Compare commits
12 Commits
c6c132f707
...
ec3b85f469
| Author | SHA1 | Date |
|---|---|---|
Daan De Meyer
|
ec3b85f469 | |
|
Lennart Poettering
|
c8d45ebfd6 | |
|
Lennart Poettering
|
acc8bae0b3 | |
|
Lennart Poettering
|
a6d7cc74d6 | |
|
Luca Boccassi
|
d80d7a2f2a | |
|
Luca Boccassi
|
088793239e | |
|
Luca Boccassi
|
94a46c20da | |
|
Luca Boccassi
|
d6f4c96b10 | |
|
Luca Boccassi
|
9e51b12e13 | |
|
Daan De Meyer
|
45ce3cf8e7 | |
|
Daan De Meyer
|
ad4ad82924 | |
|
Daan De Meyer
|
8c1bff449c |
322
NEWS
322
NEWS
|
|
@ -103,37 +103,37 @@ CHANGES WITH 257 in spe:
|
|||
|
||||
libsystemd:
|
||||
|
||||
* systemd's JSON API is now available as public interface of libsystemd
|
||||
under the name "sd-json". The purpose of the library is to allow
|
||||
structures to be conveniently created in C code and serialized to
|
||||
JSON, and for JSON to be conveniently deserialized into in-memory
|
||||
structures, using callbacks to handle specific keys. Various data
|
||||
types like integers, floats, booleans, strings, UUIDs, base64-encoded
|
||||
and hex-encoded binary data, and arrays are supported natively. The
|
||||
library has been part of systemd for a while as internal component,
|
||||
and now being made publicly available, too. On major user of sd-json
|
||||
is the JSON interface sd-varlink (see below). Note that documentation
|
||||
on sd-json is very much incomplete for now, but the systemd codebase
|
||||
should provide plenty code real-life code examples.
|
||||
* systemd's JSON API is now available as public interface of
|
||||
libsystemd, under the name "sd-json". The purpose of the library is
|
||||
to allow structures to be conveniently created in C code and
|
||||
serialized to JSON, and for JSON to be conveniently deserialized into
|
||||
in-memory structures, using callbacks to handle specific
|
||||
keys. Various data types like integers, floats, booleans, strings,
|
||||
UUIDs, base64-encoded and hex-encoded binary data, and arrays are
|
||||
supported natively. The library has been part of systemd for a while
|
||||
as internal component, and is now made publicly available. One major
|
||||
user of sd-json is sd-varlink (see below). Note that the
|
||||
documentation of sd-json is very much incomplete for now, but the
|
||||
systemd codebase provides plenty real-life code examples.
|
||||
|
||||
* libsystemd's Varlink IPC API is now available as part of libsystemd
|
||||
* systemd's Varlink IPC API is now available as part of libsystemd,
|
||||
under the name "sd-varlink". This library is a C implementation of
|
||||
the Varlink IPC system (https://varlink.org/) that has been adopted
|
||||
by systemd for various interfaces. It relies on the sd-json JSON
|
||||
component, see above. Note that documentation on sd-varlink is very
|
||||
much incomplete for now, but the systemd codebase should provide
|
||||
plenty code real-life code examples.
|
||||
component, see above. Note that the documentation of sd-varlink is
|
||||
very much incomplete for now, but the systemd codebase provides
|
||||
plenty real-life code examples.
|
||||
|
||||
* sd-bus gained a new call sd_bus_pending_method_calls() which returns
|
||||
the number of currently open asynchronous method calls initiated on
|
||||
this connection towards peers.
|
||||
|
||||
* sd-device gained a new call sd_device_monitor_is_running() that
|
||||
returns whener the specified monitor object is already running. It
|
||||
returns whether the specified monitor object is already running. It
|
||||
also gained sd_device_monitor_get_fd(),
|
||||
sd_device_monitor_get_events(), sd_device_monitor_get_timeout() and
|
||||
sd_device_monitor_receive() to permit sd-device to run on a foreign
|
||||
event loop implementation. It also gained
|
||||
sd_device_monitor_receive() to permit sd-device to run on top of a
|
||||
foreign event loop implementation. It also gained
|
||||
sd_device_get_driver_subsystem() which returns the subsystem of
|
||||
driver objects. The new sd_device_get_device_id() call returns a
|
||||
short string identifying the device record.
|
||||
|
|
@ -148,8 +148,9 @@ CHANGES WITH 257 in spe:
|
|||
* Multipath TCP (MPTCP) is now supported as a socket protocol for
|
||||
.socket units.
|
||||
|
||||
* New /etc/fstab option x-systemd.wants= creates "Wants" dependencies.
|
||||
(This is similar to the previously available x-systemd.requires=.)
|
||||
* A new /etc/fstab option x-systemd.wants= creates "Wants="
|
||||
dependencies. (This is similar to the previously available
|
||||
x-systemd.requires=.)
|
||||
|
||||
* The initialization of the system clock during boot and updates has
|
||||
been simplified: both PID 1 or systemd-timesyncd will pick the latest
|
||||
|
|
@ -161,17 +162,17 @@ CHANGES WITH 257 in spe:
|
|||
shutdown, so that the user may use it to initiate a reboot if the
|
||||
system freezes otherwise.
|
||||
|
||||
* The new unit option PrivateUsers=identity can be used to request a
|
||||
user namespace with an identity mapping for the first 65536
|
||||
UIDs/GIDs. This is analogous to the systemd-nspawn's
|
||||
* The new value "identity" for the unit setting PrivateUsers= may be
|
||||
used to request a user namespace with an identity mapping for the
|
||||
first 65536 UIDs/GIDs. This is analogous to the systemd-nspawn's
|
||||
--private-users=identity.
|
||||
|
||||
* The new unit option PrivateTmp=disconnected can be used to specify
|
||||
that a separate tmpfs instance should be used for /tmp/ and /var/tmp/
|
||||
for the unit.
|
||||
* The new value "disconnected" for the unit setting PrivateTmp= may be
|
||||
used to specify that a separate tmpfs instance should be used for
|
||||
/tmp/ and /var/tmp/ for the unit.
|
||||
|
||||
* The manager (and various other tools too) use pidfds in more places
|
||||
to refer to processes.
|
||||
* The server manager (and various other tools too) use pidfds in more
|
||||
places to refer to processes.
|
||||
|
||||
* A build option -D link-executor-shared=false can be used to build
|
||||
the systemd-executor binary (added in a previous release) in a way
|
||||
|
|
@ -185,41 +186,41 @@ CHANGES WITH 257 in spe:
|
|||
execute.
|
||||
|
||||
* The systemd.machine_id= kernel command line parameter interpreted by
|
||||
PID 1 now supports an additional special value: if "firmware" is
|
||||
specified the machine ID is initialized from the SMBIOS/DeviceTree
|
||||
system UUID. (Previously this was already done in VM environments,
|
||||
this extends the concept to any system, but only on explicit request
|
||||
via this option.)
|
||||
PID 1 now supports an additional special value: if set to "firmware"
|
||||
the machine ID is initialized from the SMBIOS/DeviceTree system
|
||||
UUID. (Previously this was already done autmatically in VM
|
||||
environments, this extends the concept to any system, but only on
|
||||
explicit request via this option.)
|
||||
|
||||
* The ImportCredential= setting in service unit files now permits
|
||||
renaming credentials imported.
|
||||
renaming of credentials as they are imported.
|
||||
|
||||
* The RestartMode= gained a new "debug" setting. If specified and the
|
||||
service fails so that it shall be restarted it is invoked in
|
||||
* The RestartMode= setting gained a new "debug" value. If specified and
|
||||
the service fails so that it shall be restarted it is invoked in
|
||||
"debugging mode". Debugging mode means that the $DEBUG_INVOCATION
|
||||
environment variable will be set to "1" for the new
|
||||
invocation. Moreover, any setting LogLevelMax= will be temporarily
|
||||
changed to "debug" for the next invocation. This mode is useful to
|
||||
repeat invocation of tools if they fail but with additional logging
|
||||
or testing routines turned on.
|
||||
automatically repeat invocation of tools in case they fail – but with
|
||||
additional logging or testing routines enabled.
|
||||
|
||||
* A new service setting BindLogSockets= has been added that
|
||||
controls whether the AF_UNIX sockets required for logging shall be
|
||||
bind mounted to the mount sandbox allocated for the service.
|
||||
|
||||
* PID 1 will now optionally load a policy for the new Linux IPE LSM at
|
||||
boot.
|
||||
* At early boot, PID 1 will now optionally load a policy for the new
|
||||
Linux IPE LSM.
|
||||
|
||||
* Transient services (StartTransientUnit() D-Bus method) may now
|
||||
receive additional, arbitrary file descriptors to pass to executed
|
||||
service processes on activation using the new ExtraFileDescriptor=
|
||||
unit property.
|
||||
* Transient services (as invoked by the StartTransientUnit() D-Bus
|
||||
method) may now receive additional, arbitrary file descriptors to
|
||||
pass to executed service processes during activation using the new
|
||||
ExtraFileDescriptor= unit property.
