Traditionally, user logins had a $PATH in which /bin was before /sbin, while
root logins had a $PATH with /sbin first. This allows the tricks that
consolehelper is doing to work. But even if we ignore consolehelper, having the
path in this order might have been used by admins for other purposes, and
keeping the order in user sessions will make it easier the adoption of systemd
user sessions a bit easier.
Fixes#733.
https://bugzilla.redhat.com/show_bug.cgi?id=1744059
OOM handling in manager_default_environment wasn't really correct.
Now the (theorertical) malloc failure in strv_new() is handled.
Please note that this has no effect on:
- systems with merged /bin-/sbin (e.g. arch)
- when there are no binaries that differ between the two locations.
E.g. on my F30 laptop there is exactly one program that is affected:
/usr/bin/setup -> consolehelper.
There is less and less stuff that relies on consolehelper, but there's still
some.
So for "clean" systems this makes no difference, but helps with legacy setups.
$ dnf repoquery --releasever=31 --qf %{name} --whatrequires usermode
anaconda-live
audit-viewer
beesu
chkrootkit
driftnet
drobo-utils-gui
hddtemp
mate-system-log
mock
pure-ftpd
setuptool
subscription-manager
system-config-httpd
system-config-rootpassword
system-switch-java
system-switch-mail
usermode-gtk
vpnc-consoleuser
wifi-radar
xawtv
When we would iterate over the lookup paths for each unit, making the list as
short as possible was important for performance. With the current cache, it
doesn't matter much. Two classes of paths were being removed:
- paths which don't exist in the filesystem
- paths which symlink to a path earlier in the search list
Both of those points cause problems with the caching code:
- if a user creates a directory that didn't exist before and puts units there,
now we will notice the new mtime an properly load the unit. When the path
was removed from list, we wouldn't.
- we now properly detect whether a unit path is on the path or not.
Before, if e.g. /lib/systemd/system, /usr/lib/systemd/systemd were both on
the path, and /lib was a symlink to /usr/lib, the second directory would be
pruned from the path. Then, the code would think that a symlink
/etc/systemd/system/foo.service→/lib/systemd/system/foo.service is an alias,
but /etc/systemd/system/foo.service→/usr/lib/systemd/system/foo.service would
be considered a link (in the systemctl link sense).
Removing the pruning has a slight negative performance impact in case of
usr-merge systems which have systemd compiled with non-usr-merge paths.
Non-usr-merge systems are deprecated, and this impact should be very small, so
I think it's OK. If it turns out to be an issue, the loop in function that
builds the cache could be improved to skip over "duplicate" directories with
same logic that the cache pruning did before. I didn't want to add this,
becuase it complicates the code to improve a corner case.
Fixes#13272.
*We* control the sysctl setting. If the user configured IPv6, then we apply the
settings, and just make sure that at some point during the configuration the
sysctl is disabled (i.e. ipv6 enabled) if we have IPv6 configured.
Replaces #13283.
journalctl --unit= already did this, and allows you to tail all the logs
for a certain slice easily. It seemed only natural to make --user-unit
behave in a similar way.
The _SYSTEMD_USER_SLICE field was not documented as being added by
journald, so I have added that to the documentation too.
Furthermore, I have documented the existing behaviour of --unit= and the
new behaviour of --user-unit=
The behaviour was actually not documented before, so I am also OK with
removing the match for the --unit= command instead. The user would then
have to manually provide _SYSTEMD_SLICE= filter to journalctl in both
cases. Both options work for me.
If logging disappears issues are hard to debug, hence let's give
journald a slight edge over other services when the OOM killer hits.
Here are the special adjustments we now make:
systemd-coredump@.service.in OOMScoreAdjust=500
systemd-journald.service.in OOMScoreAdjust=-250
systemd-udevd.service.in OOMScoreAdjust=-1000
(i.e. the coredump processing is made more likely to be killed on OOM,
and udevd and journald are less likely to be killed)
The alternative would be to recreate the cache, but dropins can be created very
often for transient settings, so updating the cache seems like a much faster
option.
Fixes#13287.
The file descriptor was opened with O_CLOEXEC, so in practice this doesn't
change too much, but it seems cleaner to always close the old fd when
changing the device path.
Ubunut autopkgtest fails with:
405/501 test-journal-flush FAIL 0.74 s (killed by signal 6 SIGABRT)
--- command ---
SYSTEMD_KBD_MODEL_MAP='/tmp/autopkgtest.BgjJJv/build.yAM/systemd/src/locale/kbd-model-map' SYSTEMD_LANGUAGE_FALLBACK_MAP='/tmp/autopkgtest.BgjJJv/build.yAM/systemd/src/locale/language-fallback-map' PATH='/tmp/autopkgtest.BgjJJv/build.yAM/systemd/build-deb:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games' /tmp/autopkgtest.BgjJJv/build.yAM/systemd/build-deb/test-journal-flush
--- stderr ---
Assertion 'r >= 0' failed at src/journal/test-journal-flush.c:48, function main(). Aborting.
