| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This makes sure unit_watch_pid() and unit_unwatch_pid() will track
processes by pidfd if supported. Also ports over some related code.
Should not really change behaviour.
Note that this does *not* add support waiting for POLLIN on the pidfds
as additional exit notification. This is left for a later commit (this
commit is already large enough), in particular as that would add new
logic and not just convert existing logic.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
performed
systemctl would issue daemon-reload after unit file operations
(enable/disable/preset/...) succeed. However, such operations
are not atomic, meaning that the unit file state could still change
even if the operation generally fails, and the unit_file_state
cached by manager becomes outdated.
Fixes #29341
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UnitDefaults
This adds a new structure UnitDefaults which embedds the various default
settings for units we maintain. We so far maintained two sets of
variables for this, one in main.c as static variables and one in the
Manager structure. This moves them into a common structure.
This is most just search/replace, i.e. very dumb refactoring.
The fact that we now use a common structure for this allows us further
refactorings later.
Inspired by the discussions on #27890
|
| | |
|
| |
|
|
| |
Fixes #28970
|
| |
|
|
| |
No functional change intended.
|
| | |
|
| |
|
|
|
|
|
|
| |
This property reports whether the system is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
| |
|
|
| |
fix: https://github.com/systemd/systemd/issues/28045
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new mechanism for rebooting, a form of "userspace reboot"
hereby dubbed "soft-reboot". It will stop all services as in a usual
shutdown, possibly transition into a new root fs and then issue a fresh
initial transaction. The kernel is not replaced.
File descriptors can be passed over, thus opening the door for leaving
certain resources around between such reboots.
Usecase: this is an extremely quick way to reset userspace fully when
updating image based systems, without going through a full
hardware/firmware/boot loader/kernel/initrd cycle. It minimizes "grayout time"
for OS updates. (In particular when combined with kernel live patching)
|
| |
|
|
| |
Instead of _cleanup_(set_freep) or so.
|
| |
|
|
|
|
|
|
|
|
|
| |
Dump*() methods can take quite some time due to the amount of data to
serialize, so they can potentially stall the manager. Make them
privileged, as they are debugging tools anyway. Use a new 'dump'
capability for polkit, and the 'reload' capability for SELinux, as
that's also non-destructive but slow.
If the caller is not privileged, allow it but rate limited to 10 calls
every 10 minutes.
|
| |
|
|
|
|
|
| |
When running in a VM, we now support propagating the exit status
via a vsock notify socket, so drop the restrictions on propagating
an exit status when not in a container to make sure this works
properly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reload/reexec currently used a separate implementation of the /run/ disk
space check, different from the one used for switch-root, even though
the code is mostly the same. The one difference is that the former
checks are authoritative, the latter are just informational (that's
because refusing a reload/reexec is relatively benign, but refusing a
switch-root quite troublesome, since this code is entered when it's
already "too late" to turn turn back, i.e. when the preparatory
transaction to initiate the switch root are already fully executed.
Let's share some code, and unify codepaths.
(This is preparation for later addition of a "userspace reboot" concept)
No change in behaviour, just refactoring.
|
| |
|
|
|
|
|
|
|
| |
We hardcode the path the initrd uses to prepare the final mount point at
so many places, let's also imply it in "systemctl switch-root" if not
specified.
This adds the fallback both to systemctl and to PID 1 (this is because
both to — different – checks on the path).
|
| |\
| |
| | |
Use _cleanup_ for UnitFileList hash
|
| | | |
|
| |\ \
| | |
| | | |
Use CLEANUP_ARRAY more
|
| | | | |
|
| | |/ |
|
| |/ |
|
| |
|
|
|
|
|
|
|
| |
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
|
| |\
| |
| | |
Allow creating files and directories with chase_symlinks_open() and further improvements
|
| | | |
|
| |/
|
|
|
| |
We want an empty string, not NULL. I made some brainfart here.
Fixup for 1980a25dc03aa500d4ee2725d696f68d265cd4ca.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In various tools and services we have a per-system and per-user concept.
So far we sometimes used a boolean indicating whether we are in system
mode, or a reversed boolean indicating whether we are in user mode, or
the LookupScope enum used by the lookup path logic.
Let's address that, in introduce a common enum for this, we can use all
across the board.
This is mostly just search/replace, no actual code changes.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
If the default target is masked, `systemctl get-default` prints
Failed to get default target: Operation not possible due to RF-kill
That's a bit too cryptic, so let's make it clear what's actually
happening.
Fixes #26589.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
processes
This augments the existing KillUnit() + Kill() methods with
QueueSignalUnit() + QueueSignal(), which are what sigqueue() is to
kill().
