summaryrefslogtreecommitdiffstats
path: root/units (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* units: create /dev with --graceful first, allow sysusers to run laterZbigniew Jędrzejewski-Szmek2023-05-232-3/+2
| | | | | | | | | | | | | | | | | We want to call systemd-tmpfiles-setup-dev.service to create /dev/fuse and other device nodes so that module probing will work. But it is possible that when we're in first boot, some users or groups need to be created by systemd-sysusers first. But it is also possible that systemd-sysusers cannot actually execute configuration because the root partition is not fully writable yet. So let systemd-tmpfiles-setup-dev.service run earlier, possibly without all users and groups in place. Since systemd-tmpfiles-setup-dev.service writes to /dev only, it doesn't care how the root partition is mounted. In this early run, some some nodes might be created with default permissions (i.e. not accessible to non-root users or groups). This should be OK for the early boot phase. Afterwards, we let systemd-tmpfiles-setup.service execute full configuration. We will configure any files in /dev twice, but considering that there's only a few of them and that the second run should only adjust ownership and permissions, this should be OK. This way, we avoid the dependency loop.
* units: make sure proc-sys-binfmt_misc.automount is actually stoppedZbigniew Jędrzejewski-Szmek2023-05-231-0/+1
| | | | | | | As with other units, stopping of the automount requires actual work, and without the ordering dependency systemd might not execute the stop job before shutdown.target is reached and units ordered after that are executed.
* units/systemd-repart: stop pretending that root config is executed in the initrdZbigniew Jędrzejewski-Szmek2023-05-231-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I have a system with /usr/lib/repart.d/50-root.conf with GrowFileSystem=yes. The partition wouldn't be resized in the initrd, because ConditionDirectoryNotEmpty=|/sysusr/usr/lib/repart.d was evaluated very early, before /sysroot was mounted. There was no ordering dependency between systemd-repart.service and sysroot.mount. (There was After=initrd-usr-fs.target, but it seems to be only referred to by systemd-fstab-generator, which in my case doesn't even run, because there's no fstab.) But in fact, we neeed to run systemd-repart in the initrd only in limited circumstances: when we need to create the root device based on config under sysusr.mount. If there is config on the root device, it can be executed in the host system, early during boot. Thus, let's remove the condition on /sysroot/…. Without an ordering dependency on sysroot.mount, it was subject to a race condition anyway. (A race condition with a low probability of "winning", because systemd-repart.service has no dependencies, but sysroot.mount requires a device to be detected and the mount to happen.) The other problem was that systemd-repart.service didn't have the ordering wrt. initrd-switch-root.target, so it was subject to the same race condition that was fixed for other units in 7c0e2b555968d70ac563a37e32a6931ee90961a6. (If the systemd-repart.service/stop job is slow, we could end up not restarting systemd-repart.service in the host system.) With the changes here, I see systemd-repart.service/start running twice: in the initrd it is skipped because the conditions fail, and then in the host system it runs normally. Note: support for /sysroot is retained in systemd-repart code. I don't see a strong reason to remove it, since it may still be useful to people invoking repart in the initrd in other circumstances.
* units: do more reordering of ordering configZbigniew Jędrzejewski-Szmek2023-05-2318-45/+80
| | | | | | | | | | | | | No functional change, just a cleanup to make the subsequent changes easier to see. This is a continuation of 9810e419425263bde86787bc21251f1ad3c35628 > The block is reordered and split to have: > 1. description + documentation > 2. (optionally) conditions > 3. all the dependencies The dependencies for shutdown.target are listed separately because they are the other deps are for startup, and shutdown.target only matter much later.
* units: order sysinit.target, debug-shell.service after systemd-vconsole-setupZbigniew Jędrzejewski-Szmek2023-05-192-0/+2
| | | | | | | | | | | | | | Previous patch to add an implicit dependency effectively orders various getty services after systemd-vconsole-setup.service. But I think it's cleaner to also order the service before sysinit.target, like it was before 8125e8d38e3aa099c7dce8b0161997b8842aebdc. There might be units which don't do use TTYVHangup= but would like to have the console fully initialized. Also, add a manual ordering to debug-shell.service, because it has ImplicitDependencies=no. This might delay debug-shell.service a bit, but systemd-vconsole-setup.service has no dependencies and should be very quick, so this should not be noticable in practice. Without the ordering, the terminal might not have a key map loaded, making debug-shell.service hard to use.
