Age | Commit message (Collapse) | Author |
|
|
|
The commit c7fb922d6250543ba5462fa7a6ff03cc8f628e94 prohibits
journal-upload to save its state in /var/lib/systemd/journal-upload/state,
thus the daemon fails and outputs the following error message even if
the directory is not read-only file system
```Cannot save state to /var/lib/systemd/journal-upload/state: Read-only file system```
This commit adds the permission the daemon to write the state file.
|
|
trivial doc fixes
|
|
Native journal messages (_TRANSPORT=journal) typically don't have a
syslog facility attached to it. As a result when forwarding the messages
to syslog they ended up with facility 0 (LOG_KERN).
Apply syslog_fixup_facility() so we use LOG_USER instead.
Fixes: #5640
|
|
So far, all sections of the systemd.special(7) man page used
<varlistentry> for listing the targets, with one exception: the
"Special Passive User Units" one. Let's clean this up and use the same
formatting everywhere.
|
|
|
|
Creating quota on an iscsi device is causing dependency loops at next reboot.
Reason is that systemd-quotacheck and quotaon.service are ordered before
local-fs.target and quota enabled mounts have a before dependency to them.
This cannot work for _netdev mounts, because network activation is ordered
after local-fs.target.
Moving the Before dependency for systemd-quotacheck and quotaon.service
to remote-fs.target fixes this.
|
|
transaction (#5652)
network.target should be pulled in to the transaction
by the unit that provides network services, but currently
for initscripts it only pulls in network-online.target.
|
|
Commit 5ed020d8d10fc100c68edddb519f085b7397a45c already fixed this issue for
getty@.service but forgot serial console.
Note that this is not needed for emergency target as the sysinit target
conflicts against this target already.
|
|
… like the other handle-*-key inhibitor locks.
Follow-up for 05b2a8fd7a0533758d2f532df798cabc3c442683
Fixes: #5647
|
|
Add a few `struct timespec`-related types to `test-sizeof`
|
|
Might help with #5264.
|
|
This makes it much quicker to compile.
|
|
Fixes: #5644
|
|
systemd-networkd.service (#5635)
In 58a6dd15582c038a25bd7059435833943e2e4617 s-n-wait-online.service was added
to presets to synchronize the presets with the state after installation. But it
is harmful to have s-n-wait-online.service enabled when s-n.service is
disabled, because s-n-wait-online.service has Requsite=s-n.service and cannot
be activated. Thus remove s-n-wait-online.service from presets again, and let
it be enabled whenever s-n.service is enabled.
During installation we create enablement symlinks by hand, and since s-n.service
is enabled, s-n-w-o.service should be enabled too, so the symlink should still
be created during installation.
https://bugzilla.redhat.com/show_bug.cgi?id=1433459#c15
|
|
Kernel default mode is 0600, but distributions change it to group kvm, mode
either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid
reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser
mode makes libvirt and other virtualization mechanisms work out of the box for
unprivileged users over ssh).
In Fedora the qemu package carries the relevant rule, but it's nicer to have it
in systemd, so that the permissions are not dependent on the qemu package being
installed. Use of packaged qemu binaries is not required to make use of
/dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative.
https://bugzilla.redhat.com/show_bug.cgi?id=1431876
To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules,
but allow the mode to be overridden with a --with-dev-kvm-mode configure rule.
The default is 0660, as the (slightly) more secure option.
|
|
Newer versions of libinput need this to recognise it as an input device.
https://bugs.freedesktop.org/show_bug.cgi?id=99664
|
|
Very few parts of the systemd source require <math.h> or "libm.so".
Linking libbasic with -lm drags the mathematical library in for all
systemd components, and in turn for all users of systemd libraries.
It's just unneeded.
|
|
The emergency.service and rescue.service units have become rather
convoluted. We spawn multiple shells and the help text spans multiple lines
which makes the units hard to read.
