We have three states:
- ENABLE_COREDUMP and systemd-coredump is installed,
- ENABLE_COREDUMP but systemd-coredump is not installed,
- !ENABLE_COREDUMP.
In the last case we would not do any coredumping-related setup in pid1, which
means that coredumps would go to to the working directory of the process, but
actually limits are set to 0. This is inherited by children of pid1.
As discussed extensively in https://github.com/systemd/systemd/pull/26607, this
default is bad: dumps are written to arbitrary directories and not cleaned up.
Nevertheless, the kernel cannot really fix it. It doesn't know where to write,
and it doesn't know when that place would become available. It is only the
userspace that can tell this to the kernel. So the only sensible change in the
kernel would be to default to '|/bin/false', i.e. do what we do now.
In the middle case, we disabled writing of coredumps via a pattern, but raise
the RLIMIT_CORE. We need to raise the limit because we can't raise it later
after processes have been forked off. This means we behave correctly, but allow
coredumping to be enabled at a later point without a reboot.
This patch makes the last case behave like the middle case. This means that
even if systemd is compiled with systemd-coredump, it still does the usual
setup. If users want to restore the kernel default, they need to provide two
drop-in files:
for sysctl.d, with 'kernel.core_pattern=core'
for systemd.conf, with 'DefaultLimitCORE=0'.
The general idea is that pid1 does the safe thing. A distro may want to use
something different than the systemd-coredump machinery, and then that would
could packaged together with the drop-ins to change the configuration.
Yu Watanabe [Mon, 27 Mar 2023 19:14:03 +0000 (04:14 +0900)]
test-kernel-install: several cleanups
- allow to run without $PROJECT_BUILD_ROOT,
- drop unnecessary export for bootctl,
- enable -x option to show commands,
- use 'test ! -e' to check the nonexistence of files,
- show more debugging logs.
units: let's establish the coredump socket before writting core_pattern sysctl
It's a bit nicer if we only write the sysctl core_pattern once the
coredump socket is established, since it's the backend for the handler.
Given the systemd-coredump.socket basically has no dependencies that run
before it this should not really make things slower or so, it just
removes the tiny window where core pattern is in effect that wants to
connect to the backend socket but cannot.
The status quo isn't terrible, and not too different in effect: either
way, until the socket unit is up we won't process coredumps. It's mostly
what kind of behaviour you get then: an error due to /bin/false being
invoked, or an error because systemd-coredump can't connect to its
socket. After this patch we'll exclusively see the former.
Let's use more _cleanup_ expressions. Various other modernizations. No
actual code changes, except for maybe a conversion to use heap memory
when generating an array of fds, instead of stack as before. Given that
fdstores are typically user controlled, that should be a wise idea.
pid1: introduce new SERVICE_{DEAD|FAILED}_BEFORE_AUTO_RESTART service substates
When a service deactivates and is then automatically restarted via
Restart= we currently quickly transition through
SERVICE_DEAD/SERVICE_FAILED. Which is weird given it's not the
normal ("permanent") dead/failed state, but a transitory one we
immediately leave from again. We do this so that software that looks for
failures/successes can take notice, even if we restart as a consequence
of the deactivation.
Let's clean this up a bit: let's introduce two new states:
SERVICE_DEAD_BEFORE_AUTO_RESTART and SERVICE_FAILED_BEFORE_AUTO_RESTART
that are used for the transitory states. Both the SERVICE_DEAD and
SERVICE_DEAD_BEFORE_AUTO_RESTART will map to the high-level
UNIT_INACTIVE state though. (and similar for the respective failed
states). This means the high-level state machine won't change by this,
only the low-level one.
This clearly seperates the substates, which makes the state engine
cleaner, and allows clients to follow precisely whether we are in a
transitory dead/failed state, or a permanent one, by looking at the
service substate. Moreover it allows us to remove the 'n_keep_fd_store'
which so far we used to ensure the fdstore was not released during this
transitory dead/failed state but only during the permanent one. Since we
can now distinguish these states properly we can just use that.
This has been bugging me for a while. Let's clean this up.
Note that the unit restart logic is already nicely covered in the
testsiute, hence this adds no new tests for that.
And yes, this could be considered a compat break, but sofar we took the
liberty to make changes to the low-level state machine (i.e. SERVICE_xyz
states, sometimes called "substates") without considering this a bad
breakage – the high-level state machine (i.e. UNIT_xyz states) should
be considered API that cannot be changed.
Daan De Meyer [Wed, 29 Mar 2023 08:42:23 +0000 (10:42 +0200)]
mkosi: Update to latest
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
.gdbinit to make gdb work properly
Daan De Meyer [Wed, 29 Mar 2023 08:42:23 +0000 (10:42 +0200)]
mkosi: Update to latest
- ACLs are not set on generated directories anymore by default, so
we enable them explictly now so that when running unprivileged mkosi,
the user running mkosi can remove all generated files and directories.
- We don't explicitly set QemuHeadless= anymore as the option was removed
and made the default.
- We set the loglevel= kernel cmdline argument explicitly now as mkosi
doesn't set it by default anymore.
Daan De Meyer [Thu, 22 Dec 2022 13:29:13 +0000 (14:29 +0100)]
firstboot: Modernize path handling
Let's open a file descriptor to the root directory and perform all
path operations using that file descriptor. On top of that, let's
make sure we pin the directory containing the file we want to work
on and use atomic copies and writes everywhere we can..
