1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

61618 Commits

Author SHA1 Message Date
Lennart Poettering
d88e1e484a systemctl: stop using basename() at one more place 2022-12-15 17:53:07 +01:00
Lennart Poettering
0ce6f0a35a systemctl: line break string where the newlines are 2022-12-15 17:52:26 +01:00
Lennart Poettering
2865507008 systemctl: minor modernizations/simplifications 2022-12-15 17:51:45 +01:00
Lennart Poettering
8eda5560b0 systemctl: simplify trim_edit_markers()
This is not performance sensitive, don#t try to be smart with realloc()

Follow-up for: #25305
Fixes: #25303
2022-12-15 17:51:11 +01:00
Yu Watanabe
0b92fbbaee test: fix typo 2022-12-16 01:38:08 +09:00
Yu Watanabe
9b8eb412ca
Merge pull request #25756 from yuwata/test-resolve-1
test: several cleanups for TEST-75-RESOLVE
2022-12-16 00:53:52 +09:00
Yu Watanabe
6f3473ca03
Merge pull request #25718 from yuwata/locale-cleanups
locale: avoid TOCTOU in reading config files
2022-12-16 00:51:13 +09:00
Frantisek Sumsal
a32831ae1d mkosi: work around a file conflict between systemd and systemd-boot 2022-12-15 16:04:28 +01:00
Daan De Meyer
84a4d23f52 repart: Use "defer" in docs instead of "skip" 2022-12-15 15:45:00 +01:00
Luca Boccassi
4895bacccb Manager: also log caller of daemon-reexec 2022-12-15 23:27:06 +09:00
Yu Watanabe
b3f1afc089
Merge pull request #24058 from qdeslandes/journald_regex_filtering
Allow for journald logs filtering on a per-unit basis
2022-12-15 22:03:33 +09:00
Yu Watanabe
133708b879 Revert "test: wait for the monitoring service to become active"
This reverts commit 5dd34c2604.

`resolvectl monitor` sends notify event, and systemd-run wait for the
service being in active state. Hence, the loop is not necessary.
2022-12-15 21:50:13 +09:00
Yu Watanabe
ef09861a0b test: suppress echo in monitor_check_rr() 2022-12-15 21:50:13 +09:00
Frantisek Sumsal
0969bb4246 packit: drop/replace deprecated directives 2022-12-15 21:48:49 +09:00
Daan De Meyer
640c02d529 repart: Fix integration test 2022-12-15 21:48:30 +09:00
Yu Watanabe
cd07f6e8e9
Merge pull request #25224 from poettering/measure-append
add --append= switch to systemd-measure
2022-12-15 21:47:29 +09:00
Yu Watanabe
f4128c8d51
Merge pull request #25735 from yuwata/switch-root-follow-ups
mount-util: several follow-ups for recent mount_switch_root() changes
2022-12-15 21:39:40 +09:00
mvzlb
109197df7a
hwdb: Fix mount matrix for CSL Panther Tab HD (#25752)
Commit a76d7aca sets ACCEL_MOUNT_MATRIX to match the device's casing
(landscape) instead of the LCD panel (portrait).
2022-12-15 19:59:14 +09:00
Lennart Poettering
c0e42509da update TODO 2022-12-15 11:40:21 +01:00
Lennart Poettering
6b41e0250f test: add integration test for systemd-measure --append= 2022-12-15 11:40:21 +01:00
Lennart Poettering
a5c690a8b5 measure: add --append= switch for merging signatures
Often it's useful to add multiple signatures in the signature JSON file
to embedd in a single .pcrsig. (For example, a signature by key X for
boot phase "enter-initrd" and one by key Y for
"enter-initrd:leave-initrd" or so). Make this easy, by adding the
ability to append signatures to a previously generated JSON file.
2022-12-15 11:40:21 +01:00
Lennart Poettering
3bb326c558 json: add helper for adding variant to array suppressing duplicates 2022-12-15 11:39:57 +01:00
Quentin Deslandes
1c9c6fc7df journal: add integration tests for log filtering
Add integration tests for journald's log filtering feature.
2022-12-15 09:57:39 +00:00
Quentin Deslandes
87a13dabbd journal: filter log based on LogFilterPatterns
Use LogFilterPatterns from the unit's cgroup xattr in order to keep or
discard log messages before writing them to the journal.
When a log message is discarded, it won't be written to syslog, console...
either.

