1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

8963 Commits

Author SHA1 Message Date
nerdopolis
952b26c75d login: Add a new SecureAttentionKey dbus signal when Ctrl+Alt+Shift+Esc is pressed 2024-06-24 22:29:38 +02:00
Mike Yuan
c53580bf2e
Merge pull request #33401 from yuwata/journal-revert-source-boottime-timestamp
journal: partially revert recent changes
2024-06-24 15:34:16 +02:00
Diego Viola
a78394a49a man: fix double is typo in systemd-tmpfiles
Signed-off-by: Diego Viola <diego.viola@gmail.com>
2024-06-22 17:06:26 +09:00
Mike Yuan
9d50d053f3
core: expose PrivateTmp=disconnected
As discussed in https://github.com/systemd/systemd/pull/32724#discussion_r1638963071

I don't find the opposite reasoning particularly convincing.
We have ProtectHome=tmpfs and friends, and those can be
pretty much trivially implemented through TemporaryFileSystem=
too. The new logic brings many benefits, and is completely generic,
hence I see no reason not to expose it. We can even get more tests
for the code path if we make it public.
2024-06-21 17:31:44 +02:00
Mike Yuan
c3662116b9
man/org.freedesktop.systemd1: Status{Bus,Varlink}Error belongs to Service, not Scope
Follow-up for 9c025022d9

Ugh, shouldn't have done this bit when I was sleepy...
2024-06-21 16:47:28 +02:00
Lennart Poettering
d42edbf1b8
Merge pull request #33430 from YHNdnzj/buserror-notify
core/service: store BUSERROR= & VARLINKERROR= received and show them through systemctl status
2024-06-20 23:05:32 +02:00
Mike Yuan
9c025022d9
core/service: store BUSERROR= & VARLINKERROR= received through notification
Closes #6073
2024-06-20 19:03:44 +02:00
Lennart Poettering
da213bb5c0 varlinkctl: add --graceful= option for optionally marking some errors as successes
This is generally useful, but in some cases particularly: when
implementing enumeration calls that use the "more" flag to return
multiple replies then for the first reply we need to return an error in
case the list of objects to enumerate is empty, usually so form of
"NoSuchXYZ" error. In many cases this shouldn't really be treated as
error, as an empty list probably more than not is as valid as a list
with one, two or more entries.
2024-06-20 18:20:09 +02:00
Ludwig Nussel
0e10c3d872 logind: implement maintenance time
Update frameworks that work automatically in the background
occasionally need to schedule reboots. Systemd-logind already
provides a nice mechanism to schedule shutdowns, send notfications
and block logins short before the time. Systemd has a framework for
calendar events, so we may conveniently use logind to define a
maintenance time for reboots.

The existing ScheduleShutdown DBus method in logind expects a usec_t
with an absolute time. Passing USEC_INFINITY as magic value now tells
logind to take the time from the configured maintenance time if set.

"shutdown -r" leverages that and uses the maintenance time
automatically if configured. The one minute default is still used if
nothing was specified.

Similarly the new 'auto' setting for the --when parameter of systemctl
uses the maintenance time if configured or a one minute timer like the
shutdown command.
2024-06-20 14:37:42 +02:00
Kamil Szczęk
e262205eb7 cryptenroll: support for enrolling FIDO2 tokens in manual mode
systemd-cryptsetup supports a FIDO2 mode with manual parameters, where
the user provides all the information necessary for recreating the
secret, such as: credential ID, relaying party ID and the salt. This
feature works great for implementing 2FA schemes, where the salt file
is for example a secret unsealed from the TPM or some other source.
While the unlocking part is quite straightforward to set up, enrolling
such a keyslot - not so easy. There is no clearly documented
way on how to set this up and online resources are scarce on this topic
too. By implementing a straightforward way to enroll such a keyslot
directly from systemd-cryptenroll we streamline the enrollment process
and reduce chances for user error when doing such things manually.
2024-06-20 14:26:24 +02:00
Ludwig Nussel
8ce171bf51 bootctl: add --random-seed=yes/no 2024-06-20 14:26:13 +09:00
Diego Viola
11b46dc117 man: fix typo in systemd-tmpfiles
Signed-off-by: Diego Viola <diego.viola@gmail.com>
2024-06-20 13:02:06 +09:00
Antonio Alvarez Feijoo
111f988992 kernel-install: correct the place where it works in man and help text 2024-06-20 03:01:22 +09:00
Maximilian Wilhelm
163bb43cea man/systemd.exec: list inaccessible files for ProtectKernelTunables 2024-06-20 03:00:59 +09:00
Yu Watanabe
3176c78e68
Merge pull request #32868 from keszybz/more-whomification
Fix confusion between killer and prey
2024-06-20 02:59:14 +09:00
Yu Watanabe
9545f643bb man: drop reference to _SOURCE_MONOTONIC_TIMESTAMP=
The timestamp is broken at least now. We should not advertise it.
2024-06-20 00:10:12 +09:00
Zbigniew Jędrzejewski-Szmek
cd2fb04960 Fix confusion between killer and prey
"who" is the entity doing the killing, "whom" is the target.
Follow-up for 4ccde410a3.
2024-06-19 16:22:23 +02:00
pyfisch
051d462b42 Use consistent spelling of systemd.condition_first_boot argument 2024-06-19 09:01:35 +02:00
Mike Yuan
fd41dfc135 man/systemd.journal-fields: document _SOURCE_{MONOTONIC,BOOTTIME}_TIMESTAMP
Follow-up for a9357c2ce2
2024-06-19 14:50:02 +09:00
Lennart Poettering
c142a8fbcb man: suffix tmpfiles.d with /, as per coding style 2024-06-18 14:46:00 +01:00
Lennart Poettering
41064a3c97 tmpfiles: insist on at least one configuration file being specified on --purge
Also, extend the man page explanation substantially, matching more
closely what --create says.

Fixes: #33349
2024-06-18 14:45:59 +01:00
Luca Boccassi
fcbe3e3b2e
Merge pull request #32724 from bluca/dynamic_user_no_private_tmp
core: do not imply PrivateTmp with DynamicUser, create a private tmpfs instead
2024-06-18 00:11:11 +01:00
Luca Boccassi
0e551b04ef core: do not imply PrivateTmp with DynamicUser, create a private tmpfs instead
DynamicUser= enables PrivateTmp= implicitly to avoid files owned by reusable uids
leaking into the host. Change it to instead create a fully private tmpfs instance
instead, which also ensures the same result, since it has less impactful semantics
with respect to PrivateTmp=yes, which links the mount namespace to the host's /tmp
instead. If a user specifies PrivateTmp manually, let the existing behaviour
unchanged to ensure backward compatibility is not broken.
2024-06-17 17:05:55 +01:00
Mike Yuan
d4d90ef900
Merge pull request #33214 from keszybz/system-clock-epoch
Rework the setting and description of system clock to the epoch
2024-06-16 17:42:47 +02:00
Mike Yuan
b5c8cc0a3b man,units: drop "temporary" from description of systemd-tmpfiles
Historically, systemd-tmpfiles was designed to manager temporary
files, but nowadays it has become a generic tool for managing
all kinds of files. To avoid user confusion, let's remove "temporary"
from the tool's description.

As discussed in #33349
2024-06-15 19:08:35 +02:00
Zbigniew Jędrzejewski-Szmek
863098fdc9 man: describe setting of the clock by systemd and systemd-timesyncd
The setting of systemd clock is important and deserves an accurate description,
see for example:
https://discussion.fedoraproject.org/t/f38-to-f39-40-dnf-system-upgrade-can-fail-on-raspberry-pi/92403
https://bugzilla.redhat.com/show_bug.cgi?id=2242759

The meat of the description was in systemd-timesyncd.service(8), but
actually it's systemd that sets the clock. In particular, systemd-timesyncd
doesn't know anything about /usr/lib/clock-epoch, and since systemd sets
the clock to the epoch when initializing, systemd-timesyncd would only
get to advance the clock to the epoch under special circumstances.
Also, systemd-timesyncd is an optional component, so we can't even rely
on its man page being installed in all circumstances. The description needs
to be moved to systemd(1).

