log: only open kmsg on fallback if we actually want to use it
Previously, we'd try to open kmsg on failure of the journal/syslog even
if no automatic fallback to kmsg was requested — and we wouldn't even
use the open connection afterwards...
hwdb: drop bad definition for Cordless Wave Pro keyboard (#8230)
[I'm just submitting the solution originally suggested by @barzog.
Nevertheless, this looks pretty straightforward, we don't want to define
any keys on a universal receiver.
Note that this definition was added back in aedc2eddd16e48d468e6ad0aea2caf00c7d37365, when we didn't yet have
support for figuring out what hardware is connected behind a logitech
receiver.]
In 60-keyboard.hwdb there is a definition of # Cordless Wave Pro
evdev:input:b0003v046DpC52[9B]*
which in fact not a cordless keyboard but an USB receiver to which different
types of keyboard can be connected. The solution is to completely clean
definition evdev:input:b0003v046DpC52B* from there.
missing_syscall: when adding syscall replacements, use different names (#8229)
In meson.build we check that functions are available using:
meson.get_compiler('c').has_function('foo')
which checks the following:
- if __stub_foo or __stub___foo are defined, return false
- if foo is declared (a pointer to the function can be taken), return true
- otherwise check for __builtin_memfd_create
_stub is documented by glibc as
It defines a symbol '__stub_FUNCTION' for each function
in the C library which is a stub, meaning it will fail
every time called, usually setting errno to ENOSYS.
So if __stub is defined, we know we don't want to use the glibc version, but
this doesn't tell us if the name itself is defined or not. If it _is_ defined,
and we define our replacement as an inline static function, we get an error:
In file included from ../src/basic/missing.h:1358:0,
from ../src/basic/util.h:47,
from ../src/basic/calendarspec.h:29,
from ../src/basic/calendarspec.c:34:
../src/basic/missing_syscall.h:65:19: error: static declaration of 'memfd_create' follows non-static declaration
static inline int memfd_create(const char *name, unsigned int flags) {
^~~~~~~~~~~~
.../usr/include/bits/mman-shared.h:46:5: note: previous declaration of 'memfd_create' was here
int memfd_create (const char *__name, unsigned int __flags) __THROW;
^~~~~~~~~~~~
To avoid this problem, call our inline functions different than glibc,
and use a #define to map the official name to our replacement.
Fixes #8099.
v2:
- use "missing_" as the prefix instead of "_"
v3:
- rebase and update for statx()
Unfortunately "statx" is also present in "struct statx", so the define
causes issues. Work around this by using a typedef.
I checked that systemd compiles with current glibc
(glibc-devel-2.26-24.fc27.x86_64) if HAVE_MEMFD_CREATE, HAVE_GETTID,
HAVE_PIVOT_ROOT, HAVE_SETNS, HAVE_RENAMEAT2, HAVE_KCMP, HAVE_KEYCTL,
HAVE_COPY_FILE_RANGE, HAVE_BPF, HAVE_STATX are forced to 0.
Setting HAVE_NAME_TO_HANDLE_AT to 0 causes an issue, but it's not because of
the define, but because of struct file_handle.
test-user-util: skip most tests for nobody if synthentization is off
When synthetisation is turned off, there's just too many ways those tests can
go wrong. We are not interested in verifying that the db on disk is correct,
let's just skip all checks.
In the first version of this patch, I recorded if we detected a mismatch during
configuration and only skipped tests in that case, but actually it is possible
to change the host configuration between our configuration phase and running
of the tests. It's just more robust to skip always. (This is particularly true
if tests are installed.)
tests: stop using `nobody` in test-udev.pl (#8239)
`nobody` is a special user, whose credentials should be extracted with
`get_user_creds`. `getpwnam` called in `test-udev.pl` is a bit different,
which causes the test to fail with the following error:
```
device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda' expecting node/link 'node'
expected permissions are: nobody::0600
created permissions are : 65534:0:0600
permissions: error
add: ok
remove: ok
```
The ideal fix would probably be to implement `get_user_creds` in Perl, but in this
PR the issue is simply got around by using `daemon` instead of `nobody`.
Yu Watanabe [Wed, 21 Feb 2018 00:17:52 +0000 (09:17 +0900)]
core: add new setting TemporaryFileSystem=
This introduces a new setting TemporaryFileSystem=. This is useful
to hide files not relevant to the processes invoked by unit, while
necessary files or directories can be still accessed by combining
with Bind{,ReadOnly}Paths=.
journalctl: improve hint about lack of access for --user-unit=...
When running journalctl --user-unit=foo as an unprivileged user we could get
the usual hint:
Hint: You are currently not seeing messages from the system and other users.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
...
But with --user-unit our filter is:
(((_UID=0 OR _UID=1000) AND OBJECT_SYSTEMD_USER_UNIT=foo.service) OR
((_UID=0 OR _UID=1000) AND COREDUMP_USER_UNIT=foo.service) OR
(_UID=1000 AND USER_UNIT=foo.service) OR
(_UID=1000 AND _SYSTEMD_USER_UNIT=foo.service))
so we would never see messages from other users.
