Lennart Poettering [Tue, 5 May 2020 19:46:56 +0000 (21:46 +0200)]
sysusers: be extra careful when locking accounts
Let's use "!*" instead of "!!" as invalid password string.
Generally, any invalid password string can be used to for locking an
account, according to shadow(5). To temporarily lock a password of an
account it is commonly implemented to prefix the original password with
a single "!", so that it can later on be unlocked again by removing the
"!", restoring the original password. Thus, the "!" marker is an
indicator for a locked password; the act of prefixing "!" to a
password string is the locking operation; and the removal of a "!"
prefix is the unlock operation. (This is also suggested in shadow(5)).
If we want to entirely lock an account we previously used "!!" as
password string. This is nice since it indicates the password is locked.
However, it is less than ideal, since applying the password unlock
operation once will change the string to "!", which is still a locked
password. Unlocking the password a second time will result in "", i.e.
the empty password, which will in many cases allow logging in without
password. And that's a problem. Hopefully, tools do not allow such
duplicate unlocking, but it's still not a nice property.
By changing our password string to "!*" we get different behaviour: the
password will appear locked. When it is unlocked the password is "*"
which is an invalid password. In that case the password is hence
unlocked but invalid, which is a much better state to be in than the
above.
This is paranoia hardening. Not more. There's no report that anyone
every unlocked an account twice and people could log in.
Lennart Poettering [Wed, 6 May 2020 06:19:37 +0000 (08:19 +0200)]
Merge pull request #15692 from keszybz/preset-cleanup
Make systemctl list-unit-files output more useful
Zbigniew Jędrzejewski-Szmek [Mon, 4 May 2020 18:01:52 +0000 (20:01 +0200)]
systemctl: do not show preset state for "static"/"alias"/"generated"/"transient" units
This modifies list-unit-files and status.
The output of list-unit-files would contain various lines with "static
disabled", which is just misleading, because systemctl preset will not touch
those files, so the preset configuration is not relevant. Similarly, for
"generated" and "transient" units, preset state is irrelevant. For "alias"
lines, the preset for the alias target would be used. In all cases let's just
skip preset status in those cases.
Diff for a a Fedora rawhide container:
--- $ systemctl --root=/tmp/root2 list-unit-files
+++ $ build/systemctl --root=/tmp/root2 list-unit-files
@@ -1,125 +1,125 @@
UNIT FILE STATE VENDOR PRESET
-proc-sys-fs-binfmt_misc.automount static disabled
-dev-hugepages.mount static disabled
-dev-mqueue.mount static disabled
-proc-fs-nfsd.mount static disabled
+proc-sys-fs-binfmt_misc.automount static
+dev-hugepages.mount static
+dev-mqueue.mount static
+proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount disabled disabled
-sys-fs-fuse-connections.mount static disabled
-sys-kernel-config.mount static disabled
-sys-kernel-debug.mount static disabled
-sys-kernel-tracing.mount static disabled
-tmp.mount static disabled
-var-lib-nfs-rpc_pipefs.mount static disabled
+sys-fs-fuse-connections.mount static
+sys-kernel-config.mount static
+sys-kernel-debug.mount static
+sys-kernel-tracing.mount static
+tmp.mount static
+var-lib-nfs-rpc_pipefs.mount static
ostree-finalize-staged.path disabled enabled
-systemd-ask-password-console.path static disabled
-systemd-ask-password-plymouth.path static disabled
-systemd-ask-password-wall.path static disabled
+systemd-ask-password-console.path static
+systemd-ask-password-plymouth.path static
+systemd-ask-password-wall.path static
abrt-journal-core.service enabled enabled
abrt-oops.service enabled enabled
abrt-pstoreoops.service disabled disabled
abrt-vmcore.service enabled enabled
abrt-xorg.service enabled enabled
abrtd.service enabled enabled
-anaconda-direct.service static disabled
-anaconda-nm-config.service static disabled
-anaconda-noshell.service static disabled
-anaconda-pre.service static disabled
-anaconda-shell@.service static disabled
-anaconda-sshd.service static disabled
-anaconda-tmux@.service static disabled
-anaconda.service static disabled
+anaconda-direct.service static
+anaconda-nm-config.service static
+anaconda-noshell.service static
+anaconda-pre.service static
+anaconda-shell@.service static
+anaconda-sshd.service static
+anaconda-tmux@.service static
+anaconda.service static
arp-ethers.service disabled disabled
atd.service enabled enabled
auditd.service enabled enabled
-auth-rpcgss-module.service static disabled
+auth-rpcgss-module.service static
autofs.service disabled disabled
-autovt@.service enabled disabled
-blivet.service static disabled
+autovt@.service alias
+blivet.service static
blk-availability.service disabled disabled
bluetooth.service enabled enabled
-btattach-bcm@.service static disabled
+btattach-bcm@.service static
certmonger.service disabled disabled
-chrony-dnssrv@.service static disabled
+chrony-dnssrv@.service static
chrony-wait.service disabled disabled
chronyd.service enabled enabled
-clean-mount-point@.service static disabled
-cockpit-motd.service static disabled
-cockpit-wsinstance-http-redirect.service static disabled
-cockpit-wsinstance-http.service static disabled
-cockpit-wsinstance-https-factory@.service static disabled
-cockpit-wsinstance-https@.service static disabled
-cockpit.service static disabled
+clean-mount-point@.service static
+cockpit-motd.service static
+cockpit-wsinstance-http-redirect.service static
+cockpit-wsinstance-http.service static
+cockpit-wsinstance-https-factory@.service static
+cockpit-wsinstance-https@.service static
+cockpit.service static
console-getty.service disabled disabled
-container-getty@.service static disabled
+container-getty@.service static
dbus-broker.service enabled enabled
dbus-daemon.service disabled disabled
-dbus-org.bluez.service enabled disabled
-dbus-org.fedoraproject.FirewallD1.service enabled disabled
-dbus-org.freedesktop.home1.service static disabled
-dbus-org.freedesktop.hostname1.service static disabled
-dbus-org.freedesktop.locale1.service static disabled
-dbus-org.freedesktop.login1.service static disabled
-dbus-org.freedesktop.ModemManager1.service enabled disabled
-dbus-org.freedesktop.nm-dispatcher.service enabled disabled
-dbus-org.freedesktop.portable1.service static disabled
-dbus-org.freedesktop.timedate1.service static disabled
-dbus.service enabled disabled
+dbus-org.bluez.service alias
+dbus-org.fedoraproject.FirewallD1.service alias
+dbus-org.freedesktop.home1.service alias
+dbus-org.freedesktop.hostname1.service alias
+dbus-org.freedesktop.locale1.service alias
+dbus-org.freedesktop.login1.service alias
