Age | Commit message (Collapse) | Author |
|
THe latter is a kernelism, we only understand "infinity".
|
|
When parsing unit files we already refuse unit memory limits of zero, let's
also refuse it when the value is set via the bus.
|
|
settings
If a percentage is used, it is taken relative to the installed RAM size. This
should make it easier to write generic unit files that adapt to the local system.
|
|
And port a couple of users over to it.
|
|
limit into account
When determining the amount of RAM in the system, let's make sure we also read
the root-level cgroup memory limit into account. This isn't particularly useful
on the host, but in containers it makes sure that whatever memory the container
got assigned is actually used for RAM size calculations.
|
|
fixes #3298
|
|
Systemctl fixes
|
|
When unit is marked as UNSURE, we are trying to find if it state was
changed over and over again. So lets not go through the UNSURE states
again. Also when we find a GOOD unit lets propagate the GOOD state to
all units that this unit reference.
This is a problem on machines with a lot of initscripts with different
starting priority, since those units will reference each other and the
original algorithm might get to n! complexity.
Thanks HATAYAMA Daisuke for the expand_good_state code.
|
|
notifications (#3531)
Fixes: #3483
|
|
Fix issue where IN6_ADDR_GEN_MODE_STABLE_PRIVACY is undefined but
IFLA_INET6_ADDR_GEN_MODE is defined and thus the former does not get
fixed in missing.h. This occurs with kernel headers new enough to have
the IFLA_INET6_ADDR_GEN_MODE but old enough to not yet have
IN6_ADDR_GEN_MODE_STABLE_PRIVACY (e.g. 3.18).
|
|
This reworks "systemctl status" and "systemctl show" a bit. It removes the
definition of the `property_info` structure, because we can simply reuse the
existing UnitStatusInfo type for that.
The "could not be found" message is now printed by show_one() itself (and not
its caller), so that it is shown regardless by who the function is called.
(This makes it necessary to pass the unit name to the function.)
This also adds all properties found to a set, and then checks if any of the
properties passed via "--property=" is mising in it, if so, a proper error is
generated.
Support for checking the PID file of a unit is removed, as this cannot be done
reasonably client side (since the systemd instance we are talking to might sit
on another host)
Replaces: #3411
Fixes: #3425
Also see: #3504
|
|
|
|
|
|
Syscall filter fixes, tighter nspawn seccomp sandbox by default
|
|
Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
|
|
More verbose logging in localed, unit tests, and a few tweaks to keymap conversions
|
|
Let's block access to the kernel keyring and a number of obsolete system calls.
Also, update list of syscalls that may alter the system clock, and do raw IO
access. Filter ptrace() if CAP_SYS_PTRACE is not passed to the container and
acct() if CAP_SYS_PACCT is not passed.
This also changes things so that kexec(), some profiling calls, the swap calls
and quotactl() is never available to containers, not even if CAP_SYS_ADMIN is
passed. After all we currently permit CAP_SYS_ADMIN to containers by default,
but these calls should not be available, even then.
|
|
This adds three new seccomp syscall groups: @keyring for kernel keyring access,
@cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and
suchlike, and @debug for ptrace() and related calls.
Also, the @clock group is updated with more syscalls that alter the system
clock. capset() is added to @privileged, and pciconfig_iobase() is added to
@raw-io.
Finally, @obsolete is a cleaned up. A number of syscalls that never existed on
Linux and have no number assigned on any architecture are removed, as they only
exist in the man pages and other operating sytems, but not in code at all.
create_module() is moved from @module to @obsolete, as it is an obsolete system
call. mem_getpolicy() is removed from the @obsolete list, as it is not
obsolete, but simply a NUMA API.
|
|
|
|
Follow-up for #3502.
|
|
Enhance test-process-util to take the PID to look at
|
|
Not every link has kind associated with it.
