After the mentioned commit, when the ExecCommand executable is missing,
and failure will be ignored by manager, we exit with EXIT_SUCCESS at executor
side too. The behavior however contradicts systemd.service(5), which states:
> If the executable path is prefixed with "-", an exit code of the command
> normally considered a failure (i.e. non-zero exit status or abnormal exit
> due to signal is _recorded_, but has no further effect and is considered
> equivalent to success.
and thus makes debugging unexpected failures harder. Therefore, let's still
exit with EXIT_EXEC, but just skip LOG_ERR level log.
Adrian Vovk [Wed, 10 Jan 2024 03:06:35 +0000 (22:06 -0500)]
homework: Handle Update & Create w/ blob dir
Introduces new extended variants of the various incarnations of
Create and Update, which take a map of filenames to FDs. This map is
then used to populate the bulk directory.
FDs are used to prevent the client from abusing homed's blob directory
permissions (everything is made world-readable by homed) to open files
that they normally aren't allowed to open. Passing along an FD ensures
that the client has read access to the file it wants homed to make
world-readable.
Internally, homework uses the map to overwrite the system blob dir.
Later, homework's existing blob dir reconciliation logic will propagate
the new contents from the system blob dir into the embedded blob
dir
Adrian Vovk [Tue, 9 Jan 2024 19:39:38 +0000 (14:39 -0500)]
homework: Reconcile blob directories
Whenever the host & embedded records are reconciled, the host & embedded
blob directories are now reconciled too in the same direction.
Reconciling the blob directories serves exactly the same purpose as
reconciling the user records, and thus should behave in the same way.
Adrian Vovk [Mon, 8 Jan 2024 23:37:52 +0000 (18:37 -0500)]
homed: Create & advertise blob directory
This ensures that a user-specific blob directory exists in
/var/cache/systemd/homed for as long as the user exists, and gets
deleted if the user gets deleted.
It also advertises this blob directory via the user record, so that
clients can find and use it.
Adrian Vovk [Mon, 8 Jan 2024 22:21:55 +0000 (17:21 -0500)]
Document blob directory behavior
We're documenting the behavior of blob directories here. These docs
refer to things that aren't yet implemented at the time of the commit, but will be later in the same PR.
Adrian Vovk [Tue, 13 Feb 2024 20:09:54 +0000 (15:09 -0500)]
fd-util: Expose helper to pack fds into 3,4,5,...
This is useful for situations where an array of FDs is to be passed into
a child process (i.e. by passing it through safe_fork). This function
can be called in the child (before calling exec) to pack the FDs to all
be next to each-other starting from SD_LISTEN_FDS_START (i.e. 3)
Frantisek Sumsal [Mon, 19 Feb 2024 10:23:31 +0000 (11:23 +0100)]
Revert "test: use btrfs by default on Arch as well"
There's something very wrong going on when using btrfs for the test
images, namely:
- there's a significant performance hit, i.e. the Arch Linux run is
~20% slower, in the coverage run the situation is even worse
- intermittent boot failures
- intermittent "No space left on device" errors (even though there's
enough free space)
Since debugging this might take a while, let's temporarily revert back
to ext4 to make the CI stable again.
Frantisek Sumsal [Wed, 14 Feb 2024 15:45:18 +0000 (16:45 +0100)]
test: make TEST-08-INITRD slightly less annoying to debug
Forward journal to console, since we won't have any journal from initrd
and shutdown/exit initrd phases. Also, mention
systemd.journald.max_level_console=debug that is very handy for
debugging initrd shenanigans, but don't use it by default since it
sends a _lot_ of stuff to the serial console, which slows down the test
a lot.
Yu Watanabe [Fri, 16 Feb 2024 19:30:34 +0000 (04:30 +0900)]
network: do not request DHCP addresses configured on checking prefix delegation
This does not change anything for DHCPv4, as a DHCPv4 address is always
requested anyway. However for DHCPv6, the client may not request IA_NA
addresses by UseAddress=no, or even if it is requested, the server may
not provide any IA_NA addresses. Even in such cases, here the check is
for delegated prefixes, hence it is not necessary to check if DHCPv6
IA_NA addresses are configured.
Though, when unit_prepare_exec() is called, the unit should always
have the cgroup runtime context 'crt'. So, I think we can insert assert().
But, for consistency with other places that call unit_get_cgroup_runtime(),
here use the simple non-NULL check for 'crt' instead of using assert().
