Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
Note: in check_triggering_units 'path' will be allocated twice. This is a
conscious choice, this way the implementation is simpler and not worth
optimizing.
Fixes#8519.
This adds flags BUS_MAP_STRDUP and BUS_MAP_BOOLEAN_AS_BOOL.
If BUS_MAP_STRDUP is set, then each "s" message is duplicated.
If BUS_MAP_BOOLEAN_AS_BOOL is set, then each "b" message is
written to a bool pointer.
Follow-up for #8488.
See https://github.com/systemd/systemd/pull/8488#discussion_r175816270.
This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.
This takes inspiration from Rust:
https://doc.rust-lang.org/std/option/enum.Option.html#method.take
and was suggested by Alan Jenkins (@sourcejedi).
It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
The warning is not emitted for absolute paths like /dev/sda or /home, which are
converted to .device and .mount unit names without any fuss.
Most of the time it's unlikely that users use invalid unit names on purpose,
so let's warn them. Warnings are silenced when --quiet is used.
$ build/systemctl show -p Id hello@foo-bar/baz
Invalid unit name "hello@foo-bar/baz" was escaped as "hello@foo-bar-baz" (maybe you should use systemd-escape?)
Id=hello@foo-bar-baz.service
$ build/systemd-run --user --slice foo-bar/baz --unit foo-bar/foo true
Invalid unit name "foo-bar/foo" was escaped as "foo-bar-foo" (maybe you should use systemd-escape?)
Invalid unit name "foo-bar/baz" was escaped as "foo-bar-baz" (maybe you should use systemd-escape?)
Running as unit: foo-bar-foo.service
Fixes#8302.
Even if pager_open() fails, in general, we should continue the operations.
All erroneous cases in pager_open() show log message in the function.
So, it is not necessary to check the returned value.
When we are in late shutdown, and for whatever reason kexec fails, we should
proceed with a normal reboot. Network is down and sessions have been terminated
when we attempt to do the kexec, so rebooting normally is a better solution.
Logs from the case where the kexec kernel is not usable:
Mar 08 11:23:10 fuefi systemd[1]: Reached target Final Step.
Mar 08 11:23:10 fuefi systemd[1]: Starting Reboot via kexec...
Mar 08 11:23:10 fuefi systemctl[1480]: Cannot find the ESP partition mount point.
Mar 08 11:23:10 fuefi systemctl[1480]: Failed to load kexec kernel, continuing without.
Mar 08 11:23:10 fuefi systemd[1]: Shutting down.
... and then we proceed to do a normal reboot
Related to #7730.
Suspend to Hibernate is a new sleep method that invokes suspend
for a predefined period of time before automatically waking up
and hibernating the system.
It's similar to HybridSleep however there isn't a performance
impact on every suspend cycle.
It's intended to use with systems that may have a higher power
drain in their supported suspend states to prevent battery and
data loss over an extended suspend cycle.
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
NAME is kind of meaningless, because everything has a name. "Unit"
makes it more obvious that a name of a unit is necessary. I was always
momentarily baffled by "set-property NAME ASSIGNMENT...", where there
are two objects (the unit and the property), and it's not clear which of
the two "NAME" is supposed to signify.
So far, we had two implementations of reboot-with-parameter doing pretty
much the same. Let's unify that in a generic implementation used by
both.
This is particulary nice as it unifies all /run/systemd/reboot-param
handling in a single .c file.
This is primarily preparation for a follow-up commit that adds a common
implementation of the other side of the reboot parameter file, i.e. the
code that reads the file and issues reboot() for it.
This mimics the raw_clone() call we have in place already and
establishes a new syscall wrapper raw_reboot() that wraps the kernel's
reboot() system call in a bit more low-level fashion that glibc's
reboot() wrapper. The main difference is that the extra "arg" argument
is supported.
Ultimately this just replaces the syscall wrapper implementation we
currently have at three places in our codebase by a single one.
With this change this means that all our syscall() invocations are
neatly separated out in static inline system call wrappers in our header
functions.
EnvironmentFile= is used in the unit file, but in the dbus,
the related field name is EnvironmentFiles=.
As the other variables, let's use the field name instead of the name
used in the unit file setting.
Previously, we'd explicitly use "GetUnit()" on the server side to
convert a unit name into a bus path, as that function will return an
error if the unit is not currently loaded. If we'd convert the path on
the client side, and access the unit this way directly the unit would be
loaded automatically in the background.
The old logic was done in order to minimize the effect of "is-active" on
the system, i.e. that a monoitoring command does not itself alter the
state of the system.
however, this is problematic as this can lead to confusing results if
the queried unit name is an alias that currently is not loaded: we'd
claim the unit wasn't active even though this isn't strictly true: the
unit the name is an alias for might be.
Hence, let's simplify the code, and accept that we might end up loading
a unit briefly here, and let's make "systemctl is-active" skip the
GetUnit() thing and calculate the unit path right away.
Fixes: #7875
Apparently O_NONBLOCK is the modern name used in most documentation and
for most cases in our sources. Let's hence replace the old alias
O_NDELAY and stick to O_NONBLOCK everywhere.
Let's remove a number of synchronization points from our service
startups: let's drop synchronous match installation, and let's opt for
asynchronous instead.
Also, let's use sd_bus_match_signal() instead of sd_bus_add_match()
where we can.
When we check the exit status of a subprocess, let's compare it with
EXIT_SUCCESS rather than 0 when looking for success.
