When a device is mounted with userspace options such as _netdev, even when the mount event source is
triggered, only /proc/self/mountinfo may be updated, and /run/mount/utab may not be updated yet.
Hence, the mount unit may be created/updated without the userspace options. In that case, the mount
event source will be retriggered when /run/mount/utab is updated, and the mount unit will be updated
again with the userspace options. Typically, the window between the two calls is very short, but when
the mount event source is ratelimited after the first event, processing the second event may be delayed
about 1 secound. Hence, here we need to wait for a while.
By adding a debugging logs in mount_setup_unit(), the userspace mount is
not obtained in the first event, and the second event is delayed by the ratelimit.
```
[ 20.023086] H TEST-10-MOUNT.sh[446]: + mount -t ext4 -o _netdev /dev/loop1p1 /tmp/deptest
[ 20.026255] H kernel: EXT4-fs (loop1p1): mounted filesystem c1fa00ea-2ba8-46b2-9002-2ac997f4cda9 r/w with ordered data mode. Quota mode: none.
[ 20.026537] H TEST-10-MOUNT.sh[446]: + timeout 10 bash -c 'until systemctl -q is-active tmp-deptest.mount; do sleep .1; done'
[ 20.032293] H systemd[1]: tmp-deptest.mount: mount_setup_unit: proc: yes, netdev: no
[ 20.035978] H systemd[1]: Unit blockdev@dev-loop1p1.target has alias blockdev@.target.
[ 20.039765] H systemd[1]: tmp-deptest.mount: Changed dead -> mounted
[ 20.046598] H systemd[1]: Event source 0x7c73093e05e0 (mount-monitor-dispatch) entered rate limit state.
```
Hopefully fixes#32712.
TEST-60-MOUNT_RATELIMIT is run on nspawn by default, and currently run
on vm only on arch mkosi. Let's move the test case to new TEST-10-MOUNT,
which always run on vm.
- rename to TEST-04-JOURNAL.reload.sh,
- use trap to call cleanup(),
- use systemd-run to write journals, to make each journal entries to be
distinguished by the service name,
- greatly simplifies verify_journals(),
- drop unnecessary calls of sleep command, etc, etc.
Follow-ups for df5b3426f6.
Hopefully fixes#38287.
When non-builtin echo command is used, then the command may exit before
journald find the source of the stream, and the log filtering may not be
applied.
Hopefully fixes#37143.
This pull-request adds support for IPv6 SIP servers, which can be
obtained from DHCPv6 options.
[RFC3319](https://www.rfc-editor.org/rfc/rfc3319.html) defines two
options for this: option 21 (SIP Servers Domain Name List) and option 22
(SIP Servers IPv6 Address List).
systemd-networkd currently only supports IPv4 SIP servers, but ISPs like
NTT EAST provide IPv6 SIP servers. Exposing this in the D-Bus API would
allow other programs, such as downstream DHCPv6 servers, to utilize it.
Usage:
```
[DHCPv6]
UseSIP=yes
```
Partial output of `run0 systemd-networkd-tests.py
NetworkdDHCPClientTests.test_dhcp_client_use_sip`:
```console
> networkctl status veth99
● 17: veth99
NetDev File: /run/systemd/network/25-veth.netdev
Link File: /usr/lib/systemd/network/99-default.link
Network File: /run/systemd/network/25-dhcp-client.network
└─/run/systemd/network/25-dhcp-client.network.d/override.conf
State: routable (configured)
Online state: online
Type: ether
Kind: veth
Driver: veth
Hardware Address: 12:34:56:78:9a:bc
MTU: 1500 (min: 68, max: 65535)
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Number of Queues (Tx/Rx): 2/2
Auto negotiation: no
Speed: 10Gbps
Duplex: full
Port: tp
Address: 192.168.5.181 (DHCPv4 via 192.168.5.1)
2600::15
fe80::1034:56ff:fe78:9abc
Gateway: 192.168.5.1
fe80::1034:56ff:fe78:9abd
SIP: 192.168.5.1
2600::1
foo.example.com
Activation Policy: up
Required For Online: yes
DHCPv4 Client ID: IAID:0x7ec6b6c/DUID
DHCPv6 Client IAID: 0x7ec6b6c
DHCPv6 Client DUID: DUID-EN/Vendor:0000ab11617740de1342c3a2
```
Allow for mDNS service/domain/types browsing.
A client can connect to the backend via varlink and receive updates as
the requested service becomes available.
The interval between the first two queries MUST be at least one second,
the intervals between successive queries MUST increase by at least a
factor of two.
When the interval between queries reaches or exceeds 60 minutes, a
querier MAY cap the interval to a maximum of 60 minutes, and perform
subsequent queries at a steady-state rate of one query per hour.
Cache maintenance performed by issuing queries at 80, 85, 90, 95% of the
TTL, and updating/removing the records depending on replies.
TODO:
Improve the DNS transaction logic when multiple clients subscribe to the
same service, ensuring that continuous queries are optimized.
<!-- devel-freezer =
{"comment-id":"1625154850","freezing-tag":"v256-rc2"} -->
To avoid the following warnings:
```
systemd-networkd-tests.py[3139]: Stopping 'systemd-networkd.service', but its triggering units are still active:
systemd-networkd-tests.py[3139]: systemd-networkd-varlink.socket
```
Follow-up for b0ea79c5b5.
Since 90fa161b5b, --bind= or Bind=
settings for coverage directory does not work with managed mode:
```
[ 158.105361] systemd-nspawn[3718]: Failed to open tree and set mount attributes: Operation not permitted
[ 158.105364] systemd-nspawn[3718]: Failed to clone /coverage: Operation not permitted
[ 158.118655] systemd-nspawn[3707]: (sd-namespace) failed with exit status 1.
```
Let's tentatively skip the test case when running on coverage.
Workaround for #38163.
This adds missing glue to reasonably allow unpriv users VMs/containers
to register with the system machined.
This primarily adds two things:
1. machined can now properly track VMs/containers residing in subcgroups
of units, because that's effectively what happens for per-user
VMs/containers: they are placed below the system unit `user@….service`
in some user unit.
2. machines registered with machined now have an owning UID: users can
operate on their own machines withour re-authentication, but not on
others.
Note that this is only a first step regarding machined's hookup of
nspawn/vmspawn in the long run for unpriv operation.
I think eventually we should make it so that there's both a per-user and
a per-system machined instance (so far, and even with this PR there's
still one per-system instance), and per-user containers/VMs would
registering with *both*. Having two instances makes sense I think,
because it would mean we can make machined reasonably manage the
per-user image discovery, and also do the per-system network/hostname
handling.
Let's add a superficial test for the code we just added: spawn a
container unpriv, make sure registration fully worked, then kill it via
machinectl, to ensure it all works properly.
Not too thorough but a good start.
We also run in a VM if we're not running as root, yet we weren't
checking this when deciding whether to pass --capability=CAP_BPF or
not. Let's fix that.
Follow up for 9554ac3052
This introduces `struct ConfFile` that stores detailed information of an
enumerated file, and introduces `conf_files_list_full()` and friends
that provide results in `ConfFile`.
Then make udev, hwdb, catalog, and cat-files use the new function and
struct to make them not read files outside of specified root directory.
Then, make the function show the original and resolved path if they are
different.
With this change, procfs needs to be mounted on /proc/, hence the test
code is slightly updated.
