platform/upstream/systemd.git
6 years agoman: LockPersonality= implies NoNewPrivileges=
Yu Watanabe [Tue, 19 Dec 2017 03:48:54 +0000 (12:48 +0900)]
man: LockPersonality= implies NoNewPrivileges=

6 years agoanalyze: use normal bus connection for "plot" verb (#7685)
Zbigniew Jędrzejewski-Szmek [Mon, 18 Dec 2017 18:35:03 +0000 (19:35 +0100)]
analyze: use normal bus connection for "plot" verb (#7685)

We need to connect to hostnamed, so a private bus connection is no good.
It'd be simpler to use the normal bus connection unconditionally, but
that'd mean that e.g. systemd-analyze set-log-level might not work in
emergency mode. So let's keep trying to use the private connection except
for "plot".

Fixes #7667.

6 years agoMerge pull request #7687 from hbakken/work/add-missing-features2
Lennart Poettering [Mon, 18 Dec 2017 18:29:00 +0000 (19:29 +0100)]
Merge pull request #7687 from hbakken/work/add-missing-features2

Kernel 3.10 compat

6 years agobuild-sys: install TRANSIENT-SETTINGS.md and UIDS-GIDS.md (#7690)
Felipe Sateler [Mon, 18 Dec 2017 13:58:13 +0000 (10:58 -0300)]
build-sys: install TRANSIENT-SETTINGS.md and UIDS-GIDS.md (#7690)

6 years agocryptsetup-generator: Don't mistake NULL input as OOM (#7688)
Jan Alexander Steffens [Mon, 18 Dec 2017 13:47:18 +0000 (14:47 +0100)]
cryptsetup-generator: Don't mistake NULL input as OOM (#7688)

Since systemd v236, several Arch users complained that
systemd-cryptsetup-generator exits with an OOM error and that it
prevents the boot from continuing.

Investigating the diff of cryptsetup-generator between v235 and v236 I
noticed that create_disk allowed for the `password` and `filtered`
variables to be NULL (they're handled with `strempty()`) but not their
`*_escaped` versions, and returned OOM errors in those cases.

Fix this by checking that the input string is non-NULL before deciding
that `specifier_escape` had an OOM error.

I could not test this fix myself, but some users have reported success.

Downstream bug: https://bugs.archlinux.org/task/56733

6 years agomissing: Add DM_DEFERRED_REMOVE
Henrik Grindal Bakken [Thu, 23 Mar 2017 15:19:15 +0000 (16:19 +0100)]
missing: Add DM_DEFERRED_REMOVE

Also include missing.h in dissect-image.c to pick it up.

6 years agomissing: Define SMACK_MAGIC if it's missing
Henrik Grindal Bakken [Thu, 23 Mar 2017 15:09:10 +0000 (16:09 +0100)]
missing: Define SMACK_MAGIC if it's missing

6 years agonspawn: Include missing.h
Henrik Grindal Bakken [Thu, 23 Mar 2017 15:02:43 +0000 (16:02 +0100)]
nspawn: Include missing.h

6 years agomissing: Define EFIVARFS_MAGIC if missing
Henrik Grindal Bakken [Thu, 23 Mar 2017 15:02:20 +0000 (16:02 +0100)]
missing: Define EFIVARFS_MAGIC if missing

6 years agomissing: Add MAX_HANDLE_SZ
Henrik Grindal Bakken [Thu, 23 Mar 2017 15:07:33 +0000 (16:07 +0100)]
missing: Add MAX_HANDLE_SZ

6 years agocatalog: update Russian translation (#7678)
Sergey Ptashnick [Mon, 18 Dec 2017 12:41:43 +0000 (15:41 +0300)]
catalog: update Russian translation (#7678)

Translated taint message.

Also added a blank line before "Current system is tagged" for better
visual separation between current system state and tags description.

