* tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
and others) now have a size and inode limits applied (50% of RAM for
- /tmp, 10% of RAM for /dev/shm, etc.)
+ /tmp and /dev/shm, 10% of RAM for other mounts, etc.)
* nss-mymachines lost support for resolution of users and groups, and
now only does resolution of hostnames. This functionality is now
new boolean setting Assign=. If enabled an address from the prefix is
automatically assigned to the interface.
- * systemd-networkd's [Network] section gained a new setting
- IPv6PDSubnetId= that allows explicit configuration of the preferred
- subnet that networkd's Prefix Delegation logic assigns to interfaces.
+ * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
+ controls delegated prefixes assigned by DHCPv6 client. The section
+ has three settings: SubnetID=, Assign=, and Token=. The setting
+ SubnetID= allows explicit configuration of the preferred subnet that
+ systemd-networkd's Prefix Delegation logic assigns to interfaces. If
+ Assign= is enabled (which is the default) an address from any acquired
+ delegated prefix is automatically chosen and assigned to the
+ interface. The setting Token= specifies an optional address generation
+ mode for Assign=.
* systemd-networkd's [Network] section gained a new setting
IPv4AcceptLocal=. If enabled the interface accepts packets with local
interface which is fully set up for host communication, simply by
carefully picking an interface name to use.
- * A new boolean option AssignAcquiredDelegatedPrefixAddress= has been
- added to the [DHCPv6] section of .network files. If enabled (which is
- the default) an address from any acquired delegated prefix is
- automatically chosen and assigned to the interface.
-
* systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
which sets the route priority for routes specified by the DHCP server.
distribution-specific defaults in .mkosi/ based on your preference.
Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
- Malafeev, Alin Popa, Alvin Šipraga, Amos Bird, Andreas Rammhold,
- AndreRH, Andrew Doran, Anita Zhang, Ankit Jain, antznin, Arnaud
- Ferraris, Arthur Moraes do Lago, Arusekk, Balaji Punnuru, Balint
- Reczey, Bastien Nocera, bemarek, Benjamin Berg, Benjamin Dahlhoff,
- Benjamin Robin, Chris Down, Chris Kerr, Christian Göttsche, Christian
- Hesse, Christian Oder, Ciprian Hacman, Clinton Roy, codicodi, Corey
- Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan, Daniel Fullmer,
- Daniel Rusek, Dan Streetman, Dave Reisner, David Edmundson, David Wood,
- Denis Pronin, Diego Escalante Urrelo, Dimitri John Ledkov,
- dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel Garette, Eric
- Anderson, Eric DeVolder, Evgeny Vereshchagin, ExtinctFire, fangxiuning,
- Ferran Pallarès Roca, Filipe Brandenburger, Filippo Falezza, Finn,
- Florian Klink, Florian Mayer, Franck Bui, Frantisek Sumsal, gaurav,
- Georg Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2,
- gogogogi, gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov
- Smolic, James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger,
- Jeremy Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro,
- Joerg Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
- Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus,
- Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca
- BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz
- Stelmach, Maciej S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel
- Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt
- Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman,
- Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný,
- Michal Sekletár, Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml,
- Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas
- Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer,
- Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard
- Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu,
- Sean-StarLabs, Sebastian Jennen, sterlinghughes, Surhud More, Susant
- Sahani, szb512, Thomas Haller, Tobias Hunger, Tom, Tomáš Pospíšek,
- Tomer Shechner, Tom Hughes, Topi Miettinen, Tudor Roman, Uwe
- Kleine-König, Valery0xff, Vito Caputo, Vladimir Panteleev, Vladyslav
- Tronko, Wen Yang, Yegor Vialov, Yigal Korman, Yi Gao, YmrDtnJu, Yuri
- Chornoivan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zhu Li, Дамјан
- Георгиевски, наб
-
