platform/upstream/systemd.git
6 years agocore: fix gid when DynamicUser=yes with static User=
Yu Watanabe [Thu, 26 Jul 2018 02:42:54 +0000 (11:42 +0900)]
core: fix gid when DynamicUser=yes with static User=

When DynamicUser=yes and static User= are set, and the user has
different uid and gid, then as the storage socket for the dynamic
user does not contains gid, we need to obtain gid.

Follow-up for 9ec655cbbd7505ef465e0444da0622e46099ce42.

Fixes #9702.

6 years agoMerge pull request #9667 from poettering/pam_systemd-fixes
Zbigniew Jędrzejewski-Szmek [Wed, 25 Jul 2018 20:26:46 +0000 (22:26 +0200)]
Merge pull request #9667 from poettering/pam_systemd-fixes

pam_systemd fixes

6 years agohwdb: Add accel mount matrix for Lenovo Miix 3-830
Mario Hros [Wed, 25 Jul 2018 14:53:10 +0000 (16:53 +0200)]
hwdb: Add accel mount matrix for Lenovo Miix 3-830

6 years agohwdb: Add information on where to find identifiers
Mario Hros [Mon, 23 Jul 2018 11:56:09 +0000 (13:56 +0200)]
hwdb: Add information on where to find identifiers

6 years agoman: update pam_systemd to reflect recent changes
Lennart Poettering [Fri, 20 Jul 2018 09:53:34 +0000 (11:53 +0200)]
man: update pam_systemd to reflect recent changes

1. Document the new desktop= parameter

2. Clarify that we set XDG_SESSION_DESKTOP, XDG_SESSION_CLASS,
   XDG_SESSION_TYPE if we have the data, and don't just read it.

6 years agopam_systemd: cast calls whose result we knowingly ignore to (void)
Lennart Poettering [Fri, 20 Jul 2018 09:43:38 +0000 (11:43 +0200)]
pam_systemd: cast calls whose result we knowingly ignore to (void)

6 years agopam_systemd: reduce append_session_cg_weight() indentation level a bit by moving...
Lennart Poettering [Fri, 20 Jul 2018 09:41:17 +0000 (11:41 +0200)]
pam_systemd: reduce append_session_cg_weight() indentation level a bit by moving to early exit

6 years agopam_systemd: move socket_from_display() from util.[ch] to pam_systemd.c
Lennart Poettering [Fri, 20 Jul 2018 09:36:10 +0000 (11:36 +0200)]
pam_systemd: move socket_from_display() from util.[ch] to pam_systemd.c

It's highly specific, kinda legacy (X11…) and only used at one place,
let's move this out of the common code, and into pam_systemd.c where it
is used.

6 years agopam_systemd: sort includes properly
Lennart Poettering [Fri, 20 Jul 2018 09:35:57 +0000 (11:35 +0200)]
pam_systemd: sort includes properly

6 years agopam_systemd: always set XDG_SESSION_{CLASS|TYPE|DESKTOP}
Lennart Poettering [Fri, 20 Jul 2018 09:28:37 +0000 (11:28 +0200)]
pam_systemd: always set XDG_SESSION_{CLASS|TYPE|DESKTOP}

We likely get the data from the env block, but we might also determine
it from elsewhere (such as PAM module parameters). Let's set the env
vars on the env block explicitly, so that they are available always, and
apps can rely on it.

6 years agopam_systemd: simplify code which with we set environment variables
Lennart Poettering [Fri, 20 Jul 2018 09:27:55 +0000 (11:27 +0200)]
pam_systemd: simplify code which with we set environment variables

Let's shorten things a bit by splitting out common code in a new
function.

6 years agopam_systemd: tiny coding style fix
Lennart Poettering [Fri, 20 Jul 2018 09:26:59 +0000 (11:26 +0200)]
pam_systemd: tiny coding style fix

6 years agopam_systemd: also make $XDG_SESSION_DESKTOP configurable via PAM module command line
Lennart Poettering [Fri, 20 Jul 2018 09:01:18 +0000 (11:01 +0200)]
pam_systemd: also make $XDG_SESSION_DESKTOP configurable via PAM module command line

Let's make this symmetric with XDG_SESSION_CLASS and XDG_SESSION_TYPE,
so that PAM stacks can configure this easily without involving env vars,
in case there are PAM session managers which only support a single
desktop anyway.