|
||||
|
||||
* Calendar .timer units gained a new boolean DeferReactivation=
|
||||
option. If enabled and the repetitive calendar timer elapses again
|
||||
while the service the timer activates is still running, immediate
|
||||
reactivation once it finishes is skipped, and the timer has to elapse
|
||||
again before the service is reactivated.
|
||||
reactivation of the service once it finishes is skipped, and the
|
||||
timer has to elapse again before the service is reactivated.
|
||||
|
||||
* Generator processes invoked by the service manager will now receive a
|
||||
new environment variable $SYSTEMD_SOFT_REBOOTS_COUNT that indicates
|
||||
|
|
@ -245,10 +246,10 @@ CHANGES WITH 257 in spe:
|
|||
"strict" a new cgroup namespace is allocated for the service, and
|
||||
cgroupfs is mounted read-only for the service.
|
||||
|
||||
* The StateDirectory=, RuntimeDirectory=, CacheDirectory=, LogsDirectory=,
|
||||
and ConfigurationDirectory= settings gained support for configuring the
|
||||
respective directories as read-only, via a ':ro' flag that can be
|
||||
appended to each setting.
|
||||
* The StateDirectory=, RuntimeDirectory=, CacheDirectory=,
|
||||
LogsDirectory=, and ConfigurationDirectory= settings gained support
|
||||
for configuring the respective directories as read-only, via a ':ro'
|
||||
flag that can be appended to each setting's value.
|
||||
|
||||
* When DynamicUser= is combined with
|
||||
StateDirectory=/RuntimeDirectory=/CacheDirectory=/LogsDirectory= and
|
||||
|
|
@ -258,15 +259,15 @@ CHANGES WITH 257 in spe:
|
|||
chown()ing.
|
||||
|
||||
* A new service property PrivatePIDs= has been added that runs executed
|
||||
processes as PID 1 - the init process - within their own PID namespace.
|
||||
PrivatePIDs= also mounts /proc/ so only processes within the new PID
|
||||
namespace are visible.
|
||||
processes as PID 1 - the init process - within their own PID
|
||||
namespace. PrivatePIDs= also mounts /proc/ so only processes within
|
||||
the new PID namespace are visible.
|
||||
|
||||
systemd-udevd:
|
||||
|
||||
* udev rules now set 'uaccess' for /dev/udmabuf, giving locally
|
||||
logged-in users access to the hardware. This is necessary to support
|
||||
IPMI cameras with libcamera.
|
||||
logged-in users access to the hardware. This is useful in order to
|
||||
support IPMI cameras with libcamera.
|
||||
|
||||
* Serial port devices will no longer show up as systemd units, unless
|
||||
they have an IO port or memory assigned to them. This means that only
|
||||
|
|
@ -281,9 +282,9 @@ CHANGES WITH 257 in spe:
|
|||
searched for both on the interface's parent device (as before) and
|
||||
the device itself (new).
|
||||
|
||||
* Various USB hardware wallets have are now recognized by udev via a
|
||||
.hwdb file, and get the ID_HARDWARE_WALLET= property set, which
|
||||
enables "uaccess" for them, i.e. direct unprivileged access.
|
||||
* Various USB hardware wallets are now recognized by udev via a .hwdb
|
||||
file, and get the ID_HARDWARE_WALLET= property set, which enables
|
||||
"uaccess" for them, i.e. direct unprivileged access.
|
||||
|
||||
* udevadm info will now output the device ID string in lines prefixed
|
||||
with "J:", and the driver subsystem in lines prefixed with "B:".
|
||||
|
|
@ -293,8 +294,8 @@ CHANGES WITH 257 in spe:
|
|||
|
||||
systemd-logind:
|
||||
|
||||
* New DesignatedMaintenanceTime= configuration option allows
|
||||
shutdowns to be automatically scheduled at the specified time.
|
||||
* New DesignatedMaintenanceTime= configuration option allows shutdowns
|
||||
to be automatically scheduled at the specified time.
|
||||
|
||||
* logind now reacts to Ctrl-Alt-Shift-Esc being pressed. It will send
|
||||
out a org.freedesktop.login1.SecureAttentionKey signal, indicating a
|
||||
|
|
@ -308,8 +309,8 @@ CHANGES WITH 257 in spe:
|
|||
session switches away.
|
||||
|
||||
* systemd-logind now exposes two D-Bus properties CanLock and CanIdle
|
||||
for all sessions that indicate whether the session's class supports
|
||||
screen locking and idle detection.
|
||||
for all sessions. These properties indicate whether the session's
|
||||
class supports screen locking and idleness detection.
|
||||
|
||||
* systemd-inhibit now allows interactive polkit authorization. It
|
||||
gained a --no-ask-password option to suppress it.
|
||||
|
|
@ -320,12 +321,13 @@ CHANGES WITH 257 in spe:
|
|||
Machines started via the systemd-vmspawn@.service unit will now be
|
||||
registered with systemd-machined.
|
||||
|
||||
* systemd-machined gained a pretty complete set of Varlink interfaces
|
||||
to its functionality as alternative to the existing D-Bus interface.
|
||||
* systemd-machined gained a pretty complete set of Varlink APIs
|
||||
exposing its functionality. This is an alternative to the
|
||||
pre-existing D-Bus interface.
|
||||
|
||||
systemd-resolved:
|
||||
|
||||
* resolvconf command now supports '-p' switch. If specified, the
|
||||
* The resolvconf command now supports '-p' switch. If specified, the
|
||||
interface will not be used as the default route for domain name
|
||||
lookups.
|
||||
|
||||
|
|
@ -337,11 +339,11 @@ CHANGES WITH 257 in spe:
|
|||
* IPv6 address labels can be configured in a new [IPv6AddressLabel]
|
||||
section with Prefix= and Label= settings.
|
||||
|
||||
* 'networkctl edit' can now read the new contents from standard input
|
||||
with the new --stdin option.
|
||||
* 'networkctl edit' can now read the new file contents from standard
|
||||
input with the new --stdin option.
|
||||
|
||||
* 'networkctl edit' and 'cat' now supports editing .netdev files by
|
||||
link. 'networkctl cat' can also list all configuration files
|
||||
* 'networkctl edit' and 'cat' now support editing/showing .netdev files
|
||||
by link. 'networkctl cat' can also list all configuration files
|
||||
associated with an interface at once with ':all'.
|
||||
|
||||
* networkctl gained a --no-ask-password option to suppress interactive
|
||||
|
|
@ -350,7 +352,7 @@ CHANGES WITH 257 in spe:
|
|||
* "mac" has been added to the default AlternativeNamesPolicy= setting
|
||||
for network links (via 99-default.link). This means "enx*" interface
|
||||
names will now be added to the list of alternative interface names by
|
||||
default for all interfaces that have a MAC address assigned to them
|
||||
default, for all interfaces that have a MAC address assigned
|
||||
by hardware.
|
||||
|
||||
* networkd .netdev bridge devices gained a new setting FDBMaxLearned=
|
||||
|
|
@ -365,18 +367,18 @@ CHANGES WITH 257 in spe:
|
|||
thus highlighting conflict of ownership/management of these knobs.
|
||||
|
||||
* systemd-networkd will now make RFC9463 DNR fields available to
|
||||
systemd-resolved, for automatic DoT configuration, and similar.
|
||||
systemd-resolved, for automatic DNS DoT configuration, and similar.
|
||||
|
||||
systemd-boot, systemd-stub, and related tools:
|
||||
|
||||
* The EFI stub now supports loading of .ucode sections with microcode
|
||||
from PE add-on files. It now also supports loading .initrd sections
|
||||
from PE add-on files. It also now supports loading .initrd sections
|
||||
from PE add-on files.
|
||||
|
||||
* A new .profile PE section type is now documented and supported in
|
||||
systemd-measure, ukify, systemd-stub and systemd-boot. Those new
|
||||
systemd-measure, ukify, systemd-stub and systemd-boot. These new
|
||||
sections allow multiple "profiles" to be stored together in the UKI,
|
||||
with .profile sections creating groupings of sections in the UKI,
|
||||
where each .profile section creates groupings of sections in the UKI,
|
||||
allowing some sections to be shared and other sections like .cmdline
|
||||
or .initrd unique to the profile. This may be used to provide a
|
||||
single UKI that synthesizes multiple menu items in the boot menu (for
|
||||
|
|
@ -389,10 +391,10 @@ CHANGES WITH 257 in spe:
|
|||
can contain multiple .dtbauto sections, and the 'compatible' string
|
||||
therein will be compared with the equivalent field in the DTB
|
||||
provided by the firmware, if present. If absent, SMBIOS will be used
|
||||
to calculate hardware IDs and compare them with the content of
|
||||
.hwids. This allows including multiple DTBs in a single UKI, with
|
||||
the bootloader automatically selecting the correct one for the
|
||||
current hardware.
