In many cases this might have a negative effect since we drop escaping
from strings where we better shouldn't have dropped it.
If unescaping makes sense for some settings we can readd it later again,
on a per-case basis.
https://bugs.freedesktop.org/show_bug.cgi?id=54522
When the new PID is invoked the journal socket from the initrd might
still be around. Due to the default log target being journal we'd log to
that initially when the new main systemd initializes even if the kernel
command line included a directive to redirect systemd's logging
elsewhere.
With this fix we initially always log to kmsg now, if we are PID1, and
only after parsing the kernel cmdline try to open the journal if that's
desired.
(The effective benefit of this is that SELinux performance data is now
logged again to kmsg like it used to be.)
Properly tell the kernel at bootup, and any later time zone changes,
the actual system time zone.
Things like the kernel's FAT filesystem driver needs the actual time
zone to calculate the proper local time to use for the on-disk time
stamps.
https://bugzilla.redhat.com/show_bug.cgi?id=802198
For setups with many listening sockets the default kernel resource limit
of 1024 fds is not enough. Bump this up to 64K to avoid any limitations
in this regard. We are careful to pass on the kernel default to daemons
however, since normally resource limits are a good to enforce,
especially since select() can't handle fds > 1023.
Add specifier expansion to Path and String conditions.
Specifier expansion for conditions will help create instance
and user session units by allowing us to template conditions
based on the instance or user session parameters.
An example would be a system-wide user session service file
that conditionally runs based on whether a user has the
service configured through a configuration file in ~/.config/.
This only adds the fields to the D-Bus interfaces but doesn't fill them
in with anything useful yet. Gummiboot exposes the necessary bits of
information to use however and as soon as I get my fingers on a proper
UEFI laptop I'll hook up the remaining bits.
Since we want to stabilize the D-Bus interface soon and include it in
the stability promise we should get the last fixes in, hence this change
now.
After talking to the cgroup kernel folks at LPC we came to the
conclusion that it is probably a good idea to mount all CPU related
resp. all network related cgroup controllers together, both because they
are good defaults for admins and because this might prepare
for eventual kernel cleanups where the ability to mount them separately
is removed.
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.
Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
right behaviour when people want writable mounts inside of
read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
The kernel does not allow switching roots if things are mounted
MS_SHARED. As a work-around, remount things MS_PRIVATE before switching
roots.
This should be fixed in the kernel for good.
https://bugzilla.redhat.com/show_bug.cgi?id=847418
Because root is now recursively marked as shared on bootup, we need to
recursively mark root as private. This prevents a pivot_root failure on
shutdown:
Cannot finalize remaining file systems and devices, giving up.
pivot failed: Invalid argument
In order to make containers work nicely out of the box it is highly
desirable to have the mount propagation mode for the root fs is set as
"shared" by default so that containers receive system mounts by default.
(See mount --make-shared for more information).
As it is unlikely that the kernel will change the default to "shared"
for this, do this early at boot-up from PID 1. Setups which prefer the
default of "private" should undo this change via invoking "mount
--make-private /" or a similar command after boot.
In the long run /etc/fstab should take the propagation mode as a mount
option like any other, so that this may be used to change the default
mode. However, if fstab is not around or doesn't list / we still should
default to shared as propagation mode, hence this change now.
Adds messages for formally silent errors: new "Failed on cmdline argument %s: %s".
Removes some specific error messages for -ENOMEM in mount-setup.c. A few specific
ones have been left in other binaries.
Old: systemd[1]: Got direct mount request for ffff88003bb10c00, triggered by 14476 (fuser)
New: systemd[1]: Got direct mount request on /dev/mqueue, triggered by 2177 (ls)
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
This should address TODO item "new dependency type to "group" services
in a target". Semantic of new dependency is as follows. Once configured
it creates dependency which will cause that all dependent units get
stopped if unit they all depend on is stopped or restarted. Usual use
case would be configuring PartOf=some.target in template unit file
and WantedBy=some.target in [Install] section and enabling desired
number of instances. In this case starting one instance won't pull in
target but stopping or starting target(in case of WantedBy is properly
configured) will cause stop/start of all instances.
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
There is no point in clearing the bits of a "struct stat" when the very
next statement just calls stat or fstat to fill in that same memory.
[zj: two more places]
It made no sense, and since we are documenting the bus calls now and
want to include them in our stability promise we really should get it
cleaned up sooner, not later.
