-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.
Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state
Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.
In some places, initialization is dropped if unnecessary.
Daan De Meyer [Thu, 15 Dec 2022 14:06:40 +0000 (14:06 +0000)]
repart: Always derive fs/luks UUIDs from generated partition UUID
When generating verity partitions, we only know the partition UUID
of the verity data and hash partition after doing the verity
formatting. This means we can't use the verity partition UUID as
input for deriving the filesystem/luks UUIDs. Currently, we derive
the filesystem/luks UUID from the null UUID instead, which isn't
ideal. Instead, let's always generate a partition UUID and use it
to derive the fs/luks UUIDs, but only use it as the actual partition
UUID if we're not doing verity for the partition.
pcrphase: gracefully exit if TPM2 support is incomplete
If everything points to the fact that TPM2 should work, but then the
driver fails to initialize we should handle this gracefully and not
cause failing services all over the place.
Alvin Šipraga [Wed, 7 Dec 2022 15:43:06 +0000 (16:43 +0100)]
network: wifi: check SSID when AP interfaces go up
When an AP goes up, the kernel may emit a netlink event indicating that
the interface has gained carrier. In that event, we should check if the
SSID has changed before attempting to reconfigure. Not doing so means
that the link->ssid member is not updated, leading to a potential
mismatch if some of the .network configurations match on SSID=.
There are however scenarios where the above heuristic is not enough.
Specifically, if the interface carrier state flip-flops within a short
enough interval, the internal throttling of netlink events inside the
kernel may suppress intermediate linkdown+linkup events (cf. Linux
net/core/link_watch.c). So there is no linkup event to react on.
To improve on the latter scenario, it is proposed to make newer kernels
emit an NL80211_CMD_START_AP multicast event when an AP goes up. This
event will not be dropped by link_watch. systemd-networkd can then react
to such events as well, and optionally reconfigure the link if the SSID
has changed. This will only work with newer kernels though.
Yu Watanabe [Tue, 15 Nov 2022 13:59:01 +0000 (22:59 +0900)]
core/unit: fix log message
As you can see in the below, the dropped dependency Before=issue-24990.service
is not logged, but the dependency Before=test1.service which is not owned by
the units generated by the TEST-26 is logged.
Before:
systemd[1]: issue-24990.service: Dependency After=test1.service dropped, merged into issue-24990.service
systemd[1]: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service
After:
systemd[1]: issue-24990.service: Dependency After=test1.service is dropped, as test1.service is merged into issue-24990.service.
systemd[1]: issue-24990.service: Dependency Before=issue-24990.service in test1.service is dropped, as test1.service is merged into issue-24990.service.
Nick Rosbrook [Fri, 2 Dec 2022 20:35:25 +0000 (15:35 -0500)]
udev: attempt device rename even if interface is up
Currently rename_netif() will not attempt to rename a device if it is
already up, because the kernel will return -EBUSY unless live renaming
is allowed on the device. This restriction will be removed in a future
kernel version [1].
To cover both cases, always attempt to rename the interface and return 0
if we get -EBUSY.
Nick Rosbrook [Wed, 2 Nov 2022 09:36:14 +0000 (05:36 -0400)]
sd-netlink: restore altname on error in rtnl_set_link_name
If a current alternative name is to be used to rename a network
interface, the alternative name must be removed first. If interface
renaming fails, restore the alternative name that was deleted if
necessary.
Nick Rosbrook [Fri, 2 Dec 2022 20:26:18 +0000 (15:26 -0500)]
sd-netlink: do not swap old name and alternative name
Commit 434a348380 ("netlink: do not fail when new interface name is
already used as an alternative name") added logic to set the old
interface name as an alternative name, but only when the new name is
currently an alternative name. This is not the desired outcome in most
cases, and the important part of this commit was to delete the new name
from the list of alternative names if necessary.
Nick Rosbrook [Wed, 2 Nov 2022 15:05:01 +0000 (11:05 -0400)]
udev/net: allow new link name as an altname before renaming happens
When configuring a link's alternative names, the link's new name to-be
is not allowed to be included because interface renaming will fail if
the new name is already present as an alternative name. However,
rtnl_set_link_name will delete the conflicting alternative name before
renaming the device, if necessary.
Allow the new link name to be set as an alternative name before the
device is renamed. This means that if the rename is later skipped (i.e.
because the link is already up), then the name can at least still be
present as an alternative name.
measure: add --append= switch for merging signatures
Often it's useful to add multiple signatures in the signature JSON file
to embedd in a single .pcrsig. (For example, a signature by key X for
boot phase "enter-initrd" and one by key Y for
"enter-initrd:leave-initrd" or so). Make this easy, by adding the
ability to append signatures to a previously generated JSON file.
