Lennart Poettering [Mon, 29 Jul 2019 17:05:25 +0000 (19:05 +0200)]
exit-status: rename EXIT_STATUS_GLIBC → EXIT_STATUS_LIBC
After all these two exit codes are defined by ISO C as part of the C
library, and it's not the GNU implementation defines them.
Lennart Poettering [Mon, 29 Jul 2019 16:58:06 +0000 (18:58 +0200)]
Merge pull request #13207 from keszybz/symbolic-exit-code-names
Symbolic exit code names
Zbigniew Jędrzejewski-Szmek [Sat, 27 Jul 2019 21:40:24 +0000 (23:40 +0200)]
pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message
We now log at LOG_INFO for any unit. Let's vary the log level
a bit, so that for normal short lived-units (less than 1 sec CPU),
we only log if debugging is enabled.
Lennart Poettering [Mon, 29 Jul 2019 09:40:30 +0000 (11:40 +0200)]
analyze: dot(1) man page link should be urlified
I mean, let's not miss out on this excellent opportunity to use
hyperlinks on terminals.
(Unfortunately not see unless you invoke 'systemd-analyze --no-pager
--help', because 'less' is so much stuck in the past :-(.)
Zbigniew Jędrzejewski-Szmek [Mon, 29 Jul 2019 14:03:54 +0000 (16:03 +0200)]
Merge pull request #13212 from poettering/sleep-conf-default
sleep: document default HibernateDelaySec=
Zbigniew Jędrzejewski-Szmek [Mon, 29 Jul 2019 13:53:24 +0000 (15:53 +0200)]
NEWS: add entry about exit status changes
Zbigniew Jędrzejewski-Szmek [Mon, 29 Jul 2019 13:44:39 +0000 (15:44 +0200)]
analyze: add exit-codes verb
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 13:00:08 +0000 (15:00 +0200)]
units: use symbolic exit code names
(nspawn uses 133 which doesn't have a name. That's reasonable, because
there's less chance of conflict with a return value from the payload.)
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 11:47:39 +0000 (13:47 +0200)]
systemctl: do print all statuses/signals received from pid1
If for some reason we do not know some signal, instead of silently
skipping it, let's print it numerically. Likewise, 'show' is not the
right place to do value filtering for exit codes. If pid1 accepted it,
let's just print it with no fuss.
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 11:00:01 +0000 (13:00 +0200)]
pid1: fix message about triggers missing services
systemd[1]: systemd-tmpfiles-clean.timer: Refusing to start, unit systemd-tmpfiles-cle
an.timer to trigger not loaded.
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 10:37:31 +0000 (12:37 +0200)]
pid1,systemctl: allow symbolic exit code names
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 09:55:49 +0000 (11:55 +0200)]
shared/bus-util: fix dbus serialization of {RestartPrevent,RestartForce,Success}ExitStatus
We were passing 1/4th of the size in bytes as argument. So depending
on the size of the array, either we'd only transfer a subset of values,
or we'd get an alignment error.
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 09:43:53 +0000 (11:43 +0200)]
bus-util: convert bus_log_{parse,create}_error into defines
With SYSTEMD_LOG_LOCATION=1, it is much more useful to see the location
where the call to bus_log_{parse,create}_error() was made, rather then
the one-line body of the helper function. Also, it's our internal code,
so having a one-line non-inline function doesn't make much sense anyway.
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 09:14:46 +0000 (11:14 +0200)]
shared/exit-status: use Bitmap instead of Sets
I opted to embed the Bitmap structure directly in the ExitStatusSet.
This means that memory usage is a bit higher for units which don't define
this setting:
Service changes:
/* size: 2720, cachelines: 43, members: 73 */
/* sum members: 2680, holes: 9, sum holes: 39 */
/* sum bitfield members: 7 bits, bit holes: 1, sum bit holes: 1 bits */
/* last cacheline: 32 bytes */
/* size: 2816, cachelines: 44, members: 73 */
/* sum members: 2776, holes: 9, sum holes: 39 */
/* sum bitfield members: 7 bits, bit holes: 1, sum bit holes: 1 bits */
But this way the code is simpler and we do less pointer chasing.