The description is updated to describe the changes that were made in
previous commits.
2024-06-15 16:58:11 +02:00
Nick Rosbrook
9ebcac3b51 man: add a bit of a warning to systemd-tmpfiles --purge
Mention that by default, /home is managed by tmpfiles.d/home.conf, and
recommend that users run systemd-tmpfiles --dry-run --purge first to
see exactly what will be removed.
2024-06-15 00:00:53 +01:00
Luca Boccassi
a2979bb842
Merge pull request #33046 from poettering/varlinkctl-quiet
varlinkctl: add --quiet/-q switch for suppressing method call reply output
2024-06-13 16:17:17 +01:00
Kamil Szczęk
d5fa6e6ca7 cryptsetup: manual FIDO2 PIN, UP and UV configuration
When in FIDO2 mode with manual parameters, i.e. when not reading the
parameters off the LUKS2 header, the current behavior in regards to PIN,
UP and UV features is to default to v248 logic, where we use PIN + UP
when needed, and do not configure UV at all. Let's allow users to
configure those features in manual mode too.
2024-06-13 13:50:39 +02:00
Lennart Poettering
cd4e9166bb varlinkctl: add "-q" switch for suppressing varlinkctl output 2024-06-13 11:30:52 +02:00
Lennart Poettering
16cfe84c24 varlinkctl: add new list-methods verb
For putting together "varlinkctl call" command lines it's useful to
quickly enumerate all methods implemented by a service. Hence, let's add
a new "list-methods" which uses the introspection data of a service to
quickly list methods.

This is implemented as a special flavour of the "introspect" logic,
and just suppresses all output except for the method names.
2024-06-13 09:37:15 +02:00
Lennart Poettering
2475b0e81a varlinkctl: make interface argument to "introspect" optional, and allow more than one
let's make it easier to use the introspection functionality of
"varlinkctl": if no interface name is shown, display the introspection
data of all available interfaces. Moreover, allow that multiple
interfaces can be listed, in which case we enumerate them all.

This relieves the user from having to list interfaces first in order to
find the ones which to introspect.
2024-06-13 09:35:23 +02:00
Lennart Poettering
86d754050b man: add brief intro page to new sd-json APIs 2024-06-12 18:42:22 +02:00
Lennart Poettering
8c5045f9b2 analyze: add verb for dumping SMBIOS Type #11 data
I find myself wanting to check this data with a quick command, and
browsing through /sys/ manually getting binary data sucks. Hence let's
do add a nice little analysis tool.
2024-06-12 12:48:28 +02:00
Дамјан Георгиевски
d357f129b2 vsock-mux ssh proxy
allow the ssh-proxy to connect to cloud-hypervisor/Firecracker guests,
via their unix-domain socket to AF_VSOCK multiplexer:

https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md
https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md
2024-06-12 18:36:21 +09:00
Yu Watanabe
f7da67db58
Merge pull request #32720 from poettering/hostnamed-no-varlink-exit-on-idle
hostnamed: exit-on-idle tweaks
2024-06-12 18:25:24 +09:00
Matthieu Baerts (NGI0)
3f69070598 core/socket: allow MPTCP protocol
Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension
that enables a TCP connection to use different paths. It allows a device
to make use of multiple interfaces at once to send and receive TCP
packets over a single MPTCP connection. MPTCP can aggregate the
bandwidth of multiple interfaces or prefer the one with the lowest
latency, it also allows a fail-over if one path is down, and the traffic
is seamlessly re-injected on other paths.

To benefit from MPTCP, both the client and the server have to support
it. Multipath TCP is a backward-compatible TCP extension that is enabled
by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...).
Multipath TCP is included in the Linux kernel since version 5.6 [2]. To
use it on Linux, an application must explicitly enable it when creating
the socket:

  int sd = socket(AF_INET(6), SOCK_STREAM, IPPROTO_MPTCP);

No need to change anything else in the application.

This patch allows MPTCP protocol in the Socket unit configuration. So
now, a <unit>.socket can contain this to use MPTCP instead of TCP:

  [Socket]
  SocketProtocol=mptcp

MPTCP support has been allowed similarly to what has been already done
to allow SCTP: just one line in core/socket.c, a very simple addition
thanks to the flexible architecture already in place.

On top of that, IPPROTO_MPTCP has also been added in the list of allowed
protocols in two other places, and in the doc. It has also been added to
the missing_network.h file, for systems with an old libc -- note that it
was also required to include <netinet/in.h> in this file to avoid
redefinition errors.

Link: https://www.rfc-editor.org/rfc/rfc8684.html [1]
Link: https://www.mptcp.dev [2]
2024-06-12 00:14:08 +01:00
Kamil Szczęk
608bfe76c1 core: populate $REMOTE_ADDR for AF_UNIX sockets
Set the $REMOTE_ADDR environment variable for AF_UNIX socket connections
when using per-connection socket activation (Accept=yes). $REMOTE_ADDR
will now contain the remote socket's file system path (starting with a
slash "/") or its address in the abstract namespace (starting with an
at symbol "@").

This information is essential for identifying the remote peer in AF_UNIX
socket connections, but it's not easy to obtain in a shell script for
example without pulling in a ton of additional tools. By setting
$REMOTE_ADDR, we make this information readily available to the
activated service.
2024-06-12 00:11:10 +01:00
Lennart Poettering
48ce0824dc sd-bus: add new sd_bus_pending_method_calls() call 2024-06-11 23:17:38 +01:00
Zbigniew Jędrzejewski-Szmek
7b529bfc47 man: document that separate /usr/local/ must not be used for config
Since we document /usr/local/lib/systemd/ and other paths for various things,
add notes that this is not supported if /usr/local is a separate partition. In
systemd.unit, I tried to add the footnote in the table where
/usr/local/lib/systemd/ is listed, but that get's rendered as '[sup]a[/sup]'
with a mangled footnote at the bottom of the table :( .

Also, split paragraphs in one place where the subject changes without any
transition.

Follow-up for 02f35b1c90.
Replaces https://github.com/systemd/systemd/pull/33231.
2024-06-11 18:02:31 +01:00
Zbigniew Jędrzejewski-Szmek
6eddfeebdb man/systemd-soft-reboot.service: upgrade drop-in to unit file for slice
Follow-up for d91c7c91bf.
Closes https://github.com/systemd/systemd/issues/33260.
2024-06-11 10:36:50 +01:00
Luca Boccassi
d91c7c91bf man: note that templated surviving units need a drop-in for their slice
As reported on the mailing list, this is non-obvious, so document it.

https://lists.freedesktop.org/archives/systemd-devel/2024-June/050351.html
2024-06-07 12:33:18 +01:00
Jörg Behrmann
02f35b1c90 man: document /usr/local/lib in search paths 2024-06-06 12:07:08 +02:00
Zbigniew Jędrzejewski-Szmek
f11aaf7dfb man/systemd: reorder content a bit
Section "Description" didn't actually say what systemd does. And we had a giant
"Concepts" section that actually described units types and other details about
them. So let's move the basic description of functionality to "Description" and
rename the following section to "Units".

The link to the Original Design Document is moved to "See Also", it is of
historical interest mostly at this point.

The only actual change is that when talking about API filesystems, /dev is also
mentioned. (I think /sys+/proc+/dev are the canonical set and should be always
listed on one breath.)
2024-06-05 14:34:12 +02:00
hanjinpeng
9246d16d3d man: mention that ExecCondition= in COMMAND LINES section for systemd.service 2024-06-02 09:23:12 +09:00
Yu Watanabe
4ccaf512d7 man: fix typo
Follow-up for d24ceef937.
2024-06-01 14:42:19 +09:00
Yu Watanabe
d24ceef937 man: mention that IPMasquerade= and IPv6SendRA= implies IPv4Forwarding=/IPv6Forwarding=
It has been mentioned in IPv4Forwarding= and IPv6Forwarding=,
but let's also explain in the settings who imply these settings.

Follow-up for 3976c43092 and
485f5148b3.
2024-05-30 10:20:33 +02:00
Zbigniew Jędrzejewski-Szmek
b95914f4b0 man: capsule support was added in v256
The version info added directly to --capsule. If we add the
same switch in other places in the future, we will have to move
this.

