1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

26 Commits

Author SHA1 Message Date
Ryan Wilson
63d4c4271c cgroup: Add ManagedOOMMemoryPressureDurationSec= override setting for units
This will allow units (scopes/slices/services) to override the default
systemd-oomd setting DefaultMemoryPressureDurationSec=.

The semantics of ManagedOOMMemoryPressureDurationSec= are:
- If >= 1 second, overrides DefaultMemoryPressureDurationSec= from oomd.conf
- If is empty, uses DefaultMemoryPressureDurationSec= from oomd.conf
- Ignored if ManagedOOMMemoryPressure= is not "kill"
- Disallowed if < 1 second

Note the corresponding dbus property is DefaultMemoryPressureDurationUSec
which is in microseconds. This is consistent with other time-based
dbus properties.
2024-10-16 20:12:38 -07:00
Arthur Shau
cc0ab8c810 timer: introduce DeferReactivation setting
By default, in instances where timers are running on a realtime schedule,
if a service takes longer to run than the interval of a timer, the
service will immediately start again when the previous invocation finishes.
This is caused by the fact that the next elapse is calculated based on
the last trigger time, which, combined with the fact that the interval
is shorter than the runtime of the service, causes that elapse to be in
the past, which in turn means the timer will trigger as soon as the
service finishes running.

This behavior can be changed by enabling the new DeferReactivation setting,
which will cause the next calendar elapse to be calculated based on when
the trigger unit enters inactivity, rather than the last trigger time.

Thus, if a timer is on an realtime interval, the trigger will always
adhere to that specified interval.
E.g. if you have a timer that runs on a minutely interval, the setting
guarantees that triggers will happen at *:*:00 times, whereas by default
this may skew depending on how long the service runs.

Co-authored-by: Matteo Croce <teknoraver@meta.com>
2024-10-11 22:54:16 +02:00
Daan De Meyer
7a66f21556 core: Add systemd.crash_action= kernel command line argument
Required for integration tests to power off on PID 1 crashes. We
deprecate systemd.crash_reboot and related options by removing them
from the documentation but still parsing them.
2024-04-29 14:34:22 +02:00
Jakub Sitnicki
97df75d7bd socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.

This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.

One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.

To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.

This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.

To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.

[1] https://docs.kernel.org/bpf/map_sockmap.html
[2] https://lore.kernel.org/r/20180808075917.3009181-1-kafai@fb.com
[3] https://man.archlinux.org/man/socket.7#SO_INCOMING_CPU
[4] https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html
2024-03-27 01:41:26 +08:00
Sam Leonard
f31cff849d
journald: implement socket forwarding
This commit adds a new way of forwarding journal messages - forwarding
over a socket.

The socket can be any of AF_INET, AF_INET6, AF_UNIUX or AF_VSOCK.

The address to connect to is retrieved from the "journald.forward_address" credential.

It can also be specified in systemd-journald's unit file with ForwardAddress=
2024-02-15 14:08:20 +00:00
Nick Cao
4be1fc8443 network: Add L3MasterDevice= into routing policy 2024-01-19 00:17:50 +00:00
Raito Bezarius
b49595503d networkd: support proxy_arp_pvlan sysctl
The proxy ARP private VLAN sysctl is useful for VLAN aggregation, see
https://sysctl-explorer.net/net/ipv4/proxy_arp_pvlan/ for details.
2023-12-24 03:40:03 +09:00
Luca Boccassi
9e615fa3aa core: add WantsMountsFor=
This is the equivalent of RequiresMountsFor=, but adds Wants= instead
of Requires=. It will be useful for example for the autogenerated
systemd-cryptsetup units.

Fixes https://github.com/systemd/systemd/issues/11646
2023-11-29 11:04:59 +00:00
Daan De Meyer
9c0c670125 core: Add RootEphemeral= setting
This setting allows services to run in an ephemeral copy of the root
directory or root image. To make sure the ephemeral copies are always
cleaned up, we add a tmpfiles snippet to unconditionally clean up
/var/lib/systemd/ephemeral. To prevent in use ephemeral copies from
being cleaned up by tmpfiles, we use the newly added COPY_LOCK_BSD
and BTRFS_SNAPSHOT_LOCK_BSD flags to take a BSD lock on the ephemeral
copies which instruct tmpfiles to not touch those ephemeral copies as
long as the BSD lock is held.
2023-06-21 12:48:46 +02:00
Mike Yuan
b5b1351317
test: add tests for UpheldBy= in [Install] section 2023-05-15 15:04:38 +08:00
Yu Watanabe
054749e413 core: add missing MemoryPressureWatch= and MemoryPressureThresholdSec= setting
Follow-up for #26393.

