1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

7510 Commits

Author SHA1 Message Date
Florian Klink
a108fcbace fsck: look for fsck binary not just in /sbin
This removes remaining hardcoded occurences of `/sbin/fsck`, and instead
uses `find_executable` to find `fsck`.

We also use `fsck_exists_for_fstype` to check for the `fsck.*`
executable, which also checks in `$PATH`, so it's fair to assume fsck
itself is also available.
2023-04-15 10:29:50 +01:00
Daan De Meyer
e77e07f601 preset: Add ignore directive
The ignore directive specifies to not do anything with the given
unit and leave existing configuration intact. This allows distributions
to gradually adopt preset files by shipping a ignore * preset file.
2023-04-14 20:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
10fa7251c0 man/systemd-cryptenroll: update list of PCRs, link to uapi docs
Entia non sunt multiplicanda praeter necessitatem. We had a list of PCRs in the
man page which was already half out-of-date. Instead, link to web page with the
"authoritative" list. Here, drop the descriptions of what shim and grub do. Instead,
just give some short descriptions and mention what systemd components do.
systemd-pcrmachine.service and systemd-pcrfs@.service are now mentioned too.

d0e590b1e2
extended the table in the specs repo.
https://github.com/uapi-group/specifications/pull/59 adds some more text there
too.

Also, rework the recommendation: hint that PCR 11 is useful, and recommend
binding to policy signatures instead of direct PCR values. This new text is
intentionally vague: doing this correctly is hard, but let's at least not imply
that just binding to PCR 7 is useful in any way.

Also, change "string alias" to "name" in discussion of PCR names.

Inspired by https://discussion.fedoraproject.org/t/future-of-encryption-in-fedora/80397/17
2023-04-14 20:01:22 +01:00
Luca Boccassi
6ef721cbc7 user units: implicitly enable PrivateUsers= when sandboxing options are set
Enabling these options when not running as root requires a user
namespace, so implicitly enable PrivateUsers=.
This has a side effect as it changes which users are visible to the unit.
However until now these options did not work at all for user units, and
in practice just a handful of user units in Fedora, Debian and Ubuntu
mistakenly used them (and they have been all fixed since).

This fixes the long-standing confusing issue that the user and system
units take the same options but the behaviour is wildly (and sometimes
silently) different depending on which is which, with user units
requiring manually specifiying PrivateUsers= in order for sandboxing
options to actually work and not be silently ignored.
2023-04-13 21:33:48 +01:00
ZjYwMj
dd9f909ea8
Synposis and description of networkctl man page reflecting only part of its functionality (#27264)
* Fix inaccurate synposis, and description

Before the fix, they reflected only part of networkctl functionality.
2023-04-13 21:30:42 +01:00
Luca Boccassi
0607a9f9da systemd-confext: mount confexts as noexec and nosuid
Confexts should not contain code, so mount confexts with noexec.
We cannot mount invidial extensions as noexec, as the overlay ignores
it and bypasses it, we need to use the flag on the whole overlay for
it to be effective.
But given there are legacy scripts still shipped in /etc, allow to
override it with --noexec=false.
2023-04-14 01:21:48 +08:00
OMOJOLA JOSHUA DAMILOLA
96ead603b8 systemd-cryptenroll: add string aliases for tpm2 PCRs
Fixes #26697. RFE.
2023-04-13 12:08:32 +01:00
Lennart Poettering
796da645a0
Merge pull request #18789 from gportay/veritysetup-add-options-for-parity-with-cryptsetup-verity-utility
veritysetup: Add options for parity support with the cryptsetup's verity utility
2023-04-13 11:32:57 +02:00
Lennart Poettering
4fb8f1e883 service: allow freeing the fdstore via cleaning
Now that we have a potentially pinned fdstore let's add a concept for
cleaning it explicitly on user requested. Let's expose this via
"systemctl clean", i.e. the same way as user directories are cleaned.
2023-04-13 06:44:27 +02:00
Lennart Poettering
b9c1883a9c service: add ability to pin fd store
Oftentimes it is useful to allow the per-service fd store to survive
longer than for a restart. This is useful in various scenarios:

1. An fd to some security relevant object needs to be stashed somewhere,
   that should not be cleaned automatically, because the security
   enforcement would be dropped then.