We could still see messages from the system. In fact, on my machine the
only messages with OBJECT_SYSTEMD_USER_UNIT= are from the system:
journalctl $(journalctl -F OBJECT_SYSTEMD_USER_UNIT|sed 's/.*/OBJECT_SYSTEMD_USER_UNIT=\0/')
Thus, a more correct hint is that we cannot see messages from the system.
Make it so.
This makes it easier to see what is going on. Crashes may happen in a
nested test_{uid,gid}_to_name_one() function, and the default backtrace
doesn't show the actual string being tested.
xattr-util: use crtime/btime if statx() is available for implementation of fd_setcrtime() and friends
The Linux kernel exposes the birth time now for files through statx()
hence make use of it where available. We keep the xattr logic in place
for this however, since only a subset of file systems on Linux currently
expose the birth time. NFS and tmpfs for example do not support it. OTOH
there are other file systems that do support the birth time but might
not support xattrs (smb…), hence make the best of the two, in particular
in order to deal with journal files copied between file system types and
to maintain compatibility with older file systems that are updated to
newer version of the file system.
tree-wide: make use of fsync_directory_of_file() all over the place
Let's make use this at various places we call fsync(), to make things
fully reliable, as the kernel devs suggest to first fsync() files and
then fsync() the directories they are located in.
stat-util: unify code that checks whether something is a regular file
Let's add a common implementation for regular file checks, that are
careful to return the right error code (EISDIR/EISLNK/EBADFD) when we
are encountering a wrong file node.
sd-journal: when picking up a new file, compare inode/device info with previous open file by same name
Let's make sure we aren't confused if a journal file is replaced by a
different one (for example due to rotation) if we are in a q overflow:
let's compare the inode/device information, and if it changed replace
any open file object as needed.
Let's be more careful with the naming, and indicate that the function
is about *named* journal files, and will validate the name as needed.
(in opposition to add_any_file() which doesn't care about names)
core: change KeyringMode= to "shared" by default for non-service units in the system manager (#8172)
Before this change all unit types would default to "private" in the
system service manager and "inherit" to in the user service manager.
With this change this is slightly altered: non-service units of the
system service manager are now run with KeyringMode=shared. This appears
to be the more appropriate choice as isolation is not as desirable for
mount tools, which regularly consume key material. After all mounts are
a shared resource themselves as they appear system-wide hence it makes a
lot of sense to share their key material too.
Alexis Jeandet [Tue, 20 Feb 2018 01:36:41 +0000 (02:36 +0100)]
meson: Multi-lines string should use ''' with meson (#8225)
This breaks with latest version of meson:
https://hephaistos.lpp.polytechnique.fr/teamcity/viewLog.html?buildId=11653&buildTypeId=mesonbuild_SystemdNightly&tab=buildLog&state=1059#_state=1059&guest=true
Hans de Goede [Mon, 19 Feb 2018 17:24:09 +0000 (18:24 +0100)]
hwdb: Add quirk to fix mapping of T-bao Tbook air touchpad toggle key
The touchpad toggle key (Fn + Esc) on the T-bao Tbook air sends CTRL +
META + scancode 0x76 without this quirk. With this quirk it sends CTRL +
META + F21, with F21 mapping to XF86TouchpadToggle, which is what we want.
Note that the CTRL + META modifiers being send together with the F21 are
still somewhat unusual, userspace will need to be thought to deal with
this as there is nothing we can do about this at the hwdb level. Note at
least one other laptop also sends CTRL + META + F21 instead of just F21.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Hans de Goede [Mon, 19 Feb 2018 17:11:30 +0000 (18:11 +0100)]
hwdb: Add quirk to fix mapping of VIOS LTH17 touchpad toggle key
The touchpad toggle key (Fn + F6) on the VIOS LTH17 sends CTRL + META + F24
without this quirk. With this quirk it sends CTRL + META + F21, with F21
mapping to XF86TouchpadToggle, which is what we want.
Note that the CTRL + META modifiers being send together with the F21 are
still somewhat unusual, userspace will need to be thought to deal with
this as there is nothing we can do about this at the hwdb level. Note at
least one other laptop also sends CTRL + META + F21 instead of just F21.
Move config_parse_join_controllers to shared, add test
config_parse_join_controllers would free the destination argument on failure,
which is contrary to our normal style, where failed parsing has no effect.
Moving it to shared also allows a test to be added.
shared/conf-parser: define a macro for the repeating argument set
The arguments have to be indentical everywhere, so let's use a macro to
make things more readable. But only in the headers, in the .c files let's
keep them verbose so that it's easy to see the argument list.
Coverity now started warning about this ("Calling unlinkat without checking
return value (as is done elsewhere 12 out of 15 times).", and it is right:
most of the time we should at list print a log message so people can figure
out something is wrong when this happens.
v2:
- use warning level in journald too (this is unlikely to happen ever, so it
should be safe to something that is visible by default).