Closes https://github.com/systemd/systemd/issues/33048.
2024-05-28 16:30:54 +02:00
Zbigniew Jędrzejewski-Szmek
75ced6d5ee various: update links to usr-merge 2024-05-28 14:48:56 +02:00
Zbigniew Jędrzejewski-Szmek
a37454bd90 man: update links to "API File Systems" 2024-05-28 14:48:56 +02:00
Zbigniew Jędrzejewski-Szmek
d5c17aceb3 various: update links to more wiki pages 2024-05-28 14:48:53 +02:00
Zbigniew Jędrzejewski-Szmek
5507480cf4 man: update links to "Inhibitor Locks" 2024-05-28 14:48:53 +02:00
Zbigniew Jędrzejewski-Szmek
b346d72c79 man: update links to "Compatibility with SysV" 2024-05-28 14:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
f81af0b082 man: update links to "New Control Group Interfaces" 2024-05-28 14:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
03d35b5d18 man: update links to catalog docs 2024-05-28 14:46:44 +02:00
Mike Yuan
8d4fa6531b man/run0: remove @ syntax for --machine=
For run0 (as opposed to systemd-run in general), connecting to
the system bus (of localhost or container) as a different user
than root and then trying to elevate privilege from that
makes little sense:
https://github.com/systemd/systemd/issues/32997#issuecomment-2127992973

The @ syntax is mostly useful when connecting to the user bus,
which is not a use case for run0. Hence, let's remove the example.
The syntax will be properly refused in #32999.
2024-05-27 09:40:47 +09:00
Mike Yuan
006c02b371 man/run0: remove -M alias for --machine=
run0 doesn't know about the former.
2024-05-27 09:40:47 +09:00
Yu Watanabe
4c42df8166 man: update machine-id-setup(1)
- mention that /run/machine-id is used if exist.
- mention system.machine_id credential,
- credential, VM uuid, and container uuid are not read when --root=
  is specified or running in a chroot environment.
2024-05-25 02:13:00 +09:00
Luca Boccassi
5f5ee2eb07 man: mention that NFTSet is only available for system services 2024-05-24 11:21:04 +02:00
Yu Watanabe
a328b24edd man: swap the order of soft-reboot.service and .target
Follow-up for the previous revert commit.
2024-05-23 00:08:14 +09:00
Mike Yuan
d73a47d259
man/systemd-run: beef up info regarding interaction between --pty, --pipe, and --wait 2024-05-21 21:40:01 +08:00
Zbigniew Jędrzejewski-Szmek
fc0bb7ccc7 logind: make ReleaseSession "unprivileged" and allow closing of own session
Fixes https://github.com/systemd/systemd/issues/28514.

Quoting https://github.com/systemd/systemd/issues/28514#issuecomment-1831781486:
> Whenever PAM is enabled for a service, we set up the PAM session and then
> fork off a process whose only job is to eventually close the PAM session when
> the service dies. That services we run with service privileges, both to
> minimize attack surface and because we want to use PR_SET_DEATHSIG to be get
> a notification via signal whenever the main process dies. But that only works
> if we have the same credentials as that main process.
>
> Now, if pam_systemd runs inside the PAM stack (which it normally does) it's
> session close hook will ask logind to synchronously end the session via a bus
> call. Currently that call is not accessible to unprivileged clients. And
> that's the part we need to relax: allow users to end their own sessions.

The check is implemented in a way that allows the kill if the sender is in
the target session.

I found 'sudo systemctl --user -M "zbyszek@" is-system-running' to
be a convenient reproducer.

Before:
May 16 16:25:26 x1c systemd[1]: run-u24754.service: Deactivated successfully.
May 16 16:25:26 x1c dbus-broker[1489]: A security policy denied :1.24757 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1.
May 16 16:25:26 x1c (sd-pam)[3036470]: pam_systemd(login:session): Failed to release session: Access denied
May 16 16:25:26 x1c systemd[1]: Stopping session-114.scope...
May 16 16:25:26 x1c systemd[1]: session-114.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd[1]: Stopped session-114.scope.
May 16 16:25:26 x1c systemd[1]: session-c151.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd-logind[1513]: Session c151 logged out. Waiting for processes to exit.
May 16 16:25:26 x1c systemd-logind[1513]: Removed session c151.
After:
May 16 17:02:15 x1c systemd[1]: run-u24770.service: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopping session-115.scope...
May 16 17:02:15 x1c systemd[1]: session-c153.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: session-115.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopped session-115.scope.
May 16 17:02:15 x1c systemd-logind[1513]: Session c153 logged out. Waiting for processes to exit.
May 16 17:02:15 x1c systemd-logind[1513]: Removed session c153.

Edit: this seems to also fix https://github.com/systemd/systemd/issues/8598.
It seems that with the call to ReleaseSession, we wait for the pam session
close hooks to finish. I inserted a 'sleep(10)' after the call to ReleaseSession
in pam_systemd, and things block on that, nothing is killed prematurely.
2024-05-20 20:59:15 +02:00
drewbug
2fa7626e18
man: fix grammar for Name= option in systemd.link 2024-05-20 11:11:22 +01:00
Yu Watanabe
6da7485176 man: refer FailureAction= and SuccessAction= for explaining allowed values in JobTimeoutAction=
The allowed values are explained in FailureAction= and SuccessAction=,
rather than StartLimitAction=.
2024-05-18 02:51:34 +09:00
Yu Watanabe
2a2d9539f0 core: refuse invalid emergency actions for SuccessAction= and friends in user service manager
Especially, soft-reboot is not supported by user service manager.

Fixes a bug in 13ffc60749 and
3cf848f6cd.
2024-05-18 02:51:34 +09:00
Yu Watanabe
067857196c man: mention soft-reboot in bootup(7) 2024-05-18 02:51:24 +09:00
Mike Yuan
3acc318591 man/soft-reboot: order surviving services before shutdown.target
Prompted by #32895

Rather than ordering with each power operation targets,
ordering against shutdown.target which is a valid
synchronization point. This has no effect if soft-reboot
is being performed.
2024-05-17 16:49:58 +02:00
Zbigniew Jędrzejewski-Szmek
759e8fe7f6 man: add note about selinux to rc-local
This feature is deprecated, but if users use it, they are likely to be
tripped up by the wrong selinux context, so add a note.

https://discussion.fedoraproject.org/t/systemd-rc-local-service-doesnt-work-on-fedora-40-until-selinux-contexts-are-set-on-rc-local-script
2024-05-17 15:16:07 +02:00
Luca Boccassi
ad450ebab7 man: fix typo 'ot' -> 'or' 2024-05-15 14:19:01 +02:00
Luca Boccassi
93df5217b9 tree-wide: 'allows to' -> 'allows one to'
As flagged by Lintian
2024-05-14 18:33:27 +02:00
Yu Watanabe
6fe998037a man: fix typo
Follow-up for 7df0297ac5.
2024-05-14 18:12:30 +09:00
Yu Watanabe
13c8a3d926 man: add v257 tag
Even though v256-final is not released yet, let's v257 tag now to make
not PRs for v257 conflict with each other.
2024-05-13 19:53:51 +09:00
Daan De Meyer
82c2214539 debug-generator: Allow specifying name of unit-dropin credential
A fixed name is too rigid, let's give users the ability to define
custom drop-in names which at the same time also allows defining
multiple dropins per unit.

We use ~ as the separator because:
- ':' is not allowed in credential names
- '=' is used to separate credential from value in mkosi's --credential
  argument.
- '-' is commonly used in filenames
- '@' already has meaning as the unit template specifier which might be
  confusing when adding dropins for template units
2024-05-11 19:46:15 +02:00
Yu Watanabe
d0936a7266 journalctl: make --list-boots support -n/--lines= option
Also mention that -r/--reverse is supported by the command.
2024-05-10 11:43:57 +09:00
Luca Boccassi
7e10dfae96
Merge pull request #32689 from YHNdnzj/cred-missing
core/exec-credential: complain louder if inherited credential is missing
2024-05-09 13:21:44 +02:00
Colin Watson
566491c971 docs,man: Avoid some ambiguous uses of "may not"
Like much English text, the systemd documentation uses "may not" in the
sense of both "will possibly not" and "is forbidden to".  In many cases
this is OK because the context makes it clear, but in others I felt it
was possible to read the "is forbidden to" sense by mistake: in
particular, I tripped over "the target file may not exist" in
systemd.unit(5) before realizing the correct interpretation.

