Commit graph

64073 commits

Author SHA1 Message Date
Lennart Poettering 4d3ef2d1a2 meson: move bpf hookup into main meson build file
This way we can use it in systemd-userdbd later on, too.
2023-04-24 17:10:08 +02:00
Luca Boccassi 33054db730 man: fix LogControl1 manpage example
Follow-up for c6b8fffdfa
2023-04-24 14:45:10 +02:00
Luca Boccassi a2dd39b4cb pam: cache sd-bus separately per module
sd-bus connection is cached by the two pam modules globally, but this
can lead to issues due to hashmaps (used by sd-bus) using a global
static variable for the shared hash key, which is different per module
as both modules are loaded in the same process.

This happens because the sd-bus object is create in one module, but
used in the other, so global state does not match.

Use a different pam cache identifier for the sd-bus pointer, so that
each module uses a different sd-bus connection as a workaround.

Fixes https://github.com/systemd/systemd/issues/27216
Fixes https://github.com/systemd/systemd/issues/17266
2023-04-24 14:18:50 +02:00
Luca Boccassi db0c0f5e00 pam_systemd_home: clean up sd-bus when called about something else's user
acquire_home() takes a reference to a sd-bus object, which the open_session
hook cleans on success. But only when handling a user actually owned by homed,
it did not clean it up when skipping because it is being invoked on a system
user.
We need to be careful with sd-bus here as pam_sm_open_session is the last
hook before forking, and we want to clean up sd-bus before that happens, or
we'll have a broken reference (FDs are cloexec) in the child process, which
will then assert when attempting to close them, or leak the bus connection
which causes dbus to complain loudly:

 dbus-daemon[62]: [system] Connection has not authenticated soon enough, closing it (auth_timeout=30000ms, elapsed: 30020ms)
2023-04-24 14:18:22 +02:00
Daan De Meyer d5ada52fc4
Merge pull request #27367 from bluca/mkosi_resolve
mkosi: add tmpfiles to handle locale/resolve.conf in Debian
2023-04-24 13:03:58 +02:00
Zbigniew Jędrzejewski-Szmek 3539b3a9f1
Merge pull request #27357 from bluca/example_logcontrol
man: add working example to LogControl1 manpage
2023-04-24 12:24:36 +02:00
Luca Boccassi 54e4b42fde stub: add comment on measurement of io.systemd.stub.kernel-cmdline-extra 2023-04-24 11:04:50 +01:00
Luca Boccassi 48df882c7f mkosi: add tmpfiles to create debian/ubuntu /etc/default/locale link 2023-04-24 10:47:29 +01:00
Luca Boccassi 0b5382ed03 mkosi: move debian/ubuntu ignore preset to config directory 2023-04-24 10:46:39 +01:00
Luca Boccassi 6f9b70fc69 mkosi: move debian/ubuntu common conf under common directory 2023-04-24 10:44:42 +01:00
Luca Boccassi 7cd64af54d mkosi: delete /etc/resolv.conf to let tmpfiles handle it
In case the distribution creates or ships resolv.conf, delete it and let tmpfiles handle it
2023-04-24 10:30:19 +01:00
Daan De Meyer f997f91d7d mkosi: Update to latest
Let's use the new support for matching against any distribution in
a list of distributions to start sharing most things between the
ubuntu/debian configs and centos/fedora configs.
2023-04-24 10:56:55 +02:00
07416 f6e94c5f7d
a colloquial abbreviation 'btw' in TEMPORARY_DIRECTORIES.md (#27365)
* Update TEMPORARY_DIRECTORIES.md
2023-04-23 10:48:17 +01:00
Luca Boccassi f0f7cbd488 man: clarify sd_bus_default
It picks the bus based on the cgroup slice.
2023-04-22 17:41:17 +01:00
Luca Boccassi c6b8fffdfa man: add working example to LogControl1 manpage
Add fully working and documented example that can be copied and pasted
2023-04-22 17:41:17 +01:00
Daan De Meyer 750d9859c1 sulogin-shell: Start initrd.target on exit in the initrd
sulogin is documented to continue booting up on exit. To do that
in the initrd, we need to start initrd.target and not default.target.
2023-04-21 16:46:06 +02:00
Lennart Poettering b676a94837
Merge pull request #27352 from poettering/devnum-more
devnum-util: port more things over
2023-04-21 16:45:51 +02:00
Daan De Meyer fe42438427 mkosi: Use authselect minimal if authselect is installed
We dropped this logic from mkosi itself, so let's configure it in
our postinst script instead. We also enable the with-homed feature
if we can find it. It doesn't exist for the minimal profile yet,
but might be added in the future.
2023-04-21 14:05:32 +02:00
Luca Boccassi 2f39220e7c mkosi: remove ?priority(required) from debian pkg list
Requires apt 2.3.10 which is not available in stable, and also doesn't
seem necessary, same packages are installed anyway
Add tzdata manually, as that doesn't seem to be pulled in via the CI.
2023-04-21 13:43:49 +02:00
Lennart Poettering 4560d99e5e tre-wide: use FORMAT_DEVNUM() a bit more 2023-04-21 12:45:49 +02:00
Lennart Poettering 67458536af tree-wide: convert more cases do DEVNUM_FORMAT_STR()/DEVNUM_FORMAT_VAL()
Let's use our nice macros a bit more.