6 years agomissing: Add PR_SET_MM_{ARG,ENV}_{START,END}
Henrik Grindal Bakken [Thu, 23 Mar 2017 14:42:15 +0000 (15:42 +0100)]
missing: Add PR_SET_MM_{ARG,ENV}_{START,END}

6 years agomissing: Add some more btrfs structs and constants
Henrik Grindal Bakken [Thu, 23 Mar 2017 14:33:06 +0000 (15:33 +0100)]
missing: Add some more btrfs structs and constants

6 years agobtrfs: Include missing.h in btrfs-ctree.h
Henrik Grindal Bakken [Thu, 23 Mar 2017 14:30:57 +0000 (15:30 +0100)]
btrfs: Include missing.h in btrfs-ctree.h

6 years agocondition: Create AssertControlGroupController (#7630)
Chris Down [Mon, 18 Dec 2017 07:53:29 +0000 (07:53 +0000)]
condition: Create AssertControlGroupController (#7630)

Up until now, the behaviour in systemd has (mostly) been to silently
ignore failures to action unit directives that refer to an unavailble
controller. The addition of AssertControlGroupController and its
conditional counterpart allow explicit specification of the desired
behaviour when such a situation occurs.

As for how this can happen, it is possible that a particular controller
is not available in the cgroup hierarchy. One possible reason for this
is that, in the running kernel, the controller simply doesn't exist --
for example, the CPU controller in cgroup v2 has only recently been
merged and was out of tree until then. Another possibility is that the
controller exists, but has been forcibly disabled by `cgroup_disable=`
on the kernel command line.

In future this will also support whatever comes out of issue #7624,
`DefaultXAccounting=never`, or similar.

6 years agoMerge pull request #7665 from poettering/main-cleanup
Zbigniew Jędrzejewski-Szmek [Mon, 18 Dec 2017 07:26:36 +0000 (08:26 +0100)]
Merge pull request #7665 from poettering/main-cleanup

let's split up main() into more functions, to make it digestable

6 years agocatalog: update Polish translation (#7660)
Piotr Drąg [Sat, 16 Dec 2017 14:20:34 +0000 (15:20 +0100)]
catalog: update Polish translation (#7660)

6 years agoMerge pull request #7664 from poettering/fix-integration-tests
Zbigniew Jędrzejewski-Szmek [Sat, 16 Dec 2017 14:01:04 +0000 (15:01 +0100)]
Merge pull request #7664 from poettering/fix-integration-tests

Fix integration tests

6 years agoman: generalize "binary" to "program" (#7668)
Alan Jenkins [Sat, 16 Dec 2017 10:48:12 +0000 (10:48 +0000)]
man: generalize "binary" to "program" (#7668)

Systemd services are permitted to be scripts, as well as binary
executables.

The same also applies to the underlying /sbin/mount and /sbin/swapon.
It is not necessary for the user to consider what type of program file
these are.  Nor is it necessary with systemd-nspawn, to distinguish between
init as a "binary" v.s. a user-specified "program".

Also fix a couple of grammar nits in the modified sentences.

6 years agomeson: libudev_core and udevadm should have LOG_REALM=LOG_REALM_UDEV (#7666)
Franck Bui [Sat, 16 Dec 2017 08:36:36 +0000 (09:36 +0100)]
meson: libudev_core and udevadm should have LOG_REALM=LOG_REALM_UDEV (#7666)

Otherwise, setting udev_log=debug in /etc/udev/udev.conf has no effects since
systemd-udevd is built with LOG_REALM=LOG_REALM_UDEV.

However using LOG_REALM_UDEV (for libudev_core) reveals another similar bug for
udevadm which should also define LOG_REALM_UDEV.

6 years agoMerge pull request #7661 from keszybz/slice-cleanups
Lennart Poettering [Fri, 15 Dec 2017 19:55:39 +0000 (20:55 +0100)]
Merge pull request #7661 from keszybz/slice-cleanups

Slice cleanups and systemd-mount --owner

6 years agomain: add some more comments for the early initialization phase
Lennart Poettering [Fri, 15 Dec 2017 18:03:17 +0000 (19:03 +0100)]
main: add some more comments for the early initialization phase

6 years agomain: reorder variable declarations a bit
Lennart Poettering [Fri, 15 Dec 2017 18:02:35 +0000 (19:02 +0100)]
main: reorder variable declarations a bit

Let's remove a bit redundancy, and list variables of the same
type/category in one declaration line.

6 years agomain: split out 'skip_setup' check into its own functions
Lennart Poettering [Fri, 15 Dec 2017 17:53:03 +0000 (18:53 +0100)]
main: split out 'skip_setup' check into its own functions

And let's optimize it a tiny bit, by only iterating through the argument
list once, instead of twice.

