The log line looked like this:
bootctl[1457]: ! Mount point '/efi' which backs the random seed file is world accessible, which is a security hole! !
which doesn't look nice.
Also upgrade the message to error. This is something to fix.
Admittedly, some of our glyphs _are_ special, e.g. "O=" for SPECIAL_GLYPH_TOUCH ;)
But we don't need this in the name. The very long names make some invocations
very wordy, e.g. special_glyph(SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY).
Also, I want to add GLYPH_SPACE, which is not special at all.
Check that when networkd restarts, and the network configures
KeepConfiguration=yes, the network configuration is never changed.
Ensure this by dumping the `ip monitor` output when networkd is restarting.
Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
Then we can detect the error fixed by the previous commit like the following:
../src/libsystemd/sd-device/test-sd-device.c: In function ‘test_sd_device_enumerator_add_all_parents’:
../src/shared/tests.h:225:51: error: comparison of constant ‘0’ with boolean expression is always true [-Werror=bool-compare]
225 | #define ASSERT_OK(expr) __coverity_check__((expr) >= 0)
| ^~
../src/libsystemd/sd-device/test-sd-device.c:547:9: note: in expansion of macro ‘ASSERT_OK’
547 | ASSERT_OK(sd_device_enumerator_add_all_parents(e) >= 0);
| ^~~~~~~~~
We didn't check the number of arguments first, hence ended up outputting
some ugly complaints with `(null)` in a format string. And what's worse
accepted any number of arguments, where we'd ignore all but the first
two though.
This partially reverts 8d04b8198d.
If we completely drop the file, users will get a 404. But this document
has been in place for a long time and is referred to in many other places,
incl. our old wiki at https://www.freedesktop.org/wiki/Software/.
The page already says that it's been replaced
("… Please consult this document only as a historical reference. …").
We should only remove it from the index (which
8d04b8198d did).
In general, let's be more careful about preserving link stability.
When we change something in a way that breaks URLs, we're creating
pain for users.
This adds a new EMERGENCY_ACTION_SLEEP_5S flag, which when set will
delay the emergency action for 5s. This is supposed to be used together
with EMERGENCY_ACTION_WARN so that users can actually read the message
we output.
We enable this with all emergency action requests that already set
EMERGENCY_ACTION_WARN, except for the 7x ctrl-alt-del burst reboot,
where the user knows what they do and there's no real reason to wait,
they don't need to be informed.
This also enables both EMERGENCY_ACTION_WARN + EMERGENCY_ACTION_SLEEP_5S
for FailureAction= processing of regular units, where these were so far
off. (it leaves this off for SuccessAction= however!). This is a good
thing to make things more debuggable: if something fails and we reboot
this really deserves notification of the user.
(For SuccessAction= this logic does not apply, since the shutdown action
induced here is apparently intended part of the codeflow, for example in
systemd-reboot.service or a similar unit, where the shutdown is goal and
not exception and derserves no additional noisy reporting).
Inspired by: https://github.com/systemd/systemd/pull/36705#issuecomment-2717014120
So far /run/systemd/ was created as side-effect of initializing the
D-Bus client/server. But in one of the next commits we'll suppress
connecting to D-Bus in test runs, hence let's move the logic our of the
D-Bus code and into manager_startup().
Then, also drop creating it again and again in PID 1 at various places,
and just rely on it to exist.
Kernel API file systems typically use either "raw" or "seq_file" to
implement their various interface files. The former are really simple
(to point I'd call them broken), in that they have no understanding of
file offsets, and return their contents again and again on every read(),
and thus EOF is indicated by a short read, not by a zero read. The
latter otoh works like a typical file: you read until you get a
zero-sized read back.
We have read_virtual_file() to read the "raw" files, and can use regular
read_full_file() to read the "seq_file" ones.
Apparently all files in the top-level /proc/ directory use 'seq_file'.
but we accidentally used read_virtual_file() for them. Fix that.
Also clarify in a comment what the rules are.
Fixes: #36131
```
Let's make sure we can use the tool on ParticleOS images. They have no
root fs by default (until they are instantiated), but always have /usr/.
Hence add DISSECT_IMAGE_USR_NO_ROOT which has the desired effect.
```
Let's not claim the system was not booted with UEFI if we use --image=.
The system wasn't booted at all, after all. Hence supress the whole
section altogether in this case.
Let's make sure we can use the tool on ParticleOS images. They have no
root fs by default (until they are instantiated), but always have /usr/.
Hence add DISSECT_IMAGE_USR_NO_ROOT which has the desired effect.
It is not necessary to clear previous keymap assignment, as
`localectl set-keymap` will anyway overwrite the previous assignment.
This drops the unnecessary restart of systemd-localed in the loop.
The mkosi test image contains about 500~700 keymaps. The test
performance is greatly improved by reducing the number of restarts,
especially when the test is running with sanitizers.
On Fedora 41 with sanitizers,
Before:
1/1 systemd:integration-tests / TEST-73-LOCALE OK 1157.50s
After:
1/1 systemd:integration-tests / TEST-73-LOCALE OK 104.43s
oomd only works well if we have swap, hence we should not start it
before swaps are up, in particular as we will print an annoying message
otherwise.
Fixes: #36704
