| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Follow-up for 98b1ecc9175a8bb241292f6f441a754b6759dd97
|
|
|
|
|
|
| |
cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'.
https://www.kernel.org/doc/html/latest/accounting/psi.html
|
|
|
|
|
|
|
|
|
|
|
| |
- drop unnecessary SYNTHETIC_ERRNO() when the logger does not propagate
error code,
- drop unnecessary '%m' in error message when the error code is
specified with SYNTHETIC_ERRNO(),
- add missing full stop at the end of log message,
- use RET_GATHER(),
- add missing ", ignoring.",
- upeercase the first letter, etc., etc...
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Most of our kernel cmdline options use underscores as word separators in
kernel cmdline options, but there were some exceptions. Let's fix those,
and also use underscores.
Since our /proc/cmdline parsers don't distinguish between the two
characters anyway this should not break anything, but makes sure our own
codebase (and in particular docs and log messages) are internally
consistent.
|
| |
|
|
|
|
|
| |
The latter is more generic and while being compatible with
the former.
|
|
|
|
|
|
|
|
|
| |
We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers
like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so
the existing name is outdated. I think the uid-range.[ch] should stay separate
because it has a bunch of helpers for parsing and printing of uid ranges. So
let's rename as in $subject to better reflect the contents of the file and make
the two sets of files harder to confuse.
|
|
|
|
|
| |
We have various services that should only run in a measured UKI
environment. Let's add an explicit high-level check for that.
|
|
|
|
|
|
| |
All other command line parsers takes flags. Let's make
proc_cmdline_get_bool() also take flags. Though, currently,
no flag is set by the caller.
|
|
|
|
|
|
|
|
| |
The "cvm" flag indicates whether the OS is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
|
|
|
| |
I figure these messages are rather unnecessary, so let the user quiet
them with the existing --quiet flag if desired. Makes systemd-analyze
condition a little more ergonomic in scripts.
|
|
|
|
|
|
|
|
| |
No code change, just some splitting out of the relevant code from
udev-util.[ch].
This makes sense on its own, but is also prepartion to move the code
that checks for low battery state into battery-util.[ch], too.
|
|
|
|
|
|
|
| |
Before 7cd43e34c5a302ff323c013f437092d2ff5ccbbf, it was possible to use
SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot to override autodetection.
But now this doesn't work anymore, and it's useful to be able to do that for
testing.
|
| |
|
|
|
|
|
|
|
| |
Let's move them out of the generic, already very long strv.[ch] module
into the more specific nulst-util.[ch]
No code changes.
|
|
|
|
|
|
|
|
|
| |
I changed imports of util.h to initrd-util.h, or added an import of
initrd-util.h, to keep compilation working. It turns out that many files didn't
import util.h directly.
When viewing the patch, don't be confused by git rename detection logic:
a new .c file is added and two functions moved into it.
|
|
|
|
|
|
|
|
|
| |
Instead of succeeding when either the firmware reports a TPM device
or we find a TPM device, let's check that the firmware reports a TPM
device and the TPM subsystem is enabled in the kernel.
To check whether the subsystem enabled, we check if the relevant
subdirectory in /sys exists at all.
|
|
|
|
|
|
|
|
|
|
| |
PID 1 is not allowed to do nss lookups because this may take a long time or
even deadlock.
While at it, the comparisons are reordered to do the "easy" comparisons which
only require a string comparison first. Delay parsing of the UID until it is
really necessary. The result is the same, because we know that "root" and
"nobody" parse as valid.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code to evaluate the kernel command line option was busted because it
was doing 'return b == !!r' at a point where 'r > 0'. Thus we'd return "true"
in both cases:
$ SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot build/systemd-analyze condition 'ConditionFirstBoot=true'
test.service: ConditionFirstBoot=true succeeded.
Conditions succeeded.
$ SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot build/systemd-analyze condition 'ConditionFirstBoot=false'
test.service: ConditionFirstBoot=false succeeded.
Conditions succeeded.
We only use 'ConditionFirstBoot=true' in units, so this wasn't noticed.
But I think the logic is broken in general: the condition should evaluate as
true only during initial boot. If we rerun the units at later points, we should
not consider ConditionFirstBoot to be true.
Also, the first boot logic is also used in pid1 itself. AFAICT, for two
things: in first boot machine-id is initialized transiently (this allows
first-boot operations to be restarted if boot fails), and preset-all is
executed. But this logic was different and separate from the logic to
evaluate ConditionFirstBoot. The distinction is abolished, and the operations
in pid1 now use the same logic as ConditionFirstBoot, which means that the
kernel command line option is checked, and condition_test_first_boot()
just tests whether pid1 thinks we're in first boot.
This makes things easier to grok for the user: there's just one condition for
"first boot" and it applies to both pid1 and units.
|
|
|
|
|
|
|
|
|
|
|
|
| |
comparison, and ==/<> version comparison
The only reason to do this is to ensure uniformity with the other
options, that work like this, i.e. ConditionOSRelease= or
ConditionSecurity=.
