsuite-75.sh[855]: ++ getent passwd test-nft
[ 1523.945496] systemd[1]: varlink-18: New incoming message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"userName":"test-nft","service":"io.systemd.DynamicUser"}}
[ 1523.951593] systemd[1]: varlink-18: Sending message: {"parameters":{"record":{"userName":"test-nft","uid":64568,"gid":64568,"realName":"Dynamic User",...
2023-10-18 16:08:44 +01:00
Frantisek Sumsal
41231bec0c test: don't restart journal-upload on an expected fail
In c08bec1587 the journal-upload unit gained Restart=on-fail, which goes
against this one particular test that expects the unit to fail, making
the test flaky. Let's disable the automatic restarts just for this test
to make it stable once again.
2023-10-17 14:55:12 +01:00
Daan De Meyer
37ba73b1b2
Merge pull request #28373 from DaanDeMeyer/udevadm-query
Add --json and filtering options for --export-db to udevadm info
2023-10-17 10:16:43 +02:00
Lennart Poettering
e0eb051f95
Merge pull request #29546 from poettering/run-invoc-id
run: output invocation ID when starting service and scope units
2023-10-16 19:00:18 +02:00
Daan De Meyer
a6b4b2fa01 udev: Enable filtering the output of udevadm info --export-db
Let's support the same filtering options that we also support in
udevadm trigger in udevadm info to filter the devices produced by
--export-db.

One difference is that all properties specified by --propery-match=
have to be satisfied in udevadm info unlike udevadm trigger where just
one of them has to be satisfied.
2023-10-16 17:02:00 +02:00
Lennart Poettering
cde8cc946b
Merge pull request #29272 from enr0n/coredump-container
coredump: support forwarding coredumps to containers
2023-10-16 16:13:16 +02:00
Luca Boccassi
7c83d42ef8 mount-util: use mount beneath to replace previous namespace mount
Instead of mounting over, do an atomic swap using mount beneath, if
available. This way assets can be mounted again and again (e.g.:
updates) without leaking mounts.
2023-10-16 14:33:47 +01:00
Lennart Poettering
7693661a84 run: output invocation ID when starting service and scope units 2023-10-16 14:30:11 +02:00
Daan De Meyer
d6e5f170ef Add --json switch to udevadm info
This allows getting the udevadm info --export-db and query "all" output
as JSON.
2023-10-16 13:01:54 +02:00
Lennart Poettering
f5151fb459 sysext: make some calls available via varlink 2023-10-16 12:08:39 +02:00
Daan De Meyer
36d87065f2
Merge pull request #29558 from mrc0mmand/varlinkctl-tests
varlink: add a couple of tests + accompanying fixes
2023-10-16 09:49:42 +02:00
Frantisek Sumsal
abcf59970d core: don't downgrade multi-state settings to boolean
Protect{Home,System,Proc,Subset}= are not booleans, so make sure we use
the intended value instead of just true/false.

See: https://github.com/systemd/systemd/pull/29552
Follow-up to: 79d956d
2023-10-15 14:04:28 +08:00
Frantisek Sumsal
4b2391c4e3 test: add a couple of tests for varlinkctl 2023-10-14 17:40:07 +02:00
Luca Boccassi
0e3986bc1c
Merge pull request #29525 from poettering/confext-sysext-multimodal
dissect: make sure we can dissect and inspect DDIs that are both confext *and* sysext
2023-10-14 00:28:47 +01:00
Nick Rosbrook
097e28736a test: add a test for container support in coredump 2023-10-13 15:28:50 -04:00
Luca Boccassi
bb5232b6a3 core: add systemd-executor binary
Currently we spawn services by forking a child process, doing a bunch
of work, and then exec'ing the service executable.

