| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
socket (#6508)"
This reverts commit d2a1ba103b4ea22764953d795c36db3d492d50c9.
|
| |
|
|
|
| |
(#6508)
It fails to start in an unprivileged container as audit is not namespace aware.
|
| |\
| |
| | |
Some journal-gateway and journal-remote related fixes
|
| | |
| |
| |
| | |
systemd-journal-gateway from sysusers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Some kdbus_flag and memfd related parts are left behind, because they
are entangled with the "legacy" dbus support.
test-bus-benchmark is switched to "manual". It was already broken before
(in the non-kdbus mode) but apparently nobody noticed. Hopefully it can
be fixed later.
|
| |/
|
|
|
|
|
| |
Since busname units are only useful with kdbus, they weren't actively
used. This was dead code, only compile-tested. If busname units are
ever added back, it'll be cleaner to start from scratch (possibly reverting
parts of this patch).
|
| |
|
|
| |
... and other autotools-generated files.
|
| |
|
|
|
| |
v2:
- also mention m4
|
| |
|
|
|
|
|
|
|
|
| |
Currently we set 4096 as maximum for number of stream connections that
we accept. However maximum number of file descriptors that systemd is
willing to accept from us is just 1024. This means we can't retain all
stream connections that we accepted. Hence bump the limit of fds in a
unit file so that systemd holds open all stream fds while we are
restarted.
New limit is set to 4224 (4096 + 128).
|
| |
|
|
|
|
|
|
|
|
|
| |
Make agetty started by *getty* units pass '-p' option to "login", so it
doesn't clear the environment and passes whatever was setup by systemd
to shells. This is needed especially for programs which are specified as
user shells, but won't read locale settings from anywhere but
environment.
[zj: cherry-pick just the second patch from the series, see discussion
on the pull request.]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the initial design, foobar-wait-online.service would have
Requisite=foobar.service, so that foobar-wait-online.service could be enabled
unconditionally, irrespective of whether foobar.service itself is enabled.
Unfortunately this doesn't work too well:
1. the message about foobar-wait-online.service being skipped because of a
"missing dependency" *looks* like an is problem. This is mostly cosmetic,
but it also quite confusing. We generally don't want any messages of this
type during default boot.
2. it is impossible to start and wait for the network in an
implementation-agnostic way: systemctl start network-online.target, or
Wants/After=network-online.target in a unit don't work because pulling in
network-online.target pulls in foobar-wait-online.service, but it in turn
does not pull in foobar.service. During startup, foobar.service is pulled in
by multi-user.target, but not in a smaller transaction which does not
include multi-user.target.
This change means that *-wait-online.service should be installed through
presets, so that it can be enabled/disabled at will by the administrator.
Our own systemd-networkd-wait-online.service does this already, and
similar change has been requested for NetworkManager-wait-online.service
(https://bugzilla.redhat.com/show_bug.cgi?id=1455704).
This change should by mostly backwards-compatible, unless somebody has some
wait-online.service enabled, without having the corresponding network
implementation enabled, and they are relying on it not being started. I think
that's relatively unlikely because of issue 1. above, and I'm not aware of this
being the default in any distro. And being able to start the network in an
implementation-agnostic way is pretty important, see
https://bugzilla.redhat.com/show_bug.cgi?id=1452866.
|
| | |
|
| | |
|
| |\
| |
| | |
Make logind restartable.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch ensures that session devices are saved for each session.
In order to make the revokation logic work when logind is restarted, the
session devices are now saved in the session state files and their respective
file descriptors sent to PID1's fdstore in order to keep them open accross
restart.
This is mandatory in order to keep the revokation logic working. Indeed in case
of input-devices, the same file descriptors must be shared by logind and a
given session controller in order EVIOCREVOKE to work otherwise multiple
sessions can have device access in parallel.
This should be the only remaining and missing piece for making logind fully
restartable.
Fixes: #1163
|
| | |
| |
| |
| |
| | |
Since any part of the path could be remote mounted, make sure they are
before starting machined
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
/var can be on a remote filesystem, thus hooking it to local-fs.target is not correct.
Also, only install the mount unit when machined is enabled, because
machined is the one managing the underlying device, and thus makes no
sense without machined.
Fixes #1175
|
| | |
| |
| |
| | |
This fixes a race condition during boot, where an nspawn container would start
before /var/lib/machines got mounted resulting in a failure.
|
| |/
|
| |
All those names were very generic. Fixes #5911.
|
| |
|
|
|
|
|
|
|
| |
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.
Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
|
| |
|
|
| |
Mirror conditions from Makefile.am.
|
| | |
|
| |
|
|
| |
This causes an error with -u. Just add an empty fallback.
|
| |
|
|
|
|
|
| |
This way when the units are disabled, their dbus activation is also disabled.
v2:
- fix the symlink location
|
| |
|
|
|
|
|
|
|
| |
Shell scripts should be executable so that meson reports their
invocation succinctly (does not print 'sh' '-e').
Python scripts should not be executable so that meson does the
detection of the right python binary itself.
Add -u everywhere to catch potential errors.
|
| |
|
|
|
|
|
| |
The indentation for emacs'es meson-mode is added .dir-locals.
All files are reindented automatically, using the lasest meson-mode from git.
Indentation should now be fairly consistent.
|
| |
|
|
|
|
| |
The condition to install in_units was calculated, but not used.
99-default.link should be installed uncoditionally.
|
| |
|
|
|
| |
With -Dsplit-usr=true, we set rootprefix to /. This leads to //lib/systemd or
//lib/udev for various dir variables. Using join_paths() avoids this.
|
| |
|
|
|
|
|
|
|
|
| |
Ideally, we would chain the m4 processing, .in substitutions, and file
installation so that the commands don't have to be repeated. Unfortunately
this does not seem currently possible, because custom_target() output cannot
be fed into install_data(), so it's necessary to use the 'install',
'install_dir' arguments to control installation. Nevertheless, rework the
rules to repeat less stuff and unify handling of conditions between the
different file types.
|
| | |
|
| |
|
|
|
| |
v2:
- remove bashisms
|
| |
|
|
|
|
|
|
|
| |
This is the equivalent of $(INSTALL_DIRS) and install-touch-usr-hook.
I did not bother to create the directories into which we install files,
since they will be created anyway.
v2:
- remove bashism
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the equivalent of $(SYSTEM_UNIT_ALIASES) and $(GENERAL_ALIASES)
in Makefile.am.
ninja-build uninstall does not remove the symlinks, see
https://github.com/mesonbuild/meson/issues/1602.
I don't consider this a blocker: after all either one installs into $DESTDIR,
where uninstallation doesn't make much sense, or into a real system, where a
successfull uninstallation would likely destroy the system.
v2:
- remove bashisms
- add various forgotten symlinks and fix service/timer/target confusions
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's crucial that we can build systemd using VS2010!
... er, wait, no, that's not the official reason. We need to shed old systems
by requring python 3! Oh, no, it's something else. Maybe we need to throw out
345 years of knowlege accumulated in autotools? Whatever, this new thing is
cool and shiny, let's use it.
This is not complete, I'm throwing it out here for your amusement and critique.
- rules for sd-boot are missing. Those might be quite complicated.
- rules for tests are missing too. Those are probably quite simple and
repetitive, but there's lots of them.
- it's likely that I didn't get all the conditions right, I only tested "full"
compilation where most deps are provided and nothing is disabled.
- busname.target and all .busname units are skipped on purpose.
Otherwise, installation into $DESTDIR has the same list of files and the
autoconf install, except for .la files.
It'd be great if people had a careful look at all the library linking options.
I added stuff until things compiled, and in the end there's much less linking
then in the old system. But it seems that there's still a lot of unnecessary
deps.
meson has a `shared_module` statement, which sounds like something appropriate
for our nss and pam modules. Unfortunately, I couldn't get it to work. For the
nss modules, we need an .so version of '2', but `shared_module` disallows the
version argument. For the pam module, it also didn't work, I forgot the reason.
The handling of .m4 and .in and .m4.in files is rather awkward. It's likely
that this could be simplified. If make support is ever dropped, I think it'd
make sense to switch to a different templating system so that two different
languages and not required, which would make everything simpler yet.
v2:
- use get_pkgconfig_variable
- use sh not bash
- use add_project_arguments
v3:
- drop required:true and fix progs/prog typo
v4:
- use find_library('bz2')
- add TTY_GID definition
- define __SANE_USERSPACE_TYPES__
- use join_paths(prefix, ...) is used on all paths to make them all absolute
v5:
- replace all declare_dependency's with []
- add more conf.get guards around optional components
v6:
- drop -pipe, -Wall which are the default in meson
- use compiler.has_function() and compiler.has_header_symbol instead of the
hand-rolled checks.
