The text used "unit's view" to mean mount namespace. But we talk about
mount namespaces in the later part of the paragraph anyway, so trying to
use an "approachable term" only makes the whole thing harder to understand.
Let's use the precise term.
Some paragraph-breaking and re-indentation is done too.
This undoes part of 4c890ad3cc: the
implementations of update-dbus-docs and update-man-rules are moved back to
man/meson.build, and alias_target() is used to keep the visible target names
unchanged.
The rules for man pages are reworked so that it's possible to invoke the
targets even if xstlproc is not available. After all, xsltproc is only needed
for the final formatted output, and not other processing.
There is some inconsistency, partially caused by the awkward naming
of the docs/ pages. But let's be consistent and use the "official" title.
If we ever change plural↔singular, we should use the same form everywhere.
nss-resolve also looks in /etc/hosts, and has the same local hostname
resolving logic as nss-myhostname. We shouldn't recommend another order
than nss-resolve uses internally.
When nss-resolve is used, there's no possibility to override
nss-myhostname hosts via DNS *anyway*.
On top of that, it's not a good idea to allow DNS to override local
hostnames as all - at least not something we should advertise in the
docs.
Followup of f918c67d38 /
https://github.com/systemd/systemd/pull/16754.
Updated manpage for sd_bus_set_property and sd_bus_set_propertyv. In the old manpage, these functions included the parameter sd_bus_message **reply when the actual function had no such argument.
* Fixed typo
Before, the file claimed that some systemd units are created "from other
configuration". It should have read "from other configuration files".
Co-authored-by: Nozz <nozolo90@gmail.com>
Since f4b2933ee7
if a description is not set, sd_bus_open_with_description returns -ENXIO, but the
documnetation stated that it returned successfully with a NULL string.
This reverts commit cb0e818f7c.
After this was merged, some design and implementation issues were discovered,
see the discussion in #18782 and #19385. They certainly can be fixed, but so
far nobody has stepped up, and we're nearing a release. Hopefully, this feature
can be merged again after a rework.
Fixes#19345.
The code to print unit status formats had a long history, and became a
hard-to-manage mess of duplicate code parts. We would use sprintf() to
format a string, and then call sprintf() again… The code is reworked
to avoid repeated formattings and to streamline printing to the log
and the console.
The approach used in this patch is a bit more complex then in patches by Colin
Walter and Paweł Marciniak, because an allocation is only done if "combined"
format is used. In other cases we return the existing ->id or ->description
strings. The caller can also control whether a shorter or longer status string
should be used. This way the caller can use a shorter format where it makes
sense, for example in the cylon eye output, where we don't have enough
horizontal space.
Patch is based on Colin Walters' https://github.com/systemd/systemd/pull/15957,
and Paweł Marciniak's patch posted on fedora-devel.
Note: for some reason, the functions for printing of start and stop messages
were sepearated by some unrelated functions. They are moved to be consecutive,
but this makes the much more verbose than it would be otherwise. I found it
useful to view in gitk's "new" mode.
Co-authored-by: Colin Walters <walters@verbum.org>
Co-authored-by: Paweł Marciniak <sunwire+git@gmail.com>
Output from a Fedora Rawhide container boot (w/ some follow-up patches to
tweak Descriptions):
Welcome to Fedora 35 (Rawhide Prerelease)!
Queued start job for default target graphical.target.
[ OK ] Created slice system-getty.slice - Slice /system/getty.
[ OK ] Created slice system-modprobe.slice - Slice /system/modprobe.
[ OK ] Created slice system-sshd\x2dkeygen.slice - Slice /system/sshd-keygen.
[ OK ] Created slice user.slice - User and Session Slice.
[ OK ] Started systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch.
[ OK ] Started systemd-ask-password-wall.path - Forward Password Requests to Wall Directory Watch.
[ OK ] Reached target cryptsetup.target - Local Encrypted Volumes.
[ OK ] Reached target paths.target - Path Units.
[ OK ] Reached target remote-cryptsetup.target - Remote Encrypted Volumes.
[ OK ] Reached target remote-fs.target - Remote File Systems.
[ OK ] Reached target slices.target - Slice Units.
[ OK ] Reached target swap.target - Swaps.