+dbus-org.freedesktop.ModemManager1.service alias
+dbus-org.freedesktop.nm-dispatcher.service alias
+dbus-org.freedesktop.portable1.service alias
+dbus-org.freedesktop.timedate1.service alias
+dbus.service alias
dbxtool.service enabled enabled
debug-shell.service disabled disabled
-dm-event.service static enabled
+dm-event.service static
dmraid-activation.service enabled enabled
-dnf-makecache.service static disabled
+dnf-makecache.service static
dnsmasq.service disabled disabled
-dracut-cmdline.service static disabled
-dracut-initqueue.service static disabled
-dracut-mount.service static disabled
-dracut-pre-mount.service static disabled
-dracut-pre-pivot.service static disabled
-dracut-pre-trigger.service static disabled
-dracut-pre-udev.service static disabled
-dracut-shutdown.service static disabled
+dracut-cmdline.service static
+dracut-initqueue.service static
+dracut-mount.service static
+dracut-pre-mount.service static
+dracut-pre-pivot.service static
+dracut-pre-trigger.service static
+dracut-pre-udev.service static
+dracut-shutdown.service static
ead.service disabled disabled
-emergency.service static disabled
+emergency.service static
fancontrol.service disabled disabled
firewalld.service enabled enabled
-fprintd.service static disabled
-fstrim.service static disabled
+fprintd.service static
+fstrim.service static
getty@.service enabled enabled
-grub-boot-indeterminate.service static disabled
+grub-boot-indeterminate.service static
gssproxy.service disabled disabled
import-state.service enabled enabled
initial-setup-reconfiguration.service disabled disabled
initial-setup.service enabled disabled
-initrd-cleanup.service static disabled
-initrd-parse-etc.service static disabled
-initrd-switch-root.service static disabled
-initrd-udevadm-cleanup-db.service static disabled
-instperf.service static disabled
+initrd-cleanup.service static
+initrd-parse-etc.service static
+initrd-switch-root.service static
+initrd-udevadm-cleanup-db.service static
+instperf.service static
io.podman.service disabled disabled
irqbalance.service enabled enabled
-iscsi-shutdown.service static disabled
+iscsi-shutdown.service static
iscsi.service enabled disabled
iscsid.service disabled disabled
iscsiuio.service disabled disabled
iwd.service disabled disabled
kdump.service disabled disabled
-kmod-static-nodes.service static disabled
-ldconfig.service static disabled
+kmod-static-nodes.service static
+ldconfig.service static
lm_sensors.service enabled enabled
loadmodules.service disabled disabled
-logrotate.service static disabled
-lvm2-lvmpolld.service static enabled
+logrotate.service static
+lvm2-lvmpolld.service static
lvm2-monitor.service enabled enabled
-lvm2-pvscan@.service static disabled
-man-db-cache-update.service static disabled
+lvm2-pvscan@.service static
+man-db-cache-update.service static
man-db-restart-cache-update.service disabled disabled
-mdadm-grow-continue@.service static disabled
-mdadm-last-resort@.service static disabled
-mdmon@.service static disabled
+mdadm-grow-continue@.service static
+mdadm-last-resort@.service static
+mdmon@.service static
mdmonitor.service enabled enabled
-mlocate-updatedb.service static disabled
+mlocate-updatedb.service static
ModemManager.service enabled enabled
-modprobe@.service static disabled
+modprobe@.service static
multipathd.service enabled enabled
ndctl-monitor.service disabled disabled
NetworkManager-dispatcher.service enabled enabled
@@ -127,53 +127,53 @@
NetworkManager.service enabled enabled
nfs-blkmap.service disabled disabled
nfs-convert.service enabled disabled
-nfs-idmapd.service static disabled
-nfs-mountd.service static disabled
+nfs-idmapd.service static
+nfs-mountd.service static
nfs-server.service disabled disabled
-nfs-utils.service static disabled
-nfsdcld.service static disabled
+nfs-utils.service static
+nfsdcld.service static
nftables.service disabled disabled
nis-domainname.service disabled disabled
oddjobd.service disabled disabled
openhpid.service disabled disabled
-ostree-finalize-staged.service static disabled
-ostree-prepare-root.service static disabled
+ostree-finalize-staged.service static
+ostree-prepare-root.service static
ostree-remount.service enabled enabled
-packagekit-offline-update.service static disabled
-packagekit.service static disabled
+packagekit-offline-update.service static
+packagekit.service static
pcscd.service indirect disabled
-plymouth-halt.service static disabled
-plymouth-kexec.service static disabled
-plymouth-poweroff.service static disabled
-plymouth-quit-wait.service static disabled
-plymouth-quit.service static disabled
-plymouth-read-write.service static disabled
-plymouth-reboot.service static disabled
-plymouth-start.service static disabled
-plymouth-switch-root.service static disabled
+plymouth-halt.service static
+plymouth-kexec.service static
+plymouth-poweroff.service static
+plymouth-quit-wait.service static
+plymouth-quit.service static
+plymouth-read-write.service static
+plymouth-reboot.service static
+plymouth-start.service static
+plymouth-switch-root.service static
podman.service disabled disabled
-polkit.service static enabled
+polkit.service static
psacct.service disabled disabled
qemu-guest-agent.service enabled enabled
-quotaon.service static disabled
+quotaon.service static
raid-check.service disabled disabled
-rc-local.service static disabled
+rc-local.service static
rdisc.service disabled disabled
-realmd.service static disabled
-rescue.service static disabled
+realmd.service static
+rescue.service static
rngd.service enabled enabled
-rpc-gssd.service static disabled
-rpc-statd-notify.service static disabled
-rpc-statd.service static disabled
+rpc-gssd.service static
+rpc-statd-notify.service static
+rpc-statd.service static
rpcbind.service disabled disabled
rsyslog.service enabled enabled
selinux-autorelabel-mark.service enabled enabled
-selinux-autorelabel.service static disabled
+selinux-autorelabel.service static
serial-getty@.service disabled disabled
smartd.service enabled enabled
sshd-keygen@.service disabled disabled
sshd.service enabled enabled
-sshd@.service static disabled
+sshd@.service static
sssd-autofs.service indirect disabled
sssd-kcm.service indirect disabled
sssd-nss.service indirect disabled
@@ -182,84 +182,84 @@
sssd-ssh.service indirect disabled
sssd-sudo.service indirect disabled
sssd.service enabled enabled
-system-update-cleanup.service static disabled
-systemd-ask-password-console.service static disabled
-systemd-ask-password-plymouth.service static disabled
-systemd-ask-password-wall.service static disabled
-systemd-backlight@.service static disabled
-systemd-binfmt.service static disabled
-systemd-bless-boot.service static disabled
+system-update-cleanup.service static
+systemd-ask-password-console.service static