(Not comprehensive)
2023-04-21 12:41:15 +02:00
Luca Boccassi 21453b8b4b
Merge pull request #27349 from mrc0mmand/codespell
tree-wide: code spelling fixes
2023-04-20 22:02:17 +01:00
Frantisek Sumsal 7c782513e5 README: add a Weblate badge 2023-04-20 22:06:28 +02:00
Frantisek Sumsal 94d82b5980 tree-wide: code spelling fixes
As reported by Fossies.
2023-04-20 21:54:59 +02:00
Zbigniew Jędrzejewski-Szmek 08c2f9c626 detect-virt: add message at debug level
Normal users do not have permissions to access /proc/1/root, so
'systemd-detect-virt -r' fails, but the output, even at debug level
is cryptic:

$ SYSTEMD_LOG_LEVEL=debug build/systemd-detect-virt -r
Failed to check for chroot() environment: Permission denied

Let's make this a bit easier to figure out:

$ SYSTEMD_LOG_LEVEL=debug build/systemd-detect-virt -r
Cannot stat /proc/1/root: Permission denied
Failed to check for chroot() environment: Permission denied

I looked over other users of files_same(), and I think in general the message
at debug level is OK for them too.
2023-04-21 03:20:24 +08:00
Gustavo Noronha Silva 6b8e90545e Apply known iocost solutions to block devices
Meta's resource control demo project[0] includes a benchmark tool that can
be used to calculate the best iocost solutions for a given SSD.

  [0]: https://github.com/facebookexperimental/resctl-demo

A project[1] has now been started to create a publicly available database
of results that can be used to apply them automatically.

  [1]: https://github.com/iocost-benchmark/iocost-benchmarks

This change adds a new tool that gets triggered by a udev rule for any
block device and queries the hwdb for known solutions. The format for
the hwdb file that is currently generated by the github action looks like
this:

  # This file was auto-generated on Tue, 23 Aug 2022 13:03:57 +0000.
  # From the following commit:
  # ca82acfe93
  #
  # Match key format:
  # block:<devpath>:name:<model name>:

  # 12 points, MOF=[1.346,1.346], aMOF=[1.249,1.249]
  block:*:name:HFS256GD9TNG-62A0A:fwver:*:
    IOCOST_SOLUTIONS=isolation isolated-bandwidth bandwidth naive
    IOCOST_MODEL_ISOLATION=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_ISOLATION=rpct=0.00 rlat=8807 wpct=0.00 wlat=59023 min=100.00 max=100.00
    IOCOST_MODEL_ISOLATED_BANDWIDTH=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_ISOLATED_BANDWIDTH=rpct=0.00 rlat=8807 wpct=0.00 wlat=59023 min=100.00 max=100.00
    IOCOST_MODEL_BANDWIDTH=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_BANDWIDTH=rpct=0.00 rlat=8807 wpct=0.00 wlat=59023 min=100.00 max=100.00
    IOCOST_MODEL_NAIVE=rbps=1091439492 rseqiops=52286 rrandiops=63784 wbps=192329466 wseqiops=12309 wrandiops=16119
    IOCOST_QOS_NAIVE=rpct=99.00 rlat=8807 wpct=99.00 wlat=59023 min=75.00 max=100.00