* units: order getty units after getty-pre.target unconditionallyZbigniew Jędrzejewski-Szmek2023-05-192-4/+4
| | | | | | | Those two units had this ordering conditionalized on HAVE_SYSV_COMPAT. This seems strange. 45e27532971ac84e835a2879df510a581f933fcd added the ordering differently for those two files without any comment, and I think it was just pasted or scripted erroneously.
* unit: add conditions and deps to make oomd.socket and .service consistentYu Watanabe2023-05-191-1/+7
| | | | Fixes #27690.
* Revert "units: Add missing dependencies on initrd-switch-root.target"Daan De Meyer2023-05-158-16/+16
| | | | This reverts commit f0ad3e6b9652fe785245934ff8604cc897d3b8f4.
* units: Add missing dependencies on initrd-switch-root.targetDaan De Meyer2023-05-128-16/+16
| | | | | | | These are all services that valid to be run in the initrd, so let's make sure they have the appropriate dependencies on initrd-switch-root.target so that they are stopped when we're about to switch root.
* units: Add CAP_NET_ADMIN condition to systemd-networkd-wait-online@.service ↵Daan De Meyer2023-05-091-0/+1
| | | | | | | as well It was added to CAP_NET_ADMIN but we forgot to add it to the template service as well.
* units: add/fix Documentation= about bus interfaceYu Watanabe2023-05-084-1/+4
|
* core/systemctl: when switching root default to /sysroot/Lennart Poettering2023-04-291-1/+1
| | | | | | | | | We hardcode the path the initrd uses to prepare the final mount point at so many places, let's also imply it in "systemctl switch-root" if not specified. This adds the fallback both to systemctl and to PID 1 (this is because both to — different – checks on the path).
* nspawn: port over to /supervisor/ subcgroup being delegated to nspawnLennart Poettering2023-04-271-0/+1
| | | | | | Let's make use of the new DelegateSubgroup= feature and delegate the /supervisor/ subcgroup already to nspawn, so that moving the supervisor process there is unnecessary.
* udev: port to DelegateSubgroup=Lennart Poettering2023-04-271-0/+1
|
* units: make system service manager create init.scope subcgroup for user ↵Lennart Poettering2023-04-271-0/+1
| | | | | | | | service manager This one is basically for free, since the service manager is already prepared for being invoked in init.scope. Hence let's start it in the right cgroup right-away.
* units: restrict hugepages fs a bitLennart Poettering2023-04-271-0/+1
| | | | | | | | | | suid binaries and device nodes should not be placed there, hence forbid it. Of all the API VFS we mount from PID 1 or via a unit file this one is the only one where we didn't add MS_NODEV/MS_NOSUID. Let's address that, since there's really no reason why device nodes or suid binaries would be placed in hugetlbfs.
* Support /etc/system-update for OSTree systemsEric Curtin2023-04-251-1/+3
| | | | | | This is required when / is immutable and cannot be written at runtime. Co-authored-by: Richard Hughes <richard@hughsie.com>
* Merge pull request #25608 from poettering/dissect-moarLennart Poettering2023-04-121-0/+1
|\ | | | | dissect: add dissection policies
| * discover-image: automaticaly pick up sysext images from /.extra/sysextLennart Poettering2023-04-051-0/+1
| |
* | systemd-sysext/confext.service: Refresh on start/reloadKai Lueke2023-04-062-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When adding a sysext image to the system and manuall merging it, a later "systemctl (re)start systemd-sysext" won't work because "merge" refuses to work when something is merged already. Another problem with "merge" at start plus "unmerge" at stop is that a service restart can't make use of the new MOVE_MOUNT_BENEATH in the future even which would only be available in "refresh". It also prepares us for setting up the merged overlay for the sysroot from the initrd already, which also would lead to the mentioned start problem of the service (One optimization could be to skip the loading but only if we are sure that all images were loaded and weren't modified since - this assumption is hard because early services could want to inject a sysext, too). Use "refresh" on service start to fix the problem that the service can't start as soon as a manual merge was done. Also add a reload action that allows to issue "systemctl reload systemd-sysext" and it will make use of MOVE_MOUNT_BENEATH once we implement this in systemd-sysext refresh (and it's available from the kernel).
