Lennart Poettering [Mon, 12 Dec 2016 19:54:45 +0000 (20:54 +0100)]
journald: don't flush to /var/log/journal before we get asked to
This changes journald to not write to /var/log/journal until it received
SIGUSR1 for the first time, thus having been requested to flush the runtime
journal to disk.
This makes the journal work nicer with systems which have the root file system
writable early, but still need to rearrange /var before journald should start
writing and creating files to it, for example because ACLs need to be applied
first, or because /var is to be mounted from another file system, NFS or tmpfs
(as is the case for systemd.volatile=state).
Before this change we required setupts with /var split out to mount the root
disk read-only early on, and ship an /etc/fstab that remounted it writable only
after having placed /var at the right place. But even that was racy for various
preparations as journald might end up accessing the file system before it was
entirely set up, as soon as it was writable.
With this change we make scheduling when to start writing to /var/log/journal
explicit. This means persistent mode now requires
systemd-journal-flush.service in the mix to work, as otherwise journald would
never write to the directory.
See: #1397
Lennart Poettering [Mon, 12 Dec 2016 18:46:56 +0000 (19:46 +0100)]
nspawn: restore --volatile=yes support
This was broken by
19caffac75a2590a0c5ebc2a0214960f8188aec7 which remounted the
root directory to MS_SHARED before applying the volatile mount logic. This
broke things as MS_MOVE is incompatible with MS_SHARED directory trees, and we
need MS_MOVE in the volatile mount logic to rearrange the directory tree.
Simply swap the order here, apply the volatile logic before we switch to
MS_SHARED.
Lennart Poettering [Mon, 12 Dec 2016 17:43:38 +0000 (18:43 +0100)]
qutoacheck,gpt-auto-generator: trivial coding style improvements
Lennart Poettering [Mon, 12 Dec 2016 17:29:15 +0000 (18:29 +0100)]
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
Lennart Poettering [Mon, 12 Dec 2016 12:42:06 +0000 (13:42 +0100)]
util-lib: read $SYSTEMD_PROC_CMDLINE if set when looking for the kernel cmdline
if we want to parse the kernel command line, let's check the
$SYSTEMD_PROC_CMDLINE environment variable first. This is useful for debugging
purposes.
Lennart Poettering [Mon, 12 Dec 2016 12:40:58 +0000 (13:40 +0100)]
build-sys: don't mke use of "sushell" automatically
"sushell" is a Fedora-specific concept, shipped as part of
"initscripts". We shouldn't actively search for it if we can avoid it.
Hence, lets now default to /bin/sh as debug shell on all systems, and
permit Fedora to override that for their RPMs via --with-debug-shell= at
configure time.
Lennart Poettering [Fri, 9 Dec 2016 17:39:15 +0000 (18:39 +0100)]
dissect: optionally, only look for GPT partition tables, nothing else
This is useful for reusing the dissector logic in the gpt-auto-discovery logic:
there we really don't want to use MBR or naked file systems as root device.
Lennart Poettering [Fri, 9 Dec 2016 16:36:40 +0000 (17:36 +0100)]
units: drop --fail parameter from "systemctl switch-root" invocation
This parameter has no effect on switch root hence we shouldn't specify it.
Lennart Poettering [Fri, 9 Dec 2016 16:35:48 +0000 (17:35 +0100)]
util-lib: make verbose_mount() grok MS_MOVE
Let's print a proper message if we see MS_MOVE.
Lennart Poettering [Fri, 9 Dec 2016 00:11:42 +0000 (01:11 +0100)]
firstboot: add kernel cmdline option to disable firstboot wizard
If booting with systemd.firstboot=0 the wizard will be skipped.
Lennart Poettering [Thu, 8 Dec 2016 18:41:27 +0000 (19:41 +0100)]
core: modernize the SwitchRoot() bus method a bit
Let's more verbose error messages when validating the input parameters fails.
Also, call path_is_os_tree() properly, as it doesn't return a boolean, but
possibly also an error. Finally, check for the existance of the new init
process with chase_symlinks() to properly handle possible symlinks on the init
binary (which might actually be pretty likely).
Lennart Poettering [Thu, 8 Dec 2016 18:39:50 +0000 (19:39 +0100)]
util-lib: add new path_is_temporary_fs() API
As simple wrapper around fd_is_temporary_fs().