There are some advantages to this approach:

- quick: we immediately have access to all the enourmous amount of
  state simply by virtue of sharing the memory with the parent
- easy to refactor and add features
- part of the same binary, will never be out of sync

There are however significant drawbacks:

- doing work after fork and before exec is against glibc's supported
  case for several APIs we call
- copy-on-write trap: anytime any memory is touched in either parent
  or child, a copy of that page will be triggered
- memory footprint of the child process will be memory footprint of
  PID1, but using the cgroup memory limits of the unit

The last issue is especially problematic on resource constrained
systems where hard memory caps are enforced and swap is not allowed.
As soon as PID1 is under load, with no page out due to no swap, and a
service with a low MemoryMax= tries to start, hilarity ensues.

Add a new systemd-executor binary, that is able to receive all the
required state via memfd, deserialize it, prepare the appropriate
data structures and call exec_child.

Use posix_spawn which uses CLONE_VM + CLONE_VFORK, to ensure there is
no copy-on-write (same address space will be used, and parent process
will be frozen, until exec).
The sd-executor binary is pinned by FD on startup, so that we can
guarantee there will be no incompatibilities during upgrades.
2023-10-12 15:01:51 +01:00
Luca Boccassi
ef7af0acf2 test: add space-separated test for LogFilterPatterns 2023-10-12 13:11:42 +01:00
Michael Biebl
6f9409eebb test: use kill-whom instead of kill-who (the latter is deprecated) 2023-10-12 13:06:12 +09:00
Lennart Poettering
a81fe93e95 dissect: allow confext/sysext to be in the same image
This reworks the image discovery logic, and conceptually allows DDIs
that are both confext and sysext to exist. Previously we'd only extract
one type of exension data from a DDI, with this we allow to extract both
if both exist.

This doesn't add support for true "multi-modal" DDIs, that qualify as
various things at once, it just lays some ground work that ensures we at
least can dissect such images.

This reworks 484d26dac1 quite a bit.

This changes systemd-dissect's JSON output, but given the
version with the fields it changes/dops has never been released (as the
above patch was merged post-v254) this shouldn't be an issue.
2023-10-11 15:56:08 +02:00
Dan Streetman
adcd3266ec test: add tests for systemd-cryptenroll --tpm2-seal-key-handle
In TEST-70-TPM2, test systemd-cryptenroll --tpm2-seal-key-handle using the
default (0) as well as the SRK handle (0x81000001), and test using a non-SRK
handle index after creating and persisting a primary key.

In test/test-tpm2, test tpm2_seal() and tpm2_unseal() using default (0), the SRK
handle, and a transient handle.
2023-10-10 05:56:45 -04:00
Frantisek Sumsal
c4eb888740 test: make the DDI tests work with older openssl
Older openssl unfortunately insists on having a config file with certain
fields, so let's reuse the one we already create in previous tests.

Should address following error on C8S:

[  407.812039] testsuite-50.sh[654]: + openssl req -config /dev/null -subj=/CN=waldo -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
[  407.849089] testsuite-50.sh[2325]: Generating a RSA private key
[  408.947853] testsuite-50.sh[2325]: ..................................++++
[  423.100903] testsuite-50.sh[2325]: ..........++++
[  423.111036] testsuite-50.sh[2325]: writing new private key to '/tmp/test-50-privkey.key'
[  423.115036] testsuite-50.sh[2325]: -----
[  423.117842] testsuite-50.sh[2325]: unable to find 'distinguished_name' in config
[  423.120863] testsuite-50.sh[2325]: problems making Certificate Request
[  423.123448] testsuite-50.sh[2325]: 140737354091984:error:0E06D06C:configuration file routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:273:group=req name=distinguished_name

Follow-up to 99d9edf0bd.
2023-10-09 18:54:23 +01:00
Lennart Poettering
8525de1365 test: extend some existing tests with varlinkctl lines, to test varlinkctl + new PCRExtend service 2023-10-06 11:49:38 +02:00
Lennart Poettering
99d9edf0bd test: test the new --make-ddi= logic 2023-10-05 19:18:36 +02:00
Yu Watanabe
fcdd21ec6a tree-wide: fix typo 2023-10-04 08:58:10 +09:00
Frantisek Sumsal
2f397514ad test: spawn the to-be-killed-on-soft-reboot units with --collect
Otherwise they might leave stuff behind if they don't respond fast
enough to the first SIGTERM and get SIGKILLEd, which then breaks reusing
the unit name further in the test:

