| Commit message (Collapse) | Author | Files | Lines |
|---|
|
systemctl link is the only systemctl verb that takes a filename (and not
a unit name) as argument
use path_strv_make_absolute_cwd to expand the provided filename in order
to make it easier to use from the command line
keep the absolute pathname requirement when --root is used
[zj: add explicit error messages for the cases of --root and plain filename
instead of skipping normalization and just relying on systemd to refuse
to link non-absolute arguments. This allows us to make the error message
more informative.]
|
|
|
|
Make agetty started by *getty* units pass '-p' option to "login", so it
doesn't clear the environment and passes whatever was setup by systemd
to shells. This is needed especially for programs which are specified as
user shells, but won't read locale settings from anywhere but
environment.
[zj: cherry-pick just the second patch from the series, see discussion
on the pull request.]
|
|
|
|
|
|
|
|
If the input is older than "1970-01-01 UTC", then `parse_timestamp()`
fails and returns -EINVAL. However, if the input is e.g. `-100years`,
then the function succeeds and sets `usec = 0`.
This commit makes the function also succeed for old dates and set
`usec = 0`.
Fixes #6290.
|
|
e268b81e moved an fflush() from output_json() to the generic
output_journal(), when it probably should have deleted all fflush()
calls from logs-show.c altogether.
The caller supplies the FILE * to these functions, and should be in
charge of flushing as needed. The current implementation essentially
defeats any buffering stdio was bringing to the table, resulting in
extraneous tiny write() calls in commands like `journalctl -b`.
This commit removes the fflush() call from output_journal(), and adds
them to journalctl before waiting for more entries and at completion.
This way in the hot path when journalctl loops on entries stdio can
combine multiple entries into bulkier write() calls.
|
|
|
|
dns_packet_new (#6285)
Actually the caller of dns_packet_new() pass 0 or the data size of the UDP message.
So try to reflect that, so rename the `mtu` parameter to `min_alloc_dsize`.
In fact `mtu` is the size of the whole UDP message, including the UDP header,
and here we just need to pass the size of data (without header). This was confusing.
Also add a check on the requested allocated size, since some caller do not check what is really allocated.
Indeed the function do not allocate more than DNS_PACKET_SIZE_MAX whatever the value of the `mtu` parameter.
|
|
fstype can be NULL, particularly when called from add_sysroot_mount(),
so we need to use STRPTR_IN_SET().
|
|
|
|
The commit 9017f5d88d5061487de53f00a1a8c0a83e41e760 prohibits
to unmount devices on remote host. This makes reenable such feature.
|
|
```
$ suro systemd-mount /path/to/disk.img
Started unit run-media-system-disk.img.mount for mount point: /run/media/system/disk.img
```
Closes #6226.
|
|
secure_getenv does not work when the process has a nonempty permitted
capability set, which means that it's unduly hard to configure logging in
systemd-logind, systemd-resolved, and others.
secure_getenv is useful for code in libraries which might get called from a
setuid application. log_parse_environment() is never called from our library
code, but directly form various top-level executables. None of them are
installed suid, and none are prepared to be used this way, since many
additional changes would be required to make that safe. We may just as well
drop the check and allow SYSTEMD_LOG_* to properly parsed.
Fixes #4900.
|
|
Fixes #6014.
|
|
test_get_files_in_directory (#6288)
test_readlink_and_make_absolute switches to a temp directory, and then
removes it.
test_get_files_in_directory calls opendir(".") from a directory that has
been removed from the filesystem.
This call sequence triggers a bug in Gentoo's sandbox library. This
library attempts to resolve the "." to an absolute path, and aborts when
it ultimately fails to do so.
Re-ordering the calls works around the issue until the sandbox library
can be fixed to more gracefully deal with this.
Bug: https://bugs.gentoo.org/590084
|
|
-Wextra was not added to CFLAGS under meson by default, as it is
done by the autotools build.
C.f. 218f46711115669c26389a5bad79e57aa3c37f66.
|
|
It is useful to know when a timer will trigger next when looking at a
timer status message so calculate and print that information.
Closes #5738.
Example output:
$ systemctl status dnf-makecache.timer
● dnf-makecache.timer - dnf makecache timer
Loaded: loaded (/usr/lib/systemd/system/dnf-makecache.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2017-07-04 17:24:02 EDT; 24min ago
Trigger: Tue 2017-07-04 18:15:56 EDT; 27min left
|
|
|
|
fstab_has_fstype() in add_swap() (#6280)
fstab_has_fstype() returns '1' if fstab contains the passed fstype, not '0'.
|
|
When "bg" is specified for NFS mounts, and if the server is
not accessible, two behaviors are possible depending on networking
details.
If a definitive error is received, such a EHOSTUNREACH or ECONNREFUSED,
mount.nfs will fork and continue in the background, while /bin/mount
will report success.
