in_initrd() was really doing two things: checking if we're in the initrd, and
also verifying that the initrd is set up correctly. But this second check is
complicated, in particular it would return false for overlayfs, even with an
upper tmpfs layer. It also doesn't support the use case of having an initial
initrd with tmpfs, and then transitioning into an intermediate initrd that is
e.g. a DDI, i.e. a filesystem possibly with verity arranged as a disk image.
We don't need to check if we're in initrd in every program. Instead, concerns
are separated:
- in_initrd() just does a simple check for /etc/initrd-release.
- When doing cleanup, pid1 checks if it's on a tmpfs before starting to wipe
the old root. The only case where we want to remove the old root is when
we're on a plain tempory filesystem. With an overlay, we'd be creating
whiteout files, which is not very useful. (*)
This should resolve https://bugzilla.redhat.com/show_bug.cgi?id=2137631
which is caused by systemd refusing to treat the system as an initrd because
overlayfs is used.
(*) I think the idea of keeping the initrd fs around for shutdown is outdated.
We should just have a completely separate exitrd that is unpacked when we want
to shut down. This way, we don't waste memory at runtime, and we also don't
transition to a potentially older version of systemd. But we don't have support
for this yet.
As described in the reverted commit, we don't want to get rid of the check
completely. But the check requires opting-in by setting SYSTEMD_IN_INITRD=lenient,
which is cumbersome and doesn't seem to actually happen.
https://bugzilla.redhat.com/show_bug.cgi?id=2137631 is caused by systemd refusing
to treat the system as an initrd because overlayfs is used. Let's revert this
approach and do something that doesn't require opt-in instead.
I don't think it makes sense to keep support for "SYSTEMD_IN_INITRD=lenient" or
"SYSTEMD_IN_INITRD=auto". To get "auto" behaviour, just unset the option. And
"lenient" will be reimplemented as a better check. Thus the changes to the
option interface are completely reverted.
Khem Raj [Tue, 8 Nov 2022 20:21:35 +0000 (12:21 -0800)]
networkd-ipv4acd.c: Use net/if.h for getting IFF_LOOPBACK definition
This helps in avoiding compiling errors on musl. Definition of
IFF_LOOPBACK is the reason for including linux/if_arp.h, this however
could be obtained from net/if.h glibc header equally and makes it
portable as well.
The name "def.h" originates from before the rule of "no needless abbreviations"
was established. Let's rename the file to clarify that it contains a collection
of various semi-related constants.
basic: move a bunch of cmdline-related funcs to new argv-util.c+h
I wanted to move saved_arg[cv] to process-util.c+h, but this causes problems:
process-util.h includes format-util.h which includes net/if.h, which conflicts
with linux/if.h. So we can't include process-util.h in some files.
But process-util.c is very long anyway, so it seems nice to create a new file.
rename_process(), invoked_as(), invoked_by_systemd(), and argv_looks_like_help()
which lived in process-util.c refer to saved_argc and saved_argv, so it seems
reasonable to move them to the new file too.
util.c is now empty, so it is removed. util.h remains.
meson: add version.h as dependency to more targets
version.h can be generated after compilation starts, creating a race condition
between compilation of various .c files and creation of version.h. Let's add it
as a dependency to more build targets that require version.h or build.h.
So far we played whack'a'mole by adding versiondep whenever compilation failed.
In principle any target which includes compilation (i.e. any that has .c
sources directly), could require this. I don't understand why we didn't see
more failures… But it seems reasonable to just add the dependency more widely.
basic: create new basic/initrd-util.[ch] for initrd-related functions
I changed imports of util.h to initrd-util.h, or added an import of
initrd-util.h, to keep compilation working. It turns out that many files didn't
import util.h directly.
When viewing the patch, don't be confused by git rename detection logic:
a new .c file is added and two functions moved into it.
It's a bit silly to have a separate file that one short test, but this is the
last part of the test code that is misplaced, and here consistency beats
brevity.
sd-journal: make prot_from_flags() static and rename
The function had just one caller and a name that didn't explain much.
Let's make it static and rename for clarity.