Lennart Poettering [Thu, 8 Dec 2016 18:37:49 +0000 (19:37 +0100)]
gpt-auto-generator: rename add_boot() → add_esp()
After all, the call doesn't necessarily mount /boot anymore, but possibly /efi
now.
Lennart Poettering [Thu, 8 Dec 2016 18:36:46 +0000 (19:36 +0100)]
tree-wide: always invoke setmntent() with "re" mode
Let's make sure O_CLOEXEC is set for the file descriptor.
Lennart Poettering [Thu, 8 Dec 2016 18:35:05 +0000 (19:35 +0100)]
util-lib: make sure fd_check_fstype() opens files with O_CLOEXEC
Also, O_NOCTTY is a safer bet, let's add that too.
Lennart Poettering [Thu, 8 Dec 2016 16:23:08 +0000 (17:23 +0100)]
core: minor coding style/wording fixes
Lennart Poettering [Thu, 8 Dec 2016 16:19:27 +0000 (17:19 +0100)]
util-lib: beef path_is_os_tree() up a bit
Let's use chase_symlinks() when looking for /etc/os-release and
/usr/lib/os-release as these files might be symlinks (and actually are IRL on
some distros).
Lennart Poettering [Thu, 8 Dec 2016 16:15:06 +0000 (17:15 +0100)]
util-lib: accept invoking chase_symlinks() with a NULL return parameter
Let's permit invoking chase_symlinks() with a NULL return parameter. If so, the
resolved name is not returned, and call is useful for checking for existance of
a file, without actually returning its ultimate path.
Lennart Poettering [Thu, 8 Dec 2016 09:51:32 +0000 (10:51 +0100)]
core: add comment why we don't bother with MS_SHARED remounting of / in containers
Lennart Poettering [Thu, 8 Dec 2016 09:50:29 +0000 (10:50 +0100)]
shared: use uid_is_valid() for checking validity of UIDs
Lennart Poettering [Wed, 7 Dec 2016 23:28:05 +0000 (00:28 +0100)]
nspawn: split out VolatileMode definitions
This moves the VolatileMode enum and its helper functions to src/shared/. This
is useful to then reuse them to implement systemd.volatile= in a later commit.
Baruch Siach [Tue, 20 Dec 2016 13:59:26 +0000 (15:59 +0200)]
man/journalctl: mention systemd-journal-remote(8) (#4929)
Make it easier to figure out how to use the journalctl export format.
Lennart Poettering [Tue, 20 Dec 2016 10:14:59 +0000 (11:14 +0100)]
Merge pull request #4904 from dobyrch/calendar-range-step
calendarspec: allow repetition values with ranges
Zbigniew Jędrzejewski-Szmek [Tue, 20 Dec 2016 10:09:59 +0000 (05:09 -0500)]
systemctl: do not segfault when we cannot find template unit (#4915)
Core was generated by `systemctl cat test@.target test@.service'.
Program terminated with signal SIGSEGV, Segmentation fault.
32 movdqu (%rdi), %xmm0
(gdb) bt
-0 strrchr () at ../sysdeps/x86_64/strrchr.S:32
-1 0x00007f57fdf837fe in __GI___basename (filename=0x0) at basename.c:24
-2 0x000055b8a77d0d91 in unit_find_paths (bus=0x55b8a9242f90, unit_name=0x55b8a92428f0 "test@.service", lp=0x7ffdc9070400, fragment_path=0x7ffdc90703e0, dropin_paths=0x7ffdc90703e8) at src/systemctl/systemctl.c:2584
-3 0x000055b8a77dbae5 in cat (argc=3, argv=0x7ffdc9070678, userdata=0x0) at src/systemctl/systemctl.c:5324
-4 0x00007f57fe55fc6b in dispatch_verb (argc=5, argv=0x7ffdc9070668, verbs=0x55b8a77f1c60 <verbs>, userdata=0x0) at src/basic/verbs.c:92
-5 0x000055b8a77e477f in systemctl_main (argc=5, argv=0x7ffdc9070668) at src/systemctl/systemctl.c:8141
-6 0x000055b8a77e5572 in main (argc=5, argv=0x7ffdc9070668) at src/systemctl/systemctl.c:8412
The right behaviour is not easy in this case. Implement some "sensible" logic.
Fixes #4912.
Mike Gilbert [Tue, 20 Dec 2016 09:53:53 +0000 (04:53 -0500)]
build-sys: revert dbus >= 1.9.18 requirement (#4924)
Instead, document the necessary step to utilize older dbus versions.
