014fe1a3c3
systemd-tmpfiles-setup.service pulls in local-fs.target, which interferes with NixOps' send-keys feature (since sshd.service depends indirectly on sysinit.target). Since in NixOS we don't use systemd-tmpfiles for creating files (that's done by activation scripts and preStart scripts), it's not a problem to start it a bit later. Backport: 14.04
401 lines
16 KiB
Diff
401 lines
16 KiB
Diff
diff --git a/Makefile.am b/Makefile.am
|
|
index 3d9e5c1..4d43cb4 100644
|
|
--- a/Makefile.am
|
|
+++ b/Makefile.am
|
|
@@ -1707,7 +1707,9 @@ dist_tmpfiles_DATA += \
|
|
endif
|
|
|
|
SYSINIT_TARGET_WANTS += \
|
|
- systemd-tmpfiles-setup-dev.service \
|
|
+ systemd-tmpfiles-setup-dev.service
|
|
+
|
|
+MULTI_USER_TARGET_WANTS += \
|
|
systemd-tmpfiles-setup.service
|
|
|
|
dist_zshcompletion_DATA += \
|
|
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
|
|
index db72373..2fc12ca 100644
|
|
--- a/rules/99-systemd.rules.in
|
|
+++ b/rules/99-systemd.rules.in
|
|
@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
|
|
SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd"
|
|
SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
|
|
|
|
-# Ignore encrypted devices with no identified superblock on it, since
|
|
-# we are probably still calling mke2fs or mkswap on it.
|
|
-SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
|
|
-
|
|
# Ignore raid devices that are not yet assembled and started
|
|
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
|
|
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
|
|
diff --git a/src/core/main.c b/src/core/main.c
|
|
index 41605ee..8517369 100644
|
|
--- a/src/core/main.c
|
|
+++ b/src/core/main.c
|
|
@@ -1883,7 +1883,7 @@ finish:
|
|
char_array_0(sfd);
|
|
|
|
i = 0;
|
|
- args[i++] = SYSTEMD_BINARY_PATH;
|
|
+ args[i++] = "/run/current-system/systemd/lib/systemd/systemd";
|
|
if (switch_root_dir)
|
|
args[i++] = "--switched-root";
|
|
args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
|
|
diff --git a/src/core/service.c b/src/core/service.c
|
|
index ae3695a..6b3aa45 100644
|
|
--- a/src/core/service.c
|
|
+++ b/src/core/service.c
|
|
@@ -1096,11 +1096,6 @@ static int service_verify(Service *s) {
|
|
return -EINVAL;
|
|
}
|
|
|
|
- if (s->type == SERVICE_ONESHOT && s->restart != SERVICE_RESTART_NO) {
|
|
- log_error_unit(UNIT(s)->id, "%s has Restart setting other than no, which isn't allowed for Type=oneshot services. Refusing.", UNIT(s)->id);
|
|
- return -EINVAL;
|
|
- }
|
|
-
|
|
if (s->type == SERVICE_DBUS && !s->bus_name) {
|
|
log_error_unit(UNIT(s)->id, "%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->id);
|
|
return -EINVAL;
|
|
diff --git a/src/core/socket.c b/src/core/socket.c
|
|
index 7c18a2b..eba67d5 100644
|
|
--- a/src/core/socket.c
|
|
+++ b/src/core/socket.c
|
|
@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
|
|
int k;
|
|
|
|
k = getpeercred(fd, &ucred);
|
|
- if (k < 0)
|
|
+ if (k == -ENODATA) {
|
|
+ /* This handles the case where somebody is
|
|
+ * connecting from another pid/uid namespace
|
|
+ * (e.g. from outside of our container). */
|
|
+ if (asprintf(&r,
|
|
+ "%u-unknown",
|
|
+ nr) < 0)
|
|
+ return -ENOMEM;
|
|
+ }
|
|
+ else if (k < 0)
|
|
return k;
|
|
-
|
|
- if (asprintf(&r,
|
|
- "%u-%lu-%lu",
|
|
- nr,
|
|
- (unsigned long) ucred.pid,
|
|
- (unsigned long) ucred.uid) < 0)
|
|
- return -ENOMEM;
|
|
-
|
|
+ else {
|
|
+ if (asprintf(&r,
|
|
+ "%u-%lu-%lu",
|
|
+ nr,
|
|
+ (unsigned long) ucred.pid,
|
|
+ (unsigned long) ucred.uid) < 0)
|
|
+ return -ENOMEM;
|
|
+ }
|
|
break;
|
|
}
|
|
|
|
diff --git a/src/core/umount.c b/src/core/umount.c
|
|
index d1258f0..0311812 100644
|
|
--- a/src/core/umount.c
|
|
+++ b/src/core/umount.c
|
|
@@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
|
|
