| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This commit reverts removal of KDBUS code and adds appropriate adaptations
for the current version of upstream systemd.
Change-Id: I5739cb87ec0f75f7ad35e75defc7a1ab9f645c56
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
This reverts commit df134443395f6e043e0cd2a45ab529583df96e4e.
Change-Id: I58954ede35085d65dc7d4017098bd6464ee6c992
|
|
This reverts commit 0ba89873372c3ab508852b4e0071da0719bcea0a.
Change-Id: I2bd9995fc2563f3cd464af20f490b118b3eb7a44
|
|
Restore systemd-soft-reboot.service to support platform-only reboot
and add SmackProcessLabel.
Change-Id: If0782d2ddae685ad338affeadd3f83bd83905eb2
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
|
|
poweroff/reboot/exit service
Need to contain SmackProcessLabel under [Service] section
to keep the security-config rule.
Change-Id: I72be4c689d86a1dcf3967aa9563c74a903e4479d
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
|
|
Replace[*] obsolete Capabilities option in user@.service with
AmbientCapabilities to provide appropriate set of capabilties for systemd
to manage user session.
According to capability set transformation rules described in
capabilities(7)
if a process with nonzero user IDs performs an execve(2) then any
capabilities that are present in its permitted and effective
sets will be cleared.
This means that for systemd running with nonzero UID (i.e. as the user
session manager) to keep permitted and effective capability
sets non-empty without setting file capabilities for systemd it is
required to use ambient capabilities.
Using file capabilities for systemd may be a wrong choice in the long
term, because different sets of capabilities may be assigned to different
user sessions.
[*] During update to v255 previous commits changing the value of the
Capabilities options were dropped.
Change-Id: I479fbbcf153737dbf88340ef4eb4be15d707a9a4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
user-runtime-dir@.service should never stop.
When it stops,
user@5001.service(Requires=user-runtime-dir.service) stops accordingly.
Change-Id: I24f5780ab0eebcfbd2efa4c75141f817a9242bca
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
Change-Id: I289839f05abd3830691119ac8c9a8a7c370e757e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
shutdown.target is special unit to which systemd automatically adds
Conflicts= with for every unit.
By removing the relation to this target in shutdown units we practically
change the shutdown to use only explicitly configured units.
Change-Id: I93a43cdb3875250920e3e49817ffcd6f7f7725b6
|
|
Due to noise coming into the serial console or other abnormal behavior,
agetty changes the baudrate in the following order: 115200, 38400, 9600.
Since tizen only uses 115200 baudrate, this is fixed.
It is reported in the DA.
Change-Id: Icf7224d1fabd4cdb45971ac9314ed4d19d220bb1
|
|
The emergency-target-holder.service prevents emergency.target from completing.
If emergency.target is not completed,
other services that are not intended can not be run in emergency mode.
Detailed information.
============================================================================================================================
1. If local-fs.target fails, emergency.target is started by 'OnFailure=emergency.target'.
2. By 'OnFailureJobMode=replace-irreversibly' option,
emergency.target cannot be canceled until completion.
3. When starting a new service by any activation(dbus, path, socket) in emergency mode,
sysinit.target is always checked and started by 'DefaultDependency=yes'.
4. sysinit.target stops emergency.target because of the 'Conflicts=emergency.target' setting.
5. However, emergency.target can not be stopped
because it started with 'replace-irreversibly' and not finished yet.
6. So sysinit.target can not be started.
7. New service can not be run because sysinit.target could not be started.
============================================================================================================================
Logs when running new services after applying this patch
=============================================================================================================================
bash-3.2# systemctl start deviced.service
Failed to start deviced.service: Transaction for deviced.service/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status deviced.service' for details.
bash-3.2# systemctl start sysinit.target
Failed to start sysinit.target: Transaction for sysinit.target/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status sysinit.target' for details.