6 years agomain: do bother with uid_to_name() unless we do debug logging
Lennart Poettering [Fri, 15 Dec 2017 17:51:54 +0000 (18:51 +0100)]
main: do bother with uid_to_name() unless we do debug logging

6 years agomain: conditionalize fixup_environment() internally
Lennart Poettering [Fri, 15 Dec 2017 16:54:20 +0000 (17:54 +0100)]
main: conditionalize fixup_environment() internally

This code is executed before we parse command line/configuration
parameters, hence let's not use arg_system to figure our how to clean up
things, but instead PID == 1. Let's move that check inside of the
function, to make things a bit more robust abstract from the outside.

Also, let's add a log message about this, that was so far missing.

6 years agomain: let's move ACTION_RUN test into initialize_runtime()
Lennart Poettering [Fri, 15 Dec 2017 16:52:33 +0000 (17:52 +0100)]
main: let's move ACTION_RUN test into initialize_runtime()

Let's hide this check inside the function and make it easier to follow
the general control flow of main().

6 years agomount-setup: fix MNT_CHECK_WRITABLE error handling, and log about the issue
Lennart Poettering [Fri, 15 Dec 2017 16:37:16 +0000 (17:37 +0100)]
mount-setup: fix MNT_CHECK_WRITABLE error handling, and log about the issue

Let's correct the error handling (the error is in errno, not r), and
let's add logging like the rest of the function has it.

6 years agomain: tweak timerslack message a bit
Lennart Poettering [Fri, 15 Dec 2017 16:36:19 +0000 (17:36 +0100)]
main: tweak timerslack message a bit

Let's clarify that this is a non-issue, by downgrading it to LOG_WARN
and saying "ignoring" in the message.

6 years agomain: move install_crash_handler() and mount_cgroup_controllers() invocations
Lennart Poettering [Fri, 15 Dec 2017 16:34:12 +0000 (17:34 +0100)]
main: move install_crash_handler() and mount_cgroup_controllers() invocations

Let's place them in initialize_runtime(), where they appear to fit best.
Effectively this is just a move a little bit down, swapping places with
log_execution_mode(), which should require neither call to be done
first.

Note that changes the conditionalization a bit for these calls, from
(PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same
however, as we don't allow PID 1 without ACTION_RUN and without
arg_system set, safety_checks() ensures that.

6 years agocore: move arg_show_status fix-up into load_configuration()
Lennart Poettering [Fri, 15 Dec 2017 16:16:24 +0000 (17:16 +0100)]
core: move arg_show_status fix-up into load_configuration()

It's part of finalizing our runtime parameters, hence let's move this
into load_configuration() after we loaded everything else. This is safe,
since we don't use it between the location where it was and where we
place it now yet.

6 years agomain: split out code that sets up the console/terminal and stuff
Lennart Poettering [Fri, 15 Dec 2017 16:13:36 +0000 (17:13 +0100)]
main: split out code that sets up the console/terminal and stuff

More refactoring to make main() more digestable.

6 years agomain: split out code that collects passed fds
Lennart Poettering [Fri, 15 Dec 2017 16:09:18 +0000 (17:09 +0100)]
main: split out code that collects passed fds

More refactoring to make main() more digestable

6 years agomain: slight modernizations for status_welcome()
Lennart Poettering [Fri, 15 Dec 2017 16:03:55 +0000 (17:03 +0100)]
main: slight modernizations for status_welcome()

There's no point in duplicating the complex parse_env_file() invocation,
hence let's not do it.

6 years agomain: let's move the arg_show_status check into status_welcome()
Lennart Poettering [Fri, 15 Dec 2017 16:00:35 +0000 (17:00 +0100)]
main: let's move the arg_show_status check into status_welcome()

It's kinda nice to hide this check inside of status_welcome() itself, so
that it handles all this on its own.

6 years agomain: slightly rearrange serialization fdset, and logging/console setup
Lennart Poettering [Fri, 15 Dec 2017 15:53:13 +0000 (16:53 +0100)]
main: slightly rearrange serialization fdset, and logging/console setup

Let's merge two if blocks, and move log_close()/log_open() out of the
testing codepath, as there's no reason to have it there.

6 years agomain: move chdir("/") a bit earlier
Lennart Poettering [Fri, 15 Dec 2017 15:49:43 +0000 (16:49 +0100)]
main: move chdir("/") a bit earlier

There's no need to do this within the block where logging is closed,
hence move it earlier, so that this block can be kept as small as
possible.