While at it, the only caller was not doing error handling correctly
— the function would potentially return a negative error value which
wasn't handled. In practice this couldn't happen, but let's remove
this ambiguity.
semaphore: remove the Semaphore repositories recursively
The list of disabled repositories was recently converted from a single
file into a directory with separate repository files, so let's adjust
the setup script accordingly.
```
$ ls -lR /etc/apt/sources.list.d/
/etc/apt/sources.list.d/:
total 36
-rw-r--r-- 1 root root 76 Nov 3 10:28 azure-cli.list
-rw-r--r-- 1 root root 72 Nov 3 10:22 bazel.list
drwxr-xr-x 2 root root 4096 Nov 3 10:31 disabled
-rw-r--r-- 1 root root 113 Nov 3 10:13 docker-source.list
-rw-r--r-- 1 root root 367 Nov 3 10:28 github_git-lfs.list
-rw-r--r-- 1 root root 111 Nov 3 10:25 google-chrome-source.list
-rw-r--r-- 1 root root 64 Nov 3 10:14 google-cloud-sdk.list
-rw-r--r-- 1 root root 54 Nov 3 10:23 helm-stable-debian.list
-rw-r--r-- 1 root root 89 Nov 3 10:29 yarn-source.list
/etc/apt/sources.list.d/disabled:
total 20
-rw-r--r-- 1 root root 100 Nov 3 10:23 devel_kubic_libcontainers_stable.list
-rw-r--r-- 1 root root 103 Nov 3 10:27 git.list
-rw-r--r-- 1 root root 105 Nov 3 10:22 gradle.list
-rw-r--r-- 1 root root 118 Nov 3 10:13 pypy.list
-rw-r--r-- 1 root root 104 Nov 3 10:13 python.list
```
fstype_can_uid_gid() is about fixating all files to the specified
uid/gid. tmpfs does not qualify. The uid/gid parameter there is simply
about the default uid/gid for the root inode of the tmpfs, it allows
setting uids/gid arbirarily for all inodes after that.
This distinction matters: for file systems this function returns true
for we can use this in place of uidmapped mounts. But for tmpfs this is
not going to work, given inodes on that fs can end up having arbitrary
uid/gid.
Jan Macku [Wed, 12 Oct 2022 13:37:00 +0000 (15:37 +0200)]
ci(dev-freeze): Use GitHub Action for PR comments
GitHub Action `devel-freezer` helps with development freeze notifications
during the RC phase. It will create comments using predefined messages on
newly created and updated PRs when the RC tag has been released.
Also, it will update comments once a new major version has been released.
Documentation available at: https://github.com/redhat-plumbers-in-action/devel-freezer
stdout:
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-01-dev-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-02-dhcp.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-03-dhcp6.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-04-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-05-nfs4.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-06-ipv4.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-07-ipv6.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-08-implicit-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-09-cifs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-10-iscsi.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-11-live.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-12-dev-sdx.input
--- /dev/fd/63 2022-11-04 15:39:13.131532174 +0100
+++ /dev/fd/62 2022-11-04 15:39:13.131532174 +0100
@@ -6,3 +6,4 @@
initrd-usr-fs.target.requires
initrd-usr-fs.target.requires/sysroot.mount
sysroot.mount
+systemd-fsck-root.service
**** Unexpected output for /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-12-dev-sdx.input
stderr:
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on CIFS was requested.
Skipping root directory handling, as root on iSCSI was requested.
Skipping root directory handling, as root on live image was requested.
Found entry what=/dev/sdx1 where=/sysroot type=n/a opts=ro
Checking was requested for /dev/sdx1, but the fsck command does not exist.
Since f7725647bb41c3398a867f139efe526efe8aa1b3 when dissecting a disk
image we operate with fds to the device nodes in question wherever we
can. This includes when we fork off fsck, where we pass a /proc/self/fd/
path as argument. This only works if we keep that fd open however and
disable O_CLOEXEC on the fd. Hence do so, and fix fsck this way.
(Without this, all fsck will fail, since the fd path is invalid)
process-util: add new FORK_CLOEXEC_OFF flag for disabling O_CLOEXEC on remaining fds
Often the fds that shall stay around in the child shall be passed
to a process over execve(), hence add an option to explicitly disable
O_CLOEXEC on them in the child.