[ 2993.620849] H testsuite-82.sh[43]: + systemd-run -p Type=exec -p DefaultDependencies=no -p IgnoreOnIsolate=yes --unit=testsuite-82-nosurvive.service sleep infinity
[ 2993.628686] H systemd[1]: testsuite-82-nosurvive.service: About to execute: /usr/bin/sleep infinity
[ 2993.628886] H systemd[1]: testsuite-82-nosurvive.service: Forked /usr/bin/sleep as 65
[ 2993.629328] H systemd[1]: testsuite-82-nosurvive.service: Changed dead -> start
...
[ 2993.699892] H testsuite-82.sh[43]: + systemctl --no-block --check-inhibitors=yes soft-reboot
[ 2993.704326] H systemd-logind[41]: The system will soft-reboot now!
...
[ 3001.249302] H systemd[1]: Sending SIGKILL to PID 65 (sleep).
...
[ 3001.303158] H testsuite-82.sh[136]: + systemd-notify '--status=Second Boot'
...
[ 3001.409504] H testsuite-82.sh[136]: + systemd-run -p Type=exec --unit=testsuite-82-nosurvive.service sleep infinity
[ 3001.414061] H testsuite-82.sh[165]: Failed to start transient service unit: Unit testsuite-82-nosurvive.service was already loaded or has a fragment file.

Spotted in Ubuntu CI.
2023-10-03 16:40:49 +02:00
Frantisek Sumsal
399a8a5eb1 test: use --service-type= instead of -p Type= 2023-10-03 16:38:35 +02:00
Luca Boccassi
c7986bc9b6 test: fix check in test unit in TEST-50-DISSECT
'[[ not found'
2023-10-02 14:02:32 +01:00
Yu Watanabe
185e201690 journalctl: find boot ID more gracefully in corrupted journal
In discover_next_boot(), first we find a new boot ID based on the value
stored in the entry object. Then, find the tail (or head when we are going
upwards) entry of the boot based on the _BOOT_ID= field data.

If boot IDs of an entry in the entry object and _BOOT_ID field data
are inconsistent, which may happen on corrupted journal, then previously
discover_next_boot() failed with -ENODATA.

This makes the function check if the two boot IDs in each entry are
consistent, and skip the entry if not.

Fixes the failure of `journalctl -b -1` for 'truncated' journal:
https://github.com/systemd/systemd/pull/29334#issuecomment-1736567951
2023-10-02 10:59:33 +09:00
Frantisek Sumsal
e11fd4df14
Merge pull request #29378 from mrc0mmand/more-test-tweaks
test: a couple of TEST-82-SOFTREBOOT tweaks
2023-09-30 07:35:35 +00:00
Frantisek Sumsal
bd0f9858f7 test: don't pipe the whole journal through jq
Doing that in VMs without acceleration is prohibitively expensive (i.e.
20+ seconds in the C8S job). Thankfully, the recent [0] --lines=+n syntax
makes this all quite easy to fix.

[0] 8d6791d2aa
2023-09-29 23:26:15 +02:00
Frantisek Sumsal
82abce7a89 test: use Type=exec for the auxiliary services
To make sure the respective binaries are exec()ed before moving further
with the test.
2023-09-29 22:10:42 +02:00
Frantisek Sumsal
47f6baccfe test: shutdown the machine on fail after soft-reboot
Since the soft-reboot drops the enqueued end.service, we won't shutdown
the test VM if the test fails and have to wait for the watchdog to kill
us (which may take quite a long time). Let's just forcibly kill the
machine instead to save CI resources.
2023-09-29 22:07:12 +02:00
Lennart Poettering
68849251a2
Merge pull request #29344 from poettering/tpm2-setup
tpm2-setup: set up TPM2 Storage Root Key (SRK) in a separate service
2023-09-29 21:56:28 +02:00
Luca Boccassi
16f094cfbb
Merge pull request #29374 from mrc0mmand/test-tweaks
test: use "test-" prefix for units
2023-09-29 19:07:59 +01:00
Lennart Poettering
2e64cb71b9 tpm2-setup: add new early boot tool for initializing the SRK
This adds an explicit service for initializing the TPM2 SRK. This is
implicitly also done by systemd-cryptsetup, hence strictly speaking
redundant, but doing this early has the benefit that we can parallelize
this in a nicer way. This also write a copy of the SRK public key in PEM
format to /run/ + /var/lib/, thus pinning the disk image to the TPM.
Making the SRK public key is also useful for allowing easy offline
encryption for a specific TPM.

