1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

64198 Commits

Author SHA1 Message Date
Daan De Meyer
d404c8d887 nspawn: Don't follow /etc/resolv.conf symlinks
When we're checking if /etc/resolv.conf exists so we can bind mount
on top of it, we care about whether the symlink itself exists if
/etc/resolv.conf exists and not the file it points to, so add
CHASE_NOFOLLOW to make sure we check existence of the symlink and
not the file it points to.
2023-04-24 18:14:12 +02:00
Lennart Poettering
906dff812e pid1: simplify bpf meson import 2023-04-24 17:10:08 +02:00
Lennart Poettering
4d3ef2d1a2 meson: move bpf hookup into main meson build file
This way we can use it in systemd-userdbd later on, too.
2023-04-24 17:10:08 +02:00
Luca Boccassi
33054db730 man: fix LogControl1 manpage example
Follow-up for c6b8fffdfa
2023-04-24 14:45:10 +02:00
Luca Boccassi
a2dd39b4cb pam: cache sd-bus separately per module
sd-bus connection is cached by the two pam modules globally, but this
can lead to issues due to hashmaps (used by sd-bus) using a global
static variable for the shared hash key, which is different per module
as both modules are loaded in the same process.

This happens because the sd-bus object is create in one module, but
used in the other, so global state does not match.

Use a different pam cache identifier for the sd-bus pointer, so that
each module uses a different sd-bus connection as a workaround.

Fixes https://github.com/systemd/systemd/issues/27216
Fixes https://github.com/systemd/systemd/issues/17266
2023-04-24 14:18:50 +02:00
Luca Boccassi
db0c0f5e00 pam_systemd_home: clean up sd-bus when called about something else's user
acquire_home() takes a reference to a sd-bus object, which the open_session
hook cleans on success. But only when handling a user actually owned by homed,
it did not clean it up when skipping because it is being invoked on a system
user.
We need to be careful with sd-bus here as pam_sm_open_session is the last
hook before forking, and we want to clean up sd-bus before that happens, or
we'll have a broken reference (FDs are cloexec) in the child process, which
will then assert when attempting to close them, or leak the bus connection
which causes dbus to complain loudly:

 dbus-daemon[62]: [system] Connection has not authenticated soon enough, closing it (auth_timeout=30000ms, elapsed: 30020ms)
2023-04-24 14:18:22 +02:00
Franck Bui
3c7012cdda localed-util: make use of strdupcspn() 2023-04-24 14:12:58 +02:00
Daan De Meyer
d5ada52fc4
Merge pull request #27367 from bluca/mkosi_resolve
mkosi: add tmpfiles to handle locale/resolve.conf in Debian
2023-04-24 13:03:58 +02:00
Zbigniew Jędrzejewski-Szmek
3539b3a9f1
Merge pull request #27357 from bluca/example_logcontrol
man: add working example to LogControl1 manpage
2023-04-24 12:24:36 +02:00
Luca Boccassi
54e4b42fde stub: add comment on measurement of io.systemd.stub.kernel-cmdline-extra 2023-04-24 11:04:50 +01:00
Luca Boccassi
48df882c7f mkosi: add tmpfiles to create debian/ubuntu /etc/default/locale link 2023-04-24 10:47:29 +01:00
Luca Boccassi
0b5382ed03 mkosi: move debian/ubuntu ignore preset to config directory 2023-04-24 10:46:39 +01:00
Luca Boccassi
6f9b70fc69 mkosi: move debian/ubuntu common conf under common directory 2023-04-24 10:44:42 +01:00
Luca Boccassi
7cd64af54d mkosi: delete /etc/resolv.conf to let tmpfiles handle it
In case the distribution creates or ships resolv.conf, delete it and let tmpfiles handle it
2023-04-24 10:30:19 +01:00
Daan De Meyer
f997f91d7d mkosi: Update to latest
Let's use the new support for matching against any distribution in
a list of distributions to start sharing most things between the
ubuntu/debian configs and centos/fedora configs.
2023-04-24 10:56:55 +02:00
Zbigniew Jędrzejewski-Szmek
a1e5bd2066 testsuite-04: remove unnecessary conditional 2023-04-24 10:06:59 +02:00
Zbigniew Jędrzejewski-Szmek
f65c2f5214 testsuite-04: remove redirection, drop whitespace after redirection op 2023-04-24 10:06:59 +02:00
Zbigniew Jędrzejewski-Szmek
2ed7a221fa run: expand variables also with --scope
This makes syntax be the same for commands which are started by the manager and
those which are spawned directly (when --scope is used).

