Age | Commit message (Collapse) | Author |
|
Instead, let the caller do that. Fix this by moving masked unit messages
into the caller, by returning a clear error code (ESHUTDOWN) by which
this may be detected.
|
|
|
|
man patch fix, and port journalctl --sync to use CLOCK_MONOTONIC timestamp files
|
|
Apparently, util-linux' mount command implicitly drops the smack-related
options anyway before passing them to the kernel, if the kernel doesn't
know SMACK, hence there's no point in duplicating this in systemd.
Fixes #1696
|
|
Adding 3/4th of the watchdog frequency as accuracy on top of 1/2 of the
watchdog frequency means we might end up at 5/4th of the frequency which
means we might miss the message from time to time.
Maybe fixes #1804
|
|
Previously, we'd rely on the mtime timestamps of the touch files to see
if our sync/rotation requests were already suppressed. This means we
rely on CLOCK_REALTIME timestamps. With this patch we instead store the
CLOCK_MONOTONIC timestamp *in* the touch files, and avoid relying on
mtime.
This should make things more reliable when the clock or underlying mtime
granularity is not very good.
This also adds warning messages if writing any of the flag files fails.
|
|
|
|
Dependency engine improvements
|
|
|
|
3d793d29059a7ddf5282efa6b32b953c183d7a4d broke parsing of unit file
names that include backslashes, as extract_first_word() strips those.
Fix this, by introducing a new EXTRACT_RETAIN_ESCAPE flag which disables
looking at any flags, thus being compatible with the classic
FOREACH_WORD() behaviour.
|
|
test: fix failing test-socket-util when running with ipv6.disable=1 kernel param
|
|
Let's make the code a bit more explicit. Should not change execution
logic in any way.
|
|
callee, not caller
It's nicer to hide the check away in the various
xyz_add_default_dependencies() calls, rather than making it explicit in
the caller, and thus require deeper nesing.
|
|
Do so only on non-kdbus systems. And on non-kdbus systems don't bother
with .busname units.
|
|
basic.target
With this change services by default will no longer require
basic.target, but instead only after it it via After=basic.target.
However, they will still Require= on sysinit.target.
This has the benefit that when booting into emergency mode it is
relatively safe to actviate individual services, as this will not pull
the entirety of basic.target anymore, thus avoid everything listed in
sockets.target and suchlike. However, during the usual boot no change
should be noticed.
|
|
networkd: link - drop foreign config when configuring link
|
|
@evverx brought up that test-execute runs under MANAGER_USER which
forwards all its environment variables to the services. It turns out it
only forwards those that were in the environment at the time of manager
creation, so this test was still working.
It was still possible to attack it by running something like:
$ sudo VAR1=a VAR2=b VAR3=c ./test-execute
Prevent that attack by unsetting the three variables explicitly before
creating the manager for the test case.
Also add comments explaining the interactions with MANAGER_USER and,
while it has some caveats, this tests are still valid in that context.
Tested by checking that the test running with the variables set from the
external environment will still pass.
|
|
Check the base case, plus erasing the list, listing the same variable
name more than once and when variables are absent from the manager
execution environment.
Confirmed that `sudo ./test-execute` passes and that modifying the test
cases (or the values of the set variables in test-execute.c) is enough
to make the test cases fail.
|
|
|
|
This directive allows passing environment variables from the system
manager to spawned services. Variables in the system manager can be set
inside a container by passing `--set-env=...` options to systemd-spawn.
Tested with an on-disk test.service unit. Tested using multiple variable
names on a single line, with an empty setting to clear the current list
of variables, with non-existing variables.
Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it
works with transient units.
Confirmed that `systemctl show` will display the PassEnvironment
settings.
Checked that man pages are generated correctly.
No regressions in `make check`.
|
|
The ability to use inet_pton(AF_INET6, ...) doesn't depend on kernel
ipv6 support (inet_pton is a pure libc function), so make ipv6 address
parsing tests unconditional.
|
|
No functional changes.
|
|
This is a change in behavior:
Before we would never remove any state, only add to it, we now drop unwanted
state from any link the moment we start managing it.
Note however, that we still will not remove any foreign state added at runtime,
to avoid any feedback loops. However, we make no guarantees about coexisting
with third-party tools that change the state of the links we manage.
|
|
|
|
|
|
This is managed by the kernel, but we should track whether or not we have
a configured IPv6LL address. This fixes two issues:
- we now wait for IPv6LL before considering the link ready
- we now wait for IPv6LL before attempting to do NDisc or DHCPv6
these protocols relies on an LL address being available.
|
|
Router Discovery is a core part of IPv6, which by default is handled by the kernel.
