1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

6424 Commits

Author SHA1 Message Date
Lennart Poettering
ff8b7bd6a0
Merge pull request #20321 from bluca/state_dir_symlink
core: add [State|Runtime|Cache|Logs]DirectorySymlink
2021-10-28 20:52:56 +02:00
Lennart Poettering
16d41892c3
Merge pull request #20609 from DaanDeMeyer/recursive-template
core: Try to prevent infinite recursive template instantiation
2021-10-28 19:23:17 +02:00
Andreas Valder
c0c8f71800 nspawn: add filesystem id mapping support to --bind and --bind-ro 2021-10-28 19:19:22 +02:00
Benjamin Herrenschmidt
d6eda677b3 udev: net_id: introduce predictable names for xen-netfront
Those devices show up as /sys/devices/vif-N, let's use that number
to name them enXN.

Without this, all schemes fail and they keep the kernel names, which can
be racy.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2021-10-28 13:09:00 +02:00
Daan De Meyer
88022148c4 core: Try to prevent infinite recursive template instantiation
To prevent situations like in #17602 from happening, let's drop
direct recursive template dependencies. These will almost certainly
lead to infinite recursion so let's drop them immediately to avoid
instantiating potentially thousands of irrelevant units.

Example of a template that would lead to infinite recursion which
is caught by this check:

notify@.service:

```
[Unit]
Wants=notify@%n.service
```
2021-10-28 11:42:21 +01:00
Luca Boccassi
211a3d87fb core: add [State|Runtime|Cache|Logs]Directory symlink as second parameter
When combined with a tmpfs on /run or /var/lib, allows to create
arbitrary and ephemeral symlinks for StateDirectory or RuntimeDirectory.
This is especially useful when sharing these directories between
different services, to make the same state/runtime directory 'backend'
appear as different names to each service, so that they can be added/removed
to a sharing agreement transparently, without code changes.

An example (simplified, but real) use case:

foo.service:
StateDirectory=foo

bar.service:
StateDirectory=bar

foo.service.d/shared.conf:
StateDirectory=
StateDirectory=shared:foo

bar.service.d/shared.conf:
StateDirectory=
StateDirectory=shared:bar

foo and bar use respectively /var/lib/foo and /var/lib/bar. Then
the orchestration layer decides to stop this sharing, the drop-in
can be removed. The services won't need any update and will keep
working and being able to store state, transparently.

To keep backward compatibility, new DBUS messages are added.
2021-10-28 10:47:46 +01:00
Lennart Poettering
c896eb7ad6 man: document that daemons can close fds they receive via sd_listen_fds() if they like
Fixes: #18872
2021-10-28 11:05:22 +02:00
Lennart Poettering
1d69754988 man: document how nss-resolve and systemd-resolved communicate
Fixes: #20925
2021-10-28 10:53:55 +02:00
Lennart Poettering
7ea5e82f6a man: clarify the situation of unit templates regarding "systemctl list-units" + "systemctl list-unit-files"
Fixes: #21075
2021-10-28 10:45:02 +02:00
Lennart Poettering
4c2ee5c7f2 homework: allow specifying explicit additional mount options when using CIFS backend
This is useful since certain shares can only be mounted with additional
mount flags. For example the SMB share in modern AVM Fritz!Boxes
requires "noserverino" to be set to work from Linux.
2021-10-27 22:46:46 +02:00
Lennart Poettering
bf15879b39 homework: allow specifying a dir component in CIFS services
Allow specifying CIFS services in the format //host/service/subdir/… to
allow multiple homedirs on the same share, and not in the main dir of
the share.