Martin Pitt [Tue, 20 Dec 2016 07:18:06 +0000 (08:18 +0100)]
Merge pull request #4926 from whot/hwdb-updates
Hwdb updates
Peter Hutterer [Thu, 8 Dec 2016 00:25:49 +0000 (10:25 +1000)]
hwdb: axis override for HP Spectre
https://bugzilla.redhat.com/show_bug.cgi?id=1402596
Peter Hutterer [Fri, 2 Dec 2016 03:44:09 +0000 (13:44 +1000)]
hwdb: add axis overrides for Asus Vivobook E402SA
Peter Hutterer [Thu, 1 Dec 2016 00:38:08 +0000 (10:38 +1000)]
hwdb: add axis override for Lenovo W530
https://bugs.freedesktop.org/show_bug.cgi?id=98844
Peter Hutterer [Wed, 30 Nov 2016 00:25:15 +0000 (10:25 +1000)]
hwdb: add axis override for Toshiba Tecra M11
Jörg Thalheim [Mon, 19 Dec 2016 14:34:07 +0000 (15:34 +0100)]
networkd-ndisc: handle missing mtu gracefully (#4913)
At least bird's implementation of router advertisement does not
set MTU option by default (instead it supplies an option to the user).
In this case just leave MTU as it is.
Zbigniew Jędrzejewski-Szmek [Sun, 18 Dec 2016 20:47:41 +0000 (15:47 -0500)]
build-sys: treat format errors as fatal (#4910)
We currently don't expect any warnings about format strings, on any
architecture (#4612 removed the last few warnings). Turn those warnings into
errors in the future.
As requested by Martin Pitt.
gcc documentation says that -Wformat=2 includes -Wformat-security and
-Wformat-nonliteral so don't include them explicitly.
Zbigniew Jędrzejewski-Szmek [Sun, 18 Dec 2016 16:43:18 +0000 (11:43 -0500)]
Merge pull request #4892 from poettering/buspolicymove
build-sys: stop placing D-Bus policy below /etc
Zbigniew Jędrzejewski-Szmek [Sun, 18 Dec 2016 12:21:19 +0000 (07:21 -0500)]
core: downgrade "Time has been changed" to debug (#4906)
That message is emitted by every systemd instance on every resume:
Dec 06 08:03:38 laptop systemd[1]: Time has been changed
Dec 06 08:03:38 laptop systemd[823]: Time has been changed
Dec 06 08:03:38 laptop systemd[916]: Time has been changed
Dec 07 08:00:32 laptop systemd[1]: Time has been changed
Dec 07 08:00:32 laptop systemd[823]: Time has been changed
Dec 07 08:00:32 laptop systemd[916]: Time has been changed
-- Reboot --
Dec 07 08:02:46 laptop systemd[836]: Time has been changed
Dec 07 08:02:46 laptop systemd[1]: Time has been changed
Dec 07 08:02:46 laptop systemd[926]: Time has been changed
Dec 07 19:48:12 laptop systemd[1]: Time has been changed
Dec 07 19:48:12 laptop systemd[836]: Time has been changed
Dec 07 19:48:12 laptop systemd[926]: Time has been changed
...
Fixes #4896.
Martin Pitt [Sun, 18 Dec 2016 12:20:12 +0000 (13:20 +0100)]
Merge pull request #4911 from keszybz/fixlets
A few simple fixes / improvements
Zbigniew Jędrzejewski-Szmek [Sun, 18 Dec 2016 00:55:43 +0000 (19:55 -0500)]
basic/log: use IN_SET
Zbigniew Jędrzejewski-Szmek [Sat, 17 Dec 2016 23:27:01 +0000 (18:27 -0500)]
test-compress: fix warning about LZ4_compress_limitedOutput
691b90d465 fixed one spot, but missed the other one.
Zbigniew Jędrzejewski-Szmek [Fri, 16 Dec 2016 21:08:51 +0000 (16:08 -0500)]
core: remove spurious newline
Zbigniew Jędrzejewski-Szmek [Fri, 16 Dec 2016 21:03:31 +0000 (16:03 -0500)]
debug-generator: simplify handling of arg_default_unit
Also free the allocated memory before exiting.