Before:
$ systemd-run -q -t echo '$TERM'
xterm-256color

$ systemd-run -q --scope echo '$TERM'
$TERM

Now:
$ systemd-run -q --scope echo '$TERM'
xterm-256color

Previous behaviour can be restored via --expand-environment=no:
$ systemd-run -q --scope --expand-environment=no echo '$TERM'
$TERM

Fixes #22948.

At some level, this is a compat break. Fortunately --scope is not very widely
used, so I think we can get away with this. Having different syntax depending
on whether --scope was used or not was bad UX.

A NEWS entry will be required.
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
de99fadd31 man/systemd-run: add examples explaining how variable expansion is performed 2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
f872ddd182 run: add --expand-environment=no to disable server-side envvar expansion
This uses StartExecEx to get the equivalent of ExecStart=:. StartExecEx was
added in b3d593673c, so this will not work with
older systemds.

A hint is emitted if we get an error indicating lack of support. PID1 returns
SD_BUS_ERROR_PROPERTY_READ_ONLY, but I'm checking for
SD_BUS_ERROR_UNKNOWN_PROPERTY too for safety.
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
b58026bddc run: split out creation of unit creation messages
Just refactoring, in preparation for future changes.
(Though I think it'd be reasonable to do anyway, those functions were
awfully long.)

'git diff' displays this badly. The middle part of start_transient_service()
is moved to make_transient_service_unit(), and the middle part of
start_transient_trigger() is moved to make_transient_trigger_unit().
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
ac9a75d05e run: simplify returning of status
start_transient_service() would return two ints: one normally and one via
*retval. We can just return one int and propagate it directly, because we
use DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE().
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
0a27d86a3f core: fix writing of ExecStartEx and friends
The property name is called ExecStartEx, but we have to write it as ExecStart=
in the unit file. :(
Bug introduced in b3d593673c when ex-properties
were initially added.

In addition, we cannot escape $ as $$, because when ":" is used, we wouldn't
unescape $$ back to $.
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
8c41640a71 core/unit: add UNIT_ESCAPE_EXEC_SYNTAX
Unfortunately we can't escape $ when ':' is used to prohibit variable expansion:
  ExecStart=:echo $$
is not the same as
  ExecStart=:echo $

This just adds the functionality and the unittests, without using it anywhere
for real yet.
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
f3af629050 core/unit: rename UNIT_ESCAPE_EXEC_SYNTAX → *_ENV
In preparation for future changes.
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
e7416db183 core/unit: fix shell-escaping of strings
Our escaping of '$' is '$$', not '\$'. We would write unit files that
were not valid:
  $ systemd-run --user bash -c 'echo $$; sleep 1000'
  Running as unit: run-r1c7c45b5b69f487c86ae205e12100808.service
  $ systemctl cat --user run-r1c7c45b5b69f487c86ae205e12100808
  # /run/user/1000/systemd/transient/run-r1c7c45b5b69f487c86ae205e12100808.service
  ...
  ExecStart="/usr/bin/bash" "-c" "echo \$\$\; sleep 1000"

  $ systemd-analyze verify /run/user/1000/systemd/transient/run-r1c7c45b5b69f487c86ae205e12100808.service
  /run/user/1000/systemd/transient/run-r1c7c45b5b69f487c86ae205e12100808.service:7:
    Ignoring unknown escape sequences: "echo \$\$\; sleep 1000"

Similarly, ';' cannot be escaped as '\;'. Only a handful of characters
listed in "Supported escapes" is allowed.