[ OK ] Reached target veritysetup.target - Local Verity Integrity Protected Volumes.
[ OK ] Listening on systemd-coredump.socket - Process Core Dump Socket.
[ OK ] Listening on systemd-initctl.socket - initctl Compatibility Named Pipe.
[ OK ] Listening on systemd-journald-dev-log.socket - Journal Socket (/dev/log).
[ OK ] Listening on systemd-journald.socket - Journal Socket.
[ OK ] Listening on systemd-networkd.socket - Network Service Netlink Socket.
[ OK ] Listening on systemd-userdbd.socket - User Database Manager Socket.
Mounting dev-hugepages.mount - Huge Pages File System...
Starting systemd-journald.service - Journal Service...
Starting systemd-remount-fs.service - Remount Root and Kernel File Systems...
Starting systemd-sysctl.service - Apply Kernel Variables...
[ OK ] Mounted dev-hugepages.mount - Huge Pages File System.
[ OK ] Finished systemd-remount-fs.service - Remount Root and Kernel File Systems.
Starting systemd-hwdb-update.service - Rebuild Hardware Database...
Starting systemd-sysusers.service - Create System Users...
[ OK ] Finished systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Started systemd-journald.service - Journal Service.
Starting systemd-journal-flush.service - Flush Journal to Persistent Storage...
[ OK ] Finished systemd-sysusers.service - Create System Users.
Starting systemd-tmpfiles-setup-dev.service - Create Static Device Nodes in /dev...
[ OK ] Finished systemd-tmpfiles-setup-dev.service - Create Static Device Nodes in /dev.
[ OK ] Reached target local-fs-pre.target - Preparation for Local File Systems.
[ OK ] Reached target local-fs.target - Local File Systems.
[ OK ] Reached target machines.target - Containers.
Starting dracut-shutdown.service - Restore /run/initramfs on shutdown...
Starting ldconfig.service - Rebuild Dynamic Linker Cache...
[ OK ] Finished dracut-shutdown.service - Restore /run/initramfs on shutdown.
[ OK ] Finished ldconfig.service - Rebuild Dynamic Linker Cache.
[ OK ] Finished systemd-journal-flush.service - Flush Journal to Persistent Storage.
Starting systemd-tmpfiles-setup.service - Create Volatile Files and Directories...
[ OK ] Finished systemd-tmpfiles-setup.service - Create Volatile Files and Directories.
Starting systemd-journal-catalog-update.service - Rebuild Journal Catalog...
Starting systemd-oomd.service - Userspace Out-Of-Memory (OOM) Killer...
Starting systemd-update-utmp.service - Update UTMP about System Boot/Shutdown...
Starting systemd-userdbd.service - User Database Manager...
[ OK ] Finished systemd-update-utmp.service - Update UTMP about System Boot/Shutdown.
[ OK ] Finished systemd-journal-catalog-update.service - Rebuild Journal Catalog.
[ OK ] Started systemd-userdbd.service - User Database Manager.
[ OK ] Started systemd-oomd.service - Userspace Out-Of-Memory (OOM) Killer.
[ OK ] Finished systemd-hwdb-update.service - Rebuild Hardware Database.
Starting systemd-networkd.service - Network Configuration...
Starting systemd-update-done.service - Update is Completed...
[ OK ] Finished systemd-update-done.service - Update is Completed.
[ OK ] Reached target sysinit.target - System Initialization.
[ OK ] Started dnf-makecache.timer - dnf makecache --timer.
[ OK ] Started logrotate.timer - Daily rotation of log files.
[ OK ] Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories.
[ OK ] Reached target timers.target - Timer Units.
[ OK ] Listening on dbus.socket - D-Bus System Message Bus Socket.
[ OK ] Reached target sockets.target - Socket Units.
[ OK ] Reached target basic.target - Basic System.
[ OK ] Reached target sshd-keygen.target.
Starting sysstat.service - Resets System Activity Logs...
Starting systemd-homed.service - Home Area Manager...
Starting systemd-logind.service - User Login Management...
Starting dbus-broker.service - D-Bus System Message Bus...
[FAILED] Failed to start sysstat.service - Resets System Activity Logs.
See 'systemctl status sysstat.service' for details.
