socket-activate: Always send NOTIFY=ready

Even if we're not using --accept=, it's very useful to be able to synchronize on systemd-socket-activate having binded to its listen socket, so let's always send READY=1. This means the payload can't send READY=1 anymore but it's doubtful whether that's useful in this case in the first place.
Two trivial nspawn fixes (#38152 )
2025-10-08 13:14:45 +02:00 · 2025-07-10 16:19:46 +02:00 · 2025-07-10 16:19:18 +02:00 · 2025-07-10 16:18:33 +02:00 · 2025-07-10 16:18:10 +02:00 · 2025-07-10 16:14:52 +02:00
12 changed files with 27 additions and 252 deletions
--- a/4
+++ b/4
@ -338,7 +338,7 @@ CHANGES WITH 258 in spe:
          per-unit quota of the indicated per-unit directories. This is
          implemented via project quota, as supported by xfs and ext4. This
          does not support btrfs, currently. If quota accounting is enabled
-          this information is shown in the usual "systemct status" output.
+          this information is shown in the usual "systemctl status" output.
        * The service manager gained a new KillUnitSubgroup() syscall which may
          be used to send a signal to a sub-control group of the unit's control
@ -1208,7 +1208,7 @@ CHANGES WITH 258 in spe:
          when invoking transient units.
        * systemd-analyze gained a new "unit-shell" verb that invokes an
-          interactive shell inside the processes namespaces of the main process
+          interactive shell inside the namespaces of the main process
          of a specified unit. This is useful for debugging unit sandboxes, and
          getting an idea how things look like from the "inside" of a service.
--- a/shell-completion/zsh/_systemd-run
+++ b/shell-completion/zsh/_systemd-run
@ -31,225 +31,9 @@ __systemctl() {
 (( $+functions[_systemd-run_properties] )) ||
    _systemd-run_properties() {
-        local -a _properties=(
+        local -a _properties
-            # man/systemd.exec.xml
+        _properties=($( systemd-analyze transient-settings scope service 2>/dev/null |
-            ExecSearchPath=
+            while read -r p; do [ -z "$p" ] || echo "$p="; done ))
            WorkingDirectory=
            RootDirectory=
            RootImage=
            RootImageOptions=
            RootEphemeral=
            RootHash=
            RootHashSignature=
            RootVerity=
            RootImagePolicy=
            MountImagePolicy=
            ExtensionImagePolicy=
            MountAPIVFS=
            BindLogSockets=
            ProtectProc=
            ProcSubset=
            BindPaths=
            BindReadOnlyPaths=
            MountImages=
            ExtensionImages=
            ExtensionDirectories=
            User=
            Group=
            DynamicUser=
            SupplementaryGroups=
            SetLoginEnvironment=
            PAMName=
            CapabilityBoundingSet=
            AmbientCapabilities=
            NoNewPrivileges=
            SecureBits=
            SELinuxContext=
            AppArmorProfile=
            SmackProcessLabel=
            LimitCPU=
            LimitFSIZE=
            LimitDATA=
            LimitSTACK=
            LimitCORE=
            LimitRSS=
            LimitNOFILE=
            LimitAS=
            LimitNPROC=
            LimitMEMLOCK=
            LimitLOCKS=
            LimitSIGPENDING=
            LimitMSGQUEUE=
            LimitNICE=
            LimitRTPRIO=
            LimitRTTIME=
            UMask=
            CoredumpFilter=
            KeyringMode=
            OOMScoreAdjust=
            TimerSlackNSec=
            Personality=
            IgnoreSIGPIPE=
            Nice=
            CPUSchedulingPolicy=
            CPUSchedulingPriority=
            CPUSchedulingResetOnFork=
            CPUAffinity=
            NUMAPolicy=
            NUMAMask=
            IOSchedulingClass=
            IOSchedulingPriority=
            ProtectSystem=
            ProtectHome=
            RuntimeDirectory=
            StateDirectory=
            CacheDirectory=
            LogsDirectory=
            ConfigurationDirectory=
            RuntimeDirectoryMode=
            StateDirectoryMode=
            CacheDirectoryMode=
            LogsDirectoryMode=
            ConfigurationDirectoryMode=
            RuntimeDirectoryPreserve=
            TimeoutCleanSec=
            ReadWritePaths=
            ReadOnlyPaths=
            InaccessiblePaths=
            ExecPaths=
            NoExecPaths=
            TemporaryFileSystem=
