summaryrefslogtreecommitdiffstats
path: root/src/core (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #34799 from YHNdnzj/service-followupsMike Yuan2024-10-244-87/+82
|\ | | | | core: follow-ups for live mount
| * core: clean up errors for live mountingMike Yuan2024-10-223-55/+38
| | | | | | | | | | | | * Use SD_BUS_ERROR_NOT_SUPPORTED where appropriate * Use Service object in service_can_live_mount() * Include errno in bus error message
| * core/service: fix one wordingMike Yuan2024-10-221-1/+1
| |
| * core/service: add missing serialization for Service.live_mount_resultMike Yuan2024-10-221-3/+13
| |
| * core/service: call service_enter_running() if live mount failsMike Yuan2024-10-221-1/+1
| | | | | | | | | | | | | | service_enter_running() would re-arm timer for RuntimeMaxSec=, hence it should be called instead of disabling timer completely when live mount operation fails, in a similar fashion as service_enter_reload_by_notify().
| * core/service: introduce service_live_mount_finish()Mike Yuan2024-10-221-8/+7
| | | | | | | | | | that combines updating Service.live_mount_result and service_mount_request_reply()
| * core/service: place occurrences of SERVICE_MOUNTING closer to reload statesMike Yuan2024-10-222-21/+20
| |
| * core/unit: put the reload job back to queue if unit is refreshingMike Yuan2024-10-221-1/+5
| |
* | Merge pull request #34834 from yuwata/protect-home-tmpfs-read-onlyYu Watanabe2024-10-231-21/+21
|\ \ | | | | | | core/namespace: make ProtectHome=tmpfs makes /home and friends read-only as documented
| * | core/namespace: replace MOUNT_PRIVATE_TMP_READ_ONLY with MOUNT_PRIVATE_TMP ↵Yu Watanabe2024-10-231-10/+5
| | | | | | | | | | | | with .read_only = true
| * | core/namespace: coding style cleanupsYu Watanabe2024-10-231-6/+6
| | |
| * | core/namespace: honor MountEntry.read_only, .options, and so on in static ↵Yu Watanabe2024-10-231-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | entries Otherwise, ProtectHome=tmpfs makes /home/ and friends not read-only. Also, mount options for /run/ specified in MountAPIVFS=yes are not applied. The function append_static_mounts() was introduced in 5327c910d2fc1ae91bd0b891be92b30379c7467b, but at that time, there were neither .read_only nor .options in the struct. But, when later the struct is extended, the function was not updated and they were not copied from the static table. The fields has been used in static tables since e4da7d8c796a1fd11ecfa80fb8a48eac9e823f06, and also in 94293d65cd4125347e21b3e423d0e245226b1be2. Fixes #34825.
* | | core: don't forget about fallback_smack_process_labelŁukasz Stelmach2024-10-231-1/+1
|/ / | | | | | | | | | | Call setup_smack() also when only fallback_smack_process_label is set. Fixes: 75689fb2d41f
* / fileio: port write_string_file() to LabelOps, and thus add ↵Lennart Poettering2024-10-222-3/+1
|/ | | | | | | | | | | | | WRITE_STRING_FILE_LABEL flag Given that we have the LabelOps abstraction these days, we can teach write_string_file() to use it, which means we can get rid of fileio-label.[ch] as a separate concept. (The only reason that fileio-label.[ch] exists independently of fileio.[ch] was that the former linekd to libselinux potentially, and thus had to be in src/shared/ while the other always was in src/basic/. But the LabelOps vtable provides us with a nice work-around)
* Merge pull request #34403 from poettering/askpw-per-userLennart Poettering2024-10-212-31/+38
|\ | | | | modernize the ask-password logic, and add unpriv askpw agents to the concept
| * core: modernize askpw handling a bitLennart Poettering2024-10-212-31/+38
| |
* | Merge pull request #34787 from yuwata/core-ip-address-allow-denyLennart Poettering2024-10-211-3/+4
|\ \ | |/ |/| core/cgroup: fix IPAddressAllow=/IPAddressDeny= set through DBus
| * core/cgroup: fix IPAddressAllow=/IPAddressDeny= set through DBusYu Watanabe2024-10-161-3/+4
| | | | | | | | | | Fixes a regression caused by 84ebe6f01381c21b88e37e856956c9c9ee6781d6 (v250). Fixes #34773.