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 09:04:12 +0000 (11:04 +0200)]
shared/bitmap: constify various operators which don't modify bitmap
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 08:19:53 +0000 (10:19 +0200)]
shared/exit-status: add exit_status_from_string()
Zbigniew Jędrzejewski-Szmek [Sun, 28 Jul 2019 08:13:21 +0000 (10:13 +0200)]
shared/exit-status: turn status level into a bitmask, add "test"
The "test" doesn't really test much automatically, but it is still useful
to look at the mappings.
Lennart Poettering [Mon, 29 Jul 2019 12:25:04 +0000 (14:25 +0200)]
Merge pull request #13209 from poettering/nspawn-volatile-merged-usr
make incompatibility of non-/usr-merged distros with --volatile=yes more discoverable
Lennart Poettering [Mon, 29 Jul 2019 11:40:23 +0000 (13:40 +0200)]
Merge pull request #13184 from poettering/nspawn-usr-root
Allow "systemd-nspawn -D / --volatile=yes" to work
Zach Smith [Mon, 15 Jul 2019 03:01:20 +0000 (20:01 -0700)]
systemd-sleep: use swaps in priority order
In situations where hibernation is requested but resume= and
resume_offset= kernel parameters are not configured, systemd
will attempt to locate a suitable swap location by inspecting
/proc/swaps. This change will use the first suitable swap with
the highest configured priority.
Lennart Poettering [Mon, 29 Jul 2019 10:49:38 +0000 (12:49 +0200)]
man: document default HibernateDelaySec= setting
Lennart Poettering [Mon, 29 Jul 2019 10:49:13 +0000 (12:49 +0200)]
update TODO
Lennart Poettering [Mon, 29 Jul 2019 07:45:11 +0000 (09:45 +0200)]
man: document that --volatile=yes is not supported for split /usr systems
Lennart Poettering [Mon, 29 Jul 2019 07:14:17 +0000 (09:14 +0200)]
nspawn: print an explanatory error when people try to use --volatile=yes on distros that are not /usr-merged
Lennart Poettering [Mon, 29 Jul 2019 08:20:43 +0000 (10:20 +0200)]
more 243 news
Lennart Poettering [Mon, 29 Jul 2019 07:24:09 +0000 (09:24 +0200)]
man: document the kernel command line options to use when logging to kmsg
Prompted by:
https://lists.freedesktop.org/archives/systemd-devel/2019-July/043149.html
Lennart Poettering [Thu, 25 Jul 2019 11:03:50 +0000 (13:03 +0200)]
nspawn: when operating on the host image, let's move the root to a different directory first, via a bind mount
Lennart Poettering [Thu, 25 Jul 2019 10:58:01 +0000 (12:58 +0200)]
shared: allow LOCK_SH locks on the host root in OS images
See the add comments for the justification.
Lennart Poettering [Thu, 25 Jul 2019 09:17:23 +0000 (11:17 +0200)]
nspawn: always take exclusive locks of ephemeral OS tree copies
Lennart Poettering [Thu, 25 Jul 2019 09:16:50 +0000 (11:16 +0200)]
nspawn: don't look for .nspawn file above the top-level directory, it makes no sense
Lennart Poettering [Wed, 24 Jul 2019 15:32:09 +0000 (17:32 +0200)]
nspawn: allow --volatile=yes instances of -D /
Clinton Roy [Mon, 29 Jul 2019 07:35:25 +0000 (17:35 +1000)]
news corrections and improvements (#13200)
* missing whitespace.
* NEWS: some small fixes (?) and improvements (???).
