Luca Boccassi [Mon, 11 Dec 2023 01:03:39 +0000 (01:03 +0000)]
executor: don't duplicate FD array to avoid double closing
Just use ExecParam directly, as these are all internal to sd-exec now
anyway. Avoids double close when execution fails after FDs are set up
for inheritance and were already re-arranged.
sigwait() is documented to "suspend execution of the calling thread
until one of the signals specified in the signal set becomes pending".
And the only error it returns is EINVAL, when "set contains an invalid
signal number". Therefore, there's no need to run it in a loop or
to check for runtime error.
Yu Watanabe [Thu, 7 Dec 2023 05:45:07 +0000 (14:45 +0900)]
network/ipv4ll: do not start sd-ipv4ll on exit
When assert_return() is critical, the following assertion is triggered
on exit:
---
#0 0x00007f8b1f6b0884 in __pthread_kill_implementation () from target:/lib64/libc.so.6
#1 0x00007f8b1f65fafe in raise () from target:/lib64/libc.so.6
#2 0x00007f8b1f64887f in abort () from target:/lib64/libc.so.6
#3 0x00007f8b208d02d6 in log_assert_failed (text=0x7f8b210009e0 "e->state != SD_EVENT_FINISHED", file=0x7f8b20fff403 "src/libsystemd/sd-event/sd-event.c",
line=1252, func=0x7f8b21004400 <__func__.154> "sd_event_add_io") at ../src/basic/log.c:948
#4 0x00007f8b208d0457 in log_assert_failed_return (text=0x7f8b210009e0 "e->state != SD_EVENT_FINISHED",
file=0x7f8b20fff403 "src/libsystemd/sd-event/sd-event.c", line=1252, func=0x7f8b21004400 <__func__.154> "sd_event_add_io") at ../src/basic/log.c:967
#5 0x00007f8b20c7d102 in sd_event_add_io (e=0x617000000080, ret=0x60c000000a20, fd=11, events=1, callback=0x7dfd85 <ipv4acd_on_packet>,
userdata=0x60c000000a00) at ../src/libsystemd/sd-event/sd-event.c:1252
#6 0x00000000007e3934 in sd_ipv4acd_start (acd=0x60c000000a00, reset_conflicts=true) at ../src/libsystemd-network/sd-ipv4acd.c:597
#7 0x00000000007e72b9 in ipv4ll_start_internal (ll=0x6080000006a0, reset_generation=true) at ../src/libsystemd-network/sd-ipv4ll.c:278
#8 0x00000000007e7462 in sd_ipv4ll_start (ll=0x6080000006a0) at ../src/libsystemd-network/sd-ipv4ll.c:298
#9 0x00000000006047a1 in dhcp4_handler (client=0x617000000400, event=0, userdata=0x61a000000680) at ../src/network/networkd-dhcp4.c:1183
#10 0x000000000075b1ed in client_notify (client=0x617000000400, event=0) at ../src/libsystemd-network/sd-dhcp-client.c:783
#11 0x000000000075bf8d in client_stop (client=0x617000000400, error=0) at ../src/libsystemd-network/sd-dhcp-client.c:821
#12 0x000000000077710f in sd_dhcp_client_stop (client=0x617000000400) at ../src/libsystemd-network/sd-dhcp-client.c:2388
#13 0x000000000065cdd1 in link_stop_engines (link=0x61a000000680, may_keep_dhcp=true) at ../src/network/networkd-link.c:336
#14 0x000000000041f214 in manager_free (m=0x618000000080) at ../src/network/networkd-manager.c:613
#15 0x00000000004124e3 in manager_freep (p=0x7f8b1c800040) at ../src/network/networkd-manager.h:128
#16 0x00000000004139f6 in run (argc=1, argv=0x7ffffe4522e8) at ../src/network/networkd.c:24
#17 0x0000000000413b20 in main (argc=1, argv=0x7ffffe4522e8) at ../src/network/networkd.c:119
---
Prompted by https://github.com/systemd/systemd/pull/30049#issuecomment-1844087965.