Zbigniew Jędrzejewski-Szmek [Fri, 16 Dec 2016 20:55:27 +0000 (15:55 -0500)]
Use SPECIAL_DEFAULT_TARGET consistently
Zbigniew Jędrzejewski-Szmek [Sat, 3 Dec 2016 18:57:42 +0000 (13:57 -0500)]
Modify mount_propagation_flags_from_string to return a normal int code
This means that callers can distiguish an error from flags==0,
and don't have to special-case the empty string.
Zbigniew Jędrzejewski-Szmek [Sat, 17 Dec 2016 18:36:00 +0000 (13:36 -0500)]
Merge pull request #4845 from poettering/various-smaller-fixes
Various smaller fixes
Franck Bui [Sat, 17 Dec 2016 14:49:17 +0000 (15:49 +0100)]
coredumpctl: let gdb handle the SIGINT signal (#4901)
Even if pressing Ctrl-c after spawning gdb with "coredumpctl gdb" is not really
useful, we should let gdb handle the signal entirely otherwise the user can be
suprised to see a different behavior when gdb is started by coredumpctl vs when
it's started directly.
Indeed in the former case, gdb exits due to coredumpctl being killed by the
signal.
So this patch makes coredumpctl ignore SIGINT as long as gdb is running.
Zbigniew Jędrzejewski-Szmek [Sat, 17 Dec 2016 14:26:40 +0000 (09:26 -0500)]
README: bump dbus dep
We should also mention this in NEWS before release. Suggested text:
> DBus policy files are now installed into /usr rather than /etc. Make sure
> your system has dbus = 1.9.18 running before upgrading to this version, or
> override the install path with --with-dbuspolicydir=
Douglas Christman [Fri, 16 Dec 2016 17:36:15 +0000 (12:36 -0500)]
calendarspec: remove superfluous variables
Douglas Christman [Fri, 16 Dec 2016 20:49:54 +0000 (15:49 -0500)]
calendarspec: rename fields of CalendarComponent
value/range_end -> start/stop
Douglas Christman [Fri, 16 Dec 2016 01:02:10 +0000 (20:02 -0500)]
calendarspec: allow repetition values with ranges
"Every other hour from 9 until 5" can be written as
`9..17/2:00` instead of `9,11,13,15,17:00`
Franck Bui [Fri, 16 Dec 2016 16:13:58 +0000 (17:13 +0100)]
core: make mount units from /proc/self/mountinfo possibly bind to a device (#4515)
Since commit 9d06297, mount units from mountinfo are not bound to their devices
anymore (they use the "Requires" dependency instead).
This has the following drawback: if a media is mounted and the eject button is
pressed then the media is unconditionally ejected leaving some inconsistent
states.
Since udev is the component that is reacting (no matter if the device is used
or not) to the eject button, users expect that udev at least try to unmount the
media properly.
This patch introduces a new property "SYSTEMD_MOUNT_DEVICE_BOUND". When set on
a block device, all units that requires this device will see their "Requires"
dependency upgraded to a "BindTo" one. This is currently only used by cdrom
devices.
This patch also gives the possibility to the user to restore the previous
behavior that is bind a mount unit to a device. This is achieved by passing the
"x-systemd.device-bound" option to mount(8). Please note that currently this is
not working because libmount treats the x-* options has comments therefore
they're not available in utab for later application retrievals.
Lucas Werkmeister [Fri, 16 Dec 2016 14:41:31 +0000 (15:41 +0100)]
bootctl: fix typo (#4897)
Stefan Hajnoczi [Fri, 16 Dec 2016 10:20:27 +0000 (10:20 +0000)]
core: prevent invalid socket symlink target dereference (#4895)
socket_find_symlink_target() returns a pointer to
p->address.sockaddr.un.sun_path when the first byte is non-zero without
checking that this is AF_UNIX socket. Since sockaddr is a union this
byte could be non-zero for AF_INET sockets.
Existing callers happen to be safe but is an accident waiting to happen.
Use socket_address_get_path() since it checks for AF_UNIX.
Daniel Drake [Thu, 15 Dec 2016 22:11:11 +0000 (16:11 -0600)]
rules: identify internal sound cards on platform bus (#4893)
We have a system which has the HDMI audio capability internally,
but pulseaudio is not giving it a very high priority compared
to e.g. USB sound cards.
The sound device appears on the platform bus and it is not
currently tagged with any form factor information.