==============================================================================================================================
Change-Id: I2cefadd7228d463fe1755e0c475f4563d98c8260
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
Change-Id: I8c0e7de59689aa83bd0273af4a66dd7a8f823ec9
|
|
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iaf0d6f57e6a4a124ac0301e38527bddcbb7fe679
|
|
This patch should be used for specific purpose of Tizen
Change-Id: Ida7448da300b0c4cf9a5189c6f8903a2e8729df3
|
|
The following commits were squashed:
- I37c3c1ee8152f82bf45b50f6e81f7986b62547c1
- Icd1e8c7794236670575df68d1fe35c35584f24f2
- If9f30e57050f01004c56b85235ad50d49710ac53
--8<-------------------------------------------------------->8---
Set SmackProcessLabel to System::Privileged in selected units
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
--8<-------------------------------------------------------->8---
logind: add SmackProcessLabel=System::Privileged to user-runtime-dir@.service
To change smack label /run/user/5001/system_share to "*", we need System::Privileged.
--8<-------------------------------------------------------->8---
tizen: Change the SMACK label for systemd in the user session
Change the SMACK label for systemd in the user session to
System::Privileged to avoid problems with handling
org.freedesktop.systemd1.Manager.GetUnitByPID method.
--8<-------------------------------------------------------->8---
Author: INSUN PYO <insun.pyo@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.
In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.
Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
convenience.
Change-Id: I239977c2872ed219bf2591a80c1153eeba4cdc89
|
|
If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
Note: The original commit has been dropped upstream and replaced with
SmackFileSystemRoot option later renamed to SmackFileSystemRootLabel.
Alas the option didn't work properly and has been dropped too.
Change-Id: I11df1ad555f376eaf0588d35e91789c9e2b07f8d
Origin: https://github.com/systemd/systemd/commit/409c2a13fd65692c6
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
Allow swap to be activated concurrently with sysinit target
Change-Id: I56aef31809e50ae6c4b10174c0f3b144f72b9746
|
|
The following commits were squashed:
- I0527d1387500c699be0fbc319c702a77d9ae587b
- I56db28be6f0cecd0562ba8db6bb1d4af0b1a3b7b
- I2f291ea8b5f535157eec4f105f2c37b0cea448c9
- I54e51fc3fe563961f18b953215cee41c3bf4510e
- I2206ada9509d503ac02733d0cb0c1539d932b184
- I0d87c574086073b28aa52dccca3e760914e2abbd
- Ibec5e4f4030e26235dbba6610a5142d0e29e423f
- Ib742d57963db8cfba2a091d4de1562ab0b95fc7a
- I7602100652f478b3d66fcba215659f39a63694e2
- I4ad1ff6a8084ed9db7d630f533a9348b41decbf0
- I8da0c1f224a74d45badd82f2ac1dda13cb8febbb
- Ifacc46fcc5c7ec7bb52f9b4f47ed5ea98aa5fd5a
- I6e2189c2cd0d4a86db995651b43a4dcdc25fcabf
- I581c5dbcf216806dfcff826bbdf7ca82dc944676
- Ic17dd0559544c323dedfe7c9b5ad13d01bc65588
--8<-------------------------------------------------------->8---
Add delayed target
--8<-------------------------------------------------------->8---
Change the config value of the "RemainAfterExit=" ("true" -> "yes")
--8<-------------------------------------------------------->8---
Rework delayed.target
start delayed.service --> finish default.target --> start all of delayed.service -->
finish delayed.target --> StartupFinished
--8<-------------------------------------------------------->8---
delayed: replace dbus-send with a dedicated program
In release versions there can be no helper programs for sending
any messages over D-Bus. Thus, dbus-send, busctl etc. are removed.
This commit replaces dbus-send use cases with a specialized little
tool, which does what dbus-send did in those cases.
--8<-------------------------------------------------------->8---
Delayed target: check interval is changed from 1 second to 0.2 seconds.
--8<-------------------------------------------------------->8---
Fix delayed.target
Add binary wait-target-done.c for waiting creation of *.done file.
--8<-------------------------------------------------------->8---
Fix wait-target-done.c
1. Change inotify fd to nonblock.
2. Change timeout to use alarm(). And make it encompass
the whole process, which now includes wd allocation.
