journalctl: add --list-invocations command and -I/--invocation options
The --list-invocations command is similar to --list-boots, but shows
invocation IDs of specified unit. This should be useful when showing
a specific invocation of a unit.
The --invocation option is similar to --boot, but takes a invocation ID
or an offset. The -I option is equivalent to --invocation=0.
The struct itself is generic, and can be used for other ID.
Let's rename it to more generic one.
No functional change, just refactoring and preparation for later
commits.
Let's use the newly added credentials to only enable autologin for
/dev/console (systemd-nspawn) and /dev/hvc0 (qemu) instead of enabling
autologin for every tty.
core: Add support for renaming credentials with ImportCredential=
This allows for "per-instance" credentials for units. The use case
is best explained with an example. Currently all our getty units
have the following stanzas in their unit file:
This means that setting agetty.autologin=root as a system credential
will make every instance of our all our getty units autologin as the
root user. This prevents us from doing autologin on /dev/hvc0 while
still requiring manual login on all other ttys.
To solve the issue, we introduce support for renaming credentials with
ImportCredential=. This will allow us to add the following to e.g.
serial-getty@.service:
which for serial-getty@hvc0.service will make the service manager read
all credentials of the form "tty.serial.hvc0.agetty.xxx" and pass them
to the service in the form "agetty.xxx" (same goes for login). We can
apply the same to each of the getty units to allow setting agetty and
login credentials for individual ttys instead of globally.
Credentials are written to a temporary file and renamed to the
destination with renameat() which will replace existing files so
EEXIST should not happen so drop the handling for EEXIST.
execute: Drop log level to unit log level in exec_spawn()
All messages logged from exec_spawn() are attributed to the unit
and as such we should set the log level to the unit's max log level
for the duration of the function.
Łukasz Stelmach [Tue, 28 May 2024 14:56:03 +0000 (16:56 +0200)]
Revert "execute: Call capability_ambient_set_apply even if ambient set is 0"
With ambient capabilities being dropped at the start of process managers
(both system and user) as well as systemd-executor it isn't necessary
to drop them here. Moreover, at this point also the inheritable set can
be preserved. This makes it possible to assign a user session manager
inheritable capabilities which combined with file capabilites (ei sets)
of service executables enable running user services with capabilities
but only when started by the manager.
Łukasz Stelmach [Mon, 20 May 2024 14:51:55 +0000 (16:51 +0200)]
core: drop ambient capabilities in systemd-executor
Since the commit 963b6b906e ("core: drop ambient capabilities in
user manager") systemd running as the session manager has dropped ambient
capabilities retaining other sets allowing user services to be started
with elevated capabilities. This, worked fine until the introduction of
sd-executor. For a non-root process to be started with elevated
capabilities by a non-root parent it either needs file capabilities or
ambient capabilities in the parent process. Thus, systemd needs to allow
sd-executor to inherit its ambient capabilities and sd-executor should
drop them as systemd did before.
The ambient set is managed for both system and session managers, but
with the default set for PID#1 being empty, this code does not affect
operation of PID#1.
network: request non-NULL SSID when a wlan interface is configured as station
To avoid conflicts with user .network file for the wlan interface with Bond=.
See https://github.com/systemd/systemd/issues/19832#issuecomment-857661200.
stub: allocate and zero enough space in legacy x86 handover protocol
A PE image's memory footprint might be larger than its file size due
to uninitialized memory sections. Normally all PE headers should be
parsed to check the actual required size, but the legacy EFI handover
protocol is only used for x86 Linux bzImages, so we know only the last
section will require extra memory. Use SizeOfImage from the PE header
and if it is larger than the file size, allocate and zero extra memory
before using it.
network: call link_handle_bound_by_list() before trying to reconfigure interface
Otherwise, when an interface gained its carrier, the interface may not
have matching .network file yet, then link_reconfigure_impl() returns
zero, and link_handle_bound_by_list() is skipped.
Similar to 2d393b1b6d8 ("network: IPv6 Compliance: Router Advertisement
Processing, Reachable Time [v6LC.2.2.15]"),
Extract from: https://www.ietf.org/rfc/rfc4861.html#section-4.2, p.21,
first paragraph:
The Router Lifetime applies only to
the router's usefulness as a default router; it
does not apply to information contained in other
message fields or options.
So it does not make sense to prevent DHCPv6 when Router Lifetime is 0.
Fix detection of TDX confidential VM on Azure platform
The original CVM detection logic for TDX assumes that the guest can see
the standard TDX CPUID leaf. This was true in Azure when this code was
originally written, however, current Azure now blocks that leaf in the
paravisor. Instead it is required to use the same Azure specific CPUID
leaf that is used for SEV-SNP detection, which reports the VM isolation
type.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
network/ipv4acd: manage ACD engines with Address object
IPv4 addresses are managed with local and peer addresses and prefix
length. So, potentially, the same address with different prefix length
can be assigned on a link, e.g. 192.168.0.1/24 and 192.168.0.1/26.
If one of the address is configured with ACD but the other is not,
then previously ACD might be unexpectedly disabled or enabled on them,
as we managed ACD engines with only local addresses.
This makes ACD engines managed with the corresponding Address objects.
network: do not bring down bound interfaces immediately
Even if a timespan specified to IgnoreCarrierLoss= for an interface,
when the carrier of the interface lost, bound interfaces might be bring
down immediately.
