| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
message (#7322)
PR #7186 changes requires_mounts_for from strv to Hashmap.
So, it is necessary to implement a function for getting the property RequiresMountsFor=.
This introduces property_get_requires_mounts_for() which reads the Hashmap
and sends messages to bus.
Fixes #7321.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you use machinectl to bind a file into a container, it responds with a confusing error message about a temporary directory not being a directory.
I just swapped it to error with the source that was passed, rather than the tmpdir.
It would also be nice to be able to bind files, but that's a separate issue (#7195).
Before the change:
root@epona /var/lib/sandbox $ cat bar/foo
Hello world!
root@epona /var/lib/sandbox $ machinectl bind testing /var/lib/sandbox/bar/foo /foo
Failed to bind mount: Failed to overmount /tmp/propagate.W5TNsj/mount: Not a directory
After the change:
root@epona /var/lib/sandbox $ machinectl bind testing /var/lib/sandbox/bar/foo /foo
Failed to bind mount: Failed to overmount /var/lib/sandbox/bar/foo: Not a directory
|
| |
|
|
|
|
|
|
| |
not systemd (#7318)
We only show this message when we can't talk to systemd, so that client
side install can work.
Fixes: https://bugzilla.freedesktop.org/show_bug.cgi?id=69962
|
| |
|
|
|
|
|
|
| |
Let's reduce the amount of noise a bit, there's little point in
complaining loudly about every single unit like this, let's complain
only about the first one, and then downgrade the log level to LOG_DEBUG
for the other cases.
Fixes: #7188
|
| |
|
|
| |
The check is redundant as the whole block is only evaluated if
__IGNORE_pkey_mprotect is not defined. Change to #else.
|
| |\
| |
| | |
add a concept of delegating cgroups per unit while enabling specific controllers
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Previously it was not possible to select which controllers to enable for
a unit where Delegate=yes was set, as all controllers were enabled. With
this change, this is made configurable, and thus delegation units can
pick specifically what they want to manage themselves, and what they
don't care about.
|
| | |
| |
| |
| |
| | |
Messages that do not indicate a failing operation, but where we continue
operation should be at LOG_WARN, not at LOG_ERR.
|
| | |
| |
| |
| | |
And let's port over a couple of users to the new APIs.
|
| | | |
|
| | |
| |
| |
| |
| | |
This makes things more readable and fixes some issues with incorrect
flag propagation between the various flavours of config_parse().
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
subtree_mask is own_mask | members_mask, let's make use of that to
shorten a few things
|
| | | |
|
| | |
| |
| |
| | |
which v1-only
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise it's a pointless excercise, as we'll set up an empty directory
tree that's never going to be used.
Hence, let's move this around a bit, so that we do the basesystem
initialization exactly when RootImage= or RootDirectory= are used, but
not otherwise.
|
| | |
| |
| |
| |
| |
| |
| | |
We already print it as part of log_syntax() internal logic, don't print
it again, and in particular, don't print it at the end of log line, such
a strange place.
Follow-up for: 142468d89508c63262dd59335ea6d4fe82267564
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
maps are enabled (#7298)
So far, we assumed that kernels where TRIE was on also supported
BPF/cgroup stuff. That's not a correct assumption to make, hence check
for both features separately.
Fixes: #7054
|
| |\ \
| |/
|/| |
basic/missing: add numbers for pkey_mprotect
|
| | |
| |
| |
| |
| |
| | |
When compiling with an old kernel on architectures for which the
number is not defined in missing.h, a warning is generated in missing.h.
Let's just skip the protection in this case, to allow build to proceed.
|
| | |
| |
| |
| | |
Follow-up for b835eeb4ec1dd122b6feff2b70881265c529fcdd.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#7295)
MemoryDenyWriteExecution policy could be be bypassed by using pkey_mprotect
instead of mprotect to create an executable writable mapping.
The impact is mitigated by the fact that the man page says "Note that this
feature is fully available on x86-64, and partially on x86", so hopefully
people do not rely on it as a sole security measure.