This clarifies in code what kind of variable we are looking at and what
we are doing.
Using wait_for_terminate_and_check() instead of wait_for_terminate()
let's us simplify, shorten and unify the return value checking and
logging of waitid(). Hence, let's use it all over the place.
This new flag will cause safe_fork() to wait for the forked off child
before returning. This allows us to unify a number of cases where we
immediately wait on the forked off child, witout running any code in the
parent after the fork, and without direct interest in the precise exit
status of the process, except recgonizing EXIT_SUCCESS vs everything
else.
This renames wait_for_terminate_and_warn() to
wait_for_terminate_and_check(), and adds a flags parameter, that
controls how much to log: there's one flag that means we log about
abnormal stuff, and another one that controls whether we log about
non-zero exit codes. Finally, there's a shortcut flag value for logging
in both cases, as that's what we usually use.
All callers are accordingly updated. At three occasions duplicate logging
is removed, i.e. where the old function was called but logged in the
caller, too.
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
Followup to previous commit. Suggested by @poettering.
Reindented the `verbs[]` tables to match the apparent previous
whitespace rules (indent to one flag, allow multiple flags to overflow?).
A lot of code references the `running_in_chroot()` function; while
I didn't dig I'm pretty certain this arose to deal with situations
like RPM package builds in `mock` - there we don't want the `%post`s
to `systemctl start` for example.
And actually this exact same use case arises for
[rpm-ostree](https://github.com/projectatomic/rpm-ostree/)
where we implement offline upgrades by default; the `%post`s are
always run in a new chroot using [bwrap](https://github.com/projectatomic/bubblewrap).
And here's the problem: bwrap creates proper mount roots, so it
passes `running_in_chroot()`, and then if a script tries to do
`systemctl start` we get:
`System has not been booted with systemd as init system (PID 1)`
but that's an *error*, unlike the `running_in_chroot()` case where we ignore.
Further complicating things is there are real world RPM packages
like `glusterfs` which end up invoking `systemctl start`.
A while ago, the `SYSTEMD_IGNORE_CHROOT` environment variable was
added for the inverse case of running in a chroot, but still wanting
to use systemd as PID 1 (presumably some broken initramfs setups?).
Let's introduce a `SYSTEMD_OFFLINE` environment variable for cases like
mock/rpm-ostree so we can force on the "ignore everything except preset" logic.
This way we'll still not start services even if mock switches to use nspawn or
bwrap or something else that isn't a chroot.
We also cleanly supercede the `SYSTEMD_IGNORE_CHROOT=1` which is now spelled
`SYSTEMD_OFFLINE=0`. (Suggested by @poettering)
Also I made things slightly nicer here and we now print the ignored operation.
This renames find_esp() to find_esp_and_warn() and tries to normalize its
behaviour:
1. Change the error that is returned when we can't find the ESP to
ENOKEY (from ENOENT). This way the error code can only mean one
thing: that our search loop didn't find a good candidate.
2. Really log about all errors, except for ENOKEY and EACCES, and
document the letter cases.
3. Normalize parameters to the call: separate out the path parameter in
two: an input path and an output path. That way the memory management
is clear: we will access the input parameter only for reading, and
only write out the output parameter, using malloc() memory.
Before the calling convention were quire surprising for internal API
code, as the path parameter had to be malloc() memory and might and
might not have changed.
4. Rename bootctl's find_esp_warn() to acquire_esp(), and make it a
simple wrapper around find_esp_warn(), that basically just adds the
friendly logging for the ENOKEY case. This rework removes double
logging in a number of error cases, as we no longer log here in
anything but ENOKEY, and leave that entirely to find_esp_warn().
5. find_esp_and_warn() now takes a bool flag parameter
"unprivileged_mode", which disables logging in the EACCES case, and
skips privileged validation of the path. This makes the function less
magic, and doesn't hide this internal silencing automatism from the
caller anymore.
With all that in place "bootctl list" and "bootctl status" work properly
(or as good as they can) when I invoke the tools whithout privileges on
my system where /boot is not world-readable
Let's not use local process data for remote processes, that can only
show nonsense.
Maybe one day we should add a bus API to query the comm field of a
process remotely, but for now, let's not bother, the information is
redundant anyway, as the cgroup data shows it too (and the cgroup tree
is show as part of status as well, and is requested from remote through
dbus, without local kernel calls).
Fixes: #7516
This message is displayed either when the unit file itself is newer than
what is loaded, but also when any of the drop-ins is newer. Say so in
the message, in order not to confuse the user unnecessarily.
We should not only ignore "-t" itself, but also whatever is passed to
it.
This pretty much reverts the core of
a4420f7b8e, and adds back in the status
quo ante. What a difference a ':' can make.
This also adds a quick comment for this, so that we don't make this
mistake again.
Fixes: #7413
We just load the same kernel that would be loaded by default by sd-boot, with
the same options. Changing the kernel or initramfs or options is left for
later.
Now we will refuse to continue if loading fails. This makes 'systemctl kexec'
more predictable: it will not fall back to normal reboot if the kernel is
not loaded.
Both permit configuring data to pass through STDIN to an invoked
process. StandardInputText= accepts a line of text (possibly with
embedded C-style escapes as well as unit specifiers), which is appended
to the buffer to pass as stdin, followed by a single newline.
