The sentence wasn't correct English language, let's fix that. More
importantly: if the mount options are empty we'd display "(null)" here.
Fix that. (And they can be empty IRL, see CI results)
The man page doesn't quite match what --help says, and I needed to use "-f" to
write a wiped partition. This all feels a bit experimental, but the fs has some
adherents, and we should make it easy to use.
(Also, an empty 256MB device formatted and mounted shows up as
Filesystem Size Used Avail Use% Mounted on
/dev/loop0 254M 85M 170M 34% /var/tmp/mount
which also seems a bit over the top…)
Requested in https://github.com/systemd/systemd/pull/21275#issuecomment-967928690.
Apparently mkswap has it's own limit, and it seems to be one lower than the one
for ext2/3/4.
$ for i in ext2 ext3 ext4 btrfs xfs vfat swap minix; do
echo $i && wipefs -q -a '/var/tmp/głąbźśńćąśððð.img'
build/systemd-makefs $i '/var/tmp/głąbźśńćąśððð.img'
done
I was testing with a "test1.img" and mkfs.vfat rejects "TEST1.IMG" with the
error "Labels with characters *?.,;:/\|+=<>[]" are not allowed". So let's
replace those characters with "_".
units: delay binfmt processing until after local-fs.target
Users may use rules that refer to binaries e.g. in /opt or /usr/local,
and those directories may be separate mount points. We don't need the
binfmt rules in early boot, so let's delay the service so that we can
rely on the full local filesystem being visible.
This new helper converts libc style syscall return values into
systemd-kernel (actually: kernel style) negative errno values.
It's implemented as macro-like inline function, and propagates return
values >= 0 as themselves and returns -errno for negative error returns.
THis is supposed to be little more than syntactic sugar so that we can
reduce a lot of (short, but still) boilerplate code whever we convert
libc style error handling into our own.
homed: reset HomeSetup.undo_dm field when deactivating home dir the official way
There are two ways to deactivate a home dir: the official way if someone
calls "homectl deactivate" or something similar. Or the
error-case/side-effect code path, where we unwind exactly what we
already set up.
The .undo_dm field is supposed to tell us whether we shall still detach
the DM device. We forgot to update it in the official code path. Add
that. (We did it correctly in the error case codepath already).
(The issue is minor: if we forget to reset it in the clean code path,
then we'll try to unmount again what is already unmounted in the error
code paths, but since we ignore errors there — to not "stack" errors –
we never noticed and there's no bad effect of it)
analyze: don't list filesystems among ungrouped that are aliases
There are a bunch of filesystems that actually are just aliases for
other filesystems. So far we listed them as "ungrouped", suggesting they
should be added to some file system group. But that's not really
something needed, since they are after all not file systems in their own
right, but aliases only (and usually legacy at that).
hence, let's hide them from display (but debug log about them)
devtmpfs and cpuset are not actual filesystems of their own. cpuset used
to be but is now an alias for cgroupsfs. devtmpfs is the same as tmpfs
as its just a "named superblock", i.e. a specific instance of tmpfs, but
not a file system of its own.
filesystems: add group for "application" file system
This group shall cover file systems whose job is to make stuff that
isn't actually storing anything in itself, and isn't just an API file
system, but allows exposing stuff with special semantics in the VFS.
After reading https://simonbyrne.github.io/notes/fastmath/ I think we
should drop -ffast-math. The JSON code actually looks for NaN, so the
fact it becomes unreliable kinda sucks.
Moreover, we don't do any number crunching. We use floating point fields
only sporadical for trivial math. Hence the optimization is entirely
unnecessary.
homework: rework how we disassemble a home dir in home_deactivate()
Let's first move the home dir to a new mount point that is only visible
in our own private namespace. Then, do FITRIM and stuff there, so that
we know the regular userspace can't interfere with that, and we know
that the home fs is not used anymore.
(This will become even more important once we add auto-grow/auto-shrink
for home dirs)
Slava Bacherikov [Sat, 13 Nov 2021 12:43:04 +0000 (14:43 +0200)]
network: change link group type to int32
Both linux kernel kernel and iproute2 uses int32 type for a link group
attribute and -1 has a special meaning, so setting it to 4294967295
would make it -1 in the linux kernel (and ip link cmd).
by moving the read permissions to the top level and
granting additional permissions to the specific jobs.
It should help to prevent new jobs that could be added
there eventually from having write access to resources they
most likely would never need.
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4:
nptl: Move changing of stack permissions into ld.so
All the stack lists are now in _rtld_global, so it is possible
to change stack permissions directly from there, instead of
calling into libpthread to do the change.
It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.
shared: split out UID allocation range stuff from user-record.h
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.