platform/upstream/systemd.git
4 years agoman: use <constant> for capability names in nspawn page
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 17:35:26 +0000 (18:35 +0100)]
man: use <constant> for capability names in nspawn page

4 years agonspawn: dump capability list with --capabilities=help
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 17:33:32 +0000 (18:33 +0100)]
nspawn: dump capability list with --capabilities=help

4 years agoresolve: rename define fixing a typo
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 09:15:57 +0000 (10:15 +0100)]
resolve: rename define fixing a typo

4 years agoMerge pull request #14093 from poettering/cgroups-delegate-xattr
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 22:53:03 +0000 (23:53 +0100)]
Merge pull request #14093 from poettering/cgroups-delegate-xattr

mark delegated cgroups via xattr, and visualize the cut points in cgls

4 years agoupdate TODO
Lennart Poettering [Wed, 20 Nov 2019 16:49:38 +0000 (17:49 +0100)]
update TODO

4 years agocgls: visually separate processes from cgroups
Lennart Poettering [Wed, 20 Nov 2019 16:44:54 +0000 (17:44 +0100)]
cgls: visually separate processes from cgroups

Let's show them in grey, since we generally want to focus on showing the
cgroups much less than the processes in them.

4 years agocgls: show delegation boundaries by underlining the cgroup in the output
Lennart Poettering [Wed, 20 Nov 2019 16:43:09 +0000 (17:43 +0100)]
cgls: show delegation boundaries by underlining the cgroup in the output

This should help visualize where one manager's territory begins and
another's starts. Do this by underlining (since it's a "cut" point an
underline made most sense to me). Since underlining is not visible on
the console let's also show an ellipses for all lines that are
delegation boundaries.

Unfortunately this all is not as useful as it appears. The
"trusted.delegate" xattr is only visible to roo, which means
"systemd-cgls" has be called as root to show the boundaries.
Unfortunately cgroupfs doesn't support unprivileged xattrs on cgroups.

4 years agocore: set "trusted.delegate" xattr on cgroups that are delegation boundaries
Lennart Poettering [Wed, 20 Nov 2019 16:42:02 +0000 (17:42 +0100)]
core: set "trusted.delegate" xattr on cgroups that are delegation boundaries

Let's mark cgroups that are delegation boundaries to us. This can then
be used by tools such as "systemd-cgls" to show where the next manager
takes over.

4 years agocgroup-util: add new cg_remove_xattr() for removing xattr from cgroup
Lennart Poettering [Wed, 20 Nov 2019 16:41:48 +0000 (17:41 +0100)]
cgroup-util: add new cg_remove_xattr() for removing xattr from cgroup

4 years agoMerge pull request #14090 from poettering/clonenewns-fix
Lennart Poettering [Wed, 20 Nov 2019 16:27:56 +0000 (17:27 +0100)]
Merge pull request #14090 from poettering/clonenewns-fix

make sure systemd-logind.service can start if unshare() is blocked

4 years agoupdate NEWS
Lennart Poettering [Wed, 20 Nov 2019 11:47:52 +0000 (12:47 +0100)]
update NEWS

4 years agoMerge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 15:15:09 +0000 (16:15 +0100)]
Merge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs

Systemctl add log-level, log-target, service-watchdogs commands

4 years agoMerge pull request #14074 from keszybz/rename-system-options
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 15:13:46 +0000 (16:13 +0100)]
Merge pull request #14074 from keszybz/rename-system-options

Rename system-options

4 years agocore: don't insist on ProtectHostname= if unshare() is blocked
Lennart Poettering [Wed, 20 Nov 2019 11:27:28 +0000 (12:27 +0100)]
core: don't insist on ProtectHostname= if unshare() is blocked

Previously we'd only skip ProtectHostname= if kernel support for
namespaces was lacking. With this change we also accept if unshare()
fails because it is blocked.

