summaryrefslogtreecommitdiffstats
path: root/units (follow)
Commit message (Collapse)AuthorAgeFilesLines
* slice: system.slice should be perpetual like -.mountAlan Jenkins2018-02-042-15/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `-.mount` is placed in `system.slice`, and hence depends on it. `-.mount` is always active and can never be stopped. Therefore the same should be true of `system.slice`. Synthesize it as perpetual (unless systemd is running as a user manager). Notice we also drop `Before=slices.target` as unnecessary. AFAICS the justification for `perpetual` is to provide extra protection against unintentionally stopping every single service. So adding system.slice to the perpetual units is perfectly consistent. I don't expect this will (or can) fix any other problem. And the `perpetual` protection probably isn't formal enough to spend much time thinking about. I've just noticed this a couple of times, as something that looks strange. Might be a bit surprising that we have user.slice on-disk but not system.slice, but I think it's ok. `systemctl status system.slice` will still point you towards `man systemd.special`. The only detail is that the system slice disables `DefaultDependencies`. If you're worrying about how system shutdown works when you read `man systemd.slice`, I think it is not too hard to guess that system.slice might do this: > Only slice units involved with early boot > or late system shutdown should disable this option (Docs are great. I really appreciate the systemd ones).
* resolved.service: set DefaultDependencies=noDimitri John Ledkov2018-01-111-2/+4
| | | | | | | | | | | | | | On systems that only use resolved for name resolution, there are usecases that require resolved to be started before sysinit target, such that network name resolution is available before network-online/sysinit targets. For example, cloud-init for some datasources hooks into the boot process ahead of sysinit target and may need network name resolution at that point already. systemd-resolved already starts pretty early in the process, thus starting it slightly earlier should not have negative side effects. However, this depends on resolved ability to connect to system DBus once that is up.
* units: link up debug-generator documentation from debug-shell.serviceLennart Poettering2017-12-261-0/+1
|
* man: add a systemd-rc-local-generator(8) man pageLennart Poettering2017-12-261-0/+1
| | | | | | | Most importantly, let's highlight the differences to the rc-local behaviour in SysV. Fixes: #7703
* separate flags from shebangbleep_blop2017-12-251-1/+2
|
* nspawn: turn on watchdog logic for nspawn tooLennart Poettering2017-12-071-0/+1
| | | | It's a long-running daemon, and it's easy to enable, hence do it.
* units: delegate only "cpu" and "pids" controllers by default (#7564)Lennart Poettering2017-12-071-1/+1
| | | | | | | Now that we can configure which controllers to delegate precisely, let's limit wht we delegate to the user session: only "cpu" and "pids" as a minimal baseline. Fixes: #1715
* Hook up systemd-tmpfiles as user unitsZbigniew Jędrzejewski-Szmek2017-12-064-0/+68
| | | | | | | | | | | | | An explicit --user switch is necessary because for the user@0.service instance systemd-tmpfiles is running as root, and we need to distinguish that from systemd-tmpfiles running in systemd-tmpfiles*.service. Fixes #2208. v2: - restore "systemd-" prefix - add systemd-tmpfiles-clean.{service,timer}, systemd-setup.service to systemd-tmpfiles(8)
* units: use SuccessExitStatus to ignore syntax errors in tmpfilesZbigniew Jędrzejewski-Szmek2017-12-013-0/+3
| | | | | | | | | | | | | | | | | | | | | This makes sense from the point of view of the whole distribution: if there are some specific files that have syntax problems, or unknown users or groups, or use unsupported features, failing the whole service is not useful. In particular, services with tmpfiles --boot should not be started after boot. The premise of --boot is that there are actions which are only safe to do once during boot, because the state evolves later through other means and re-running the boot-time setup would destroy it. If services with --boot fail in the initial transaction, they would be re-run later on when a unit which (indirectly) depends on them is started, causing problems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1507501. (If we had a mode where a service would at most run once, and would not be started in subsequent transactions, that'd be a good additional safeguard. Using ExecStart=-... is a bit like that, but it causes all failure to be ignored, which is too big of a hammer.)
* Add license headers and SPDX identifiers to meson.build filesZbigniew Jędrzejewski-Szmek2017-11-192-0/+34
| | | | | | | So far I avoided adding license headers to meson files, but they are pretty big and important and should carry license headers like everything else. I added my own copyright, even though other people modified those files too. But this is mostly symbolic, so I hope that's OK.