|
||||
to calculate hardware IDs (CHIDs) and look them up in the content of
|
||||
.hwids, hopefully revealing an fallback 'compatible' string. This
|
||||
allows including multiple DTBs in a single UKI, with systemd-stub
|
||||
automatically loading the correct one for the current hardware.
|
||||
|
||||
* ukify gained an --extend switch to import an existing UKI to
|
||||
be extended, and a --measure-base= switch to support measurement
|
||||
|
|
@ -405,25 +407,26 @@ CHANGES WITH 257 in spe:
|
|||
|
||||
* systemd-stub will report the partition UUID and image identifier its
|
||||
UKI executable is placed on separately from the data systemd-boot
|
||||
provides about where to find its own executable. This is useful when
|
||||
systemd-boot and UKIs are placed on distinct partitions (i.e. ESP and
|
||||
XBOOTLDR).
|
||||
provides about where to find its own executable, via EFI
|
||||
variables. This is useful when systemd-boot and UKIs are placed on
|
||||
distinct partitions (i.e. ESP and XBOOTLDR).
|
||||
|
||||
* bootctl --print-loader-path and --print-stub-path that output the
|
||||
path to the boot loader or UKI used for the current boot.
|
||||
* bootctl gained new switches --print-loader-path and --print-stub-path
|
||||
that output the path to the boot loader or UKI used for the current
|
||||
boot.
|
||||
|
||||
* bootctl kernel-identify now supports identifying EFI add-ons.
|
||||
* bootctl kernel-identify now recognizes EFI add-ons.
|
||||
|
||||
* bootctl gained a --random-seed=yes|no option to control provisioning
|
||||
of the random seed file in ESP. (This is useful when producing an
|
||||
image that will be used multiple times.)
|
||||
of the random seed file in the ESP. (This is useful when producing an
|
||||
image that will be used in multiple instances.)
|
||||
|
||||
* bootctl now optionally supports installing UEFI Secure Boot databases
|
||||
(ESLs) for systemd-boot to pick up and automatically enroll if the
|
||||
system is booted in Setup Mode. This is controlled via bootctl's new
|
||||
--secure-boot-auto-enroll=yes switch (and some auxiliary ones). A
|
||||
certificate can be provided in DER format, and it is automatically
|
||||
converted into an ESL, as needed.
|
||||
(i.e. db/dbx/… databases in ESL format) for systemd-boot to pick up
|
||||
and automatically enroll if the system is booted in Setup Mode. This
|
||||
is controlled via bootctl's new --secure-boot-auto-enroll=yes switch
|
||||
(and some auxiliary ones). A certificate can be provided in DER
|
||||
format, and is automatically converted into an ESL, as needed.
|
||||
|
||||
* bootctl, systemd-measure, systemd-repart when referencing signing
|
||||
keys on OpenSSL engines may now query for PINs and similar via
|
||||
|
|
@ -431,9 +434,9 @@ CHANGES WITH 257 in spe:
|
|||
caching and UI).
|
||||
|
||||
* A new systemd-sbsign tool has been added, that can be used to sign
|
||||
EFI binaries (PE). This tool supports OpenSSL engines and providers,
|
||||
with pin caching support for PKCS11. ukify supports it as an
|
||||
alternative to sbsigntool and pesign.
|
||||
EFI binaries (PE) for Secure Boot. This tool supports OpenSSL engines
|
||||
and providers, with pin caching support for PKCS11. ukify supports it
|
||||
as an alternative to sbsigntool and pesign.
|
||||
|
||||
The journal:
|
||||
|
||||
|
|
@ -468,22 +471,22 @@ CHANGES WITH 257 in spe:
|
|||
and AppStream metadata.
|
||||
|
||||
* Transfer definitions for systemd-sysupdate are supposed to carry the
|
||||
".transfer" suffix now, changing from ".conf". The latter is
|
||||
supported for compatibility too, but it's recommended to rename all
|
||||
files reflecting this suffix change.
|
||||
".transfer" suffix now, changing from ".conf". The latter remains
|
||||
supported for compatibility, but it's recommended to rename all files
|
||||
reflecting this suffix change.
|
||||
|
||||
* systemd-sysupdate now supports a new ".feature" files that may be
|
||||
* systemd-sysupdate now supports new ".feature" files that may be
|
||||
used in conjunction with ".transfer" files to group them together, and
|
||||
allow them to be turned off or on, individually per group.
|
||||
|
||||
TPM & systemd-cryptsetup:
|
||||
|
||||
* The 'tpm2' verb which lists usable TPM2 devices has been moved from
|
||||
systemd-creds to systemd-analyze.
|
||||
* The 'has-tpm2' verb which reports whether TPM2 functionality is
|
||||
available has been moved from systemd-creds to systemd-analyze.
|
||||
|
||||
* systemd-tpm2-setup will gracefully handle TPMs that have a PIN set on
|
||||
the TPM, and not automatically set up a Storage Root Key (SRK) in
|
||||
that case.
|
||||
the TPM, and not attempt to automatically set up a Storage Root Key
|
||||
(SRK) in that case.
|
||||
|
||||
* New crypttab option password-cache=yes|no|read-only can be used to
|
||||
customize password caching.
|
||||
|
|
@ -525,7 +528,7 @@ CHANGES WITH 257 in spe:
|
|||
start the specified executable on the remote side, and communicate
|
||||
with the remote process using the Varlink protocol.
|
||||
|
||||
"ssh:" address specification has been renamed to "ssh-unix:"
|
||||
The "ssh:" address specification has been renamed to "ssh-unix:"
|
||||
(reflecting the fact it is used to connect to a remote AF_UNIX socket
|
||||
via SSH). The old syntax is still supported for backwards
|
||||
compatibility.
|
||||
|
|
@ -546,7 +549,8 @@ CHANGES WITH 257 in spe:
|
|||
to enable internal compression in filesystems created offline.
|
||||
|
||||
* systemd-repart understands a new MakeSymlinks= option to create one
|
||||
or more symlinks (each specified as a symlink name and target).
|
||||
or more symlinks (each specified as a symlink name and target) within
|
||||
a newly formatted file system.
|
||||
|
||||
* systemd-repart gained a new SupplementFor= setting that allows
|
||||
allocating a partition only if some other existing partition cannot
|
||||
|
|
@ -559,15 +563,15 @@ CHANGES WITH 257 in spe:
|
|||
|
||||
systemd-ssh-proxy:
|
||||
|
||||
* systemd-ssh-proxy now also supports the "VSOCK MUX" protocol used by
|
||||
CloudHypervisor/Firecracker to expose AF_VSOCK sockets of the VM on
|
||||
the host. Or in other words: it's now possible to directly connect to
|
||||
ssh via AF_VSOCK from hosts to VMs of these two hypervisors
|
||||
(previously this was only supported for hypervisors which expose
|
||||
AF_VSOCK on the host as AF_VSOCK, such as qemu).
|
||||
* systemd-ssh-proxy now also supports the AF_UNIX-based "VSOCK MUX"
|
||||
protocol used by CloudHypervisor/Firecracker to expose AF_VSOCK
|
||||
sockets of the VM on the host. Or in other words: it's now possible
|
||||
to directly connect to ssh via AF_VSOCK from hosts to VMs of these
|
||||
two hypervisors (previously this was only supported for hypervisors
|
||||
which expose AF_VSOCK on the host as AF_VSOCK, such as qemu).
|
||||
|
||||
* systemd-ssh-proxy can now reference local VMs by their name: connect
|
||||
to any local VM "foobar" registered with machined via "ssh
|
||||
to any local VM "foobar" registered with systemd-machined via "ssh
|
||||
machine/foobar" using the AF_VSOCK protocol.
|
||||
|
||||
systemd-analyze:
|
||||
|
|
@ -591,7 +595,6 @@ CHANGES WITH 257 in spe:
|
|||
|
||||
* 'busctl monitor' gained new options --limit-messages= and --timeout=
|
||||
to set the number of matches or limit the runtime of the command.
|
||||
This is intended to be used in scripts.
|
||||
|
||||
* busctl now supports doing method calls with embedded unix file
|
||||
descriptors.
|
||||
|
|
@ -609,9 +612,9 @@ CHANGES WITH 257 in spe:
|
|||
|
||||
systemd-importd:
|
||||
|
||||
* A new generator sytemd-import-generator has been added to
|
||||
synthetisize image download jobs. This provides functionality similar
|
||||
to importctl, but configured via the kernel command line and system
|
||||
* A new generator sytemd-import-generator has been added to synthesize
|
||||
image download jobs. This provides functionality similar to
|
||||
importctl, but is configured via the kernel command line and system
|
||||
credentials. It may be used to automatically download sysext,
|
||||
confext, portable service, nspawn container or vmspawn VM images at
|
||||
boot.
|
||||
|
|
@ -640,6 +643,32 @@ CHANGES WITH 257 in spe:
|
|||
systemd-homed to allow users to change selected properties of their
|
||||
own user records.
