Mike Yuan [Sat, 22 Jun 2024 10:03:50 +0000 (12:03 +0200)]
core/service: destroy runtime data when Type=oneshot services exit
Currently, we have a bunch of Type=oneshot + RemainAfterExit=yes
services that make use of credentials. When those exits, the cred mounts
remain established, which is pointless and quite annoying. Let's
instead destroy the runtime data on SERVICE_EXITED, if no process
will be spawned for the unit again.
timedatectl: setting set_local_rtc to 1 will throw Warning as well, use log_warning() (#33489)
Previously only running `timedatectl` it was showing warning regarding the dangers of setting RTC to local TZ.\rNow similar warning is also flashed when `set-local-rtc 1`.
meson: fix missing failure if bpf-framework was enabled
If building with clang and clang does not support bpf, then enabling
-Dbpf-framework=enabled would silently drop the feature (even printing
bpf-framework: enabled in the meson build recap, and no message anywhere
that'd hint at the failure!)
This is unexpected, so add check to fail hard in this case.
All other code paths (gcc, missing bpftool) properly check for the
option, but it is not as easy for a custom command so check explicitly
Mike Yuan [Wed, 10 Jul 2024 20:27:21 +0000 (22:27 +0200)]
run: clean up ExecCommandFlags serialization
The current behavior is actually OK, since use_ex_prop = !arg_expand_environment,
but that's very implicit and using STRV_MAKE() this way feels icky.
Let's make this more readable, by using exec_command_flags_to_strv().
We've been getting some integration test failures due to timeouts
on finding the root partition device. Let's bump the default device
timeout a little to see if it mitigates these failures.
main: set $COLUMNS/$ROWS for PID 1 based on /dev/console data
In PID 1 we write status information to /dev/console regularly, but we
cannot keep it open continously, due to the kernel's SAK logic (which
would kill PID 1 if user hits SAK). But closing/reopening it all the
time really sucks for tty types that have no window size management
(such as serial terminals/hvc0 and suchlike), because it also means the
TTY is fully closed most of the time, and that resets the window sizes
to 0/0.
Now, we reinitialize the window size on every reopen, but that is a bit
expensive for simple status output. Hence, cache the window size in the
usualy $COLUMNS/$ROWS environment variables. We don't inherit these to
our payloads anyway, hence these are free to us to use.
terminal-util: add recognizable error if cols/rows of tty are initially not initialized
Various tty types come up with cols/rows not initialized (i.e. set to
zero). Let's detect these cases, and return a better error than EIO,
simply to make things easier to debug.
terminal-util: teach resolve_dev_console() to deal correctly with /dev/console being a symlink
/dev/console is sometimes a symlink in container managers. Let's handle
that correctly, and resolve the symlink, and not consider the data from
/sys/ in that case.
Let's always rely on our own TTY reset logic and tty disallocation/clear
screen logic, thus always pass --noclear and --noreset.
Also, bring the list of baud rates to try into sync for console-getty
and serial-getty (the former might or might not be connected to rs232,
we can't know, hence assume the worst, and copy what
serial-getty@.service does)
It's a bit confusing, but we actually initialize the terminal twice for
each service, potentially. One earlier time, where we might end up
firing vhangup() and vt_disallocate(), which is a pretty brutal way to
reset things, by disconnecting and possibly invalidating the tty
completely. When we do this we do not keep any fd open afterwards, since
it quite likely points to a dead connection of a tty.
The 2nd time we initialize things when we actually want to use it.
The first initialization is hence "destructive" (killing any left-overs
from previous uses) the 2nd one "constructive" (preparing things for our
new use), if you so will.
Let's document this distinction in comments, and let's also move both
initializations to exec_invoke(), so that they are easier to see in their
symmetric behaviour. Moreover, let's run the tty initialization after we
opened both input and output, since we need both for doing the fancy
dimension auto init stuff now.
Oh, and of course, one thing to mention: we nowadays initialize
terminals both with ioctl() and with ansi sequences. But the latter
means we need an fd that is open for *write* (since we are *writing*
those ansi sequences to the tty). Hence, resetting via the input fd is
conceptually wrong, it worked only so far if we had O_RDWR open mode
selected)
Let's make sure to first issue the non-destructive operations, then
issue the hangup (for which we need the fd), then try to disallocate the
device (for which we don't need it anymore).
We nowadays reset TTYs by writing ANSI sequences to them. This can only
work if we operate on an *output* fd, not an input fd. Hence switch
various cases where we erroneously used an input fd to use an output fd
instead.
1. use vtnr_from_tty() to parse out VT number from tty path
2. open tty for write only when we want to output just ansi sequences
3. open tty in asynchronous mode, and apply a timeout, just to be safe
4. propagate error from writing (most callers ignore it anyway, might as
well pass it along correctly)
terminal-util: split out color macros/helpers into its own header
This is a lot of stuff, and sometimes quite wild, let's turn this into
its own header.
All stuff color-related that just generates sequences is now in
ansi-color.h (no .c file!), and everything more complex that
probes/ineracts with terminals remains in termina-util.[ch]
terminal-util: modernize terminal_reset_ansi_seq() a bit
Let's update the commentary a bit. Also, use a time-out of 100ms rather
than 50ms for this, simply to unify on the same value used in
vt_disallocate() in a similar case.
Let's put "terminal_" as prefix, like with the other reset calls, and
let's make clear that this only encapsulates the ioctl-based reset
logic, not the ANSI sequence based reset logic.
terminal-util: don't issue "ESC c" sequence on reset, but only when erasing the screen
ESC c is a (vaguely defined) "reset to initial state" ANSI sequence.