* | confext: add the systemd-confext.service filemaanyagoenka2023-04-052-0/+34
|/
* sysext: stop storing under /usr/lib[/local]/extensions/Luca Boccassi2023-03-301-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sysexts are meant to extend /usr. All extension images and directories are opened and merged in a single, read-only overlayfs layer, mounted on /usr. So far, we had fallback storage directories in /usr/lib/extensions and /usr/local/lib/extensions. This is problematic for three reasons. Firstly, technically, for directory-based extensions the kernel will reject creating such an overlay, as there is a recursion problem. It actively validates that a lowerdir is not a child of another lowerdir, and fails with -ELOOP if it is. So having a sysext /usr/lib/extensions/myextdir/ would result in an overlayfs config lowerdir=/usr/lib/extensions/myextdir/usr/:/usr which is not allowed, as indicated by Christian the kernel performs this check: /* * Check if this layer root is a descendant of: * - another layer of this overlayfs instance * - upper/work dir of any overlayfs instance */ <...> /* Walk back ancestors to root (inclusive) looking for traps */ while (!err && parent != next) { if (is_lower && ovl_lookup_trap_inode(sb, parent)) { err = -ELOOP; pr_err("overlapping %s path\n", name); Secondly, there's a confusing aspect to this recursive storage. If you have /usr/lib/extensions/myext.raw which contains /usr/lib/extensions/mynested.raw 'systemd-sysext merge' will only pick up the first one, but both will appear in the merged root under /usr/lib/extensions/. So you have two extension images, both appear in your merged filesystem, but only one is actually in use. Finally, there's a conceptual aspect: the idea behind sysexts and hermetic /usr is that the /usr tree is not modified locally, but owned by the vendor. Dropping extensions in /usr thus goes contrary to this foundational concept.
* units: let's establish the coredump socket before writting core_pattern sysctlLennart Poettering2023-03-301-1/+1
| | | | | | | | | | | | | | | | It's a bit nicer if we only write the sysctl core_pattern once the coredump socket is established, since it's the backend for the handler. Given the systemd-coredump.socket basically has no dependencies that run before it this should not really make things slower or so, it just removes the tiny window where core pattern is in effect that wants to connect to the backend socket but cannot. The status quo isn't terrible, and not too different in effect: either way, until the socket unit is up we won't process coredumps. It's mostly what kind of behaviour you get then: an error due to /bin/false being invoked, or an error because systemd-coredump can't connect to its socket. After this patch we'll exclusively see the former.
* unit: sysext: update unit name for sd-tmpfiles-setupMike Yuan2023-03-181-1/+1
| | | | Fixes #26882
* units: Order user@.service after systemd-oomd.serviceDaan De Meyer2023-03-181-1/+1
| | | | | | | | | | | | The user manager connects to oomd over varlink. Currently, during shutdown, if oomd is stopped before any user manager, the user manager will try to reconnect to the socket, leading to a warning from pid 1 about a conflicting transaction. Let's fix this by ordering user@.service after systemd-oomd.service, so that user sessions are stopped before systemd-oomd is stopped, which makes sure that the user sessions won't try to start oomd via its socket after systemd-oomd is stopped.
* journald-console: Add colors when forwarding to consoleDaan De Meyer2023-03-161-0/+1
| | | | | | Let's color output when we're forwarding to the console. To make this work, we inherit TERM from pid 1 and use it to decide whether we should output colors or not.
* tree-wide: Drop gnu-efiJan Janssen2023-03-101-9/+9
| | | | | | | This drops all mentions of gnu-efi and its manual build machinery. A future commit will bring bootloader builds back. A new bootloader meson option is now used to control whether to build sd-boot and its userspace tooling.
* doc: correct wrong use "'s" contractionsJan Engelhardt2023-03-071-1/+1
|
* units: let systemd --user manage its own memory pressure handlingLennart Poettering2023-03-011-0/+1
| | | | | | | | | | | Let's make things systematic: the per-user and the per-system manager should manage their own memory pressure, as they are, well, managers of things. This is particularly relevant and the per-user service manager should watch its own "init.scope" subcgroup, instead of the main service unit cgroup, and hence $MEMORY_PRESSURE_WATCH as set by the per-system service manager would simply be wrong.