All other backends allow placing the data store at arbitrary places,
let's allow this too for the CIFS backend. This is particularly useful
for testing.
2021-10-27 22:37:56 +02:00
Yu Watanabe
c9e2c2dae3 network: radv: shorten default lifetime of prefix, route prefix, DNS, and domains
See draft-ietf-6man-slaac-renum-02 section 4.1.1.
2021-10-27 23:58:35 +09:00
Yu Watanabe
4f1ac4a38d network: radv: refuse invalid router lifetime in conf parser 2021-10-27 19:29:05 +09:00
Yu Watanabe
149cda85bf man: adjust the explanations related to the DHCPv6 client starting mode 2021-10-27 00:33:44 +09:00
Yu Watanabe
483566e5ba network: deprecate ForceDHCPv6PDOtherInformation= setting
The setting is completely meaningless, as WithoutRA= and UseDelegatedPrefix=
in [DHCPv6] section, and DHCPv6Client= in [IPv6AcceptRA] section control
the behavior.
2021-10-27 00:33:44 +09:00
Yu Watanabe
dc5cae6c9d network: dhcp6: introduce UplinkInterface= for DHCP6 prefix delegation 2021-10-26 20:43:10 +09:00
Yu Watanabe
0f5ef9b62a network: dhcp6: introduce UseDelegatedPrefix= setting and enable by default
Previously, the prefix delegation is enabled when at least one
downstream interfaces request it. But, when the DHCPv6 client on the
upstream interface is configured, some downstream interfaces may not
exist yet, nor have .network file assigned.

Also, if a system has thousands of interfaces, then the previous logic
introduce O(n^2) search.

This makes the prefix delegation is always enabled, except when it is
explicitly disabled. Hopefully, that should not break anything, as the
DHCPv6 server should ignore the prefix delegation request if the server
do not have any prefix to delegate.
2021-10-26 20:29:08 +09:00
Jan Janssen
e6cab77eca sd-boot: Add keys to reboot into firmware interface
This is useful if the auto-firmware setting has been disabled. The
keys used here are based on what the majority of firmware employ in
the wild.
This also ensures there's a chance for the user to discover this in
case they were too slow during POST or simply used the wrong ones.
2021-10-22 19:12:55 +02:00
Yu Watanabe
241167e68a
Merge pull request #21051 from poettering/nspawn-no-sync
nspawn: add --suppress-sync=yes mode for turning sync() and friends i…
2021-10-20 22:42:43 +09:00
Luca Boccassi
b78524f48d
Merge pull request #21055 from yuwata/network-dhcp6-pd-route-lifetime-metric
network: dhcp6pd: set lifetime and route metric
2021-10-20 14:38:03 +01:00
Dimitri Papadopoulos
ba669952b2 Typos found by codespell 2021-10-20 22:20:18 +09:00
Lennart Poettering
4a4654e024 nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs via seccomp
This is supposed to be used by package/image builders such as mkosi to
speed up building, since it allows us to suppress sync() inside a
container.

This does what Debian's eatmydata tool does, but for a container, and
via seccomp (instead of LD_PRELOAD).
2021-10-20 11:35:15 +02:00
Yu Watanabe
d0619f2c2b network: dhcp6pd: set default metric 256 for delegated prefix
When Assign= in [DHCPv6PrefixDelegation] is enabled, then the kernel
will create the prefix route for the assigned address with metric 256.
When Assign= is disabled, then the kernel will create the route with
metric 1024.

For the default value, we should choose a smaller value (higher priority)
than 1024, as the unreachable routes for delegated prefix will be
configured with 1024.
2021-10-20 02:36:20 +09:00
Lennart Poettering
59bcac0b1a watchdog: always prefer /dev/watchdog0 over /dev/watchdog 2021-10-18 11:27:39 +02:00
Lennart Poettering
e00324d092
Merge pull request #21013 from mxre/feature/stub-dtb
[sd-stub] add support for embedding devicetree
2021-10-17 11:27:03 +02:00
Max Resch
111c9ba6c2 [st-stub] documenting the .dtb section 2021-10-16 13:26:21 +02:00
Tony Asleson
1f1a2243c0 Add stand-alone dm-integrity support
This adds support for dm integrity targets and an associated
/etc/integritytab file which is required as the dm integrity device
super block doesn't include all of the required metadata to bring up
the device correctly.  See integritytab man page for details.
2021-10-15 10:19:54 -05:00
Tony Asleson
9a2a6ec4e3 dm-verity: Remove usage of integrity
There is a difference between dm-verity and dm-integrity.  Remove
usage of integrity from verity documentation in man pages and
target files.
2021-10-14 12:17:02 -05:00
Lennart Poettering
9c5ea4b143 man: document new systemd.watchdog_sec= kernel cmdline option
Follow-up for: b3aa73e4de
2021-10-13 13:10:34 +02:00
Lennart Poettering
5254d15896 man: document new "off" setting for systemd-system.conf watchdog settings 2021-10-13 13:10:34 +02:00
Lennart Poettering
b6e44cd934
Merge pull request #20787 from fbuihuu/watchdog-more-rework
Watchdog more rework
2021-10-13 12:56:44 +02:00
Franck Bui
8a85c5b616 watchdog: rename special string "infinity" taken by the watchdog timeout options to "default" 2021-10-13 08:58:36 +02:00
Franck Bui
807938e7ec watchdog: update the documentation
While at it, split the watchdog section into a few paragraphs to make it easier
to read as it becomes lengthy.
2021-10-13 08:58:36 +02:00
Zbigniew Jędrzejewski-Szmek
df618f259a
Merge pull request #20987 from yuwata/sd-dhcp6-enum-cleanups
sd-dhcp6-client: enum cleanups
2021-10-13 08:25:37 +02:00
Yu Watanabe
308d01f3c4 network: do not request RAPID_COMMIT option
The option must not be included in OPTION_REQUEST option.
See the "Client ORO" field in
https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml#dhcpv6-parameters-2