Many terminals clear the screen in this case, but that's a bit drastic I
think for most resets.
terminal-util: add helper that queries terminal sizes via ANSI sequence
When we are talking to a serial terminal quite commonly the dimensions
are not set properly, because the serial protocol has not handshake or
similar to transfer this information.
However, we can derive the dimensions via ANSI sequences too, which
should get us the right information, since ANSI sequences are
interpreted by the final terminal, rather than an intermediary local tty
driver (which is where TIOCGWINSZ is interpreted).
This adds a helper call that gets the dimensions this way.
Let's prefix these functions with the subsystem name, and clean them up
a bit. Specifically, drop the error logging, it's entirely duplicative,
since every single caller does it anyway.
terminal-util: when querying bg color, ensure input fd and output fd refer to same tty
Let's add an extra safety check: before issuing the ansi sequence to
query the bg color, let's make sure input and output fd actually
reference the same tty. because otherwise it's unlikely we'll be able to
read back the response from the tty driver.
terminal-util: don't process the same data twice when reading back bg color info
If we only read partial information from the tty we ended up parsing it
again and again, confusing the state machine. hence, return how much
data we actually processed and drop it from the buffer.
Make the warning for oneshot services (where RuntimeMaxSec= has no
effect) more actionable by pointing to the directive people can use
instead to effectively limit their runtime.
Luca Boccassi [Thu, 27 Jun 2024 19:55:34 +0000 (20:55 +0100)]
polkit: map POLKIT_ALWAYS_QUERY to new polkit flag
polkitd by default just waves through requests from a root process.
A new POLKIT_CHECK_AUTHORIZATION_FLAGS_ALWAYS_CHECK flag was added
to main (will be part of v125 when it ships) that forces it to go
through the policy checks for root too. Previous versions will just
ignore it.
Change the flags handling slightly so that we pass this or the
interactive flags through, as the values match what polkit expects.
They might not be readable to the unprivileged user running the tests
and it shouldn't really matter what is used. OTOH, we need a real kernel
because we look at the header.
CentOS Stream 10 has a newer util-linux which means the terminal
gets correctly resized to the size specified by mkosi. This is a
much nicer experience than CentOS Stream 9 where you're stuck on
80x24 so let's make CentOS Stream 10 the default release to build.
mkosi: Streamline running the integration tests without building systemd
Let's document in detail how to build the integration test image and run
the integration tests without building systemd. To streamline the process,
we stop automatically using binaries from build/ when invoking mkosi directly
and don't automatically use a tools tree anymore if systemd on the host is too
old. Instead, we document these options in HACKING.md and change the mkosi meson
target to automatically use the current build directory as an extra binary search
path for mkosi.
sd-device: remove debug log message when dirs are missing
This is a common case, and nothing noteworthy at all. For example, if we
establish an enumerator for listing all devices tagged by some tag, then
the per-tag dir is not going to exist if there are currently no devices
tagged that way, but that's a really common case, and doesn't really
deserve any mention, not even at debug level.
main: show different welcome msg in initrd than on the host
It has bugged me for a while that we show the exact same welcome message
at boot twice: once in the initrd, and once after the initrd→host
transition. That's very confusing.
Let's change the text a bit, and tone down the initrd message a bit (by
removing the empty line before and after it), because it is the less
relevant one.
Adrian Vovk [Thu, 11 Jul 2024 23:35:10 +0000 (19:35 -0400)]
table: Fix JSON name mangling breaking changes
In previous commits, we've changed the JSON name mangling logic. This,
of course, will cause breaking changes to occur on anything that relied
on the JSON mangling logic.
This commit fixes those breaking changes by manually forcing the JSON
name back to what it was before.
Adrian Vovk [Wed, 3 Jul 2024 21:57:42 +0000 (17:57 -0400)]
table: Improve mangling of JSON field names
First, when displaying JSON we convert dashes into underscores. We want
to avoid using dashes in JSON field names in new code, because some
JSON parsers don't support dashes very well.
Second, we make the first character of every word lower-case. This
better matches our JSON field name style, and makes the automatic
JSON name mangling a lot more useful for vertical tables, where fields
are given a display name. For example, "Foo Bar" would be converted into
"foo_bar" instead of "Foo_Bar", which much better matches our style.
We don't make the whole string lowercase to support cases like:
"fooBar" should stay as "fooBar".
Some situations don't behave quite perfectly, such as "Foo BarBaz" gets
converted into "foo_barBaz", or all-caps headings get mangled
incorrectly. In these situations, the JSON field should be overridden
manually. In most cases, or at least more cases than before, this
heuristic does good enough.
mkosi: Remove enforcing=0 from default kernel command line
We already have selinux=0 in the default kernel command line so
enforcing=0 is redundant. Instead, pass in enforcing=0 when we
enable selinux in TEST-06-SELINUX.
Mike Yuan [Tue, 11 Jun 2024 14:00:22 +0000 (16:00 +0200)]
sleep,home: always initialize UnitFreezer if used
Previously, unit_freezer_new_freeze() would only return
UnitFreezer object if FreezeUnit() succeeds. This is not
ideal though, as a failed bus call doesn't mean the action
actually failed. E.g. a timeout might occur because pid1
is waiting for cgroup event from kernel, while the bus call
timeout was exceeded (#33269). In such a case, ThawUnit()
will never be called, resulting in frozen units remain that
way after resuming from sleep.
Therefore, let's get rid of unit_freezer_new_freeze(),
and make sure as long as unit freezer is involved, we'll
call ThawUnit() when we're done. This should make things
a lot more robust.
projects / thirdparty / systemd.git / log
