1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

76663 Commits

Author SHA1 Message Date
Daan De Meyer
eca003de2f ukify: Introduce resolve_at_path() 2024-10-09 20:36:55 +02:00
Daan De Meyer
be64d42f9f ukify: Fix off by one error
We weren't measuring the profile section itself.
2024-10-09 19:51:08 +02:00
Yu Watanabe
e318675398
Merge pull request #34641 from behrmann/ukifystyle
Type annotate and format ukify
2024-10-10 02:21:29 +09:00
Yu Watanabe
fa3faf8abb
Merge pull request #34636 from WilliButz/repart/verity-hash-max-data-size
repart: support verity hash partitions sized for custom data size
2024-10-10 00:51:40 +09:00
Yu Watanabe
af1a594b55
Merge pull request #34691 from poettering/polkit-varlink-field-macro
polkit: introduce common macro for generating polkit allowInteractive…
2024-10-10 00:44:29 +09:00
Matteo Croce
c230c9a3e0 network/sysctl-monitor: change variable type to avoid preverifier denial
The compiler clones the u32 i variable to another register, and fails to
calculate the range of possible values, so the verification fails.

    libbpf: prog 'sysctl_monitor': BPF program load failed: Permission denied
    libbpf: prog 'sysctl_monitor': -- BEGIN PROG LOAD LOG --
    0: R1=ctx() R10=fp0
    ; int sysctl_monitor(struct bpf_sysctl *ctx) { @ sysctl-monitor.bpf.c:65
    0: (bf) r6 = r1                       ; R1=ctx() R6_w=ctx()
    ; if (bpf_current_task_under_cgroup(&cgroup_map, 0)) @ sysctl-monitor.bpf.c:69
    1: (18) r1 = 0xffff892a0fda9c00       ; R1_w=map_ptr(map=cgroup_map,ks=4,vs=4)
    3: (b7) r2 = 0                        ; R2_w=0
    4: (85) call bpf_current_task_under_cgroup#37         ; R0_w=scalar()
    5: (55) if r0 != 0x0 goto pc+88       ; R0_w=0
    ; if (!ctx->write) @ sysctl-monitor.bpf.c:73
    6: (61) r1 = *(u32 *)(r6 +0)          ; R1_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) R6_w=ctx()
    7: (15) if r1 == 0x0 goto pc+86       ; R1_w=scalar(smin=umin=umin32=1,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
    8: (b7) r1 = 1                        ; R1_w=1
    ; we.version = 1; @ sysctl-monitor.bpf.c:81
    9: (7b) *(u64 *)(r10 -480) = r1       ; R1_w=1 R10=fp0 fp-480_w=1
    10: (b7) r8 = 0                       ; R8_w=0
    ; we.path[0] = 0; @ sysctl-monitor.bpf.c:83
    11: (73) *(u8 *)(r10 -440) = r8       ; R8_w=0 R10=fp0 fp-440=???????0
    ; we.newvalue[0] = 0; @ sysctl-monitor.bpf.c:86
    12: (73) *(u8 *)(r10 -180) = r8       ; R8_w=0 R10=fp0 fp-184=???0????
    ; we.current[0] = 0; @ sysctl-monitor.bpf.c:85
    13: (73) *(u8 *)(r10 -340) = r8       ; R8_w=0 R10=fp0 fp-344=???0????
    ; we.comm[0] = 0; @ sysctl-monitor.bpf.c:84
    14: (73) *(u8 *)(r10 -456) = r8       ; R8_w=0 R10=fp0 fp-456=???????0
    ; we.pid = bpf_get_current_pid_tgid() >> 32; @ sysctl-monitor.bpf.c:89
    15: (85) call bpf_get_current_pid_tgid#14     ; R0=scalar()
    16: (77) r0 >>= 32                    ; R0_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
    17: (63) *(u32 *)(r10 -472) = r0      ; R0_w=scalar(id=1,smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) R10=fp0 fp-472=????scalar(id=1,smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
    ; we.cgroup_id = bpf_get_current_cgroup_id(); @ sysctl-monitor.bpf.c:90
    18: (85) call bpf_get_current_cgroup_id#80    ; R0_w=s
    libbpf: prog 'sysctl_monitor': failed to load: -13
    libbpf: failed to load object 'sysctl_monitor_bpf'
    libbpf: failed to load BPF skeleton 'sysctl_monitor_bpf': -13
    Unable to load sysctl monitor BPF program, ignoring: Permission denied.

