summaryrefslogtreecommitdiffstats
path: root/units (follow)
Commit message (Collapse)AuthorAgeFilesLines
* homed: Create & advertise blob directoryAdrian Vovk2024-02-191-0/+1
| | | | | | | | | This ensures that a user-specific blob directory exists in /var/cache/systemd/homed for as long as the user exists, and gets deleted if the user gets deleted. It also advertises this blob directory via the user record, so that clients can find and use it.
* Merge pull request #31218 from CodethinkLabs/vmspawn/journal_forwardingLuca Boccassi2024-02-161-1/+2
|\ | | | | vmspawn: support journal forwarding
| * journald: implement socket forwardingSam Leonard2024-02-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | This commit adds a new way of forwarding journal messages - forwarding over a socket. The socket can be any of AF_INET, AF_INET6, AF_UNIUX or AF_VSOCK. The address to connect to is retrieved from the "journald.forward_address" credential. It can also be specified in systemd-journald's unit file with ForwardAddress=
* | logind-user: track user started/stopping state through user-runtime-dir@.serviceMike Yuan2024-02-152-2/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before #30884, the user state is tied to user@.service (user service manager). However, #30884 introduced sessions that need no manager, and we can no longer rely on that. Consider the following situation: 1. A 'background-light' session '1' is created (i.e. no user service manager is needed) 2. Session '1' scope unit pulls in user-runtime-dir@.service 3. Session '1' exits. A stop job is enqueued for user-runtime-dir@.service due to StopWhenUnneeded=yes 4. At the same time, another session '2' which requires user manager is started. However, session scope units have JobMode=fail, therefore the start job for user-runtime-dir@.service that was pulled in by session '2' scope job is deleted as it conflicts with the stop job. We want session scope units to continue using JobMode=fail, but we still need the dependencies to be started correctly, i.e. explicitly requested by logind beforehand. Therefore, let's stop using StopWhenUnneeded=yes for user-runtime-dir@.service, and track users' `started` and `stopping` state based on that when user@.service is not needed. Then, for every invocation of user_start(), we'll recheck if we need the service manager and start it if so. Also, the dependency type on user-runtime-dir@.service from user@.service is upgraded to `BindsTo=`, in order to ensure that when logind stops the former, the latter is stopped as well.
* bootctl: add a Varlink interfaceLennart Poettering2024-02-143-0/+50
| | | | | For now, just super basic functionality: return the list of boot menu entries, and read/write the reboot to firmware flag
* vmspawn: add template unit to start systemd-vmspawn -MSam Leonard2024-02-132-0/+38
|
* Merge pull request #31233 from poettering/pcrlock-varlinkLennart Poettering2024-02-123-0/+55
|\ | | | | pcrlock: add simple Varlink API + some varlinkctl tweaks
| * pcrlock: add basic Varlink interfaceLennart Poettering2024-02-123-0/+55
| | | | | | | | | | This can be used to make or delete a PCR policy via Varlink. It can also be used to query the current event log in CEL format.
* | units: enable MaxConnectionsPerSocket= for all our Accept=yes unitsLennart Poettering2024-02-124-0/+4
|/ | | | | | | | | | | Let's make sure that user's cannot DoS services for other users so easily, and enable MaxConnectionsPerSocket= by default for all of them. Note that this is mostly paranoia for systemd-pcrextend.socket and systemd-sysext.socket: the socket is only accessible to root anyway, hence the accounting shouldn#t change anything. But this is just a safety net, in preparation that we open up some functionality of these services sooner or later.
* units: drop userdbd from homed's Also=Zbigniew Jędrzejewski-Szmek2024-02-061-1/+1
| | | | | | Also= lists units which should be enabled/disabled together with the first unit. But userdbd is independent of homed, we shouldn't e.g. disable it even if homed is disabled.
* units: Order pcrlock services after systemd-remounts-fs.serviceDaan De Meyer2024-01-267-2/+7
| | | | | These write to /var and as such need to wait until after the rootfs has been remounted read-write.