Use "might not" or "may choose not to" in these cases to make it clear
which sense we mean.
2024-05-08 17:14:32 +02:00
Luca Boccassi
867e2987a2
Merge pull request #32709 from bluca/machined_ssh
machined: add GetMachineSSHInfo method and varlink interface to register machines
2024-05-08 14:37:55 +02:00
Luca Boccassi
667fe27e5d
Merge pull request #32705 from YHNdnzj/hibernate-error
hibernate-util: differentiate some errors from the generic ENOSPC; systemctl: adjust the fallback behavior for sleep operations
2024-05-08 14:19:07 +02:00
MaxHearnden
bd96d63787 Use the correct name of CEL
It's Canonical Event Format, not Common
2024-05-08 13:34:07 +02:00
Sam Leonard
5b44c81ff8 machined: add varlink interface for registering machines
This commit adds the new varlink interface io.systemd.Machine at
/run/systemd/machine/io.systemd.Machine with a single method Register

It supports all combinations of RegisterMachine[WithSSH,WithNetwork] all
under the same method.
2024-05-08 11:54:31 +01:00
Sam Leonard
1f815bf164 machined: add GetMachineSSHInfo method
Also adds three properties:
- VsockCid: the VSOCK CID of the VM
- SshAddress: the address of the VM in a format SSH can connect to
- SshPrivateKeyPath: the path to the SSH private key to use to connect
  to the VM.

GetMachineSSHInfo is essentially a convenience method to query both the
SshAddress and SshPrivateKeyPath properties at once.
2024-05-08 09:56:42 +01:00
Mike Yuan
18303adcd3 man/run0: remove the --user example for --machine=
run0's --user= option is different from other tools,
and the whole point of run0 is to connect to the system
manager. So the example is spurious.
2024-05-08 10:08:53 +02:00
Mike Yuan
4f344de792
systemctl: do not fall back to StartUnit automatically for sleep operations
In the majority of cases, this is caused by
sleep_supported() returning error. Hence it's
very likely that it would fail again, so
the fallback is not really useful. Instead,
honor the --force option for these verbs.
2024-05-08 13:45:49 +08:00
Mike Yuan
6b34871f5d
core/exec-credential: complain louder if inherited credential is missing
Also document that a missing inherited credential
is not considered fatal.

Closes #32667
2024-05-07 22:02:42 +08:00
Zbigniew Jędrzejewski-Szmek
b36a3f0aea man: reword text and fix tense in description of sd_event_source_set_io_fd
Follow-up for 2fa480592d.
2024-05-07 08:53:58 +02:00
Luca Boccassi
72558b03d4 doc: mention that units can be masked via credentials 2024-05-07 08:17:25 +08:00
Kai Lueke
88b51ceb56 man: Remove OSConfig project mentioning for systemd-confext
The systemd-confext use case description was mentioning an OSConfig
project which won't say much to users. Also, it's good to call out that
systemd-confext provides a reliable way to manage configuration because
in contrast to other tools it will remove all old configuration files.
2024-05-06 10:54:15 +02:00
Thayne McCombs
7df0297ac5
man/run0: Describe environment variables set (#32622)
* man/run0: Describe environment variables set
2024-05-04 12:06:16 +01:00
anphir
78a529caa5 man: improve documentation about using resource-control options
According to the documentation in systemd.resource-control(5),
resource-control options may be used in mount, scope, service,
slice, socket and swap units.
While e.g. systemd.service(5) includes that information,
documentation for some other units does not.

The most problematic example is systemd.slice(5).
Its documentation states a slice unit may only contain [Install]
and [Unit] sections, while actually it may contain also a [Slice]
section with options from systemd.resource-control(5).
units/user/app.slice is an example of a slice unit having a [Slice]
section.
2024-05-03 11:36:56 +02:00
Sam Leonard
5cd6605737 vmspawn,man: move the varlistentry for -D into a variablelist
This is so that systemd.directives picks up the -D argument as being
supported by vmspawn.
2024-05-02 19:31:42 +02:00
Daan De Meyer
6be4dab095 systemctl: Implement --wait for kill command
TEST-26-SYSTEMCTL is racy as we call systemctl is-active immediately
after systemctl kill. Let's implement --wait for systemctl kill and
use it in TEST-26-SYSTEMCTL to avoid the race.
2024-05-01 09:40:32 +02:00
Mike Yuan
13e380b054
man/run0: fix typo (missing "by") 2024-05-01 14:43:32 +08:00
Daan De Meyer
123450e58e journal: Add journal.storage credential
In mkosi CI, we want persistent journals when running interactively
and runtime journals when running in CI, so let's add a credential
that allows us to configure which one to use.
2024-04-30 14:19:55 +02:00
Daan De Meyer
7a66f21556 core: Add systemd.crash_action= kernel command line argument
Required for integration tests to power off on PID 1 crashes. We
deprecate systemd.crash_reboot and related options by removing them
from the documentation but still parsing them.
2024-04-29 14:34:22 +02:00
Mike Yuan
119bc912a8
Merge pull request #32516 from YHNdnzj/core-cleanup
core: several cleanups
2024-04-27 19:43:27 +08:00
Mathias Lang
07b6924de4 networkd: Correct documentation for LinkLocalAddressing
LinkLocalAddressing accepts a boolean. This can be seen by looking at
`link_local_address_family_from_strong(cont char *s)` in
`src/network/netword-util.c#L102-108` which falls back to
`address_family_from_string`, defined two lines above (L100)
using `DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN`.
2024-04-27 12:55:12 +02:00
Dmitry V. Levin
c309b9e9c3 treewide: fix a few typos in NEWS, docs, comments, and log messages 2024-04-27 12:11:13 +02:00
Mike Yuan
45a36ecff9
man/systemd.exec: mount_switch_root uses pivot_root rather than chroot 2024-04-27 14:28:54 +08:00
Lennart Poettering
3c1d1ca146 manager: switch service unit type over to using new handoff timestamping logic
Also: rename Handover → Handoff. I think it makes it clearer that this
is not really about handing over any resources, but that the executor is
out off the game from that point on.
2024-04-25 13:40:41 +02:00
Mike Yuan
3cb7fc5fcb
man/systemd.journal-fields: add missing OBJECT_SYSTEMD_INVOCATION_ID 2024-04-25 01:12:27 +08:00
Luca Boccassi
c75c8a38b8 man: document service types that record ExecMainHandoverTimestamp
Follow-up for 93cb78aee2
2024-04-24 07:55:37 +02:00
Mike Yuan
844863c61e
core/manager: add unmerged-bin taint 2024-04-24 08:43:08 +08:00
Mike Yuan
ea81442892
core/manager: rearrange taint tags 2024-04-24 08:40:25 +08:00
Mike Yuan
2b28dfe6e6
core/manager: drop obsolete cgroup taint string
Wwe can't boot on systems without cgroup anyway
(even cgroup v1 will be gone pretty soon).
2024-04-24 08:39:29 +08:00
Luca Boccassi
5e1124b510
Merge pull request #32437 from keszybz/notify-fixups-split-out
Two fixups for sd-notify split out from #32093
2024-04-23 19:36:53 +02:00
Luca Boccassi
e1e81c0920
Merge pull request #32434 from poettering/cryptenroll-prefer-var
cryptenroll: prefer looking at /var/ instead of /
2024-04-23 18:45:43 +02:00
Simon Fowler
557c04a382 Add self-contained Python sd_notify example.
This complements the existing C example.
2024-04-23 17:03:01 +02:00
Lennart Poettering
8518f4a814 cryptenroll: default to block device backing /var/ rather than /
With 1df4b21abd we started to default to
enrolling into the LUKS device backing the root fs if none was specified
(and no wipe operation is used). This changes to look for /var/ instead.

