This avoids nasty race conditions between dnf/apt-get and unfinished
population of /tmp (among other things), as `docker exec` allows commands
to run before the system is fully booted (i.e. initializing/starting
state reported by `systemctl is-system-running`).
get_block_device() is just the nicer way to do it (since it also odes
btrfs). Also, let's already collect the dev_t of the loopback device
when we enumerate things, that allows us to do the checks simpler
without constantly stat()ing things over and over again.
We fucked up errno vs. r two times, let's correct that.
While we are at it, let's handle the error first, like we usually do,
and the clean case without indentation.
This reverts commit 07125d24ee.
In contrast to what is claimed in #13396 dbus-broker apparently does
care for the service file to be around, and otherwise will claim
"Service Not Activatable" in the time between systemd starting up the
broker and connecting to it, which the stub service file is supposed to
make go away.
Reverting this makes the integration test suite pass again on host with
dbus-broker (i.e. current Fedora desktop).
Tested with dbus-broker-21-6.fc31.x86_64.
Write a user unit's invocation ID to /run/user/<uid>/systemd/units/ similar
to how a system unit's invocation ID is written to /run/systemd/units/.
This lets the journal read and add a user unit's invocation ID to the
_SYSTEMD_INVOCATION_ID field of logs instead of the user manager's
invocation ID.
Fixes#12474
This reverts commit 362c378291.
This commit introduced an ordering loop: remote-cryptsetup.target was both
before and after remote-fs-pre.target. It also globally ordered all cryptsetup
volumes before all mounts. Such global ordering is problematic if people have
stacked storage. Let's look for a different solution.
See https://github.com/systemd/systemd/pull/14378#discussion_r359460109.
To support ProtectHome=y in a user namespace (which mounts the inaccessible
nodes), the nodes need to be accessible by the user. Create these paths and
devices in the user runtime directory so they can be used later if needed.
The test exercises that PrivateTmp=yes and ProtectHome={read-only,tmpfs}
directives work as expected when PrivateUsers=yes in a user manager.
Some code is also added to test-functions to help set up test cases that
exercise the user manager.
Let per-user service managers have user namespaces too.
For unprivileged users, user namespaces are set up much earlier
(before the mount, network, and UTS namespaces vs after) in
order to obtain capbilities in the new user namespace and enable use of
the other listed namespaces. However for privileged users (root), the
set up for the user namspace is still done at the end to avoid any
restrictions with combining namespaces inside a user namespace (see
inline comments).
Closes#10576
PrefixRoute= was added by e63be0847c,
but unfortunately, the meaning of PrefixRoute= is inverted; when true
IFA_F_NOPREFIXROUTE flag is added. This introduces AddPrefixRoute=
setting.
