|
 |
613b6e |
From 0d0ecaab000cf2768a3edf1e73119bf2fce952b0 Mon Sep 17 00:00:00 2001
|
|
|
613b6e |
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
613b6e |
Date: Wed, 9 Oct 2024 14:49:07 +0200
|
|
|
613b6e |
Subject: [PATCH 1/6] mkosi: Fix up ownership of testuser home directory on
|
|
|
613b6e |
first boot
|
|
|
613b6e |
|
|
|
613b6e |
When building unprivileged, the testuser home directory ends up
|
|
|
613b6e |
owned by root:root because mkosi can't chown directories to other
|
|
|
613b6e |
owners when running unprivileged. So let's fix up the testuser
|
|
|
613b6e |
ownership on first boot with tmpfiles instead.
|
|
|
613b6e |
---
|
|
|
613b6e |
mkosi.extra/usr/lib/tmpfiles.d/testuser.conf | 3 +++
|
|
|
613b6e |
1 file changed, 3 insertions(+)
|
|
|
613b6e |
create mode 100644 mkosi.extra/usr/lib/tmpfiles.d/testuser.conf
|
|
|
613b6e |
|
|
|
613b6e |
diff --git a/mkosi.extra/usr/lib/tmpfiles.d/testuser.conf b/mkosi.extra/usr/lib/tmpfiles.d/testuser.conf
|
|
|
613b6e |
new file mode 100644
|
|
|
613b6e |
index 0000000000000..7113177f4deba
|
|
|
613b6e |
--- /dev/null
|
|
|
613b6e |
+++ b/mkosi.extra/usr/lib/tmpfiles.d/testuser.conf
|
|
|
613b6e |
@@ -0,0 +1,3 @@
|
|
|
613b6e |
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
613b6e |
+
|
|
|
613b6e |
+z! /home/testuser 700 testuser testuser
|
|
|
613b6e |
|
|
|
613b6e |
From ec9fd0d4f5f77404fbfabde9e7a9d01aaa1356ff Mon Sep 17 00:00:00 2001
|
|
|
613b6e |
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
613b6e |
Date: Wed, 9 Oct 2024 16:37:06 +0200
|
|
|
613b6e |
Subject: [PATCH 2/6] update-utmp: Make reconnect logic more robust
|
|
|
613b6e |
|
|
|
613b6e |
We might also fail to connect to the private manager bus itself if
|
|
|
613b6e |
the daemon-reexec is still ongoing, so let's handle that as well by
|
|
|
613b6e |
retrying on ECONNREFUSED.
|
|
|
613b6e |
---
|
|
|
613b6e |
src/update-utmp/update-utmp.c | 45 +++++++++++++++++++----------------
|
|
|
613b6e |
1 file changed, 25 insertions(+), 20 deletions(-)
|
|
|
613b6e |
|
|
|
613b6e |
diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c
|
|
|
613b6e |
index c376676e8d0a5..7a8a53f7e8ec5 100644
|
|
|
613b6e |
--- a/src/update-utmp/update-utmp.c
|
|
|
613b6e |
+++ b/src/update-utmp/update-utmp.c
|
|
|
613b6e |
@@ -82,6 +82,25 @@ static int get_current_runlevel(Context *c) {
|
|
|
613b6e |
assert(c);
|
|
|
613b6e |
|
|
|
613b6e |
for (unsigned n_attempts = 0;;) {
|
|
|
613b6e |
+ if (n_attempts++ > 0) {
|
|
|
613b6e |
+ /* systemd might have dropped off momentarily, let's not make this an error,
|
|
|
613b6e |
+ * and wait some random time. Let's pick a random time in the range 0ms…250ms,
|
|
|
613b6e |
+ * linearly scaled by the number of failed attempts. */
|
|
|
613b6e |
+ c->bus = sd_bus_flush_close_unref(c->bus);
|
|
|
613b6e |
+
|
|
|
613b6e |
+ usec_t usec = random_u64_range(UINT64_C(10) * USEC_PER_MSEC +
|
|
|
613b6e |
+ UINT64_C(240) * USEC_PER_MSEC * n_attempts/64);
|
|
|
613b6e |
+ (void) usleep_safe(usec);
|
|
|
613b6e |
+
|
|
|
613b6e |
+ r = bus_connect_system_systemd(&c->bus);
|
|
|
613b6e |
+ if (r == -ECONNREFUSED && n_attempts < 64) {
|
|
|
613b6e |
+ log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m");
|
|
|
613b6e |
+ continue;
|
|
|
613b6e |
+ }
|
|
|
613b6e |
+ if (r < 0)
|
|
|
613b6e |
+ return log_error_errno(r, "Failed to reconnect to system bus: %m");
|
|
|
613b6e |
+ }
|
|
|
613b6e |
+
|
|
|
613b6e |
FOREACH_ELEMENT(e, table) {
|
|
|
613b6e |
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