Change the type to u64 to fix it.
2024-10-09 17:36:21 +02:00
Lennart Poettering
1913ffb894 namespace: rename drop_unused_mounts() → sort_and_drop_unused_mounts()
The function sorts the listed mounts, and that's kinda key, hence
reflect that in the name.
2024-10-09 16:23:13 +01:00
Lennart Poettering
387d6fe6b6 update TODO 2024-10-09 15:43:11 +02:00
Lennart Poettering
e47dbf5b4e polkit: introduce common macro for generating polkit allowInteractiveAuth varlink method call IDL field
We define the same field at many places, let's add a macro with it, that
also contains a suitable description comment.
2024-10-09 15:41:58 +02:00
Tobias Fleig
2ea0487c1b stub: Add support for .initrd addon files
Teaches systemd-stub how to load additional initrds from addon files.
This is very similar to the support for .ucode sections in addon files,
but with different ordering. Initrds from addons have a chance to
overwrite files from the base initrd in the UKI.
2024-10-09 14:06:10 +01:00
WilliButz
e16153a403
test/repart: add test case for hash size derived from max data size 2024-10-09 13:20:14 +02:00
WilliButz
d3032e651e
repart: derive hash partition size from SizeMaxBytes= of data sibling
This change makes it possible for repart to create dm-verity hash
partitions for a custom amount of protected data. When the property
`SizeMaxBytes=` is specified for a dm-verity data partition, the size
of the corresponding hash partition is set to accommodate hash data
for this maximum size, rather than the actual contents its data
sibling. However, the contained hash data continues to be generated
from said sibling.
2024-10-09 13:20:14 +02:00
Jörg Behrmann
180f957acc ukify: Factor out sbat into constants 2024-10-09 12:11:57 +02:00
Jörg Behrmann
d5085be9c5 ci: Check ukify types and formatting. 2024-10-09 12:11:57 +02:00
Jörg Behrmann
206fa93c85 ukify: Ensure that find_tool always returns a tool or throws an error
This also makes the error message configurable, so that find_sbsign and
find_pesign can be inlined again.
2024-10-09 12:11:57 +02:00
Jörg Behrmann
3d2144a214 ukify: Move summary option handling out of finalize_options
This way finalize_options will not call sys.exit by itself.
2024-10-09 12:11:57 +02:00
Jörg Behrmann
e95193504b ukify: Type-annotate ukify 2024-10-09 12:11:57 +02:00
Jörg Behrmann
2572afa405 ukify: Make it lint clean 2024-10-09 12:11:57 +02:00
Jörg Behrmann
521bc9c6c0 ukify: Use OSError insteead of IOError
The latter was deprecated for the former and is only an alias for it.
2024-10-09 11:58:02 +02:00
Jörg Behrmann
89842331fb ukify: Use non-deprecated import for Sequence 2024-10-09 11:58:02 +02:00
Jörg Behrmann
8abfd07ea1 ukify: Sort imports 2024-10-09 11:58:02 +02:00
Jörg Behrmann
35d92c0367 ukify: Import Path directly 2024-10-09 11:58:02 +02:00
Jörg Behrmann
6a28cae99a ukify: Format with ruff 2024-10-09 11:58:02 +02:00
Daan De Meyer
61808636a7
Merge pull request #34679 from DaanDeMeyer/bus-log
Various logging improvements
2024-10-09 11:42:26 +02:00
Lennart Poettering
1c62c2da43
Merge pull request #34656 from yuwata/private-users
core: drop implicit support of PrivateUsers=off
2024-10-09 10:39:30 +02:00
Lennart Poettering
0d5ca13026
Merge pull request #34651 from yuwata/polkit-transient-unit
dbus: pass transient unit name metadata to polkit
2024-10-09 10:35:19 +02:00
Lennart Poettering
93b078c3dd hwdb: move key 66/65 handling from specific to generic HP laptop coverage
This takes the idea from #18595 and implements it based on our current
hwdb: the original PR suggested the keys 66/65 are a generic HP thing,
and not limited to specific laptops. The current specific laptop entries
do not contradict that claim.

