1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Commit Graph

29740 Commits

Author SHA1 Message Date
Michal Sekletar
b58aeb70db service: attempt to execute next main command only for oneshot services (#6619)
This commit fixes crash described in
https://github.com/systemd/systemd/issues/6533

Multiple ExecStart lines are allowed only for oneshot services
anyway so it doesn't make sense to call service_run_next_main() with
services of type other than SERVICE_ONESHOT.

Referring back to reproducer from the issue, previously we didn't observe
this problem because s->main_command was reset after daemon-reload hence
we never reached the assert statement in service_run_next_main().

Fixes #6533
2017-08-25 16:36:10 +03:00
Felipe Sateler
dcfe072ad6 build-sys: don't build networkctl if networkd is disabled 2017-08-23 16:10:42 -03:00
Yu Watanabe
d7ea7bb8a8 network,resolve: remove comments related to kdbus 2017-08-23 12:42:35 +09:00
Yu Watanabe
fb72b1d99f networkd: do not fail manager_connect_bus() if dbus is not active yet
Fixes #6618.
2017-08-23 12:42:22 +09:00
Yu Watanabe
9b5c390fe3 man: mention configuration directories to sysusers.d 2017-08-23 12:40:07 +09:00
Yu Watanabe
521d3679c1 Merge pull request #6615 from ssahani/client-id
networkd: fix spell DCHPClientIdentifier (DCHP => DHCP)
2017-08-22 20:19:19 +09:00
Yu Watanabe
2d56bdabc2 man: fix wrong citation in systemd-sysctl.service.xml 2017-08-22 13:26:09 +09:00
Michael Biebl
91b8082096 CONTRIBUTING: stop mentioning "make check"
Since the switch to meson this information is no longer valid. HACKING already documents how to run the test suite.

See #6642
2017-08-21 09:47:07 +02:00
Charles Huber
850c8bd7b7 hwdb: Add Logitech G100s Optical Gaming Mouse (#6570) 2017-08-18 05:53:25 +10:00
Alan Jenkins
0675e94ab5 "Don't fear the fsync()"
For files which are vital to boot

1. Avoid opening any window where power loss will zero them out or worse.
   I know app developers all coded to the ext3 implementation, but
   the only formal documentation we have says we're broken if we actually
   rely on it.  E.g.

   * `man mount`, search for `auto_da_alloc`.
   * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change
   * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/

2. If we tell the kernel we're interested in writing them to disk, it will
   tell us if that fails.  So at minimum, this means we play our part in
   notifying the user about errors.

I refactored error-handling in `udevadm-hwdb` a little.  It turns out I did
exactly the same as had already been done in the `systemd-hwdb` version,
i.e. commit d702dcd.
2017-08-17 20:26:36 +01:00
Alan Jenkins
dce892acef localed: don't remove xorg.conf.d/00-keyboard.conf on failures
One of the benefits of updating a file "atomically", is to avoid losing the
old version.  For example, if we run out of disk space half-way through.

Fix localed to enjoy this benefit.
2017-08-17 17:21:47 +01:00
Alan Jenkins
1d422b153b units: order service(s) before udevd, not udev-trigger (coldplug)
Since hotplugs happen as soon as udevd is started, there is not much sense
in giving udev-trigger an After= dependency on any service.  The device
could be hotplugged before coldplug starts.

This is intended to avoid the race window where we create the hwdb with
the wrong selinux context (then fix it up afterwards).
https://github.com/systemd/systemd/issues/3458#issuecomment-322444107
2017-08-15 14:22:44 +01:00
Alan Jenkins
3533b49e74 units: Sockets= already implies Wants= and After= (systemd-udevd.service)
I grepped for other `After=` on a socket unit as well.  This was the only
instance.
2017-08-15 14:11:23 +01:00
Susant Sahani
499d555a79 networkd: fix spell DCHPClientIdentifier (DCHP => DHCP) 2017-08-15 10:20:25 +05:30
Evgeny Vereshchagin
43ee6a8128 Merge pull request #6475 from martinpitt/test-set-e
test: Run qemu/nspawn tests with "set -e"
2017-08-11 07:02:02 +03:00
Lennart Poettering
635f3df5dc units: make use of the new !! ExecStart= prefix in systemd-resolved.service
Let's make use of !! to run resolved with ambient capabilities on
systems supporting them.
2017-08-10 15:04:32 +02:00
Lennart Poettering
165a31c0db core: add two new special ExecStart= character prefixes
This patch adds two new special character prefixes to ExecStart= and
friends, in addition to the existing "-", "@" and "+":