Use LogFilterPatterns from the unit's cgroup xattr in order to keep or
discard log messages before writing them to the journal.
When a log message is discarded, it won't be written to syslog, console...
either.
When a native, syslog, or standard output log message is received,
systemd-journald will process it if it matches against at least one
allowed pattern (if any) and none of the denied patterns (if any).
Define new unit parameter (LogFilterPatterns) to filter logs processed by
journald.
This option is used to store a regular expression which is carried from
PID1 to systemd-journald through a cgroup xattrs:
`user.journald_log_filter_patterns`.
Daan De Meyer [Tue, 13 Dec 2022 18:52:18 +0000 (18:52 +0000)]
repart: Rework Minimize= option settings
Instead of having Minimize= take a boolean let's allow for two
different ways to enable it. "best" means we want the most minimal
image possible, which currently is only possible for read-only
filesystems but can be extended in the future with bisection
to find the most minimal possible size.
We also add "guess", which is the current behavior, where we
populate once and use the sparse size to make a reasonable guess
on a size that fits all the sources without needing to O(log(n))
tries to find the most minimal size.
basic: do not output emojis if not on a proper terminal
$TERM would generally be set if we're connected to a proper graphical terminal
emulator. In all other cases, in particular if $TERM is not set, we almost
certainly are not connected to something that can output emojis. In particular
the text console is unlikely to ever do it correctly.
So let's invert the check, and only write emojis if $TERM is set.
fstab-generator: use log message that matches reality
We *assume* that when /sys is read-only, we're running in a container. But
there can other reasons, for example root is mount ro and nobody has mounted
/sys yet, or somebody forgot to add /sys to the list of filesystem not to
remount ro in a sandbox. So let's actually say what we know instead of assuming.
systemd-fstab-generator was reporting that it's running in a container and I
spent a good few minutes trying to figure out why 'systemd-detect-virt -c'
disagrees, before noticing that it's just checking a different condition.
This is an octal number. We used the 0 prefix in some places inconsistently.
The kernel always interprets in base-8, so this has no effect, but I think
it's nicer to use the 0 to remind the reader that this is not a decimal number.
manager: execute generators in a mount namespace "sandbox"
When generators are executed during early boot, /tmp might not be available
yet. This causes problems with bash, because here-docs don't work. Even
non-shell code can often assume that /tmp is available. This limitation is
known to trip up people, and when the code is tested on a "normal" system,
everything works.
We can solve this nicely, and get another small benefit, by making most of the
file system read-only and "punching holes" for some dirs that should be
writable. The generator code runs with full privileges and can do anything it
wants by writing appropriate systemd units, so it doesn't make much sense to do
any significant sandboxing around generators. But making root read-only is nice
because it can catch stupid mistakes where the generator tries to write to a
wrong path or something like that. We effectively also get a "private /tmp" for
the generators, which protects them against existing files in /tmp.
The path does the following:
when executing generators, we fork, and the child unshares root and makes
it recursively read-only, with the exception of /sys and /run. Error handling
is permissive — if some of this setup fails, we're in the same state as
before the patch.
If the flag is set, we mount /tmp/ in a way that is suitable for generators and
other quick jobs.
Unfortunately I had to move some code from shared/mount-util.c to
basic/mountpoint-util.c. The functions that are moved are very thin wrappers
around mount(2), so this doesn't actually change much in the code split between
libbasic and libshared.
Implications for the host would be weird if a private mount namespace is not
used, so assert on FORK_NEW_MOUNTNS when the flag is used.
Nick Rosbrook [Wed, 14 Dec 2022 15:07:40 +0000 (10:07 -0500)]
journal: skip part of test-journal-interleaving if no machine-id exists
When executed on a systemd with an empty /etc/machine-id,
test-journal-interleaving fails in test_sequence_numbers_one() when
re-opening the existing "two.journal". This is because opening the
existing journal file with managed_journal_file_open() causes
journal_file_verify_header() to be called. This function tries to
compare the current machine-id to the machine-id in the journal file
header, but does not handle the case where the machine-id is empty or
non-existent.
Check if we have an initialized machine-id before executing this portion
of the test.
Nick Rosbrook [Mon, 12 Dec 2022 19:37:52 +0000 (14:37 -0500)]
test-fs-util: skip part of test_chase_symlinks if machine-id is not initialized
The part of test_chase_symlink in test-fs-util that calls
sd_id128_get_machine will fail if /etc/machine-id is empty, so skip this
block if the machine-id is not initialized.
projects / thirdparty / systemd.git / log
