1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

42315 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
f4331d0db2 shared/install: warn about unkown sections in unit files
As in the previous commit, ignoring unkown sections means users may be confused
easily. It is better to warn about misspellt section names.

In this case, we are using a separate item table, so we'd ignore all those
sections anyway, so we could list them with out the minus prefixes and the
effect would be the same. But I think it's clearer to prefix them.
2019-11-25 16:45:29 +01:00
Zbigniew Jędrzejewski-Szmek
130b812f9d network: warn about unknown sections when parsing .netdev files
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1774242.
Now we'll emit the warning about unknown section [Netdev], making the issue
much easier to diagnose.
2019-11-25 16:45:29 +01:00
Zbigniew Jędrzejewski-Szmek
ddeb3f5d4b shared/conf-parser: allow sections to be silently ignored with new -Section syntax
If we ignore any uknown section, we will not be able to show any
warning if a typo in a section name is made. Let's reverse our
approach, and explicitly list sections to ignore instead.

I opted to make use the same section list for this, instead of adding a second
list, because this list is passed through to many functions and adding yet
another parameter to the long signature would be very noisy.
2019-11-22 15:27:22 +01:00
Zbigniew Jędrzejewski-Szmek
94a404cb03 shared/conf-parser: document what the flags do 2019-11-22 13:11:35 +01:00
Zbigniew Jędrzejewski-Szmek
f9761a89a8 shared/conf-parser: turn CONFIG_PARSE_REFUSE_BOM flag into a local variable
This is an internal implementation detail.
2019-11-22 13:11:35 +01:00
Zbigniew Jędrzejewski-Szmek
bdf2357c12 NEWS: add contributors for v244 2019-11-22 09:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
6df086019c mailmap: update 2019-11-22 09:33:40 +01:00
Zbigniew Jędrzejewski-Szmek
353a6f293e
Merge pull request #14081 from poettering/xattr-list-rework
xattr-util rework and addition of flistxattr_malloc() helper plus test
2019-11-22 09:18:24 +01:00
Zbigniew Jędrzejewski-Szmek
fd0d10f783
Merge pull request #14105 from keszybz/man-directives-cleanup
Man formatting and sorting fixes
2019-11-22 09:06:28 +01:00
ksbex
80fc3166e0 hwdb: Dell venue 10 pro 5055 accel mount matrix (#14104) 2019-11-22 08:51:44 +01:00
Zbigniew Jędrzejewski-Szmek
8c6c56c36f man: sort options without "=" in the directives index
Some options would appear twice in the index, e.g. --collect= and
--collect. Some man pages use one form, some the other, and the argument
might be mandatory for some commands but not others. Anyway, let's display
them as one entry, to reduce the total number of items listed.
2019-11-21 22:06:30 +01:00
Zbigniew Jędrzejewski-Szmek
f8b68539d0 man: fix a few bogus entries in directives index
When wrong element types are used, directives are sometimes placed in the wrong
section. Also, strip part of text starting with "'", which is used in a few
places and which is displayed improperly in the index.
2019-11-21 22:06:30 +01:00
Zbigniew Jędrzejewski-Szmek
b0343f8c96 man: change noindex="true" to index="false"
We nowadays prefer positive options over negative.
2019-11-21 22:03:57 +01:00
Zbigniew Jędrzejewski-Szmek
8eb6e6ed09 man: use <command> not <option> for commands in resolvectl(1) 2019-11-21 22:03:57 +01:00
Lennart Poettering
351de38e4b bootctl: make 'random-seed' handle inability to write system token EFI variable gracefully
Apparently some firmwares don't allow us to write this token, and refuse
it with EINVAL. We should normally consider that a fatal error, but not
really in the case of "bootctl random-seed" when called from the
systemd-boot-system-token.service since it's called as "best effort"
service after boot on various systems, and hence we shouldn't fail
loudly.

Similar, when we cannot find the ESP don't fail either, since there are
systems (arch install ISOs) that carry a boot loader capable of the
random seed logic but don't mount it after boot.