6 years agomain: move initialize_join_controllers() invocation into load_configuration()
Lennart Poettering [Fri, 15 Dec 2017 15:48:07 +0000 (16:48 +0100)]
main: move initialize_join_controllers() invocation into load_configuration()

This just sets up some variables the loaded configuration will then
modify. Let's invoke it hence right before loading the configuration.

This moves the initialization just a tiny bit later, but that shouldn't
matter, since we never access it in-between.

6 years agomain: split out taint string logging into its own function
Lennart Poettering [Fri, 15 Dec 2017 15:38:57 +0000 (16:38 +0100)]
main: split out taint string logging into its own function

It's sufficiently complex now, let's add our own function for this too.

6 years agocore: add more safety check
Lennart Poettering [Fri, 15 Dec 2017 15:38:20 +0000 (16:38 +0100)]
core: add more safety check

Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode,
and in arg_system mode, as well as the opposite.

Everything else is untested and probably not worth supporting hence
let's bail out early if people try anyway.

6 years agocore: split out test summary output into its own function
Lennart Poettering [Fri, 15 Dec 2017 15:34:13 +0000 (16:34 +0100)]
core: split out test summary output into its own function

More refactoring to make main() shorter.

6 years agomain: split out security policy loading into its own function
Lennart Poettering [Fri, 15 Dec 2017 15:32:10 +0000 (16:32 +0100)]
main: split out security policy loading into its own function

More refactoring to make things more digestable.

6 years agomain: invoke pager_open() only at one place
Lennart Poettering [Fri, 15 Dec 2017 15:25:28 +0000 (16:25 +0100)]
main: invoke pager_open() only at one place

Let's just move this up a few lines and unify the invocation.

6 years agocore: split out various startup safety checks from main() into its own function
Lennart Poettering [Fri, 15 Dec 2017 15:23:09 +0000 (16:23 +0100)]
core: split out various startup safety checks from main() into its own function

No functional changes, just some refactoring to make main() more
digestable.

6 years agomain: split out all parsing of command line arguments/kernel arguments/configuration...
Lennart Poettering [Fri, 15 Dec 2017 15:14:19 +0000 (16:14 +0100)]
main: split out all parsing of command line arguments/kernel arguments/configuration files

Let's shorten main() a bit, and split out everything that loads our
configuration and runtime parameters into a function of its own.

No changes in behaviour.

6 years agomain: minor optimization
Lennart Poettering [Fri, 15 Dec 2017 15:13:44 +0000 (16:13 +0100)]
main: minor optimization

Let's remove one memory allocation in the common path.

6 years agotest: fix TEST-13-NSPAWN-SMOKE
Lennart Poettering [Fri, 15 Dec 2017 19:49:11 +0000 (20:49 +0100)]
test: fix TEST-13-NSPAWN-SMOKE

We need to specify a full path to the "ip" binary and busybox "ip" has a
slightly different output than the normal ip, and won't show "DOWN".
hence instead ensure that at lest not "UP" is in there.

6 years agotest: make sure "make" in the test directories works again
Lennart Poettering [Fri, 15 Dec 2017 18:47:16 +0000 (19:47 +0100)]
test: make sure "make" in the test directories works again

Fixes: #7648

6 years agogenerator: add helper function for writing unit files
Zbigniew Jędrzejewski-Szmek [Sat, 9 Dec 2017 18:23:26 +0000 (19:23 +0100)]
generator: add helper function for writing unit files

It doesn't save too much, but it's a common pattern so I think it's worth
to factor this out.

6 years agoFix logical error in meson.build (#7658)
Max Harmathy [Fri, 15 Dec 2017 15:05:25 +0000 (16:05 +0100)]
Fix logical error in meson.build (#7658)

sysvinit_path and sysvrcnd_path have to be set both to activate Sysv compatibility.

6 years agomount: add option to specify uid= and gid=
Zbigniew Jędrzejewski-Szmek [Sat, 9 Dec 2017 09:18:48 +0000 (10:18 +0100)]
mount: add option to specify uid= and gid=

The kernel needs two numbers, but for the user it's most convenient to provide the
user name and have that resolved to uid and gid.

Right now the primary group of the specified user is always used. That's the most
common case anyway. In the future we can extend the --owner option to allow a group
after a colon.

[I added this before realizing that this will not be enough to be used for user
runtime directory. But this seems useful on its own, so I'm keeping this commit.]

6 years agologind: use free_and_replace in one spot
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 21:16:16 +0000 (22:16 +0100)]
logind: use free_and_replace in one spot

No functional change.

