summaryrefslogtreecommitdiffstats
path: root/mkosi.images/build/mkosi.conf.d (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-11-06pid1: stop refusing to boot with cgroup v1Zbigniew Jędrzejewski-Szmek5-39/+58
Since v256 we completely fail to boot if v1 is configured. Fedora 41 was just released with v256.7 and this is probably the first major exposure of users to this code. It turns out not work very well. Fedora switched to v2 as default in F31 (2019) and at that time some people added configuration to use v1 either because of Docker or for other reasons. But it's been long enough ago that people don't remember this and are now very unhappy when the system refuses to boot after an upgrade. Refusing to boot is also unnecessarilly punishing to users. For machines that are used remotely, this could mean somebody needs to physically access the machine. For other users, the machine might be the only way to access the net and help, and people might not know how to set kernel parameters without some docs. And because this is in systemd, after an upgrade all boot choices are affected, and it's not possible to e.g. select an older kernel for boot. And crashing the machine doesn't really serve our goal either: we were giving a hint how to continue using v1 and nothing else. If the new override is configured, warn and immediately boot to v1. If v1 is configured w/o the override, warn and wait 30 s and boot to v2. Also give a hint how to switch to v2. https://bugzilla.redhat.com/show_bug.cgi?id=2323323 https://bugzilla.redhat.com/show_bug.cgi?id=2323345 https://bugzilla.redhat.com/show_bug.cgi?id=2322467 https://www.reddit.com/r/Fedora/comments/1gfcyw9/refusing_to_run_under_cgroup_01_sy_specified_on/ The advice is to set systemd.unified_cgroup_hierarchy=1 (instead of removing systemd.unified_cgroup_hierarchy=0). I think this is easier to convey. Users who are understand what is going on can just remove the option instead. The caching is dropped in cg_is_legacy_wanted(). It turns out that the order in which those functions are called during early setup is very fragile. If cg_is_legacy_wanted() is called before we have set up the v2 hierarchy, we incorrectly cache a true answer. The function is called just a handful of times at most, so we don't really need to cache the response.
2024-11-06machine: tests for io.systemd.Machine.OpenIvan Kruglov1-0/+19
2024-11-06machine: introduce io.systemd.Machine.Open methodIvan Kruglov4-1/+235
2024-11-06json: introduce json_dispatch_strv_environment()Ivan Kruglov3-36/+38
I just moved json_dispatch_environment() from src/shared/user-record.c under name 'json_dispatch_strv_environment()' to shared json code.
2024-11-06machine: machine_default_shell_path() & machine_default_shell_args() helper ↵Ivan Kruglov3-17/+34
functions
2024-11-06machine: introduce machine_start_getty() and machine_start_shell() helpersIvan Kruglov3-209/+248
2024-11-06use report_errno_and_exit() in src/core/exec-invoke.cIvan Kruglov1-14/+11
2024-11-06use report_errno_and_exit() in src/shared/elf-util.cIvan Kruglov1-11/+5
2024-11-06use report_errno_and_exit() in src/shared/dissect-image.cIvan Kruglov1-9/+4
2024-11-06use report_errno_and_exit() in src/shared/mount-util.cIvan Kruglov1-19/+5
2024-11-06use report_errno_and_exit() in src/shutdown/umount.cIvan Kruglov1-4/+2
2024-11-06process-util: introduce report_errno_and_exit() as part of ↵Ivan Kruglov4-17/+18
src/basic/process-util.{h,c}
2024-11-06man/varlink: fix typoYu Watanabe1-1/+1
Follow-up for 4f5fabe7a39f046e0456eba07472df061e85c94e.
2024-11-06man/udev: fix typoYu Watanabe1-1/+1
Follow-up for df8f9b88bd41320653fe1c51ea515a2d03a349df.
2024-11-06man/systemd-measure: add forgotten "="Zbigniew Jędrzejewski-Szmek1-1/+1
Both syntaxes work, but let's use one syntax for consistency. Fixup for 0641ce809a27cc1bc358924c26770f19d1213ec1.
2024-11-06man/systemd-measure: update to new ukify syntax, non-root operationZbigniew Jędrzejewski-Szmek1-8/+14
It's been a while, but systemd-measure doesn't need root, and ukify has a more modern syntax.
