1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

1358 Commits

Author SHA1 Message Date
Maciek Borzecki
0ddd608a6d units/systemd-udevd: allow bpf() syscall
Programs run by udev triggers may need to execute the bpf() syscall. Even more
so, since on a cgroup v2 system, the only way to set up device access filtering
is to install a BPF program on the cgroup in question and one way of passing
data to such program is through BPF maps, which can only be access using the
bpf() syscall. One such use case was identified in RHBZ#2025264 related to
snap-device-helper, and led to RHBZ#2027627 being filed.

Unfortunately there is no finer grained control over what gets passed in the
syscall, so just enable bpf() and leave fine grained mediation to other
security layers (eg. SELinux).

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2027627

Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
2021-12-07 07:37:54 +01:00
Franck Bui
d5ee050ffc journal: don't remove the flushed flag when journald is stopped
Due to the fact that systemd-journal-flush.service has
"Requires=systemd-journald.service", this service is stopped too when journald
is requested to do so.

However stopping systemd-journal-flush.service implies that journald
relinquishes /var hence implicitly switching back to the volatile storage
mode and removing /run/systemd/journal/flushed.

If journald is started afterwards, it will run in volatile storage mode
regardless of the value of 'Storage=' as it believes now that /var is not yet
ready (because the flushed flag is missing).

Because this flag is mainly an indication for journald that the initialization
of /var/log/journal (during the boot process) has been done,
systemd-journal-flush.service shouldn't be tied to the state of journald itself
but to the state of /var/log/journal, hence to the state of the system.
2021-12-06 11:47:27 +01:00
Luca Boccassi
61aea456c1 coredump: analyze object with libdwelf in forked process
Parsing objects is risky as data could be malformed or malicious,
so avoid doing that from the main systemd-coredump process and
instead fork another process, and set it to avoid generating
core files itself.
2021-11-30 16:49:58 +00:00
Zbigniew Jędrzejewski-Szmek
0491ab5fcd units: delay binfmt processing until after local-fs.target
Users may use rules that refer to binaries e.g. in /opt or /usr/local,
and those directories may be separate mount points. We don't need the
binfmt rules in early boot, so let's delay the service so that we can
rely on the full local filesystem being visible.

Fixes #21178.
2021-11-16 09:21:22 +01:00
Lennart Poettering
12a9f68f06 units: relax sandbox so that uidmap stuff can work
The uidmap suff requires additional caps and userns to work in some
cases. Allow it.

Follow-up for: 1147c538bb
2021-11-16 10:41:36 +09:00
Scott Lamb
4b499063ac fsck: no emergency.target on nofail mounts
Also describe failure behavior more precisely in the manpage.
Fixes #20237.
2021-11-10 11:58:12 +01:00
Christian Brauner
a6d1760024 build: preserve correct mode when generating files via jinja2
When using "capture : true" in custom_target()s the mode of the source
file is not preserved when the generated file is not installed and so
needs to be tweaked manually. Switch from output capture to creating the
target file and copy the permissions from the input file.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-11-08 12:06:48 +00:00
Daan De Meyer
b4bf9007cb getty: Pass tty to use by agetty via stdin
If the tty arg is set to "-", agetty uses the stdin fd as the tty.
Let's pass the tty this way so that we keep an fd open to the tty
at all times. If all fd's to a tty are closed, the kernel might
reset the tty which we want to avoid.
2021-11-05 21:32:11 +00:00
Lennart Poettering
eaaa02bffe
Merge pull request #20902 from tasleson/integritysetup-generator
Add stand-alone dm integrity support
2021-10-15 18:57:17 +02:00
Tony Asleson
1f1a2243c0 Add stand-alone dm-integrity support
This adds support for dm integrity targets and an associated
/etc/integritytab file which is required as the dm integrity device
super block doesn't include all of the required metadata to bring up
the device correctly.  See integritytab man page for details.
2021-10-15 10:19:54 -05:00
Yu Watanabe
a6d4e83b8a unit: networkd does not require AF_ALG anymore
As khash is retired.
2021-10-15 09:25:38 +02:00
Tony Asleson
9a2a6ec4e3 dm-verity: Remove usage of integrity
There is a difference between dm-verity and dm-integrity.  Remove
usage of integrity from verity documentation in man pages and
target files.
2021-10-14 12:17:02 -05:00
Lennart Poettering
ce7de0ba8e units: run user service managers at OOM score adjustment 100
Let's make it slightly more likely that a per-user service manager is
killed than any system service. We use a conservative 100 (from a range
that goes all the way to 1000).

