| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Fixes #23697.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a follow-up for f470cb6d13558fc06131dc677d54a089a0b07359 which in
turn is a follow-up for a068aceafbffcba85398cce636c25d659265087a.
The latter started to honour hidden files when deciding whether a
directory is empty. The former reverted to the old behaviour to fix
issue #23220.
It introduced a bug though: when a directory contains a larger number of
hidden entries the getdents64() buffer will not suffice to read them,
since we just allocate three entries for it (which is definitely enough
if we just ignore the . + .. entries, but not ig we ignore more).
I think it's a bit confusing that dir_is_empty() can return true even if
rmdir() on the dir would return ENOTEMPTY. Hence, let's rework the
function to make it optional whether hidden files are ignored or not.
After all, I looking at the users of this function I am pretty sure in
more cases we want to honour hidden files.
|
| |
|
|
| |
No change in behaviour. Let's just use our new helper here.
|
| |
|
|
|
|
|
| |
Some parts of our tree used 'Architecture' for storing architectures,
others used ints. Let's unify on the former.
Inspired by #22952's rework of the 'Virtualization' enum.
|
| |
|
|
|
|
|
|
| |
These days we have a mechanism for safely returning errnos in enum
types, via definining -ERRNO_MAX as one special enu value. Let's use
that for Virtualization.
No change in behaviour, just some typesafety improvement.
|
| |\
| |
| |
| |
| | |
keszybz/symlink-enablement-yet-again-punish-me-harder
Fixups to the unit enablement logic
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some calls to lookup_path_init() were not followed by any log emission.
E.g.:
$ SYSTEMD_LOG_LEVEL=debug systemctl --root=/missing enable unit; echo $?
1
Let's add a helper function and use it in various places.
$ SYSTEMD_LOG_LEVEL=debug build/systemctl --root=/missing enable unit; echo $?
Failed to initialize unit search paths for root directory /missing: No such file or directory
1
$ SYSTEMCTL_SKIP_SYSV=1 build/systemctl --root=/missing enable unit; echo $?
Failed to initialize unit search paths for root directory /missing: No such file or directory
Failed to enable: No such file or directory.
1
The repeated error in the second case is not very nice, but this is a niche
case and I don't think it's worth the trouble to trying to avoid it.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some refactoring: split efi-loader.[ch] in two: isolate the calls that
implement out boot loader interface spec, and those which implement
access to upstream UEFI firmware features.
They are quite different in nature and behaviour, and even semantically
it makes to keep these two separate. At the very least because the
previous name "efi-loader.[ch]" suggests all was about loader-specific
APIs, but much of it is generic uefi stuff...
While we are at it, I renamed a bunch of return parameters to follow our
usual ret_xyz naming. But besides renaming no real code changes.
|
| |
|
|
| |
This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Get the cgroup root path from the current PID, so that when
ran by the user manager we can get to the right path.
Eg: foo.slice:10% will check under:
/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/foo.slice/cpu.pressure
Follow-up for 81513b382b24a7f3602987f71042d075ca27d1a5
|
| |
|
|
|
|
|
|
|
|
| |
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.
Fixes #20139
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.
No code changes, just some splitting out of code.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In general we almost never hit those asserts in production code, so users see
them very rarely, if ever. But either way, we just need something that users
can pass to the developers.
We have quite a few of those asserts, and some have fairly nice messages, but
many are like "WTF?" or "???" or "unexpected something". The error that is
printed includes the file location, and function name. In almost all functions
there's at most one assert, so the function name alone is enough to identify
the failure for a developer. So we don't get much extra from the message, and
we might just as well drop them.
Dropping them makes our code a tiny bit smaller, and most importantly, improves
development experience by making it easy to insert such an assert in the code
without thinking how to phrase the argument.
|
| |\
| |
| | |
core: add ConditionOSRelease= directive
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
The goal is to move everything that requires selinux or smack
away from src/basic/. This means that src/basic/label.[ch] must move,
which implies btrfs-util.[ch], copy.[ch], and a bunch of other files
which form a cluster of internal use.
This is just moving text around, so there should be no functional difference.
test-blockdev-util is new, because path_is_encrypted() is moved to
blockdev-util.c, and so far we didn't have any tests for code there.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Initially I wanted to add ConditionPathExists=!/etc/initrd-release in various
units (ldconfig.service, systemd-sysusers.service, systemd-hwdb-update.service,
systemd-journal-catalog-update, systemd-update-done.service), but I think it's
better to just disable the mechanism in the initrd altogether. Initrd images
are put together in a very particular way, and there is not need to do
post-update steps on them. If a unit from some other package winds up in the
initrd, we wouldn't want to invoke it either.