+systemd-ask-password-plymouth.service static
+systemd-ask-password-wall.service static
+systemd-backlight@.service static
+systemd-binfmt.service static
+systemd-bless-boot.service static
systemd-boot-check-no-failures.service disabled disabled
-systemd-boot-system-token.service static disabled
-systemd-coredump@.service static disabled
-systemd-exit.service static disabled
-systemd-firstboot.service static disabled
-systemd-fsck-root.service static disabled
-systemd-fsck@.service static disabled
-systemd-halt.service static disabled
-systemd-hibernate-resume@.service static disabled
-systemd-hibernate.service static disabled
-systemd-homed.service static disabled
-systemd-hostnamed.service static disabled
-systemd-hwdb-update.service static disabled
-systemd-hybrid-sleep.service static disabled
-systemd-initctl.service static disabled
-systemd-journal-catalog-update.service static disabled
-systemd-journal-flush.service static disabled
-systemd-journald.service static disabled
-systemd-journald@.service static disabled
-systemd-kexec.service static disabled
-systemd-localed.service static disabled
-systemd-logind.service static disabled
-systemd-machine-id-commit.service static disabled
-systemd-modules-load.service static disabled
+systemd-boot-system-token.service static
+systemd-coredump@.service static
+systemd-exit.service static
+systemd-firstboot.service static
+systemd-fsck-root.service static
+systemd-fsck@.service static
+systemd-halt.service static
+systemd-hibernate-resume@.service static
+systemd-hibernate.service static
+systemd-homed.service static
+systemd-hostnamed.service static
+systemd-hwdb-update.service static
+systemd-hybrid-sleep.service static
+systemd-initctl.service static
+systemd-journal-catalog-update.service static
+systemd-journal-flush.service static
+systemd-journald.service static
+systemd-journald@.service static
+systemd-kexec.service static
+systemd-localed.service static
+systemd-logind.service static
+systemd-machine-id-commit.service static
+systemd-modules-load.service static
systemd-network-generator.service disabled disabled
systemd-networkd-wait-online.service disabled disabled
systemd-networkd.service disabled disabled
-systemd-portabled.service static disabled
-systemd-poweroff.service static disabled
+systemd-portabled.service static
+systemd-poweroff.service static
systemd-pstore.service disabled enabled
-systemd-quotacheck.service static disabled
-systemd-random-seed.service static disabled
-systemd-reboot.service static disabled
-systemd-remount-fs.service static disabled
-systemd-repart.service static disabled
+systemd-quotacheck.service static
+systemd-random-seed.service static
+systemd-reboot.service static
+systemd-remount-fs.service static
+systemd-repart.service static
systemd-resolved.service disabled disabled
-systemd-rfkill.service static disabled
-systemd-suspend-then-hibernate.service static disabled
-systemd-suspend.service static disabled
-systemd-sysctl.service static disabled
-systemd-sysusers.service static disabled
+systemd-rfkill.service static
+systemd-suspend-then-hibernate.service static
+systemd-suspend.service static
+systemd-sysctl.service static
+systemd-sysusers.service static
systemd-time-wait-sync.service disabled disabled
-systemd-timedated.service static disabled
+systemd-timedated.service static
systemd-timesyncd.service disabled disabled
-systemd-tmpfiles-clean.service static disabled
-systemd-tmpfiles-setup-dev.service static disabled
-systemd-tmpfiles-setup.service static disabled
-systemd-udev-settle.service static disabled
-systemd-udev-trigger.service static disabled
-systemd-udevd.service static disabled
-systemd-update-done.service static disabled
-systemd-update-utmp-runlevel.service static disabled
-systemd-update-utmp.service static disabled
-systemd-user-sessions.service static disabled
-systemd-userdbd.service static disabled
-systemd-vconsole-setup.service static disabled
-systemd-volatile-root.service static disabled
-teamd@.service static disabled
+systemd-tmpfiles-clean.service static
+systemd-tmpfiles-setup-dev.service static
+systemd-tmpfiles-setup.service static
+systemd-udev-settle.service static
+systemd-udev-trigger.service static
+systemd-udevd.service static
+systemd-update-done.service static
+systemd-update-utmp-runlevel.service static
+systemd-update-utmp.service static
+systemd-user-sessions.service static
+systemd-userdbd.service static
+systemd-vconsole-setup.service static
+systemd-volatile-root.service static
+teamd@.service static
udisks2.service enabled enabled
-user-runtime-dir@.service static disabled
-user@.service static disabled
+user-runtime-dir@.service static
+user@.service static
winbind.service disabled disabled
zram-swap.service enabled disabled
-zram.service static disabled
-system-cockpithttps.slice static disabled
-system-systemd\x2dcryptsetup.slice static disabled
-user.slice static disabled
-cockpit-wsinstance-http-redirect.socket static disabled
-cockpit-wsinstance-http.socket static disabled
-cockpit-wsinstance-https-factory.socket static disabled
-cockpit-wsinstance-https@.socket static disabled
+zram.service static
+system-cockpithttps.slice static
+system-systemd\x2dcryptsetup.slice static
+user.slice static
+cockpit-wsinstance-http-redirect.socket static
+cockpit-wsinstance-http.socket static
+cockpit-wsinstance-https-factory.socket static
+cockpit-wsinstance-https@.socket static
cockpit.socket enabled enabled
dbus.socket enabled enabled
dm-event.socket enabled enabled
@@ -280,95 +280,95 @@
sssd-pam.socket disabled disabled
sssd-ssh.socket disabled disabled
sssd-sudo.socket disabled disabled
-syslog.socket static disabled
-systemd-coredump.socket static disabled
-systemd-initctl.socket static disabled
-systemd-journald-audit.socket static disabled
-systemd-journald-dev-log.socket static disabled
-systemd-journald-varlink@.socket static disabled
-systemd-journald.socket static disabled
-systemd-journald@.socket static disabled
+syslog.socket static
+systemd-coredump.socket static
+systemd-initctl.socket static
+systemd-journald-audit.socket static
+systemd-journald-dev-log.socket static
+systemd-journald-varlink@.socket static
+systemd-journald.socket static
+systemd-journald@.socket static
systemd-networkd.socket disabled disabled
-systemd-rfkill.socket static disabled
-systemd-udevd-control.socket static disabled
-systemd-udevd-kernel.socket static disabled
-systemd-userdbd.socket static disabled
-anaconda.target static disabled
-basic.target static disabled
-blockdev@.target static disabled
-bluetooth.target static enabled
-boot-complete.target static disabled
-cryptsetup-pre.target static disabled
-cryptsetup.target static disabled
-ctrl-alt-del.target enabled disabled
-default.target indirect disabled