Daan De Meyer [Mon, 27 Mar 2023 14:55:17 +0000 (16:55 +0200)]
log: Add LOG_SET_PREFIX() macro
LOG_SET_PREFIX() sets a logging prefix for the current block. The
prefix is prepended to every logging message in the block, followed
by ": ". If a logging prefix is already configured, it is overridden
for the duration of the block, after which it is restored.
A use case for this macro is when we're operating on an image or
directory (using --root or --image). We can use LOG_SET_PREFIX() to
prefix all logging messages with the directory or image that we're
operating on.
TEST-80: synchronize explicitly instead of by time
This removes "sleep" invocations, and makes the notify access testcase a
lot more robust to runtime jitter. We use a pair of fifos in the fs to
sync instead.
Also various other improvoements, including comments.
(Also removes the unnecessary "no-qemu" restriction)
We first say "name prefix" and then continue with "unit prefix".
Confusing. Couldn't figure out which term is better hence settled on
"unit name prefix".
Frantisek Sumsal [Tue, 28 Mar 2023 10:36:23 +0000 (12:36 +0200)]
test: don't go through all time zones if slow tests are disabled
Let's skip going through all locally available time zones if we're built
with slow tests disabled, as that's quite slow, but do at least one test
with the UTC zone.
shared/exec-util: null_or_empty_path() does not return boolean
We shouldn't report that the file is empty if the stating fails. Let's do the
same as in other places, and just ignore the error and let the subsequent
operation fail.
We need to skip -ENOENT when loading udev rules because new files with rules
may be added or removed at any time, and the loading of rules is triggered
asynchronously. Even though the window is fairly narrow, udev shouldn't throw
an error if a rules file is removed.
Daan De Meyer [Tue, 28 Mar 2023 11:32:03 +0000 (13:32 +0200)]
ukify: Add workarounds for older stubs
Older stubs are either not stripped, causing their total size to be
unaligned because of an unaligned symbol table at the end, or stripped,
causing the raw data pointers and sizes to be unaligned because strip
does not follow the PE spec correctly when stripping. Let's add
workarounds for both issues, so that we can use ukify with older stubs
as well.
The reason why get_process_cmdline() is so complicated is that we
need to escape and quote arguments for building a single result
string.
That's necessary when we want to log or print the command line.
However, when we want to parse the command line, it is not necessary
that the result is a single string, but can be strv.
Luca Boccassi [Fri, 24 Mar 2023 15:10:11 +0000 (15:10 +0000)]
os-release: add 'SYSEXT_' fields for version/id
sysext DDI cannot carry an os-release file, but have to carry
an extension-release file. But so far, this was only used to
match the sysext DDI with the base DDI/rootdir. It is also
useful to describe the sysext DDI itself, just like we do in
os-release.
So document that the same fields used in os-release can also
be added to an extension-release, with the 'SYSEXT_' prefix,
and in that case they are understood to define the sysext DDI
itself, rather than for matching purposes.
Luca Boccassi [Tue, 28 Mar 2023 09:36:49 +0000 (10:36 +0100)]
portablectl: display sysext-specific fields
The wrong fields were being displayed, if at all.
ID and VERSION_ID in sysexts are used for matching, they
don't identify the sysext itself. Parse the newly defined
fields and display them separately from the compatibility
fields.
Luca Boccassi [Thu, 23 Mar 2023 01:23:04 +0000 (01:23 +0000)]
portable: add PORTABLE_NAME_AND_VERSION= and other metadata to LogsExtraFields=
This is useful to identify log messages with metadata from the images
they run on. Look for ID/VERSION_ID/IMAGE_ID/IMAGE_VERSION/BUILD_ID,
with a SYSEXT_ prefix if we are looking at an extension, and append via
LogExtraFields= as respectively PORTABLE_NAME_AND_VERSION= in case of a
single image. In case of extensions, append as PORTABLE_ROOT_NAME_AND_VERSION=
for the base and one PORTABLE_EXTENSION_AND_VERSION= for each extension.
Example with a base and two extensions, with the unit coming from the
first extension:
Luca Boccassi [Wed, 22 Mar 2023 22:44:31 +0000 (22:44 +0000)]
portable: include base and extension images in log fields
When a portable service uses extensions, we use the 'main' image name
(the one where the unit was found in) as PORTABLE=. It is useful to
also list all the images actually used at runtime, as they might
contain libraries and so on.
Use PORTABLE_ROOT= for the image/directory that is used as RootImage=
or RootDirectory=, and PORTABLE_EXTENSION= for the image/directory that
is used as ExtensionImages= or ExtensionDirectories=.
Note that these new fields are only added if extensions are used,
there's no change for single-DDI portables.
Example with a base and two extensions, with the unit coming from the
first extension:
Luca Boccassi [Thu, 23 Mar 2023 01:02:47 +0000 (01:02 +0000)]
portable: use parse_env_file_fd to keep FD valid
take_fdopen_unlocked invalidates the FD in the PortableMetadata object,
so it cannot be used later. Use parse_env_file_fd instead which is non
destructive.
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f43ffeb95b5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xb95b5)
#1 0x7f43ff0a4f2f in greedy_realloc ../src/basic/alloc-util.c:70
#2 0x404d9f in list_enrolled ../src/cryptenroll/cryptenroll-list.c:30
#3 0x40f149 in run ../src/cryptenroll/cryptenroll.c:673
#4 0x40f149 in main ../src/cryptenroll/cryptenroll.c:692
#5 0x7f43fd64a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
The fdstore might pin a non-trivial amount of resources. Let's hence
display for services that enable it how many entries there are and what
the size limit is.
projects / thirdparty / systemd.git / log
