coredump: restore compatibility with older patterns
This was broken in f45b8015513d38ee5f7cc361db9c5b88c9aae704. Unfortunately
the review does not talk about backward compatibility at all. There are
two places where it matters:
- During upgrades, the replacement of kernel.core_pattern is asynchronous.
For example, during rpm upgrades, it would be updated a post-transaction
file trigger. In other scenarios, the update might only happen after
reboot. We have a potentially long window where the old pattern is in
place. We need to capture coredumps during upgrades too.
- With --backtrace. The interface of --backtrace, in hindsight, is not
great. But there are users of --backtrace which were written to use
a specific set of arguments, and we can't just break compatiblity.
One example is systemd-coredump-python, but there are also reports of
users using --backtrace to generate coredump logs.
Thus, we require the original set of args, and will use the additional args if
found.
A test is added to verify that --backtrace works with and without the optional
args.
Luca Boccassi [Tue, 20 May 2025 10:27:34 +0000 (11:27 +0100)]
core: Also refresh confext extensions when reloading notify-reload service (#33995)
`ExtensionImages=` and `ExtensionDirectories=` now let you specify
vpick-named extensions; however, since they just get set up once when
the service is started, you can't see newer versions without restarting
the service entirely. Here, also reload confext extensions when you
reload a service. This allows you to deploy a new version of some
configuration and have it picked up at reload time without interruption
to your workload.
Right now, we would only reload confext extensions and leave the sysext
ones behind, since it didn't seem prudent to swap out what is likely
program code at reload. This is made possible by only going for the
`SYSTEMD_CONFEXT_HIERARCHIES` overlays (which only contains `/etc`).
This PR:
- Adjusts `service.c` to also refresh extensions when needed.
- Adds integration tests to check that a confext reload actually
occurred.
- Adds to the `systemd.exec` man pages to document this behavior.
This is a follow up to #24864 and #31364. Thank you to @bluca and
@goenkam for help in getting this up.
* b0bbe045f4 systemd-boot: fix manpages installation
* db46ebd2ec Install new files for upstream build
* 648bfbad0b systemd-homed: add dependency on polkitd
* 5a5f1bd5a3 document requirement to sync *.link files with initrd
* 1f2b663871 d/README.Debian: update some outdated paragraphs
* 03e6ab9c93 Add version to systemd-boot-efi-signed virtual package
* 5d7a08916c d/control: bump Standards-Version to 4.7.2, no changes
* ace9e4beaf d/signing-template/copyright: use GPL URL instead of old FSF postal address
Daan De Meyer [Thu, 15 May 2025 13:09:27 +0000 (15:09 +0200)]
meson: Rework clang-tidy integration to be done via unit tests
Instead of using run-clang-tidy.py with its own scheduling, let's
just gather a list of source files ourselves and then use that to
add a unit test for each source file that runs clang-tidy on the
source file.
We also add a bit of logic to run clang-tidy on most header files
as well for extra coverage. This uncovered various header files that
were not standalone so this commit also includes fixes to make sure
the clang-tidy tests are all green.
We can also use this in a later commit to run clang-include-cleaner
on each source file in the same way.
Daan De Meyer [Thu, 15 May 2025 12:07:59 +0000 (14:07 +0200)]
tree-wide: Ensure source file names are unique
Let's ensure all of our source file names are unique without having
to take the directory into account.
This allows us to create meson targets or unit tests identified by the
the name of the source file they operate on without having to include
the full path of the source file in the target or test name to avoid
conflicts.
Daan De Meyer [Thu, 15 May 2025 12:52:48 +0000 (14:52 +0200)]
meson: Build fuzz executables by default if fuzz-tests option is enabled
fuzz-tests is enabled by default now but we still don't build the fuzz
executables by default. Let's change that so that we always make sure these
still compile when we make changes.