4 years agocore: be more lenient when checking whether sandboxing is necessary
Lennart Poettering [Wed, 20 Nov 2019 11:23:17 +0000 (12:23 +0100)]
core: be more lenient when checking whether sandboxing is necessary

In some containers unshare() is made unavailable entirely. Let's deal
with this that more gracefully and disable our sandboxing of services
then, so that we work in a container, under the assumption the container
manager is then responsible for sandboxing if we can't do it ourselves.

Previously, we'd insist on sandboxing as soon as any form of BindPath=
is used. With this change we only insist on it if we have a setting like
that where source and destination differ, i.e. there's a mapping
established that actually rearranges things, and thus would result in
systematically different behaviour if skipped (as opposed to mappings
that just make stuff read-only/writable that otherwise arent').

(Let's also update a test that intended to test for this behaviour with
a more specific configuration that still triggers the behaviour with
this change in place)

Fixes: #13955

(For testing purposes unshare() can easily be blocked with
systemd-nspawn --system-call-filter=~unshare.)

4 years agoerrno-util: add ERRNO_IS_PRIVILEGE() helper
Lennart Poettering [Wed, 20 Nov 2019 11:22:40 +0000 (12:22 +0100)]
errno-util: add ERRNO_IS_PRIVILEGE() helper

4 years agoid128: fix initializer element is not constant
Anita Zhang [Wed, 20 Nov 2019 05:50:51 +0000 (21:50 -0800)]
id128: fix initializer element is not constant

Was getting:

  ../src/id128/id128.c:15:1: error: initializer element is not constant
   static sd_id128_t arg_app = SD_ID128_NULL;
    ^
when building on CentOS 7.

Other parts of the code initialize `static sd_id128_t` to {} and this
was the original setting before a19fdd66c22 anyways.

4 years agotest: make sure our tests get exclusive TTY access
Lennart Poettering [Tue, 19 Nov 2019 17:54:47 +0000 (18:54 +0100)]
test: make sure our tests get exclusive TTY access

This sould make our test suite a bit more robust if it is slow running.
A few of our test services use StandardOutput=tty or StandardError=tty
in the tests in order to connect test services to the container console.
This gets into conflict with the container getty which wants exclusive
access to the console. Since the container getty is started with
Type=idle it typically gets started after a timeout only if the TTY is
already used, which hence introduces a race: if the test finishes
earlier all is good, if not, then the test gets kicked off the TTY which
then causes bash to abort since it cannot write any error messages
anymore.

Let's fix this hence: all tests that connect to the tty are now
synchronized to getty-pre.target, so they finish before any getty is
started.

4 years agoMerge pull request #14085 from poettering/ask-password-api
Lennart Poettering [Tue, 19 Nov 2019 23:54:28 +0000 (00:54 +0100)]
Merge pull request #14085 from poettering/ask-password-api

make sure asking for a pw works in a container too if keyctl() and friends are blocked

5 years agopam_systemd: prolong method call timeout when allocating session
Lennart Poettering [Mon, 19 Aug 2019 13:15:13 +0000 (15:15 +0200)]
pam_systemd: prolong method call timeout when allocating session

Starting a session might involve starting the user@.service instance,
hence let's make the bus call timeout substantially longer.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=83828

5 years agoMerge pull request #14078 from poettering/cryptsetup-fixlets
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 19:46:53 +0000 (20:46 +0100)]
Merge pull request #14078 from poettering/cryptsetup-fixlets

trivial cryptsetup fixlets (mostly: use more STR_IN_SET())

5 years agoMerge pull request #14079 from poettering/pam-systemd-fixlets
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 19:45:15 +0000 (20:45 +0100)]
Merge pull request #14079 from poettering/pam-systemd-fixlets

trivial pam_systemd fixlets

5 years agoudev: do not propagate error in executing PROGRAM and IMPORT{program}
Yu Watanabe [Mon, 18 Nov 2019 11:56:33 +0000 (20:56 +0900)]
udev: do not propagate error in executing PROGRAM and IMPORT{program}

Also, this adds more logs.

Fixes #14027.

