1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

55 Commits

Author SHA1 Message Date
Lennart Poettering
0bc488c99a core: implement Uphold= dependency type
This is like a really strong version of Wants=, that keeps starting the
specified unit if it is ever found inactive.

This is an alternative to Restart= inside a unit, acknowledging the fact
that whether to keep restarting the unit is sometimes not a property of
the unit itself but the state of the system.

This implements a part of what #4263 requests. i.e. there's no
distinction between "always" and "opportunistic". We just dumbly
implement "always" and become active whenever we see no job queued for
an inactive unit that is supposed to be upheld.
2021-05-25 16:03:03 +02:00
Lennart Poettering
294446dcb9 core: add new OnSuccess= dependency type
This is similar to OnFailure= but is activated whenever a unit returns
into inactive state successfully.

I was always afraid of adding this, since it effectively allows building
loops and makes our engine Turing complete, but it pretty much already
was it was just hidden.

Given that we have per-unit ratelimits as well as an event loop global
ratelimit I feel safe to add this finally, given it actually is useful.

Fixes: #13386
2021-05-25 16:03:03 +02:00
Lennart Poettering
ffec78c05b core: add new PropagateStopTo= dependency (and inverse)
This takes inspiration from PropagatesReloadTo=, but propagates
stop jobs instead of restart jobs.

This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP +
UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the
unit the dependency is originating from is stopped based on user
request, we'll propagate the stop job to the target unit, too. In
addition, when the originating unit suddenly stops from external causes
the stopping is propagated too. Note that this does *not* include the
UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=),
i.e. this dependency is purely about propagating "edges" and not
"levels", i.e. it's about propagating specific events, instead of
continious states.

This is supposed to be useful for dependencies between .mount units and
their backing .device units. So far we either placed a BindsTo= or
Requires= dependency between them. The former gave a very clear binding
of the to units together, however was problematic if users establish
mounnts manually with different block device sources than our
configuration defines, as we there might come to the conclusion that the
backing device was absent and thus we need to umount again what the user
mounted. By combining Requires= with the new StopPropagatedFrom= (i.e.
the inverse PropagateStopTo=) we can get behaviour that matches BindsTo=
in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is
absent, and hence the level-triggered logic doesn't apply.

Replaces: #11340
2021-05-25 16:03:03 +02:00
Zbigniew Jędrzejewski-Szmek
3968ccd0cd core: fix crash in BPFProgram parsing
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33270.
2021-05-05 17:15:04 +02:00
Zbigniew Jędrzejewski-Szmek
cc87b3f68f core: fix crash in parsing of SocketBind{Allow,Deny}=
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33876.
2021-05-05 17:14:58 +02:00
Uwe Kleine-König
cbcdcaaa0e Add support for conditions on the machines firmware
This allows to limit units to machines that run on a certain firmware
type. For device tree defined machines checking against the machine's
compatible is also possible.
2021-04-28 10:55:55 +02:00
Julia Kartseva
7dc1707aab fuzz: add SocketBind{Allow|Deny}= directive 2021-04-26 16:26:28 -07:00
LetzteInstanz
8430841b5e network: save IPv4/IPv6 address states into state file
This also introduces RequiredFamilyForOnline= setting to .network file,
and IPv4AddressState/IPv6AddressState DBus properties.
2021-04-14 08:51:02 +09:00
Julia Kartseva
96734772a7 fuzz: add BPFProgram= to directives 2021-04-09 20:28:47 -07:00
Zbigniew Jędrzejewski-Szmek
71d1e58309 core: fix memleak of ipc_namespace_path
Fixup for a70581ffb5.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32991
2021-04-07 22:12:50 +01:00
Frantisek Sumsal
34fde9f898 test: check if the unit file fuzzer corpora is up to date
This follows a similar pattern we already have in place for
networkd-related directives.
2021-04-05 14:41:05 +01:00
Frantisek Sumsal
080a602771 fuzzer: add a test case for #19178 2021-04-03 10:38:06 +01:00
Henri Chain
cb0e818f7c Introduce ExitType 2021-03-31 10:26:07 +02:00
Xℹ Ruoyao
a70581ffb5
New directives PrivateIPC and IPCNamespacePath 2021-03-04 00:04:36 +08:00
Xℹ Ruoyao
a959cd2812
fuzz: add NetworkNamespacePath= into directives.service 2021-03-04 00:04:35 +08:00
Luca Boccassi
93f597013a Add ExtensionImages directive to form overlays
Add support for overlaying images for services on top of their
root fs, using a read-only overlay.
2021-02-23 15:34:46 +00:00
Anita Zhang
4e806bfa9f oom: add unit file settings for oomd avoid/omit xattrs 2021-02-12 12:45:36 -08:00
Topi Miettinen
ddc155b2fd New directives NoExecPaths= ExecPaths=
Implement directives `NoExecPaths=` and `ExecPaths=` to control `MS_NOEXEC`
mount flag for the file system tree. This can be used to implement file system
W^X policies, and for example with allow-listing mode (NoExecPaths=/) a
compromised service would not be able to execute a shell, if that was not
explicitly allowed.