6 years agopam_systemd: simplify how we process env vars
Lennart Poettering [Fri, 20 Jul 2018 08:58:27 +0000 (10:58 +0200)]
pam_systemd: simplify how we process env vars

Let's introduce a single unified getenv() implementation for the various
fields we need.

No change in behaviour.

6 years agopam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS
Lennart Poettering [Fri, 20 Jul 2018 08:07:26 +0000 (10:07 +0200)]
pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS

Since D-Bus 1.9.14 (2015-03-02) dbus looks in $XDG_RUNTIME_DIR/bus for
the system bus on its own, hence we can finally drop setting this
environment variable. gdbus since glib 2.45.3 (June 2015) also supports
it.

6 years agoman: document that pam_systemd actually sets XDG_SEAT and XDG_VTNR
Lennart Poettering [Fri, 20 Jul 2018 08:28:14 +0000 (10:28 +0200)]
man: document that pam_systemd actually sets XDG_SEAT and XDG_VTNR

The old wording is not clear regarding whether the env var will be
updated or just a fallbacked is used.

6 years agoman: document CPUAffinity= in system.conf in more detail
Lennart Poettering [Mon, 23 Jul 2018 09:05:40 +0000 (11:05 +0200)]
man: document CPUAffinity= in system.conf in more detail

Fixes: #9692

6 years agocore/main: use return log_*_errno more
Zbigniew Jędrzejewski-Szmek [Wed, 25 Jul 2018 10:50:14 +0000 (12:50 +0200)]
core/main: use return log_*_errno more

6 years agonetworkd: fix overflow check
Lennart Poettering [Mon, 16 Jul 2018 10:31:50 +0000 (12:31 +0200)]
networkd: fix overflow check

Fixes: #9591

6 years agounits: make sure user@.service runs with dbus still up
Lennart Poettering [Fri, 13 Jul 2018 15:43:27 +0000 (17:43 +0200)]
units: make sure user@.service runs with dbus still up

Fixes: #9565

6 years agoMerge pull request #9668 from poettering/open-parent
Zbigniew Jędrzejewski-Szmek [Wed, 25 Jul 2018 10:58:45 +0000 (12:58 +0200)]
Merge pull request #9668 from poettering/open-parent

introduce open_parent() helper

6 years agoupdate TODO
Lennart Poettering [Mon, 23 Jul 2018 11:03:38 +0000 (13:03 +0200)]
update TODO

6 years agomain: use log_error_errno() at one more place
Lennart Poettering [Mon, 23 Jul 2018 11:03:46 +0000 (13:03 +0200)]
main: use log_error_errno() at one more place

6 years agopam_systemd: explain in detail why pam_systemd does the PAM item mangling it does...
Lennart Poettering [Mon, 23 Jul 2018 11:02:58 +0000 (13:02 +0200)]
pam_systemd: explain in detail why pam_systemd does the PAM item mangling it does in comments

The old comments were imprecise, and misleading. Let's extend things and
explain the situation in more detail.

6 years agonetwork: make log level lower when operations are automatically re-tried later
Yu Watanabe [Mon, 23 Jul 2018 18:22:28 +0000 (03:22 +0900)]
network: make log level lower when operations are automatically re-tried later

When networkd has not connected and setting hostname/timezone is
requested, the operation is delayed, not canceled. So, logging in
debug level is sufficient for the corresponding log message.

Closes #9699.

6 years agonss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESS
Yu Watanabe [Sun, 15 Jul 2018 14:00:00 +0000 (23:00 +0900)]
nss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESS

This also adds PROTECT_ERRNO for all nss module functions.

C.f. glibc NSS documents https://www.gnu.org/software/libc/manual/html_node/NSS-Modules-Interface.html
and discussion in https://sourceware.org/bugzilla/show_bug.cgi?id=23410.

Fixes #9585.

6 years agoDrop more copyright headers
Zbigniew Jędrzejewski-Szmek [Tue, 24 Jul 2018 11:24:48 +0000 (13:24 +0200)]
Drop more copyright headers

6 years agoMerge pull request #8876 from yuwata/meson-0.46
Zbigniew Jędrzejewski-Szmek [Tue, 24 Jul 2018 11:41:57 +0000 (13:41 +0200)]
Merge pull request #8876 from yuwata/meson-0.46

meson: bump minimum required version to 0.46

6 years agoresolve: add assert_not_reached()
Yu Watanabe [Tue, 24 Jul 2018 08:51:18 +0000 (17:51 +0900)]
resolve: add assert_not_reached()

Follow-up for 3fe30d85e37a4aa6729e1e3738d44e9a16d7232d.

