IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Also only allow positive ifindex on both dhcp and ipv4ll
[tomegun: the kernel always sets a positive ifindex, but some APIs accept
ifindex=0 with various meanings, so we should protect against
accidentally passing ifindex=0 along.]
To make sure we don't delay boot on systems where (some) network links are managed by someone else
we don't block if something else has successfully brought up a link.
We will still block until all links we are aware of that are managed by networkd have been
configured, but if no such links exist, and someone else have configured a link sufficiently
that it has a carrier, it may be that the link is ready so we should no longer block.
Note that in all likelyhood the link is not ready (no addresses/routes configured),
so whatever network managment daemon configured it should provide a similar wait-online
service to block network-online.target until it is ready.
The aim is to block as long as we know networking is not fully configured, but no longer. This
will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't
know whether networkd is the main/only network manager.
Even in the case networking is fully configured by networkd, the default behavior may not be
sufficient: if two links need to be configured, but the first is fully configured before the
second one appears we will assume the network is up. To work around that, we allow specifying
specific devices to wait for before considering the network up.
This unit is enabled by default, just like systemd-networkd, but will only be pulled in if
anyone pulls in network-online.target.
The way the kernel namespaces have been implemented breaks assumptions
udev made regarding uevent sequence numbers. Creating devices in a
namespace "steals" uevents and its sequence numbers from the host. It
confuses the "udevadmin settle" logic, which might block until util a
timeout is reached, even when no uevent is pending.
Remove any assumptions about sequence numbers and deprecate libudev's
API exposing these numbers; none of that can reliably be used anymore
when namespaces are involved.
Use a static table with all the typing information, rather than repeated
switch statements. This should make it a lot simpler to add new types.
We need to keep all the type info to be able to create containers
without exposing their implementation details to the users of the library.
As a freebee we verify the types of appended/read attributes.
The API is extended to nicely deal with unions of container types.
<kay> ssuominen: and drop --no-as-needed from the linkcheck?
<kay> ssuominen: i expect it all triggers without the gc-sections thing alone
<ssuominen> if the intention is to make it strict as possible,
to catch undefined references caused by missing -lfoo in linker line, then
LDFLAGS="-Wl,-fuse-ld=gold -Wl,--as-needed -Wl,--no-gc-sections"
Added support for tunneling netlink attrributes (ipip, gre, sit).
These works with kernel module ipip, gre and sit . The test cases are
moved to a separate file and manual test as well because they require
respective kernel modules as well.
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.
Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
This does not belong in shared as it is mostly a detail of our networking subsystem.
Moreover, now we can use libudev here, which will simplify things.
Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.
If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running.
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.
Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.
The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
This will let journald forward logs as messages sent to all logged in
users (like wall).
Two options are added:
* ForwardToWall (default yes)
* MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.
This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
It contains hardcoded path to systemd-sysctl executable which
is /usr/lib/systemd/systemd-sysctl on latest stable release and
as such it will complain at runtime if rootprefix != prefix
[zj: readd the file to nodist_udevrules_DATA]
- Add support for finding and mounting /srv based on GPT data, similar
to how we already handly /home.
- Share the fsck logic between GPT, EFI and fstab generators
- Make sure we never run the EFI generator inside containers
- Drop DefaultDependencies=no from EFI mount units
- Other fixes
As it appears "ln -s --relative" in conjunction with "-f" is broken,
let's work around that by explicitly remove the destination of the
symlink before we create it.
https://bugzilla.redhat.com/show_bug.cgi?id=1072103
Implements IPv4LL with respect to RFC 3927
(http://tools.ietf.org/rfc/rfc3927.txt) and integrates it
with networkd. Majority of the IPv4LL state machine is
taken from avahi (http://avahi.org/) project's autoip.
IPv4LL can be enabled by IPv4LL=yes under [Network]
section of .network file.
IPv4LL works independent of DHCP but if DHCP lease is
aquired, then LL address will be dropped.
[tomegun: removed a trailing newline and a compiler warning]
The symlink is created in bindir (/usr/bin), and points to a binary
which lives in rootlibexecdir (/lib/systemd or /usr/lib/systemd). A
relative symlink does not work here.
This is primarily useful for services that need to track clients which
reference certain objects they maintain, or which explicitly want to
subscribe to certain events. Something like this is done in a large
number of services, and not trivial to do. Hence, let's unify this at
one place.
This also ports over PID 1 to use this to ensure that subscriptions to
job and manager events are correctly tracked. As a side-effect this
makes sure we properly serialize and restore the track list across
daemon reexec/reload, which didn't work correctly before.
This also simplifies how we distribute messages to broadcast to the
direct busses: we only track subscriptions for the API bus and
implicitly assume that all direct busses are subscribed. This should be
a pretty OK simplification since clients connected via direct bus
connections are shortlived anyway.
This is mostly a proof of concept to try sd-network, so we don't
hook it up with a .service file quite yet. We probably want it to
be more clever about deciding when we are 'online'.
The binary will wait for at least one network managed by networkd,
and until all networks managed by networkd are configured.
They are already in nodist_systemunit_DATA and if they are
shipped, they contain hardcoded paths to udevadm and
systemd-udevd which will cause them to fail to start when
rootprefix != prefix and rootlibdir != libdir.
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
../src/shared/unit-name.c:462: error: undefined reference to 'sd_bus_label_escape'
../src/shared/unit-name.c:477: error: undefined reference to 'sd_bus_label_unescape'
collect2: error: ld returned 1 exit status
When starting systemd-nspawn with --network-veth, we create a veth device called
host0 in the guest. Pick up on this and start a dhcp client on it. We will also
pick up host0 netdevs created by other containers should they chose to use the
same name.
It doesn't make any sense to symlink this unit file into /etc when the
unit file itself isn't even installed, with --disable-networkd. This
moves the GENERAL_ALIASES logic into the right "if" block.
With --rootprefix= systemd-udevd gets installed to /lib/systemd, and since
the network configuration is also required during early boot, it should be
available there with it. Using --prefix= is not an option since it would
put everything, including pkg-config files, man pages, documentation, to /
which is not wanted. This commit puts 99-default.link to
/lib/systemd/network/ when required.
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
SECCOMP_CFLAGS must be in the global CFLAGS as <seccomp.h> is
included in core/execute.h. when seccomp.h is not in the standard
path.(i.e openSUSE has it in /usr/include/pkg/libseccomp/, precisely to
catch this kind of bugs) compiling systemd fails.
The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.
This allows us users of the library to keep copies of old leases. This is
used by networkd to know what addresses to drop (if any) when the lease
expires.
In the future this may be used by DNAv4 and sd-dhcp-server.