Tomáš Pecka [Fri, 16 Feb 2024 08:43:18 +0000 (09:43 +0100)]
varlink: fix varlink_collect_full not resetting state
The varlink_collect_full function did not set varlink client's state
when the reply was an error. The state was stuck in "collecting-reply".
I discovered that while hacking on network varlink interface (adding a
new varlink method). The debug logs shows the process of performing the
first query which replies with an error:
varlink: Setting state idle-client
network: Sending message: {"method":"io.systemd.Network.LLDPNeighbors","parameters":{"ifindex":1},"more":true}
network: Changing state idle-client → collecting
network: Received message: {"error":"org.varlink.service.MethodNotFound","parameters":{"method":"io.systemd.Network.LLDPNeighbors"}}
network: Changing state collecting → collecting-reply
Now another varlink_collect call is being made, but
network: Connection busy.
Failed to execute varlink call: Device or resource busy
This was not caught by the tests because there were no varlink_collect
calls that resulted in error reply.
Colin Geniet [Thu, 15 Feb 2024 19:23:49 +0000 (20:23 +0100)]
hwdb: Remove version check in CH Pro Pedals rule
CH Pedals are incorrectly reported as an accelerometer [1], because they
have no button. This is fixed by a rule in 60-input-id.hwdb [2], but
the rule checks id/version="0100", while my pedals report id/version="0111".
So there are several versions of the pedals, presumably all affected
by the bug. Remove the version check in the rule to fix them all.
[1] https://bugs.freedesktop.org/show_bug.cgi?id=81889
[2] commit: 230ed4c4ba (hwdb: CH Pro Pedals not classified correctly due to no buttons, 2022-01-19)
PR: https://github.com/systemd/systemd/pull/22184
Frantisek Sumsal [Thu, 15 Feb 2024 20:13:07 +0000 (21:13 +0100)]
test: properly preserve journal from sd-bsod tests
I (incorrectly) assumed that --relinquish-var does everything --flush
does, including moving already existing stuff from /var/log/journal/ to
/run/log/journal/, but that's not the case. To actually do that we need
to shuffle things manually, so let's do just that.
This should make issues like #31334 easier to debug, since with this
patch we now have a coredump in the test journal as well:
~# make -C test/TEST-04-JOURNAL/ clean setup run TEST_MATCH_SUBTEST=bsod BUILD_DIR=$PWD/build TEST_NO_NSPAWN=1
...
[ 12.176089] testsuite-04.sh[712]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-04.bsod.sh failed'
[ 12.176089] testsuite-04.sh[712]: Subtest /usr/lib/systemd/tests/testdata/units/testsuite-04.bsod.sh failed
[ 12.176089] testsuite-04.sh[712]: + return 1
[ 12.177347] systemd[1]: testsuite-04.service: Failed with result 'exit-code'.
[ 12.220580] systemd[1]: Failed to start testsuite-04.service.
Spawning getter /home/mrc0mmand/repos/@systemd/systemd/build/journalctl -o export -D /var/tmp/systemd-tests/systemd-test.Qtqmmr/root/var/log/journal...
Finishing after writing 7649 entries
TEST-04-JOURNAL: (failed; see logs)
-rw-r----- 1 root root 16777216 Feb 15 21:13 /var/tmp/systemd-tests/systemd-test.Qtqmmr/system.journal
...
~# coredumpctl --file /var/tmp/systemd-tests/systemd-test.Qtqmmr/system.journal
TIME PID UID GID SIG COREFILE EXE SIZE
Thu 2024-02-15 21:13:38 CET 812 0 0 SIGABRT journal /usr/lib/systemd/systemd-bsod -
core: split out cgroup specific state fields from Unit → CGroupRuntime
This refactors the Unit structure a bit: all cgroup-related state fields
are moved to a new structure CGroupRuntime, which is only allocated as
we realize a cgroup.
This is both a nice cleanup and should make unit structures considerably
smaller that have no cgroup associated, because never realized or
because they belong to a unit type that doesn#t have cgroups anyway.
This makes things nicely symmetric:
ExecContext → static user configuration about execution
ExecRuntime → dynamic user state of execution
CGroupContext → static user configuration about cgroups
CGroupRuntime → dynamic user state of cgroups
And each time the XyzContext is part of the unit type structures such as
Service or Slice that need it, but the runtime object is only allocated
when a unit is started.
Susant Sahani [Thu, 15 Feb 2024 10:41:22 +0000 (16:11 +0530)]
network: netdev - bond add support for ARP missed max
Allows to configure bond arp_missed_max is the maximum number of arp_interval monitor cycle
for missed ARP replies. If this number is exceeded, link is reported as
down.