6 years agotree-wide: use SPECIAL_ROOT_SLICE
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 13:28:00 +0000 (14:28 +0100)]
tree-wide: use SPECIAL_ROOT_SLICE

6 years agocore: reuse slice_build_parent_slice
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 13:23:58 +0000 (14:23 +0100)]
core: reuse slice_build_parent_slice

6 years agologind: fix misleading message
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 12:12:13 +0000 (13:12 +0100)]
logind: fix misleading message

This message would also be emitted at boot for any user with linger
enabled, so "logged in" is the wrong term to use.

6 years agologind: simplify one conditional
Zbigniew Jędrzejewski-Szmek [Thu, 7 Dec 2017 11:57:31 +0000 (12:57 +0100)]
logind: simplify one conditional

Don't bother with removing the directory if we didn't create it.

6 years agoman: Clarify when OnFailure= activates after restarts (#7646)
Ken (Bitsko) MacLeod [Fri, 15 Dec 2017 10:10:41 +0000 (04:10 -0600)]
man: Clarify when OnFailure= activates after restarts (#7646)

6 years agotree-wide: add DEBUG_LOGGING macro that checks whether debug logging is on (#7645)
Lennart Poettering [Fri, 15 Dec 2017 10:09:00 +0000 (11:09 +0100)]
tree-wide: add DEBUG_LOGGING macro that checks whether debug logging is on (#7645)

This makes things a bit easier to read I think, and also makes sure we
always use the _unlikely_ wrapper around it, which so far we used
sometimes and other times we didn't. Let's clean that up.

6 years agoMerge pull request #7637 from yuwata/transient-path
Lennart Poettering [Fri, 15 Dec 2017 09:53:49 +0000 (10:53 +0100)]
Merge pull request #7637 from yuwata/transient-path

core/path: implement transient path unit

6 years agoMerge pull request #7631 from cgwalters/systemctl-offline
Lennart Poettering [Fri, 15 Dec 2017 09:29:21 +0000 (10:29 +0100)]
Merge pull request #7631 from cgwalters/systemctl-offline

systemctl,verbs: Introduce SYSTEMCTL_OFFLINE environment variable

6 years agoMerge pull request #7644 from poettering/memzero
Lennart Poettering [Fri, 15 Dec 2017 09:27:31 +0000 (10:27 +0100)]
Merge pull request #7644 from poettering/memzero

add memzero()/zero() coccinelle scripts and use them

6 years agoCODING_STYLE: provide better explanation why /* */ over // (#7647)
Lennart Poettering [Fri, 15 Dec 2017 09:26:07 +0000 (10:26 +0100)]
CODING_STYLE: provide better explanation why /* */ over // (#7647)

Let's provide a real reason why /* */ should be used for commenting,
rather than //, beyond mere taste.

(This ultimately simply codifies how I use // vs. /* */ comments, and I
think this is useful as an explanation and reason hence.)

6 years agoTODO: update
Yu Watanabe [Thu, 14 Dec 2017 13:17:17 +0000 (22:17 +0900)]
TODO: update

6 years agodoc: update TRANSIENT-SETTINGS.md
Yu Watanabe [Thu, 14 Dec 2017 13:02:06 +0000 (22:02 +0900)]
doc: update TRANSIENT-SETTINGS.md

6 years agobus-unit-util: add path unit related options
Yu Watanabe [Fri, 15 Dec 2017 00:11:39 +0000 (09:11 +0900)]
bus-unit-util: add path unit related options

6 years agocore/path: implement transient path unit
Yu Watanabe [Mon, 11 Dec 2017 15:10:58 +0000 (00:10 +0900)]
core/path: implement transient path unit

6 years agocore/dbus-timer: improve error messages
Yu Watanabe [Thu, 14 Dec 2017 12:52:47 +0000 (21:52 +0900)]
core/dbus-timer: improve error messages

6 years agobus-unit-util: improve error messages
Yu Watanabe [Thu, 14 Dec 2017 07:34:26 +0000 (16:34 +0900)]
bus-unit-util: improve error messages

6 years agobus-unit-util: remove unnecessary oom check
Yu Watanabe [Thu, 14 Dec 2017 07:32:59 +0000 (16:32 +0900)]
bus-unit-util: remove unnecessary oom check

We cannot detect error by alloca().

