Arian van Putten [Mon, 12 Aug 2019 17:36:56 +0000 (19:36 +0200)]
journalctl: Make journalctl --user-unit= match on _SYSTEMD_USER_SLICE
journalctl --unit= already did this, and allows you to tail all the logs
for a certain slice easily. It seemed only natural to make --user-unit
behave in a similar way.
The _SYSTEMD_USER_SLICE field was not documented as being added by
journald, so I have added that to the documentation too.
Furthermore, I have documented the existing behaviour of --unit= and the
new behaviour of --user-unit=
The behaviour was actually not documented before, so I am also OK with
removing the match for the --unit= command instead. The user would then
have to manually provide _SYSTEMD_SLICE= filter to journalctl in both
cases. Both options work for me.
pid1: after creating transient drop-ins, put file in path cache
The alternative would be to recreate the cache, but dropins can be created very
often for transient settings, so updating the cache seems like a much faster
option.
shared/watchdog: close watchdog device when done with it
The file descriptor was opened with O_CLOEXEC, so in practice this doesn't
change too much, but it seems cleaner to always close the old fd when
changing the device path.
It's hard to say what is going on here without any error messages whatsoever.
The test goes into deep details of journal file handling, so it needs to also
do logging on its own.
Kai Krakow [Sat, 17 Aug 2019 00:33:43 +0000 (02:33 +0200)]
cgroup: Also set io.bfq.weight
Current kernels with BFQ scheduler do not yet set their IO weight
through "io.weight" but through "io.bfq.weight" (using a slightly
different interface supporting only default weights, not per-device
weights). This commit enables "IOWeight=" to just to that.
This fixes #13276. I think current rules are extremely confusing, as the
case in test-networkd-conf shows. We apply some kinds of unescaping (relating
to quoting), but not others (related to escaping of special characters).
But fixing this is hard, because people have adjusted quoting to match
our rules, and if we make the rules "better", things might break in unexpected
places.
Dan Streetman [Thu, 15 Aug 2019 20:27:05 +0000 (16:27 -0400)]
test: increase qemu timeout for TEST-18 and TEST-19
These tests runs under qemu, and on some testbeds, without acceleration.
On those systems, the current 180 second overall test timeout is too
short to run the test.
Increasing the timeout to 600s should be enough, even for slow
non-accelerated qemu testbeds.
Yu Watanabe [Sun, 18 Aug 2019 15:04:37 +0000 (00:04 +0900)]
network: do not check deprecated flag in address_is_ready()
Without this change, the address with PreferredLifetime=0 cannot be ready,
and thus, no consequent setting up process does not start.
The bug was introduced by 6aa5773.
Dan Streetman [Sat, 17 Aug 2019 16:24:00 +0000 (12:24 -0400)]
test/test-functions: add mkdir to import_initdir
This dir is created by create_empty_image_rootdir, as well as indirectly
by some other functions, but it should be created by import_initdir so
the newly-exported $initdir exists and can be used immediately without
relying on other functions to create it.
udev: allow persistent storage rules work for ubi devices
Back in dbbf424c8b77c1649e822c20c0b1fee1d2cfd93d, we merged a rule to add
persistent storage for /dev/ubi*, but this rule could have never worked because
of the top-level exclude.
udev: assume all devices which have persistent links also need to be watched
We had two similar lists, but one was accepting many more device types.
I assume that this is by mistake, simply because the lack of device links
is easier to notice than the lack of synthesized event after the device is
written to. This uses the same list in both places, effectively adding
"watch" attribute to /dev/nbd*, /dev/zd*, etc.
Dan Streetman [Tue, 13 Aug 2019 00:34:43 +0000 (20:34 -0400)]
src/boot/efi/meson.build: if meson --werror is true, set gcc -Werror
This part of the build does not use the normal meson parameters, so
we need to explicitly check for the meson --werror parameter, and if
it's true, set the gcc -Werror parameter for this subdir's build.
Dan Streetman [Tue, 13 Aug 2019 11:02:33 +0000 (07:02 -0400)]
src/boot/efi/linux: elide __attribute__((regparm(0))) on non-i386
This attribute is x86_32-only, so when building on non-intel archs it
generates a compiler warning. When building with -Werror this turns
into an error, so only include the attribute on i386 arch builds.
Dan Streetman [Tue, 13 Aug 2019 10:45:04 +0000 (06:45 -0400)]
src/boot/efi/shim: elide __attribute__((sysv_abi)) on non-intel archs
This attribute is x86-only, so when building on non-intel archs it
generates a compiler warning. When building with -Werror this turns
into an error, so only include the attribute on intel archs.
