As described in
https://bugs.freedesktop.org/show_bug.cgi?id=50184
the journal currently doesn't set fields such as _SYSTEMD_UNIT
properly for messages coming from processes that have already
terminated. This means among other things that "systemctl status" may
not show some of the output of services that wrote messages just
before they exited.
This patch fixes this by having processes that log to the journal
write their unit identifier to journald when the connection to
/run/systemd/journal/stdout is opened. Journald stores the unit ID
and uses it to fill in _SYSTEMD_UNIT when it cannot be obtained
normally (i.e. from the cgroup). To prevent impersonating another
unit, this information is only used when the caller is root.
This doesn't fix the general problem of getting metadata about
messages from terminated processes (which requires some kernel
support), but it allows "systemctl status" and similar queries to do
the Right Thing for units that log via stdout/stderr.
Let's try to standardize a bit the RPM macros used for
installing/uninstalling services.
This only covers the non-SysV compat bits, since that tends to vary
widely between the various distros.
Usage:
Add %{?systemd_requires} to the header of the spec file. And then:
%post
%systemd_post foobar.service
%preun
%systemd_preun foobar.service
%postun
%systemd_postun foobar.service
And, instead of the latter, in case the service shall be restarted on updates:
%postun
%systemd_postun_restart foobar.service
Command systemctl stop foo.service, will print error message, when
foo.service is unknown to systemd, i.e. there is no unit file loaded for
this service.
https://bugzilla.redhat.com/show_bug.cgi?id=732874
NotifySocket= is hardly useful, people should use $NOTIFY_SOCKET if
anything.
RunningAs= suggests people had a choice of running user mode as PID 1 or
vice versa, so remove this too.
This moves FsckPassNo= and SysVStartPriority= into its own
"Compatibility Options" section in the man page to clarify that these
options are not useful for anything but establishing a limited amount of
compatibility.
Also stop exposing these options on the bus.
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
We want to avoid a deadlock when a service has ExecStartPre= programs
that wait for the job queue to run empty because of Type=idle, but which
themselves keep the queue non-empty because START_PRE was considered
ACTIVATING and hence the job not complete. With this patch we alter the
state translation table so that it is impossible ever to wait for
Type=idle unit, hence removing the deadlock.
Previously generated units were always placed at the end of the search
path. With this change there will be three unit dirs instead of one, to
place generated entries at the beginning, in the middle and at the end
of the search path:
beginning: for units that need to override all configuration, regardless
of user or vendor. Example use: system-update-generator uses this to
temporarily redirect default.target.
middle: for units that need to override vendor configuration, but not
vendor configuration. Example use: /etc/fstab should override vendor
supplied configuration (think /tmp), but should not override native user
configuration.
end: does not override anything but is available as well. Possible usage
might be to convert D-Bus bus service files to native units but allowing
vendor supplied native units to win.
UnitPath= is also writable via native units and may be used by generators
to clarify from which file a unit is generated. This patch also hooks up
the cryptsetup and fstab generators to set UnitPath= accordingly.
When service_stop() handles a service in the SERVICE_AUTO_RESTART state,
it calls service_set_state() to transition it to the SERVICE_DEAD state.
However if the service failed, it should transition it to SERVICE_FAILED
instead, which will trigger its OnFailure units. To achieve this, we now
call service_enter_dead() in place of service_set_state(), which will
transition the service to either SERVICE_DEAD or SERVICE_FAILED as is
appropriate.
Also, some misleading comments are adjusted: service_stop() is not only
called on a user request, but also during an automatic restart in order
to handle dependencies.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=45511
If systemd serializes from a switch_root, it adds "--switchedroot" to
the systemd in the real root.
If "--switchedroot" is found, then we do not skip all the stuff, which
is skipped for normal rexecs.
The PAM helper thread needs to capture the death signal from the
parent, but is prohibited from doing so since when the child dies
as normal user, the kernel won't allow it to send a TERM to the
PAM helper thread which is running as root.
This causes the PAM threads to never exit, accumulating after
user sessions exit.
There is however really no need to keep the PAM threads running as
root, so, we can just setresuid() to the same user as defined in the
unit file for the parent thread (User=). This makes the TERM signal
arrive as normal. In case setresuid() fails, we ignore the error, so
we at least fall back to the current behaviour.
This should help making the boot process a bit easier to explore and
understand for the administrator. The simple idea is that "systemctl
status" now shows a link to documentation alongside the other status and
decriptionary information of a service.
This patch adds the necessary fields to all our shipped units if we have
proper documentation for them.