Sooner or later we should probably grow what this service does, the
above is just the first step. For example, the service should probably
offer the ability to reset the TPM (clear the owner hierarchy?) on a
factory reset, if such a policy is needed. And we might want to install
some default AK (?).

Fixes: #27986
Also see: #22637
2023-09-29 19:36:04 +02:00
Frantisek Sumsal
d1e8485b4a test: use /run/ for test configuration 2023-09-29 16:07:05 +02:00
Frantisek Sumsal
6bbc1a2464 test: use "test-" prefix for units
So the coverage-related drop-in [0] can kick in to avoid errors with
DynamicUser=true. Also, to not make the test confusing with this change,
replace "nft-test" with "test-nft" everywhere.

[0] See test/README.testsuite, section "Code coverage"
2023-09-29 15:55:53 +02:00
Lennart Poettering
9551aa707d tpm2: move measurement log to /run/log/ (from /var/log/)
I have no idea what went on in my mind when I used a path in /var/ for
the tpm2 event log we now keep for userspace measurements. The
measurements are only valid for the current boot, hence should not be
persisted (in particular as they cannot be rotated, hence should not
grow without bounds).

Fix that, simply move from /var/log/ to /run/log/.
2023-09-29 14:35:56 +02:00
Daan De Meyer
4444564a95
Merge pull request #29193 from keszybz/path-util-adjustment
Make unit mangling follow paths
2023-09-29 11:33:12 +02:00
Maanya Goenka
f660c7fa56 fix: do not check/verify slice units if recursive errors are to be ignored
Before this fix, when recursive-errors was set to 'no' during a systemd-analyze
verification, the parent slice was checked regardless. The 'no' setting means that,
only the specified unit should be looked at and verified and errors in the slices should be
ignored. This commit fixes that issue.

Example:

Say we have a sample.service file:

[Unit]
Description=Sample Service

[Service]
ExecStart=/bin/echo "a"
Slice=support.slice

Before Change:

systemd-analyze verify --recursive-errors=no maanya/sample.service
Assertion 'u' failed at src/core/unit.c:153, function unit_has_name(). Aborting.
Aborted (core dumped)

After Change:
systemd-analyze verify --recursive-errors=no maanya/sample.service
{No errors}
2023-09-28 23:32:02 +01:00
Luca Boccassi
1e49f4ed8b
Merge pull request #28545 from bluca/softreboot_survive
pid1: add SurviveFinalKillSignal= to skip units on final sigterm/sigkill spree
2023-09-28 17:12:03 +01:00
Luca Boccassi
3cb5d34ce0
Merge pull request #29295 from valentindavid/valentindavid/sysupdate-patterns-in-directory
sysupdate: Allow patterns to match path with directories
2023-09-28 15:18:45 +01:00
Frantisek Sumsal
d37b9154a7 test: check soft-reboot behavior wrt argv[0][0] == '@' 2023-09-28 13:48:14 +01:00
Luca Boccassi
559214cbbd pid1: add SurviveFinalKillSignal= to skip units on final sigterm/sigkill spree
Add a new boolean for units, SurviveFinalKillSignal=yes/no. Units that
set it will not have their process receive the final sigterm/sigkill in
the shutdown phase.

This is implemented by checking if a process is part of a cgroup marked
with a user.survive_final_kill_signal xattr (or a trusted xattr if we
can't set a user one, which were added only in kernel v5.7 and are not
supported in CentOS 8).
2023-09-28 13:48:14 +01:00