Commit Graph

157 Commits

Author SHA1 Message Date
Lennart Poettering
e1f9d3c84b catalog: beef up new sysctl message
Let's make use of the templating logic, to make the entry more useful.
2024-09-13 07:29:04 +02:00
Lennart Poettering
9d63491f25 catalog: rebreak catalog entry 2024-09-13 07:28:55 +02:00
Matteo Croce
6d9ef22acd emit a warning in networkd if managed sysctls are changed
Monitor the sysctl set by networkd for writes, if a sysctl is
overwritten with a different value than the one we set, emit a warning.
Writes are detected with an eBPF program attached as BPF_CGROUP_SYSCTL
which reports the sysctl writes only in net/.

The eBPF program only reports sysctl writes from a different cgroup than networkd.
To do this, it uses the `bpf_current_task_under_cgroup_proto()` helper,
which will be available allowed in BPF_CGROUP_SYSCTL from kernel 6.12[1].

Loading a BPF_CGROUP_SYSCTL program requires the CAP_SYS_ADMIN capability,
so drop it just after the program load, whether it loads successfully or not.

Writes are logged but permitted, in future the functionality can be
extended to also deny writes to managed sysctls.

[1] https://lore.kernel.org/bpf/20240819162805.78235-3-technoboy85@gmail.com/
2024-09-11 23:07:00 +02:00
nerdopolis
952b26c75d login: Add a new SecureAttentionKey dbus signal when Ctrl+Alt+Shift+Esc is pressed 2024-06-24 22:29:38 +02:00
Yu Watanabe
c33a65e1ba catalog: fix typo
Follow-up for d6518003f8.
2024-06-18 09:09:30 +09:00
Mike Yuan
d4d90ef900
Merge pull request #33214 from keszybz/system-clock-epoch
Rework the setting and description of system clock to the epoch
2024-06-16 17:42:47 +02:00
Zbigniew Jędrzejewski-Szmek
e0c7c9a00d manager: add structured log message about clock bump
Requested in https://github.com/systemd/systemd/pull/33214#discussion_r1630251308.
Also, reword error messages a bit. When /usr/lib/clock-epoch was introduced,
"build time" stopped being acurate. Just say "epoch" instead.

The same message ID is used in the manager and timesyncd. The event is
essentially equivalent for the user, and it seems reasonable that to search for
both at the same time.

The catalog entry is dropped. It provided almost no additional information above
the message. When the same message ID is now applied to messages from PID1 and
timesyncd, and the clock can be both advanced and rewound, it becomes very hard
to make the catalog entry provide something useful, because catalog entries don't
allow conditionalization.
2024-06-15 16:54:37 +02:00
Daan De Meyer
d6518003f8 tpm2-setup: Don't fail if we can't access the TPM due to authorization failure
The TPM might be password/pin protected for various reasons even if
there is no SRK yet. Let's handle those cases gracefully instead of
failing the unit as it is enabled by default.
2024-06-12 18:31:21 +09:00
Zbigniew Jędrzejewski-Szmek
03d35b5d18 man: update links to catalog docs 2024-05-28 14:46:44 +02:00
Piotr Drąg
2ff22bf132 catalog: update Polish translation
Includes changes up to 844863c61e
2024-04-30 18:09:56 +02:00
Mike Yuan
844863c61e
core/manager: add unmerged-bin taint 2024-04-24 08:43:08 +08:00
Mike Yuan
ea81442892
core/manager: rearrange taint tags 2024-04-24 08:40:25 +08:00
Mike Yuan
2b28dfe6e6
core/manager: drop obsolete cgroup taint string
Wwe can't boot on systems without cgroup anyway
(even cgroup v1 will be gone pretty soon).
2024-04-24 08:39:29 +08:00
Piotr Drąg
7b44a24c1b catalog: update Polish translation 2024-03-12 11:37:17 +01:00
James Muir
c0c852a8bb bulgarian: use "RateLimitIntervalSec" rather than "RateLimitInterval"
Update Bulgarian translation.  "RateLimitIntervalSec" is the current option
name.  "RateLimitInterval" is the legacy option name.
2024-02-04 02:42:09 +09:00
Luca Boccassi
a0cca4d1b0 portable: log structured message when attach/detach succeeds
Currently portabled is completely silent (when not using debug level). But
when the system state is changed (ie: a portable is attached or detached)
there are no traces left in the journal. Log at info level when either of
those operations succeed, as they are effectively changing the state of
the system.

