diff --git a/Makefile.am b/Makefile.am index 3d9e5c1..4d43cb4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1707,7 +1707,9 @@ dist_tmpfiles_DATA += \ endif SYSINIT_TARGET_WANTS += \ - systemd-tmpfiles-setup-dev.service \ + systemd-tmpfiles-setup-dev.service + +MULTI_USER_TARGET_WANTS += \ systemd-tmpfiles-setup.service dist_zshcompletion_DATA += \ diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in index db72373..2fc12ca 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd" SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd" SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" -# Ignore encrypted devices with no identified superblock on it, since -# we are probably still calling mke2fs or mkswap on it. -SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" - # Ignore raid devices that are not yet assembled and started SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0" diff --git a/src/core/main.c b/src/core/main.c index 41605ee..8517369 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1883,7 +1883,7 @@ finish: char_array_0(sfd); i = 0; - args[i++] = SYSTEMD_BINARY_PATH; + args[i++] = "/run/current-system/systemd/lib/systemd/systemd"; if (switch_root_dir) args[i++] = "--switched-root"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; diff --git a/src/core/service.c b/src/core/service.c index ae3695a..6b3aa45 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1096,11 +1096,6 @@ static int service_verify(Service *s) { return -EINVAL; } - if (s->type == SERVICE_ONESHOT && s->restart != SERVICE_RESTART_NO) { - log_error_unit(UNIT(s)->id, "%s has Restart setting other than no, which isn't allowed for Type=oneshot services. Refusing.", UNIT(s)->id); - return -EINVAL; - } - if (s->type == SERVICE_DBUS && !s->bus_name) { log_error_unit(UNIT(s)->id, "%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->id); return -EINVAL; diff --git a/src/core/socket.c b/src/core/socket.c index 7c18a2b..eba67d5 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { int k; k = getpeercred(fd, &ucred); - if (k < 0) + if (k == -ENODATA) { + /* This handles the case where somebody is + * connecting from another pid/uid namespace + * (e.g. from outside of our container). */ + if (asprintf(&r, + "%u-unknown", + nr) < 0) + return -ENOMEM; + } + else if (k < 0) return k; - - if (asprintf(&r, - "%u-%lu-%lu", - nr, - (unsigned long) ucred.pid, - (unsigned long) ucred.uid) < 0) - return -ENOMEM; - + else { + if (asprintf(&r, + "%u-%lu-%lu", + nr, + (unsigned long) ucred.pid, + (unsigned long) ucred.uid) < 0) + return -ENOMEM; + } break; } diff --git a/src/core/umount.c b/src/core/umount.c index d1258f0..0311812 100644 --- a/src/core/umount.c +++ b/src/core/umount.c @@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e * anyway, since we are running from it. They have * already been remounted ro. */ if (path_equal(m->path, "/") + || path_equal(m->path, "/nix") + || path_equal(m->path, "/nix/store") #ifndef HAVE_SPLIT_USR || path_equal(m->path, "/usr") #endif diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c index 18f2aca..2a2b1ea 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -285,7 +285,7 @@ int main(int argc, char *argv[]) { type = udev_device_get_property_value(udev_device, "ID_FS_TYPE"); if (type) { - const char *checker = strappenda("/sbin/fsck.", type); + const char *checker = strappenda("/run/current-system/sw/sbin/fsck.", type); r = access(checker, X_OK); if (r < 0) { if (errno == ENOENT) { @@ -302,7 +302,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - cmdline[i++] = "/sbin/fsck"; + cmdline[i++] = "/run/current-system/sw/sbin/fsck"; cmdline[i++] = "-a"; cmdline[i++] = "-T"; cmdline[i++] = "-l"; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 9a9ed9d..9e46e18 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) { goto finish; } } else { +#if 0 const char *p; p = strappenda(arg_directory, @@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) { goto finish; } +#endif } } else { char template[] = "/tmp/nspawn-root-XXXXXX"; diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c