#pragma once has been "un-deprecated" in gcc since 3.3, and is widely supported
in other compilers.
I've been using and maintaining (rebasing) this patch for a while now, as
it annoyed me to see #ifndef fooblahfoo, etc all over the place,
almost arrogant about the annoyance of having to define all these names to
perform a commen but neccicary functionality, when a completely superior
alternative exists.
I havn't sent it till now, cause its kindof a style change, and it is bad
voodoo to mess with style that has been established by more established
editors. So feel free to lambast me as a crazy bafoon.
v2 - preserve externally used headers
When an automatic restart is already queued, then make subsequent start
jobs wait until the restart can be handled (i.e. after the holdhoff
time), instead of simply fail.
systemd --version mirrors systemctl --version:
$ ./systemd --version
systemd 186
other
+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP
This information can be retrieved by other means (systemctl, etc.),
but it's easier for a newbie if 'systemd --version' says something
useful. And 'systemd --help' is already there, so let's complement
that with '--version'.
These printf specifiers allow us to refer to $HOME and $USER
in unit files. These are particularly helpful in instanced
units that have "User=" set, and in systemd --user domains.
The specifiers will return the pw_name and pw_dir fields
if the unit file has a User= field.
If the unit file does not have a User= field, the value
substituted is either $USER or $HOME from the environment,
or, if unset, the values from pw_name or pw_dir.
This patch is somewhat after Ran Benita's original patch,
which didn't get merged. I've split up the 2 specifiers
and extended them to do what is logically expected from
these specifiers.
Note that expansion is done at `start` time, not after
the units are parsed. Using `systemctl show` will just
show the specifiers.
<koen> | ./src/shared/unit-name.h:29:23: error: redefinition of typedef 'UnitType'
<koen> | ./src/core/unit.h:30:23: note: previous declaration of 'UnitType' was here
all other dependencies are in 3rd person. Change BindTo= accordingly to
BindsTo=.
Of course, the dependency is widely used, hence we parse the old name
too for compatibility.
If accessing an automount point triggers more changes to
/proc/self/mountinfo than just to add the directly wanted mount, these
changes can lead to spurious -ENODEV notifications on the automount unit
causing the request to fail when in fact the mount will be setup right
afterwards.
The MeeGo distribution is still a supported distribution, but
will probably not see an updated version of systemd anymore.
Most of the development is focussing on Tizen now, and the
generic support for building --with-distro=other is more than
adequate enough.
This patch removes the support as a custom configuration build
target in systemd. People who are still building this for
the MeeGo distribution should build as "other" distro.
sd_notify() should work for daemons that chroot() as part of their
initilization, hence it's a good idea to use an abstract namespace
socket which is not affected by chroot.
Having information from /proc/self/mountinfo is sufficient to consider a
mount unit loaded.
When there's no mountinfo, the loading of the fragment for the mount
unit is not optional. No extra dependency links must be added when the
loading fails.
https://bugzilla.redhat.com/show_bug.cgi?id=835848
This adds a timeout if the TTY cannot be acquired and makes sure we
always output the question to the console, never to the TTY of the
respective service.
With misconfigured mysql, which uses Restart=always, the following two
messages would loop indefinitely and the "systemctl start" would never
finish:
Job pending for unit, delaying automatic restart.
mysqld.service holdoff time over, scheduling restart.
In service_enter_dead() always set the state to SERVICE_FAILED/DEAD first
before setting SERVICE_AUTO_RESTART. This is to allow running jobs to
complete. OnFailure will be also triggered at this point, so there's no
need to do it again from service_stop() (where it was added in commit
f0c7b229).
Note that OnFailure units should better trigger only after giving up
auto-restarting, but that's for another patch to solve.
https://bugzilla.redhat.com/show_bug.cgi?id=832039
The rule is that units that encapsulate our own code are prefixed with
"systemd-". Since the fsck units invoke our own code, hence add the
missing prefix. Since a long long time the fsck units didn't invoke the
naked fsck binaries anymore, and it is unlikely that this well ever
change. On the opposite: the code in systemd-fsck will probably get more
complex over time to handle fsck progress to plymouth forwarding.
Same for quotacheck (but not quotaon!)
Names= is a source of errors, simply because alias names specified like
this only become relevant after a unit has been loaded but cannot be
used to load a unit.
Let's get rid of the confusion and drop this field. To establish alias
names peope should use symlinks, which have the the benefit of being
useful as key to load a unit, even though they are not taken into
account if unit names are listed but they haven't been explicitly
referenced before.
