summaryrefslogtreecommitdiffstats
path: root/man/sd_notify.xml (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-06-24TEST-55-OOMD: use 'stress' to create high pressureLuca Boccassi5-45/+10
The test fails on my machine, running Debian stable, because testsuite-55-testbloat.service just swaps and never goes over the limit, so it's not killed. Use 'stress' instead which seems to be able to overwhelm the swap too.
2023-06-23execute: don't honour PrivateNetwork() if we lack CAP_NET_ADMINLennart Poettering1-4/+8
Somehow the Linux kernel allows us to allocate a network namespace if we possess CAP_SYS_ADMIN but doesn't allow us to configure it, unless we also have CAP_NET_ADMIN. Taking that into consideration let's avoid allocating a network namespace we cannot even configure "lo" in. This is common case if nspawn is invoked without userns and without netns, because in that case it will have CAP_SYS_ADMIN but no CAP_NET_ADMIN. This also takes down a notch the messages about the automatic downgrading. These have been LOG_WARNING so far, and I downgraded them to LOG_NOTICE, since in an environment where CAP_NET_ADMIN is not available this is really not something to be concerned about, but still noticable. With that it's still more priorized than regular LOG_INFO. Fixes: #27292
2023-06-23test: ensure ProtectProc=invisible retains host submountsLennart Poettering1-0/+18
2023-06-23namespace: when mounting new proc instance, bind mount submounts of source overLennart Poettering1-0/+4
Fixes: #28059
2023-06-23mount-util: add helper that can bind mount submounts of one dir to anotherLennart Poettering3-4/+137
2023-06-23mount-util: don't claim maybe-uninitialized was false that is validLennart Poettering1-2/+2
2023-06-23tmpfile-util: drop spurious double newlineLennart Poettering1-1/+0
2023-06-23hibernate-resume: support resuming through efivar HibernateLocationMike Yuan2-1/+107
2023-06-23sleep: write hibernate location to efivar HibernateLocationMike Yuan1-2/+86
2023-06-23hibernate-resume: rework to follow the logic of sleep.c and useMike Yuan10-104/+111
main-func.h Preparation for #27247
2023-06-23bootctl: log correct error about device_path_make_canonical()Mike Yuan1-1/+3
2023-06-23sleep: always write resume_offset if possibleMike Yuan3-42/+55
There's no need to conditionalize this. Setting resume_offset=0 doesn't harm, and can even help by overriding potentially existing half-written settings.
2023-06-23man: fix references to gethostname/sethostnameAntonio Alvarez Feijoo1-2/+2
2023-06-23update TODOLennart Poettering1-0/+48
2023-06-23tree-wide: use https for the 0pointer.de doc linksFrantisek Sumsal15-24/+24
2023-06-23resolved: if ipv6 is off patch hostname→address query with unspec family ↵Lennart Poettering1-0/+6
to ipv4 If the client never specified the address family, and IPv6 is off in the kernel, then look only for A, never for AAAA RRs. Fixes: #23951
2023-06-23test: test transactions with cyclesFrantisek Sumsal1-0/+17
Provides coverage for systemd/systemd#26872. With systemd/systemd#26875 reverted: [16444.287652] testsuite-03.sh[71]: + for i in {0..19} [16444.287652] testsuite-03.sh[71]: + systemctl start transaction-cycle0.service [16444.359503] systemd[1]: ================================================================= [16444.360321] systemd[1]: ==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6180002e578e at pc 0x7f73b25ec7a6 bp 0x7ffc5531c6f0 sp 0x7ffc5531be68 [16444.360798] systemd[1]: [16444.361044] systemd[1]: READ of size 783 at 0x6180002e578e thread T0 (systemd) [16444.391684] systemd[1]: #0 0x7f73b25ec7a5 (/lib64/libasan.so.5+0x557a5) [16444.392167] systemd[1]: #1 0x7f73b260a1d5 in __interceptor_vasprintf (/lib64/libasan.so.5+0x731d5) [16444.392442] systemd[1]: #2 0x7f73afa1d1e1 in log_format_iovec ../src/basic/log.c:996 [16444.392750] systemd[1]: #3 0x7f73afa1e7b6 in log_struct_internal ../src/basic/log.c:1058 [16444.393101] systemd[1]: #4 0x7f73b1979136 in transaction_verify_order_one ../src/core/transaction.c:392 [16444.393540] systemd[1]: #5 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.393946] systemd[1]: #6 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.394262] systemd[1]: #7 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.394532] systemd[1]: #8 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.394812] systemd[1]: #9 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 ...
2023-06-23test: make sure we get PID1's stack trace on ASan/UBSan errorsFrantisek Sumsal1-9/+18
As hitting an ASan/UBSan error in PID1 results in a crash (and a kernel panic when running under qemu), we usually lose the stack trace which makes debugging quite painful. Let's mitigate this by forwarding the stack trace to multiple places - namely to a file and the syslog.
2023-06-23elf-util: check for overflow when computing end of core's PT_LOAD segmentsRomain Geissler1-1/+8
2023-06-23basic: drop unused includeLennart Poettering1-1/+0
2023-06-23process-util: add simple wrapper around PR_SET_CHILD_SUBREAPERLennart Poettering6-9/+28
Let's a simple helper that knows how to deal with PID == 1.
2023-06-23docs: document threading situation in coding styleLennart Poettering1-0/+29
2023-06-23async: use FORK_DETACH for asynchronous syncsLennart Poettering1-1/+1
To get proper "fire-and-forget" feeling we really want to make sure noone has to reap the forked off process.
