| Age | Commit message (Collapse) | Author |
|---|
|
If setting the received timezone or transient hostname fails because D-Bus is
not (yet) up, store the data in the Manager object and try again after
connecting to D-Bus.
|
|
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the timezone acquired from DHCP:
systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required.
Similarly to commit e8c0de912, add a polkit rule to grant
org.freedesktop.timedate1.set-timezone to the "systemd-network" system user.
Move the polkit rules from src/hostname/ to src/network/ to avoid too many
small distributed policy snippets (there might be more in the future), as it's
easier to specify the privileges for a particular subject in this case.
Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for
all people except those in Pacific/Honolulu, there the test doesn't prove
anything -- sorry ☺ ).
|
|
Hostname and time zone are global settings, not link specific. Move these
methods from Link into Manager.
|
|
Various networkd/DHCP fixes.
|
|
Fixes: #4711
|
|
Given that other file systems (notably: xfs) support reflinks these days, let's
extend the file system snapshotting logic to fall back to plan copies or
reflinks when full btrfs subvolume snapshots are not available.
This essentially makes "systemd-nspawn --ephemeral" and "systemd-nspawn
--template=" available on non-btrfs subvolumes. Of course, both operations will
still be slower on non-btrfs than on btrfs (simply because reflinking each file
individually in a directory tree is still slower than doing this in one step
for a whole subvolume), but it's probably good enough for many cases, and we
should provide the users with the tools, they have to figure out what's good
for them.
Note that "machinectl clone" already had a fallback like this in place, this
patch generalizes this, and adds similar support to our other cases.
|
|
When mountint a loopback image, we need a temporary root directory we can mount
stuff to. Make sure to actually remove it when exiting, so that we don't leave
stuff around in /tmp unnecessarily.
See: #4664
|
|
Let's make the shutdown logic synchronous, so that there's a better chance to
detach the loopback device after use.
|
|
This adds a new undocumented env var $SYSTEMD_NSPAWN_LOCK. When set to "0",
nspawn will not attempt to lock the image.
Fixes: #4037
|
|
on success
We forgot to initialize the "global" return parameter in one case. Fix that.
|
|
Previously --ephemeral was only supported with container trees in btrfs
subvolumes (i.e. in combination with --directory=). This adds support for
--ephemeral in conjunction with disk images (i.e. --image=) too.
As side effect this fixes that --ephemeral was accepted but ignored when using
-M on a container that turned out to be an image.
Fixes: #4664
|
|
@filesystem groups various file system operations, such as opening files and
directories for read/write and stat()ing them, plus renaming, deleting,
symlinking, hardlinking.
|
|
To properly store priority in passed in pointer and return 0 for success.
Also add a test for verifying that it works correctly.
|
|
This changes the return value a bit: 1 will be returned if the value is
changed. But the return value was not documented, and the change should
be for the good anyway. Current callers don't care.
|
|
if we receive a bogus lease with a DNS/NTP server within local scope let's
politely ignore.
Fixes: #4524
|
|
Never propagate DNS/NTP servers on the local link via the DHCP server. The
DNS/NTP servers 0.0.0.0 and 127.0.0.1 only make sense in the local context,
hence never propagate them automatically to other hosts.
Fixes: #4524
|
|
link_push_uplink_dns_to_dhcp_server()
Let's clarify that this is only relevant for pushing uplink DNS config data,
not in any other context.
(Same for NTP)
|
|
DNS servers must be specified as IP addresses, hence let's store them as that
internally, so that they are guaranteed to be fully normalized always, and
invalid data cannot be stored.
|
|
Let's make the loops around extract_first_word() be more alike.
|
|
Let's reorder them a bit, so that stuff that belongs together semantically is
placed together (in particular, move the various DHCP "use" booleans together).
|
|
Let's be a bit stricter, and make sure users only configure proper DNS names or
IP addresses, but not any other strings.
|
|
|
|
This way, we can use it for validating IP address strings.
|
|
This adds in4_addr_is_localhost() and in4_addr_is_link_local() that only take
an IPv4 "struct in_addr", to match in_addr_is_localhost() and
in_addr_is_link_local() that that a "union in_addr_union".
This matches the existing in4_addr_is_null() call that already exists.
For IPv6 glibc already exports a set of macros, hence we don't add similar
functions in6_addr_is_localhost(). We also drop in6_addr_is_null() as
IN6_IS_ADDR_UNSPECIFIED() already provides that.
|
|
Let's split out the code into its own little function and let's use
gethostname_strict() which already filters out localhost for us.
|
|
Let's handle NULL hostnames (for unsetting it) before we validate the name.
|
|
hostnamed: allow networkd to set the transient hostname
|
|
Test suite fixes
|
|
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the transient hostname:
systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required.
Standard polkit *.policy files do not have a syntax for granting privileges to
a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules
file (for polkit >= 106) that grants the "systemd-network" system user that
privilege.
Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to
cover this. Make do_test() a bit more flexible by interpreting "coldplug==None"
as "test sets up the interface by itself". Change DnsmasqClientTest to set up
test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a
special host name for that.
Fixes #4646
|
|
nspawn: R/W support for /sysfs, /proc, and /proc/sys/net
|
|
Confirm spawn fixes/enhancements
|
|
This commit adds the possibility to leave /sys, and /proc/sys read-write.
It introduces a new (undocumented) env var SYSTEMD_NSPAWN_API_VFS_WRITABLE
to enable this feature.
If set to "yes", /sys, and /proc/sys will be read-write.
If set to "no", /sys, and /proc/sys will be read-only.
If set to "network" /proc/sys/net will be read-write. This is useful in
use-cases, where systemd-nspawn is used in an external network
namespace.
This adds the possibility to start privileged containers which need more
control over settings in the /proc, and /sys filesystem.
This is also a follow-up on the discussion from
https://github.com/systemd/systemd/pull/4018#r76971862 where an
introduction of a simple env var to enable R/W support for those
directories was already discussed.
|
|
|
|
==30496== Conditional jump or move depends on uninitialised value(s)
==30496== at 0x489F654: memcmp (vg_replace_strmem.c:1091)
==30496== by 0x49BF203: getenv_for_pid (process-util.c:678)
==30496== by 0x4993ACB: detect_container (virt.c:442)
==30496== by 0x182DFF: test_get_process_comm (test-process-util.c:98)
==30496== by 0x185847: main (test-process-util.c:368)
==30496==
|
|
|
|
rework service namespace handling a bit
|
|
free_and_replace sets the setcond argument to NULL (it's designed
to be used with _clenaup_ macros), and we don't want that here.
Fixes #4684.
|
|
|
|
For some reasons units remaining in the same process group as PID 1
(same_pgrp=true) fail to acquire the console even if it's not taken by anyone.
So always accept for units with same_pgrp set for now.
|
|
timed out
|
|
|
|
|
|
|
|
|
|
Previously it was "[Yes, Fail, Skip]" which is pretty misleading because it
suggests that the whole word needs to be entered instead of a single char.
Also this won't fit well when we'll extend the number of choices.
This patch addresses this by changing the choice hint with "[y, f, s – h for help]"
so it's now clear that a single letter has to be entered.
It also introduces a new choice 'h' which describes all possible choices since
a single letter can be not descriptive enough for new users.
It also allow to stick with the same hint string regardless of how
many choices we will support.
|
|
When "confirmation_spawn=1", the confirmation question can look like:
Execute /usr/bin/kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf? [Yes, No, Skip]
which is pretty verbose and might not fit in the console width size (which is
usually 80 chars) and thus question will be splitted into 2 consecutive lines.
However since the question is now refreshed every 2 secs, the reprinted
question will overwrite the second line of the previous one...
To prevent this, this patch makes sure that the command line won't be longer
than 60 chars by ellipsizing it if the command is longer:
Execute /usr/bin/kmod static-nodes --format=tmpfiles --output=/ru…nf? [Yes, No, View, Skip]
A following patch will introduce a new choice that will allow the user to get
details on the command to be executed so it will still be possible to see the
full command line.
|
|
ask_char() now reprints the question every 2sec automatically.
It prefixes its output with '\r' to to bring the cursor to the
beginning of the terminal line, and then print the message, redoing it
every 2sec.
As long as nothing interferes with out output this logic will have no
visible effect as we constantly overprint the visible text with the
exact same text.
However, if something is dumped in the middle, then our question won't
get lost, as we'll ask soon again.
This is useful if the question is asked to a terminal that is also
used to dump some other status messages/logs. For example when
confirmation messages are enabled during the boot
(systemd.confirm_spawn=1), the question can easily be lost if the
kernel logs are also enabled and both use the same console.
Idea suggested by Lennart Poettering.
|
|
Before this patch we had:
- "no" which gives "failing execution" but the command is actually assumed as
succeed.
- "skip" which gives "skipping", but the command is assumed to have failed,
which ends up with "Failed to start ..." on the console.
Now we have:
- "fail" which gives "failing execution" and the command is indeed assumed as
failed.
- "skip" which gives "skipping execution" and the command is assumed as
succeed.
|
|
Now the reponses are handled by ask_for_confirmation() as well as the report of
any errors occuring during the process of retrieving the confirmation response.
One benefit of this is that there's no need to open/close the console one more
time when reporting error/status messages.
The caller now just needs to care about the return values whose meanings are:
- don't execute and pretend that the command failed
- don't execute and pretend that the command succeeed
- positive answer, execute the command
Also some slight code reorganization and introduce write_confirm_error() and
write_confirm_error_fd(). write_confim_message becomes unneeded.
|
|
It's rather hard to parse the confirmation messages (enabled with
systemd.confirm_spawn=true) amongst the status messages and the kernel
ones (if enabled).
This patch gives the possibility to the user to redirect the confirmation
message to a different virtual console, either by giving its name or its path,
so those messages are separated from the other ones and easier to read.
|