* unit: systemd-creds.socket is statically enabled, hence drop [Install]Lennart Poettering2024-01-231-3/+0
| | | | This is statically enabled, hence needs to [Install] section.
* units: update Description= for systemd-sleep unitsMike Yuan2024-01-143-3/+3
|
* Revert "initrd-parse-etc: override argv[0] to avoid dracut issue"Antonio Alvarez Feijoo2024-01-111-3/+1
| | | | | | | This reverts commit db5276215ae496074c163fca4014baf1bcd05984. dracut is patched since https://github.com/dracutdevs/dracut/commit/23684e4a, and this commit is included in the latest dracut-059 release.
* localed: modernizationMike Yuan2024-01-091-0/+1
|
* hostnamed: use Type=notifyMike Yuan2024-01-091-0/+1
|
* importd: use Type=notifyMike Yuan2024-01-091-0/+1
|
* timedated: modernizationMike Yuan2024-01-091-0/+1
| | | | Switch to sd_event_set_signal_exit() and use Type=notify
* Merge pull request #30833 from poettering/hostnamed-varlinkLennart Poettering2024-01-092-0/+24
|\ | | | | hostnamed: add simple varlink interface
| * hostnamed: add simple Varlink API, tooLennart Poettering2024-01-092-0/+24
| |
* | networkd/wireguard: support network.wireguard.* credentialsMike Yuan2024-01-091-0/+1
|/ | | | Closes #26702
* Merge pull request #30827 from poettering/network-generator-credsLennart Poettering2024-01-081-0/+3
|\ | | | | network-generator: pick up .netdev/.link/.network configuration via c…
| * network-generator: pick up .netdev/.link/.network configuration via credentialsLennart Poettering2024-01-081-0/+3
| | | | | | | | | | | | | | | | | | To me this is the last major basic functionality that couldn't be configured via credentials: the network. We do not invent any new format for this, but simply copy relevant creds 1:1 into /run/systemd/network/ to open up the full functionality of networkd to VM hosts.
* | hostnamed: expose local AF_VSOCK CID among other host infoLennart Poettering2024-01-081-1/+1
|/ | | | | This is a host identifier of major relevance, since it is how you connect to this system if it is a VM, hence expose this nicely.
* Merge pull request #30610 from YHNdnzj/logind-serialize-pidrefYu Watanabe2024-01-041-1/+1
|\ | | | | logind: serialize session leader pidfd to fdstore
| * logind: serialize session leader pidfd to fdstoreMike Yuan2024-01-041-1/+1
| |
* | Merge pull request #30578 from bluca/polkit-varlinkLennart Poettering2024-01-041-1/+1
|\ \ | |/ |/| varlink: add glue to allow authenticating varlink connections via polkit
| * creds: open up access to clients via PolkitLennart Poettering2024-01-031-1/+1
| | | | | | | | | | Use auth_admin_keep, so that users don't have to re-auth interactively again and again when encrypting/decrypting batches of credentials.
* | units: add a tpm2.target synchronization point and small generator that pulls inLennart Poettering2024-01-0312-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Distributions apparently only compile a subset of TPM2 drivers into the kernel. For those not compiled it but provided as kmod we need a synchronization point: we must wait before the first TPM2 interaction until the driver is available and accessible. This adds a tpm2.target unit as such a synchronization point. It's ordered after /dev/tpmrm0, and is pulled in by a generator whenever we detect that the kernel reported a TPM2 to exist but we have no device for it yet. This should solve the issue, but might create problems: if there are TPM devices supported by firmware that we don't have Linux drivers for we'll hang for a bit. Hence let's add a kernel cmdline switch to disable (or alternatively force) this logic. Fixes: #30164
* | Merge pull request #30686 from poettering/uki-measured-check-imply-tpm2Mike Yuan2024-01-032-2/+0
|\ \ | | | | | | efi-loader: when detecting if we are booted in UKI measured boot mode, imply a check for TPM2
| * | Revert "units: add ConditionSecurity=tpm2 to systemd-tpm2-setup units"Lennart Poettering2024-01-022-2/+0
| |/ | | | | | | | | | | | | Now that the ConditionSecurity=uki-measured check is tighter we can drop the explicit TPM2 check again. This reverts commit aa735b02196cf6f947fd1e4b2ec46b544ec7c3e1.