However, the kernel implementation is meant as a fall-back, and to fully support
the protocol a userspace implementation is desired.
The protocol essentially listens for Router Advertisement packets from routers
on the local link and use these to configure the client automatically. The four
main pieces of information are: what kind (if any) of DHCPv6 configuration should
be performed; a default gateway; the prefixes that should be considered to be on
the local link; and the prefixes with which we can preform SLAAC in order to pick
a global IPv6 address.
A lot of additional information is also available, which we do not yet fully
support, but which will eventually allow us to avoid the need for DHCPv6 in the
common case.
Short-term, the reason for wanting this is in userspace was the desire to fully
track all the addresses on links we manage, and that is not possible for addresses
managed by the kernel (as the kernel does not expose to us the fact that it
manages these addresses). Moreover, we would like to support stable privacy
addresses, which will soon be mandated and the legacy MAC-based global addresses
deprecated, to do this well we need to handle the generation in userspace. Lastly,
more long-term we wish to support more RA options than what the kernel exposes.
|
|
The previous behavior:
When DHCPv6 was enabled, router discover was performed first, and then DHCPv6 was
enabled only if the relevant flags were passed in the Router Advertisement message.
Moreover, router discovery was performed even if AcceptRouterAdvertisements=false,
moreover, even if router advertisements were accepted (by the kernel) the flags
indicating that DHCPv6 should be performed were ignored.
New behavior:
If RouterAdvertisements are accepted, and either no routers are found, or an
advertisement is received indicating DHCPv6 should be performed, the DHCPv6
client is started. Moreover, the DHCP option now truly enables the DHCPv6
client regardless of router discovery (though it will probably not be
very useful to get a lease withotu any routes, this seems the more consistent
approach).
The recommended default setting should be to set DHCP=ipv4 and to leave
IPv6AcceptRouterAdvertisements unset.
|
|
Enabling address acquisition, configuring the client and starting the client are now
split out. This to better handle the client being repeatedly enabled due to router
advertisements.
|
|
As the data passed is very different, we introduce four different callbacks:
- Generic - router discovery timed out or state machine stopped
- Router - router and link configuration received
- Prefix onlink - configuration for an onlink prefix received
- Prefix autonomous - configuration for to configure a SLAAC address for a prefix received
|
|
Also, stop the state machine when we get into a broken state, rather than just notify the user.
|
|
|
|
This way we do not rely on the size MAX* constants from the kernel headers, as these will
be out-of-sync in case we have old headers and new defines in missing.h.
|
|
|
|
|
|
Instead instantiate the kernel flags to TENTATIVE until the kernel
updates us with the real value.
|
|
|
|
|
|
Of course, ideally we'd just use normal synchronous bus calls, but this
is out of the question as long as we rely on dbus-daemon (which logs to
journald, and thus cannot use to avoid cyclic sync loops). Hence,
instead, reuse the wait logic already implemented for --sync, and use a
signal in one direction, and a mtime watch file for the reply.
|
|
With this new "--sync" switch we add a synchronous way to sync
everything queued to disk, and return only after that's complete. This
command gives the guarantee that anything queued before has hit the disk
before the command returns.
While we are at it, also improve the man pages and help text for
journalctl a bit.
|
|
main()
To avoid confusion as outlined in #1845.
|
|
actually enabled
Otherwise we might end up mistaking a SMACK label for an selinux label.
Also, fixes unexpect debug messages:
http://lists.freedesktop.org/archives/systemd-devel/2015-November/034913.html
|
|
This reverts commit 6a32563caa883bd11da1b255c38358e481c42ad7.
|
|
Motivated by https://github.com/systemd/systemd/issues/1829 where negative
numbers were mis-handled on 32 bit platforms by safe_atou*().
|
|
variety of fixes
|
|
systemctl: fix cancel
|
|
Remove snapshot unit type
|
|
network: port to extract_first_word
|
|
|
|
Snapshots were never useful or used for anything. Many systemd
developers that I spoke to at systemd.conf2015, didn't even know they
existed, so it is fairly safe to assume that this type can be deleted
without harm.
The fundamental problem with snapshots is that the state of the system
is dynamic, devices come and go, users log in and out, timers fire...
and restoring all units to some state from the past would "undo"
those changes, which isn't really possible.
Tested by creating a snapshot, running the new binary, and checking
that the transition did not cause errors, and the snapshot is gone,
and snapshots cannot be created anymore.
New systemctl says:
Unknown operation snapshot.
Old systemctl says:
Failed to create snapshot: Support for snapshots has been removed.
IgnoreOnSnaphost settings are warned about and ignored:
Support for option IgnoreOnSnapshot= has been removed and it is ignored
http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
|