Also, any modifications are ephemeral, so any update would happen on every
use. And finally, initrd images are all about speed, and we shouldn't invoke
any unneeded services.
|
| |
|
|
|
|
| |
This allows to limit units to machines that run on a certain firmware
type. For device tree defined machines checking against the machine's
compatible is also possible.
|
| |
|
|
|
|
|
|
|
|
| |
Before, we only allowed conditionalizing on controllers, not the hierarchy.
This commit extends this to allow a simple check for v1 (i.e. classic or hybrid),
and v2 (full unified).
An alternative approach would be to add a separate Condition for this, but I'm
not too keen on that, considering that v1 is already being deprecrecated
(c.f. 82f3063218).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Taking a stab at implementing #14479.
Add {Condition,Assert}CPUFeature to `systemd-analyze` & friends. Implement it
by executing the CPUID instruction. Add tables for common x86/i386
features.
Tested via unit tests + checked that commands such as:
```bash
systemd-analyze condition 'AssertCPUFeature = rdrand'
```
Succeed as expected and that commands such as
```bash
systemd-analyze condition 'AssertCPUFeature = foobar'
```
Fail as expected. Finally, I have amended the `systemd.unit` manual page
with the new condition and the list of all currently supported flags.
|
| |
|
|
|
|
|
| |
TPM2 exists
This makes ConditionSecurity=tpm2 work reliably during early boot: if
Linux doesn't know about the TPM2 then maybe the firmware does.
|
| |
|
|
|
|
|
|
|
| |
As suggested in https://github.com/systemd/systemd/pull/11484#issuecomment-775288617.
This does not touch anything exposed in src/systemd. Changing the defines there
would be a compatibility break.
Note that tests are broken after this commit. They will be fixed in the next one.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Those are functions that express policy, and nothing in basic/ uses
(or should use) them.
|
| |
|
|
|
|
|
|
|
|
| |
The concept is flawed, and mostly useless. Let's finally remove it.
It has been deprecated since 90a2ec10f2d43a8530aae856013518eb567c4039 (6
years ago) and we started to warn since
55dadc5c57ef1379dbc984938d124508a454be55 (1.5 years ago).
Let's get rid of it altogether.
|
| |
|
|
|
|
|
|
|
| |
Much like systemd.condition-needs-update= this new switch allows
overriding of a unit file condition, but this time its
ConditionFirstBoot=.
Usecase is also primarily debugging, but could be useful for other
schemes too.
|
| | |
|
| |
|
|
|
| |
No change in behaviour. Let's just prefer early exit over deeper
indentation.
|
| |
|
|
| |
This should be useful for addressing #15724.
|
| |
|
|
|
|
|
| |
it as-is
Previously, we'd only compare the nsec component of it, which sounds
needlessly fragile. Let's instead compare the timestamp as it is.
|
| |
|
|
|
|
| |
Condition checks shouldn't log loudly, since they run all the time.
Let's make things debuggable, by keeping the messages in LOG_DEBUG in,
but don't make more noise than necessary.
|
| | |
|
| |
|
|
|
|
| |
We should do this check first since it is done on the string itself
without any conditioning of system state otherwise. It is a weird to do
this test only if /etc is read-only.
|
| |
|
|
|
|
|
| |
Prompted by the discussions in #15180.
This is a bit more complex than I hoped, since for PID 1 we need to pass
in the synethetic environment block in we generate on demand.
|
| |
|
|
| |
Follow our usual coding style.
|
| |
|
|
|
|
| |
functions
Let's add a typedef for a function type we use at multiple places.
|
| |
|
|
|
|
|
| |
It's easy to add, and should be pretty useful, in particular as in
AssertPathIsEncrypted= as it can be used for checking that
some path is encrypted before some service is invoked that might want to
place secure material there.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I want to use efivars.[ch] in proc-cmdline.c, but most of the efivars stuff is
not needed in basic/. Move the file from shared/ to basic/, but then move back
most of the higher-level functions to the new shared/efi-loader.c file.
|
| |
|
|
| |
This replaces the internal uses of __FILE__ with the new macro.
|
