IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We want that systemd --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get the
basic keyring systemd --system sets up for us.
Let's store the invocation ID in the per-service keyring as a root-owned key,
with strict access rights. This has the advantage over the environment-based ID
passing that it also works from SUID binaries (as they key cannot be overidden
by unprivileged code starting them), in contrast to the secure_getenv() based
mode.
The invocation ID is now passed in three different ways to a service:
- As environment variable $INVOCATION_ID. This is easy to use, but may be
overriden by unprivileged code (which might be a bad or a good thing), which
means it's incompatible with SUID code (see above).
- As extended attribute on the service cgroup. This cannot be overriden by
unprivileged code, and may be queried safely from "outside" of a service.
However, it is incompatible with containers right now, as unprivileged
containers generally cannot set xattrs on cgroupfs.
- As "invocation_id" key in the kernel keyring. This has the benefit that the
key cannot be changed by unprivileged service code, and thus is safe to
access from SUID code (see above). But do note that service code can replace
the session keyring with a fresh one that lacks the key. However in that case
the key will not be owned by root, which is easily detectable. The keyring is
also incompatible with containers right now, as it is not properly namespace
aware (but this is being worked on), and thus most container managers mask
the keyring-related system calls.
Ideally we'd only have one way to pass the invocation ID, but the different
ways all have limitations. The invocation ID hookup in journald is currently
only available on the host but not in containers, due to the mentioned
limitations.
How to verify the new invocation ID in the keyring:
# systemd-run -t /bin/sh
Running as unit: run-rd917366c04f847b480d486017f7239d6.service
Press ^] three times within 1s to disconnect TTY.
# keyctl show
Session Keyring
680208392 --alswrv 0 0 keyring: _ses
250926536 ----s-rv 0 0 \_ user: invocation_id
# keyctl request user invocation_id
250926536
# keyctl read 250926536
16 bytes of data in key:
9c96317c ac64495a a42b9cd7 4f3ff96b
# echo $INVOCATION_ID
9c96317cac64495aa42b9cd74f3ff96b
# ^D
This creates a new transient service runnint a shell. Then verifies the
contents of the keyring, requests the invocation ID key, and reads its payload.
For comparison the invocation ID as passed via the environment variable is also
displayed.
This patch ensures that each system service gets its own session kernel keyring
automatically, and implicitly. Without this a keyring is allocated for it
on-demand, but is then linked with the user's kernel keyring, which is OK
behaviour for logged in users, but not so much for system services.
With this change each service gets a session keyring that is specific to the
service and ceases to exist when the service is shut down. The session keyring
is not linked up with the user keyring and keys hence only search within the
session boundaries by default.
(This is useful in a later commit to store per-service material in the keyring,
for example the invocation ID)
(With input from David Howells)
When getting SIGCHLD we should not assume that it was the first
child forked from system-nspawn that has died as it may also be coming
from an orphan process. This change adds a signal handler that ignores
SIGCHLD unless it came from the first containerized child - the real
child.
Before this change the problem can be reproduced as follows:
$ sudo systemd-nspawn --directory=/container-root --share-system
Press ^] three times within 1s to kill container.
[root@andreyu-coreos ~]# { true & } &
[1] 22201
[root@andreyu-coreos ~]#
Container root-fedora-latest terminated by signal KILL
This is also an error, but it wasn't caught.
[/tmp/tmp.YWeKax4fMI/etc/udev/hwdb.d/10-bad.hwdb:26] Property expected, ignoring record with no properties
As requested in
https://github.com/systemd/systemd/pull/4864#pullrequestreview-12372557.
docbook will substitute triple dots for the ellipsis in man output, so this has
no effect on the troff output, only on HTML, making it infinitesimally nicer.
In some places we show output from programs, which use dots, and those places
should not be changed. In some tables, the alignment would change if dots were
changed to the ellipsis which is only one character. Since docbook replaces the
ellipsis automatically, we should leave those be. This patch changes all other
places.
systemd.journal-fields(7) documents CODE_FUNC=. Internally, we were
inconsistent: sd_journal_print uses CODE_FUNC=, log.h has CODE_FUNCTION=,
python-systemd and bootchart also used CODE_FUNC=, when they were internal.
Most external projects use sd_journal_* functions, so CODE_FUNC=,
python-systemd still uses CODE_FUNC=, as does systemd-bootchart, and
independent reimplementations in golang-github-coreos-go-systemd, qtbase,
network manager, glib, pulseaudio. Hence, I don't think there's much
choice.
