| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This essentially reverts 5656cdfeeabc16b5489f5ec7a0a36025a2ec1f23. I find it
much easier to understand what is going on when the
path-relative-to-the-search-path is passed in full, instead of being constructed
from two parts, with one of the parts being implicit in some places.
Also, we call 'systemd-analyze cat-config <path>' with <path> with the same
meaning, so this makes the internal and external APIs more consistent.
|
| | | |
| | |
| | |
| | | |
Follow-up for b0d3095fd6cc1791a38f57a1982116b4475244ba.
|
| | | |
| | |
| | |
| | |
| | | |
If we're building a strv, let's just use strv_new() with the CONF_PATHS macro,
which gives as an exploded string set.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The name resolver.arpa is reserved for RFC9462 "Discovery of Designated
Resolvers" (DDR). This relies on regular dns queries for SVCB records at
the special use domain name _dns.resolver.arpa. Unfortunately, older
nameservers (or broken ones) won't know about this SUDN and will likely
return NXDOMAIN. If this is cached, the cache entry will become an
impediment for any clients trying to discover designated resolvers
through the stub-resolver, or potentially even sd-resolved itself, were
it to implement DDR.
The RFC recommendation is that "clients MUST NOT perform A or AAAA
queries for resolver.arpa", and "resolvers SHOULD respond to queries of
any type other than SVCB for _dns.resolver.arpa. with NODATA and queries
of any type for any domain name under resolver.arpa with NODATA." which
should help avoid potential compatibility issues. This enforces that
condition within sd-resolved, and avoids caching any such erroneous
NXDOMAIN.
The RFC also recommends requests for this domain should never be
forwarded, to prevent authentication failures. Since there isn't much
point in establishing secure communication to the local stub, we still
allow SVCB to be forwarded from the stub, in case the client cares to
implement some other authentication method and understands the
consequences of skipping the local stub. Normal clients are not
expected to implement DDR, but this change will protect sd-resolved's
own caches in case they try.
Although A and AAAA are prohibited, I think validating resolvers
might reasonably query for dnssec records, even though the resolver.arpa
zone does not exist (it is declared to be a locally served zone). For
this reason, I have also added resolver.arpa to the builtin dnssec NTA.
|
| | | |
| | |
| | |
| | |
| | | |
file (#31666)
* Add more unit test to cover the uid_range_covers inside the uid-range.c file
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Follow-up for 59afe07c217c73e3c7c19fb06aef2ff7bf609fd2
|
| |\ \ \
| |_|/
|/| | |
Freezer trivial follow-up
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Follow-up for 7483708131b474d92c9207c8c6340b450b58cb94
Make sure that function param names match between
source and header. Also, place UnitFreezer params
in front.
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Follow-up for f274f8bf256702c5fd0c68d3f7bd6aeba74dfcf0
We define *_SLOW_BUS_CALL_TIMEOUT in each component's
own file too. This one is no different and doesn't need
to be in constants.h IMO.
|
| | |
| |
| |
| |
| |
| | |
This behavior was changed.
Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
|
| |\ \
| | |
| | | |
shared/install: several cleanups
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
This is stack-allocated, so update to match our usual rules.
|
| |\ \ \
| | | |
| | | | |
tmpfiles: fix for 'X' bit handling and use it where appropriate
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow-up for 26d98cdd78cb5283f5771bd5866997acc494b067
I.e. stat() cannot be used here.
Also, before this commit, the 'X' is only applied if
the owner has execute bit set. Now it takes group and
other into consideration too. setfacl(1) also has
the same behavior.
|
| | |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
LoongArch does not yet support the `-mgeneral-regs-only` option, so when
compiling for EFI, we need to use the `-mno-lsx` and `-mno-lasx` options
to disable SIMD instructions.
|
| |\ \ \
| | | |
| | | | |
Build distribution packages in mkosi
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:
- Vastly simplified mkosi scripts since we don't need a separate initrd
image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
anymore for the initrd and as such we don't need to care about the
size anymore.
- The systemd packages that get pulled in as dependencies of other
packages get properly uninstalled and replaced with our packages that
we built instead of just installing on top of an existing systemd
installation with no guarantee that everything from that previous
installation was removed.
- Much better testing coverage as what we're testing is much closer
to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
use the proper directories and such instead of having to hack this
into a mkosi build script.
- ...
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Coverity fixes
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This works as expected, but coverity warns that it could be ambiguous and context
suggests the other way around. Add brackets to disambiguate.
CID#1535101
Follow-up for 6399be223b73ce520654242ad08de387b08b738a
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CID#1535100
Follow-up for c6342e35b07f750771f0fdb3c80a27d3272e8001
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
null pointer (#31653)
There is no need to check the pointer as the pointer will never be NULL.
Co-authored-by: Frantisek Sumsal <frantisek@sumsal.cz>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
resolved: add varlink API for resolving raw RRs
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now that we have an address, hostname, and service resolve, at the last
kind of resovler we expose over D-Bus also to Varlink.
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
interface
Let's define this in the generic interface and then import it into the
Monitor interface too.