It seems safe to assume that any sound card that is directly on the
platform bus is of internal form factor, but we must be careful because
udev rules will match all parent devices, not just the immediate parent,
and you will frequently encounter setups such as:
Platform bus -> USB host controller -> USB sound card
In that case, SUBSYSTEMS==platform would match even though we're
clearly working with an external USB sound card.
In order to detect true platform devices here, we rely on the observation
that if any parent devices of the sound card are PCI, USB or firewire
devices, then this sound card cannot directly connected to the platform
bus. Otherwise, if we find a parent device on the platform bus, we assume
this is an internal sound card connected directly to the platform bus.
Lennart Poettering [Mon, 12 Dec 2016 18:16:33 +0000 (19:16 +0100)]
build-sys: stop placing D-Bus policy below /etc
Let's start placing our D-Bus policy files in /usr rather than /etc. D-Bus
supports this since 1.9.18, and moving our files over means we continue to work
even if /etc is flushed out entirely (for example if systemd-nspawn's
--volatile= switch is used).
Since 1.9.18 was released summer 2015 it should be fine to require a newer
version like this for our builds.
https://lists.freedesktop.org/archives/dbus/2015-July/016746.html
Doug Christman [Wed, 14 Dec 2016 18:21:27 +0000 (13:21 -0500)]
calendarspec: free memory when parsing fails (#4890)
This prevents memory leaks on strings like `*~*-*`.
Fixes #4887
Lennart Poettering [Tue, 6 Dec 2016 18:26:48 +0000 (19:26 +0100)]
update TODO
Lennart Poettering [Tue, 6 Dec 2016 22:17:57 +0000 (23:17 +0100)]
mkosi: change /etc/issue text a bit for mkosi images build from systemd tree
Lennart Poettering [Tue, 6 Dec 2016 22:17:30 +0000 (23:17 +0100)]
mkosi: run tests when building mkosi images
Lennart Poettering [Tue, 6 Dec 2016 21:55:43 +0000 (22:55 +0100)]
build-sys: include the builddir in $PATH while testing
udev-test.pl shells out systemd-detect-virt, and it really should invoke the
version from the build tree instead of one supplied by the installed system,
hence let's add the builddir to $PATH while building.
Lennart Poettering [Tue, 6 Dec 2016 19:29:07 +0000 (20:29 +0100)]
util-lib: rework rename_process() to be able to make use of PR_SET_MM_ARG_START
PR_SET_MM_ARG_START allows us to relatively cleanly implement process renaming.
However, it's only available with privileges. Hence, let's try to make use of
it, and if we can't fall back to the traditional way of overriding argv[0].
This removes size restrictions on the process name shown in argv[] at least for
privileged processes.
Lennart Poettering [Tue, 6 Dec 2016 18:36:30 +0000 (19:36 +0100)]
sysv-generator: properly translate sysv facilities
We used the wrong return value in one case, so that our translations were
thrown away.
While we are at it, make sure to always initialize *ret on successful function
exits.
Fixes: #4762
Lennart Poettering [Tue, 6 Dec 2016 18:35:31 +0000 (19:35 +0100)]
machinectl: make "machinectl -E … shell" work
Fixes: #4823
Lennart Poettering [Tue, 6 Dec 2016 18:34:18 +0000 (19:34 +0100)]
journalctl: improve wording in an errors message
Fixes: #4660
Lennart Poettering [Tue, 6 Dec 2016 18:33:36 +0000 (19:33 +0100)]
man: document that "systemctl show" shows low-level properties
Fixes: #4654
Lennart Poettering [Tue, 6 Dec 2016 18:27:17 +0000 (19:27 +0100)]
man: minor fixes for sd_journal_print(3)
When sd_journal_perror() was added some footers weren't updated accordingly.
Let's do so.
Fixes: #4755
Lennart Poettering [Tue, 6 Dec 2016 17:41:27 +0000 (18:41 +0100)]
mkosi: update mkosi.fedora so that we can run "make check" during build
Our tests require "diff" and "tree", hence let's add them to the set of
development packages.
Lennart Poettering [Tue, 6 Dec 2016 17:19:23 +0000 (18:19 +0100)]
nspawn: flush out environment block of the -a stub init process
The container detection code in virt.c we ship checks for /proc/1/environ,
looking for "container=" in it. Let's make sure our "-a" init stub exposes that
correctly.
Without this "systemd-detect-virt" run in a "-a" container won't detect that it
is being run in a container.