6 years agofinal v236 update (#7649) v236
Lennart Poettering [Thu, 14 Dec 2017 22:09:57 +0000 (23:09 +0100)]
final v236 update (#7649)

6 years agoMerge pull request #7608 from poettering/more-news-v236
Lennart Poettering [Thu, 14 Dec 2017 21:58:22 +0000 (22:58 +0100)]
Merge pull request #7608 from poettering/more-news-v236

more v236 news improvements

6 years agoMerge pull request #6598 from kyle-walker/shutdown-limit
Lennart Poettering [Thu, 14 Dec 2017 21:57:57 +0000 (22:57 +0100)]
Merge pull request #6598 from kyle-walker/shutdown-limit

core: Limit the time and attempts in shutdown remount/umount efforts

6 years agoMerge pull request #7640 from keszybz/tainting-updates
Lennart Poettering [Thu, 14 Dec 2017 21:57:17 +0000 (22:57 +0100)]
Merge pull request #7640 from keszybz/tainting-updates

Tainting updates

6 years agoMerge pull request #7469 from kinvolk/dongsu/nspawn-netns
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 21:47:57 +0000 (22:47 +0100)]
Merge pull request #7469 from kinvolk/dongsu/nspawn-netns

nspawn: introduce an option for specifying network namespace path

6 years agoUpdate TODO
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 13:12:39 +0000 (14:12 +0100)]
Update TODO

6 years agomeson: restore --update-catalog call after install
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 13:12:31 +0000 (14:12 +0100)]
meson: restore --update-catalog call after install

This got dropped by mistake in 72cdb3e783174dcf9223a49f03e3b0e2ca95ddb8.

6 years agoMake taint message structured and add catalog entry
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 09:15:41 +0000 (10:15 +0100)]
Make taint message structured and add catalog entry

Dec 14 14:10:54 krowka systemd[1]: System is tainted: overflowgid-not-65534
-- Subject: The system is configured in a way that might cause problems
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The following "tags" are possible:
-- - "split-usr" — /usr is a separate file system and was not mounted when systemd
--   was booted
-- - "cgroups-missing" — the kernel was compiled without cgroup support or access
--   to expected interface files is resticted
-- - "var-run-bad" — /var/run is not a symlink to /run
-- - "overflowuid-not-65534" — the kernel user ID used for "unknown" users (with
--   NFS or user namespaces) is not 65534
-- - "overflowgid-not-65534" — the kernel group ID used for "unknown" users (with
--   NFS or user namespaces) is not 65534
-- Current system is tagged as overflowgid-not-65534.

6 years agocore: drop taints for nobody user/group names
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 11:44:21 +0000 (12:44 +0100)]
core: drop taints for nobody user/group names

We have a check and warning at compile time. The user cannot do anything about
this at runtime, and all other taints are about checks that happen at runtime
and are specific to that system (and at least potentially correctable).

(The logic in the compilation-time check was updated to treat "nogroup" as OK,
but not the runtime check. But I think it's better to remove the runtime check
for this altogether, so this becomes moot.)

6 years agoverbs: Rename VERB_OFFLINE to VERB_ONLINE_ONLY, expand MUSTBEROOT
Colin Walters [Thu, 14 Dec 2017 20:23:02 +0000 (15:23 -0500)]
verbs: Rename VERB_OFFLINE to VERB_ONLINE_ONLY, expand MUSTBEROOT

Followup to previous commit. Suggested by @poettering.
Reindented the `verbs[]` tables to match the apparent previous
whitespace rules (indent to one flag, allow multiple flags to overflow?).

6 years agosystemctl,verbs: Introduce SYSTEMD_OFFLINE environment variable
Colin Walters [Wed, 13 Dec 2017 21:04:41 +0000 (16:04 -0500)]
systemctl,verbs: Introduce SYSTEMD_OFFLINE environment variable

A lot of code references the `running_in_chroot()` function; while
I didn't dig I'm pretty certain this arose to deal with situations
like RPM package builds in `mock` - there we don't want the `%post`s
to `systemctl start` for example.

And actually this exact same use case arises for
[rpm-ostree](https://github.com/projectatomic/rpm-ostree/)
where we implement offline upgrades by default; the `%post`s are
always run in a new chroot using [bwrap](https://github.com/projectatomic/bubblewrap).

