| Age | Commit message (Collapse) | Author |
|---|
|
rework service namespace handling a bit
|
|
free_and_replace sets the setcond argument to NULL (it's designed
to be used with _clenaup_ macros), and we don't want that here.
Fixes #4684.
|
|
|
|
|
|
Let's align all our BindMount tables, let's use the same column widths in all
of them, and let's make them not any wider than necessary.
This only changes whitespace, not contents of any of the tables.
|
|
This changes a couple of things in the namespace handling:
It merges the BindMount and TargetMount structures. They are mostly the same,
hence let's just use the same structue, and rely on C's implicit zero
initialization of partially initialized structures for the unneeded fields.
This reworks memory management of each entry a bit. It now contains one "const"
and one "malloc" path. We use the former whenever we can, but use the latter
when we have to, which is the case when we have to chase symlinks or prefix a
root directory. This means in the common case we don't actually need to
allocate any dynamic memory. To make this easy to use we add an accessor
function bind_mount_path() which retrieves the right path string from a
BindMount structure.
While we are at it, also permit "+" as prefix for dirs configured with
ReadOnlyPaths= and friends: if specified the root directory of the unit is
implicited prefixed.
This also drops set_bind_mount() and uses C99 structure initialization instead,
which I think is more readable and clarifies what is being done.
This drops append_protect_kernel_tunables() and
append_protect_kernel_modules() as append_static_mounts() is now simple enough
to be called directly.
Prefixing with the root dir is now done in an explicit step in
prefix_where_needed(). It will prepend the root directory on each entry that
doesn't have it prefixed yet. The latter is determined depending on an extra
bit in the BindMount structure.
|
|
Shortening
|
|
Automatically GC device jobs when there's no need to keep them in the job queue anymore.
Implement systemctl list-jobs --before/--after.
Allow systemd-run -p After/Before/Wants/Requires= ...
|
|
|
|
(before)$ systemctl list-jobs --before --after
JOB UNIT TYPE STATE
8769 foobar.device start running
A job waits for this job: 8669 (run-rb6da596d0cfa4e36b7c594cd973e795a.service/start)
8669 run-rb6da596d0cfa4e36b7c594cd973e795a.service start waiting
This job waits for a job: 8769 (foobar.device/start)
2 jobs listed.
(after)$ systemctl list-jobs --before --after
JOB UNIT TYPE STATE
8769 foobar.device start running
waiting for job 8669 (run-rb6da596d0cfa4e36b7c594cd973e795a.service/start)
8669 run-rb6da596d0cfa4e36b7c594cd973e795a.service start waiting
blocking job 8769 (foobar.device/start)
2 jobs listed.
|
|
Pavilion x360 13 (#4680)
|
|
|
|
called
Let's expose the new bus functions we added in the previous commit in
systemctl.
|
|
This should make it easier to debug job deadlocks.
|
|
Support on the server side has already been in place for quite some time, let's
also add support on the client side for this.
|
|
Sometimes it is useful for debugging purposes to force systemctl to connect to
PID 1 via the bus instead of direct connection, even if the direct connection
is possible.
|
|
In contrast to all other unit types device units when queued just track
external state, they cannot effect state changes on their own. Hence unless a
client or other job waits for them there's no reason to keep them in the job
queue. This adds a concept of GC'ing jobs of this type as soon as no client or
other job waits for them anymore.
To ensure this works correctly we need to track which clients actually
reference a job (i.e. which ones enqueued it). Unfortunately that's pretty
nasty to do for direct connections, as sd_bus_track doesn't work for
them. For now, work around this, by simply remembering in a boolean that a job
was requested by a direct connection, and reset it when we notice the direct
connection is gone. This means the GC logic works fine, except that jobs are
not immediately removed when direct connections disconnect.
In the longer term, a rework of the bus logic should fix this properly. For now
this should be good enough, as GC works for fine all cases except this one, and
thus is a clear improvement over the previous behaviour.
Fixes: #1921
|
|
Let's make semantics of this field more similar to the same functionality in
the Unit object, in particular as we add new functionality to it later on.
|
|
We count the units in the GC queue with this, but actually never make use of
it, hence drop it.
|
|
|
|
Let's introduce a new call bus_track_add_name_many() that adds a string list to
a tracking object.
|
|
core: improve the logic that implies no new privileges and documentation fixes
|
|
This will simplify testing a bit.
Mainly for https://github.com/systemd/systemd/pull/4670
|
|
Allow all callers that want to print RestrictNamespaces= returned from D-Bus
as a string instead of a u64 value.
|
|
|
|
The RestrictNamespaces= takes yes, no or a list of namespaces types,
therefor config_parse_restrict_namespaces() is a bit complex and it
operates on the ExecContext, fix this by passing the offset of
ExecContext directly otherwise restricting namespaces won't work.
|
|
|
|
|
|
|
|
The no_new_privileged_set variable is not used any more since commit
9b232d3241fcfbf60af that fixed another thing. So remove it. Also no
need to check if we are under user manager, remove that part too.
|
|
networkd: split sources into subdirectories
|
|
(#4613)
Since 133 is now used in a few places, add a #define for it.