            PrivateTmp=
            PrivateDevices=
            PrivateNetwork=
            NetworkNamespacePath=
            PrivateIPC=
            IPCNamespacePath=
            MemoryKSM=
            PrivatePIDs=
            PrivateUsers=
            ProtectHostname=
            ProtectClock=
            ProtectKernelTunables=
            ProtectKernelModules=
            ProtectKernelLogs=
            ProtectControlGroups=
            RestrictAddressFamilies=
            RestrictFileSystems=
            RestrictNamespaces=
            DelegateNamespaces=
            LockPersonality=
            MemoryDenyWriteExecute=
            RestrictRealtime=
            RestrictSUIDSGID=
            RemoveIPC=
            PrivateMounts=
            MountFlags=
            SystemCallFilter=
            SystemCallErrorNumber=
            SystemCallArchitectures=
            SystemCallLog=
            Environment=
            EnvironmentFile=
            PassEnvironment=
            UnsetEnvironment=
            StandardInput=
            StandardOutput=
            StandardError=
            StandardInputText=
            StandardInputData=
            LogLevelMax=
            LogExtraFields=
            LogRateLimitIntervalSec=
            LogRateLimitBurst=
            LogFilterPatterns=
            LogNamespace=
            SyslogIdentifier=
            SyslogFacility=
            SyslogLevel=
            SyslogLevelPrefix=
            TTYPath=
            TTYReset=
            TTYVHangup=
            TTYColumns=
            TTYRows=
            TTYVTDisallocate=
            LoadCredential=
            LoadCredentialEncrypted=
            ImportCredential=
            SetCredential=
            SetCredentialEncrypted=
            UtmpIdentifier=
            UtmpMode=
            # man/systemd.kill.xml
            KillMode=
            KillSignal=
            RestartKillSignal=
            SendSIGHUP=
            SendSIGKILL=
            FinalKillSignal=
            WatchdogSignal=
            # man/systemd.resource-control.xml
            CPUWeight=
            StartupCPUWeight=
            CPUQuota=
            CPUQuotaPeriodSec=
            AllowedCPUs=
            StartupAllowedCPUs=
            MemoryAccounting=
            MemoryMin=
            MemoryLow=
            StartupMemoryLow=
            DefaultStartupMemoryLow=
            MemoryHigh=
            StartupMemoryHigh=
            MemoryMax=
            StartupMemoryMax=
            MemorySwapMax=
            StartupMemorySwapMax=
            MemoryZSwapMax=
            StartupMemoryZSwapMax=
            MemoryZSwapWriteback=
            AllowedMemoryNodes=
            StartupAllowedMemoryNodes=
            TasksAccounting=
            TasksMax=
            IOAccounting=
            IOWeight=
            StartupIOWeight=
            IODeviceWeight=
            IOReadBandwidthMax=
            IOWriteBandwidthMax=
            IOReadIOPSMax=
            IOWriteIOPSMax=
            IODeviceLatencyTargetSec=
            IPAccounting=
            IPAddressAllow=
            IPAddressDeny=
            SocketBindAllow=
            SocketBindDeny=
            RestrictNetworkInterfaces=
            NFTSet=
            IPIngressFilterPath=
            IPEgressFilterPath=
            BPFProgram=
            DeviceAllow=
            DevicePolicy=
            Slice=
            Delegate=
            DelegateSubgroup=
            DisableControllers=
            ManagedOOMSwap=
            ManagedOOMMemoryPressure=
            ManagedOOMMemoryPressureLimit=
            ManagedOOMMemoryPressureDurationSec=
            ManagedOOMPreference=
            MemoryPressureWatch=
            MemoryPressureThresholdSec=
            CoredumpReceive=
        )
        _values 'NAME=VALUE' "${_properties[@]}"
    }
--- a/src/basic/escape.c
+++ b/src/basic/escape.c
@ -598,7 +598,7 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) {
        return str_realloc(buf);
 }
-char* quote_command_line(char **argv, ShellEscapeFlags flags) {
+char* quote_command_line(char * const *argv, ShellEscapeFlags flags) {
        _cleanup_free_ char *result = NULL;
        assert(argv);
--- a/src/basic/escape.h
+++ b/src/basic/escape.h
@ -65,4 +65,4 @@ char* escape_non_printable_full(const char *str, size_t console_width, XEscapeFl
 char* shell_escape(const char *s, const char *bad);
 char* shell_maybe_quote(const char *s, ShellEscapeFlags flags);