And here's the problem: bwrap creates proper mount roots, so it
passes `running_in_chroot()`, and then if a script tries to do
`systemctl start` we get:
`System has not been booted with systemd as init system (PID 1)`
but that's an *error*, unlike the `running_in_chroot()` case where we ignore.

Further complicating things is there are real world RPM packages
like `glusterfs` which end up invoking `systemctl start`.

A while ago, the `SYSTEMD_IGNORE_CHROOT` environment variable was
added for the inverse case of running in a chroot, but still wanting
to use systemd as PID 1 (presumably some broken initramfs setups?).

Let's introduce a `SYSTEMD_OFFLINE` environment variable for cases like
mock/rpm-ostree so we can force on the "ignore everything except preset" logic.
This way we'll still not start services even if mock switches to use nspawn or
bwrap or something else that isn't a chroot.

We also cleanly supercede the `SYSTEMD_IGNORE_CHROOT=1` which is now spelled
`SYSTEMD_OFFLINE=0`.  (Suggested by @poettering)

Also I made things slightly nicer here and we now print the ignored operation.

6 years agoMerge pull request #7643 from keszybz/hwdb-update-again
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 20:13:20 +0000 (21:13 +0100)]
Merge pull request #7643 from keszybz/hwdb-update-again

Hwdb update again

6 years agoresolve: extend systemd-resolve so that it can push per-interface DNS configuration...
Lennart Poettering [Thu, 14 Dec 2017 19:13:14 +0000 (20:13 +0100)]
resolve: extend systemd-resolve so that it can push per-interface DNS configuration into systemd-resolved (#7576)

This is useful to debug things, but also to hook up external post-up
scripts with resolved.

Eventually this code might be useful to implement a
resolvconf(8)-compatible interface for compatibility purposes. Since the
semantics don't map entirely cleanly as first step we add a native
interface for pushing DNS configuration into resolved, that exposes the
correct semantics, before adding any compatibility interface.

See: #7202

6 years agoudev-link-config: add missing OOM check
Lennart Poettering [Thu, 14 Dec 2017 19:09:45 +0000 (20:09 +0100)]
udev-link-config: add missing OOM check

6 years agolink-config: make initialization to -1 less weird
Lennart Poettering [Thu, 14 Dec 2017 18:50:43 +0000 (19:50 +0100)]
link-config: make initialization to -1 less weird

memset() is weird anyway, since it expects an "int" as second parameter,
which it then uses as a byte, i.e. as uint8_t or something like that.
But by passing -1 to it, things get particularly weird, as that relies
on sign expansion to do the right thing.

6 years agococcinelle: automatically rewrite memset() to zero() or memzero() where we can
Lennart Poettering [Thu, 14 Dec 2017 18:47:46 +0000 (19:47 +0100)]
coccinelle: automatically rewrite memset() to zero() or memzero() where we can

We are pretty good at this already, hence only a single case is actually
found by this.

6 years agotree-wide: make use of new STRLEN() macro everywhere (#7639)
Lennart Poettering [Thu, 14 Dec 2017 18:02:29 +0000 (19:02 +0100)]
tree-wide: make use of new STRLEN() macro everywhere (#7639)

Let's employ coccinelle to do this for us.

Follow-up for #7625.

6 years agocore: Implement sync_with_progress()
Kyle Walker [Thu, 14 Dec 2017 16:46:03 +0000 (11:46 -0500)]
core: Implement sync_with_progress()

In similar fashion to the previous change, sync() operations can stall
endlessly if cache is unable to be written out. In order to avoid an
unbounded hang, the sync takes place within a child process. Every 10
seconds (SYNC_TIMEOUT_USEC), the value of /proc/meminfo "Dirty" is checked
to verify it is smaller than the last iteration. If the sync is not making
progress for 3 successive iterations (SYNC_PROGRESS_ATTEMPTS), a SIGKILL is
sent to the sync process and the shutdown continues.

6 years agotest: add smoke tests for `--network-namespace-path`
Iago López Galeiras [Tue, 12 Dec 2017 16:47:41 +0000 (16:47 +0000)]
test: add smoke tests for `--network-namespace-path`

We create net ns with `ip netns`, pass the created ns to nspawn and
check the loopback interface is DOWN.