Dan Streetman [Thu, 15 Aug 2019 01:08:36 +0000 (21:08 -0400)]
src/basic/missing_syscall: add comment lines for PR 13319 changes
Add a comment line explaining that the syscall defines might be
defined to invalid negative numbers, as libseccomp redefines them
to negative numbers if not defined by the kernel headers, which is
not obvious just from reading the code checking for defined && > 0
Since bug reports, backtraces, coverage reports and build logs are scattered
across at least four different places and there is no publicly available dashboards
the badge can point to, let's just point it to the build logs, which hopefully are going to be
a little bit more usable once https://github.com/google/oss-fuzz/issues/2690 is
addressed.
Tommi Rantala [Mon, 5 Aug 2019 11:01:58 +0000 (14:01 +0300)]
update-utmp: fix assertion failure if rescue.target, multi-user.target and graphical.target are all inactive
If rescue.target, multi-user.target and graphical.target are all
inactive, get_current_runlevel() is not able to determine current
runlevel, and returns with zero. This zero runlevel value results to
assertion failure in utmp_put_runlevel().
systemd[1]: Stopped target Graphical Interface.
systemd[1]: Stopped target Multi-User System.
systemd[1]: Starting Update UTMP about System Runlevel Changes...
systemd-update-utmp[67]: Assertion 'runlevel > 0' failed at src/shared/utmp-wtmp.c:275, function utmp_put_runlevel(). Aborting.
systemd[1]: systemd-update-utmp-runlevel.service: Main process exited, code=dumped, status=6/ABRT
systemd[1]: systemd-update-utmp-runlevel.service: Failed with result 'core-dump'.
systemd[1]: Failed to start Update UTMP about System Runlevel Changes.
Let's just print a warning in this case and skip the utmp update, to
avoid systemd-update-utmp-runlevel.service failures.
sysusers: properly mark generated accounts as locked
Previously, we'd only set the shell to /usr/bin/nologin and lock the
password for system users. Let's go one step further and also lock the
whole account.
This is a paranoid safety precaution, since neither disabling the shell
like this nor disabling the password is sufficient to lock an account,
since remote shell tools generally allow passing different shells, and
logins into ftp or similar protocols don't know the shell concept anyway.
Moreover, in times of ssh authentication by password is just one
option of authentication among many.
Takes inspiration from the recommendations in usermod(8)'s -L switch:
"Note: if you wish to lock the account (not only access with a
password), you should also set the EXPIRE_DATE to 1."
Dan Streetman [Thu, 25 Jul 2019 11:57:30 +0000 (07:57 -0400)]
src/basic/missing_syscall: change #ifndef to #if ! (defined && > 0)
The #ifndef check used to work for missing __NR_* syscall defines, but
unfortunately libseccomp now redefines missing syscall number to negative
numbers, in their public header file, e.g.:
https://github.com/seccomp/libseccomp/blob/master/include/seccomp.h.in#L801
When systemd is built, since it includes <seccomp.h>, it pulls in the
incorrect negative value for any __NR_* syscall define that's included in
the seccomp.h header (for those syscalls that the kernel headers don't
yet define, e.g. when built with older/stable-distro kernels). This leads
to bugs like:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1821625
This changes the check so that it can override the negative number that
libseccomp defines, instead of trying to use the negative syscall number.
To avoid gcc warnings (which are failures with meson --werror), this checks
without generating a redefinition gcc warning.
I have no idea why libseccomp decided to define missing syscalls
to negative numbers inside their *public* header file, causing
problems like this.
Dan Streetman [Wed, 24 Jul 2019 23:58:48 +0000 (19:58 -0400)]
src/basic/missing_syscall: add s390 syscall number for __NR_pkey_mprotect
The syscall number for s390 was added to the kernel at:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b41c51c8e194c0bdfb4b1778a137aea8246c86cd
Frantisek Sumsal [Mon, 12 Aug 2019 22:14:54 +0000 (00:14 +0200)]
test: store coredumps in journal
To make debugging much easier, especially for crashes in tests under
QEMU, let's store the entire coredump bundle in the systemd journal,
which is usually kept around by various CIs. Right now, we usually end
up with a journal, but without the coredump itself, which is pretty
useless.
firstboot: drop duplicate trailing whitespace from root pw question
Since ask_password() (and related calls) already append one char, we
ended up appending two. That's not pretty. Let's fix this, and do it
like in all other cases ask_password() (or an equivalent function) is
called.