* anyway, since we are running from it. They have
|
|
* already been remounted ro. */
|
|
if (path_equal(m->path, "/")
|
|
+ || path_equal(m->path, "/nix")
|
|
+ || path_equal(m->path, "/nix/store")
|
|
#ifndef HAVE_SPLIT_USR
|
|
|| path_equal(m->path, "/usr")
|
|
#endif
|
|
diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
|
|
index 18f2aca..2a2b1ea 100644
|
|
--- a/src/fsck/fsck.c
|
|
+++ b/src/fsck/fsck.c
|
|
@@ -285,7 +285,7 @@ int main(int argc, char *argv[]) {
|
|
|
|
type = udev_device_get_property_value(udev_device, "ID_FS_TYPE");
|
|
if (type) {
|
|
- const char *checker = strappenda("/sbin/fsck.", type);
|
|
+ const char *checker = strappenda("/run/current-system/sw/sbin/fsck.", type);
|
|
r = access(checker, X_OK);
|
|
if (r < 0) {
|
|
if (errno == ENOENT) {
|
|
@@ -302,7 +302,7 @@ int main(int argc, char *argv[]) {
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
- cmdline[i++] = "/sbin/fsck";
|
|
+ cmdline[i++] = "/run/current-system/sw/sbin/fsck";
|
|
cmdline[i++] = "-a";
|
|
cmdline[i++] = "-T";
|
|
cmdline[i++] = "-l";
|
|
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
|
|
index 9a9ed9d..9e46e18 100644
|
|
--- a/src/nspawn/nspawn.c
|
|
+++ b/src/nspawn/nspawn.c
|
|
@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) {
|
|
goto finish;
|
|
}
|
|
} else {
|
|
+#if 0
|
|
const char *p;
|
|
|
|
p = strappenda(arg_directory,
|
|
@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) {
|
|
goto finish;
|
|
|
|
}
|
|
+#endif
|
|
}
|
|
} else {
|
|
char template[] = "/tmp/nspawn-root-XXXXXX";
|
|
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
|
|
index d61ecdf..228a3a4 100644
|
|
--- a/src/nss-myhostname/netlink.c
|
|
+++ b/src/nss-myhostname/netlink.c
|
|
@@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
|
|
ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
|
|
continue;
|
|
|
|
+ if (ifaddrmsg->ifa_family == AF_INET6 &&
|
|
+ ifaddrmsg->ifa_scope == RT_SCOPE_LINK)
|
|
+ continue;
|
|
+
|
|
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
|
|
continue;
|
|
|
|
diff --git a/src/shared/generator.c b/src/shared/generator.c
|
|
index 6110303..e679cb1 100644
|
|
--- a/src/shared/generator.c
|
|
+++ b/src/shared/generator.c
|
|
@@ -48,7 +48,7 @@ int generator_write_fsck_deps(
|
|
const char *checker;
|
|
int r;
|
|
|
|
- checker = strappenda("/sbin/fsck.", fstype);
|
|
+ checker = strappenda("/run/current-system/sw/sbin/fsck.", fstype);
|
|
r = access(checker, X_OK);
|
|
if (r < 0) {
|
|
log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker);
|
|
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
|
index 0887bc3..6b502ce 100644
|
|
--- a/src/systemctl/systemctl.c
|
|
+++ b/src/systemctl/systemctl.c
|
|
@@ -2561,7 +2561,7 @@ static int start_unit_one(
|
|
|
|
log_debug("Adding %s to the set", p);
|
|
r = set_consume(s, p);
|
|
- if (r < 0)
|
|
+ if (r < 0 && r != -EEXIST)
|
|
return log_oom();
|
|
}
|
|
|
|
diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
|
|
index 8ac51a4..cae9fb5 100644
|
|
--- a/units/console-getty.service.m4.in
|
|
+++ b/units/console-getty.service.m4.in
|
|
@@ -15,7 +15,6 @@ After=rc-local.service
|
|
Before=getty.target
|
|
|
|
[Service]
|
|
-ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM
|
|
Type=idle
|
|
Restart=always
|
|
RestartSec=0
|
|
diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in
|
|
index 4f7794b..bad2a9a 100644
|
|
--- a/units/container-getty@.service.m4.in
|
|
+++ b/units/container-getty@.service.m4.in
|
|
@@ -16,7 +16,6 @@ Before=getty.target
|
|
IgnoreOnIsolate=yes
|
|
|
|
[Service]
|
|
-ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
|
|
Type=idle
|
|
Restart=always
|
|
RestartSec=0
|
|
diff --git a/units/emergency.service.in b/units/emergency.service.in
|
|
index 94c090f..0d20640 100644
|
|