5 years agoask-password: skip kernel keyring logic if we see EPERM
Lennart Poettering [Tue, 19 Nov 2019 17:47:31 +0000 (18:47 +0100)]
ask-password: skip kernel keyring logic if we see EPERM

Let's improve compat with container managers that block the keyring
logic and return EPERM for them.

5 years agoerrno: add new ERRNO_IS_NOT_SUPPORTED() helper
Lennart Poettering [Mon, 15 Jul 2019 11:32:03 +0000 (13:32 +0200)]
errno: add new ERRNO_IS_NOT_SUPPORTED() helper

5 years agoupdate TODO
Lennart Poettering [Tue, 19 Nov 2019 14:42:55 +0000 (15:42 +0100)]
update TODO

5 years agoMerge pull request #14080 from poettering/table-uid-pid
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 14:35:25 +0000 (15:35 +0100)]
Merge pull request #14080 from poettering/table-uid-pid

format-table: introduce TABLE_UID/TABLE_GID to match TABLE_PID and use it

5 years agocryptsetup: use STR_IN_SET() where appropriate
Lennart Poettering [Wed, 21 Aug 2019 08:45:42 +0000 (10:45 +0200)]
cryptsetup: use STR_IN_SET() where appropriate

Note that this slightly changes behaviour: "none" is only allowed as
option, if it's the only option specified, but not in combination with
other options. I think this makes more sense, since it's the choice when
no options shall be specified.

5 years agocryptsetup: minor coding style clean-ups
Lennart Poettering [Wed, 21 Aug 2019 08:40:04 +0000 (10:40 +0200)]
cryptsetup: minor coding style clean-ups

5 years agopam_systemd: add one more assert
Lennart Poettering [Tue, 13 Aug 2019 12:14:42 +0000 (14:14 +0200)]
pam_systemd: add one more assert

5 years agopam_systemd: don't use PAM_SYSTEM_ERR for something that isn't precisely a system...
Lennart Poettering [Tue, 13 Aug 2019 12:14:47 +0000 (14:14 +0200)]
pam_systemd: don't use PAM_SYSTEM_ERR for something that isn't precisely a system error

It's not really clear which PAM errors to use for which conditions, but
something called PAM_SYSTEM_ERR should probably not be used when the
error is not the result of some system call failure.

5 years agopam-systemd: voidify pam_get_item() calls
Lennart Poettering [Mon, 12 Aug 2019 14:39:55 +0000 (16:39 +0200)]
pam-systemd: voidify pam_get_item() calls

5 years agopam-systemd: remove duplicate error logging
Lennart Poettering [Mon, 12 Aug 2019 14:39:40 +0000 (16:39 +0200)]
pam-systemd: remove duplicate error logging

5 years agologin: port tables over to use TABLE_UID/TABLE_PID
Lennart Poettering [Wed, 7 Aug 2019 12:50:01 +0000 (14:50 +0200)]
login: port tables over to use TABLE_UID/TABLE_PID

5 years agoformat-table: add UID/GID output support to format-table.h
Lennart Poettering [Wed, 7 Aug 2019 10:50:42 +0000 (12:50 +0200)]
format-table: add UID/GID output support to format-table.h

5 years agopam-systemd: include PAM error code in all our log messages where that makes sense
Lennart Poettering [Mon, 12 Aug 2019 14:38:21 +0000 (16:38 +0200)]
pam-systemd: include PAM error code in all our log messages where that makes sense

5 years agoNEWS: SendRawOption= -> SendOption=
Yu Watanabe [Tue, 19 Nov 2019 10:28:07 +0000 (19:28 +0900)]
NEWS: SendRawOption= -> SendOption=

5 years agoMerge pull request #14064 from yuwata/network-unify-send-option-and-send-raw-option
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 21:21:37 +0000 (22:21 +0100)]
Merge pull request #14064 from yuwata/network-unify-send-option-and-send-raw-option

network: unify SendOption= and SendRawOption=

5 years agoMerge pull request #14030 from keszybz/path-no-trigger
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 21:20:07 +0000 (22:20 +0100)]
Merge pull request #14030 from keszybz/path-no-trigger