index d61ecdf..228a3a4 100644 --- a/src/nss-myhostname/netlink.c +++ b/src/nss-myhostname/netlink.c @@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) { ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE) continue; + if (ifaddrmsg->ifa_family == AF_INET6 && + ifaddrmsg->ifa_scope == RT_SCOPE_LINK) + continue; + if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) continue; diff --git a/src/shared/generator.c b/src/shared/generator.c index 6110303..e679cb1 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -48,7 +48,7 @@ int generator_write_fsck_deps( const char *checker; int r; - checker = strappenda("/sbin/fsck.", fstype); + checker = strappenda("/run/current-system/sw/sbin/fsck.", fstype); r = access(checker, X_OK); if (r < 0) { log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker); diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 0887bc3..6b502ce 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -2561,7 +2561,7 @@ static int start_unit_one( log_debug("Adding %s to the set", p); r = set_consume(s, p); - if (r < 0) + if (r < 0 && r != -EEXIST) return log_oom(); } diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index 8ac51a4..cae9fb5 100644 --- a/units/console-getty.service.m4.in +++ b/units/console-getty.service.m4.in @@ -15,7 +15,6 @@ After=rc-local.service Before=getty.target [Service] -ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM Type=idle Restart=always RestartSec=0 diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in index 4f7794b..bad2a9a 100644 --- a/units/container-getty@.service.m4.in +++ b/units/container-getty@.service.m4.in @@ -16,7 +16,6 @@ Before=getty.target IgnoreOnIsolate=yes [Service] -ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM Type=idle Restart=always RestartSec=0 diff --git a/units/emergency.service.in b/units/emergency.service.in index 94c090f..0d20640 100644 --- a/units/emergency.service.in +++ b/units/emergency.service.in @@ -15,7 +15,6 @@ Before=shutdown.target [Service] Environment=HOME=/root WorkingDirectory=/root -ExecStartPre=-/bin/plymouth quit ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.' ExecStart=-/sbin/sulogin ExecStopPost=@SYSTEMCTL@ --fail --no-block default diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 index aa853b8..8bcc647 100644 --- a/units/getty@.service.m4 +++ b/units/getty@.service.m4 @@ -23,11 +23,12 @@ IgnoreOnIsolate=yes # On systems without virtual consoles, don't start any getty. Note # that serial gettys are covered by serial-getty@.service, not this # unit. -ConditionPathExists=/dev/tty0 +ConditionPathExists=|/dev/tty0 +ConditionVirtualization=|lxc +ConditionVirtualization=|lxc-libvirt [Service] # the VT is cleared by TTYVTDisallocate -ExecStart=-/sbin/agetty --noclear %I $TERM Type=idle Restart=always RestartSec=0 diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in index 368f980..d0c1bd2 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in @@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel DefaultDependencies=no Before=sysinit.target systemd-tmpfiles-setup-dev.service ConditionCapability=CAP_MKNOD -ConditionPathExists=/lib/modules/%v/modules.devname [Service] Type=oneshot diff --git a/units/local-fs.target b/units/local-fs.target index ae3cedc..0e36840 100644 --- a/units/local-fs.target +++ b/units/local-fs.target @@ -13,3 +13,5 @@ DefaultDependencies=no Conflicts=shutdown.target OnFailure=emergency.target OnFailureJobMode=replace-irreversibly + +X-StopOnReconfiguration=yes diff --git a/units/remote-fs.target b/units/remote-fs.target index 43ffa5c..156a681 100644 --- a/units/remote-fs.target +++ b/units/remote-fs.target @@ -12,5 +12,7 @@ After=remote-fs-pre.target DefaultDependencies=no Conflicts=shutdown.target +X-StopOnReconfiguration=yes + [Install] WantedBy=multi-user.target diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in index 552ef89..af3915f 100644 --- a/units/rescue.service.m4.in +++ b/units/rescue.service.m4.in @@ -16,7 +16,6 @@ Before=shutdown.target [Service] Environment=HOME=/root