This is useful for sending our new SIGRTMIN+18 control signals to system
services.
|
| |
|
|
|
|
|
|
|
|
|
| |
If we fail to get the necessary information, let's just not print that
part of the message. 'n/a' looks pretty ugly.
I used a bunch of ternary operators instead of seperate log lines because
with two components that might or might not be there, we need four different
combinations.
Also, the unit name doesn't need to be quoted, it's always printable.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A pid can be recycled, but a pidfd is pinned. Add a new method that is safer
as it takes a pidfd as input.
Return not only the D-Bus object path, but also the unit id and the last
recorded invocation id, as they are both useful (especially the id, as
converting from a path object to a unit id from a script requires another
round-trip via D-Bus).
Note that the manager still tracks processes by pid, so theorethically this
is not fully error-proof, but on the other hand the method response is
synchronous and the manager is single-threaded, so once a call is being
processed the unit database will not change anyway. Once the manager
switches to use pidfds everywhere, this can be further hardened.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.
Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state
Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.
In some places, initialization is dropped if unnecessary.
|
| | |
|
| |
|
|
|
|
| |
Reloading is a heavy-weight operation, and currently it is not
possible to stop an orchestrator from spamming reload requests.
Add configuration options to allow rate-limiting.
|
| |
|
|
|
|
|
| |
Reloading is a heavy-weight operation, and currently it is not
possible to figure out who/what requested it, even at debug level
logging.
Check the sender of the D-Bus message and print it out at info level.
|
| |
|
|
|
|
| |
Fixes a bug introduced by 3b3557c410c7910fae0990599dcb82711cf5fbb7.
Fixes #25625.
|
| |\
| |
| |
| |
| | |
YHNdnzj/systemctl-disable-warn-statically-enabled-services
systemctl: warn if trying to disable a unit with no install info
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Trying to disable a unit with no install info is mostly useless, so
adding a warning like we do for enable (with the new dbus method
'DisableUnitFilesWithFlagsAndInstallInfo()'). Note that it would
still find and remove symlinks to the unit in /etc, regardless of
whether it has install info or not, just like before. And if there are
actually files to remove, we suppress the warning.
Fixes #17689
|
| |/
|
|
|
| |
Update to match the new coding style
See also: https://github.com/systemd/systemd/pull/25437#discussion_r1026934242
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We treat symlinks to unit files outside of the search path differently from
symlinks to unit files *in* the search path. The former are "linked" unit
files, while the latter are enablement symlinks and such and will be removed
when disabling the unit.
The history of the check for in_search_path() is interesting: this condition
was added already in the first version of the code in
830964834f330836b9d33752e83de09d4f38da87. Since the beginning, matching
arguments would simply be ignored. I think this is dubious. The man page says:
> Link a unit file that is *not* in the unit file search paths
> into the unit file search path
But for backwards-compat, let's continue to silently do nothing for files
*in* the search path.
The case of symlinks to unit files underneath the search path, but in some
subdirectory, is less clear. We didn't check for this case, so it was
implicitly allowed. But that's just an oversight, we don't want to allow people
to create additional subhierarchies under our hierarchy. Let's check for this
case and refuse.
Closes #24605.
|
| |
|
|
| |
https://github.com/systemd/systemd/pull/24728#issuecomment-1260966910
|
| |\
| |
| | |
Allow drop-ins for transient units
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In https://github.com/containers/podman/issues/16107, starting of a transient
slice unit fails because there's a "global" drop-in
/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by
systemd-oomd-defaults package to install some default oomd policy). This means
that the unit_is_pristine() check fails and starting of the unit is forbidden.
It seems pretty clear to me that dropins at any other level then the unit
should be ignored in this check: we now have multiple layers of drop-ins
(for each level of the cgroup path, and also "global" ones for a specific
unit type). If we install a "global" drop-in, we wouldn't be able to start
any transient units of that type, which seems undesired.
In principle we could reject dropins at the unit level, but I don't think that
is useful. The whole reason for drop-ins is that they are "add ons", and there
isn't any particular reason to disallow them for transient units. It would also
make things harder to implement and describe: one place for drop-ins is good,
but another is bad. (And as a corner case: for instanciated units, a drop-in
in the template would be acceptable, but a instance-specific drop-in bad?)
Thus, $subject.
While at it, adjust the message. All the conditions in unit_is_pristine()
essentially mean that it wasn't loaded (e.g. it might be in an error state),
and that it doesn't have a fragment path (now that drop-ins are acceptable).
If there's a job for it, it necessarilly must have been loaded. If it is
merged into another unit, it also was loaded and found to be an alias.
Based on the discussion in the bugs, it seems that the current message
is far from obvious ;)
Fixes https://github.com/containers/podman/issues/16107,
https://bugzilla.redhat.com/show_bug.cgi?id=2133792.
|
| |\ \
| | |
| | | |
manager: rename dbus method
|
