Mike Yuan [Thu, 28 Mar 2024 16:43:25 +0000 (00:43 +0800)]
core/mount: if mount is gone eventually, consider it success
Currently, if unmount initiated by us fails, we record
that in result. Later, if we tried again and succeeded,
or someone else successfully unmounted it, the unit
state is still considered failed. Let's be more tolerant
instead, and forget about previous failure.
Burak Gerz [Fri, 29 Mar 2024 23:41:51 +0000 (00:41 +0100)]
sysupdate: print assumed value
The MatchPattern= in Target specification is documented as mandatory,
but if not defined sysupdate will assume the same value as definied
in Source specification and continue execution. Print this
assumptions to the user
Adrian Vovk [Fri, 29 Mar 2024 00:38:09 +0000 (20:38 -0400)]
manager: Freeze/Thaw: Don't fail units w/o cgroup
Previously, it was impossible to freeze or thaw a slice if it is an
ancestor to a unit that had no running cgroup (i.e. a service with
RemainAfterExit=yes). Instead of failing with EBUSY (which would
confusingly get reported as "Unit has pending job") we just silently
no-op.
I noticed this because we now have user-runtime-dir@.service, which
would make it impossible to freeze/thaw user.slice or user-<UID>.slice
Luca Boccassi [Fri, 29 Mar 2024 01:29:07 +0000 (01:29 +0000)]
core: apply ReloadLimit to reexec too
Same reason as the reload, reexec is disruptive and it requires the
same privileges, so if somebody wants to limit reloads, they'll also
want to limit reexecs, so use the same setting.
Yu Watanabe [Thu, 28 Mar 2024 07:24:59 +0000 (16:24 +0900)]
udev: make udevadm test and test-builtin not destructive
Previously, 'udevadm test' performs not only processing udev rules,
but made several destructive change on the system; updating udev
database, device node permission, devlinks, network interface
properties, and so on.
Similary, 'udevadm test-builtin' may perform something destructive,
especially by 'keyboard', 'kmod', and 'net_setup_link' builtins.
Let's make these commands and test executables not change device
configurations.
Yu Watanabe [Sun, 17 Mar 2024 06:23:38 +0000 (15:23 +0900)]
ndisc-option: allow to set valid time of options
When an option is delegated from an upstream server, its lifetime
may be limited by a time. Such functionality will be used later by
sd-radv.
This also remove 'offset' argument from the option setter
ndisc_option_set_xyz(), and make it update existing option.
See comments in ndisc_option_add_link_layer_address() for more details.
Yu Watanabe [Fri, 22 Mar 2024 08:46:00 +0000 (17:46 +0900)]
journalctl-filter: use add_match_boot_id() instead of add_match_this_boot()
The function add_match_this_boot() calls sd_journal_add_conjunction(),
hence, we cannot specify multiple devices in the extra match arguments,
e.g., "journalctl /dev/sda /dev/sdb" shows no entry.
Mike Yuan [Wed, 27 Mar 2024 11:45:34 +0000 (19:45 +0800)]
sleep: add SleepMemMode= setting for configuring /sys/power/mem_sleep
The setting is used when /sys/power/state is set to 'mem'
(common for suspend) or /sys/power/disk is set to 'suspend'
(hybrid-sleep). We default to kernel choice here, i.e.
respect what's set through 'mem_sleep_default=' kernel
cmdline option.
Adrian Vovk [Thu, 21 Mar 2024 23:28:38 +0000 (19:28 -0400)]
homed: Release(): fix assertion failure
This fixes a race condition crash in homed that would happen in the
following sequence of events:
1. Client 1 takes a ref on the home area
2. Client 1 calls some method via dbus
3. Client 2 calls Release()
In homed, the Release() would check if a ref is still held (in this
case: yes it is) and returns an error. Except that is done through a
code-path that asserts that no operations are ongoing. In this case,
it's valid to have an ongoing operation, and so the assertion fails
causing homed to crash.
Luca Boccassi [Wed, 27 Mar 2024 21:14:15 +0000 (21:14 +0000)]
run: fix generated unit name clash after soft-reboot
When sd-run connects to D-Bus rather than the private socket, it will
generate the transient unit name using the bus ID assigned by the D-Bus
broker/daemon. The issue is that this ID is only unique per D-Bus run,
if the broker/daemon restarts it starts again from 1, and it's a simple
incremental counter for each client.