6 years agotest-network-tables: add dhcp6_message_type to test
Zbigniew Jędrzejewski-Szmek [Tue, 24 Jul 2018 08:48:12 +0000 (10:48 +0200)]
test-network-tables: add dhcp6_message_type to test

Follow-up for e91c99059b0d111bd681ea9077d014bd3b6a1f97.

6 years agoMerge pull request #9708 from keszybz/copyright-headers
Lennart Poettering [Tue, 24 Jul 2018 10:59:30 +0000 (12:59 +0200)]
Merge pull request #9708 from keszybz/copyright-headers

Copyright header removal continuation

6 years agoDrop some more copyright headers
Zbigniew Jędrzejewski-Szmek [Mon, 23 Jul 2018 12:40:53 +0000 (14:40 +0200)]
Drop some more copyright headers

Acks in https://github.com/systemd/systemd/issues/9320.

6 years agoDrop "Copyright abandonded" header
Zbigniew Jędrzejewski-Szmek [Mon, 23 Jul 2018 10:37:09 +0000 (12:37 +0200)]
Drop "Copyright abandonded" header

Add CC0 as the license. SPDX does not have a "public domain" tag, but CC0 is
more or less equivalent. We should have *some* header to avoid doubts in the
future.

6 years agofixed ugly colorcodes on brackets
Christian Rebischke [Mon, 23 Jul 2018 23:46:20 +0000 (01:46 +0200)]
fixed ugly colorcodes on brackets

Signed-off-by: Christian Rebischke <Chris.Rebischke@posteo.de>
6 years agoMerge pull request #9687 from yuwata/rfe-9662
Lennart Poettering [Tue, 24 Jul 2018 07:43:57 +0000 (09:43 +0200)]
Merge pull request #9687 from yuwata/rfe-9662

analyze: several systemd-analyze plot improvements

6 years agoMerge pull request #9685 from yuwata/fix-9663
Lennart Poettering [Mon, 23 Jul 2018 19:17:07 +0000 (21:17 +0200)]
Merge pull request #9685 from yuwata/fix-9663

core: serialize and deserialize current ShowStatus

6 years agoMerge pull request #9701 from yuwata/string-table-cleanups
Lennart Poettering [Mon, 23 Jul 2018 19:16:34 +0000 (21:16 +0200)]
Merge pull request #9701 from yuwata/string-table-cleanups

String table cleanups

6 years agoanalyze: add a space in pretty boot time string
Yu Watanabe [Sun, 22 Jul 2018 05:48:24 +0000 (14:48 +0900)]
analyze: add a space in pretty boot time string

6 years agoanalyze: show information from hostnamed in plot even when user mode
Yu Watanabe [Sun, 22 Jul 2018 05:33:31 +0000 (14:33 +0900)]
analyze: show information from hostnamed in plot even when user mode

6 years agoanalyze: plot initrd related timestamps
Yu Watanabe [Sun, 22 Jul 2018 05:04:32 +0000 (14:04 +0900)]
analyze: plot initrd related timestamps

6 years agocore: expose initrd related timestamps on bus
Yu Watanabe [Sun, 22 Jul 2018 04:42:12 +0000 (13:42 +0900)]
core: expose initrd related timestamps on bus

6 years agocore: serialize/deserialize several timestamps on initrd in different names
Yu Watanabe [Sun, 22 Jul 2018 04:41:44 +0000 (13:41 +0900)]
core: serialize/deserialize several timestamps on initrd in different names

6 years agoanalyze: plot units in initrd
Yu Watanabe [Sun, 22 Jul 2018 04:05:32 +0000 (13:05 +0900)]
analyze: plot units in initrd

Closes #9662.

