Iain Lane [Tue, 7 Jan 2020 14:33:29 +0000 (14:33 +0000)]
units: Split modprobing out into a separate service unit
Devices referred to by `DeviceAllow=` sandboxing are resolved into their
corresponding major numbers when the unit is loaded by looking at
`/proc/devices`. If a reference is made to a device which is not yet
available, the `DeviceAllow` is ignored and the unit's processes cannot
access that device.
In both logind and nspawn, we have `DeviceAllow=` lines, and `modprobe`
in `ExecStartPre=` to load some kernel modules. Those kernel modules
cause device nodes to become available when they are loaded: the device
nodes may not exist when the unit itself is loaded. This means that the
unit's processes will not be able to access the device since the
`DeviceAllow=` will have been resolved earlier and denied it.
One way to fix this would be to re-evaluate the available devices and
re-apply the policy to the cgroup, but this cannot work atomically on
cgroupsv1. So we fall back to a second approach: instead of running
`modprobe` via `ExecStartPre`, we move this out to a separate unit and
order it before the units which want the module.
testsuite: drop "systemctl is-system-running --wait" invocation
We wait for "basic.target" being reached in the user instance anyway
before allowing the user's session to start, hence doing such a wait is
unnecessary, since that would just mean we'd wait for "default.target"
on top of "basic.target", but we shouldn#t need anything of that...
The name is not as universal as we want, still, hence let's use our own
user we create with sysusers.d/. That should yield same behaviour
everywhere (and also test sysusers a bit as side effect).
let's make sure we always invoke our commands through /bin/sh, since
on some distros su will use /bin/nologin (or whatever is listed in
/etc/passwd) as shell otherwise and we don#t want that.
Kevin Kuehler [Tue, 19 Nov 2019 21:43:58 +0000 (13:43 -0800)]
job: Don't mark as redundant if deps are relevant
In the steps given in #13850, the resulting graph looks like:
C (Anchor) -> B -> A
Since B is inactive, it will be flagged as redundant and removed from
the transaction, causing A to get garbage collected. The proposed fix is
to not mark nodes as redundant if doing so causes a relevant node to be
garbage collected.
Mike Auty [Fri, 3 Jan 2020 00:44:54 +0000 (00:44 +0000)]
hwdb: Lenovo T490 Synaptics Touchpad hwdb entry
The Synaptics Touchpad that comes with the T490 doesn't explicitly set
its resolution, so these lines are needed to provide that, in order to
help the libinput code detect overly large jumps. Since this device
contains buttons under the lower section of the touchpad, large jumps
are common, so having the resolution helps libinput greatly reduce
the number of occurances of pointer jump.
This comes from
https://gitlab.freedesktop.org/libinput/libinput/issues/402.
Frantisek Sumsal [Sat, 28 Dec 2019 11:29:19 +0000 (12:29 +0100)]
systemctl: skip non-existent units in the 'cat' verb
When processing list of units (either provided manually or as a
wildcard), let's skip units for which we don't have an on-disk
counterpart, but note the -ENOENT error code and propagate it back to
the user.
Frantisek Sumsal [Mon, 23 Dec 2019 19:54:08 +0000 (20:54 +0100)]
travis: wait for the container to fully boot up
This avoids nasty race conditions between dnf/apt-get and unfinished
population of /tmp (among other things), as `docker exec` allows commands
to run before the system is fully booted (i.e. initializing/starting
state reported by `systemctl is-system-running`).
umount: detect root loopback device the same way as we detect root DM devices
get_block_device() is just the nicer way to do it (since it also odes
btrfs). Also, let's already collect the dev_t of the loopback device
when we enumerate things, that allows us to do the checks simpler
without constantly stat()ing things over and over again.
In contrast to what is claimed in #13396 dbus-broker apparently does
care for the service file to be around, and otherwise will claim
"Service Not Activatable" in the time between systemd starting up the
broker and connecting to it, which the stub service file is supposed to
make go away.
Reverting this makes the integration test suite pass again on host with
dbus-broker (i.e. current Fedora desktop).
Anita Zhang [Thu, 12 Dec 2019 05:15:42 +0000 (21:15 -0800)]
core,journal: export user units' InvocationID and use as _SYSTEMD_INVOCATION_ID
Write a user unit's invocation ID to /run/user/<uid>/systemd/units/ similar
to how a system unit's invocation ID is written to /run/systemd/units/.
This lets the journal read and add a user unit's invocation ID to the
_SYSTEMD_INVOCATION_ID field of logs instead of the user manager's
invocation ID.
This commit introduced an ordering loop: remote-cryptsetup.target was both
before and after remote-fs-pre.target. It also globally ordered all cryptsetup
volumes before all mounts. Such global ordering is problematic if people have
stacked storage. Let's look for a different solution.
See https://github.com/systemd/systemd/pull/14378#discussion_r359460109.
Anita Zhang [Wed, 20 Nov 2019 01:25:23 +0000 (17:25 -0800)]
test: add test case for PrivateDevices=y and Group=daemon
For root, group enforcement needs to come after PrivateDevices=y set up
according to 096424d1230e0a0339735c51b43949809e972430. Add a test to
verify this is the case.
Anita Zhang [Tue, 19 Nov 2019 22:24:52 +0000 (14:24 -0800)]
core: create inaccessible nodes for users when making runtime dirs
To support ProtectHome=y in a user namespace (which mounts the inaccessible
nodes), the nodes need to be accessible by the user. Create these paths and
devices in the user runtime directory so they can be used later if needed.
Anita Zhang [Wed, 23 Oct 2019 00:37:47 +0000 (17:37 -0700)]
core: PrivateUsers=true for (unprivileged) user managers
Let per-user service managers have user namespaces too.
For unprivileged users, user namespaces are set up much earlier
(before the mount, network, and UTS namespaces vs after) in
order to obtain capbilities in the new user namespace and enable use of
the other listed namespaces. However for privileged users (root), the
set up for the user namspace is still done at the end to avoid any
restrictions with combining namespaces inside a user namespace (see
inline comments).
Yu Watanabe [Sat, 7 Dec 2019 15:32:36 +0000 (00:32 +0900)]
network: introduce AddPrefixRoute= and deprecate PrefixRoute=
PrefixRoute= was added by e63be0847c39bfdca45c25c505922814374581a7,
but unfortunately, the meaning of PrefixRoute= is inverted; when true
IFA_F_NOPREFIXROUTE flag is added. This introduces AddPrefixRoute=
setting.