StandardInputData= is similar, but accepts arbitrary base64 encoded
data, and will not resolve specifiers or C-style escapes, nor append
newlines.
This may be used to pass input/configuration data to services, directly
in-line from unit files, either in a cooked or in a more raw format.
loginctl, machinectl, systemctl all have very similar implementations of
a get_output_flags() functions. Simplify it by merging two lines that
set the same flag.
Currently, "systemctl reboot" behaves differently in setups with and
without logind. If logind is used (which is probably the more common
case) the operation is asynchronous, and otherwise synchronous (though
subject to --no-block in this case). Let's clean this up, and always
expose the same behaviour, regardless if logind is used or not: let's
always make it asynchronous.
It might make sense to add a "--block" mode in a future PR that makes
these operations synchronous, but this requires non-trivial work in
logind, and is outside of the scope of this change.
See: #6479
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
This was the one valid site in commit
ee043777be.
The second part of this hunk, avoiding using `%m`
when we didn't actually have `errno` set, seems
like a nice enough cleanup to be worthwhile on
it's own.
Also use PID_FMT to improve the error message we print
(pid_t is signed).
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
This reverts commit ee043777be.
It broke almost everywhere it touched. The places that
handn't been converted, were mostly followed by special
handling for the invalid PID `0`. That explains why they
tested for `pid < 0` instead of `pid <= 0`.
I think that one was the first commit I reviewed, heh.
systemctl would try to load the properties of the unit, which is impossible
for template names, and the whole operation would fail. It seems that this
regression was introduced in 00c83b4300.
Export the part of unit_find_paths() responsible for locating instance unit
fragments and reuse it from unit_exists() to fix the handling of template
units.
Fixes#6412.
913c1916 changed _ACTION_INVALID to negative, changing the enum to a
signed type. Take care to avoid comparing it with an unsigned type.
../src/systemctl/systemctl.c: In function ‘start_unit’:
../src/systemctl/systemctl.c:3107:35: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
assert(arg_action < ELEMENTSOF(action_table));
start_unit() is a little tangled. There's an easy part we can untangle,
then readers can concentrate on the more necessary complexity.
* Derive (method, action, mode) more clearly, as disjoint cases based on
the command. Don't rely on action_table[_ACTION_INVALID].target being
implicitly initialized to NULL.
verb_to_method() is now only used on one case, but not because I strongly
object to the implicit "StartUnit" cases. It's more a syntax problem.
I think the old code takes me longer to understand, because the call
comes just above a similar-looking call to verb_to_action(), but the
results of the two functions are used in different ways. It also helps
that the new code ends up having a more regular form, for the 4 different
cases.
These changes cost 6 extra lines.
* Add an assertion to confirm that we do not pass mode=NULL.
ACTION_EMERGENCY and ACTION_DEFAULT would be handled correctly by
start_with_fallback(). However there is no fallback available for
them, and they would never be set in `arg_action` in the first
place. Remove the unused cases from the switch statement.
@poettering suggested this makes a good place to clarify the point,
explicitly listing all the `arg_action` values which would never be
set.
There's no good reason to use `--wait` with ReloadOrRestartUnit, or
TryRestartUnit.
The message was also wrong in another sense. 'systemctl isolate'
starts units, but it did not support `--wait`. Although it's
unlikely anyone would want to do that in the first place.
Since busname units are only useful with kdbus, they weren't actively
used. This was dead code, only compile-tested. If busname units are
ever added back, it'll be cleaner to start from scratch (possibly reverting
parts of this patch).
systemctl link is the only systemctl verb that takes a filename (and not
a unit name) as argument
use path_strv_make_absolute_cwd to expand the provided filename in order
to make it easier to use from the command line
keep the absolute pathname requirement when --root is used
[zj: add explicit error messages for the cases of --root and plain filename
instead of skipping normalization and just relying on systemd to refuse
to link non-absolute arguments. This allows us to make the error message
more informative.]
It is useful to know when a timer will trigger next when looking at a
timer status message so calculate and print that information.
Closes#5738.
Example output:
$ systemctl status dnf-makecache.timer
● dnf-makecache.timer - dnf makecache timer
Loaded: loaded (/usr/lib/systemd/system/dnf-makecache.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2017-07-04 17:24:02 EDT; 24min ago
Trigger: Tue 2017-07-04 18:15:56 EDT; 27min left
Also called "ANSI-C Quoting" in info:(bash) ANSI-C Quoting.
The escaping rules are a POSIX proposal, and are described in
http://austingroupbugs.net/view.php?id=249. There's a lot of back-and-forth on
the details of escaping of control characters, but we'll be only using a small
subset of the syntax that is common to all proposals and is widely supported.
Unfortunately dash and fish and maybe some other shells do not support it (see
the man page patch for a list).
This allows environment variables to be safely exported using show-environment
and imported into the shell. Shells which do not support this syntax will have
to do something like
export $(systemctl show-environment|grep -v '=\$')
or whatever is appropriate in their case. I think csh and fish do not support
the A=B syntax anyway, so the change is moot for them.
Fixes#5536.
v2:
- also escape newlines (which currently disallowed in shell values, so this
doesn't really matter), and tabs (as $'\t'), and ! (as $'!'). This way quoted
output can be included directly in both interactive and noninteractive bash.
$ reboot -f
Failed to read reboot parameter file: No such file or directory
It seems that the warning on ENOENT was inadvertently introduced in
27c06cb516.
