Discussed in #13743, the -.service semantic conflicts with the
existing root mount and slice names, making this feature not
uniformly extensible to all types. Change the name to be
<type>.d instead.
Updating to this format also extends the top-level dropin to
unit types.
journald assumes that getsockopt(SO_PEERCRED) correctly identifies the
process on the remote end of the socket. However, this is incorrect
according to man 7 socket:
The returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2).
This becomes a problem when a new process inherits the stdout stream
from a parent. First, log messages from the child process will
be attributed to the parent. Second, the struct ucred used by journald
becomes invalid as soon as the parent exits. Further sendmsg calls then
fail with ENOENT. Logs for the child process then vanish from the journal.
Fix this by using recvmsg on the stdout stream, and refreshing the cached
struct ucred if SCM_CREDENTIALS indicate a new process.
Fixes#13708
The systemd-networkd-tests.py has some regex that uses non-capturing
groups, but there is no need to use that with assertRegex; the
groups aren't referenced so it doesn't matter if it's capturing or
non-capturing. However, there are a few places where optional groups
should have been used instead, so this changes that.
Specifically, groups like this:
(?:whatever |)
should actually be:
(whatever )?
Additionally, this is specifically needed for these tests to run on
Debian systems, because this assertRegex:
'Link File: (?:/usr)/lib/systemd/network/99-default.link'
needs to be:
'Link File: (/usr)?/lib/systemd/network/99-default.link'
The name with plural made more sense where multiple options could be specified
in one line. After changes in the pull request, this option only accepts one
value, so from users' POV it should be singular.
(The field in the data structure remains plural, because it actually stores
multiple values.)
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.
This could be used for time-limited login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035
TEST-41 verifies that the StartLimitBurst property will correctly
limit the number of unit restarts, but the test currently doesn't
adjust the StartLimitIntervalSec which defaults to 10 seconds.
On Ubuntu CI, running under un-accelerated qemu, it can take more than
10 seconds to perform all 3 restarts, which avoids the burst limit,
and fails the test.
Instead, specify a long StartLimitIntervalSec in the test, so we can
be sure to correctly test StartLimitBurst even on slow testbeds.
Fixes#13794.
Many tests were also masking systemd-machined.service. But machined
should only start when activated, so having it not masked shouldn't be
noticable. TEST-25-IMPORT needs it.
I *think* this was originally added to make it easier to see what was happening
in tests. Later we added the functionality to print the journal on failure, so
this redirection has stopped being useful.
In https://github.com/systemd/systemd/pull/13719#issuecomment-539292650
@filbranden shows that grep tries to write to stdout and fails. In general,
we should not assume that writing to the console it always possible. We have
special code to handle this in pid1 after all:
99 19:22:10.731965 fstat(1, <unfinished ...>
99 19:22:10.731993 <... fstat resumed>{st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
99 19:22:10.732070 write(1, "ExecStartPost={ path=/bin/echo ; argv[]=/bin/echo ${4_four_ex} ; ignore_errors=no ; start_time=[Mon 2019-10-07 19:22:10 PDT] ; stop_time=[Mon 209-10-07 19:22:10 PDT] ; pid=97 ; code=exited ; status=0 }\n", 203) = -1 EIO (Input/output error)
99 19:22:10.732174 write(2, "grep: ", 6) = -1 EIO (Input/output error)
99 19:22:10.732226 write(2, "write error", 11) = -1 EIO (Input/output error)
99 19:22:10.732263 write(2, ": Input/output error", 20) = -1 EIO (Input/output error)
99 19:22:10.732298 write(2, "\n", 1 <unfinished ...>
99 19:22:10.732325 <... write resumed>) = -1 EIO (Input/output error)
99 19:22:10.732349 exit_group(2) = ?
99 19:22:10.732424 +++ exited with 2 +++
Removing the redirection should make the tests less flakey.
Replaces #13719.
While at it, also drop NotifyAccess=all. I think it was added purposefully in
TEST-20-MAINPIDGAMES, and then cargo culted to newer tests.
This temporarily blacklists some tests when run under Ubuntu CI.
This is the upstream side of the Debian 'upstream' test MR:
https://salsa.debian.org/systemd-team/systemd/merge_requests/52
The tests blacklisted here should only be temporarily blacklisted
until they can be fixed; the intention is that these blacklist files
will be added and removed over time while debugging/fixing flaky
and/or regressed tests, without causing test failure noise for other
PRs.
v2:
- if RestartKillSignal= is not specified, fall back to KillSignal=. This is necessary
to preserve backwards compatibility (and keep KillSignal= generally useful).
We should never have used an unprefixed environment variable name.
All other systemd-nspawn variables have the "SYSTEMD_NSPAWN_" prefix,
and all other systemd variables have the "SYSTEMD_" prefix.
The new variable name takes precedence, but we fall back to checking the
old one. If only the old one is found, a warning is emitted.
In addition, SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="" is accepted as an override
to avoid looking for the old variable name.
We have a variable with the same name ($UNIFIED_CGROUP_HIERARCHY) in tests,
which governs both systemd-nspawn and qemu behaviour. It is not renamed.
Anita Zhang