This addresses an issued introduced by 278e815bfa3e4c2e3914e00121c37fc844cb2025, which dropped the a dependency
from user@.service systemd-user-sessions.service without replacement.
While dropping that dependency does make sense, it should have been
replaced with the weaker dependency on systemd-logind.service, hence fix
that now.
user@.service is after all a logind concept, hence logind really should
be around for its lifetime.
systemd-user-sessions.service is a later milestone that only really
should apply to regular users (not root), hence it's too strong a
requirement.
Daan De Meyer [Fri, 28 Jun 2024 18:12:51 +0000 (20:12 +0200)]
Use read_full_file_full() in read_smbios11_field()
read_virtual_file() will only read up to page size bytes of data
from /sys/firmware/dmi/entries/.../raw so let's use read_full_file_full()
instead to make sure we read all data.
This should be safe since smbios11 data can be considered immutable
during the lifetime of the system.
Various of our tools operate on block devices, and it's not always
obvious to know which block devices are actually appropriate for use.
Hence, let's add a helper that allows to list block devices, and
supports some limited filtering.
rhellstrom [Thu, 27 Jun 2024 08:00:00 +0000 (11:00 +0300)]
Conditional PSI check to reflect changes done in 5.13
cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'.
Luca Boccassi [Sat, 29 Jun 2024 17:31:23 +0000 (18:31 +0100)]
core: try again bind mounting if the destination was already created
If the destination mount point is on a shared filesystem and is
missing on the first attempt, we try to create it, but then
fail with -EEXIST if something else created it in the meanwhile.
Enter the retry logic on EEXIST, as we can just use the mount
point if it was already created.
Daan De Meyer [Sat, 29 Jun 2024 13:27:02 +0000 (15:27 +0200)]
mkfs-util: Set sector size for btrfs as well
btrfs used to default the sector size to the page size and didn't
support anything else. Since 6.7, it defaults to 4K and using 4K
makes the filesystem compatible with all page sizes. So let's make
sure we use minimum 4K as well (lower causes failures on systems with
a 4K page size) but still allow larger sector sizes if specified by
the user.
Mike Yuan [Fri, 28 Jun 2024 13:32:33 +0000 (15:32 +0200)]
core/unit: follow merged units before updating SourcePath= timestamp too
Currently, we only follow merged units for unit_load_dropin() call.
But if the unit is an alias, we should always perform operations
on the "canonical" unit.
nscd is known to be racy [1] and it was already deprecated and later dropped in
Fedora a while back [1,2]. We don't need to support obsolete stuff in systemd,
and the cache in systemd-resolved provides a better solution anyway.
Daan De Meyer [Fri, 28 Jun 2024 14:22:15 +0000 (16:22 +0200)]
TEST-54-CREDS: Use UEFI firmware if available
On aarch64, SMBIOS is only available when using UEFI, so let's make
sure that the creds test uses UEFI when available so that it can
read creds from SMBIOS when running in a virtual machine.
Daan De Meyer [Fri, 28 Jun 2024 14:21:51 +0000 (16:21 +0200)]
TEST-18-FAILUREACTION: Set auto firmware
This test runs in nspawn by default but will still run in qemu when
tests are run unprivileged so make sure we use UEFI if available to
avoid hangs when using the linux firmware.
Daan De Meyer [Fri, 28 Jun 2024 14:19:38 +0000 (16:19 +0200)]
TEST-09-REBOOT: Set auto firmware
This test runs in nspawn by default but will still run in qemu when
tests are run unprivileged so make sure we use UEFI if available to
avoid hangs when using the linux firmware.
Daan De Meyer [Fri, 28 Jun 2024 13:28:16 +0000 (15:28 +0200)]
TEST-70-TPM2: Use UEFI firmware if available
On x86 this doesn't matter but on aarch64 we need to make sure UEFI
is used so that /sys/kernel/security/tpm0/binary_bios_measurements
is there which is required for TEST-70-TPM2.
Mike Yuan [Wed, 5 Jun 2024 18:45:12 +0000 (20:45 +0200)]
core: do not set up cgroup runtime on coldplug
Currently, unit_setup_cgroup_runtime() is called in
various _coldplug() functions if the unit is not inactive.
That seems unnecessary though, and kinda defeats the purpose
of CGroupRuntime. If we need to fork off a process for the unit
or got something during deserialization, the CGroupRuntime
would be automatically set up by unit_prepare_exec() /
cgroup_runtime_deserialize_one(). Otherwise it would mean
the cgroup doesn't exist and we don't need to allocate
that in the first place.
Plus, note that socket units might also carry a cgroup with
ExecStartPre=/ExecStartPost=/... Hence the existing code
is really inconsistent.
Mike Yuan [Sat, 1 Jun 2024 23:50:09 +0000 (07:50 +0800)]
core: unify reset_accounting handling
Since the introduction of CGroupRuntime, there's no need
to call *_reset_accounting in unit_new(), hence make those
static. While at it, refrain from hardcoding default values
in cgroup_runtime_new(), but call the corresponding funcs.
This also corrects the default value of io_accounting_base.