"!"  → much like "+", except with a much reduced effect as it only
       disables the actual setresuid()/setresgid()/setgroups() calls, but
       leaves all other security features on, including namespace
       options. This is very useful in combination with
       RuntimeDirectory= or DynamicUser= and similar option, as a user
       is still allocated and used for the runtime directory, but the
       actual UID/GID dropping is left to the daemon process itself.
       This should make RuntimeDirectory= a lot more useful for daemons
       which insist on doing their own privilege dropping.

"!!" → Similar to "!", but on systems supporting ambient caps this
       becomes a NOP. This makes it relatively straightforward to write
       unit files that make use of ambient capabilities to let systemd
       drop all privs while retaining compatibility with systems that
       lack ambient caps, where priv dropping is the left to the daemon
       codes themselves.

This is an alternative approach to #6564 and related PRs.
2017-08-10 15:04:32 +02:00
Lennart Poettering
39f608e4b0 capability: add new ambient_capabilities_supported() helper
This new function reports whether ambient caps are available, and should
be quick because the result is cached.
2017-08-10 15:02:50 +02:00
Lennart Poettering
6067611a08 capability: change capability_bounding_set_drop() to be work without privileges when executing a NOP
This way daemons which already dropped all caps may use the call to
drop priviliges again, which becomes a non-failing NOP.
2017-08-10 15:02:50 +02:00
Lennart Poettering
6eaaeee93a seccomp: add new @setuid seccomp group
This new group lists all UID/GID credential changing syscalls (which are
quite a number these days). This will become particularly useful in a
later commit, which uses this group to optionally permit user credential
changing to daemons in case ambient capabilities are not available.
2017-08-10 15:02:50 +02:00
Lennart Poettering
8f2c2f20b6 mkdir: chmod_and_chown() returns errors as "return -errno", not in errno itself 2017-08-10 15:02:50 +02:00
Lennart Poettering
43b1f7092d execute: needs_{selinux,apparmor,smack} → use_{selinux,apparmor,smack}
These booleans simply store whether selinux/apparmor/smack are supposed
ot be used, and chache the various mac_xyz_use() calls before we
transition into the namespace, hence let's use the same verb for the
variables and the functions: "use"
2017-08-10 15:02:50 +02:00
Lennart Poettering
9f6444eb92 execute: make use of IN_SET() where we can 2017-08-10 15:02:50 +02:00
Lennart Poettering
937ccce94c execute: simplify needs_sandboxing checking
Let's merge three if blocks that shall only run when sandboxing is applied
into one.

