summaryrefslogtreecommitdiffstats
path: root/src/core/mount.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* core: move check for combination of PAMName= + KillMode= to ↵Mike Yuan2024-08-261-3/+0
| | | | | | | | unit_verify_contexts() While at it, allow "mixed" for all unit types too, i.e. also apply ebc2259da1d1579347b86fc2ebca9f96334b6f22 to socket/mount/swap units.
* core/dbus-service: refuse bind mounting over /run/credentials/Mike Yuan2024-08-171-19/+6
| | | | | | The credential mounts should be managed singlehandedly by pid1. Preparation for the future introduction of RefreshOnReload=credential, where refreshing creds will be properly supported on reload.
* core/unit: unexport cg_kill log funcs, rather take in boolMike Yuan2024-08-021-2/+2
| | | | It seems unnecessary to duplicate the func ptrs everywhere.
* core: do not set up cgroup runtime on coldplugMike Yuan2024-06-281-3/+1
| | | | | | | | | | | | | | | | Currently, unit_setup_cgroup_runtime() is called in various _coldplug() functions if the unit is not inactive. That seems unnecessary though, and kinda defeats the purpose of CGroupRuntime. If we need to fork off a process for the unit or got something during deserialization, the CGroupRuntime would be automatically set up by unit_prepare_exec() / cgroup_runtime_deserialize_one(). Otherwise it would mean the cgroup doesn't exist and we don't need to allocate that in the first place. Plus, note that socket units might also carry a cgroup with ExecStartPre=/ExecStartPost=/... Hence the existing code is really inconsistent.
* core/mount: suffix function name with parenYu Watanabe2024-06-171-1/+1
| | | | Follow-up for 88188e1ff1ffa2a4a41c9b8ee127f75cc03bc18d.
* Revert "core/credential,mount: re-read /proc/self/mountinfo before invoking ↵Mike Yuan2024-06-121-32/+0
| | | | | | | | | | umount command" This reverts commit 1e1225614ca1106116dcad9fb37aaeb6106408ab. This was an incomplete workaround of the race. Now that we stop generating mount units for credential mounts, the logic could be dropped.
* core/mount: stop generating mount units for cred mountsMike Yuan2024-06-121-16/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While @poettering wants to keep mount units for credential mounts, this has brought nothing but pain in real life. By generating mount units for each cred mount, we had trouble with default dependencies on them, which causes their stop jobs to race with unmounting through exec_context_destroy_credentials(). There were several attempts to workaround the problem, but none seems very graceful: #26959, #28787, #28957, #31360, #32011. Also, we want to carry over credentials for services that survive soft-reboot to the new mount tree, and during the practice the stop of mount units are irritating. The mentioned problems are ultimately resolved by disabling default deps: #32799. But after doing that, maybe the next question should be "why do we generate these mount units at all?" Let's revisit the whole concept here. First of all, the credential dirs are supposed to be opaque to users, and hence nobody should really reference to these mounts directly. Secondly, the lifetime of credentials is strictly bound to the service units, but nothing else. Moreover, as more and more users of credentials pop up, we could end up with hundreds of such mount units, which is something we handle poorly. And we emit useless UnitRemoved signals, etc... As discussed, it seems that eliminating these mount units is the correct way to go. No real use cases are impacted, and the lifetime management becomes sane again. Replaces #32011
* core/mount: correctly set DefaultDependencies=no for mounts from mountinfoMike Yuan2024-05-151-3/+3
| | | | | | | | | | | | Follow-up for 3c0a1b1e70c1fe6e0b6707fab7dc86b1500d0f82 Before this commit, DefaultDependencies=no is set in mount_add_extras(). However, when generating mount units from /proc/self/mountinfo, we don't have a unit in memory yet, and mount_setup_new_unit() doesn't call into mount_add_extras(). Fixes #32838
* core: Imply DefaultDependencies=no for credential mountsDaan De Meyer2024-05-141-4/+4
| | | | | | | | Currently, on soft-reboot, /run/credentials/@system is unmounted because it has DefaultDependencies=yes and as such will have Conflicts=umount.target and Before=umount.target. Let's make sure credential mounts survive soft-reboot by implying DefaultDependencies=no for credential mounts.
* mount: hook up with handoff timestampsLennart Poettering2024-04-251-0/+18
|
* mount,swap: include ExecStatus output in dumpLennart Poettering2024-04-241-0/+14
| | | | | socket and service units output there ExecCommand/ExecStatus definitions already, but this was missing in mount/swap. Fix that.