Lennart Poettering [Tue, 6 Dec 2016 14:51:26 +0000 (15:51 +0100)]
util-lib: improve container detection logic
Previously, systemd-detect-virt was unable to detect "systemd-nspawn -a"
container environments, i.e. where PID 1 is a stub process running in host
context, as in that case /proc/1/environ was inherited from the host. Let's
improve that, and add an additional check for container environments where
/proc/1/environ is not cleaned up and does not contain the $container
environment variable:
The /proc/1/sched file shows the host PID in the first line. if this is not
1, we know we are running in a PID namespace (but not which implementation).
With these changes we should be able to detect container environments that
don't set $container at all.
Zbigniew Jędrzejewski-Szmek [Wed, 14 Dec 2016 10:51:26 +0000 (05:51 -0500)]
Add sd_is_socket_sockaddr (#4885)
Fixes #1188.
Ronny Chevalier [Wed, 14 Dec 2016 10:34:48 +0000 (11:34 +0100)]
Merge pull request #4889 from evverx/fix-test-fs-util-memleak
test-fs-util: fix memleak
Lennart Poettering [Wed, 7 Dec 2016 19:00:31 +0000 (20:00 +0100)]
generator: order fsck service After= the device
Otherwise we might get started too early.
Lennart Poettering [Tue, 29 Nov 2016 21:50:21 +0000 (22:50 +0100)]
core: rework logic to determine when we decide to add automatic deps for mounts
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider
them managed by something else and do not add automatic ordering against
umount.target, local-fs.target, remote-fs.target.
Extrinsic mounts are considered:
- All mounts if we are running in --user mode
- API mounts such as everything below /proc, /sys, /dev, which exist from
earliest boot to latest shutdown.
- All mounts marked as initrd mounts, if we run on the host
- The initrd's private directory /run/initrams that should survive until last
reboot.
This primarily merges a couple of different exclusion lists into a single
concept.
Lennart Poettering [Tue, 29 Nov 2016 20:07:05 +0000 (21:07 +0100)]
core: make sure targets that get a default Conflicts=shutdown.target are also ordered against it
Let's tweak the automatic dependency generation of target units: not only add a
Conflicts= towards shutdown.target but also an After= line for it, so that we
can be sure the new target is not started when the old target is still up.
Discovered in the context of #4733
(Also, exclude dependency generation if for shutdown.target itself. — This is
strictly speaking redundant, as unit_add_two_dependencies_by_name() detects
that and becomes a NOP, but let's make this explicit for readability.)
Lennart Poettering [Thu, 24 Nov 2016 16:47:39 +0000 (17:47 +0100)]
Add a bit of documentation for the various undocumented environment variables we honour
Lennart Poettering [Thu, 24 Nov 2016 16:42:19 +0000 (17:42 +0100)]
util: Fine tune running_in_chroot() a bit
Let's be a bit more careful when detecting chroot() environments, so that we
can discern them from namespaced environments.
Previously this would simply check if the root directory of PID 1 matches our
own root directory. With this commit, we also check whether the namespaces of
PID 1 and ourselves are the same. If not we assume we are running inside of a
namespaced environment instead of a chroot() environment.
This has the benefit that systemctl (which uses running_in_chroot()) will work
as usual when invoked in a namespaced service.
Zbigniew Jędrzejewski-Szmek [Wed, 14 Dec 2016 04:24:42 +0000 (23:24 -0500)]
Merge pull request #4806 from poettering/keyring-init
set up a per-service session kernel keyring, and store the invocation ID in it
Zbigniew Jędrzejewski-Szmek [Wed, 14 Dec 2016 03:30:07 +0000 (22:30 -0500)]
Merge pull request #4727 from poettering/exec-bind
More namespace improvements
Evgeny Vereshchagin [Wed, 14 Dec 2016 00:31:53 +0000 (00:31 +0000)]
test-fs-util: fix memleak
Fixes:
```
$ ./libtool --mode=execute valgrind --leak-check=full ./test-fs-util
...