Mike Yuan [Wed, 19 Jun 2024 19:07:07 +0000 (21:07 +0200)]
core/cgroup: call bpf_firewall_close in cgroup_runtime_free
No functional change, just deduplicate default values
in cgroup_runtime_free() and remove pointless call in
unit_free() (at the time it's called the CGRuntime has
been destroyed already).
It turns out OverlayFS doesn't handle gracefully when the same source is
specified multiple times in lowerdir= and it fails with ELOOP:
Failed to mount overlay (type overlay) on /run/systemd/mount-rootfs/opt (MS_RDONLY "lowerdir=/run/systemd/unit-extensions/1/opt:/run/systemd/unit-extensions/0/opt:/run/systemd/mount-rootfs/opt"): Too many levels of symbolic links
This happens even if we mount each image in a different internal mount
path, as OverlayFS will resolve it and look for the backing device, which
will be the same device mapper entity, and return a hard error.
This error does not appear if dm-verity is not used, so it is very
confusing for users, and unnecessary.
When mounting ExtensionImages, check if an image is dm-veritied,
and drop duplicates if the root hashes match, to avoid this user-unfriendly
hard error.
LICENSES/README: expand text to summarize state for binaries and libs
We would say how *sources* are licensed, but actually most user care about the
resulting binaries. So say how the *binaries* are licensed. I used the word
"effectively" because the permissive licenses don't set any requirements on the
binaries, so the license of sources is a complex mix, but the resulting
binaries have a simple effective license.
Also, make it clear that the GPLv2 license applies to udev programs, but not
the shared library. Based on private correspondence, there's some confusion
about this.
Daan De Meyer [Fri, 28 Jun 2024 10:50:49 +0000 (12:50 +0200)]
TEST-64-UDEV-STORAGE: Use bus pci slot 1 instead of 0
Trying to use bus pci slot 0 fails on aarch64 so let's use 1 instead.
The error:
"""
qemu-system-aarch64: -device virtio-blk-pci,drive=drive0,scsi=off,bus=pci_bridge25: Unsupported PCI slot 0 for standard hotplug controller. Valid slots are between 1 and 31.
"""
It's the same old story: 'struct sd_bus' is generally instantiated once, so
bitfields, for which we pay with more complicated code in all users of this
struct, are counterproductive. In some progs the structure may be instantiated
a few times, but it's still not worth it because we save a few bytes of memory
in one place and pay for this with many more bytes in the code.
$ size build/libsystemd.so.0.39.0{.orig,}
text data bss dec hex filename 2452757 65376 3768 2521901 267b2d build/libsystemd.so.0.39.0.orig 2451669 65376 3768 2520813 2676ed build/libsystemd.so.0.39.0
$ diff -u <(pahole build/libsystemd.so.0.39.0.orig) <(pahole build/libsystemd.so.0.39.0)
...
- /* size: 1960, cachelines: 31, members: 105 */
- /* sum members: 1944, holes: 3, sum holes: 9 */
- /* sum bitfield members: 25 bits, bit holes: 2, sum bit holes: 31 bits */
+ /* size: 1984, cachelines: 31, members: 105 */
+ /* sum members: 1971, holes: 4, sum holes: 13 */
/* member types with holes: 1, total: 1 */
i.e. 2452757 - 2451669 = 1088 extra bytes of code and slower execution, to save
24 bytes of memory per instance of the struct. (But the number of cachelines
doesn't change, so the smaller struct most likely has no effect on memory
access, and the alignment of the struct most likely means that the memory
saving is illusory too, we just end up with a few bytes of padding after the
struct.)
In the other structs, the alignment prevent the bitfield for having any effect
on memory use, but the compiler would still generate more complicated code,
i.e. we pay something for nothing.
/* size: 40, cachelines: 1, members: 6 */
- /* sum members: 36, holes: 1, sum holes: 3 */
- /* sum bitfield members: 1 bits, bit holes: 1, sum bit holes: 7 bits */
+ /* sum members: 37, holes: 1, sum holes: 3 */
/* last cacheline: 40 bytes */
};
I kept the bitfield in sd_bus_slot because it prevents the struct from growing
from 112 to 120 bytes by reducing the alignment requirement for subsequent
fields, and we potentially can have this instantiated many times.
sd-bus: simplify handling of 'types' in convenience methods
The arg types==NULL has different meanings for different functions. Some
functions like sd_bus_message_appendv() require a non-null param and treat "" as
"no data". Other functions like sd_bus_skip() treat null as "process one item",
while the convenience functions treat NULL the same as "". So I think it's
reasonable to make the convenience functions handle NULL explicitly, separately
from "". That way the logical separation of concerns is clearer, and e.g.
sd_bus_message_appendv() handles all non-null strings, while e.g.
sd_bus_call_methodv() doesn't look into the string at all.
Daan De Meyer [Fri, 28 Jun 2024 07:58:56 +0000 (09:58 +0200)]
meson: Drop genkey target
In mkosi.images/system/mkosi.conf, we configure the certificate as
an extra tree so it's available inside the image. However, we pick up
the certificate from the top level repository directory and not from the
build directory where it is generated by the genkey meson target.
