1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

29777 Commits

Author SHA1 Message Date
Lennart Poettering
ab7e3ef561 escape: fix systemd-escape description text
The long man page paragraph got it right: the tool is for escaping systemd unit
names, not just system unit names. Also fix the short man page paragraph
and the --help text.

Follow-up for 303608c1bc
2017-07-31 18:01:42 +02:00
Nicolas Iooss
3a0bf6d6aa namespace: keep selinuxfs mounted read-write with ProtectKernelTunables (#5741)
When a service unit uses "ProtectKernelTunables=yes", it currently
remounts /sys/fs/selinux read-only. This makes libselinux report SELinux
state as "disabled", because most SELinux features are not usable. For
example it is not possible to validate security contexts (with
security_check_context_raw() or /sys/fs/selinux/context). This behavior
of libselinux has been described in
http://danwalsh.livejournal.com/73099.html and confirmed in a recent
email, https://marc.info/?l=selinux&m=149220233032594&w=2 .

Since commit 0c28d51ac8 ("units: further lock down our long-running
services"), systemd-localed unit uses ProtectKernelTunables=yes.
Nevertheless this service needs to use libselinux API in order to create
/etc/vconsole.conf, /etc/locale.conf... with the right SELinux contexts.
This is broken when /sys/fs/selinux is mounted read-only in the mount
namespace of the service.

Make SELinux-aware systemd services work again when they are using
ProtectKernelTunables=yes by keeping selinuxfs mounted read-write.
2017-07-31 17:45:33 +02:00
vliaskov
b305bd3aab mount-setup: mount xenfs filesystem (#6491) 2017-07-31 15:59:02 +02:00
Abdó Roig-Maranges
1df96fcb31 core: Do not fail perpetual mount units without fragment (#6459)
mount_load does not require fragment files to be present in order to
load mount units which are perpetual, or come from /proc/self/mountinfo.

mount_verify should do the same, otherwise a synthesized '-.mount' would
be marked as failed with "No such file or directory", as it is perpetual
but not marked to come from /proc/self/mountinfo at this point.

This happens for the user instance, and I suspect it was the cause of #5375
for the system instance, without gpt-generator.
2017-07-31 12:32:09 +02:00
Lennart Poettering
e362b5a77f Merge pull request #6472 from yuwata/journal-gateway-fix
Some journal-gateway and journal-remote related fixes
2017-07-31 12:11:48 +02:00
S. Fan
8ec1a07998 rfkill: fix erroneous behavior when polling the udev monitor (#6489)
Comparing udev_device_get_sysname(device) and sysname will always return
true. We need to check the device received from udev monitor instead.

Also, fd_wait_for_event() sometimes never exits. Better set a timeout
here.
2017-07-31 12:10:10 +02:00
Andrew Soutar
0864d31176 cryptsetup: fix infinite timeout (#6486)
0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
logic here now matches this change.

Fixes #6381
2017-07-31 08:19:16 +02:00
Zbigniew Jędrzejewski-Szmek
0742986650 core: properly handle deserialization of unknown unit types (#6476)
We just abort startup, without printing any error. Make sure we always
print something, and when we cannot deserialize some unit, just ignore it and
continue.

Fixup for 4bc5d27b94. Without this, we would hang
in daemon-reexec after upgrade.
2017-07-31 08:05:35 +02:00
Martin Pitt
01a45898fc Merge pull request #6462 from keszybz/man-tweaks
Some small man page fixes
2017-07-28 11:49:44 +02:00
Zbigniew Jędrzejewski-Szmek
44ec14e13b man: do not recommend rescue.target for alt-↑
rescue.target does not work well, and we don't have a suitable emergency
shell unit that can be started on existing systems right now. So let's just
remove the recommendation for now.

Fixes #6451.
2017-07-28 05:32:41 -04:00
Zbigniew Jędrzejewski-Szmek
cb1c2d174c man: do not encourgage starting of poweroff/halt/reboot/kexec targets directly
Going through logind and systemd allows polkit to be used,
the job mode will be set properly, and is generally easier
to get correct.