The warning reported in #5646 comes from systemctl, but let's fix the other
call site in the same way too.
Fixes#5646.
We used ENABLE_LOGIND for the automake conditional, and HAVE_LOGIND
for the ifdef. That wasn't wrong, but it certainly was confusing.
Also, move the ifdeffery to avoid warning about unused static function
logind_set_wall_message() when logind is disabled.
The hint is not too explicit, and just refers to the man page, because this
option is slightly dangereous. This was we don't have to discuss the limitation
in the hint itself.
Fixes#4002.
"systemctl --user edit --force --full tmp.mount" would crash, when we'd do
basename(NULL). Fix this by creating a new unit or a new override even if
not path is found.
Tested with:
systemctl --user edit --force --full tmp.mount
systemctl --user edit --force tmp.mount
systemctl --user edit foo@.service
systemctl --user edit foo@bar.service
systemctl --user edit --full foo@.service
systemctl --user edit --full foo@bar.service
This adds a unified "copy_flags" parameter to all copy_xyz() function
calls, replacing the various boolean flags so far used. This should make
many invocations more readable as it is clear what behaviour is
precisely requested. This also prepares ground for adding support for
more modes later on.
And then show it, to make things a bit friendlier to the user if we fail
acquiring some props.
In fact, this fixes a number of actual bugs, where we used an error
structure for output that we actually never got an error in.
Essentially, instead of sequentially adding deps based on all symlinks
encountered in .wants and .requires dirs for each name and each unit file load
path, iteratate over the load paths and unit names gathering symlinks, then
order them based on priority, and then iterate over the final list, adding
dependencies.
This patch doesn't change the logic too much, except that the order in which
dependencies are applied might be different. It wasn't defined before, so that
not really a change. Adding filtering on the symlinks is left for later
patches.
"systemctl show -pUnknown <service>" used to exit with '0' even if the property
passed by '-p' doesn't exist. But since commit 3dced37b7c (v231+),
it exits with a failure status.
"systemctl show" is supposed to be scriptable and therefore its behavior is
supposed to be stable.
This patch restores the old behavior on which a couple of scripts already rely
now.
Also when the requested property doesn't exist, it always logs it at the debug
level since this part of the code is only used by the show command.
Fixes: #5118
The general rule is:
- code in shared/ should take an "original_root" argument (possibly NULL)
and pass it along down to chase_symlinks
- code in core/ should always use specify original_root==NULL, since we
don't support running the manager from non-root directory
- code in systemctl and other tools should pass arg_root.
For any code that is called from tools which support --root, chase_symlinks
must be used to look up paths.
'systemctl --failed' is an extremely common operation and it's nice to have
a shortcut for it.
Revert "man: don't document systemctl --failed" and add the option back to
systemctl's help and shell completion scripts.
This reverts commit 036359ba8d.
A fixed value (6 and later 5) was added back in 4deb3b9391, and
not updated when load_len was added later on.
Also the other 5 with 1 + 1 + 1 + 1 + 1 to make it easier to see
that this is about the column separators.
When a unit is part of several dependency constraints of another
unit, list-dependencies repeats the name of the dependency for each
dep constraint the unit is encountered.
For example:
$ systemctl cat test-main.target
# /etc/systemd/system/test-main.target
[Unit]
Description=Main Target
$ systemctl cat test.target
[Unit]
Description=Sub target
PartOf=test-main.target
[Install]
WantedBy=test-main.target
$ systemctl enable test.target
Created symlink from /etc/systemd/system/test-main.target.wants/test.target to /etc/systemd/system/test.target.
$ systemctl show test-main.target | grep test.target
Wants=test.target
ConsistsOf=test.target
[...]
$ systemctl list-dependencies test-main.target
test-main.target
● ├─test.target
● └─test.target
With this patch applied, dependencies are shown only once.
Core was generated by `systemctl cat test@.target test@.service'.
Program terminated with signal SIGSEGV, Segmentation fault.
32 movdqu (%rdi), %xmm0
(gdb) bt
-0 strrchr () at ../sysdeps/x86_64/strrchr.S:32
-1 0x00007f57fdf837fe in __GI___basename (filename=0x0) at basename.c:24
-2 0x000055b8a77d0d91 in unit_find_paths (bus=0x55b8a9242f90, unit_name=0x55b8a92428f0 "test@.service", lp=0x7ffdc9070400, fragment_path=0x7ffdc90703e0, dropin_paths=0x7ffdc90703e8) at src/systemctl/systemctl.c:2584
-3 0x000055b8a77dbae5 in cat (argc=3, argv=0x7ffdc9070678, userdata=0x0) at src/systemctl/systemctl.c:5324
-4 0x00007f57fe55fc6b in dispatch_verb (argc=5, argv=0x7ffdc9070668, verbs=0x55b8a77f1c60 <verbs>, userdata=0x0) at src/basic/verbs.c:92
-5 0x000055b8a77e477f in systemctl_main (argc=5, argv=0x7ffdc9070668) at src/systemctl/systemctl.c:8141
-6 0x000055b8a77e5572 in main (argc=5, argv=0x7ffdc9070668) at src/systemctl/systemctl.c:8412
The right behaviour is not easy in this case. Implement some "sensible" logic.
Fixes#4912.
Let's remove chase_symlinks_prefix() and instead introduce a flags parameter to
chase_symlinks(), with a flag CHASE_PREFIX_ROOT that exposes the behaviour of
chase_symlinks_prefix().