6 years agoMerge pull request #9560 from mbiebl/uaccess-dev-kvm
Zbigniew Jędrzejewski-Szmek [Mon, 23 Jul 2018 18:10:38 +0000 (20:10 +0200)]
Merge pull request #9560 from mbiebl/uaccess-dev-kvm

Re-add uaccess tag for /dev/kvm

6 years agomake dir-locals work again with emacs 26.1
Lennart Poettering [Wed, 20 Jun 2018 08:59:44 +0000 (10:59 +0200)]
make dir-locals work again with emacs 26.1

After upgrading to emacs-26.1-1.fc28.x86_64 I noticed that our
.dir-locals.el files weren't honoured anymore (specifically the fill
column variable is not correctly set for c-mode files). I finally
tracked this down to the order in which items are listed in
.dir-locals.el: if the "nil" one is listed last everything works,
otherwise, it's the one that is applied instead of the c-mode one.

This patch simply swaps the entries, and puts the "nil" one last. My
emacs lisp fu is a bit too limited to understand the full impact for
this, and why emacs 26.1 changed behaviour in this regard, but from an
outsider's view the order shouldn't negatively affect things otherwise,
hence this patch.

6 years agoLGTM: make LGTM.com use meson from pip
Yu Watanabe [Mon, 23 Jul 2018 16:37:29 +0000 (01:37 +0900)]
LGTM: make LGTM.com use meson from pip

6 years agomeson: use has_link_argument() and friends
Yu Watanabe [Tue, 15 May 2018 11:18:24 +0000 (20:18 +0900)]
meson: use has_link_argument() and friends

This bumps the minimum required version of meson to 0.46, as
`has_link_argument()` and friends are supported since 0.46.

6 years agomeson: use integer type in options
Yu Watanabe [Thu, 10 May 2018 07:04:16 +0000 (16:04 +0900)]
meson: use integer type in options

This bumps the minimum required version of meson to 0.45 and
python to 3.5, as integer type option is supported since meson-0.45
and meson-0.45 requires python-3.5.

6 years agotest: add more string-table tests in test-tables
Yu Watanabe [Mon, 23 Jul 2018 16:26:30 +0000 (01:26 +0900)]
test: add more string-table tests in test-tables

6 years agotest: add more string-table tests in test-resolve-tables
Yu Watanabe [Mon, 23 Jul 2018 16:26:14 +0000 (01:26 +0900)]
test: add more string-table tests in test-resolve-tables

6 years agotest: add comment in test-network-tables.c
Yu Watanabe [Mon, 23 Jul 2018 16:25:24 +0000 (01:25 +0900)]
test: add comment in test-network-tables.c

6 years agoresolve: define _DNS_SERVER_TYPE_MAX in enum
Yu Watanabe [Mon, 23 Jul 2018 16:23:41 +0000 (01:23 +0900)]
resolve: define _DNS_SERVER_TYPE_MAX in enum

6 years agosd-device: include sd-device.h in device-internal.h
Yu Watanabe [Mon, 23 Jul 2018 16:22:32 +0000 (01:22 +0900)]
sd-device: include sd-device.h in device-internal.h

6 years agocoredumpctl: info shows the last entry by default
Lion Yang [Sat, 7 Jul 2018 22:00:39 +0000 (06:00 +0800)]
coredumpctl: info shows the last entry by default

Closes #9524.

6 years agoMerge pull request #9658 from LukeShu/to-upstream/misc-cleanup
Lennart Poettering [Mon, 23 Jul 2018 15:44:56 +0000 (17:44 +0200)]
Merge pull request #9658 from LukeShu/to-upstream/misc-cleanup

nspawn: Miscellaneous touch-up

6 years agosystemctl: set string table size for safety
Yu Watanabe [Mon, 23 Jul 2018 14:59:09 +0000 (23:59 +0900)]
systemctl: set string table size for safety

6 years agotest: add a table test for ShowStatus
Yu Watanabe [Mon, 23 Jul 2018 14:45:01 +0000 (23:45 +0900)]
test: add a table test for ShowStatus

6 years agocore: serialize and deserialize current ShowStatus
Yu Watanabe [Mon, 23 Jul 2018 12:55:42 +0000 (21:55 +0900)]
core: serialize and deserialize current ShowStatus

Fixes #9663.

6 years agocore: normalize ShowStatus
Yu Watanabe [Mon, 23 Jul 2018 12:55:26 +0000 (21:55 +0900)]
core: normalize ShowStatus

6 years agomeson: allow building resolved and machined without nss modules
Yu Watanabe [Wed, 18 Jul 2018 00:25:57 +0000 (09:25 +0900)]
meson: allow building resolved and machined without nss modules

This adds -Dnss-resolve= and -Dnss-mymachines= meson options.
By using this option, e.g., resolved can be built without nss-resolve.
When no nss modules are built, then test-nss is neither built.

