#include "alloc-util.h"
#include "apparmor-setup.h"
#include "architecture.h"
+#include "argv-util.h"
#if HAVE_LIBBPF
#include "bpf-lsm.h"
#endif
#include "crash-handler.h"
#include "dbus-manager.h"
#include "dbus.h"
-#include "def.h"
+#include "constants.h"
#include "dev-setup.h"
#include "efi-random.h"
#include "efivars.h"
#include "hostname-setup.h"
#include "ima-setup.h"
#include "import-creds.h"
+#include "initrd-util.h"
#include "killall.h"
#include "kmod-setup.h"
#include "limits-util.h"
#include "time-util.h"
#include "umask-util.h"
#include "user-util.h"
-#include "util.h"
#include "virt.h"
#include "watchdog.h"
static usec_t arg_default_timeout_start_usec;
static usec_t arg_default_timeout_stop_usec;
static usec_t arg_default_timeout_abort_usec;
+static usec_t arg_default_device_timeout_usec;
static bool arg_default_timeout_abort_set;
static usec_t arg_default_start_limit_interval;
static unsigned arg_default_start_limit_burst;
{ "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
{ "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
{ "Manager", "DefaultTimeoutAbortSec", config_parse_default_timeout_abort, 0, NULL },
+ { "Manager", "DefaultDeviceTimeoutSec", config_parse_sec, 0, &arg_default_device_timeout_usec },
{ "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
{ "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
{ "Manager", "DefaultStartLimitIntervalSec", config_parse_sec, 0, &arg_default_start_limit_interval },
config_item_table_lookup, items,
CONFIG_PARSE_WARN,
NULL,
+ NULL,
NULL);
/* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we use
m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
m->default_timeout_abort_usec = arg_default_timeout_abort_usec;
m->default_timeout_abort_set = arg_default_timeout_abort_set;
+ m->default_device_timeout_usec = arg_default_device_timeout_usec;
m->default_restart_usec = arg_default_restart_usec;
m->default_start_limit_interval = arg_default_start_limit_interval;
m->default_start_limit_burst = arg_default_start_limit_burst;
/* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
* until the systemd-coredump tool is enabled via sysctl. However it can be changed via the kernel
- * command line later so core dumps can still be generated during early startup and in initramfs. */
+ * command line later so core dumps can still be generated during early startup and in initrd. */
if (!skip_setup)
disable_coredumps();
#endif
args[i++] = argv[j];
assert(i <= args_size);
- /* Re-enable any blocked signals, especially important if we switch from initial ramdisk to init=... */
+ /* Re-enable any blocked signals, especially important if we switch from initrd to init=... */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
(void) rlimit_nofile_safe();
return objective;
case MANAGER_SWITCH_ROOT:
+ manager_set_switching_root(m, true);
+
if (!m->switch_root_init) {
r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
if (r < 0) {
}
static void log_execution_mode(bool *ret_first_boot) {
+ bool first_boot = false;
+
assert(ret_first_boot);
if (arg_system) {
log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
- if (in_initrd()) {
- *ret_first_boot = false;
- log_info("Running in initial RAM disk.");
- } else {
+ if (in_initrd())
+ log_info("Running in initrd.");
+ else {
int r;
_cleanup_free_ char *id_text = NULL;
- /* Let's check whether we are in first boot. We use /etc/machine-id as flag file
- * for this: If it is missing or contains the value "uninitialized", this is the
- * first boot. In any other case, it is not. This allows container managers and
- * installers to provision a couple of files already. If the container manager
- * wants to provision the machine ID itself it should pass $container_uuid to PID 1. */
-
- r = read_one_line_file("/etc/machine-id", &id_text);
- if (r < 0 || streq(id_text, "uninitialized")) {
- if (r < 0 && r != -ENOENT)
- log_warning_errno(r, "Unexpected error while reading /etc/machine-id, ignoring: %m");
-
- *ret_first_boot = true;
- log_info("Detected first boot.");
- } else {
- *ret_first_boot = false;
- log_debug("Detected initialized system, this is not the first boot.");
+ /* Let's check whether we are in first boot. First, check if an override was
+ * specified on the kernel commandline. If yes, we honour that. */
+
+ r = proc_cmdline_get_bool("systemd.condition-first-boot", &first_boot);
+ if (r < 0)
+ log_debug_errno(r, "Failed to parse systemd.condition-first-boot= kernel commandline argument, ignoring: %m");
+
+ if (r > 0)
+ log_full(first_boot ? LOG_INFO : LOG_DEBUG,
+ "Kernel commandline argument says we are %s first boot.",
+ first_boot ? "in" : "not in");
+ else {
+ /* Second, perform autodetection. We use /etc/machine-id as flag file for
+ * this: If it is missing or contains the value "uninitialized", this is the
+ * first boot. In other cases, it is not. This allows container managers and
+ * installers to provision a couple of files in /etc but still permit the
+ * first-boot initialization to occur. If the container manager wants to
+ * provision the machine ID it should pass $container_uuid to PID 1. */
+
+ r = read_one_line_file("/etc/machine-id", &id_text);
+ if (r < 0 || streq(id_text, "uninitialized")) {
+ if (r < 0 && r != -ENOENT)
+ log_warning_errno(r, "Unexpected error while reading /etc/machine-id, ignoring: %m");
+
+ first_boot = true;
+ log_info("Detected first boot.");
+ } else
+ log_debug("Detected initialized system, this is not the first boot.");
}
}
arg_action == ACTION_TEST ? " test" : "",
getuid(), strna(t), systemd_features);
}
-
- *ret_first_boot = false;
}
+
+ *ret_first_boot = first_boot;
}
static int initialize_runtime(
(void) os_release_status();
(void) hostname_setup(true);
/* Force transient machine-id on first boot. */
- machine_id_setup(NULL, first_boot, arg_machine_id, NULL);
+ machine_id_setup(NULL, /* force_transient= */ first_boot, arg_machine_id, NULL);
(void) loopback_setup();
bump_unix_max_dgram_qlen();
bump_file_max_and_nr_open();
arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_abort_set = false;
+ arg_default_device_timeout_usec = DEFAULT_TIMEOUT_USEC;
arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
arg_runtime_watchdog = 0;
goto finish;
}
- /* The efivarfs is now mounted, let's read the random seed off it */
- (void) efi_take_random_seed();
+ /* The efivarfs is now mounted, let's lock down the system token. */
+ lock_down_efi_variables();
/* Cache command-line options passed from EFI variables */
if (!skip_setup)
} else {
/* Running as user instance */
arg_system = false;
+ log_set_always_reopen_console(true);
log_set_target(LOG_TARGET_AUTO);
log_open();
set_manager_defaults(m);
set_manager_settings(m);
manager_set_first_boot(m, first_boot);
+ manager_set_switching_root(m, arg_switched_root);
/* Remember whether we should queue the default job */
queue_default_job = !arg_serialization || arg_switched_root;