We have the problem that many early boot or late shutdown issues are harder
to solve than they could be because we have no logs. When journald is not
running, messages are redirected to /dev/kmsg. It is also the time when many
things happen in a rapid succession, so we tend to hit the kernel printk
ratelimit fairly reliably. The end result is that we get no logs from the time
where they would be most useful. Thus let's disable the kernels ratelimit.
Once the system is up and running, the ratelimit is not a problem. But during
normal runtime, things also log to journald, and not to /dev/kmsg, so the
ratelimit is not useful. Hence, there doesn't seem to be much point in trying
to restore the ratelimit after boot is finished and journald is up and running.
See kernel's commit 750afe7babd117daabebf4855da18e4418ea845e for the
description of the kenrel interface. Our setting has lower precedence than
explicit configuration on the kenrel command line.
"ratelimit" is a real word, so we don't need to use the other form anywhere.
We had both forms in various places, let's standarize on the shorter and more
correct one.
!r is the same r == 0, so this was short-circuiting the comparison when
streq(a->iff, b->iff) or streq(a->off, b->off). Before the parent commit which
moved those comparisons to the end, this was short-circuiting quite a bit
of the comparison function.
Anita Zhang [Wed, 21 Aug 2019 00:39:38 +0000 (17:39 -0700)]
core: add ExecXYZEx= bus hook ups to all exec command properties
The "Ex" variant was originally only added for ExecStartXYZ= but it makes
sense to have feature parity for the rest of the exec command properties
as well (e.g. ExecReload=, ExecStop=, etc).
It is natural that n_attiributes is less than type. But in that case,
the message does not contain any message about the type. So, we should
not abort execution with assertion, but just return -ENODATA.
tty-ask-pwd-agent: fix message forwarded to wall(1)
Commit a1c111c2d12429d2 wrongly replaced '!' with ':' when the message is
forwarded to wall(1).
Indeed in this case we are not requesting the user for providing a password but
instead we are simply displaying a message to suggest starting
tty-ask-password-agent for providing the password.
During the rework of unit file loading, commit e8630e695232bdfc dropped the
initialization u->source_mtime. This had the bad side effect that generated
units always needed daemon reloading.
basic/conf-files: make conf_files_list() take just a single directory
This function had two users (apart from tests), and both only used one
argument. And it seems likely that if we need to pass more directories,
either the _nulstr() or the _strv() form would be used. Let's simplify
the code.
Update logging a bit: drop logging of the pid, nowadays pid1 and journald
do a very good job of logging that. Always log about failure to open audit
fd, but at DEBUG_LEVEL if not important.
Benjamin Gilbert [Wed, 11 Sep 2019 03:23:59 +0000 (23:23 -0400)]
mount-setup: relabel items mentioned directly in relabel-extra.d
relabel_extra() relabels the descendants of directories listed in
relabel-extra.d, but doesn't relabel the files or directories
explicitly named there. This makes it impossible to use
relabel-extra.d to relabel the root of a filesystem. Fix by
relabeling the named items too.
Yu Watanabe [Wed, 28 Aug 2019 13:42:33 +0000 (22:42 +0900)]
network: do not create default route for ipv4 link local addressing
When nspawn container with private network starts, networkd creates
the default route for the interface. The route may cause problem on
the host side, and it can be created with DefaultRouteOnDevice= now.
Hence, this makes networkd not create the route implicitly any more.
polkit: change "revert settings" to "reset settings"
"reset" is more understandable. The verb is "revert", but it might actually be
better to have a description which uses different words instead of duplicating
the name of the command.
oss-fuzz.sh: stop downloading the skia seed corpus
When the fuzz target was integrated, it was added as a stopgap
to get fuzz-json up and running. It served its purpose and can
safely be removed to prevent tools/oss-fuzz.sh from failing with
```
+wget -O /home/travis/build/systemd/systemd/out/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
--2019-09-10 22:40:44-- https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
Resolving storage.googleapis.com (storage.googleapis.com)... 74.125.70.128, 2607:f8b0:4001:c05::80
Connecting to storage.googleapis.com (storage.googleapis.com)|74.125.70.128|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2019-09-10 22:40:44 ERROR 403: Forbidden.
```
Ideally we should put our seed corpus somewhere and download it from there
but I haven't got round to it.
travis: switch to the latest version of the fuzzit CLI
I was informed that fuzzit-1.1 is going to be deprecated soon. Generally
the latest version isn't recommened because it's still in beta and theoretically
might be backwards incompatible but let's try rolling forward to avoid PRs
like this going forward. We can always roll it back :-)
Fabian Henneke [Wed, 21 Aug 2019 09:17:59 +0000 (11:17 +0200)]
udev: Add id program and rule for FIDO security tokens
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.
This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.
lxc-create has been failing to download the image today with
```
+ sudo lxc-create -n buster-amd64 -t download -- -d debian -r buster -a amd64
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: buster-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: buster-amd64: tools/lxc_create.c: main: 327 Failed to create container buster-amd64
```
Let's try another keyserver.
journal: Make the output of --update-catalog deterministic
The use of an unordered hashmap means that the output of
'journalctl --update-catalog' differs between runs despite there being no
changes in the input files.
By changing all instances of Hashmap to OrderedHashmap we fix this, and now
the catalog is reproducible.
Motivation: https://reproducible-builds.org
Signed-off-by: Daniel Edgecumbe <git@esotericnonsense.com>
travis: protect the systemd organization on Fuzzit from forks
Now that v243 is out, the script has been pulled by forks that are
activated on Travis CI. As a result, all those forks have started to send
their fuzzers to Fuzzit inadvertantly consuming our CPUs along the way.
Let's prevent this by bailing out early if the script is run outside of
the systemd repository.
Hans de Goede [Thu, 5 Sep 2019 12:16:12 +0000 (14:16 +0200)]
hwdb: Mark lis3lv02d sensors in HP laptops as being in the base
The lis3lv02d sensor used in many HP laptops is (almost) always intented
primarily for freefall detection / HDD protection and (almost) always
is located in the base of a classic clamshell laptop
Before we had the ACCEL_LOCATION udev property the issues this caused
with screen-rotation were fixed by applying a mount-matrix which
translates base-coordinates to display-coordinates assuming the display
is at an angle of exact 90 degrees to the base (swap Y and Z axis).
The comment calls this translate "from "can play neverball" to
"matches Windows 8 orientation"" but what it really does is translate
base accel-axis to display accel-axis. Thus allows rotating the screen
if you put the laptop on its side, but no-one normally does that with
a 2Kg clamshell laptop.
The obviously correct thing to do on classic clamshell laptops (not 2-in-1s)
is to disable automatic screen rotation. This commit marks the accelerometer
in these laptops as being part of the base, which will make iio-sensor-proxy
disable automatic screen rotation.
This commit also removes the orientation-matrix since the unmodified coordinates
coming from the sensor are oriented correctly for a sensor in the base.
Also see the "Bad accelerometer values cause incorrect screen rotation"
systemd-devel mail-thread from September 2019.