This is a compatibility break, but a minor one, given that string
comparison and version comparison is mostly the same for equality and
inequality.
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that "=" and "!=" are now interpreted as literal string
compares, and "==" and "<>" are for version compares.
This is not a compat break, since the SMBIOS stuff has not been included
in any release yet.
Main reason to do this, is to be systematic with the other conditions
that check for text stuff.
|
|
|
|
|
|
| |
This is mostly to make things systematic, and brings no new
functionality, as not specifying any operator is identical to prefixing
with =$ anyway.
|
| |
|
|
|
|
|
| |
We support this for smbios matches, hence do so for /etc/os-release
matches too.
|
|
|
|
|
|
|
| |
comparison via simple string compares
This allows us to switch condition_test_osrelease() to use generic
version_or_fnmatch_compare() for executing the comparison.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Let's move the operator enum into its own .c/.h file, so that we can
reuse it elsewhere, in particular systemd-analyze's compare-versions
logic.
Let's rename the concept CompareOperator, since it is nowadays
genericlaly about both order *and* fnmatch comparisons, hence just
naming it "order" is misleading.
|
| |
|
|
|
|
|
|
|
|
|
| |
The path /sys/firmware/device-tree doesn't exist. This should be either
/proc/device-tree or /sys/firmware/devicetree.
The first path is only a link. So lets use the second path.
See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218.
|
|
|
|
|
|
|
|
| |
I possess a machine with ')' in its BIOS version string, which will
cause the current parser to mistake it as the closing ')' of the
smbios-fields() expression.
Let's make sure we always fo for the last, not the first ')', hence.
|
|
|
|
| |
information
|
| |
|
|
|
|
|
|
|
| |
credentials passed in
This is useful when provisioning systems via nspawn/qemu and running
specific services only if specific data is passed into the system.
|
|
|
|
| |
Fixes #23697.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a follow-up for f470cb6d13558fc06131dc677d54a089a0b07359 which in
turn is a follow-up for a068aceafbffcba85398cce636c25d659265087a.
The latter started to honour hidden files when deciding whether a
directory is empty. The former reverted to the old behaviour to fix
issue #23220.
It introduced a bug though: when a directory contains a larger number of
hidden entries the getdents64() buffer will not suffice to read them,
since we just allocate three entries for it (which is definitely enough
if we just ignore the . + .. entries, but not ig we ignore more).
I think it's a bit confusing that dir_is_empty() can return true even if
rmdir() on the dir would return ENOTEMPTY. Hence, let's rework the
function to make it optional whether hidden files are ignored or not.
After all, I looking at the users of this function I am pretty sure in
more cases we want to honour hidden files.
|
|
|
|
| |
No change in behaviour. Let's just use our new helper here.
|
|
|
|
|
|
|
| |
Some parts of our tree used 'Architecture' for storing architectures,
others used ints. Let's unify on the former.
Inspired by #22952's rework of the 'Virtualization' enum.
|
|
|
|
|
|
|
|
| |
These days we have a mechanism for safely returning errnos in enum
types, via definining -ERRNO_MAX as one special enu value. Let's use
that for Virtualization.
No change in behaviour, just some typesafety improvement.
|
|\
| |
| |
| |
| | |
keszybz/symlink-enablement-yet-again-punish-me-harder
Fixups to the unit enablement logic
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some calls to lookup_path_init() were not followed by any log emission.
E.g.:
$ SYSTEMD_LOG_LEVEL=debug systemctl --root=/missing enable unit; echo $?
1
Let's add a helper function and use it in various places.
$ SYSTEMD_LOG_LEVEL=debug build/systemctl --root=/missing enable unit; echo $?
Failed to initialize unit search paths for root directory /missing: No such file or directory
1
$ SYSTEMCTL_SKIP_SYSV=1 build/systemctl --root=/missing enable unit; echo $?
Failed to initialize unit search paths for root directory /missing: No such file or directory
Failed to enable: No such file or directory.
1
The repeated error in the second case is not very nice, but this is a niche
case and I don't think it's worth the trouble to trying to avoid it.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some refactoring: split efi-loader.[ch] in two: isolate the calls that
implement out boot loader interface spec, and those which implement
access to upstream UEFI firmware features.
They are quite different in nature and behaviour, and even semantically
it makes to keep these two separate. At the very least because the
previous name "efi-loader.[ch]" suggests all was about loader-specific
APIs, but much of it is generic uefi stuff...
While we are at it, I renamed a bunch of return parameters to follow our
usual ret_xyz naming. But besides renaming no real code changes.
|
|
|
|
| |
This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Get the cgroup root path from the current PID, so that when
ran by the user manager we can get to the right path.
Eg: foo.slice:10% will check under:
/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/foo.slice/cpu.pressure
Follow-up for 81513b382b24a7f3602987f71042d075ca27d1a5
|