Update NEWS

Fix typos, improve /dev exec/noexec description

NEWS

@@ -34,6 +34,37 @@ CHANGES WITH 248:
           allows the implementation of a service to provide key information
           dynamically, at the moment when it is needed.
 
+        * When the hostname is set explicitly to "localhost", systemd-hostnamed
+          will respect this. Previously such a setting would be mostly silently
+          ignored. The goal is to honour configuration as specified by the
+          user.
+
+        * The fallback hostname that will be used by the system manager and
+          systemd-hostnamed can now be configured in two new ways: by setting
+          DEFAULT_HOSTNAME= in os-release(5), or by setting
+          $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
+          also be configured during compilation. The environment variable is
+          intended for testing and local overrides, the os-release(5) field is
+          intended to allow customization by different variants of a
+          distribution that share the same compiled packages.
+
+        * The environment block of the manager itself may be configured through
+          a new ManagerEnvironment= setting in system.conf or user.conf. This
+          complements existing ways to set the environment block (the kernel
+          command line for the system manager, the inherited environment and
+          user@.service unit file settings for the user manager).
+
+        * systemd-hostnamed now exports the default hostname and the source of
+          the configured hostname ("static", "transient", or "default") as
+          D-Bus properties.
+
+        * systemd-hostnamed now exports the "HardwareVendor" and
+          "HardwareModel" D-Bus properties, which are supposed to contain a
+          pair of cleaned up, human readable strings describing the system's
+          vendor and model. It's typically sourced from the firmware's DMI
+          tables, but may be augmented from a new hwdb database. hostnamectl
+          shows this in the status output.
+
         * Support has been added to systemd-cryptsetup for extracting the
           PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
           metadata header. This allows the information how to open the
@@ -82,7 +113,12 @@ CHANGES WITH 248:
           ConditionCPUFeature=rdrand will condition a unit so that it is only
           run when the system CPU supports the RDRAND opcode.
 
-        * The tables of system calls in seccomps filters are now automatically
+        * The existing ConditionControlGroupController= setting has been
+          extended with two new values "v1" and "v2". "v2" means that the
+          unified v2 cgroup hierachy is used, and "v1" means that legacy v1
+          hierarchy or the hybrid hierarchy are used.
+
+        * The tables of system calls in seccomp filters are now automatically
           generated from kernel lists exported on
           https://fedora.juszkiewicz.com.pl/syscalls.html.
 
@@ -187,8 +223,10 @@ CHANGES WITH 248:
           as device properties under the /sys/class/dmi/id/ pseudo device.
 
         * /dev/ is not mounted noexec anymore. This didn't provide any
-          significant security benefits and would conflicts with the executable
+          significant security benefits and would conflict with the executable
-          mappings used with /dev/sgx device nodes.
+          mappings used with /dev/sgx device nodes. The previous behaviour can
+          be restored for individual services with NoExecPaths=/dev (or by allow-
+          listing and excluding /dev from ExecPaths=).
 
         * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
           and /dev/vhost-net are owned by the kvm group.
@@ -261,22 +299,6 @@ CHANGES WITH 248:
         * systemd-stdio-bridge gained --system/--user options to connect to the
           system bus (previous default) or the user session bus.
 
-        * When the hostname is set explicitly to "localhost", systemd-hostnamed
-          will respect this. Previously such a setting would be mostly silently
-          ignored. The goal is to honour configuration as specified by the
-          user.
-
-        * systemd-hostnamed now exports the default hostname and the source of
-          the configured hostname ("static", "transient", or "default") as
-          D-Bus properties.
-
-        * systemd-hostnamed now exports the "HardwareVendor" and
-          "HardwareModel" D-Bus properties, which are supposed to contain a
-          pair of cleaned up, human readable strings describing the system's
-          vendor and model. It's typically sourced from the firmware's DMI
-          tables, but may be augmented from a new hwdb database. hostnamectl
-          shows this in the status output.
-
         * systemd-localed may now call locale-gen to generate missing locales
           on-demand (UTF-8-only). This improves integration with Debian-based
           distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.