Fix spurious triggering of PathExists=

5 years agoMerge pull request #14007 from keszybz/tasks-max-dynamic
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 21:18:33 +0000 (22:18 +0100)]
Merge pull request #14007 from keszybz/tasks-max-dynamic

Calculate fractional TasksMax= before actual use

5 years agoRename "system-options" to "systemd-efi-options"
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 18:47:50 +0000 (19:47 +0100)]
Rename "system-options" to "systemd-efi-options"

This makes the naming more consistent: we now have
bootctl systemd-efi-options,
$SYSTEMD_EFI_OPTIONS
and the SystemdOptions EFI variable.

(SystemdEFIOptions would be redundant, because it is only used in the context
of efivars, and users don't interact with that name directly.)

bootctl is adjusted to use 2sp indentation, similarly to systemctl and other
programs.

Remove the prefix with the old name from 'bootctl systemd-efi-options' output,
since it's redundant and we don't want the old name anyway.

5 years agoNEWS: fix antique typo
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 18:44:54 +0000 (19:44 +0100)]
NEWS: fix antique typo

5 years agobootctl: update --help text
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 17:19:16 +0000 (18:19 +0100)]
bootctl: update --help text

5 years agocore/path: minor simplification
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 17:15:44 +0000 (18:15 +0100)]
core/path: minor simplification

5 years agoman: add entry about SpeedMeter=
Yu Watanabe [Mon, 18 Nov 2019 15:03:35 +0000 (00:03 +0900)]
man: add entry about SpeedMeter=

Closes #14002.

5 years agoudev: silence warning about PROGRAM+= or IMPORT+= rules
Yu Watanabe [Mon, 18 Nov 2019 10:28:11 +0000 (19:28 +0900)]
udev: silence warning about PROGRAM+= or IMPORT+= rules

Closes #14062.

5 years agoman: add entry for systemd-id128 --uuid
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 14:24:23 +0000 (15:24 +0100)]
man: add entry for systemd-id128 --uuid

5 years agosystemctl: whitespace optimization of --help
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 15:41:13 +0000 (16:41 +0100)]
systemctl: whitespace optimization of --help

Move the explanation of options three columns to the right: then almost
all options fit and we do not need to break lines so often.

When a multi-line explanation precedes a section break, i.e. there is a
half-line on the right side, do not use an empty space. This saves a line,
and actually looks visually better because the text is still clearly
separated, but we don't get the big vertical white space.

5 years agoanalyze: deprecate the commands moved to systemctl
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 08:57:24 +0000 (09:57 +0100)]
analyze: deprecate the commands moved to systemctl

This just removes the commands from --help and the man pages, everything works
as before.

5 years agosystemctl: add service-watchdogs command
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 09:14:57 +0000 (10:14 +0100)]
systemctl: add service-watchdogs command

The rationale is the same as for log-level/log-target: this controls the behaviour
of the manager, and belongs in systemctl.

5 years agoanalyze: adjust the description of the default verb
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 08:55:43 +0000 (09:55 +0100)]
analyze: adjust the description of the default verb

5 years agosystemctl: add log-level and log-target commands
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 08:39:50 +0000 (09:39 +0100)]
systemctl: add log-level and log-target commands

This copies the commands log-level and log-target (to query and set the current
settings) from systemd-analyze to systemctl, essentially reverting
a65615ca5d78be0dcd7d9c9b4a663fa75f758606. Controllling the log level settings
of the manager is basic functionality, that should be available even if
systemd-analyze (which is more of an analysis tool) is not installed. This is
like dmesg and journalctl, which should be available even if a debugger and
more advanced tools to analyze the kernel are not available. (Note that dmesg
is used to control the log level too, not just to browse the kernel logs.)

I chose to copy&paste the methods from analyze.c to the new location. There
isn't enough code to share, because acquire_bus() in both places has a
different signature despite the same name, so the only part that is common
is the invocation of sd_bus_set_property().

