| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
is "uninitialized"
Then, this drops ID128_PLAIN_OR_UNINIT. Also, this renames
Id128Format -> Id128FormatFlag, and make it bitfield.
Fixes #25634.
|
| |
|
|
|
|
| |
When building in a chroot there might not be any machine-id
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So this is a bit of a bikeshedding thing. But I think we should do this
nonetheless, before this is released.
Playing around with the glob matches I realized that "=$" is really hard
to grep for, since in shell code it's an often seen construct. Also,
when reading code I often found myself thinking first that the "$"
belongs to the rvalue instead of the operator, in a variable expansion
scheme.
If we move the $ character to the left hand, I think we are on the safer
side, since usually lvalues are much more restricted in character sets
than rvalues (at least most programming languages do enforce limits on
the character set for identifiers).
It makes it much easier to grep for the new operator, and easier to read
too. Example:
before:
ConditionOSRelease=ID=$fedora-*
after:
ConditionOSRelease=ID$=fedora-*
|
|
|
|
|
| |
We support this for smbios matches, hence do so for /etc/os-release
matches too.
|
|
|
|
| |
Follow-up for acd3c8662465c1f36c0c0fc974584694928d9234
|
| |
|
|
|
|
| |
information
|
|
|
|
|
|
|
| |
credentials passed in
This is useful when provisioning systems via nspawn/qemu and running
specific services only if specific data is passed into the system.
|
|
|
|
| |
Fixes #23697.
|
|
|
|
|
|
|
| |
Some parts of our tree used 'Architecture' for storing architectures,
others used ints. Let's unify on the former.
Inspired by #22952's rework of the 'Virtualization' enum.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.
Fixes #20139
|
|
|
|
|
|
|
|
|
| |
This converts to TEST macro where it is trivial.
Some additional notable changes:
- simplify HAVE_LIBIDN #ifdef in test-dns-domain.c
- use saved_argc/saved_argv in test-copy.c, test-path-util.c,
test-tmpfiles.c and test-unit-file.c
|
|
|
|
|
|
|
|
| |
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.
No code changes, just some splitting out of code.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Amazon EC2 Nitro hypervisor is technically based on KVM[1], which
systemd-detect-virt identify propely from CPUID. However the lack of
CPUID on aarch64 (A1, T4 instance type) prevents a correct
identification, impacting hostnamectl and systemd-random-seed. Instead
it's possible to identify virtualization from DMI vendor ID.
Prior to this commit:
# hostnamectl
Static hostname: n/a
Transient hostname: ip-10-97-8-12
Icon name: computer
Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b
Boot ID: b7b7e2fe0079448db664839df59f9817
Operating System: Gentoo/Linux
Kernel: Linux 5.4.69-longterm
Architecture: arm64
After this commit:
# hostnamectl
Static hostname: n/a
Transient hostname: ip-10-97-8-12
Icon name: computer-vm
Chassis: vm
Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b
Boot ID: bd04da57084e41078f20541101867113
Virtualization: amazon
Operating System: Gentoo/Linux
Kernel: Linux 5.4.69-longterm
Architecture: arm64
[1] https://aws.amazon.com/ec2/faqs/
|
|
|
|
|
|
| |
Debian builds in a chroot without cgroup mounted, so tests expecting
to access cgroup will fail with ENOMEDIUM, so skip the tests in that
situation.
|
|
|
|
|
|
|
|
|
|
| |
Before, we only allowed conditionalizing on controllers, not the hierarchy.
This commit extends this to allow a simple check for v1 (i.e. classic or hybrid),
and v2 (full unified).
An alternative approach would be to add a separate Condition for this, but I'm
not too keen on that, considering that v1 is already being deprecrecated
(c.f. 82f3063218).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Taking a stab at implementing #14479.
Add {Condition,Assert}CPUFeature to `systemd-analyze` & friends. Implement it
by executing the CPUID instruction. Add tables for common x86/i386
features.
Tested via unit tests + checked that commands such as:
```bash
systemd-analyze condition 'AssertCPUFeature = rdrand'
```
Succeed as expected and that commands such as
```bash
systemd-analyze condition 'AssertCPUFeature = foobar'
```
Fail as expected. Finally, I have amended the `systemd.unit` manual page
with the new condition and the list of all currently supported flags.
|
| |
|
|
|
|
|
| |
Those are functions that express policy, and nothing in basic/ uses
(or should use) them.
|
|
|
|
|
|
|
|
|
|
| |
The concept is flawed, and mostly useless. Let's finally remove it.