Note that this changes behaviour in one corner case: PrivateUsers=1 is
now honours both PermissionsStartOnly= and the "+" modifier in
ExecStart=, and not just the former, as before. This was an oversight,
so let's fix this now, at a point in time the option isn't used much
yet.
2017-08-10 15:02:50 +02:00
Lennart Poettering
1703fa41a7 core: rename EXEC_APPLY_PERMISSIONS → EXEC_APPLY_SANDBOXING
"Permissions" was a bit of a misnomer, as it suggests that UNIX file
permission bits are adjusted, which aren't really changed here. Instead,
this is about UNIX credentials such as users or groups, as well as
namespacing, hence let's use a more generic term here, without any
misleading reference to UNIX file permissions: "sandboxing", which shall
refer to all kinds of sandboxing technologies, including UID/GID
dropping, selinux relabelling, namespacing, seccomp, and so on.
2017-08-10 15:02:50 +02:00
Lennart Poettering
f0d477979e core: introduce unit_set_exec_params()
The new unit_set_exec_params() call is to units what
manager_set_exec_params() is to the manager object: it initializes the
various fields from the relevant generic properties set.
2017-08-10 15:02:50 +02:00
Lennart Poettering
19bbdd985e core: manager_set_exec_params() cannot fail, hence make it void
Let's simplify things a bit.
2017-08-10 15:02:50 +02:00
Lennart Poettering
584b8688d1 execute: also fold the cgroup delegate bit into ExecFlags 2017-08-10 15:02:50 +02:00
Lennart Poettering
ac6479781e execute: also control the SYSTEMD_NSS_BYPASS_BUS through an ExecFlags field
Also, correct the logic while we are at it: the variable is only
required for system services, not user services.
2017-08-10 15:02:49 +02:00
Lennart Poettering
5bf7569cf8 service: let's set EXEC_NEW_KEYRING through SET_FLAG()
Not that it really matters, but it matches how we set the flags in
manager_set_exec_params() too.
2017-08-10 15:02:49 +02:00
Lennart Poettering
c71b2eb77e core: don't chown() the configuration directory
The configuration directory is commonly not owned by a service, but
remains root-owned, hence don't change the owner automatically for it.
2017-08-10 15:02:49 +02:00
Lennart Poettering
8679efde21 execute: add one more ExecFlags flag, for controlling unconditional directory chowning
Let's decouple the Manager object from the execution logic a bit more
here too, and simply pass along the fact whether we should
unconditionally chown the runtime/... directories via the ExecFlags
field too.
2017-08-10 14:44:58 +02:00
Lennart Poettering
af635cf377 execute: let's decouple execute.c a bit from the unit logic
Let's try to decouple the execution engine a bit from the Unit/Manager
concept, and hence pass one more flag as part of the ExecParameters flags
field.
2017-08-10 14:44:58 +02:00
Lennart Poettering
3ed0cd26ea execute: replace command flag bools by a flags field
This way, we can extend it later on in an easier way, and can pass it
along nicely.
2017-08-10 14:44:58 +02:00
Justin Michaud
2935311ca4 Add hwdb fix for Lenovo Flex 3 15 inch touchpad resolution (#6558)
add hwdb fix for Lenovo Flex 3 1580
2017-08-10 12:24:34 +02:00
Lennart Poettering
4f41b69cd9 Merge pull request #6579 from sourcejedi/getty
getty nitpicks
2017-08-10 12:05:21 +02:00
Martin Pitt
818567fce6 test: Run qemu/nspawn tests with "set -e"
This catches errors like "ninja not found", missing programs etc. early,
instead of silently ignoring them and trying to boot a broken VM.

In install_config_files(), allow some distro specific files to be absent
(such as /etc/sysconfig/init).
2017-08-10 08:43:13 +02:00
Martin Pitt
22077c9c91 test: Write state and log files into $BUILD_DIR
This avoids clobbering the source tree with .testdir/test.log files and
makes the tests work in situations where the source tree is read-only.
2017-08-10 08:30:55 +02:00
Lennart Poettering
7a0019d373 core: introduce a restart counter (#6495)
This adds a per-service restart counter. Each time an automatic
restart is scheduled (due to Restart=) it is increased by one. Its
current value is exposed over the bus as NRestarts=. It is also logged
(in a structured, recognizable way) on each restart.

Note that this really only counts automatic starts triggered by Restart=
(which it nicely complements). Manual restarts will reset the counter,
as will explicit calls to "systemctl reset-failed". It's supposed to be
a tool for measure the automatic restart feature, and nothing else.

Fixes: #4126
2017-08-09 21:12:55 +02:00
Lennart Poettering
97f7e3663e Merge pull request #6467 from yuwata/journal-remote-units
units: use {State,Logs}Directory= if they are applicable
2017-08-09 21:09:13 +02:00
Alan Jenkins
ae805c89ef units: console-getty.service: use the default RestartSec
> Note that console-getty.service as more uses than just containers. The
> idea is that it may be used as alternative to the whole VC/logind stuff,
> if all you need is a console on /dev/console, even on physical devices.

This means we want to remove RestartSec=0, for serial systems.
See 4bf0432 "units/serial-getty@.service: use the default RestartSec".
2017-08-09 18:56:26 +01:00
Alan Jenkins
d32465fb41 units: add Conflicts=rescue.service to container-getty@.service
The traditional runlevel 1 is "single user mode", and shuts down all but
the main console.  In systemd, rescue.target provides runlevel1.target.
But it did not shut down logins on secondary consoles... if systemd was
running in a container.

I don't think we strictly need to change this.  But when you look at both
container-getty@.service and getty@.service, you see that both have
IgnoreOnIsolate, but only the latter has Conflicts=rescue.service.

This also makes rescue.target in a container consistent with
emergency.target.  In the latter case, the gettys were already stopped,
because they have a Requires dependency on sysinit.target.
2017-08-09 18:52:05 +01:00
Alan Jenkins
858beb391b units/console-getty.service: comment reason for ConditionPathExists
Currently we have 4 getty services.  1 has a BindsTo dependency on a
device unit.  3 have ConditionPathExists, but the reason is different in
every single one.