2. A user namespace fd should be allocated on first invocation and be
   kept around until the user logs out (i.e. systemd --user ends), á la
   #16328 (This does not implement what #16318 asks for, but should
   solve the use-case discussed there.)

3. There's interest in allow a concept of "userspace reboots" where the
   kernel stays running, and userspace is swapped out (i.e. all services
   exit, and the rootfs transitioned into a new version of it) while
   keeping some select resources pinned, very similar to how we
   implement a switch root. Thus it is useful to allow services to exit,
   while leaving their fds around till the very end.

This is exposed through a new FileDescriptorStorePreserve= setting that
is closely modelled after RuntimeDirectoryPreserve= (in fact it reused
the same internal type), since we want similar behaviour in the end, and
quite often they probably want to be used together.
2023-04-13 06:44:27 +02:00
Gaël PORTAY
21c60c76e1 veritysetup: add support for fec options
The verity fec_* parameters allows to use Forward Error Correction to
recover from corruption if hash verification fails.

This adds the options fec_device, fec_offset and fec_roots (sixth
argument) which are the equivalent of the options --fec-device,
--fec-offset and --fec-roots in the veritysetup world.
 - fec-device=FILE
 - fec-offset=BYTES
 - fec-roots=UINT64

See `veritysetup(8)` for more details.
2023-04-13 05:39:49 +02:00
Franklin Yu
8dacdd28f4 Fix cross-reference of manual for LogsDirectory 2023-04-13 12:17:40 +09:00
Gaël PORTAY
0bbf7a842a veritysetup: add support for superblock and underlying options
The verity parameter no_superblock allows to format/open an hash device
without the superblock. However, the superblock data must be set to open
the data-device.

This adds the option superblocks (sixth argument) and all the underlying
options which are implied to set the superblock manually if hash device
has no superblock:

 - superblock=BOOL
 - format=NUMBER (hash version type, 0 for original ChromeOS, 1 for
   modern)
 - data-block-size=BYTES (max page-size, multiple of 512)
 - hash-block-size=BYTES (max page-size, multiple of 512)
 - data-blocks=BLOCKS (size of data-device in blocks)
 - salt=HEXSTR (salt used at format, max 256 bytes)
 - uuid=UUID
 - hash=STR (algorithm name for dm-verity used at format, default is
   sha256)

See `veritysetup(8)` for more details.
2023-04-13 05:15:20 +02:00
Gaël PORTAY
14de7ef914 veritysetup: add support for hash-offset option
The verity parameter hash_area_offset allows to locate the superblock in
the hash device. It can be used to have a single device which contains
both data and hashes.

This adds the option hash-offset=BYTES (sixth argument) which is the
equivalent of the option --hash-offset in the veritysetup world.

See `veritysetup(8)` for more details.
2023-04-13 05:15:17 +02:00
Michal Sekletar
5015b5014b man: add util-linux to the package list for Fedora container
/bin/login is shipped in util-linux, however, systemd.spec on Fedora has
"Requires: (util-linux-core or util-linux)". If the dependency is
fulfilled just by installation of util-linux-core then users won't be
able to log in into the container after it boots. Let's add util-linux
package to the package list so that /bin/login is always present.
2023-04-12 20:25:16 +01:00
Mike Yuan
93ba4c1bc0
Merge pull request #27212 from DaanDeMeyer/notify-exit
core: Propagate exit status via notify socket when running in VM
2023-04-13 01:12:03 +08:00
Mike Yuan
7581da99a1
Merge pull request #27229 from poettering/dissect-policy-confext
dissect: follow-up for image policy merge
2023-04-13 00:14:30 +08:00
Zbigniew Jędrzejewski-Szmek
5a9e2dff47 man: link to Fedora 37
Fedora 36 is a bit old at this point and will be EOL in about 6 weeks.
Fedora 38 is not out yet, so the cloud link wouldn't work.
2023-04-13 00:13:44 +08:00
Daan De Meyer
623a00020f notify: Add EXIT_STATUS field
Whenever one of our tools or daemons exits, let's send the exit status
via sd-notify in the EXIT_STATUS field.
2023-04-12 15:02:34 +02:00
Lennart Poettering
4f25844a4b sysext: define a default image dissection policy for confext images 2023-04-12 14:54:44 +02:00
Thierry Martin
2f091b1b49 nspawn: container network interface naming
systemd-nspawn now optionally supports colon-separated pair of
host interface name and container interface name for --network-macvlan, --network-ipvlan and --network-interface options.
Also supported in .nspawn configuration files (i.e Interface=, MACVLAN=, IPVLAN= parameters).

