We have the problem that many early boot or late shutdown issues are harder
to solve than they could be because we have no logs. When journald is not
running, messages are redirected to /dev/kmsg. It is also the time when many
things happen in a rapid succession, so we tend to hit the kernel printk
ratelimit fairly reliably. The end result is that we get no logs from the time
where they would be most useful. Thus let's disable the kernels ratelimit.
Once the system is up and running, the ratelimit is not a problem. But during
normal runtime, things also log to journald, and not to /dev/kmsg, so the
ratelimit is not useful. Hence, there doesn't seem to be much point in trying
to restore the ratelimit after boot is finished and journald is up and running.
See kernel's commit 750afe7babd117daabebf4855da18e4418ea845e for the
description of the kenrel interface. Our setting has lower precedence than
explicit configuration on the kenrel command line.
"ratelimit" is a real word, so we don't need to use the other form anywhere.
We had both forms in various places, let's standarize on the shorter and more
correct one.
Georg Müller [Fri, 20 Sep 2019 08:23:45 +0000 (10:23 +0200)]
sd-radv: if lifetime < SD_RADV_DEFAULT_MAX_TIMEOUT_USEC, adjust timeout (#13491)
The RFC states that lifetime (AdvDefaultLifetime) must be at least
MaxRtrAdvInterval (which more or less corresponds to SD_RADV_DEFAULT_MAX_TIMEOUT_USEC
in systemd).
To fulfill this limit, virtually lower MaxRtrAdvInterval and MinRtrAdvInterval
accordingly.
Also check that min is not lower than 3s and max is not lower than 4s.
!r is the same r == 0, so this was short-circuiting the comparison when
streq(a->iff, b->iff) or streq(a->off, b->off). Before the parent commit which
moved those comparisons to the end, this was short-circuiting quite a bit
of the comparison function.
Anita Zhang [Wed, 21 Aug 2019 00:39:38 +0000 (17:39 -0700)]
core: add ExecXYZEx= bus hook ups to all exec command properties
The "Ex" variant was originally only added for ExecStartXYZ= but it makes
sense to have feature parity for the rest of the exec command properties
as well (e.g. ExecReload=, ExecStop=, etc).
It is natural that n_attiributes is less than type. But in that case,
the message does not contain any message about the type. So, we should
not abort execution with assertion, but just return -ENODATA.
tty-ask-pwd-agent: fix message forwarded to wall(1)
Commit a1c111c2d12429d2 wrongly replaced '!' with ':' when the message is
forwarded to wall(1).
Indeed in this case we are not requesting the user for providing a password but
instead we are simply displaying a message to suggest starting
tty-ask-password-agent for providing the password.
Add support for SystemdOptions EFI var to augment /proc/cmdline
In various circumstances, overriding the kernel commandline can be inconvenient.
People have different bootloaders, and e.g. the grub config can be pretty scary.
grubby helps, but it isn't always available.
This option adds an alternative mechanism that can quite convenient on EFI
systems. cmdline settings have higher priority, because they can be (usually)
changed on the bootloader prompt.
$SYSTEMD_EFI_OPTIONS can be used to override, same as $SYSTEMD_PROC_CMDLINE.
util-lib: split shared/efivars into basic/efivars and shared/efi-loader
I want to use efivars.[ch] in proc-cmdline.c, but most of the efivars stuff is
not needed in basic/. Move the file from shared/ to basic/, but then move back
most of the higher-level functions to the new shared/efi-loader.c file.
util-lib: move runlevel_to_target() to shared/unit-file
It if of course related to /proc/cmdline parsing, but is higher-level
functionality built on top of it. It should be in shared/ because it
is something to be used by pid1 and related utilities, not something for
level-level libraries.
util-lib: move some functions from basic/cgroup-util to shared/cgroup-setup
This way less stuff needs to be in basic. Initially, I wanted to move all the
parts of cgroup-utils.[ch] that depend on efivars.[ch] to shared, because
efivars.[ch] is in shared/. Later on, I decide to split efivars.[ch], so the
move done in this patch is not necessary anymore. Nevertheless, it is still
valid on its own. If at some point we want to expose libbasic, it is better to
to not have stuff that belong in libshared there.
During the rework of unit file loading, commit e8630e695232bdfc dropped the
initialization u->source_mtime. This had the bad side effect that generated
units always needed daemon reloading.
basic/conf-files: make conf_files_list() take just a single directory
This function had two users (apart from tests), and both only used one
argument. And it seems likely that if we need to pass more directories,
either the _nulstr() or the _strv() form would be used. Let's simplify
the code.
Update logging a bit: drop logging of the pid, nowadays pid1 and journald
do a very good job of logging that. Always log about failure to open audit
fd, but at DEBUG_LEVEL if not important.
Benjamin Gilbert [Wed, 11 Sep 2019 03:23:59 +0000 (23:23 -0400)]
mount-setup: relabel items mentioned directly in relabel-extra.d
relabel_extra() relabels the descendants of directories listed in
relabel-extra.d, but doesn't relabel the files or directories
explicitly named there. This makes it impossible to use
relabel-extra.d to relabel the root of a filesystem. Fix by
relabeling the named items too.
Yu Watanabe [Wed, 28 Aug 2019 13:42:33 +0000 (22:42 +0900)]
network: do not create default route for ipv4 link local addressing
When nspawn container with private network starts, networkd creates
the default route for the interface. The route may cause problem on
the host side, and it can be created with DefaultRouteOnDevice= now.
Hence, this makes networkd not create the route implicitly any more.
polkit: change "revert settings" to "reset settings"
"reset" is more understandable. The verb is "revert", but it might actually be
better to have a description which uses different words instead of duplicating
the name of the command.