Create new MESSAGE_IDs for these logs, and also append PORTABLE_ROOT=
(and PORTABLE_EXTENSION= if any), like the units themselves are
configured to do via LogExtraFields=, so that the same metadata can
be found in the attach/detach messages and in logs from the units
themselves.
2024-01-19 17:03:04 +01:00
Zbigniew Jędrzejewski-Szmek
55e40b0be8 tree-wide: s/life-cycle/lifecycle/g 2023-11-06 20:16:34 +01:00
Yu Watanabe
d19434fbf8 tree-wide: fix typo 2023-10-31 14:35:33 +09:00
Mike Yuan
8a5aba5be3
systemd.catalog: freezed -> froze
Follow-up for 1dc604d821
2023-09-05 12:57:28 +08:00
Mike Yuan
1dc604d821
catalog/systemd.catalog: rephrase a bunch of messages
Follow-up for #28873
2023-09-04 22:45:45 +08:00
OMOJOLA JOSHUA
ad5db9404e Journal: Add message IDs for emergency-level log messages 2023-09-01 13:59:21 +01:00
Zbigniew Jędrzejewski-Szmek
c31ba5cfe9 meson: use 'sh' variable everywhere
We went back-and-forth a bit on this. Very old meson would print a message
about detecting the program if a quoted argument was used, leading to a lot of
noise. So we started to convert various places to use the variable, but then it
turned out that meson < 0.56.2 doesn't handle this correctly and we reverted to
using strings everywhere in 7c22f07cbd. Then at
some point we stopped supporting old meson and over time we started using the
variable in various places again, somewhat inconsistently. Then most calls to
'sh' were removed in 9289e093ae when
install_emptydir() builtin started being used.

Now meson allows either the string or variable to be used, and doesn't print a
message if the string is used. Let's use the variable everywhere. For 'sh', we
could do either, but for other variables, we _do_ want the detection to happen,
for example for git, find, awk, which might not be installed and we want to
detect that early, before we start the build. It would be ugly to use quotes
for some programs, but not for others. Also, a string is still refused for
test(), so we couldn't use the string version even if we didn't care about
detection.
2023-08-24 11:17:50 +02:00
Luca Boccassi
b0d3095fd6 Drop split-usr and unmerged-usr support
As previously announced, execute order 66:

https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

The meson options split-usr, rootlibdir and rootprefix become no-ops
that print a warning if they are set to anything other than the
default values. We can remove them in a future release.
2023-07-28 19:34:03 +01:00
Piotr Drąg
c62d616d8c catalog: update Polish translation 2023-07-14 18:22:00 +02:00
Lennart Poettering
f4d4ca6e2b sysv-generator: make sysv deprecation message a bit "louder"
Let's add a catalog entry, make the log record structured, and most
importantly, let's add warning emojis.

Just to underline that this stuff should really go away.
2023-06-27 23:21:03 +02:00
Piotr Drąg
b6a3fe2666 catalog,po: update Polish translation 2023-06-27 21:53:32 +01:00
Lennart Poettering
e503019bc7 tree-wide: when in doubt use greek small letter mu rather than micro symbol
Doesn't really matter since the two unicode symbols are supposedly
equivalent, but let's better follow the unicode recommendations to
prefer greek small letter mu, as per:

https://www.unicode.org/reports/tr25
2023-06-14 10:23:56 +02:00
Yu Watanabe
c73676dcbb man,catalog: fix typo
Follow-up for #26448.
2023-02-24 08:52:42 +09:00
Lennart Poettering
158fe190af sd-event: add high-level sd_event_add_memory_pressure() event source
Typically, in reasonably complex programs we want to realease various
caches (such as glibc allocation caches) in case of memory pressure.
Let's add explicit infrastructure for that to sd-event, that can hook
Linux' Pressure Stall Information (PSI) logic with our event loop.

This adds sd_event_add_memory_pressure() as easy, one-step API to
install an even source that is called under memory pressure.

The parameters which file to watch (the per-cgroup PSI file, or the
system-wide file /proc/pressure/memory) can be configured via env vars.
The idea is that the service manager sooner or later gains controls for
setting this up correctly.

Alternatively to the PSI a similar logic is supported but instead of
waiting for POLLPRI on a procfs/cgroupfs fd we'll wait for POLLIN on
FIFO or AF_UNIX sockets. This is useful for testing, and possibly in
other environments, for example to hook up this protocol directly with
GNOME's low memory monitor.

By default this watches on the cgroup-local PSI so that we aren't
affected by pressure on cgroups we are not related to.
2023-02-22 13:09:42 +01:00
Jan Janssen
3774ff06f2 meson: Install all catalogs 2023-01-27 17:47:09 +01:00
Lennart Poettering
29920c5b1f timesyncd: write structured log messages whenever we bump the clock based on disk timestamp
It's useful being able to easily detect if a disk-based clock bump was
done, let's make it a structure message, the same way as acquiring an
NTP fix already is.

Also, set the clock to 1 µs further than the timestamp from the disk,
after all we know that that timestamp was current when it was written,
hence it can't be the right one right now anymore.
2023-01-20 22:33:04 +01:00
Zbigniew Jędrzejewski-Szmek
86a066157e man: reword "string is extended into PCR"
Originally, people used "extend a PCR with a measurement" or
"measure some blob into the PCR". In our docs those uses got merged
into "extend a string into a PCR". The meaning is clear to developers, but
it's a very jargony syntax that wouldn't make any sense to somebody who encounters
it the first time. Let's return to the more natural original phrasing.

