Franck Bui [Wed, 20 Jun 2018 16:09:38 +0000 (18:09 +0200)]
systemctl: mask always reports the same unit names when different unknown units are passed
Before this patch:
# systemctl --runtime mask abuild.mount does-not-exist.mount does-also-not-exist.mount
Unit abuild.mount does not exist, proceeding anyway.
Unit abuild.mount does not exist, proceeding anyway.
Unit abuild.mount does not exist, proceeding anyway.
Created symlink /run/systemd/system/abuild.mount → /dev/null.
Created symlink /run/systemd/system/does-not-exist.mount → /dev/null.
Created symlink /run/systemd/system/does-also-not-exist.mount → /dev/null.
After this patch:
# systemctl --runtime mask abuild.mount does-not-exist.mount does-also-not-exist.mount
Unit abuild.mount does not exist, proceeding anyway.
Unit does-not-exist.mount does not exist, proceeding anyway.
Unit does-also-not-exist.mount does not exist, proceeding anyway.
Created symlink /run/systemd/system/abuild.mount → /dev/null.
Created symlink /run/systemd/system/does-not-exist.mount → /dev/null.
Created symlink /run/systemd/system/does-also-not-exist.mount → /dev/null.
Let's fully document where the list of entries come from, including unified
images and such.
Let's add a "Files" section (replacing the "Configuration" section), and
let's move it after they keybinding section (why? because keybinds are
primary UI material, while configuration is one level more complex than
that).
Also, reword lot's of stuff to make it more precise.
tree-wide: drop MSG_NOSIGNAL flag from recvmsg() invocations
MSG_NOSIGNAL is only defined for sendmsg(), not for recvmsg(), hence
let's drop it's use, in particular as it appears to create problems on
older kernels. See:
units: make system-update-pre.target a passive unit (#9349)
This is an additional synchronization point normally not needed. Hence,
let's make it passive, i.e. pull it in from the unit which wants to be
ordered before the update service rather than by the update service
itself.
This commit adds the stop alias to the output of `machinectl --help`.
In the past we only mention this in the man page. It's nice to mention
this in the output `machinectl --help` as well.
Hans de Goede [Tue, 19 Jun 2018 08:50:41 +0000 (10:50 +0200)]
units: Add new system-update-pre.target
systemd offline-updates allows dropping multiple system update units
to be added to system-update.target.wants.
As documented in systemd.offline-updates(7) only 1 of these units
should actually be active (based on the /system-update symlink) and
when that unit is done it should reboot the system.
In some cases it is desirable to run a unit whenever booting in
offline-updates mode indepedent of which update unit is going to
handle the update. One example of this is integration with bootloader
code which checks if the previous boot was succesful.
Since the active unit will reboot the system when it is done, there
is no guarantee that adding such a unit to system-update.target.wants
will get it executed always.
This commit adds a system-update-pre.target which can be used for
units which should always run when booting in offline-updates mode.
Sergey Ptashnick [Fri, 15 Jun 2018 21:07:55 +0000 (00:07 +0300)]
po: update Russian translation
Portable service stuff.
Translated "inspect portable service" as "прочитать образ переносимой
службы" ("read the portable service image"), because there is no exact
Russian analog for "inspect" ("инспектировать" has a slightly different
meaning). I think reading (some data from) images is the main job for
bus_image_common_get_metadata and bus_image_common_get_os_release, so
this translation will be more or less correct.
Ronny Chevalier [Mon, 18 Jun 2018 09:16:12 +0000 (11:16 +0200)]
shared: do not include ~ when appending syscall filters property
The method already uses a boolean argument to determine whether it is in
whitelist mode or not. The code that will parse the string of filters
does not expect the ~, since it already has the boolean argument. Thus,
it will fail to parse the list of filters.
Yu Watanabe [Fri, 15 Jun 2018 03:29:29 +0000 (12:29 +0900)]
namespace: drop protect_{home,system}_or_bool_from_string()
The functions protect_{home,system}_from_string() are not used
except for defining protect_{home,system}_or_bool_from_string().
This makes protect_{home,system}_from_string() support boolean
strings, and drops protect_{home,system}_or_bool_from_string().
NEWS: rework the description of device naming changes
We really should try to be as precise as possible here. Saying
"your interfaces might be renamed" scares the shit of out people,
for obvious reasons. This change only touches some niche cases
fortunately, let's make this clear.
Iwan Timmer [Thu, 14 Jun 2018 15:00:50 +0000 (17:00 +0200)]
resolved: fix error handling in resolved-dns-stream
During the transition from system functions using errno to our own read and write functions with negative return codes some errors where introduced. This patch correctly convert errno to negative return codes for read and write and fix checks still using errno instead of the return code.
units: switch from system call blacklist to whitelist
This is generally the safer approach, and is what container managers
(including nspawn) do, hence let's move to this too for our own
services. This is particularly useful as this this means the new
@system-service system call filter group will get serious real-life
testing quickly.
This also switches from firing SIGSYS on unexpected syscalls to
returning EPERM. This would have probably been a better default anyway,
but it's hard to change that these days. When whitelisting system calls
SIGSYS is highly problematic as system calls that are newly introduced
to Linux become minefields for services otherwise.
Note that this enables a system call filter for udev for the first time,
and will block @clock, @mount and @swap from it. Some downstream
distributions might want to revert this locally if they want to permit
unsafe operations on udev rules, but in general this shiuld be mostly
safe, as we already set MountFlags=shared for udevd, hence at least
@mount won't change anything.
seccomp: add new system call filter, suitable as default whitelist for system services
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.
The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
$ git grep -e 'This program is free software' -l |grep -v LICENSE | \
xargs perl -i -0pe 's/ \* This program.*?for more details.\s*\*\n( \* You should have.*licenses.>.\n)?//gms'
For some reason they were missed previously. All those files seem to
have proper SDPX tags.
man: drop unused <authorgroup> tags from man sources
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Now, when a service has PrivateTmp=yes, during namespace setup,
/tmp is first mounted over with a new mount. Then, when /var/tmp
is being resolved, it points to /tmp/varrr, which by then doesn't
exist, because it had already been obscured.
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.