Document .link .network and .netdev file type distinctions in early
introductory text, and document distro-specific need to sync link files
with early-boot copies, see Debian bug 1005282:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005282 for an
example.
These are various commits that were required to get things compiling
after running IWYU. I think all of them make sense on their own, hence
this split PR to merge them ahead of time.
We currently include these transitively but to allow using IWYU to
remove headers later, let's add these as direct includes so the IWYU
changes don't break compilation.
Currently, NOTIFY_READY from daemon-util.h conflicts with NOTIFY_READY
from NotifyState from service.h so let's rename the constants to avoid
the conflict.
When compiling the source files, we know static is going to be available
so there's no need to use the macro from _sd-common.h and we can just use
static instead.
Continuation of #36734
Apparently I was wrong about everything under `/proc/` being seq_file,
but at least there're some more to convert and we can leverage our
helper func while doing so.
- Drop effectively unused "terminator" param, imply whitespace
- Make ret param optional
- Return ENODATA if the requested key is not found, rather than
ENOENT
- Turn ENOENT -> ENOSYS if /proc/ is not mounted
- Don't skip whitespaces before ':', nothing needs this handling
anyways
- Remove the special treatment for all "0"s. We don't actually
use this for capabilities given pidref_get_capability() exists
- Switch away from read_full_virtual_file() - files using "field"
scheme under /proc/ seem all to be "seq_file"s (refer to
da65941c3e for details on file types)
When linux_exec() fails, the initrd pages cleanup attempts to run,
and an assertion is triggered:
../src/boot/linux.c:125@linux_exec: Error loading kernel image: Security violation
../src/boot/util.h:81@cleanup_pages: Error freeing pages: Not found
../src/boot/log.c:30@efi_assert: systemd-boot: Assertion 'r == EFI_SUCCESS' failed at ../src/boot/util.h:82@cleanup_pages, halting.
(log message is new)
This was introduced by https://github.com/systemd/systemd/pull/36715
Before that change, given the argument to xmalloc_pages() was passed as EFI_SIZE_TO_PAGES(n_pages), that's
what ended up in Pages.n_pages. After this change, n_pages gets assigned without being transformed by
EFI_SIZE_TO_PAGES, so the cleanup can find them again. That change causes the assertion failure to trigger.
Changing this to .n_pages = EFI_SIZE_TO_PAGES(n_pages) fixes the assertion.
Follow-up for c5a5046792
We were compiling the same resolved sources over and over again (up to
10 times) which had a substantial effect on build times. Let's make sure
we only compile the resolved sources once by having one static library
containing the objects for all the resolved sources.
While we're at it, get rid of unnecessary variables and includes in the
resolve meson file and generally clean things up a bit.
Before (recorded with ClangBuildAnalyzer):
**** Time summary:
Compilation (1823 times):
Parsing (frontend): 675.5 s
Codegen & opts (backend): 81.6 s
After:
**** Time summary:
Compilation (1585 times):
Parsing (frontend): 553.6 s
Codegen & opts (backend): 70.7 s
Currently, if systemd-networkd-wait-online is started with --dns, and
systemd-resolved is not running, it will exit with an error right away.
Similarly, if systemd-resolved is restarted while waiting for DNS
configuration, systemd-networkd-wait-online will not attempt to
re-connect, and will potentially never see subsequent DNS
configurations.
Improve this by adding socket units for the systemd-resolved varlink
servers, and re-establish the connection in systemd-networkd-wait-online
when we receive `SD_VARLINK_ERROR_DISCONNECTED`.
Otherwise passing invalid data means asserts get hit instead of
handling it gracefully. Other verbs already do the same checks.
busctl get-property org.freedesktop.systemd1 '*' org.freedesktop.systemd1.Manager Version
Assertion 'object_path_is_valid(path)' failed at src/libsystemd/sd-bus/bus-message.c:562, function sd_bus_message_new_method_call(). Aborting.
Aborted (core dumped)
Specifically, add a test case that ensures systemd-networkd-wait-online --dns
is robust against (a) systemd-resolved absence, and (b) systemd-resolved
restarts.
Now that systemd-resolved has socket activation for it's varlink
sockets, this should should be enough to make the DNS configuration
logic robust against systemd-resolved stops and restarts.
Add two new socket units, one for each of systemd-resolved's varlink
servers:
systemd-resolved-varlink.socket
systemd-resolved-monitor.socket
Add logic to grab socket fds via sd_varlink_server_listen_name(), but
fallback to the existing sd_varlink_server_listen_address() calls if no
fds were given.
This will be used to make systemd-networkd-wait-online --dns more robust
against systemd-resolved restarts etc.
A host can send Router Advertisements (RAs) without acting as a router.
In such cases, the lifetime of the RA header should be zero, but may
contain several options, and clients can configure addresses, routes,
and so on with the message. The host may (should?) send Neighbor
Announcements (NAs) without the router flag in that case.
So, when a NA without the router flag is received, let's not drop
configurations based on the previous RA options, but only drop the
default gateway configured based on the RA header.
See RFC 4861 Neighbor Discovery in IPv6, section 6.3.4:
https://www.rfc-editor.org/rfc/rfc4861#section-6.3.4:~:text=%2D%20The%20IsRouter%20flag,as%20a%20host.
> - The IsRouter flag in the cache entry MUST be set based on the Router
> flag in the received advertisement. In those cases where the IsRouter
> flag changes from TRUE to FALSE as a result of this update, the node
> MUST remove that router from the Default Router List and update the
> Destination Cache entries for all destinations using that neighbor as
> a router as specified in Section 7.3.3. This is needed to detect when
> a node that is used as a router stops forwarding packets due to being
> configured as a host.
Fixes a regression caused by 87a33c0740 (v256).
Fixes#37198.
This is analogous to #36123, but for Tun/Tap interfaces created by
systemd-networkd.
If a regular user account want to control a Tun/Tap interface, then
assign the interface to a system group, e.g., vpn, and add the user
to the group.
Closes#37279.
and ignore the settings if we cannot find the specified user/group.
This also replaces get_user_creds()/get_group_creds() with
userdb_by_name()/groupdb_by_name().
