Users can currently pick specific versions of NIC naming, but that
does not guarantee that NIC names won't change after the kernel adds
a new sysfs attribute.
This patch allows for an allow/deny list of sysfs attributes
that could be used when composing the name.
These lists can be supplied as an hwdb entry in the form of
/etc/udev/hwdb.d/50-net-naming-allowlist.hwdb
net:naming:drvirtio_net
ID_NET_NAME_ALLOW=0
ID_NET_NAME_ALLOW_ACPI_INDEX=1
ID_NET_NAME_ALLOW_ADDR_ASSIGN_TYPE=1
ID_NET_NAME_ALLOW_ADDRESS=1
ID_NET_NAME_ALLOW_ARI_ENABLED=1
ID_NET_NAME_ALLOW_DEV_PORT=1
ID_NET_NAME_ALLOW_FUNCTION_ID=1
ID_NET_NAME_ALLOW_IFLINK=1
ID_NET_NAME_ALLOW_INDEX=1
ID_NET_NAME_ALLOW_LABEL=1
ID_NET_NAME_ALLOW_PHYS_PORT_NAME=1
ID_NET_NAME_ALLOW_TYPE=1
This is just paranoia. In all these cases we don't really care about the
trailing NUL byte. But if there's space for it dns_label_unescape() is
going to insert it, and that's a good safety strategy.
This is a follow-up to c29c3adefa8cd859f8cb87d9ad62f3d77b7cd102 which
fixed an actual bug, unlike this commit, which is just paranoia.
Same as $KERNEL_INSTALL_BYPASS, but for hwdb. This will speed up
cross architecture image builds in mkosi as I can disable package
managers from running the costly hwdb update stuff in qemu user
mode and run it myself with a native systemd-hwdb with --root=.
This function is just a wrapper around the BLKGETSIZE64. Which is a
pretty simple ioctl. The only reason to wrap it, is that the headers we
need to call it are a bit messy (as "linux/fs.h" is incompatible with
certain glibc headers). Hence add the simple helper that wraps it and
allows us to do the header mess needed in one file only.
It's also nicely symmetric to blockdev_get_sector_size().
THis brings the list of attributes to delegate to managers of subcgroups
to the state of kernel 6.6.
We probably should unify this list, and maybe generate it automatically
from /sys/kernel/cgroup/delegate, but let's do that another time.
The reference implementation seems to set the 'parameters' field for
method calls to 'null' if nothing is specified on its command line. We
so far only could deal if the parameters field was unset or set to the
empty object. Let's also accept the 'null' type.
When /boot or friends is on btrfs RAID, btrfs_get_block_device_at() will
succeed with 0 and provide zero devnum. Then,
- if we are previleged, devname_from_devnum() maps the devnum to
/run/systemd/inaccessible/blk, and the subsequent verification by blkid
will fail,
- if we are unprevileged, sd_device_new_from_devnum() will fail.
This makes
- when find_esp() or find_xbootldr() is called without any paths, that
is, called with the searching mode, then returns -ENOKEY, which should
be handled gracefully by the caller,
- when they are called with an input path, then they provide the proper
error message and suggestion.
Fixes RHBZ#2251262 (https://bugzilla.redhat.com/show_bug.cgi?id=2251262).
The image name is extracted from the image path originally passed in,
i.e. not the contents of the image. And the image UUID is directly
retrieved from the partition table, hence also not from the contents.
Let's hence move the comment to separate out the stuff extract from the
file systems (and thus only available when mounting/with privs/with
block devices) from the data available without any of that.
For unit instances install_info_discover() returns path to the template,
which then generates confusing errors when passed to
do_unit_file_enable():
~# build/systemctl --root=/tmp/systemctl-test.N9ysbz reenable templ1@two.service
Unit name: templ1@two.service; p: /etc/systemd/system/templ1@.service
Removed "/tmp/systemctl-test.N9ysbz/etc/systemd/system/services.target.wants/templ1@two.service".
Failed to reenable templ1@.service, destination unit services.target is a non-template unit.
This can also be seen with a different reproducer using getty@.service
and a simple bind mount to / - there's no error this time, but it tries
to create a symlink for the default instance (from DefaultInstance=tty1),
which is also incorrect:
~# SYSTEMD_LOG_LEVEL=debug systemctl --root /mnt/bindroot/ reenable getty@test.service
Symlink /mnt/bindroot/etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service already exists
Follow-up to: 29a7c59abbResolves: #24740
We already highlight sections and "de-highlight" comments, so let's add
the last piece of the puzzle and highlight the configuration directives
to visually distinguish them from the values.
Closes: #13416
cryptsetup reads a bunch of credentials now but we don't pass import
those in any service units yet. Let's pass through all cryptsetup
prefixed credentials to the systemd-cryptsetup@root instance.
Follow-up for 9e615117da
We'll typically send signals to all remaining processes in the following
cases:
1. pid1 (in initrd) when transitioning from initrd to sysroot: SIGTERM
2. pid1 (in sysroot) before transitioning back to initrd (exitrd): SIGTERM + SIGKILL
3. systemd-shutdown (in exitrd): SIGTERM + SIGKILL
'warn_rootfs' is set to true only when we're not in initrd and we're
sending SIGKILL, which means the second case. So, we want to emit the
warning when the root of the storage daemon IS the same as that of pid1,
rather than the other way around.
The condition is spuriously reversed in the offending commit.