(gdb) r
Starting program: /home/sus/tt/systemd/systemd-networkd
Missing separate debuginfos, use: dnf debuginfo-install
glibc-2.23.1-7.fc24.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
vboxnet0: Gained IPv6LL
wlp3s0: Gained IPv6LL
enp0s25: Gained IPv6LL
Enumeration completed
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e27ade in __strcmp_sse2_unaligned () from /lib64/libc.so.6
(gdb) bt
src/network/networkd-link.c:2008
src/network/networkd-link.c:2059
src/network/networkd-link.c:2442
m=0x555555704a30, userdata=0x55555570bfe0) at src/network/networkd-link.c:2497
at src/libsystemd/sd-netlink/sd-netlink.c:347
src/libsystemd/sd-netlink/sd-netlink.c:402
src/libsystemd/sd-netlink/sd-netlink.c:432
userdata=0x5555556f7470) at src/libsystemd/sd-netlink/sd-netlink.c:739
src/libsystemd/sd-event/sd-event.c:2275
src/libsystemd/sd-event/sd-event.c:2626
timeout=18446744073709551615) at src/libsystemd/sd-event/sd-event.c:2685
bus=0x5555556f9af0, name=0x555555692315 "org.freedesktop.network1",
timeout=30000000,
check_idle=0x55555556ac84 <manager_check_idle>, userdata=0x5555556f6b20) at
src/shared/bus-util.c:134
src/network/networkd-manager.c:1128
src/network/networkd.c:127
(gdb) f 1
src/network/networkd-link.c:2008
2008 if (link->network->bridge || streq("bridge", link->kind)) {
(gdb) p link->kind
$1 = 0x0
|
|
safe_atou32 (#3522)
|
|
Move the merger of environment variables before setting up the PAM
session and pass the aggregate environment to PAM setup. This allows
control over the PAM session hooks through environment variables.
PAM session initiation may update the environment. On successful
initiation of a PAM session, we adopt the environment of the
PAM context.
|
|
... as well as halt/poweroff/kexec/suspend/hibernate/hybrid-sleep.
Running those commands will fail in user mode, but we try to set the wall
message first, which might even succeed for privileged users. Best to nip
the whole sequence in the bud.
https://github.com/systemd/systemd/pull/3453#issuecomment-225455156
|
|
Our functions that query /proc/pid/ support using pid==0 to mean
self. get_process_id also seemed to support that, but it was not implemented
correctly: the result should be in *uid, not returned, and also it gave
completely bogus result when called from get_process_gid(). But afaict,
get_process_{uid,gid} were never called with pid==0, so it's not an actual
bug. Remove the broken code to avoid confusion.
|
|
This makes it easy to test the query code on "ssh localhost"
and similar.
|
|
This fixes a bunch of copy&paste errors in the output.
|
|
If max_length is equal or greater than cmdline length all trailing non-printable
characters are dropped. If max_length is 0 it should do the same.
This should also fix cmdline truncation if the last character is not '\0'.
Fixes #3469.
|
|
resolved: allow clients request cache flushes
|
|
Fixes #3353.
|
|
use config_parse_vlanid to parse vlan for BridgeFDB entries
|
|
cleanup minor nitpicks mentioned in #3428
|
|
|
|
This adds (undocumented) environment variables SYSTEMD_KBD_MODEL_MAP
and SYSTEMD_LANGUAGE_FALLBACK_MAP, which, if set, override compiled-in
locations of those two files.
Instead of skipping tests when the maps are not installed, just use
the one from the source dir. We still cannot do the mappings the other
way if /usr/lib/kbd/keymaps is not present, so truncate the tests in
that case.
Also tweak the debug messages a bit to make it easier to see
which function is failing.
|
|
Previously, we checked only for the various SetLinkXYZ() calls on the Manager
object exposed on the bus if the specified interface is managed/unmanaged by
networkd (as we don't permit overriding DNS configuration via bus calls if
networkd owns the device), but the equivalent SetXYZ() calls on the Link object
did not have such a check. Fix that by moving the appropriate check into the
latter, as the former just calls that anyway.
|
|
And expose it in "resolve-tool --flush-caches".
|
|
|
|
yet (#3499)
Corrects: 1b566071
Also see: https://github.com/systemd/systemd/pull/3478#issuecomment-225008542
|
|
Reloading or reexecuting PID 1 means the unit generators are rerun, which are
timed out at 90s. Make sure the method call asking for the reload is timed out
at twice that, so that the generators have 90s and the reload operation has 90s
too.
This reworks the daemon_reload() call in systemctl, and makes it exclusively
about reloading/reexecing. Previously it was used for other trivial method
calls too, which didn't really help readability. As the code paths are now
sufficiently different, split out the old code into a new function
trivial_method().
This call also does a similar change as
c8ad4efb277c3235d58789170af11bb3c847d655 but for the reload/reexec operation.