* | pid1: close fds we receive via sd_notify() and cannot make use of asynchronouslyLennart Poettering2024-10-171-1/+1
| | | | | | | | | | | | | | | | | | This addresses #11112 fully. It mostly was addressed by 99620f457ed0886852ba18c9093b59767299121c already, but for fds not even passed to the fdstore, this adds the missing asynchronous close codepath. Fixes: #11112
* | fdset: optionally, close remaining fds asynchronouslyLennart Poettering2024-10-172-2/+2
| |
* | Reformat load-fragment-gperf.gperf.inRyan Wilson2024-10-171-527/+527
| | | | | | | | | | This commit reformats load-fragment-gperf.gperf.in after changes made for adding the ManagedOOMMemoryPressureDurationSec= property.
* | cgroup: Add ManagedOOMMemoryPressureDurationSec= override setting for unitsRyan Wilson2024-10-178-3/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow units (scopes/slices/services) to override the default systemd-oomd setting DefaultMemoryPressureDurationSec=. The semantics of ManagedOOMMemoryPressureDurationSec= are: - If >= 1 second, overrides DefaultMemoryPressureDurationSec= from oomd.conf - If is empty, uses DefaultMemoryPressureDurationSec= from oomd.conf - Ignored if ManagedOOMMemoryPressure= is not "kill" - Disallowed if < 1 second Note the corresponding dbus property is DefaultMemoryPressureDurationUSec which is in microseconds. This is consistent with other time-based dbus properties.
* | pid1: add env var to override default mount rate limit intervalxujing2024-10-161-3/+11
| | | | | | | | | | | | | | | | Similar to 24a4542c. 24a4542c can only be set 1 in 1s at most, sometimes we may need to set to something else(such as 1 in 2s). So it's best to let the user decide. This also allows users to solve #34690.
* | core: move debug logging from _can_live_mount() functions to callerLennart Poettering2024-10-163-19/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Let's debug log the returned dbus error where we want the logging, but don't log it, where we don't. This removes the noisy logging from the property handler for the CanLiveMount property, but keeps it in place for the MountImage() method call where we want it. Alternative to #34175 Follow-up for 5162829ec87df20c7af763bdf274735bf9e53552 and 1cafbecabecc619b4e147abd9925282d0ff323bd
* | core: one more Mount -> LiveMount renameLuca Boccassi2024-10-161-1/+1
|/ | | | | | Missed by earlier search-and-replace Follow-up for 5162829ec87df20c7af763bdf274735bf9e53552
* core: do not fail if ignorable img.v/ vpick dir is missingLuca Boccassi2024-10-151-0/+4
| | | | | | | | Do not fail if the directory is missing entirely, other than just empty Follow-up for 00f546e25e8 Follow-up for 5e79dd96a88 Follow-up for 622efc544dc
* core/manager: pass soft-reboot count to generatorsMike Yuan2024-10-151-0/+6
| | | | | | soft-reboot allows switching into a different root/installation, i.e. potentially invalidate settings from kernel cmdline and such. Let's hence inform generators about soft-reboots.
* core/manager: minor cleanup for generator_path_any() and friendsMike Yuan2024-10-151-26/+32
|
* timer: introduce DeferReactivation settingArthur Shau2024-10-114-7/+22
| | | | | | | | | | | | | | | | | | | | | | | By default, in instances where timers are running on a realtime schedule, if a service takes longer to run than the interval of a timer, the service will immediately start again when the previous invocation finishes. This is caused by the fact that the next elapse is calculated based on the last trigger time, which, combined with the fact that the interval is shorter than the runtime of the service, causes that elapse to be in the past, which in turn means the timer will trigger as soon as the service finishes running. This behavior can be changed by enabling the new DeferReactivation setting, which will cause the next calendar elapse to be calculated based on when the trigger unit enters inactivity, rather than the last trigger time. Thus, if a timer is on an realtime interval, the trigger will always adhere to that specified interval. E.g. if you have a timer that runs on a minutely interval, the setting guarantees that triggers will happen at *:*:00 times, whereas by default this may skew depending on how long the service runs. Co-authored-by: Matteo Croce <teknoraver@meta.com>
* core/service: add missing serialization for extra fdsMike Yuan2024-10-111-0/+38
|
* core/service: use array rather than list for extra fds, limit max numberMike Yuan2024-10-113-118/+76
| | | | | | | | Follow-up for 3543456f84ec2e83e07b6c9bf2b3a1c5d30241d8 I don't think list is particularly useful here. The passed fds are constant for the lifetime of service, and with this commit we track the number of extra fds in a dedicated var anyway.