This is a different way to implement the fix proposed by commit
a4021390fe suggested by Lennart Poettering.
In this patch we instruct PID1 to not kill "systemctl switch-root" command
started by initrd-switch-root service using the "argv[0][0]='@'" trick.
See: https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ for
more details.
We had to backup argv[0] because argv is modified by dispatch_verb().
(before)$ systemctl list-jobs --before --after
JOB UNIT TYPE STATE
8769 foobar.device start running
A job waits for this job: 8669 (run-rb6da596d0cfa4e36b7c594cd973e795a.service/start)
8669 run-rb6da596d0cfa4e36b7c594cd973e795a.service start waiting
This job waits for a job: 8769 (foobar.device/start)
2 jobs listed.
(after)$ systemctl list-jobs --before --after
JOB UNIT TYPE STATE
8769 foobar.device start running
waiting for job 8669 (run-rb6da596d0cfa4e36b7c594cd973e795a.service/start)
8669 run-rb6da596d0cfa4e36b7c594cd973e795a.service start waiting
blocking job 8769 (foobar.device/start)
2 jobs listed.
Sometimes it is useful for debugging purposes to force systemctl to connect to
PID 1 via the bus instead of direct connection, even if the direct connection
is possible.
Otherwise we think the alias is the real unit, and may edit/cat the
wrong unit.
Before this patch:
$ systemctl edit autovt@ # creates dropin in /etc/systemd/system/autovt@.service.d
$ systemctl cat autovt@ | grep @.service
# /lib/systemd/system/autovt@.service
# that serial gettys are covered by serial-getty@.service, not this
# /etc/systemd/system/autovt@.service.d/override.conf
$ systemctl cat getty@ | grep @.service
# /lib/systemd/system/getty@.service
# that serial gettys are covered by serial-getty@.service, not this
After this patch
$ systemctl edit autovt@ # creates dropin in /etc/systemd/system/getty@.service.d
$ systemctl cat autovt@ | grep @.service
# /usr/lib/systemd/system/getty@.service
# that serial gettys are covered by serial-getty@.service, not this
# /etc/systemd/system/getty@.service.d/override.conf
systemctl cat getty@ | grep @.service
# /usr/lib/systemd/system/getty@.service
# that serial gettys are covered by serial-getty@.service, not this
# /etc/systemd/system/getty@.service.d/override.conf
We don't have plural in the name of any other -util files and this
inconsistency trips me up every time I try to type this file name
from memory. "formats-util" is even hard to pronounce.
Make the underlining between the header and the body and between the units of
different types span the whole width of the table.
Let's never make the table wider than necessary (which is relevant due the
above).
When space is limited and we can't show the full ID or description string
prefer showing the full ID over the full description. The ID is after all
something people might want to copy/paste, while the description is mostly just
helpful decoration.
It may be desired by users to know what targets a particular service is
installed into. Improve user friendliness by teaching the is-enabled
command to show such information when used with --full.
This patch makes use of the newly added UnitFileFlags and adds
UNIT_FILE_DRY_RUN flag into it. Since the API had already been modified,
it's now easy to add the new dry-run feature for other commands as
well. As a next step, --dry-run could be added to systemctl, which in
turn might pave the way for a long requested dry-run feature when
running systemctl start.
SIGTERM should be considered a clean exit code for daemons (i.e. long-running
processes, as a daemon without SIGTERM handler may be shut down without issues
via SIGTERM still) while it should not be considered a clean exit code for
commands (i.e. short-running processes).
Let's add two different clean checking modes for this, and use the right one at
the appropriate places.
Fixes: #4275
Let's get rid of is_clean_exit_lsb(), let's move the logic for the special
handling of the two LSB exit codes into the sysv-generator by writing out
appropriate SuccessExitStatus= lines if the LSB header exists. This is not only
semantically more correct, bug also fixes a bug as the code in service.c that
chose between is_clean_exit_lsb() and is_clean_exit() based this check on
whether a native unit files was available for the unit. However, that check was
bogus since a long time, since the SysV generator was introduced and native
SysV script support was removed from PID 1, as in that case a unit file always
existed.
Show is documented to be program-parseable, and printing the warning about
about a non-existent unit, while useful for humans, broke a lot of scripts.
Restore previous behaviour of returning success and printing empty or useless
stuff for units which do not exist, and printing empty values for properties
which do not exists.
With SYSTEMD_LOG_LEVEL=debug, hints are printed, but the return value is
still 0.
This undoes parts of e33a06a and 3dced37b7 and fixes#3856.
We might consider adding an explicit switch to fail on missing units/properties
(e.g. --ensure-exists or similar), and make -P foobar equivalent to
--ensure-exists --property=foobar.
Prior to this commit, users could be given an unusable command to run if
they attempted to stop or start special services. For example:
$ systemctl stop -- -.mount
Failed to stop -.mount: Operation refused, unit -.mount may be \
requested by dependency only.
See system logs and 'systemctl status -.mount' for details.
$ systemctl status -.mount
systemctl: invalid option -- '.'
This adds a '--' to the example command in these situations.
Otherwise for example services that are failing on start and have Restart=on-failure
and bigger RestartSec systemctl status will return 0.