[ OK ] Started dbus-broker.service - D-Bus System Message Bus.
[ OK ] Started systemd-homed.service - Home Area Manager.
[ OK ] Finished systemd-homed-activate.service - Home Area Activation.
[ OK ] Started systemd-logind.service - User Login Management.
[ OK ] Started systemd-networkd.service - Network Configuration.
Starting systemd-networkd-wait-online.service - Wait for Network to be Configured...
Starting systemd-resolved.service - Network Name Resolution...
[ OK ] Started systemd-resolved.service - Network Name Resolution.
[ OK ] Reached target network.target - Network.
[ OK ] Reached target nss-lookup.target - Host and Network Name Lookups.
Starting sshd.service - OpenSSH server daemon...
Starting systemd-user-sessions.service - Permit User Sessions...
[ OK ] Finished systemd-user-sessions.service - Permit User Sessions.
[ OK ] Started console-getty.service - Console Getty.
[ OK ] Reached target getty.target - Login Prompts.
[ OK ] Started sshd.service - OpenSSH server daemon.
[ OK ] Reached target multi-user.target - Multi-User System.
[ OK ] Reached target graphical.target - Graphical Interface.
Starting systemd-update-utmp-runlevel.service - Update UTMP about System Runlevel Changes...
[ OK ] Finished systemd-update-utmp-runlevel.service - Update UTMP about System Runlevel Changes.
Fedora 35 (Rawhide Prerelease)
Kernel 5.12.12-300.fc34.x86_64 on an x86_64 (console)
rawhide login: [ OK ] Stopped session-24.scope - Session 24 of User zbyszek.
[ OK ] Removed slice system-getty.slice - Slice /system/getty.
[ OK ] Removed slice system-modprobe.slice - Slice /system/modprobe.
[ OK ] Removed slice system-sshd\x2dkeygen.slice - Slice /system/sshd-keygen.
[ OK ] Stopped target graphical.target - Graphical Interface.
[ OK ] Stopped target multi-user.target - Multi-User System.
[ OK ] Stopped target getty.target - Login Prompts.
[ OK ] Stopped target machines.target - Containers.
[ OK ] Stopped target nss-lookup.target - Host and Network Name Lookups.
[ OK ] Stopped target remote-cryptsetup.target - Remote Encrypted Volumes.
[ OK ] Stopped target timers.target - Timer Units.
[ OK ] Stopped dnf-makecache.timer - dnf makecache --timer.
[ OK ] Stopped logrotate.timer - Daily rotation of log files.
[ OK ] Stopped systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories.
[ OK ] Closed systemd-coredump.socket - Process Core Dump Socket.
Stopping console-getty.service - Console Getty...
Stopping dracut-shutdown.service - Restore /run/initramfs on shutdown...
Stopping sshd.service - OpenSSH server daemon...
Stopping systemd-logind.service - User Login Management...
Stopping systemd-oomd.service - Userspace Out-Of-Memory (OOM) Killer...
Stopping user@1000.service - User Manager for UID 1000...
[ OK ] Stopped systemd-oomd.service - Userspace Out-Of-Memory (OOM) Killer.
[ OK ] Stopped systemd-networkd-wait-online.service - Wait for Network to be Configured.
[ OK ] Stopped sshd.service - OpenSSH server daemon.
[ OK ] Stopped console-getty.service - Console Getty.
[ OK ] Stopped dracut-shutdown.service - Restore /run/initramfs on shutdown.
[ OK ] Stopped target sshd-keygen.target.
[ OK ] Stopped systemd-logind.service - User Login Management.
[ OK ] Stopped user@1000.service - User Manager for UID 1000.
Stopping user-runtime-dir@1000.service - User Runtime Directory /run/user/1000...
[ OK ] Unmounted run-user-1000.mount - /run/user/1000.
[ OK ] Stopped user-runtime-dir@1000.service - User Runtime Directory /run/user/1000.
[ OK ] Removed slice user-1000.slice - User Slice of UID 1000.
Stopping systemd-user-sessions.service - Permit User Sessions...
[ OK ] Stopped systemd-user-sessions.service - Permit User Sessions.
[ OK ] Stopped target network.target - Network.
[ OK ] Stopped target remote-fs.target - Remote File Systems.