Also make the status message a bit informative.
Another issue introduced in b006762. The logic was borked, we were supposed
to return 0 to break the loop, and 133 to restart the container, not the other
way around.
But this doesn't seem to work, reboot fails with:
Nov 08 00:41:32 laptop systemd-nspawn[26564]: Failed to register machine: Machine 'fedora-rawhide' already exists
So actually the version before this patch worked better, since 133 > 0 and we'd
at least loop internally.
|
|
|
|
Rename networkd.h to networkd-manager.h, to more accurately describe what it
contains.
|
|
This could (and should) be made into a separate daemon, at least move
the sourcefiles out for now.
|
|
Also clean up the header files a bit.
|
|
|
|
build-sys: do not install ctrl-alt-del.target symlink twice
|
|
It was a harmless but pointless duplication. Fixes #4655.
Note: in general we try to install as little as possible in
/etc/systemd/{system,user}. We only install .wants links there for units which
are "user configurable", i.e. which have an [Install] section. Most our units
and aliases are not user configurable, do not have an [Install] section, and
must be symlinked statically during installation. A few units do have an
[Install] section, and are enabled through symlinks in /etc/ during
installation using GENERAL_ALIASES. It *would* be possible to not create those
symlinks, and instead require 'systemctl preset' to be invoked after
installation, but GENERAL_ALIASES works well enough.
|
|
This GUID was added in #2263, but the manpage was not updated.
|
|
Otherwise we think the alias is the real unit, and may edit/cat the
wrong unit.
Before this patch:
$ systemctl edit autovt@ # creates dropin in /etc/systemd/system/autovt@.service.d
$ systemctl cat autovt@ | grep @.service
# /lib/systemd/system/autovt@.service
# that serial gettys are covered by serial-getty@.service, not this
# /etc/systemd/system/autovt@.service.d/override.conf
$ systemctl cat getty@ | grep @.service
# /lib/systemd/system/getty@.service
# that serial gettys are covered by serial-getty@.service, not this
After this patch
$ systemctl edit autovt@ # creates dropin in /etc/systemd/system/getty@.service.d
$ systemctl cat autovt@ | grep @.service
# /usr/lib/systemd/system/getty@.service
# that serial gettys are covered by serial-getty@.service, not this
# /etc/systemd/system/getty@.service.d/override.conf
systemctl cat getty@ | grep @.service
# /usr/lib/systemd/system/getty@.service
# that serial gettys are covered by serial-getty@.service, not this
# /etc/systemd/system/getty@.service.d/override.conf
|
|
various small cleanups in our configure help output
|
|
The mount fails, even though CAP_SYS_ADMIN is granted.
Only file systems with FU_USERNS_MOUNT in .fs_flags may be mounted in userns,
and the patch to add that fusectl was rejected [1]. It would be nice if we
could check if the kernel has FU_USERNS_MOUNT for a given fs type, since this
could change over time, but this information doesn't seem to be exported.
So let's just skip this mount in userns to avoid an error during boot.
[1] https://patchwork.kernel.org/patch/2828269/
|
|
extract_first_words deals fine with the string being NULL, so drop the upfront
check for that.
|
|
(#4626)
NTP use jump adjust if system has incorrect time read from RTC during boot.
It is desireble to update RTC time as soon as NTP set correct system time.
Sometimes kernel failed to update RTC due to STA_UNSYNC get set before RTC
update finised. In that case RTC time wouldn't be updated within long time.
The commit makes RTC updates stable.
When NTP do jump time adjust using ADJ_SETOFFSET it clears STA_UNSYNC flag.
If don't clear ADJ_MAXERROR, STA_UNSYNC will be set again by kernel within
1 second (by second_overflow() function). STA_UNSYNC flag prevent RTC updates
in kernel. Sometimes the kernel is able to update RTC withing 1 second,
but sometimes it falied.
|
|
We were using a mix of upper and lowercase. Since autoconf's own help
output uses lowercase, use that as well.
|
|
ENOENT should be treated as "false", but because of the broken errno check it
was treated as an error. So ConditionVirtualization=user-namespaces probably
returned the correct answer, but only by accident.
Fixes #4608.
|
|
The AC_HELP_STRING autoconf macro is obsolete. Use AS_HELP_STRING instead.
|
|
The bzip2 support is enabled by default unless requested otherwise via
--disable-bzip2. Make the help text reflect that.
Fixes: #4636
|
|
This adds a new systemd fstab option x-systemd.mount-timeout. The option
adds a timeout value that specifies how long systemd waits for the mount
command to finish. It allows to mount huge btrfs volumes without issues.
This is equivalent to adding option TimeoutSec= to [Mount] section in a
mount unit file.
fixes #4055
|