Fixes: #13603
2019-11-21 19:55:17 +01:00
Zbigniew Jędrzejewski-Szmek
9389a3cdc8
Merge pull request #14093 from poettering/cgroups-delegate-xattr
mark delegated cgroups via xattr, and visualize the cut points in cgls
2019-11-20 23:53:03 +01:00
Lennart Poettering
7daa88ee5d update TODO 2019-11-20 17:51:28 +01:00
Lennart Poettering
a2e361dc27 cgls: visually separate processes from cgroups
Let's show them in grey, since we generally want to focus on showing the
cgroups much less than the processes in them.
2019-11-20 17:51:28 +01:00
Lennart Poettering
74d8ccd451 cgls: show delegation boundaries by underlining the cgroup in the output
This should help visualize where one manager's territory begins and
another's starts. Do this by underlining (since it's a "cut" point an
underline made most sense to me). Since underlining is not visible on
the console let's also show an ellipses for all lines that are
delegation boundaries.

Unfortunately this all is not as useful as it appears. The
"trusted.delegate" xattr is only visible to roo, which means
"systemd-cgls" has be called as root to show the boundaries.
Unfortunately cgroupfs doesn't support unprivileged xattrs on cgroups.
2019-11-20 17:50:12 +01:00
Lennart Poettering
3288ea8f32 core: set "trusted.delegate" xattr on cgroups that are delegation boundaries
Let's mark cgroups that are delegation boundaries to us. This can then
be used by tools such as "systemd-cgls" to show where the next manager
takes over.
2019-11-20 17:50:12 +01:00
Lennart Poettering
bf25f1657f cgroup-util: add new cg_remove_xattr() for removing xattr from cgroup 2019-11-20 17:50:12 +01:00
Lennart Poettering
59a49b1bcd
Merge pull request #14090 from poettering/clonenewns-fix
make sure systemd-logind.service can start if unshare() is blocked
2019-11-20 17:27:56 +01:00
Lennart Poettering
168e131b8b update NEWS 2019-11-20 16:16:46 +01:00
Zbigniew Jędrzejewski-Szmek
8490fc7aef
Merge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs
Systemctl add log-level, log-target, service-watchdogs commands
2019-11-20 16:15:09 +01:00
Zbigniew Jędrzejewski-Szmek
2d8898f564
Merge pull request #14074 from keszybz/rename-system-options
Rename system-options
2019-11-20 16:13:46 +01:00
Lennart Poettering
6d19b71876 core: don't insist on ProtectHostname= if unshare() is blocked
Previously we'd only skip ProtectHostname= if kernel support for
namespaces was lacking. With this change we also accept if unshare()
fails because it is blocked.
2019-11-20 12:49:06 +01:00
Lennart Poettering
4e67759960 core: be more lenient when checking whether sandboxing is necessary
In some containers unshare() is made unavailable entirely. Let's deal
with this that more gracefully and disable our sandboxing of services
then, so that we work in a container, under the assumption the container
manager is then responsible for sandboxing if we can't do it ourselves.

Previously, we'd insist on sandboxing as soon as any form of BindPath=
is used. With this change we only insist on it if we have a setting like
that where source and destination differ, i.e. there's a mapping
established that actually rearranges things, and thus would result in
systematically different behaviour if skipped (as opposed to mappings
that just make stuff read-only/writable that otherwise arent').

(Let's also update a test that intended to test for this behaviour with
a more specific configuration that still triggers the behaviour with
this change in place)

Fixes: #13955

(For testing purposes unshare() can easily be blocked with
systemd-nspawn --system-call-filter=~unshare.)
2019-11-20 12:30:04 +01:00
Lennart Poettering
e884e00071 errno-util: add ERRNO_IS_PRIVILEGE() helper 2019-11-20 12:29:54 +01:00
Anita Zhang
206a29b2e1 id128: fix initializer element is not constant
Was getting:

  ../src/id128/id128.c:15:1: error: initializer element is not constant
   static sd_id128_t arg_app = SD_ID128_NULL;
    ^
when building on CentOS 7.

Other parts of the code initialize `static sd_id128_t` to {} and this
was the original setting before a19fdd66c2 anyways.
2019-11-20 10:59:25 +01:00
Lennart Poettering
b82e818f5c test: make sure our tests get exclusive TTY access
This sould make our test suite a bit more robust if it is slow running.
A few of our test services use StandardOutput=tty or StandardError=tty
in the tests in order to connect test services to the container console.
This gets into conflict with the container getty which wants exclusive
access to the console. Since the container getty is started with
Type=idle it typically gets started after a timeout only if the TTY is
already used, which hence introduces a race: if the test finishes
earlier all is good, if not, then the test gets kicked off the TTY which
then causes bash to abort since it cannot write any error messages
anymore.