Yu Watanabe [Thu, 7 Dec 2023 05:28:12 +0000 (14:28 +0900)]
resolve: do not trigger assertion on exit
By making assert_return() critical, we observe the following:
---
Program received signal SIGABRT, Aborted.
0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f01320b0884 in __pthread_kill_implementation ()
from /lib64/libc.so.6
#1 0x00007f013205fafe in raise () from /lib64/libc.so.6
#2 0x00007f013204887f in abort () from /lib64/libc.so.6
#3 0x00007f01338d02d6 in log_assert_failed (
text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED",
file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399,
func=0x7f01340045a0 <__func__.148> "sd_event_add_time")
at ../src/basic/log.c:948
#4 0x00007f01338d0457 in log_assert_failed_return (
text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED",
file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399,
func=0x7f01340045a0 <__func__.148> "sd_event_add_time")
at ../src/basic/log.c:967
#5 0x00007f0133c7ed83 in sd_event_add_time (e=0x617000022280,
ret=0x610000007e98, clock=7, usec=24054941030, accuracy=0,
callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40)
at ../src/libsystemd/sd-event/sd-event.c:1399
#6 0x00007f0133c7f725 in sd_event_add_time_relative (e=0x617000022280,
ret=0x610000007e98, clock=7, usec=1000000, accuracy=0,
callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40)
at ../src/libsystemd/sd-event/sd-event.c:1462
#7 0x0000000000464cac in dns_scope_announce (scope=0x610000007e40, goodbye=true) at ../src/resolve/resolved-dns-scope.c:1530
#8 0x0000000000504d08 in link_free (l=0x612000023d40) at ../src/resolve/resolved-link.c:83
#9 0x000000000052dbbd in manager_free (m=0x619000000a80) at ../src/resolve/resolved-manager.c:697
#10 0x0000000000562328 in manager_freep (p=0x7f012f800040) at ../src/resolve/resolved-manager.h:198
#11 0x000000000056315a in run (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:25
#12 0x0000000000563284 in main (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:99
---
Prompted by https://github.com/systemd/systemd/pull/30049#issuecomment-1844087965.
Mike Yuan [Fri, 8 Dec 2023 16:06:16 +0000 (00:06 +0800)]
core/executor: do destruct static variables and selinux before exiting
I was wondering why I couldn't trigger the assertion in safe_fclose()
when submitting #30251. It turned out that the static destructor was
not run at all :/
Replace main() with a minimized version of main-func.h. This also
prevents emitting negative exit codes.
Yu Watanabe [Sun, 10 Dec 2023 04:56:46 +0000 (13:56 +0900)]
network/route: fix reachability check when peer address is specified
When an address with peer address is specified, the kernel by default
adds the prefix route for the peer address. When ManageForeignRoute=no
is set, then we also needs to check the prefix for the peer address.
Mike Yuan [Sat, 9 Dec 2023 12:10:31 +0000 (20:10 +0800)]
core/cgroup: cache the last memory usage values before destroying cgroup
Currently, memory accounting values are only cached if it was queued
at least once before destroying cgroup. Let's always cache it like
what we already do for CPU usage.
With a sufficiently large initrd, the tests take 25 s on my laptop.
Normally, they'd be quicker, but since we use what we find on the
system, we don't control this. Let's raise the timeout to reduce the
chances of a spurious failure.
test_ukify: explicitly remove big temporary directories
pytest intentionally keeps around a limited number of the previous test
temporary directories [1]. This is generally OK, but in our tests that generate
initrds, we create a few very large files (both the initrd and kernel in a few
copies), which quickly adds up. I had a particularly large initrd (because of
some mkosi-initrd shenanigans), and I unded up with dozens of gigabytes of
temporary files from the tests. Let's just nuke the dirs where we write
kernel data.
Quoting https://docs.pytest.org/en/stable/how-to/tmp_path.html#the-default-base-temporary-directory:
> The tmpdir and tmpdir_factory fixtures are similar to tmp_path and
> tmp_path_factory, but use/return legacy py.path.local objects rather than
> standard pathlib.Path objects.
>
> These days, it is preferred to use tmp_path and tmp_path_factory.