|
||||
|
||||
systemd-run & run0:
|
||||
|
||||
* run0 gained a new pair of settings --pty and --pipe that control
|
||||
whether to invoke the specified binary on a freshly allocated pseudo
|
||||
TTY, or whether to pass the client's STDIN/STDOUT/STDERR through
|
||||
directly.
|
||||
|
||||
* run0 gained a new switch --shell-prompt-prefix= that permits passing
|
||||
in a string to display on each shell prompt as prefix. If not
|
||||
specified otherwise this will show a superhero emoji (🦸), in order
|
||||
to visually communicate the temporarily elevated privileges a run0
|
||||
session provides. This makes use of the $SHELL_PROMPT_PREFIX
|
||||
environment variables mentioned below.
|
||||
|
||||
* systemd-run can output some of its runtime data in JSON format via
|
||||
the new --json= option.
|
||||
|
||||
systemd-tmpfiles:
|
||||
|
||||
* systemd-tmpfiles --purge switch now requires specification of at
|
||||
least one tmpfiles.d/ drop-in file.
|
||||
|
||||
* tmpfiles.d/ files gained a new '?' specifier for the 'L' line type to
|
||||
create a symlink only if the source exists, and gracefully skip the
|
||||
line otherwise.
|
||||
|
||||
Miscellaneous:
|
||||
|
||||
* systemctl now supports the --now option with the 'reenable' verb.
|
||||
|
|
@ -654,21 +683,13 @@ CHANGES WITH 257 in spe:
|
|||
* localectl gained a -l/--full option to show output without
|
||||
ellipsization.
|
||||
|
||||
* systemd-run can output some data as JSON via the new --json= option.
|
||||
|
||||
* timedatectl now supports interactive polkit authorization.
|
||||
|
||||
* systemd-tmpfiles --purge switch now requires specification of at
|
||||
least one tmpfiles.d/ drop-in file.
|
||||
|
||||
* tmpfiles.d gained a new '?' specifier for the 'L' type to create a
|
||||
symlink only if the source exists, and gracefully skip otherwise.
|
||||
|
||||
* The new Linux mseal(), listmount(), statmount() syscalls have been
|
||||
added to relevant system call groups.
|
||||
|
||||
* The systemd-ask-password concept has been extended with a per-user
|
||||
concept, i.e. user programs may now ask for passwords via the same
|
||||
* The systemd-ask-password logic has been extended with a per-user
|
||||
scope, i.e. user programs may now ask for passwords via the same
|
||||
mechanism and the previously system-wide only mechanism.
|
||||
|
||||
* A new set of system/service credentials are added:
|
||||
|
|
@ -681,17 +702,8 @@ CHANGES WITH 257 in spe:
|
|||
useful to visually highlight the fact a specific shell prompt
|
||||
originates from a specific system, execution context or tool. These
|
||||
credentials and environment variables are supposed to be generically
|
||||
useful within and outside of the immediate systemd context.
|
||||
|
||||
* run0 gained a new pair of settings --pty and --pipe that control
|
||||
whether to invoke the specified binary on a freshly allocated pseudo
|
||||
TTY, or whether to pass the client's STDIN/STDOUT/STDERR through
|
||||
directly. run0 also gained a new switch --shell-prompt-prefix= that
|
||||
permits passing in a string to display on each shell prompt as
|
||||
prefix. If not specified otherwise this will show a superman emoji
|
||||
(🦸), in order to visually communicate the temporarily elevated
|
||||
privileges a run0 session provides. This makes use of the
|
||||
$SHELL_PROMPT_PREFIX environment variables mentioned above.
|
||||
useful within and outside of the immediate systemd context. It is
|
||||
also used by 'run0', see above.
|
||||
|
||||
* New RELEASE_TYPE=, EXPERIMENT=, EXPERIMENT_URL= fields have been
|
||||
defined for the /etc/os-release file. For example,
|
||||
|
|
@ -718,28 +730,28 @@ CHANGES WITH 257 in spe:
|
|||
https://github.com/microsoft/terminal/pull/8055
|
||||
https://conemu.github.io/en/AnsiEscapeCodes.html#ConEmu_specific_OSC
|
||||
|
||||
* systemd-sysusers is now able to create fully locked accounts. For
|
||||
compatibility it so far created accounts with a locked (i.e. invalid)
|
||||
password, but not marked locked as a whole. With the new "!" modifier
|
||||
for "u" lines, it is now possible to create fully locked
|
||||
accounts. The distinction between accounts with a locked password and
|
||||
fully locked accounts is relevant when considering non-password forms
|
||||
of authentication, i.e. SSH and such. It is strongly recommended to
|
||||
make use of this new feature for almost all system accounts, since
|
||||
they usually do not require (and should not permit) interactive
|
||||
logins. All of systemd's own system users have been changed to be
|
||||
marked as fully locked.
|
||||
* systemd-sysusers is now able to create fully locked user
|
||||
accounts. For compatibility it so far created accounts with a locked
|
||||
(i.e. invalid) password, but not marked locked as a whole. With the
|
||||
new "!" modifier for "u" lines, it is now possible to create fully
|
||||
locked accounts. The distinction between accounts with a locked
|
||||
password and fully locked accounts is relevant when considering
|
||||
non-password forms of authentication, i.e. SSH and such. It is
|
||||
strongly recommended to make use of this new feature for almost all
|
||||
system accounts, since they usually do not require (and should not
|
||||
permit) interactive logins. All of systemd's own system users have
|
||||
been changed to be marked as fully locked.
|
||||
|
||||
* systemd-coredump now supports a new EnterNamespace= option, which
|
||||
defaults to off. If enabled systemd-coredump will access the mount
|
||||
namespace of any crashed process to acquire debug symbol information,
|
||||
in order to be able to symbolized backtraces. This option is useful
|
||||
to improve backtraces of processes of containerized
|
||||
applications. (Note that the host systemd-coredump preferably
|
||||
dispatches coredump processing to the container itself, if it
|
||||
supports that. Only full-OS containers which run systemd inside will
|
||||
support this however, in which case EnterNamespace= might be an
|
||||
alternative approach to acquire symbolized backtraces.)
|
||||
in order to be able to symbolize backtraces. This option is useful to
|
||||
improve backtraces of processes of containerized applications. (Note
|
||||
that the host systemd-coredump preferably dispatches coredump
|
||||
processing to the container itself, if it supports that. Only full-OS
|
||||
containers which run systemd inside will support this however, in
|
||||
other cases EnterNamespace= might be an suitable approach to acquire
|
||||
symbolized backtraces.)
|
||||
|
||||
Contributions from: A. Wilcox, Abderrahim Kitouni, Adrian Vovk,
|
||||
Alain Greppin, Allison Karlitskaya, Alyssa Ross, Anders Jonsson,
|
||||
|
|
|
|||
6
TODO
6
TODO
|
|
@ -129,6 +129,12 @@ Deprecations and removals:
|
|||
|
||||
Features:
|
||||
|
||||
* machined: when registering a machine, also take a relative cgroup path,
|
||||
relative to the machine's unit. This is useful when registering unpriv
|
||||
machines, as they might sit down the cgroup tree, below a cgroup delegation
|
||||
boundary. Then, install an inotify watch on that cgroup to track when the
|
||||
machine's local cgroup goes down.
|
||||
|
||||
* resolved: report ttl in resolution replies if we know it. This data is useful
|
||||
for tools such as wireguard which want to periodically re-resolve DNS names,
|
||||
and might want to use the TTL has hint for that.
|
||||
|
|
|
|||
|
|
@ -15,18 +15,19 @@ SPDX-License-Identifier: LGPL-2.1-or-later
|
|||
6. [RC1] Update library numbers in `meson.build`
|
||||
7. Update version number in `meson.version` (e.g. from `256~devel` to `256~rc1` or from `256~rc3` to `256`). Note that this uses a tilde (\~) instead of a hyphen (-) because tildes sort lower in version comparisons according to the [version format specification](https://uapi-group.org/specifications/specs/version_format_specification/), and we want `255~rc1` to sort lower than `255`.
|
||||
8. Check dbus docs with `ninja -C build update-dbus-docs`
|
||||
9. Update translation strings (`ninja -C build systemd-pot`, `ninja -C build systemd-update-po`) - drop the header comments from `systemd.pot` + re-add SPDX before committing. If the only change in a file is the 'POT-Creation-Date' field, then ignore that file.
|
||||
10. Tag the release: `version="v$(sed 's/~/-/g' meson.version)" && git tag -s "${version}" -m "systemd ${version}"` (tildes are replaced with hyphens, because git doesn't accept the former).
|
||||
11. Do `ninja -C build`
|
||||
12. Make sure that the version string and package string match: `build/systemctl --version`
|
||||
13. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
|
||||
14. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
|
||||
15. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
|
||||
16. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released | Online resources https://systemd.io/`)
|
||||
17. [FINAL] Create an empty -stable branch: `git push systemd origin/main:refs/heads/v${version}-stable`.