Escaping of "'" can be done, but it's not useful because we use double quotes
around the string anyway whenever we do escaping.

unit_write_setting() is called all over the place. In a great majority of
places we write either fixed strings or something that we generate ourselves,
so no escaping or quoting is needed. (And it's not allowed, e.g.
'Type="oneshot"' would not work.)  But if we forgot to add escaping or quoting
for a free-style string, it would probably allow writing a unit file that would
be read completely wrong. I looked over various places where
unit_write_setting() is called, and I couldn't find any place where
quoting/escaping was forgotten. But trying to figure out the full
ramifications of this change is not easy.
2023-04-24 10:02:30 +02:00
Zbigniew Jędrzejewski-Szmek
a12bc99ef0 basic/logarithm: add popcount() wrapper
__builtin_popcount() is a bit of a mouthful, so let's provide a helper.
Using _Generic has the advantage that if a type other then the ones on
the list is given, compilation will fail. This is nice, because if by any
change we pass a wider type, it is rejected immediately instead of being
truncated.

log.h is also needed. It is included transitively, but let's include it
directly.

macro.h is *not* needed.
2023-04-24 10:02:30 +02:00
07416
f6e94c5f7d
a colloquial abbreviation 'btw' in TEMPORARY_DIRECTORIES.md (#27365)
* Update TEMPORARY_DIRECTORIES.md
2023-04-23 10:48:17 +01:00
Luca Boccassi
f0f7cbd488 man: clarify sd_bus_default
It picks the bus based on the cgroup slice.
2023-04-22 17:41:17 +01:00
Luca Boccassi
c6b8fffdfa man: add working example to LogControl1 manpage
Add fully working and documented example that can be copied and pasted
2023-04-22 17:41:17 +01:00
Daan De Meyer
750d9859c1 sulogin-shell: Start initrd.target on exit in the initrd
sulogin is documented to continue booting up on exit. To do that
in the initrd, we need to start initrd.target and not default.target.
2023-04-21 16:46:06 +02:00
Lennart Poettering
b676a94837
Merge pull request #27352 from poettering/devnum-more
devnum-util: port more things over
2023-04-21 16:45:51 +02:00
David Tardon
596b44b178 test: use _cleanup_ for temp. files 2023-04-21 16:44:05 +02:00
David Tardon
925c51d95c test-fdset: use _cleanup_ 2023-04-21 16:29:15 +02:00
David Tardon
39dcab9062 test: shorten a bit 2023-04-21 16:29:15 +02:00
Daan De Meyer
fe42438427 mkosi: Use authselect minimal if authselect is installed
We dropped this logic from mkosi itself, so let's configure it in
our postinst script instead. We also enable the with-homed feature
if we can find it. It doesn't exist for the minimal profile yet,
but might be added in the future.
2023-04-21 14:05:32 +02:00
Luca Boccassi
2f39220e7c mkosi: remove ?priority(required) from debian pkg list
Requires apt 2.3.10 which is not available in stable, and also doesn't
seem necessary, same packages are installed anyway
Add tzdata manually, as that doesn't seem to be pulled in via the CI.
2023-04-21 13:43:49 +02:00
Lennart Poettering
4560d99e5e tre-wide: use FORMAT_DEVNUM() a bit more 2023-04-21 12:45:49 +02:00
Lennart Poettering
67458536af tree-wide: convert more cases do DEVNUM_FORMAT_STR()/DEVNUM_FORMAT_VAL()
Let's use our nice macros a bit more.

(Not comprehensive)
2023-04-21 12:41:15 +02:00
Luca Boccassi
21453b8b4b
Merge pull request #27349 from mrc0mmand/codespell
tree-wide: code spelling fixes
2023-04-20 22:02:17 +01:00
Frantisek Sumsal
7c782513e5 README: add a Weblate badge 2023-04-20 22:06:28 +02:00
Frantisek Sumsal
94d82b5980 tree-wide: code spelling fixes
As reported by Fossies.
2023-04-20 21:54:59 +02:00
Zbigniew Jędrzejewski-Szmek
08c2f9c626 detect-virt: add message at debug level
Normal users do not have permissions to access /proc/1/root, so
'systemd-detect-virt -r' fails, but the output, even at debug level
is cryptic:

$ SYSTEMD_LOG_LEVEL=debug build/systemd-detect-virt -r
Failed to check for chroot() environment: Permission denied

Let's make this a bit easier to figure out:

$ SYSTEMD_LOG_LEVEL=debug build/systemd-detect-virt -r
Cannot stat /proc/1/root: Permission denied
Failed to check for chroot() environment: Permission denied

I looked over other users of files_same(), and I think in general the message
at debug level is OK for them too.
2023-04-21 03:20:24 +08:00
Gustavo Noronha Silva
6b8e90545e Apply known iocost solutions to block devices
Meta's resource control demo project[0] includes a benchmark tool that can
be used to calculate the best iocost solutions for a given SSD.