* a number of small corrections and (hopefully) improvements
Zbigniew Jędrzejewski-Szmek [Mon, 29 Jul 2019 07:31:07 +0000 (09:31 +0200)]
Merge pull request #13203 from yuwata/update-ja-po
po: include network1.policy and update ja.po
Piotr Drąg [Sun, 28 Jul 2019 12:46:26 +0000 (14:46 +0200)]
catalog: update Polish translation
Network Silence [Mon, 29 Jul 2019 01:45:35 +0000 (21:45 -0400)]
Update Touchpad for g6
Yu Watanabe [Sun, 28 Jul 2019 13:07:05 +0000 (22:07 +0900)]
po: update ja.po
Yu Watanabe [Sun, 28 Jul 2019 13:11:54 +0000 (22:11 +0900)]
po: include network1.policy in the list for generating .pot file
Zbigniew Jędrzejewski-Szmek [Sat, 27 Jul 2019 19:00:38 +0000 (21:00 +0200)]
Merge pull request #13120 from keszybz/journal-min-use
Increase journald min_use value
Thomas Haller [Fri, 26 Jul 2019 08:57:26 +0000 (10:57 +0200)]
errno-util: return const string from strerror_safe()
C's strerror() function does not return a "const char *" pointer
for the string. That has historic reasons and C99 even comments
that "[t]he array pointed to shall not be modified by the program".
Make the strerror_safe() wrapper correct this and be more strict
in this regard.
Lennart Poettering [Fri, 26 Jul 2019 16:42:31 +0000 (18:42 +0200)]
Merge pull request #13194 from keszybz/chase-symlinks-testing
Chase symlinks testing
Lennart Poettering [Fri, 26 Jul 2019 16:42:16 +0000 (18:42 +0200)]
Merge pull request #13195 from keszybz/minor-rewordings
Minor rewordings
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jul 2019 16:42:46 +0000 (18:42 +0200)]
journald: lower keep_free to 5% and raise min_use to 2%
https://bugzilla.redhat.com/show_bug.cgi?id=1715699
> /dev/mapper/live-rw 6.4G 5.7G 648M 91% /
> systemd-journald[905]: Fixed min_use=1.0M max_use=648.7M max_size=81.0M min_size=512.0K keep_free=973.1M n_max_files=100
When journald is started, we pick keep_free as 15% of the disk size. When the
fs is almost filled, we will only keep one journal file around and rotate very
often (because min_size is very small).
Let's set min use to something reasonable, so that we get more useful logs that
will cover at least the full boot.
Some cases considered in the PR:
> /dev/mapper/live-rw 6.4G 5.7G 648M 91% /
keep_free→MIN(327,100)→100 MB.
min_use→16MB.
effective range: 16 MB – 548 MB
> /dev/mapper/fedora_krowka-root 78G 69G 5.7G 93% /
keep_free → MIN(4GB, 100MB)→100MB
min_use→16MB
effective range: 16 MB – 5.6 GB
(but then there's the max_use limit, which cuts the range down)
> 4TB, 4GB free
keep_free → MIN(209715, 100) → 100 MB
min_use→16MB
effective range: 16 MB – 4.9 GB
(also effectively limited by max_use)
Also replace unneeded width suffixes with spaces, I think this is more
readable, and drop DEFAULT_ prefixes in cases where this setting is
simply a bound, and cannot be overridden by user config, hence is not
a default.
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jul 2019 11:18:36 +0000 (13:18 +0200)]
fs-util: CHASE_NOFOLLOW is not limited to CHASE_OPEN
$ build/test-chase-symlinks /etc/os-release
/etc/os-release → /usr/lib/os-release
$ build/test-chase-symlinks --nofollow /etc/os-release /etc/../etc/os-release /etc/../etc/./././os-release
/etc/os-release → /etc/os-release
/etc/../etc/os-release → /etc/os-release
/etc/../etc/./././os-release → /etc/os-release
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jul 2019 11:16:57 +0000 (13:16 +0200)]
test-chase-symlinks: manual test to call chase_symlinks()
v2:
- print --help to stdout, use size_t
Zbigniew Jędrzejewski-Szmek [Fri, 26 Jul 2019 13:05:18 +0000 (15:05 +0200)]
bootctl: log message tweaks
Follow-up for
e44c3229f22459b189c1e79cb01fdb156672eb93.
Zbigniew Jędrzejewski-Szmek [Fri, 26 Jul 2019 13:01:36 +0000 (15:01 +0200)]
man: reword description of "-" for sysctl.d
Follow-up for
e08be64937.