* Add SPDX license headers to unit filesZbigniew Jędrzejewski-Szmek2017-11-19159-0/+318
|
* core: make "tmpfs" dependencies on swapfs a "default" dep, not an "implicit"Lennart Poettering2017-11-101-0/+1
| | | | | | | | | | | | There should be a way to turn this logic of, and DefaultDependencies= appears to be the right option for that, hence let's downgrade this dependency type from "implicit" to "default, and thus honour DefaultDependencies=. This also drops mount_get_fstype() as we only have a single user needing this now. A follow-up for #7076.
* meson: do not create systemd-user-sessions.service if PAM is disabledYu Watanabe2017-10-311-1/+1
| | | | Fixes #7227.
* Merge pull request #7078 from keszybz/cryptsetup-netdev-fixesLennart Poettering2017-10-183-16/+6
|\ | | | | Cryptsetup _netdev fixes
| * units: make remote-cryptsetup.target also after cryptsetup-pre.targetZbigniew Jędrzejewski-Szmek2017-10-181-1/+1
| | | | | | | | | | This way people can order units before cryptsetup-pre.target and have them run before any cryptsetup-related stuff.
| * units: replace remote-cryptsetup-pre.target with remote-fs-pre.targetZbigniew Jędrzejewski-Szmek2017-10-173-17/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remote-cryptsetup-pre.target was designed as an active unit (that pulls in network-online.target), the opposite of remote-fs-pre.target (a passive unit, with individual provider services ordering itself before it and pulling it in, for example iscsi.service and nfs-client.target). To make remote-cryptsetup-pre.target really work, those services should be ordered before it too. But this would require updates to all those services, not just changes from systemd side. But the requirements for remote-fs-pre.target and remote-cryptset-pre.target are fairly similar (e.g. iscsi devices can certainly be used for both), so let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses a bit of flexibility, but does away with the requirement for various provider services to know about remote-cryptsetup-pre.target.
| * units: add [Install] section to remote-cryptsetup.targetZbigniew Jędrzejewski-Szmek2017-10-131-0/+6
| | | | | | | | | | | | | | | | This makes this target the same as remote-fs.target in this regard. In practice it probably doesn't make that much difference, because all encrypted devices that are part of remote-fs.target (marked with _netdev) will be used for mount points, so they will be pulled in anyway individually, but with this change any such device will be configured, even if it is not pulled by any other unit.
* | mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)Michal Sekletar2017-10-161-1/+0
|/ | | | | | | | In the past we introduced this property just for tmp.mount. However on todays systems usually there are many more tmpfs mounts. Most notably mounts backing XDG_RUNTIME_DIR for each user. Let's generalize what we already have for tmp.mount and implement the ordering After=swap.target for all tmpfs based mounts.
* unit: enable DynamicUser= for journal-uploadYu Watanabe2017-10-061-2/+1
|
* timesyncd: enable DynamicUser=Yu Watanabe2017-10-061-2/+1
|
* Merge pull request #6909 from sourcejedi/unitsLennart Poettering2017-10-057-9/+9
|\ | | | | Unit dependency fixes (and cleanups)
| * units: DefaultDependencies already implies conflict with shutdown.targetAlan Jenkins2017-09-301-2/+0
| | | | | | | | (and system-update.target does not have DefaultDependencies=no)
| * units: add missing Before=shutdown.target for units which it ConflictsAlan Jenkins2017-09-303-2/+2
| | | | | | | | | | | | | | There's a few services missing this ordering. Also remove a duplicate Conflicts=shutdown.target from systemd-volatile-root.service.
| * units: add missing ordering deps for Conflicts= of emergency.serviceAlan Jenkins2017-09-292-0/+2
| | | | | | | | | | | | | | | | | | | | | | 1. If we exited emergency mode immediately, we don't want to have an irreversible stop job still running for syslog.socket. I _suspect_ that can't happen, but let's not waste effort working out exactly why it's impossible and not just very improbable. 2. Similarly, it seems undesirable to have rescue.service and emergency.service both running with an open FD of /dev/console, for however short a period.
| * units: express Conflict in syslog.socket instead of emergency.serviceAlan Jenkins2017-09-292-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note this commit only changes how the code is expressed; it does not change the existence of any dependency. The `Conflicts=` was added in 3136ec90, "Stop syslog.socket when entering emergency mode". The discussion in the issue #266 raised concerns that this might be needed for other units, but failed to point out why syslog.socket is special. The reason is that syslog.socket has DefaultDepedencies=no, so it does not get Requires=sysinit.target like other socket units do. But syslog.service does require sysinit.target, among other things. We don't have many socket, path, or timer units with DefaultDependencies=no, and I don't think any of the triggered services have such additional hard dependencies as syslog.service does. It is much less confusing if we keep this `Conflicts=` in the same file as the `DefaultDependencies=no` which made it necessary.