Let's also postpone bringing down bound interfaces with the specified
timespan.
cgroup-util: Ignore kernel threads in cg_kill_items()
Similar to the implementation of cgroup.kill in the kernel, let's
skip kernel threads in cg_kill_items() as trying to kill kernel
threads as an unprivileged process will fail with EPERM and doesn't
do anything when running privileged.
kernel-install: Try some more initrd variants in 90-loaderentry.install
On CentOS/Fedora, dracut is configured to write the initrd to
/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well
if no initrds were supplied.
kernel-install: Only read cmdline from /proc/cmdline when not in container
If we're running from within a container, we're very likely not going
to want to use the kernel command line from /proc/cmdline, so let's add
a check to see if we're running from a container to decide whether we'll
use the kernel command line from /proc/cmdline.
The new file, modules.weakdep, generated by depmod to get the weak
dpendencies information can be present
(https://github.com/kmod-project/kmod/commit/05828b4a6e9327a63ef94df544a042b5e9ce4fe7),
so remove it like the other similar files.
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
resolved: Don't retry queries that indicate net error
This probably rarely helped anyway, but it also in some cases interferes
with auxiliary dnssec queries where the authoritative nameserver does
not support EDNS0/DNSSEC.
Fixes: ac6844460ca1 ("resolved: support RFC 8914 EDE error codes")
Michal Koutný [Fri, 26 Jul 2024 08:44:10 +0000 (10:44 +0200)]
test: Fail cgroup delegation test when user cannot be created
It means: a) user cannot be created, something's wrong in the
test environment -> fail the test; b) user already exists, we shall not
continue and delete (foreign) user.
resize-fs: Put minimal ext4 size in the same ballpark as the other filesystems
TEST-46-HOMED fails on ext4 because the filesystem is deemed to small
for activation by cryptsetup. Let's bump the minimal filesystem size for
ext4 a bit to be in the same ballpark as ext4 and btrfs to avoid weird
errors due to impossibly small filesystems.
Luca Boccassi [Sat, 2 Dec 2023 20:11:57 +0000 (20:11 +0000)]
logind: always check for inhibitor locks
Currently inhibitors are bypassed unless an explicit request is made to
check for them, or even in that case when the requestor is root or the
same uid as the holder of the lock.
But in many cases this makes it impractical to rely on inhibitor locks.
For example, in Debian there are several convoluted and archaic
workarounds that divert systemctl/reboot to some hacky custom scripts
to try and enforce blocking accidental reboots, when it's not expected
that the requestor will remember to specify the command line option
to enable checking for active inhibitor locks.
Also in many cases one wants to ensure that locks taken by a user are
respected by actions initiated by that same user.
Change logind so that inhibitors checks are not skipped in these
cases, and systemctl so that locks are checked in order to show a
friendly error message rather than "permission denied".
Add new block-weak and delay-weak modes that keep the previous
behaviour unchanged.
Mike Yuan [Wed, 24 Jul 2024 14:28:48 +0000 (16:28 +0200)]
basic/log: do not treat all negative errnos as synthetic
Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos,
because of the two's-complement negative value representation.
Subsequently, ERRNO= is not logged for most of our own code.
Let's fix this, by formatting all synthetic errnos as positive.
Then, treat all negative values as non-synthetic.
While at it, mark the evaluation order explicitly, and remove
unneeded comment.
tree-wide: Don't explicity disable copy-on-write when copying images
Since the copy helpers now copy file attributes as well, let's not
explicitly disable copy-on-write anymore when we copy an image. If
the source already has copy-on-write disabled, the copy will have it
disabled as well. Otherwise, the copy will also have copy-on-write
enabled.
This makes sure that reflinks always work as reflink is only supported
if both source and target are copy-on-write or both source and target
are not copy-on-write.
repart: Create disk image file with copy-on-write disabled on btrfs
COW on btrfs generally does not play well lots of random writes so
let's make the disk images generated by repart NOCOW by default on
btrfs like we do elsewhere across the codebase.
repart: Make partition files NOCOW if the disk image is NOCOW
On btrfs, reflinks into a disk image that has copy-on-write disabled
only work if the source has copy-on-write disabled as well so let's
make sure that's the case if the disk image has copy-on-write disabled.
fs-util: Handle dangling symlinks in openat_report_new()
openat() will always resolve symlinks, except if O_NOFOLLOW is passed
or O_CREAT|O_EXCL is passed. This means that if a dangling symlink is
passed to openat_report_new(), the first call to openat() will always
fail with ENOENT and the second call to openat() will always fail with
EEXIST.
Let's catch this case explicitly and fallback to creating the file with
just O_CREAT and assume we're the ones that created the file. We can't
resolve the symlink with chase() because this function is itself called
by chase() so we could end up in weird recursive calls if we'd try to do
so.
* c7138e0b87 Configure default DNS servers for upstream CI builds
* bc5d1afe1e Drop out-of-tree localed patch and use D-Bus policy instead
* b5f8ababde autopkgtest: set Release= in mkosi.local.conf to distinguish testing vs unstable
* 323afafd80 autopkgtest: add allow-stderr to timedated test
* 0291f361e3 Install valrinkctl zsh completion file
* f40b9eba02 d/t/control: add Depends: lib{systemd,udev}-dev for upstream
* 3def595de3 d/t/upstream: ensure correct ubuntu codename is used
* 531bb6817e d/t/boot-and-services: fix a couple python sytax warnings
* 963ac13b7d d/t/boot-and-services: skip test_tmp_cleanup if tmp.mount is overridden
projects / thirdparty / systemd.git / log
