1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

57076 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
466f6979c9 shared/install: when looking for symlinks in .wants/.requires, ignore symlink target
We'd say that file is enabled indirectly if we had a symlink like:
  foo@.service ← bar.target.wants/foo@one.service
but not when we had
  foo@one.servicebar.target.wants/foo@one.service

The effect of both link types is the same. In fact we don't care
about the symlink target. (We'll warn if it is mismatched, but we honour
it anyway.)

So let's use the original match logic only for aliases.
For .wants/.requires we instead look for a matching source name,
or a source name that matches after stripping of instance.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
d6c9411072 shared/install: create relative symlinks for enablement and aliasing
This is a fairly noticable change, but I think it needs to be done.
So far we'd create an absolute symlink to the target unit file:
  .wants/foo.service → /usr/lib/systemd/system/foo.service
or
  alias.service → /etc/systemd/system/aliased.service.

This works reasonably well, except in one case: where the unit file
is linked. When we look at a file link, the name of the physical file
isn't used, and we only take the account the symlink source name.
(In fact, the destination filename may not even be a well-formed unit name,
so we couldn't use it, even if we wanted to.) But this means that if
a file is linked, and specifies aliases, we'd create absolute links for
those aliases, and systemd would consider each "alias" to be a separate
unit. This isn't checked by the tests here, because we don't have a running
systemd instance, but it is easy enough to check manually.

The most reasonable way to fix this is to create relative links to the
unit file:
  .wants/foo.service → ../foo.service
  alias.service → aliased.service.

I opted to use no prefix for aliases, both normal and 'default.target',
and to add "../" for .wants/ and .requires/. Note that the link that is
created doesn't necessarily point to the file. E.g. if we're enabling
a file under /usr/lib/systemd/system, and create a symlink in /etc/systemd/system,
it'll still be "../foo.service", not "../../usr/lib/systemd/system/foo.service".
For our unit loading logic this doesn't matter, and figuring out a path
that actually leads somewhere would be more work. Since the user is allowed
to move the unit file, or add a new unit file in a different location, and
we don't actually follow the symlink, I think it's OK to create a dangling
symlink. The prefix of "../" is useful to give a hint that the link points
to files that are conceptually "one level up" in the directory hierarchy.

With the relative symlinks, systemd knows that those are aliases.

The tests are adjusted to use the new forms. There were a few tests that
weren't really testing something useful: 'test -e x' fails if 'x' is a
a dangling symlink. Absolute links in the chroot would be dangling, even
though the target existed in the expected path, but become non-dangling
when made relative and the test fails.

This should be described in NEWS, but I'm not adding that here, because
it'd likely result in conflicts.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
9f61c9f79e shared/install: also remove symlinks like .wants/foo@one.service → ../foo@one.service
So far 'systemctl enable' would create absolute links to the target template
name. And we would remove such symlinks just fine. But the user may create
symlinks manually in a different form. In particular, symlinks for instanced
units *must* have the instance in the source name, and then it is natural to
also include it in the target name (.wants/foo@one.service../foo@one.service
rather than .wants/foo@one.service → ../foo@.service). We would choke on such
links, or not remove them at all. A test is added:

before:

+ build-rawhide/systemctl --root=/tmp/systemctl-test.001xda disable templ1@.service
Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@seven.service".
Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@six.service".
Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@five.service".
Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@four.service".
Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@three.service".
Failed to disable unit, refusing to operate on linked unit file /tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@two.service.
Failed to disable unit, refusing to operate on linked unit file /tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@two.service.

after:

+ build-rawhide/systemctl --root=/tmp/systemctl-test.QVP0ev disable templ1@.service
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@seven.service".
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@six.service".
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@five.service".
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@four.service".
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@three.service".
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@two.service".
Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@one.service".
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@one.service
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@two.service
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@three.service
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@four.service
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@five.service
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@six.service
+ test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@seven.service
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
7a6c73dabf shared/install: skip unnecessary chasing of symlinks in disable
We use the symlink source name and destination names to decide whether to remove
the symlink. But if the source name is enough to decide to remove the symlink,
we'd still look up the destination for no good reason. This is a slow operation,
let's skip it.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
85516075a2 test-systemctl-enable: enhance the test for unit file linking
Current behaviour is wrong, but it cannot be shown in this test, because we
don't have a running systemd instance here.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
40276314af shared/install: do not try to resolve symlinks outside of root directory
I linked a file as root, so I had a symlink /root/test.service ← /etc/systemd/system/test.service.
To my surpise, when running test-systemctl-enable, it failed with a cryptic EACCES.
The previous commit made the logs a bit better. Strace shows that we
were trying to follow the symlink without taking --root into account.