If no definitive error is reported but the connection times out
instead, then the mount.nfs timeout will normally be longer than the
systemd.mount timeout, so mount.nfs will be killed by systemd.
In the first case the mount has appeared to succeed even though
it hasn't. This can be confusing. Also the background mount.nfs
will never get cleaned up, even if the mount unit is stopped.
In the second case, mount.nfs is killed early and so the mount will
not complete when the server comes back.
Neither of these are ideal.
This patch modifies the options when an NFS bg mount is detected to
force an "fg" mount, but retain the default "retry" time of 10000
minutes that applies to "bg" mounts.
It also imposes "nofail" behaviour and sets the TimeoutSec for the
mount to "infinity" so the retry= time is allowed to complete.
This provides near-identical behaviour to an NFS bg mount started directly
by "mount -a". The only difference is that systemd will not wait for
the first mount attempt, while "mount -a" will.
Fixes #6046
|
|
|
|
b9088048b15cd21242b2308498fa865f864bfe45 seems to have broke it
fstab_is_mount_point() returns `true` (1) if the mount point exists and `false` (0) if it doesn't exist.
the change in b9088048 considered that if fstab_is_mount_point() returns 0
the mount point exists.
|
|
Commit 74dd6b515fa968c5710b396a7664cac335e25ca8 (core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
|
|
This fails before 'strxcpyx: don't overflow dest on strpcpyf truncate'.
|
|
|
|
Lennart broke the automake build in
d4cbada2a95667c4d5d4310298bfcb446b1357b5. Let's fix that again, to
unfuck the CIs.
|
|
This is a squash of casync commits
https://github.com/systemd/casync/commit/02fbbdb2b9a926a695a3ede7f3e3c17b9779db1a
(by Silvio Fricke)
and https://github.com/systemd/casync/commit/b687a94b1e24df73d32f8cdcee29f3c00eae69c9.
Instead of checking during every meson config whether etags are
available, just try to call them and error out if not. This has
the advantage that the target is always available (if git is installed),
and the error message gives a hint what needs to be installed.
The naming is confusing, but etags(1) is pretty clear:
- emacs expects TAGS file in etags format
- vi expects tags file in ctags format
and automake docs are pretty clear too:
- tags target generates TAGS file
- ctags target generates tags file
|
|
When vconsole-setup is called without arguments, search for a usable
console instead of using /dev/tty0.
/dev/tty0 — pointing to the current active console — it not necessarily
usable and in such case vconsole-setup would exit with failure. In particular
when systemd-vconsole-setup.service was restarted from within an X
session, it always failed.
If the function searching for a usable source terminal fails, the first
encountered error is returned to the caller.
Closes #5367.
Additional changes:
- true/false functions with 'is_ prefix are renamed to functions with
'verify_vc_' prefix and return 0 on success and negative error on
failure
- O_NOCTTY flag is used when opening terminals
|
|
In a Secure Boot scenario the stub loader will have been validated
before execution. A malicious drive could then change the data returned
in future reads, resulting in the loader obtaining incorrect section
offsets and (for instance) allowing the command line to be modified.
Pull that information out of the in-RAM representation of the loader
instead in order to avoid this.
Fixes: #6230
(Lennart did some minor coding style fixes, and renamed pefile.c → pe.c,
as suggested by Kay, given that the file now contains a function whose
name doesn't match the filename as prefix anymore.)
|
|
In the initial design, foobar-wait-online.service would have
Requisite=foobar.service, so that foobar-wait-online.service could be enabled
unconditionally, irrespective of whether foobar.service itself is enabled.
Unfortunately this doesn't work too well:
1. the message about foobar-wait-online.service being skipped because of a
"missing dependency" *looks* like an is problem. This is mostly cosmetic,
but it also quite confusing. We generally don't want any messages of this
type during default boot.
2. it is impossible to start and wait for the network in an
implementation-agnostic way: systemctl start network-online.target, or
Wants/After=network-online.target in a unit don't work because pulling in
network-online.target pulls in foobar-wait-online.service, but it in turn
does not pull in foobar.service. During startup, foobar.service is pulled in
by multi-user.target, but not in a smaller transaction which does not
include multi-user.target.
This change means that *-wait-online.service should be installed through
presets, so that it can be enabled/disabled at will by the administrator.
Our own systemd-networkd-wait-online.service does this already, and
similar change has been requested for NetworkManager-wait-online.service
(https://bugzilla.redhat.com/show_bug.cgi?id=1455704).
This change should by mostly backwards-compatible, unless somebody has some
wait-online.service enabled, without having the corresponding network
implementation enabled, and they are relying on it not being started. I think
that's relatively unlikely because of issue 1. above, and I'm not aware of this
being the default in any distro. And being able to start the network in an
implementation-agnostic way is pretty important, see
https://bugzilla.redhat.com/show_bug.cgi?id=1452866.
|
|
|
|
|
|
When vsnprintf() truncated output, dest was advanced by the entire
size of dest leaving it just past the end. Then the fall-through \0
termination scribbled one past the end. The explicit null termination
is not necessary since vsnprintf() always includes the terminator even
when truncated.