2023-06-23async: add explanatory commentLennart Poettering1-0/+13
2023-06-23async: drop the now unused asynchronous_job()Lennart Poettering3-61/+1
2023-06-23async: add generic implementation of asynchronous_rm_rf()Lennart Poettering4-23/+87
This one doesn't use threads anymore. This is the last use of threads in PID 1. Yay! Fixes: #27287
2023-06-23shared: move async.[ch] from src/basic/ → src/shared/Lennart Poettering4-1/+1
That way we can later add an async wrapper for rm_rf() which is in src/shared/, too.
2023-06-23process-util: add FORK_DETACH flag for forking of detached childLennart Poettering2-2/+35
A test for this is later added indirectly, via aynchronous_rm_rf() that uses this and comes with a suitable test.
2023-06-23automont: rework expiry to use subprocess rather than threadLennart Poettering1-44/+30
One more step towards a thread-free PID1: let's do automount expiry in a subprocess rather than a thread.
2023-06-23basic: add comments about raw_clone() calls not supporting threads/malloc in ↵Lennart Poettering2-2/+12
child
2023-06-23async: stop using threads for asynchronous_close()Lennart Poettering2-21/+99
Let's work towards PID1 being purely single threaded again. Let's rework asynchronous_close() on top of clone() with CLONE_FILES (so that we can manipulate PID1's fd table correctly). One less use of pthread_create() in PID 1.
2023-06-23process-util: add clone_with_nested_stack() helperLennart Poettering2-0/+37
This wraps glibc's clone() but deals with the 'stack' parameter in a sensible way. Only supports invocations without CLONE_VM, i.e. when child is a CoW copy of parent.
2023-06-23process-util: add helper that detects if we are a reaper processLennart Poettering3-0/+64
2023-06-23man: correct and extend JournalSizeMax=Lennart Poettering1-5/+8
The man page claimed the default was 10M, but that's not true, it's 767M. Also mention there's no point in increasing it further. See: #26748
2023-06-23coredump: clamp JournalSizeMax= to maximum journald would acceptLennart Poettering1-3/+21
See: #26748
2023-06-23coredump: use loop_read() for reading coredump into memoryLennart Poettering2-7/+7
Fixes: #26748
2023-06-23tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/Lennart Poettering1-2/+18
So far we relied on tmpfiles.d to copy tpm2-pcr-signature.json from /.extra/ into /run/systemd/. This is racy however if cryptsetup runs too early, and we cannot unconditionally run it after tmpfiles completed. hence, let's teach cryptsetup to directly look for the file in /.extra/, in order to simplify this, and remove the race. But do so only in the initrd (as only there /.extra/ is a concept). We generally prefer looking in /run/systemd/, since things are under user control then. In the regular system we exclusively want that userspace looks there. Fixes: #26490
2023-06-23tree-wide: getpid() → getpid_cached()Lennart Poettering6-7/+10
This doesn't really matter, but let's be systematic and prefer getpid_cached() in our codebase.
2023-06-22userdbd: when we hit a flood of requests to start more workers, don't exitLennart Poettering2-3/+39
Let's tweak what we do if we detect a flood of requests to start more workers: if none of the workers ever sticks (i.e. the worker count is zero) then let's just give up, as before. Otherwise, let's just not start more workers for a while, and do so again after a while. Thus spawning ofr workers will "cool off" for a while. Fixes: #27028
2023-06-22userdbd: prefix parameters with their names moreLennart Poettering1-2/+2
2023-06-22userdbd: drastically raise ratelimit we apply on requests for more worker ↵Lennart Poettering1-2/+2
processes These requests might come in during lookup floods very quickly, since multiple worker processes might detect that things should be scaled up at the same time. Hence, let's substantially raise the limit so that it doesn't get hit in real-life scenarios and acts more like a safety net.
2023-06-22meson: merge two similar loops for unit filesYu Watanabe1-306/+660
This also merges two arrays units and in_units, and uses dictionary for declaring units. This also fixes the condition handling, that previously only two conditions were handled and rests were ignored.
2023-06-22docs: describe $TESTFUNCS brieflyLennart Poettering1-0/+4
Follow-up for f1a83e41ae985bd17056b3a9fe285cc196358183
2023-06-22tests: teach tests boilerplate to run selected tests onlyLennart Poettering1-3/+21
sometimes its useful to only run a specific test (or multiple) instead of all implemented in a test. Allow the test name(s) to be specified on the in a $TESTFUNCS env var, separated by colons.
2023-06-22hwdb: Don't generate hwdb if no hwdb files are foundDaan De Meyer1-4/+16
2023-06-22core: restrict ImportCredential= globbingLennart Poettering6-4/+96
Let's restrict how we apply credential globbing in ImportCredential=, so that we have some flexibility in automatically extending the glob expression with per-instance data eventually without getting into conflict with the globbing parts. In our current uses we only allow globbing at the end of the expression, and this is a new, unreleased feature hence let's be restrictive on this initially. We can still relax this later if we feel the need to after all. Fixes: #28022
2023-06-22pid1: use FORK_DEATHSIG where appropriateLennart Poettering1-3/+1
2023-06-22man: correct reference to sd_id128_get_boot_app_specificJan Luebbe1-1/+1
The function sd_id128_get_boot_app_specific is the app specific variant of sd_id128_get_boot. Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
2023-06-22units: Use built-in halt and kexec features instead of systemctlDaan De Meyer2-8/+2
2023-06-22core: Add halt and kexec emergency actionsDaan De Meyer4-12/+69
Let's complete the picture by adding the missing halt and kexec emergency actions.