Stopping systemd-homed-activate.service - Home Area Activation...
Stopping systemd-resolved.service - Network Name Resolution...
[ OK ] Stopped systemd-resolved.service - Network Name Resolution.
Stopping systemd-networkd.service - Network Configuration...
[ OK ] Stopped systemd-homed-activate.service - Home Area Activation.
Stopping systemd-homed.service - Home Area Manager...
[ OK ] Stopped systemd-homed.service - Home Area Manager.
[ OK ] Stopped target basic.target - Basic System.
[ OK ] Stopped target paths.target - Path Units.
[ OK ] Stopped target slices.target - Slice Units.
[ OK ] Removed slice user.slice - User and Session Slice.
[ OK ] Stopped target sockets.target - Socket Units.
Stopping dbus-broker.service - D-Bus System Message Bus...
[ OK ] Stopped dbus-broker.service - D-Bus System Message Bus.
[ OK ] Closed dbus.socket - D-Bus System Message Bus Socket.
[ OK ] Stopped target sysinit.target - System Initialization.
[ OK ] Stopped target cryptsetup.target - Local Encrypted Volumes.
[ OK ] Stopped systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch.
[ OK ] Stopped systemd-ask-password-wall.path - Forward Password Requests to Wall Directory Watch.
[ OK ] Stopped target veritysetup.target - Local Verity Integrity Protected Volumes.
[ OK ] Stopped systemd-update-done.service - Update is Completed.
[ OK ] Stopped ldconfig.service - Rebuild Dynamic Linker Cache.
[ OK ] Stopped systemd-hwdb-update.service - Rebuild Hardware Database.
[ OK ] Stopped systemd-journal-catalog-update.service - Rebuild Journal Catalog.
Stopping systemd-update-utmp.service - Update UTMP about System Boot/Shutdown...
[ OK ] Stopped systemd-networkd.service - Network Configuration.
[ OK ] Closed systemd-networkd.socket - Network Service Netlink Socket.
[ OK ] Stopped systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Stopped systemd-update-utmp.service - Update UTMP about System Boot/Shutdown.
[ OK ] Stopped systemd-tmpfiles-setup.service - Create Volatile Files and Directories.
[ OK ] Stopped target local-fs.target - Local File Systems.
Unmounting home.mount - /home...
Unmounting run-credentials-systemd\x2dsysusers.se…e.mount - /run/credentials/systemd-sysusers.service...
Unmounting tmp.mount - Temporary Directory /tmp...
[ OK ] Unmounted home.mount - /home.
[ OK ] Unmounted tmp.mount - Temporary Directory /tmp.
[ OK ] Unmounted run-credentials-systemd\x2dsysusers.service.mount - /run/credentials/systemd-sysusers.service.
[ OK ] Stopped target local-fs-pre.target - Preparation for Local File Systems.
[ OK ] Stopped target swap.target - Swaps.
[ OK ] Reached target umount.target - Unmount All Filesystems.
[ OK ] Stopped systemd-tmpfiles-setup-dev.service - Create Static Device Nodes in /dev.
[ OK ] Stopped systemd-sysusers.service - Create System Users.
[ OK ] Stopped systemd-remount-fs.service - Remount Root and Kernel File Systems.
[ OK ] Reached target shutdown.target - System Shutdown.
[ OK ] Reached target final.target - Late Boot Services.
[ OK ] Finished systemd-poweroff.service - System Power Off.
[ OK ] Reached target poweroff.target - System Power Off.
Sending SIGTERM to remaining processes...
Sending SIGKILL to remaining processes...
All filesystems, swaps, loop devices, MD devices and DM devices detached.
Powering off.
The mount option has special meaning when SELinux is enabled. To make
NoNewPrivileges=yes not break SELinux enabled systems, let's not set the
mount flag on such systems.
This reverts commit 1753d30215.
Let's re-enable that feature now. As reported when the original commit
was merged, this causes some trouble on SELinux enabled systems. So,
in the subsequent commit, the feature will be disabled when SELinux is enabled.
But, anyway, this commit just re-enable that feature unconditionally.
If ActivationPolicy= is set to down, always-down, or manual, then any
matching link will delay boot (due to delaying network-online.target).