Fixes: #3864
systemd now returns an error when it is asked to perform disable on the
unit file path. In the past this was allowed, but systemd never really
considered an actual content of the [Install] section of the unit
file. Instead it performed disable on the unit name, i.e. purged all
symlinks pointing to the given unit file (undo of implicit link action
done by systemd when enable is called on the unit file path) and all
symlinks that have the same basename as the given unit file.
However, to notice that [Install] info of the file is not consulted one
must create additional symlinks manually. I argue that in most cases
users do not create such links. Let's be nice to our users and don't
break existing scripts that expect disable to work with the unit file
path.
Fixes#3706.
% valgrind --leak-check=full systemctl status multipathd.service --no-pager -n0
...
==431== 16 bytes in 2 blocks are definitely lost in loss record 1 of 2
==431== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==431== by 0x534AF19: strdup (in /usr/lib64/libc-2.23.so)
==431== by 0x4E81AEE: free_and_strdup (string-util.c:794)
==431== by 0x4EF66C1: map_basic (bus-util.c:1030)
==431== by 0x4EF6A8E: bus_message_map_all_properties (bus-util.c:1153)
==431== by 0x120487: show_one (systemctl.c:4672)
==431== by 0x1218F3: show (systemctl.c:4990)
==431== by 0x4EC359E: dispatch_verb (verbs.c:92)
==431== by 0x12A3AE: systemctl_main (systemctl.c:7742)
==431== by 0x12B1A8: main (systemctl.c:8011)
==431==
==431== LEAK SUMMARY:
==431== definitely lost: 16 bytes in 2 blocks
This happens because map_basic() strdups the strings. Other code in systemctl
assigns strings to UnitStatusInfo without copying them, relying on the fact
that the message is longer lived than UnitStatusInfo. Add a helper function
that is similar to map_basic, but only accepts strings and does not copy them.
The alternative of continuing to use map_basic() but adding proper cleanup
to free fields in UnitStatusInfo seems less attractive because it'd require
changing a lot of code and doing a lot of more allocations for little gain.
(I put "leaking" in quotes, because systemctl is short lived anyway.)
Clarify that "systemctl enable" can operate either on unit names or on unit
file paths (also, adjust the --help text to clarify this). Say that "systemctl
enable" on unit file paths also links the unit into the search path.
Many other fixes.
This should improve the documentation to avoid further confusion around #3706.
Don't check inhibitors when operating remotely. The interactivity inhibitors
imply can#t be provided anyway, and the current code checks for local sessions
directly, via various sd_session_xyz() APIs, hence bypass it entirely if we
operate on remote systems.
Fixes: #3476
If we show both a control and a main PID for a service fix this line in the
output of "systemctl status":
Main PID: 19670 (sleep); : 19671 (sleep)
to become this:
Main PID: 19670 (sleep); Control PID: 19671 (sleep)
When unit has multiple condition list, systemctl is not showing which
conditions were failed. When user want to know which conditions were
failed, user has to check for each conditions.
So, show failed condition list also.
In https://github.com/systemd/systemd/issues/3543, we would open the pager
before starting ssh, and the pipe fd was "leaked" into the ssh child as the
stderr fd. Previous commit fixes bus-socket to nullify stderr before launching
the child, but it seems reasonable to also delay starting the pager.
If we are going to croak when trying to open the transport, it seems better
to do this before starting the pager.
This commit would also fix#3543 on its own.
If "systemctl -H" is used, let's make sure we first terminate the bus
connection, and only then close the pager. If done in this order ssh will get
an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
terminate. This makes sure the standard error we were invoked on is released by
ssh, and only that makes sure we don't deadlock on the pager which waits for
all clients closing its input pipe.
(Similar fixes for the various other xyzctl tools that support both pagers and
-H)
Fixes: #3543
This reworks "systemctl status" and "systemctl show" a bit. It removes the
definition of the `property_info` structure, because we can simply reuse the
existing UnitStatusInfo type for that.
The "could not be found" message is now printed by show_one() itself (and not
its caller), so that it is shown regardless by who the function is called.
(This makes it necessary to pass the unit name to the function.)
This also adds all properties found to a set, and then checks if any of the
properties passed via "--property=" is mising in it, if so, a proper error is
generated.
Support for checking the PID file of a unit is removed, as this cannot be done
reasonably client side (since the systemd instance we are talking to might sit
on another host)
Replaces: #3411Fixes: #3425
Also see: #3504
... as well as halt/poweroff/kexec/suspend/hibernate/hybrid-sleep.
Running those commands will fail in user mode, but we try to set the wall
message first, which might even succeed for privileged users. Best to nip
the whole sequence in the bud.
https://github.com/systemd/systemd/pull/3453#issuecomment-225455156
Reloading or reexecuting PID 1 means the unit generators are rerun, which are
timed out at 90s. Make sure the method call asking for the reload is timed out
at twice that, so that the generators have 90s and the reload operation has 90s
too.
This reworks the daemon_reload() call in systemctl, and makes it exclusively
about reloading/reexecing. Previously it was used for other trivial method
calls too, which didn't really help readability. As the code paths are now
sufficiently different, split out the old code into a new function
trivial_method().
This call also does a similar change as
c8ad4efb277c3235d58789170af11bb3c847d655 but for the reload/reexec operation.
