For manager test runs, the generator output paths are located in
/tmp, which means that if we mount a private /tmp for generators,
we lose all the generated units (actually the generators will just
fail because the directories don't exist, but if they did exist,
we'd still lose all the units).
Let's avoid the problem by skipping the private /tmp for manager
test runs. This also avoids any possible privilege issues with
mounting a private /tmp that might happen in this scenario.
Currently, during soft-reboot, some services may survive,
but their associated credential mounts are dropped.
Let's instead preserve them, as discussed.
Follow-up for 3c0a1b1e70
Before this commit, DefaultDependencies=no is set in
mount_add_extras(). However, when generating mount units
from /proc/self/mountinfo, we don't have a unit in memory
yet, and mount_setup_new_unit() doesn't call into
mount_add_extras().
Fixes#32838
Locking of the tty device and then /dev/console was added to synchronize
vconsole-setup with other writers to the console. But it turns out that often
the locking doesn't work and we carved out various cases where we ignore
failure:
- lack of permissions (in the user manager)
- missing device node
It turns out that there's at least one more failure mode: we get -EIO when the
console is (mis-)configured to point to an invalid device. E.g. in
rhbug#2273069 the reporter has a VM in Proxmox without a virtual console
configured and has 'console=tty console=ttyS0' on the kernel cmdline. I
couldn't reproduce this under libvirt, but failure with EIO has been reported
by at least four users in #30501.
Note that in systemd-vconsole-setup we report this is a hard failure, while
in the manager, we only do a debug line. So it's possible that the failure
also occured there, causing the rest of the setup of the tty to be skipped
without further notice.
Ignore the locking failure, since there's just too many ways it can fail. If we
proceed without a lock, we're back to the situation before we started locking,
which wasn't too bad. OTOH, skipping setup of the console is problematic for
users, and it seems better to try to do the setup without locking.
Fixes https://github.com/systemd/systemd/issues/30501,
https://bugzilla.redhat.com/show_bug.cgi?id=2273069.
Follow-up for 6b34871f5d.
The general idea is that the list of credentials to load can and will specify
credentials which actually aren't provided, so a warning is too much. Let's
downgrade this to "info". If it turns out to be too noisy, we can downgrade
further in the future.
icmp6-util-linux.c sounds like a specialized implementation of the functions in
icmp6-util.c. But it's just a set of stub versions used in tests. Rename the
file to make this more obvious.
Coverity was complaining that we use the received packet size as a loop bound
without checking. This is indeed a bit iffy, because depending on how the host
is configured, the packet could be rather large. Let's refuse anything more
than the standard size early to prevent suspicious activity.
Resolves coverity CID#1534892, CID#1543949.
Currently, on soft-reboot, /run/credentials/@system is unmounted
because it has DefaultDependencies=yes and as such will have
Conflicts=umount.target and Before=umount.target. Let's make sure
credential mounts survive soft-reboot by implying DefaultDependencies=no
for credential mounts.
The test-event test seems to be taking quite a bit more time than
the other 'simple tests', which usually complete in < 1s. In case
of a slower or loaded machine the default 30s timeout is not enough.
RFC 4862 Section 5.5.3, bullet e, sub-bullet 3 applies to existing
addresses, i.e. when address_get() returns success. If the address is
new (i.e. address_get() fails), then we should not be adding 2 hours to
the lifetime_valid_usec. Instead, use the valid_lifetime from the RA's
Prefix Information Option.
This change allows v6LC.3.2.2 to pass. Also verified all v6LC3.2.* tests
pass. This covers all the v6LC tests from Group2: Router Advertisement
Processing and Address Lifetime.
Fixes#32652.
Previously, RA option fields were being ignored when the Router Lifetime
value was zero. Remove this logic to be compliant with RFC4861.
Extract from: https://www.ietf.org/rfc/rfc4861.html#section-4.2, p.21,
first paragraph:
The Router Lifetime applies only to
the router's usefulness as a default router; it
does not apply to information contained in other
message fields or options.
This affected IPv6 Conformance test:
v6LC.2.2.15: Router Advertisement Processing, Reachable Time.
Fixes#31842.
Co-authored-by: Matt Muggeridge <Matt.Muggeridge@hpe.com>
If we destroy both an event loop and a curl contect object at the same
time, then we get into this weird situation where curl wants us to
reconfigure a timout event source right before destruction, which
sd-event will refuse however, since it is already being shutdown.
Hence, catch that and simply don't bother adjusting the timeout, since
we cannot get back from there anyway.