--- a/units/emergency.service.in
|
|
+++ b/units/emergency.service.in
|
|
@@ -15,7 +15,6 @@ Before=shutdown.target
|
|
[Service]
|
|
Environment=HOME=/root
|
|
WorkingDirectory=/root
|
|
-ExecStartPre=-/bin/plymouth quit
|
|
ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
|
|
ExecStart=-/sbin/sulogin
|
|
ExecStopPost=@SYSTEMCTL@ --fail --no-block default
|
|
diff --git a/units/getty@.service.m4 b/units/getty@.service.m4
|
|
index aa853b8..8bcc647 100644
|
|
--- a/units/getty@.service.m4
|
|
+++ b/units/getty@.service.m4
|
|
@@ -23,11 +23,12 @@ IgnoreOnIsolate=yes
|
|
# On systems without virtual consoles, don't start any getty. Note
|
|
# that serial gettys are covered by serial-getty@.service, not this
|
|
# unit.
|
|
-ConditionPathExists=/dev/tty0
|
|
+ConditionPathExists=|/dev/tty0
|
|
+ConditionVirtualization=|lxc
|
|
+ConditionVirtualization=|lxc-libvirt
|
|
|
|
[Service]
|
|
# the VT is cleared by TTYVTDisallocate
|
|
-ExecStart=-/sbin/agetty --noclear %I $TERM
|
|
Type=idle
|
|
Restart=always
|
|
RestartSec=0
|
|
diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
|
|
index 368f980..d0c1bd2 100644
|
|
--- a/units/kmod-static-nodes.service.in
|
|
+++ b/units/kmod-static-nodes.service.in
|
|
@@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel
|
|
DefaultDependencies=no
|
|
Before=sysinit.target systemd-tmpfiles-setup-dev.service
|
|
ConditionCapability=CAP_MKNOD
|
|
-ConditionPathExists=/lib/modules/%v/modules.devname
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
diff --git a/units/local-fs.target b/units/local-fs.target
|
|
index ae3cedc..0e36840 100644
|
|
--- a/units/local-fs.target
|
|
+++ b/units/local-fs.target
|
|
@@ -13,3 +13,5 @@ DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
OnFailure=emergency.target
|
|
OnFailureJobMode=replace-irreversibly
|
|
+
|
|
+X-StopOnReconfiguration=yes
|
|
diff --git a/units/remote-fs.target b/units/remote-fs.target
|
|
index 43ffa5c..156a681 100644
|
|
--- a/units/remote-fs.target
|
|
+++ b/units/remote-fs.target
|
|
@@ -12,5 +12,7 @@ After=remote-fs-pre.target
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
|
|
+X-StopOnReconfiguration=yes
|
|
+
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
|
|
index 552ef89..af3915f 100644
|
|
--- a/units/rescue.service.m4.in
|
|
+++ b/units/rescue.service.m4.in
|
|
@@ -16,7 +16,6 @@ Before=shutdown.target
|
|
[Service]
|
|
Environment=HOME=/root
|
|
WorkingDirectory=/root
|
|
-ExecStartPre=-/bin/plymouth quit
|
|
ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
|
|
ExecStart=-/sbin/sulogin
|
|
ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
|
|
diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
|
|
index 4ac51e7..86a3b59 100644
|
|
--- a/units/serial-getty@.service.m4
|
|
+++ b/units/serial-getty@.service.m4
|
|
@@ -22,7 +22,6 @@ Before=getty.target
|
|
IgnoreOnIsolate=yes
|
|
|
|
[Service]
|
|
-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
|
|
Type=idle
|
|
Restart=always
|
|
RestartSec=0
|
|
diff --git a/units/sysinit.target b/units/sysinit.target
|
|
index 8f4fb8f..e0f0147 100644
|
|
--- a/units/sysinit.target
|
|
+++ b/units/sysinit.target
|
|
@@ -9,6 +9,5 @@
|
|
Description=System Initialization
|
|
Documentation=man:systemd.special(7)
|
|
Conflicts=emergency.service emergency.target
|
|
-Wants=local-fs.target swap.target
|
|
-After=local-fs.target swap.target emergency.service emergency.target
|
|
+After=emergency.service emergency.target
|
|
RefuseManualStart=yes
|
|
diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in
|
|
index e945d87..77728f2 100644
|
|
--- a/units/systemd-backlight@.service.in
|
|
+++ b/units/systemd-backlight@.service.in
|
|
@@ -19,3 +19,4 @@ Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@rootlibexecdir@/systemd-backlight load %i
