This compares two PidRef structures via the pid_t field. Ideally we'd do
a stricter comparison here, that is safe towards PID reuse, but so far
the pidfd API lacks suitable mechanisms for that, hence do the best we
can do.
DTBs can map and assign arbitrary memory ranges. The kernel refuses
to load one from the dtb= kernel command line parameter when secure
boot is enabled, as it's not safe. Let's do the same for type 1
entries, as they are unverified.
This only affects arm64 and riscv64, firmwares do not support DTB
on x86.
scope: only stop watching processes when we go down
Let's not stop watching processes on every scope state change. This
corrects behaviour when a scope is being enqueued and hasn't started
yet, but has processes associated to it already. previously, if we'd doa
full PID 1 reload we'd stop watching those pids. With this change we'll
continue watching them in that case, and only stop watching them when
the scope unit really shuts down after first being up.
We only need a separate mount namespace if we're operating on a
btrfs block device so let's make sure we only unshare the mount
namespace if that's the case.
boot: use separate SBAT project names for stub and boot
The implementations are not 100% overlapping, so use different identifiers, so
that revocations can be done independently. e.g.: a bug that affects only
sd-boot won't necessarily cause old UKIs to be revoked.
where we got strong feedback that, for 'switched' layout setups
like Russian, US English should be the *first* layout and the
native layout the *second* one. This is how anaconda and, as of
recently, gnome-initial-setup configure such cases - but that
means, if we try to use localed to convert these configurations
using kbd-model-map, we get the wrong result (we get "us" as the
console layout). See also:
Adam Williamson [Fri, 15 Sep 2023 22:35:36 +0000 (15:35 -0700)]
find_legacy_keymap: fix empty variant matching
We should give a match bonus if the X context variant is empty
and the xvariant column in kbd-model-map is "-" (which means
none). Currently, we don't, which means that if you call this
on a context with layouts bg,us and no variant, you get the
console layout bg_pho-utf8 instead of bg_bds-utf8 (because both
score the same, and the bg_pho-utf8 row comes first). You should
get bg_bds-utf8 in this case.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
As I noticed a lot of missing information when trying to implement checking
for missing info. I reimplemented the version information script to be more
robust, and here is the result.
core: port unit_main_pid() + unit_control_pid() to PidRef and drop unit_kill_common()
This ports over unit_main_pid() + unit_control_pid() to return PidRef*
pointers (which also means the underlying UnitVTable function pointers
are changed accordingly).
This then uses te functions to simplify the unit_kill() call, by
avoiding the kill() vtable indirection and instead just suing
unit_main_pid() and unit_control_pid() directly.
core: add new "PollLimit" settings to .socket units
This adds a new "PollLimit" pair of settings to .socket units, very
similar to existing "TriggerLimit" logic. The differences are:
* PollLimit focusses on the polling on the sockets, and pauses that
temporarily if a ratelimit on that is reached. TriggerLimit otoh
focusses on the triggering effect of socket units, and stops
triggering once the ratelimit is hit.
* While the trigger limit being hit is an action that causes the socket
unit to fail the polling limit being reached will just temporarily
disable polling on the socket fd, and it is resumed once the ratelimit
interval is over.
* When a socket unit operates on multiple socket fds (e,g, ListenStream=
on both some ipv6 and an ipv4 address or so). Then the PollLimit will
be specific to each fd, while the trigger limit is specific to the
whole unit.
Implementation-wise this is mostly a wrapper around sd-event's
sd_event_source_set_ratelimit(), which exposes the desired behaviour
directly.
Usecase for all of this: socket services which when overloaded with
connections should just slow down reception of it, but not fail
persistently.
logind: slightly tweak error message about not enough swap for hibernation
Let's tweak the message if not enough swap is around slightly: systems
might have plenty swap backed by incompatible storage (specifically:
swap files on btrfs), but we (currently) do not support hibernating to
that.
Hence let's say *suitable* swap space and talk about *compatibility* of
backing storage.
Hopefully this will make things a bit clearer to users.
As pointed out in the review, all this applies to the user services too, so are
not managed by the "init system", but by the more generic "service manager".
Also:
- use oxford comma
- change "employ" to "use" in various places
- change "the init system forwards messages to syslog" to "are forwarded to
syslog". This is done by systemd-journald, so really there is no forwarding,
because systemd-journald just writes them to a file in the common setup,
so let's use the passive form to avoid specifying who does this.
This conceptually reverts e95acdfe1d3a790e18617bb992a712b34f41800d,
but the actual contents of the script are taken from the command invocation
in meson with all the updates that happened in the meantime.
One small change is that I replaced () by {}: this avoids one subprocess spawn.
People were worried about the cost of vcs_tag(), and this microoptimization may
help a bit. I measured the speed on machine, and noop rebuilds are still about
100–120 ms.