-emergency.target static disabled
+systemd-rfkill.socket static
+systemd-udevd-control.socket static
+systemd-udevd-kernel.socket static
+systemd-userdbd.socket static
+anaconda.target static
+basic.target static
+blockdev@.target static
+bluetooth.target static
+boot-complete.target static
+cryptsetup-pre.target static
+cryptsetup.target static
+ctrl-alt-del.target alias
+default.target alias
+emergency.target static
exit.target disabled disabled
-final.target static disabled
-getty-pre.target static disabled
-getty.target static disabled
-graphical.target static disabled
+final.target static
+getty-pre.target static
+getty.target static
+graphical.target static
halt.target disabled disabled
-hibernate.target static disabled
-hybrid-sleep.target static disabled
-initrd-fs.target static disabled
-initrd-root-device.target static disabled
-initrd-root-fs.target static disabled
-initrd-switch-root.target static disabled
-initrd.target static disabled
+hibernate.target static
+hybrid-sleep.target static
+initrd-fs.target static
+initrd-root-device.target static
+initrd-root-fs.target static
+initrd-switch-root.target static
+initrd.target static
kexec.target disabled disabled
-local-fs-pre.target static disabled
-local-fs.target static disabled
+local-fs-pre.target static
+local-fs.target static
multi-user.target indirect disabled
-network-online.target static disabled
-network-pre.target static disabled
-network.target static disabled
+network-online.target static
+network-pre.target static
+network.target static
nfs-client.target enabled disabled
-nss-lookup.target static disabled
-nss-user-lookup.target static disabled
-paths.target static disabled
+nss-lookup.target static
+nss-user-lookup.target static
+paths.target static
poweroff.target disabled disabled
-printer.target static disabled
+printer.target static
reboot.target enabled enabled
remote-cryptsetup.target disabled enabled
-remote-fs-pre.target static disabled
+remote-fs-pre.target static
remote-fs.target enabled enabled
-rescue.target static disabled
-rpc_pipefs.target static disabled
-rpcbind.target static disabled
-runlevel0.target disabled disabled
-runlevel1.target static disabled
-runlevel2.target indirect disabled
-runlevel3.target indirect disabled
-runlevel4.target indirect disabled
-runlevel5.target static disabled
-runlevel6.target enabled disabled
-selinux-autorelabel.target static disabled
-shutdown.target static disabled
-sigpwr.target static disabled
-sleep.target static disabled
-slices.target static disabled
-smartcard.target static disabled
-sockets.target static disabled
-sound.target static disabled
-sshd-keygen.target static disabled
-suspend-then-hibernate.target static disabled
-suspend.target static disabled
-swap.target static disabled
-sysinit.target static disabled
-system-update-pre.target static disabled
-system-update.target static disabled
-time-set.target static disabled
-time-sync.target static disabled
-timers.target static disabled
-umount.target static disabled
+rescue.target static
+rpc_pipefs.target static
+rpcbind.target static
+runlevel0.target alias
+runlevel1.target alias
+runlevel2.target alias
+runlevel3.target alias
+runlevel4.target alias
+runlevel5.target alias
+runlevel6.target alias
+selinux-autorelabel.target static
+shutdown.target static
+sigpwr.target static
+sleep.target static
+slices.target static
+smartcard.target static
+sockets.target static
+sound.target static
+sshd-keygen.target static
+suspend-then-hibernate.target static
+suspend.target static
+swap.target static
+sysinit.target static
+system-update-pre.target static
+system-update.target static
+time-set.target static
+time-sync.target static
+timers.target static
+umount.target static
chrony-dnssrv@.timer disabled disabled
dnf-makecache.timer enabled enabled
fstrim.timer enabled enabled
logrotate.timer enabled enabled
-mdadm-last-resort@.timer static disabled
+mdadm-last-resort@.timer static
mlocate-updatedb.timer enabled enabled
raid-check.timer disabled disabled
-systemd-tmpfiles-clean.timer static disabled
+systemd-tmpfiles-clean.timer static
371 unit files listed.
In particular, this allows a meaningful comparison to be made:
$ ~/src/systemd/build/systemctl --root=/tmp/root2 list-unit-files|rg 'enabled.*disabled|disabled.*enabled'
ostree-finalize-staged.path disabled enabled
initial-setup.service enabled disabled
iscsi.service enabled disabled
nfs-convert.service enabled disabled
systemd-pstore.service disabled enabled
zram-swap.service enabled disabled
iscsid.socket enabled disabled
iscsiuio.socket enabled disabled
multipathd.socket enabled disabled
nfs-client.target enabled disabled
remote-cryptsetup.target disabled enabled
(It turns out that most of the services on this list that are enabled without a
corresponding preset are against rpm packaging and do direct 'systemctl enable'
calls in %post, instead of going through presets as they are supposed to.)
systemctl: also skip preset status in status verb
Zbigniew Jędrzejewski-Szmek [Mon, 4 May 2020 17:53:33 +0000 (19:53 +0200)]
systemctl: add new enablement state "alias"
For units which are aliases of other units, reporting preset status as
"enabled" is rather misleading. For example, dbus.service is an alias of
dbus-broker.service. In list-unit-files we'd show both as "enabled". In
particular, systemctl preset ignores aliases, so showing any preset status at
all is always going to be misleading. Let's introduce a new state "alias" and
use that for all aliases.
I was trying to avoid adding a new state, to keep compatibility with previous
behaviour, but for alias unit files it simply doesn't seem very useful to show
any of the existing states. It seems that the clearly showing that those are
aliases for other units will be easiest to understand for users.
Zbigniew Jędrzejewski-Szmek [Mon, 4 May 2020 17:48:59 +0000 (19:48 +0200)]
shared/install: rename variable for clarity
Zbigniew Jędrzejewski-Szmek [Mon, 4 May 2020 17:45:19 +0000 (19:45 +0200)]
shared/install: print name of offending file in error
"Unit type slice cannot be templated."
↓
"/etc/systemd/system.control/user@.slice: unit type slice cannot be templated."
Zbigniew Jędrzejewski-Szmek [Mon, 4 May 2020 12:25:58 +0000 (14:25 +0200)]
shared/install: indent tables
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 20:37:34 +0000 (22:37 +0200)]
shared/install: optionally cache the preset list
When doing list-unit-files with --root, we would re-read the preset
list for every unit. This uses a cache to only do it once. The time
for list-unit-files goes down by about ~30%.
unit_file_query_preset() is also called from src/core/. This patch does not
touch that path, since the saving there are smaller, since preset status is
only read on demand over dbus, and caching would be more complicated.