- – Warsaw, 2020-07-24
+ Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
+ Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
+ antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
+ Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
+ Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
+ Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
+ codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
+ Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
+ Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
+ John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
+ Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
+ ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
+ Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
+ Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
+ Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
+ Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
+ Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
+ Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
+ Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
+ Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
+ Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
+ Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
+ S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
+ Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
+ Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
+ Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
+ Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
+ nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
+ Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
+ Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
+ Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
+ Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
+ Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
+ Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
+ Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
+ Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
+
+ – Warsaw, 2020-07-30
CHANGES WITH 245:
# HP EliteBook 725 G2
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPLicrice:pvr*
-# HP EliteBook 840 G1
-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBook840G1:pvr*
+# HP EliteBook
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBook*:pvr*
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:pvr*
# HP ProBook 440 G2
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP440G2:pvr*
# several HP ProBooks 4xx
# HP ZBook
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPZBook*:pvr*
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPZBook*:pvr*
-# Elitebook x360 1040 G6
-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP:pn*EliteBook*x3601040G6:pvr*
KEYBOARD_KEY_81=f20 # Fn+F8; Microphone mute button, should be micmute
# HP ZBook 15 G2
# HP Folio 1040g2
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBookFolio1040G2:pvr*
- KEYBOARD_KEY_81=f20 # Fn+F8; Microphone mute button, should be micmute
KEYBOARD_KEY_d8=!f23 # touchpad off
KEYBOARD_KEY_d9=!f22 # touchpad on
sensor:modalias:acpi:BOSC0200*:dmi:*:svnTrekStor*:pnSurfTabtwin11.6:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
+# alternative version of Trekstor's SurfTab Twin 11.6
+sensor:modalias:acpi:BOSC0200*:dmi:*:bvrTP15-VT5.2.1.3:*:svnTrekStor*:pnSurfTabtwin11.6:*
+ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, -1
+
sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPrimebookC11B:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
['sd_journal_get_data',
'3',
['SD_JOURNAL_FOREACH_DATA',
+ 'sd_journal_enumerate_available_data',
'sd_journal_enumerate_data',
'sd_journal_get_data_threshold',
'sd_journal_restart_data',
['sd_journal_query_unique',
'3',
['SD_JOURNAL_FOREACH_UNIQUE',
+ 'sd_journal_enumerate_available_unique',
'sd_journal_enumerate_unique',
'sd_journal_restart_unique'],
''],
['systemd-initctl.service',
'8',
['systemd-initctl', 'systemd-initctl.socket'],
- ''],
+ 'HAVE_SYSV_COMPAT'],
['systemd-journal-gatewayd.service',
'8',
['systemd-journal-gatewayd', 'systemd-journal-gatewayd.socket'],
Name=enp2s0
[Network]
-IPv6PrefixDelegation=dhcpv6
-
-[DHCPv6]
-AssignAcquiredDelegatedPrefixAddress=yes</programlisting>
+IPv6PrefixDelegation=dhcpv6</programlisting>
<para>This will enable IPv6 PD on the interface enp1s0 as an upstream interface where the
DHCPv6 client is running and enp2s0 as a downstream interface where the prefix is delegated to.</para>
<programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting>
<para>Exit status 75 (<constant>TEMPFAIL</constant>), 250, and the termination signal
- <constant>SIGKILL</constant> are considered clean service terminations.</para>
+ <constant>SIGUSR1</constant> are considered clean service terminations.</para>
</example>
<para>Note: <command>systemd-analyze exit-status</command> may be used to list exit statuses and
if (access(j, X_OK) >= 0) {
/* Found it! */
- if (ret) {
- *ret = path_simplify(j, false);
- j = NULL;
- }
+ if (ret)
+ *ret = path_simplify(TAKE_PTR(j), false);
return 0;
}
#endif
static const MountPoint mount_table[] = {
- { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
- { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
- { "devtmpfs", "/dev", "devtmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_NOEXEC|MS_STRICTATIME,
+ { "devtmpfs", "/dev", "devtmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_NOEXEC|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
- { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
#if ENABLE_SMACK
- { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV,
mac_smack_use, MNT_FATAL },
- { "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
#endif
- { "tmpfs", "/dev/shm", "tmpfs", "mode=1777" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
- { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC,
+ { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC,
NULL, MNT_IN_CONTAINER },
#if ENABLE_SMACK
- { "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
#endif
- { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
- { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
- { "cgroup2", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
- { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755" TMPFS_LIMITS_SYS_FS_CGROUP, MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755" TMPFS_LIMITS_SYS_FS_CGROUP, MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER },
- { "cgroup2", "/sys/fs/cgroup/unified", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "cgroup2", "/sys/fs/cgroup/unified", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_hybrid_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
- { "cgroup2", "/sys/fs/cgroup/unified", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "cgroup2", "/sys/fs/cgroup/unified", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_hybrid_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
- { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd,xattr", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd,xattr", MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_legacy_wanted, MNT_IN_CONTAINER },
- { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER },
- { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
#if ENABLE_EFI
- { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
is_efi_boot, MNT_NONE },
#endif
- { "bpf", "/sys/fs/bpf", "bpf", "mode=700", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "bpf", "/sys/fs/bpf", "bpf", "mode=700", MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE, },
};
}
static int append_tmpfs_mounts(MountEntry **p, const TemporaryFileSystem *tmpfs, size_t n) {
- size_t i;
- int r;
-
assert(p);
- for (i = 0; i < n; i++) {
+ for (size_t i = 0; i < n; i++) {
const TemporaryFileSystem *t = tmpfs + i;
_cleanup_free_ char *o = NULL, *str = NULL;
unsigned long flags;
bool ro = false;
+ int r;
if (!path_is_absolute(t->path))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
"Path is not absolute: %s",
t->path);
- str = strjoin("mode=0755" TMPFS_LIMITS_TEMPORARY_FS ",", t->options);
+ str = strjoin("mode=0755" NESTED_TMPFS_LIMITS ",", t->options);
if (!str)
return -ENOMEM;
MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
-ENTRY_DIR="/$MACHINE_ID/$KERNEL_VERSION"
-BOOT_ROOT=${ENTRY_DIR_ABS%$ENTRY_DIR}
+BOOT_ROOT=${ENTRY_DIR_ABS%/$MACHINE_ID/$KERNEL_VERSION}
+BOOT_MNT=$(stat -c %m $BOOT_ROOT)
+ENTRY_DIR=/${ENTRY_DIR_ABS#$BOOT_MNT}
if [[ $COMMAND == remove ]]; then
rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"
r = sd_bus_message_read(message, "ss", &user, &path);
if (r < 0)
return r;
- user = empty_to_null(user);
+ user = isempty(user) ? "root" : user;
r = sd_bus_message_read_strv(message, &args_wire);
if (r < 0)
return r;
r = asprintf(&args[2],
