picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/core
History
Lennart Poettering d4dffb8533 dissect: introduce new recognizable partition types for /var and /var/tmp 
This has been requested many times before. Let's add it finally.

GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.

To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).

Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.

To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-23 14:43:59 +01:00
..
all-units.h core: add spdx header to all-units.h 2019-07-24 05:06:21 +09:00
audit-fd.c
audit-fd.h
automount.c pid1: order .automount units after local-fs-pre.target 2019-10-28 22:44:32 +09:00
automount.h
bpf-devices.c bpf: make sure the kernel do not submit an invalid program if no pattern matched 2019-11-11 15:14:09 +01:00
bpf-devices.h bpf: make bpf_devices_apply_policy() independent of any unit code 2019-11-11 14:55:57 +01:00
bpf-firewall.c core: constify bpf program arrays 2019-11-10 23:22:14 +01:00
bpf-firewall.h bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath= 2019-06-25 09:56:16 +02:00
cgroup.c core: set "trusted.delegate" xattr on cgroups that are delegation boundaries 2019-11-20 17:50:12 +01:00
cgroup.h core: make TasksMax a partially dynamic property 2019-11-14 18:41:54 +01:00
dbus-automount.c
dbus-automount.h
dbus-cgroup.c core: write cgroup limits as permilles 2019-11-14 18:41:54 +01:00
dbus-cgroup.h core: make TasksMax a partially dynamic property 2019-11-14 18:41:54 +01:00
dbus-device.c
dbus-device.h
dbus-execute.c core: prefer non-@ syntax for ExecStart= 2019-11-27 12:32:14 +01:00
dbus-execute.h core: add ExecStartXYZEx= with dbus support for executable prefixes 2019-05-30 20:41:42 -07:00
dbus-job.c Create src/shared/unit-file.[ch] for unit-file related ops 2019-07-19 16:51:14 +02:00
dbus-job.h core: add helper function to check job status 2019-10-01 15:05:27 +02:00
dbus-kill.c core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
dbus-kill.h
dbus-manager.c shared/install: provide a nicer error message for invalid WantedBy=/Required= values 2019-12-13 19:30:36 +01:00
dbus-manager.h core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
dbus-mount.c cgroup: drastically simplify caching of cgroups members mask 2018-11-23 13:41:37 +01:00
dbus-mount.h
dbus-path.c
dbus-path.h
dbus-scope.c scope: Support RuntimeMaxSec= directive in scope units 2019-10-28 09:44:31 +01:00
dbus-scope.h pid1: add a new AbandonScope() method call on the Manager object 2018-11-09 17:08:59 +01:00
dbus-service.c pid1: make TimeoutAbortSec settable for transient units 2019-11-27 13:56:29 +01:00
dbus-service.h
dbus-slice.c cgroup: drastically simplify caching of cgroups members mask 2018-11-23 13:41:37 +01:00
dbus-slice.h
dbus-socket.c shared/user-util: allow usernames with dots in specific fields 2019-08-19 21:19:13 +02:00
dbus-socket.h
dbus-swap.c cgroup: drastically simplify caching of cgroups members mask 2018-11-23 13:41:37 +01:00
dbus-swap.h
dbus-target.c
dbus-target.h
dbus-timer.c core: TAKE_PTR in timer_add_one_calendar_spec 2019-08-22 11:02:56 +02:00
dbus-timer.h
dbus-unit.c cgroup: introduce support for cgroup v2 CPUSET controller 2019-09-24 15:16:07 +02:00
dbus-unit.h core: add helper function to check job status 2019-10-01 15:05:27 +02:00
dbus-util.c shared/user-util: allow usernames with dots in specific fields 2019-08-19 21:19:13 +02:00
dbus-util.h shared/user-util: allow usernames with dots in specific fields 2019-08-19 21:19:13 +02:00
dbus.c tree-wide: drop missing.h 2019-10-31 17:57:03 +09:00
dbus.h core: rename queued_message → pending_reload_message 2018-11-13 11:59:06 +01:00
device.c core: turn unit_load_fragment_and_dropin_optional() into a flag 2019-10-11 10:45:33 +02:00
device.h
dynamic-user.c tree-wide: drop pwd.h and grp.h when user-util.h is included 2019-11-04 00:30:32 +09:00
dynamic-user.h tree-wide: reorder various structures to make them smaller and use fewer cache lines 2019-03-27 18:11:11 +01:00
efi-random.c core: take random seed from boot loader and credit it to kernel entropy pool 2019-07-25 18:16:46 +02:00
efi-random.h core: take random seed from boot loader and credit it to kernel entropy pool 2019-07-25 18:16:46 +02:00
emergency-action.c core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
emergency-action.h core: change emergency_action() to return void 2019-03-18 16:06:36 +01:00
execute.c dissect: introduce new recognizable partition types for /var and /var/tmp 2019-12-23 14:43:59 +01:00
execute.h core: Add ProtectKernelLogs 2019-11-11 12:12:02 -08:00
hostname-setup.c
hostname-setup.h
ima-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
ima-setup.h
ip-address-access.c bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users) 2019-06-22 19:56:06 +02:00
ip-address-access.h bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users) 2019-06-22 19:56:06 +02:00
job.c Merge pull request #13904 from keur/job_mode_triggering 2019-11-07 08:36:26 +01:00
job.h core: Add triggering job mode 2019-11-05 11:17:38 -08:00