* core/service: use LIST_HEAD where appropriateMike Yuan2024-10-111-1/+1
|
* core/manager-serialize: drop serialization for Manager.ready_sentMike Yuan2024-10-111-11/+1
| | | | | | | | This field indicates whether READY=1 has been sent to the service manager/supervisor. Whenever we reload/reexec/soft-reboot, manager_send_reloading() always resets it to false first, so that READY=1 is sent after reloading finishes. Hence we utterly get "false" at all times. Kill it.
* core/manager: still send out STATUS=Ready for user managerMike Yuan2024-10-111-7/+7
| | | | | | | | This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. The offending commit wrongly assumed that the second READY=1 notification is for system scope only, but it also serves the purpose of flushing out previous STATUS= containing user unit job status.
* core/mount: fix typoYu Watanabe2024-10-091-1/+1
| | | | Follow-up for 00ad3f02275b507a753495ace5e5f84cb38b604d.
* namespace: rename drop_unused_mounts() → sort_and_drop_unused_mounts()Lennart Poettering2024-10-091-3/+3
| | | | | The function sorts the listed mounts, and that's kinda key, hence reflect that in the name.
* Merge pull request #34679 from DaanDeMeyer/bus-logDaan De Meyer2024-10-091-4/+16
|\ | | | | Various logging improvements
| * core: Log in more scenarios about which process initiated an operationDaan De Meyer2024-10-091-0/+12
| | | | | | | | | | Exit/Reboot/Poweroff and similar operations are invasive enough that logging about who initiated them is very useful to debug issues.
| * core: Bump log level of reexecute request to noticeDaan De Meyer2024-10-091-4/+4
| | | | | | | | | | A daemon-reload is important enough to deserve logging at notice level.
* | Merge pull request #34656 from yuwata/private-usersLennart Poettering2024-10-095-14/+14
|\ \ | | | | | | core: drop implicit support of PrivateUsers=off
| * | core: drop implicit support of PrivateTmp=offYu Watanabe2024-10-095-6/+6
| | | | | | | | | | | | | | | | | | Follow-up for 0e551b04efb911d38b586cca1a6a462c87a2cb1b. Similar to the previous commit, but for PrivateTmp=.
| * | core: drop implicit support of PrivateUsers=offYu Watanabe2024-10-084-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | Follow-up for fa693fdc7e17618958c505af4b2f39ecd1c3363e. The documentation says the option takes a boolean or one of the "self" and "identity". But the parser uses private_users_from_string() which also accepts "off". Let's drop the implicit support of "off".
* | | Merge pull request #34651 from yuwata/polkit-transient-unitLennart Poettering2024-10-095-62/+95
|\ \ \ | | | | | | | | dbus: pass transient unit name metadata to polkit
| * | | core/dbus: pass transient unit name metadata to polkitRenjaya Raga Zenta2024-10-081-1/+8
| | | | | | | | | | | | | | | | Fixes #17224
| * | | core/dbus: add assertionsYu Watanabe2024-10-081-0/+12
| | | |
| * | | core/dbus: introduce bus_verify_manage_units_async_impl()Yu Watanabe2024-10-082-21/+33
| | | | | | | | | | | | | | | | | | | | | | | | Then, make bus_verify_manage_units_async() and _full() inline. Co-authored-by: Renjaya Raga Zenta <ragazenta@gmail.com>
| * | | core/dbus: move bus_verify_xyz() to dbus-util.cYu Watanabe2024-10-085-49/+51
| | | |
* | | | Merge pull request #34593 from Werkov/deprecate-aux-scopesLennart Poettering2024-10-091-1/+6
|\ \ \ \ | | | | | | | | | | core/manager: Deprecate StartAuxiliaryScope() method
| * | | | core/manager: Deprecate StartAuxiliaryScope() methodMichal Koutný2024-10-081-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The method was added with migration of resources in mind (e.g. process's allocated memory will follow it to the new scope), however, such a resource migration is not in cgroup semantics. The method may thus have the intended users and others could be guided to StartTransientUnit(). Since this API was advertised in a regular release, start the removal with a deprecation message to callers. Eventually, the goal is to remove the method to clean up DBus API and simplify code (removal of cgroup_context_copy()). Part of DBus docs is retained to satisfy build checks.
* | | | | Merge pull request #34671 from yuwata/memoryLennart Poettering2024-10-091-1/+5
|\ \ \ \ \ | |_|/ / / |/| | | | tree-wide: several memory accounting cleanups
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 09:27:05 +0100