On most systems /var/ is going to be on the root fs, hence this change
is with little effect.

However, on systems where / and /var/ is separate it makes more sense to
default to /var/ because that's where the persistent and variable data
is placed (i.e.  where LUKS should be used) while / doesn't really have
to be variable, could as well be immutable, or ephemeral. Hence /var/
should be a safer default.

Or to say this differently: I think it makes sense to support systems
with /var/ being on / well. I also think it makes sense to support
systems with them being separate, and /var/ being variable and
persistent. But any other kind of system I find much less interesting to
support, and in that case people should just specify the device name.

Also, while we are at it, tighten the checks a bit, insist on a dm-crypt
+ LUKS superblock before continuing.

And finally, let's print a short message indicating the device we
operate on.
2024-04-23 15:23:44 +02:00
Zbigniew Jędrzejewski-Szmek
1b47cfab7f
Merge pull request #32428 from poettering/sd-notify-reboot-param
pid1: send shutdown type and reboot argument to supervisor via sd_notify()
2024-04-23 13:31:40 +02:00
Ludwig Nussel
1df4b21abd cryptenroll: use root device by default 2024-04-23 12:29:32 +02:00
Lennart Poettering
8c081ae84b shutdown: send an sd_notify() message on shutdown with the shutdown reason and boot param
This is kinda nice in containers, to exfiltrate a string from the
container on shutdown.
2024-04-23 11:04:08 +02:00
Guido Leenders
f445ed3c5f Document effective owner of stdout/stderr log file upon creation
The log files defined using file:, append: or truncate: inherit the owner and other privileges from the effective user running systemd.

The log files are NOT created using the "User", "Group" or "UMask" defined in the service.
2024-04-22 20:46:25 +02:00
Yu Watanabe
c6aadfdd32 ukify: swap the ordering of config search paths
Let's follow our usual ordering.

Follow-up for a05fa30f88.
2024-04-22 20:38:16 +02:00
Yu Watanabe
9e4b40f26a man: fix typo
Follow-up for 403492793a.
2024-04-23 01:42:11 +09:00
Yu Watanabe
6bd3102e3e man: fix typo
Follow-up for fef46ffb5b.
2024-04-23 01:42:11 +09:00
Lennart Poettering
29ba6bddc5
Merge pull request #32399 from poettering/doc-fixes-256
various documentation fixes (plus minor other work)
2024-04-22 17:41:39 +02:00
Luca Boccassi
edd3d4d7c2 nspawn: ensure single-process container running as --user can access credentials
When starting a container with --user, the new uid will be resolved and switched to
only in the inner child, at the end of the setup, by spawning getent. But the
credentials are set up in the outer child, long before the user is resolvable,
and the directories/files are made only readable by root and read-only, which
means they cannot be changed later and made visible to the user.

When this particular combination is specified, it is obvious the caller wants
the single-process container to be able to use credentials, so make them world
readable only in that specific case.

Fixes https://github.com/systemd/systemd/issues/31794
2024-04-22 15:47:44 +02:00
Lennart Poettering
a64411deb4 man: document that IPAccounting= works for system services only
Fixes: #20356
2024-04-22 15:16:54 +02:00
Lennart Poettering
ef9262d0d1 man: be explicit that we don't proxy SO_PEER*, SCM_RIGHTS and co.
Fixes: #22744
2024-04-22 15:16:54 +02:00
Lennart Poettering
fef46ffb5b man: document that ReadOnlyPaths= doesn't affect ability to connect to AF_UNIX
Fixes: #23470
2024-04-22 15:16:54 +02:00
Lennart Poettering
c104d7a74e man: document that "systemctl set-environment" cannot be used to unset env vars configured via config file
Fixes: #28167
2024-04-22 15:16:54 +02:00
Lennart Poettering
afc194a135 man: say explicitly that $LESS + $LESSCHARSET have no effect on less invocations by systemd tools
Fixes: #29479
2024-04-22 15:16:54 +02:00
Lennart Poettering
403492793a man: document missing resolved D-Bus APIs
Fixes: #29598
2024-04-22 15:16:54 +02:00
Lennart Poettering
04366e0693 man: document that StateDirectory= trumps ProtectSystem=strict explicitly
Fixes: #29798
2024-04-22 15:16:54 +02:00
Lennart Poettering
552dc4a97c man: document explicitly that LogExtraFields= and LogFilterPatterns= are for system service only for now
Fixes: #29956
2024-04-22 15:16:54 +02:00
Lennart Poettering
6b7a1a3679 man: document explicitly that bind restrictions cannot be escaped by opening a new netns
And while we are at it reword the introductary sentence a bit to make it
clearer.

Fixes: #30555
2024-04-22 15:16:54 +02:00
Lennart Poettering
0adce85ebe man: explicitly document the various systemd.journald.max_level_*= kernel cmdline options
Fixes: #31327
2024-04-22 15:16:54 +02:00
Lennart Poettering
db2b499423 journald: bring order of MaxLevelXYZ= setting explanations in sync with listed names 2024-04-22 15:16:54 +02:00
Lennart Poettering
3c7f0d6b44 man: explicitly say that BindPaths=/BindReadOnlyPaths= opens a new mount
namespace

Fixes: #32339
2024-04-22 15:16:54 +02:00
Lennart Poettering
3f6551fc82 man: run update-man-rules again 2024-04-22 15:16:54 +02:00
Luca Boccassi
93cb78aee2 core: add ExecMainHandoverTimestamp property recording time-of-execve
Enable the exec_fd logic for Type=notify* services too, and change it
to send a timestamp instead of a '1' byte. Record the timestamp in a
new ExecMainHandoverTimestamp property so that users can track accurately
when control is handed over from systemd to the service payload, so
that latency and startup performance can be trivially and accurately
tracked and attributed.
2024-04-22 15:16:05 +02:00
Luca Boccassi
f64222b748
Merge pull request #32347 from yuwata/sd-radv-reachable-time
sd-radv: allow to configure reachable time
2024-04-22 14:04:25 +02:00
Yu Watanabe
2fa480592d sd-event: fix fd leak when fd is owned by IO event source
When an IO event source owns relevant fd, replacing with a new fd leaks
the previously assigned fd.
===
sd_event_add_io(event, &s, fd, ...);
sd_event_source_set_io_fd_own(s, true);
sd_event_source_set_io_fd(s, new_fd);  <-- The previous fd is not closed.
sd_event_source_unref(s);  <-- new_fd is closed as expected.
===

Without the change, valgrind reports the leak:
==998589==
==998589== FILE DESCRIPTORS: 4 open (3 std) at exit.
==998589== Open file descriptor 4:
==998589==    at 0x4F119AB: pipe2 (in /usr/lib64/libc.so.6)
==998589==    by 0x408830: test_sd_event_source_set_io_fd (test-event.c:862)
==998589==    by 0x403302: run_test_table (tests.h:171)
==998589==    by 0x408E31: main (test-event.c:935)
==998589==
==998589==
==998589== HEAP SUMMARY:
==998589==     in use at exit: 0 bytes in 0 blocks
==998589==   total heap usage: 33,305 allocs, 33,305 frees, 1,283,581 bytes allocated
==998589==
==998589== All heap blocks were freed -- no leaks are possible
==998589==
==998589== For lists of detected and suppressed errors, rerun with: -s
==998589== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
2024-04-22 18:30:12 +08:00
Yu Watanabe
4f52944054 man: fix typo
Follow-ups for 418f2dc755.
2024-04-22 18:44:48 +09:00
Yu Watanabe
5d8b72e1e0 man: slightly rephrase RetransmitSec= setting 2024-04-22 18:42:46 +09:00
Yu Watanabe
59d475ba40 network/radv: introduce ReachableTimeSec= setting
To make the reachable time in the RA header sent by networkd
configurable.
2024-04-22 18:41:37 +09:00
Luca Boccassi
6e6deacc61
Merge pull request #32359 from poettering/vmspawn-hyperv-enlight
some hyperv related enhancement in detect-virt + vmspawn
2024-04-20 14:40:14 +02:00
Luca Boccassi
af46138f39
Merge pull request #32276 from yuwata/network-global-use-domains-setting
network: introduce protocol-independent UseDomains= setting
2024-04-20 13:30:00 +02:00
Lennart Poettering
615906cdcf sd-id128: add an app-specific flavour of the invocation ID too 2024-04-20 12:10:42 +02:00
Yu Watanabe
4a7cd0caad sd-event: fix sd_event_source_get_inotify_path()
Follow-ups for 74c4231ce5.

