| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
|
| |
| |
| |
| | |
This also enables us to use pidref_namespace_open().
|
|/
|
|
| |
move_mount when fallback
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If there is an error with the execv call in fork_agent the
program exits without any meaningful log message. Log the
command and errno so the user gets more information about
the failure.
Fixes: #33418
Signed-off-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pci_get_hotplug_slot() has the following limitations:
- if slots are not hotpluggable, they are not in /sys/bus/pci/slots.
- the address at /sys/bus/pci/slots/X/addr doesn't contains the function part,
so on some system, 2 different slots with different _SUN end up with the same
hotplug_slot, leading to naming conflicts.
- it tries all parent devices until it finds a slot number, which is incorrect,
and what led to NAMING_BRIDGE_MULTIFUNCTION_SLOT being disabled.
The use of PCI hotplug to find the slot (ACPI _SUN) was introduced in
https://github.com/systemd/systemd/commit/0035597a30d120f70df2dd7da3d6128fb8ba6051
"udev: net_id - export PCI hotplug slot names" on 2012/11/26.
At the same time on the kernel side we got
https://github.com/torvalds/linux/commit/bb74ac23b10820d8722c3e1f4add9ef59e703f63
"ACPI: create _SUN sysfs file" on 2012/11/16.
Using PCI hotplug was the only way at the time, but now 12 years later we can use
firmware_node/sun sysfs file.
Looking at a small selection of server HW, for HPE (Gen10 DL325), the _SUN is attached
to the NIC device, whereas for Dell (R640/R6515/R6615) and Cisco (UCSC-C220-M5SX),
the _SUN is on the first parent pcieport.
We still fallback to pci_get_hotplug_slot() to handle the s390 case and
maybe some other coner cases (_SUN on grand parent device that is not a
bridge ?).
|
|
|
|
|
|
| |
- Rename ret params following our coding style
- Use assertion where appropriate
- Use BIT_FOREACH()
|
|
|
|
|
|
|
|
| |
It doesn't really make sense to have that in dev-setup.c, which is
mostly about setting up /dev/, creating device nodes and stuff.
let's move it to the other stuff that deals with /dev/console's
peculiarities.
|
|
|
|
|
|
|
|
|
| |
This is a lot of stuff, and sometimes quite wild, let's turn this into
its own header.
All stuff color-related that just generates sequences is now in
ansi-color.h (no .c file!), and everything more complex that
probes/ineracts with terminals remains in termina-util.[ch]
|
|
|
|
|
|
|
|
| |
terminal_set_cursor_position()
Let's prefix these functions with the subsystem name, and clean them up
a bit. Specifically, drop the error logging, it's entirely duplicative,
since every single caller does it anyway.
|
|\
| |
| | |
use O_PATH when possible
|
| |
| |
| |
| |
| | |
`switch_root()` opens two file descriptors to do the switch but never
reads from them. Open them with O_PATH.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
polkitd by default just waves through requests from a root process.
A new POLKIT_CHECK_AUTHORIZATION_FLAGS_ALWAYS_CHECK flag was added
to main (will be part of v125 when it ships) that forces it to go
through the policy checks for root too. Previous versions will just
ignore it.
Change the flags handling slightly so that we pass this or the
interactive flags through, as the values match what polkit expects.
|
| |
| |
| |
| |
| |
| |
| |
| | |
When we patch in a bg color we must make sure that when certain "reset"
sequences are transferred we fix up the bg color again.
Do so for \033[!p ("soft terminal reset") and \033c ("reset to initial
state" aka "full reset").
|
|\ \
| | |
| | | |
UnitFreezer: several cleanups
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, unit_freezer_new_freeze() would only return
UnitFreezer object if FreezeUnit() succeeds. This is not
ideal though, as a failed bus call doesn't mean the action
actually failed. E.g. a timeout might occur because pid1
is waiting for cgroup event from kernel, while the bus call
timeout was exceeded (#33269). In such a case, ThawUnit()
will never be called, resulting in frozen units remain that
way after resuming from sleep.
Therefore, let's get rid of unit_freezer_new_freeze(),
and make sure as long as unit freezer is involved, we'll
call ThawUnit() when we're done. This should make things
a lot more robust.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
First, when displaying JSON we convert dashes into underscores. We want
to avoid using dashes in JSON field names in new code, because some
JSON parsers don't support dashes very well.
Second, we make the first character of every word lower-case. This
better matches our JSON field name style, and makes the automatic
JSON name mangling a lot more useful for vertical tables, where fields
are given a display name. For example, "Foo Bar" would be converted into
"foo_bar" instead of "Foo_Bar", which much better matches our style.
We don't make the whole string lowercase to support cases like:
"fooBar" should stay as "fooBar".
Some situations don't behave quite perfectly, such as "Foo BarBaz" gets
converted into "foo_barBaz", or all-caps headings get mangled
incorrectly. In these situations, the JSON field should be overridden
manually. In most cases, or at least more cases than before, this
heuristic does good enough.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Lets you conveniently set JSON field names in table_add_many. Especially
useful for vertical tables. For example:
table_add_many(t,
TABLE_FIELD, "Display Name",
TABLE_STRING, obj->display_name,
TABLE_SET_JSON_FIELD_NAME, "displayName",
TABLE_FIELD, "Timestamp",
TABLE_TIMESTAMP, obj->timestamp,
TABLE_SET_JSON_FIELD_NAME, "timestampUSec");
|
|\ \
| | |
| | | |
varlink: make API public as "sd-varlink.h"
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's time. sd-json was already done earlier in this cycle, let's now
make sd-varlink public too.