Thomas H.P. Andersen <phomes@gmail.com> wrote:
> Does -lresolv belong in libsystemd_la_CFLAGS? I would have thought
> that it should be in LIBADD for the lib and LDADD for the test.
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
https://bugzilla.gnome.org/show_bug.cgi?id=722889
The cppcheck target was introduced by commit 16f4efb415
"build-sys: add cppcheck target". But it is preferable to use a make phony target
for it, as this patch does.
There are two general reasons to use a phony target: to avoid a
conflict with a file of the same name, and to improve performance. In
this case the first reason is obvious, and the second is that make
skips the implicit rule search for phony targets, since it knows that
phony targets do not name actual files that could be remade from other
files (as described in the "Gnu Make" Manual).
A compatibility libsystemd-login library is created which uses
.symver and ifunc magic proposed by Lennart to make programs linked
to the old library name continue to work seamlessly.
Unfortunately the bfd linker crashes:
https://sourceware.org/bugzilla/show_bug.cgi?id=16467
This will be fixed in binutils 2.25.
As a work-around, gold can be used:
LDFLAGS=-Wl,-fuse-ld=gold
Unfortunately the switch to pick the linker appeared in gcc 4.8.
This also doesn't work with LLVM:
http://llvm.org/bugs/show_bug.cgi?id=11897
This adds support to generate a basic resolv.conf in /run/systemd/network.
This file will not take any effect unless a symlink is created from
/etc/resolv.conf.
Nameservers received over DHCP takes precedence over statically configured ones.
Note: /etc/resolv.conf is severely limited, so in the future we will likely
rather provide a much more powerfull nss plugin (or something to that effect),
but this should allow current users to function without any loss of
functionality.
This adds basic DHCPv4 support. Link-sense is enabled unconditionally,
but the plan is to make that configurable.
I tested this in a VM with lots of NICs and over wifi in the various
coffee shops I found this Christmas, but more testing would definitely
be appreciated.
Various operations done by systemd-tmpfiles may only be safely done at
boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin).
Other operations may be done at any point in time (e.g. setting the
ownership on /{run,var}/log/journal). This distinction is largely
orthogonal to the type of operation.
A new switch --unsafe is added, and operations which should only be
executed during bootup are marked with an exclamation mark in the
configuration files. systemd-tmpfiles.service is modified to use this
switch, and guards are added so it is hard to re-start it by mistake.
If we install a new version of systemd, we actually want to enforce
some changes to tmpfiles configuration immediately. This should now be
possible to do safely, so distribution packages can be modified to
execute the "safe" subset at package installation time.
/run/nologin creation is split out into a separate service, to make it
easy to override.
https://bugzilla.redhat.com/show_bug.cgi?id=1043212https://bugzilla.redhat.com/show_bug.cgi?id=1045849
Let's try to standardize on a single non-cryptographic hash algorithm,
and for that SipHash appears to be the best answer.
With this change there are two other hash functions left in systemd: an
older version of MurmurHash embedded into libudev for the bloom filters
in udev messages (which is hard to update, given that the we probably
should stay compatible with older versions of the library). And lookup3
in the journal files (which we could replace for new files, but which is
probably not worth the work).
systemd-bus-driverd is a small daemon that connects to kdbus and
implements the org.freedesktop.DBus interface. IOW, it provides the bus
functions traditionally taken care for by dbus-daemon.
Calls are proxied to kdbus, either via libsystemd-bus (were applicable)
or with the open-coded use of ioctl().
Note that the implementation is not yet finished as the functions to
add and remove matches and to start services by name are still missing.
This uses --enable=all mode. Should be taken with a grain of salt
though. While many recommendations make sense we should probably keep
"int r" always on function scope, and many of the portability warnings
really don't matter to us because we only care for Linux/glibc.
Set a fake MAC address and emulate raw packet sending. When the buffer
containing the Discover message is received, check selected IP and
UDP headers and compute IP header and UDP message checksums. Also
send the DHCP message for option parsing and expect a successful
outcome.
Adds a new call sd_event_set_watchdog() that can be used to hook up the
event loop with the watchdog supervision logic of systemd. If enabled
and $WATCHDOG_USEC is set the event loop will ping the invoking systemd
daemon right after coming back from epoll_wait() but not more often than
$WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than
$WATCHDOG_USEC/4*3, to make sure the service manager is called in time.
This means that setting WatchdogSec= in a .service file and calling
sd_event_set_watchdog() in your daemon is enough to hook it up with the
watchdog logic.
The static analyzer scan-build had a few issues with analysing
parts of systemd.
gpt-auto-generator.c:
scan-build could not find blkid.h. Whether it should be blkid.h or
blkid/blkid.h seems to depend on the version used. We already use
blkid/blkid.h in udev-builtin-blkid.c so it seems safe to use that
here too.
Makefile.am:
Moved some -D's from CFLAGS to CPPFLAGS. I also simplified them a
bit and got rid of a left over DBUS_CFLAGS.
test-cgroup-mask.c/test-sched-prio.c
A variable was added to store the replaced TEST_DIR. When wrapped
in an assert_se TEST_DIR was not replaced in the logged error.
While not an issue introduced in this patch we might as well fix
it up while we are here.
We don't do this for .c files either, even they are also influence quite
a bit by makefile settings. Given that XSLT is a lot slower then the
rest of the build let's make our build a bit faster if people end up
touching the Makefile.
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
A bridge is specified in a .netdev file with a section [Bridge]
and at least the entry Name=.
A link may be joined to a bridge if the .network applied to it has
a Bridge= entry giving the name of the bridge in its [Network] section.
We eagerly create all bridges on startup, and links are added to
bridges as soon as they both appear.
All calls that set a sd_bus_error structure will now return the same
error converted to a negative errno. This may be used as syntactic sugar
to return from a function and setting a bus_error structure in one go.
Also, translate all Linux Exyz (EIO, EINVAL, EUCLEAN, EPIPE, ...)
automatically into counterparts in the (new) "Posix.Error." namespace.
If we fail to allocate memory for the components of a sd_bus_error
automatically reset it to an OOM error which we always can write.
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.
This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:
- Synthesizing of "Disconnected" messages when bus connections are
severed.
- Support for attaching multiple vtables for the same interface on the
same path.
This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.
As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information.
I know that this is a pretty big net to catch some small fish,
but we *do* regularly forget to properly export symbols that
were supposed to be exported.
This time sd_bus_get_current and some renamed symbols are caught.
For GNOME (Continuous), we are unlikely to require or want
systemd-networkd in the near term future; all of the tools and code
are targeting NetworkManager.