README

@@ -126,6 +126,9 @@ REQUIREMENTS:
         Required for systemd-nspawn:
           CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
 
+        Required for systemd-oomd:
+          CONFIG_PSI
+
         Note that kernel auditing is broken when used with systemd's
         container code. When using systemd in conjunction with
         containers, please make sure to either turn off auditing at

man/systemd.generator.xml

@@ -47,12 +47,13 @@
 
   <refsect1>
     <title>Description</title>
-    <para>Generators are small executables that live in
+    <para>Generators are small executables placed in <filename>&systemgeneratordir;/</filename> and other
-    <filename>&systemgeneratordir;/</filename> and other directories listed above.
+    directories listed above.
-    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will execute
-    will execute those binaries very early at bootup and at configuration reload time
+    these binaries very early at bootup and at configuration reload time — before unit files are
-    — before unit files are loaded. Their main purpose is to convert configuration
+    loaded. Their main purpose is to convert configuration that is not native to the service manager into
-    that is not native into dynamically generated unit files.</para>
+    dynamically generated unit files, symlinks or unit file drop-ins, so that they can extend the unit file
+    hierarchy the service manager subsequently loads and operates on.</para>
 
     <para>Each generator is called with three directory paths that are to be used for
     generator output. In these three directories, generators may dynamically generate
@@ -155,17 +156,15 @@
       </listitem>
 
       <listitem>
-        <para>Generators are run very early at boot and cannot rely on any external
+        <para>Generators are run very early at boot and cannot rely on any external services. They may not
-        services. They may not talk to any other process. That includes simple things
+        talk to any other process. That includes simple things such as logging to <citerefentry
-        such as logging to
+        project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>, or
-        <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+        <command>systemd</command> itself (this means: no
-        or <command>systemd</command> itself (this means: no
         <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)!
-        Non-essential file systems like <filename>/var/</filename> and
+        Non-essential file systems like <filename>/var/</filename> and <filename>/home/</filename> are
-        <filename>/home/</filename> are mounted after generators have run. Generators
+        mounted after generators have run. Generators can however rely on the most basic kernel functionality
-        can however rely on the most basic kernel functionality to be available,
+        to be available, as well as mounted <filename>/sys/</filename>, <filename>/proc/</filename>,
-        including a mounted <filename>/sys/</filename>, <filename>/proc/</filename>,
+        <filename>/dev/</filename>, <filename>/usr/</filename> and <filename>/run/</filename> file systems.
-        <filename>/dev/</filename>, <filename>/usr/</filename>.
         </para>
       </listitem>
 
@@ -176,12 +175,18 @@
       </listitem>
 
       <listitem>
-        <para>Generators should only be used to generate unit files and symlinks to
+        <para>Generators should only be used to generate unit files, <filename>.d/*.conf</filename> drop-ins
-        them, not any other kind of configuration. Due to the lifecycle logic
+        for them and symlinks to them, not any other kind of non-unit related configuration. Due to the
-        mentioned above, generators are not a good fit to generate dynamic
+        lifecycle logic mentioned above, generators are not a good fit to generate dynamic configuration for
-        configuration for other services. If you need to generate dynamic
+        other services. If you need to generate dynamic configuration for other services, do so in normal
-        configuration for other services, do so in normal services you order before
+        services you order before the service in question.</para>
-        the service in question.</para>
+
+        <para>Note that using the <varname>StandardInputData=</varname>/<varname>StandardInputText=</varname>
+        settings of service unit files (see
+        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>), it
+        is possible to make arbitrary input data (including daemon-specific configuration) part of the unit
+        definitions, which often might be sufficient to embed data or configuration for other programs into
+        unit files in a native fashion.</para>
       </listitem>
 
       <listitem>

man/systemd.xml

@@ -609,6 +609,24 @@
   <refsect1>
     <title>Environment</title>
 
+    <para>The environment block for the system manager is initially set by the kernel. (In particular,
+    <literal>key=value</literal> assignments on the kernel command line are returned into environment
+    variables for PID 1). For the user manager, the system manager sets the environment as described in the
+    "Environment Variables in Spawned Processes" section of
+    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
+    <varname>DefaultEnvironment=</varname> setting in the system manager applies to all services including
+    <filename>user@.service</filename>. Additional entries may be configured (as for any other service)
+    through the <varname>Environment=</varname> and <varname>EnvironmentFile=</varname> settings for
+    <filename>user@.service</filename> (see
+    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). Also,
+    additional environment variables may be set through the <varname>ManagerEnvironment=</varname> setting in
+    <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    and
+    <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    </para>
+
+    <para>Some of the variables understood by <command>systemd</command>:</para>
+
     <variablelist class='environment-variables'>
       <varlistentry>
         <term><varname>$SYSTEMD_LOG_COLOR</varname></term>
@@ -1090,12 +1108,11 @@
       only the options described below are understood. Nevertheless, <command>systemd</command> is usually
       started in this mode through the
       <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      service, which is shared between all users, and it may be more convenient to use configuration files to
+      service, which is shared between all users. It may be more convenient to use configuration files to
       modify settings (see
       <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
-      or a drop-in that specifies one of the environment variables listed above in the Environment section
+      or environment variables. See the "Environment" section above for a discussion of how the environment
-      (see the discussion of <varname>Environment=</varname> and <varname>EnvironmentFile=</varname> in
+      block is set.</para>
-      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
 