- fix duplication in 'liblibsystemd' library name
- use the right .sym file for pam_systemd
- rename 'compiler' to 'cc': shorter, and more idiomatic.
v7:
- use ENABLE_ENVIRONMENT_D not HAVE_ENVIRONMENT_D
- rename prefix to prefixdir, rootprefix to rootprefixdir
("prefix" is too common of a name and too easy to overwrite by mistake)
- wrap more stuff with conf.get('ENABLE...') == 1
- use rootprefix=='/' and rootbindir as install_dir, to fix paths under
split-usr==true.
v8:
- use .split() also for src/coredump. Now everything is consistent ;)
- add rootlibdir option and use it on the libraries that require it
v9:
- indentation
v10:
- fix check for qrencode and libaudit
v11:
- unify handling of executable paths, provide options for all progs
This makes the meson build behave slightly differently than the
autoconf-based one, because we always first try to find the executable in the
filesystem, and fall back to the default. I think different handling of
loadkeys, setfont, and telinit was just a historical accident.
In addition to checking in $PATH, also check /usr/sbin/, /sbin for programs.
In Fedora $PATH includes /usr/sbin, (and /sbin is is a symlink to /usr/sbin),
but in Debian, those directories are not included in the path.
C.f. https://github.com/mesonbuild/meson/issues/1576.
- call all the options 'xxx-path' for clarity.
- sort man/rules/meson.build properly so it's stable
|
| |\
| |
| | |
Various meson-independent cleanups from the meson patchset
|
| | |
| |
| |
| |
| | |
This makes dbus-org.freedesktop.network1.service like dbus-org.freedesktop.resolve1.service.
When systemd-networkd.service is disabled, the alias is also removed.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
nss-lookup.target (#5691)
systemd-resolved provides
1. local API via NSS and D-Bus
2. kind of a local "DNS proxy" through its stub listener
The 1st item should be started before nss-lookup.target.
The 2nd item should be started before network-online.target,
because if the networking works in general, then DNS (and DNS proxy) should too.
Fixes #5650
|
| |/
|
|
|
|
|
| |
systemd-journald service consists of only single process and that is the
MainPID. Make unit file shorter and drop NotifyAccess=all since it is
not useful in such case.
https://lists.freedesktop.org/archives/systemd-devel/2017-April/038667.html
|
| |
|
|
|
|
|
|
| |
The commit c7fb922d6250543ba5462fa7a6ff03cc8f628e94 prohibits
journal-upload to save its state in /var/lib/systemd/journal-upload/state,
thus the daemon fails and outputs the following error message even if
the directory is not read-only file system
```Cannot save state to /var/lib/systemd/journal-upload/state: Read-only file system```
This commit adds the permission the daemon to write the state file.
|
| |
|
|
|
|
|
|
|
| |
Creating quota on an iscsi device is causing dependency loops at next reboot.
Reason is that systemd-quotacheck and quotaon.service are ordered before
local-fs.target and quota enabled mounts have a before dependency to them.
This cannot work for _netdev mounts, because network activation is ordered
after local-fs.target.
Moving the Before dependency for systemd-quotacheck and quotaon.service
to remote-fs.target fixes this.
|
| |
|
|
|
|
|
| |
Commit 5ed020d8d10fc100c68edddb519f085b7397a45c already fixed this issue for
getty@.service but forgot serial console.
Note that this is not needed for emergency target as the sysinit target
conflicts against this target already.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd-networkd.service (#5635)
In 58a6dd15582c038a25bd7059435833943e2e4617 s-n-wait-online.service was added
to presets to synchronize the presets with the state after installation. But it
is harmful to have s-n-wait-online.service enabled when s-n.service is
disabled, because s-n-wait-online.service has Requsite=s-n.service and cannot
be activated. Thus remove s-n-wait-online.service from presets again, and let
it be enabled whenever s-n.service is enabled.
During installation we create enablement symlinks by hand, and since s-n.service
is enabled, s-n-w-o.service should be enabled too, so the symlink should still
be created during installation.
https://bugzilla.redhat.com/show_bug.cgi?id=1433459#c15
|
| |
|
|
|
|
|
| |
The emergency.service and rescue.service units have become rather
convoluted. We spawn multiple shells and the help text spans multiple lines
which makes the units hard to read.
Move the logic into a single shell script and call that via ExecStart.
|
| |
|
| |
Follow up for #5528.
|
| |
|
|
|
|
|
| |
(#5528)
Ideally, plymouth should only be referenced via dependencies,
not ExecStartPre's. This at least avoids the confusing error message
on minimal installations that do not carry plymouth.
|
| |\
| |
| | |
Tighten sandbox of long-running services
|
| | |
| |
| |
| |
| |
| | |
SystemCallFilter= settings
Tighten security up a bit more.
|
| | |
| |
| |
| |
| | |
Dissecting a coredump is possibly risky and might take a while, hence
lock down the unit as much as we can.
|
| | | |
|
| | |
| |
| |
| | |
Let's step up the protection a notch
|
