summaryrefslogtreecommitdiffstats
path: root/src/basic/ratelimit.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-04-24man: document service types that record ExecMainHandoverTimestampLuca Boccassi1-5/+6
Follow-up for 93cb78aee2cff8109a5a70128287732f03d7a062
2024-04-24core/manager: add unmerged-bin taintMike Yuan3-6/+20
2024-04-24core/manager: rearrange taint tagsMike Yuan3-22/+32
2024-04-24core/manager: drop obsolete cgroup taint stringMike Yuan3-16/+3
Wwe can't boot on systems without cgroup anyway (even cgroup v1 will be gone pretty soon).
2024-04-24mount-setup: use mount_verbose_full where appropriateMike Yuan1-4/+1
2024-04-23Add self-contained Python sd_notify example.Simon Fowler2-4/+118
This complements the existing C example.
2024-04-23sysext: do not return 0 if `unmerge()` fails in the `refresh()` function.Antonio Alvarez Feijoo1-1/+1
Actually, return the result of `unmerge()` if it is called in the `refresh()` function. Fixes 8662fcbcf1f31725998bd1ebe706ac813b053962
2024-04-23update NEWSLennart Poettering1-0/+7
2024-04-23cryptenroll: use [] in --help text to indicate block device argument is now ↵Lennart Poettering1-1/+1
optional
2024-04-23cryptenroll: default to block device backing /var/ rather than /Lennart Poettering2-17/+70
With 1df4b21abdb9e562805a7b006d179507182f845e we started to default to enrolling into the LUKS device backing the root fs if none was specified (and no wipe operation is used). This changes to look for /var/ instead. On most systems /var/ is going to be on the root fs, hence this change is with little effect. However, on systems where / and /var/ is separate it makes more sense to default to /var/ because that's where the persistent and variable data is placed (i.e. where LUKS should be used) while / doesn't really have to be variable, could as well be immutable, or ephemeral. Hence /var/ should be a safer default. Or to say this differently: I think it makes sense to support systems with /var/ being on / well. I also think it makes sense to support systems with them being separate, and /var/ being variable and persistent. But any other kind of system I find much less interesting to support, and in that case people should just specify the device name. Also, while we are at it, tighten the checks a bit, insist on a dm-crypt + LUKS superblock before continuing. And finally, let's print a short message indicating the device we operate on.
2024-04-23journal: do not rotate unrelated journal files when full or corruptedYu Watanabe1-18/+48
When we fail to add an entry to a journal file, typically when the file is full or corrupted, it is not necessary to rotate other journal files. Not only that's unnecessary, rotating all journal files allows unprivileged users to wipe system or other user's journals by writing many journal entries to their own user journal file. Let's rotate all journal files only when - it is really requested by a privileged user (e.g. by journalctl --rotate), or - the system time jumps backwards. And, otherwise rotate only the journal file we are currently writing.
2024-04-23core: Limit terminal reset using ANSI sequences to /dev/consoleDaan De Meyer3-23/+39
Doing this in reset_terminal_fd() is a bit too invasive, see https://github.com/systemd/systemd/pull/32406#issuecomment-2070923583. Let's only do this for /dev/console so that we work around weird firmwares disabling line-wrapping, but avoid messing too much with other things. While we're at it, let's handle more than just line wrapping, and do a more general reset of stuff to get the terminal into a sane state.
2024-04-23network: suggest using "networkctl edit" instead of copying manuallyMike Yuan15-90/+15
2024-04-23cryptenroll: sort includesMike Yuan1-1/+1
Follow-up for 1df4b21abdb9e562805a7b006d179507182f845e
2024-04-23core/service: also allow updating main pid when SERVICE_STOPMike Yuan1-1/+4
Follow-up for f5b72af50d2bb6879f0e6d8ea10f34e9c111dcd1 See also: https://github.com/systemd/systemd/pull/32120#discussion_r1575992623
2024-04-23cryptenroll: use root device by defaultLudwig Nussel2-9/+29
2024-04-23manager: Improve freeze/thaw for unrealized cgroupAdrian Vovk1-4/+10
This is a follow-up for e50bfc89cefd4aafedaf2a7eacbf8b5ed80b134e In that commit, we made Freeze/Thaw work with unrealized cgroups. However, the unit was left in a strange state: it would be frozen by the kernel but systemd would be unaware, and it remained possible to try and realize the cgroup while the unit is supposed to be frozen. This commit fixes the state tracking and prevents cgroups from being realized when the unit is frozen.
