sysusers: improve message about conflicting entries
Without any markup, the sentence could be quite confusing:
g user 55
g user 56
→
"Two or more conflicting lines for user configured"
It also wasn't clear which line is ignored.
Inspired by https://github.com/systemd/systemd/pull/21156.
gitignore: remove patterns for build files in source dir
Those made sense when autotoolz were used. With meson, everything
should land in the build dir, and this is only likely to obscure issues
with custom build rules.
C.f. https://github.com/systemd/systemd/pull/20429#issuecomment-988132332
наб [Tue, 16 Mar 2021 16:38:20 +0000 (17:38 +0100)]
kernel-install: respect $MACHINE_ID and ignore /etc/machine-id if on tmpfs
Confer https://github.com/systemd/systemd/pull/19006#issuecomment-800234022:
On some systems it's the admin's explicit choice not to to have the
machine ID leak into the ESP
On some systems the machine ID is transient, generated at every boot,
and hence should not be written to the ESP
I hoped that we would drop libgcrypt fully and drop all references to the
library in meson, but this doesn't seem feasible (because of the use in
sd-journal). But let's remove it here, all the resolved code has been switched
to work either of the two libraries.
Luca Boccassi [Fri, 3 Dec 2021 01:36:05 +0000 (01:36 +0000)]
core: add StartUnitWithFlags DBUS method
When an activation job is skipped because of a Condition*= setting failing,
currently the JobRemoved signal lists 'done' as the result, just as with
a successful job.
This is a problem when doing dbus activation: dbus-broker will receive a
signal that says the job was successful, so then it moves into a state where
it waits for the requested name to appear on the bus, but that never happens
because the job was actually skipped.
Add a new StartUnitWithFlags that changes the behaviour of the JobRemoved
signal to list 'done' or 'skipped'.
Dan Streetman [Fri, 20 Aug 2021 18:44:35 +0000 (14:44 -0400)]
resolve: remove server 'large' level
This removes the DNS_SERVER_FEATURE_LEVEL_LARGE, and sets the EDNS0
advertised max packet size as if always in 'large' mode.
Without this, we always send out EDNS0 opts that limit response sizes
to 512 bytes, thus the remote server will never send anything larger
and will always truncate responses larger than 512 bytes, forcing us
to drop from EDNS0 down to TCP, even though one of the primary benefits
of EDNS0 is larger packet sizes.
Yu Watanabe [Mon, 6 Dec 2021 20:34:08 +0000 (05:34 +0900)]
network: do not block configuring addresses by creating stacked netdevs
`link_is_ready_to_configure()` is used to judge we can configure
addresses, routes, and etc. And they can be configured independently of
stacked netdevs.
Maciek Borzecki [Tue, 30 Nov 2021 10:07:30 +0000 (11:07 +0100)]
units/systemd-udevd: allow bpf() syscall
Programs run by udev triggers may need to execute the bpf() syscall. Even more
so, since on a cgroup v2 system, the only way to set up device access filtering
is to install a BPF program on the cgroup in question and one way of passing
data to such program is through BPF maps, which can only be access using the
bpf() syscall. One such use case was identified in RHBZ#2025264 related to
snap-device-helper, and led to RHBZ#2027627 being filed.
Unfortunately there is no finer grained control over what gets passed in the
syscall, so just enable bpf() and leave fine grained mediation to other
security layers (eg. SELinux).
Franck Bui [Wed, 17 Nov 2021 07:13:04 +0000 (08:13 +0100)]
TEST-10: don't attempt to write a byte to the socket
Writing a byte to test10.socket is actually the root cause of issue #19154:
depending on the timing, it's possible that PID1 closes the socket before socat
(or nc, it doesn't matter which tool is actually used) tries to write that one
byte to the socket. In this case writing to the socket returns EPIPE, which
causes socat to exit(1) and subsequently make the test fail.
Since we're only interested in connecting to the socket and triggering the rate
limit of the socket, this patch removes the parts that write the single byte to
the socket, which should remove the race for good.
Since it shouldn't matter whether the test uses socat or nc, let's switch back
to nc and hence remove the sole user of socat. The exit status of nc is however
ignored because some versions might choke when the socket is closed
unexpectedly.
Daan De Meyer [Fri, 3 Dec 2021 10:06:36 +0000 (11:06 +0100)]
journal: Fix disabling NO_COW on btrfs filesystems
Disabling NOCOW when data has been written to a file doesn't work.
Instead, when we're done writing to a journal file (after archiving),
let's rewrite the file with COW enabled. This also takes care of
properly defragmenting the file.
With zstd compression level 3, journal files are compressed to 12%
of their original size with default journal settings.
As rewriting the file might take a while since we also do an fsync()
after the rewrite, this work is done in the offline thread to avoid
blocking the journald event loop.
