Michal Soltys [Mon, 3 Jul 2017 16:38:13 +0000 (18:38 +0200)]
vconsole: search for usable source console (#6180)
When vconsole-setup is called without arguments, search for a usable
console instead of using /dev/tty0.
/dev/tty0 — pointing to the current active console — it not necessarily
usable and in such case vconsole-setup would exit with failure. In particular
when systemd-vconsole-setup.service was restarted from within an X
session, it always failed.
If the function searching for a usable source terminal fails, the first
encountered error is returned to the caller.
Closes #5367.
Additional changes:
- true/false functions with 'is_ prefix are renamed to functions with
'verify_vc_' prefix and return 0 on success and negative error on
failure
- O_NOCTTY flag is used when opening terminals
Matthew Garrett [Fri, 30 Jun 2017 18:27:47 +0000 (11:27 -0700)]
sd-boot: stub: Obtain PE section offsets from RAM, not disk (#6250)
In a Secure Boot scenario the stub loader will have been validated
before execution. A malicious drive could then change the data returned
in future reads, resulting in the loader obtaining incorrect section
offsets and (for instance) allowing the command line to be modified.
Pull that information out of the in-RAM representation of the loader
instead in order to avoid this.
Fixes: #6230
(Lennart did some minor coding style fixes, and renamed pefile.c → pe.c,
as suggested by Kay, given that the file now contains a function whose
name doesn't match the filename as prefix anymore.)
units: use Requires in systemd-networkd-wait-online.service (#6065)
In the initial design, foobar-wait-online.service would have
Requisite=foobar.service, so that foobar-wait-online.service could be enabled
unconditionally, irrespective of whether foobar.service itself is enabled.
Unfortunately this doesn't work too well:
1. the message about foobar-wait-online.service being skipped because of a
"missing dependency" *looks* like an is problem. This is mostly cosmetic,
but it also quite confusing. We generally don't want any messages of this
type during default boot.
2. it is impossible to start and wait for the network in an
implementation-agnostic way: systemctl start network-online.target, or
Wants/After=network-online.target in a unit don't work because pulling in
network-online.target pulls in foobar-wait-online.service, but it in turn
does not pull in foobar.service. During startup, foobar.service is pulled in
by multi-user.target, but not in a smaller transaction which does not
include multi-user.target.
This change means that *-wait-online.service should be installed through
presets, so that it can be enabled/disabled at will by the administrator.
Our own systemd-networkd-wait-online.service does this already, and
similar change has been requested for NetworkManager-wait-online.service
(https://bugzilla.redhat.com/show_bug.cgi?id=1455704).
This change should by mostly backwards-compatible, unless somebody has some
wait-online.service enabled, without having the corresponding network
implementation enabled, and they are relying on it not being started. I think
that's relatively unlikely because of issue 1. above, and I'm not aware of this
being the default in any distro. And being able to start the network in an
implementation-agnostic way is pretty important, see
https://bugzilla.redhat.com/show_bug.cgi?id=1452866.
The parsing is changed a bit to only understand "0" as infinity. If units are
specified, parse normally, e.g. "0s" is just 0. This makes it possible to
provide a zero timeout if necessary.
For some reason git shortlog spits out non-breaking spaces, let's remove
that, as for our purposes (inclusion in NEWS) we really want breaking
(i.e. normal) spaces.
hwdb: Add SNES Mouse plugged through Retrode 2 (#6263)
Note that this will only work with the new "hid-retrode" driver in the
upcoming 4.12 kernel as otherwise the mouse events and the 4 joypad
ports are bundled into a single event node.
Got address error code: Operation not permitted
Got address error code: Operation not permitted
Got start error code: Operation not permitted
which is quite unclear out of context. Change that to:
Failed to add address 127.0.0.1 to loopback interface: Operation not permitted
Failed to add address ::1 to loopback interface: Operation not permitted
Failed to bring loopback interface up: Operation not permitted
core: do not print color console message about gc-ed jobs
This is just a cosmetic issue.
Garbage collection of jobs (especially the ones that we create automatically)
is something of an internal implementation detail and should not be made
visible to the users. But it's probably still useful to log this in the
journal, so the code is rearranged to skip one of the messages if we log to the
console and the journal separately, and to keep the message if we log
everything to the console.
