logind: port logind state files to fopen_tmpfile_linkable()
This replaces use of fopen_temporary() with fopen_tmpfile_linkable() +
flink_tmpfile(). This both shortens the code and means we use O_TMPFILE
for installing these files, which is always good.
Daan De Meyer [Wed, 21 May 2025 11:08:50 +0000 (13:08 +0200)]
meson: Don't define targets for standalone binaries if option is not enabled
These are built from the same sources as the regular binaries, so we
end up with the same sources multiple times in the compilation database
but with different command line arguments, which trips up tooling that
uses the compilation database. Let's not define the standalone targets if
the option is not enabled to avoid this problem.
Daan De Meyer [Wed, 21 May 2025 09:34:41 +0000 (11:34 +0200)]
test-tables: Pass enum type to test_table() as well
clang-include-cleaner has a hard time figuring out unused includes
with all the macro string concatentation we're doing in test_table().
Let's help it out a little by also passing the enum type into test_table().
While technically not needed, this makes the tests a bit more self-descriptive
and not really much more verbose so it feels like a good chance regardless,
even if the primary purpose is to help clang-include-cleaner figure out
used and unused includes.
TheHillBright [Wed, 21 May 2025 10:38:12 +0000 (18:38 +0800)]
journald: clarify doc for usage-related values cap (#37528)
The old description makes users wrongly assume that the cap of 4G
applied, even when the user specifies a value that will result in higher
than 4G. This commit avoids this misunderstanding.
Daan De Meyer [Wed, 21 May 2025 07:20:27 +0000 (09:20 +0200)]
shared: Introduce conf-parser-forward.h
conf-parser.h pulls in a lot of other headers as needed by all the
macros it defines. We can't easily move the implementations of these
macro to conf-parser.c, so let's instead introduce conf-parser-forward.h
with just the stuff in it needed by other header files.
We'll make use of this when cleaning up includes to only include the
minimal parts of conf-parser.h that are required by other headers without
pulling in the kitchen sink.
Daan De Meyer [Wed, 21 May 2025 07:45:06 +0000 (09:45 +0200)]
test: Clean up includes
To make sure everything still compiles, we add a preliminary include
of forward.h to tests.h to make sure it is included in every test source
file. We'll clean up the tests.h includes in a later commit.
We also add a <errno.h> include to errno-list.h to keep test-errno-list.c
compiling. It'll be removed again when we clean up includes in src/basic.
Daan De Meyer [Wed, 21 May 2025 07:23:13 +0000 (09:23 +0200)]
basic: Include time-util.h in constants.h
constants.h defines a bunch of constants that use macros from
time-util.h, so add the needed include. To avoid cyclic dependencies,
we move the HAS_FEATURE_MEMORY_SANITIZER and HAS_FEATURE_ADDRESS_SANITIZER
logic to macro.h and get rid of the constants.h include there.
The rest of this commit is adding missing constants.h includes where
needed due to it being removed from macro.h.
resolved: add new "DNS Delegate" concepts (#34368)
Various long standing issues (at least: #5573 #14159 #20485 #21260
#24532 #32022 #18056) have been asking for a way to delegate DNS
resolution of specific domains to very specific DNS servers.
This PR goes a major step towards that goal by adding a new concept "DNS
Delegate" which allows to configure just that. Basically, this adds a
third kind of DNS scope to resolved's logic: besides the per-link and
global DNS scopes there are now also "delegate" scopes, which can be
created by dropping in a new file /etc/systemd/dns-delegate/*.conf. They
carry DNS= and Domains= lines just like the global setting or what the
per-link configuration can carry.
And they are consulted the same way as link DNS scopes are considered,
following the same routing rules.
This allows to configure these DNS delegates statically via drop-in
files as mentioned, and only adds the most basic functionality. Later on
we might want to extend this:
1. Allow dynamic creation of DNS delegates via IPC with lifecycle bound
to IPC client (usecase: installing a DNS delegate that routes traffic to
some DNS-over-TLS server once basic setup is complete).