Daan De Meyer [Fri, 3 Dec 2021 10:07:02 +0000 (11:07 +0100)]
basic: Make sure we're extra paranoid in chattr_full
On btrfs, trying to disable FS_NOCOW_FL on a file that has data
already written will fail silently without reporting an error. To
catch such cases, let's query the flags again if the IOC_SETFLAGS
ioctl() succeeds to make sure the flags we tried to configure we're
actually accepted by the kernel.
Daan De Meyer [Wed, 1 Dec 2021 08:34:13 +0000 (09:34 +0100)]
journal: Update the JournalFile path when archiving
When we archive a path, we rename the file to indicate this. However,
until now, we didn't actually update the path member of the corresponding
JournalFile instance. Let's make sure we also update this to avoid
misuse of the old path later on.
This change also requires we save the previous path in journal_file_rotate()
since we need to open a new file at the previous path.
Daan De Meyer [Tue, 30 Nov 2021 15:39:35 +0000 (16:39 +0100)]
journal: Move offlining logic to journald-file.c
With this change, the logic to write the final tag, emit the final
change notification and to offline the file moves from journal_file_close()
to journald_file_close(). Since all this logic is only executed when
the journal file is writable and all code that writes journal files
already uses journald_file_close() instead of journal_file_close(), this
change should not introduce any changes in behaviour.
Moving the offline related logic to journald-file.c allows us to use
code from src/shared in the offlining logic, more specifically, we can
use the file copying logic from copy.h to fix BTRFS filesystem compression
for journal files when archiving.
Daan De Meyer [Tue, 30 Nov 2021 15:18:56 +0000 (16:18 +0100)]
journal: Introduce journald-file.c for journal file write related logic
Currently, all the logic related to writing journal files lives in
journal-file.c which is part of libsystemd (sd-journal). Because it's
part of libsystemd, we can't depend on any code from src/shared.
To allow using code from src/shared when writing journal files, let's
gradually move the write related logic from journal-file.c to
journald-file.c in src/journal. This directory is not part of libsystemd
and as such can use code from src/shared.
We can safely remove any journal write related logic from libsystemd as
it's not used by any public APIs in libsystemd.
This commit introduces the new file along with the JournaldFile struct
which wraps an instance of JournalFile. The goal is to gradually move
more functions from journal-file.c and fields from JournalFile to
journald-file.c and JournaldFile respectively.
This commit also modifies all call sites that write journal files to
use JournaldFile instead of JournalFile. All sd-journal tests that
write journal files are moved to src/journal so they can make use of
journald-file.c.
Because the deferred closes logic is only used by journald, we move it
out of journal-file.c as well. In journal_file_open(), we would wait for
any remaining deferred closes for the file we're about to open to complete
before continuing if the file was not newly created. In journald_file_open(),
we call this logic unconditionally since it stands that if a file is newly
created, it can't have any outstanding deferred closes.
No changes in behavior are introduced aside from the earlier execution
of waiting for any deferred closes to complete when opening a new journal
file.
Daan De Meyer [Tue, 16 Nov 2021 23:54:16 +0000 (23:54 +0000)]
journal: punch holes in unused parts of entry arrays when archiving
Entry arrays grow exponentially, so when archiving a journal file is
archived, it's very likely that the final entry array objects in each
entry array chain aren't fully used. Let's punch holes in the unused
parts so the filesystem can reclaim this unused space and use it for
something else.
Daan De Meyer [Tue, 16 Nov 2021 23:45:58 +0000 (23:45 +0000)]
journal: truncate archived journals
Journal files have space allocated in 8MiB-aligned increments. This
can add up to substantial wasted space as many archived journals
accumulate without using all the allocated space. Let's truncate
journal files to their actually used size when archiving them to
reclaim this unused space.
As the mmap cache is not thread-safe, we can't call
journal_file_move_to_object() from the offline thread. Instead,
we use journal_file_read_object() which doesn't rely on the mmap
cache.
Franck Bui [Wed, 1 Dec 2021 07:51:48 +0000 (08:51 +0100)]
journal: don't remove the flushed flag when journald is stopped
Due to the fact that systemd-journal-flush.service has
"Requires=systemd-journald.service", this service is stopped too when journald
is requested to do so.
However stopping systemd-journal-flush.service implies that journald
relinquishes /var hence implicitly switching back to the volatile storage
mode and removing /run/systemd/journal/flushed.
If journald is started afterwards, it will run in volatile storage mode
regardless of the value of 'Storage=' as it believes now that /var is not yet
ready (because the flushed flag is missing).
Because this flag is mainly an indication for journald that the initialization
of /var/log/journal (during the boot process) has been done,
systemd-journal-flush.service shouldn't be tied to the state of journald itself
but to the state of /var/log/journal, hence to the state of the system.
Joris Hartog [Wed, 1 Dec 2021 14:06:29 +0000 (15:06 +0100)]
systemctl: support JSON output for "show-environment"
This commit adds a function which converts a bus message containing the
environment variables to a JSON object and uses this function to support
JSON formatted output for the "systemctl show-environment" command.