|
||||
18. [FINAL] Build and upload the documentation (on the -stable branch): `ninja -C build doc-sync`
|
||||
9. Check manpages list with `ninja -C build update-man-rules`
|
||||
10. Update translation strings (`ninja -C build systemd-pot`, `ninja -C build systemd-update-po`) - drop the header comments from `systemd.pot` + re-add SPDX before committing. If the only change in a file is the 'POT-Creation-Date' field, then ignore that file.
|
||||
11. Tag the release: `version="v$(sed 's/~/-/g' meson.version)" && git tag -s "${version}" -m "systemd ${version}"` (tildes are replaced with hyphens, because git doesn't accept the former).
|
||||
12. Do `ninja -C build`
|
||||
13. Make sure that the version string and package string match: `build/systemctl --version`
|
||||
14. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
|
||||
15. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
|
||||
16. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
|
||||
17. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released | Online resources https://systemd.io/`)
|
||||
18. [FINAL] Create an empty -stable branch: `git push systemd origin/main:refs/heads/v${version}-stable`.
|
||||
19. [FINAL] Build and upload the documentation (on the -stable branch): `ninja -C build doc-sync`
|
||||
20. [FINAL] Change the Github Pages branch to the newly created branch (https://github.com/systemd/systemd/settings/pages) and set the 'Custom domain' to 'systemd.io'
|
||||
21. [FINAL] Update version number in `meson.version` to the devel version of the next release (e.g. from `v256` to `v257~devel`)
|
||||
21. [FINAL] Update version number in `meson.version` to the devel version of the next release (e.g. from `256` to `257~devel`)
|
||||
|
||||
# Steps to a Successful Stable Release
|
||||
|
||||
|
|
|
|||
|
|
@ -1069,6 +1069,7 @@ manpages = [
|
|||
'ENABLE_RFKILL'],
|
||||
['systemd-run-generator', '8', [], ''],
|
||||
['systemd-run', '1', [], ''],
|
||||
['systemd-sbsign', '1', [], ''],
|
||||
['systemd-sleep.conf', '5', ['sleep.conf.d'], ''],
|
||||
['systemd-socket-activate', '1', [], ''],
|
||||
['systemd-socket-proxyd', '8', [], ''],
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term>
|
||||
<term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME<replaceable>]</option></term>
|
||||
<term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
|
||||
<term><option>--certificate=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
<listitem><para>Set the Secure Boot private key and certificate for use with the
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include "macro.h"
|
||||
#include "version.h"
|
||||
|
||||
extern const char* const systemd_features;
|
||||
|
||||
#define PROJECT_VERSION_STR STRINGIFY(PROJECT_VERSION)
|
||||
|
||||
int version(void);
|
||||
|
|
|
|||
|
|
@ -3,13 +3,18 @@
|
|||
#include "sd-varlink.h"
|
||||
|
||||
#include "core-varlink.h"
|
||||
#include "format-util.h"
|
||||
#include "json-util.h"
|
||||
#include "manager-json.h"
|
||||
#include "mkdir-label.h"
|
||||
#include "strv.h"
|
||||
#include "unit-json.h"
|
||||
#include "user-util.h"
|
||||
#include "varlink-internal.h"
|
||||
#include "varlink-serialize.h"
|
||||
#include "varlink-io.systemd.UserDatabase.h"
|
||||
#include "varlink-io.systemd.ManagedOOM.h"
|
||||
#include "varlink-io.systemd.Manager.h"
|
||||
#include "varlink-util.h"
|
||||
|
||||
typedef struct LookupParameters {
|
||||
|
|
@ -22,6 +27,11 @@ typedef struct LookupParameters {
|
|||
const char *service;
|
||||
} LookupParameters;
|
||||
|
||||
typedef struct DescribeUnitsParameters {
|
||||
char **states;
|
||||
char **patterns;
|
||||
} DescribeUnitsParameters;
|
||||
|
||||
static const char* const managed_oom_mode_properties[] = {
|
||||
"ManagedOOMSwap",
|
||||
"ManagedOOMMemoryPressure",
|
||||
|
|
@ -560,6 +570,139 @@ static int vl_method_get_memberships(sd_varlink *link, sd_json_variant *paramete
|
|||
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
||||
}
|
||||
|
||||
static int vl_method_describe(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
|
||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
|
||||
Manager *manager = ASSERT_PTR(userdata);
|
||||
int r;
|
||||
|
||||
assert(parameters);
|
||||
|
||||
if (sd_json_variant_elements(parameters) > 0)
|
||||
return sd_varlink_error_invalid_parameter(link, parameters);
|
||||
|
||||
r = manager_build_json(manager, &v);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to build manager JSON data: %m");
|
||||
|
||||
return sd_varlink_reply(link, v);
|
||||
}
|
||||
|
||||
static int vl_method_list_units(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
|
||||
|
||||
static const sd_json_dispatch_field dispatch_table[] = {
|
||||
{ "states", SD_JSON_VARIANT_ARRAY, sd_json_dispatch_strv, offsetof(DescribeUnitsParameters, states), SD_JSON_STRICT },
|
||||
{ "patterns", SD_JSON_VARIANT_ARRAY, sd_json_dispatch_const_string, offsetof(DescribeUnitsParameters, patterns), SD_JSON_STRICT },
|
||||
{},
|
||||
};
|
||||
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
DescribeUnitsParameters p = {};
|
||||
const char *k;
|
||||
Unit *u;
|
||||
int r;
|
||||
|
||||
assert(parameters);
|
||||
|
||||
if (sd_json_variant_elements(parameters) > 0)
|
||||
return sd_varlink_error_invalid_parameter(link, parameters);
|
||||
|
||||
if (!FLAGS_SET(flags, SD_VARLINK_METHOD_MORE))
|
||||
return sd_varlink_error(link, SD_VARLINK_ERROR_EXPECTED_MORE, NULL);
|
||||
|
||||
r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
|
||||
if (r != 0)
|
||||
return r;
|
||||
|
||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *previous = NULL;
|
||||
HASHMAP_FOREACH_KEY(u, k, m->units) {
|
||||
if (k != u->id)
|
||||
continue;
|
||||
|
||||
if (unit_is_filtered(u, p.states, p.patterns))
|
||||
continue;
|
||||
|
||||
if (previous) {
|
||||
r = sd_varlink_notifybo(link, SD_JSON_BUILD_PAIR_VARIANT("unit", previous));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
previous = sd_json_variant_unref(previous);
|
||||
}
|
||||
|
||||
r = unit_build_json(u, &previous);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to build unit JSON data: %m");
|
||||
}
|
||||
|
||||
if (!previous)
|
||||
return sd_varlink_error(link, "io.systemd.Manager.NoSuchUnit", NULL);
|
||||
|
||||
return sd_varlink_replybo(link, SD_JSON_BUILD_PAIR_VARIANT("unit", previous));
|
||||
}
|
||||
|
||||
static int vl_method_list_jobs(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
|
||||
|
||||
struct p {
|
||||
uint32_t id;
|
||||
} p = {
|
||||
.id = 0,
|
||||
};
|
||||
|
||||
static const sd_json_dispatch_field dispatch_table[] = {
|
||||
{ "id", SD_JSON_VARIANT_UNSIGNED, sd_json_dispatch_uint32, offsetof(struct p, id), 0 },
|
||||
{},
|
||||
};
|
||||
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
Job *j;
|
||||
int r;
|
||||
|
||||
assert(link);
|
||||
assert(parameters);
|
||||
|
||||
r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
|
||||
if (r != 0)
|
||||
return r;
|
||||
|
||||
if (p.id > 0) {
|
||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
|
||||
|
||||
j = hashmap_get(m->jobs, UINT_TO_PTR(p.id));
|
||||
if (!j)
|
||||
return sd_varlink_error(link, "io.systemd.Manager.NoSuchJob", NULL);
|
||||
|
||||
r = job_build_json(j, &v);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to build job JSON data: %m");
|
||||
|
||||
return sd_varlink_reply(link, v);
|
||||
|
||||
}
|
||||
|
||||
if (!FLAGS_SET(flags, SD_VARLINK_METHOD_MORE))
|
||||
return sd_varlink_error(link, SD_VARLINK_ERROR_EXPECTED_MORE, NULL);
|
||||
|
||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *previous = NULL;
|
||||
HASHMAP_FOREACH(j, m->jobs) {
|
||||
if (previous) {
|
||||
r = sd_varlink_notify(link, previous);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
previous = sd_json_variant_unref(previous);
|
||||
}
|
||||
|
||||
r = job_build_json(j, &previous);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to build job JSON data: %m");
|
||||
}
|
||||
|
||||
if (!previous)
|
||||
return sd_varlink_error(link, "io.systemd.Manager.NoSuchJob", NULL);
|
||||
|
||||
return sd_varlink_reply(link, previous);
|
||||
}
|
||||
|
||||
static void vl_disconnect(sd_varlink_server *s, sd_varlink *link, void *userdata) {
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
|
||||
|
|
@ -579,34 +722,49 @@ int manager_setup_varlink_server(Manager *m) {
|
|||
if (m->varlink_server)
|
||||
return 0;
|
||||
|
||||
if (!MANAGER_IS_SYSTEM(m))
|
||||
return -EINVAL;
|
||||
sd_varlink_server_flags_t flags = SD_VARLINK_SERVER_INHERIT_USERDATA;
|
||||
if (MANAGER_IS_SYSTEM(m))
|
||||
