HATAYAMA Daisuke [Wed, 18 Dec 2019 03:01:42 +0000 (22:01 -0500)]
man: describe "symlink" and "systemctl link" explicitly in UNIT FILE LOAD PATH
There are sometimes users who put unit files in a location that is inaccessible
when systemd starts although they are not found and thus not started because
the corresponding mount units have not activated yet.
There is already a warning for such issue in man 8 systemctl:
link PATH...
...<snip>...
The file system where
the linked unit files are located must be accessible
when systemd is started (e.g. anything underneath /home
or /var is not allowed, unless those directories are
located on the root file system).
However, it looks that it's difficult to find the warning because introductory
users typically doesn't know systemctl link.
Although there is a description in UNIT FILE LOAD PATH pointing to systemctl
link, symlink is now not explicitly mentioned there and thus users doesn't
easily get aware of they should read it.
To deal with this, let's describe "symlink" and "systemctl link" more
explicitly in UNIT FILE LOAD PATH.
core: be more restrictive on the dependency types we allow to be created transiently
We should allow the ones that the [Unit] section of regular unit files
may accet, but no other, in particular not the internal deps we
synthesize as reverse of explicitly configured ones, such was WantedBy=.
core: propagate service state to socket in more load states
It makes sense to filter state changes for some load states that
shouldn't happen, but the common cases should be accepted, because they
might happen during runtime when "systemctl daemon-reload" is issued and
unit files changed state in between. Otherwise we lose events.
Thomas Schmitt [Mon, 6 Jan 2020 07:10:32 +0000 (15:10 +0800)]
udev: don't import parent ID_FS_ data on partitions
When probing partitions, we inherit important information from the parent
disk device such as ID_MODEL, and usage of such properties is seen to
be acceptable and well established.
However, we need to exclude filesystem information from the properties
that get inherited. Information about the device content should not be
passed on in this way.
For example, Linux distro install media commonly uses an ISO filesystem
plus a partition table. The ISO filesystem is detected on the main disk
device, but we should not pass down those details to the partitions,
some or all of which may be pointing at storage areas completely distinct
from the ISO filesystem.
This is particularly problematic when adding new partitions on media
set up in this way (since the new partitions are then reported to contain
the parent device's ISO filesystem), or when dealing with more unusual
hybrid ISO layouts. The inaccuracy of information here inversely affects
users of blkid and udev's persistent storage symlinks.
Exclude ID_FS_* properties from the inheritance chain to avoid these
problems.
Latest meson doesn't work with older python 3.5, which is present on
Ubuntu 16.04. Let's pin in to the latest working version (0.52.1) until
we properly bump all necessary Ubuntu images to 18.04.
doc: tweak grammar in CONTAINER_INTERFACE description
The only non-stylistic change is to replace descriptions of how we are
encouraging people to use PrivateTmp= and such, because now they are widely
used.
shared/sleep-config: make swap detection stricter again
To make this easier to understand, let's always log (at debug level)
when we accept or reject each device:
/swapfile: detection of swap file offset on Btrfs is not supported
/swapfile: is a candidate device.
/dev/zram0: ignoring zram swap
/dev/vdb: ignoring device with lower priority
/dev/vdc: ignoring device with lower usable space
...
If we know that hibernation will fail, refuse. This includes cases where
/sys/power/resume is set and doesn't match any device, or
/sys/power/resume_offset is set and we're not on btrfs and it doesn't match.
If /sys/power/resume is not set at all, we still accept the device with the
highest priority (see 6d176522f5480ea9e9a83de5ef5ea5e0d95b79cb and 88bc86fcf895da0d51ddaf93d17b4280f4e60d74)
Tested cases:
1. no swap active → refuse
2. just zram swap active → refuse
3. swapfile on btrfs with /sys/power/resume{,_offset} set → OK
4. swapfile on btrfs with /sys/power/resume set, offset not set → refuse
5. swapfile on btrfs with /sys/power/resume set to nonexistent device, offset set → refuse
6. /sys/power/resume not set, offset set, candidate exists → OK (*)
7. /sys/power/resume not set, offset not set, candidate exists → OK
(*) I think this should fail, but I'm leaving that for the next commit.
Iain Lane [Tue, 7 Jan 2020 14:33:29 +0000 (14:33 +0000)]
units: Split modprobing out into a separate service unit
Devices referred to by `DeviceAllow=` sandboxing are resolved into their
corresponding major numbers when the unit is loaded by looking at
`/proc/devices`. If a reference is made to a device which is not yet
available, the `DeviceAllow` is ignored and the unit's processes cannot
access that device.
In both logind and nspawn, we have `DeviceAllow=` lines, and `modprobe`
in `ExecStartPre=` to load some kernel modules. Those kernel modules
cause device nodes to become available when they are loaded: the device
nodes may not exist when the unit itself is loaded. This means that the
unit's processes will not be able to access the device since the
`DeviceAllow=` will have been resolved earlier and denied it.
One way to fix this would be to re-evaluate the available devices and
re-apply the policy to the cgroup, but this cannot work atomically on
cgroupsv1. So we fall back to a second approach: instead of running
`modprobe` via `ExecStartPre`, we move this out to a separate unit and
order it before the units which want the module.
testsuite: drop "systemctl is-system-running --wait" invocation
We wait for "basic.target" being reached in the user instance anyway
before allowing the user's session to start, hence doing such a wait is
unnecessary, since that would just mean we'd wait for "default.target"
on top of "basic.target", but we shouldn#t need anything of that...
The name is not as universal as we want, still, hence let's use our own
user we create with sysusers.d/. That should yield same behaviour
everywhere (and also test sysusers a bit as side effect).
let's make sure we always invoke our commands through /bin/sh, since
on some distros su will use /bin/nologin (or whatever is listed in
/etc/passwd) as shell otherwise and we don#t want that.
Zach Smith [Sat, 7 Dec 2019 00:37:22 +0000 (16:37 -0800)]
systemd-sleep: always attempt hibernation if configured
When calculation of swap file offset is unsupported, rely on the
/sys/power/resume & /sys/power/resume_offset values if configured
rather than requiring a matching swap entry to be identified.
Refactor to use dev_t for comparison of resume= device instead of string.
Kevin Kuehler [Tue, 19 Nov 2019 21:43:58 +0000 (13:43 -0800)]
job: Don't mark as redundant if deps are relevant
In the steps given in #13850, the resulting graph looks like:
C (Anchor) -> B -> A
Since B is inactive, it will be flagged as redundant and removed from
the transaction, causing A to get garbage collected. The proposed fix is
to not mark nodes as redundant if doing so causes a relevant node to be
garbage collected.