1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

76168 Commits

Author SHA1 Message Date
Mike Yuan
cc4f736ae3
core/namespace: add comment to explain the non-obvious assumption on /run/systemd/journal/
Follow-up for 119820f8ab

Addresses https://github.com/systemd/systemd/pull/32487#discussion_r1743493196
2024-09-04 21:44:25 +02:00
Mike Yuan
95f9e85aaa
core/namespace: make bind mounted journal sockets nosuid + noexec + nodev
Addresses https://github.com/systemd/systemd/pull/32487#discussion_r1743464797
2024-09-04 21:44:24 +02:00
Mike Yuan
7583859ba8
core/exec-invoke: use bind_mount_add() where appropriate 2024-09-04 21:44:24 +02:00
Mike Yuan
432aab24b0
core/namespace: use GREEDY_REALLOC at one more place 2024-09-04 21:44:24 +02:00
Mike Yuan
7f2a7ccf7d
core/unit: introduce unit_set_debug_invocation()
Given that debug_invocation is a Unit thing, make
service_set_debug_invocation() generic. Plus, don't
say "Service failed", as it would be spurious when
Restart=always.
2024-09-04 21:37:20 +02:00
Mike Yuan
40233f70cc
core: add missing serialization for Unit.debug_invocation
Follow-up for 7d8bbfbe08
2024-09-04 21:37:20 +02:00
Mike Yuan
7e6ef4340b
core/service: modernize service_load_pid_file() a bit 2024-09-04 21:37:20 +02:00
Mike Yuan
0ec3d45bcc
core/service: minor coding style tweak 2024-09-04 21:37:19 +02:00
Daan De Meyer
b1cfa93080 copy: Introduce COPY_NOCOW_AFTER and use it when copying images
When dealing with copying COW images, we have to make a tradeoff:

- Either we don't touch the NOCOW bit on the copied file COW and get
  an instant copy because we're able to reflink, but we might get
  reduced performance if the source file was COW as COW files and lots
  of random writes don't play well together.
- Or we force NOCOW for the copied file, which means we have to do a
  full copy as reflinking from COW files to NOCOW files or vice versa
  is not supported.

In exec-invoke.c, we've opted for the first option. In nspawn.c and
discover-image.c, we've opted for the second option.

In nspawn, this applies to the --ephemeral option to make ephemeral
copies. In discover-image.c, this applies to cloning images into
/var/lib/machines. Both these features might be used to run many
machines of the same original image. We really don't want to force
a full copy onto users in these scenarios when they're expecting
reflink behavior, leading to them running out of disk space. Instead,
degraded performance in their machines is a much less severe issue,
which they will discover on their own if it affects them, at which
point they can make their original image NOCOW at which point they'll
get both the reflinks and better performance.

Given the above reasoning, let's switch nspawn.c and discover-image.c
to use COPY_NOCOW_AFTER as well instead of enabling NOCOW upfront and
forcing a copy if the original source image is COW.
2024-09-04 19:23:16 +02:00
Daan De Meyer
8af3b12fe0 copy: Copy nocow flag by default
Unless otherwise requested, if we're going to copy a nocow file, make the
target file nocow as well.

Aside from keeping the performance characteristics of the cow or nocow file
intact, reflinking also only works from cow to cow or nocow to nocow files.
Reflinking from cow to nocow or nocow to cow files does not work and can
easily lead to unexpected copies for users, so by keeping the nocow bit
intact across copies by default we also make sure reflinks always work.
2024-09-04 19:23:13 +02:00
Daan De Meyer
07862c9fc2 chattr-util: Optimize read_attr_at()
Let's make sure we only reopen O_PATH file descriptors.
2024-09-04 18:51:53 +02:00
Mike Yuan
ad501930d7
socket-util: make recvmsg_safe() handle MSG_TRUNC too
Also, unify MSG_TRUNC handling all across the codebase.
2024-09-04 18:51:44 +02:00
Mike Yuan
c1bf6f148e
machine-dbus: use in_same_namespace() at one more place 2024-09-04 18:50:55 +02:00
Mike Yuan
3c0d765375
udev-ctrl: drop unused next_datagram_size_fd() call 2024-09-04 18:50:55 +02:00
Mike Yuan
e8b9767f51
core/manager: close all cmsg fds where none is expected 2024-09-04 18:50:55 +02:00
Mike Yuan
3ad7f79023
udev-ctrl: add missing size check of received message
While at it, downgrade log level of ignored errors to LOG_WARNING.
2024-09-04 18:50:55 +02:00
Mike Yuan
190a095380
audit-util: check correct errno 2024-09-04 18:50:54 +02:00
Mike Yuan
6f0d6ef7ce
sd-varlink: check correct errno
'n' can also be assigned from recvmsg_safe(), which is our own
func returning negative errno.
2024-09-04 18:50:54 +02:00
Mike Yuan
d6024cb3c1
fd-util: also close pidfd from SCM_PIDFD in cmsg_close_all() 2024-09-04 18:50:54 +02:00
Daan De Meyer
74c9606025 Revert "copy: Copy file attributes as well"
This reverts commit 2356104efc.
2024-09-04 18:49:05 +02:00
Daan De Meyer
519216b71f Revert "tree-wide: Don't explicity disable copy-on-write when copying images"
Let's still try to disable COW after copying. It won't do much, but
it doesn't hurt either.

See https://github.com/systemd/systemd/pull/33825/files#r1727288871.