Those square brackets don't fit how our other messages look like; we use colons
everywhere else. The "[a:b]" format was originally added in
ed5bcfbe3c, and remained unchanged for 7 years,
but in the meantime other conventions evolved.
The new version is also one character shorter.
[/etc/systemd/system/systemd-networkd.service.d/override.conf:2] Failed to parse sec value, ignoring: ...
↓
/etc/systemd/system/systemd-networkd.service.d/override.conf:2: Failed to parse sec value, ignoring: ...
I think it can be a useful tool to find such issues.
SD_MESSAGE_UNIT_STARTING 7d4958e842da4a758f6c1cdc7b36dcc5: no field UNIT
../src/core/unit.c:1239 unit_status_log_starting_stopping_reloading
Starting Paths.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USER_UNIT=paths.target
SD_MESSAGE_UNIT_STARTED 39f53479d3a045ac8e11786248231fbf: no field UNIT
../src/core/job.c:721 job_log_status_message
Reached target Paths.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
RESULT=done
USER_UNIT=paths.target
SD_MESSAGE_STARTUP_FINISHED b07a249cd024414a82dd00cd181378ff: no field KERNEL_USEC
../src/core/manager.c:2532 manager_check_finished
Startup finished in 19ms.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USERSPACE_USEC=19670
SD_MESSAGE_STARTUP_FINISHED b07a249cd024414a82dd00cd181378ff: no field INITRD_USEC
../src/core/manager.c:2532 manager_check_finished
Startup finished in 19ms.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USERSPACE_USEC=19670
unknown 0ce153587afa4095832d233c17a88001: no catalog entry
gsm-manager.c:1366 start_phase
Entering running state
SYSLOG_IDENTIFIER=gnome-session
PRIORITY=5
SD_MESSAGE_UNIT_STOPPING de5b426a63be47a7b6ac3eaac82e2f6f: no field UNIT
../src/core/unit.c:1239 unit_status_log_starting_stopping_reloading
Stopping Default.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USER_UNIT=default.target
SD_MESSAGE_UNIT_STOPPED 9d1aaa27d60140bd96365438aad20286: no field UNIT
../src/core/job.c:729 job_log_status_message
Stopped target Default.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
RESULT=done
USER_UNIT=default.target
SD_MESSAGE_TIME_CHANGE c7a787079b354eaaa9e77b371893cd27: no field REALTIME
src/core/manager.c:2049 manager_dispatch_time_change_fd
Time has been changed
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
unknown f3ea493c22934e26811cd62abe8e203a: no catalog entry
shell-global.c:1375 shell_global_log_structured
GNOME Shell started at Sat Jun 11 2016 12:37:46 GMT-0400 (EDT)
SYSLOG_IDENTIFIER=gnome-shell
SD_MESSAGE_UNIT_FAILED be02cf6855d2428ba40df7e9d022f03d: no field UNIT
src/core/job.c:803 job_log_status_message
Failed to start GNOME Terminal Server.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
RESULT=failed
PRIORITY=3
USER_UNIT=gnome-terminal-server.service
SD_MESSAGE_LID_CLOSED b72ea4a2881545a0b50e200e55b9b070: no catalog entry
src/login/logind-button.c:198 button_dispatch
Lid closed.
SYSLOG_FACILITY=4
SYSLOG_IDENTIFIER=systemd-logind
PRIORITY=6
SD_MESSAGE_LID_OPENED b72ea4a2881545a0b50e200e55b9b06f: no catalog entry
src/login/logind-button.c:219 button_dispatch
Lid opened.
SYSLOG_FACILITY=4
SYSLOG_IDENTIFIER=systemd-logind
PRIORITY=6
SD_MESSAGE_SUSPEND_KEY b72ea4a2881545a0b50e200e55b9b072: no catalog entry
src/login/logind-button.c:177 button_dispatch
Suspend key pressed.