Also, This changes the option name -Dmyhostname= to -Dnss-myhostname=
for consistency to other nss related options.

Closes #9596.

6 years agomeson: drop redundant messages
Yu Watanabe [Wed, 18 Jul 2018 00:29:28 +0000 (09:29 +0900)]
meson: drop redundant messages

The equivalent messages are shown in the last summary.

6 years agoMake final kill signal configurable
Jon Ringle [Fri, 20 Jul 2018 15:22:43 +0000 (11:22 -0400)]
Make final kill signal configurable

Usecase is to allow changing the final kill from SIGKILL to SIGQUIT which
should create a core dump useful for debugging why the service didn't stop
with the SIGTERM

6 years agotree-wide: port various bits over to open_parent()
Lennart Poettering [Fri, 20 Jul 2018 10:02:14 +0000 (12:02 +0200)]
tree-wide: port various bits over to open_parent()

6 years agofs-util: introduce open_parent() helper
Lennart Poettering [Fri, 20 Jul 2018 09:57:24 +0000 (11:57 +0200)]
fs-util: introduce open_parent() helper

We often open the parent directory of a path. Let's add a common helper
for that, that shortens our code a bit and adds some extra safety
checks, for example it will fail if used on the root directory (which
doesn't really have a parent).

The helper is actually generalized from a function in btrfs-util.[ch]
which already existed for this purpose.

6 years agofileio: add additional safety checks
Lennart Poettering [Fri, 20 Jul 2018 09:55:18 +0000 (11:55 +0200)]
fileio: add additional safety checks

Let's protect against attempts to create temporary files above the root
dir, as that makes little sense.

Let's better be safe than sorry.

6 years agocheck nobody user/group validity only when not cross compiling
Chen Qi [Mon, 23 Jul 2018 06:53:09 +0000 (14:53 +0800)]
check nobody user/group validity only when not cross compiling

Using `getent' and `id' command in case of cross compiling does not
make much sense. This is because it is the host files that are checked.

Besides, in some restricted cross compilation environment, these two
command may not even be available. This is to avoid host comtamination.

So we should only check the validity using getent and id when not
cross compiling.

6 years agotests: skip test_get_process_cmdline_harder if `mount --make-rslave /` fails with...
Evgeny Vereshchagin [Thu, 19 Jul 2018 10:24:07 +0000 (10:24 +0000)]
tests: skip test_get_process_cmdline_harder if `mount --make-rslave /`  fails with EPERM or EACCESS

That call to mount was added as a safeguard against a kernel bug which was fixed in
torvalds/linux@bbd5192.

In principle, the error could be ignored because

* normally everything mounted on /proc/PID should disappear as soon as the PID has gone away
* test-mount-util that had been confused by those phantom entries in /proc/self/mountinfo was
  taught to ignore them in 112cc3b.

On the other hand, in practice, if the mount fails, then the next one is extremely unlikely to
succeed, so it seems to be reasonable to just skip the rest of `test_get_process_cmdline_harder`
if that happens.

Closes https://github.com/systemd/systemd/issues/9649.

6 years agologin1: policy: Authorize active users to boot to firmware
Carlo Caione [Fri, 20 Jul 2018 21:22:50 +0000 (22:22 +0100)]
login1: policy: Authorize active users to boot to firmware

Currently to set the flag to reboot into the firmware setup an
authentication by an administrative user is required. Since we are
already enabling active users to reboot the system, it is advisable to
let the user decide if he wants to boot into the firmware setup without
any more hassle.

6 years agomeson: check the existence of ninja.build for fuzzer tests
Yu Watanabe [Sun, 22 Jul 2018 14:39:26 +0000 (23:39 +0900)]
meson: check the existence of ninja.build for fuzzer tests

6 years agomeson: do not build module-util.c when libkmod is not found
Yu Watanabe [Sun, 22 Jul 2018 14:25:07 +0000 (23:25 +0900)]
meson: do not build module-util.c when libkmod is not found

Follow-up for 3cb9b42af3b205fba176ebf51ce0e07739698278 (#9516).

Fixes oss-fuzz-9532.

