In older kernels IPoIB network devices expose the port number via
the sysfs attribute 'dev_id', which is not intended to be used this way.
Let's support both options for a while.
An InfiniBand network address is 20 bytes long. Only the least
significant 8 bytes can be interpreted as a persistent hardware unit
identifier; the other 12 are transiently derived at runtime from metadata
specific to the protocol stack.
However, since the network interface name length is hard-capped by
IFNAMSIZ at 16 chars and the 2-byte type prefix with '\0' at the end
leave us only at 13, we cannot squeeze a descriptive representation of a
HW address into an interface name. Thus, it makes the most sense to drop
the scheme for IPoIB interfaces entirely.
Currently udev just gets confused and does what it has been taught
to do: fetches the first six bytes and puts them into a permanent
device attribute.
We've long neglected IP-over-InfiniBand network interfaces, let's treat
them the same way we treat anyone else.
IPoIB interfaces will retain the 'ib' prefix; otherwise the naming scheme
is the same one we use for other network interfaces. E.g. a IPoIB network
device provided by a PCI card at bus 21 slot 0 function 6 will be named
'ibp21s0f6'.
Quoting https://github.com/systemd/systemd/issues/10074:
> detect_vm_uml() reads /proc/cpuinfo with read_full_file()
> read_full_file() has a file max limit size of READ_FULL_BYTES_MAX=(4U*1024U*1024U)
> Unfortunately, the size of my /proc/cpuinfo is bigger, approximately:
> echo $(( 4* $(cat /proc/cpuinfo | wc -c)))
> 9918072
> This causes read_full_file() to fail and the Condition test fallout.
Let's just read line by line until we find an intersting line. This also
helps if not running under UML, because we avoid reading as much data.
optind may be used in each verb, e.g., udevadm. So, let's initialize
optind before calling verbs.
Without this, e.g., udevadm -d hwdb --update causes error in parsing arguments.
Since the commit torvalds/linux@fdb5c4531c
the syscall BPF_PROG_ATTACH return EBADF when CONFIG_CGROUP_BPF is
turned off and as result the bpf_firewall_supported() returns the
incorrect value.
This commmit replaces the syscall BPF_PROG_ATTACH with BPF_PROG_DETACH
which is still work as expected.
Resolvesopenbmc/linux#159
See also systemd/systemd#7054
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
Without this, log shows meaningless error message 'No anode', e.g.,
===
Failed to unshare the mount namespace: Operation not permitted
foo.service: Failed to set up mount namespacing: No anode
foo.service: Failed at step NAMESPACE spawning /usr/bin/test: No anode
===
Follow-up for 1beab8b0d0.
When parsing and installing binaries mentioned in Exec*= lines the
5ed0dcf4d5 commit added parsing logic to drop
prefixes, including handling duplicate exclamation marks. But this did not
handle arbitrary combination of multiple prefixes, ie. StartExec=+-/bin/sh was
parsed as -/bin/sh which then would fail to install.
Instead of using egrep and shell replacements, replace both with sed command
that does it all. This sed script extract a group of characters starting with a
/ up to the first space (if any) after the equals sign. This correctly handles
existing non-prefixed, prefixed, multiple-prefixed commands.
About half commands seem to repeat themself, thus sort -u cuts the list of
binaries to install about in half.
To validate change of behaviour both old and new functions were modified to
echo parsed binaries into separate files, and then diffed. The incorrect
-/bin/sh was missing in the new output.
Without this patch tests fail on default Ubuntu installs.
That recommendation is likely to cause more trouble and for pretty
much all end-user units is not useful. Let's recommend relying on
the implicit dependency instead.
Fixes#10015.
Both SO_SNDBUFFORCE and SO_RCVBUFFORCE requires capability 'net_admin'.
If this capability is not granted to the service the first attempt to increase
the recv/snd buffers (via sd_notify()) with SO_RCVBUFFORCE/SO_SNDBUFFORCE will
fail, even if the requested size is lower than the limit enforced by the
kernel.
If apparmor is used, the DENIED logs for net_admin will show up. These log
entries are seen as red warning light, because they could indicate that a
program has been hacked and tries to compromise the system.
It would be nicer if they can be avoided without giving services (relying on
sd_notify) net_admin capability or dropping DENIED logs for all such services
via their apparmor profile.
I'm not sure if sd_notify really needs to forcibly increase the buffer sizes,
but at least if the requested size is below the kernel limit, the capability
(hence the log entries) should be avoided.
Hence let's first ask politely for increasing the buffers and only if it fails
then ignore the kernel limit if we have sufficient privileges.
Followup to commit 13cf422e04b7 ("user@.service: don't kill user manager at runlevel switch")
I think there's a general rule that units with `StopWhenUnneeded=yes` need
`IgnoreOnIsolate=yes`... But it doesn't apply to `suspend.target` and friends.
`printer.target` and friends break on isolate even if we apply the rule[1].
That just leaves `graphical-session.target`, which is a user service.
"isolate" is *mostly* a weird attempt to emulate runlevels, so I decided
not to worry about it for user services.
[1] https://github.com/systemd/systemd/issues/6505#issuecomment-320644819
Loggin in as root user and then switching the runlevel results in a
stop of the user manager, even though the user ist still logged in.
That leaves a broken user session.
Adding "IgnoreOnIsolate=true" to user@.service fixes this.
When $XDG_DATA_DIRS is unset, then, the default value
'/usr/local/share:/usr/share' is used.
When $XDG_DATA_DIRS contain the default paths but the order
is inverted: '/usr/share:/usr/local/share', then test-path-lookup fails.
Fixes#10002.
Back in 08318a2c5a, value "false" was enabled for
'-Dtests=', but various tests were not conditionalized properly. So even with
-Dtests=false -Dslow-tests=false we'd run 120 tests. Let's make this consistent.
We would have a strange situation where after setting -Dslow-tests=true -Dtests=false
we'd get mostly the slow tests (plus some other ones which I'll fix in
subsequent commit). Let's simplify things by making -Dtests=false just
disable those tests too.