6 years agoNEWS: update NEWS again, and prepare for a release tomorrow
Lennart Poettering [Wed, 13 Dec 2017 17:27:59 +0000 (18:27 +0100)]
NEWS: update NEWS again, and prepare for a release tomorrow

6 years agomeson: increase version numbers
Lennart Poettering [Mon, 11 Dec 2017 15:10:25 +0000 (16:10 +0100)]
meson: increase version numbers

6 years agoMerge pull request #7610 from poettering/stdio-nolocking
Lennart Poettering [Thu, 14 Dec 2017 15:56:36 +0000 (16:56 +0100)]
Merge pull request #7610 from poettering/stdio-nolocking

use __fsetlocking() to turn off thread locking in STDIO where applicable

6 years agohwdb: update
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 14:47:43 +0000 (15:47 +0100)]
hwdb: update

The changes in pci.ids, usb.ids, and the .hwdb files are almost always
additions. 20-OUI.hwdb drops a few names and replaces them by
"IEEE Registration Authority". I'm not sure what to do about this.
Many other removals do not seem to be removals of real entries, but
rather placeholder or generic names.

6 years agohwdb/ids_parser: use replacement chars for invalid characters
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 14:42:25 +0000 (15:42 +0100)]
hwdb/ids_parser: use replacement chars for invalid characters

We have some more non-utf8 characters. Let's just replace them, this doesn't
matter much.

6 years agomeson-hwdb-update: fix undefined variable access
Zbigniew Jędrzejewski-Szmek [Thu, 14 Dec 2017 13:36:03 +0000 (14:36 +0100)]
meson-hwdb-update: fix undefined variable access

I added the test if an optional parameter is not empty, but that doesn't work
with -u. Provide an empty "fallback" value to fix the issue.

Also group the update steps so that it's easier to see what is going on.

6 years agocore: Implement timeout based umount/remount limit
Kyle Walker [Wed, 13 Dec 2017 17:49:26 +0000 (12:49 -0500)]
core: Implement timeout based umount/remount limit

Remount, and subsequent umount, attempts can hang for inaccessible network
based mount points. This can leave a system in a hard hang state that
requires a hard reset in order to recover. This change moves the remount,
and umount attempts into separate child processes. The remount and umount
operations will block for up to 90 seconds (DEFAULT_TIMEOUT_USEC). Should
those waits fail, the parent will issue a SIGKILL to the child and continue
with the shutdown efforts.

In addition, instead of only reporting some additional errors on the final
attempt, failures are reported as they occur.

6 years agosd-bus: fix a memory leak in message_new_reply() (#7636)
Cong Wang [Thu, 14 Dec 2017 12:07:04 +0000 (04:07 -0800)]
sd-bus: fix a memory leak in message_new_reply() (#7636)

Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
6 years agoMerge pull request #7606 from yuwata/run-timer
Lennart Poettering [Thu, 14 Dec 2017 12:04:30 +0000 (13:04 +0100)]
Merge pull request #7606 from yuwata/run-timer

run: allow to specify multiple timer options

6 years agocore: add EXTEND_TIMEOUT_USEC={usec} - prevent timeouts in startup/runtime/shutdown...
Daniel Black [Thu, 14 Dec 2017 11:17:43 +0000 (22:17 +1100)]
core: add EXTEND_TIMEOUT_USEC={usec} - prevent timeouts in startup/runtime/shutdown (#7214)

With Type=notify services, EXTEND_TIMEOUT_USEC= messages will delay any startup/
runtime/shutdown timeouts.

A service that hasn't timed out, i.e, start time < TimeStartSec,
runtime < RuntimeMaxSec and stop time < TimeoutStopSec, may by sending
EXTEND_TIMEOUT_USEC=, allow the service to continue beyond the limit for
the execution phase (i.e TimeStartSec, RunTimeMaxSec and TimeoutStopSec).

EXTEND_TIMEOUT_USEC= must continue to be sent (in the same way as
WATCHDOG=1) within the time interval specified to continue to reprevent
the timeout from occuring.

Watchdog timeouts are also extended if a EXTEND_TIMEOUT_USEC is greater
than the remaining time on the watchdog counter.

Fixes #5868.

6 years agobusctl: let's make use of the log_error_errno() calls
Lennart Poettering [Mon, 11 Dec 2017 19:31:36 +0000 (20:31 +0100)]
busctl: let's make use of the log_error_errno() calls

6 years agobusctl: modernize code a bit
Lennart Poettering [Mon, 11 Dec 2017 19:30:07 +0000 (20:30 +0100)]
busctl: modernize code a bit

I am puzzled why coccinelle is unwilling to detect these cases...