3. Add dependency with tlm.service to
system-delayed-target-trigger.service
4. Add journal log.
--8<-------------------------------------------------------->8---
Add Conflicts=emergency.service in system-delayed-target-trigger.service
--8<-------------------------------------------------------->8---
Restore 'Default Dependendies' to system-default-target-done.service and system-delayed-target-trigger.service
Add 'Requires=sysinit.target' and 'After=sysinit.target basic.target'
Two dependencies prevent those service from running in emergency mode,
because sysinit.target always fails in emergency mode.
--8<-------------------------------------------------------->8---
Delayed target: add delaying the start of delayed.target
If /etc/systemd/delayed-target.conf exists and has DelayedTargetWait environment value,
delayed.target starts after DelayedTargetWait seconds.
If the /tmp/.systemd_delayed_target_wait file is created within the delayed time,
delayed.target starts immediately.
--8<-------------------------------------------------------->8---
Delayed target: add delaying the start of delayed.target #2
Delay time is also applied to user systemd.
System systemd is already applied.
--8<-------------------------------------------------------->8---
delayed: remove unused file
Change-Id: Ifacc46fcc5c7ec7bb52f9b4f47ed5ea98aa5fd5a
--8<-------------------------------------------------------->8---
delayed: rework dealyed service without capability of /usr/bin/touch
VD security remove capability of /usr/bin/touch. (cap_dac_override=ei)
Change permision and group of /run/systemd/system
from 0755/root/root to 0775/root/systemf_fw.
--8<-------------------------------------------------------->8---
Add device_board_set_boot_success in booting-done.service
/usr/bin/device_board_set_boot_success reports boot success to the bootloader.
If boot success is not reported for, e.g., 10-times booting in a row,
bootloader recovers the system.
-- Bootloader --
If (BOOT_SUCCESS flag is set) {
Clear the BOOT_SUCCESS flag
BOOT_FAIL_COUNT = 0
} Else {
If (++ BOOT_FAIL_COUNT > 10) {
BOOT_FAIL_COUNT = 0
Restore to the other partitions (e.g., b -> a)
Proceed to the recovery booting (ramdisk-recovery, bootmode="recovery")
}
}
Proceed to the normal booting (ramdisk, bootmode="")
--8<-------------------------------------------------------->8---
Run booting-done.service as root:root System
booting-done.service should be privileged to be responsible for
checkpointing booting status not only for normal booting
but also for FOTA and recovery booting.
--8<-------------------------------------------------------->8---
Author: Insun Pyo <insun.pyo@samsung.com>
Author: Adrian Szyndela <adrian.s@samsung.com>
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
|
|
Standard directories make a call to the quotactl system call to enforce disk size limits.
Fixes #30287
|
|
Workaround for #30195.
|
|
The unit will be started or restarted a few times during boot, but but it has
StartLimitBurst = DefaultStartLimitBurst = 5, which means that the fifth
restart will already fail. On my laptop, I have exactly 4 restarts, so I don't
hit the limit, but on a slightly different system we will easily hit the limit.
In https://bugzilla.redhat.com/show_bug.cgi?id=2251394, there are five reloads
and we hit the limit.
Since 6ef512c0bb7aeb2000588d7d05e23b4681da8657 we propagate the start counter
over switch-root and daemon reloads, so it's easier to hit the limit during
boot.
In principle there might be systems with lots of vtcon devices, so let's just
allow the unit to be restarted without a limit.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251394.
|
|
|
|
(This is disabled by default, for now)
|
|
This implements a "storage target mode", similar to what MacOS provides
since a long time as "Target Disk Mode":
https://en.wikipedia.org/wiki/Target_Disk_Mode
This implementation is relatively simple:
1. a new generic target "storage-target-mode.target" is added, which
when booted into defines the target mode.
2. a small tool and service "systemd-storagetm.service" is added which
exposes a specific device or all devices as NVMe-TCP devices over the
network. NVMe-TCP appears to be hot shit right now how to expose
block devices over the network. And it's really simple to set up via
configs, hence our code is relatively short and neat.