5 years agoudevadm: ignore EROFS and return earlier
Yu Watanabe [Mon, 18 Nov 2019 09:47:16 +0000 (18:47 +0900)]
udevadm: ignore EROFS and return earlier

Fixes #14060.

5 years agonetwork: unify config_parse_dhcp_server_option_data() and config_parse_dhcp_send_option()
Yu Watanabe [Mon, 18 Nov 2019 09:29:29 +0000 (18:29 +0900)]
network: unify config_parse_dhcp_server_option_data() and config_parse_dhcp_send_option()

5 years agodhcp: remove struct sd_dhcp_raw_option
Yu Watanabe [Mon, 18 Nov 2019 09:14:18 +0000 (18:14 +0900)]
dhcp: remove struct sd_dhcp_raw_option

sd_dhcp_raw_option and sd_dhcp_option are essentially equivalent.

5 years agonetwork: rename SendRawOption= to SendOption=
Yu Watanabe [Mon, 18 Nov 2019 08:33:58 +0000 (17:33 +0900)]
network: rename SendRawOption= to SendOption=

As DHCPv4.SendOption= and DHCPServer.SendRawOption= take the same
format.

5 years agoMerge pull request #14040 from poettering/root-mount-deps
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 14:29:35 +0000 (15:29 +0100)]
Merge pull request #14040 from poettering/root-mount-deps

root mount dep fixes

5 years agonetwork: add more error logs
Yu Watanabe [Sun, 17 Nov 2019 13:39:42 +0000 (22:39 +0900)]
network: add more error logs

5 years agoMerge pull request #14046 from poettering/id128-uuid
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 14:19:43 +0000 (15:19 +0100)]
Merge pull request #14046 from poettering/id128-uuid

add "-u" switch to systemd-uuid for outputting ids in UUID format

5 years agotree-wide: clean up --help texts a bit
Lennart Poettering [Fri, 15 Nov 2019 17:38:44 +0000 (18:38 +0100)]
tree-wide: clean up --help texts a bit

This cleans up and unifies the outut of --help texts a bit:

1. Highlight the human friendly description string, not the command
   line via ANSI sequences. Previously both this description string and
   the brief command line summary was marked with the same ANSI
   highlight sequence, but given we auto-page to less and less does not
   honour multi-line highlights only the command line summary was
   affectively highlighted. Rationale: for highlighting the description
   instead of the command line: the command line summary is relatively
   boring, and mostly the same for out tools, the description on the
   other hand is pregnant, important and captions the whole thing and
   hence deserves highlighting.

2. Always suffix "Options" with ":" in the help text

3. Rename "Flags" →  "Options" in one case

4. Move commands to the top in a few cases

5. add coloring to many more help pages

6. Unify on COMMAND instead of {COMMAND} in the command line summary.
   Some tools did it one way, others the other way. I am not sure what
   precisely {} is supposed to mean, that uppercasing doesn't, hence
   let's simplify and stick to the {}-less syntax

And minor other tweaks.

5 years agocore/path: fix spurious triggering of PathExists= on restart/reload
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 13:20:05 +0000 (14:20 +0100)]
core/path: fix spurious triggering of PathExists= on restart/reload

Our handling of the condition was inconsistent. Normally, we'd only fire when
the file was created (or removed and subsequently created again). But on restarts,
we'd do a "recheck" from path_coldplug(), and if the file existed, we'd
always trigger. Daemon restarts and reloads should not be observeable, in
the sense that they should not trigger units which were already triggered and
would not be started again under normal circumstances.

Note that the mechanism for checks is racy: we get a notification from inotify,
and by the time we check, the file could have been created and removed again,
or removed and created again. It would be better if we inotify would give as
an unambiguous signal that the file was created, but it doesn't: IN_DELETE_SELF
triggers on inode removal, not directory entry, so we need to include IN_ATTRIB,
which obviously triggers on other conditions.

Fixes #12801.

5 years agocore/path: serialize the previous_exists state
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 13:13:05 +0000 (14:13 +0100)]
core/path: serialize the previous_exists state

Without that we are prone to generate spurious events after daemon
reload/restart.