       <variablelist>
         <varlistentry>

src/boot/efi/stub.c

@@ -84,8 +84,14 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
                 if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS)
                         efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0);
 
-        /* if LoaderImageIdentifier is not set, assume the image with this stub was loaded directly from UEFI */
+        /* If LoaderImageIdentifier is not set, assume the image with this stub was loaded directly from the
-        if (efivar_get_raw(LOADER_GUID, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS) {
+         * UEFI firmware without any boot loader, and hence set the LoaderImageIdentifier ourselves. Note
+         * that some boot chain loaders neither set LoaderImageIdentifier nor make FilePath available to us,
+         * in which case there's simple nothing to set for us. (The UEFI spec doesn't really say who's wrong
+         * here, i.e. whether FilePath may be NULL or not, hence handle this gracefully and check if FilePath
+         * is non-NULL explicitly.) */
+        if (efivar_get_raw(LOADER_GUID, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS &&
+            loaded_image->FilePath) {
                 _cleanup_freepool_ CHAR16 *s;
 
                 s = DevicePathToStr(loaded_image->FilePath);

src/core/execute.c

@@ -3202,11 +3202,16 @@ static int apply_mount_namespace(
 
         if (MANAGER_IS_SYSTEM(u->manager)) {
                 propagate_dir = path_join("/run/systemd/propagate/", u->id);
-                if (!propagate_dir)
+                if (!propagate_dir) {
-                        return -ENOMEM;
+                        r = -ENOMEM;
+                        goto finalize;
+                }
+
                 incoming_dir = strdup("/run/systemd/incoming");
-                if (!incoming_dir)
+                if (!incoming_dir) {
-                        return -ENOMEM;
+                        r = -ENOMEM;
+                        goto finalize;
+                }
         }
 
         r = setup_namespace(root_dir, root_image, context->root_image_options,

src/core/main.c

@@ -700,26 +700,24 @@ static int parse_config_file(void) {
                 {}
         };
 
-        _cleanup_strv_free_ char **_free_files = NULL, **_free_dirs = NULL;
+        _cleanup_strv_free_ char **files = NULL, **dirs = NULL;
-
+        const char *suffix;
-        const char *const *files, *const *dirs, *suffix;
         int r;
 
-        if (arg_system) {
+        if (arg_system)
-                files = STRV_MAKE_CONST(PKGSYSCONFDIR "/system.conf");
-                dirs = (const char* const*) CONF_PATHS_STRV("systemd");
                 suffix = "system.conf.d";
-        } else {
+        else {
-                r = manager_find_user_config_paths(&_free_files, &_free_dirs);
+                r = manager_find_user_config_paths(&files, &dirs);
                 if (r < 0)
                         return log_error_errno(r, "Failed to determine config file paths: %m");
-                files = (const char* const*) _free_files;
+
-                dirs = (const char* const*) _free_dirs;
                 suffix = "user.conf.d";
         }
 
         (void) config_parse_many(
-                        files, dirs, suffix,
+                        (const char* const*) (files ?: STRV_MAKE(PKGSYSCONFDIR "/system.conf")),
+                        (const char* const*) (dirs ?: CONF_PATHS_STRV("systemd")),
+                        suffix,
                         "Manager\0",
                         config_item_table_lookup, items,
                         CONFIG_PARSE_WARN,

src/kernel-install/meson.build

@@ -4,7 +4,8 @@ want_kernel_install = get_option('kernel-install')
 
 if want_kernel_install
         install_data('kernel-install',
-                     install_mode : 'rwxr-xr-x')
+                     install_mode : 'rwxr-xr-x',
+                     install_dir : bindir)
 
         install_data('00-entry-directory.install',
                      '50-depmod.install',

src/libsystemd-network/icmp6-util.c

@@ -162,7 +162,7 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst,
         };
         struct cmsghdr *cmsg;
         struct in6_addr addr = {};
-        triple_timestamp t;
+        triple_timestamp t = {};
         ssize_t len;
 
         iov = IOVEC_MAKE(buffer, size);

src/resolve/resolved-dns-transaction.c

@@ -121,10 +121,10 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) {
                 }
 