The long term story is still an open question of course, but for now,
there's no reason for gnome-continuous to build or ship this.
This daemon listens for and configures network devices tagged with
'systemd-networkd'. By default, no devices are tagged so this daemon
can safely run in parallel with existing network daemons/scripts.
Networks are configured in /etc/systemd/network/*.network. The first .network
file that matches a given link is applied. The matching logic is similar to
the one for .link files, but additionally supports matching on interface name.
The mid-term aim is to provide an alternative to ad-hoc scripts currently used
in initrd's and for wired setups that don't change much (e.g., as seen on
servers/and some embedded systems).
Currently, static addresses and a gateway can be configured.
Example .network file:
[Match]
Name=wlp2s0
[Network]
Description=My Network
Gateway=192.168.1.1
Address=192.168.1.23/24
Address=fe80::9aee:94ff:fe3f:c618/64
NOTE: the show-* subcommands do not print some properties:
this are those with types like (so), a(so), (uo),...
we need to fix this, but I'm not sure how
The sd-event APIs should be available only as part of libsystemd-bus so
that the utility calls are not linked into each independently and we can
minimize the number of libraries we have.
To write useful bus code clients need to validate utf8 frequently since
the bus reacts allergic to it. Since glibc does not provide any calls
for this, let's provide it as part of libsystemd-bus.
Old static libsystemd-bus.la becomes libsystemd-bus-internal.la.
memfd functions are also exported in the same library.
(Best viewed with --color-words -U0).
The path_id-builtin provides useful unique aliases for DRM devices. If we
want to configure DRM render-nodes for compositors, we want to avoid
storing the whole sys-path in configuration files. Hence, allow users to
store the short PATH_ID instead.
Load path_id-builtin unconditionally on DRM devices now to always provide
this alias.
This introduces a new key MACAddressPolicy.
The possible policies are 'persistent' and 'random'.
'persistent' will do nothing if the current address is the hardware address,
but if the hardware does not have an address (or another address is set for
whatever reason), we will generate an address which will be random, but
persistent between boots (based on machineid and persistent netif name).
'random' will do nothing if the kernel already set a random address, otherwise
it will generate a random one and use that instead.
This patch sets MACAddressPolicy=persistent in the default .link file.
This introduces a new key NamePolicy, which takes an ordered list of naming
policies. The first successful one is applide. If all fail the value of Name
(if any) is used.
The possible policies are 'onboard', 'slot', 'path' and 'mac'.
This patch introduces a default link file, which replaces the equivalent udev
rule.
This is intentionally as similar to sd-bus as possible. While it
would be simple to export it, the intentions is to keep this
internal (at least for the forseeable future).
Currently only synchronous communication is implemented
This tool applies hardware specific settings to network devices before they
are announced via libudev.
Settings that will probably eventually be supported are MTU, Speed,
DuplexMode, WakeOnLan, MACAddress, MACAddressPolicy (e.g., 'hardware',
'synthetic' or 'random'), Name and NamePolicy (replacing our current
interface naming logic). This patch only introduces support for
Description, as a proof of concept.
Some of these settings may later be overriden by a network management
daemon/script. However, these tools should always listen and wait on libudev
before touching a device (listening on netlink is not enough). This is no
different from how things used to be, as we always supported changing the
network interface name from udev rules, which does not work if someone
has already started using it.
The tool is configured by .link files in /etc/net/links/ (with the usual
overriding logic in /run and /lib). The first (in lexicographical order)
matching .link file is applied to a given device, and all others are ignored.
The .link files contain a [Match] section with (currently) the keys
MACAddress, Driver, Type (see DEVTYPE in udevadm info) and Path (this
matches on the stable device path as exposed as ID_PATH, and not the
unstable DEVPATH). A .link file matches a given device if all of the
specified keys do. Currently the keys are treated as plain strings,
but some limited globbing may later be added to the keys where it
makes sense.
Example:
/etc/net/links/50-wireless.link
[Match]
MACAddress=98:f2:e4:42:c6:92
Path=pci-0000:02:00.0-bcma-0
Type=wlan
[Link]
Description=The wireless link
Always add the default AM_CFLAGS first.
If variables are used in conditionals, the default assignment
of AM variables is disabled, even when the conditional is not
in use; foo_CFLAGS = $(AM_CFLAGS) is needed, even when it looks
like a no-op.
fsck-root is redundant in case an initrd is used, or in case the rootfs
is never remounted 'rw', so the new default is the correct behavior for
most users. For the rest, they should enable it in fstab.
The thing is a daemon, hence needs a "d" prefix. Also, we tend to not
abbreviate names of background components unnecessarily, since they are
not primary commands people type. Then, the fact that this thing does
socket actviation is mostly in implementationd detail for the proxy.
Also, do some minor indenting clean-ups and other code updates.
Among other things this also adds a few things necessary for the change:
- Considerably more powerful error returning APIs in libsystemd-bus
- Adapter for connecting an sd_bus to an sd_event
- As I reworked the PolicyKit logic to the new library I also made it
asynchronous, so that PolicyKit requests of one user cannot block out
another user anymore.
- We always use the macro names for common bus error. That way it is
harder to mistype them since the compiler will notice
rename old versions to ascii_*
Do not take into account zerowidth characters, but do consider double-wide characters.
Import needed utf8 helper code from glib.
v3: rebase ontop of utf8 restructuring work
[zj: tweak the algorithm a bit, move new code to separate file]
So far we tried to use epoll directly wherever we needed an event loop.
However, that has various shortcomings, such as the inability to handle
larger amounts of timers (since each timerfd costs one fd, which is a
very limited resource, usually bounded to 1024), and inability to do
priorisation between multiple queued events.
Let's add a minimal event loop API around epoll that is suitable for
implementation of our own daemons and maybe one day can become public
API for those who desire it.
This loop is part of libsystemd-bus, but may be used independently of
it.
Since on most systems with xattr systemd will compile with Smack
support enabled, we still attempt to mount various fs's with
Smack-only options.
Before mounting any of these Smack-related filesystems with
Smack specific mount options, check if Smack is functionally
active on the running kernel.
If Smack is really enabled in the kernel, all these Smack mounts
are now *fatal*, as they should be.
We no longer mount smackfs if systemd was compiled without
Smack support. This makes it easier to make smackfs mount
failures a critical error when Smack is enabled.
We no longer mount these filesystems with their Smack specific
options inside containers. There these filesystems will be
mounted with there non-mount smack options for now.
This adds a lightweight scheme how to define interfaces in static fixed
arrays which then can be easily registered on a bus connection. This
makes it much easier to write bus services.
This automatically handles implementation of the Properties,
ObjectManager, and Introspection bus interfaces.