If RequiredForOnline= wasn't explicitly set, then default it to false
if ActivationPolicy= is down or manual. If ActivationPolicy=always-down,
then force RequiredForOnline=no.
This is useful for provisioning initially empty secondary A/B root file
systems. We don't want those to ever be considered for automatic
mounting, for example in "systemd-nspawn --image=", hence we should
create them with the No-Auto flag turned on. Once a file system image is
dropped into the partition the flag may be turned off by the updater
tool, so that it is considered from then on.
Thew new option for this is called NoAuto. I dislike negated options
like this, but this is taken from the naming in the spec, which in turn
inherited the name from the same flag for Microsoft Data Partitions. To
minimize confusion, let's stick to the name hence.
Text currently refers to `/etc/nsswitch.conf` where it should refer to `/etc/resolv.conf`.
This is in the context of defining a nameserver IP and search domains.
So in theory UUID Variant 2 (i.e. microsoft GUIDs) are supposed to be
displayed in native endian. That is of course a bad idea, and Linux
userspace generally didn't implement that, i.e. uuidd and similar.
Hence, let's not bother either, but let's document that we treat
everything the same as Variant 1, even if it declares something else.
This reverts commit d8e3c31bd8.
A poorly documented fact is that SELinux unfortunately uses nosuid mount flag
to specify that also a fundamental feature of SELinux, domain transitions, must
not be allowed either. While this could be mitigated case by case by changing
the SELinux policy to use `nosuid_transition`, such mitigations would probably
have to be added everywhere if systemd used automatic nosuid mount flags when
`NoNewPrivileges=yes` would be implied. This isn't very desirable from SELinux
policy point of view since also untrusted mounts in service's mount namespaces
could start triggering domain transitions.
Alternatively there could be directives to override this behavior globally or
for each service (for example, new directives `SUIDPaths=`/`NoSUIDPaths=` or
more generic mount flag applicators), but since there's little value of the
commit by itself (setting NNP already disables most setuid functionality), it's
simpler to revert the commit. Such new directives could be used to implement
the original goal.
Previously, IPv6LinkLocalAddressGenerationMode= is not set, then we
define the address generation mode based on the result of reading
stable_secret sysctl value. This makes the mode is determined by whether
a secret address is specified in the new setting.
Closes#19622.
For "systemd-tmpfiles --cleanup", when the "Age" parameter
is specified, the criteria for deletion is determined from
the path's last modification timestamp ("mtime"), its last
access timestamp ("atime") and its last status change
timestamp ("ctime").
For instance, if one of those paths to be cleaned up are
opened, it results in the modification of "atime", which
results file system entry to not be removed because the
default aging algorithm would skip the entry.
Add an optional "age-by" argument by extending the "Age"
parameter to restrict the clean-up for a particular type
of file timestamp, which can be specified in "tmpfiles.d"
as follows:
[age-by:]cleanup-age, where age-by is "[abcmACBM]+"
For example:
d /foo/bar - - - abM:1m -
Would clean-up any files that were not accessed and created,
or directories that were not modified less than a minute ago
in "/foo/bar".
Fixes: #17002
Add the '=' action modifier that instructs tmpfiles.d to check the file
type of a path and remove objects that do not match before trying to
open or create the path.
BUG=chromium:1186405
TEST=./test/test-systemd-tmpfiles.py "$(which systemd-tmpfiles)"
Change-Id: If807dc0db427393e9e0047aba640d0d114897c26
When using top level drop-ins it isn't immediately obvious that one can
make use of symlinking to disable a top-level drop in for a specific
unit.
Signed-off-by: Peter Morrow <pemorrow@linux.microsoft.com>
When /var/lib/systemd/coredump/ is backed by a tmpfs, all disk usage
will be accounted under the systemd-coredump process cgroup memory
limit.
If MemoryMax is set, this might cause systemd-coredump to be terminated
by the kernel oom handler when writing large uncompressed core files,
even if the compressed core would fit within the limits.
Detect if a tmpfs is used, and if so check MemoryMax from the process
and slice cgroups, and do not write uncompressed core files that are
greater than half the available memory. If the limit is breached,
stop writing and compress the written chunk immediately, then delete
the uncompressed chunk to free more memory, and resume compressing
directly from STDIN.
