core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.
Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.
core: add a generic helper that forwards per-unit method calls from Manager
Quite often we have a method DoSomethingWithUnit() on the Manager object
that is the same as a function DoSomething() on a Unit object. Let's
shorten things by introducing a common function that forwards the
former to the latter, instead of writing this again and again.
let's use sd_notifyf(). Let's also stop validating the session ID here.
This is the destructor. if it contains a dash, we are already too late
here anyway.
Chris Morin [Thu, 14 Mar 2019 18:24:52 +0000 (11:24 -0700)]
journal-remote: use source's boot-id
systemd-journal-remote always wrote the boot-id of the device it was running on
to the header of its journal files. When the source had a different boot-id
(because it was generated on a different boot, or a different device), the
boot-ids in the file were inconsistent. The _BOOT_ID field was that of the
source, but the journal file header and each entry object header were that of
the device systemd-journal-remote ran on. This breaks journalctl --list-boots
on any of these files.
Set the boot-id in the header to be that of the source. This also fixes the
entry object headers.
Let's also avoid strjoina() in a loop (i.e. stack allocation). While in
this specific caseone could get away with it (since we'd immediately
afterwards leave the loop) it's still ugly, and every static checker
would be totally within its rights to complain.
Also, let's simplify things by not relying on argc, since it's redundant
anyway, and it's nicer to just treat things as NULL terminated strv
array.
In particular, let's not use gotos that jump up, i.e. are loops. gotos
that jump down for the purpose of clean-up are cool, but using them for
loops is evil.
man: refer to innermost directory as innermost, not as "lowest"
Let's avoid confusion whether the root is at the top or of the bottom of
the directory tree. Moreover we use "innermost" further down for the
same concept, so let's stick to the same terminology here.
meson: stop creating enablement symlinks in /etc during installation
This patch was initially prompted by a report on a Fedora update [1], that the
upgrade causes systemd-resolved.service and systemd-networkd.service to be
re-enabled. We generally want to preserve the enablement of all services during
upgrades, so a reset like this is not expected.
Both services declare two symlinks in their [Install] sections, for their dbus
names and for multi-user.target.wants/. It turns out that both services were
only partially enabled, because their dbus unit symlinks
/etc/systemd/system/dbus-org.freedesktop.{resolve1,network1}.service were
created, by the symlinks in /etc/systemd/system/multi-user.target.wants/ were
not. This means that the units could be activated by dbus, but not in usual
fashion using systemctl start. Our tools make it rather hard to figure out when
something like this happens, and it is definitely an area for improvement on its
own. The symlink in .wants/ was filtered out by during packaging, but the dbus
symlink was left in (I assume by mistake).
Let's simplify things by not creating the symlinks statically during 'ninja
install'. This means that the units shipped by systemd have to be enabled in
the usual fashion, which in turns means that [Install] section and presets
become the "single source of truth" and we don't have two sets of conflicting
configuration.
Let's consider a few cases:
- developer: a developer installs systemd from git on a running system, and they
don't want the installation to reset enablement of anything. So this change is
either positive for them, or has no effect (if they have everything at
defaults).
- package creation: we want to create symlinks using 'preset-all' and 'preset'
on upgraded packages, we don't want to have any static symlinks. This change
will remove the need to filter out symlinks in packaging and of course fix
the original report.
- installation of systemd from scratch: this change means that without
'preset-all' the system will not be functional. This case could be affected
negatively by this change, but I think it's enough of a corner case to accept
this. In practice I expect people to build a package, not installl directly
into the file system, so this might not even matter in practice.
Creating those symlinks was probably the right thing in the beginning, but
nowadays the preset system is very well established and people expect it to
be honoured. Ignoring the presets and doing static configuration is not welcome
anymore.
Note: during package installation, either 'preset-all' or 'preset getty@.service
machines.target remote-cryptsetup.target remote-fs.target
systemd-networkd.service systemd-resolved.service
systemd-networkd-wait-online.service systemd-timesyncd.service' should be called.
Yu Watanabe [Sun, 31 Mar 2019 15:24:25 +0000 (00:24 +0900)]
network: do not abort execution when NetDev.Name= conflicts
This also changes that .netdev files are loaded in ascending order.
Otherwise, when NetDev.ifname= setting conflicts with other .netdev file,
then .netdev file with large prefix number wins.