Systemd-logind does not pull in cg_create(), if we unconditionally link
this, all users of systemd-logind qill need the label stuff and therefore
link against selinux.
It is probably a build-system issue, or something that need to be sorted
out in a differnt way than linking not needed libs.
This reverts commit ceadabb102.
libsystemd-login.la uses cg_create() that currently seems to be a part
of libsystemd-label.la. However, it doesn't link against that library
and it seems that none of the (unconditional) libraries it uses do. In
the end, people end up getting «undefined reference to `cg_create'»
when trying to build e.g. dbus.
liblogind-core.la was underlinked, missing a few functions
defined in logind.c. They are moved to a new file, logind-core.c,
and this file is linked into liblogind-core.la.
In addition, logind-acl.c is attached to the liblogind-core.la,
instead of systemd-logind directly.
Prefer firmware-provided performance data over loader-exported ones; if
ACPI data is available, always use it, otherwise try to read the loader
data.
The firmware-provided variables start at the time the first EFI image
is executed and end when the operating system exits the boot services;
the (loader) time calculated in systemd-analyze increases.
In the process, rename udev_encode_string which is poorly named for what
it does. It deals specifically with encoding names that udev creates and
has its own rules: utf8 is valid but some ascii is not (e.g. path
separators), and everything else is simply escaped. Rename it to
encode_devnode_name.
A session-device is a device that is bound to a seat and used by a
session-controller to run the session. This currently includes DRM, fbdev
and evdev devices. A session-device can be created via RequestDevice() on
the dbus API of the session. You can drop it via ReleaseDevice() again.
Once the session is destroyed or you drop control of the session, all
session-devices are automatically destroyed.
Session devices follow the session "active" state. A device can be
active/running or inactive/paused. Whenever a session is not the active
session, no session-device of it can be active. That is, if a session is
not in foreground, all session-devices are paused.
Whenever a session becomes active, all devices are resumed/activated by
logind. If it fails, a device may stay paused.
With every session-device you request, you also get a file-descriptor
back. logind keeps a copy of this fd and uses kernel specific calls to
pause/resume the file-descriptors. For example, a DRM fd is muted
by logind as long as a given session is not active. Hence, the fd of the
application is also muted. Once the session gets active, logind unmutes
the fd and the application will get DRM access again.
This, however, requires kernel support. DRM devices provide DRM-Master for
synchronization, evdev devices have EVIOCREVOKE (pending on
linux-input-ML). fbdev devices do not provide such synchronization methods
(and never will).
Note that for evdev devices, we call EVIOCREVOKE once a session gets
inactive. However, this cannot be undone (the fd is still valid but mostly
unusable). So we reopen a new fd once the session is activated and send it
together with the ResumeDevice() signal.
With this infrastructure in place, compositors can now run without
CAP_SYS_ADMIN (that is, without being root). They use RequestControl() to
acquire a session and listen for devices via udev_monitor. For every
device they want to open, they call RequestDevice() on logind. This
returns a fd which they can use now. They no longer have to open the
devices themselves or call any privileged ioctls. This is all done by
logind.
Session-switches are still bound to VTs. Hence, compositors will get
notified via the usual VT mechanisms and can cleanup their state. Once the
VT switch is acknowledged as usual, logind will get notified via sysfs and
pause the old-session's devices and resume the devices of the new session.
To allow using this infrastructure with systems without VTs, we provide
notification signals. logind sends PauseDevice("force") dbus signals to
the current session controller for every device that it pauses. And it
sends ResumeDevice signals for every device that it resumes. For
seats with VTs this is sent _after_ the VT switch is acknowledged. Because
the compositor already acknowledged that it cleaned-up all devices.
However, for seats without VTs, this is used to notify the active
compositor that the session is about to be deactivated. That is, logind
sends PauseDevice("force") for each active device and then performs the
session-switch. The session-switch changes the "Active" property of the
session which can be monitored by the compositor. The new session is
activated and the ResumeDevice events are sent.
For seats without VTs, this is a forced session-switch. As this is not
backwards-compatible (xserver actually crashes, weston drops the related
devices, ..) we also provide an acknowledged session-switch. Note that
this is never used for sessions with VTs. You use the acknowledged
VT-switch on these seats.
An acknowledged session switch sends PauseDevice("pause") instead of
PauseDevice("force") to the active session. It schedules a short timeout
and waits for the session to acknowledge each of them with
PauseDeviceComplete(). Once all are acknowledged, or the session ran out
of time, a PauseDevice("force") is sent for all remaining active devices
and the session switch is performed.
Note that this is only partially implemented, yet, as we don't allow
multi-session without VTs, yet. A follow up commit will hook it up and
implemented the acknowledgements+timeout.
The implementation is quite simple. We use major/minor exclusively to
identify devices on the bus. On RequestDevice() we retrieve the
udev_device from the major/minor and search for an existing "Device"
object. If no exists, we create it. This guarantees us that we are
notified whenever the device changes seats or is removed.
We create a new SessionDevice object and link it to the related Session
and Device. Session->devices is a hashtable to lookup SessionDevice
objects via major/minor. Device->session_devices is a linked list so we
can release all linked session-devices once a device vanishes.
Now we only have to hook this up in seat_set_active() so we correctly
change device states during session-switches. As mentioned earlier, these
are forced state-changes as VTs are currently used exclusively for
multi-session implementations.
Everything else are hooks to release all session-devices once the
controller changes or a session is closed or removed.
There's now some more obvious overlap amongst the two utf8 validation
functions, but no more than there already was previously.
This also adds some menial tests for anyone who wants to do more
merging of these two in the future.
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.
Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
* Introduce a macro to conditionally execute tests. This avoids
skipping the entire test if some parts require systemd
* Skip the journal tests when no /etc/machine-id is present
* Change test-catalog to load the catalog from the source directory
of systemd.
* /proc/PID/comm got introduced in v2.6.33 but travis is still
using v2.6.32.
* Enable make check and make distcheck on the travis build
* Use -D"CATALOG_DIR=STR($(abs_top_srcdir)/catalog)" as a STRINGIY
would result in the path '/home/ich/source/linux' to be expanded
to '/home/ich/source/1' as linux is defined to 1.
Building for a different version of Python requires removing all
build products for the old version. There's no nice way to do it,
short of doing 'make clean'. The new 'clean-python' target is a
bit hacky, but seems to work:
./configure PYTHON=python2 && make && make install
make clean-python
./configure PYTHON=python3 --disable-gtk-doc --disable-man-pages && make && make install
should install modules for both versions of Python.