2024-04-23build(deps): bump pkg/debian from `30c77a7` to `733ac7c`dependabot[bot]1-0/+0
Bumps pkg/debian from `30c77a7` to `733ac7c`. --- updated-dependencies: - dependency-name: pkg/debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23mkosi: Configure lower retention limit for package artifactsDaan De Meyer1-0/+1
This is more than 0.5G per job, so let's drop the retention to 4 days to make sure we don't hit github's limits.
2024-04-23mkosi: Fix Arch Linux package globDaan De Meyer1-1/+1
2024-04-23service: allow MainPID= updates during stop of the serviceMichal Sekletar1-1/+1
Example use case is a migration of MainPID to an auxiliary scope.
2024-04-23update TODOLennart Poettering1-0/+3
2024-04-23systemctl: set reboot argument for most forms of shutdown, not just plain ↵Lennart Poettering1-7/+9
reboots This doesn't hurt anyway, and is useful now that we propagate the string via sd_notify() too.
2024-04-23shutdown: send an sd_notify() message on shutdown with the shutdown reason ↵Lennart Poettering2-0/+35
and boot param This is kinda nice in containers, to exfiltrate a string from the container on shutdown.
2024-04-23mkosi: Run integration tests in CIDaan De Meyer3-68/+90
We do the image build and run the tests in a btrfs loopback so we can make use of btrfs subvolumes and COW to keep the disk space requirements to a minimum and speed up the ephemeral copies we make of the image to run the tests. We also switch to building debug packages and publishing the built packages as artifacts.
2024-04-23test: Various mkosi integration test improvementsDaan De Meyer6-162/+184
- Stop using logging module since the default output formatting is pretty bad. Prefer print() for now. - Log less, logging the full mkosi command line is rather verbose, especially when it contains multi-line dropins. - Streamline the journalctl command we output for debugging failed tests. - Don't force usage of the disk image format. - Don't force running without unit tests. - Don't force disabling RuntimeBuildSources. - Update documentation to streamline the command for running a single test and remove sudo as it's not required anymore. - Improve the console output by having the test unit's output logged to both the journal and the console. - Disable journal console log forwarding as we have journal forwarding as a better alternative. - Delete existing journal file before running test. - Delete journal files of succeeded tests to reduce disk usage. - Rename system_mkosi target to just mkosi - Pass in mkosi source directory explicitly to accomodate arbitrary build directory locations. - Add test interactive debugging if stdout is connected to a tty - Stop explicitly using the 'system' image since it'll likely be dropped soon. - Only forward journal if we're not running in debugging mode. - Stop using testsuite.target and instead just add the necessary extras to the main testsuite unit via the credential dropin. - Override type to idle so test output is not interleaved with status output. - Don't build mkosi target by default - Always add the mkosi target if mkosi is found - Remove dependency of the integration tests on the mkosi target as otherwise the image is always built, even though we configure it to not be built by default. - Move mkosi output, cache and build directory into build/ so that invocations from meson and regular invocations share the same directories. - Various aesthetic cleanups.
2024-04-23mkosi: Deal with ubuntu's special debug packagesDaan De Meyer1-3/+6
Building debug packages on ubuntu requires the "debug" option to be specified explicitly. Debug packages on Ubuntu have the .ddeb extension, so let's make sure we handle that by copying the .ddeb packages in the build script as well.
2024-04-23mkosi: Use -fdebug-prefix-map= instead of -ffile-prefix-map=Daan De Meyer2-2/+2
-ffile-prefix-map= implies -fmacro-prefix-map= which is incompatible with our definition of PROJECT_FILE. See https://github.com/systemd/systemd/issues/32417. -fdebug-prefix-map= only affects debuginfo without affecting macros.
2024-04-23mkosi: Update to latestDaan De Meyer1-1/+1
2024-04-23systemctl: add forgotten --after/--before to --help textLennart Poettering1-0/+2
Follow-up for: afba41995de65d8f378b138ea6d9804be32625a3
2024-04-23systemctl: add forgotten --reboot-argument= to --help textLennart Poettering1-0/+2
Follow-up for: dae710bef121bfc379423d9d75e7d792074ab71c
2024-04-23systemctl: add forgotten --message= to --help textLennart Poettering1-0/+1
Follow-up for: 9ef15026c0e7e6600372056c43442c99ec53746e