| * units: do not kill rescue shell when machines.target is startedAlan Jenkins2017-09-291-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original aim of this commit is that starting machines.target from the rescue shell would not kill the rescue shell and lock you out of the system. This is similar to commit 6579a622, for the conflict between sysinit.target and the _emergency_ shell. That particular commit introduced an ordering cycle and will need to be reverted and/or fixed. This one does not, because it does not need to introduce any new dependencies. The reason why this commit is allowable also has it's own merit: machines.target was not marked as AllowIsolate. Also, the point of containers is to not escape them... I don't think we want to promote machines.target as a default target or similar; you would generally want some system service to allow you to shut down the machine, for example. I don't see this approach used in CoreOS, nor in Fedora Atomic Host; we are missing any positive examples of its utility. Requires=basic.target / After=basic.target can be removed for the same reason.
* | units: restore User=systemd-journal-gateway in ↵Lennart Poettering2017-10-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | systemd-journal-gatewayd.service (#7005) After the discussions around #7003 I think we should restore the User=systemd-journal-gateway line for systemd-journal-gatewayd.service, too, so that we continue to use the state user if it exists, and create it as dynamic user only when it does not. Note that undoes part of a change made after 234, i.e. a never released change.
* | Merge pull request #6974 from keszybz/clean-up-definesLennart Poettering2017-10-041-10/+10
|\ \ | | | | | | Clean up define definitions
| * | build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/Zbigniew Jędrzejewski-Szmek2017-10-041-1/+1
| | | | | | | | | | | | | | | | | | The configuration option was called -Dresolve, but the internal define was …RESOLVED. This options governs more than just resolved itself, so let's settle on the version without "d".
| * | build-sys: s/HAVE_UTMP/ENABLE_UTMP/Zbigniew Jędrzejewski-Szmek2017-10-041-2/+2
| | | | | | | | | | | | | | | "Have" should be about the external environment and dependencies. Anything which is a pure yes/no choice should be "enable".
| * | build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* | | units: prohibit all IP traffic on all our long-running services (#6921)Lennart Poettering2017-10-048-0/+8
|/ / | | | | Let's lock things down further.
* / Revert "units: don't kill the emergency shell when sysinit.target is ↵Alan Jenkins2017-09-264-16/+9
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | triggered (#6765)" (#6904) This reverts commit f1e24a259ca182b6cd8a723a56da43435ce48aac. Oops. # systemctl emergency Failed to start emergency.target: Transaction order is cyclic. See syste... See system logs and 'systemctl status emergency.target' for details. # systemctl status emergency.target ● emergency.target - Emergency Mode Loaded: loaded (/usr/lib/systemd/system/emergency.target; static; vendor preset: disabled) Active: inactive (dead) since Mon 2017-09-25 10:43:02 BST; 2h 42min ago Docs: man:systemd.special(7) systemd[1]: sysinit.target: Found dependency on sysinit.target/stop sysinit.target: Unable to break cycle starting with sysinit.target/stop network.target: Found ordering cycle on wpa_supplicant.service/stop network.target: Found dependency on sysinit.target/stop network.target: Found dependency on emergency.target/start network.target: Found dependency on emergency.service/start network.target: Found dependency on serial-getty@ttyS0.service/stop network.target: Found dependency on systemd-user-sessions.service/stop network.target: Found dependency on network.target/stop network.target: Unable to break cycle starting with network.target/stop IMO #6509 is ugly enough that we should aim to answer it. But it could take some time to investigate, so let's re-open the issue as a first step.
