This takes handling of chassis power and sleep keys as well as the lid
switch over from acpid.
This logic is enabled by default for power and sleep keys, but not for
the lid switch.
If a graphical session is in the foreground no action is taken under the
assumption that the graphical session does this.
In rescue mode let's not establish all sockets, so that we don't end up
starting a lot of additional services automatically.
Instead of pulling in basic.target we now only pull in sysinit.target
which pulls in local-fs.target and swap.target. That way rescue mode has
all the really basic setup around, but normal services are not started
and not autostarted either.
RequiresMountsFor= is a shortcut for adding requires and after
dependencies to all mount units neeed for the specified paths.
This solves a couple of issues regarding dep loop cycles for encrypted
swap.
Two of our current job types are special:
JOB_TRY_RESTART, JOB_RELOAD_OR_START.
They differ from other job types by being sensitive to the unit active state.
They perform some action when the unit is active and some other action
otherwise. This raises a question: when exactly should the unit state be
checked to make the decision?
Currently the unit state is checked when the job becomes runnable. It's more
sensible to check the state immediately when the job is added by the user.
When the user types "systemctl try-restart foo.service", he really intends
to restart the service if it's running right now. If it isn't running right
now, the restart is pointless.
Consider the example (from Bugzilla[1]):
sleep.service takes some time to start.
hello.service has After=sleep.service.
Both services get started. Two jobs will appear:
hello.service/start waiting
sleep.service/start running
Then someone runs "systemctl try-restart hello.service".
Currently the try-restart operation will block and wait for
sleep.service/start to complete.
The correct result is to complete the try-restart operation immediately
with success, because hello.service is not running. The two original
jobs must not be disturbed by this.
To fix this we introduce two new concepts:
- a new job type: JOB_NOP
A JOB_NOP job does not do anything to the unit. It does not pull in any
dependencies. It is always immediately runnable. When installed to a unit,
it sits in a special slot (u->nop_job) where it never conflicts with
the installed job (u->job) of a different type. It never merges with jobs
of other types, but it can merge into an already installed JOB_NOP job.
- "collapsing" of job types
When a job of one of the two special types is added, the state of the unit
is checked immediately and the job type changes:
JOB_TRY_RESTART -> JOB_RESTART or JOB_NOP
JOB_RELOAD_OR_START -> JOB_RELOAD or JOB_START
Should a job type JOB_RELOAD_OR_START appear later during job merging, it
collapses immediately afterwards.
Collapsing actually makes some things simpler, because there are now fewer
job types that are allowed in the transaction.
[1] Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=753586
We shouldn't hardcode the name of the NTP implementation in the
timedated mechanism, especially since Fedora currently switched from NTP
to chrony.
This patch introduces a new target that is enabled/disabled instead of
the actual NTP implementation. The various NTP implementations should
then add .wants/ symlinks to their services and BindTo back to the
target, so that their implementations are started/stopped jointly with
the target.
https://bugzilla.redhat.com/show_bug.cgi?id=815748
manager.c takes care of the main loop, unit management, signal handling, ...
transaction.c computes transactions.
After split:
manager.c: 65 KB
transaction.c: 40 KB
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
This extends the shutdownd interface to expose schedule shutdown
information in /run/systemd/shutdown/schedule.
This also cleans up the shutdownd protocol and documents it in a header
file sd-shutdown.h.
This is supposed to be used by client code that wants to control and
monitor scheduled shutdown.
This separates user/group NSS lookups from host/network NSS lookups.
By default order all network mounts after host/network NSS lookups now,
and logind execution after user/group NSS lookups.
This adds minimal hardware watchdog support to PID 1. The idea is that
PID 1 supervises and watchdogs system services, while the hardware
watchdog is used to supervise PID 1.
This adds two hardware watchdog configuration options, for the runtime
watchdog and for a shutdown watchdog. The former is active during normal
operation, the latter only at reboots to ensure that if a clean reboot
times out we reboot nonetheless.
If the runtime watchdog is enabled PID 1 will automatically wake up at
half the configured interval and write to the watchdog daemon.
By default we enable the shutdown watchdog, but leave the runtime
watchdog disabled in order not to break independent hardware watchdog
daemons people might be using.
This is only the most basic hookup. If necessary we can later on hook
up the watchdog ping more closely with services deemed crucial.
Especially in the case of --enable-split-usr, several units will point
to the wrong location for systemctl. Use @SYSTEMCTL@ which will always
contain the proper path.
This logic can be turned off by defining SD_JOURNAL_SUPPRESS_LOCATION
before including sd-journal.h.
This also saves/restores errno in all logging functions, in order to be
useful as logging calls without side-effects.
This also adds a couple of __unlikely__ around the early checks in the
logging calls, in order to minimize the runtime impact.
The default setups should be a stateless as possible. /tmp as tmpfs is
the intended default for general purpose systems.
Small temporary files should not be stored on disk; lager files, or
files which should potentially survive a reboot, belong into /var/tmp.
Also catch up with some good old UNIX history.
More details are here:
https://fedoraproject.org/wiki/Features/tmp-on-tmpfs
Since a number of distribitions don't need this compat glue anymore drop
it from systemd upstream. Distributions which still haven't converted
to /run can steal these unit files from the git history if they need to.
udisks2 doesn't use /media anymore, instead mounts removable media in a
user-private directory beneath /run. /media is hence mostly obsolete and
hence it makes little sense to continue to mount a tmpfs to it.
Distributions should consider dropping the mount point entirely since
nothing uses it anymore.
Let's make things a bit easier to type, drop the systemd- prefix for
journalctl and loginctl, but provide the old names for compat.
All systemd binaries are hence now prefixed with "systemd-" with the
exception of the three primary user interface binaries:
systemctl
loginctl
journalctl
For those three we do provide systemd-xyz names as well, via symlinks:
systemd-systemctl → systemctl
systemd-loginctl → loginctl
systemd-journalctl → journalctl
We do this only for the *primary* user tools, in order to avoid
unnecessary namespace problems. That means tools like systemd-notify
stay the way they are.
This is an S/MIME signed message
The new function ima_setup() loads an IMA custom policy from a file in the
default location '/etc/ima/ima-policy', if present, and writes it to the
path 'ima/policy' in the security filesystem. This function is executed
at early stage in order to avoid that some file operations are not measured
by IMA and it is placed after the initialization of SELinux because IMA
needs the latter (or other security modules) to understand LSM-specific
rules. This feature is enabled by default and can be disabled by providing
the option '--disable-ima' to the configure script.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This is an S/MIME signed message
The mount of the securityfs filesystem is now performed in the main systemd
executable as it is used by IMA to provide the interface for loading custom
policies. The unit file 'units/sys-kernel-security.mount' has been removed
because it is not longer necessary.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
we need to make sure that configuration data we expose via the bus ends
up in using getting an assert(). Even though configuration data is only
parsed from trusted sources we should be more careful with what we read.