Generate systemd-fsck-root.service in the initramfs
In the initrafms, generate a systemd-fsck-root.service to replace
systemd-fsck@<sysroot-device>.service. This way, after we transition
to the real root, systemd-fsck-root.service is marked as already done.
This introduces an unnecessary synchronization point, because
systemd-fsck@* is ordered after systemd-fsck-root also in the
initramfs. In practice this shouldn't be a problem.
Tom Gundersen [Mon, 27 Apr 2015 09:43:31 +0000 (11:43 +0200)]
udevd: worker - drop reference counting
Make the worker context have the same life-span as the worker process. It is created on fork()
and free'd on SIGCHLD.
The change means that we can get worker_returned() for a worker context that is no longer around,
this is not a problem and we can just drop the message. The only use for worker_returned() is to
know to reschedule events to workers that are still around, so if the worker has already exited
it is not important to keep track of. We still print a debug statement in this case to be on the
safe side.
David Herrmann [Wed, 6 May 2015 16:18:43 +0000 (18:18 +0200)]
bus: don't switch to kdbus if not requested
Whenever systemd is re-executed, it tries to create a system bus via
kdbus. If the system did not have kdbus loaded during bootup, but the
module is loaded later on manually, this will cause two system buses
running (kdbus and dbus-daemon in parallel).
This patch makes sure we never try to create kdbus buses if it wasn't
explicitly requested on the command-line.
Michael Olbrich [Thu, 30 Apr 2015 18:50:38 +0000 (20:50 +0200)]
tmpfiles: try to handle read-only file systems gracefully
On read-only filesystems trying to create the target will not fail with
EEXIST but with EROFS. Handle EROFS by checking if the target already
exists, and if empty when truncating.
This avoids reporting errors if tmpfiles doesn't actually needs to do
anything.
[zj: revert condition to whitelist rather then blacklisting, and add goto
to avoid stat'ting twice.]
Colin Walters [Mon, 4 May 2015 20:12:46 +0000 (16:12 -0400)]
lockfile-util.[ch]: Split out from util.[ch]
Continuing the general trend of splitting up util.[ch]. I specifically
want to reuse this code in https://github.com/GNOME/libglnx and
having it split up will make future copy-pasting easier.
man: nspawn is used in production these days, admit that
Previously, the man page suggested to only use nspawn for testing,
building, and debugging things. However, it is nowadays used in
production and used as building block for rocket, hence let's just admit
that it's pretty much production ready.
We should be more strict when verifying paths with path_is_safe() for
potentially dangerous constructs, and that includes lengths of
PATH_MAX-1 and larger. Be more accurate here.
Add VARIANT as a standard value for /etc/os-release
Some distributions (such as Fedora) are using the VARIANT field to
indicate to select packages which of several default configurations
they should be using. For example, VARIANT=Server provides a
different default firewall configuration (blocking basically
everything but SSH and the management console) whereas
VARIANT=Workstation opens many other ports for application
compatibility.
By adding this patch to the manual pages, we can standardize on a
cross-distribution mechanism for accomplishing this.
Fedora implementation details are available at
https://fedoraproject.org/wiki/Packaging:Per-Product_Configuration
generators: rename add_{root,usr}_mount to add_{sysroot,sysroot_usr}_mount
This makes it obvious that those functions are only usable in the
initramfs.
Also, add a warning when noauto, nofail, or automount is used for the
root fs, instead of silently ignoring. Using those options would be a
sign of significant misconfiguration, and if we bother to check for
them, than let's go all the way and complain.
Other various small cleanups and reformattings elsewhere.
network: Implement fallback DHCPv6 prefix handling for older kernels
When setting IPv6 addresses acquired by DHCPv6, systemd-networkd sets
the IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. As
the flag and the attribute are present starting with Linux 3.14, older
kernels will need systemd-network to manage prefix route expiry.
By default, DHCPv6 addresses are first assigned setting the
IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. Should
the address assignment fail, the same assignment is tried without
the IFA_FLAGS attribute. Should also the second attempt fail, an error
is printed and address assignment ends with failure. As successful use
of the IFA_FLAGS netlink attribute is recorded in the Link structure,
the DHCPv6 code will know if the kernel or systemd-network fallback
code handles expiring prefixes.
filtered was used to store an allocated string twice. The first allocation was
thus lost. The string is not needed for anything, so simply skip the allocation.
11: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default
link/tunnel6 :: brd ::
12: ip6vti@wlan0: <POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN
mode DEFAULT group default
link/tunnel6 2a00:ffde:4567:edde::4987 peer 2001:473:fece:cafe::5179
sd-bus: properly handle creds that are known but undefined for a process
A number of fields do not apply to all processes, including: there a
processes without a controlling tty, without parent process, without
service, user services or session. To distuingish these cases from the
case where we simply don't have the data, always return ENXIO for them,
while returning ENODATA for the case where we really lack the
information.
Also update the credentials dumping code to show this properly. Fields
that are known but do not apply are now shown as "n/a".
Note that this also changes some of the calls in process-util.c and
cgroup-util.c to return ENXIO for these cases.
sd-bus: drop bus parameter from message callback prototype
This should simplify the prototype a bit. The bus parameter is redundant
in most cases, and in the few where it matters it can be derived from
the message via sd_bus_message_get_bus().
This introduces /run/systemd/fsck.progress as a simply
AF_UNIX/SOCK_STREAM socket. If it exists and is connectable we'll
connect fsck's -c switch with it. If external programs want to get
progress data they should hence listen on this socket and will get
all they need via that socket. To get information about the connecting
fsck client they should use SO_PEERCRED.
Unless /run/systemd/fsck.progress is around and connectable this change
reverts back to v219 behaviour where we'd forward fsck output to
/dev/console on our own.