SYSLOG_FACILITY=4
SYSLOG_IDENTIFIER=systemd-logind
PRIORITY=6
SD_MESSAGE_CONFIG_ERROR c772d24e9a884cbeb9ea12625c306c01: no catalog entry
src/shared/conf-parser.c:469 config_parse_sec
[/etc/systemd/system/systemd-networkd.service.d/override.conf:2] Failed to parse sec value, ignoring:
UNIT=systemd-networkd.service
SYSLOG_FACILITY=3
ERRNO=22
SYSLOG_IDENTIFIER=systemd
PRIORITY=3
CONFIG_LINE=2
CONFIG_FILE=/etc/systemd/system/systemd-networkd.service.d/override.conf
unknown 10dd2dc188b54a5e98970f56499d1f73: no catalog entry
gsm-manager.c:308 on_display_server_failure
Unrecoverable failure in required component org.gnome.Shell.desktop
PRIORITY=3
SYSLOG_IDENTIFIER=gnome-session-binary
unknown 52fb62f99e2c49d89cfbf9d6de5e3555: no catalog entry
src/journal/test-journal-send.c:85 main
Hello World!
PAGE_SIZE=4096
TERM=xterm-256color
SYSLOG_IDENTIFIER=lt-test-journal-send
PRIORITY=5
N_CPUS=2
HOME=/home/zbyszek
unknown 9348174c5cc74001a71ef26bd79d302e: no catalog entry
/usr/lib/python3.5/site-packages/dnf-plugins/system_upgrade.py:422 log_status
Download finished.
SYSLOG_IDENTIFIER=python3
DNF_VERSION=1.1.10
TARGET_RELEASEVER=25
SYSTEM_RELEASEVER=24
PRIORITY=5
unknown fef1cc509d5047268b83a3a553f54b43: no catalog entry
/usr/lib/python3.5/site-packages/dnf-plugins/system_upgrade.py:422 log_status
Rebooting to perform upgrade.
SYSLOG_IDENTIFIER=python3
DNF_VERSION=1.1.10
TARGET_RELEASEVER=25
SYSTEM_RELEASEVER=24
PRIORITY=5
unknown 3e0a5636d16b4ca4bbe5321d06c6aa62: no catalog entry
/usr/lib/python3.5/site-packages/dnf-plugins/system_upgrade.py:422 log_status
Starting system upgrade. This will take a while.
SYSLOG_IDENTIFIER=python3
DNF_VERSION=1.1.10
SYSTEM_RELEASEVER=24
PRIORITY=5
TARGET_RELEASEVER=25
unknown 0123456789abcdef0123456789abcdef: no catalog entry
<doctest systemd.journal.JournalHandler[9]>:1 <module>
Message with ID
SYSLOG_IDENTIFIER=/usr/lib/python2.7/site-packages/py/test.py
LOGGER=custom_logger_name
PRIORITY=4
THREAD_NAME=MainThread
This add a new message id for the end of user instance startup.
User manager startup is a different beast then the system startup.
Their descriptions are completely different too. Let's just separate
them.
Partially fixes#3351.
Also remove "successful" from the description, since we don't know if
the startup was successful or not.
Our warning message was misleading, because we wouldn't "correct" anything,
we'd just ignore unkown escapes. Update the message.
Also, print just the extracted word (which contains the offending sequences) in
the message, instead of the whole line.
Fixes#4697.
We would catch stuff like:
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0.0., 0
but not
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 0.0.
because the match would stop at the next-to-last char. Fix that
by requiring a line end.
This commit adds a rules file to extract the properties from hwdb
to set on i2c IIO devices. This is used to set the ACCEL_MOUNT_MATRIX
property on IIO devices, to be consumed by iio-sensor-proxy or
equivalent daemon.
The hwdb file contains documentation on how to write quirks. Note
however that mount information is usually exported in:
- the device-tree for ARM devices
- the ACPI DSDT for Intel-compatible devices
but currently not extracted by the kernel.
Also note that some devices have the framebuffer rotation that changes
between the bootloader and the main system, which might mean that the
accelerometer is then wrongly oriented. This is a missing feature in the
i915 kernel driver: https://bugs.freedesktop.org/show_bug.cgi?id=94894
which needs to be fixed, and won't require quirks.
We shouldn't just have snippets of configuration, but instead
examples which show all the parts necessary to build a certain kind
of setup, with short explanations.
Otherwise we'd fail with an assertion:
Assertion 't->family == AF_INET' failed at ../src/network/netdev/tunnel.c:244, function netdev_vti_fill_message_create(). Aborting.
When assigning addresses, we'd set the family, and later
verify that the address on the other end has the same family.
But when the address was specified as "any", we'd simply unset
the family. Instead, only unset the family if both addresses
are wiped.
Also, don't bother setting family = AF_UNSPEC, since it's the default (0).