Some of the options in systemd can take multiple arguments, such as
systemctl's --type option. Previously, you would only be able to
complete a single type after the -t, but now zsh will continue to
complete the types, separating them by commas.
systemd-inhibit's --what command has colon (:), and that has been taken
into account.
_hosts_or_user_at_host was used by 6 different completions, and
previously was in all 6 of those files. I moved it out to its own file,
_sd_hosts_or_user_at_host. This will be autoloaded for use in other
completion functions. It also allows external completions to use this
function by simply calling _sd_hosts_or_user_at_host as in the systemd
completions.
As many laptops don't save/restore screen brightness across reboots,
let's do this in systemd with a minimal tool, that restores the
brightness as early as possible, and saves it as late as possible. This
will cover consoles and graphical logins, but graphical desktops should
do their own per-user stuff probably.
This only touches firmware brightness controls for now.
This adds a simple generator that is capable of automatically
discovering certain GPT partitions by their type UUID and mount/enable
them. This currently covers swap partitions and /home partitions, but is
expected to grow more features soon.
This currently doesn't handle LUKS encrypted /home.
This enables all swap partitions of type
0657fd6da4ab43c484e50933c84b4f4f, if found.
This mounts the first partition of type 933ac7e12eb44f13b8440e14e2aef915
as /home, if it is found.
In fba1ea0 'build: do not link everything with -lrt (and
therefore -pthread)' librt was removed from the list of
libraries. But libsd-daemon-internal also uses symbols from
librt and librt must thus be added everywhere where
libsd-daemon-interal is used, or otherwise linking might
fail:
/usr/bin/ld: ./.libs/libudev-core.a(sd-daemon.o): undefined reference to symbol 'mq_getattr@@GLIBC_2.3.4'
/usr/bin/ld: note: 'mq_getattr@@GLIBC_2.3.4' is defined in DSO /lib64/librt.so.1 so try adding it to the linker command line
We export the location of a bunch of directories this way,
so it makes sense to add those three. Especially catalogdir
is something that we want people to add things to.
Note on the naming: the first two are tied closely to systemd
itself, so I prefixed them with "systemd". The third one is
rather more generic, so no prefix.
https://bugs.freedesktop.org/show_bug.cgi?id=67635
Moved zsh shell completion to shell-completion/zsh/_systemd for
automake's sake. Also allow users to specify where the files should go
with::
./configure --with-zshcompletiondir=/path/to/some/where
and by default going to `$datadir/zsh/site-functions`
Python 2.7, and 3.2 and higher support querying compilation
flags through pkg-config. This makes python support follow
rules similar to various other optional compilation-time
libraries. New flags are called PYTHON_DEVEL_CFLAGS and
PYTHON_DEVEL_LIBS, because PYTHON (without _DEVEL), is
already used for the python binary name, and things would
be confusing if the same prefix was used for two things.
configure has --disable-python-devel to disable python modules.
One advantage is that CFLAGS for modules gets smaller:
- -I/usr/include/python3.3m -I/usr/include/python3.3m -Wno-unused-result -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv
+ -I/usr/include/python3.3m
as does LIBS:
- -lpthread -ldl -lutil -lm -lpython3.3m
+ -lpython3.3m
Support for Python 2.6 is removed, but can be easily
restored by using
PYTHON_DEVEL_CFLAGS="$(python2.6-config --cflags)",
etc., as ./configure parameters.
https://bugs.freedesktop.org/show_bug.cgi?id=57800
Yesterday I added test-suite.log as dependency to the .PRECIOUS
target. Automake is warning about this target being redefined
and from what I see there is no way I can stop the warning but
I can add the %MAKEFILE% as dependency.
automake warning:
Makefile.am:35: warning: user target '.PRECIOUS' defined here ...
/usr/share/automake-1.13/am/configure.am: ... overrides Automake target '.PRECIOUS' defined here
[zj: s/%MAKEFILE%/Makefile/ because %MAKEFILE% wasn't actually substituted properly.]
The addition of .DELETE_ON_ERROR will lead to the removal of the
test-suite.log in case of a test failure. Mark the rule as PRECIOUS
to keep that file around.
Enable coverage with --enable-coverage.
"make coverage" will create the report locally,
"make coverage-sync" will upload the report to
http://www.freedesktop.org/software/systemd/coverage/.
Requires lcov version 1.10 to handle naming in systemd and to
use the --no-external option.
[zj: make the coverage at least generate something with
separate build dir, simplify rules a bit: all errors
are mine. ]
As of kmod v14, it is possible to export the static node information from
/lib/modules/`uname -r`/modules.devname in tmpfiles.d(5) format.
Use this functionality to let systemd-tmpfilesd create the static device nodes
at boot, and drop the functionality from systemd-udevd.
As an effect of this we can move from systemd-udevd to systemd-tmpfiles-setup-dev:
* the conditional CAP_MKNOD (replaced by checking if /sys is mounted rw)
* ordering before local-fs-pre.target (see 89d09e1b5c)
RPM macros are moved from /etc to /usr, in the sprit of moving
in the direction of empty /etc.
RPM gained support for the new directory recently, in v. 4.10.90:
https://bugzilla.redhat.com/show_bug.cgi?id=846679.
Embedded folks don't need the machine registration stuff, hence it's
nice to make this optional. Also, I'd expect that machinectl will grow
additional commands quickly, for example to join existing containers and
suchlike, hence it's better keeping that separate from loginctl.
"Scope" units are very much like service units, however with the
difference that they are created from pre-existing processes, rather
than processes that systemd itself forks off. This means they are
generated programmatically via the bus API as transient units rather
than from static configuration read from disk. Also, they do not provide
execution-time parameters, as at the time systemd adds the processes to
the scope unit they already exist and the parameters cannot be applied
anymore.
The primary benefit of this new unit type is to create arbitrary cgroups
for worker-processes forked off an existing service.
This commit also adds a a new mode to "systemd-run" to run the specified
processes in a scope rather then a transient service.
Fixed build on debian wheezy:
./.libs/libudev.so: undefined reference to `cg_create'
Appears to have no influence on the resulting binaries and
libraries. Cf. b5fafdf63f.
Transient units can be created via the bus API. They are configured via
the method call parameters rather than on-disk files. They are subject
to normal GC. Transient units currently may only be created for
services (however, we will extend this), and currently only ExecStart=
and the cgroup parameters can be configured (also to be extended).
Transient units require a unique name, that previously had no
configuration file on disk.
A tool systemd-run is added that makes use of this functionality to run
arbitrary command lines as transient services:
$ systemd-run /bin/ping www.heise.de
Will cause systemd to create a new transient service and run ping in it.