The idea is that systemd-storagetm.target can be extended sooner or
later, for example to expose block devices also as USB mass storage
devices and similar, in case the system has "dual mode" USB controller
that can also work as device, not just as host. (And people could also
plug in sharing as NBD, iSCSI, whatever they want.)
How to use this? Boot into your system with a kernel cmdline of
"rd.systemd.unit=storage-target-mode.target ip=link-local", and you'll see on
screen the precise "nvme connect" command line to make the relevant
block devices available locally on some other machine. This all requires
that the target mode stuff is included in the initrd of course. And the
system will the stay in the initrd forever.
Why bother? Primarily three use-cases:
1. Debug a broken system: with very few dependencies during boot get
access to the raw block device of a broken machine.
2. Migrate from system to another system, by dd'ing the old to the new
directly.
3. Installing an OS remotely on some device (for example via Thunderbolt
networking)
(And there might be more, for example the ability to boot from a
laptop's disk on another system)
Limitations:
1. There's no authentication/encryption. Hence: use this on local links
only.
2. NVMe target mode on Linux supports r/w operation only. Ideally, we'd
have a read-only mode, for security reasons, and default to it.
Future love:
1. We should have another mode, where we simply expose the homed LUKS
home dirs like that.
2. Some lightweight hookup with plymouth, to display a (shortened)
version of the info we write to the console.
To test all this, just run:
mkosi --kernel-command-line-extra="rd.systemd.unit=storage-target-mode.target" qemu
|
|
modprobe treats "-" and "_" interchangeably, thereby avoiding frequent
errors because some module names contain dashes and others underscores.
Because modprobe@.service unescapes the instance name, an attempt to
start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt",
which is doomed to fail. "modprobe@dm_crypt.service" will work as
expected. Thus unescaping the instance name has surprising side effects.
Use "%i" instead.
|
|
coredump: support forwarding coredumps to containers
|
|
|
|
When --boot is set, and --keep-unit is not, set CoredumpReceive=yes on
the scope allocated for the container. When --keep-unit is set, nspawn
does not allocate the container's unit, so the existing unit needs to
configure this setting itself.
Since systemd-nspawn@.service sets --boot and --keep-unit, add
CoredumpReceives=yes to that unit.
|
|
As systemd-journal-upload deals mostly with remote servers, add
some failsafes to its unit to restart on failures.
```
[Service]
Restart=on-failure
RestartSteps=10
RestartMaxDelaySec=60
```
|
|
This is primarily supposed to be a 1st step with varlinkifying our
various command line tools, and excercise in how this might look like
across our codebase one day. However, at AllSystemsGo! 2023 it was
requested that we provide an API to do a PCR measurement along with a
matching event log record, and this provides that.
|
|
This adds an explicit service for initializing the TPM2 SRK. This is
implicitly also done by systemd-cryptsetup, hence strictly speaking
redundant, but doing this early has the benefit that we can parallelize
this in a nicer way. This also write a copy of the SRK public key in PEM
format to /run/ + /var/lib/, thus pinning the disk image to the TPM.
Making the SRK public key is also useful for allowing easy offline
encryption for a specific TPM.
Sooner or later we should probably grow what this service does, the
above is just the first step. For example, the service should probably
offer the ability to reset the TPM (clear the owner hierarchy?) on a
factory reset, if such a policy is needed. And we might want to install
some default AK (?).
Fixes: #27986
Also see: #22637
|
|
pid1: introduce ConditionSecurity=measured-uki
|
|
Follow-up for d120ce478dc0043c89899799b5c1aaf62901bea9
blockdev@.target is used as a synchronization point between
the mount unit and corresponding systemd-cryptsetup@.service.
After the mentioned commit, it doesn't get a stop job enqueued
during shutdown, and thus the stop job for systemd-cryptsetup@.service
could be run before the mount unit is stopped.
Therefore, let's make blockdev@.target conflict with umount.target,
which is also what systemd-cryptsetup@.service does.
