Commit Graph

24 Commits

Author SHA1 Message Date
Lennart Poettering
702a52f4b5 mountfsd: add new systemd-mountfsd component 2024-04-06 16:08:24 +02:00
Lennart Poettering
8aee931e7a nsresourced: add new daemon for granting clients user namespaces and assigning resources to them
This adds a small, socket-activated Varlink daemon that can delegate UID
ranges for user namespaces to clients asking for it.

The primary call is AllocateUserRange() where the user passes in an
uninitialized userns fd, which is then set up.

There are other calls that allow assigning a mount fd to a userns
allocated that way, to set up permissions for a cgroup subtree, and to
allocate a veth for such a user namespace.

Since the UID assignments are supposed to be transitive, i.e. not
permanent, care is taken to ensure that users cannot create inodes owned
by these UIDs, so that persistancy cannot be acquired. This is
implemented via a BPF-LSM module that ensures that any member of a
userns allocated that way cannot create files unless the mount it
operates on is owned by the userns itself, or is explicitly
allowelisted.

BPF LSM program with contributions from Alexei Starovoitov.
2024-04-06 16:08:24 +02:00
Zbigniew Jędrzejewski-Szmek
56afff50b9 preset: enable homed sidecar services
As described in https://github.com/systemd/systemd/issues/31235, the preset
state for systemd-homed-activate.service was unclear. On the one hand, we have
a preset with 'enable systemd-homed.service', and systemd-homed.service has
'Also=systemd-homed-activate.service systemd-homed-firstboot.service', so
'preset systemd-homed.service' would also enable those two services, but
'preset systemd-homed-activate.service' would disable it, because the presets
don't say it is enabled. It seems that this configuration is internally
inconsistent. As described in the issue, maybe systemctl should be smarter
here, or warn about such configs. Either way, let's make our config consistent.

Follow-up for d1f6e01e47 and
3ccadbce33.
2024-02-08 22:44:00 +00:00
Maanya Goenka
34e17203bd
preset: enable confext and sysext by default (#31211) 2024-02-07 04:19:59 +08:00
Lennart Poettering
ab36d7c975 preset: add some alphabetical sorting
I think the existing sections in the preset file make sense, but
alphabetical ordering is kinda cool too.

try to find a middle ground, and at least sort within each section.

No actual change of behaviour, just some reordering of lines.
2024-01-23 19:57:23 +00:00
Lennart Poettering
615d795d9a preset: enable systemd-networkd-wait-online.service by default
As #25459 points out our default preset is contradictory. Let's fix
that.

This enables systemd-networkd-wait-online.service, as we enable
systemd-networkd.service which enables that anyway.

This is safe since network-online.target should not be pulled in by
default.

Fixes: #25459
2023-06-07 21:51:37 +01:00
Franck Bui
2aba77057e journal: give the ability to enable/disable systemd-journald-audit.socket
Before this patch the only way to prevent journald from reading the audit
messages was to mask systemd-journald-audit.socket. However this had main
drawback that downstream couldn't ship the socket disabled by default (beside
the fact that masking units is not supposed to be the usual way to disable
them).

Fixes #15777
2023-01-11 17:18:57 +01:00
Zbigniew Jędrzejewski-Szmek
e053f49272 units: enable systemd-network-generator by default
It is used by udevd and networkd. Since udevd is enabled statically, let's also
change the preset to "on". networkd is opt-in, so let's pull in the generator
when enabling networkd too.
2021-12-16 09:49:39 +01:00
Lennart Poettering
71c8bf2837 boot: optionally update sd-boot on boot
Boot loaders are software like any other, and hence muse be updated in
regular intervals. Let's add a simple (optional) service that updates
sd-boot automatically from the host if it is found installed but
out-of-date in the ESP.

Note that traditional distros probably should invoke "bootctl update"
directly from the package scripts whenver they update the sd-boot
package. This new service is primarily intended for image-based update
systems, i.e. where the rootfs or /usr are atomically updated in A/B
style and where the current boot loader should be synced into the ESP
from the currently booted image every now and then. It can also act as
safety net if the packaging scripts in classic systems are't doing the
bootctl update stuff themselves.

Since updating boot loaders mit be a tiny bit risky (even though we try
really hard to make them robust, by fsck'ing the ESP and mounting it only on
demand, by doing updates mostly as single file updates and by fsync()ing
heavily) this is an optional feature, i.e. subject to "systemctl
enable". However, since it's the right thing to do I think, it's enabled
by default via the preset logic.