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
quotaon.service is already installed through dist_systemunit_DATA, so it doesn't
need to be added to nodist_systemunit_DATA. Installing the same file twice
results in a race condition where the install process can fail.
https://bugs.freedesktop.org/show_bug.cgi?id=65659
[zj: actually remove quotaon.service from the other list.]
We want to allow clients to process an sd_bus_message on a different
thread than it was received on. Since unreffing a bus message might
readd some of its memfds to the memfd cache add some minimal locking
around the cache.
That way ordering it with MountsRequiredFor= works properly, as this no
longer results in mount units start requests to be added to the shutdown
transaction that conflict with stop requests for the same unit.
This will launch $(PYTHON) with $LD_LIBRARY_PATH and $PYTHONPATH
as ./configure-d and DESTDIR-ed. Use as:
make install DESTDIR=/var/tmp/inst python-shell
Previous commit (20d408766) was broken. The problem is not connected
to DESTDIR being set or not, but to the fact that targets in
$GENERAL_ALIASES have directory components, so mkdir -p wasn't
recursing deep enough.
grawity> ln: failed to create symbolic link
‘/home/grawity/pkg/aur/systemd-git/pkg/systemd//etc/systemd/system/multi-user.target.wants/remote-fs.target’: No such file or directory
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
Do the depmod in the kernel-install hooks, so hooks can produce/install
kernel modules and be part of the depmod.
Also move the basic boot loader entry creation and removal to a
plugin script.
If PRETTY_NAME is not defined in /etc/os-release, fallback to
PRETTY_NAME="Linux $KERNEL_VERSION".
Add documentation for everything in the man page.
When rsyncing to fd.o, rsync would fail on symlinks in man/.
We don't care about the times too much anyway. rsync will
set times to "now", which is fine, since modification times
don't matter much outside of each uploader's machine anyway.
The point is to complete all steps of the transfer, so Python
documentation is properly updated.
The same old story as d3b9e0ff: those two use libsystemd-shared, and
in turn, some functions in libsystemd-shared use libsystemd-daemon.
The fact that *those* functions are used neither by the python modules
in question nor pam_systemd isn't always enough. Currently, I'm seeing
linking failures with -flto. The result of adding
libsystemd-daemon-internal to the list of linked libraries should be
harmless, with no change in size or final link requirements.
libsystemd-audit needs functions from libsystemd-shared, so
libsystemd-audit needs to appear first. Otherwise:
CCLD systemd-logind
./.libs/libsystemd-audit.a(audit.o): In function `audit_session_from_pid':
/home/josh/src/systemd/src/shared/audit.c:50: undefined reference to `detect_container'
This patch adds --disable-tests to configure. It is based on a patch
posted by Thierry Reding in 2010. The motivation for adding it is that
some tests fail link-time when cross-compiling.
The patch adds a new Makefile variable -- manual_tests -- and uses
that instead of noinst_PROGRAMS. However, if ENABLE_TESTS is true,
the former is added to the latter. It also renames noinst_tests to
simply tests.
This bit of code is mostly stolen from coredump.c. We construct
a simple journal message and append the bootchart file in the
journal automatically.
You can extract the latest bootchart from the current boot with
something like:
$ journalctl -b MESSAGE_ID=9f26aa562cf440c2b16c773d0479b518 --field=BOOTCHART
which prints it to stdout.
None of the other logic is touched. The journal entry is created
even if bootchart was run manually, which is probably wrong.
Since v183, the contents of /usr/lib/udev/devices is no longer copied to /dev
on boot, rather systemd-tmpfiles should be used instead. However, as
systemd-tmpfiles --create is only ran long after udevd has been started, it is
no longer possible to use udev rules to assign permissions to the static nodes.
This calls systemd-tmpfiles --create early, before udev is started, and
restricts the call to /dev, which is known to be mounted already.
In the future, this could also take over the creation of static device nodes
from systemd-udevd.
georgem> libsystemd-id128.so: undefined reference to `sd_listen_fds'
In some toolchains (--as-needed not used or not working), the
toolchain doesn't drop this dependency. It is introduced because
sd-id128.so is linked against sd-shared.la, and some functions therein
use libsystemd-daemon, but libsd-id128 doesn't use any of those
functions.
This results in no change in libsystemd-id128.so when the unused
symbols are properly stripped.
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
Since journal-gatewayd is now running unprivileged, and detecting
virtalization requires privileges, query PID1 via D-Bus for the used
virtualization.
This is also the first time we use libsystemd-bus for more than just
testing.
https://bugs.freedesktop.org/show_bug.cgi?id=62173
This makes it easier to add substitutions to man pages,
avoiding the separate transformation step.
mkdir -p's are removed from the rule, because xsltproc will
will create directories on it's own.
All in all, two or three forks per man page are avoided,
which should make things marginally faster.
Unfortunately python parsers must too be tweaked to handle
entities. This isn't particularly easy: with lxml a custom
Resolver can be used, but the stdlib etree doesn't support
external entities *at all*. So when running without lxml,
the entities are just removed. Right now it doesn't matter,
since the entities are not indexed anyway. But I intend to
add indexing of filenames in the near future, and then the
index generated without lxml might be missing a few lines.
Oh well.
In order to write tests for the catalog functions, they
are made non-static and start taking a 'database' parameter,
which is the name of a file with the preprocessed catalog
entries.
This makes it possible to make test-catalog part of the
normal test suite, since it now only operates on files
in /tmp.
Some more tests are added.
Readahead has all sorts of bad side effects depending on your
storage media. On rotating disks, it may be degrading startup
performance if enough requests are queued spanning linearly
over all blocks early at boot, and mount, blkid and friends
want to insert reads to the start of these block devices after.
The end result is that on spinning disks with ext3/4 that udev
and mounts take a very long time, and nothing really happens until
readahead is completely finished.
This has the net effect that the CPU is almost entirely idle
for the entire period that readahead is working. We could have
finished starting up quite a lot of services in this time if
we were smarter at how we do readahead.
This patch sorts all requests into 2 second "chunks" and sub-sorts
each chunk by block. This adds a single cross-drive seek per "chunk"
but has the benefit that we will have a lot of the blocks we need
early on in the boot sequence loaded into memory faster.
For a comparison of how before/after bootcharts look (ext4 on a
mobile 5400rpm 250GB drive) please look at:
http://foo-projects.org/~sofar/blocked-tests/
There are bootcharts in the "before" and "after" folders where you
should be able to see that many low-level services finish 5-7
seconds earlier with the patch applied (after).
With the conversion from pci-db + usb-db to hwdb, the property
got accitentially renamed.
Move the name back to the long established identifier *MODEL*
instead of *PRODUCT*.