Since we restart systemd-udevd here a couple of times, we might hit the
rate limit in later tests:
[ 26.028355] testsuite-17.sh[2074]: + udevadm control -e
[ 26.028355] testsuite-17.sh[2074]: + udevadm control -l emerg
[ 26.126160] systemd[1]: systemd-udevd.service: Start request repeated too quickly.
[ 26.126213] systemd[1]: systemd-udevd.service: Failed with result 'start-limit-hit'.
[ 26.140310] systemd[1]: Failed to start systemd-udevd.service.
[ 26.140897] systemd[1]: systemd-udevd-control.socket: Failed with result 'service-start-limit-hit'.
[ 26.141286] systemd[1]: systemd-udevd-kernel.socket: Failed with result 'service-start-limit-hit'.
[ 26.142225] testsuite-17.sh[2074]: + udevadm control -l alert
[ 26.149206] udevadm[2088]: Failed to send request to set log level: No such file or directory
Daan De Meyer [Thu, 7 Dec 2023 13:26:10 +0000 (14:26 +0100)]
repart: Don't look for --make-ddi= definitions inside --root=
It doesn't really make sense to go looking for these inside the
given root directory. While we should resolve specifiers and such
based on the given root directory, let's look up the image definitions
on the host system as there's a good chance they're coupled to the
repart version we're using so there's all kinds of chances for problems
if we use the definitions from the image we're building instead of those
from the host.
Luca Boccassi [Thu, 7 Dec 2023 23:19:36 +0000 (23:19 +0000)]
core: create workdir/upperdir when mounting a Type=overlay mount unit
So far we created the target directory, and the source for bind mounts,
but not workdir/upperdir for overlays, so it has to be done separately
and strictly before the unit is started, which is annoying. Check the
options when creating directories, and if upper/work directories are
specified, create them.
install: don't translate unit instances to paths when reenabling them
For unit instances install_info_discover() returns path to the template,
which then generates confusing errors when passed to
do_unit_file_enable():
~# build/systemctl --root=/tmp/systemctl-test.N9ysbz reenable templ1@two.service
Unit name: templ1@two.service; p: /etc/systemd/system/templ1@.service
Removed "/tmp/systemctl-test.N9ysbz/etc/systemd/system/services.target.wants/templ1@two.service".
Failed to reenable templ1@.service, destination unit services.target is a non-template unit.
This can also be seen with a different reproducer using getty@.service
and a simple bind mount to / - there's no error this time, but it tries
to create a symlink for the default instance (from DefaultInstance=tty1),
which is also incorrect:
Luca Boccassi [Mon, 27 Nov 2023 23:32:31 +0000 (23:32 +0000)]
core: relax dependency on RootImage= storage from Requires= to Wants=
If a unit is running in an image and wants to survive a soft-reboot,
then it can't be deactivated by the storage of the image going away.
Relax the dependency to a Wants=. Access to the image is not needed
when the unit is running anyway, so downgrade to Wants=.
Daan De Meyer [Tue, 5 Dec 2023 13:56:00 +0000 (14:56 +0100)]
repart: Re-open file descriptor to partition target after mkfs
The mkfs binary might unlink the path we give it and replace it with
a new file so let's make sure that our fd points to any new file rather
than the old deleted file.
Specifically this fixes erofs partition generation.
aslepykh [Fri, 8 Dec 2023 01:54:52 +0000 (04:54 +0300)]
test: avoid NO_CAST.INTEGER_OVERFLOW in test-oomd-util (#30365)
The `.mem_total` variable has `uint64_t` type, therefore, when multiplying the number
`20971512` by the number `1024` with the suffix `U`, we will not get the expected result of
`21,474,828,288`, since the number `20971512` without an explicit type indication has
`uint32_t` type.
First, multiplication will occur in accordance with the `uint32_t` type; this operation will
cause a **type overflow**, and only then will this result be assigned to a `uint64_t` type
variable.
It's worth adding the `UL` suffix to the number `20971512` to avoid **overflow**.
Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author A. Slepykh.