This reverts commit 42e9288180.
2024-09-04 18:49:05 +02:00
Daan De Meyer
144e53b333
Merge pull request #34251 from DaanDeMeyer/multiq
network: Add support for multiq qdisc
2024-09-04 16:03:32 +02:00
Daan De Meyer
2b9ced9072 network: Add support for mq qdisc 2024-09-04 14:56:40 +02:00
Daan De Meyer
3f14557ce0 network: Add support for multiq qdisc 2024-09-04 14:56:37 +02:00
Mike Yuan
5d6d2d6ced
Merge pull request #34205 from yuwata/pretty-print-buffering
pretty-print: introduce WITH_BUFFERED_STDERR macro to enable buffering
2024-09-04 14:34:21 +02:00
Daan De Meyer
5064de1383
Merge pull request #34224 from yuwata/network-make-qdisc-reconfigurable
network: make qdisc reconfigurable
2024-09-04 12:07:16 +02:00
Daan De Meyer
c37a68b271
Merge pull request #32487 from YHNdnzj/bind-journal-sockets
core: introduce BindJournalSockets=
2024-09-04 09:26:58 +02:00
dependabot[bot]
6df2b5033e build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.8
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.5 to 2.0.8.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](69320dbe05...c062e08bd5)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-04 01:25:17 +02:00
dependabot[bot]
a3e3b58c8e build(deps): bump super-linter/super-linter from 6.6.0 to 7.1.0
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 6.6.0 to 7.1.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](88ea3923a7...b92721f792)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-04 01:24:40 +02:00
Mike Yuan
1a64b42c46
TEST-50-DISSECT: add explicit coverage for BindJournalSockets= 2024-09-03 21:04:52 +02:00
Mike Yuan
e2e6c23fdb
test: drop unneeded journal socket bind mounts
(where BindJournalSockets=yes is implied)
2024-09-03 21:04:52 +02:00
Mike Yuan
263fa92bab
portable/profile: use BindJournalSockets= 2024-09-03 21:04:52 +02:00
Mike Yuan
119820f8ab
core/namespace: create /dev/log only if journal socket is present 2024-09-03 21:04:51 +02:00
Mike Yuan
368a3071e9
core: introduce BindJournalSockets=
Closes #32478
2024-09-03 21:04:50 +02:00
dependabot[bot]
0333969a40 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 8c2f828701a1bdb3dc9b80d6f2ab979f0430a6b8 to 31b4e756c1484c302435653da5d3b9bdfae38518.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](8c2f828701...31b4e756c1)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-03 19:55:43 +02:00
Daan De Meyer
a026c3fb41
Merge pull request #34240 from DaanDeMeyer/mkosi
mkosi: Rework debian/ubuntu prepare script to install dependencies
2024-09-03 17:52:43 +02:00
Daan De Meyer
89c579788d mkosi: Use apt patterns to install dependencies on Debian/Ubuntu
Instead of parsing the human readable output of apt-cache, let's
use apt patterns to figure out the dependencies.

We also filter out virtual packages as apt will fail and say we need
to install an implementation of the virtual package even if a package
that provides the virtual package is already installed.
2024-09-03 16:03:27 +02:00
Daan De Meyer
70ecdbfa23 mkosi: Make systemd package filtering more robust
Let's not just filter everything with systemd in the name, but instead
use the same list of volatile packages that we install to do the
filtering.
2024-09-03 14:42:09 +02:00
Daan De Meyer
49e54aaa18
Merge pull request #34236 from DaanDeMeyer/manager-split
json-util: Add more builders
2024-09-03 13:47:53 +02:00
Daan De Meyer
eabff5267e json-util: Add JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL() 2024-09-03 12:08:42 +02:00
Daan De Meyer
0ea8d4bc8c json-util: Add JSON_BUILD_TRISTATE() and friends 2024-09-03 12:08:42 +02:00
Daan De Meyer
6647bbeab1 json-util: Add JSON_BUILD_PAIR_BASE64_NON_EMPTY() and friends 2024-09-03 12:08:42 +02:00
Daan De Meyer
a85e9670f6 json-util: Add JSON_BUILD_PAIR_BYTE_ARRAY_NON_EMPTY() 2024-09-03 12:08:42 +02:00
Daan De Meyer
7606139e61 json-util: Add JSON_BUILD_PAIR_INTEGER_NON_NEGATIVE() 2024-09-03 12:08:42 +02:00
Daan De Meyer
ab8a5e1f99 json-util: Add JSON_BUILD_PAIR_INTEGER_NON_ZERO() 2024-09-03 12:08:42 +02:00
Daan De Meyer
9ba489c7f6 json-util: Add JSON_BUILD_PAIR_CALLBACK_NON_NULL()
Like JSON_BUILD_PAIR_CALLBACK(), but doesn't add anything to the variant
if the callback doesn't put anything in the return argument.
2024-09-03 12:08:41 +02:00
Daan De Meyer
5b5579066d json-util: Add JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL() 2024-09-03 12:08:23 +02:00
Daan De Meyer
95e2f04144 json-util: Add JSON_BUILD_PAIR_DUAL_TIMESTAMP() 2024-09-03 12:06:42 +02:00
Daan De Meyer
0e88e150c5 json-util: Add JSON_BUILD_RATELIMIT() 2024-09-03 12:06:40 +02:00
Daan De Meyer
ed207e5261 json-util: Add JSON_BUILD_STRING_ORDERED_SET() 2024-09-03 12:03:02 +02:00