man page changed for ntwk interface naming
2023-04-12 14:28:43 +02:00
Lennart Poettering
3af48a86d9
Merge pull request #25608 from poettering/dissect-moar
dissect: add dissection policies
2023-04-12 13:46:08 +02:00
Lennart Poettering
1412ad9a81 man: rebreak all of sd_notify(3)
No change of contents, just some rebreaking of the full file to match
our current line break settings.
2023-04-12 10:34:37 +02:00
Lennart Poettering
75b29fda71 service: tell service processes that the fdstore is available via an env var 2023-04-12 10:34:31 +02:00
Colin Walters
4e1ac54e1c tree-wide: A few more uses of "unmet" for conditions
This is a followup to
413e8650b7
> tree-wide: Use "unmet" for condition checks, not "failed"

Since I noticed when running `systemctl status` on a recent
systemd still seeing
`Condition: start condition failed`

To recap the original rationale here for "unmet" is that it's
normal for some units to be conditional, so the term "failure"
here is too strong.
2023-04-11 12:36:53 +09:00
Uwe Kleine-König
381ccb4246 man/systemd-mount: Clearify documentation about --bind-device
The documentation suggests that the mount point (i.e. the directory
where the device is mounted) is removed when the device vanishes.
However only stopping of the automount unit is implemented.

So adapt the documentation to reality.
2023-04-07 16:33:46 +02:00
Zbigniew Jędrzejewski-Szmek
9c1d3d6fa7
Merge pull request #27161 from pothos/sysext-refresh
systemd-sysext/confext.service: Refresh on start/reload
2023-04-07 10:40:18 +02:00
Sorah Fukumori
744b04c557 man: netdev: Clarify wireguard IPv6 endpoint format 2023-04-07 08:15:34 +09:00
Kai Lueke
1e07c6f31d man/systemd-dissect.xml: Remove old sysext path, add confext path
The /usr/lib/extensions/ location for systemd-sysext images is not
supported anymore. In https://github.com/systemd/systemd/pull/26013
systemd-confext images got introduced and we can list its path under
/usr instead.
2023-04-06 20:46:43 +09:00
maanyagoenka
1f4f166690 confext: documentation and man page updates for confext 2023-04-05 21:50:04 +00:00
Lennart Poettering
9ea811914f man: document image policy syntax and semantics, and the hooks in the various components 2023-04-05 20:55:15 +02:00
Lennart Poettering
dee4a6237a dissect: add new --validate command
This allows unprivileged validation of DDIs. Only superficial structure,
i.e. not mounting or so. This becomes particularly handy in the
integration tests, and to validate image policies.
2023-04-05 20:49:06 +02:00
Lennart Poettering
84be0c710d tree-wide: hook up image dissection policy logic everywhere 2023-04-05 20:45:30 +02:00
Zbigniew Jędrzejewski-Szmek
9f27df2938
Merge pull request #27128 from keszybz/sd-bus-docs-and-error-messages
Improvements to man pages for systemd.service, sd-bus, and better error messages
2023-04-04 21:28:15 +02:00
Yu Watanabe
bc729e81f2 man: mention -o option for systemd-journal-remote 2023-04-04 19:52:04 +01:00
Zbigniew Jędrzejewski-Szmek
91053fc94e sd-bus: use macros for standard bus error names consistently
Also add definitions for a few names that didn't have them and update
the list in the man page.
2023-04-04 15:18:00 +02:00
Zbigniew Jędrzejewski-Szmek
6db00b5de1 man/sd_bus_message_open_container: mention two common errors 2023-04-04 15:18:00 +02:00
Zbigniew Jędrzejewski-Szmek
4d7ae2557b man/systemd.service: add example for char prefixes
The prefixes can be specified for any part of the command. The docs imply this,
but it's not entirely obvious. Let's add an example.
2023-04-04 15:18:00 +02:00
Zbigniew Jędrzejewski-Szmek
8202c01701 man: move description of command line substitution out of ExecStart=
The description was split — part was under ExecStart= and part in "Command lines".
Now the whole generic part is moved to the separate section, and under ExecStart=
only the stuff that is specific to that option is described.