==22871==
==22871== 27 bytes in 1 blocks are definitely lost in loss record 1 of 1
==22871== at 0x4C2FC47: realloc (vg_replace_malloc.c:785)
==22871== by 0x4E86D05: strextend (string-util.c:726)
==22871== by 0x4E8F347: chase_symlinks (fs-util.c:712)
==22871== by 0x109EBF: test_chase_symlinks (test-fs-util.c:75)
==22871== by 0x10C381: main (test-fs-util.c:305)
==22871==
```
Closes #4888
Lennart Poettering [Thu, 24 Nov 2016 00:51:36 +0000 (01:51 +0100)]
update TODO
Lennart Poettering [Wed, 23 Nov 2016 23:44:57 +0000 (00:44 +0100)]
core: make "Restart" service property accessible via the transient API
Fixes: #4402
Lennart Poettering [Wed, 23 Nov 2016 21:21:40 +0000 (22:21 +0100)]
core: add ability to define arbitrary bind mounts for services
This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow
defining arbitrary bind mounts specific to particular services. This is
particularly useful for services with RootDirectory= set as this permits making
specific bits of the host directory available to chrooted services.
The two new settings follow the concepts nspawn already possess in --bind= and
--bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these
latter options should probably be renamed to BindPaths= and BindReadOnlyPaths=
too).
Fixes: #3439
Lennart Poettering [Tue, 13 Dec 2016 23:51:37 +0000 (00:51 +0100)]
namespace: instead of chasing mount symlinks a priori, do so as-we-go
This is relevant as many of the mounts we try to establish only can be followed
when some other prior mount that is a prefix of it is established. Hence: move
the symlink chasing into the actual mount functions, so that we do it as late
as possibly but as early as necessary.
Fixes: #4588
Lennart Poettering [Tue, 13 Dec 2016 23:48:52 +0000 (00:48 +0100)]
core: rename BindMount structure → MountEntry
After all, these don#t strictly encapsulate bind mounts anymore, and we are
preparing this for adding arbitrary user-defined bind mounts in a later commit,
at which point this would become really confusing. Let's clean this up, rename
the BindMount structure to MountEntry, so that it is clear that it can contain
information about any kind of mount.
Lennart Poettering [Wed, 23 Nov 2016 00:09:14 +0000 (01:09 +0100)]
namespace: add explicit read-only flag
This reworks handling of the read-only management for mount points. This will
become handy as soon as we add arbitrary bind mount support (which comes in a
later commit).
Lennart Poettering [Tue, 22 Nov 2016 19:21:23 +0000 (20:21 +0100)]
namespace: reindent protect_system_strict_table[] as well
All other tables got reindented, but one was forgotten. Fix that.
Lennart Poettering [Tue, 22 Nov 2016 19:19:08 +0000 (20:19 +0100)]
core: hook up MountFlags= to the transient unit logic
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making
MountFlags= to the list of properties that may be accessed transiently.
Lennart Poettering [Wed, 7 Dec 2016 19:14:43 +0000 (20:14 +0100)]
pam: include pam_keyinit.so in our PAM fragments
We want that systemd --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get the
basic keyring systemd --system sets up for us.
Lennart Poettering [Fri, 2 Dec 2016 14:05:55 +0000 (15:05 +0100)]
core: store the invocation ID in the per-service keyring
Let's store the invocation ID in the per-service keyring as a root-owned key,
with strict access rights. This has the advantage over the environment-based ID
passing that it also works from SUID binaries (as they key cannot be overidden
by unprivileged code starting them), in contrast to the secure_getenv() based
mode.
The invocation ID is now passed in three different ways to a service:
- As environment variable $INVOCATION_ID. This is easy to use, but may be
overriden by unprivileged code (which might be a bad or a good thing), which
means it's incompatible with SUID code (see above).
- As extended attribute on the service cgroup. This cannot be overriden by
unprivileged code, and may be queried safely from "outside" of a service.
However, it is incompatible with containers right now, as unprivileged
containers generally cannot set xattrs on cgroupfs.
- As "invocation_id" key in the kernel keyring. This has the benefit that the
key cannot be changed by unprivileged service code, and thus is safe to
access from SUID code (see above). But do note that service code can replace
the session keyring with a fresh one that lacks the key. However in that case
the key will not be owned by root, which is easily detectable. The keyring is
also incompatible with containers right now, as it is not properly namespace
aware (but this is being worked on), and thus most container managers mask
the keyring-related system calls.
Ideally we'd only have one way to pass the invocation ID, but the different
ways all have limitations. The invocation ID hookup in journald is currently
only available on the host but not in containers, due to the mentioned
limitations.