6 years agotree-wide: drop empty lines in comments
Yu Watanabe [Sun, 22 Jul 2018 18:54:35 +0000 (03:54 +0900)]
tree-wide: drop empty lines in comments

6 years agosystemctl: Only wait when there's something to wait for.
Filipe Brandenburger [Fri, 20 Jul 2018 18:32:55 +0000 (11:32 -0700)]
systemctl: Only wait when there's something to wait for.

Tested:
- `systemctl --wait start i-do-not-exist.service` does not wait.
- `systemctl --wait start i-do-not-exist.service valid-unit.service` does.

6 years agoFix grammar
glitsj16 [Fri, 20 Jul 2018 23:32:02 +0000 (23:32 +0000)]
Fix grammar

6 years agoMinor grammar changes
Josh Soref [Fri, 20 Jul 2018 19:40:15 +0000 (15:40 -0400)]
Minor grammar changes

mostly inserting / removing commas / periods as appropriate.
occasionally fixing duplicated words, proper brand case, and singular/plurals.

6 years agoMerge pull request #9671 from keszybz/tasks-max-doc
Lennart Poettering [Fri, 20 Jul 2018 18:05:45 +0000 (20:05 +0200)]
Merge pull request #9671 from keszybz/tasks-max-doc

Document user@.service and friends

6 years agonspawn: mount_sysfs(): Unconditionally mkdir /sys/fs/cgroup
Luke Shumaker [Thu, 1 Jun 2017 17:59:20 +0000 (13:59 -0400)]
nspawn: mount_sysfs(): Unconditionally mkdir /sys/fs/cgroup

Currently, mount_sysfs() only creates /sys/fs/cgroup if cg_ns_supported().
The comment explains that we need to "Create mountpoint for
cgroups. Otherwise we are not allowed since we remount /sys read-only.";
that is: that we need to do it now, rather than later.  However, the
comment doesn't do anything to explain why we only need to do this if
cg_ns_supported(); shouldn't we _always_ need to do it?

The answer is that if !use_cgns, then this was already done by the outer
child, so mount_sysfs() only needs to do it if use_cgns.  Now,
mount_sysfs() doesn't know whether use_cgns, but !cg_ns_supported() implies
!use_cgns, so we can optimize" the case where we _know_ !use_cgns, and deal
with a no-op mkdir_p() in the false-positive where cgns_supported() but
!use_cgns.

But is it really much of an optimization?  We're potentially spending an
access(2) (cg_ns_supported() could be cached from a previous call) to
potentially save an lstat(2) and mkdir(2); and all of them are on virtual
fileystems, so they should all be pretty cheap.

So, simplify and drop the conditional.  It's a dubious optimization that
requires more text to explain than it's worth.

6 years agocgroup-util: cg_kernel_controllers(): Fix comment about including "name="
Luke Shumaker [Sat, 10 Jun 2017 04:06:45 +0000 (00:06 -0400)]
cgroup-util: cg_kernel_controllers(): Fix comment about including "name="

Remove "arbitrary named hierarchies" from the list of things that
cg_kernel_controllers() might return, and clarify that "name="
pseudo-controllers are not included in the returned list.

/proc/cgroups does not contain "name=" pseudo-controllers, and
cg_kernel_controllers() makes no effort to enumerate them via a different
mechanism.

6 years agonspawn: sync_cgroup(): Rename arg_uid_shift -> uid_shift
Luke Shumaker [Fri, 7 Jul 2017 19:17:41 +0000 (15:17 -0400)]
nspawn: sync_cgroup(): Rename arg_uid_shift -> uid_shift

Naming it arg_uid_shift is confusing because of the global arg_uid_shift in
nspawn.c

6 years agonspawn: Move cgroup mount stuff from nspawn-mount.c to nspawn-cgroup.c
Luke Shumaker [Fri, 7 Jul 2017 22:57:08 +0000 (18:57 -0400)]
nspawn: Move cgroup mount stuff from nspawn-mount.c to nspawn-cgroup.c

6 years agonspawn: Simplify tmpfs_patch_options() usage, and trickle that up
Luke Shumaker [Tue, 13 Jun 2017 22:06:09 +0000 (18:06 -0400)]
nspawn: Simplify tmpfs_patch_options() usage, and trickle that up

One of the things that tmpfs_patch_options does is take an (optional) UID,
and insert "uid=${UID},gid=${UID}" into the options string.  So we need a
uid_t argument, and a way of telling if we should use it.  Fortunately,
that is built in to the uid_t type by having UID_INVALID as a possible
value.

