| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This permits "systemctl enable" and "systemctl add-wants" on template
units without any specifications of an instance name, neither specified
on the command line, nor specified in DefaultInstance= field of the
[install] section.
Fixes: #3473
|
|
Fixes: #4676
|
|
Let's make the error message less confusing here.
Fixes: #4954
|
|
nss user/group name validation fixes
|
|
Fixes: #4987
|
|
systemd-tmpfiles-setup.service
Preparation for fixing #4401.
|
|
EINVAL
It's not our business to validate invalid user/group names or UID/GID.
Ideally, libc would filter these out, but they don't, hence we have to
filter, but let's not propagate this as error, but simply as "not found"
to the caller.
User name rules are pretty vaguely defined, and the rules defined by
POSIX clash with reality quite heavily (for example, utmp doesn't offer
enough room for user name length, and /usr/bin/chown permits separating
user/group names by a single dot, even though POSIX allows dots being
used in user/group names themselves.) We enforce stricter rules than
POSIX for good reason, and hence in doing so we should not categorically
return EINVAL on stuff we don't consider valid, but other components
might.
Fixes: #4983
|
|
|
|
The system call is obsolete after all.
|
|
|
|
These groupe reboot()/kexec() and swapon()/swapoff() respectively
|
|
"%d (%m) %s\n" crashes asan: https://github.com/google/sanitizers/issues/759
So, let's place %m after %s
Fixes:
```
$ ./libtool --mode=execute ./test-selinux
...
============ test_misc ==========
ASAN:DEADLYSIGNAL
=================================================================
==2981==ERROR: AddressSanitizer: SEGV on unknown address 0x000041b58ab3 (pc 0x7fd9c55a0eb2 bp 0x7fffdc2f9640 sp 0x7fffdc2f8d68 T0)
#0 0x7fd9c55a0eb1 (/lib64/libasan.so.3+0xdeeb1)
#1 0x7fd9c5550bbf (/lib64/libasan.so.3+0x8ebbf)
#2 0x7fd9c5552cdd in __interceptor_vsnprintf (/lib64/libasan.so.3+0x90cdd)
#3 0x7fd9c5063715 in log_internalv src/basic/log.c:680
#4 0x7fd9c506390a in log_internal src/basic/log.c:697
#5 0x561d398181a2 in test_misc src/test/test-selinux.c:81
#6 0x561d398185e8 in main src/test/test-selinux.c:117
#7 0x7fd9c493a400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#8 0x561d39817859 in _start (/home/vagrant/systemd-asan/.libs/lt-test-selinux+0x1859)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.3+0xdeeb1)
==2981==ABORTING
```
|
|
Print addresses returns EOPNOTSUPP, not ENOSYS, when trying to print
addresses for non-container machines.
|
|
The journalctl man page says: "-m, --merge Show entries interleaved from all
available journals, including remote ones.", but current version of journalctl
doesn't live up to this promise. This patch simply adds
"/var/log/journal/remote" to search path if --merge flag is used.
Should fix issue #3618
|
|
Rename the arp proxy option to IPv4ProxyARP= in order to clarify
its relationship to IPv4, and map to the various IPv6 options we have.
Fixes: #4768
|
|
Fix wrong condition test in manager_etc_hosts_lookup(), which caused it to
return an IPv4 answer when an IPv6 question was asked, and vice versa.
Also only return success if we actually found any A or AAAA record.
In systemd-resolved.service(8), point out that /etc/hosts mappings only
affect address-type lookups, not other types.
The test case currently disables DNSSEC in resolved, as there is a bug
where "-t MX" fails due to "DNSSEC validation failed" even after
"downgrading to non-DNSSEC mode". This should be dropped once that bug
gets fixed.
Fixes #4801
|
|
active_slave:
Specifies the new active slave for modes that support it
(active-backup, balance-alb and balance-tlb).
primary slave:
systemd-networks currently lacks the capability to set the primary slave
in an
active-backup bonding. This is necessary if you prefer one interface
over the
other. A common example is a eth0-wlan0 bonding on a laptop where you'd
want to
switch to the wired connection whenever it's available.
Fixes: #2837
|
|
.roothash file too
Since nspawn looks for them, importd now downloads them, and mkosi
generates them, let's make sure they also processed correctly on all
machined operations.
|
|
This makes sure we can invoke it safely from out "mkosi.build" script
when mkosi is invoked for a read-only image.
|
|
Handle properly if /etc is a symlink (i.e. make sure we don't follow the
symlink outside the image). Also follow /etc/resolv.conf if it is a
symlink, and use the resolved path when creating a mount point and
mounting (as both of these operations follow symlinks and rally
shouldn't).
Handle more types of read-only errors as debug-level issues.
|
|
There's nothing we can do about it, hence don't complain.
|
|
Also, add tests to make sure this actually works as intended.
|
|
|
|
downloads
Now that nspawn looks for these files, and mkosi generates them, we
should also make sure importd downloads them if it can.
|
|
systems
verity block devices have two backing devices: the data partition and
the hash partition. Previously the gpt auto-discovery logic would refuse
working on devices with multiple backing devices, losen this up a bit,
to permit them as long as the backing devices are all located on the
same physical media.
|
|
No functional changes.
|
|
If a hex string has an uneven length, generate an error instead of
silently assuming a trailing '0' was in place.
|
|
This adds a generator and a small service that will look for "roothash="
on the kernel command line and use it for setting up a very partition
for the root device.