* units: change assert to condition to skip running in initrd/osLuca Boccassi2023-02-096-6/+6
| | | | | | | These units are also present in the initrd, so instead of an assert, just use a condition so they are skipped where they need to be skipped. Fixes https://github.com/systemd/systemd/issues/26358
* core: split system/user job timeouts and make them configurableZbigniew Jędrzejewski-Szmek2023-02-011-1/+1
| | | | | | | | | | | | | | | | Config options are -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec=. Existing -Dupdate-helper-user-timeout= is renamed to -Dupdate-helper-user-timeout-sec= for consistency. All three options take an integer value in seconds. The renaming and type-change of the option is a small compat break, but it's just at compile time and result in a clear error message. I also doubt that anyone was actually using the option. This commit separates the user manager timeouts, but keeps them unchanged at 90 s. The timeout for the user manager is set to 4/3*user-timeout, which means that it is still 120 s. Fedora wants to experiment with lower timeouts, but doing this via a patch would be annoying and more work than necessary. Let's make this easy to configure.
* units: don't install pcrphase-related units without gnu-efiFrantisek Sumsal2023-01-171-2/+2
| | | | | | | | | | | | | | | since we don't have systemd-pcrphase built anyway, which breaks the tests: ... I: Attempting to install /usr/lib/systemd/systemd-networkd-wait-online (based on unit file reference) I: Attempting to install /usr/lib/systemd/systemd-network-generator (based on unit file reference) I: Attempting to install /usr/lib/systemd/systemd-oomd (based on unit file reference) I: Attempting to install /usr/lib/systemd/systemd-pcrphase (based on unit file reference) W: Failed to install '/usr/lib/systemd/systemd-pcrphase' make: *** [Makefile:4: setup] Error 1 make: Leaving directory '/root/systemd/test/TEST-01-BASIC' Follow-up to 04959faa632272a8fc9cdac3121b2e4af721c1b6.
* generators: optionally, measure file systems at bootLennart Poettering2023-01-173-0/+51
| | | | | | If we use gpt-auto-generator, automatically measure root fs and /var. Otherwise, add x-systemd.measure option to request this.
* units: rework growfs units to be just a regular unit that is instantiatedLennart Poettering2023-01-173-0/+47
| | | | | | | | | | | | | | | | The systemd-growfs@.service units are currently written in full for each file system to grow. Which is kinda pointless given that (besides an optional ordering dep) they contain always the same definition. Let's fix that and add a static template for this logic, that the generator simply instantiates (and adds an ordering dep for). This mimics how systemd-fsck@.service is handled. Similar to the wait that for root fs there's a special instance systemd-fsck-root.service we also add a special instance systemd-growfs-root.service for the root fs, since it has slightly different deps. Fixes: #20788 See: #10014
* units: measure /etc/machine-id into PCR 15 during early bootLennart Poettering2023-01-172-0/+25
| | | | | | | We want PCR 15 to be useful for binding per-system policy to. Let's measure the machine ID into it, to ensure that every OS we can distinguish will get a different PCR (even if the root disk encryption key is already measured into it).
* journal: give the ability to enable/disable systemd-journald-audit.socketFranck Bui2023-01-113-3/+9
| | | | | | | | | | Before this patch the only way to prevent journald from reading the audit messages was to mask systemd-journald-audit.socket. However this had main drawback that downstream couldn't ship the socket disabled by default (beside the fact that masking units is not supposed to be the usual way to disable them). Fixes #15777
* logind: implement Type=notify-reload protocol properlyLennart Poettering2023-01-101-0/+1
| | | | | | So close already. Let's add the two missing notifications too. Fixes: #18484
* udevd: implement the full Type=notify-reload protocolLennart Poettering2023-01-101-2/+1
| | | | | | We are basically already there, just need to add MONOTONIC_USEC= to the RELOADING=1 message, and make sure the message is generated in really all cases.
* networkd: implement Type=notify-reload protocolLennart Poettering2023-01-101-2/+1
|
* pid1: make sure we send our calling service manager RELOADING=1 when reloadingLennart Poettering2023-01-101-1/+1
| | | | | | | | And send READY=1 again when we are done with it. We do this not only for "daemon-reload" but also for "daemon-reexec" and "switch-root", since from the perspective of an encapsulating service manager these three operations are not that different.