So this is really a feature that requires one argument.  Yet, it is somehow
taking 4!  That is absurd.  Simplify it to only take one argument, and have
that trickle all the way up to mount_all()'s usage.

Now, in may of the uses, the argument becomes

    uid_shift == 0 ? UID_INVALID : uid_shift

because it used to treat uid_shift=0 as invalid unless the patch_ids flag
was also set.  This keeps the behavior the same.  Note that in all cases
where it is invoked, if !use_userns (sometimes called !userns), then
uid_shift is 0; we don't have to add any checks for that.

That said, I'm pretty sure that "uid=0" and not setting "uid=" are the
same, but Christian Brauner seemed to not think so when implementing the
cgns support.  https://github.com/systemd/systemd/pull/3589

6 years agonspawn: Simplify mkdir_userns() usage, and trickle that up
Luke Shumaker [Fri, 7 Jul 2017 22:30:03 +0000 (18:30 -0400)]
nspawn: Simplify mkdir_userns() usage, and trickle that up

One of the things that mkdir_userns{,_p}() does is take an (optional) UID,
and chown the directory to that.  So we need a uid_t argument, and a way of
telling if we should use that uid_t argument.  Fortunately, that is built
in to the uid_t type by having UID_INVALID as a possible value.

However, currently mkdir_userns() also takes a MountSettingsMask and checks
a couple of bits in it to decide if it should perform the chown.

Drop the mask argument, and instead have the caller pass UID_INVALID if it
shouldn't chown.

6 years agoman: add a description of user@.service, user-runtime-dir@.service, user-*.slice
Zbigniew Jędrzejewski-Szmek [Fri, 20 Jul 2018 13:49:57 +0000 (15:49 +0200)]
man: add a description of user@.service, user-runtime-dir@.service, user-*.slice

Fixes #9590.

6 years agoman: split systemd.special(7) into separate system/user sections
Zbigniew Jędrzejewski-Szmek [Thu, 19 Jul 2018 16:45:23 +0000 (18:45 +0200)]
man: split systemd.special(7) into separate system/user sections

User units were in the middle, which is just confusing. Let's discuss
all system units first, and all user units second.

I'm using "System manager units" and "user manager units" instead of the more
obvious "system units" and "user units", because there are also units like
"user@.service".

6 years agotests: prefer MS_SLAVE over MS_PRIVATE for turning off mount propagation
Lennart Poettering [Fri, 20 Jul 2018 13:33:48 +0000 (15:33 +0200)]
tests: prefer MS_SLAVE over MS_PRIVATE for turning off mount propagation

When we open our own little namespace for running our tests in, let's
turn off mount propagation only one way, rather than both ways. This is
better as this means we don't pin host mounts unnecessarily long in our
namespace, even though the host already got rid of them. This is because
MS_SLAVE in contrast to MS_PRIVATE allows umount events to propagate
from the host into our environment.

6 years agoVarious accountings are not implied by their controllers
Ryutaroh Matsumoto [Fri, 20 Jul 2018 11:37:54 +0000 (20:37 +0900)]
Various accountings are not implied by their controllers

The original manpage says "Implies BBBAccounting" many times but actually that accounting is not implied by the respective resource control in v239 with the unified cgroup hierarchy. This commit removes those false explanations.

6 years agoupdate TODO
Lennart Poettering [Fri, 20 Jul 2018 14:38:53 +0000 (16:38 +0200)]
update TODO

6 years agoMerge pull request #9500 from zsol/append
Lennart Poettering [Fri, 20 Jul 2018 13:45:08 +0000 (15:45 +0200)]
Merge pull request #9500 from zsol/append

Add support for opening files for appending

6 years agocore: remove support for API bus "started outside our own logic"
Alan Jenkins [Thu, 21 Jun 2018 13:12:30 +0000 (14:12 +0100)]
core: remove support for API bus "started outside our own logic"

Looking at a recent Bad Day, my log contains over 100 lines of

    systemd[23895]: Failed to connect to API bus: Connection refused

It is due to "systemd --user" retrying to connect to an API bus.[*]  I
would prefer to avoid spamming the logs.  I don't think it is good for us
to retry so much like this.

systemd was mislead by something setting DBUS_SESSION_BUS_ADDRESS.  My best
guess is an unfortunate series of events caused gdm to set this.  gdm has
code to start a session dbus if there is not a bus available already (and
in this case it exports the environment variable).  I believe it does not
normally do this when running under systemd, because "systemd --user" and
hence "dbus.service" would already have been started by pam_systemd.