5 years agoMerge pull request #14056 from yuwata/dhcp-debug-logs
Yu Watanabe [Mon, 18 Nov 2019 09:49:45 +0000 (18:49 +0900)]
Merge pull request #14056 from yuwata/dhcp-debug-logs

dhcp: add debug logs and propagate error in restarting client

5 years agoMerge pull request #14055 from yuwata/network-send-option-takes-type-field
Zbigniew Jędrzejewski-Szmek [Sun, 17 Nov 2019 18:17:38 +0000 (19:17 +0100)]
Merge pull request #14055 from yuwata/network-send-option-takes-type-field

network: make SendOption= also take type field

5 years agosd-dhcp-client: anonymize DHCPDISCOVER (fixes #13992)
Serge [Sat, 16 Nov 2019 12:22:35 +0000 (15:22 +0300)]
sd-dhcp-client: anonymize DHCPDISCOVER (fixes #13992)

According to RFC7844 section 3 the DHCPDISCOVER message should not contain option 50 («Requested IP Address») when Anonymize is true

5 years agodhcp6: add debug logs
Yu Watanabe [Sun, 17 Nov 2019 14:57:50 +0000 (23:57 +0900)]
dhcp6: add debug logs

5 years agodhcp4: propagate error in restarting DHCPv4 client
Yu Watanabe [Sun, 17 Nov 2019 14:52:46 +0000 (23:52 +0900)]
dhcp4: propagate error in restarting DHCPv4 client

5 years agodhcp4: add debug logs
Yu Watanabe [Sun, 17 Nov 2019 14:48:46 +0000 (23:48 +0900)]
dhcp4: add debug logs

5 years agonetwork: make SendOption= also take type field
Yu Watanabe [Sun, 17 Nov 2019 14:09:53 +0000 (23:09 +0900)]
network: make SendOption= also take type field

This makes SendOption= and SendRawOption= takes values in the same
format.

5 years agonetwork: rename DHCPRawOption to DHCPOptionDataType
Yu Watanabe [Sun, 17 Nov 2019 13:59:58 +0000 (22:59 +0900)]
network: rename DHCPRawOption to DHCPOptionDataType

And moves the definition from networkd-dhcp-server.[ch] to networkd-dhcp-common.[ch].

5 years agonetwork: fix logged error value
Yu Watanabe [Sun, 17 Nov 2019 13:51:06 +0000 (22:51 +0900)]
network: fix logged error value

5 years agonetwork: fix indentation
Yu Watanabe [Sun, 17 Nov 2019 13:45:38 +0000 (22:45 +0900)]
network: fix indentation

5 years agoError, rather than warn, if failing to start DHCP server
Tom Fitzhenry [Sat, 16 Nov 2019 15:04:18 +0000 (02:04 +1100)]
Error, rather than warn, if failing to start DHCP server

This would have made diagnosing https://github.com/systemd/systemd/issues/14050 easier.

5 years agobasic: add vmware hypervisor detection from device-tree
Cyprien Laplace [Thu, 14 Nov 2019 14:42:14 +0000 (09:42 -0500)]
basic: add vmware hypervisor detection from device-tree

Allow ConditionVirtualization=vmware to work on ESXi on arm VMs
using device-tree.

5 years agomount: do not update exec deps on mountinfo changes
Lennart Poettering [Fri, 15 Nov 2019 13:00:54 +0000 (14:00 +0100)]
mount: do not update exec deps on mountinfo changes

Fixes: #13978

5 years agomount: extend list of extrinsic mounts a bit
Lennart Poettering [Fri, 15 Nov 2019 13:00:12 +0000 (14:00 +0100)]
mount: extend list of extrinsic mounts a bit

5 years agoMerge pull request #14038 from keszybz/hwdb-update
Lennart Poettering [Sat, 16 Nov 2019 12:49:01 +0000 (13:49 +0100)]
Merge pull request #14038 from keszybz/hwdb-update

hwdb update

5 years agoNEWS: more items
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 13:16:06 +0000 (14:16 +0100)]
NEWS: more items

Also reorder some entries to restore the grouping by subject.