* / unit: order systemd-resolved after systemd-sysctlYu Watanabe2024-01-021-1/+1
|/ | | | | Otherwise, IPv6 enable/disable setting may be changed after resolved is started.
* units: add ConditionSecurity=tpm2 to systemd-tpm2-setup unitsLuca Boccassi2023-12-282-0/+2
| | | | | | | | | ConditionSecurity=measured-uki can be true even with TPM 1.2 which we don't support, so add an explicit check for TPM 2.0. Fixes https://github.com/systemd/systemd/issues/30650 Follow-up for 2e64cb71b9c0160c3
* creds: add varlink API for encrypting/decrypting credentialsLennart Poettering2023-12-213-0/+47
|
* homectl: add "firstboot" commandLennart Poettering2023-12-183-1/+33
| | | | | | | This extends what systemd-firstboot does and runs on first boots only and either processes user records passed in via credentials to create, or asks the user interactively to create one (only if no regular user exists yet).
* systemd-homed.service.in: add quotactl to SystemCallFilterNeil Wilson2023-12-011-1/+1
| | | | | Standard directories make a call to the quotactl system call to enforce disk size limits. Fixes #30287
* unit: make journald stopped on soft-reboot before broadcasting SIGKILLYu Watanabe2023-11-282-0/+10
| | | | Workaround for #30195.
* units: disable start rate limit for systemd-vconsole-setup.serviceZbigniew Jędrzejewski-Szmek2023-11-251-0/+6
| | | | | | | | | | | | | | | | | | The unit will be started or restarted a few times during boot, but but it has StartLimitBurst = DefaultStartLimitBurst = 5, which means that the fifth restart will already fail. On my laptop, I have exactly 4 restarts, so I don't hit the limit, but on a slightly different system we will easily hit the limit. In https://bugzilla.redhat.com/show_bug.cgi?id=2251394, there are five reloads and we hit the limit. Since 6ef512c0bb7aeb2000588d7d05e23b4681da8657 we propagate the start counter over switch-root and daemon reloads, so it's easier to hit the limit during boot. In principle there might be systems with lots of vtcon devices, so let's just allow the unit to be restarted without a limit. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251394.
* units: pull in plymouth when booting into storagetm modeLennart Poettering2023-11-132-3/+3
|
* units: add units that put together and install a TPM2 PCR policy at bootLennart Poettering2023-11-038-0/+208
| | | | (This is disabled by default, for now)
* storagetm: add new systemd-storagetm componentLennart Poettering2023-11-023-0/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements a "storage target mode", similar to what MacOS provides since a long time as "Target Disk Mode": https://en.wikipedia.org/wiki/Target_Disk_Mode This implementation is relatively simple: 1. a new generic target "storage-target-mode.target" is added, which when booted into defines the target mode. 2. a small tool and service "systemd-storagetm.service" is added which exposes a specific device or all devices as NVMe-TCP devices over the network. NVMe-TCP appears to be hot shit right now how to expose block devices over the network. And it's really simple to set up via configs, hence our code is relatively short and neat. The idea is that systemd-storagetm.target can be extended sooner or later, for example to expose block devices also as USB mass storage devices and similar, in case the system has "dual mode" USB controller that can also work as device, not just as host. (And people could also plug in sharing as NBD, iSCSI, whatever they want.) How to use this? Boot into your system with a kernel cmdline of "rd.systemd.unit=storage-target-mode.target ip=link-local", and you'll see on screen the precise "nvme connect" command line to make the relevant block devices available locally on some other machine. This all requires that the target mode stuff is included in the initrd of course. And the system will the stay in the initrd forever. Why bother? Primarily three use-cases: 1. Debug a broken system: with very few dependencies during boot get access to the raw block device of a broken machine. 