Let's fix this hence: all tests that connect to the tty are now
synchronized to getty-pre.target, so they finish before any getty is
started.
2019-11-20 09:39:54 +01:00
Lennart Poettering
faf1bb8244
Merge pull request #14085 from poettering/ask-password-api
make sure asking for a pw works in a container too if keyctl() and friends are blocked
2019-11-20 00:54:28 +01:00
Lennart Poettering
fbcb630045 pam_systemd: prolong method call timeout when allocating session
Starting a session might involve starting the user@.service instance,
hence let's make the bus call timeout substantially longer.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=83828
2019-11-19 21:05:03 +01:00
Zbigniew Jędrzejewski-Szmek
cbfc32819a
Merge pull request #14078 from poettering/cryptsetup-fixlets
trivial cryptsetup fixlets (mostly: use more STR_IN_SET())
2019-11-19 20:46:53 +01:00
Zbigniew Jędrzejewski-Szmek
321c911fc2
Merge pull request #14079 from poettering/pam-systemd-fixlets
trivial pam_systemd fixlets
2019-11-19 20:45:15 +01:00
Yu Watanabe
08de195825 udev: do not propagate error in executing PROGRAM and IMPORT{program}
Also, this adds more logs.

Fixes #14027.
2019-11-19 20:20:46 +01:00
Lennart Poettering
09a6b4f34f ask-password: skip kernel keyring logic if we see EPERM
Let's improve compat with container managers that block the keyring
logic and return EPERM for them.
2019-11-19 19:12:09 +01:00
Lennart Poettering
e6376b6a41 errno: add new ERRNO_IS_NOT_SUPPORTED() helper 2019-11-19 19:12:09 +01:00
Lennart Poettering
83412d39de test-copy: test that xattrs are properly copied 2019-11-19 15:44:58 +01:00
Lennart Poettering
f9bbb4dcec copy: port over to flistxattr_malloc() and fgetxattr_malloc() 2019-11-19 15:44:58 +01:00
Lennart Poettering
7de2d2e17d xattr-util: add flistxattr_malloc() that returns a NULSTR 2019-11-19 15:44:58 +01:00
Lennart Poettering
6ac99d9d5f xattr-util: modernize getxattr_malloc() a bit
Let's use automatic cleanup/TAKE_PTR where appropriate
2019-11-19 15:44:58 +01:00
Lennart Poettering
25f9288e31 update TODO 2019-11-19 15:42:55 +01:00
Zbigniew Jędrzejewski-Szmek
c336dc29ff
Merge pull request #14080 from poettering/table-uid-pid
format-table: introduce TABLE_UID/TABLE_GID to match TABLE_PID and use it
2019-11-19 15:35:25 +01:00
Lennart Poettering
9120aa820b cryptsetup: use STR_IN_SET() where appropriate
Note that this slightly changes behaviour: "none" is only allowed as
option, if it's the only option specified, but not in combination with
other options. I think this makes more sense, since it's the choice when
no options shall be specified.
2019-11-19 15:34:09 +01:00
Lennart Poettering
9c5253ffec cryptsetup: minor coding style clean-ups 2019-11-19 15:34:09 +01:00
Lennart Poettering
dca81e2851 pam_systemd: add one more assert 2019-11-19 15:26:45 +01:00
Lennart Poettering
8d46418e93 pam_systemd: don't use PAM_SYSTEM_ERR for something that isn't precisely a system error
It's not really clear which PAM errors to use for which conditions, but
something called PAM_SYSTEM_ERR should probably not be used when the
error is not the result of some system call failure.
2019-11-19 15:26:45 +01:00
Lennart Poettering
1798f5afe3 pam-systemd: voidify pam_get_item() calls 2019-11-19 15:26:45 +01:00
Lennart Poettering
42e6680976 pam-systemd: remove duplicate error logging 2019-11-19 15:26:45 +01:00
Lennart Poettering
805f2df11f login: port tables over to use TABLE_UID/TABLE_PID 2019-11-19 12:11:06 +01:00