Fixes #6452.
2017-07-28 05:17:05 -04:00
Zbigniew Jędrzejewski-Szmek
26adf7741d man: describe which units types are stopped on isolate
Fixes #6455.
2017-07-28 05:17:05 -04:00
Martin Pitt
896bbe7611 Merge pull request #6365 from keszybz/fast-tests
Make tests faster by default
2017-07-28 11:09:50 +02:00
Martin Pitt
d74af49c0b Merge pull request #6461 from keszybz/meson-options-fix
Meson options fix
2017-07-28 09:51:29 +02:00
Harald Hoyer
522aa9f5f8 boot/efi: don't hard fail on error for tpm measure (#6473)
Display the error for a small amount of time, but don't fail hard.

In case of a faulty BIOS, a TPM error should not prevent the boot.
If something cares about the PCM measurement, it will be noticed
anyway later on.

Especially important now, that TPM measurement is the default now on
some distribution builds.

https://bugzilla.redhat.com/show_bug.cgi?id=1411156
2017-07-28 03:46:05 -04:00
Zbigniew Jędrzejewski-Szmek
36484c0341 test-timesync: ignore failure to listen on /run/systemd/netif/links/ (#6463)
Fixes #6353.
2017-07-28 09:33:43 +02:00
Martin Pitt
9fcaa574f0 Merge pull request #6465 from keszybz/drop-kdbus
Drop kdbus-dependent code
2017-07-28 09:29:07 +02:00
AsciiWolf
c2674675cf mkosi.arch: fix comment (#6470)
libidn -> libidn2
2017-07-28 09:24:12 +02:00
Yu Watanabe
0105858734 journal-remote: use MHD_OPTION_STRICT_FOR_CLIENT if MHD_USE_PEDANTIC_CHECKS is deprecated
The option MHD_OPTION_STRICT_FOR_CLIENT is provided since libmicrohttpd-0.9.54, and
MHD_USE_PEDANTIC_CHECKS will be deprecated in future.
This makes support both option.
2017-07-28 16:22:14 +09:00
Yu Watanabe
315629a83f journal-gateway: use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL
The option MHD_USE_THREAD_PER_CONNECTION requires MHD_USE_POLL_INTERNAL_THREAD
since libmicrohttpd-0.9.53.
If MHD_USE_POLL is used instead of MHD_USE_POLL_INTERNAL_THREAD, then
the library outputs the following warning:
```
Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with
MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added.
Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
```
The option MHD_USE_POLL_INTERNAL_THREAD is defined as
`MHD_USE_POLL_INTERNAL_THREAD = MHD_USE_POLL | MHD_USE_INTERNAL_POLLING_THREAD,`
So, let's use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL.
2017-07-28 13:37:10 +09:00
Yu Watanabe
c831aa7554 journal-remote,gateway: use MHD_USE_TLS instead of MHD_USE_SSL
The option is renamed in libmicrohttpd-0.9.52.
2017-07-28 13:37:10 +09:00
Yu Watanabe
b7f2d0ba24 units,sysusers: use DynamicUser= for journal-gatewayd and drop user systemd-journal-gateway from sysusers 2017-07-28 13:37:10 +09:00
Yu Watanabe
6bda23dd6a bash-completion: use the first argument instead of the global variable (#6457)
Without this fix:

$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
224

the number of the suggestions are quite different, as __get_startable_units --system does
not filter already started units. With this fix,

$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
123
$ __get_template_names --system | wc -l
12

the number of the suggestions matches one the function returns.
For consistency with the other internal functions, it should use the first argument
instead of the global variable $mode.

[zj: add commit message to make it sound like we know what we're doing]
2017-07-27 07:22:54 -04:00
Zbigniew Jędrzejewski-Szmek
9d39c1bf29 meson: add empty lines before enabled/disabled status
Those line are long enough to wrap around a few times, and they are
much more legible with some whitespace.
2017-07-26 14:17:50 -04:00
Zbigniew Jędrzejewski-Szmek
b1519d6566 meson: -D remote and -D importd should be "combo" options
The default should be 'auto', and we allow 'true'
and 'false' too.

Fixes #6445.
2017-07-26 14:11:15 -04:00
Zbigniew Jędrzejewski-Szmek
cd4823f6b0 meson: drop unnecesary default value setting
'true' is the default.
Follow-up for 7d77b8880d.
2017-07-26 14:09:22 -04:00
Zbigniew Jędrzejewski-Szmek
a44fb6019f meson.build: reorder tests to match order in meson_options.txt
This makes it easier to edit both files.
2017-07-26 14:08:46 -04:00
Zbigniew Jędrzejewski-Szmek
8727b86d50 Revert "hwdb: Asus TP500LB accelerometer support"
This reverts commit e8e4f5d970.