"shell=$(getent passwd %s 2>/dev/null | { IFS=: read _ _ _ _ _ _ x; echo \"$x\"; })\n"\
"exec \"${shell:-/bin/sh}\" -l", /* -l is means --login */
- isempty(user) ? "root" : user);
+ user);
if (r < 0) {
args[2] = NULL;
return -ENOMEM;
if (!strv_env_is_valid(env))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid environment assignments");
+ const char *details[] = {
+ "machine", m->name,
+ "user", user,
+ "program", path,
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-shell" : "org.freedesktop.machine1.shell",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
if (r < 0)
return r;
- description = strjoina("Shell for User ", isempty(user) ? "root" : user);
+ description = strjoina("Shell for User ", user);
r = sd_bus_message_append(tm,
"(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)",
"Description", "s", description,
if (r < 0)
return r;
- r = sd_bus_message_append(tm, "(sv)", "User", "s", isempty(user) ? "root" : user);
+ r = sd_bus_message_append(tm, "(sv)", "User", "s", user);
if (r < 0)
return r;
}
static int dhcp_lease_lost(Link *link) {
- int k, r;
+ int k, r = 0;
assert(link);
assert(link->dhcp_lease);
"DHCP\0" /* compat */
"DHCPv4\0"
"DHCPv6\0"
+ "DHCPv6PrefixDelegation\0"
"DHCPServer\0"
"IPv6AcceptRA\0"
"IPv6NDPProxyAddress\0"
MOUNT_IN_USERNS|MOUNT_MKDIR },
/* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */
- { "tmpfs", "/tmp", "tmpfs", "mode=1777" TMPFS_LIMITS_TMP, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/tmp", "tmpfs", "mode=1777" NESTED_TMPFS_LIMITS, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_APPLY_TMPFS_TMP|MOUNT_MKDIR },
{ "tmpfs", "/sys", "tmpfs", "mode=555" TMPFS_LIMITS_SYS, MS_NOSUID|MS_NOEXEC|MS_NODEV,
MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS|MOUNT_MKDIR },
MOUNT_FATAL|MOUNT_MKDIR }, /* skipped if above was mounted */
{ "tmpfs", "/dev", "tmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_MKDIR },
- { "tmpfs", "/dev/shm", "tmpfs", "mode=1777" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ { "tmpfs", "/dev/shm", "tmpfs", "mode=1777" NESTED_TMPFS_LIMITS, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_MKDIR },
{ "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_MKDIR },
* binary. */
dollar_path = strv_env_get(env_use, "PATH");
if (dollar_path) {
- if (putenv((char*) dollar_path) != 0)
+ if (setenv("PATH", dollar_path, 1) < 0)
return log_error_errno(errno, "Failed to update $PATH: %m");
}
}
if (v > 1000U*1000U) {
- log_syntax(unit, LOG_WARNING, filename, line, r,
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
"Weight needs to be in range 0…10000000, ignoring: %" PRIu32, v);
return 0;
}
r = parse_size(rvalue, 1024, &parsed);
if (r < 0)
- return log_syntax(unit, LOG_WARNING, filename, line, r,
+ return log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse size value: %s", rvalue);
if (ltype > 0)
return NULL;
if (d->fd >= 0) {
+ /* Implicitly sync the device, since otherwise in-flight blocks might not get written */
+ if (fsync(d->fd) < 0)
+ log_debug_errno(errno, "Failed to sync loop block device, ignoring: %m");
+
if (d->nr >= 0 && !d->relinquished) {
if (ioctl(d->fd, LOOP_CLR_FD) < 0)
log_debug_errno(errno, "Failed to clear loop device: %m");
log_warning_errno(errno, "Failed to remove device %s: %m", strna(d->node));
break;
}
- usleep(50 * USEC_PER_MSEC);
+ (void) usleep(50 * USEC_PER_MSEC);
}
}
* PID1 because 16MB of free space is required. */
#define TMPFS_LIMITS_RUN ",size=20%,nr_inodes=800k"
-/* The limit used for various tmpfs mounts, but not /tmp itself.
+/* The limit used for various nested tmpfs mounts, in paricular for guests started by systemd-nspawn.
* 10% of RAM (using 16GB of RAM as a baseline) translates to 400k inodes (assuming 4k each) and 25%
* translates to 1M inodes.
- * /tmp is configured through a .mount unit file. */
-#define TMPFS_LIMITS_TMP ",size=10%,nr_inodes=400k"
-#define TMPFS_LIMITS_DEV_SHM TMPFS_LIMITS_TMP
-#define TMPFS_LIMITS_TEMPORARY_FS TMPFS_LIMITS_TMP
+ * (On the host, /tmp is configured through a .mount unit file.) */
+#define NESTED_TMPFS_LIMITS ",size=10%,nr_inodes=400k"
/* More space for volatile root and /var */
#define TMPFS_LIMITS_VAR ",size=25%,nr_inodes=1m"
if (r < 0)
return table_log_add_error(r);
- r = table_add_cell_stringf(table, NULL, "%s (%s)", i->server_address, i->server_name);
+ r = table_add_cell_stringf(table, NULL, "%s (%s)", strna(i->server_address), strna(i->server_name));
if (r < 0)