Move the logic into a single shell script and call that via ExecStart.
|
|
|
|
|
|
resolved: do not start LLMNR or mDNS stack when no network enables them
|
|
Previously, `SO_REUSEADDR` is set before `bind`-ing socket, Thus,
even if another LLMNR stack is running, `bind` always success and
we cannot detect the other stack. By this commit, we first try to
`bind` without `SO_REUSEADDR`, and if it fails, show warning and
retry with `SO_REUSEADDR`.
|
|
|
|
Previously, `SO_REUSEADDR` is set before `bind`-ing socket, Thus,
even if another mDNS stack (e.g. avahi) is running, `bind` always
success and we cannot detect the other stack.
By this commit, we first try to `bind` without `SO_REUSEADDR`,
and if it fails, show warning and retry with `SO_REUSEADDR`.
|
|
When no network enables LLMNR or mDNS, it is not necessary to create
LLMNR or mDNS related sockets. So, let's create them only when
LLMNR- or mDNS-enabled network becomes active or at least one network
enables `LLMNR=` or `MulticastDNS=` options.
|
|
Follow up for #5528.
|
|
Per man:file-hierarchy(7), /lib is just a compatibility symlink; the
other manpages also refer to /usr/lib.
Found with:
git grep -P '(?<!/usr|/var|local)/lib' man/
|
|
|
|
|
|
|
|
(#5528)
Ideally, plymouth should only be referenced via dependencies,
not ExecStartPre's. This at least avoids the confusing error message
on minimal installations that do not carry plymouth.
|
|
|
|
failed (#5548)
If we are working on a path that was marked to be ignored on errors, and
the mkdirat() fails then add a continue statement and skip fchownat() call.
This avoids the case where UID/GID are valid and we run fchownat() on
non existent path which will fail hard even on paths that we want to
ignore in case of errors.
|
|
check for _GNU_SOURCE as well as sd_event_child_handler_t needs to be
defined correctly while compiling systemd
|
|
|
|
|
|
linux/sockios.h is needed for the SIOCGSTAMPNS macro
xlocale.h is included indirectly in glibc and doesn't even exist in
other libcs
|
|
--with-rpmmacrosdir=no disables installation of the macros.
|
|
https://github.com/systemd/systemd/blob/f97b34a6/src/login/pam_systemd.c#L439
|
|
addresses (#5587)
This is in spirit very similar to commit
4b2419165ce409ee55ce96a926302f89685f2293.
Fixes: #5581
|
|
When mmap is called, the code in correctly checks for p == MAP_FAILED.
But the resource cleanup at the end of busname_peek_message checks for
p == NULL, and if that's not true, munmap is called.
Therefore in error case, munmap is called with a MAP_FAILED argument
which can result in unexpected behaviour depending on sz's value.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
This work adds support for setting the IPv6 flow label for vxlan.
vxlan.netdev
NetDev]
Description=vxlan-test
Name=vxlan1
Kind=vxlan
[VXLAN]
Id=33
Local=2405:204:920b:29ac:7e7a:91ff:fe6d:ffe2
Remote=FF02:0:0:0:0:0:1:9
FlowLabel=104
ip -d link show vxlan1
8: vxlan1: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether be:83:aa:db:6b:cb brd ff:ff:ff:ff:ff:ff promiscuity 0
vxlan id 33 group ff02::1:9 local 2405:204:920b:29ac:7e7a:91ff:fe6d:ffe2 dev enp0s25 srcport 0 0 dstport 8472 flowlabel 0x68 ageing 300 noudpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode eui64 numtxqueues 1 numrxqueues 1
|
|
|
|
|
|
It is possible to overflow uint64_t while validating the header of
a journal file. To prevent this, the addition itself is checked to
be within the limits of UINT64_MAX first.
To keep this readable, I have introduced two stack variables which
hold the converted values during validation.
|
|
Tarball generation tweaks
|
|
That macro is a gcc extension, and while widely supported, not ubiquitous.
In particular the coverity scanner is having trouble with it.
|
|
|
|
|