5 years agoMerge pull request #14043 from poettering/shutdown-noswap-fix
Lennart Poettering [Sat, 16 Nov 2019 12:48:25 +0000 (13:48 +0100)]
Merge pull request #14043 from poettering/shutdown-noswap-fix

shutdown: it's OK if /proc/swaps is missing

5 years agoMerge pull request #14039 from keszybz/systemd-man
Lennart Poettering [Sat, 16 Nov 2019 12:47:59 +0000 (13:47 +0100)]
Merge pull request #14039 from keszybz/systemd-man

systemd(1) and journalctl(1) improvements

5 years agosd-bus: invalidate connection when Hello() fails
Lennart Poettering [Fri, 15 Nov 2019 13:23:53 +0000 (14:23 +0100)]
sd-bus: invalidate connection when Hello() fails

Fixes: #13969

5 years agoid128: drop "MESSAGE_" prefix of pretty output
Lennart Poettering [Fri, 15 Nov 2019 18:04:21 +0000 (19:04 +0100)]
id128: drop "MESSAGE_" prefix of pretty output

Using these IDs for message identication is one use case, but there are
others, hence let's drop the prefix, it only made sense to have while
the tool was part of journalctl.

5 years agoid128: add new "-u" switch for outputting Ids in UUID format
Lennart Poettering [Fri, 15 Nov 2019 18:02:55 +0000 (19:02 +0100)]
id128: add new "-u" switch for outputting Ids in UUID format

For some unrelated stuff I wanted the machine ID in UUID format, and it
was annoying doing that manually. So let's add a switch for this, so
that this works:

    systemd-id128 machine-id -u

5 years agoMerge pull request #14037 from poettering/machinectl-pw-agent
Lennart Poettering [Fri, 15 Nov 2019 15:59:49 +0000 (16:59 +0100)]
Merge pull request #14037 from poettering/machinectl-pw-agent

spawn ask pw tty agent from "machinectl start"

5 years agoMerge pull request #13940 from keur/protect_kernel_logs
Lennart Poettering [Fri, 15 Nov 2019 15:26:10 +0000 (16:26 +0100)]
Merge pull request #13940 from keur/protect_kernel_logs

Add ProtectKernelLogs to systemd.exec

5 years agoumount: log on all errors
Lennart Poettering [Fri, 15 Nov 2019 13:58:06 +0000 (14:58 +0100)]
umount: log on all errors

5 years agoumount: be happy if /proc/swaps doesn't exist
Lennart Poettering [Fri, 15 Nov 2019 13:57:27 +0000 (14:57 +0100)]
umount: be happy if /proc/swaps doesn't exist

Kernels work without swap just fine.

Fixes: #13993

5 years agoshutdown: make logging more useful if NULL swap/mount table files are specified
Lennart Poettering [Fri, 15 Nov 2019 13:56:35 +0000 (14:56 +0100)]
shutdown: make logging more useful if NULL swap/mount table files are specified

Makes the error output seen in #13993 more readable.

5 years agoRemove path_compare_func() alias for path_compare()
Zbigniew Jędrzejewski-Szmek [Thu, 14 Nov 2019 14:23:05 +0000 (15:23 +0100)]
Remove path_compare_func() alias for path_compare()

Non sunt multiplicanda entia sine necessitate.

5 years agoman: significantly downgrade the Options section in systemd(1)
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 12:30:02 +0000 (13:30 +0100)]
man: significantly downgrade the Options section in systemd(1)

This structure of the man page originates from the time when systemd was
installed on top of sysvinit systems, and users had an actual chance to
interact with the systemd binary directly. Nowadays it is almost never called
directly, so let's properly explain this in the overview.

The Options section is moved down below the kernel command line, those options
are only needed in special circumstances. Let's refer the reader to the
description of the kernel command line options, and not duplicate the
descriptions (which makes the text longer than necessary and increases chances
for discrepancies).