2. Allow configuration of protocol details per delegate the same way
this is currently allowed per-link.
3. Instead of strictly using DNS as delegation protocol, support an
alternative varlink based protocol (without retransmission problems and
so on) that systemd-machined and similar can implement.
This PR is not complete yet. Lacks docs and tests. Seems to work fine in
my local tests however.
resolvectl: rework parsing of dns server + search domain bus properties
Let's handle the per-link and the global dns server/search domain
property parsing the same. Let's use a flags field for three separate
booleans, and unify more code.
resolved: add concept of delegating lookups below certain domains to specific DNS servers
This permits configuration of additional "delegates" which ensure that
lookups for certain DNS zones are routed to specific sets of DNS
servers, in addition to the routes we create for each network interface.
For now, this allows only static configuration, but eventually we should
open this up to IPC.
Fixes: #5573 #14159 #20485 #21260 #24532 #32022
(Fixes #32022, because now redundant)
resolved: add a new DnsScopeOrigin enum, to delcare the "origin" of a DnsScope explicitly
This new enum field is supposed to indicate why a DnsScope came to be.
For now it distinguishes two origins: the "global" one (which is what is
configured in resolved.conf) and "link" ones (which are synthesized for
each link).
The field as is is pretty redundant, the same information can be
determined from whether the .link field is set or not.
This is pretty much just preparation for later commits that add
statically configured additional DnsScopes whose origin shall be encoded
with this.
bootctl: rework Boot Loader Entries section in status
Kernels are loaded from two partitions (XBOOTLDR and ESP). In the past this
wasn't always so, but a while ago the docs and the code were updated to load
from both locations. The $BOOT location specifies where to install only. So
rework the status output to print both locations and indicate which one is
$BOOT by appending ", $BOOT".
Also change the section title to "… Locations". We don't show *entries* here,
so the old title could be a bit confusing.
Luca Boccassi [Tue, 20 May 2025 13:50:22 +0000 (14:50 +0100)]
{pidfd,cgroup}-util: avoid alignment warning when accessing f_handle (#37520)
NetworkManager imports some systemd code, which we then build with
`-Wcast-align=strict`. This results in this warning:
```
../src/libnm-systemd-shared/src/basic/pidfd-util.c: In function 'pidfd_get_inode_id':
../src/libnm-systemd-shared/src/basic/pidfd-util.c:255:41: warning: cast increases required alignment of target type [-Wcast-align]
255 | *ret = *(uint64_t*) fh.file_handle.f_handle;
| ^
```
Since the address of `f_handle` should always be aligned at the word
boundary (it is preceded by 2 int`s` in `file_handle`), this patch uses
`CAST_ALIGN_PTR()` to avoid this warning.
Luca Boccassi [Tue, 20 May 2025 13:49:43 +0000 (14:49 +0100)]
repart: add --append-fstab parameter (#37238)
If --generate-fstab=PATH is used, there is the possibility that the
fstab file already exists, making systemd-repart fail.
This commit will add a new --append-fstab= parameter, that will read
the file and merge it with the new generated content. Using the
comments, the command can separate the automatic-generated section from
the user-provided section, allowing for the next append the replacement
only of the automatic-generated section, keeping the user one.
Luca Boccassi [Tue, 20 May 2025 10:27:34 +0000 (11:27 +0100)]
core: Also refresh confext extensions when reloading notify-reload service (#33995)
`ExtensionImages=` and `ExtensionDirectories=` now let you specify
vpick-named extensions; however, since they just get set up once when
the service is started, you can't see newer versions without restarting
the service entirely. Here, also reload confext extensions when you
reload a service. This allows you to deploy a new version of some
configuration and have it picked up at reload time without interruption
to your workload.
Right now, we would only reload confext extensions and leave the sysext
ones behind, since it didn't seem prudent to swap out what is likely
program code at reload. This is made possible by only going for the
`SYSTEMD_CONFEXT_HIERARCHIES` overlays (which only contains `/etc`).