This just moves the text and removes some repetitions.
2023-04-04 15:18:00 +02:00
Zbigniew Jędrzejewski-Szmek
0d6e0adef5 man/systemd-sysext: minor grammar optimizations 2023-04-03 15:28:44 +02:00
Lennart Poettering
6b868766eb
Merge pull request #27044 from bluca/sysext_recursive_dir
Ensure sysexts do not contain an os-release file, do not load sysexts from /usr[/local]/lib/extensions/
2023-04-03 12:38:48 +02:00
Mike Yuan
3508b1ba2b
Merge pull request #27086 from keszybz/oomd-on-v1
Do not pull in systemd-oomd on v1 to avoid repeated message in logs
2023-04-02 16:21:53 +08:00
Zbigniew Jędrzejewski-Szmek
c32f496b9e man: restore description of ConditionControlGroupController=v1|v2
We use ConditionControlGroupController=v2 in systemd-oomd.service, and also
this condition makes sense in general, so it should be documented.

This reverts a part of 6d48c7cf73.

Deprecated commandline options and v1 controller names were removed from
the description.
2023-04-01 16:37:23 +02:00
Daan De Meyer
05eb2c60bd firstboot: Add --reset option
This can be used to prepare an image for firstboot by removing all
files that systemd knows about that contain machine specific
information.
2023-04-01 10:50:15 +02:00
Mike Yuan
5171356eee core: always calculate the next restart interval
Follow-up for #26902 and #26971

Let's always calculate the next restart interval
since that's more useful.

For that, we add 1 to s->n_restarts unconditionally,
and change RestartUSecCurrent property to RestartUSecNext.
2023-03-31 01:22:58 +01:00
Luca Boccassi
ce199d12e9 man: add example for sd_bus_call_method 2023-03-30 18:55:55 +01:00
Luca Boccassi
d10a5f6c3d man: further shorten print-unit-path example 2023-03-30 18:29:49 +01:00
Lennart Poettering
bba6046b24 man: link up new online coredump docs from man page 2023-03-31 01:15:24 +08:00
Luca Boccassi
de862276ed sysext: stop storing under /usr/lib[/local]/extensions/
sysexts are meant to extend /usr. All extension images and directories are opened and merged in a
single, read-only overlayfs layer, mounted on /usr.
So far, we had fallback storage directories in /usr/lib/extensions and /usr/local/lib/extensions.
This is problematic for three reasons.

Firstly, technically, for directory-based extensions the kernel will reject
creating such an overlay, as there is a recursion problem. It actively
validates that a lowerdir is not a child of another lowerdir, and fails with
-ELOOP if it is. So having a sysext /usr/lib/extensions/myextdir/ would result
in an overlayfs config lowerdir=/usr/lib/extensions/myextdir/usr/:/usr which is
not allowed, as indicated by Christian the kernel performs this check:

/*
 * Check if this layer root is a descendant of:
 * - another layer of this overlayfs instance
 * - upper/work dir of any overlayfs instance
 */

<...>

/* Walk back ancestors to root (inclusive) looking for traps */
while (!err && parent != next) {
        if (is_lower && ovl_lookup_trap_inode(sb, parent)) {
                err = -ELOOP;
                pr_err("overlapping %s path\n", name);

Secondly, there's a confusing aspect to this recursive storage. If you
have /usr/lib/extensions/myext.raw which contains /usr/lib/extensions/mynested.raw
'systemd-sysext merge' will only pick up the first one, but both will appear in
the merged root under /usr/lib/extensions/. So you have two extension images, both
appear in your merged filesystem, but only one is actually in use.

Finally, there's a conceptual aspect: the idea behind sysexts and hermetic /usr
is that the /usr tree is not modified locally, but owned by the vendor. Dropping
extensions in /usr thus goes contrary to this foundational concept.
2023-03-30 11:25:17 +01:00
Daan De Meyer
65e179a1e7 tmpfiles: Try to take a BSD lock on files as well
Similar to what we do for directories, just before we remove a file,
let's try to take a BSD lock on it. If that fails, skip removing the
file.
2023-03-30 11:45:05 +02:00