Fixes: #3353
For legacy commands such as /sbin/halt or /sbin/poweroff we support legacy
fallbacks that talk via traditional SysV way with PID 1 to issue the desired
operation. We do this on any kind of error if the primary method of operation
fails. When this is the case we suppress any error message that is normally
generated, in order to not confuse the user. When suppressing this log message,
don't suppress the original error code, because there's really no reason to.
systemctl --property doesn't validate if a requested property is valid or not,
and always returns with an exit code of 0, regardless of whether the requested
property exists or not.
How reproducible:
This works fine:
Id=multi-user.target
But put in a non-existing property:
Id=default.targets.service
Id=default.targets.service
0
[root@shou18lkvm8 ~]# systemctl show --property Id this.is.rubbish; echo $?
Id=this.is.rubbish.service
0
After:
sus@maximus bz-95593]$ ./systemctl show --property Id this.is.rubbish; echo $?
Can't display property this.is.rubbish. Unit this.is.rubbish.service does not
exist.
4
fixes#2295
Before:
[sus@maximus bz-1256858]$ systemctl status rsyslog.service;echo $?
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Drop-In: /etc/systemd/system/rsyslog.service.d
└─50-CPUShares.conf
Active: inactive (dead) since Mon 2016-05-30 11:54:25 IST; 2h 26min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Process: 1159 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited,
status=0/SUCCESS)
Main PID: 1159 (code=exited, status=0/SUCCESS)
May 30 11:07:50 maximus systemd[1]: Starting System Logging Service...
May 30 11:07:50 maximus systemd[1]: Started System Logging Service.
May 30 11:54:25 maximus systemd[1]: Stopping System Logging Service...
May 30 11:54:25 maximus systemd[1]: Stopped System Logging Service.
3
[sus@maximus bz-1256858]$ systemctl status hello.service;echo $?
● hello.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
3
After:
$ ./systemctl status hello.service;echo $?
Failed to dump process list, ignoring: Access denied
● hello.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
4
[sus@maximus bz-1256858]$ ./systemctl status rsyslog.service;echo $?
Failed to dump process list, ignoring: Access denied
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Drop-In: /etc/systemd/system/rsyslog.service.d
└─50-CPUShares.conf
Active: inactive (dead) since Mon 2016-05-30 11:54:25 IST; 2h 24min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Process: 1159 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited,
status=0/SUCCESS)
Main PID: 1159 (code=exited, status=0/SUCCESS)
May 30 11:07:50 maximus systemd[1]: Starting System Logging Service...
May 30 11:07:50 maximus systemd[1]: Started System Logging Service.
May 30 11:54:25 maximus systemd[1]: Stopping System Logging Service...
May 30 11:54:25 maximus systemd[1]: Stopped System Logging Service.
3
Fixes: 1092
On the unified hierarchy, memory controller implements three control knobs -
low, high and max which enables more useable and versatile control over memory
usage. This patch implements support for the three control knobs.
* MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and
memory.max, respectively.
* As all absolute limits on the unified hierarchy use "max" for no limit, make
memory limit parse functions accept "max" in addition to "infinity" and
document "max" for the new knobs.
* Implement compatibility translation between MemoryMax and MemoryLimit.
v2:
- Fixed missing else's in config_parse_memory_limit().
- Fixed missing newline when writing out drop-ins.
- Coding style updates to use "val > 0" instead of "val".
- Minor updates to documentation.
We have to pass addresses of changes and n_changes to
bus_deserialize_and_dump_unit_file_changes(). Otherwise we are hit by
missing information (subsequent calls to unit_file_changes_add() to
not add anything).
Also prevent null pointer dereference in
bus_deserialize_and_dump_unit_file_changes() by asserting.
Fixes#3339
After enabling/disabling a unit, the daemon configuration is expected
to be unless '--no-reload' option is passed.
However this is not done when enabling a sysv units. This can lead to
the following scenario:
$ cp /etc/init.d/named /etc/init.d/foo
$ systemctl enable foo
foo.service is not a native service, redirecting to systemd-sysv-install
Executing /usr/lib/systemd/systemd-sysv-install enable foo
$ systemctl start foo
Failed to start foo.service: Unit foo.service failed to load: No such file or directory.
This can also be seen after installing a package providing a sysv
service: the service can't be started unless 'daemon-reload' is called
manually. This shouldn't be needed and this patch will fix this case
too since during package installation, the service is expected to be
enabled/disabled.
The sync() call on shutdown had been removed with commit 57371e5829
together with the no-sync option for the shutdown commands.
The sync call was restored in commit 4a3ad39957 but the no-sync option
wasn't re-added.
I think we should restore this option at least for the legacy halt command.
Currently, there are two cgroup IO limits, bandwidth max for read and write,
and they are hard-coded in various places. This is fine for two limits but IO
is expected to grow more limits - low, high and max limits for bandwidth and
IOPS - and hard-coding each limit won't make sense.
This patch replaces hard-coded limits with an array indexed by
CGroupIOLimitType and accompanying string and default value tables so that new
limits can be added trivially.
That function doesn't draw anything on it's own, just returns a string, which
sometimes is more than one character. Also remove "DRAW_" prefix from character
names, TREE_* and ARROW and BLACK_CIRCLE are unambigous on their own, don't
draw anything, and are always used as an argument to special_glyph().
Rename "DASH" to "MDASH", as there's more than one type of dash.
On the unified hierarchy, blkio controller is renamed to io and the interface
is changed significantly.
* blkio.weight and blkio.weight_device are consolidated into io.weight which
uses the standardized weight range [1, 10000] with 100 as the default value.
* blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max.
Expansion of throttling features is being worked on to support
work-conserving absolute limits (io.low and io.high).
* All stats are consolidated into io.stats.
This patchset adds support for the new interface. As the interface has been
revamped and new features are expected to be added, it seems best to treat it
as a separate controller rather than trying to expand the blkio settings
although we might add automatic translation if only blkio settings are
specified.
* io.weight handling is mostly identical to blkio.weight[_device] handling
except that the weight range is different.
* Both read and write bandwidth settings are consolidated into
CGroupIODeviceLimit which describes all limits applicable to the device.
This makes it less painful to add new limits.
* "max" can be used to specify the maximum limit which is equivalent to no
config for max limits and treated as such. If a given CGroupIODeviceLimit
doesn't contain any non-default configs, the config struct is discarded once
the no limit config is applied to cgroup.
* lookup_blkio_device() is renamed to lookup_block_device().
Signed-off-by: Tejun Heo <htejun@fb.com>
This fixes fall-out from 6d10d308c6.
Until that commit, do determine whether a daemon reload was required we compare
the mtime of the main unit file we loaded with the mtime of it on disk for
equality, but for drop-ins we only stored the newest mtime of all of them and
then did a "newer-than" comparison. This was brokeni with the above commit,
when all checks where changed to be for equality.
With this change all checks are now done as "newer-than", fixing the drop-in
mtime case. Strictly speaking this will not detect a number of changes that the
code before above commit detected, but given that the mtime is unlikely to go
backwards, and this is just intended to be a helpful hint anyway, this looks OK
in order to keep things simple.
Fixes: #3123
This adds a new GetProcesses() bus call to the Unit object which returns an
array consisting of all PIDs, their process names, as well as their full cgroup
paths. This is then used by "systemctl status" to show the per-unit process
tree.
This has the benefit that the client-side no longer needs to access the
cgroupfs directly to show the process tree of a unit. Instead, it now uses this
new API, which means it also works if -H or -M are used correctly, as the
information from the specific host is used, and not the one from the local
system.
Fixes: #2945
When "preset" was executed for a unit without install info, we'd warn similarly
as for "enable" and "disable". But "preset" is usually called for all units,
because the preset files are provided by the distribution, and the units are under
control of individual programs, and it's reasonable to call "preset" for all units
rather then try to do it only for the ones that can be installed.
We also don't warn about missing info for "preset-all". Thus it seems reasonable
to silently ignore units w/o install info when presetting.
(In addition, when more than one unit was specified, we'd issue the warning
only if none of them had install info. But this is probably something to fix
for enable/disable too.)
No need to dump all the redundant device units on the user, just because he
specified that he wants to see units of a specific state.
This was broken by commit ebc962656c.
Fixes#2191:
$ systemctl --root=/ enable sddm
Created symlink /etc/systemd/system/display-manager.service, pointing to /usr/lib/systemd/system/sddm.service.
$ sudo build/systemctl --root=/ enable gdm
Failed to enable unit, file /etc/systemd/system/display-manager.service already exists and is a symlink to /usr/lib/systemd/system/sddm.service.
$ sudo build/systemctl --root= enable sddm
$ sudo build/systemctl --root= enable gdm
Failed to enable unit: File /etc/systemd/system/display-manager.service already exists and is a symlink to /usr/lib/systemd/system/sddm.service.
(I tried a few different approaches to pass the error information back to the
caller. Adding a new parameter to hold the error results in a gigantic patch
and a lot of hassle to pass the args arounds. Adding this information to the
changes array is straightforward and can be more easily extended in the
future.)
In case local installation is performed, the full set of errors can be reported
and we do that. When running over dbus, only the first error is reported.
With any masked unit that would that would be enabled by presets, we'd get:
test@rawhide $ sudo systemctl preset-all
Failed to execute operation: Unit file is masked.
test@rawhide $ sudo systemctl --root=/ preset-all
Operation failed: Cannot send after transport endpoint shutdown
Simply ignore those units:
test@rawhide $ sudo systemctl preset-all
Unit xxx.service is masked, ignoring.
If the error code ever leaks (we print the strerror error instead of providing
our own), the message for ESHUTDOWN is "Cannot send after transport endpoint
shutdown", which can be misleading. In particular it suggest that some
mishandling of the dbus connection occured. Let's change that to ERFKILL which
has the advantage that a) it sounds implausible as actual error, b) has the
connotation of disabling something manually.
Before 0f03c2a4c0 specifying any path would cause the systemctl client
to do the installation itself, instead of going over dbus. Restore that
behaviour.
We don't allow using config symlinks to enable units, but the error message we
printed was awful. Fix that, and generate a more readable error.
Fixes#3010.
This allows dropping all user configuration and reverting back to the vendor
default of a unit file. It basically undoes what "systemctl edit", "systemctl
set-property" and "systemctl mask" do.
The SysV compat code checks whether there's a native unit file before looking
for a SysV init script. Since the newest rework generated units will show up in
the unit path, and hence the checks ended up assuming that there always was a
native unit file for each init script: the generated one.
With this change the generated unit file directory is suppressed from the
search path when this check is done, to avoid the confusion.
We should log about everything we don't expect.
Also, add a comment for one case were we do not log, on purpose, and make it
use a separate error code.
Move the search path check from the SysV service compat support into install.c
so that we can reuse the usual algorithm instead of rolling a private loop for
this.