flags |= SD_VARLINK_SERVER_ACCOUNT_UID;
|
||||
|
||||
r = sd_varlink_server_new(&s, SD_VARLINK_SERVER_ACCOUNT_UID|SD_VARLINK_SERVER_INHERIT_USERDATA);
|
||||
r = sd_varlink_server_new(&s, flags);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to allocate varlink server object: %m");
|
||||
|
||||
sd_varlink_server_set_userdata(s, m);
|
||||
|
||||
r = sd_varlink_server_add_interface_many(
|
||||
s,
|
||||
&vl_interface_io_systemd_UserDatabase,
|
||||
&vl_interface_io_systemd_ManagedOOM);
|
||||
r = sd_varlink_server_add_interface_many(s, &vl_interface_io_systemd_Manager);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to add interfaces to varlink server: %m");
|
||||
|
||||
r = sd_varlink_server_bind_method_many(
|
||||
s,
|
||||
"io.systemd.UserDatabase.GetUserRecord", vl_method_get_user_record,
|
||||
"io.systemd.UserDatabase.GetGroupRecord", vl_method_get_group_record,
|
||||
"io.systemd.UserDatabase.GetMemberships", vl_method_get_memberships,
|
||||
"io.systemd.ManagedOOM.SubscribeManagedOOMCGroups", vl_method_subscribe_managed_oom_cgroups);
|
||||
"io.systemd.Manager.Describe", vl_method_describe,
|
||||
"io.systemd.Manager.ListUnits", vl_method_list_units,
|
||||
"io.systemd.Manager.ListJobs", vl_method_list_jobs);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to register varlink methods: %m");
|
||||
|
||||
r = sd_varlink_server_bind_disconnect(s, vl_disconnect);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to register varlink disconnect handler: %m");
|
||||
if (MANAGER_IS_SYSTEM(m)) {
|
||||
r = sd_varlink_server_add_interface_many(
|
||||
s,
|
||||
&vl_interface_io_systemd_UserDatabase,
|
||||
&vl_interface_io_systemd_ManagedOOM);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to add interfaces to varlink server: %m");
|
||||
|
||||
r = sd_varlink_server_bind_method_many(
|
||||
s,
|
||||
"io.systemd.UserDatabase.GetUserRecord", vl_method_get_user_record,
|
||||
"io.systemd.UserDatabase.GetGroupRecord", vl_method_get_group_record,
|
||||
"io.systemd.UserDatabase.GetMemberships", vl_method_get_memberships,
|
||||
"io.systemd.ManagedOOM.SubscribeManagedOOMCGroups", vl_method_subscribe_managed_oom_cgroups);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to register varlink methods: %m");
|
||||
|
||||
r = sd_varlink_server_bind_disconnect(s, vl_disconnect);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to register varlink disconnect handler: %m");
|
||||
}
|
||||
|
||||
r = sd_varlink_server_attach_event(s, m->event, EVENT_PRIORITY_IPC);
|
||||
if (r < 0)
|
||||
|
|
@ -632,20 +790,13 @@ static int manager_varlink_init_system(Manager *m) {
|
|||
if (!MANAGER_IS_TEST_RUN(m)) {
|
||||
(void) mkdir_p_label("/run/systemd/userdb", 0755);
|
||||
|
||||
FOREACH_STRING(address, "/run/systemd/userdb/io.systemd.DynamicUser", VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM) {
|
||||
if (!fresh) {
|
||||
/* We might have got sockets through deserialization. Do not bind to them twice. */
|
||||
|
||||
bool found = false;
|
||||
LIST_FOREACH(sockets, ss, m->varlink_server->sockets)
|
||||
if (path_equal(ss->address, address)) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
|
||||
if (found)
|
||||
continue;
|
||||
}
|
||||
FOREACH_STRING(address,
|
||||
"/run/systemd/userdb/io.systemd.DynamicUser",
|
||||
VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM,
|
||||
"/run/systemd/io.systemd.Manager") {
|
||||
/* We might have got sockets through deserialization. Do not bind to them twice. */
|
||||
if (!fresh && varlink_server_contains_socket(m->varlink_server, address))
|
||||
continue;
|
||||
|
||||
r = sd_varlink_server_listen_address(m->varlink_server, address, 0666);
|
||||
if (r < 0)
|
||||
|
|
@ -657,6 +808,9 @@ static int manager_varlink_init_system(Manager *m) {
|
|||
}
|
||||
|
||||
static int manager_varlink_init_user(Manager *m) {
|
||||
_cleanup_free_ char *address = NULL;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
|
||||
if (!MANAGER_IS_USER(m))
|
||||
|
|
@ -665,6 +819,22 @@ static int manager_varlink_init_user(Manager *m) {
|
|||
if (MANAGER_IS_TEST_RUN(m))
|
||||
return 0;
|
||||
|
||||
r = manager_setup_varlink_server(m);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to set up varlink server: %m");
|
||||
bool fresh = r > 0;
|
||||
|
||||
address = path_join(m->prefix[EXEC_DIRECTORY_RUNTIME], "systemd/io.systemd.Manager");
|
||||
if (!address)
|
||||
return -ENOMEM;
|
||||
|
||||
/* We might have got sockets through deserialization. Do not bind to them twice. */
|
||||
if (fresh || !varlink_server_contains_socket(m->varlink_server, address)) {
|
||||
r = sd_varlink_server_listen_address(m->varlink_server, address, 0666);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address);
|
||||
}
|
||||
|
||||
return manager_varlink_managed_oom_connect(m);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
#include "escape.h"
|
||||
#include "fileio.h"
|
||||
#include "job.h"
|
||||
#include "json-util.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
#include "parse-util.h"
|
||||
|
|
@ -1347,6 +1348,39 @@ int job_deserialize(Job *j, FILE *f) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int activation_details_build_json(sd_json_variant **ret, const char *name, void *userdata) {
|
||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
|
||||
_cleanup_strv_free_ char **pairs = NULL;
|
||||
ActivationDetails *activation_details = userdata;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
r = activation_details_append_pair(activation_details, &pairs);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
STRV_FOREACH_PAIR(key, value, pairs) {
|
||||
r = sd_json_variant_set_field_string(&v, *key, *value);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
*ret = TAKE_PTR(v);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int job_build_json(Job *job, sd_json_variant **ret) {
|
||||
assert(job);
|
||||
|
||||
return sd_json_buildo(ret,
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("id", job->id),
|
||||
SD_JSON_BUILD_PAIR_STRING("unit", job->unit->id),
|
||||
SD_JSON_BUILD_PAIR_STRING("jobType", job_type_to_string(job->type)),
|
||||
SD_JSON_BUILD_PAIR_STRING("state", job_state_to_string(job->state)),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("activationDetails", activation_details_build_json, job->activation_details));
|
||||
}
|
||||
|
||||
int job_coldplug(Job *j) {
|
||||
int r;
|
||||
usec_t timeout_time = USEC_INFINITY;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
#include "sd-bus.h"
|
||||
#include "sd-event.h"
|
||||
#include "sd-json.h"
|
||||
|
||||
#include "list.h"
|
||||
#include "unit-dependency-atom.h"
|
||||
|
|
@ -185,6 +186,8 @@ void job_uninstall(Job *j);
|
|||
void job_dump(Job *j, FILE *f, const char *prefix);
|
||||
int job_serialize(Job *j, FILE *f);
|
||||
int job_deserialize(Job *j, FILE *f);
|
||||
int activation_details_build_json(sd_json_variant **ret, const char *name, void *userdata);
|
||||
int job_build_json(Job *job, sd_json_variant **ret);
|
||||
int job_coldplug(Job *j);
|
||||
|
||||
JobDependency* job_dependency_new(Job *subject, Job *object, bool matters, bool conflicts);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,181 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include <sys/prctl.h>
|
||||
|
||||
#include "build.h"
|
||||
#include "confidential-virt.h"
|
||||
#include "json-util.h"
|
||||
#include "manager-json.h"
|
||||
#include "manager.h"
|
||||
#include "rlimit-util.h"
|
||||
#include "syslog-util.h"
|
||||
#include "taint.h"
|
||||
#include "version.h"
|
||||
#include "virt.h"
|
||||
#include "watchdog.h"
|
||||
|
||||
int rlimit_build_json(sd_json_variant **ret, const char *name, void *userdata) {
|
||||
struct rlimit *rl = userdata, buf = {};
|
||||
|
||||
assert(name);
|
||||
assert(ret);
|
||||
|
||||
if (rl)
|
||||
buf = *rl;
|
||||
else {
|
||||
const char *p;
|
||||
int z;
|
||||
|
||||
/* Skip over any prefix, such as "Default" */
|
||||
assert_se(p = strstrafter(name, "Limit"));
|
||||
|
||||
z = rlimit_from_string(p);
|
||||
assert(z >= 0);
|
||||
|
||||
(void) getrlimit(z, &buf);
|
||||
}
|
||||
|
||||
if (buf.rlim_cur == RLIM_INFINITY && buf.rlim_max == RLIM_INFINITY)
|
||||
return 0;
|
||||
|
||||
/* rlim_t might have different sizes, let's map RLIMIT_INFINITY to UINT64_MAX, so that it is the same
|
||||
* on all archs */
|
||||
return sd_json_buildo(ret,
|
||||
JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("soft", buf.rlim_cur, RLIM_INFINITY),
|
||||
JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("hard", buf.rlim_max, RLIM_INFINITY));
|
||||
}
|
||||