Systemd is also prominently used as the user manager, let's mention that in the
Overview.

While at it, use "=" only when an argument is required as we nowadays do.

5 years agoman: share description of $SYSTEMD_COLORS in other tools
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 10:59:34 +0000 (11:59 +0100)]
man: share description of $SYSTEMD_COLORS in other tools

It was only described in systemd(1), making it hard to discover.
Fixes #13561.

The same for $SYSTEMD_URLIFY.

I think all the tools whose man pages include less-variables.xml support
those variables.

5 years agohwdb: update
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 10:35:27 +0000 (11:35 +0100)]
hwdb: update

As before, the net change seems to be almost only additions, with some
minor removals that seems to be corrections of incomplete entries.

5 years agomeson: add target to update the chromiumos rules
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 10:32:24 +0000 (11:32 +0100)]
meson: add target to update the chromiumos rules

There is no change in the file right now, but the download seems to work
OK.

It's funny that the biggest company in the world cannot provide a
download link in plain text.

5 years agomachinectl: spawn ask password agent on "start"
Lennart Poettering [Fri, 15 Nov 2019 10:12:34 +0000 (11:12 +0100)]
machinectl: spawn ask password agent on "start"

We start units in the background, hence it is wise to also have the
ask pasword agent around.

Fixes: #13587

5 years agoask-password-agent: introduce ask_password_agent_open_if_enabled()
Lennart Poettering [Fri, 15 Nov 2019 10:11:52 +0000 (11:11 +0100)]
ask-password-agent: introduce ask_password_agent_open_if_enabled()

This makes the ask-password agent handling more alike the polkit agent
handling again, and introduces ask_password_agent_open_if_enabled() that
works just like the already existing polkit_agent_open_if_enabled().

5 years agopolkit-agent: don't use an inline function
Lennart Poettering [Fri, 15 Nov 2019 10:11:10 +0000 (11:11 +0100)]
polkit-agent: don't use an inline function

This is long enough to just be a regular function, and is never called
in inner loops, let's hence just make this a plain function.

5 years agonspawn: Allow Capability= to overrule private network setting
Torsten Hilbrich [Tue, 12 Nov 2019 07:36:06 +0000 (08:36 +0100)]
nspawn: Allow Capability= to overrule private network setting

The commit:

a3fc6b55ac nspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking

turned off the CAP_NET_ADMIN capability whenever no private networking
feature was enabled. This broke configurations where the CAP_NET_ADMIN
capability was explicitly requested in the configuration.

Changing the order of evalution here to allow the Capability= setting
to overrule this implicit setting:

Order of evaluation:

1. if no private network setting is enabled, CAP_NET_ADMIN is removed
2. if a private network setting is enabled, CAP_NET_ADMIN is added
3. the settings of Capability= are added
4. the settings of DropCapability= are removed

This allows the fix for #11755 to be retained and to still allow the
admin to specify CAP_NET_ADMIN as additional capability.

Fixes: a3fc6b55acd3f37e50915304d87bed100efa9d9d
Fixes: #13995

5 years agosystemd-analyze: Add ProtectKernelLogs to security
Kevin Kuehler [Thu, 14 Nov 2019 01:37:05 +0000 (17:37 -0800)]
systemd-analyze: Add ProtectKernelLogs to security

5 years agounits: set ProtectKernelLogs=yes on relevant units
Kevin Kuehler [Thu, 14 Nov 2019 00:56:23 +0000 (16:56 -0800)]
units: set ProtectKernelLogs=yes on relevant units

We set ProtectKernelLogs=yes on all long running services except for
udevd, since it accesses /dev/kmsg, and journald, since it calls syslog
and accesses /dev/kmsg.

5 years agotest-namespace: Add test for ProtectKernelLogs=
Kevin Kuehler [Thu, 14 Nov 2019 00:38:33 +0000 (16:38 -0800)]
test-namespace: Add test for ProtectKernelLogs=