Chris Down [Tue, 5 May 2020 19:16:10 +0000 (20:16 +0100)]
man: systemd.service: systemd-analyze exit-codes -> exit-status
5238d9a83a52 renames this to exit-status, but systemd.service was not
updated.
The rest of the doc seems a bit inconsistent in its use of the terms
"exit code" and "exit status", but it's not that confusing, so leave
those alone for now.
Ferran Pallarès Roca [Tue, 5 May 2020 11:50:22 +0000 (13:50 +0200)]
Add Zowie ZA12 details to mouse hwdb
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 16:45:08 +0000 (18:45 +0200)]
systemctl: fix --root support in querying presets
We would always look on the host, ignoring --root.
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 12:26:36 +0000 (14:26 +0200)]
systemctl: refuse online-only ops with --root
It is super confusing when a command does not support --root, and is called
with it specified, and returns some bogus results. Let's just catch this
early and refuse.
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 12:20:31 +0000 (14:20 +0200)]
shared/verbs: split out helper to find verbs
It will be used later, but I think it makes the code clearer anyway.
Also change the message about ignoring to include the name for default
verbs.
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 11:59:33 +0000 (13:59 +0200)]
shared/verbs: add a modicum of documentation
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 11:31:24 +0000 (13:31 +0200)]
systemctl: mark log-level,log-target,service-watchdogs as online-only
They were added in
6ab863190dee5ab631795ef547fcc7314ddccd40 and
38fcb7f766c84736425e86854b8a4468c126dafa. I don't see a good reason to
exclude them from the online-only check.
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 10:38:36 +0000 (12:38 +0200)]
systemctl: fix hint when 'systemctl help' is given
Not all verbs require unit names, but that is beside the point. We need a verb
here, and help is not a valid verb.
Zbigniew Jędrzejewski-Szmek [Tue, 5 May 2020 14:07:11 +0000 (16:07 +0200)]
Merge pull request #15645 from poettering/calender-expression-doc-fix
some calendar expression fixes and documentation updates
Frantisek Sumsal [Tue, 5 May 2020 13:02:37 +0000 (15:02 +0200)]
Revert "logs-show: declare [static 2] on all highlight parameters"
This reverts commit
5444520628830aacab85be630a6cdeb179ff510b.
See: https://github.com/systemd/systemd/pull/15706
Zbigniew Jędrzejewski-Szmek [Tue, 5 May 2020 12:00:26 +0000 (14:00 +0200)]
Merge pull request #15648 from poettering/journalctl-cat-beefup
journalctl: honour --output-fields= in -o cat mode
Lennart Poettering [Thu, 30 Apr 2020 10:26:11 +0000 (12:26 +0200)]
man: migrate more specifier explanations to standard-specifiers.xml
We probably can migrate even more, but for now let's just migrate those
which have the 1:1 identical text everywhere.
(Also, let's add the % entry to all specifier tables)
Zbigniew Jędrzejewski-Szmek [Tue, 5 May 2020 09:05:00 +0000 (11:05 +0200)]
Merge pull request #15701 from poettering/systemctl-json-table
systemctl: optionally output tables as json
ianhi [Tue, 5 May 2020 00:27:16 +0000 (20:27 -0400)]
correct evdev dimensions for T490 trackpad
The original source of these dimensions had swapped the x y dimension
arguments to touchpad-edge-detector. The correct dimensions are
x = 100 mm, y = 68 mm
Diego Escalante Urrelo [Tue, 5 May 2020 05:42:21 +0000 (00:42 -0500)]
hwdb: Fix brightness keys for Logitech K811
Closes: #15698
Lennart Poettering [Tue, 5 May 2020 06:19:30 +0000 (08:19 +0200)]
shutdown: fix spacing in shutdown error message
Lennart Poettering [Tue, 5 May 2020 07:21:10 +0000 (09:21 +0200)]
logs-show: declare [static 2] on all highlight parameters
Lennart Poettering [Thu, 30 Apr 2020 12:53:14 +0000 (14:53 +0200)]
man: document the new -o cat feature
Lennart Poettering [Thu, 30 Apr 2020 12:52:25 +0000 (14:52 +0200)]
journalctl: optionally, show a different field than MESSAGE in -o cat mode
Fixes: #15621
Lennart Poettering [Thu, 30 Apr 2020 12:52:18 +0000 (14:52 +0200)]
journal: use set_contains() where appropriate
Motiejus Jakštys [Mon, 4 May 2020 16:57:40 +0000 (19:57 +0300)]
nspawn: mount custom paths before writing to /etc
Consider such configuration:
$ systemd-nspawn --read-only --timezone=copy --resolv-conf=copy-host \
--overlay="+/etc::/etc" <...>
Assuming one wants `/` to be read-only, DNS and `/etc/localtime` to
work. One way to do it is to create an overlay filesystem in `/etc/`.
However, systemd-nspawn tries to create `/etc/resolv.conf` and
`/etc/localtime` before mounting the custom paths, while `/` (and, by
extension, `/etc`) is read-only. Thus it fails to create those files.
Mounting custom paths before modifying anything in `/etc/` makes this
possible.
Full example:
```
$ debootstrap buster /var/lib/machines/t1 http://deb.debian.org/debian
$ systemd-nspawn --private-users=false --timezone=copy --resolv-conf=copy-host --read-only --tmpfs=/var --tmpfs=/run --overlay="+/etc::/etc" -D /var/lib/machines/t1 ping -c 1 example.com
Spawning container t1 on /var/lib/machines/t1.
Press ^] three times within 1s to kill container.
ping: example.com: Temporary failure in name resolution
Container t1 failed with error code 130.
```
With the patch:
```
$ sudo ./build/systemd-nspawn --private-users=false --timezone=copy --resolv-conf=copy-host --read-only --tmpfs=/var --tmpfs=/run --overlay="+/etc::/etc" -D /var/lib/machines/t1 ping -qc 1 example.com
Spawning container t1 on /var/lib/machines/t1.
Press ^] three times within 1s to kill container.
PING example.com (93.184.216.34) 56(84) bytes of data.
--- example.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 110.912/110.912/110.912/0.000 ms
Container t1 exited successfully.
```
Lennart Poettering [Thu, 30 Apr 2020 11:42:59 +0000 (13:42 +0200)]
man: expand on the star…end/repetition time expressions
And attempt to explain what is requested in #15030, but still be
concise.
Fixes: #15030
Lennart Poettering [Thu, 30 Apr 2020 11:24:31 +0000 (13:24 +0200)]
calendarspec: be more graceful with two kinds of calendar expressions
This changes the calendarspec parser to allow expressions such as
"00:05..05", i.e. a range where start and end is the same. It also
allows expressions such as "00:1-2/3", i.e. where the repetition value
does not fit even once in the specified range. With this patch both
cases will now be optimized away, i.e. the range is removed and a fixed
value is used, which is functionally equivalent.