This PR:
- Adjusts `service.c` to also refresh extensions when needed.
- Adds integration tests to check that a confext reload actually
occurred.
- Adds to the `systemd.exec` man pages to document this behavior.
This is a follow up to #24864 and #31364. Thank you to @bluca and
@goenkam for help in getting this up.
* b0bbe045f4 systemd-boot: fix manpages installation
* db46ebd2ec Install new files for upstream build
* 648bfbad0b systemd-homed: add dependency on polkitd
* 5a5f1bd5a3 document requirement to sync *.link files with initrd
* 1f2b663871 d/README.Debian: update some outdated paragraphs
* 03e6ab9c93 Add version to systemd-boot-efi-signed virtual package
* 5d7a08916c d/control: bump Standards-Version to 4.7.2, no changes
* ace9e4beaf d/signing-template/copyright: use GPL URL instead of old FSF postal address
Alberto Planas [Thu, 24 Apr 2025 13:02:27 +0000 (15:02 +0200)]
repart: add --append-fstab parameter
If --generate-fstab=PATH is used, there is the possibility that the
fstab file already exists, making systemd-repart fail.
This commit will add a new --append-fstab= parameter, that will read
the file and merge it with the new generated content. Using the
comments, the command can separate the automatic-generated section from
the user-provided section, allowing for the next append the replacement
only of the automatic-generated section, keeping the user one.
Daan De Meyer [Thu, 15 May 2025 13:09:27 +0000 (15:09 +0200)]
meson: Rework clang-tidy integration to be done via unit tests
Instead of using run-clang-tidy.py with its own scheduling, let's
just gather a list of source files ourselves and then use that to
add a unit test for each source file that runs clang-tidy on the
source file.
We also add a bit of logic to run clang-tidy on most header files
as well for extra coverage. This uncovered various header files that
were not standalone so this commit also includes fixes to make sure
the clang-tidy tests are all green.
We can also use this in a later commit to run clang-include-cleaner
on each source file in the same way.
Daan De Meyer [Thu, 15 May 2025 12:07:59 +0000 (14:07 +0200)]
tree-wide: Ensure source file names are unique
Let's ensure all of our source file names are unique without having
to take the directory into account.
This allows us to create meson targets or unit tests identified by the
the name of the source file they operate on without having to include
the full path of the source file in the target or test name to avoid
conflicts.
Daan De Meyer [Thu, 15 May 2025 12:52:48 +0000 (14:52 +0200)]
meson: Build fuzz executables by default if fuzz-tests option is enabled
fuzz-tests is enabled by default now but we still don't build the fuzz
executables by default. Let's change that so that we always make sure these
still compile when we make changes.
Daan De Meyer [Mon, 19 May 2025 15:41:18 +0000 (17:41 +0200)]
meson: Make sure fuzz-journal-remote is built in oss-fuzz
oss-fuzz builds with --auto-features=disabled, yet we have to make
sure all fuzzers are still built when --auto-features=disabled, so
let's always build systemd-journal-remote even if it is disabled so
that we can use its objects to build fuzz-journal-remote. Instead,
when remote=disabled, we make sure we don't installed
systemd-journal-remote.
Daan De Meyer [Thu, 15 May 2025 12:16:57 +0000 (14:16 +0200)]
meson: Extract more objects instead of compiling multiple times
Also, let's deflatten the lists of sources in preparation for the
next commit at the same time.
In systemctl, we split out systemctl-main.c to make sure the definition
of main() is in a separate object which allows us to extract the systemctl.c
object and link it in the fuzzer target without getting a multiple definition
error when linking.