$ git grep -l ID_MODEL_FROM_DATABASE
hwdb/20-pci-vendor-model.hwdb
hwdb/20-usb-vendor-model.hwdb
hwdb/ids-update.pl
man/systemd.device.xml
rules/78-sound-card.rules
src/core/device.c
src/cryptsetup/cryptsetup.c
Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently
wrapped.
First, rename root-fs.target to initrd-root-fs.target to clarify its usage.
Mount units with "x-initrd-rootfs.mount" are now ordered before
initrd-root-fs.target. As we sometimes construct /sysroot mounts in
/etc/fstab in the initrd, we want these to be mounted before the
initrd-root-fs.target is active.
initrd.target can be the default target in the initrd.
(normal startup)
:
:
v
basic.target
|
______________________/|
/ |
| sysroot.mount
| |
| v
| initrd-root-fs.target
| |
| v
| initrd-parse-etc.service
(custom initrd services) |
| v
| (sysroot-usr.mount and
| various mounts marked
| with fstab option
| x-initrd.mount)
| |
| v
| initrd-fs.target
| |
\______________________ |
\|
v
initrd.target
|
v
initrd-cleanup.service
isolates to
initrd-switch-root.target
|
v
______________________/|
/ |
| initrd-udevadm-cleanup-db.service
| |
(custom initrd services) |
| |
\______________________ |
\|
v
initrd-switch-root.target
|
v
initrd-switch-root.service
|
v
switch-root
https://bugs.freedesktop.org/show_bug.cgi?id=62085
/usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/../../../../lib64/libsystemd-login.so:
undefined reference to `sd_listen_fds'
In ee465038ce 'build-sys: break dependency loop between
libsystemd-id128.la and -shared.la', a partial fix was applied, and
the use of functions from libsystemd-id128 was removed from
libsystemd-shared. Nevertheless, fdset.c was still using sd_listen_fds,
so libsystemd-login should be linked against libysystemd-daemon
or libsystemd-daemon-internal.
Tested-by: Elias Probst <mail@eliasprobst.eu>
Instead of using local-fs*.target in the initrd, use root-fs.target for
sysroot.mount and initrd-fs.target for /sysroot/usr and friends.
Using local-fs.target would mean to carry over the activated
local-fs.target to the isolated initrd-switch-root.target and thus in
the real root. Having local-fs.target already active after
deserialization causes ordering problems with the real root services and
targets.
We better isolate to targets for initrd-switch-root.target, which are
only available in the initrd.
This should help readers of the man or HTML pages know if the documentation
is out of date. An alternative to use a date generated from 'git log' was
considered, but since we try to keep user visible documentation up to date,
showing the project version should be enough.
Let's update bootchar to share the coding style a bit more with the rest
of the package.
- Some tabs/spaces fixes
- add #pragma to header
- split up header so that we have a 1:1 relation between .c and .h files
like everywhere else
- Prefix user command line arguments/configuration settings with "arg_".
- other coding style fixes
SMACK is the Simple Mandatory Access Control Kernel, a minimal
approach to Access Control implemented as a kernel LSM.
The kernel exposes the smackfs filesystem API through which access
rules can be loaded. At boot time, we want to load the access rules
as early as possible to ensure all early boot steps are checked by Smack.
This patch mounts smackfs at the new location at /sys/fs/smackfs for
kernels 3.8 and above. The /smack mountpoint is not supported.
After mounting smackfs, rules are loaded from the usual location.
For more information about Smack see:
http://www.kernel.org/doc/Documentation/security/Smack.txt
Since sd_journal_reliable_fd wasn't exported before, it is as if
it was added now. Library "current" number must be bumped.
michich> Someone links with the fixed version and produces a RPM with
his program. The RPM will happily install on a system with an
old systemd version (the deps will appear fine), but the
program will fail to run.
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
Split the large bash completion script into separate, smaller files each
named after the binary it is used for and move the files to
/usr/share/bash-completion/completions. This way the completions can be
loaded on demand and we only install the completions for the tools we
actually build. The old path /etc/bash_completion.d/ is deprecated and
will disappear in the future.
This will:
* mount all configured filesystems (typically the rootfs on /sysroot)
* reload the configuration to pick up anything from the mounted fs (typically
/sysroot/etc/fstab)
* mount any newly configured filesystems (typically /usr on /sysroot/usr, if
applicable)
* shut-down and clean-up any daemons running in the initramfs (typically udevd)
* switch-root to /sysroot and start the real init
For an example of what files should be included in an initramfs based on this
see
<https://mailman.archlinux.org/pipermail/arch-projects/2013-February/003628.html>.
Cc: Harald Hoyer <harald.hoyer@gmail.com>
Cc: Dave Reisner <d@falconindy.com>
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
__REALTIME_TIMESTAMP and __MONOTONIC_TIMESTAMP return ints.
It doesn't make sense to convert to string, just to convert
back to a number later on.
Also try to follow systemd rules for indentation.
This introduces a new static list of known attributes and their special
semantics. This means that cgroup attribute values can now be
automatically translated from user to kernel notation for command line
set settings, too.
This also adds proper support for multi-line attributes.
This doesn't need to be passed, as it's handled by libtool. Since the
default for autoconf is --disable-static, this change is effectively a
noop. It only matters if you pass --enable-static, in which case the
static libs for systemd libraries will actually be built.
Nitpicky, but this only affects systemd libs. The override for the
other libs remains since these libs are always loaded dynamically and
never compiled staticly.
Written by Peeters Simon <peeters.simon@gmail.com>.
Makefile stuff and cleaned up a bit by Auke Kok <auke-jan.h.kok@intel.com>.
Some code inspired by Marc-Antoine Perennou <Marc-Antoine@Perennou.com>.
Now, actually check if the environment variable names and values used
are valid, before accepting them. With this in place are at some places
more rigid than POSIX, and less rigid at others. For example, this code
allows lower-case environment variables (which POSIX suggests not to
use), but it will not allow non-UTF8 variable values.
All in all this should be a good middle ground of what to allow and what
not to allow as environment variables.
(This also splits out all environment related calls into env-util.[ch])
After d848b9cbfa 'Move generic specifier functions to shared' libudev
depends (through) libsystemd-shared.la on libsystemd-id128.so. The
problem only appears when the linker does not support --gc-sections
and manifests itself as the inability to resolve sd_id128_get_machine
and other libsystemd-id128 functions, which aren't really used.