2024-11-06namespace-util: make idmapping not supported if syscalls return EPERMAndres Beltran1-4/+4
2024-11-05man: convert multiple left-over "See Also" sections to <simplelist>Lennart Poettering19-75/+79
These were forgotten during the initial conversion, probably because most of them consisted only of a single entry. Fix that.
2024-11-05man: link up D-Bus API docs from daemon man pagesLennart Poettering25-15/+153
Let's systematically make sure that we link up the D-Bus interfaces from the daemon man pages once in prose and once in short form at the bottom ("See Also"), for all daemons. Also, add reverse links at the bottom of the D-Bus API docs. Fixes: #34996
2024-11-05man: point people from sd-bus man page to busctlLennart Poettering1-1/+4
2024-11-05man: add brief entrypoint man page for sd-varlinkLennart Poettering5-2/+71
We have this in a similar fashion for the other APIs libsystemd provides. Add the same for sd-varlink. There isn't too much on it for now, but at least it's a start. Also link it up everywhere.
2024-11-05man: tone down claims on processes having exited already in ExecStop=Lennart Poettering1-5/+5
Processes can easily survive the first kill operation we execute, hence we shouldn't make strong claims about them having exited already. Let's just say "likely" hence. Fixes: #15032
2024-11-05man: document that .path units don't care for hidden filesLennart Poettering1-4/+7
Fixes: #32751
2024-11-05man: document that PrivateTmp= is unaffected by ProtectSystem=strictLennart Poettering1-0/+4
Fixes: #33130
2024-11-05man: highlight the privilege issues around the LogControl1 moreLennart Poettering1-1/+8
Let's emphasize the privilege thing with a <caution> section. Let's also point out that other D-Bus libraries are less restrictive than sd-bus by default regarding permission access. Fixes: #34735
2024-11-05man: Document stub behaviour for .hwids and .dtbauto sectionsanonymix0071-0/+14
2024-11-05stub: Handle .dtbauto sectionsanonymix0071-5/+27
2024-11-05measure: Introduce .dtbauto supportanonymix0072-4/+7
2024-11-05uki: add new .dtbauto PE section typeanonymix0073-1/+3
.dtbauto section contains DT blobs, just like .dtb, the difference is that multiple .dtbauto sections are allowed to be in a UKI and only one is selected automatically Temporarily drop an assert_cc() check in systemd-measure to make it compilable before the next commit
2024-11-05measure: introduce support for a .hwids sectionanonymix0074-3/+9
2024-11-05boot: Add .dtbauto section matching in PE section discovery against HWIDs ↵anonymix0071-1/+119
and FW-provided DT
2024-11-05man: don't claim SELinuxContext= only worked in the system service managerLennart Poettering1-2/+4
Fixes: #34840
2024-11-05man: document the timeout applied to /usr/lib/systemd/system-shutdown/ ↵Lennart Poettering1-7/+7
drop-in binaries Fixes: #34949
2024-11-05test: delete /swapfile after swapoffLuca Boccassi1-0/+1
[ 23.608342] TEST-55-OOMD.sh[689]: + btrfs filesystem mkswapfile -s 64M /swapfile [ 23.651930] TEST-55-OOMD.sh[704]: ERROR: cannot create new swapfile: File exists
2024-11-05network: handle ENODATA better with DNRRonan Pigott2-38/+38
It is normal for DHCP leases not to have DNR options. We need to be less verbose and more forgiving in these cases. Also, if either DHCP does not have DNR options, make sure to still consider any DHCPv6/RA options. Fixes: c7c9e3c7c016 (network: adjust log message about DNR)
2024-11-05network: use path_is_network_fs_harder()Yu Watanabe1-4/+6
Closes #32426.
2024-11-05mount-util: introduce path_is_network_fs_harder()Yu Watanabe3-0/+77
It also detects e.g. glusterfs or mounts with "_netdev" option.
2024-11-05tree-wide: time-out → timeoutZbigniew Jędrzejewski-Szmek14-25/+25
For justification, see 3f9a0a522f2029e9295ea5e9984259022be88413.