It shouldn't have a row of all 0s.
2017-07-25 09:10:15 -04:00
Zbigniew Jędrzejewski-Szmek
8a8b33eeb0 hwdb: temporarily drop accelerometer entry for Winbook TW100
It shouldn't have all 0s.

Added in 1f886b50f6.
2017-07-25 09:08:35 -04:00
Benjamin Berg
b66c294c4b hwdb: Add axis range for System76 Galago Pro (galp2) (#6439) 2017-07-25 11:35:58 +10:00
Yu Watanabe
2d5dece8ec basic: cosmetic changes (#6440) 2017-07-24 19:32:34 -04:00
Zbigniew Jędrzejewski-Szmek
0ff48708e5 Merge pull request #6438 from poettering/distro-porting-more
extend README and DISTRO_PORTING a bit
2017-07-24 08:15:45 -04:00
Lennart Poettering
c4aa18a341 Merge pull request #6429 from keszybz/dropins-and-ordering-cycles
Dropin loading and ordering cycle logging improvements
2017-07-24 11:58:21 +02:00
Lennart Poettering
f5a93d5db1 README: document that max_bonds=0 is the way to go for bonding.ko
Everything else just is annoying, hence let's list this among the
requirements we make on the kernel in order to minimize confusion
leading to #6184 and suchlike.
2017-07-24 11:49:16 +02:00
Lennart Poettering
0629976f08 DISTRO_PORTING: document that distros may/should change fallback DNS as well as fallback NTP if they wish
The DNS and NTP fallback server situation is pretty similar, and
downstream distros might want to change both to whatever they need,
hence mention them both.
2017-07-24 11:49:16 +02:00
Zbigniew Jędrzejewski-Szmek
003c887967 meson: install the git hook (#6425)
This was done autogen.sh previously and was dropped in
72cdb3e783. Let's add it back.
The meson configuration step is the only reasonable place.

Note that this only works for the most standard git dirs, e.g.
the hook will not be installed if git worktree is used or if
$GIT_DIR is specified, etc. I think that's OK because most of
the time meson will be run at least once in the original cloned
dir.
2017-07-24 10:41:45 +02:00
Zbigniew Jędrzejewski-Szmek
b167945935 nspawn: do not mount /sys/fs/kdbus 2017-07-23 12:03:00 -04:00
Zbigniew Jędrzejewski-Szmek
a132bef023 Drop kdbus bits
Some kdbus_flag and memfd related parts are left behind, because they
are entangled with the "legacy" dbus support.

test-bus-benchmark is switched to "manual". It was already broken before
(in the non-kdbus mode) but apparently nobody noticed. Hopefully it can
be fixed later.
2017-07-23 12:01:54 -04:00
Zbigniew Jędrzejewski-Szmek
a6c97fc460 Drop bus-policy bits 2017-07-23 09:29:02 -04:00
Zbigniew Jędrzejewski-Szmek
4bc5d27b94 Drop busname unit type
Since busname units are only useful with kdbus, they weren't actively
used. This was dead code, only compile-tested. If busname units are
ever added back, it'll be cleaner to start from scratch (possibly reverting
parts of this patch).
2017-07-23 09:29:02 -04:00
Zbigniew Jędrzejewski-Szmek
494d16aa0c hwdb: disallow acceleration matrices with trivial rows
All zeros means that we cannot detect acceleration in that direction.

Related to #6430.
2017-07-22 19:25:43 -04:00
Zbigniew Jędrzejewski-Szmek
924775e8ce core: when logging about dependency cycles, add UNIT= entries for all involved units
Example log:
Jul 22 15:55:21 fedora systemd[1]: a1.service: Found ordering cycle on a2.service/start
Jul 22 15:55:21 fedora systemd[1]: a1.service: Found dependency on a3.service/start
Jul 22 15:55:21 fedora systemd[1]: a1.service: Found dependency on a1.service/start
Jul 22 15:55:21 fedora systemd[1]: a1.service: Job a2.service/start deleted to break ordering cycle starting with a1.service/start
Jul 22 15:55:21 fedora systemd[1]: Starting a1.service...
Jul 22 15:55:21 fedora systemd[1]: Started a1.service.