Hence, let's move them from the specific sections matching some HP
laptops to the generic section matching all.

This uses the correct key names, which have long been fixed (which used
to be a problem our CI was tripped off by).

This is not tested, but I think fairly risk-less, and should allow us to
get rid of a really old PR.

Replaces: #18595
2024-10-09 10:34:13 +02:00
Daan De Meyer
acb0f501f4 core: Log in more scenarios about which process initiated an operation
Exit/Reboot/Poweroff and similar operations are invasive enough that
logging about who initiated them is very useful to debug issues.
2024-10-09 10:27:56 +02:00
Daan De Meyer
4ee41be825 core: Bump log level of reexecute request to notice
A daemon-reload is important enough to deserve logging at notice
level.
2024-10-09 10:27:56 +02:00
Daan De Meyer
d8a77d55e6 bus-util: Log more information when connecting to a bus socket fails
Let's log about which bus we're trying to connect to and what transport
we're using to do it.
2024-10-09 10:27:53 +02:00
Lennart Poettering
0aaacc3a10
Merge pull request #34593 from Werkov/deprecate-aux-scopes
core/manager: Deprecate StartAuxiliaryScope() method
2024-10-09 10:25:30 +02:00
Lennart Poettering
6ce06e94b1
Merge pull request #34671 from yuwata/memory
tree-wide: several memory accounting cleanups
2024-10-09 10:24:10 +02:00
Lennart Poettering
e204346953 NEWS: announce the F20/F21/F22/F23 key mangling removal scheduled for v258
As per: https://github.com/systemd/systemd/pull/34325
And: https://github.com/systemd/systemd/issues/34323
2024-10-09 09:04:31 +02:00
Lennart Poettering
438348f7cc update TODO 2024-10-09 09:04:31 +02:00
Yu Watanabe
2e8a581b9c core: drop implicit support of PrivateTmp=off
Follow-up for 0e551b04ef.

Similar to the previous commit, but for PrivateTmp=.
2024-10-09 08:11:42 +09:00
Renjaya Raga Zenta
3a437f52b8 core/dbus: pass transient unit name metadata to polkit
Fixes #17224
2024-10-09 06:57:22 +09:00
Yu Watanabe
dc995a9b23 core/dbus: add assertions 2024-10-09 06:57:11 +09:00
Yu Watanabe
0881cf3d51 core/dbus: introduce bus_verify_manage_units_async_impl()
Then, make bus_verify_manage_units_async() and _full() inline.

Co-authored-by: Renjaya Raga Zenta <ragazenta@gmail.com>
2024-10-09 06:55:32 +09:00
Yu Watanabe
d030946765 core/dbus: move bus_verify_xyz() to dbus-util.c 2024-10-09 06:54:45 +09:00
Chen Guanqiao
00ad3f0227 mount: optimize mountinfo traversal by decoupling device discovery
In mount_load_proc_self_mountinfo(), device_found_node() is synchronously called
during the traversal of mountinfo entries. When there are a large number of
mount points, and the device types are not significantly different, this results
in excessive time consumption during device discovery, causing a performance
bottleneck. This issue is particularly prominent on servers with a large number
of cores in IDC.

This patch decouples device discovery from the mountinfo traversal process,
avoiding redundant device operations. As a result, it significantly improves
performance, especially in environments with numerous mount points.

Signed-off-by: Chen Guanqiao <chen.chenchacha@foxmail.com>
2024-10-08 22:36:59 +01:00
Yu Watanabe
edd3f4d9b7 core: drop implicit support of PrivateUsers=off
Follow-up for fa693fdc7e.

