Note, this requires the previous two commits, and cannot backport without them.
Note, before the previous commit, the use-after-free could be triggered
only by Rename() DBus method, and could not by RenameImage(), as we did not
cache Image object when RenameImage() method is called. And machinectl
always uses RenameImage(). Hence, the issue could be triggered only when
Rename() DBus method is explicitly called by e.g. busctl.
With the previous commit, the Image object passed to the function is
always cached. Hence, the issue could be triggered even with machinectl
command, and this fix is important.
Yu Watanabe [Fri, 17 May 2024 20:33:48 +0000 (05:33 +0900)]
machine: also acquire Image object from cache when a dbus method in the main interface is called
Previously, Image objects were only cached when reading properties or
methods in the org.freedesktop.machine1.Image interface are called.
This makes that, when a method in the main interface (org.freedesktop.machine1)
for an image is called, also acquire the Image object from the cache,
and if not cached, create Image object and put into the cache, like we
do for org.freedesktop.machine1.Image.
Otherwise, if some properties of an image are updated by methods in the main
interface, e.g. MarkImageReadOnly(), the changes do not applied to the cached
Image object, and subsequent read of proerties through the interface for the
image, e.g. ReadOnly property, may provide outdated values.
Yu Watanabe [Fri, 17 May 2024 20:10:42 +0000 (05:10 +0900)]
discover-image: update Image.read_only flag in image_read_only()
Otherwise, ReadOnly DBus property in org.freedesktop.machine1.Image or
org.freedesktop.portable1.Image will not be updated by MarkReadOnly DBus
method.
Currently, we only pass TTYPath=/dev/pts/... to
the transient service spawned by systemd-run.
This is a bit problematic though, when ExecStartPre=
or ExecStopPost= is used. Since when these control
processes get to run, the main process is not yet
started/has already exited, hence the slave suffers
from the same vhangup problem as the mentioned commit.
By passing the slave fd in, the service manager will
hold the fd open as long as the service is alive.
Fixes the following unexpected skip:
```
[ 6.163670] TEST-64-UDEV-STORAGE.sh[596]: + modinfo btrfs
[ 6.164102] TEST-64-UDEV-STORAGE.sh[726]: /usr/lib/systemd/tests/testdata/units/TEST-64-UDEV-STORAGE.sh: line 726: modinfo: command not found
[ 6.164683] TEST-64-UDEV-STORAGE.sh[727]: + echo 'This test requires the btrfs kernel module but it is not installed, skipping the test'
[ 6.165069] TEST-64-UDEV-STORAGE.sh[728]: + tee --append /skipped
[ 6.166801] TEST-64-UDEV-STORAGE.sh[728]: This test requires the btrfs kernel module but it is not installed, skipping the test
[ 6.167177] TEST-64-UDEV-STORAGE.sh[596]: + exit 77
```
Mike Yuan [Fri, 17 May 2024 13:07:17 +0000 (21:07 +0800)]
man/soft-reboot: order surviving services before shutdown.target
Prompted by #32895
Rather than ordering with each power operation targets,
ordering against shutdown.target which is a valid
synchronization point. This has no effect if soft-reboot
is being performed.
Yu Watanabe [Fri, 17 May 2024 06:04:31 +0000 (15:04 +0900)]
test: wait for underlying .device unit being active before invoking systemd-mount
Fixes following failure:
===
May 17 04:12:04 TEST-74-AUX-UTILS.sh[2684]: + systemd-mount --owner=testuser /dev/loop0 /tmp/tmp.DVQdo2ou53/mnt
(snip)
May 17 04:15:04 systemd[1]: dev-loop0.device: Job dev-loop0.device/start timed out.
May 17 04:15:04 systemd[1]: dev-loop0.device: Job 5812 dev-loop0.device/start finished, result=timeout
May 17 04:15:04 systemd[1]: Timed out waiting for device dev-loop0.device - /dev/loop0.
May 17 04:15:04 systemd[1]: tmp-tmp.DVQdo2ou53-mnt.mount: Job 5804 tmp-tmp.DVQdo2ou53-mnt.mount/start finished, result=dependency
May 17 04:15:04 systemd[1]: Dependency failed for tmp-tmp.DVQdo2ou53-mnt.mount - /tmp/tmp.DVQdo2ou53/mnt.
May 17 04:15:04 systemd[1]: tmp-tmp.DVQdo2ou53-mnt.mount: Job tmp-tmp.DVQdo2ou53-mnt.mount/start failed with result 'dependency'.
May 17 04:15:04 systemd[1]: systemd-fsck@dev-loop0.service: Job 5805 systemd-fsck@dev-loop0.service/start finished, result=dependency
May 17 04:15:04 systemd[1]: Dependency failed for systemd-fsck@dev-loop0.service - File System Check on /dev/loop0.
May 17 04:15:04 systemd[1]: systemd-fsck@dev-loop0.service: Job systemd-fsck@dev-loop0.service/start failed with result 'dependency'.
May 17 04:15:04 systemd[1]: dev-loop0.device: Job dev-loop0.device/start failed with result 'timeout'.
(snip)
May 17 04:15:04 systemd-mount[2856]: A dependency job for tmp-tmp.DVQdo2ou53-mnt.mount failed. See 'journalctl -xe' for details.