Yu Watanabe [Mon, 19 Feb 2018 13:26:01 +0000 (22:26 +0900)]
bootspec: accept tab as the separataor in sd-boot config (#8165)
In the parse logic `line_get_key_value()` in sd-boot treats spaces
and tabs are valid spacing between key and value in the line.
So, let's use the same logic for `bootctl` and the others which read
sd-boot configs.
meson: apply defaults if /etc/login.defs doesn't exist
Apply defaults for system_{uid,gid}_max even if the /etc/login.defs file
doesn't exist (e.g. in Clear Linux with no changes).
awk returns an empty string in case the file doesn't exist, causing meson to
fail in to_int(). So set the default if output is empty. This makes the BEGIN{}
blocks unnecessary, so remove them.
The single quote working with multiple lines is likely to be unintended. With
current versions of meson, it also causes error messages after it to report the
wrong line number. Use the documented syntax instead.
meson: fix systemd-pot target when polkit-devel is not installed
To successfully extract strings from our .policy files, gettext needs
polkit.{its,loc} files provided by policykit-devel. When that package is not
installed, systemd-pot would fail to extract strings:
[0/1] Running external command systemd-pot.
xgettext: warning: file 'src/core/org.freedesktop.systemd1.policy.in.in' extension 'policy' is unknown; will try C
xgettext: warning: file 'src/hostname/org.freedesktop.hostname1.policy.in' extension 'policy' is unknown; will try C
...
We now don't need the .its and .loc files for normal building, but they are
still useful when generating the .pot file, because that way we avoid the
dependency on sufficiently new polkit. We just need to tell i18n to pass their
location to xgettext.
intltool is unnecessary since c81217920effddc93fb780cf8f9eb699d6fe1319.
But we still need gettext, because we use msgformat to generate .mo files.
(I tried to make meson depend on it, at least in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1545926, but that didn't fly,
and in Debian at least meson also has no dependency on the tools used by
its i18n module, so we need to add our own dependency anyway.)
meson: drop unnecessary "transformation" of policy files
Those files don't contain any @variables@, so the configuration step was just
copying them to build/. Let's avoid that, and fix their suffixes while at it.
pid1: properly remove references to the unit from gc queue during final cleanup
When various references to the unit were dropped during cleanup in unit_free(),
add_to_gc_queue() could be called on this unit. If the unit was previously in
the gc queue (at the time when unit_free() was called on it), this wouldn't
matter, because it'd have in_gc_queue still set even though it was already
removed from the queue. But if it wasn't set, then the unit could be added to
the queue. Then after unit_free() would deallocate the unit, we would be left
with a dangling pointer in gc_queue.
A unit could be added to the gc queue in two places called from unit_free():
in the job_install calls, and in unit_ref_unset(). The first was OK, because
it was above the LIST_REMOVE(gc_queue,...) call, but the second was not, because
it was after that. Move the all LIST_REMOVE() calls down.
pid1: free basic unit information at the very end, before freeing the unit
We would free stuff like the names of the unit first, and then recurse
into other structures to remove the unit from there. Technically this
was OK, since the code did not access the name, but this makes debugging
harder. And if any log messages are added in any of those functions, they
are likely to access u->id and such other basic information about the unit.
So let's move the removal of this "basic" information towards the end
of unit_free().
pid1: fix collection of cycles of units which reference one another
A .socket will reference a .service unit, by registering a UnitRef with the
.service unit. If this .service unit has the .socket unit listed in Wants or
Sockets or such, a cycle will be created. We would not free this cycle
properly, because we treated any unit with non-empty refs as uncollectable. To
solve this issue, treats refs with UnitRef in u->refs_by_target similarly to
the refs in u->dependencies, and check if the "other" unit is known to be
needed. If it is not needed, do not treat the reference from it as preventing
the unit we are looking at from being freed.
The source unit manages the reference. It allocates the UnitRef structure and
registers it in the target unit, and then the reference must be destroyed
before the source unit is destroyed. Thus, is should be OK to include the
pointer to the source unit, it should be live as long as the reference exists.
Jakub Filak [Thu, 15 Feb 2018 11:12:46 +0000 (12:12 +0100)]
coredump: accept hostname on command line (#8033)
This commint adds a new command line parameter to sytemd-coredump. The
parameter should be mappend to core_pattern's placeholder %h - hostname.
The field _HOSTNAME holds the name from the kernel's namespaces which might be
different then the one comming from process' namespaces.
It is true that the real hostname is usually available in the field
COREDUMP_ENVIRON (environment variables) but I believe it is more reliable to
use the value passed by kernel.
----
The length of iovec is no longer static and hence I corrected the declarations
of the functions set_iovec_field and set_iovec_field_free.
Ever since the initial implementation in 631bbe71298ec892f77f44f94feb612646fe6853,
client_parse_message() was supposed to check that the message contains exactly
one serverid. The check that no more than one is given was implemented
correctly, but the check that at least one is given was not. Simplify the whole
thing by making dhcp6_lease_get_serverid() return an error if the id is not
set, and do not require the arguments to be present if the contents of the id
are not needed.