Example debug log when this situation happens:
systemd-coredump[737455]: Setting max_size to limit writes to 51344896 bytes.
systemd-coredump[737455]: ZSTD compression finished (51344896 -> 3260 bytes, 0.0%)
systemd-coredump[737455]: ZSTD compression finished (1022786048 -> 47245 bytes, 0.0%)
systemd-coredump[737455]: Process 737445 (a.out) of user 1000 dumped core.
Try to infer the unused memory that a unit can claim before the
memory.max limit is reached, including any limit set on any parent
slice above the unit itself.
We were effectively doing all post-upgrade scripts twice in Fedora. We got this
wrong, so it's likely other people will get it wrong too. So let's explain
what is actually needed to make this work, but also when it's not useful.
Use the option name 'password-echo' instead of the generic term
'silent'.
Make the option take an argument for better control over echoing
behavior.
Related discussion in https://github.com/systemd/systemd/pull/19619
This adds --visible=yes|no|asterisk which allow controlling the echo of
the password prompt in detail. The existing --echo switch is then made
an alias for --visible=yes (and a shortcut -e added for it too).
This catches up homed's FIDO2 support with cryptsetup's: we'll now store
the uv/up/clientPin configuration at enrollment in the user record JSON
data, and use it when authenticating with it.
This also adds explicit "uv" support: we'll only allow it to happen when
the client explicity said it's OK. This is then used by clients to print
a nice message suggesting "uv" has to take place before retrying
allowing it this time. This is modelled after the existing handling for
"up".
Giving --echo to systemd-ask-password allows to echo the user input.
There's nothing secret, so do not show a lock and key emoji by default.
The behavior can be controlled with --emoji=yes|no|auto. The default is
auto, which defaults to yes, unless --echo is given.
0cf8469387 added --console.
6af621248f added an optional argument, but didn't
update the help texts.
Note that there is no ambiguity with the optional argument because no positional
arguments are allowed.
This adds two things:
- A new switch --uuid is added to "udevadm trigger". If specified a
random UUID is associated with the synthettic uevent and it is printed
to stdout. It may then be used manually to match up uevents as they
propagate through the system.
- The UUID logic is now implicitly enabled if "udevadm trigger --settle"
is used, in order to wait for precisely the uevents we actually
trigger. Fallback support is kept for pre-4.13 kernels (where the
requests for trigger uevents with uuids results in EINVAL).
This is the case because the ID128 we generate are all marked as v4 UUID
which requires that some bits are zero and others are one. Let's
document this so that people can rely on SD_ID128_NULL being a special
value for "uninitialized" that is always distinguishable from generated
UUIDs.
When `NoNewPrivileges=yes`, the service shouldn't have a need for any
setuid/setgid programs, so in case there will be a new mount namespace anyway,
mount the file systems with MS_NOSUID.
The code works differently than the docs, and the code is right here.
Fix the doc hence.
See VALID_CHARS in unit-name.c for details about allowed chars in unit
names, but keep in mind that "-" and "\" are special, since generated by
the escaping logic: they are OK to show up in unit names, but need to be
escaped when converting foreign strings to unit names to make sure
things remain reversible.
Fixes: #19623
Strictly speaking adding this is a compatibility break, given that
previously % weren't special. But I'd argue that was simply a bug, as
for the much more prominent Environment= service setting we always
resolved specifiers, and DEfaultEnvironment= is explicitly listed as
being the default for that. Hence, let's fix that.
Replaces: #16787
This might be useful for CopyFiles=, to reference some subdir of $TMP in
a generic way. This allows us to use the new common
system_and_tmp_specifier_table[].
Previously, we supported only "," as separator. This adds support for
"+" and makes it the documented choice.
This is to make specifying PCRs in crypttab easier, since commas are
already used there for separating volume options, and needless escaping
sucks.
"," continues to be supported, but in order to keep things minimal not
documented.
Fixe: #19205
This is like a really strong version of Wants=, that keeps starting the
specified unit if it is ever found inactive.
This is an alternative to Restart= inside a unit, acknowledging the fact
that whether to keep restarting the unit is sometimes not a property of
the unit itself but the state of the system.