It seems that this bug was introduced in 66a19d85a5:
before it, we'd do readlink_malloc(), which returned a path relative to root. But
we only used that path for checking if the path is in remove_symlinks_to set, which
contains relative paths. So if the path was relative, we'd get a false-negative
answer, but we didn't go outside of the root. (We need to canonicalize the symlink
to get a consistent answer.) But after 66a19 we use chase_symlinks(), without taking
root into account which is completely bogus.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
212a24f0bb shared/install: when we fail to chase a symlink, show some logs
When chase_symlinks() fails, we'd get the generic error:

  Failed to disable: Permission denied.

Let's at least add the failure to changes list, so the user gets
a slightly better message. Ideally, we'd say where exactly the permission
failure occured, but chase_symlinks() is a library level function and I don't
think we should add logging there. The output looks like this now:

  Failed to resolve symlink "/tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias2.service": Permission denied
  Failed to resolve symlink "/tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias.service": Permission denied
  Failed to disable unit, file /tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias2.service: Permission denied.
  Failed to disable unit, file /tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias.service: Permission denied.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
0c003e8305 test-systemctl-enable: extend the test for repeated WantedBy/RequiredBy
I was considering deduplicating the list of target units in
WantedBy/RequiredBy. But to do this meaningfully, we'd need to do alias
expansion first, i.e. after the initial parsing is done. This seems to be
more trouble than it would be worth.

Instead, I added tests that we're doing the right thing and creating symlinks
as expected. For duplicate links, we create the link, and on the second time we
see that the link is already there, so the output is correct.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
29a7c59abb shared/install: fix reenable on linked unit files 2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
ec7eaff3c2 shared/install: split unit_file_{disable,enable}() so _reenable doesn't do setup twice
It was pretty ugly that we were creating LookupPaths twice.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
20d68b3aec install: when linking a file, create the link first or abort
We'd create aliases and other symlinks first, and only then try to create
the main link. Since that can fail, let's do things in opposite order, and
abort immediately if we can't link the file itself.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
17a2679e99 man: fix invalid description of template handling in WantedBy=
We don't need to talk about Alias=. The approach of using Alias= to enable
units is still supported, but hasn't been advertised as the way to do thing
for many years. Using it as an explanation is just confusing.

Also, the description of templated units did not take DefaultInstance=
into account. It is updated and extended.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
f663e6468f shared/install: also check for self-aliases during installation and ignore them
We had a check that was done in unit_file_resolve_symlink(). Let's move
the check to unit_validate_alias_symlink_or_warn(), which makes it available
to the code in install.c.

With this, unit_file_resolve_symlink() behaves almost the same. The warning
about "suspicious symlink" is done a bit later. I think this should be OK.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
99aad9a2b9 systemctl: fix silent failure when --root is not found
Some calls to lookup_path_init() were not followed by any log emission.
E.g.:
$ SYSTEMD_LOG_LEVEL=debug systemctl --root=/missing enable unit; echo $?
1

Let's add a helper function and use it in various places.

$ SYSTEMD_LOG_LEVEL=debug build/systemctl --root=/missing enable unit; echo $?
Failed to initialize unit search paths for root directory /missing: No such file or directory
1
$ SYSTEMCTL_SKIP_SYSV=1 build/systemctl --root=/missing enable unit; echo $?
Failed to initialize unit search paths for root directory /missing: No such file or directory
Failed to enable: No such file or directory.
1

The repeated error in the second case is not very nice, but this is a niche
case and I don't think it's worth the trouble to trying to avoid it.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
0d11db5982 shared/install: return failure when enablement fails, but process as much as possible
So far we'd issue a warning (before this series, just in the logs on the server
side, and before this commit, on stderr on the caller's side), but return
success. It seems that successfull return was introduced by mistake in
aa0f357fd8 (my fault :( ), which was supposed to
be a refactoring without a functional change. I think it's better to fail,
because if enablement fails, the user will most likely want to diagnose the
issue.