We already highlight sections and "de-highlight" comments, so let's add
the last piece of the puzzle and highlight the configuration directives
to visually distinguish them from the values.
packit: don't take ownership of /etc/ssh/sshd_config.d/
7e3607996a creates a symlink under /etc/ssh/sshd_config.d/ and with
current Rawhide RPM stuff the systemd RPM tries to take ownership of
that directory which conflicts with the openssh-server package. Let's
temporarily tweak the regex in split-files.py until this changes makes
it to Rawhide.
journalctl: don't skip over messages not matching the cursor
When --after-cursor=/--cursor-file= is used together with a journal
filter, we still skipped over the first matching entry even if it wasn't
the entry the cursor points at, thus missing one "valid" entry
completely. Let's fix this by checking if the entry cursor after seeking
matches the user provided cursor, and skip to the next entry only when
the cursors match.
Daan De Meyer [Tue, 5 Dec 2023 09:24:13 +0000 (10:24 +0100)]
nspawn: Check later whether to keep/drop CAP_NET_BIND_SERVICE
Currently the check doesn't take any settings from nspawn settings
files into account, so let's delay the check until after we've
loaded any settings file.
Daan De Meyer [Sun, 3 Dec 2023 19:19:08 +0000 (20:19 +0100)]
gpt-auto-generator: Pass cryptsetup credentials to cryptsetup
cryptsetup reads a bunch of credentials now but we don't pass import
those in any service units yet. Let's pass through all cryptsetup
prefixed credentials to the systemd-cryptsetup@root instance.
Roland Hieber [Mon, 18 Sep 2023 09:52:06 +0000 (11:52 +0200)]
udev: generate system-unique storage symlinks using device path
When the same disk image is written to multiple storage units, for
example an external SD card and an internal eMMC, the symlinks in
/dev/disk/by-{label,uuid,partlabel,partuuid}/ are no longer unique, and
will point to the device that is probed last.
Adressing partitions via labels and UUIDs is nice to work with, and
depending on the use case, it might also be more robust than using the
symlinks in /dev/disk/by-path/ containing the partition number. Combine
the two approaches to create unique symlinks containing both the device
path as well as the respective UUIDs or labels, and throw in a symlink
using the devpath and the partition number for the sake of completeness.
For an exemplary GPT-partitioned disk at "platform-2198000.mmc" with a
partition containing an ext4 file system, this might create symlinks of
the following form:
Mike Yuan [Sat, 25 Nov 2023 14:10:16 +0000 (22:10 +0800)]
systemctl-whoami: use pidfd to refer to processes
While at it, rephrase the output a bit. Before this commit, if
the pid doesn't exist, we output something hard to interpret -
"Failed to get unit for ourselves".
mime: register confext/sysext images in shared-mime-info
This make them recognized by file managers and stuff. Maybe one day we
should properly register mime types in the "vnd." namespace with IANA,
but I am too lazy to deal with the bureaucracy for that, hence let's
stick with the x. namespace for now.
userdbctl: enable ssh-authorized-keys logic by default
sshd now supports config file drop-ins, hence let's install one to hook
up "userdb ssh-authorized-keys", so that things just work.
We put the drop-in relatively early, so that other drop-ins generally
will override this.
Ideally sshd would support such drop-ins in /usr/ rather than /etc/, but
let's take what we can get. It's not that sshd's upstream was
particularly open to weird ideas from Linux people.
pid1: add ProtectSystem= as system-wide configuration, and default it to true in the initrd
This adds a new ProtectSystem= setting that mirrors the option of the
same of services, but in a more restrictive way. If enabled will remount
/usr/ to read-only, very early at boot. Takes a special value "auto"
(which is the default) which is equivalent to true in the initrd, and
false otherwise.
Unlike the per-service option we don't support full/strict modes, but
the door is open to eventually support that too if it makes sense. It's
not entirely trivial though as we have very little mounted this early,
and hence the mechanism might not apply 1:1. Hence in this PR is a
conservative first step.
My primary goal with this is to lock down initrds a bit, since they
conceptually are mostly immutable, but they are unpacked into a mutable
tmpfs. let's tighten the screws a bit on that, and at least make /usr/
immutable.
This is particularly nice on USIs (i.e. Unified System Images, that pack
a whole OS into a UKI without transitioning out of it), such as
diskomator.
projects / thirdparty / systemd.git / log