NeilBrown [Fri, 30 Jun 2017 16:51:33 +0000 (02:51 +1000)]
core/automount: revise the "fun fact" comments. (#6245)
Fun fact 1 suggests that a "close()" is needed, but that close() has long since been
removed. So the comment in now meaningless and possibly confusing.
Fun fact 2 refers to a bug that has been fixed in Linux prior to v4.12
Commit: 9fa4eb8e490a ("autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL")
so revise the comment so that no-one goes pointlessly looking for the bug.
Michael Biebl [Thu, 29 Jun 2017 05:57:35 +0000 (07:57 +0200)]
tmpfiles: create /var/log/lastlog if it does not exist
Create /var/log/lastlog the same way we create utmp and wtmp.
This is useful for stateless systems where /var is volatile and a
missing /var/log/lastlog otherwise creates error messages like
Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
man: mention localed and localectl in locale.conf(5) and vconsole.conf(5)
Fixes #295.
(We cannot add a comment to either of those files because they are documented
to "only support variable assignments", so it's better to add an explanation
in the man page instead.)
Yu Watanabe [Wed, 28 Jun 2017 18:19:38 +0000 (03:19 +0900)]
systemd-mount: support unmounting loop devices by backing files (#6211)
This makes `systemd-umount` or `systemd-mount -u` support unmounting
loop devices by the corresponding backing files, like
`systemd-mount --umount /tmp/foo.img /tmp/bar.img`
Only drop the capabilities from the bounding set if we are running as PID1 (#6204)
The CapabilityBoundingSet option only makes sense if we are running as
PID1.
The system.conf.d(5) manpage, already states that the CapabilityBoundingSet
option:
Controls which capabilities to include in the capability bounding set
for PID 1 and its children.
udev: never ask libblkid for detecting superblocks with bad checksums (#6215)
Previously, we'd ask liblkid to also tell us about recognized
superblocks with bad checksums. We'd then log about them and ignore
them. This however created ambuigity problems, see #6110: the
BLKID_SUBLKS_BADCSUM is not as innocent as it appears.
This patch drops bad checksum handling and we ignore all such superblocks
entirely again, as it was the status quo ante d47f6ca5f9b7a0b400d8bdb050151a0284fb4bdb (where this was snuck in).
Ideally, libblkid would be changed to avoid this ambiguity problems for
bad checksums, but that's not going to happen any time soon, according
to @karelzak.
nspawn: register a scope for the unit if --register=no is specified (#6166)
Previously, only when --register=yes was set (the default) the invoked
container would get its own scope, created by machined on behalf of
nspawn. With this change if --register=no is set nspawn will still get
its own scope (which is a good thing, so that --slice= and --property=
take effect), but this is not done through machined but by registering a
scope unit directly in PID 1.
Summary:
--register=yes → allocate a new scope through machined (the default)
--register=yes --keep-unit → use the unit we are already running in an register with machined
--register=no → allocate a new scope directly, but no machined
--register=no --keep-unit → do not allocate nor register anything
basic/random-util: do not fall back to /dev/urandom if getrandom() returns short
During early boot, we'd call getrandom(), and immediately fall back to
reading from /dev/urandom unless we got the full requested number of bytes.
Those two sources are the same, so the most likely result is /dev/urandom
producing some pseudorandom numbers for us, complaining widely on the way.
Let's change our behaviour to be more conservative:
- if the numbers are only used to initialize a hash table, a short read is OK,
we don't really care if we get the first part of the seed truly random and
then some pseudorandom bytes. So just do that and return "success".
- if getrandom() returns -EAGAIN, fall back to rand() instead of querying
/dev/urandom again.
The idea with those two changes is to avoid generating a warning about
reading from an /dev/urandom when the kernel doesn't have enough entropy.
- only in the cases where we really need to make the best effort possible
(sd_id128_randomize and firstboot password hashing), fall back to
/dev/urandom.
When calling getrandom(), drop the checks whether the argument fits in an int —
getrandom() should do that for us already, and we call it with small arguments
only anyway.
Note that this does not really change the (relatively high) number of random
bytes we request from the kernel. On my laptop, during boot, PID 1 and all
other processes using this code through libsystemd request:
74780 bytes with high_quality_required == false
464 bytes with high_quality_required == true
and it does not eliminate reads from /dev/urandom completely. If the kernel was
short on entropy and getrandom() would fail, we would fall back to /dev/urandom
for those 464 bytes.