Fixes: #3353
|
|
For legacy commands such as /sbin/halt or /sbin/poweroff we support legacy
fallbacks that talk via traditional SysV way with PID 1 to issue the desired
operation. We do this on any kind of error if the primary method of operation
fails. When this is the case we suppress any error message that is normally
generated, in order to not confuse the user. When suppressing this log message,
don't suppress the original error code, because there's really no reason to.
|
|
|
|
This patch implements the new magic character '!'. By putting '!' in front
of a command, systemd executes it with full privileges ignoring paramters
such as User, Group, SupplementaryGroups, CapabilityBoundingSet,
AmbientCapabilities, SecureBits, SystemCallFilter, SELinuxContext,
AppArmorProfile, SmackProcessLabel, and RestrictAddressFamilies.
Fixes partially https://github.com/systemd/systemd/issues/3414
Related to https://github.com/coreos/rkt/issues/2482
Testing:
1. Create a user 'bob'
2. Create the unit file /etc/systemd/system/exec-perm.service
(You can use the example below)
3. sudo systemctl start ext-perm.service
4. Verify that the commands starting with '!' were not executed as bob,
4.1 Looking to the output of ls -l /tmp/exec-perm
4.2 Each file contains the result of the id command.
`````````````````````````````````````````````````````````````````
[Unit]
Description=ext-perm
[Service]
Type=oneshot
TimeoutStartSec=0
User=bob
ExecStartPre=!/usr/bin/sh -c "/usr/bin/rm /tmp/exec-perm*" ;
/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-pre"
ExecStart=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start" ;
!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-star-2"
ExecStartPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-post"
ExecReload=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-reload"
ExecStop=!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop"
ExecStopPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop-post"
[Install]
WantedBy=multi-user.target]
`````````````````````````````````````````````````````````````````
|
|
This the patch implements a notificaiton mechanism from the init process
in the container to systemd-nspawn.
The switch --notify-ready=yes configures systemd-nspawn to wait the "READY=1"
message from the init process in the container to send its own to systemd.
--notify-ready=no is equivalent to the previous behavior before this patch,
systemd-nspawn notifies systemd with a "READY=1" message when the container is
created. This notificaiton mechanism uses socket file with path relative to the contanier
"/run/systemd/nspawn/notify". The default values it --notify-ready=no.
It is also possible to configure this mechanism from the .nspawn files using
NotifyReady. This parameter takes the same options of the command line switch.
Before this patch, systemd-nspawn notifies "ready" after the inner child was created,
regardless the status of the service running inside it. Now, with --notify-ready=yes,
systemd-nspawn notifies when the service is ready. This is really useful when
there are dependencies between different contaniers.
Fixes https://github.com/systemd/systemd/issues/1369
Based on the work from https://github.com/systemd/systemd/pull/3022
Testing:
Boot a OS inside a container with systemd-nspawn.
Note: modify the commands accordingly with your filesystem.
1. Create a filesystem where you can boot an OS.
2. sudo systemd-nspawn -D ${HOME}/distros/fedora-23/ sh
2.1. Create the unit file /etc/systemd/system/sleep.service inside the container
(You can use the example below)
2.2. systemdctl enable sleep
2.3 exit
3. sudo systemd-run --service-type=notify --unit=notify-test
${HOME}/systemd/systemd-nspawn --notify-ready=yes
-D ${HOME}/distros/fedora-23/ -b
4. In a different shell run "systemctl status notify-test"
When using --notify-ready=yes the service status is "activating" for 20 seconds
before being set to "active (running)". Instead, using --notify-ready=no
the service status is marked "active (running)" quickly, without waiting for
the 20 seconds.
This patch was also test with --private-users=yes, you can test it just adding it
at the end of the command at point 3.
------ sleep.service ------
[Unit]
Description=sleep
After=network.target
[Service]
Type=oneshot
ExecStart=/bin/sleep 20
[Install]
WantedBy=multi-user.target
------------ end ------------
|
|
networkd: add support to configure VLAN on bridge ports
|
|
Fix issue where the *Network passed via userdata is being offset
by offsetof(Network, matchmac) leading to incorrect values being
exposed in dbus.
|
|
|
|
|
|
networkd: rename IPv6AcceptRouterAdvertisements to IPv6AcceptRA
|
|
Let's add a generic parser for VLAN ids, which should become handy as
preparation for PR #3428. Let's also make sure we use uint16_t for the vlan ID
type everywhere, and that validity checks are already applied at the time of
parsing, and not only whne we about to prepare a netdev.
Also, establish a common definition VLANID_INVALID we can use for
non-initialized VLAN id fields.
|