Kevin Kuehler [Mon, 4 Nov 2019 22:48:06 +0000 (14:48 -0800)]
systemctl: Add TriggeredBy and Triggers to status
For all units that aren't timers, if it is activated by another unit,
add the triggering unit under the "TriggeredBy:" header. If a unit can
trigger other units, print the units it triggers other the "Triggers:"
header.
Michael Tretter [Fri, 18 Oct 2019 13:14:35 +0000 (15:14 +0200)]
boot-loader-spec: add devicetree-overlay key
Device tree overlays are a convenient way to patch device trees, e.g.,
add new devices to a device tree or enable/disable devices. This is
useful for non-discoverable but configurable hardware. Device tree
overlays are commonly used for displays on the Raspberry Pi or for
describing the content of FPGA bitstreams.
Add the devicetree-overlay key to boot loader specification entries to
allow boot loaders to apply overlays.
Franck Bui [Mon, 28 Oct 2019 17:41:59 +0000 (18:41 +0100)]
swap: do not make swap units wanted by its device unit anymore
It was done for mount units already (see commit 142b8142d7bb84f07). For the
same reasons and for consistency we should also stop activating automagically
swaps when their device is hot-plugged.
modules-load: do not fail service if modules are not present
It is pretty common for the service to fail in the initramfs (for example
because certain modules have not been copied over or haven't been built yet in
case of dkms modules). This seems to be more trouble than it is worth. Let's
change the service to simply log any missing modules at error level, but not
fail the whole service.
pid1: order .automount units after local-fs-pre.target
From the bug:
> According to the documentation of systemd.automount if the automoint point is
> automagically created if it doesn't exist yet. This ofcourse means the
> filesystem underneath has to be writable, which for / means not only does
> -.mount need to be started but also systemd-remount-fs.service has to be run,
> which isn't guaranteed by the default automount dependencies.
>
> For .mount units there is an automatic default After= dependency on
> local-fs-pre.target, would probably make sense to do the same for automount
> units to avoid it failing on the corner-case where it has to create directory.
Philip Withnall [Wed, 12 Jun 2019 08:41:45 +0000 (09:41 +0100)]
pam_systemd: Forward systemd.runtime_max_sec setting to session scope
Allow earlier PAM modules to set `systemd.runtime_max_sec`. If they do,
parse it and set it as the `RuntimeMaxUSec=` property of the session
scope, to limit the maximum lifetime of the session. This could be
useful for time-limiting login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com> Fixes: #12035
Philip Withnall [Wed, 12 Jun 2019 07:45:26 +0000 (08:45 +0100)]
scope: Support RuntimeMaxSec= directive in scope units
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.
This could be used for time-limited login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com> Fixes: #12035
Anita Zhang [Fri, 25 Oct 2019 22:46:21 +0000 (15:46 -0700)]
meson: expand ternary in functions to if statements
Per https://github.com/mesonbuild/meson/issues/5003, ternary doesn't
always work as function args with older versions of meson.
Expand out ternary statements to stay compatible with older versions (< 0.49).
meson: allow WatchdogSec= in services to be configured
As discussed on systemd-devel [1], in Fedora we get lots of abrt reports
about the watchdog firing [2], but 100% of them seem to be caused by resource
starvation in the machine, and never actual deadlocks in the services being
monitored. Killing the services not only does not improve anything, but it
makes the resource starvation worse, because the service needs cycles to restart,
and coredump processing is also fairly expensive. This adds a configuration option
to allow the value to be changed. If the setting is not set, there is no change.
My plan is to set it to some ridiculusly high value, maybe 1h, to catch cases
where a service is actually hanging.
resolved: send out notifications about DNS property
Notifications are only sent for the top object, and not for individual
links. This should be enough for the most obvious cases where somebody
just cares about the effective set of servers.
Franck Bui [Tue, 22 Oct 2019 14:09:21 +0000 (16:09 +0200)]
fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs
Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
with two sorts of virtual files.
One sort uses "seq_file", and the results of the first read are buffered for
the second read. The other sort uses "raw" reads which always go direct to the
device.
In the later case, the content of the virtual file must be retrieved with a
single read otherwise subsequent read might get the new value instead of
finding EOF immediately. That's the reason why the usage of fread(3) is
prohibited in this case as it always performs a second call to read(2) looking
for EOF which is subject to the race described previously.
various tools: be more explicit when a glob is passed when not supported
See https://bugzilla.redhat.com/show_bug.cgi?id=1763488: when we say that
'foo@*.service' is not a valid unit name, this is not clear enough. Let's
include the name of the operation that does not support globbing in the
error message:
$ build/systemctl enable 'foo@*.service'
Glob pattern passed to enable, but globs are not supported for this.
Invalid unit name "foo@*.service" escaped as "foo@\x2a.service".
...
Dan Streetman [Wed, 23 Oct 2019 18:47:59 +0000 (14:47 -0400)]
resolved: set stream type during DnsStream creation
The DnsStreamType was added to track different types of DNS TCP streams,
instead of refcounting all of them together. However, the stream type was
not actually set into the stream->type field, so while the reference count
was correctly incremented per-stream-type, the reference count was always
decremented in the cleanup function for stream type 0, leading to
underflow for the type 0 stream (unsigned) refcount, and preventing new
type 0 streams from being created.
Since type 0 is DNS_STREAM_LOOKUP, which is used to communicate with
upstream nameservers, once the refcount underflows the stub resolver
no longer is able to successfully fall back to TCP upstream lookups
for any truncated UDP packets.