Mike Yuan [Mon, 19 May 2025 19:06:17 +0000 (21:06 +0200)]
cgroup-util: modernize cg_get_keyed_attribute()
- assert on supplied keys being unique
- Reject duplicate attributes with -EBADMSG
- Rename 'ret_values' to just 'values', given we don't
allocate the array
- Remove now unused cg_get_keyed_attribute_graceful()
Daan De Meyer [Mon, 19 May 2025 12:49:43 +0000 (14:49 +0200)]
sd-varlink: Expose sd_varlink_idl_parse()
We're planning to do code generation based on the systemd varlink
APIs. To simplify this, let's expose the IDL parser, so we can use
it to do code generation instead of having to write our own IDL
parser.
maia x. [Mon, 6 Jan 2025 18:41:19 +0000 (10:41 -0800)]
test: check reloading notify-reload service refreshes vpick extensions
In TEST-50-DISSECT.dissect, this adds the following cases:
- testservice-50g: vpick extension in ExtensionDirectories
- testservice-50h: vpick extension in ExtensionImages
- testservice-50i: ExtensionDirectories + RootImage
- testservice-50j: ExtensionDirectories + RootDirectory
maia x. [Mon, 6 Jan 2025 18:31:44 +0000 (10:31 -0800)]
core: reload confexts when reloading notify-reload services
`ExtensionImages=` and `ExtensionDirectories=` now let you specify
vpick-named extensions; however, since they just get set up once when
the service is started, you can't see newer versions without restarting
the service entirely. Here, also reload confext extensions when you
reload a service. This allows you to deploy a new version of some
configuration and have it picked up at reload time without interruption
to your workload.
Right now, we would only reload confext extensions and leave the sysext
ones behind, since it didn't seem prudent to swap out what is likely
program code at reload. This is made possible by only going for the
`SYSTEMD_CONFEXT_HIERARCHIES` overlays (which only contains `/etc`).
Implementation wise, this uses the new kernel API and two collaborating
child processes under the host & child namespaces in order to gather the
right FDs needed:
- (1) In child, set up the extension images and directories in a slave
mountns, and obtain their FDs.
- (2) Fork into a grandchild under target process namespace, and do a
"fake" unmount to obtain the FD of the underlying target folder
say /etc).
- (3) In the child again, set up new overlay under host NS rights.
We do not want to do I/O heavy jobs inline in PID1 blocking the state
machine, so add separate async states to handle this case.
unit_gc_sweep() might try to add the unit to gc queue again.
While that becomes no-op as Unit.in_gc_queue is not cleared
yet, it induces minor inconsistency of states.
Yu Watanabe [Tue, 13 May 2025 17:56:21 +0000 (02:56 +0900)]
units: kill only udev services and keep udev sockets on switching root
This also makes initrd-cleanup.service explicitly start
initrd-switch-root.service with replace-irreversibly mode, to avoid
systemd-udevd.service being triggered by kernel events and the start
job of initrd-switch-root.service being cancelled.
Those static functions were written to support optional output params, but they
are only ever called with the output param set, and it doesn't make sense to
ever call them without the output param. Since those are internal functions,
drop this unused complexity.
C automatically casts a signed int to unsigned in binary operation with an
unsigned int. Thus that suffix is not useful. Also surrounding code doesn't use
it.
src/boot: assume that intmax_t is the biggest integer
Same as in 81d7934882ae13c64d9b08d365a0baa011cb2fbb, intmax_t by definition is
the widest int. Strictly speaking, the check whether
sizeof(intmax_t) == sizeof(long long)
in the code below is redundant, but I think it's nicer to keep it for symmetry
with the other cases.
Requested in
https://github.com/systemd/systemd/pull/37442#pullrequestreview-2840906908.
Accept=yes has very valid usecases (i.e. for sporadically invoked
services) and strong benefits (i.e. better security because connections
can be sandboxed nicely, isolating them). Let's hence reword things and
stop claiming that Accept=yes was a legacy thing, because it really
isn't.
While message IDs are about more than catalog entries (they make
messages recognizable), I think it makes sense to document at least all
those messages that indicate problems with catalog entries, in an
attempt to be helpful to users.
projects / thirdparty / systemd.git / log