Replaces: #17426

Together with the previous commit this means: system manager and system
services are placed at OOM score adjustment 0 (specifically: they
inherit kernel default of 0). User service manager (both for root and
non-root) are placed at 100. User services for non-root are placed at
200, those for root inherit 100.

Note that processes forked off the user *sessions* (i.e. not forked off
the per-user service manager) remain at 0 (e.g. the shell process
created by a tty or ssh login). This probably should be
addressed too one day (maybe in pam_systemd?), but is not covered here.
2021-10-04 16:27:10 +02:00
Frantisek Sumsal
f7e0d22d76 tools: shellcheck-ify tool scripts 2021-09-30 12:27:06 +02:00
Frantisek Sumsal
220261ef94 unit: install the systemd-bless-boot.service only if we have gnu-efi
Follow-up to #20591.
2021-09-22 08:47:59 +09:00
Luca Boccassi
71a80dcc0b
Merge pull request #20690 from DaanDeMeyer/oomd-user-services
oom: Support for user services
2021-09-21 15:39:48 +01:00
Lennart Poettering
f62c5bd152 units: hookup systemd-boot-update.service
It was apparently missed to hook this up in
71c8bf2837.
2021-09-20 19:39:03 +02:00
Michal Sekletar
3435754559 boot: don't build bootctl when -Dgnu-efi=false is set 2021-09-20 17:41:23 +02:00
Daan De Meyer
064a5c1438 oom: Add support for user unit ManagedOOM property updates
Compared to PID1 where systemd-oomd has to be the client to PID1
because PID1 is a more privileged process than systemd-oomd, systemd-oomd
is the more privileged process compared to a user manager so we have
user managers be the client whereas systemd-oomd is now the server.

The same varlink protocol is used between user managers and systemd-oomd
to deliver ManagedOOM property updates. systemd-oomd now sets up a varlink
server that user managers connect to to send ManagedOOM property updates.

We also add extra validation to make sure that non-root senders don't
send updates for cgroups they don't own.

The integration test was extended to repeat the chill/bloat test using
a user manager instead of PID1.
2021-09-20 13:53:11 +01:00
Yu Watanabe
ca589b1b41 unit: systemd-oomd.service requires cgroup memory controller 2021-09-12 10:29:29 +09:00
Lennart Poettering
169764332a homed: add missing capabilities for SMB/CIFS backend
In 2020 mount.cifs started to require a bunch for caps to work. let's
add them to the capability bounding set.

Also, SMB support obviously needs network access, hence open that up.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1962920
2021-08-31 10:51:42 +02:00
Yegor Alexeyev
836fb00f21 units: added factory-reset.target 2021-08-10 17:08:00 +02:00
Zbigniew Jędrzejewski-Szmek
2525682565 units: make sure systemd-tmpfiles-{setup,clean} don't survive switch-root
Normally, these services are killed because we run isolate. But I booted into
emergency mode (because of a futher bug with us timing out improperly on the
luks password prompt), and then continuted to the host system by running
'systemctl start systemd-switch-root.service'. My error, but the results are
confusing and bad: systemd in the host sees 'systemd-tmpfiles-setup.service'
as started successfully, and doesn't restart it, so the setup for /tmp/.X11 is
not done and gdm.service fails. So while we wouldn't encounter this during
normal successful boot, I think it's good to make this more robust.

The dep is added to systemd-tmpfiles-{setup,clean}, because /tmp is not
propagated over switch-root. /dev is, so I didn't touch
systemd-tmpfiles-setup-dev.service.
2021-08-06 11:11:14 +01:00
Lennart Poettering
71c8bf2837 boot: optionally update sd-boot on boot
Boot loaders are software like any other, and hence muse be updated in
regular intervals. Let's add a simple (optional) service that updates
sd-boot automatically from the host if it is found installed but
out-of-date in the ESP.

Note that traditional distros probably should invoke "bootctl update"
directly from the package scripts whenver they update the sd-boot
package. This new service is primarily intended for image-based update
systems, i.e. where the rootfs or /usr are atomically updated in A/B
style and where the current boot loader should be synced into the ESP
from the currently booted image every now and then. It can also act as
safety net if the packaging scripts in classic systems are't doing the
bootctl update stuff themselves.

Since updating boot loaders mit be a tiny bit risky (even though we try
really hard to make them robust, by fsck'ing the ESP and mounting it only on
demand, by doing updates mostly as single file updates and by fsync()ing
heavily) this is an optional feature, i.e. subject to "systemctl
enable". However, since it's the right thing to do I think, it's enabled
by default via the preset logic.