This deprecates RapidCommit= setting. Note that sd-dhcp6-client always
sets the RAPID_COMMIT option in the solicit message.
2021-10-13 02:46:24 +09:00
наб
7d449b5618 systemd-machine-id-setup(1): "machine[d] ID" typo 2021-10-13 02:21:44 +09:00
Zbigniew Jędrzejewski-Szmek
78ae9d3100
Merge pull request #20853 from yuwata/network-radv-set-default-timeouts
network: RADV: set default timeouts
2021-10-12 10:49:03 +02:00
Lennart Poettering
de3ef2524e
Merge pull request #20968 from poettering/homed-pin
homed: pin+lock homes while logged in + keep trying to unmount on logging out + optionally drop caches on logging out
2021-10-11 23:11:03 +02:00
Lennart Poettering
5c791053e3
Merge pull request #20776 from medhefgo/boot-timeout
sd-boot: Allow disabling timeout
2021-10-11 23:05:37 +02:00
Yu Watanabe
9fa25e0791 network: radv: set non-zero lifetime for DNS servers and domains by default
Closes #20850.
2021-10-12 03:10:30 +09:00
Lennart Poettering
86019efa44 homed: optionally, drop caches on logout
Fixes: #20857
2021-10-11 16:00:34 +02:00
Lennart Poettering
2c7ec8203e man: document new token-timeout= setting 2021-10-11 11:12:29 +02:00
Jan Janssen
39ddc32a86 bootctl: Add set-timeout verb
Fixes: #18766
2021-10-08 15:32:50 +02:00
Jan Janssen
52b6b35643 sd-boot: Allow disabling timeout 2021-10-08 15:26:55 +02:00
Daan De Meyer
d888ef68d1 coredump: Add --all option
This option has coredumpctl look at all journals instead of only the
local ones. This allows coredumpctl to show information about remote
coredumps if the coredumps are made available in /var/lib/systemd/coredump
and the corresponding journals are made available in /var/log/journal.

This is already possible using the --directory option but --all makes it
more user friendly since users don't have to enter the journal directory
anymore as long as it's available under /var/log/journal.
2021-10-07 22:13:12 +02:00
Yu Watanabe
6830c3a553
Merge pull request #20778 from yuwata/network-ipv6-token
network: rework IPv6 address generation mode
2021-10-07 23:24:00 +09:00
Lennart Poettering
bd3bfc8856 man: document the two new switches for systemd-cgls 2021-10-07 11:50:52 +02:00
Luca Boccassi
0cf250022c
Merge pull request #20926 from yuwata/udev-net-wol-sopass
udev/net: introduce WakeOnLanPassword=
2021-10-06 23:36:05 +01:00
Yu Watanabe
d3867133f0 udev/net: introduce WakeOnLanPassword=
Closes #20913.
2021-10-07 01:50:37 +09:00
Yu Watanabe
e609cd0694 network: introduce Token= setting in [IPv6Prefix]
Closes #20149.
2021-10-07 01:24:50 +09:00