The logic is entirely moved to the script. This makes the meson config simpler
and also makes it easier to use it externally.
The script is needed for in-place rpm builds, see README.build-in-place.md [1],
where it is invoked from the spec file to determine the project version.
vimrc: explicitly set shiftwidth for the C file type
If you start editing a shell script and then open a buffer with a C
file, the shiftwidth set by the previous autocommand for the sh file
type would not be reset to the original (global) 8ch. Let's fix this by
explicitly setting the shiftwidth in the C file type autocommand as
well.
man: drop duplicate .uname documentation, add .sbat documentation
This fixes the PE section documentation in the systemd-stub man page:
for some reason .uname was listed twice, and .sbat was still missing.
Address that.
Also, let's reorder things to to match the "canonical" ordering we also
use for measurement in sd-stub. The order makes sense and there's really
no reason to depart from that here.
network: allow to configure multiple IPv6 null addresses with different prefix length
Previously, even if a .network file contains multiple IPv6 null
addresses with different prefix length, only the first setting is applied,
as the remainings are deduped in network_drop_invalid_addresses().
Even though the kernel allows us to change the prefix length of an existing
IPv6 address, we cannot safely change the prefix length of an address
that is originally requested as a null address, as the prefix of the
address may conflict with other addresses if we change it.
We already prohibit to change the prefix length of an existing IPv6
address that is originally requested as a null address. So, we can
safely allow to configure multiple IPv6 addresses from null addresses by
relaxing the dedup logic. The dedup is govern by the hash_ops. This adds
a special handling for IPv6 null addresses.
core: redirect LSan's report to /dev/console during manager exit
When exiting PID 1 we most likely don't have stdio/stdout open, so the
final LSan check would not print any actionable information and would
just crash PID 1 leading up to a kernel panic, which is a bit annoying.
Let's instead attempt to open /dev/console, and if we succeed redirect
LSan's report there.
The result is a bit messy, as it's slightly interleaved with the kernel
panic, but it's definitely better than not having the stack trace at
all:
[ OK ] Reached target final.target.
[ OK ] Finished systemd-poweroff.service.
[ OK ] Reached target poweroff.target.
=================================================================
3 1m 43.251782] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[ 43.252838] CPU: 2 PID: 1 Comm: systemd Not tainted 6.4.12-200.fc38.x86_64 #1
==[1==ERR O R :4 3Le.a2k53562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
[ 43.254683] Call Trace:
[ 43.254911] <TASK>
[ 43.255107] dump_stack_lvl+0x47/0x60
S[ a 43.n2555i05] panic+t0x192/0x350
izer[ :43.255966 ] do_exit+0x990/0xdb10
etec[ 43.256504] do_group_exit+0x31/0x80
[ 43.256889] __x64_sys_exit_group+0x18/0x20
[ 43.257288] do_syscall_64+0x60/0x90
o_user_mod leaks[ 43.257618] ? syscall_exit_t
Michele Perrone and Ralf Anderegg contribute to ALSA dice driver to support
products of Weiss Engineering. Their patch includes support for DAC202 Maya
edition.
man/sd_notify: change recommendations about unsupported notifications
In principle, arbitrary notifications may be sent via sd_notify. But in
practice, this is not useful at all, since the manager only accepts
notifications from services and ignores anything except a few specific
ones. The others will be logged if debugging is enabled. OTOH, the manager
produces EXIT_STATUS, but nothing in systemd looks at it, which is rather
confusing.
So remove the recommendation to use X_ prefixes, and instead say that other
messages will be ignored. Also, mention that mkosi uses this. Having an example
may be useful to understand what is going on.
Strangely, this is the first reference to mkosi in our man pages. Even more
strangely, debian is the only place which hosts the mkosi man page (among
the sites we have definitions for), so I linked to that version.
path: add --no-pager option, enable pager by default
When called with no argument, to list all known values, it is likely that it's
used by somebody to look at all the whole list. The output is more than a page,
so let's enable the pager.
When this was originally added in 9a00f57a5ba7ed431e6bac8d8b36518708503b4e,
the lookup function was called sd_path_home. But it was generalized a long time
ago.
Luca Boccassi [Wed, 30 Aug 2023 18:51:13 +0000 (19:51 +0100)]
logind: add PrepareForShutdownWithMetadata signal
The existing signal doesn't say which type of shutdown is going to happen.
With the introduction of soft-reboot, it is useful to have this information
broadcasted, so that clients can choose to do different things based on the
reboot type.
Add a{sv} as the payload so that more metadata can be added later if
needed, without needing to add yet another signal.
Send both old and new signal for backward compatibility, and send the new
one first so that clients can just wait for the first one on both old and
new systems.