  [0]: https://github.com/facebookexperimental/resctl-demo

A project[1] has now been started to create a publicly available database
of results that can be used to apply them automatically.

  [1]: https://github.com/iocost-benchmark/iocost-benchmarks

This change adds a new tool that gets triggered by a udev rule for any
block device and queries the hwdb for known solutions. The format for
the hwdb file that is currently generated by the github action looks like
this:

  # This file was auto-generated on Tue, 23 Aug 2022 13:03:57 +0000.
  # From the following commit:
  # ca82acfe93
  #
  # Match key format:
  # block:<devpath>:name:<model name>:

  # 12 points, MOF=[1.346,1.346], aMOF=[1.249,1.249]
  block:*:name:HFS256GD9TNG-62A0A:fwver:*:
    IOCOST_SOLUTIONS=isolation isolated-bandwidth bandwidth naive
    IOCOST_MODEL_ISOLATION=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_ISOLATION=rpct=0.00 rlat=8807 wpct=0.00 wlat=59023 min=100.00 max=100.00
    IOCOST_MODEL_ISOLATED_BANDWIDTH=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_ISOLATED_BANDWIDTH=rpct=0.00 rlat=8807 wpct=0.00 wlat=59023 min=100.00 max=100.00
    IOCOST_MODEL_BANDWIDTH=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_BANDWIDTH=rpct=0.00 rlat=8807 wpct=0.00 wlat=59023 min=100.00 max=100.00
    IOCOST_MODEL_NAIVE=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_NAIVE=rpct=99.00 rlat=8807 wpct=99.00 wlat=59023 min=75.00 max=100.00

The IOCOST_SOLUTIONS key lists the solutions available for that device
in the preferred order for higher isolation, which is a reasonable
default for most client systems. This can be overriden to choose better
defaults for custom use cases, like the various data center workloads.

The tool can also be used to query the known solutions for a specific
device or to apply a non-default solution (say, isolation or bandwidth).

Co-authored-by: Santosh Mahto <santosh.mahto@collabora.com>
2023-04-20 16:45:57 +02:00
Lennart Poettering
18010d394b
Merge pull request #27327 from DaanDeMeyer/hotplug
kmod-setup: Add early loading for virtio_console
2023-04-20 16:34:12 +02:00
Daan De Meyer
a93aaede29 kmod-setup: Add early loading for virtio_console
getty-generator enables serial-getty@.service for virtualizer consoles
that it can find in /sys/class/tty. To make sure this works for
virtio consoles, let's make sure we load the module is loaded early
so that the /sys/class/tty/hvc0 exists before we run getty-generator.
2023-04-20 13:43:37 +02:00
Daan De Meyer
d2f57745d5 core: Parse logging environment earlier
Let's make sure we parse the logging environment ASAP so that the
options apply to more code. e.g. to allow debugging kmod-setup.c
for example.
2023-04-20 13:43:37 +02:00
Daan De Meyer
e1d8f702a2 kmod-setup: Introduce match_modalias_recurse_dir_cb()
Let's make the logic around matching a modalias a bit more generic.
2023-04-20 13:43:37 +02:00
Daan De Meyer
70cc7ed97e string-util: Add startswith_strv()
This is the function version of STARTSWITH_SET(). We also move
STARTSWITH_SET() to string-util.h as it fits more there than in
strv.h and reimplement it using startswith_strv().
2023-04-20 13:43:37 +02:00
Daan De Meyer
85003d1296 mkosi: Disable kmsg ratelimiting 2023-04-20 13:43:37 +02:00