This is mostly just a search/replace job of epical proportions.
I left some functions internal (mostly IDL handling), and I turned some
static inline calls into regular calls.
|
|/
|
|
|
|
|
| |
Same as the other aliases. Allows chaining commands like:
$ systemd-id128 show -P root-$(dpkg-architecture --query DEB_HOST_ARCH)
4f68bce3e8cd4db196e7fbcaf984b709
|
|
|
| |
Closes #30707
|
| |
|
| |
|
|\
| |
| | |
Link executor statically
|
| |
| |
| |
| |
| |
| |
| | |
Our variables for internal libraries are named 'libfoo' for the shared lib
variant, and 'libfoo_static' for the static lib variant. The only exception was
libbasic, because we didn't have a shared variant for it. But let's rename it
for consitency. This makes the build config easier to understand.
|
| |
| |
| |
| |
| |
| |
| | |
For MountImages=, if the source is a block device, it will most likely reside
in /dev. It should be also possible to mount a static device file system in
place of (or part of) /dev. So let's allow paths starting with /dev as an
exception for MountImages=.
|
|/
|
|
|
|
| |
$SYSTEMD_REPART_OVERRIDE_FSTYPE is too invasive. Often you want to
override the fstype only for a specific designator, so let's support
that as well.
|
|
|
|
| |
Follow-up for 98b1ecc9175a8bb241292f6f441a754b6759dd97
|
|
|
|
| |
To make things more readable and consistent.
|
|\
| |
| | |
teach inode_same() the concept of name_to_handle_at() FIDs to properly detect inode identities
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
read_virtual_file() will only read up to page size bytes of data
from /sys/firmware/dmi/entries/.../raw so let's use read_full_file_full()
instead to make sure we read all data.
This should be safe since smbios11 data can be considered immutable
during the lifetime of the system.
|
| |
| |
| |
| |
| |
| |
| | |
Various of our tools operate on block devices, and it's not always
obvious to know which block devices are actually appropriate for use.
Hence, let's add a helper that allows to list block devices, and
supports some limited filtering.
|
|/ |
|
|
|
|
|
|
| |
cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'.
https://www.kernel.org/doc/html/latest/accounting/psi.html
|
|
|
|
|
|
|
|
|
| |
btrfs used to default the sector size to the page size and didn't
support anything else. Since 6.7, it defaults to 4K and using 4K
makes the filesystem compatible with all page sizes. So let's make
sure we use minimum 4K as well (lower causes failures on systems with
a 4K page size) but still allow larger sector sizes if specified by
the user.
|
|\
| |
| | |
Drop support for nscd
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
nscd is known to be racy [1] and it was already deprecated and later dropped in
Fedora a while back [1,2]. We don't need to support obsolete stuff in systemd,
and the cache in systemd-resolved provides a better solution anyway.
We announced the plan to drop nscd in d44934f3785ad9ca4aab757beb80a9b11ba4bc04.
[1] https://fedoraproject.org/wiki/Changes/DeprecateNSCD
[2] https://fedoraproject.org/wiki/Changes/RemoveNSCD
The option is kept as a stub without any effect to make the transition easier.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It turns out OverlayFS doesn't handle gracefully when the same source is
specified multiple times in lowerdir= and it fails with ELOOP:
Failed to mount overlay (type overlay) on /run/systemd/mount-rootfs/opt (MS_RDONLY "lowerdir=/run/systemd/unit-extensions/1/opt:/run/systemd/unit-extensions/0/opt:/run/systemd/mount-rootfs/opt"): Too many levels of symbolic links
This happens even if we mount each image in a different internal mount
path, as OverlayFS will resolve it and look for the backing device, which
will be the same device mapper entity, and return a hard error.
This error does not appear if dm-verity is not used, so it is very
confusing for users, and unnecessary.
When mounting ExtensionImages, check if an image is dm-veritied,
and drop duplicates if the root hashes match, to avoid this user-unfriendly
hard error.
|
|\ \
| |/
|/| |
run: add option to prevent the setting of terminal title
|
| |
| |
| |
| |
| |
| | |
This goes together with the existing SYSTEMD_TINT_BACKGROUND.
Closes https://github.com/systemd/systemd/issues/33301
|
| |
| |
| |
| | |
The old license was a copy&paste mistake.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new "password-cache" option allows customizing behavior of the
ask-password module in regards to caching credentials in the kernel
keyring. There are 3 possible values for this option:
* read-only - look for credentials in kernel keyring before asking
* on - same as read-only, but also save credentials input by user
* off - disable keyring credential cache
Currently the cache is forced upon the user and this can cause issues.
For example, if user wants to attach two volumes with two different
FIDO2 tokens in a quick succession, the attachment operation for the
second volume will use the PIN cached from the first FIDO2 token, which
of course will fail and since tokens are only attempted once, this will
cause fallback to a password prompt.
|
|\ \
| | |
| | | |
hostnamed: minor corrects to Varlink polkit handling
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
'allowInteractiveAuthentication' varlink parameter
If people want they should be able to turn on this flag, to allow
interactive auth. Let's make sure this actually works. i.e. add it to
the introspection data and don't refuse the parameter in Describe().
(note the varlink handling already does parameter validation through
varlink_dispatch(), hence we can just drop any further validation)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
reply to client with an error
The logic of the Describe() call was supposed to be: if we can acquire
the PK priv to get the product UUID then let's return the product UUID,
and if we cannot then return the data without it.
This didn't work however, since the polkit varlink glue would
immediately propagate the error it acquired from polkit its own client.
Let's turn this off, optionally, so that hostnamed can handle this
nicely.
|