Fixes #29336
|
|
|
|
This reverts commit 9dd88582813b6dbeea6ce336f70cae681e6cbfc6.
|
|
So, unfortunately oomd uses "io.system." rather than "io.systemd." as
prefix for its sockets. This is a mistake, and doesn't match the
Varlink interface naming or anything else in oomd.
hence, let's fix that.
Given that this is an internal protocol between PID1 and oomd let's
simply change this without retaining compat.
|
|
The tool initially just measured the boot phase, but was subsequently
extended to measure file system and machine IDs, too. At AllSystemsGo
there were request to add more, and make the tool generically
accessible.
Hence, let's rename the binary (but not the pcrphase services), to make
clear the tool is not just measureing the boot phase, but a lot of other
things too.
The tool is located in /usr/lib/ and still relatively new, hence let's
just rename the binary and be done with it, while keeping the unit names
stable.
While we are at it, also move the tool out of src/boot/ and into its own
src/pcrextend/ dir, since it's not really doing boot related stuff
anymore.
|
|
When booting from virtiofs, we won't be able to find a root block
device. Let's gracefully handle this similar to how we don't fail
if we can't find a GPT partition table.
|
|
- mostly: usecase -> use case
- continously -> continuously
- single typos in docs/FILE_DESCRIPTOR_STORE.md
|
|
|
|
Before this commit, the hibernate location logic only exists in
the generator. Also, we compare device nodes (devnode_same()) and
clear EFI variable HibernateLocation in the generator too. This is
not ideal though: when the generator gets to run, udev hasn't yet
started, so effectively devnode_same() always fails. Moreover, if
the boot process is interrupted by e.g. battery-check, the hibernate
information is lost.
Therefore, let's split out the logic of finding hibernate location.
The generator only does the initial validation of system info and
enables systemd-hibernate-resume.service, and when the service
actually runs we validate everything again, which includes comparing
the device nodes and clearing the EFI variable. This should make
things more robust, plus systems that don't utilize a systemd-enabled
initrd can use the exact same logic to resume using the EFI variable.
I.e., systemd-hibernate-resume can be used standalone.
|
|
Otherwise the root filesystem might still be readonly and
systemd-userdbd fails to start.
Explicitly pick systemd-remount-fs.service instead of local-fs-pre.target
to prevent a dependency cycle.
|
|
- add reference to the service unit in the man page,
- fix several indentation and typos,
- replace '(uint64_t) -1' with 'UINT64_MAX',
- drop unnecessary 'continue'.
|
|
systemd-bsod: Add "--continuous" option
|
|
|
|
This makes tmpfiles, sysusers, and udevd invoked in the following order:
1. systemd-tmpfiles-setup-dev-early.service
Create device nodes gracefully, that is, create device nodes anyway
by ignoring unknown users and groups.
2. systemd-sysusers.service
Create users and groups, to make later invocations of tmpfiles and
udevd can resolve necessary users and groups.
3. systemd-tmpfiles-setup-dev.service
Adjust owners of previously created device nodes.
4. systemd-udevd.service
Process all devices. Especially to make block devices active and can
be mountable.
5. systemd-tmpfiles-setup.service
Setup basic filesystem.
Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06.
Fixes #28653.
Replaces #28681 and #28732.
|
|
This reverts commits 112a41b6ece19d03e951d886fe2f26512ab31fab,
3178698bb5352989e4bff866641838b1c2a0efcb, and
b768379e8b494b025f41946205944a6f3a1a553f.
The commit 112a41b6ece19d03e951d886fe2f26512ab31fab introduces #28765,
as systemd-tmpfiles-setup.service has ordering after local-fs.target,
but usually the target requires block devices processed by udevd.
Hence, the service can only start after the block devices timed out.
Fixes #28765.
|
|
Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06.
The commit makes systemd-tmpfiles-setup.service also updates the
permission or owner of device nodes. However, the service does not have
ordering for systemd-udevd.service. So, the service may set different
permission from the one udevd already set.
Fixes #28653.
Replaces #28681.
|