This provides similar functionality to nspawn's existing --roothash=
switch.
|
|
Change the gpt auto discovery generator to use the same dissector as
nspawn and the rest of the tools. This removes the separate dissector
code that the generator previously had and unifies the relevant code.
|
|
We already check for containers early in main(), no need to do this
check again.
|
|
In preparation for reusing the image dissector in the GPT auto-discovery
logic, only optionally fail the dissection when we can't identify a root
partition.
In the GPT auto-discovery we are completely fine with any kind of root,
given that we run when it is already mounted and all we do is find some
additional auxiliary partitions on the same disk.
|
|
This is useful as we can match up the EFI UUID with the one the firmware
supposedly used.
|
|
Previously, we supported GPT auto-discovery for /home and /srv, but not
for the root partition. Add that, too.
Fixes: #859
|
|
|
|
This adds support for a new kernel command line option "systemd.volatile=" that
provides the same functionality that systemd-nspawn's --volatile= switch
provides, but for host systems (i.e. systems booting with a kernel).
It takes the same parameter and has the same effect.
In order to implement systemd.volatile=yes a new service
systemd-volatile-root.service is introduced that only runs in the initrd and
rearranges the root directory as needed to become a tmpfs instance. Note that
systemd.volatile=state is implemented different: it simply generates a
var.mount unit file that is part of the normal boot and has no effect on the
initrd execution.
The way this is implemented ensures that other explicit configuration for /var
can always override the effect of these options. Specifically, the var.mount
unit is generated in the "late" generator directory, so that it only is in
effect if nothing else overrides it.
|
|
Let's follow symlinks before invoking mount() on arbitrary paths, so that we
won't get confused if directories are prepared with absolute symlinks.
Use FOREACH_STRING() instead of NULSTR_FOREACH() as it is more readable.
Don't use snprintf() for concatenating strings, let chase_symlinks() to that.
Replace homegrown mount check with path_is_mount_point(). Also, change the
behaviour when we encounter this: instead of unmounting the old mount point,
simply leave it around and don't replace it, so that initrds can mount stuff
there with different settings than we would apply. This is in-line with how we
handle automatic mounts in nspawn for example.
Use umount_recursive() instead of a simple umount2() for unmounting the old
root, so that we actually cover really all mounts, not just the top-level one.
|
|
This changes journald to not write to /var/log/journal until it received
SIGUSR1 for the first time, thus having been requested to flush the runtime
journal to disk.
This makes the journal work nicer with systems which have the root file system
writable early, but still need to rearrange /var before journald should start
writing and creating files to it, for example because ACLs need to be applied
first, or because /var is to be mounted from another file system, NFS or tmpfs
(as is the case for systemd.volatile=state).
Before this change we required setupts with /var split out to mount the root
disk read-only early on, and ship an /etc/fstab that remounted it writable only
after having placed /var at the right place. But even that was racy for various
preparations as journald might end up accessing the file system before it was
entirely set up, as soon as it was writable.
With this change we make scheduling when to start writing to /var/log/journal
explicit. This means persistent mode now requires
systemd-journal-flush.service in the mix to work, as otherwise journald would
never write to the directory.
See: #1397
|
|
This was broken by 19caffac75a2590a0c5ebc2a0214960f8188aec7 which remounted the
root directory to MS_SHARED before applying the volatile mount logic. This
broke things as MS_MOVE is incompatible with MS_SHARED directory trees, and we
need MS_MOVE in the volatile mount logic to rearrange the directory tree.
Simply swap the order here, apply the volatile logic before we switch to
MS_SHARED.
|
|
|
|
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
|
|
if we want to parse the kernel command line, let's check the
$SYSTEMD_PROC_CMDLINE environment variable first. This is useful for debugging
purposes.
|
|
Fixes: #4768
|
|
Fixes:
```
sudo ./libtool --mode=execute valgrind --leak-check=full ./systemd-nspawn -D ./CONT/ -b
...
==21224== 2,444 (656 direct, 1,788 indirect) bytes in 1 blocks are definitely lost in loss record 13 of 15
==21224== at 0x4C2FA50: calloc (vg_replace_malloc.c:711)
==21224== by 0x4F6F565: sd_event_new (sd-event.c:431)
==21224== by 0x1210BE: run (nspawn.c:3351)
==21224== by 0x123908: main (nspawn.c:3826)
==21224==
==21224== LEAK SUMMARY:
==21224== definitely lost: 656 bytes in 1 blocks
==21224== indirectly lost: 1,788 bytes in 11 blocks
==21224== possibly lost: 0 bytes in 0 blocks
==21224== still reachable: 8,344 bytes in 3 blocks
==21224== suppressed: 0 bytes in 0 blocks
```
Closes #4934
|
|
|
|
Check if the parsed seconds value fits in an integer *after*
multiplying by USEC_PER_SEC, otherwise a large value can trigger
modulo by zero during normalization.
|
|
- linux does not accept prefixes for SLAAC unequal to 64 bits: http://lxr.free-electrons.com/source/net/ipv6/addrconf.c#L2741
- when networkd tries export such a route to the kernel it will get -EINVAL and
set the whole device into a failed state.
- this patch will make networkd ignore such prefixes for SLAAC,
but process other informations which may contain other prefixes.
- Note that rfc4862 does not forbid prefix length != 64 bit
|
|
This is useful for reusing the dissector logic in the gpt-auto-discovery logic:
there we really don't want to use MBR or naked file systems as root device.
|
|
Let's print a proper message if we see MS_MOVE.
|
|
If booting with systemd.firstboot=0 the wizard will be skipped.
|