Example:
[Service]
NoExecPaths=/
ExecPaths=/usr/bin/daemon /usr/lib64 /usr/lib

Closes: #17942.
2021-01-29 12:40:52 +00:00
Gaël PORTAY
0141102f10 veritysetup-generator: add support for verity root options
This adds support for a new kernel root verity command line option
"verity_root_options=" which controls the behaviour of dm-verity by
forwarding options directly to systemd-veritysetup.

See `veritysetup(8)` for more details.
2021-01-14 19:41:41 -05:00
Pavel Sapezhko
6d8325f66a resolved: allow cache responses from local DNS servers 2020-11-27 09:03:42 +09:00
Lennart Poettering
394131d5be
Merge pull request #17497 from anitazha/randomizeonce
timer: add new feature FixedRandomDelay=
2020-11-10 13:29:04 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Kristijan Gjoshev
acf24a1a84 timer: add new feature FixedRandomDelay=
FixedRandomDelay=yes will use
`siphash24(sd_id128_get_machine() || MANAGER_IS_SYSTEM(m) || getuid() || u->id)`,
where || is concatenation, instead of a random number to choose a value between
0 and RandomizedDelaySec= as the timer delay.
This essentially sets up a fixed, but seemingly random, offset for each timer
iteration rather than having a random offset recalculated each time it fires.

Closes #10355

Co-author: Anita Zhang <the.anitazha@gmail.com>
2020-11-05 10:59:33 -08:00
Franck Bui
64a3494c3d udev: rename kernel option 'log_priority' into 'log_level'
Let's be consistent with the rest of the project.

'log_priority' is still supported for backward compatibility.
2020-09-22 09:05:57 +02:00
Susant Sahani
1f05101fb6 resolve: allow configurable bind address 2020-09-03 08:27:41 +00:00
Lennart Poettering
4e39995371 core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs mount options
Kernel 5.8 gained a hidepid= implementation that is truly per procfs,
which allows us to mount a distinct once into every unit, with
individual hidepid= settings. Let's expose this via two new settings:
ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=).

Replaces: #11670
2020-08-24 20:11:02 +02:00
Lennart Poettering
476cfe626d core: remove support for ConditionNull=
The concept is flawed, and mostly useless. Let's finally remove it.

It has been deprecated since 90a2ec10f2 (6
years ago) and we started to warn since
55dadc5c57 (1.5 years ago).

Let's get rid of it altogether.
2020-08-20 14:01:25 +02:00
Luca Boccassi
d4d55b0d13 core: add RootHashSignature service parameter
Allow to explicitly pass root hash signature as a unit option. Takes precedence
over implicit checks.
2020-06-25 08:45:21 +01:00
Luca Boccassi
0389f4fa81 core: add RootHash and RootVerity service parameters
Allow to explicitly pass root hash (explicitly or as a file) and verity
device/file as unit options. Take precedence over implicit checks.
2020-06-23 10:50:09 +02:00
Lennart Poettering
a3d19f5d99 core: add new PassPacketInfo= socket unit property 2020-05-27 22:40:38 +02:00
Topi Miettinen
cc1c85fbc3 login: limit nr_inodes for /run/user/$UID
Limit number of inodes for tmpfs mounts on /run/user/$UID. Default is
RuntimeDirectorySize= divided by 4096.
2020-05-24 22:54:17 +02:00
Martin Hundebøll
c600357ba6 mount: add ReadWriteOnly property to fail on read-only mounts
Systems where a mount point is expected to be read-write needs a way to
fail mount units that fallback as read-only.