How to verify the new invocation ID in the keyring:
# systemd-run -t /bin/sh
Running as unit: run-rd917366c04f847b480d486017f7239d6.service
Press ^] three times within 1s to disconnect TTY.
# keyctl show
Session Keyring
680208392 --alswrv 0 0 keyring: _ses
250926536 ----s-rv 0 0 \_ user: invocation_id
# keyctl request user invocation_id
250926536
# keyctl read
250926536
16 bytes of data in key:
9c96317c ac64495a a42b9cd7 4f3ff96b
# echo $INVOCATION_ID
9c96317cac64495aa42b9cd74f3ff96b
# ^D
This creates a new transient service runnint a shell. Then verifies the
contents of the keyring, requests the invocation ID key, and reads its payload.
For comparison the invocation ID as passed via the environment variable is also
displayed.
Lennart Poettering [Fri, 2 Dec 2016 00:54:41 +0000 (01:54 +0100)]
core: run each system service with a fresh session keyring
This patch ensures that each system service gets its own session kernel keyring
automatically, and implicitly. Without this a keyring is allocated for it
on-demand, but is then linked with the user's kernel keyring, which is OK
behaviour for logged in users, but not so much for system services.
With this change each service gets a session keyring that is specific to the
service and ceases to exist when the service is shut down. The session keyring
is not linked up with the user keyring and keys hence only search within the
session boundaries by default.
(This is useful in a later commit to store per-service material in the keyring,
for example the invocation ID)
(With input from David Howells)
Lennart Poettering [Tue, 13 Dec 2016 19:31:09 +0000 (20:31 +0100)]
Merge pull request #4877 from evverx/fix-machine-id
handle corrupted /etc/machine-id nicer
Evgeny Vereshchagin [Tue, 13 Dec 2016 12:46:11 +0000 (12:46 +0000)]
test: check that we can boot with broken machine-id
Evgeny Vereshchagin [Tue, 13 Dec 2016 11:45:01 +0000 (11:45 +0000)]
sd-id128: id128_write overwrites target file
Evgeny Vereshchagin [Tue, 13 Dec 2016 11:34:09 +0000 (11:34 +0000)]
machine-id-setup: `--print --commit` respects the --root option
Evgeny Vereshchagin [Tue, 13 Dec 2016 10:36:03 +0000 (10:36 +0000)]
core: machine_id_setup overwrites broken machine-id
Andrey Ulanov [Tue, 13 Dec 2016 01:38:18 +0000 (17:38 -0800)]
nspawn: when getting SIGCHLD make sure it's from the first child (#4855)
When getting SIGCHLD we should not assume that it was the first
child forked from system-nspawn that has died as it may also be coming
from an orphan process. This change adds a signal handler that ignores
SIGCHLD unless it came from the first containerized child - the real
child.
Before this change the problem can be reproduced as follows:
$ sudo systemd-nspawn --directory=/container-root --share-system
Press ^] three times within 1s to kill container.
[root@andreyu-coreos ~]# { true & } &
[1] 22201
[root@andreyu-coreos ~]#
Container root-fedora-latest terminated by signal KILL
Sylvain Plantefève [Mon, 12 Dec 2016 21:17:51 +0000 (22:17 +0100)]
catalog: update french translation following 5a1d6cb (#4872)
Piotr Drąg [Mon, 12 Dec 2016 21:04:50 +0000 (22:04 +0100)]
catalog: update Polish translation (#4874)
Martin Pitt [Mon, 12 Dec 2016 15:03:52 +0000 (16:03 +0100)]
Merge pull request #4771 from keszybz/udev-property-ordering
Udev property ordering
Martin Pitt [Mon, 12 Dec 2016 07:12:10 +0000 (08:12 +0100)]
Merge pull request #4868 from keszybz/man
Ellipsization
Lennart Poettering [Sun, 11 Dec 2016 23:02:01 +0000 (00:02 +0100)]
Merge pull request #4867 from keszybz/catalog-messages
Catalog message improvements
Zbigniew Jędrzejewski-Szmek [Thu, 1 Dec 2016 16:46:40 +0000 (11:46 -0500)]
hwdb: emit warning when matches are specified at the very end of file
This is also an error, but it wasn't caught.
[/tmp/tmp.YWeKax4fMI/etc/udev/hwdb.d/10-bad.hwdb:26] Property expected, ignoring record with no properties
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 22:17:17 +0000 (17:17 -0500)]
man: two trivial formatting fixes