When a native, syslog, or standard output log message is received,
systemd-journald will process it if it matches against at least one
allowed pattern (if any) and none of the denied patterns (if any).
2022-12-15 09:57:39 +00:00
Quentin Deslandes
b8c0565ec4 Create hash_ops structure to free keys of type pcre2_code 2022-12-15 09:57:39 +00:00
Quentin Deslandes
c00b95d5e9 systemctl: add support for LogFilterPatterns for show command
Parse DBus structure send by LogFilterPatterns to print it in systemctl
show.
2022-12-15 09:57:39 +00:00
Quentin Deslandes
523ea1237a journal: log filtering options support in PID1
Define new unit parameter (LogFilterPatterns) to filter logs processed by
journald.

This option is used to store a regular expression which is carried from
PID1 to systemd-journald through a cgroup xattrs:
`user.journald_log_filter_patterns`.
2022-12-15 09:57:39 +00:00
Quentin Deslandes
96c648fecd set: add set_make_nulstr
Add function set_make_nulstr() to create a nulstr out of a set. Behave
the same way as strv_make_nulstr().
2022-12-15 09:57:39 +00:00
Lennart Poettering
c68523e00d
Merge pull request #25350 from poettering/efi-guid-equal
efi: add efi_guid_equal() helper
2022-12-15 10:24:58 +01:00
Yu Watanabe
62650f4258
Merge pull request #25602 from fbuihuu/fix-TEST-73-LOCALE
localed: reload PID1 configuration after modifying /etc/locale.conf
2022-12-15 17:47:05 +09:00
Daan De Meyer
5c33b68652 repart: Rework Minimize= option settings
Instead of having Minimize= take a boolean let's allow for two
different ways to enable it. "best" means we want the most minimal
image possible, which currently is only possible for read-only
filesystems but can be extended in the future with bisection
to find the most minimal possible size.

We also add "guess", which is the current behavior, where we
populate once and use the sparse size to make a reasonable guess
on a size that fits all the sources without needing to O(log(n))
tries to find the most minimal size.
2022-12-15 15:09:09 +09:00
Yu Watanabe
9d50f8508b mount-util: make mount_switch_root() take a mount propagation flag 2022-12-15 14:17:22 +09:00
Yu Watanabe
edac5c4636 mountpoint-util: introduce mount_propagation_flag_is_valid() 2022-12-15 14:15:59 +09:00
Yu Watanabe
b205e59ad4 mountpoint-util: rename mount_propagation_flags_to_string() and friends as singular 2022-12-15 14:15:55 +09:00
Yu Watanabe
6c6eb219d5 mount-util: mount flag is unsigned long 2022-12-15 14:15:09 +09:00
Yu Watanabe
b8b4f80a8a mount-util: drop unnecessary inline attributes 2022-12-15 14:15:09 +09:00
Yu Watanabe
993681def8
Merge pull request #25743 from yuwata/timesync-ipv6
timesync: ignore IPv6 addresses when the kernel does not support it
2022-12-15 12:57:54 +09:00
Zbigniew Jędrzejewski-Szmek
7a14db9cfd basic: do not output emojis if not on a proper terminal
$TERM would generally be set if we're connected to a proper graphical terminal
emulator. In all other cases, in particular if $TERM is not set, we almost
certainly are not connected to something that can output emojis. In particular
the text console is unlikely to ever do it correctly.

So let's invert the check, and only write emojis if $TERM is set.