Note that the updating logic is implemented gracefully: i.e. it's a NOP
if the boot loader is already new enough, or was never installed.
2021-07-30 17:19:55 +02:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Harald Seiler
7139e9d9a3 preset: don't enable proc-sys-fs-binfmt_misc.mount
The proc-sys-fs-binfmt_misc.mount unit should not be enabled by
preset-all because it should only be used as fallback in case
proc-sys-fs-binfmt_misc.automount cannot be used on a system.  In these
cases it should be enabled manually by an administrator.
2020-10-19 12:33:39 +02:00
Lennart Poettering
548af942b8 Revert "presets: "disable" all passive targets by default"
This reverts commit 61c3e2c8bf.

The original commit doesn't make sense to me, none of the listed units
have an [Install] section, they hence are not subject to enable/disable
and hence not preset either. This commit hence has no effect whatsoever,
let's undo it to avoid further confusion.
2020-05-26 20:51:58 +02:00
Lennart Poettering
9e27fd321c preset: let's clean up preset list a bit
let's make sure we list all singleton units we define in the preset
list, either as disable or as enable. Only four were missing, let's add
them in.

Also, let's group the pstore one with the other ones that are enabled,
right at the top.
2020-04-07 19:01:00 +02:00
Lennart Poettering
aade0c3b6e Revert "units: make systemd-repart.service installable"
This reverts commit 7e1ed1f3b2.

systemd-repart is not a user service that should be something people
enable/disable, instead it should just work if there's configuration for
it. It's like systemd-tmpfiles, systemd-sysusers, systemd-load-modules,
systemd-binfmt, systemd-systemd-sysctl which are NOPs if they have no
configuration, and thus don't hurt, but cannot be disabled since they
are too deep part of the OS.

This doesn't mean people couldn't disable the service if they really
want to, there's after all "systemctl mask" and build-time disabling,
but those are OS developer facing instead of admin facing, that's how it
should be.

Note that systemd-repart is in particular an initrd service, and so far
enable/disable state of those is not managed anyway via "systemctl
enable/disable" but more what dracut decides to package up and what not.
2020-04-02 17:04:59 +02:00
Zbigniew Jędrzejewski-Szmek
ead7af3093 units: make systemd-userdbd.{socket,service} installable
It's lightweight and generally useful, so it should be enabled by default. But
users might want to disable it for whatever reason, and things should be fine
without it, so let's make it installable so it can be disabled if wanted.

Fixes #15175.
2020-03-31 14:55:16 +02:00
Zbigniew Jędrzejewski-Szmek
5ef9eda17f units: make systemd-homed.service installable
Fixes #15083. Users might want to disable homed if not used to save resources.
2020-03-31 14:55:14 +02:00
Zbigniew Jędrzejewski-Szmek
7e1ed1f3b2 units: make systemd-repart.service installable
This essentially adds another layer of configurability:
build disable, this, presence of configuration. The default is
set to enabled, because the service does nothing w/o config.
2020-03-31 14:51:04 +02:00
Zbigniew Jędrzejewski-Szmek
5926ea0a68 presets: enable systemd-pstore.service by default
It has no effect is the pstore is not used, and prevents the non-volatile
storage from filling up if is used by the kernel.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952767
2020-02-29 10:01:45 +01:00
Zbigniew Jędrzejewski-Szmek
61c3e2c8bf presets: "disable" all passive targets by default
Officially we default to a "enable *", even though pretty much everybody
overrides this with "disable *". We have a bunch of targets and services which
should not be enabled by default. In case the default policy is not overriden,
our passive units would be enabled by presets, which is generally not useful at
all. So let's explicitly mark them as disabled.

Note that this effectively changes very little. E.g. on Fedora, all the units
listed in this patch were "disabled" already.

Fixes #14648.
2020-02-04 13:59:31 +09:00
Zbigniew Jędrzejewski-Szmek
0cd41d4dff Drop my copyright headers
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
2018-06-14 13:03:20 +02:00
Lennart Poettering
96b2fb93c5 tree-wide: beautify remaining copyright statements
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
2018-06-14 10:20:21 +02:00
Zbigniew Jędrzejewski-Szmek
11a1589223 tree-wide: drop license boilerplate
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
2018-04-06 18:58:55 +02:00
Zbigniew Jędrzejewski-Szmek
cfdda37c9f Hook up systemd-tmpfiles as user units
An explicit --user switch is necessary because for the user@0.service instance
systemd-tmpfiles is running as root, and we need to distinguish that from
systemd-tmpfiles running in systemd-tmpfiles*.service.

Fixes #2208.

v2:
- restore "systemd-" prefix
- add systemd-tmpfiles-clean.{service,timer}, systemd-setup.service to
  systemd-tmpfiles(8)
2017-12-06 10:19:35 +01:00
Zbigniew Jędrzejewski-Szmek
e783f95718 Rename "system-preset" source dir to "presets"
I want to add presets/user/ later. This mirrors the layout for units:
we have units/ and units/user. The advantage is that we avoid having yet
another directory at the top level.
2017-12-06 10:18:35 +01:00