It has been deprecated since 90a2ec10f2d43a8530aae856013518eb567c4039 (6
years ago) and we started to warn since
55dadc5c57ef1379dbc984938d124508a454be55 (1.5 years ago).
Let's get rid of it altogether.
|
|
|
|
|
|
|
| |
Prompted by the discussions in #15180.
This is a bit more complex than I hoped, since for PID 1 we need to pass
in the synethetic environment block in we generate on demand.
|
|
|
|
|
|
|
| |
It's easy to add, and should be pretty useful, in particular as in
AssertPathIsEncrypted= as it can be used for checking that
some path is encrypted before some service is invoked that might want to
place secure material there.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't assume that 4MB can be allocated from stack since there could be smaller
DefaultLimitSTACK= in force, so let's use malloc(). NUL terminate the huge
strings by hand, also ensure termination in test_lz4_decompress_partial() and
optimize the memset() for the string.
Some items in /proc and /etc may not be accessible to poor unprivileged users
due to e.g. SELinux, BOFH or both, so check for EACCES and EPERM.
/var/tmp may be a symlink to /tmp and then path_compare() will always fail, so
let's stick to /tmp like elsewhere.
/tmp may be mounted with noexec option and then trying to execute scripts from
there would fail.
Detect and warn if seccomp is already in use, which could make seccomp test
fail if the syscalls are already blocked.
Unset $TMPDIR so it will not break specifier tests where %T is assumed to be
/tmp and %V /var/tmp.
|
|
|
|
| |
We were checking the uid, whereas we should have checked the gid
|
|
|
|
|
|
| |
I want to use efivars.[ch] in proc-cmdline.c, but most of the efivars stuff is
not needed in basic/. Move the file from shared/ to basic/, but then move back
most of the higher-level functions to the new shared/efi-loader.c file.
|
|
|
|
|
|
|
| |
This avoid the use of the global variable.
Also rename cgroup_unified_update() to cgroup_unified_cached() and
cgroup_unified_flush() to cgroup_unified() to better reflect their new roles.
|
|
|
|
| |
condition_test returns 0, 1, or error.
|
|
|
|
|
|
|
|
|
|
| |
Before only one comparison was allowed. Let's make this more flexible:
ConditionKernelVersion = ">=4.0" "<=4.5"
Fixes #12881.
This also fixes expressions like "ConditionKernelVersion=>" which would
evaluate as true.
|
|
|
|
|
| |
It just seems to fit better there and it's always better to have things
in shared/ rather than basic/.
|
| |
|
| |
|
|
|
|
|
| |
The advantages are that we save a few lines, and that we can override
logging using environment variables in more test executables.
|
|
|
|
| |
We don't look at the result anyway.
|
|
|
|
| |
Also print out what we detect, for manual verification.
|
|
|
|
|
|
|
|
| |
Fixes #9320.
for p in Shapovalov Chevalier Rozhkov Sievers Mack Herrmann Schmidt Rudenberg Sahani Landden Andersen Watanabe; do
git grep -e 'Copyright.*'$p -l|xargs perl -i -0pe 's|/([*][*])?[*]\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\s*[*]([*][*])?/\n*|\n|gms; s|\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\n*|\n|gms'
done
|
|
|
|
|
|
| |
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
|
|
|
|
|
| |
As an optimization cg_mask_to_string() returns NULL if there are no
controllers available. We need to handle that.
|
|
|
|
|
| |
Now that we have str_verscmp() in our source tree anyway, let's make it
generic and reuse it for ConditionKernelVersion=.
|
|
|
|
|
|
|
|
|
|
| |
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up until now, the behaviour in systemd has (mostly) been to silently
ignore failures to action unit directives that refer to an unavailble
controller. The addition of AssertControlGroupController and its
conditional counterpart allow explicit specification of the desired
behaviour when such a situation occurs.
As for how this can happen, it is possible that a particular controller
is not available in the cgroup hierarchy. One possible reason for this
is that, in the running kernel, the controller simply doesn't exist --
for example, the CPU controller in cgroup v2 has only recently been
merged and was out of tree until then. Another possibility is that the
controller exists, but has been forcibly disabled by `cgroup_disable=`
on the kernel command line.
In future this will also support whatever comes out of issue #7624,
`DefaultXAccounting=never`, or similar.
|