People should use systemd.pc if anything at all to determine these
directories, and people should not assume that the bus fields are part
of the supported API, so let's just drop this.
This option never made much sense. It was originally intended to make
sure that the usual startup output of sysv scripts goes to the terminal.
However, since SysV scripts started from a terminal would not output to
that terminal, but rather /dev/console this effect was more often than
not actually taking place. Nowadays systemd has much nicer boot time
status output than SysV which makes the sysv output redundant. Finally,
all output of services goes to the journal anyway, and is not lost.
Hence, let's drop this option, and simplify things a bit.
This makes sure that
systemctl status /home
is implicitly translated to:
systemctl status /home.mount
Similar, /dev/foobar becomes dev-foobar.device.
Also, all characters that cannot be part of a unit name are implicitly
escaped.
As described in
https://bugs.freedesktop.org/show_bug.cgi?id=50184
the journal currently doesn't set fields such as _SYSTEMD_UNIT
properly for messages coming from processes that have already
terminated. This means among other things that "systemctl status" may
not show some of the output of services that wrote messages just
before they exited.
This patch fixes this by having processes that log to the journal
write their unit identifier to journald when the connection to
/run/systemd/journal/stdout is opened. Journald stores the unit ID
and uses it to fill in _SYSTEMD_UNIT when it cannot be obtained
normally (i.e. from the cgroup). To prevent impersonating another
unit, this information is only used when the caller is root.
This doesn't fix the general problem of getting metadata about
messages from terminated processes (which requires some kernel
support), but it allows "systemctl status" and similar queries to do
the Right Thing for units that log via stdout/stderr.
Let's try to standardize a bit the RPM macros used for
installing/uninstalling services.
This only covers the non-SysV compat bits, since that tends to vary
widely between the various distros.
Usage:
Add %{?systemd_requires} to the header of the spec file. And then:
%post
%systemd_post foobar.service
%preun
%systemd_preun foobar.service
%postun
%systemd_postun foobar.service
And, instead of the latter, in case the service shall be restarted on updates:
%postun
%systemd_postun_restart foobar.service
Command systemctl stop foo.service, will print error message, when
foo.service is unknown to systemd, i.e. there is no unit file loaded for
this service.
https://bugzilla.redhat.com/show_bug.cgi?id=732874
NotifySocket= is hardly useful, people should use $NOTIFY_SOCKET if
anything.
RunningAs= suggests people had a choice of running user mode as PID 1 or
vice versa, so remove this too.
This moves FsckPassNo= and SysVStartPriority= into its own
"Compatibility Options" section in the man page to clarify that these
options are not useful for anything but establishing a limited amount of
compatibility.
Also stop exposing these options on the bus.
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
We want to avoid a deadlock when a service has ExecStartPre= programs
that wait for the job queue to run empty because of Type=idle, but which
themselves keep the queue non-empty because START_PRE was considered
ACTIVATING and hence the job not complete. With this patch we alter the
state translation table so that it is impossible ever to wait for
Type=idle unit, hence removing the deadlock.
Previously generated units were always placed at the end of the search
path. With this change there will be three unit dirs instead of one, to
place generated entries at the beginning, in the middle and at the end
of the search path:
beginning: for units that need to override all configuration, regardless
of user or vendor. Example use: system-update-generator uses this to
temporarily redirect default.target.
middle: for units that need to override vendor configuration, but not
vendor configuration. Example use: /etc/fstab should override vendor
supplied configuration (think /tmp), but should not override native user
configuration.
end: does not override anything but is available as well. Possible usage
might be to convert D-Bus bus service files to native units but allowing
vendor supplied native units to win.
UnitPath= is also writable via native units and may be used by generators
to clarify from which file a unit is generated. This patch also hooks up
the cryptsetup and fstab generators to set UnitPath= accordingly.
When service_stop() handles a service in the SERVICE_AUTO_RESTART state,
it calls service_set_state() to transition it to the SERVICE_DEAD state.
However if the service failed, it should transition it to SERVICE_FAILED
instead, which will trigger its OnFailure units. To achieve this, we now
call service_enter_dead() in place of service_set_state(), which will
transition the service to either SERVICE_DEAD or SERVICE_FAILED as is
appropriate.
Also, some misleading comments are adjusted: service_stop() is not only
called on a user request, but also during an automatic restart in order
to handle dependencies.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=45511
Lennart Poettering