In other cases where multiple directories are searched for unit files,
the list of directories is described in the man page describing the
format. I think this makes sense too in case of systemd directories,
since the systemd(1) manpage already has an overview of many different
topics.
man rules were repeating the same information in too many places,
which was error prone. Those rules can be easily generated from .xml
files. For efficiency and because python is not a required dependency,
Makefile-man.am is only regenerated when requested with
make update-man-list
If no metadata in man/*.xml changed, this file should not change. So
only when a new man page or a new alias is added, this file should
show up in 'git diff'. The change should then be committed.
If the support for building from git without python was dropped, we
could drop Makefile-man.am from version control. This would also
increase the partial build time (since more stuff would be rebuild
whenever sources in man/*.xml would be modified), so it would probably
wouldn't be worth it.
adds test of:
strv_find
strv_find_prefix
strv_overlap
strv_sort
streq_ptr
first_word
Splits tests of util.c into own file to avoid clutter as we add more.
Removed a few prints and uses _cleanup_free_ to make the tests more focused.
Sometimes it is useful to look at them, and they don't take
up any significant amount of space. Keeping them also avoids
the message about files being removed at the end of make
run.
This allows one templated unit to refer to another templated unit
at installation time.
Examples:
> grep WantedBy ~/.config/systemd/user/mpop@.timer
WantedBy=services@%i.target
> srv disable mpop@iit.timer
rm '/home/alxchk/.config/systemd/user/services@iit.target.wants/mpop@iit.timer'
> srv enable mpop@iit.timer
ln -s '/home/alxchk/.config/systemd/user/mpop@.timer' '/home/alxchk/.config/systemd/user/services@iit.target.wants/mpop@iit.timer'
Based-on-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
New sections are added: PAM options, crypttab options, commandline
options, miscellaneous. The last category will be used for all
untagged <varname> elements.
Commandline options sections is meant to be a developer tool: when
adding an option it is sometimes useful to be able to check if
similarly named options exist elsewhere.
Based-on-patch-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
cppcheck reported:
[src/bootchart/svg.c:791]: (error) Mismatching allocation and deallocation: f
The idea is to make Makefile.am more declarative and avoid
repetitions. Redeclaring unit links as variables also makes
it easier to conditionally install only some of them.
In the x32 ABI, syscall numbers start at 0x40000000. Mask that bit on
x32 for lookups in the syscall_names array and syscall_filter and ensure
that syscall.h is parsed correctly.
[zj: added SYSCALL_TO_INDEX, INDEX_TO_SYSCALL macros.]
This allows us to print simple performance data of all parts of the boot now:
- firmware
- boot loader
- kernel
- initrd
- userspace
This only works for bootloaders which support passing TSC data via EFI
variables. As of now that's only gummiboot.
We no longer allow early-boot init scripts, however in late boot the
syslog socket and local mounts are established anyway, so let's simplify
our dep graph a bit.
If $syslog doesn't resolve to syslog.target anymore there's no reason to
keep syslog.target around anymore. Let's remove it.
Note that many 3rd party service unit files order themselves after
syslog.target. These will be dangling dependencies now, which should be
unproblematic, however.
New file output.h with output flags and modes.
--full parameter also for cgls and loginctl.
Include 'all' parameter in flags (show_cgroup_by_path, show_cgroup,
show_cgroup_and_extra, show_cgroup_and_extra_by_spec).
get_process_cmdline with max_length == 0 will not ellipsize output.
Replace LINE_MAX with 0 in some calls of get_process_cmdline.
[zj: Default to --full when under pager for clgs.
Drop '-f' since it wasn't documented and didn't actually work.
Reindent a bit.
]
Systemd should not introduce any new facilities. Distributions which still
need to support their non-standard/legacy facilities should add them as
patches to their packaging.
The following facilities are no longer recognized:
$x-display-manager
$mail-transfer-agent
$mail-transport-agent
$mail-transfer-agent
$smtp
$null
This target is no longer available:
mail-transfer-agent.target
This way we also get a man page. The output is not as polished.
I hope that it doesn't matter too much.
index.html is not generated now, the page is called
systemd.index.html. If necessary, an install hook should be added.
Bootchart is renamed to 'systemd-bootchart' and installed as
/usr/lib/systemd/systemd-bootchart. The configuration file
will reside in /etc/systemd/bootchart.conf.
Define KEEP_LA_FILES to keep them.
The hook is repeated because both install-exec-hook and
install-data-hook can install libraries and with parallel make
it's not possible to predict which one will run first.
http://lists.freedesktop.org/archives/systemd-devel/2013-January/008016.html
tl;dr: Libtool .la files are not very useful for linking linux
libraries.
Note that there are still some rome for cleanups. In particular,
the .la files are now installed, which we probably don't want; and
some of the macros in Makefile.am are likely redundan.
The variable assignment operator was introduced in make 3.82 and thus
breaks "make install" with older versions of make. Since "=" is optional
in make 3.82 it is safe to drop.
Python binary used in the she-bang line in installed
scripts can be set with ./configure PYTHON_BINARY=...
Defaults to the same path as python used during compilation.
Adding --version makes systemd-analyze behave consistently with the
rest of installed programs.
The lines in ./configure output are reordered to keep all yes/no lines
separate. I think that this makes the output clearer.
This also drops automatic selection of the rc local scripts
based on the local distro. Distributions now should specify the paths
of the rc-local and halt-local scripts on the configure command line.
Commit f934051c4d broke the build
because it made libsystemd-shared call sd_listen_fds() which is
defined in libsystemd-daemon.
This is a bit of a contortion because libsystemd-shared.la is a
noinst_LTLIBRARY, but libtool should do the right thing here and emit
DT_NEEDED on libsystemd-daemon.so for things that consume
libsystemd-shared.la.
The individual address block is a poor man's organizationally unique
identifier.
Perhaps we should change the udev key from ID_OUI_FROM_DATABASE to
something like ID_IEEE_VENDOR_FROM_DATABASE?
Suggested-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
This saves test output to individual .log files.
The driver is only used in /Makefile.am, not in
/docs/*udev/Makefile.am because the latter don't seem to work with
this driver. They don't produce much output anyway.
.gitignore is alphabetized, and .log files are added to it.
Generated files from /build-aux are removed from the list.
Currently, keymaps are provided only for the NP90X3A laptop. Samsung
introduced updated models, codenamed 900X3B, 900X3C, 900X4B, 900X4C,
which are currently not matched by udev rules. This patch includes the
newer modules in udev rules and move the samsung-n90x3a file defining
keys to a more generic samsung-series-9 file.
The patch was tested on a 900X4C laptop, and other people reported
that the rules also work for 900X3B and 900X3C ones.
TARGET_UBUNTU is effectively the same as TARGET_DEBIAN. Given the Ubuntu
is unlikely to use systemd anytime soon there's no point in keeping this
separate.