This was found because lookups of A records with a large number of
addresses, too much to fit into a single 512 byte DNS UDP reply,
were causing getaddrinfo() to fall back to TCP and trigger this bug,
which then caused the TCP fallback for later large record lookups
to fail with 'connection timed out; no servers could be reached'.
Zach Smith [Fri, 27 Sep 2019 04:02:28 +0000 (21:02 -0700)]
systemd-sleep: always prefer resume device or file
This change checks each swap partition or file reported in /proc/swaps
to see if it matches the values configured with resume= and
resume_offset= kernel parameters. If a match is found, the matching swap
entry is used as the hibernation location regardless of swap priority.
basic/fs-util: change CHASE_OPEN flag into a separate output parameter
chase_symlinks() would return negative on error, and either a non-negative status
or a non-negative fd when CHASE_OPEN was given. This made the interface quite
complicated, because dependning on the flags used, we would get two different
"types" of return object. Coverity was always confused by this, and flagged
every use of chase_symlinks() without CHASE_OPEN as a resource leak (because it
would this that an fd is returned). This patch uses a saparate output parameter,
so there is no confusion.
(I think it is OK to have functions which return either an error or an fd. It's
only returning *either* an fd or a non-fd that is confusing.)
test-socket-util: avoid writing past the defined buffer
.sun_path has 108 bytes, and we'd write a string of 108 bytes + NUL.
I added this test, but I don't know what it was supposed to test. Let's
just remove.
sd-netlink: constify object pointers passed to getters
sd-netlink is not public yet, so we can change the interface.
I did not touch interfaces of functions like sd_netlink_wait() and
sd_rtnl_message_new_link() which do not modify the object that is passed in,
because in the future we might want to change the code to e.g. take a
reference to the parent object or otherwise require a non-const reference.
Michal Suchanek [Sun, 20 Oct 2019 10:12:20 +0000 (12:12 +0200)]
udev/cdrom_id: Do not open CD-rom in exclusive mode.
When you have a CD automunt solution that talks directly to the kernel
independently of udev it races with cdrom_id for exclusive access to the
device failing unpredictably.
The whole is_mounted function in cdrom_id is broken: there is no saying
what happens between calling is_mounted and opening the device.
Hence assume that the device can be mounted asynchronously at any time,
do not use exclusive access, and do away with is_mouted.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
The default value was described at the end of two long paragraphs.
Make the first para self contained, and move the description of --console=pipe
into the second para.
We shouldn't lock the accounts because people actually need to use them, and
if they are locked, various tools will refuse.
See https://github.com/systemd/systemd/pull/13277#issuecomment-529964578
and follow-up comments.
Peter Wu [Sun, 20 Oct 2019 17:10:31 +0000 (18:10 +0100)]
resolved: fix connection failures with TLS 1.3 and GnuTLS
Prefer TLS 1.3 before TLS 1.2 for DNS-over-TLS support, otherwise
servers compliant with RFC 8446 might end up agreeing TLS 1.2 plus a
downgrade signal which is not expected by GnuTLS clients. This manifests
in the following error:
Failed to invoke gnutls_handshake: An illegal parameter has been received.
Fixes: #13528 Fixes: v242-962-g9c0624dcdb ("resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS")
logind: fix emission of PropertiesChanged for users
The same as parent commit, but users. This is the third and last
foo_object_find() function in logind, so I think that this particular
family of bugs is finally squashed.
logind: fix emission of PropertiesChanged on seats
The story is the same as in 471cffcfb0e005b7c4044b3b52cc4f25d217efac:
device_attach() → seat_send_changed() → sd_bus_emit_properties_changed_strv()
→ emit_properties_changed_on_interface() → node_vtable_get_userdata()
→ seat_object_find(), which returns 0 because message == NULL.
But when we are emitting a signal, message is always NULL. Removing the
overeager check and assert in the called function allow the signal to be
emitted.
udev: tag any display devices as master-of-seat when nomodeset is used
Fixes #13773. See also https://bugzilla.redhat.com/show_bug.cgi?id=1728240,
https://github.com/sddm/sddm/issues/1204.
When nomodeset is used on the kernel command line, there is no graphics
device that the kernel knows, so we don't tag anything as master-of-seat,
and seat0 has CanGraphical=no.
Dan Streetman [Thu, 17 Oct 2019 15:06:18 +0000 (11:06 -0400)]
test: correct TEST-41 StartLimitBurst test
TEST-41 verifies that the StartLimitBurst property will correctly
limit the number of unit restarts, but the test currently doesn't
adjust the StartLimitIntervalSec which defaults to 10 seconds.
On Ubuntu CI, running under un-accelerated qemu, it can take more than
10 seconds to perform all 3 restarts, which avoids the burst limit,
and fails the test.
Instead, specify a long StartLimitIntervalSec in the test, so we can
be sure to correctly test StartLimitBurst even on slow testbeds.
systemd-fsck: fix systemd-fsck/fsck pipe bad closure
Currently, when console is disabled but progress is tracked, pipe opened
for communication between systemd-fsck and fsck may be closed
inadvertently (when opening of /dev/console return in error). That lead
to finish fsck prematurely (because it receives a SIGPIPE) and so fsck
may not check correctly filesystems and do not have time to fix memory
corruptions.
This commit changes the opening of /dev/console to be done previously to
pipe creation and so fix the bug described just above.
Aaron Plattner [Thu, 17 Oct 2019 19:56:15 +0000 (12:56 -0700)]
coredump: Include module offsets in stack traces
These offsets can be useful to decode stack traces through modules that don't
have symbol names. For example, with a simple test that crashes after calling
through several static functions, systemd-coredump reports this:
Oct 17 : Process 640333 (a.out) of user 1000 dumped core.