It does not make sense for udev to even open DRBD block devices
(/dev/drbdX). It is on one hand not necessary as DRBD is controlled by
something else in the stack (e.g., pacemaker), and it even can get
cumbersome in various scenarios (e.g., DRBD9 auto-promote).
Closes: #9371
Signed-off-by: Roland Kammerer <roland.kammerer@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
This compensates for the unsynchronized reload cycles of systemd and
udev: we manually trigger the deps listed in SYSTEMD_WANTS properties if
they change for device units that are already up. That way all deps
defined that way will be triggered at least once: the first time the
unit goes up by the usual dependency logic, and if it already is up by
the device.c specific logic.
Fixes: #9323
Before this patch:
# systemctl --runtime mask abuild.mount does-not-exist.mount does-also-not-exist.mount
Unit abuild.mount does not exist, proceeding anyway.
Unit abuild.mount does not exist, proceeding anyway.
Unit abuild.mount does not exist, proceeding anyway.
Created symlink /run/systemd/system/abuild.mount → /dev/null.
Created symlink /run/systemd/system/does-not-exist.mount → /dev/null.
Created symlink /run/systemd/system/does-also-not-exist.mount → /dev/null.
After this patch:
# systemctl --runtime mask abuild.mount does-not-exist.mount does-also-not-exist.mount
Unit abuild.mount does not exist, proceeding anyway.
Unit does-not-exist.mount does not exist, proceeding anyway.
Unit does-also-not-exist.mount does not exist, proceeding anyway.
Created symlink /run/systemd/system/abuild.mount → /dev/null.
Created symlink /run/systemd/system/does-not-exist.mount → /dev/null.
Created symlink /run/systemd/system/does-also-not-exist.mount → /dev/null.
This commit adds the stop alias to the output of `machinectl --help`.
In the past we only mention this in the man page. It's nice to mention
this in the output `machinectl --help` as well.
Now the setting MTU is embedded into the link_up message which makes it
incapable of setting MTU if link is up. MTU can be set while Link is up.
Closes#9254
The prefix for EMC Symmetrix pre-SPC VPD inquiry reply
is always SCSI_ID_NAA, so we need to hardcode it to
avoid false values here.
Signed-off-by: Hannes Reinecke <hare@suse.com>
The method already uses a boolean argument to determine whether it is in
whitelist mode or not. The code that will parse the string of filters
does not expect the ~, since it already has the boolean argument. Thus,
it will fail to parse the list of filters.
The functions protect_{home,system}_from_string() are not used
except for defining protect_{home,system}_or_bool_from_string().
This makes protect_{home,system}_from_string() support boolean
strings, and drops protect_{home,system}_or_bool_from_string().
During the transition from system functions using errno to our own read and write functions with negative return codes some errors where introduced. This patch correctly convert errno to negative return codes for read and write and fix checks still using errno instead of the return code.
Closes#9283
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.
The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