Also, change various "this is supposed to act as" to "this acts as". If it
doesn't work, we have a bug to fix. This indirection is not useful.

Also, "boot path" → "phase path" and other smaller cleanups.
2023-01-11 17:13:05 +01:00
Zbigniew Jędrzejewski-Szmek
1485925d2d man: reword some awkward sentences 2022-10-14 15:56:58 +02:00
Lennart Poettering
55c041b4e4 tree-wide: also settle on "initrd" instead of "initial RAM disk"
With this the concept is now called the same way everywhere except where
historical info is relevant or where the other names are API.
2022-09-23 15:12:18 +02:00
Lennart Poettering
708d752479 boot: add new pcrphase tool to measure barrier strings into PCR 11 2022-09-22 16:52:06 +02:00
Alexander Shopov
1c1cb8ec6f Move message repeat
Original catalog file is in English
Move the repeating German message to German catalog

Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2022-06-01 00:20:30 +09:00
Alexander Shopov
3e597d0d35 Update Bulgarian translation
po: catalog: Bring bg.po and catalog file to 100%

Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2022-05-31 16:34:25 +02:00
Piotr Drąg
63d08a8571 catalog,po: update Polish translation 2022-05-15 17:42:36 +01:00
Lennart Poettering
b016e77efd timesyncd: generate a structure log message the first time we set the clock correctly
Usecase: later on we can use this to retroactively adjust log output in
journalctl or similar on systems lacking an RTC: we just have to search
for this sructured log message that indicates the first sync point and
can then retroactively adjust the incorrect timestamps collected before
that.
2022-03-18 23:54:05 +01:00
Zbigniew Jędrzejewski-Szmek
f1b98127ff meson: do not use split() in file lists
The approach to use '''…'''.split() instead of a list of strings was initially
used when converting from automake because it allowed identical blocks of lines
to be used for both, making the conversion easier.

But over the years we have been using normal lists more and more, especially
when there were just a few filenames listed. This converts the rest.

No functional change.
2022-03-02 14:49:32 +01:00
Daan De Meyer
e93ada9821 meson: Add missing test dependencies
Currently, running "meson build" followed by "meson test -C build"
will result in many failed tests due to missing dependencies. This
commit adds the missing dependencies to make sure no tests fail.
2022-01-22 01:56:03 +09:00
Yegor Alexeyev
836fb00f21 units: added factory-reset.target 2021-08-10 17:08:00 +02:00
Zbigniew Jędrzejewski-Szmek
7c22f07cbd meson: revert the change to unquote commands in add_install_script
Old meson fails with:
Element not a string: [<Holder: <ExternalProgram 'sh' -> ['/bin/sh']>>, '-c', 'test -n "$DESTDIR" || /bin/journalctl --update-catalog']

I'm doing it as a revert so that it's easy to undo the revert when we require
newer meson. The effect is not so bad, maybe a dozen or so lines about finding
'sh'.
2021-05-14 19:52:25 +02:00
Zbigniew Jędrzejewski-Szmek
0f4c4f3824 meson: call find_program() once and reuse the variable everywhere
Meson 0.58 has gotten quite bad with emitting a message every time
a quoted command is used:
Program /home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh found: YES (/home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program xsltproc found: YES (/usr/bin/xsltproc)
Configuring custom-entities.ent using configuration
Message: Skipping bootctl.1 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping journal-remote.conf.5 because HAVE_MICROHTTPD is false
Message: Skipping journal-upload.conf.5 because HAVE_MICROHTTPD is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping loader.conf.5 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
...

Let's suffer one message only for each command. Hopefully we can silence
even this when https://github.com/mesonbuild/meson/issues/8642 is
resolved.
2021-05-14 14:21:27 +02:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
515736d0f3 tree-wide: update web link to logind description
https://www.freedesktop.org/wiki/Software/systemd/multiseat/ says that it
is obsoleted by sd-login(3), so it doesn't make much sense to link to the former.
2020-10-19 15:23:37 +02:00
Lennart Poettering
3142135098 catalog: add missing @ to German catalog file 2020-09-23 13:56:51 +02:00
Piotr Drąg
116d6d2965 catalog: update Polish translation 2020-07-26 11:28:29 +02:00
Lennart Poettering
77ee1783eb udevadm: beef up deprecation log warning
Let's add a catalog entry explaining further details.

Most importantly though: talk to PID 1 directly, via the private D-Bus
socket, so that this actually works correctly during early boot, where
D-Bus is not around.
2020-07-14 14:57:19 +02:00
Piotr Drąg
3da49ad55a catalog: update Polish translation 2020-07-05 12:59:41 +02:00