                 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
-        }
 
-        if (t->id != 0)
+                if (t->id != 0)
-                hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
+                        hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
+        }
 
         while ((c = set_steal_first(t->notify_query_candidates)))
                 set_remove(c->transactions, t);

src/resolve/resolved-manager.c

@@ -548,7 +548,13 @@ static int manager_watch_hostname(Manager *m) {
 
         r = determine_hostname(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
         if (r < 0) {
-                log_info("Defaulting to hostname '%s'.", fallback_hostname());
+                _cleanup_free_ char *d = NULL;
+
+                d = fallback_hostname();
+                if (!d)
+                        return log_oom();
+
+                log_info("Defaulting to hostname '%s'.", d);
 
                 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
                 if (r < 0)

src/shared/bootspec.c

@@ -1033,6 +1033,16 @@ static int verify_fsroot_dir(
                                       SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
                                       "Block device node of \"%s\" is invalid.", path);
 
+        if (path_equal(path, "/")) {
+                /* Let's assume that the root directory of the OS is always the root of its file system
+                 * (which technically doesn't have to be the case, but it's close enough, and it's not easy
+                 * to be fully correct for it, since we can't look further up than the root dir easily.) */
+                if (ret_dev)
+                        *ret_dev = st.st_dev;
+
+                return 0;
+        }
+
         t2 = strjoina(path, "/..");
         if (stat(t2, &st2) < 0) {
                 if (errno != EACCES)
@@ -1048,10 +1058,7 @@ static int verify_fsroot_dir(
                         if (!parent)
                                 return log_oom();
 
-                        if (stat(parent, &st2) < 0)
+                        r = stat(parent, &st2) < 0 ? -errno : 0;
-                                r = -errno;
-                        else
-                                r = 0;
                 }
 
                 if (r < 0)

src/shared/dissect-image.c

@@ -2280,8 +2280,11 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
                 log_debug("No image name available, will skip extension-release metadata");
 
         for (; n_meta_initialized < _META_MAX; n_meta_initialized ++) {
-                if (!paths[n_meta_initialized])
+                if (!paths[n_meta_initialized]) {
+                        fds[2*n_meta_initialized] = fds[2*n_meta_initialized+1] = -1;
                         continue;
+                }
+
                 if (pipe2(fds + 2*n_meta_initialized, O_CLOEXEC) < 0) {
                         r = -errno;
                         goto finish;
@@ -2435,11 +2438,8 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
         strv_free_and_replace(m->extension_release, extension_release);
 
 finish:
-        for (k = 0; k < n_meta_initialized; k++) {
+        for (k = 0; k < n_meta_initialized; k++)
-                if (!paths[k])
-                        continue;
                 safe_close_pair(fds + 2*k);
-        }
 
         return r;
 }

src/shared/serialize.c

@@ -175,7 +175,7 @@ int deserialize_dual_timestamp(const char *value, dual_timestamp *t) {
 }
 
 int deserialize_environment(const char *value, char ***list) {
-        char *unescaped;
+        _cleanup_free_ char *unescaped = NULL;
         int r;
 
         assert(value);
@@ -187,9 +187,10 @@ int deserialize_environment(const char *value, char ***list) {
         if (r < 0)
                 return log_error_errno(r, "Failed to unescape: %m");
 
-        r = strv_env_replace_consume(list, unescaped);
+        r = strv_env_replace_consume(list, TAKE_PTR(unescaped));
         if (r < 0)
                 return log_error_errno(r, "Failed to append environment variable: %m");
+
         return 0;
 }
 

units/systemd-oomd.service.in

@@ -13,6 +13,10 @@ Documentation=man:systemd-oomd.service(8)
 DefaultDependencies=no
 Before=multi-user.target shutdown.target
 Conflicts=shutdown.target
+ConditionControlGroupController=v2
+ConditionPathExists=/proc/pressure/cpu
+ConditionPathExists=/proc/pressure/io
+ConditionPathExists=/proc/pressure/memory
 
 [Service]
 AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE

zanata.xml

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<config xmlns="http://zanata.org/namespace/config/">
-  <url>https://fedora.zanata.org/</url>
-  <project>systemd</project>
-  <project-version>master</project-version>
-  <project-type>gettext</project-type>
-  <src-dir>po</src-dir>
-  <trans-dir>po</trans-dir>
-</config>