This implements a part of what #4263 requests. i.e. there's no
distinction between "always" and "opportunistic". We just dumbly
implement "always" and become active whenever we see no job queued for
an inactive unit that is supposed to be upheld.
This is similar to OnFailure= but is activated whenever a unit returns
into inactive state successfully.
I was always afraid of adding this, since it effectively allows building
loops and makes our engine Turing complete, but it pretty much already
was it was just hidden.
Given that we have per-unit ratelimits as well as an event loop global
ratelimit I feel safe to add this finally, given it actually is useful.
Fixes: #13386
This takes inspiration from PropagatesReloadTo=, but propagates
stop jobs instead of restart jobs.
This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP +
UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the
unit the dependency is originating from is stopped based on user
request, we'll propagate the stop job to the target unit, too. In
addition, when the originating unit suddenly stops from external causes
the stopping is propagated too. Note that this does *not* include the
UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=),
i.e. this dependency is purely about propagating "edges" and not
"levels", i.e. it's about propagating specific events, instead of
continious states.
This is supposed to be useful for dependencies between .mount units and
their backing .device units. So far we either placed a BindsTo= or
Requires= dependency between them. The former gave a very clear binding
of the to units together, however was problematic if users establish
mounnts manually with different block device sources than our
configuration defines, as we there might come to the conclusion that the
backing device was absent and thus we need to umount again what the user
mounted. By combining Requires= with the new StopPropagatedFrom= (i.e.
the inverse PropagateStopTo=) we can get behaviour that matches BindsTo=
in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is
absent, and hence the level-triggered logic doesn't apply.
Replaces: #11340
Let's add an implicit reverse dep OnFailureOf=. This is exposed via the
bus to make things more debuggable: you can now ask systemd for which
units a specific unit is the failure handler.
OnFailure= was the only dependency type that had no inverse, this fixes
that.
Now that deps are a bit cheaper, it should be OK to add deps that only
serve debug purposes.
The slice a unit is assigned to is currently a UnitRef reference. Let's
turn it into a proper dependency, to simplify and clean up code a bit.
Now that new dep types are cheaper, deps should generally be preferable
over everything else, if the concept applies.
This brings one major benefit: we often have to iterate through all unit
a slice contains. So far we iterated through all Before= dependencies of
the slice unit to achieve that, filtering out unrelated units, and
taking benefit of the fact that slice units are implicitly ordered
Before= the units they contain. By making Slice= a proper dependency,
and having an accompanying SliceOf= dependency type, this is much
simpler and nicer as we can directly enumerate the units a slice
contains.
The forward dependency is actually called InSlice internally, since we
already used the UNIT_SLICE name as UnitType field. However, since we
don't intend to expose the dependency to users as dep anyway (we already
have the regular Slice D-Bus property for this) this shouldn't matter.
The SliceOf= implicit dependency type (the erverse of Slice=/InSlice=)
is exported over the bus, to make things a bit nicer to debug and
discoverable.
Previously, when a link has already in a numbered group, we cannot
remove the link from the group.
This also fixes the range mentioned in the man page.
This is also not entirely obvious. I think the code I came
up with is pretty elegant ;] The final part of of the code that makes
use of the parsed data is kept very similar to the shell code on purpose,
even though it could be written a bit more idiomatically.
Let's order the fields from the most general to least: os name, os variant, os
version, machine-parseable version details, metadata, special settings. I added
section headers to roughly group the settings. The division is not strict,
because for example CPE_NAME also includes the version, and PRETTY_NAME may
too, but it still makes it easier to find the right name.
Also split out Examples to separate paragraphs:
almost all descriptions had "Example:" at the end, where multiple
examples were listed. Splitting this out to separate paragraphs
makes the whole thing much easier to read.
Add missing markup and punctuation while at it.
About
- If not set, defaults to <literal>NAME=Linux</literal>.
+ If not set, a default of <literal>NAME=Linux</literal> may be used.
and similar changes: in many circumstances, if this is not set, no value should
be used. The fallback mostly make sense when we need to present something to the
user. So let's reword this to not imply that the default is necessary.
With new "online state" semantics in networkd, make the description of
RequiredFamilyForOnline= a little more broad. Some rewording has been
done to make the passage easier to understand.
