AllowList= and DenyList= filter only DHCPOFFER messages. So, if
RapidCommit= is enabled, then networkd unconditionally accepts a rapid
ACK message even if its sender is filtered out by the lists.
As AllowList=/DenyList= implemented earlier than RapidCommit=, so
enabling RapidCommit= unconditionally by default may break existing
setups that use AllowList=/DenyList=.
Let's disable RapidCommit= by default when AllowList=/DenyList= is
enabled. Still the setting can be enabled by setting explicitly even
AllowList=/DenyList= is also specified.
We generally want to avoid to include dashes in json field names. We
historically made a mistake there which is hard to fix. But for new
fields, let's get this right. We already got it right for a bunch of new
fields, hence also make sure to use underscores rather dashes for new
additions.
This field was added post v254, and since we didn't release since then,
let's just rename it.
When we resolve symlinks, paths (especially filenames) may be changed,
but plugins may expect to see the kernel added under the name specified,
not under the final name that the symlink chain resolves to.
This makes symlinks in specified paths that passed to plugins are not
resolved when neither --root nor --image specified.
Fixes#29317.
* systemd.pc: Keep support for rootprefix and root_prefix
We dropped support for split-usr in b0d3095fd6
but kept the `rootprefix` variable in meson but ignore it to make sure we do
not break downstream builds that depend on systemd.
This is fine because we had logic in our meson.build that rootprefix and prefix need to be the
same when split-usr=false.
However we never had this logic in our systemd.pc.in file. This leads to a nasty breaking problem
downstream. Many packages [0,1,2] (there might be more!) rely on overriding rootprefix or root_prefix when calling pkg-config to configure where
to install systemd units. This is because before split-usr we installed units in rootprefix. Setting prefix
on the pkg-config file didn't work. Even when split-usr=false people had to set rootprefix to install units
in the right position.
E.g. they have a line like:
systemdunitdir = systemd.get_variable(pkgconfig: 'systemdsystemunitdir', pkgconfig_define: ['rootprefix', systemd_root_prefix])
With b0d3095fd6 landing
This would mean all these downstream packages need to be patched to use `prefix` next to `rootprefix`.
(Both need to be kept to keep backwards compat with using older versions of systemd).
This puts a big burden on downstream packages.
Instead we should not break the existing behaviour and keep the old behaviour of systemd.pc.in around.
I've changed systemd.pc.in such that either setting prefix, rootprefix or root_prefix will all have
the same effect. This way we do not break any downstream packages.
- [0](caa788b37f/meson.build (L464))
- [1](https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/blame/main/meson.build#L204)
- [2](49cdb468c2/src/daemon/systemd/system/meson.build (L1))
Systemd 255 changed the semantic of MemoryAvailable with 3565c709f5 ("cgroup:
Fix MemoryAvailable= by considering physical memory"). If there is no
artificial constraint, it will hold the amount of available physical memory,
while it previously contained UINT64_MAX.
While the change in MemoryAvailable's semantic is sensible, it causes
`systemctl status` to always display the available physical memory. This
creates a lot of noise, especially since systemd recently started to also show
the "peak" memory. For example
$ systemctl status foo
…
Memory: 3.9G (available: 21.2G peak: 5.4G)
…
However, while peak memory is a unit specific value, the available memory, when
not derived from artificial memory limits, is a generic property that holds the
same value for all units that are not under memory accounting
constraints. Displaying it under those circumstances can therefore be
considered being noisy.
Before 3565c709f5 ("cgroup: Fix MemoryAvailable= by considering physical
memory") "systemctl status" would only show the available memory if it was
caused by a explicit memory limitation due to MemoryHigh or MemoryMax.
This commit restores this behavior by supressing displaying the available
memory if is is merely the available phyiscal memory. For example
$ systemctl status foo
…
Memory: 3.9G (peak: 5.4G)
…
Fixes#30102.
This fixes a regression introduced by
42551ea7e9.
In the shell script version, plugin failures are propagated to the
caller. But after the commit, failures in plugins are logged, but never
propagated as the exit code of the execution.
Fixes#30087.
On kernel 5.10.178, when a squashfs file is stored on an EXT4 filesystem
backed by a dm-crypt volume, dissecting fails:
$ SYSTEMD_LOG_LEVEL=debug systemd-dissect /var/foo/bar.raw
Opened '/var/foo/bar.raw' in O_RDONLY access mode, with O_DIRECT enabled.
Couldn't find any partition table to derive sector size of.
loop2: Acquired exclusive lock.
Could not enable direct IO mode, proceeding in buffered IO mode.
Successfully acquired /dev/loop2, devno=7:2, nr=2, diskseq=87
Opened /dev/loop2 (fd=3, whole_block_devnum=7:2, diskseq=87).
Name: bar.raw
Size: 67.2M
Sec. Size: 512
Arch.: n/a
Successfully forked off '(sd-dissect)' as PID 4110.
Mounting /proc/self/fd/3 (squashfs) on /tmp/dissect-Zk3K5F (MS_RDONLY|MS_NODEV "")...
Failed to mount /proc/self/fd/3 (type squashfs) on /tmp/dissect-Zk3K5F (MS_RDONLY|MS_NODEV ""): Input/output error
Failed to mount dissected image: Input/output error
Failed to read /etc/hostname of image: No such file or directory
/etc/machine-id file of image is empty.
Failed to read has-init-system boolean: Input/output error
(sd-dissect) failed with exit status 1.
Failed to acquire image metadata: Input/output error
The kernel shows I/O errors:
kernel: blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
kernel: SQUASHFS error: Failed to read block 0x0: -5
kernel: unable to read squashfs_super_block
This is independent of a particular filesystem and can be reproduced
reliably in my setup, starting from freshly formatted disks.
Instead of continuing when O_DIRECT fails, start over the setup
process without the flag, including opening a new FD, to make the
kernel happy.
According to org.freedesktop.login1:
> If "na" is returned, the operation is not available because
> hardware, kernel, or drivers do not support it. If "yes" is
> returned, the operation is supported and the user may execute
> the operation without further authentication. If "no" is returned,
> the operation is available but the user is not allowed to execute
> the operation.
Therefore, we should return "no" if sleep is explicitly disabled,
otherwise we return "na".
On architectures where timeval is 64bit but size_t is 32bit
we have to use CMSG_FIND_AND_COPY_DATA. This affects x32 and riscv32.
Follow-up for 905d0ea7b0
- use sd_bus_query_sender_creds() to retrieve credentials,
- read credentials only when we get credentials, to avoid triggering
assert_return(),
- downgrade log level of expected failure, and update log message about
unexpected success.
Prompted by #30029.