Fixes #25521.
2022-12-15 12:56:03 +09:00
Yu Watanabe
60e84f0205
Merge pull request #25732 from enr0n/unit-test-machine-id-initialized
unit tests: do not fail when `/etc/machine-id` is empty
2022-12-15 12:55:04 +09:00
Yu Watanabe
a6e16d949c
Merge pull request #25723 from keszybz/generators-tmp
Run generators with / ro and /tmp mounted
2022-12-15 12:53:49 +09:00
Yu Watanabe
1af1c95e30
Merge pull request #25693 from yuwata/binfmt
binfmt: several cleanups
2022-12-15 12:52:30 +09:00
Zbigniew Jędrzejewski-Szmek
750c605614 pam: actually align the columns
In 9efb224443 was supposed to align
them, but for some reason I just added a second space everywhere.
2022-12-15 00:11:11 +01:00
Mike Yuan
8f23229cae systemctl: is-enabled: document the return code change
Follow-up for #25689

We've added a new output ("not-found") in #25689.
2022-12-14 23:21:06 +01:00
Zbigniew Jędrzejewski-Szmek
c41fff1e08 fstab-generator: use log message that matches reality
We *assume* that when /sys is read-only, we're running in a container. But
there can other reasons, for example root is mount ro and nobody has mounted
/sys yet, or somebody forgot to add /sys to the list of filesystem not to
remount ro in a sandbox. So let's actually say what we know instead of assuming.

systemd-fstab-generator was reporting that it's running in a container and I
spent a good few minutes trying to figure out why 'systemd-detect-virt -c'
disagrees, before noticing that it's just checking a different condition.
2022-12-14 22:12:44 +01:00
Zbigniew Jędrzejewski-Szmek
9f563f2792 tree-wide: use mode=0nnn for mount option
This is an octal number. We used the 0 prefix in some places inconsistently.
The kernel always interprets in base-8, so this has no effect, but I think
it's nicer to use the 0 to remind the reader that this is not a decimal number.
2022-12-14 22:12:44 +01:00
Zbigniew Jędrzejewski-Szmek
ca6ce62d2a manager: execute generators in a mount namespace "sandbox"
When generators are executed during early boot, /tmp might not be available
yet. This causes problems with bash, because here-docs don't work. Even
non-shell code can often assume that /tmp is available. This limitation is
known to trip up people, and when the code is tested on a "normal" system,
everything works.

We can solve this nicely, and get another small benefit, by making most of the
file system read-only and "punching holes" for some dirs that should be
writable. The generator code runs with full privileges and can do anything it
wants by writing appropriate systemd units, so it doesn't make much sense to do
any significant sandboxing around generators. But making root read-only is nice
because it can catch stupid mistakes where the generator tries to write to a
wrong path or something like that. We effectively also get a "private /tmp" for
the generators, which protects them against existing files in /tmp.

The path does the following:
when executing generators, we fork, and the child unshares root and makes
it recursively read-only, with the exception of /sys and /run. Error handling
is permissive — if some of this setup fails, we're in the same state as
before the patch.

Fixes #24430.
2022-12-14 22:12:44 +01:00
Zbigniew Jędrzejewski-Szmek
61ef30515b shared: add new safe_fork flag FORK_PRIVATE_TMP
If the flag is set, we mount /tmp/ in a way that is suitable for generators and
other quick jobs.

Unfortunately I had to move some code from shared/mount-util.c to
basic/mountpoint-util.c. The functions that are moved are very thin wrappers
around mount(2), so this doesn't actually change much in the code split between
libbasic and libshared.

Implications for the host would be weird if a private mount namespace is not
used, so assert on FORK_NEW_MOUNTNS when the flag is used.
2022-12-14 22:12:44 +01:00
Nick Rosbrook
3a9ca23036 journal: skip part of test-journal-interleaving if no machine-id exists
When executed on a systemd with an empty /etc/machine-id,
test-journal-interleaving fails in test_sequence_numbers_one() when
re-opening the existing "two.journal". This is because opening the
existing journal file with managed_journal_file_open() causes
journal_file_verify_header() to be called. This function tries to
compare the current machine-id to the machine-id in the journal file
header, but does not handle the case where the machine-id is empty or
non-existent.

Check if we have an initialized machine-id before executing this portion
of the test.
2022-12-14 13:58:12 -05:00
Nick Rosbrook
2c6b738bad test-load-fragment: simplify machine-id check 2022-12-14 13:58:12 -05:00
Nick Rosbrook
a635b6279c test-unit-name: simplify machine-id check 2022-12-14 13:58:12 -05:00