|
||||
static int manager_context_build_json(sd_json_variant **ret, const char *name, void *userdata) {
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
|
||||
return sd_json_buildo(ASSERT_PTR(ret),
|
||||
SD_JSON_BUILD_PAIR_STRING("Version", GIT_VERSION),
|
||||
SD_JSON_BUILD_PAIR_STRING("Features", systemd_features),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("ShowStatus", manager_get_show_status_on(m)),
|
||||
SD_JSON_BUILD_PAIR_STRV("UnitPath", m->lookup_paths.search_path),
|
||||
SD_JSON_BUILD_PAIR_INTEGER("LogLevel", m->log_level_overridden ? m->original_log_level : log_get_max_level()),
|
||||
SD_JSON_BUILD_PAIR_STRING("LogTarget", log_target_to_string(m->log_target_overridden ? m->original_log_target : log_get_target())),
|
||||
JSON_BUILD_PAIR_STRV_NON_EMPTY("Environment", m->transient_environment),
|
||||
SD_JSON_BUILD_PAIR_STRING("DefaultStandardOutput", exec_output_to_string(m->defaults.std_output)),
|
||||
SD_JSON_BUILD_PAIR_STRING("DefaultStandardError", exec_output_to_string(m->defaults.std_error)),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("RuntimeWatchdogUSec", manager_get_watchdog(m, WATCHDOG_RUNTIME)),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("RuntimeWatchdogPreUSec", manager_get_watchdog(m, WATCHDOG_PRETIMEOUT)),
|
||||
JSON_BUILD_PAIR_STRING_NON_EMPTY("RuntimeWatchdogPreGovernor", m->watchdog_pretimeout_governor),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("RebootWatchdogUSec", manager_get_watchdog(m, WATCHDOG_REBOOT)),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("KExecWatchdogUSec", manager_get_watchdog(m, WATCHDOG_KEXEC)),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("ServiceWatchdogs", m->service_watchdogs),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimerAccuracyUSec", m->defaults.timer_accuracy_usec),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimeoutStartUSec", m->defaults.timeout_start_usec),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimeoutStopUSec", m->defaults.timeout_stop_usec),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimeoutAbortUSec", manager_default_timeout_abort_usec(m)),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultDeviceTimeoutUSec", m->defaults.device_timeout_usec),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultRestartUSec", m->defaults.restart_usec),
|
||||
JSON_BUILD_PAIR_RATELIMIT("DefaultStartLimit", &m->defaults.start_limit),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultCPUAccounting", m->defaults.cpu_accounting),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultBlockIOAccounting", m->defaults.blockio_accounting),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultIOAccounting", m->defaults.io_accounting),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultIPAccounting", m->defaults.ip_accounting),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultMemoryAccounting", m->defaults.memory_accounting),
|
||||
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultTasksAccounting", m->defaults.tasks_accounting),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitCPU", rlimit_build_json, m->defaults.rlimit[RLIMIT_CPU]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitFSIZE", rlimit_build_json, m->defaults.rlimit[RLIMIT_FSIZE]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitDATA", rlimit_build_json, m->defaults.rlimit[RLIMIT_DATA]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitSTACK", rlimit_build_json, m->defaults.rlimit[RLIMIT_STACK]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitCORE", rlimit_build_json, m->defaults.rlimit[RLIMIT_CORE]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitRSS", rlimit_build_json, m->defaults.rlimit[RLIMIT_RSS]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitNOFILE", rlimit_build_json, m->defaults.rlimit[RLIMIT_NOFILE]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitAS", rlimit_build_json, m->defaults.rlimit[RLIMIT_AS]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitNPROC", rlimit_build_json, m->defaults.rlimit[RLIMIT_NPROC]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitMEMLOCK", rlimit_build_json, m->defaults.rlimit[RLIMIT_MEMLOCK]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitLOCKS", rlimit_build_json, m->defaults.rlimit[RLIMIT_LOCKS]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitSIGPENDING", rlimit_build_json, m->defaults.rlimit[RLIMIT_SIGPENDING]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitMSGQUEUE", rlimit_build_json, m->defaults.rlimit[RLIMIT_MSGQUEUE]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitNICE", rlimit_build_json, m->defaults.rlimit[RLIMIT_NICE]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitRTPRIO", rlimit_build_json, m->defaults.rlimit[RLIMIT_RTPRIO]),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitRTTIME", rlimit_build_json, m->defaults.rlimit[RLIMIT_RTTIME]),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("DefaultTasksMax", cgroup_tasks_max_resolve(&m->defaults.tasks_max)),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("DefaultMemoryPressureThresholdUSec", m->defaults.memory_pressure_threshold_usec),
|
||||
SD_JSON_BUILD_PAIR_STRING("DefaultMemoryPressureWatch", cgroup_pressure_watch_to_string(m->defaults.memory_pressure_watch)),
|
||||
JSON_BUILD_PAIR_FINITE_USEC("TimerSlackNSec", (uint64_t) prctl(PR_GET_TIMERSLACK)),
|
||||
SD_JSON_BUILD_PAIR_STRING("DefaultOOMPolicy", oom_policy_to_string(m->defaults.oom_policy)),
|
||||
SD_JSON_BUILD_PAIR_INTEGER("DefaultOOMScoreAdjust", m->defaults.oom_score_adjust),
|
||||
SD_JSON_BUILD_PAIR_STRING("CtrlAltDelBurstAction", emergency_action_to_string(m->cad_burst_action)));
|
||||
}
|
||||
|
||||
static int manager_environment_build_json(sd_json_variant **ret, const char *name, void *userdata) {
|
||||
_cleanup_strv_free_ char **l = NULL;
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
r = manager_get_effective_environment(m, &l);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (strv_isempty(l))
|
||||
return 0;
|
||||
|
||||
return sd_json_variant_new_array_strv(ret, l);
|
||||
}
|
||||
|
||||
static int manager_runtime_build_json(sd_json_variant **ret, const char *name, void *userdata) {
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
dual_timestamp watchdog_last_ping = {
|
||||
.monotonic = watchdog_get_last_ping(CLOCK_MONOTONIC),
|
||||
.realtime = watchdog_get_last_ping(CLOCK_REALTIME),
|
||||
};
|
||||
_cleanup_strv_free_ char **taints = NULL;
|
||||
|
||||
taints = taint_strv();
|
||||
if (!taints)
|
||||
return -ENOMEM;
|
||||
|
||||
return sd_json_buildo(ASSERT_PTR(ret),
|
||||
SD_JSON_BUILD_PAIR_STRING("Architecture", architecture_to_string(uname_architecture())),
|
||||
SD_JSON_BUILD_PAIR_STRING("Virtualization", virtualization_to_string(detect_virtualization())),
|
||||
SD_JSON_BUILD_PAIR_STRING("ConfidentialVirtualization", confidential_virtualization_to_string(detect_confidential_virtualization())),
|
||||
SD_JSON_BUILD_PAIR_STRV("Taints", taints),
|
||||
JSON_BUILD_PAIR_STRING_NON_EMPTY("ConfirmSpawn", manager_get_confirm_spawn(m)),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("FirmwareTimestamp", &m->timestamps[MANAGER_TIMESTAMP_FIRMWARE]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("LoaderTimestamp", &m->timestamps[MANAGER_TIMESTAMP_LOADER]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("KernelTimestamp", &m->timestamps[MANAGER_TIMESTAMP_KERNEL]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UserspaceTimestamp", &m->timestamps[MANAGER_TIMESTAMP_USERSPACE]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("FinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_FINISH]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("SecurityStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_SECURITY_START]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("SecurityFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("GeneratorsStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_GENERATORS_START]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("GeneratorsFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_GENERATORS_FINISH]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UnitsLoadStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_START]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UnitsLoadFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_FINISH]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UnitsLoadTimestamp", &m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDSecurityStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_SECURITY_START]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDSecurityFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_SECURITY_FINISH]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDGeneratorsStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_GENERATORS_START]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDGeneratorsFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_GENERATORS_FINISH]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDUnitsLoadStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_START]),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDUnitsLoadFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]),