return table_log_add_error(r);
}
/* re-arm timer with increasing timeout, in case the packets never arrive back */
- if (m->retry_interval > 0) {
- if (m->retry_interval < m->poll_interval_max_usec)
- m->retry_interval *= 2;
- } else
- m->retry_interval = m->poll_interval_min_usec;
+ if (m->retry_interval == 0)
+ m->retry_interval = NTP_RETRY_INTERVAL_MIN_USEC;
+ else
+ m->retry_interval = MIN(m->retry_interval * 4/3, NTP_RETRY_INTERVAL_MAX_USEC);
r = manager_arm_timer(m, m->retry_interval);
if (r < 0)
#define NTP_POLL_INTERVAL_MIN_USEC (32 * USEC_PER_SEC)
#define NTP_POLL_INTERVAL_MAX_USEC (2048 * USEC_PER_SEC)
+#define NTP_RETRY_INTERVAL_MIN_USEC (15 * USEC_PER_SEC)
+#define NTP_RETRY_INTERVAL_MAX_USEC (6 * 60 * USEC_PER_SEC) /* 6 minutes */
+
struct Manager {
sd_bus *bus;
sd_event *event;
/* skip nonprintable attributes */
len = strlen(value);
- while (len > 0 && isprint(value[len-1]))
+ while (len > 0 && isprint((unsigned char) value[len-1]))
len--;
if (len > 0)
continue;
New PR submitted to the project are run through regression tests, and one set
of those is the 'autopkgtest' runs for several different architectures, called
'Ubuntu CI'. Part of that testing is to run all these tests. Sometimes these
-tests are temporarily blacklisted from running in the 'autopkgtest' tests while
+tests are temporarily deny-listed from running in the 'autopkgtest' tests while
debugging a flaky test; that is done by creating a file in the test directory
-named 'blacklist-ubuntu-ci', for example to prevent the TEST-01-BASIC test from
+named 'deny-list-ubuntu-ci', for example to prevent the TEST-01-BASIC test from
running in the 'autopkgtest' runs, create the file
-'TEST-01-BASIC/blacklist-ubuntu-ci'.
+'TEST-01-BASIC/deny-list-ubuntu-ci'.
-The tests may be disabled only for specific archs, by creating a blacklist file
+The tests may be disabled only for specific archs, by creating a deny-list file
with the arch name at the end, e.g.
-'TEST-01-BASIC/blacklist-ubuntu-ci-arm64' to disable the TEST-01-BASIC test
+'TEST-01-BASIC/deny-list-ubuntu-ci-arm64' to disable the TEST-01-BASIC test
only on test runs for the 'arm64' architecture.
Note the arch naming is not from 'uname -m', it is Debian arch names:
https://wiki.debian.org/ArchitectureSpecificsMemo
-For PRs that fix a currently blacklisted test, the PR should include removal
-of the blacklist file.
+For PRs that fix a currently deny-listed test, the PR should include removal
+of the deny-list file.
[Unit]
Description=Cleaning Up and Shutting Down Daemons
DefaultDependencies=no
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
After=initrd-root-fs.target initrd-fs.target initrd.target
Documentation=man:systemd.special(7)
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
After=initrd-parse-etc.service
DefaultDependencies=no
Conflicts=shutdown.target
After=initrd-root-fs.target
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
[Service]
Type=oneshot
[Unit]
Description=Initrd Root Device
Documentation=man:systemd.special(7)
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
DefaultDependencies=no
[Unit]
Description=Initrd Root File System
Documentation=man:systemd.special(7)
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
DefaultDependencies=no
[Unit]
Description=Switch Root
DefaultDependencies=no
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
AllowIsolate=yes
[Unit]
Description=Switch Root
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
DefaultDependencies=no
-Requires=initrd-switch-root.service
+Wants=initrd-switch-root.service
Before=initrd-switch-root.service
AllowIsolate=yes
Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service
[Unit]
Description=Cleanup udev Database
DefaultDependencies=no
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
Conflicts=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service
After=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service
Before=initrd-switch-root.target
Documentation=man:systemd.special(7)
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
Requires=basic.target
Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service
After=initrd-root-fs.target initrd-root-device.target initrd-fs.target basic.target rescue.service rescue.target
Wants=local-fs-pre.target
After=%i.device
Before=local-fs-pre.target
-ConditionPathExists=/etc/initrd-release
+AssertPathExists=/etc/initrd-release
[Service]
Type=oneshot