Frantisek Sumsal [Mon, 23 Dec 2019 19:54:08 +0000 (20:54 +0100)]
travis: wait for the container to fully boot up
This avoids nasty race conditions between dnf/apt-get and unfinished
population of /tmp (among other things), as `docker exec` allows commands
to run before the system is fully booted (i.e. initializing/starting
state reported by `systemctl is-system-running`).
umount: detect root loopback device the same way as we detect root DM devices
get_block_device() is just the nicer way to do it (since it also odes
btrfs). Also, let's already collect the dev_t of the loopback device
when we enumerate things, that allows us to do the checks simpler
without constantly stat()ing things over and over again.
In contrast to what is claimed in #13396 dbus-broker apparently does
care for the service file to be around, and otherwise will claim
"Service Not Activatable" in the time between systemd starting up the
broker and connecting to it, which the stub service file is supposed to
make go away.
Reverting this makes the integration test suite pass again on host with
dbus-broker (i.e. current Fedora desktop).
Anita Zhang [Thu, 12 Dec 2019 05:15:42 +0000 (21:15 -0800)]
core,journal: export user units' InvocationID and use as _SYSTEMD_INVOCATION_ID
Write a user unit's invocation ID to /run/user/<uid>/systemd/units/ similar
to how a system unit's invocation ID is written to /run/systemd/units/.
This lets the journal read and add a user unit's invocation ID to the
_SYSTEMD_INVOCATION_ID field of logs instead of the user manager's
invocation ID.
This commit introduced an ordering loop: remote-cryptsetup.target was both
before and after remote-fs-pre.target. It also globally ordered all cryptsetup
volumes before all mounts. Such global ordering is problematic if people have
stacked storage. Let's look for a different solution.
See https://github.com/systemd/systemd/pull/14378#discussion_r359460109.
Anita Zhang [Wed, 20 Nov 2019 01:25:23 +0000 (17:25 -0800)]
test: add test case for PrivateDevices=y and Group=daemon
For root, group enforcement needs to come after PrivateDevices=y set up
according to 096424d1230e0a0339735c51b43949809e972430. Add a test to
verify this is the case.
Anita Zhang [Tue, 19 Nov 2019 22:24:52 +0000 (14:24 -0800)]
core: create inaccessible nodes for users when making runtime dirs
To support ProtectHome=y in a user namespace (which mounts the inaccessible
nodes), the nodes need to be accessible by the user. Create these paths and
devices in the user runtime directory so they can be used later if needed.
Anita Zhang [Wed, 23 Oct 2019 00:37:47 +0000 (17:37 -0700)]
core: PrivateUsers=true for (unprivileged) user managers
Let per-user service managers have user namespaces too.
For unprivileged users, user namespaces are set up much earlier
(before the mount, network, and UTS namespaces vs after) in
order to obtain capbilities in the new user namespace and enable use of
the other listed namespaces. However for privileged users (root), the
set up for the user namspace is still done at the end to avoid any
restrictions with combining namespaces inside a user namespace (see
inline comments).
Yu Watanabe [Sat, 7 Dec 2019 15:32:36 +0000 (00:32 +0900)]
network: introduce AddPrefixRoute= and deprecate PrefixRoute=
PrefixRoute= was added by e63be0847c39bfdca45c25c505922814374581a7,
but unfortunately, the meaning of PrefixRoute= is inverted; when true
IFA_F_NOPREFIXROUTE flag is added. This introduces AddPrefixRoute=
setting.
Restore silent handling of BUS_ERROR_SPEED_METER_INACTIVE
This only matters for the case where new networkctl is running against older
networkd. We should still handle the old error to avoid unnecessary warning
about speedmeeter being disabled.
initrd: make udev cleanup service confict trigger and settle too
Otherwise, systemd-udev-trigger|settle.service that ran in the initrd may
ramain active, and never re-run again from the system root.
This is observed by forexample examining ESP with udevadm info, which in the
initrd has all the ID_* variables, and none of them in fully booted system.
Anita Zhang [Tue, 17 Dec 2019 09:08:04 +0000 (01:08 -0800)]
[import] fix stdin/stdout pipe behavior in import/export tar/raw
The code existed in machinectl to use stdin/stdout if the path for
import/export tar/raw was empty or dash (-) but a check to
`fd_verify_regular` in importd prevented it from working.
Update the check instead to explicitly check for regular file or
pipe/fifo.
Thomas Haller [Sun, 15 Dec 2019 14:50:43 +0000 (15:50 +0100)]
basic/tmpfile: avoid maybe-uninitialized warning in mkostemp_safe()
The variable is always initialized, but the compiler might not notice
that. With gcc-9.2.1-1.fc31:
$ CFLAGS='-Werror=maybe-uninitialized -Og' meson build
$ ninja -C build
[...]
../src/basic/tmpfile-util.c: In function ‘mkostemp_safe’:
../src/basic/tmpfile-util.c:76:12: error: ‘fd’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
76 | if (fd < 0)
| ^
shared/install: log syntax error for invalid DefaultInstance=
Ideally, we would want to report this over back over dbus. But that is pretty hard,
because the unitfile parsing logic doesn't provide any feedback.
systemd-analyze verify also doesn't notice the issue, because it doesn't look
at the [Install] section at all. Let's print a message in the logs at least.