Add a property to allow setting the -w option when calling mount(8).
2020-05-01 13:23:30 +02:00
Zbigniew Jędrzejewski-Szmek
ad21e542b2 manager: add CoredumpFilter= setting
Fixes #6685.
2020-04-09 14:08:48 +02:00
Naïm Favier
53e1ba280f
network: add SuppressPrefixLength option to RoutingPolicyRule (#14736)
Closes #14724.
2020-02-03 08:25:48 +09:00
Zbigniew Jędrzejewski-Szmek
83dbb4df99 fuzz-unit-file: add new items to the corpus 2019-11-25 14:02:58 +01:00
Zbigniew Jędrzejewski-Szmek
a5f6f346d3
Merge pull request #13423 from pwithnall/12035-session-time-limits
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
2019-10-28 14:57:00 +01:00
Philip Withnall
9ed7de605d scope: Support RuntimeMaxSec= directive in scope units
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.

This could be used for time-limited login sessions, for example.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #12035
2019-10-28 09:44:31 +01:00
Zbigniew Jędrzejewski-Szmek
a232ebcc2c core: add support for RestartKillSignal= to override signal used for restart jobs
v2:
- if RestartKillSignal= is not specified, fall back to KillSignal=. This is necessary
  to preserve backwards compatibility (and keep KillSignal= generally useful).
2019-10-02 14:01:25 +02:00
Luca Boccassi
65224c1d0e core: rename ShutdownWatchdogSec to RebootWatchdogSec
This option is only used on reboot, not on other types of shutdown
modes, so it is misleading.
Keep the old name working for backward compatibility, but remove it
from the documentation.
2019-07-23 20:29:03 +01:00
Luca Boccassi
acafd7d8a6 core: add KExecWatchdogSec option
Rather than always enabling the shutdown WD on kexec, which might be
dangerous in case the kernel driver and/or the hardware implementation
does not reset the wd on kexec, add a new timer, disabled by default,
to let users optionally enable the shutdown WD on kexec separately
from the runtime and reboot ones. Advise in the documentation to
also use the runtime WD in conjunction with it.

Fixes: a637d0f9ec ("core: set shutdown watchdog on kexec too")
2019-07-23 20:29:03 +01:00
Anita Zhang
31cd5f63ce core: ExecCondition= for services
Closes #10596
2019-07-17 11:35:02 +02:00
Jonathan Rouleau
8b6805a25b hibernate-resume: add resumeflags= kernel option
Adds the resumeflags= kernel command line option to allow setting a
custom device timeout for the resume device (defaults to the same as the
root device).
2019-06-05 18:59:05 -06:00
Jan Klötzke
dc653bf487 service: handle abort stops with dedicated timeout
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
2019-04-12 17:32:52 +02:00
Lennart Poettering
f69567cbe2 core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= 2019-04-02 16:56:48 +02:00
Yu Watanabe
9cb8c55934 network: rename GatewayOnlink= to GatewayOnLink=
But still GatewayOnlink= is supported for backward compatibility.
2019-02-28 10:00:22 +09:00
Zbigniew Jędrzejewski-Szmek
4c4589227e fuzz-unit-file: add some directives for stuff coverage reports as not covered
Some of those directives appear in the corpus, but without arguments, so maybe
the fuzzing libraries can't trigger the right cases. Let's help them.
2019-02-25 15:46:23 +01:00
Zbigniew Jędrzejewski-Szmek
ea53cfd195 shared/calendarspec: do not allocate a big string on stack
The string can be as long as a logical line in a unit file — so no unlimited,
but quite big. Let's use a normal heap allocation when making a copy.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13125
2019-02-16 23:31:07 +01:00
Zbigniew Jędrzejewski-Szmek
a5dfc36ce6 fuzz-unit-file: add one more test case
There seems to be no error per se. RequiresMountsFor=%s%s%s..%s%s%s is expanded to
RequiresMountsFor=/bin/zsh/bin/zsh/bin/zsh/bin/zsh/..., which takes a bit of time,
and then we iterate over this a few times, creating a hashmap with a hashmap
for each prefix of the path, each with one item pointing back to the original unit.
Takes about 0.8 s on my machine.
2018-12-10 11:57:26 +01:00
Yu Watanabe
801503d22b
Merge pull request #10988 from ssahani/IFLA_BRPORT_MCAST_TO_UCAST
networkd: bridge add support to configure multicast_to_unicast
2018-12-06 14:32:52 +01:00
Susant Sahani
8b220643b1 networkd: RPDB rule - add support to configure inverted rule.
Closes #10706
2018-12-06 10:42:36 +05:30