We currently have no way to access the build directory that mkosi was
invoked from when parsing the configuration file. Thus we have no way to
specify the correct location to the certificate when it's located in the
build directory.
For now, let's look for the key and certificate in the top level repository
root directory and drop the genkey target.
We don't have to change the Github Actions CI because it already runs genkey
manually before the image build (which is something we forgot to remove when
introducing the genkey target and is the reason this didn't cause issues before).
stub: don't mangle command line if we got it as array
There are two ways to get the command line: from the EFI shell,
preparsed, already split at whitespace. This we just combine with
spaces, since kernel wants it as one string.
And as one command line blob which is how we are invoked otherwise and
which comes with all kinds of whitespace quite likely.
Let's only strip leading and trailing whitespace in the latter case,
given it's likely the concatenation of whitespace separated strings
generated by shell scripts and such. But let's not strip it we already
received a preparsed array.
Update the man page of tmpfiles.d to remove outdated comments regarding the behavior of ownership with symlinks.
The behavior has been changed in this commit 51207ca134716a0dee5fd763a6c39204be849eb1
Daan De Meyer [Thu, 27 Jun 2024 10:08:51 +0000 (12:08 +0200)]
mkosi: Switch back to btrfs
Now that we're running on Noble instead of Jammy btrfs has the temp_fsid
feature which means we can mount the same image multiple times so let's
switch back to btrfs instead of ext4 as the filesystem as btrfs properly
records timestamps when building filesystems from a root directory unlike
ext4.
Kamil Szczęk [Sat, 11 May 2024 08:42:14 +0000 (10:42 +0200)]
cryptsetup: allow customizing cache behavior
The new "password-cache" option allows customizing behavior of the
ask-password module in regards to caching credentials in the kernel
keyring. There are 3 possible values for this option:
* read-only - look for credentials in kernel keyring before asking
* on - same as read-only, but also save credentials input by user
* off - disable keyring credential cache
Currently the cache is forced upon the user and this can cause issues.
For example, if user wants to attach two volumes with two different
FIDO2 tokens in a quick succession, the attachment operation for the
second volume will use the PIN cached from the first FIDO2 token, which
of course will fail and since tokens are only attempted once, this will
cause fallback to a password prompt.
Kamil Szczęk [Wed, 5 Jun 2024 18:50:21 +0000 (20:50 +0200)]
cryptsetup: make key discovery more robust
Currently, if user doesn't specify a key file, /etc/cryptsetup-keys.d/
and /run/cryptsetup-keys.d/ will be searched for a key file with name
matching the volume name. But current implementation has an important
flaw. When the auto-discovered key is a socket file - it will read the
key only once, while the socket might provide different keys for
different types of tokens. The issue is fixed by trying to discover the
key on each unlock attempt, this way we can populate the socket bind
name with something the key provider might use to differentiate between
different keys it has to provide.
hostnamed: make sure we can actually properly parse 'allowInteractiveAuthentication' varlink parameter
If people want they should be able to turn on this flag, to allow
interactive auth. Let's make sure this actually works. i.e. add it to
the introspection data and don't refuse the parameter in Describe().
(note the varlink handling already does parameter validation through
varlink_dispatch(), hence we can just drop any further validation)
hostnamed: if polkit authentication fails for Varlink Describe() call, don't reply to client with an error
The logic of the Describe() call was supposed to be: if we can acquire
the PK priv to get the product UUID then let's return the product UUID,
and if we cannot then return the data without it.
This didn't work however, since the polkit varlink glue would
immediately propagate the error it acquired from polkit its own client.
Let's turn this off, optionally, so that hostnamed can handle this
nicely.
varlink: add helper that adds a connection via stdio to a varlink server
This adds varlink_server_add_connection_stdio() as wrapper around
varlink_server_add_connection_pair(), that steals stdin/stdout fds and
turns them into a varlink connection. To be safe it replaces
stdin/stdout with /dev/null fds.
varlink: support varlink communication via distinct input/output fds
When invoking another process via a pair of pipes it makes sense to
allow reading from one fd, and writing from another. Teach our varlink
code to do so optionally.
(sd-bus supports something similar, fill the gap).
This is preparation for a later commit that uses this to talk to remote
SSH invocations via pipes.
Florian Schmaus [Wed, 26 Jun 2024 12:37:52 +0000 (14:37 +0200)]
core/exec-invoke: use sched_setattr instead of sched_setscheduler
The kernel's sched_setattr interface allows for more control over a processes
scheduling attributes as the previously used sched_setscheduler interface.
Using sched_setattr is also the prerequisite for support of utilization
clamping (UCLAMP [1], see #26705) and allows to set sched_runtime. The latter,
sched_runtime, will probably become a relevant scheduling parameter of the
EEVDF scheduler [2, 3], and therefore will not only apply to processes
scheduled via SCHED_DEADLINE, but also for processes scheduled via
SCHED_OTHER/SCHED_BATCH (i.e., most processes).
projects / thirdparty / systemd.git / log