Note that we still do partial enablement, as far as that is possible. So if
e.g. we have [Install] Alias=foo.service foobar, we'll create the symlink
'foo.service', but not 'foobar', since that's not a valid unit name. We'll
print info about the action taken, and about 'foobar' being invalid, and return
failure.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
cbfdbffb61 shared/install: propagate errors about invalid aliases and such too
If an invalid arg appears in [Install] Alias=, WantedBy=, RequiredBy=,
we'd warn in the logs, but not propagate this information to the caller,
and in particular not over dbus. But if we call "systemctl enable" on a
unit, and the config if invalid, this information is quite important.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
32450f5348 shared/install: simplify unit_file_dump_changes()
No functional change.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
172e9cc3ee shared/specifier: fix %u/%U/%g/%G when called as unprivileged user
We would resolve those specifiers to the calling user/group. This is mostly OK
when done in the manager, because the manager generally operates as root
in system mode, and a non-root in user mode. It would still be wrong if
called with --test though. But in systemctl, this would be generally wrong,
since we can call 'systemctl --system' as a normal user, either for testing
or even for actual operation with '--root=…'.

When operating in --global mode, %u/%U/%g/%G should return an error.

The information whether we're operating in system mode, user mode, or global
mode is passed as the data pointer to specifier_group_name(), specifier_user_name(),
specifier_group_id(), specifier_user_id(). We can't use userdata, because
it's already used for other things.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
4a84db4c0c shared/install: move scope into InstallContext
This makes it easier to pass it around in preparation for future changes.

While at it, let's rename InstallContext c → ctx, and InstallInfo i → info.
'c' and 'i' are bad names for variables that are passed through multiple layers
of functions calls. It's easier to follow what is happening with a meaningful
variable names.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
19b9d5d0d1 shared/install: provide proper error messages when invalid specifiers are used
$ build/systemctl --root=/tmp/systemctl-test.KXY8fu enable some-some-link6@.socket
Failed to enable unit, invalid specifier in "target@C:%C.socket".
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
6ec4c852c9 shared/specifier: provide proper error messages when specifiers fail to read files
ENOENT is easily confused with the file that we're working on not being
present, e.g. when the file contains %o or something else that requires
os-release to be present. Let's use -EUNATCH instead to reduce that chances of
confusion if the context of the error is lost.

And once we have pinpointed the reason, let's provide a proper error message:

+ build/systemctl --root=/tmp/systemctl-test.TO7Mcb enable some-some-link6@.socket
/tmp/systemctl-test.TO7Mcb/etc/systemd/system/some-some-link6@.socket: Failed to resolve alias "target@A:%A.socket": Protocol driver not attached
Failed to enable unit, cannot resolve specifiers in "target@A:%A.socket".
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
7962116fc8 shared/specifier: clarify and add test for missing data
In systemd.unit we document that unset fields resolve to "". But we didn't
directly test this, so let's do that. Also, we return -ENOENT if the file
is missing, which we didn't document or test.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
3a84a3c9df man/os-release: add a note about repeating entries
We didn't actually say that keys should not be repeated. At least the
examples in docs (both python and shell) would do that, and any simple
parser that builds a dictionary would most likely behave the same way.
But let's document this expectation, but also say how to deal with malformed
files.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
25407ad2a7 basic/env-file: make load-env-file deduplicate entries with the same key
We generally assume parsing like the shell would do it, so the last value
should win when there are repeats.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
80e72f80bc test-os-util: add basic tests for os-release parsing 2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
df78419d10 basic: add new variable $SYSTEMD_OS_RELEASE to override location of os-release
The test for the variable is added in test-systemctl-enable because there we
can do it almost for free, and the variable is most likely to be used with
'systemctl enable --root' anyway.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
ecd6c000d3 man: clarify the descriptions of aliases and linked unit files
This just describes the rules that are implemented by the manager, and this
pull request does not change any of them.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
367c47c886 tests: add helper for creating tempfiles with content
I put it in tests because I think we're most likely to use it in tests.
If necessary, it can be moved somewhere else later.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
50c5f5a3d9 test: add test for systemctl link & enable
This test has overlap with test-install-root, but it tests things at a
different level, so I think it's useful to add. It immediately shows various
bugs which will be fixed in later patches.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
e75a26d045 shared/install: add a bit more quoting
When we are printing a valid unit name, quoting isn't necessary, because
unit names cannot contain whitespace or other confusing characters. In particular
if the unit name is prefixed by " unit " or something else that clearly
identifies the string as a unit name, quoting would just add unnecessary
noise. But when we're printing paths or invalid names, it's better to add
quotes for clarity.
2022-03-29 16:17:56 +02:00
Zbigniew Jędrzejewski-Szmek
047d37dc3d shared/install: reuse the standard symlink verification subroutine
We save a few lines, but the important thing is that we don't have two
different implementations with slightly different rules used for enablement
and loading. Fixes #22000.

Tested with:
- the report in #22000, it now says:
$ SYSTEMD_LOG_LEVEL=debug systemctl --root=/ enable test.service
Suspicious symlink /etc/systemd/system/test.service→/etc/systemd/system/myown.d/test.service, treating as alias.
unit_file_resolve_symlink: self-alias: /etc/systemd/system/test.service → test.service, ignoring.
running_in_chroot(): Permission denied
Suspicious symlink /etc/systemd/system/test.service→/etc/systemd/system/myown.d/test.service, treating as alias.
unit_file_resolve_symlink: self-alias: /etc/systemd/system/test.service → test.service, ignoring.
Failed to enable unit, refusing to operate on linked unit file test.service

- a symlink to /dev/null:
...
unit_file_resolve_symlink: linked unit file: /etc/systemd/system/test3.service → /dev/null
Failed to enable unit, unit /etc/systemd/system/test3.service is masked.

- the same from the host:
...
unit_file_resolve_symlink: linked unit file: /var/lib/machines/rawhide/etc/systemd/system/test3.service → /var/lib/machines/rawhide/dev/null
Failed to enable unit, unit /var/lib/machines/rawhide/etc/systemd/system/test3.service is masked.

- through the manager:
$ sudo systemctl enable test.service
Failed to enable unit: Refusing to operate on alias name or linked unit file: test.service
$ sudo systemctl enable test3.service
Failed to enable unit: Unit file /etc/systemd/system/test3.service is masked.

As seen in the first example, the warning is repeated. This is because we call
the lookup logic twice: first for sysv-compat, and then again for real. I think
that since this is only for broken setups, and when sysv-compat is enabled, and
in an infrequent manual operation, at debug level, this is OK.
2022-03-29 16:16:02 +02:00
Zbigniew Jędrzejewski-Szmek
48542eac39 basic/stat-util: add null_or_empty_path_with_root() 2022-03-29 15:07:05 +02:00
Luca Boccassi
2350712e32 portable: allow reattaching when one image has a version and the other does not
A reattach might go from img.raw to img_0.1.raw or viceversa, but this is
not allowed right now as we try to match the full name.

Also take into account that running strcspn(a, '/') on an image name, without
leading path, will return the length of the full string, but the versions
might be different so they won't match, eg:

img_0.1.raw -> 12
img_0.1.1.raw -> 14

So adjust the check to take that into account, and skip it if we are not
dealing with directories
2022-03-29 14:02:48 +01:00
Andy Chi
f09f6dc2c8 hwdb: Add mic mute key mapping for HP Elite x360
On the new Elite x360 2 in 1 HP laptops, the microphone mute hotkey is "Fn+F8" and
the scancode for this hotkey is 0x81, but this scancode was mapped to
fn_esc in the HP generic keymap section. To fix this problem, we add
a machine specific keymap section to add the correct keymap rule.
2022-03-29 14:48:26 +02:00
Zbigniew Jędrzejewski-Szmek
9825181143 basic/unit-file: split out the subroutine for symlink verification
The old logs used __func__, but this doesn't make sense now, because the
low-level function will be used in other places. So those are adjusted to be
more generic.
2022-03-29 14:19:28 +02:00
Yu Watanabe
f777e745a7 udev: do not call sd_event_source_disable_unref() in workers for event sources created by the main process
Fixes a bug introduced by 9612da361a.
2022-03-29 10:29:44 +02:00
Yu Watanabe
8166950763 inotify-util: fix wrong warnings in FOREACH_INOTIFY_EVENT()
Follow-up for 00adc340bb.

This fixes the wrong "Received invalid inotify event, ignoring." warnings
caused by the missing curly brackets and the priorities of `&&` and `?:`.

This also replaces the ternary operators with `||`.
2022-03-29 13:20:16 +09:00
Franck Bui
6d39da79c8 build: include status of TPM2 in the feature string show by --version 2022-03-29 05:20:20 +09:00
Yu Watanabe
2afb2f4a9d
Merge pull request #22885 from poettering/kill-clock-boottime-or-monotonic
time-util: assume CLOCK_BOOTTIME always exists
2022-03-29 03:06:54 +09:00
Gaël PORTAY
f3b3cab2f2
veritysetup: fix typo (#22886) 2022-03-29 02:09:36 +09:00
Yu Watanabe
288bd40620 fix typo 2022-03-29 01:21:51 +09:00
Yu Watanabe
0c6e746b86 Update NEWS
- categorize entries
- add several news for networkd and udevd
2022-03-29 01:19:18 +09:00
Lennart Poettering
ba4e0427e9 time-util: assume CLOCK_BOOTTIME always exists
Let's raise our supported baseline a bit: CLOCK_BOOTTIME started to work
with timerfd in kernel 3.15 (i.e. back in 2014), let's require support
for it now.

This will raise our baseline only modestly from 3.13 → 3.15.
2022-03-28 16:55:41 +02:00
Yu Watanabe
ec4954d934 network: rename netdev kind virtual-wlan -> wlan
The Kind= setting in [Match] section of .network files takes "wlan".
This makes the same setting in .netdev files matches the one in .network
files.
2022-03-28 23:53:12 +09:00
Lennart Poettering
af9ae75026 bootspec: normalize function names/parameter lists
This normalizes naming of functions operating on BootConfig objects.
Let's always call them boot_config_xyz(), like our usual way to name
stuff.

moreover, move the BootConfig parameter to the beginning, as it's not a
return value (which we typically move to the end of the parameter list),
but simply an object, that even happens to be initialized already.

With these changes the functions are more like our usual way to call
things, and less surprises are good.
2022-03-28 16:02:15 +02:00
Lennart Poettering
3f8e42c038 bootspec: don't needlessly inline boot_config_find_entry()
the function contains a loop and if expressions and whatnot. Let's
define it as regular function, to make the header easier to read and let
the compiler more freedom on whether to inline this or not.
2022-03-28 16:01:58 +02:00
Lennart Poettering
d412691a91 bootctl: use boot_config_default_entry() where appropriate 2022-03-28 16:01:54 +02:00
Lennart Poettering
f7a7a5e267 bootspec: assess default/selected entries *after* we augmented entry list with entries from loader
Fixes: #22580
2022-03-28 16:01:36 +02:00
Lennart Poettering
92067ab672 bootspec: normalize oom handling in boot_load_efi_entry_pointers()
OOM should usually be fatal, hence make it so here, too.
2022-03-28 16:01:32 +02:00
Lennart Poettering
85e17916d3 bootspec: rename type1 parsers to say "type1" explicitly in the name
This just got too confusing for me. With this change we'll now have
_unified as common suffix for stuff loading unified kernels (i.e. type
1), and _type1 as common suffix for type1 entries.

Just some renaming.
2022-03-28 16:01:28 +02:00