Zbigniew Jędrzejewski-Szmek [Fri, 26 Jul 2019 12:57:56 +0000 (14:57 +0200)]
Merge pull request #13191 from poettering/sysctl-no-fail
allow sysctl assignments to fail
Zbigniew Jędrzejewski-Szmek [Fri, 26 Jul 2019 10:43:32 +0000 (12:43 +0200)]
Merge pull request #13137 from poettering/efi-random
beef up random seed logic, add boot loader entropy privisioning, improve docs about it
Lennart Poettering [Fri, 26 Jul 2019 07:41:00 +0000 (09:41 +0200)]
Merge pull request #13186 from keszybz/tmpfiles-postponement
Create less stuff when systemd-tmpfiles --create is executed (during installation or otherwise)
Lennart Poettering [Fri, 26 Jul 2019 07:40:21 +0000 (09:40 +0200)]
Merge pull request #13188 from yuwata/news-igmp-version
network: rename `IGMPVersion=` to `MulticastIGMPVersion=`
Yu Watanabe [Fri, 26 Jul 2019 02:15:29 +0000 (11:15 +0900)]
NEWS: mention SpeedMeter=
Lennart Poettering [Fri, 26 Jul 2019 07:28:43 +0000 (09:28 +0200)]
NEWS: mention the new sysctl.d/ - prefix
Lennart Poettering [Fri, 26 Jul 2019 07:26:07 +0000 (09:26 +0200)]
sysctl: prefix ping port range setting with a dash
Fixes: #13177
Lennart Poettering [Fri, 26 Jul 2019 07:25:09 +0000 (09:25 +0200)]
Revert "Revert "sysctl: Enable ping(8) inside rootless Podman containers""
This reverts commit
be74f51605b4c7cb74fec3a50cd13b67598a8ac1.
Let's add this again. With the new sysctl "-" thing we can make this
work.
Lennart Poettering [Fri, 26 Jul 2019 07:24:11 +0000 (09:24 +0200)]
man: document the new sysctl.d/ - prefix
Lennart Poettering [Fri, 26 Jul 2019 07:17:01 +0000 (09:17 +0200)]
sysctl: if options are prefixed with "-" ignore write errors
Lennart Poettering [Fri, 26 Jul 2019 07:04:15 +0000 (09:04 +0200)]
sysctl: reset 'r' only where needed
Lennart Poettering [Fri, 26 Jul 2019 07:03:06 +0000 (09:03 +0200)]
sysctl: switch to log_syntax()
With @keszybz' recent work this will give us clickable links in the
journalctl output.
Evgeny Vereshchagin [Thu, 25 Jul 2019 21:58:42 +0000 (21:58 +0000)]
Revert "sysctl: Enable ping(8) inside rootless Podman containers"
This reverts commit
90ce7627dfe824ff6e7c0ca5f96350fbcfec7118.
See https://github.com/systemd/systemd/issues/13177#issuecomment-
514931461
Yu Watanabe [Fri, 26 Jul 2019 01:13:58 +0000 (10:13 +0900)]
NEWS: mention Bridge.MulticastIGMPVersion=
Yu Watanabe [Fri, 26 Jul 2019 01:59:36 +0000 (10:59 +0900)]
network: slightly update log message
Yu Watanabe [Fri, 26 Jul 2019 01:58:34 +0000 (10:58 +0900)]
network: rename IGMPVersion= -> MulticastIGMPVersion=
Zbigniew Jędrzejewski-Szmek [Thu, 25 Jul 2019 13:55:13 +0000 (15:55 +0200)]
sd-boot: silence one warning about pointer cast
It doesn't matter either way. Fixes #13174.
Lennart Poettering [Thu, 25 Jul 2019 17:25:50 +0000 (19:25 +0200)]
update TODO
Zbigniew Jędrzejewski-Szmek [Thu, 25 Jul 2019 17:13:41 +0000 (19:13 +0200)]
tmpfiles: copy files to /etc only on boot
We'd copy /etc/nsswitch.conf, /etc/pam.d/, and /etc/issue (*) on every
tmpfiles --create run. I think we should only do this at boot, so if
people install systemd.rpm in a larger transaction and want to create those
files at a later step, we don't interfere with that.