2024-11-05boot: Add HWID calculation from SMBIOS strings and matching against a ↵anonymix0074-0/+156
built-in list
2024-11-05boot: Add firmware_devicetree_exists()anonymix0072-0/+5
2024-11-05boot: add matching against FW-provided Devicetree blobDiogo Ivo2-0/+142
Add support for matching the DT contained in a .dtb section of the UKI image against the FW provided FDT or arbitrary compatible.
2024-11-05network: introduce LINK_RECONFIGURE_CLEANLY flagYu Watanabe3-3/+4
And use it when explicit reconfiguration is requested by Reconfigure() DBus method or networkd certainly detects that connected network is changed. Otherwise do not use the flag especially when we come back from sleep mode.
2024-11-05network: keep dynamic configurations as possible as we can on reconfigureYu Watanabe14-42/+276
E.g. when a .network file is updated, but DHCP setting is unchanged, it is not necessary to drop acquired DHCP lease. So, let's not stop DHCP client and friends in link_reconfigure_impl(), but stop them later when we know they are not necessary anymore. Still DHCP clients and friends are stopped and leases are dropped when the explicit reconfiguration is requested
2024-11-05network: merge link_foreignize_config() and link_drop_foreign_config()Yu Watanabe11-221/+115
When a reconfiguration of an interface is triggered, previously we call link_foreignize_config(), which sets all static configurations as foreign, then later call link_drop_foreign_config(), which drops unnecessary foreign configurations. This commit merges these two steps into one, link_drop_unmanaged_config(), which drops unnecessary static and foreign configurations. Also, this renames link_drop_managed_configs() to link_drop_static_config(), as it only drops static configurations. Note that dynamically aquired configurations are dropped by link_stop_engines().
2024-11-05network: several cleanups for link_reconfigure()Yu Watanabe5-111/+81
Effectively no functional changes, just refactoring and preparation for later changes. - convert boolean flag 'force' to LinkReconfigurationFlag enum, - merge link_reconfigure() and reconfigure_handler_on_bus_method_reload() as link_reconfigure_full(), - Rename ReconfigureData -> LinkReconfigurationData, - make Reconfigure() DBus message wait for reconfiguration being started before sending reply.
2024-11-05network: split out link_enter_unmanaged() from link_reconfigure_impl()Yu Watanabe1-29/+43
No functional change, just refactoring.
2024-11-05po: Translated using Weblate (German)Weblate Translation Memory1-2/+3
Currently translated at 90.9% (230 of 253 strings) po: Translated using Weblate (German) Currently translated at 89.3% (226 of 253 strings) po: Translated using Weblate (German) Currently translated at 88.9% (225 of 253 strings) po: Translated using Weblate (German) Currently translated at 88.1% (223 of 253 strings) Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/ Translation: systemd/main
2024-11-05po: Translated using Weblate (German)Ettore Atalan1-24/+17
Currently translated at 90.9% (230 of 253 strings) po: Translated using Weblate (German) Currently translated at 89.3% (226 of 253 strings) po: Translated using Weblate (German) Currently translated at 88.9% (225 of 253 strings) po: Translated using Weblate (German) Currently translated at 88.1% (223 of 253 strings) Co-authored-by: Ettore Atalan <atalanttore@googlemail.com> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/ Translation: systemd/main
2024-11-05run: handle gracefully if we can't find binary client-side due to permsLennart Poettering1-3/+5
Fixes: #35022
2024-11-05core: Introduce PrivatePIDs=Daan De Meyer23-33/+741
This new setting allows unsharing the pid namespace in a unit. Because you have to fork to get a process into a pid namespace, we fork in systemd-executor to get into the new pid namespace. The parent then sends the pid of the child process back to the manager and exits while the child process continues on with the rest of exec_invoke() and then executes the actual payload. Communicating the child pid is done via a new pidref socket pair that is set up on manager startup. We unshare the PID namespace right before the mount namespace so we mount procfs correctly. Note PrivatePIDs=yes always implies MountAPIVFS=yes to mount procfs. When running unprivileged in a user session, user namespace is set up first to allow for PID namespace to be unshared. However, when running in privileged mode, we unshare the user namespace last to ensure the user namespace does not own the PID namespace and cannot break out of the sandbox. Note we disallow Type=forking services from using PrivatePIDs=yes since the init proess inside the PID namespace must not exit for other processes in the namespace to exist. Note Daan De Meyer did the original work for this commit with Ryan Wilson addressing follow-ups. Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>