* core: Serialize both pid and pidfd to keep downgrades workingDaan De Meyer2024-04-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, when downgrading from a version with pidfd support to a version without pidfd support, all information about running processes is lost as the newer systemd will serialized pidfds which are not recognized by the older systemd when deserializing. To improve the situation, let's serialize both the pid and the pidfd. This is safe because existing versions will either replace the first deserialized pidref with the second one or discard the second one in favor of the first one depending on the unit and field. Older versions that don't support pidfd's will silently discard any fields that contain a pidfd as those will try to parse the field as a pid and since a pidfd field will start with '@', those versions will debug error log and ignore the value. To make sure we reuse the existing pidfd as much as possible, the pidfd is serialized first. Both for scopes and service main pids, if the same pid is seen multiple times, the first pidref is kept. So by serializing the pidfd first we make sure the original pidfd is used instead of the new one which is opened when deserializing the first pid field. For other control units, older versions with pidfd support will discard the first pidfd and replace it with a new pidfd from the second pid field. This is a slight regression on downgrades, but we make sure it doesn't happen for future versions (and older versions when this commit is backported) by modifying the logic to only use the first successfully deserialized pidref so that the raw pid without pidfd is discarded instead of it replacing the existing pidfd.
* core/mount: if mount is gone eventually, consider it successMike Yuan2024-04-021-27/+38
| | | | | | | | | | Currently, if unmount initiated by us fails, we record that in result. Later, if we tried again and succeeded, or someone else successfully unmounted it, the unit state is still considered failed. Let's be more tolerant instead, and forget about previous failure. Alternative to #32002
* core/mount: if unmount retries exceeded max, record as failureMike Yuan2024-04-021-1/+1
|
* core: align tableYu Watanabe2024-03-291-8/+8
|
* core: introduce UNIT_IS_LOAD_ERROR helperMike Yuan2024-03-231-1/+1
|
* core/mount: use ASSERT_PTR in mount_setup_new_unitMike Yuan2024-03-221-4/+8
|
* core: use RET_GATHER moreMike Yuan2024-03-211-6/+6
|
* core: use ASSERT_PTR(CAST(u)) everywhereMike Yuan2024-03-211-71/+41
|
* units: make templates for quotaon and systemd-quotacheck serviceThomas Blume2024-03-091-46/+0
|
* core/mount: if umount(8) fails but mount disappeared, assume successMike Yuan2024-02-201-8/+12
| | | | Fixes #31337
* core: split out cgroup specific state fields from Unit → CGroupRuntimeLennart Poettering2024-02-161-2/+8
| | | | | | | | | | | | | | | | | | | | | This refactors the Unit structure a bit: all cgroup-related state fields are moved to a new structure CGroupRuntime, which is only allocated as we realize a cgroup. This is both a nice cleanup and should make unit structures considerably smaller that have no cgroup associated, because never realized or because they belong to a unit type that doesn#t have cgroups anyway. This makes things nicely symmetric: ExecContext → static user configuration about execution ExecRuntime → dynamic user state of execution CGroupContext → static user configuration about cgroups CGroupRuntime → dynamic user state of cgroups And each time the XyzContext is part of the unit type structures such as Service or Slice that need it, but the runtime object is only allocated when a unit is started.
* core: use PidRef in exec_spawnLuca Boccassi2024-02-011-6/+1
|
* core: introduce unit_unwatch_pidref_done() helper functionYu Watanabe2024-01-251-6/+1
| | | | No functional change, just refactoring.
* core: use helper functions like unit_main_pid() in unit_kill_context()Yu Watanabe2024-01-241-7/+1
| | | | No functional changes. Just refactoring.
* core: maintain a single table with event source prioritiesLennart Poettering2024-01-191-1/+1
| | | | | | | | | | | | It's hard to oversee the assigned processing priorities of the various event sources we have. Let's unify them in a table (an enum), where we can have a single consisten look at them, and then reference the table entries by expressive symbols. This doesn#t change behaviour in any way, it just gives each priority a nice label, but doesn't change any of the priorities. Prompted by: #30799
* mount: check that MountParameters is valid before useLuca Boccassi2023-12-091-1/+1
| | | | | | Follow-up for 6c75eff6afd90 CID#1530430
* core: create workdir/upperdir when mounting a Type=overlay mount unitLuca Boccassi2023-12-081-0/+28
| | | | | | | | So far we created the target directory, and the source for bind mounts, but not workdir/upperdir for overlays, so it has to be done separately and strictly before the unit is started, which is annoying. Check the options when creating directories, and if upper/work directories are specified, create them.
* core: add WantsMountsFor=Luca Boccassi2023-11-291-20/+31
| | | | | | | | This is the equivalent of RequiresMountsFor=, but adds Wants= instead of Requires=. It will be useful for example for the autogenerated systemd-cryptsetup units. Fixes https://github.com/systemd/systemd/issues/11646
* core: rename and add comment to ExecParameters cleanup functionsLuca Boccassi2023-11-011-1/+1
|
* mount: Add more helpersDaan De Meyer2023-10-201-0/+53
|
* process-util: add pidref_is_unwaited() and make pid_is_unwaited() return errorsLennart Poettering2023-10-181-1/+1
|
* core/mount: allow disabling stop propagation from backing deviceMike Yuan2023-10-171-5/+23
| | | | | | | | | | | With file systems that have volume management functionalities or volume managers like LVM, it's fine for the backing device of a mount to disappear after mounted. Currently, we enforce BindsTo= or StopPropagatedFrom= on the backing device, thus prohibiting such cases. Instead, let's make this configurable through x-systemd.device-bound. Closes #16801 Closes #29543
* core: ensure execute/spawn functions can work without Unit objectLuca Boccassi2023-10-121-9/+2
| | | | | When switching to serialization later, the Unit object will not be serialized, move parameters around instead
* core: ensure execute/spawn functions can work without manager objectLuca Boccassi2023-10-121-5/+7
| | | | | When switching to serialization later, the Manager object will not be serialized, move parameters around instead
* pid1: serialize pidrefs as pidfds if possibleLennart Poettering2023-10-051-6/+2
| | | | One major step towards total pidfdification of systemd.