kill.c core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
kill.h core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
killall.c killall: bump log message about unkilled processes to LOG_WARNING 2019-07-13 11:05:07 +02:00
killall.h core/killall: Propagate errors and return the number of process left 2019-04-08 19:41:16 +02:00
kmod-setup.c tree-wide: drop libkmod.h when module-util.h is included 2019-11-04 00:30:32 +09:00
kmod-setup.h
load-dropin.c
load-dropin.h pid1: kill unit_file_find_dropin_paths() helper 2019-07-17 14:27:23 +02:00
load-fragment-gperf-nulstr.awk
load-fragment-gperf.gperf.m4 pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= 2019-11-25 14:02:14 +01:00
load-fragment.c pid1: fix setting of DefaultTimeoutAbortSec 2019-11-27 13:56:28 +01:00
load-fragment.h pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= 2019-11-25 14:02:14 +01:00
locale-setup.c tree-wide: drop string.h when string-util.h or friends are included 2019-11-04 00:30:32 +09:00
locale-setup.h
loopback-setup.c tree-wide: drop missing.h 2019-10-31 17:57:03 +09:00
loopback-setup.h
machine-id-setup.c Generate stable machine-id and DHCP client ID on POWER KVM. 2019-08-31 10:57:16 +02:00
machine-id-setup.h
macros.systemd.in rpm: avoid hiding errors from systemd commands 2019-03-22 20:54:59 +01:00
main.c Merge pull request #14177 from keszybz/use-initrd.target 2019-12-04 10:30:32 +01:00
manager.c core,journal: export user units' InvocationID and use as _SYSTEMD_INVOCATION_ID 2019-12-19 17:42:17 -08:00
manager.h core: make TasksMax a partially dynamic property 2019-11-14 18:41:54 +01:00
meson.build Revert "Drop dbus activation stub service" 2019-12-20 17:28:12 +01:00
mount-setup.c core: create inaccessible nodes for users when making runtime dirs 2019-12-18 11:09:30 -08:00
mount-setup.h core: remove JoinControllers= configuration setting 2018-11-16 14:54:13 +01:00
mount.c mount: do not update exec deps on mountinfo changes 2019-11-16 13:53:48 +01:00
mount.h core/mount: support "systemctl clean" for mount units 2019-08-28 23:09:54 +09:00
namespace.c core: create inaccessible nodes for users when making runtime dirs 2019-12-18 11:09:30 -08:00
namespace.h core: ProtectKernelLogs= mask kmsg in proc and sys 2019-11-14 12:58:43 -08:00
org.freedesktop.systemd1.conf
org.freedesktop.systemd1.policy.in
org.freedesktop.systemd1.service Revert "Drop dbus activation stub service" 2019-12-20 17:28:12 +01:00
path.c Merge pull request #14074 from keszybz/rename-system-options 2019-11-20 16:13:46 +01:00
path.h
scope.c Merge pull request #13423 from pwithnall/12035-session-time-limits 2019-10-28 14:57:00 +01:00
scope.h scope: Support RuntimeMaxSec= directive in scope units 2019-10-28 09:44:31 +01:00
selinux-access.c tree-wide: drop stdio.h when stdio-util.h is included 2019-11-04 00:30:32 +09:00
selinux-access.h
selinux-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
selinux-setup.h
service.c core/service: downgrade "scheduling restart" message to debug 2019-11-22 14:19:51 +01:00
service.h core: move timeout_clean_usec from Service to ExecContext 2019-08-28 23:09:54 +09:00
show-status.c Add config and kernel commandline option to use short identifiers 2019-07-10 13:35:26 +02:00
show-status.h Add config and kernel commandline option to use short identifiers 2019-07-10 13:35:26 +02:00
slice.c core: adjust load functions for other unit types to be more like service 2019-10-11 13:46:05 +02:00
slice.h
smack-setup.c tree-wide: drop dirent.h when dirent-util.h is included 2019-11-04 00:30:32 +09:00
smack-setup.h
socket.c tree-wide: drop signal.h when signal-util.h is included 2019-11-04 00:30:32 +09:00
socket.h core/socket: support "systemctl clean" for socket units 2019-08-28 23:09:54 +09:00
swap.c core: swap priority can be negative 2019-12-04 08:57:08 +01:00
swap.h core: swap priority can be negative 2019-12-04 08:57:08 +01:00
system.conf.in core: rename ShutdownWatchdogSec to RebootWatchdogSec 2019-07-23 20:29:03 +01:00
systemd.pc.in pkgconfig: avoid double slash with split-usr configuration 2019-03-05 18:49:28 +01:00
target.c core: adjust load functions for other unit types to be more like service 2019-10-11 13:46:05 +02:00
target.h
timer.c Merge pull request #14151 from mk-fg/fix-timer-dump-syntax-bug 2019-11-25 15:56:33 -08:00
timer.h core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
transaction.c man: Document --job-mode=triggering switch 2019-11-05 11:17:56 -08:00
transaction.h core: Add triggering job mode 2019-11-05 11:17:38 -08:00
triggers.systemd.in
unit-printf.c core: mark unit_*_printf() functions as taking a const Unit* 2019-10-16 16:21:56 +02:00
unit-printf.h core: mark unit_*_printf() functions as taking a const Unit* 2019-10-16 16:21:56 +02:00
unit.c core,journal: export user units' InvocationID and use as _SYSTEMD_INVOCATION_ID 2019-12-19 17:42:17 -08:00
unit.h core: drop 'wants' parameter from unit_add_node_dependency() 2019-10-28 18:51:23 +01:00
user.conf.in Add config and kernel commandline option to use short identifiers 2019-07-10 13:35:26 +02:00