When a late error occurs in sd-executor, the cleanup-on-close of the
context structs happen, but at that time all FDs might have already
been closed via close_all_fds(), so a double-close happens. This
can be seen when DynamicUser is enabled, with a non-existing
WorkingDirectory.
Invalidate the FDs in the context structs if close_all_fds succeeds.
Prompted by #29705
Note that x-systemd.wanted-by= and x-systemd.required-by= are not
dropped, since we ignore them because they are unnecessary rather
than unapplicable.
When a mount is gracefully skipped (e.g.: BindReadOnlyPaths=-/nonexistent)
we still post-process it, like making it read-only. Except if nothing
has been mounted, the mount point will be made read-only for no reason.
Track when mounts are skipped and avoid post-processing.
One day we'll switch all of this to the new mount api and do these
operations atomically or not at all.
Fixes https://github.com/systemd/systemd/issues/29725
On rpm-ostree distributions such as Fedora SilverBlue /mnt
(and other well known paths) will be a symlink to a location
under /var. The fstab generator emits correct output in this
case, however, the data does not match the expected output
stored in the source tree.
Rather than trying to adapt the test data, just skip this
single test scenario when we see /mnt is a symlink.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The systemd-tmpfiles binary will report a fatal error if /tmp is not owned
either by root, or by the current user:
Detected unsafe path transition /tmp (owned by nobody) →
/tmp/test-systemd-tmpfiles.a8qc6n18 (owned by berrange)
during canonicalization of
tmp/test-systemd-tmpfiles.a8qc6n18/test-content.7chd7rdi
When doing development inside a 'toolbox' container (which is required
on a Fedora SilverBlue distro), /tmp is owned by 'nobody', because it
has been passed through from the host and host UID 0 gets mapped to
UID 65536 by usernamespaces. This triggers the unsafe path transition
error message.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Don't hardcode the event number, so the test works correctly even if
someone wrote to the event log before us. Also, explicitly pick the
sha256 bank when checking digests, as the indexing may vary depending on
current TPM's capabilities.
bootctl is rather useful to have, even if on a system without UEFI,
as it has a number of verbs that are unrelated to UEFI (e.g kernel-identify),
and more importantly, it supports --root to operate on directory trees
(which could be intended to be deployed on UEFI) so let's make sure we
always build it.
When looking at configuration, often a user wants to suppress the comments and
just look at the parts that actually configure something, roughly equivalent to
systemd-analyze cat-config … | rg -v '^(#|;|$)
This switch implements this natively, skipping lines that start with a comment
character or only contain whitespace.
For formats that have section headers, section headers are skipped, if only
followed by stuff that would be skipped. (The last section header is printed
when we're about to print some actual output.)
Note that the caller doesn't know if the format has headers or not. We do format
type detection in pretty-print.c. So the caller only specifies tldr=true|false, and
conf_files_cat() figures out if the format has headers and whether those should
be handled specially.
The comments that show the file name are always printed, even if all of the file
is suppressed.
This is a partial answer to the discussions in
https://github.com/systemd/systemd/pull/28919,
https://github.com/systemd/systemd/pull/29248. If the default config is shown in
config files, the user can conveniently use '--tldr' to show the relevant parts.
In several Ubuntu CI jobs I noticed timeouts in TEST-69, which are
apparently caused by a very stubborn bash/login process:
$ journalctl -o short-monotonic --no-hostname --file artifacts/TEST-69-SHUTDOWN.journal
[ 2011.698430] systemd[1]: shutdown.target: starting held back, waiting for: veritysetup.target
[ 2011.698473] systemd[1]: sysinit.target: stopping held back, waiting for: user@0.service
[ 2045.884982] systemd[1]: systemd-oomd.service: Got notification message from PID 54 (WATCHDOG=1)
[ 2071.576424] systemd[1]: Received SIGCHLD from PID 65 (bash).
[ 2071.576941] systemd[1]: Child 65 (bash) died (code=killed, status=1/HUP)
[ 2071.577026] systemd[1]: session-13.scope: Child 65 belongs to session-13.scope.
[ 2071.577100] systemd[1]: session-13.scope: cgroup is empty
[ 2071.577249] systemd[1]: session-13.scope: Deactivated successfully.
$ journalctl -o short-monotonic --no-hostname --file artifacts/TEST-69-SHUTDOWN.journal _PID=65
[ 3038.661488] login[65]: ROOT LOGIN on '/dev/pts/0'
Since, in this case, we really care only about the actual shutdown,
let's shorten the service stop/abort timeouts to let systemd SIGKILL all
remaining processes in the 60s `expect` window.
Automatically softreboot if the nextroot has been set up with an OS
tree, or automatically kexec if a kernel has been loaded with kexec
--load.
Add SYSTEMCTL_SKIP_AUTO_KEXEC and SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT to
skip the automated switchover.
With coverage builds we disable Protect{Home,System}= via a service.d
dropin in /etc, which has, unfortunately, higher priority than our
transient systemd-run stuff. Let's just skip the affected tests in that
case instead of making the test setup even more complicated.
As reproducing it is actually pretty easy, with the benefit of hindsight:
~# systemd-run -P -p MountImages="/this/should/definitely/not/exist.img:/run/img2\:3:nosuid" false
Running as unit: run-u42.service
free(): double free detected in tcache 2
In c08bec1587 the journal-upload unit gained Restart=on-fail, which goes
against this one particular test that expects the unit to fail, making
the test flaky. Let's disable the automatic restarts just for this test
to make it stable once again.
Let's support the same filtering options that we also support in
udevadm trigger in udevadm info to filter the devices produced by
--export-db.
One difference is that all properties specified by --propery-match=
have to be satisfied in udevadm info unlike udevadm trigger where just
one of them has to be satisfied.