The documentation says the option takes a boolean or one of the "self"
and "identity". But the parser uses private_users_from_string() which
also accepts "off". Let's drop the implicit support of "off".
2024-10-09 05:39:54 +09:00
Yu Watanabe
e607a7317f oomd: separate entries with comma for readability 2024-10-09 05:36:11 +09:00
Yu Watanabe
05314b1823 oomd: update system context when oomctl is invoked
Otherwise, oomctl shows 0 memory and swap usage when swap monitoring
is not enabled.
=======
$ oomctl
Dry Run: no
Swap Used Limit: 90.00%
Default Memory Pressure Limit: 60.00%
Default Memory Pressure Duration: 20s
System Context:
        Memory: Used: 0B Total: 0B
        Swap: Used: 0B Total: 0B
Swap Monitored CGroups:
Memory Pressure Monitored CGroups:
...
======
2024-10-09 05:36:11 +09:00
Yu Watanabe
0f1a09203e oomd: drop unused usec_now 2024-10-09 05:36:11 +09:00
Yu Watanabe
483ab07534 systemctl: separate memory usage with comma
Just for readability.

Before:
$ build/systemctl status -n 0 systemd-networkd.service | grep Memory:
     Memory: 4.7M (peak: 14.3M swap: 1M swap peak: 1.1M)

After:
$ build/systemctl status -n 0 systemd-networkd.service | grep Memory:
     Memory: 4.7M (peak: 14.3M, swap: 1M, swap peak: 1.1M)
2024-10-09 05:36:11 +09:00
Yu Watanabe
1cafbecabe core: suppress one debugging log
Otherwise, the log is shown even when getting properties.
Even though it is in the debug level, that's quite noisy.

[  338.785847] TEST-55-OOMD.sh[1624]: Oct 07 16:35:15 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.786985] TEST-55-OOMD.sh[1624]: Oct 07 16:35:17 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.787412] TEST-55-OOMD.sh[1624]: Oct 07 16:35:20 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.791776] TEST-55-OOMD.sh[1624]: Oct 07 16:35:22 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.792938] TEST-55-OOMD.sh[1624]: Oct 07 16:35:24 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.793225] TEST-55-OOMD.sh[1624]: Oct 07 16:35:26 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.793424] TEST-55-OOMD.sh[1624]: Oct 07 16:35:28 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.796448] TEST-55-OOMD.sh[1624]: Oct 07 16:35:31 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.797997] TEST-55-OOMD.sh[1624]: Oct 07 16:35:33 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
[  338.799206] TEST-55-OOMD.sh[1624]: Oct 07 16:35:35 H systemd[1]: TEST-55-OOMD-testmunch.service: Unit not running in private mount namespace, cannot live mount
2024-10-09 05:36:11 +09:00
Luca Boccassi
2b577d598b
Merge pull request #34675 from poettering/dupfd-query
fd-util: use F_DUPFD_QUERY for same_fd()
2024-10-08 19:30:57 +01:00
Luca Boccassi
8a1c78f33e
Merge pull request #34674 from yuwata/reallocarray
tree-wide: replace reallocarray() with GREEDY_REALLOC()
2024-10-08 19:27:43 +01:00
Luca Boccassi
d07e1e07fe
Merge pull request #34672 from yuwata/timestamp
analyze: fix timestamp
2024-10-08 19:21:28 +01:00
Michal Koutný
64f173324e core/manager: Deprecate StartAuxiliaryScope() method
The method was added with migration of resources in mind (e.g. process's
allocated memory will follow it to the new scope), however, such a
resource migration is not in cgroup semantics. The method may thus have
the intended users and others could be guided to StartTransientUnit().

Since this API was advertised in a regular release, start the removal
with a deprecation message to callers.
Eventually, the goal is to remove the method to clean up DBus API and
simplify code (removal of cgroup_context_copy()).

Part of DBus docs is retained to satisfy build checks.
2024-10-08 17:49:13 +02:00