See #15030 for an issue where the inability to parse such expressions
caused confusion.
I think it's probably better to accept these gracefully and optimizing
them away instead of refusing them with a plain EINVAL. With a tool such
as "systemd-analyze" calendar it should be easy to figure out the
normalized form with the redundant bits optimized away.
Lennart Poettering [Thu, 30 Apr 2020 11:20:23 +0000 (13:20 +0200)]
calendarspec: minor simplification
Lennart Poettering [Thu, 30 Apr 2020 11:19:14 +0000 (13:19 +0200)]
calendarspec: drop _pure_ from static function
For static functions the compiler should be able to determine this on
its own, let's not add needless decorators.
Lennart Poettering [Thu, 30 Apr 2020 11:18:58 +0000 (13:18 +0200)]
calendarspec: pack our flags a bit
Lennart Poettering [Thu, 30 Apr 2020 11:18:45 +0000 (13:18 +0200)]
calendarspec: encode that it's OK to store µs in 'int's
Lennart Poettering [Tue, 5 May 2020 06:10:30 +0000 (08:10 +0200)]
systemctl: optionally output tables in JSON format
Lennart Poettering [Tue, 5 May 2020 06:09:04 +0000 (08:09 +0200)]
format-table: generate better JSON field names
Let's try to mangle table contents a bit to make them more suitable as
JSON field names. Specifically when we see "foo bar" convert this to
"foo_bar" as field name, as variable/field names are generally assumed
to be without spaces.
Anita Zhang [Tue, 5 May 2020 00:48:13 +0000 (17:48 -0700)]
Merge pull request #15636 from poettering/sensitivity-training
be more careful when setting json variant + dbus message sensitive flag
Anita Zhang [Mon, 4 May 2020 23:28:51 +0000 (16:28 -0700)]
Merge pull request #15647 from benzea/benzea/graphical-use-app-prefix
docs: Change prefix for desktop applications to app-
Michal Koutný [Fri, 1 May 2020 18:45:39 +0000 (20:45 +0200)]
mkosi: Fix openSUSE image declaration
User accounts of given names are necessary for the build script and
tests to succeed.
(Fixup of #15527, too keen cleaning of dependencies and cached image
caused this.)
Lukas Klingsbo [Mon, 4 May 2020 07:49:04 +0000 (09:49 +0200)]
Add Kensington SlimBlade Trackball
Piotr Drąg [Sun, 3 May 2020 12:05:35 +0000 (14:05 +0200)]
catalog,po: update Polish translation
Frantisek Sumsal [Sat, 2 May 2020 13:18:35 +0000 (15:18 +0200)]
test: fix potential use-after-free
CID#
1428676.
Evgeny Vereshchagin [Mon, 4 May 2020 11:57:39 +0000 (14:57 +0300)]
Merge pull request #15422 from nolange/add_zstd_coredump
coredump: add zstandard support for coredumps
Norbert Lange [Sun, 26 Apr 2020 21:33:50 +0000 (23:33 +0200)]
install libzstd-dev for CI builds
Norbert Lange [Sat, 11 Apr 2020 23:09:05 +0000 (01:09 +0200)]
coredump: add zstandard support for coredumps
this will hook libzstd into coredump,
using this format as default.
Lennart Poettering [Thu, 30 Apr 2020 13:07:45 +0000 (15:07 +0200)]
basic: add STRCASE_IN_SET() which is to STR_IN_SET() what strcaseeq() is to streq()
Frantisek Sumsal [Fri, 1 May 2020 16:51:33 +0000 (18:51 +0200)]
man: fix few spelling errors
Reported by Fossies.org.
Michal Koutný [Fri, 1 May 2020 16:38:10 +0000 (18:38 +0200)]
test: Fix build with !HAVE_LZ4 && HAVE_XZ
HUGE_SIZE was defined inconsistently.
> In file included from ../src/basic/alloc-util.h:9,
> from ../src/journal/test-compress.c:9:
> ../src/journal/test-compress.c: In function ‘main’:
> ../src/journal/test-compress.c:280:33: error: ‘HUGE_SIZE’ undeclared (first use in this function)
> 280 | assert_se(huge = malloc(HUGE_SIZE));
Evgeny Vereshchagin [Wed, 29 Apr 2020 05:04:56 +0000 (05:04 +0000)]
cifuzz: upload artifacts only when the "run fuzzers" step fails
Emmanuel Garette [Thu, 30 Apr 2020 07:51:29 +0000 (09:51 +0200)]
repart: fix partition maximum size segfault
Discovered, tracked down and fix proposed by Emmanuel Garette.
See: https://lists.freedesktop.org/archives/systemd-devel/2020-April/044435.html
(Lennart turned this into a PR)
Fixes: #15608
Zbigniew Jędrzejewski-Szmek [Fri, 1 May 2020 15:26:55 +0000 (17:26 +0200)]
Merge pull request #15652 from MadMcCrow/master
Fix Chromebook Caroline board accelerometer not having correct orientation
Lennart Poettering [Fri, 1 May 2020 06:48:42 +0000 (08:48 +0200)]
Merge pull request #15547 from kkdwivedi/notify-barrier
Introduce sd_notify_barrier
Zbigniew Jędrzejewski-Szmek [Fri, 1 May 2020 05:52:29 +0000 (07:52 +0200)]
Merge pull request #13512 from msekletar/freezer
core: introduce support for cgroup freezer
Kumar Kartikeya Dwivedi [Tue, 28 Apr 2020 13:39:53 +0000 (19:09 +0530)]
man: sd_notify() race is gone with sd_notify_barrier()
Add note for change of behaviour in systemd-notify, where parent pid trick
is only used when --no-block is passed, and with enough privileges ofcourse.
Also, fix a small error in systemd(1).
Kumar Kartikeya Dwivedi [Tue, 28 Apr 2020 14:09:27 +0000 (19:39 +0530)]
Introduce sd_notify_barrier
This adds the sd_notify_barrier function, to allow users to synchronize against
the reception of sd_notify(3) status messages. It acts as a synchronization
point, and a successful return gurantees that all previous messages have been
consumed by the manager. This can be used to eliminate race conditions where
the sending process exits too early for systemd to associate its PID to a
cgroup and attribute the status message to a unit correctly.
systemd-notify now uses this function for proper notification delivery and be
useful for NotifyAccess=all units again in user mode, or in cases where it
doesn't have a control process as parent.