|
|
ExecStop=@rootlibexecdir@/systemd-backlight save %i
|
|
+X-RestartIfChanged=false
|
|
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
|
index de93879..c9a49f3 100644
|
|
--- a/units/systemd-journald.service.in
|
|
+++ b/units/systemd-journald.service.in
|
|
@@ -25,3 +25,8 @@ WatchdogSec=1min
|
|
# Increase the default a bit in order to allow many simultaneous
|
|
# services being run since we keep one fd open per service.
|
|
LimitNOFILE=16384
|
|
+
|
|
+# Don't restart journald, since that causes services connected to
|
|
+# journald to stop logging (see
|
|
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
|
|
+X-RestartIfChanged=no
|
|
diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
|
|
index 1879b2f..9b895b9 100644
|
|
--- a/units/systemd-random-seed.service.in
|
|
+++ b/units/systemd-random-seed.service.in
|
|
@@ -19,3 +19,4 @@ Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@rootlibexecdir@/systemd-random-seed load
|
|
ExecStop=@rootlibexecdir@/systemd-random-seed save
|
|
+X-RestartIfChanged=false
|
|
diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in
|
|
index 9d264a2..c505535 100644
|
|
--- a/units/systemd-rfkill@.service.in
|
|
+++ b/units/systemd-rfkill@.service.in
|
|
@@ -19,3 +19,4 @@ Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@rootlibexecdir@/systemd-rfkill load %I
|
|
ExecStop=@rootlibexecdir@/systemd-rfkill save %I
|
|
+X-RestartIfChanged=false
|
|
diff --git a/units/systemd-tmpfiles-setup.service.in b/units/systemd-tmpfiles-setup.service.in
|
|
index 01043b7..507f820 100644
|
|
--- a/units/systemd-tmpfiles-setup.service.in
|
|
+++ b/units/systemd-tmpfiles-setup.service.in
|
|
@@ -12,7 +12,7 @@ DefaultDependencies=no
|
|
Wants=local-fs.target
|
|
Conflicts=shutdown.target
|
|
After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target
|
|
-Before=sysinit.target shutdown.target
|
|
+Before=shutdown.target
|
|
ConditionDirectoryNotEmpty=|/usr/lib/tmpfiles.d
|
|
ConditionDirectoryNotEmpty=|/lib/tmpfiles.d
|
|
ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d
|
|
diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in
|
|
index da7dda7..e638145 100644
|
|
--- a/units/systemd-update-utmp.service.in
|
|
+++ b/units/systemd-update-utmp.service.in
|
|
@@ -11,7 +11,7 @@ Documentation=man:systemd-update-utmp.service(8) man:utmp(5)
|
|
DefaultDependencies=no
|
|
RequiresMountsFor=/var/log/wtmp
|
|
Conflicts=shutdown.target
|
|
-After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service
|
|
+After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service auditd.service
|
|
Before=sysinit.target shutdown.target
|
|
|
|
[Service]
|
|
@@ -19,3 +19,4 @@ Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@rootlibexecdir@/systemd-update-utmp reboot
|
|
ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown
|
|
+X-RestartIfChanged=false
|
|
diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
|
|
index 0869e73..b6ed958 100644
|
|
--- a/units/systemd-user-sessions.service.in
|
|
+++ b/units/systemd-user-sessions.service.in
|
|
@@ -15,3 +15,6 @@ Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@rootlibexecdir@/systemd-user-sessions start
|
|
ExecStop=@rootlibexecdir@/systemd-user-sessions stop
|
|
+
|
|
+# Restart kills all active sessions.
|
|
+X-RestartIfChanged=no
|