-char* quote_command_line(char **argv, ShellEscapeFlags flags);
+char* quote_command_line(char * const *argv, ShellEscapeFlags flags);
--- a/src/nspawn/nspawn-bind-user.c
+++ b/src/nspawn/nspawn-bind-user.c
@ -269,7 +269,10 @@ int bind_user_prepare(
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot bind user with no UID, refusing.");
                if (u->uid >= uid_shift && u->uid < uid_shift + uid_range)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "UID of user '%s' to map is already in container UID range, refusing.", u->user_name);
+                        return log_error_errno(
                                        SYNTHETIC_ERRNO(EINVAL),
                                        "UID "UID_FMT" of user '%s' to map is already in container UID range ("UID_FMT" - "UID_FMT"), refusing.",
                                        u->uid, u->user_name, uid_shift, uid_shift + uid_range);
                r = groupdb_by_gid(user_record_gid(u), /* match= */ NULL, USERDB_DONT_SYNTHESIZE_INTRINSIC|USERDB_DONT_SYNTHESIZE_FOREIGN, &g);
                if (r < 0)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -2485,7 +2485,7 @@ static int setup_credentials(const char *root) {
                if (fchmod(fd, world_readable ? 0444 : 0400) < 0)
                        return log_error_errno(errno, "Failed to adjust access mode of %s: %m", j);
-                if (arg_userns_mode != USER_NAMESPACE_NO)
+                if (in_child_chown())
                        if (fchown(fd, arg_uid_shift, arg_uid_shift) < 0)
                                return log_error_errno(errno, "Failed to adjust ownership of %s: %m", j);
        }
--- a/src/resolve/resolved-dns-question.c
+++ b/src/resolve/resolved-dns-question.c
@ -552,12 +552,3 @@ int dns_question_merge(DnsQuestion *a, DnsQuestion *b, DnsQuestion **ret) {
        *ret = TAKE_PTR(k);
        return 0;
 }
 bool dns_question_contains_key_type(DnsQuestion *q, uint16_t type) {
        DnsResourceKey *t;
        DNS_QUESTION_FOREACH(t, q)
                if (t->type == type)
                        return true;
        return false;
 }
--- a/src/resolve/resolved-dns-question.h
+++ b/src/resolve/resolved-dns-question.h
@ -57,8 +57,6 @@ static inline bool dns_question_isempty(DnsQuestion *q) {
 int dns_question_merge(DnsQuestion *a, DnsQuestion *b, DnsQuestion **ret);
 bool dns_question_contains_key_type(DnsQuestion *q, uint16_t type);
 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuestion*, dns_question_unref);
 #define _DNS_QUESTION_FOREACH(u, k, q)                                     \
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@ -764,11 +764,6 @@ DnsScopeMatch dns_scope_good_domain(
                if (!dns_scope_get_dns_server(s))
                        return DNS_SCOPE_NO;
                /* Route DS requests to the parent */
                const char *route_domain = domain;
                if (dns_question_contains_key_type(question, DNS_TYPE_DS))
                        (void) dns_name_parent(&route_domain);
                /* Always honour search domains for routing queries, except if this scope lacks DNS servers. Note that
                 * we return DNS_SCOPE_YES here, rather than just DNS_SCOPE_MAYBE, which means other wildcard scopes
                 * won't be considered anymore. */
@ -777,7 +772,7 @@ DnsScopeMatch dns_scope_good_domain(
                        if (!d->route_only && !dns_name_is_root(d->name))
                                has_search_domains = true;
-                        if (dns_name_endswith(route_domain, d->name) > 0) {
+                        if (dns_name_endswith(domain, d->name) > 0) {
                                int c;
                                c = dns_name_count_labels(d->name);
--- a/src/socket-activate/socket-activate.c
+++ b/src/socket-activate/socket-activate.c
@ -494,18 +494,15 @@ static int run(int argc, char **argv) {
        if (n == 0)
                return log_error_errno(SYNTHETIC_ERRNO(ENOENT), "No sockets to listen on specified or passed in.");
        /* Notify the caller that all sockets are open now. We only do this in --accept mode however,
         * since otherwise our process will be replaced and it's better to leave the readiness notify
         * to the actual payload. */
        _unused_ _cleanup_(notify_on_cleanup) const char *notify = NULL;
        if (arg_accept) {
                r = install_chld_handler();
                if (r < 0)
                        return r;