|
||||
SD_JSON_BUILD_PAIR_CONDITION(m->log_level_overridden, "LogLevel", SD_JSON_BUILD_INTEGER(log_get_max_level())),
|
||||
SD_JSON_BUILD_PAIR_CONDITION(m->log_target_overridden, "LogTarget", SD_JSON_BUILD_STRING(log_target_to_string(log_get_target()))),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("NNames", hashmap_size(m->units)),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("NFailedUnits", set_size(m->failed_units)),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("NJobs", hashmap_size(m->jobs)),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("NInstalledJobs", m->n_installed_jobs),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("NFailedJobs", m->n_failed_jobs),
|
||||
SD_JSON_BUILD_PAIR_REAL("Progress", manager_get_progress(m)),
|
||||
JSON_BUILD_PAIR_CALLBACK_NON_NULL("Environment", manager_environment_build_json, m),
|
||||
JSON_BUILD_PAIR_STRING_NON_EMPTY("WatchdogDevice", watchdog_get_device()),
|
||||
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("WatchdogLastPingTimestamp", &watchdog_last_ping),
|
||||
JSON_BUILD_PAIR_STRING_NON_EMPTY("ControlGroup", m->cgroup_root),
|
||||
SD_JSON_BUILD_PAIR_STRING("SystemState", manager_state_to_string(manager_state(m))),
|
||||
SD_JSON_BUILD_PAIR_UNSIGNED("ExitCode", m->return_value));
|
||||
}
|
||||
|
||||
int manager_build_json(Manager *m, sd_json_variant **ret) {
|
||||
assert(m);
|
||||
|
||||
return sd_json_buildo(ASSERT_PTR(ret),
|
||||
SD_JSON_BUILD_PAIR_CALLBACK("Context", manager_context_build_json, m),
|
||||
SD_JSON_BUILD_PAIR_CALLBACK("Runtime", manager_runtime_build_json, m));
|
||||
}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include "sd-json.h"
|
||||
|
||||
#include "manager.h"
|
||||
|
||||
int rlimit_build_json(sd_json_variant **ret, const char *name, void *userdata);
|
||||
int environment_build_json(sd_json_variant **ret, const char *name, void *userdata);
|
||||
int manager_build_json(Manager *manager, sd_json_variant **ret);
|
||||
|
|
@ -497,7 +497,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
} else if ((val = startswith(l, "varlink-server-socket-address="))) {
|
||||
if (!m->varlink_server && MANAGER_IS_SYSTEM(m)) {
|
||||
if (!m->varlink_server) {
|
||||
r = manager_setup_varlink_server(m);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed to setup varlink server, ignoring: %m");
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ libcore_sources = files(
|
|||
'load-dropin.c',
|
||||
'load-fragment.c',
|
||||
'manager-dump.c',
|
||||
'manager-json.c',
|
||||
'manager-serialize.c',
|
||||
'manager.c',
|
||||
'mount.c',
|
||||
|
|
@ -62,6 +63,7 @@ libcore_sources = files(
|
|||
'transaction.c',
|
||||
'unit-dependency-atom.c',
|
||||
'unit-printf.c',
|
||||
'unit-json.c',
|
||||
'unit-serialize.c',
|
||||
'unit.c',
|
||||
)
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,8 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include "sd-json.h"
|
||||
|
||||
#include "unit.h"
|
||||
|
||||
int unit_build_json(Unit *unit, sd_json_variant **ret);
|
||||
|
|
@ -185,6 +185,7 @@ shared_sources = files(
|
|||
'varlink-io.systemd.Machine.c',
|
||||
'varlink-io.systemd.MachineImage.c',
|
||||
'varlink-io.systemd.ManagedOOM.c',
|
||||
'varlink-io.systemd.Manager.c',
|
||||
'varlink-io.systemd.MountFileSystem.c',
|
||||
'varlink-io.systemd.NamespaceResource.c',
|
||||
'varlink-io.systemd.Network.c',
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
#include "namespace-util.h"
|
||||
#include "nsflags.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
int namespace_flags_from_string(const char *name, unsigned long *ret) {
|
||||
unsigned long flags = 0;
|
||||
|
|
@ -42,19 +43,17 @@ int namespace_flags_from_string(const char *name, unsigned long *ret) {
|
|||
}
|
||||
|
||||
int namespace_flags_to_string(unsigned long flags, char **ret) {
|
||||
_cleanup_free_ char *s = NULL;
|
||||
unsigned i;
|
||||
_cleanup_strv_free_ char **l = NULL;
|
||||
|
||||
for (i = 0; namespace_info[i].proc_name; i++) {
|
||||
if ((flags & namespace_info[i].clone_flag) != namespace_info[i].clone_flag)
|
||||
continue;
|
||||
l = namespace_flags_to_strv(flags);
|
||||
if (!l)
|
||||
return -ENOMEM;
|
||||
|
||||
if (!strextend_with_separator(&s, " ", namespace_info[i].proc_name))
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
*ret = TAKE_PTR(s);
|
||||
char *s = strv_join(l, NULL);
|
||||
if (!s)
|
||||
return -ENOMEM;
|
||||
|
||||
*ret = s;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -65,3 +64,18 @@ const char* namespace_single_flag_to_string(unsigned long flag) {
|
|||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char** namespace_flags_to_strv(unsigned long flags) {
|
||||
_cleanup_strv_free_ char **s = NULL;
|
||||
unsigned i;
|
||||
|
||||
for (i = 0; namespace_info[i].proc_name; i++) {
|
||||
if ((flags & namespace_info[i].clone_flag) != namespace_info[i].clone_flag)
|
||||
continue;
|
||||
|
||||
if (strv_extend(&s, namespace_info[i].proc_name) < 0)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return s ? TAKE_PTR(s) : strv_new(NULL);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,3 +21,5 @@
|
|||
int namespace_flags_from_string(const char *name, unsigned long *ret);
|
||||
int namespace_flags_to_string(unsigned long flags, char **ret);
|
||||
const char* namespace_single_flag_to_string(unsigned long flag);
|
||||
|
||||
char** namespace_flags_to_strv(unsigned long flags);
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,6 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include "sd-varlink-idl.h"
|
||||
|
||||
extern const sd_varlink_interface vl_interface_io_systemd_Manager;
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "varlink-internal.h"
|
||||
#include "varlink-serialize.h"
|
||||
|
||||
|
|
@ -83,3 +84,14 @@ int varlink_server_deserialize_one(sd_varlink_server *s, const char *value, FDSe
|
|||
LIST_PREPEND(sockets, s->sockets, TAKE_PTR(ss));
|
||||
return 0;
|
||||
}
|
||||
|
||||
int varlink_server_contains_socket(sd_varlink_server *s, const char *address) {
|
||||
assert(s);
|
||||
assert(address);
|
||||
|
||||
LIST_FOREACH(sockets, ss, s->sockets)
|
||||
if (path_equal(ss->address, address))
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,3 +9,5 @@
|
|||
|
||||
int varlink_server_serialize(sd_varlink_server *s, FILE *f, FDSet *fds);
|
||||
int varlink_server_deserialize_one(sd_varlink_server *s, const char *value, FDSet *fds);
|
||||
|
||||
int varlink_server_contains_socket(sd_varlink_server *s, const char *address);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@
|
|||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
# shellcheck source=test/units/util.sh
|
||||
. "$(dirname "$0")"/util.sh
|
||||
|
||||
# Unset $PAGER so we don't have to use --no-pager everywhere
|
||||
export PAGER=
|
||||
|
||||
|
|
@ -160,3 +163,19 @@ done
|
|||
varlinkctl info /run/systemd/io.systemd.Hostname
|
||||
varlinkctl introspect /run/systemd/io.systemd.Hostname io.systemd.Hostname
|
||||
varlinkctl call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}'
|
||||
|
||||
varlinkctl info /run/systemd/io.systemd.Manager
|
||||
varlinkctl introspect /run/systemd/io.systemd.Manager io.systemd.Manager
|
||||
|
||||
for _ in $(seq 3); do
|
||||
systemd-run --service-type=oneshot --no-block sleep infinity
|
||||
done
|
||||
|
||||
varlinkctl call /run/systemd/io.systemd.Manager io.systemd.Manager.Describe '{}'
|
||||
JOB="$(varlinkctl call --more /run/systemd/io.systemd.Manager io.systemd.Manager.ListJobs '{}' | jq --slurp .[0].id)"
|
||||
assert_eq "$(varlinkctl call /run/systemd/io.systemd.Manager io.systemd.Manager.ListJobs "{\"id\": $JOB}" | jq .id)" "$JOB"
|
||||
|
||||
systemctl start user@4711
|
||||
varlinkctl info /run/user/4711/systemd/io.systemd.Manager
|
||||
varlinkctl introspect /run/user/4711/systemd/io.systemd.Manager
|
||||
varlinkctl call /run/user/4711/systemd/io.systemd.Manager io.systemd.Manager.Describe '{}'
|
||||
|
|
|
|||
Loading…
Reference in New Issue