Daan De Meyer [Mon, 19 May 2025 15:41:18 +0000 (17:41 +0200)]
meson: Make sure fuzz-journal-remote is built in oss-fuzz
oss-fuzz builds with --auto-features=disabled, yet we have to make
sure all fuzzers are still built when --auto-features=disabled, so
let's always build systemd-journal-remote even if it is disabled so
that we can use its objects to build fuzz-journal-remote. Instead,
when remote=disabled, we make sure we don't installed
systemd-journal-remote.
Daan De Meyer [Thu, 15 May 2025 12:16:57 +0000 (14:16 +0200)]
meson: Extract more objects instead of compiling multiple times
Also, let's deflatten the lists of sources in preparation for the
next commit at the same time.
In systemctl, we split out systemctl-main.c to make sure the definition
of main() is in a separate object which allows us to extract the systemctl.c
object and link it in the fuzzer target without getting a multiple definition
error when linking.
Mike Yuan [Mon, 19 May 2025 19:06:17 +0000 (21:06 +0200)]
cgroup-util: modernize cg_get_keyed_attribute()
- assert on supplied keys being unique
- Reject duplicate attributes with -EBADMSG
- Rename 'ret_values' to just 'values', given we don't
allocate the array
- Remove now unused cg_get_keyed_attribute_graceful()
Daan De Meyer [Mon, 19 May 2025 12:49:43 +0000 (14:49 +0200)]
sd-varlink: Expose sd_varlink_idl_parse()
We're planning to do code generation based on the systemd varlink
APIs. To simplify this, let's expose the IDL parser, so we can use
it to do code generation instead of having to write our own IDL
parser.
maia x. [Mon, 6 Jan 2025 18:41:19 +0000 (10:41 -0800)]
test: check reloading notify-reload service refreshes vpick extensions
In TEST-50-DISSECT.dissect, this adds the following cases:
- testservice-50g: vpick extension in ExtensionDirectories
- testservice-50h: vpick extension in ExtensionImages
- testservice-50i: ExtensionDirectories + RootImage
- testservice-50j: ExtensionDirectories + RootDirectory
maia x. [Mon, 6 Jan 2025 18:31:44 +0000 (10:31 -0800)]
core: reload confexts when reloading notify-reload services
`ExtensionImages=` and `ExtensionDirectories=` now let you specify
vpick-named extensions; however, since they just get set up once when
the service is started, you can't see newer versions without restarting
the service entirely. Here, also reload confext extensions when you
reload a service. This allows you to deploy a new version of some
configuration and have it picked up at reload time without interruption
to your workload.
Right now, we would only reload confext extensions and leave the sysext
ones behind, since it didn't seem prudent to swap out what is likely
program code at reload. This is made possible by only going for the
`SYSTEMD_CONFEXT_HIERARCHIES` overlays (which only contains `/etc`).
Implementation wise, this uses the new kernel API and two collaborating
child processes under the host & child namespaces in order to gather the
right FDs needed:
- (1) In child, set up the extension images and directories in a slave
mountns, and obtain their FDs.
- (2) Fork into a grandchild under target process namespace, and do a
"fake" unmount to obtain the FD of the underlying target folder
say /etc).
- (3) In the child again, set up new overlay under host NS rights.
We do not want to do I/O heavy jobs inline in PID1 blocking the state
machine, so add separate async states to handle this case.
unit_gc_sweep() might try to add the unit to gc queue again.
While that becomes no-op as Unit.in_gc_queue is not cleared
yet, it induces minor inconsistency of states.
Yu Watanabe [Tue, 13 May 2025 17:56:21 +0000 (02:56 +0900)]
units: kill only udev services and keep udev sockets on switching root
This also makes initrd-cleanup.service explicitly start
initrd-switch-root.service with replace-irreversibly mode, to avoid
systemd-udevd.service being triggered by kernel events and the start
job of initrd-switch-root.service being cancelled.
Those static functions were written to support optional output params, but they
are only ever called with the output param set, and it doesn't make sense to
ever call them without the output param. Since those are internal functions,
drop this unused complexity.