Luca Boccassi [Thu, 3 Nov 2022 20:10:57 +0000 (20:10 +0000)]
tmpfiles.d: do not fail if provision.conf fails
On a read-only filesystem creating /root/.ssh might fail, but that's ok.
Do not fail the run, as this is only needed to add the credential, which
is a separate step.
Franck Bui [Fri, 4 Nov 2022 11:24:10 +0000 (12:24 +0100)]
tests: make test-execute pass on openSUSE
In my understanding user group "3" (aka "sys") is kept for historical reasons
but not really useful these days. That's probably explained why this group
isn't defined on openSUSE.
Hence let's drop reference to this user group, this shouldn't lessen the
revelance of the test since SupplementaryGroups= is still tested with 2 other
groups.
Luca BRUNO [Thu, 3 Nov 2022 15:11:00 +0000 (15:11 +0000)]
sysusers: cross-check user and group names too
This adds an additional name check when cross-matching new group
entries against existing users, which allows coalescing entries
matching both ID and name.
It provides a small idempotence enhancement when creating groups
in cases where matching user entries are in place. By fine-tuning
the conflict detection logic, this avoids picking up new random
IDs and correctly prefers configuration values instead.
Yu Watanabe [Thu, 3 Nov 2022 00:39:36 +0000 (09:39 +0900)]
udev: first set properties based on usb subsystem
After 479da1107a0d4e2f7ef5cd938512b87a0e45f180, the usb_id builtin
command does not set ID_SERIAL if ID_BUS is already set.
Before the commit, all properties set based on pci bus were overwritten
by the usb_id, hence now it is sufficient setting them only when ID_BUS is
not set yet.
Samuel Thibault [Tue, 1 Nov 2022 15:53:02 +0000 (16:53 +0100)]
shutdown: Add Xen kexec support
In the Xen case, it's the hypervisor which manages kexec. We thus
have to ask it whether a kernel is loaded, instead of relying on
/sys/kernel/kexec_loaded.
Also, fix a race condition introduced by d16684fe13:
```
[ 16.904218] H testsuite-26.sh[394]: + systemd-run --unit failed.service /bin/false
[ 16.964783] H systemd[845]: failed.service: Executing: /bin/false
[ 16.965062] H systemd[1]: Started failed.service.
[ 16.965462] H testsuite-26.sh[844]: Running as unit: failed.service
[ 16.966390] H testsuite-26.sh[394]: + systemctl is-failed failed.service
[ 16.977970] H testsuite-26.sh[846]: active
[ 16.978403] H systemd[1]: failed.service: Main process exited, code=exited, status=1/FAILURE
[ 16.978478] H systemd[1]: failed.service: Failed with result 'exit-code'.
```
Yu Watanabe [Tue, 1 Nov 2022 21:49:26 +0000 (06:49 +0900)]
test-network: wait for bound interface to be processed by udevd
If another bound interface (dummy98) will be removed before that dummy99
is processed by udevd, then removing dummy98 in the next step makes the
target interface (test1) bring down.
Jörg Thalheim [Thu, 27 Oct 2022 13:59:56 +0000 (15:59 +0200)]
update credentials when reloading a service
Many long-running services will reload configuration and therefore
credentials on reload. Therefore its useful if a service reload will
also update credentials.
Tested in https://github.com/numtide/systemd-vaultd/pull/12
Daan De Meyer [Thu, 27 Oct 2022 11:14:12 +0000 (13:14 +0200)]
namespace: Add hidepid/subset support check
Using fsopen()/fsconfig(), we can check if hidepid/subset are supported to
avoid the noisy logs from the kernel if they aren't supported. This works
on centos/redhat 8 as well since they've backported fsopen()/fsconfig().
Daan De Meyer [Thu, 27 Oct 2022 09:12:10 +0000 (11:12 +0200)]
condition: Check that subsystem is enabled in ConditionSecurity=tpm2
Instead of succeeding when either the firmware reports a TPM device
or we find a TPM device, let's check that the firmware reports a TPM
device and the TPM subsystem is enabled in the kernel.
To check whether the subsystem enabled, we check if the relevant
subdirectory in /sys exists at all.
projects / thirdparty / systemd.git / log