When falling back to /dev/urandom, don't lose the short read we already got,
and just read the remaining bytes.
If getrandom() syscall is not available, we fall back to /dev/urandom same
as before.
basic/random-util: use most of the pseudorandom bytes from rand()
The only implementation that we care about — glibc — provides us
with 31 bits of entropy. Let's use 24 bits of that, instead of throwing
all but 8 away.
resolved: do not allocate packets with minimum size
dns_packet_new() is sometimes called with mtu == 0, and in that case we should
allocate more than the absolute minimum (which is the dns packet header size),
otherwise we have to resize immediately again after appending the first data to
the packet.
Kai Krakow [Sat, 13 May 2017 10:30:56 +0000 (12:30 +0200)]
resolved: Recover from slow DNS responses
When DNS is unreliable temporarily, the current implementation will
never improve resend behavior again and switch DNS servers only late
(current maximum timeout is 5 seconds).
We can improve this by biasing the resend_timeout back to the current
RTT when a successful response was received. Next time, a timeout is hit
on this server, it will switch to the next server faster.
logind: relax udev rules matching devices logind watches for
Now that we have support for key/switch masking in logind, we can relax
the rules by which logind picks the devices to watch a bit, after all we
won't wake up anymore for every single event, but instead only the
events we actually care about.
This should make power/suspend keys on normal usb/atkbd keyboards just
work.
Michal Suchanek [Mon, 12 Jun 2017 12:09:55 +0000 (14:09 +0200)]
input_id: fix detection of devices with mouse buttons
Assign ID_INPUT_MOUSE property to devices with mouse buttons and no axis.
Libinput tries to use libwacom on devices with tablet-pad capability
which are detected by ID_INPUT_TABLET_PAD=1 property so assign pointer
class by setting ID_INPUT_MOUSE=1 to devices with mouse buttons and let
libwacom override the class for Wacom pads.
Franck Bui [Mon, 26 Jun 2017 13:23:35 +0000 (15:23 +0200)]
gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab
If a swap partition is created on a disk using GPT then the unit generated by
the gpt-generator can shadow the one generated by the fstab-generator.
This can be an issue if the fstab entry for the swap has options since they are
simply ignored if PID1 decides to use the unit created by the gpt-generator
since this unit carries no information about the swap options.
This patch simply disables the GPT auto logic for swaps if at least one entry
for swap is defined in /etc/fstab.
udev: fix some incorrect usages of CLOCK_BOOTTIME (#6198)
CLOCK_BOOTTIME should only be used if we actually want the clock to
count on while we are suspended, and it is hence not useful for normal
code execution time limits, fix that.
Moreover, a couple of uses were even more broken, as
clock_bottime_or_monotonic() was called where actually
now(clock_boottime_or_monotic()) was supposed to be called. Ouch!
Yu Watanabe [Mon, 26 Jun 2017 20:07:07 +0000 (05:07 +0900)]
systemd-mount: support device names and multiple arguments for umount (#6096)
This makes systemd-umount (or systemd-mount -u) supports multiple arguments
which can be path, device, or fstab style node name, like
`systemd-umount /path/to/umount /dev/sda1 UUID=xxxxxx-xxxx LABEL=xxxxx`.
We shouldn't assume the final path for the settings file is already
known, it unlikely is unless we already downloaded the image once. Also
add some commenting to explain the code surrounding the assert a bit.
sd-bus: use GetConnectionCredentials() when querying credentials, if available
Newer D-Bus versions implement the GetConnectionCredentials() driver
call to get all connection creds in one go. Make use of that to reduce
the number of bus calls we do.
When only a single credential field is queried we will still use the old
calls, which we'll also use if the new call isn't implemented.
sd-bus: when credentials of the "org.freedesktop.DBus" service are queried return the bus owner's credentials
The bus driver service is always implemented by the owner of the bus,
hence let's shortcut the credential operation and use our cached data.
This makes sure things simply work, given that dbus itself doesn't
support GetConnectionSELinuxSecurityContext() on the bus driver name
itself.
core: make IOSchedulingClass= and IOSchedulingPriority= settable for transient units
This patch is a bit more complex thant I hoped. In particular the single
IOScheduling= property exposed on the bus is split up into
IOSchedulingClass= and IOSchedulingPriority= (though compat is
retained). Otherwise the asymmetry between setting props and getting
them is a bit too nasty.