C automatically casts a signed int to unsigned in binary operation with an
unsigned int. Thus that suffix is not useful. Also surrounding code doesn't use
it.
src/boot: assume that intmax_t is the biggest integer
Same as in 81d7934882ae13c64d9b08d365a0baa011cb2fbb, intmax_t by definition is
the widest int. Strictly speaking, the check whether
sizeof(intmax_t) == sizeof(long long)
in the code below is redundant, but I think it's nicer to keep it for symmetry
with the other cases.
Requested in
https://github.com/systemd/systemd/pull/37442#pullrequestreview-2840906908.
Accept=yes has very valid usecases (i.e. for sporadically invoked
services) and strong benefits (i.e. better security because connections
can be sandboxed nicely, isolating them). Let's hence reword things and
stop claiming that Accept=yes was a legacy thing, because it really
isn't.
While message IDs are about more than catalog entries (they make
messages recognizable), I think it makes sense to document at least all
those messages that indicate problems with catalog entries, in an
attempt to be helpful to users.
Let's always make sure the temporary file returned by fopen_tmpfile()
and friends is removed on failure (via _cleanup_). Conversely, make sure
that once the file is renamed into its final place, we no longer try to
remove the temporary file (since it's not going to exist anymore).
The original rules file have some rules for a device that is now
deprecated and so, are not part of this change. AFAIU, 'plugdev' is also
a thing of the past and we now use 'uaccess' which should be given to
all ID_SOFTWARE_RADIO devices. So yeah, hopefully what I have here is
equivalent to the orginal .rules.
The request for this was done here:
https://github.com/analogdevicesinc/plutosdr-fw/issues/101
Luca Boccassi [Thu, 15 May 2025 11:09:03 +0000 (12:09 +0100)]
Update hwdb (#37470)
Update hwdb, even though we are pretty far from a release in order to:
- incrementally test upstream additions to hwdb
- allow backports to stable branches
Tommy Unger [Sat, 19 Apr 2025 01:57:26 +0000 (18:57 -0700)]
test: write file from systemd service in transient unit
This integration test demonstrates that a containerized systemd instance can
write to a bind mounted file observable to the host. Specifically, the bash
script uses systemd-run to start a systemd instance as a transient unit
container. This systemd-run command bind mounts a directory the container will
share with the host, and runs an internal service which creates and writes to a
file from the container's view of this directory. When finished writing, the
service runs the exit target, terminating the internal systemd instance, and
ending the lifetime of the container.
The script waits for the container to finish running, then verifies that the
expected file contents were written on the host side of the filesystem mount.
This test employs a workaround, creating an unmasked procfs mount on the host
which enables the privileged guest to create its own mounts internally. This
may indicate a systemd bug, as the privileged container should not rely on
the existence of an unmasked procfs on the host in order to mount its own
filesystems internally.
As usual, it seems to be mostly additions and corrections.
The last update was in 0d740f4bc0f03b773264ef75eaf1233ffc89c5b2, Dec 10th. I
think it's reasonable to update the hwdb more often. In particular, I want to
push an update to the stable branches, but it should be updated in 'main'
first.
core: name socket unit instances after the socket cookie
On linux sockets have a really good, unique identifier, the SO_COOKIE,
which is used by sockdiag and BPF and elsewhere. Let's expose this more
prominently in the service name of per-connection services invoked via
Accept=yes sockets.
This is really nice, because together with our $SO_COOKIE env var we can
now match up services, process execution contexts, and "ss" outputs, BPF
rules, and more.
Mike Yuan [Mon, 14 Apr 2025 12:07:59 +0000 (14:07 +0200)]
core: always enable CPU accounting
Our baseline is v5.4 and cgroup v2 is enforced now,
which means CPU accounting is cheap everywhere without
requiring any controller, hence just remove the directive.
Daan De Meyer [Wed, 14 May 2025 21:23:31 +0000 (23:23 +0200)]
userns-restrict: Move HAVE_VMLINUX check into functions
Let's do these checks like we try to do them elsewhere, in the
function, not outside. This avoids having to declare the function
arguments twice and keeps the logic for each function together
instead of spread out across the file.
projects / thirdparty / systemd.git / log