So if a transient unit run-u6.service starts and fails, and it is not
collected (default on failure), and the system soft-reboots, any new
transient unit might conflict as the counter will restart:
Failed to start transient service unit: Unit run-u6.service was already loaded or has a fragment file.
Get the soft-reboot counter, and if it's greater than zero, append it
to the autogenerated unit name to avoid clashes.
Yu Watanabe [Mon, 25 Mar 2024 13:15:51 +0000 (22:15 +0900)]
journalctl-authenticate: use is_dir() and refuse symlink for /var/log/journal
I am not sure it is explicitly documented that /var/log/journal should
be a directory, rather than a symlink to a directory, but the current
code of journald seems not to support symlinked directory well. Let's
refuse that at least here and now.
Frantisek Sumsal [Wed, 27 Mar 2024 18:35:30 +0000 (19:35 +0100)]
test: check for /dev/loop-control when checking lodev availability
losetup in util-linux 2.40 started reporting lost loop devices [0] and
it has an unfortunate side-effect where it reports lost devices even in
containers, which then makes the loop device check "falsely" pass [1].
Let's just check for /dev/loop-control explicitly to "work around" this.
Michal Koutný [Tue, 20 Feb 2024 18:26:16 +0000 (19:26 +0100)]
timedated: Respond on org.freedesktop.timedate1.SetNTP only when really finished
The method returns prematurely (before jobs it triggers terminate). This
is externally visible because other methods may fail if jobs did not
finish.
Postpone the DBus method response until we collect all signals for
finished jobs.
systemd-timedated keeps track of in-flight DBus requests and answers
them all in unspecified order when jobs finish. The capacity of requests
in systemd-timedated is limited.
Daan De Meyer [Wed, 27 Mar 2024 10:07:52 +0000 (11:07 +0100)]
mkosi: Merge base and system images
The only reason to have these split up is to be able to build extension
images that use the base image as a base tree and install extra packages.
Until we have such a use case, let's merge the base and system images to
simplify things a bit.
We keep the mkosi.images/ directory to not cause too many conflicts with
the integration tests PR.
Ronan Pigott [Tue, 26 Mar 2024 07:33:19 +0000 (00:33 -0700)]
resolved: always return the validated answers when validating
We normally expect sd-resolved only to return the validated subset of a
validated response. In some cases we give up on validating, because we
have enough information already to conclude the answer is bogus.
Let's be sure to always reply with only the validated subset in these
cases too, so that we don't return bogus answers and confuse primitive
clients that won't see the SERVFAIL rcode.
shared/logs-show: restore infinite loop avoidance for corrupted journals
Fixes a bug introduced in e44f06065bf20e8d0e4adacff61350ebd36f299e: it was
supposed to be a refactoring, but unfortunately FOREACH_ARRAY is implemented
using a for loop, so when the 'goto finish' was replaced by 'break', it only
broke the inner loop, leading to a infinite loop.
Jakub Sitnicki [Thu, 15 Feb 2024 17:02:50 +0000 (18:02 +0100)]
socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.
This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.
One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.
To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.
This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.
To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.
Yu Watanabe [Thu, 21 Mar 2024 19:19:42 +0000 (04:19 +0900)]
journalctl-filter: several cleanups for add_matches()
- split it into small pieces to reduce indentation,
- return earlier if no filter specified,
- use journal_add_matchf() and journal_add_match_pair(),
chase_and_stat(), is_symlink(), and sd_device_new_from_devname(),
- replace sd_device_get_devname() + stat() with sd_device_get_devnum(),
- refuse to install filter by path with --root, --image, or --machine
at least now, as previously it has not worked anyway.
Yu Watanabe [Thu, 21 Mar 2024 17:47:21 +0000 (02:47 +0900)]
journalctl-filter: modernize add_units()
- add missing assertions,
- use set_ensure_consume() and strv_consume(),
- use string_hash_ops_free and _cleanup_set_free_,
- use strv_fnmatch_full(),
- replace unused counter with a boolean flag,
- return earlier if no unit filtering is requested.
Luca Boccassi [Fri, 8 Mar 2024 23:02:19 +0000 (23:02 +0000)]
resolved: support reloading configuration at runtime
Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.