Michal Sekletar [Fri, 22 Feb 2019 14:50:55 +0000 (15:50 +0100)]
logind: don't print warning when user@.service template is masked
User instance of systemd is optional feature and if user@.service
template is masked then administrator most likely doesn't want --user
instances of systemd for logged in users. We don't need to be verbose
about it.
Roman Kulikov [Tue, 15 Jan 2019 16:05:18 +0000 (19:05 +0300)]
logind: udev rule for Parallels video adapter
This enables graphical capability for a video adapter of Parallels
virtualization platform (Parallels Desktop for Mac product) which is not
a DRM device at the moment.
This fixes GUI in Fedora 29 guest on Parallels Desktop where gdm now
strictly checks for CanGraphical property of a seat, see [1].
Should be noted that there's no in-kernel driver for Parallels video at
the moment so device matching is done by vid/pid.
analyze: add color highlighting when printing calendar elapses
With multiple iterations, I found it hard to pick out the interesting bits in
the column of text. I tried plain highlighting first, but it doesn't seem
enough. But blue/yellow makes it easy to jump to the right iteration.
Martin Pitt [Thu, 21 Feb 2019 11:34:23 +0000 (12:34 +0100)]
networkd-test: fix test_dropin()
- This test needs resolved, so make sure it is started. In some Debian
environments it is not.
- It was an unnecessary, and now failing assumption that name servers
get atomically written to the resolved's resolv.conf. Wait until both
expected name servers are in the file.
Martin Pitt [Thu, 21 Feb 2019 11:26:44 +0000 (12:26 +0100)]
networkd-test: use a complete domain name in test_route_only_dns()
Since version 241 (commit ea4678?), querying MX type records for
single-label domains does not actually forward the query to the DNS
server any more. Use "example.com" instead, which is the recommended
test domain anyway.
Martin Pitt [Thu, 21 Feb 2019 11:24:16 +0000 (12:24 +0100)]
networkd-test: disable DNSSEC in domain-restricted DNS test
dnsmasq 2.80 changed behaviour when being queried by resolved with
enabled DNSSEC: It returns errors for SOA and DS queries which cause the
entire query to fail. As we don't configure DNSSEC in this test anyway,
just disable it so that we retain compatibility with old and new dnsmasq
versions.
Taro Yamada [Tue, 19 Feb 2019 12:01:50 +0000 (21:01 +0900)]
core: delay persistent timers by "RandomizedDelaySec=" at boot.
Fixes #5659.
Currently, if Persistent=true and the machine is off at the scheduled time of the timer unit, the timer
will be triggered immediately at the next boot even if RandomizedDelaySec= is specified.
As a result, if multiple timers meet that condition, they will be triggered at the same time and too
much CPU/IO work makes boot slow down.
With this commit, if the scheduled time of the persistent timer has already elapsed at boot,
set the time when systemd first started as the scheduled time and RandomizedDelaySec= is applied to it.
The test was failing in Ubuntu CI with a 30s timeout. It makes
sense to keep the file so exercise the set allocation logic, but
we can make it shorter.
networkd: use OrderedSets instead of strvs to store lists of domains
We were already using OrderedSets in the manager object, but strvs in the
configuration parsing code. Using sets gives us better scaling when many
domains are used.
In oss-fuzz #13059 the attached reproducer takes approximately 30.5 s to be
parsed. Converting to sets makes this go down to 10s. This is not _vastly_
faster, but using sets seems like a nicer approach anyway. In particular, we
avoid the quadratic de-unification operation after each addition.
cgtop: Fix processing of controllers other than CPU
After debugging the issue with gdb, I found that the following change
94ddb08 "cgtop: Still try to get CPU statistics if controller-free"
has introduced a bug, which prevents process(..) method processing
memory and io controllers when cpu_accounting_is_cheap() is true.
The obvious fix is to move this branch to be the last one, keeping
the intended behavior of the above change, without having a negative
effect on the other controllers.
Fixes #11773 [systemd-cgtop no longer shows memory (and io) usage]
generator: rename systemd-mkfs@.service to systemd-makefs@.service
The second name was used in documentation, and the first in the code that
generated the unit. 'systemd-makefs' is the name we want, for example for
consistency with the systemd-makefs executable.
In principle this breaks compatibility, but in practice this is unlikely to be
noticeable. Each instance of the unit is created by writing out a full
definition, so the template was never defined. So the name could only be used
for ordering, and there is not reason to order things against this unit from
the outside: the ordering would rather be against the final mount unit.
Make systemd-boot compliant with the Linux Boot / EFI Handover Protocol
The current implementation copied the *complete* header to boot_params,
thus making the kernel ignore many of the fields.
As mentioned in the code comment for the sentinel variable in
bootparam.h a bootloader should only copy the setup_header, set some
fields in boot_params and zero out anything else.
This change makes systemd-boot (mostly) compliant with the Linux Boot
Protocol and the EFI Handover Protocol described in bootparam.h and
Documentation/boot.txt to fix various issues:
- Secure boot not being detected corretly by Linux (#11717)
- tboot error message / warning on boot (#11717)
- Strange purple text color when booting in qemu with OVMF
- Hopefully even more ...
Merge pull request #11482 from poettering/tmpfiles-bsd-lock
adds a fully safe way how apps can pin files into /tmp temporarily, excepting them from the tmpfiles aging algorithm, based on BSD file locks on dirs we descend into
Topi Miettinen [Fri, 8 Feb 2019 17:25:00 +0000 (19:25 +0200)]
core: ProtectHostname= feature
Let services use a private UTS namespace. In addition, a seccomp filter is
installed on set{host,domain}name and a ro bind mounts on
/proc/sys/kernel/{host,domain}name.
Franck Bui [Wed, 13 Feb 2019 17:45:36 +0000 (18:45 +0100)]
namespace: make MountFlags=shared work again
Since commit 0722b359342d2a9f9e0d453875624387a0ba1be2, the root mountpoint is
unconditionnally turned to slave which breaks units that are using explicitly
MountFlags=shared (and no other options that would implicitly require a slave
root mountpoint).
dhcp: don't stop receiving packets when the link goes down
When the link goes down, DHCP client_receive_message*() functions return an
error and the related I/O source is removed from the main loop. With the
current implementation of systemd-networkd this doesn't matter because the DHCP
client is always stopped on carrier down and restarted on carrier up. However
it seems wrong to have the DHCP client crippled (because no packet can be
received anymore) once the link goes temporarily down.
Change the receive functions to ignore a ENETDOWN event so that the client will
be able to receive packets again after the link comes back.