Example log entry:

Sat 2017-07-22 15:55:21.372389 EDT [s=0004bb6302d94ac3aa69987fb6157338;i=9ae;b=a96eb6153d4f4f3686c7b4
    _BOOT_ID=a96eb6153d4f4f3686c7b4db8a432908
    _MACHINE_ID=ad18f69b80264b52bb3b766240742383
    _HOSTNAME=fedora
    PRIORITY=3
    SYSLOG_FACILITY=3
    SYSLOG_IDENTIFIER=systemd
    _UID=0
    _GID=0
    _PID=1
    _TRANSPORT=journal
    _CAP_EFFECTIVE=3fffffffff
    _COMM=systemd
    _EXE=/usr/lib/systemd/systemd
    _SYSTEMD_CGROUP=/init.scope
    _SYSTEMD_UNIT=init.scope
    _SYSTEMD_SLICE=-.slice
    _SELINUX_CONTEXT=system_u:system_r:kernel_t:s0
    CODE_FILE=../src/core/transaction.c
    CODE_FUNC=transaction_verify_order_one
    UNIT=a3.service
    UNIT=a1.service
    UNIT=a2.service
    CODE_LINE=430
    MESSAGE=a1.service: Job a2.service/start deleted to break ordering cycle starting with a1.service
    _CMDLINE=/usr/lib/systemd/systemd --system --deserialize 28
    _SOURCE_REALTIME_TIMESTAMP=1500753321372389

This should make it easier to see when any of the units are involved in an
ordering cycle.

Fixes #6336.

v2:
- also update the "Unable to break cycle" message.
2017-07-22 18:57:16 -04:00
Zbigniew Jędrzejewski-Szmek
3f6de63bf7 shared/dropin: improve error message
We're not just sorting, but actually creating the list. We can
also use the output parameter directly, without a temporary variable.
2017-07-22 16:03:00 -04:00
Zbigniew Jędrzejewski-Szmek
9e4ea9cc34 Revert "core: don't load dropin data multiple times for the same unit (#5139)"
This reverts commit 2d058a87ff.

When we add another name to a unit (by following an alias), we need to
reload all drop-ins. This is necessary to load any additional dropins
found in the dirs created from the alias name.

Fixes #6334.
2017-07-22 16:03:00 -04:00
Lion Yang
c702bd3b69 man/systemd.network: DHCP defaults to "no" (#6423)
Code at: /src/network/networkd-network.c#L160
2017-07-21 16:21:30 -04:00
Lion Yang
e223f7998d doc/systemd-resolved.service: fix typo (#6422)
DNS sever => DNS server
2017-07-21 16:20:49 -04:00
Zbigniew Jędrzejewski-Szmek
0926f3489d resolved: make sure idn2 conversions are roundtrippable
While working on the gateway→_gateway conversion, I noticed that
libidn2 strips the leading underscore in some names.
https://gitlab.com/libidn/libidn2/issues/30 was resolved in
05d753ea69,
which disabled "STD3 ASCII rules" by default, i.e. disabled stripping
of underscores. So the situation is that with previously released libidn2
versions we would get incorrect behaviour, and once new libidn2 is released,
we should be OK.

Let's implement a simple test which checks that the name survives the
roundtrip, and if it doesn't, skip IDN resolution. Under old libidn2 this will
fail in more cases, and under new libidn2 in fewer, but should be the right
thing to do also under new libidn2.
2017-07-21 08:00:23 -04:00
Yu Watanabe
8ae12e733c core: fix typo (#6417) 2017-07-21 10:36:39 +02:00
Lennart Poettering
4b61c87511 tree-wide: fput[cs]() → fput[cs]_unlocked() wherever that makes sense (#6396)
As a follow-up for db3f45e2d2 let's do the
same for all other cases where we create a FILE* with local scope and
know that no other threads hence can have access to it.

For most cases this shouldn't change much really, but this should speed
dbus introspection and calender time formatting up a bit.
2017-07-21 10:35:45 +02:00
Zbigniew Jędrzejewski-Szmek
52b1478414 Merge pull request #6413 from poettering/getpid
speed up getpid() again
2017-07-20 15:14:13 -04:00