Yu Watanabe [Wed, 14 Feb 2024 22:01:17 +0000 (07:01 +0900)]
fs-util: readlinkat() supports an empty string
From readlinkat(2):
Since Linux 2.6.39, pathname can be an empty string, in which case the
call operates on the symbolic link referred to by dirfd (which should
have been obtained using open(2) with the O_PATH and O_NOFOLLOW flags).
Michael Biebl [Thu, 8 Feb 2024 13:06:00 +0000 (14:06 +0100)]
systemctl: drop chain invocation of telinit
This functionality relied on telinit being available in a different path
then the compat symlink shipped by systemd itself. This is no longer the
case for any known distro, so remove that code.
Luca Boccassi [Wed, 14 Feb 2024 17:14:21 +0000 (17:14 +0000)]
man: enchance sd_bus_set_watch_bind() example to handle one more failure
In case the D-Bus policy is not set up correctly the example just
loops forever. Check the return of sd_bus_request_name_async() in
a callback and exit if the error is not temporary.
Mike Yuan [Fri, 12 Jan 2024 13:30:49 +0000 (21:30 +0800)]
logind-session: use Requires= for user{,-runtime-dir}@.service
Since we do require these basic user services, let's make
the dependency stronger. Note that logind should enqueue
start jobs for these already in user_start(), so mostly
just paranoia.
Mike Yuan [Sat, 13 Jan 2024 18:38:11 +0000 (02:38 +0800)]
logind-user: track user started/stopping state through user-runtime-dir@.service
Before #30884, the user state is tied to user@.service (user service
manager). However, #30884 introduced sessions that need no manager,
and we can no longer rely on that.
Consider the following situation:
1. A 'background-light' session '1' is created (i.e. no user service manager
is needed)
2. Session '1' scope unit pulls in user-runtime-dir@.service
3. Session '1' exits. A stop job is enqueued for user-runtime-dir@.service
due to StopWhenUnneeded=yes
4. At the same time, another session '2' which requires user manager is started.
However, session scope units have JobMode=fail, therefore the start job
for user-runtime-dir@.service that was pulled in by session '2' scope job
is deleted as it conflicts with the stop job.
We want session scope units to continue using JobMode=fail, but we still need
the dependencies to be started correctly, i.e. explicitly requested by logind
beforehand. Therefore, let's stop using StopWhenUnneeded=yes for
user-runtime-dir@.service, and track users' `started` and `stopping` state
based on that when user@.service is not needed. Then, for every invocation
of user_start(), we'll recheck if we need the service manager and start it
if so.
Also, the dependency type on user-runtime-dir@.service from user@.service
is upgraded to `BindsTo=`, in order to ensure that when logind stops the
former, the latter is stopped as well.
Adrian Vovk [Thu, 1 Feb 2024 22:53:01 +0000 (17:53 -0500)]
keyring-util: Use reported key size to resize buf
According to keyctl(2), the return value for KEYCTL_READ is:
The amount of data that is available in the key,
irrespective of the provided buffer size
So, we could pass in a NULL buffer to query the size, then allocate the
exact right amount of space, then call keyctl again to get the key data.
However, we must still keep the for loop to avoid TOCTOU issues: the key
might have been replaced with something bigger while we're busy
allocating the buffer to store it.
Thus, we can actually save a syscall by picking some reasonable default
buffer size and skipping the NULL call to keyctl. If our default is big
enough, we're done and have saved a syscall! If not, then the first call
behaves essentially the same as the NULL call, and we use the size it
returns to reallocate the buffer appropriately.
Benjamin Franzke [Fri, 17 Nov 2023 07:03:57 +0000 (08:03 +0100)]
nspawn: add support for owneridmap bind option
owneridmap bind option will map the target directory owner from inside the
container to the owner of the directory bound from the host filesystem.
This will ensure files and directories created in the container will be owned
by the directory owner of the host filesystem. All other users will remain
unmapped. Files to be written as other users in the container will not be
allowed.
Yu Watanabe [Fri, 9 Feb 2024 11:21:25 +0000 (20:21 +0900)]
journal-file-util: drop unused template argument for journal_file_open_reliably()
I understand that the original motivation to introduce the template
argument here is to make journal_file_open() and _reliabrly() take the
same arguments. But, yeah, that's completely unused, not necessary to
complicate the code even the difference is not big.