                notify = notify_start(NOTIFY_READY_MESSAGE, NOTIFY_STOPPING_MESSAGE);
        }
        /* Notify the caller that all sockets are open now. */
        _unused_ _cleanup_(notify_on_cleanup) const char *notify = notify_start(NOTIFY_READY_MESSAGE, NOTIFY_STOPPING_MESSAGE);
        for (;;) {
                struct epoll_event event;
--- a/src/vmspawn/vmspawn-util.h
+++ b/src/vmspawn/vmspawn-util.h
@ -27,6 +27,12 @@
 #  define ARCHITECTURE_SUPPORTS_SMM 0
 #endif
 #if defined(__x86_64__) || defined(__i386__)
 #  define ARCHITECTURE_SUPPORTS_HPET 1
 #else
 #  define ARCHITECTURE_SUPPORTS_HPET 0
 #endif
 #if defined(__x86_64__) || defined(__i386__)
 #  define QEMU_MACHINE_TYPE "q35"
 #elif defined(__arm__) || defined(__aarch64__) || defined(__riscv) || defined(__loongarch64)
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@ -1578,10 +1578,11 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                            "falling back to OVMF firmware blobs without Secure Boot support.");
        shm = arg_directory || arg_runtime_mounts.n_mounts != 0 ? ",memory-backend=mem" : "";
        const char *hpet = ARCHITECTURE_SUPPORTS_HPET ? ",hpet=off" : "";
        if (ARCHITECTURE_SUPPORTS_SMM)
-                machine = strjoin("type=" QEMU_MACHINE_TYPE ",smm=", on_off(ovmf_config->supports_sb), shm);
+                machine = strjoin("type=" QEMU_MACHINE_TYPE ",smm=", on_off(ovmf_config->supports_sb), shm, hpet);
        else
-                machine = strjoin("type=" QEMU_MACHINE_TYPE, shm);
+                machine = strjoin("type=" QEMU_MACHINE_TYPE, shm, hpet);
        if (!machine)
                return log_oom();
@ -1941,7 +1942,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                        return log_oom();
        }
-        if (arg_image || strv_length(arg_extra_drives) > 0) {
+        if (strv_length(arg_extra_drives) > 0) {
                r = strv_extend_many(&cmdline, "-device", "virtio-scsi-pci,id=scsi");
                if (r < 0)
                        return log_oom();
@ -1978,7 +1979,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                if (r < 0)
                        return log_oom();
-                r = strv_extend_many(&cmdline, "-device", "scsi-hd,drive=vmspawn,bootindex=1");
+                r = strv_extend_many(&cmdline, "-device", "virtio-blk-pci,drive=vmspawn,bootindex=1");
                if (r < 0)
                        return log_oom();
Author	SHA1	Message	Date
DaanDeMeyer	33a5cc768c	socket-activate: Always send NOTIFY=ready Even if we're not using --accept=, it's very useful to be able to synchronize on systemd-socket-activate having binded to its listen socket, so let's always send READY=1. This means the payload can't send READY=1 anymore but it's doubtful whether that's useful in this case in the first place.	2025-07-10 16:19:46 +02:00
Daan De Meyer	6a9cb1936f	Two trivial nspawn fixes (#38152 )	2025-07-10 16:19:18 +02:00
DaanDeMeyer	1f24a954e4	vmspawn: Use virtio-blk-pci for image instead of virtio-scsi-pci We don't need a full blown SCSI controller just to present the main root drive device to the VM. Let's simplify the storage stack by using virtio-blk-pci instead. Additionally, virtio-blk-pci is a builtin module in Arch and Fedora which means we can do qemu direct kernel boot without needing an initrd.	2025-07-10 16:18:33 +02:00
DaanDeMeyer	6ed684db41	escape: Make quote_command_line() argument const	2025-07-10 16:18:10 +02:00
DaanDeMeyer	8ba6c2b7f5	vmspawn: Disable hpet for vmspawn x86 virtual machines hpet is an emulated clocksource that is generally discouraged in favor of kvm-clock or tsc for virtual machines. While vmspawn's virtual machines already use kvm-clock, leaving hpet enabled causes qemu on the host to consume a non-trivial amount of cpu, so let's disable the hpet feature since we're not making use of it anyway.	2025-07-10 16:14:52 +02:00
Yu Watanabe	0b565facc4	Revert "resolve: query the parent zone for DS records" This reverts commit 49ff90c70debc59f5a52e5cec5a92507d9868b9d.	2025-07-10 15:18:07 +02:00
DaanDeMeyer	4f54d81ace	nspawn: Use in_child_chown() in one more place	2025-07-10 13:55:45 +02:00
DaanDeMeyer	6f60ce002b	nspawn: Improve log message	2025-07-10 13:55:43 +02:00
Eisuke Kawashima	dc6e9c548b	zsh-completion: generate completion for systemd-run from systemd-analyze continuation of #37641	2025-07-10 11:39:06 +02:00
Jörg Behrmann	693f11d5ba	news: fix typo	2025-07-10 10:23:28 +02:00