The IOCOST_SOLUTIONS key lists the solutions available for that device
in the preferred order for higher isolation, which is a reasonable
default for most client systems. This can be overriden to choose better
defaults for custom use cases, like the various data center workloads.

The tool can also be used to query the known solutions for a specific
device or to apply a non-default solution (say, isolation or bandwidth).

Co-authored-by: Santosh Mahto <santosh.mahto@collabora.com>
2023-04-20 16:45:57 +02:00
Lennart Poettering 18010d394b
Merge pull request #27327 from DaanDeMeyer/hotplug
kmod-setup: Add early loading for virtio_console
2023-04-20 16:34:12 +02:00
Daan De Meyer a93aaede29 kmod-setup: Add early loading for virtio_console
getty-generator enables serial-getty@.service for virtualizer consoles
that it can find in /sys/class/tty. To make sure this works for
virtio consoles, let's make sure we load the module is loaded early
so that the /sys/class/tty/hvc0 exists before we run getty-generator.
2023-04-20 13:43:37 +02:00
Daan De Meyer d2f57745d5 core: Parse logging environment earlier
Let's make sure we parse the logging environment ASAP so that the
options apply to more code. e.g. to allow debugging kmod-setup.c
for example.
2023-04-20 13:43:37 +02:00
Daan De Meyer e1d8f702a2 kmod-setup: Introduce match_modalias_recurse_dir_cb()
Let's make the logic around matching a modalias a bit more generic.
2023-04-20 13:43:37 +02:00
Daan De Meyer 70cc7ed97e string-util: Add startswith_strv()
This is the function version of STARTSWITH_SET(). We also move
STARTSWITH_SET() to string-util.h as it fits more there than in
strv.h and reimplement it using startswith_strv().
2023-04-20 13:43:37 +02:00
Daan De Meyer 85003d1296 mkosi: Disable kmsg ratelimiting 2023-04-20 13:43:37 +02:00
Daan De Meyer 3fe07e9525 log: Log when kmsg is being ratelimited
Let's avoid confusing developers and users when log messages suddenly
stop getting logged to kmsg because of ratelimiting by logging an
additional message if we start ratelimiting log messages to kmsg.
2023-04-20 13:43:36 +02:00
Daan De Meyer 8750a06b6c log: Add knob to disable kmsg ratelimiting
This allows us to disable kmsg ratelimiting in the integration tests
and mkosi for easier debugging.
2023-04-20 13:43:34 +02:00
Lennart Poettering 14ce246771 dissect: let's check for crypto_LUKS before fstype allowlist check
When trying to mount a partition that is encrypted without the
encryption first having been set up we want to return a
recognizable error (EUNATCH). This was broken by
80ce8580f5 which added an allowlist check
for permissible file systems first. Let's reverse the check order, so
that we get EUNATCH again, as before. (And leave EIDRM as error for the
failed allowlist check).
2023-04-20 13:39:28 +02:00
Lennart Poettering ed6a6bac45 ratelimit: handle counter overflows somewhat sanely
An overflow here (i.e. the counter reaching 2^32 within a ratelimit time
window) is not so unlikely. Let's handle this somewhat sanely
and simply stop counting, while remaining in the "limit is hit" state until
the time window has passed.
2023-04-20 13:39:06 +02:00
Lennart Poettering e002b8a28a man: try to make clearer that /var/ is generally not available in /usr/lib/systemd/system-shutdown/ callouts
I made the mistake to look into what is installed into
/usr/lib/systemd/system-shutdown/ on Fedora. fwdupd among other things
assumes /var/ is available from these callouts, though it is not in the
general case.