* units: don't kill the emergency shell when sysinit.target is triggered (#6765)Alan Jenkins2017-09-144-9/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Why --- The advantage of this is that starting sysinit.target from the emergency shell will no longer kill the emergency shell and lock you out of the system. Our docs already claimed that emergency.target was useful for "starting individual units in order to continue the boot process in steps". This resolves #6509 for my purposes. Remaining limitation -------------------- Starting getty.target will still kill the shell, and if you don't have a root password you will then be locked out at that point. This is relevant to distributions which patch the sulogin system to permit logins when the root password is locked. Both Debian and RedHat used to follow this behaviour! Debian have been discussing what they could replace it with at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806852 So this doesn't quite achieve perfection, but I think it's a worthwhile change. It should be easier to understand the logic now it doesn't have such a big hole in it. Repairing the sysinit stage of the boot is the main reason we have emergency.target. And as discussed in the issue, sysinit.target gets pulled in implicitly as soon as any DefaultDependencies service is activated. How --- sysinit.target only needs to conflict with emergency.target. It didn't need to conflict with emergency.service as well. In theory the conflicts are pointless, we could just change the dependency of sysinit.target on local-fs.target from Wants to Requires. However, doing so would mean that when local-fs fails, the screen is flooded with yellow [DEPEND] failures. That would hinder the poor unfortunate admin, so let's not do that. There is no additional ordering requirement against emergency. If the failure happens, the job for sysinit will be cancelled instantly. We don't need to worry about when sysinit.target and its dependents would be stopped, because sysinit waits for local-fs before it starts. emergency.target is still necessarily stopped once we reach sysinit (you can't express a one-way conflict in pure unit directives). This is largely cosmetic... though perhaps it symbolizes that you're no longer in Emergency Mode if System Initialization is successful ;-). As a secondary advantage, the getty's which conflict on rescue.service now need to conflict on emergency.service as well. This makes the system more uniform and simpler to understand. The only other effect this should have is that `systemctl start emergency.target` is now practically the same as `systemctl start rescue.target`. The only units this command will stop are the conflicting getty units. Neither of those commands should ever be used. E.g. they will not stop the gdm.service unit on Fedora 26.
* Merge pull request #6790 from poettering/unit-unsetenvZbigniew Jędrzejewski-Szmek2017-09-142-2/+2
|\ | | | | add UnsetEnvironment= unit file setting, in order to fix #6407
| * units: properly unset the l10n environment variables where we need toLennart Poettering2017-09-142-2/+2
| | | | | | | | | | | | | | Now that we have UnsetEnvironment=, let's make proper use of it for unsetting l10n settings for console gettys. Fixes: #6407
* | units: set LockPersonality= for all our long-running services (#6819)Lennart Poettering2017-09-1415-0/+15
|/ | | | Let's lock things down. Also, using it is the only way how to properly test this to the fullest extent.
* units: remove unnecessary Requires= and After= in system.slice (#6794)John Lin2017-09-111-2/+0
|
* sulogin-shell: switch from shell implementation to a C implementation (#6698)Felipe Sateler2017-09-082-0/+2
|
* Merge pull request #6748 from msekletar/console-container-getty-pre-afterLennart Poettering2017-09-052-2/+2
|\ | | | | units: order container and console getty units after getty-pre.target
| * units: order container and console getty units after getty-pre.targetMichal Sekletar2017-09-052-2/+2
| |
* | units: add remote-cryptsetup.target and remote-cryptsetup-pre.targetZbigniew Jędrzejewski-Szmek2017-09-055-2/+30
| | | | | | | | | | | | The pair is similar to remote-fs.target and remote-fs-pre.target. Any cryptsetup devices which require network shall be ordered after remote-cryptsetup-pre.target and before remote-cryptsetup.target.
* | units: order cryptsetup-pre.target before cryptsetup.targetZbigniew Jędrzejewski-Szmek2017-09-051-0/+1
|/ | | | | | | Normally this happens automatically, but if it happened that both targets were pulled in, even though there were no cryptsetup units, they could be started in reverse order, which would be somewhat confusing. Add an explicit ordering to avoid this potential issue.
* Merge pull request #6580 from poettering/nspawn-dm-deviceallowZbigniew Jędrzejewski-Szmek2017-09-041-5/+10
|\ | | | | add DM devices to DeviceAllow for systemd-nspawn@.service
| * units: include DM devices in DeviceAllow fpor systemd-nspawn@.serviceLennart Poettering2017-08-291-5/+10
| | | | | | | | | | | | We need it to make LUKS devices work. Fixes: #6525
* | units: do not install rescue.target for alt-↑Alan Jenkins2017-08-311-3/+0
| | | | | | | | | | | | | | rescue.target does not work well for this. It is not meant to be started, only isolated. Fixes #6493
* | Merge pull request #6709 from yuwata/imply-requires-mountsLennart Poettering2017-08-314-4/+2
|\ \ | | | | | | core: StateDirectory= and friends imply RequiresMountsFor=
| * | unit: use StateDirectory= instead of RequiresMountsFor=Yu Watanabe2017-08-312-2/+2
| | |
| * | unit: drop redundant optionsYu Watanabe2017-08-312-2/+0
| | |
* | | units: introduce getty-pre.target (#6667)Michal Sekletar2017-08-314-2/+14
|/ / | | | | | | | | | | | | | | This new target is a passive unit, hence it is supposed to be pulled in to the transaction by the service that wants to block login on the console (e.g. text version of initial-setup). Now both getty and serial-getty are ordered after this target. https://lists.freedesktop.org/archives/systemd-devel/2015-July/033754.html