Fixes: #2739
Dan Streetman [Sun, 26 Apr 2020 15:19:55 +0000 (11:19 -0400)]
test: find path for systemd-journal-remote
As Debian/Ubuntu use /lib/systemd instead of /usr/lib/systemd,
add systemd-journal-remote to the list of programs that test-functions
detects the correct path to, and replace its direct usage with
$SYSTEMD_JOURNAL_REMOTE
Also use $JOURNALCTL instead of journalctl.
Also minor correction in install_plymouth() to look in /lib/... as
well as /usr/lib/... and /etc/...
Lennart Poettering [Thu, 30 Apr 2020 20:32:28 +0000 (22:32 +0200)]
Merge pull request #15592 from kennylevinsen/fdpoll-standalone
Introduce FDPOLL=0
Corey Hinshaw [Sun, 23 Feb 2020 03:44:42 +0000 (22:44 -0500)]
Add SetType method to login Session interface
Kenny Levinsen [Thu, 9 Apr 2020 13:30:02 +0000 (15:30 +0200)]
core: (De-)Serialize poll flag for fds in fdstore
This replaces manual string splitting and unescaping with
extract_first_word.
Kenny Levinsen [Wed, 8 Apr 2020 18:19:30 +0000 (20:19 +0200)]
core: Add optional FDPOLL=0 argument to fdstore
A service can specify FDSTORE=1 FDPOLL=0 to request that PID1 does not
poll the fd to remove them on error. If set, fds will only be removed on
FDSTOREREMOVE=1 or when the service is done.
Fixes: #12086
MadMcCrow [Thu, 30 Apr 2020 17:21:41 +0000 (19:21 +0200)]
Fix Chromebook Caroline board accelerometer not having correct orientation
Michal Sekletár [Fri, 3 Apr 2020 07:13:51 +0000 (09:13 +0200)]
test: add test for cgroup v2 freezer support
Michal Sekletár [Wed, 29 Apr 2020 15:53:43 +0000 (17:53 +0200)]
core: introduce support for cgroup freezer
With cgroup v2 the cgroup freezer is implemented as a cgroup
attribute called cgroup.freeze. cgroup can be frozen by writing "1"
to the file and kernel will send us a notification through
"cgroup.events" after the operation is finished and processes in the
cgroup entered quiescent state, i.e. they are not scheduled to
run. Writing "0" to the attribute file does the inverse and process
execution is resumed.
This commit exposes above low-level functionality through systemd's DBus
API. Each unit type must provide specialized implementation for these
methods, otherwise, we return an error. So far only service, scope, and
slice unit types provide the support. It is possible to check if a
given unit has the support using CanFreeze() DBus property.
Note that DBus API has a synchronous behavior and we dispatch the reply
to freeze/thaw requests only after the kernel has notified us that
requested operation was completed.
Lennart Poettering [Thu, 30 Apr 2020 09:59:30 +0000 (11:59 +0200)]
notify: beef up --pid= logic
Prompted by the discussions on #15547.
Benjamin Berg [Thu, 30 Apr 2020 12:21:44 +0000 (14:21 +0200)]
docs: Change prefix for desktop applications to app-
We need both a slice name and a prefix for application units. For
consistency we tried to use the same name and ended up standardising on
"apps.slice" and and "apps-" prefix for the units.
However, "app-" would be a more natural prefix for applications. And it
is no problem to simply also name the slice "app.slice" for consistency
rather than keeping the current "apps.slice".
Lennart Poettering [Thu, 30 Apr 2020 08:08:54 +0000 (10:08 +0200)]
efi: honour SYSTEMD_EFI_OPTIONS even if we wouldn't honour SystemdOptions EFI var due to SecureBoot
Fixes: #14864
Zbigniew Jędrzejewski-Szmek [Thu, 30 Apr 2020 10:02:44 +0000 (12:02 +0200)]
shared/unit-file: fix resolution of absoulute symlinks with --root
$ systemctl --no-pager --root /tmp/root2/ cat ctrl-alt-del.target
Failed to resolve symlink /tmp/root2/etc/systemd/system/ctrl-alt-del.target pointing to /usr/lib/systemd/system/reboot.target, ignoring: Channel number out of range
...
Zbigniew Jędrzejewski-Szmek [Wed, 29 Apr 2020 16:22:46 +0000 (18:22 +0200)]
man: mention that ProtectSystem= also takes care of /efi
Lennart Poettering [Tue, 28 Apr 2020 21:33:46 +0000 (23:33 +0200)]
efi: cache test results of boolean EFI state functions
EFI variable access is nowadays subject to rate limiting by the kernel.
Thus, let's cache the results of checking them, in order to minimize how
often we access them.
Fixes: #14828
Lennart Poettering [Thu, 30 Apr 2020 06:06:26 +0000 (08:06 +0200)]
Merge pull request #15630 from nabijaczleweli/symmetric-buffers
link: Allow configuring RX mini and jumbo ring sizes, too
nabijaczleweli [Wed, 29 Apr 2020 00:00:25 +0000 (02:00 +0200)]
link: Allow configuring RX mini and jumbo ring sizes, too
This now covers all ethtool_ringparam configurables (as of v5.6;
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/ethtool.h?h=v5.6#n488)
nabijaczleweli [Wed, 29 Apr 2020 16:38:56 +0000 (18:38 +0200)]
link: Add units and fix typo in (Rx|Tx)BufferSize= manpage. Clean up the implementation slightly
Michal Sekletár [Wed, 29 Apr 2020 15:40:22 +0000 (17:40 +0200)]
basic/cgroup-util: introduce cg_get_keyed_attribute_full()
Callers of cg_get_keyed_attribute_full() can now specify via the flag whether the
missing keyes in cgroup attribute file are OK or not. Also the wrappers for both
strict and graceful version are provided.
Zbigniew Jędrzejewski-Szmek [Wed, 29 Apr 2020 06:09:53 +0000 (08:09 +0200)]
docs: reorder the section about security reporting to emphasize the sekrit list
Lennart Poettering [Wed, 29 Apr 2020 14:25:52 +0000 (16:25 +0200)]
home: make sure whenever we touch the 'secret' part of a user record, we set the the sensitive flag on it
Lennart Poettering [Wed, 29 Apr 2020 14:24:41 +0000 (16:24 +0200)]
home: mark various bus messages we write user records to as sensitive
let's make sure that when we append potentially sensitive data to a bus
message we set the sensitive flag on the message object.
Lennart Poettering [Wed, 29 Apr 2020 14:17:00 +0000 (16:17 +0200)]
json: when making a copy of a json variant, propagate the sensitive bit
Let's make sure we never lose the bit when copying a variant, after all
the data contained is still going to be sensitive after the copy.