* Add comment to console-getty@.service (see commit 1b41981d)
* getty@.service is already commented
* container-getty.service is not strictly correct, as I realized while
  trying to compose a comment.  Reported as #6584.
2017-08-09 18:51:46 +01:00
Lennart Poettering
c9ed61e7a0 pam_logind: skip leading /dev/ from PAM_TTY field before passing it on
Apparently, PAM documents that the PAM_TTY should come with a /dev
prefix, but we don't expect it so far, except that Wayland ends up
setting it after all, the way the docs suggest. Hence, let's simply drop
the /dev prefix if it is there.

Fixes: #6516
2017-08-09 19:04:36 +02:00
Lennart Poettering
27458ed629 tree-wide: use path_startswith() rather than startswith() where ever that's appropriate
When checking path prefixes we really should use the right APIs, just in
case people add multiple slashes to their paths...
2017-08-09 19:03:39 +02:00
Lennart Poettering
a119ec7c82 util-lib: add a new skip_dev_prefix() helper
This new helper removes a leading /dev if there is one. We have code
doing this all over the place, let's unify this, and correct it while
we are at it, by using path_startswith() rather than startswith() to
drop the prefix.
2017-08-09 19:01:18 +02:00
William Douglas
b3f5897f6e tmpfiles: Allow create symlink on directories (#6039)
Currently if tmpfiles is run with force on symlink creation but there already
exists a directory at that location, the creation will fail. This change
updates the behavior to remove the directory with rm_fr and then attempts to
create the symlink again.
2017-08-09 17:53:03 +02:00
Lennart Poettering
4e7b57eb0e Merge pull request #6497 from yuwata/bus-prop
core: add missing properties in bus_exec_context_set_transient_property()
2017-08-09 17:06:26 +02:00
Alan Jenkins
8522ee7975 man/systemd-getty-generator fix/update
* Containers don't use serial-getty@console.service,
  they use console-getty.service instead, and suppress
  scanning for kernel or virtualizer consoles.

* Nowadays gettys are started on *all* configured kernel consoles.

* except for the line printer console, because that's not a tty.
  (Seriously.  Search CONFIG_LP_CONSOLE).
2017-08-09 15:53:55 +01:00
Lennart Poettering
8c759b33a4 tests: when running a manager object in a test, migrate to private cgroup subroot first (#6576)
Without this "meson test" will end up running all tests in the same
cgroup root, and they all will try to manage it. Which usually isn't too
bad, except when they end up clearing up each other's cgroups. This race
is hard to trigger but has caused various CI runs to fail spuriously.

With this change we simply move every test that runs a manager object
into their own private cgroup. Note that we don't clean up the cgroup at
the end, we leave that to the cgroup manager around it.

This fixes races that become visible by test runs throwing out errors
like this:

```
exec-systemcallfilter-failing.service: Passing 0 fds to service
exec-systemcallfilter-failing.service: About to execute: /bin/echo 'This should not be seen'
exec-systemcallfilter-failing.service: Forked /bin/echo as 5693
exec-systemcallfilter-failing.service: Changed dead -> start
exec-systemcallfilter-failing.service: Failed to attach to cgroup /exec-systemcallfilter-failing.service: No such file or directory
Received SIGCHLD from PID 5693 ((echo)).
Child 5693 ((echo)) died (code=exited, status=219/CGROUP)
exec-systemcallfilter-failing.service: Child 5693 belongs to exec-systemcallfilter-failing.service
exec-systemcallfilter-failing.service: Main process exited, code=exited, status=219/CGROUP
exec-systemcallfilter-failing.service: Changed start -> failed
exec-systemcallfilter-failing.service: Unit entered failed state.
exec-systemcallfilter-failing.service: Failed with result 'exit-code'.
exec-systemcallfilter-failing.service: cgroup is empty
Assertion 'service->main_exec_status.status == status_expected' failed at ../src/src/test/test-execute.c:71, function check(). Aborting.
```

BTW, I tracked this race down by using perf:

```
        # perf record -e cgroup:cgroup_mkdir,cgroup_rmdir
        …
        # perf script
```

Thanks a lot @iaguis, @alban for helping me how to use perf for this.

Fixes #5895.
2017-08-09 09:42:49 -04:00