* mount: Log when we can't create the mount pointDaan De Meyer2023-10-021-2/+4
| | | | | | Debugging mount unit failures caused by systemd not being able to create the mount point is currently rather hard. Let's log about failures to create mount points to simplify debugging.
* core: move pid watch/unwatch logic of the service manager to pidfdLennart Poettering2023-09-281-3/+3
| | | | | | | | | | | This makes sure unit_watch_pid() and unit_unwatch_pid() will track processes by pidfd if supported. Also ports over some related code. Should not really change behaviour. Note that this does *not* add support waiting for POLLIN on the pidfds as additional exit notification. This is left for a later commit (this commit is already large enough), in particular as that would add new logic and not just convert existing logic.
* core: generalize service_arm_timer() for all unit typesLennart Poettering2023-09-271-30/+6
|
* mount: also rework log message generationLennart Poettering2023-09-271-40/+108
|
* core: port unit_fork_helper_process() and unit_fork_and_watch_rm_rf() to PidRefLennart Poettering2023-09-181-6/+1
|
* core: port unit_main_pid() + unit_control_pid() to PidRef and drop ↵Lennart Poettering2023-09-181-15/+2
| | | | | | | | | | | | unit_kill_common() This ports over unit_main_pid() + unit_control_pid() to return PidRef* pointers (which also means the underlying UnitVTable function pointers are changed accordingly). This then uses te functions to simplify the unit_kill() call, by avoiding the kill() vtable indirection and instead just suing unit_main_pid() and unit_control_pid() directly.
* core: port over unit_kill_context() to PidRefLennart Poettering2023-09-181-3/+3
|
* Merge pull request #29130 from poettering/unit-defaultsLuca Boccassi2023-09-091-3/+3
|\ | | | | core: introduce UnitDefaults structure for unit defaults
| * manager: move various fields that declare unit defaults into a new structure ↵Lennart Poettering2023-09-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UnitDefaults This adds a new structure UnitDefaults which embedds the various default settings for units we maintain. We so far maintained two sets of variables for this, one in main.c as static variables and one in the Manager structure. This moves them into a common structure. This is most just search/replace, i.e. very dumb refactoring. The fact that we now use a common structure for this allows us further refactorings later. Inspired by the discussions on #27890
* | core: also port mount units to PidRefLennart Poettering2023-09-091-25/+37
|/
* core/credential,mount: re-read /proc/self/mountinfo before invoking umount ↵Yu Watanabe2023-09-061-0/+32
| | | | | | | | | | | | | | | | command When a unit has credentials, stopping the service unmounts the credentials directory. On shutdown, stopping the service and the corresponding mount unit may be done mostly simultaneously, and if we invoke umount command soon after umount() being called on stopping the service, the mount unit will fail. This makes Mount.invalidated_state flag set when umount() is called for a path, and re-read /proc/self/mouninfo before invoking umount command if the flag is set. Fixes #25527. Replaces #26959.
* core/mount: disable timer event source when USEC_INFINITYYu Watanabe2023-08-171-3/+3
| | | | | | | Setting USEC_INFINITY to timer event source should not cause any problem. But, disabling timer event source should be preferable. [zjs: simplify the call to sd_event_source_set_enabled()]
* Revert "mount: check right before invoking /bin/umount if it makes sense"Yu Watanabe2023-08-141-40/+2
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1483892a421ca34bc841a8e8b1f385744c0407ed. As the commit says, it does not solve the race. Moreover, it introduces an regression #28410. Also, checking by `path_is_mount_point()` may trigger automount. From statx(2), > AT_NO_AUTOMOUNT > Don't automount the terminal ("basename") component of pathname > if it is a directory that is an automount point. Similar statements can be found in fstatat(2), which is used in the fallback call for statx() in glibc, and name_to_handle_at(2), which is used as the fallback when statx() failed. So, `path_is_mount_point()` may _do_ trigger automount for parent paths. That should be avoided especially on shutdown. The original issue #25527 that is 'fixed' by the commit is not serious, and should be fixed by making umount command handle path gracefully: https://github.com/util-linux/util-linux/issues/2132 Fixes #28410.
* tree-wide: drop _pure_ + _const_ from local, static functionsLennart Poettering2023-08-091-3/+3
| | | | | | | | | | | This is supposed to be a help for compilers to apply optimizations on functions where they can't determine whether they are const/pure on their own. For static, local functions the compiler can do this on its own easily however, hence the decoration with pure/const is just noise. Let's drop it, and let the compiler to its thing better. (Use it for exported functions, since compilers can't 'reach-over' into other modules to determine if they are pure, except if LTO is used)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 14:00:12 +0100