Previously, the path is obtained from the fd, but it is closed in
sd_event_loop() to unpin the filesystem.
So, let's save the path when the event source is created, and make
sd_event_source_get_inotify_path() simply read it.
2024-04-20 11:14:32 +02:00
Yu Watanabe
418f2dc755 network: introduce network- and protocol-independent default for UseDomains=
Follow-up for fb57300743.

Prompted by #32273.
2024-04-20 12:01:53 +09:00
Lennart Poettering
bf49f3bb44
Merge pull request #31872 from tfg13/main
stub+ukify: Add support for UKI .ucode section
2024-04-19 23:59:13 +02:00
Luca Boccassi
565f6130b2
Merge pull request #32142 from bluca/portable_vpick
portable: support vpick
2024-04-19 20:34:16 +02:00
Luca Boccassi
f5054c2e37
Merge pull request #32251 from CodethinkLabs/vmspawn/docs_improvements
vmspawn docs improvements
2024-04-19 20:33:05 +02:00
Zbigniew Jędrzejewski-Szmek
ef40ad963a
Merge pull request #32365 from poettering/gpt-auto-doc-fix
man: tweak gpt-auto-generator docs a bit
2024-04-19 18:49:11 +02:00
Lennart Poettering
366af154fa man: correct where we look for auxiliary partitions
We look for the root fs on the device of the booted ESP, and for the
other partitions on the device of the root fs. On EFI systems this
generally boils down to the same, but there are cases where this doesn't
hold, hence document this properly.

Fixes: #31199
2024-04-19 18:36:33 +02:00
Lennart Poettering
1bf7e13c55 man: add explicit column for gpt guid value in table 2024-04-19 18:36:16 +02:00
Lennart Poettering
6cfd19cfd1 man: add separate column for flag value to table 2024-04-19 18:34:43 +02:00
Sam Leonard
2068ef6804
man: vmspawn - clarify behaviour of omitting --linux=/--initrd= 2024-04-19 16:58:37 +01:00
Sam Leonard
9c50fd64b5
man: vmspawn - clarify behaviour of omitting --vsock-cid= 2024-04-19 16:56:13 +01:00
Sam Leonard
dae32b1a2a
man: removely overly verbose wording from the vmspawn man page 2024-04-19 16:42:13 +01:00
Sam Leonard
900d283ae0
man: vmspawn - reference later example to show use of --private-users 2024-04-19 16:42:13 +01:00
Sam Leonard
45ec09ba4b
man: clarify behaviour when omitting both -i/-D in vmspawn 2024-04-19 16:42:13 +01:00
Sam Leonard
e82d12a52f
man: fix entry for vmspawn's --ssh-key-type 2024-04-19 16:38:49 +01:00
Sam Leonard
1490debd62
man: add ssh example for vmspawn 2024-04-19 16:38:49 +01:00
Sam Leonard
b8db8e557b
man: add example --forward-journal= example for vmspawn 2024-04-19 16:38:49 +01:00
Sam Leonard
0f37ff38a8
man: add machinectl import-raw example for vmspawn 2024-04-19 16:38:48 +01:00
Lennart Poettering
fa6ea80958 man: document the last remaining bits of the hostnamed D-Bus interface 2024-04-19 16:02:14 +02:00
Tobias Fleig
d380337dc5 ukify: Add support for .ucode UKI section
This commit teaches ukify how to build a .ucode section into UKIs. This
section is functionally an initrd, intended for microcode updates.
2024-04-19 06:28:47 -07:00
Tobias Fleig
590ac4bd27 measure: Add .ucode UKI section support
This commit adds support for the new ".ucode" UKI section to
systemd-measure. It is functionally an initrd and is treated as such by
measure.
2024-04-19 05:58:56 -07:00
Tobias Fleig
aea81bc0ff stub: Add support for .ucode UKI section
This commit adds support for loading, measuring and handling a ".ucode"
UKI section. This section is functionally an initrd, intended for
microcode updates. As such it will always be passed to the kernel first.
2024-04-19 05:58:46 -07:00
Luca Boccassi
8257508c58 portable: support vpick
Resolve at attach/detach/inspect time, so that the image is pinned and requires
re-attaching on update, given files are extracted from it so just passing
img.v/ to RootImage= is not enough to get a portable image updated
2024-04-19 13:25:32 +01:00
Yu Watanabe
74c4231ce5 sd-event: introduce sd_event_source_get_inotify_path()
This may be useful when there are multiple inotify event sources exist.
Without this, users need to manage the event sources and paths.
2024-04-19 14:23:11 +09:00
Yu Watanabe
fc6ec43c02 man: drop spurious version info for error code
Follow-up for 87fe0a6960.
2024-04-19 14:23:08 +09:00
Yu Watanabe
c1ab4458f2 sd-event: rename argument for storing result 2024-04-19 13:59:26 +09:00
Luca Boccassi
e54bf3fe0b
Merge pull request #32299 from yuwata/network-radv-ignore-rs-from-the-same-interface
network/radv: ignore RS message from the same interface
2024-04-18 23:45:06 +02:00
Lennart Poettering
dd37963aff
Merge pull request #31790 from poettering/pcrlock-policy-fix
Replace PolicyAuthValue by PolicySigned as access policy for pcrlock policy nvindex
2024-04-18 21:11:27 +02:00
Luca Boccassi
b84a0bf3ab
Merge pull request #32144 from bluca/portable_clean
portablectl: add --clean parameter for detaching
2024-04-18 18:15:20 +02:00
Lennart Poettering
43a59b8b86 pcrlock: rework --recovery-pin= to take three different arguments
This reworkds --recovery-pin= from a parameter that takes a boolean to
an enum supporting one of "hide", "show", "query".

If "hide" (default behaviour) we'll generate a recovery pin
automatically, but never show it, and thus just seal it and good.

If "show" we'll generate a recovery pin automatically, but display it in
the output, so the user can write it down.

If "query" we'll ask the user for a recovery pin, and not automatically
generate any.

For compatibility the old boolean behaviour is kept.

With this you can now do "systemd-pcrlock make-policy
--recovery-pin=show" to set up the first policy, write down the recovery
PIN. Later, if the PCR prediction didn't work out one day you can then
do "systemd-pcrlock make-policy --recovery-pin=query" and enter the
recovery key and write a new policy.
2024-04-18 18:12:24 +02:00
Antonio Alvarez Feijoo
d72835f819 man/systemd-stub: fix typo 2024-04-18 18:10:50 +02:00
Luca Boccassi
82efe05c01
Merge pull request #32326 from jonathan-conder/man_pam_loadkey
man: pam_system_loadkey additions and fixes
2024-04-18 14:10:40 +02:00
Luca Boccassi
ef5f7f9437 systemctl: add --clean= values to documentation and shell completion 2024-04-18 14:07:07 +02:00
Luca Boccassi
966d7977c7 portablectl: add --clean parameter for detaching
Calls CleanUnit on each portable service being removed, after it has
stopped
2024-04-18 10:47:29 +01:00
Jonathan Conder
08ef6998e3 man: document other keyname options for pam_systemd_loadkey 2024-04-18 20:56:58 +12:00
Lennart Poettering
778abdbfa1 doc: fix .ssh credential examples
Let's create the .ssh dir with the right perms first.

Suggested by @gcb.

Fixes: #28172
2024-04-18 10:53:20 +02:00
Yu Watanabe
87fe0a6960
man: fix wrong version info (#31949)
Fixes #31920.
2024-04-18 09:45:51 +09:00
Yu Watanabe
769f9744b7 network/ndisc: disable Neighbor discovery client if RADV is enabled
Running both sd-ndisc and sd-radv should be mostly a misconfiguration,
but may not. So, let's only disable sd-ndisc by default when sd-radv is
enabled, but allow when both are explicitly requested.
2024-04-18 09:40:23 +09:00
Jonathan Conder
0bf317b620 man: add pam_gnome_keyring to auth section after pam_systemd_loadkey
This is required because pam_sm_open_session [1] only looks at
gkr_system_authtok, which is copied from the kernel keyring in
pam_sm_authenticate.