(Stuff like /etc/os-release and /etc/mtab is not really configurable,
we might as was create it uncondtionally.)
(Seemingly, the alternative approach might be to not call
systemd-tmpfiles --create in systemd.rpm %post. But this wouldn't have much
effect, because various packages call it anyway, and our
%tmpfiles_create_package macro does too. So we need to change the
configuration instead.)
(*) We don't provide /usr/share/factory/issue, so normally this fails, but
somebody else might provide that file, so it seems useful to keep the
C line.
Zbigniew Jędrzejewski-Szmek [Thu, 25 Jul 2019 17:12:02 +0000 (19:12 +0200)]
tmpfiles: stop creating /etc/localtime symlink
If the symlink is not present, UTC is the default. There *is* a slight
advantage to it: humans might expect it to be present and look in /etc.
But it might interfere with post-install scripts and it doesn't serve
any technical purpose. Let's not create it. Fixes #13183.
Lennart Poettering [Mon, 22 Jul 2019 08:22:56 +0000 (10:22 +0200)]
update TODO
Lennart Poettering [Mon, 22 Jul 2019 08:22:47 +0000 (10:22 +0200)]
TODO: remove apparently fixed issue from TODO
Lennart Poettering [Mon, 22 Jul 2019 16:13:26 +0000 (18:13 +0200)]
docs: add longer document about systemd and random number seeds
Lennart Poettering [Mon, 22 Jul 2019 13:24:49 +0000 (15:24 +0200)]
man: extend on the --print-boot-path description a bit
Lennart Poettering [Mon, 22 Jul 2019 13:05:29 +0000 (15:05 +0200)]
bootctl: add is-installed verb
Fixes: #9428
Lennart Poettering [Mon, 22 Jul 2019 12:19:33 +0000 (14:19 +0200)]
man: document the systemd-random-seed rework
Lennart Poettering [Mon, 22 Jul 2019 12:00:25 +0000 (14:00 +0200)]
docs: document new random seed EFI vars as part of the boot loader interface
Lennart Poettering [Mon, 22 Jul 2019 11:51:30 +0000 (13:51 +0200)]
random-seed: rework systemd-random-seed.service substantially
This makes two major changes to the way systemd-random-seed operates:
1. We now optionally credit entropy if this is configured (via an env
var). Previously we never would do that, with this change we still don't
by default, but it's possible to enable this if people acknowledge that
they shouldn't replicate an image with a contained random seed to
multiple systems. Note that in this patch crediting entropy is a boolean
thing (unlike in previous attempts such as #1062), where only a relative
amount of bits was credited. The simpler scheme implemented here should
be OK though as the random seeds saved to disk are now written only with
data from the kernel's entropy pool retrieved after the pool is fully
initialized. Specifically:
2. This makes systemd-random-seed.service a synchronization point for
kernel entropy pool initialization. It was already used like this, for
example by systemd-cryptsetup-generator's /dev/urandom passphrase
handling, with this change it explicitly operates like that (at least
systems which provide getrandom(), where we can support this). This
means services that rely on an initialized random pool should now place
After=systemd-random-seed.service and everything should be fine. Note
that with this change sysinit.target (and thus early boot) is NOT
systematically delayed until the entropy pool is initialized, i.e.
regular services need to add explicit ordering deps on this service if
they require an initialized random pool.
Fixes: #4271
Replaces: #10621 #4513
Lennart Poettering [Mon, 22 Jul 2019 08:24:50 +0000 (10:24 +0200)]
random-seed: drop falling back to O_WRONLY if O_RDWR on /dev/urandom doesn't work
There's no reason why writing should work if reading and writing
doesn't. Let's simplify this hence. /dev/urandom is generally an r/w
device, and everything else would be a serious system misconfiguration.
Lennart Poettering [Mon, 22 Jul 2019 08:24:26 +0000 (10:24 +0200)]
random-seed: reduce scope of variable
Lennart Poettering [Fri, 19 Jul 2019 16:06:00 +0000 (18:06 +0200)]
units: automatically initialize the system token if that makes sense
Lennart Poettering [Fri, 19 Jul 2019 17:13:24 +0000 (19:13 +0200)]
bootctl: show random seed state
Lennart Poettering [Fri, 19 Jul 2019 12:51:43 +0000 (14:51 +0200)]
bootctl: add new verb for initializing a random seed in the ESP
Lennart Poettering [Fri, 19 Jul 2019 17:34:10 +0000 (19:34 +0200)]
random-seed: move pool size determination to random-util.[ch]
That way we can reuse it elsewhere.