Note that the updating logic is implemented gracefully: i.e. it's a NOP
if the boot loader is already new enough, or was never installed.
2021-07-30 17:19:55 +02:00
Zbigniew Jędrzejewski-Szmek
fce9abb227 meson: use a/b instead of join_paths(a,b)
It is nicer and shorter.
2021-07-27 19:32:35 +02:00
Gibeom Gwon
85e424c0c8 homed: allow systemd-homed access to FIDO2 devices
Add DeviceAllow= option for FIDO2 devices in systemd-homed.service.
2021-07-12 23:35:32 +01:00
qhill
f127fed75d units: correct description of final.target
This was updated incorrectly in 4fd3fc6639.  As https://github.com/systemd/systemd/blob/main/man/systemd.special.xml decribes, this unit is about shutdown rather than boot.
2021-07-02 18:29:54 +02:00
Zbigniew Jędrzejewski-Szmek
2e32d390b0 units: adjust description of systemd-update-utmp.service
"Update about" is not gramatically correct. I also think saying "Record" makes
this easier to understand for people who don't necessarilly know what UTMP is.
2021-06-30 13:25:16 +02:00
Zbigniew Jędrzejewski-Szmek
8ea2578529 units: shorten description of kmod-static-nodes.service
As suggested in
https://github.com/systemd/systemd/pull/20058#pullrequestreview-695023490.
2021-06-30 13:25:16 +02:00
Zbigniew Jędrzejewski-Szmek
4fd3fc6639 units: adjust Descriptions of various units
In general, it's not very usuful to repeat the unit name as the description.
Especially when the word is a common name and if somebody doesn't understand
the meaning immediately, they are not going to gain anything from the
repeat either, e.g. "halt", "swap".

In the status-unit-format=combined output parentheses are used around
Description, so avoid using parenthesis in the Description itself.
2021-06-30 13:25:16 +02:00
Zbigniew Jędrzejewski-Szmek
0a59216cae logind, units: unit Descriptions should be capitalized 2021-06-30 13:25:16 +02:00
Yu Watanabe
e19b0746f1 unit: use alias name of man page 2021-06-15 12:14:26 +01:00
Lennart Poettering
e68778a3ac journald: when journald namespace instances log, they can do so safely to the main journald instance
Fixes: #18951
2021-06-09 12:30:22 +09:00
Zbigniew Jędrzejewski-Szmek
dc16846c26 units: stop automount unit when shutting down
This is currently our only .automount unit. We wouldn't want to trigger it
accidentally during shutdown, so let's stop it too.
2021-06-07 13:38:28 +02:00
Lennart Poettering
86204ae145 units: make sure importd has CAP_LINUX_IMMUTABLE flag
Since d8f9686c0f we use the chattr +i flag
for marking containers in directories as reead-only. But to do so we
need the cap for it, hence grant it.

Fixes: #19115
2021-05-22 16:02:02 +09:00
Zbigniew Jędrzejewski-Szmek
fe7f113c13 units: skip some units in the initrd
I'm working on building initramfs images directly from normal packages, and it
doesn't make sense for those units to be started. Pristine system rpms need to
behave correctly as much as possible also in the initrd, and those units are
enabled by the rpms. There usually isn't enough time for the timer to actually
fire, but starting it gives a line on the console and generally looks confusing
and sloppy. Flushing the journal means that its actually lost, since the real
/var is not available yet.

Another approach would be not enable those units, but right now they are
statically enabled, and changing that would be more work, and doesn't really
seem necessary, since the condition checks are very quick.

Checking for /etc/initrd-release is the standard condition that the initrd
units use, so let's do the same here.
2021-05-22 15:58:40 +09:00
Zbigniew Jędrzejewski-Szmek
71ae5ce544 units: generate ReadWritePaths= in the template 2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
645b2b190c meson: drop unnecessary listification 2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
fa10451686 units: strip out the developer comment in .service unit again
The comment talks about upstream development steps and doesn't make
sense for users. We used special '## ' syntax to strip it out during
build, but it got inadvertently reformatted as a normal comment
in 3982becc92.
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
059cc610b7 meson: use jinja2 for unit templates
We don't need two (and half) templating systems anymore, yay!

I'm keeping the changes minimal, to make the diff manageable. Some enhancements
due to a better templating system might be possible in the future.

For handling of '## ' — see the next commit.
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
7c22f07cbd meson: revert the change to unquote commands in add_install_script
Old meson fails with:
Element not a string: [<Holder: <ExternalProgram 'sh' -> ['/bin/sh']>>, '-c', 'test -n "$DESTDIR" || /bin/journalctl --update-catalog']

I'm doing it as a revert so that it's easy to undo the revert when we require
newer meson. The effect is not so bad, maybe a dozen or so lines about finding
'sh'.
2021-05-14 19:52:25 +02:00
Zbigniew Jędrzejewski-Szmek
0f4c4f3824 meson: call find_program() once and reuse the variable everywhere
Meson 0.58 has gotten quite bad with emitting a message every time
a quoted command is used:
Program /home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh found: YES (/home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program xsltproc found: YES (/usr/bin/xsltproc)
Configuring custom-entities.ent using configuration
Message: Skipping bootctl.1 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping journal-remote.conf.5 because HAVE_MICROHTTPD is false
Message: Skipping journal-upload.conf.5 because HAVE_MICROHTTPD is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping loader.conf.5 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
...

