| Age | Commit message (Collapse) | Author |
|---|
|
This makes nspawn's logic of automatically discovering the root hash of
an image file generic, and then reuses it in systemd-dissect and in
PID1's RootImage= logic, so that verity is automatically set up whenever
we can.
|
|
directory for a service
This is similar to RootDirectory= but mounts the root file system from a
block device or loopback file instead of another directory.
This reuses the image dissector code now used by nspawn and
gpt-auto-discovery.
|
|
If the dissected image contains symlinks for the mount points we need we
need to make sure to follow this with chase_symlinks() so that we don't
leave the image.
|
|
ReadWritablePaths= work
5327c910d2fc1ae91bd0b891be92b30379c7467b claimed to add support for "+"
for prefixing paths with the configured RootDirectory=. But actually it
only implemented it in the backend, it did not add support for it to the
configuration file parsers. Fix that now.
|
|
conjunction with RootDirectory=
This adds a boolean unit file setting MountAPIVFS=. If set, the three
main API VFS mounts will be mounted for the service. This only has an
effect on RootDirectory=, which it makes a ton times more useful.
(This is basically the /dev + /proc + /sys mounting code posted in the
original #4727, but rebased on current git, and with the automatic logic
replaced by explicit logic controlled by a unit file setting)
|
|
The source_malloc field wants to be freed, too.
|
|
make RestrictAddressFamilies= officially a NOP on i386
|
|
man: document that sd_notify() is racy in some cases
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We already say that it doesn't work on i386, but there are more archs
like that apparently.
|
|
it a NOP
See: #5215
|
|
|
|
Use `explicit_bzero`
|
|
CID #1370779.
|
|
The compiler should not be able to optimize out the memset, because optarg is global
memory. In this case, not making the argument an empty string is nicer, so just use
an open-coded version of string_erase from before the explicit_bzero change.
|
|
explicit_bzero was added in glibc 2.25. Make use of it.
explicit_bzero is hardcoded to zero the memory, so string erase now
truncates the string, instead of overwriting it with 'x'. This causes
a visible difference only in the journalctl case.
|
|
It doesn't really add much value in normal operation and just spams the log.
|
|
Fix WorkDir=~ with empty User=
|
|
|
|
(#5230)
https://github.com/systemd/systemd/issues/5215#issuecomment-277156262
libseccomp does not allow you to add architectures to a filter that
doesn't match the byte ordering of the architectures already added to
the filter (it would be a mess, not to mention largely pointless) and
since systemd attempts to add an ABI before removing the default native
ABI, you will always fail on Power (either due to ppc or ppc64le). The
fix is to remove the native ABI before adding a new ABI so you don't run
into problems with byte ordering.
You would likely see the same failure on a MIPS system.
Thanks @pcmoore!
|
|
|
|
This seems like something that shouldn't be higher then debug level, even
if it does not get emitted too often.
Fixes #5228.
|
|
Gcc7 is smarter about detecting unused functions and detects those two functions
which are unused in tests. But gperf generates them for us, so let's instead of removing
tell gcc that we know they might be unused in the test code.
In file included from ../src/test/test-af-list.c:29:0:
./src/basic/af-from-name.h:140:1: warning: ‘lookup_af’ defined but not used [-Wunused-function]
lookup_af (register const char *str, register size_t len)
^~~~~~~~~
In file included from ../src/test/test-arphrd-list.c:29:0:
./src/basic/arphrd-from-name.h:125:1: warning: ‘lookup_arphrd’ defined but not used [-Wunused-function]
lookup_arphrd (register const char *str, register size_t len)
^~~~~~~~~~~~~
|
|
systemd-mount --unmount /some/path
systemd-mount --umount /some/path
systemd-mount -u /some/path
systemd-unmount /some/path
all do the same thing that one could expect from the name.
|
|
run: fix race for "systemd-run --wait"
|
|
Fixes #4916.
|
|
Before previous commit, username would be NULL for root, and set only
for other users. So the argument passed to utmp_put_init_process()
would be "root" for other users and NULL for root. Seems strange.
Instead, always pass the username if available.
|
|
This changes the environment for services running as root from:
LANG=C.utf8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
INVOCATION_ID=ffbdec203c69499a9b83199333e31555
JOURNAL_STREAM=8:1614518
to
LANG=C.utf8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
HOME=/root
LOGNAME=root
USER=root
SHELL=/bin/sh
INVOCATION_ID=15a077963d7b4ca0b82c91dc6519f87c
JOURNAL_STREAM=8:1616718
Making the environment special for the root user complicates things
unnecessarily. This change simplifies both our logic (by making the setting
of the variables unconditional), and should also simplify the logic in
services (particularly scripts).
Fixes #5124.
|
|
|
|
This reworks systemd-run so that in --pty mode we watch the unit state
the way we do it in --wait mode. Whenever we notice that the service is
in failed or inactive state finish right-away, but first write all
unwritten characters we can read from the master TTY device.
This makes sure that when the TTY service fails before it opens the
slave PTY device we properly notice that and exit early, so that borked
start parameters result in immediate systemd-run failure. Previously,
we'd not notice this at all, as a PTY slave that never was opened won't
result in POLLHUP events, and we'd hence simply keep reading from it
forever.
In essence, --pty now enables the same unit watching logic that --wait
enables. However, unless --wait is specified we won#t show the final
summary, hence the effective difference should be pretty minimal.
Fixes: #3915
|
|
If the PTY forwarder is still around our TTY will have borked settings,
regarding newlines, hence explicitly close it before showing the
summary, so that it looks pretty.
|
|
|
|
If a callback of an event source returns an error, then the event source
might already be half-destroyed, if the callback dropped all refs.
Hence, don't assume that the type is still valid, and save it before we
issue the callback.
|
|
Two fixes to path lookup when --root is used
|
|
UBI is a software layer on top of MTD devices that is used with flash
chips.
|
|
The 'Sessions' property for both org.freedesktop.login1.User and
org.freedesktop.login1.Seat is marked as EmitsChangedSignal(false).
Trying to emit a change signal that includes the 'Sessions' property
leads to the signal not being sent at all.
Fixes #5210.
|
|
time handling fixes
|
|
ptyfwd object
|
|
D-Bus is inherently racy when a function returns an object path for a
newly allocated object the client shall watch: as the object already
exists before the client can subscribe to it, it might lose messages
from it.
Let's fix this, by explicitly querying unit properties right after
subscribing to its property changes.
Fixes: #4920
|
|
We gnerally suffix file settings and cmdline options that expect ags
with "=" to indicate that. Do so here, too.
|
|
|
|
After all, usec_t is defined as uint64_t, and not as unsigned long long.
|
|
On systems where time_t is 32bit we should invalidate the
timeval/timespec instead of proceeding with a potentially overflown
value.
|
|
usec_t is always 64bit, which means it can cover quite a number of
years. However, 4 digit year display and glibc limitations around time_t
limit what we can actually parse and format. Let's make this explicit,
so that we never end up formatting dates we can#t parse and vice versa.
Note that this is really just about formatting/parsing. Internal
calculations with times outside of the formattable range are not
affected.
|