Hence, let's emphasize this in the documentation a bit more.
2023-04-20 13:38:49 +02:00
Lennart Poettering 4d49f44f0f dissect-image: issue BLKFLSBUF before probing an fs at block device offset != 0
See added code comment for a longer explanation. TLDR: Linux maintains
distinct block device caches for partition and "whole" block devices,
and a simply BLKFLSBUF should make the worst confusions this causes go
away.
2023-04-20 13:38:32 +02:00
Robert Meijers 4646cdaa37 networkd: fallback to chaddr for static lease lookup when not found
DHCP static leases are looked up by the client identifier as send by
the client, while configured based on MAC. As RFC 2131 states the client
identifier is an opaque key and must not be interpreted by the server
this means that DHCP clients can (/will) also use a client identifier
which is not a MAC address. One of these clients actually is
systemd-networkd which uses an RFC 4361 by default to generate the
client identifier. For these kind of DHCP clients static leases thus
don't work because of this mismatch between configuring a MAC address
but the server matching based on client identifier. This adds a fallback
to try to look up a configured static lease based on the "chaddr" of the
DHCP message as this will always contain the MAC address of the client.

Fixes #21368
2023-04-20 19:18:50 +09:00
Yu Watanabe 114e85d28e core/device: rewrite how device unit is removed from Manager.devices_by_sysfs
If the device unit is not the head of the list saved in
Manager.devices_by_sysfs, then it is not necessary to replace the
existing hashmap entry. This should not change any behavior, just
refactoring.
2023-04-20 09:22:25 +02:00
Yu Watanabe 24a5370bbc list: fix double evaluation 2023-04-20 09:20:08 +02:00
Daan De Meyer 59e4eeed78
Merge pull request #27299 from yuwata/chase-absolute
chase: return absolute path when dir_fd points to the root directory
2023-04-20 09:19:22 +02:00
Yu Watanabe 47041a2b91 hwdb: disable entry for Logitech USB receiver used by G502 X
Fixes a bug introduced by dede07d3d0.

Fixes #27118.
2023-04-19 21:14:03 +01:00
Yu Watanabe cb3c6aec3a core: add one missing assertion for release_resource_queue
Follow-up for 6ac62d61db.
2023-04-19 21:12:08 +01:00
Quintin Hill 0214ead6ee dissect-image: fix log level in dissect_log_error
Actually use the log_level argument in this function!

Fixes 4953e39
2023-04-20 02:04:15 +08:00
Daan De Meyer 6b7e774b5d mkosi: Update to latest 2023-04-19 10:13:06 +02:00
Yu Watanabe c19f1cc9a5 test: add regression tests for find_esp() and friend 2023-04-19 04:04:57 +09:00
Yu Watanabe 60e761d8f3 chase: replace path_prefix_root_cwd() with chaseat_prefix_root()
The function path_prefix_root_cwd() was introduced for prefixing the
result from chaseat() with root, but
- it is named slightly generic,
- the logic is different from what chase() does.

This makes the name more explanative and specific for the result of the
chaseat(), and make the logic consistent with chase().

Fixes https://github.com/systemd/systemd/pull/27199#issuecomment-1511387731.

Follow-up for #27199.
2023-04-19 03:38:59 +09:00
Yu Watanabe 8d3c49b168 fd-util: skip to check mount ID if kernel is too old and /proc is not mounted
Now, dir_fd_is_root() is heavily used in chaseat(), which is used at
various places. If the kernel is too old and /proc is not mounted, then
there is no way to get the mount ID of a directory. In that case, let's
silently skip the mount ID check.

Fixes https://github.com/systemd/systemd/pull/27299#issuecomment-1511403680.
2023-04-19 03:38:47 +09:00
Yu Watanabe 4b1e461c49 mountpoint-util: check /proc is mounted on failure 2023-04-19 03:28:34 +09:00