I see two possibilities

1. Rip out the check for DBUS_SESSION_BUS_ADDRESS entirely.
2. Only check for DBUS_SESSION_BUS_ADDRESS on startup.  Not in the
   "recheck" logic.

The justification for 2), is that the recheck is called from unit_notify(),
this is used to check whether the service just started (or stopped) was
"dbus.service".  This reason for rechecking does not apply if we think
the session bus was started outside our logic.

But I think we can justify 1).  dbus-daemon ships a statically-enabled
/usr/lib/systemd/user/dbus.service, which would conflict with an attempt to
use an external dbus.  Also "systemd --user" is started from user@.service;
if you try to start it manually so that it inherits an environment
variable, it will conflict if user@.service was started by pam_systemd
(or loginctl enable-linger).

6 years agoMerge pull request #9516 from keszybz/module-load-unification
Lennart Poettering [Fri, 20 Jul 2018 11:55:56 +0000 (13:55 +0200)]
Merge pull request #9516 from keszybz/module-load-unification

Module load unification

6 years agoMerge pull request #9614 from poettering/negative-sec
Lennart Poettering [Fri, 20 Jul 2018 11:22:01 +0000 (13:22 +0200)]
Merge pull request #9614 from poettering/negative-sec

parse-util: make sure "-0.-0s" is not considered a valid time specifi…

6 years agoAdd support for opening files for appending
Zsolt Dollenstein [Tue, 3 Jul 2018 19:22:29 +0000 (12:22 -0700)]
Add support for opening files for appending

Addresses part of #8983

6 years agoanalyze: fix width calculation in plot command
Yu Watanabe [Fri, 20 Jul 2018 08:21:10 +0000 (17:21 +0900)]
analyze: fix width calculation in plot command

6 years agoMerge pull request #9659 from yuwata/fix-network-memleak2
Lennart Poettering [Fri, 20 Jul 2018 10:38:49 +0000 (12:38 +0200)]
Merge pull request #9659 from yuwata/fix-network-memleak2

fix networkd memleak and voidify several function calls

6 years agoMerge pull request #9661 from yuwata/add-sigprocmask-to-short-lived-daemons
Lennart Poettering [Fri, 20 Jul 2018 07:50:28 +0000 (09:50 +0200)]
Merge pull request #9661 from yuwata/add-sigprocmask-to-short-lived-daemons

Add sigprocmask to short lived daemons

6 years agohostname: set sd_event_add_signal()
Yu Watanabe [Fri, 20 Jul 2018 06:00:02 +0000 (15:00 +0900)]
hostname: set sd_event_add_signal()

6 years agolocale: set sd_event_add_signal()
Yu Watanabe [Fri, 20 Jul 2018 05:59:36 +0000 (14:59 +0900)]
locale: set sd_event_add_signal()

6 years agotimedate: set sd_event_add_signal()
Yu Watanabe [Fri, 20 Jul 2018 05:59:23 +0000 (14:59 +0900)]
timedate: set sd_event_add_signal()

6 years agoparse-util: make sure "3.+1s" or "3. 1s" are not considered valid time specification
Filipe Brandenburger [Fri, 20 Jul 2018 04:50:35 +0000 (21:50 -0700)]
parse-util: make sure "3.+1s" or "3. 1s" are not considered valid time specification

Indeed, strtoll() is super-hard to use properly! :-(

Also added more tests for those cases and copied the tests to parse_nsec as well.

6 years agotimesync: voidify sd_event_add_signal() and sd_event_set_watchdog()
Yu Watanabe [Fri, 20 Jul 2018 02:30:11 +0000 (11:30 +0900)]
timesync: voidify sd_event_add_signal() and sd_event_set_watchdog()

6 years agoresolve: voidify sd_event_add_signal() and sd_event_set_watchdog()
Yu Watanabe [Fri, 20 Jul 2018 02:29:59 +0000 (11:29 +0900)]
resolve: voidify sd_event_add_signal() and sd_event_set_watchdog()