Michal Sekletár [Fri, 3 Apr 2020 07:13:59 +0000 (09:13 +0200)]
selinux: do preprocessor check only in selinux-access.c
This has the advantage that mac_selinux_access_check() can be used as a
function in all contexts. For example, parameters passed to it won't be
reported as unused if the "function" call is replaced with 0 on SELinux
disabled builds.
Frantisek Sumsal [Wed, 29 Apr 2020 08:07:12 +0000 (10:07 +0200)]
Merge pull request #15626 from poettering/more-specifiers
tmpfiles,sysusers,pid1: add a bunch of more specifiers
Lennart Poettering [Wed, 29 Apr 2020 07:41:46 +0000 (09:41 +0200)]
Merge pull request #15628 from poettering/tmpfiles-fuzz-fix
systemd-tmpfiles fuzz issue fix
Lennart Poettering [Tue, 28 Apr 2020 22:13:52 +0000 (00:13 +0200)]
tmpfiles: remove unnecessary assert
if we parse an xattr line that has no valid assignment, we might end up
with an empty ->xattr list. Don't hit assert on that, just go on.
Fixes: #15610
Lennart Poettering [Tue, 28 Apr 2020 22:07:06 +0000 (00:07 +0200)]
tmpfiles: use log_syntax() for all parse errors
Lennart Poettering [Tue, 28 Apr 2020 21:16:35 +0000 (23:16 +0200)]
update TODO
Lennart Poettering [Tue, 28 Apr 2020 20:50:50 +0000 (22:50 +0200)]
man: document new specifiers
Lennart Poettering [Tue, 28 Apr 2020 18:03:56 +0000 (20:03 +0200)]
tree-wide: support a bunch of additional specifiers
Lennart Poettering [Tue, 28 Apr 2020 18:02:39 +0000 (20:02 +0200)]
update TODO
Lennart Poettering [Wed, 22 Apr 2020 20:49:02 +0000 (22:49 +0200)]
main: bump RLIMIT_MEMLOCK by physical RAM size
Let's allow more memory to be locked on beefy machines than on small
ones. The previous limit of 64M is the lower bound still. This
effectively means on a 4GB machine we can lock 512M, which should be
more than enough, but still not lock up the machine entirely under
pressure.
Fixes: #15053
Lennart Poettering [Wed, 22 Apr 2020 14:35:32 +0000 (16:35 +0200)]
nspawn: be more careful with creating/chowning directories to overmount
We should never re-chown selinuxfs.
Fixes: #15475
Lennart Poettering [Tue, 28 Apr 2020 17:38:38 +0000 (19:38 +0200)]
update TODO
Daan De Meyer [Tue, 28 Apr 2020 17:29:46 +0000 (19:29 +0200)]
sd-bus: Add sd_bus_query_sender_creds/privilege docs
Zbigniew Jędrzejewski-Szmek [Tue, 28 Apr 2020 17:31:16 +0000 (19:31 +0200)]
Merge pull request #15618 from keszybz/help-output
Small adjustments to --help output
Daan De Meyer [Thu, 23 Apr 2020 19:31:45 +0000 (21:31 +0200)]
sd-bus: Add sd_bus_get_creds_mask docs
Luca Boccassi [Mon, 27 Apr 2020 11:04:35 +0000 (12:04 +0100)]
Revert "detect-virt: also detect "microsoft" as WSL"
WSL2 will soon (TM) include the "WSL2" string in /proc/sys/kernel/osrelease
so the workaround will no longer be necessary.
We have several different cloud images which do include the "microsoft"
string already, which would break this detection. They are for internal
usage at the moment, but the userspace side can come from all over the
place so it would be quite hard to track and downstream-patch to avoid
breakages.
This reverts commit
a2f838d59075a49b012f9b7056664f7ffeed44d2.
Zbigniew Jędrzejewski-Szmek [Tue, 28 Apr 2020 07:09:26 +0000 (09:09 +0200)]
homectl: say "home area" in more places
Follow-up for
b5947b5b100f694c93857a82018fb0656d08be34.
Zbigniew Jędrzejewski-Szmek [Tue, 28 Apr 2020 07:08:37 +0000 (09:08 +0200)]
meson: test userdbctl and homectl --help
Zbigniew Jędrzejewski-Szmek [Tue, 28 Apr 2020 07:13:47 +0000 (09:13 +0200)]
userdbctl: make --help fit in 80 columns
Zbigniew Jędrzejewski-Szmek [Tue, 28 Apr 2020 07:08:04 +0000 (09:08 +0200)]
meson: modernize indentation
By using a newline after executable( and run_target(, we get less
indentation and the indentation level does not change when the returned
object is saved to a variable.
Zbigniew Jędrzejewski-Szmek [Fri, 24 Apr 2020 08:53:46 +0000 (10:53 +0200)]
efivars: retry open and read operations
On my laptop (Lenovo X1carbo 4th) I very occasionally see test-boot-timestamps
fail with this tb:
262/494 test-boot-timestamps FAIL 0.
7348453998565674 s (killed by signal 6 SIGABRT)
08:12:48 SYSTEMD_LANGUAGE_FALLBACK_MAP='/home/zbyszek/src/systemd/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/home/zbyszek/src/systemd/src/locale/kbd-model-map' PATH='/home/zbyszek/src/systemd/build:/home/zbyszek/.local/bin:/usr/lib64/qt-3.3/bin:/usr/share/Modules/bin:/usr/condabin:/usr/lib64/ccache:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/home/zbyszek/bin:/var/lib/snapd/snap/bin' /home/zbyszek/src/systemd/build/test-boot-timestamps
--- stderr ---
Failed to read $container of PID 1, ignoring: Permission denied
Found container virtualization none.
Failed to get SystemdOptions EFI variable, ignoring: Interrupted system call
Failed to read ACPI FPDT: Permission denied
Failed to read LoaderTimeInitUSec: Interrupted system call
Failed to read EFI loader data: Interrupted system call
Assertion 'q >= 0' failed at src/test/test-boot-timestamps.c:84, function main(). Aborting.
Normally it takes ~0.02s, but here there's a slowdown to 0.73 and things fail with EINTR.
This happens only occasionally, and I haven't been able to capture a strace.
It would be to ignore that case in test-boot-timestamps or always translate
EINTR to -ENODATA. Nevertheless, I think it's better to retry, since this gives
as more resilient behaviour and avoids a transient failure.
See
https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L75
and
https://github.com/torvalds/linux/commit/
bef3efbeb897b56867e271cdbc5f8adaacaeb9cd.
Ronan Pigott [Mon, 27 Apr 2020 06:16:55 +0000 (23:16 -0700)]
shell-completion/zsh: update systemd-analyze completions
projects / systemd / .git / log