This is preparation for adding an interface to resolve arbitrary RRs via
Varlink, which means we want the type in both interfaces.
|
| |/ / /
| | |
| | |
| | |
| | | |
The service parsing/using this directory is systemd-timedated, not
systemd-timesyncd.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously all queries to the reverse mapping domains (in-addr.arpa and
ip6.arpa) were considered to be in-scope for mdns and llmnr at the same
priority as DNS. This caused sd-resolved to ignore NXDOMAIN responses
from dns in favor of lengthy timeouts.
This narrows the scope of mdns and llmnr so they are not invariably
considered as fallbacks for these domains. Now, mdns/llmnr on a link
will only be used as a fallback when there is no suitable DNS scope, and
when that link is DefaultRoute.
|
| |\ \ \
| | | |
| | | | |
Freeze user sessions for all types of sleep
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
These changes have the potential to break suspend on systems with
proprietary NVIDIA drivers, so we should make a big NEWS entry about it
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Whenever a home directory is in a locked state, accessing the files of
the home directory is extremely likely to cause the thread to hang. This
will put the session in a strange state, where some threads are hanging
due to file access and others are not hanging because they are not
trying to access any of the user's files.
This can lead to a whole slew of consequences. For example, imagine a
likely situation where the Wayland compositor is not hanging, but the
user's open apps are. Eventually, the compositor will detect that none
of the apps are responding to its pings, assume that they're frozen
(which they are), and kill them. The systemd user instance can end up in
a similarly confused state and start killing user services. In the worst
case, killing an app at an unexpected moment can lead to data loss.
The solution is to suspend execution of the whole user session by
freezing the user's slice.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, we'd only freeze user.slice in the case of s2h, because we
didn't want the user session to resume while systemd was transitioning
from suspend to hibernate.
This commit extends this freezing behavior to all sleep modes.
We also have an environment variable to disable the freezing behavior
outright. This is a necessary workaround for someone that has hooks
in /usr/lib/systemd/system-sleep/ which communicate with some
process running under user.slice, or if someone is using the proprietary
NVIDIA driver which breaks when user.slice is frozen (issue #27559)
Fixes #27559
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This utility lets us freeze units, and then automatically thaw them
when via a _cleanup_ handler. For example, you can now write something
like:
```
_cleanup_(unit_freezer_thaw) UnitFreezer freezer = UNIT_FREEZER_NULL;
r = unit_freezer_freeze("myunit.service", &freezer);
if (r < 0)
return r;
// Freeze is thawed once this scope ends
```
Aside from the basic _freeze and _thaw methods, there's also
_cancel and _restore. Cancel destroys the UnitFreezer without
thawing the unit. Restore creates a UnitFreezer without freezing it.
The idea of these two methods is that it allows the freeze/thaw to
be separated from each other (i.e. done in response to two separate
DBus method calls). For example:
```
_cleanup_(unit_freezer_thaw) UnitFreezer freezer = UNIT_FREEZER_NULL;
r = unit_freezer_freeze("myunit.service", &freezer);
if (r < 0)
return r;
// Freeze is thawed once this scope ends
r = do_something()
if (r < 0)
return r; // Freeze is thawed
unit_freezer_cancel(&freezer); // Thaw is canceled.
```
Then in another scope:
```
// Bring back a UnitFreezer object for the already-frozen service
_cleanup_(unit_freezer_thaw) UnitFreezer freezer = UNIT_FREEZER_NULL;
r = unit_freezer_restore("myunit.service", &freezer);
if (r < 0)
return r;
// Freeze is thawed once this scope ends
```
|
| |\ \ \ \
| | | | |
| | | | | |
core/service: two fixes for ExitType=cgroup
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
with ExitType=cgroup
It's not clear to me what the rationale of the logic was
when ExitType=cgroup got introduced. But similar to
the previous commit, I think we should not transition to
'start-post' on cgroup empty event. This is especially
important for Type=dbus/notify services.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when ExitType=cgroup and main process exits
Follow-up for ef4300654e70e76ed74f7d544e0f44c5d92fb698
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Follow-up for 1c20c9f4fce3b2eb501a776fb6025d6b5567fc00.
Fixes https://github.com/systemd/systemd/pull/31550#issuecomment-1980458377.
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
A couple of tweaks for test-execute
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
For some reason root in GH actions is able to _decrease_ its oom score
even after dropping all capabilities (including CAP_SYS_RESOURCE), until
the oom score is changed explicitly after sudo:
$ systemd-detect-virt
microsoft
$ sudo su -
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
pid 22180's OOM score adjust value changed from 500 to -101
~# choom -p $$ -n 500
pid 22027's OOM score adjust value changed from 500 to 500
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
...
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
choom: failed to set score adjust value: Permission denied
I have no idea what's going on, but it breaks
exec-oomscoreadjust-negative.service from test-execute when running
unprivileged.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Otherwise the unprivileged part of test-execute gets silently skipped:
/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
meson: Remove version_h dependency from jinja2_cmdline
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
version_h includes GIT_VERSION which only makes sense for C files
which aren't preprocessed by jinja2 so remove the argument.
The end result of this change is that the man pages are not recompiled
anymore every time GIT_VERSION changes.
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
GIT_VERSION only makes sense for C files as it depends on C preprocessor
macro expansion now so let's use VERSION_TAG instead of GIT_VERSION
for the two remaining usages of GIT_VERSION that are not in C files.
|