Lennart Poettering [Fri, 19 Jul 2019 17:39:15 +0000 (19:39 +0200)]
core: take random seed from boot loader and credit it to kernel entropy pool
Lennart Poettering [Thu, 18 Jul 2019 18:58:10 +0000 (20:58 +0200)]
sd-boot: read random seed from ESP and pass it to OS
Lennart Poettering [Fri, 19 Jul 2019 09:04:03 +0000 (11:04 +0200)]
efi: steal glibc sha256 implementation
Lennart Poettering [Thu, 18 Jul 2019 18:57:23 +0000 (20:57 +0200)]
bootctl: add new feature flag for indicating random seed management support
Lennart Poettering [Fri, 19 Jul 2019 16:28:16 +0000 (18:28 +0200)]
bootctl: shortcut configuration file parsing
Lennart Poettering [Fri, 19 Jul 2019 16:27:39 +0000 (18:27 +0200)]
bootctl: drop const from non-pointer function argument
Lennart Poettering [Fri, 19 Jul 2019 16:27:10 +0000 (18:27 +0200)]
bootctl: use the fact that startswith() returns the suffix
Lennart Poettering [Fri, 19 Jul 2019 16:29:53 +0000 (18:29 +0200)]
efivars: modernize efi_get_variable() a bit
Primarily, make sure the return parameters are all individually
optional.
Lennart Poettering [Thu, 18 Jul 2019 18:59:16 +0000 (20:59 +0200)]
efi: add log_oom() helper
Lennart Poettering [Thu, 18 Jul 2019 18:59:05 +0000 (20:59 +0200)]
efi: modernize file_read() a bit
Lennart Poettering [Mon, 22 Jul 2019 11:49:17 +0000 (13:49 +0200)]
xattr-util: document that we NUL suffix
Lennart Poettering [Mon, 22 Jul 2019 11:48:12 +0000 (13:48 +0200)]
fs-util: add fsync_full() helper
We usually combine an fsync() with fsync_directory_of_file() hence let's
add a helper that does both in one.
Zbigniew Jędrzejewski-Szmek [Thu, 25 Jul 2019 09:34:37 +0000 (11:34 +0200)]
Merge pull request #13144 from poettering/nspawn-modprobe
nspawn modprobe fixes
Yu Watanabe [Thu, 25 Jul 2019 01:11:45 +0000 (10:11 +0900)]
network: drop redundant Link::kind check
All CAN devices' iftype are ARPHRD_CAN. So, checking Link::kind is
redundant.
Follow-up for
c6ac3729c9ece63185a3c4e7bc1970b98d2feb01.
Yu Watanabe [Thu, 25 Jul 2019 04:01:59 +0000 (13:01 +0900)]
units: add initrd-network-generator.service
Yu Watanabe [Thu, 25 Jul 2019 06:44:25 +0000 (15:44 +0900)]
Merge pull request #13179 from yuwata/network-drop-new-settings-from-dhcp-section
network: drop recently added settings from deprecated [DHCP] section
Yu Watanabe [Thu, 25 Jul 2019 03:39:33 +0000 (12:39 +0900)]
network: drop recently added settings from deprecated [DHCP] section
Yu Watanabe [Thu, 25 Jul 2019 03:38:57 +0000 (12:38 +0900)]
test-network: use [DHCPv4] and [DHCPv6] sections instead of deprecated [DHCP] section
Yu Watanabe [Thu, 25 Jul 2019 03:12:40 +0000 (12:12 +0900)]
Merge pull request #13169 from ssahani/bridge-igmp-group-version
Bridge igmp group version
Yu Watanabe [Thu, 25 Jul 2019 01:01:46 +0000 (10:01 +0900)]
test-network: add test for Bridge.IGMPVersion=