-------
It's hard to say what is going on here without any error messages whatsoever.
The test goes into deep details of journal file handling, so it needs to also
do logging on its own.
Current kernels with BFQ scheduler do not yet set their IO weight
through "io.weight" but through "io.bfq.weight" (using a slightly
different interface supporting only default weights, not per-device
weights). This commit enables "IOWeight=" to just to that.
This patch may be dropped at some time later.
Github-Link: https://github.com/systemd/systemd/issues/7057
Signed-off-by: Kai Krakow <kai@kaishome.de>
This reverts commit 8a07b4033e.
The tests are kept. test-networkd-conf is adjusted to pass.
This fixes#13276. I think current rules are extremely confusing, as the
case in test-networkd-conf shows. We apply some kinds of unescaping (relating
to quoting), but not others (related to escaping of special characters).
But fixing this is hard, because people have adjusted quoting to match
our rules, and if we make the rules "better", things might break in unexpected
places.
Without this change, the address with PreferredLifetime=0 cannot be ready,
and thus, no consequent setting up process does not start.
The bug was introduced by 6aa5773.
Follow-up for b7ed5384ab.
Fixes#13341.
This part of the build does not use the normal meson parameters, so
we need to explicitly check for the meson --werror parameter, and if
it's true, set the gcc -Werror parameter for this subdir's build.
This attribute is x86_32-only, so when building on non-intel archs it
generates a compiler warning. When building with -Werror this turns
into an error, so only include the attribute on i386 arch builds.
This attribute is x86-only, so when building on non-intel archs it
generates a compiler warning. When building with -Werror this turns
into an error, so only include the attribute on intel archs.
Add a comment line explaining that the syscall defines might be
defined to invalid negative numbers, as libseccomp redefines them
to negative numbers if not defined by the kernel headers, which is
not obvious just from reading the code checking for defined && > 0
If rescue.target, multi-user.target and graphical.target are all
inactive, get_current_runlevel() is not able to determine current
runlevel, and returns with zero. This zero runlevel value results to
assertion failure in utmp_put_runlevel().
# systemctl stop rescue.target multi-user.target graphical.target
# systemctl start systemd-update-utmp-runlevel.service
systemd[1]: Stopped target Graphical Interface.
systemd[1]: Stopped target Multi-User System.
systemd[1]: Starting Update UTMP about System Runlevel Changes...
systemd-update-utmp[67]: Assertion 'runlevel > 0' failed at src/shared/utmp-wtmp.c:275, function utmp_put_runlevel(). Aborting.
systemd[1]: systemd-update-utmp-runlevel.service: Main process exited, code=dumped, status=6/ABRT
systemd[1]: systemd-update-utmp-runlevel.service: Failed with result 'core-dump'.
systemd[1]: Failed to start Update UTMP about System Runlevel Changes.
Let's just print a warning in this case and skip the utmp update, to
avoid systemd-update-utmp-runlevel.service failures.
Previously, we'd only set the shell to /usr/bin/nologin and lock the
password for system users. Let's go one step further and also lock the
whole account.
This is a paranoid safety precaution, since neither disabling the shell
like this nor disabling the password is sufficient to lock an account,
since remote shell tools generally allow passing different shells, and
logins into ftp or similar protocols don't know the shell concept anyway.
Moreover, in times of ssh authentication by password is just one
option of authentication among many.
Takes inspiration from the recommendations in usermod(8)'s -L switch:
"Note: if you wish to lock the account (not only access with a
password), you should also set the EXPIRE_DATE to 1."
The #ifndef check used to work for missing __NR_* syscall defines, but
unfortunately libseccomp now redefines missing syscall number to negative
numbers, in their public header file, e.g.:
https://github.com/seccomp/libseccomp/blob/master/include/seccomp.h.in#L801
When systemd is built, since it includes <seccomp.h>, it pulls in the
incorrect negative value for any __NR_* syscall define that's included in
the seccomp.h header (for those syscalls that the kernel headers don't
yet define, e.g. when built with older/stable-distro kernels). This leads
to bugs like:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1821625
This changes the check so that it can override the negative number that
libseccomp defines, instead of trying to use the negative syscall number.
To avoid gcc warnings (which are failures with meson --werror), this checks
without generating a redefinition gcc warning.
I have no idea why libseccomp decided to define missing syscalls
to negative numbers inside their *public* header file, causing
problems like this.
I assumed that unit_name_to_instnace() returns NULL if there is no instance.
In fact it returns "", so the check for instance was wrong.
Also avoid unnecessary call to unit_name_is_valid().