2. Migrate from system to another system, by dd'ing the old to the new directly. 3. Installing an OS remotely on some device (for example via Thunderbolt networking) (And there might be more, for example the ability to boot from a laptop's disk on another system) Limitations: 1. There's no authentication/encryption. Hence: use this on local links only. 2. NVMe target mode on Linux supports r/w operation only. Ideally, we'd have a read-only mode, for security reasons, and default to it. Future love: 1. We should have another mode, where we simply expose the homed LUKS home dirs like that. 2. Some lightweight hookup with plymouth, to display a (shortened) version of the info we write to the console. To test all this, just run: mkosi --kernel-command-line-extra="rd.systemd.unit=storage-target-mode.target" qemu
* units: modprobe@.service: don't unescape instance nameMartin Wilck2023-10-211-1/+1
| | | | | | | | | | | modprobe treats "-" and "_" interchangeably, thereby avoiding frequent errors because some module names contain dashes and others underscores. Because modprobe@.service unescapes the instance name, an attempt to start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt", which is doomed to fail. "modprobe@dm_crypt.service" will work as expected. Thus unescaping the instance name has surprising side effects. Use "%i" instead.
* Merge pull request #29272 from enr0n/coredump-containerLennart Poettering2023-10-161-0/+1
|\ | | | | coredump: support forwarding coredumps to containers
| * nspawn: set CoredumpReceive=yes on container's scope when --boot is setNick Rosbrook2023-10-131-0/+1
| | | | | | | | | | | | | | | | | | | | When --boot is set, and --keep-unit is not, set CoredumpReceive=yes on the scope allocated for the container. When --keep-unit is set, nspawn does not allocate the container's unit, so the existing unit needs to configure this setting itself. Since systemd-nspawn@.service sets --boot and --keep-unit, add CoredumpReceives=yes to that unit.
* | sysext: make some calls available via varlinkLennart Poettering2023-10-163-0/+54
| |
* | systemd-journal-upload: Increase failure tolerance (#19426, #2877)Priit Laes2023-10-131-0/+3
|/ | | | | | | | | | | | As systemd-journal-upload deals mostly with remote servers, add some failsafes to its unit to restart on failures. ``` [Service] Restart=on-failure RestartSteps=10 RestartMaxDelaySec=60 ```
* pcrextend: make pcrextend tool acccessible via varlinkLennart Poettering2023-10-063-0/+52
| | | | | | | | This is primarily supposed to be a 1st step with varlinkifying our various command line tools, and excercise in how this might look like across our codebase one day. However, at AllSystemsGo! 2023 it was requested that we provide an API to do a PCR measurement along with a matching event log record, and this provides that.
* tpm2-setup: add new early boot tool for initializing the SRKLennart Poettering2023-09-293-0/+56
| | | | | | | | | | | | | | | | | | | This adds an explicit service for initializing the TPM2 SRK. This is implicitly also done by systemd-cryptsetup, hence strictly speaking redundant, but doing this early has the benefit that we can parallelize this in a nicer way. This also write a copy of the SRK public key in PEM format to /run/ + /var/lib/, thus pinning the disk image to the TPM. Making the SRK public key is also useful for allowing easy offline encryption for a specific TPM. Sooner or later we should probably grow what this service does, the above is just the first step. For example, the service should probably offer the ability to reset the TPM (clear the owner hierarchy?) on a factory reset, if such a policy is needed. And we might want to install some default AK (?). Fixes: #27986 Also see: #22637
* Merge pull request #29345 from poettering/measured-uki-conditionLennart Poettering2023-09-276-12/+6
|\ | | | | pid1: introduce ConditionSecurity=measured-uki
| * units: move units over to ConditionSecurity=measured-ukiLennart Poettering2023-09-276-12/+6
| |