Additionally these functions encourage calling with zero-length sizes,
while assuming non-zero sizes with potential buffer overflows.
Simply short-circuit the relevant functions when size == 0.
Fixes https://github.com/systemd/systemd/issues/6252
|
|
Like I said in the previous commit, such values do not seem to appear in normal
use, but it's pretty hard to prove that all paths to assign values properly
check that they contain no spaces. So just in case some slip through, replace
values with spaces (in case of single-valued properties) or spaces and newlines
(in case of array proprties) with "[unprintable]". We were already doing it
in case of properties which we didn't know how to print, so this fits in well.
The advantage is the previous code which used escaping that a) this is easier
to spot, b) does not mess up printing of properties which were properly escaped
already.
v2:
- add comments
|
|
When umounting an NFS filesystem, it is not safe to lstat(2) the mountpoint at
all as that can block indefinitely if the NFS server is down.
umount() will not block, but lstat() will.
This patch therefore removes the call to lstat(2) and defers the handling of
any error to the child process which will issue the umount call.
|
|
This extends 2d79a0bbb9f651656384a0a86ed814e6306fb5dd to the kernel
command line parsing.
The parsing is changed a bit to only understand "0" as infinity. If units are
specified, parse normally, e.g. "0s" is just 0. This makes it possible to
provide a zero timeout if necessary.
Simple test is added.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
|
|
For some reason git shortlog spits out non-breaking spaces, let's remove
that, as for our purposes (inclusion in NEWS) we really want breaking
(i.e. normal) spaces.
|
|
As suggested in:
https://github.com/systemd/systemd/commit/496ae8c84b2d3622bc767a727e3582e2b6bcffcd#commitcomment-22819483
Let's drop some noise from the logs, as switching between DNS servers is
definitely useful for debugging, but shouldn't get more attention that
that.
|
|
Let's add more .mailmap entries to clean up GitHub's mess.
|
|
Regression introduced in commit b876bc0 when building on systemds with a pre
3.11 headers (RHEL7 and derivatives).
All the DPAD defines were introduced in the same kernel commit
d09bbfd2a8408a9954, we don't need a separate ifdef check for right.
Fixes #6240
|
|
Fixes #6253.
|
|
v2:
- add -c and update the list of packages
v3:
- link to a man page on mankier.com
|
|
Note that this will only work with the new "hid-retrode" driver in the
upcoming 4.12 kernel as otherwise the mouse events and the 4 joypad
ports are bundled into a single event node.
|
|
Including the full path is always useful.
Also use PID_FMT in one more place.
|
|
Under nspawn, systemd would print:
Got address error code: Operation not permitted
Got address error code: Operation not permitted
Got start error code: Operation not permitted
which is quite unclear out of context. Change that to:
Failed to add address 127.0.0.1 to loopback interface: Operation not permitted
Failed to add address ::1 to loopback interface: Operation not permitted
Failed to bring loopback interface up: Operation not permitted
|
|
This is just a cosmetic issue.
Garbage collection of jobs (especially the ones that we create automatically)
is something of an internal implementation detail and should not be made
visible to the users. But it's probably still useful to log this in the
journal, so the code is rearranged to skip one of the messages if we log to the
console and the journal separately, and to keep the message if we log
everything to the console.
Fixes #6254.
|
|
end-of-line and end-of-item marks"
This reverts commit 27e9c5af817147ea1c678769e45e83f2e4b4ae96.
Property values already use escaping, so escaping them a second time is
confusing. It also should be mostly unnecessary: we take care to make property
values only contains strings which (after the initial escaping) are printable
and parseable without any futher escaping.
Before revert:
$ systemctl list-dependencies 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
● ├─dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.swap
● └─systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
$ systemctl show -p Wants,Requires 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
Requires=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
Wants=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.swap
Difference between systemctl show before revert and now:
-Slice=system-systemd\x5cx2dcryptsetup.slice
+Slice=system-systemd\x2dcryptsetup.slice
-Id=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Id=systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Names=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Names=systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Requires=system-systemd\x5cx2dcryptsetup.slice
+Requires=system-systemd\x2dcryptsetup.slice
-BindsTo=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device dev-disk-by\x5cx2duuid-8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+BindsTo=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device dev-disk-by\x2duuid-8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
-RequiredBy=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device cryptsetup.target
+RequiredBy=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device cryptsetup.target
-WantedBy=dev-disk-by\x5cx2duuid-8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+WantedBy=dev-disk-by\x2duuid-8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
|
|
|
