One of the steps in setting up NTP is to enable/disable the
'systemd-timesyncd.service' and then perform a daemon reload.
we use an extra-long timeout for reload in timedated as same as used in
systemd daemon reload to avoiding certain situation have longer reload
times (which exceed the 25 second default timeout used for
dbus-communication), potentially leading to setting NTP failure.
Let's show which fds are closed as part of the left-over fd set logic on
daemon reload/reexec cycles.
This is useful to debug accidentally unclaimed fds.
We have the "tasks.max" cgroup attribute only if we run in a cgroup
namespace, but not on the host. Hence let's handle ENODATA silently
simply to reduce the debug noise generated.
Follow-up for bf366954fa
Before this commit, we hardcode "prefix" to the widest field
possible in the table. However, there's no guarantee that the
field would actually be used/added, so it could potentially
result in misalignment. Therefore, let's set the minimum width
of the cell to the hardcoded width too.
The kernel tpm "resource manager" interface doesn't report that any transient
handles exist, even if they do, so don't bother asking if the handle is
transient.
Unfortunately, the tpm2-tss library doesn't reference count handles, and a call
to Esys_TR_Close() will remove the handle that could be in use by other
code. So stop calling Esys_TR_Close(), and leave the handle around until we
cleanup the entire ESYS_CONTEXT.
In TEST-70-TPM2, test systemd-cryptenroll --tpm2-seal-key-handle using the
default (0) as well as the SRK handle (0x81000001), and test using a non-SRK
handle index after creating and persisting a primary key.
In test/test-tpm2, test tpm2_seal() and tpm2_unseal() using default (0), the SRK
handle, and a transient handle.
The device-mapper driver can return a wild variety of errors when trying
to activate the same dm-verity volume concurrently, as it might happen
with an image. There is a fallback logic in place, but the original
return code was clobbered when userspace signature check was added.
Add it back.
Follow-up for c2fa92e7e8
Before this commit, $USER, $HOME, $LOGNAME and $SHELL are only
set when User= is set for the unit. For system service, this
results in different behaviors depending on whether User=root is set.
$USER always makes sense on its own, so let's set it unconditionally.
Ideally $HOME should be set too, but it causes trouble when e.g. getty
passes '-p' to login(1), which then doesn't override $HOME. $LOGNAME and
$SHELL are more like "login environments", and are generally not
suitable for system services. Therefore, a new option SetLoginEnvironment=
is also added to control the latter three variables.
Fixes#23438
Replaces #8227
Previously, only servers that statically configursd or obtained by
DHCPv4 protocol are saved in the manager state file.
NTP servers obtained by DHCPv6 could not be used by timesyncd.
Fixes#29148.
Let's move it out of cgroup.[ch]. The function primarily compares the
priority values for units, hence let's move the core of it into a new
function unit_compare_priority() in unit.[ch], and then make
compare_job_priority() a local wrapper for it in manager.[ch]
Shorten the code a bit while we are at it.
Some qdiscs (e.g. tbf) implicitly create class(es) on create.
Previously, we could not create any child qdisc under the class, as the
implicit class is tagged as foreign.
Some kind of qdisc implicitly creates a class for the qdisc, but the
created class is not notified by the kernel. So, we need to explicitly
enumerate classes after a qdisc is created.
When a node of traffic control tree is removed, all child nodes are also
removed but their removal are not notified by the kernel.
So, previously, removed TC classes or qdiscs under the removed node were
kept in the memory of networkd, and may cause failure on reconfigure.
This is the only function that cgroup.h exports that is prefixed with
cgroup_ where this does not refer to some type such as CGroupContext or
CGroupTasksMax or so. It simply operates on a unit. And it doesn't even
modify a cgroup, but just modifies an nft set.
Hence, to make the naming scheme systematic, change prefix from cgroup_
to unit_, matching the majority of the functions that operate on Unit*
in the file.