WorkingDirectory=/root -ExecStartPre=-/bin/plymouth quit ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.' ExecStart=-/sbin/sulogin ExecStopPost=-@SYSTEMCTL@ --fail --no-block default diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4 index 4ac51e7..86a3b59 100644 --- a/units/serial-getty@.service.m4 +++ b/units/serial-getty@.service.m4 @@ -22,7 +22,6 @@ Before=getty.target IgnoreOnIsolate=yes [Service] -ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM Type=idle Restart=always RestartSec=0 diff --git a/units/sysinit.target b/units/sysinit.target index 8f4fb8f..e0f0147 100644 --- a/units/sysinit.target +++ b/units/sysinit.target @@ -9,6 +9,5 @@ Description=System Initialization Documentation=man:systemd.special(7) Conflicts=emergency.service emergency.target -Wants=local-fs.target swap.target -After=local-fs.target swap.target emergency.service emergency.target +After=emergency.service emergency.target RefuseManualStart=yes diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in index e945d87..77728f2 100644 --- a/units/systemd-backlight@.service.in +++ b/units/systemd-backlight@.service.in @@ -19,3 +19,4 @@ Type=oneshot RemainAfterExit=yes ExecStart=@rootlibexecdir@/systemd-backlight load %i ExecStop=@rootlibexecdir@/systemd-backlight save %i +X-RestartIfChanged=false diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index de93879..c9a49f3 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -25,3 +25,8 @@ WatchdogSec=1min # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service. LimitNOFILE=16384 + +# Don't restart journald, since that causes services connected to +# journald to stop logging (see +# https://bugs.freedesktop.org/show_bug.cgi?id=56043). +X-RestartIfChanged=no diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index 1879b2f..9b895b9 100644 --- a/units/systemd-random-seed.service.in +++ b/units/systemd-random-seed.service.in @@ -19,3 +19,4 @@ Type=oneshot RemainAfterExit=yes ExecStart=@rootlibexecdir@/systemd-random-seed load ExecStop=@rootlibexecdir@/systemd-random-seed save +X-RestartIfChanged=false diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in index 9d264a2..c505535 100644 --- a/units/systemd-rfkill@.service.in +++ b/units/systemd-rfkill@.service.in @@ -19,3 +19,4 @@ Type=oneshot RemainAfterExit=yes ExecStart=@rootlibexecdir@/systemd-rfkill load %I ExecStop=@rootlibexecdir@/systemd-rfkill save %I +X-RestartIfChanged=false diff --git a/units/systemd-tmpfiles-setup.service.in b/units/systemd-tmpfiles-setup.service.in index 01043b7..507f820 100644 --- a/units/systemd-tmpfiles-setup.service.in +++ b/units/systemd-tmpfiles-setup.service.in @@ -12,7 +12,7 @@ DefaultDependencies=no Wants=local-fs.target Conflicts=shutdown.target After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target -Before=sysinit.target shutdown.target +Before=shutdown.target ConditionDirectoryNotEmpty=|/usr/lib/tmpfiles.d ConditionDirectoryNotEmpty=|/lib/tmpfiles.d ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in index da7dda7..e638145 100644 --- a/units/systemd-update-utmp.service.in +++ b/units/systemd-update-utmp.service.in @@ -11,7 +11,7 @@ Documentation=man:systemd-update-utmp.service(8) man:utmp(5) DefaultDependencies=no RequiresMountsFor=/var/log/wtmp Conflicts=shutdown.target -After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service +After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service auditd.service Before=sysinit.target shutdown.target [Service] @@ -19,3 +19,4 @@ Type=oneshot RemainAfterExit=yes ExecStart=@rootlibexecdir@/systemd-update-utmp reboot ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown +X-RestartIfChanged=false diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in index 0869e73..b6ed958 100644 --- a/units/systemd-user-sessions.service.in +++ b/units/systemd-user-sessions.service.in @@ -15,3 +15,6 @@ Type=oneshot RemainAfterExit=yes ExecStart=@rootlibexecdir@/systemd-user-sessions start ExecStop=@rootlibexecdir@/systemd-user-sessions stop + +# Restart kills all active sessions. +X-RestartIfChanged=no