This makes it possible to edit blob directories using homectl. The
following syntax is available:
* `--blob-directory=/path/somewhere`: Replaces the entire blob directory
with the contents of /path/somewhere
* `--blob-directory=foobar=/path/somewhere`: Replaces just the file
foobar in the blob directory with the contents of /path/somewhere
* `--blob-directory=foobar=`: Deletes the file foobar from the blob
directory
* `--blob-directory=`: Resets all previous flags
* `--avatar=`, etc: Shortcuts for `--blob-directory=FILENAME=` for the
known files in the blob directory
Introduces new extended variants of the various incarnations of
Create and Update, which take a map of filenames to FDs. This map is
then used to populate the bulk directory.
FDs are used to prevent the client from abusing homed's blob directory
permissions (everything is made world-readable by homed) to open files
that they normally aren't allowed to open. Passing along an FD ensures
that the client has read access to the file it wants homed to make
world-readable.
Internally, homework uses the map to overwrite the system blob dir.
Later, homework's existing blob dir reconciliation logic will propagate
the new contents from the system blob dir into the embedded blob
dir
Whenever the host & embedded records are reconciled, the host & embedded
blob directories are now reconciled too in the same direction.
Reconciling the blob directories serves exactly the same purpose as
reconciling the user records, and thus should behave in the same way.
This ensures that a user-specific blob directory exists in
/var/cache/systemd/homed for as long as the user exists, and gets
deleted if the user gets deleted.
It also advertises this blob directory via the user record, so that
clients can find and use it.
We're documenting the behavior of blob directories here. These docs
refer to things that aren't yet implemented at the time of the commit, but will be later in the same PR.
This is useful for situations where an array of FDs is to be passed into
a child process (i.e. by passing it through safe_fork). This function
can be called in the child (before calling exec) to pack the FDs to all
be next to each-other starting from SD_LISTEN_FDS_START (i.e. 3)
During the boot process, systemd-vconsole-setup can be started when the only
allocated VC is already taken by plymouth.
This case is expected when a boot splash is displayed hence
systemd-vconsole-setup.service should not fail if it happens.
However rather than doing nothing, the sysfs utf8 flag is set before exiting
early.
Forward journal to console, since we won't have any journal from initrd
and shutdown/exit initrd phases. Also, mention
systemd.journald.max_level_console=debug that is very handy for
debugging initrd shenanigans, but don't use it by default since it
sends a _lot_ of stuff to the serial console, which slows down the test
a lot.
This does not change anything for DHCPv4, as a DHCPv4 address is always
requested anyway. However for DHCPv6, the client may not request IA_NA
addresses by UseAddress=no, or even if it is requested, the server may
not provide any IA_NA addresses. Even in such cases, here the check is
for delegated prefixes, hence it is not necessary to check if DHCPv6
IA_NA addresses are configured.
Fixes a bug introduced by 195b83edf8.
Fixes#31349.
Though, when unit_prepare_exec() is called, the unit should always
have the cgroup runtime context 'crt'. So, I think we can insert assert().
But, for consistency with other places that call unit_get_cgroup_runtime(),
here use the simple non-NULL check for 'crt' instead of using assert().
Follow-up for 9cc545447e.
Fixes CID#1534667.
The varlink_collect_full function did not set varlink client's state
when the reply was an error. The state was stuck in "collecting-reply".
I discovered that while hacking on network varlink interface (adding a
new varlink method). The debug logs shows the process of performing the
first query which replies with an error:
varlink: Setting state idle-client
network: Sending message: {"method":"io.systemd.Network.LLDPNeighbors","parameters":{"ifindex":1},"more":true}
network: Changing state idle-client → collecting
network: Received message: {"error":"org.varlink.service.MethodNotFound","parameters":{"method":"io.systemd.Network.LLDPNeighbors"}}
network: Changing state collecting → collecting-reply
Now another varlink_collect call is being made, but
network: Connection busy.
Failed to execute varlink call: Device or resource busy
This was not caught by the tests because there were no varlink_collect
calls that resulted in error reply.
CH Pedals are incorrectly reported as an accelerometer [1], because they
have no button. This is fixed by a rule in 60-input-id.hwdb [2], but
the rule checks id/version="0100", while my pedals report id/version="0111".
So there are several versions of the pedals, presumably all affected
by the bug. Remove the version check in the rule to fix them all.
[1] https://bugs.freedesktop.org/show_bug.cgi?id=81889
[2] commit: 230ed4c4ba (hwdb: CH Pro Pedals not classified correctly due to no buttons, 2022-01-19)
PR: https://github.com/systemd/systemd/pull/22184
I (incorrectly) assumed that --relinquish-var does everything --flush
does, including moving already existing stuff from /var/log/journal/ to
/run/log/journal/, but that's not the case. To actually do that we need
to shuffle things manually, so let's do just that.
This should make issues like #31334 easier to debug, since with this
patch we now have a coredump in the test journal as well:
~# make -C test/TEST-04-JOURNAL/ clean setup run TEST_MATCH_SUBTEST=bsod BUILD_DIR=$PWD/build TEST_NO_NSPAWN=1
...
[ 12.176089] testsuite-04.sh[712]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-04.bsod.sh failed'
[ 12.176089] testsuite-04.sh[712]: Subtest /usr/lib/systemd/tests/testdata/units/testsuite-04.bsod.sh failed
[ 12.176089] testsuite-04.sh[712]: + return 1
[ 12.177347] systemd[1]: testsuite-04.service: Failed with result 'exit-code'.
[ 12.220580] systemd[1]: Failed to start testsuite-04.service.
Spawning getter /home/mrc0mmand/repos/@systemd/systemd/build/journalctl -o export -D /var/tmp/systemd-tests/systemd-test.Qtqmmr/root/var/log/journal...
Finishing after writing 7649 entries
TEST-04-JOURNAL: (failed; see logs)
-rw-r----- 1 root root 16777216 Feb 15 21:13 /var/tmp/systemd-tests/systemd-test.Qtqmmr/system.journal
...
~# coredumpctl --file /var/tmp/systemd-tests/systemd-test.Qtqmmr/system.journal
TIME PID UID GID SIG COREFILE EXE SIZE
Thu 2024-02-15 21:13:38 CET 812 0 0 SIGABRT journal /usr/lib/systemd/systemd-bsod -
This refactors the Unit structure a bit: all cgroup-related state fields
are moved to a new structure CGroupRuntime, which is only allocated as
we realize a cgroup.
This is both a nice cleanup and should make unit structures considerably
smaller that have no cgroup associated, because never realized or
because they belong to a unit type that doesn#t have cgroups anyway.
This makes things nicely symmetric:
ExecContext → static user configuration about execution
ExecRuntime → dynamic user state of execution
CGroupContext → static user configuration about cgroups
CGroupRuntime → dynamic user state of cgroups
And each time the XyzContext is part of the unit type structures such as
Service or Slice that need it, but the runtime object is only allocated
when a unit is started.
Allows to configure bond arp_missed_max is the maximum number of arp_interval monitor cycle
for missed ARP replies. If this number is exceeded, link is reported as
down.