Let's suffer one message only for each command. Hopefully we can silence
even this when https://github.com/mesonbuild/meson/issues/8642 is
resolved.
2021-05-14 14:21:27 +02:00
Lennart Poettering
8fbb1941f1 userdbd: also listen on a varlink socket io.systemd.DropIn
Let's explicitly support looking things up via dropin as a varlink
service.
2021-05-10 14:58:39 +02:00
Luca Boccassi
d4d7127d94 Revert "sysusers/firstboot: temporarily disable LoadCredential"
This reverts commit 7c20dd4b6e.

Debian has now been updated to patch the issue, so SemaphoreCI should
no longer fail. The fix has also been backported to the affected
stable branches.
2021-05-03 12:16:35 +09:00
Alexander Sverdlin
4e947bd049 systemd-coredump: Add conflict with shutdown.target
Otherwise a coredump started at the inconvinient moment can stop
shutdown.target leaving the system in a halfway-down state:

Pulling in shutdown.target/start from systemd-poweroff.service/start
Added job shutdown.target/start to transaction.
...
Keeping job shutdown.target/start because of systemd-poweroff.service/start
...
[  OK  ] Stopped target Remote File Systems.
shutdown.target: starting held back, waiting for: systemd-networkd.socket
sysinit.target: stopping held back, waiting for: remount_tmp.service
systemd-coredump.socket: Incoming traffic
...
systemd-coredump@0-243-0.service: Trying to enqueue job systemd-coredump@0-243-0.service/start/replace
Added job systemd-coredump@0-243-0.service/start to transaction.
Pulling in systemd-journald.socket/start from systemd-coredump@0-243-0.service/start
Added job systemd-journald.socket/start to transaction.
Pulling in system.slice/start from systemd-journald.socket/start
Added job system.slice/start to transaction.
Pulling in -.slice/start from system.slice/start
Added job -.slice/start to transaction.
Pulling in system-systemd\x2dcoredump.slice/start from systemd-coredump@0-243-0.service/start
Added job system-systemd\x2dcoredump.slice/start to transaction.
Pulling in system.slice/start from system-systemd\x2dcoredump.slice/start
Pulling in shutdown.target/stop from system-systemd\x2dcoredump.slice/start
Added job shutdown.target/stop to transaction.
...
Keeping job systemd-poweroff.service/stop because of umount.target/stop
Keeping job shutdown.target/stop because of systemd-coredump@0-243-0.service/start
2021-04-29 21:45:23 +02:00
Lennart Poettering
2671fbefce units: fix repart conditions to run if definitions exist in /sysroot + /sysusr
The systemd-repart code was already smart enough to look for definitions
there, but the unit file conditions made that pointless. Let's fix that.
2021-04-21 12:23:31 +01:00
Lennart Poettering
632b551ca2 units: change order of settings to match order in other similar unit 2021-04-20 19:11:07 +02:00
Lennart Poettering
29a24ab28e fstab-generator: if usr= is specified, mount it to /sysusr/usr/ first
This changes the fstab-generator to handle mounting of /usr/ a bit
differently than before. Instead of immediately mounting the fs to
/sysroot/usr/ we'll first mount it to /sysusr/usr/ and then add a
separate bind mount that mounts it from /sysusr/usr/ to /sysroot/usr/.

This way we can access /usr independently of the root fs, without for
waiting to be mounted via the /sysusr/ hierarchy. This is useful for
invoking systemd-repart while a root fs doesn't exist yet and for
creating it, with partition data read from the /usr/ hierarchy.

This introduces a new generic target initrd-usr-fs.target that may be
used to generically order services against /sysusr/ to become available.
2021-04-20 18:26:17 +02:00
sverdlin
3181521f92
systemd-networkd.socket: Add conflict with shutdown.target (#19348)
systemd-networkd.socket can re-start systemd-networkd.service in
shutdown and by doing this even stop shutdown.target leaving the
system in halfway-down state.

Fixes #4955.
2021-04-19 11:25:33 +09:00
Anita Zhang
b5a80aa9d8 units: install dbus-org.freedesktop.oom1.service alias
Fixes: #18469
2021-04-10 13:06:04 +02:00