Addresses https://github.com/systemd/systemd/pull/26393#issuecomment-1458655798.
2023-03-09 23:43:04 +09:00
Quentin Deslandes
523ea1237a journal: log filtering options support in PID1
Define new unit parameter (LogFilterPatterns) to filter logs processed by
journald.

This option is used to store a regular expression which is carried from
PID1 to systemd-journald through a cgroup xattrs:
`user.journald_log_filter_patterns`.
2022-12-15 09:57:39 +00:00
Pasha Vorobyev
d7fe0a6723 MemoryZSwapMax directive to configure new memory.zswap.max cgroup file 2022-11-15 21:15:37 +01:00
Lennart Poettering
351f7d5143 fuzz: add ConditionCredential= to fuzz files, and sort their sections 2022-07-15 10:53:45 +02:00
Luca Boccassi
aff3a9e1fa watchdog: add setting to configure pretimeout governor 2022-02-22 17:19:54 +00:00
Curtis Klein
5717062e93 watchdog: Add watchdog pretimeout support
Add support for managing and configuring watchdog pretimeout values if
the watchdog hardware supports it. The ping interval is adjusted to
account for a pretimeout so that it will still ping at half the timeout
interval before a pretimeout event would be triggered. By default the
pretimeout defaults to 0s or disabled.

The RuntimeWatchdogPreSec config option is added to allow the pretimeout
to be specified (similar to RuntimeWatchdogSec). The
RuntimeWatchdogPreUSec dbus property is added to override the pretimeout
value at runtime (similar to RuntimeWatchdogUSec). Setting the
pretimeout to 0s will disable the pretimeout.
2022-02-22 17:19:54 +00:00
Alvin Šipraga
19ff06b3a4
udev/net: support Match.Firmware= in .link files (#22462)
In cbcdcaaa0e ("Add support for conditions on the machines firmware")
a new Firmware= directive was added for .netdev and .network files.
While it was also documented to work on .link files, in actual fact the
support was missing. Add that one extra line to make it work, and also
update the fuzzer directives.
2022-02-10 16:19:28 +09:00
Santa Wiryaman
97f27f8a16 Add support for isolated parameter
Add the "Isolated" parameter in the *.network file, e.g.,

[Bridge]
Isolated=true|false

When the Isolated parameter is true, traffic coming out of this port
will only be forward to other ports whose Isolated parameter is false.

When Isolated is not specified, the port uses the kernel default
setting (false).

The "Isolated" parameter was introduced in Linux 4.19.
See man bridge(8) for more details.
But even though the kernel and bridge/iproute2 recognize the "Isolated"
parameter, systemd-networkd did not have a way to set it.
2022-02-09 17:37:37 +09:00
Luca Boccassi
a07b992606 core: add ExtensionDirectories= setting
Add a new setting that follows the same principle and implementation
as ExtensionImages, but using directories as sources.
It will be used to implement support for extending portable images
with directories, since portable services can already use a directory
as root.
2022-01-21 22:53:12 +09:00
Luca Boccassi
81513b382b core: add Condition[Memory/CPU/IO]Pressure
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.

Fixes #20139
2021-12-01 09:53:18 +01:00
Slava Bacherikov
af493fb742 network: Add SuppressInterfaceGroup= into routing policy
This adds SuppressInterfaceGroup= option in the [RoutingPolicyRule] section
which has the same semantics as suppress_ifgroup in `ip rule` command.
2021-11-16 01:54:07 +09:00
Daan De Meyer
51462135fb exec: Add TTYRows and TTYColumns properties to set TTY dimensions 2021-11-05 21:32:14 +00:00
Mauricio Vásquez
4f0c25c794 core: add load fragment implementation for RestrictNetworkInterfaces=
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
2021-08-18 15:55:53 -05:00
Luca Boccassi
1e26f8a60b core: add ConditionOSRelease= directive 2021-06-24 13:57:48 +01:00
LetzteInstanz
8430841b5e network: save IPv4/IPv6 address states into state file
This also introduces RequiredFamilyForOnline= setting to .network file,
and IPv4AddressState/IPv6AddressState DBus properties.
2021-04-14 08:51:02 +09:00
Frantisek Sumsal
34fde9f898 test: check if the unit file fuzzer corpora is up to date
This follows a similar pattern we already have in place for
networkd-related directives.
2021-04-05 14:41:05 +01:00