systemd - systemd

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge pull request #25608 from poettering/dissect-moar	Lennart Poettering	2023-04-12	1	-0/+1
\|\ \| \| \| \|	dissect: add dissection policies
\| *	discover-image: automaticaly pick up sysext images from /.extra/sysext	Lennart Poettering	2023-04-05	1	-0/+1
\| \|
* \|	systemd-sysext/confext.service: Refresh on start/reload	Kai Lueke	2023-04-06	1	-1/+2
\|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When adding a sysext image to the system and manuall merging it, a later "systemctl (re)start systemd-sysext" won't work because "merge" refuses to work when something is merged already. Another problem with "merge" at start plus "unmerge" at stop is that a service restart can't make use of the new MOVE_MOUNT_BENEATH in the future even which would only be available in "refresh". It also prepares us for setting up the merged overlay for the sysroot from the initrd already, which also would lead to the mentioned start problem of the service (One optimization could be to skip the loading but only if we are sure that all images were loaded and weren't modified since - this assumption is hard because early services could want to inject a sysext, too). Use "refresh" on service start to fix the problem that the service can't start as soon as a manual merge was done. Also add a reload action that allows to issue "systemctl reload systemd-sysext" and it will make use of MOVE_MOUNT_BENEATH once we implement this in systemd-sysext refresh (and it's available from the kernel).
*	sysext: stop storing under /usr/lib[/local]/extensions/	Luca Boccassi	2023-03-30	1	-2/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	sysexts are meant to extend /usr. All extension images and directories are opened and merged in a single, read-only overlayfs layer, mounted on /usr. So far, we had fallback storage directories in /usr/lib/extensions and /usr/local/lib/extensions. This is problematic for three reasons. Firstly, technically, for directory-based extensions the kernel will reject creating such an overlay, as there is a recursion problem. It actively validates that a lowerdir is not a child of another lowerdir, and fails with -ELOOP if it is. So having a sysext /usr/lib/extensions/myextdir/ would result in an overlayfs config lowerdir=/usr/lib/extensions/myextdir/usr/:/usr which is not allowed, as indicated by Christian the kernel performs this check: /* * Check if this layer root is a descendant of: * - another layer of this overlayfs instance * - upper/work dir of any overlayfs instance / <...> / Walk back ancestors to root (inclusive) looking for traps */ while (!err && parent != next) { if (is_lower && ovl_lookup_trap_inode(sb, parent)) { err = -ELOOP; pr_err("overlapping %s path\n", name); Secondly, there's a confusing aspect to this recursive storage. If you have /usr/lib/extensions/myext.raw which contains /usr/lib/extensions/mynested.raw 'systemd-sysext merge' will only pick up the first one, but both will appear in the merged root under /usr/lib/extensions/. So you have two extension images, both appear in your merged filesystem, but only one is actually in use. Finally, there's a conceptual aspect: the idea behind sysexts and hermetic /usr is that the /usr tree is not modified locally, but owned by the vendor. Dropping extensions in /usr thus goes contrary to this foundational concept.
*	unit: sysext: update unit name for sd-tmpfiles-setup	Mike Yuan	2023-03-18	1	-1/+1
\| \| \| \|	Fixes #26882
*	units: add ordering dependencies on initrd-switch-root.target	Zbigniew Jędrzejewski-Szmek	2022-09-15	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	For shutdown, we queue shutdown.target/start, so in every unit which should be stopped before shutdown, we need both Conflicts and an ordering dependency with shutdown.target (either Before= or After= would work, because stop jobs are always ordered before start jobs). For initrd transition, we queue initrd-switch-root.service/isolate. This automatically creates a /stop job for every running unit without IgnoreOnIsolate. But no ordering dependency is created, unless the unit has a (possibly transitive) ordering dependency on initrd-switch-root.service. Since most units must stop before the transition, we should add the ordering dependency. It is nicer to use Before=initrd-switch-root.target for this. initrd-switch-root.target is ordered before initrd-switch-root.service, so the effect it the same when both are in a transaction. Fixes #23745. To also cover the case where somebody is emergency mode in the initrd and queues initrd-switch-root.service/start (not isolate), also add Conflicts=initrd-switch-root.target, so various units are stopped properly. This extends 2525682565b372b9b83c848bfe89c025fed47a1d to cover all the other services that are touched. It could be consider "operator error", but it's easy to make and it's nicer if we can make this more foolproof.
*	units: reorder/split unit dependency blocks	Zbigniew Jędrzejewski-Szmek	2022-09-15	1	-4/+7
\| \| \| \| \| \| \| \| \| \| \| \| \|	The block is reordered and split to have: 1. description + documentation 2. (optionally) conditions 3. all the dependencies I think it's easier to read the units this way. Also, the Conflicts+Before is seperated out to separate lines. The ordering dependency is "fake", because it could just as well be After=, we are adding it to force ordering wrt. shutdown.target, and it plays a different role than the other Before=, which are about a real ordering on boot.
*	sysext: rework command line interface to be verb-based	Lennart Poettering	2021-01-20	1	-2/+2
\| \| \| \| \| \|	As suggested by @yuwata: https://github.com/systemd/systemd/pull/18181#pullrequestreview-570826113
*	sysext: install in rootbindir, remove template from unit	Luca Boccassi	2021-01-20	1	-0/+31
	This reverts commit 71ad75f30641b90f9ca0088869f164d9d085430f.