[1] https://gitlab.gnome.org/GNOME/gnome-keyring/-/blob/46.1/pam/gkr-pam-module.c?ref_type=tags
2024-04-18 08:32:15 +12:00
Lennart Poettering
94c5c55e3e
Merge pull request #32320 from bluca/softreboot_serialize
Soft reboot timestamp follow-ups
2024-04-17 22:12:49 +02:00
Zbigniew Jędrzejewski-Szmek
aea6787f78 man: mention that sd_journal_test_cursor() needs a positioning call
Fixes #30331.
2024-04-17 22:01:53 +02:00
Luca Boccassi
b3f548615f core: rename SoftRebootStartTimestamp -> ShutdownStartTimestamp and generalize
Follow-up for 54f86b86ba
2024-04-17 18:19:27 +01:00
Yu Watanabe
e27f2ad6be
Merge pull request #32300 from mrc0mmand/assorted-tweaks
test: split TEST-50-DISSECT into smaller parts
2024-04-17 11:52:30 +09:00
Luca Boccassi
3721f9620c
Merge pull request #32289 from bluca/counter
soft-reboot counter follow-ups
2024-04-16 10:44:25 +02:00
Yu Watanabe
78d5bad2f5
Merge pull request #32294 from yuwata/network-generator-creds
network-generator: also load drop-ins for networkd.conf from credentials
2024-04-16 16:42:59 +09:00
Yu Watanabe
78281bd53a networkctl: allow to call 'networkctl cat' without arguments
Then, show networkd.conf and its drop-ins.
2024-04-16 13:31:14 +09:00
Yu Watanabe
38b4eb228a man: add missing drop-in directory 2024-04-16 13:00:49 +09:00
Yu Watanabe
e12e16e9f7 network-generator: also copy drop-ins for networkd.conf from credential
Follow-up for 1a30285590.
2024-04-16 12:45:08 +09:00
Yu Watanabe
5700e755a9 units: introduce systemd-udev-load-credentials.service 2024-04-16 09:45:43 +09:00
Yu Watanabe
51be364bbb udevadm-control: add --load-credentials option
When specified, credentials udev.conf.* and udev.rules.* are copied to
the corresponding directories.
2024-04-16 09:45:25 +09:00
Luca Boccassi
95a289bfe7 man: mention initial value of SoftRebootsCount
Follow-up for 66f35161f6
2024-04-16 00:26:04 +01:00
Frantisek Sumsal
ad444dd8e8 man: slightly reword LogFilterPatterns= description
As there was something missing in the existing sentence.
2024-04-15 17:16:18 +02:00
Sam Leonard
9bfabe14e5 man: fix incorrect XML in man page 2024-04-15 10:40:11 +02:00
Yu Watanabe
14f3bdaa73
Merge pull request #32271 from YHNdnzj/arch-man
Fixes for links to man projects
2024-04-15 14:35:04 +09:00
Kristian Klausen
254e1aa707 vmspawn: Fix incorrect/broken links in the man page 2024-04-15 14:33:33 +09:00
Mike Yuan
e561037517
man/sd-journal: correct project name for man7
Follow-up for 5aa8180392
2024-04-14 23:46:54 +08:00
Mike Yuan
311f4b8f6a
man: switch wireguard man project to man7 2024-04-14 23:41:34 +08:00
Mike Yuan
41fead40e6
man/custom-html: update link to Arch manual 2024-04-14 23:38:38 +08:00
Yu Watanabe
ae9fd433d6
Merge pull request #32194 from henryli001/lihl/add-defaultUseDomains-config
network: add mechanism to configure default UseDomains= setting
2024-04-14 13:40:06 +09:00
Henry Li
fb57300743 network: add mechanism to configure default UseDomains= setting, update man page and add test 2024-04-13 16:54:31 -07:00
Ole Peder Brandtzæg
712514416e man: remove PrivateMounts= from list of other settings in its own description
The diff looks bigger, but that's only because it seemed fitting to
reformat the paragraph now that the list is shorter.
2024-04-14 08:04:12 +09:00
Sam Leonard
edd85c8414 vmspawn: add --discard-disk= to control handling of disk discard requests
Fixes issue #32024, using --discard-disk=yes will enable handling of disk
discarding requests, saving space for long running VMs as desired.
2024-04-12 20:32:38 +02:00
Ludwig Nussel
aadbe55925 creds: allow null when decrypting
pcrlock writes a credential file using null key. Make sure systemd-creds
can show the file
2024-04-11 12:15:32 +01:00
Pablo Méndez Hernández
ffd0cca34a man/journald: Add missing configuration files
The man page was missing:

-  `/run/systemd/journald.conf`
-  `/usr/lib/systemd/journald.conf`

as valid configuration files.

Fixes: https://github.com/systemd/systemd/issues/32199
2024-04-10 20:15:17 +08:00
Luca Boccassi
0f0d001254
Merge pull request #32104 from yuwata/network-ndisc-redirect
network/ndisc: add support for Redirect message
2024-04-08 20:03:32 +01:00
Luca Boccassi
b1b5d7e4bf
Merge pull request #32140 from YHNdnzj/socket-per-peer-source
Minor tweaks to socket manual & shorten the code a bit
2024-04-08 10:38:07 +01:00
Mike Yuan
6b014a2ac4
man/systemd.socket: be explicit that MaxConnectionsPerSource=0 means disabled 2024-04-08 01:49:49 +08:00
Lennart Poettering
0af7e29434 nspawn: make nspawn work without privileges 2024-04-06 16:08:24 +02:00
Lennart Poettering
702a52f4b5 mountfsd: add new systemd-mountfsd component 2024-04-06 16:08:24 +02:00
Lennart Poettering
8aee931e7a nsresourced: add new daemon for granting clients user namespaces and assigning resources to them
This adds a small, socket-activated Varlink daemon that can delegate UID
ranges for user namespaces to clients asking for it.

The primary call is AllocateUserRange() where the user passes in an
uninitialized userns fd, which is then set up.

There are other calls that allow assigning a mount fd to a userns
allocated that way, to set up permissions for a cgroup subtree, and to
allocate a veth for such a user namespace.

Since the UID assignments are supposed to be transitive, i.e. not
permanent, care is taken to ensure that users cannot create inodes owned
by these UIDs, so that persistancy cannot be acquired. This is
implemented via a BPF-LSM module that ensures that any member of a
userns allocated that way cannot create files unless the mount it
operates on is owned by the userns itself, or is explicitly
allowelisted.

BPF LSM program with contributions from Alexei Starovoitov.
2024-04-06 16:08:24 +02:00
Vito Caputo
a7d8cacce0 man: fix typo s/veno/reno/ 2024-04-06 07:12:33 +02:00
Mike Yuan
36b21fac8f
sleep: rename SleepMemMode= to MemorySleepMode=
Addresses https://github.com/systemd/systemd/pull/31986#discussion_r1554053623
2024-04-06 02:16:54 +08:00
Zbigniew Jędrzejewski-Szmek
f1a090b136 man: sd_notify() does not fail if var is unset 2024-04-05 13:56:17 +02:00
Yu Watanabe
6df0059441 network/ndisc: add basic support for Redirect message
Closes #31438.
2024-04-05 05:57:54 +09:00
Mike Yuan
05d2a63139
man/kernel-command-line: document resume_offset= too 2024-04-05 03:03:09 +08:00
Luca Boccassi
2aef0ac819
Merge pull request #32097 from keszybz/sd-notify-cleanups
Small cleanups to sd_notify docs
2024-04-04 17:44:12 +01:00
Daan De Meyer
7b62a246a6
Merge pull request #32033 from DaanDeMeyer/unit-creds
debug-generator: Add unit and drop-in credentials
2024-04-04 18:27:20 +02:00
Daan De Meyer
8595f578fe debug-generator: Add unit and drop-in credentials
These allow adding extra units and drop-ins via credentials.
2024-04-04 16:17:38 +02:00
Zbigniew Jędrzejewski-Szmek
3a9259d93c man: align strings in sd_notify() examples
I think this way it's easier to see that they are part of the same argument.
2024-04-04 14:41:56 +02:00
Zbigniew Jędrzejewski-Szmek
4cbf560edf man/notify-selfcontained-example: check argument first
This is just good style. In this particular case, if the argument is incorrect and
the function is not tested with $NOTIFY_SOCKET set, the user could not get the
proper error until running for real.

