| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
Fixes #29590
|
| |
|
|
|
|
|
|
|
|
|
| |
With file systems that have volume management functionalities or
volume managers like LVM, it's fine for the backing device of a mount
to disappear after mounted. Currently, we enforce BindsTo= or
StopPropagatedFrom= on the backing device, thus prohibiting such
cases. Instead, let's make this configurable through x-systemd.device-bound.
Closes #16801
Closes #29543
|
| |\
| |
| | |
Untangle the net-naming-scheme mess with SR-IOV-R "representor" information
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were testing the that C constant is defined, but we weren't actually testing
that the string name maps back to itself. This would catch the issue fixed by
the grandparent commit.
The test for the default name is moved to the test file to keep the tests
together. The define is renamed to not have "_TEST" in the name. The issue here
is complicated by the fact that we allow downstreams to inject additional
fields, so we don't know the name of the default scheme if it not set with
-Ddefault-net-naming-scheme=, so _DEFAULT_NET_NAMING_SCHEME[_TEST] is not
defined in all cases, but at least in principle it could be used in other
places. If it exists, it is fully valid.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://github.com/systemd/systemd/pull/29582 adds the "v254" name. This also
changes what the default is and what "latest" refers to. Without the name, the
code could be enabled via runtime configuration. Nevertheless, it could be
enabled at compilation time. In other words:
meson setup build -Ddefault-net-naming-scheme=v254
would work, but
net.naming-scheme=v254
would fail.
It is possible that people were using the compile-time override, so I think
we should allow "v254" scheme to stay and clearly document that it wasn't the
default.
Unfortunately, unless people manually introduced the compile-time override, we
were never actually testing the new code too. So all the pull request testing
was not useful.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add persistent symlinks for MTD devices like SPI-NOR flash, based on the
partition names specified on the cmdline, in a Device Tree, or by other
MTD partitioning parser drivers. Using the persistent name can be
preferable to using the numbered /dev/mtdX device, as the latter can
change depending on probe order or when partitioning has changed.
|
| |\ \
| | |
| | | |
Add --json and filtering options for --export-db to udevadm info
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's support the same filtering options that we also support in
udevadm trigger in udevadm info to filter the devices produced by
--export-db.
One difference is that all properties specified by --propery-match=
have to be satisfied in udevadm info unlike udevadm trigger where just
one of them has to be satisfied.
|
| | | |
| | |
| | |
| | |
| | | |
This allows getting the udevadm info --export-db and query "all" output
as JSON.
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
If systemd-nspawn is newer than the running systemd, we might try to set
CoredumpReceive=yes when systemd doesn't know about it yet. Try and
check if the running systemd is aware of this setting, and if not, don't
try and use it.
Fixes 411d8c72ec
("nspawn: set CoredumpReceive=yes on container's scope when --boot is set").
|
| | |
| |
| |
| | |
Follow up to 88d2bda8120dcc375a90e28b64de06b9646ab3b6
|
| |\ \
| | |
| | | |
run: output invocation ID when starting service and scope units
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We read properties of the unit, hence it shouldn't be GC'ed as long as
we run. Hence, let's just set AddRef unconditionally for the units we
create.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
coredump: support forwarding coredumps to containers
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When --boot is set, and --keep-unit is not, set CoredumpReceive=yes on
the scope allocated for the container. When --keep-unit is set, nspawn
does not allocate the container's unit, so the existing unit needs to
configure this setting itself.
Since systemd-nspawn@.service sets --boot and --keep-unit, add
CoredumpReceives=yes to that unit.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Currently it is in the "Memory Pressure and Control" section, which does
not seem accurate.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If a process crashes within a container, try and forward the coredump to
that container. To do this, check if the crashing process is in a
different pidns, and if so, find the PID of the namespace leader. We
only proceed with forwarding if that PID belongs to a cgroup that is
descendant of another cgroup with user.delegate=1 and
user.coredump_receive=1 (i.e. Delegate=yes and CoredumpReceive=yes).
If we proceed, attach to the namespaces of the leader, and send the
coredump to systemd-coredump.socket in the container. Before this is
done, we need to translate the PID, UID, and GID, and also re-gather
procfs metadata. Translate the PID, UID, and GID to the perspective of
the container by sending an SCM_CREDENTIALS message over a socket pair
from the original systemd-coredump process, to the process forked in the
container.
If we cannot successfully forward the coredump, fallback to the current
behavior so that there is still a record of the crash on the host.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For a given PID and namespace type, this helper function gives the PID
of the leader of the namespace containing the given PID. Use this in
systemd-coredump instead of using the existing get_mount_namespace_leader.
This helper will be used again in a later commit.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For convenience, store the crashing process's UID and GID in Context (as
uid_t and gid_t, respectively), as is currently done for the PID. This
means we can just parse the UID/GID once in save_context(), and use
those values in other places.
This is just re-factoring, and is a preparation commit for container
support.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This setting indicates that the given unit wants to receive coredumps
for processes that crash within the cgroup of this unit. This setting
requires that Delegate= is also true, and therefore is only available
where Delegate= is available.
This will be used by systemd-coredump to support forwarding coredumps to
containers.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Take is_delegated from cgroup-show.c, and make it a generic helper
function. This new helper will be used again in a later commit.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Instead of mounting over, do an atomic swap using mount beneath, if
available. This way assets can be mounted again and again (e.g.:
updates) without leaking mounts.
|
| |\ \ \ \
| | | | |
| | | | | |
sysext: add a varlink IPC interface
|
| | | | | | |
|
| | | |/ /
| |/| | |
|
| |\ \ \ \
| |/ / /
|/| | | |
namespace: normalize memory management of mount list
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
@bluca thinks duplicate logging as a feature, hence simply mark these
log messages as // FIXME, but don't bother.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
almost all code in namespace.c only logs at debug level as it is
"library-like" code. But there are some outliers. Adjust them to match
the rest of the code
(Well, there are some left)
|
| | | | |
| | | |
| | | |
| | | | |
inode
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
frankly, the log message shouldn't be there at all, but the error path
be propagated up, with a recognizable error code. But apparently this is
important to @bluca.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Let's simplify things, and make them more alike handling more similar to
the other ProtectXYZ= settings.
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
So far we calculated exactly how many mounts we will generate, which is
a bit fragile, and easy to get wrong.
Let's normalize this, and grow the array of mounts as we need.
Various other modernizations while we are at it, such as FOREACH_ARRAY
usage, or `_cleanup_` usage.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
UKIs may be loaded in a way, that there can not be a device handle to
the filesystem, that contains the image, for example when using a
bootloader to load the image from a partition with a file system that is
not supported by the firmware.
With the current systemd stub, this causes a failed assertion, because
stub gets passed a NULL DeviceHandle and FilePath. Inserting two
explicit checks enables proper boot even in this case.
Fixes: #29331
|
| |\ \ \
| | | |
| | | | |
varlink: add a couple of tests + accompanying fixes
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
'#' is never part of either allowed_chars or allowed_delimiters when we
parse structs/enums.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
According to RFC 6762 section 8, an mDNS responder is supposed to announce its
records after probing.
Currently, there is a check in dns_scope_announce which returns if there are any
pending transactions. This prevents announcements from being sent out even if there
are pending non-probe transactions.
To fix this, return only if there are active probe transactions.
|