Found by Karin Hossen and Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/bugs/1725348
|
| |
|
| |
Fixes: #7135
|
| |
|
|
|
|
|
|
|
|
| |
Let's clarify that it's not networkd that renames interfaces, but
something else (for example, udev's link builtin based on .link files)
This doesn't change any logic, it just rewords the message a bit, to
clarify that we only log this for informational purposes, not because we
execute the rename operation ourselves.
Fixes: #7143
|
| |\
| |
| |
| |
| |
| |
| |
| | |
Fix loginctl seat sysfs tree ellipsation logic.
Simple reproducer:
loginctl --full seat-status seat0|cat
→ after this PR, all lines are shown in full. Before, lines were ellipsized to terminal width.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's hook up the sysfs tree output with the output flags logic,
already used when dumping log lines or process trees. This way we get
very similar output handling for line breaking/ellipsation in all three
outputs of structured data.
Fixes: #7095
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's say that (size_t) -1 (i.e. SIZE_T_MAX) is equivalent to
"unbounded" ellipsation, i.e. ellipsation as NOP. In which case the
relevant functions become little more than strdup()/strndup().
This is useful to simplify caller code in case we want to turn off
ellipsation in certain code paths with minimal caller-side handling for
this.
|
| | |
| |
| |
| |
| |
| | |
loginctl, machinectl, systemctl all have very similar implementations of
a get_output_flags() functions. Simplify it by merging two lines that
set the same flag.
|
| | |
| |
| |
| |
| |
| | |
places
Let's shorten the code a bit.
|
| | |
| |
| |
| | |
Not that we need it, but let's do this as matter of completeness.
|
| | |
| |
| |
| |
| |
| | |
We show journal data, hence we should install the SIGBUS handler.
Similar for machinectl, where the same applies.
|
| |\ \
| | |
| | | |
rework unit dependency data structure to track why deps get created
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
No need to set an empty string here, sd-bus serializes NULL as empty
string anway.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There should be a way to turn this logic of, and DefaultDependencies=
appears to be the right option for that, hence let's downgrade this
dependency type from "implicit" to "default, and thus honour
DefaultDependencies=.
This also drops mount_get_fstype() as we only have a single user needing
this now.
A follow-up for #7076.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
with sysfs path
This should make cases like the user's setup in #7109 a lot easier to
handle, as in that case we'll do the right escaping automatically.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
right moment
Previously dependencies configured with SYSTEMD_WANTS would be collected
on a device unit as long as it was loaded. let's fix that, and remove
dependencies again when SYTEMD_WANTS changes.
|
| | | |
| | |
| | |
| | | |
Let's drop use of one variable and make the rest more explicit.
|
| | | |
| | |
| | |
| | |
| | | |
let's make use of the dependency mask, and add internal API to remove
dependencies ago, based on bits in the dependency mask.
|
| | | |
| | |
| | |
| | |
| | | |
Let's log when we can't parse the udev property, and always use the most
precise, correct types.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This replaces the dependencies Set* objects by Hashmap* objects, where
the key is the depending Unit, and the value is a bitmask encoding why
the specific dependency was created.
The bitmask contains a number of different, defined bits, that indicate
why dependencies exist, for example whether they are created due to
explicitly configured deps in files, by udev rules or implicitly.
Note that memory usage is not increased by this change, even though we
store more information, as we manage to encode the bit mask inside the
value pointer each Hashmap entry contains.
Why this all? When we know how a dependency came to be, we can update
dependencies correctly when a configuration source changes but others
are left unaltered. Specifically:
1. We can fix UDEV_WANTS dependency generation: so far we kept adding
dependencies configured that way, but if a device lost such a
dependency we couldn't them again as there was no scheme for removing
of dependencies in place.
2. We can implement "pin-pointed" reload of unit files. If we know what
dependencies were created as result of configuration in a unit file,
then we know what to flush out when we want to reload it.
3. It's useful for debugging: "systemd-analyze dump" now shows
this information, helping substantially with understanding how
systemd's dependency tree came to be the way it came to be.
|
| | | | |
|
| | | | |
|
| | |/ |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes each system call in SystemCallFilter= blacklist optionally
takes errno name or number after a colon. The errno takes precedence
over the one given by SystemCallErrorNumber=.
C.f. #7173.
Closes #7169.
|