Also, remove mention of systemd. The protocol is fully generic on purpose.
2024-04-04 12:18:30 +02:00
Zbigniew Jędrzejewski-Szmek
a1887f8b48 man: regenerate rules
Fixup for dfad86b838.
2024-04-04 12:18:30 +02:00
Zbigniew Jędrzejewski-Szmek
19e980eb92 man: update fedora example to F40
F40 will be out soon, so we can update the man page already. The example should
already work.

The cloud link was dropped in fd571c9df0, so
drop the unused variable too.
2024-04-04 09:19:24 +01:00
Yu Watanabe
94ad70989f man/example: also build example code with C90
Unfortunately, sd-bus-vtable.h, sd-journal.h, and sd-id128.h
have variadic macro and inline initialization of sub-object, these are
not supported in C90. So, we need to silence some errors.
2024-04-04 03:23:20 +09:00
Yu Watanabe
3a6bee0510
Merge pull request #32043 from YHNdnzj/resume-clear-efi
units: introduce systemd-hibernate-clear.service that clears stale HibernateLocation EFI variable
2024-04-04 02:43:00 +09:00
Yu Watanabe
040cb66458 man/examples: set _GNU_SOURCE in source, rather than by compile option
Addresses https://github.com/systemd/systemd/pull/32057#issuecomment-2034408569.
2024-04-04 02:30:29 +09:00
Lennart Poettering
47fba8f925 notify-example: also send STOPPING=1 at exit
I think the example should reflect the full set of lifecycle messages,
including STOPPING=1, which tells the service manager that the service
is already terminating. This is useful for reporting this information
back to the user and to suppress repeated shutdown requests.

It's not as important as the READY=1 and RELOADING=1 messages, since we
actively wait for those from the service message if the right Type= is
set. But it's still very valuable information, easy to do, and completes
the state engine.
2024-04-03 15:52:07 +01:00
Mike Yuan
5f0cd5717f
man/kernel-command-line: be clear that resumeflags= is about timeout opts only 2024-04-03 22:08:11 +08:00
Mike Yuan
dfad86b838
units: introduce systemd-hibernate-clear.service that clears
stale HibernateLocation EFI variable

Currently, if the HibernateLocation EFI variable exists,
but we failed to resume from it, the boot carries on
without clearing the stale variable. Therefore, the subsequent
boots would still be waiting for the device timeout,
unless the variable is purged manually.

There's no point to keep trying to resume after a successful
switch-root, because the hibernation image state
would have been invalidated by then. OTOH, we don't
want to clear the variable prematurely either,
i.e. in initrd, since if the resume device is the same
as root one, the boot won't succeed and the user might
be able to try resuming again. So, let's introduce a
unit that only runs after switch-root and clears the var.

Fixes #32021
2024-04-03 22:07:43 +08:00
Yu Watanabe
e98d4c3599 man/meson: add simple build test for example code 2024-04-03 17:58:39 +09:00
Yu Watanabe
2548ce6a30 man/examples: fix sd- header path 2024-04-03 17:58:39 +09:00
Yu Watanabe
e84f70e16d man/examples: use strerror() instead of %m 2024-04-03 17:58:35 +09:00
Yu Watanabe
06d0dcc009 man/example: fix build failure of hwdb-usb-device.c
STRLEN() and xsprintf() is our internal macros.
2024-04-03 17:44:41 +09:00
Luca Boccassi
f98e2b33ea
Merge pull request #32030 from bluca/dlopen_document
man: document that using sd_journal APIs might cause dlopen to happen and add self-contained notify protocol example
2024-04-02 17:18:02 +01:00
Luca Boccassi
383917ac67 man: add self-contained example of notify protocol
We are saying in public that the protocl is stable and can be easily
reimplemented, so provide an example doing so in the documentation,
license as MIT-0 so that it can be copied and pasted at will.
2024-04-02 14:53:31 +01:00
Luca Boccassi
5aa8180392 man: document that using sd_journal APIs might cause dlopen to happen 2024-04-02 14:53:31 +01:00
Mike Yuan
9c96ffe003
man/tmpfiles.d: drop doubled space 2024-04-02 17:12:55 +08:00
Eisuke Kawashima
86f36e87ff doc(tmpfiles.d): remove deprecated F type
close #32044
2024-04-02 02:46:19 +01:00
Daan De Meyer
3799fa803e repart: Add DefaultSubvolume= setting
We already have Subvolumes= to create subvolumes, let's add
DefaultSubvolume= as well to set the default subvolume.
2024-03-30 00:08:12 +00:00
Luca Boccassi
8312b17a29 core: apply ReloadLimit to reexec too
Same reason as the reload, reexec is disruptive and it requires the
same privileges, so if somebody wants to limit reloads, they'll also
want to limit reexecs, so use the same setting.
2024-03-29 12:03:32 +00:00
Luca Boccassi
55c1a411c6 portable: the 'flags' parameter is now used in DetachImageWithExtensions() and ReattachImageWithExtensions() 2024-03-29 09:35:45 +09:00
Mike Yuan
a2124b35e9
sleep: add SleepMemMode= setting for configuring /sys/power/mem_sleep
The setting is used when /sys/power/state is set to 'mem'
(common for suspend) or /sys/power/disk is set to 'suspend'
(hybrid-sleep). We default to kernel choice here, i.e.
respect what's set through 'mem_sleep_default=' kernel
cmdline option.
2024-03-28 17:19:35 +08:00
Mike Yuan
0a3fd5ce43
man/systemd-sleep: reorder options 2024-03-28 17:16:24 +08:00
Yu Watanabe
a3ed665a29 network/dhcp-server: introduce PersistLeases= setting
Requested at https://github.com/systemd/systemd/pull/31772#issuecomment-2000053357.
2024-03-27 13:21:15 +00:00
Luca Boccassi
66f35161f6 core: add counter for soft-reboot iterations
Allow to query via D-Bus how many times the current booted system has
been soft rebooted
2024-03-27 01:27:35 +00:00
Luca Boccassi
54f86b86ba core: add SoftRebootStartTimestamp
Will be useful to calculate how long it took to shut down the system before starting
in the new root
2024-03-27 01:25:49 +00:00
Jakub Sitnicki
97df75d7bd socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.

This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.

One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.

To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.

This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.

To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.

[1] https://docs.kernel.org/bpf/map_sockmap.html
[2] https://lore.kernel.org/r/20180808075917.3009181-1-kafai@fb.com
[3] https://man.archlinux.org/man/socket.7#SO_INCOMING_CPU
[4] https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html
2024-03-27 01:41:26 +08:00
Luca Boccassi
14a5217679 resolved: support reloading configuration at runtime
Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.

Fixes https://github.com/systemd/systemd/issues/17503
Fixes https://github.com/systemd/systemd/issues/20604
2024-03-26 13:36:42 +00:00
Zbigniew Jędrzejewski-Szmek
c38e4e2fda
Merge pull request #29721 from poettering/systemd-project
New capsule@.service feature
2024-03-26 13:19:33 +01:00
Luca Boccassi
b1d18b96c4
Merge pull request #31801 from flatcar-hub/krnowak/sysext-config
systemd-sysext: Add support for env vars, ephemeral layers and some fixes
2024-03-26 09:23:19 +00:00
Gaël Donval
7b123f8186 Document SYSTEMD_REPART_MKFS_* in repart.d manual 2024-03-26 03:08:38 +09:00
Krzesimir Nowak
5ae2f83b3e man: Document sysext ephemeral-import mode 2024-03-25 08:30:09 +01:00