The laptop JP-IK LEAP W502 has touchpad toggle key (Fn+F9), but it does
not work. Because, the scancode maps to a wrong key code:
Event: time 1715846095.224900, type 4 (EV_MSC), code 4 (MSC_SCAN), value 9d
Event: time 1715846095.224900, type 1 (EV_KEY), code 97 (KEY_RIGHTCTRL), value 1
Event: time 1715846095.224900, -------------- SYN_REPORT ------------
Event: time 1715846095.230985, type 4 (EV_MSC), code 4 (MSC_SCAN), value db
Event: time 1715846095.230985, type 1 (EV_KEY), code 125 (KEY_LEFTMETA), value 1
Event: time 1715846095.230985, -------------- SYN_REPORT ------------
Event: time 1715846095.232903, type 4 (EV_MSC), code 4 (MSC_SCAN), value 76
Event: time 1715846095.232903, type 1 (EV_KEY), code 85 (KEY_ZENKAKUHANKAKU), value 1
Event: time 1715846095.232903, -------------- SYN_REPORT ------------
Map the scancode 76 to KEY_F21 to enable the touchpad toggle key.
Yu Watanabe [Fri, 17 May 2024 02:38:16 +0000 (11:38 +0900)]
units: do not soft-reboot before soft-reboot.target reached
Otherwise, at the time systemd-soft-reboot.service succeeds,
services which has Conflicts= and Before=soft-reboot.target may
not be stopped yet, and may be SIGKILLed.
Especially, systemd-journald.service has the dependencies, thus
journal may be corrupted. See #32223.
Yu Watanabe [Fri, 17 May 2024 02:50:44 +0000 (11:50 +0900)]
units: drop dependencies of soft-reboot.target from systemd-journald@.service
The service deos not have DefaultDependencies=no. Hence it has dependencies
of shutdown.target, and dependencies of soft-reboot.target are not
necessary.
Yu Watanabe [Fri, 17 May 2024 00:28:46 +0000 (09:28 +0900)]
test-network: use different destination from gateway
Previously, one of the test route has the same address in destination
and gateway. Even it is a test case, that's super spurious. Let's use a
different address.
If a .netdev file for a wireguard interface requests to configure
routes for the interface, the routes were removed during configuring
another interface.
Daan De Meyer [Thu, 16 May 2024 10:28:51 +0000 (12:28 +0200)]
test: Enable TEST-69-SHUTDOWN for mkosi
In mkosi, we run the test inside the VM instead of outside. To simplify
the implementation we drop the reboot part and only verify that we can
schedule and cancel shutdowns and that the wall messages are sent as
expected.
Daan De Meyer [Wed, 15 May 2024 11:19:19 +0000 (13:19 +0200)]
test: Enable TEST-24-CRYPTSETUP for mkosi
Encrypted /var is skipped because meson's limitations make per test
images not really feasible and we can't encrypt /var by default because
it slows down the image build too much.
Co-authored-by: Richard Maw <richard.maw@codethink.co.uk>
Helmut Grohne [Wed, 15 May 2024 05:21:53 +0000 (07:21 +0200)]
network: configure a tun host0 interface in a container
While containers often have their host0 network provided by veth when
the container runtime is privileged, unprivileged containers tend to
have their network provided via slirp4netns or pasta. These tools use a
tun interface rather than a veth interface and systemd should still set
configure such networks.
We should have different .network files for the veth and tun use cases
as there may arise a need to configure them differently. We should not
rename 80-container-host0.network as that would cause existing drop-ins
to no longer apply.
Closes: #32095 Fixes: f139393dd20a ("network: use Kind= instead of Driver=") Signed-off-by: Helmut Grohne <helmut@subdivi.de>
Daan De Meyer [Wed, 15 May 2024 18:54:33 +0000 (20:54 +0200)]
core: Skip private /tmp for generators in manager test runs
For manager test runs, the generator output paths are located in
/tmp, which means that if we mount a private /tmp for generators,
we lose all the generated units (actually the generators will just
fail because the directories don't exist, but if they did exist,
we'd still lose all the units).
Let's avoid the problem by skipping the private /tmp for manager
test runs. This also avoids any possible privilege issues with
mounting a private /tmp that might happen in this scenario.
Mike Yuan [Tue, 14 May 2024 09:03:00 +0000 (17:03 +0800)]
switch-root: preserve the whole cred mount tree (/run/credentials/)
Currently, during soft-reboot, some services may survive,
but their associated credential mounts are dropped.
Let's instead preserve them, as discussed.
Before this commit, DefaultDependencies=no is set in
mount_add_extras(). However, when generating mount units
from /proc/self/mountinfo, we don't have a unit in memory
yet, and mount_setup_new_unit() doesn't call into
mount_add_extras().
core,vconsole-setup: treat locking failure as non-fatal
Locking of the tty device and then /dev/console was added to synchronize
vconsole-setup with other writers to the console. But it turns out that often
the locking doesn't work and we carved out various cases where we ignore
failure:
- lack of permissions (in the user manager)
- missing device node
It turns out that there's at least one more failure mode: we get -EIO when the
console is (mis-)configured to point to an invalid device. E.g. in
rhbug#2273069 the reporter has a VM in Proxmox without a virtual console
configured and has 'console=tty console=ttyS0' on the kernel cmdline. I
couldn't reproduce this under libvirt, but failure with EIO has been reported
by at least four users in #30501.
Note that in systemd-vconsole-setup we report this is a hard failure, while
in the manager, we only do a debug line. So it's possible that the failure
also occured there, causing the rest of the setup of the tty to be skipped
without further notice.
Ignore the locking failure, since there's just too many ways it can fail. If we
proceed without a lock, we're back to the situation before we started locking,
which wasn't too bad. OTOH, skipping setup of the console is problematic for
users, and it seems better to try to do the setup without locking.
Daan De Meyer [Mon, 6 May 2024 13:23:24 +0000 (15:23 +0200)]
test: Add TEST-85-NETWORK to run systemd-networkd-tests.py
This adds a testsuite unit to run systemd-networkd-tests.py. This is
mkosi only for now as python is not available in the images set up
by the bash framework. We give the test a lower priority as it takes
a while to run so we want to start it as soon as possible.
projects / thirdparty / systemd.git / log