* Merge pull request #25947 from poettering/resolved-dns-credsDaan De Meyer2023-01-061-1/+2
|\ | | | | resolved: add support for reading DNS config from kernel cmdline + service credentials
| * resolved: read DNS conf also from creds and kernel cmdlineLennart Poettering2023-01-051-1/+2
| | | | | | | | | | | | | | | | | | | | | | Note that this drops ProtectProc=invisible from systemd-resolved.service. This is done because othewise access to the booted "kernel" command line is not necessarily available. That's because in containers we want to read /proc/1/cmdline for that. Fixes: #24103
* | units: condition systemd-networkd-wait-online.service like ↵Lennart Poettering2023-01-051-0/+1
|/ | | | | | | | | | systemd-networkd.service This adds the same condition that systemd-networkd.service already carries also to systemd-networkd-wait-online.service. Otherwise we'll potentially see some logs we'd rather not see about a service we BindTo= not running. Or in other words, if service X binds to Y then X should be at least as conditioned as Y.
* vconsole: permit configuration of vconsole settings via credentialsLennart Poettering2023-01-051-0/+5
|
* units: rename/rework systemd-boot-system-token.service → ↵Lennart Poettering2023-01-044-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | systemd-boot-random-seed.service This renames systemd-boot-system-token.service to systemd-boot-random-seed.service and conditions it less strictly. Previously, the job of the service was to write a "system token" EFI variable if it was missing. It called "bootctl --graceful random-seed" for that. With this change we condition it more liberally: instead of calling it only when the "system token" EFI variable isn't set, we call it whenever a boot loader interface compatible boot loader is used. This means, previously it was invoked on the first boot only: now it is invoked at every boot. This doesn#t change the command that is invoked. That's because previously already the "bootctl --graceful random-seed" did two things: set the system token if not set yet *and* refresh the random seed in the ESP. Previousy we put the focus on the former, now we shift the focus to the latter. With this simple change we can replace the logic f913c784ad4c93894fd6cb2590738113dff5a694 added, but from a service that can run much later and doesn't keep the ESP pinned.
* bootctl: downgrade graceful messages to LOG_NOTICELennart Poettering2023-01-041-0/+0
|
* units: pull in loop.ko and dm-mod.ko before repartLennart Poettering2022-12-231-1/+2
| | | | | | | | | | | | | | | We want to make use of that when formatting file systems, hence let's pull in these modules explicitly. (This is necessary because we are an early boot service that might run before systemd-tmpfiles-dev.service, which creates /dev/loop-control and /dev/mapper/control.) Alternatively we could just order ourselves after systemd-tmpfiles-dev.service, but I think there's value in adding an explicit minimal ordering here, since we know what we'll need. Fixes: #25775
* units: change modprobe@dm-mod.service → modprobe@dm_mod.serviceLennart Poettering2022-12-231-1/+1
| | | | Follow-up for 8f1359bf854e9683e4e0b89fd3a537e0d82d4b95
* units: allow systemd-userdbd to change process nameMichal Sekletar2022-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rename_process() requires CAP_SYS_RESOURCE so let's make sure it is in our permitted set after execve() by adding in to the bounding set. Previously, systemd-userdbd.service - User Database Manager Loaded: loaded (/usr/lib/systemd/system/systemd-userdbd.service; indirect; preset: disabled) Active: active (running) since Mon 2022-12-19 17:07:21 CET; 17min ago TriggeredBy: ● systemd-userdbd.socket Docs: man:systemd-userdbd.service(8) Main PID: 1880 (systemd-userdbd) Status: "Processing requests..." Tasks: 4 (limit: 2272) Memory: 5.2M CPU: 244ms CGroup: /system.slice/systemd-userdbd.service ├─1880 /usr/lib/systemd/systemd-userdbd ├─2270 systemd-userwork ├─2271 systemd-userwork └─2272 systemd-userwork Now, Loaded: loaded (/usr/lib/systemd/system/systemd-userdbd.service; indirect; preset: disabled) Active: active (running) since Mon 2022-12-19 17:27:02 CET; 15s ago TriggeredBy: ● systemd-userdbd.socket Docs: man:systemd-userdbd.service(8) Main PID: 2404 (systemd-userdbd) Status: "Processing requests..." Tasks: 4 (limit: 2272) Memory: 5.5M CPU: 89ms CGroup: /system.slice/systemd-userdbd.service ├─2404 /usr/lib/systemd/systemd-userdbd ├─2407 "systemd-userwork: waiting..." ├─2408 "systemd-userwork: waiting..." └─2409 "systemd-userwork: waiting..."
* unit: use underbar for module nameYu Watanabe2022-12-191-1/+1
| | | | For consistency with src/core/unit.c.