613b6e |
_cleanup_free_ char *state = NULL, *path = NULL;
|
|
|
613b6e |
@@ -102,18 +121,10 @@ static int get_current_runlevel(Context *c) {
|
|
|
613b6e |
sd_bus_error_has_names(&error,
|
|
|
613b6e |
SD_BUS_ERROR_NO_REPLY,
|
|
|
613b6e |
SD_BUS_ERROR_DISCONNECTED)) &&
|
|
|
613b6e |
- ++n_attempts < 64) {
|
|
|
613b6e |
-
|
|
|
613b6e |
- /* systemd might have dropped off momentarily, let's not make this an error,
|
|
|
613b6e |
- * and wait some random time. Let's pick a random time in the range 0ms…250ms,
|
|
|
613b6e |
- * linearly scaled by the number of failed attempts. */
|
|
|
613b6e |
-
|
|
|
613b6e |
- usec_t usec = random_u64_range(UINT64_C(10) * USEC_PER_MSEC +
|
|
|
613b6e |
- UINT64_C(240) * USEC_PER_MSEC * n_attempts/64);
|
|
|
613b6e |
- log_debug_errno(r, "Failed to get state of %s, retrying after %s: %s",
|
|
|
613b6e |
- e->special, FORMAT_TIMESPAN(usec, USEC_PER_MSEC), bus_error_message(&error, r));
|
|
|
613b6e |
- (void) usleep_safe(usec);
|
|
|
613b6e |
- goto reconnect;
|
|
|
613b6e |
+ n_attempts < 64) {
|
|
|
613b6e |
+ log_debug_errno(r, "Failed to get state of %s, retrying after a slight delay: %s",
|
|
|
613b6e |
+ e->special, bus_error_message(&error, r));
|
|
|
613b6e |
+ break;
|
|
|
613b6e |
}
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
return log_warning_errno(r, "Failed to get state of %s: %s", e->special, bus_error_message(&error, r));
|
|
|
613b6e |
@@ -121,14 +132,8 @@ static int get_current_runlevel(Context *c) {
|
|
|
613b6e |
if (STR_IN_SET(state, "active", "reloading"))
|
|
|
613b6e |
return e->runlevel;
|
|
|
613b6e |
}
|
|
|
613b6e |
-
|
|
|
613b6e |
- return 0;
|
|
|
613b6e |
-
|
|
|
613b6e |
-reconnect:
|
|
|
613b6e |
- c->bus = sd_bus_flush_close_unref(c->bus);
|
|
|
613b6e |
- r = bus_connect_system_systemd(&c->bus);
|
|
|
613b6e |
- if (r < 0)
|
|
|
613b6e |
- return log_error_errno(r, "Failed to reconnect to system bus: %m");
|
|
|
613b6e |
+ if (r >= 0)
|
|
|
613b6e |
+ return 0;
|
|
|
613b6e |
}
|
|
|
613b6e |
}
|
|
|
613b6e |
|
|
|
613b6e |
|
|
|
613b6e |
From a339495b1d67f69f49ffffdd96002164a28f1c93 Mon Sep 17 00:00:00 2001
|
|
|
613b6e |
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
613b6e |
Date: Wed, 9 Oct 2024 11:44:34 +0200
|
|
|
613b6e |
Subject: [PATCH 3/6] bus-util: Drop fallback to system/user bus if manager bus
|
|
|
613b6e |
doesn't work
|
|
|
613b6e |
|
|
|
613b6e |
We have various callsites that explicitly need the manager bus and
|
|
|
613b6e |
won't work with the system bus, like daemon-reexec and friends which
|
|
|
613b6e |
can't properly wait until the operation has finished unless using the
|
|
|
613b6e |
manager bus.
|
|
|
613b6e |
|
|
|
613b6e |
If we silently fall back to the system bus for these operations, we
|
|
|
613b6e |
can end up with rather hard to debug issues so let's remove the fallback
|
|
|
613b6e |
as it was added back in 2013 in a6aa89122d2fa5e811a72200773068c13bfffea2
|
|
|
613b6e |
without a clear explanation of why it was needed (I expect as a fallback
|
|
|
613b6e |
if kdbus wasn't available but that's not a thing anymore these days).
|
|
|
613b6e |
---
|
|
|
613b6e |
src/shared/bus-util.c | 6 +++---
|
|
|
613b6e |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
613b6e |
|
|
|
613b6e |
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
|
|
|
613b6e |
index f4c4eed70702a..44ed617da8dfb 100644
|
|
|
613b6e |
--- a/src/shared/bus-util.c
|
|
|
613b6e |
+++ b/src/shared/bus-util.c
|
|
|
613b6e |
@@ -245,7 +245,7 @@ int bus_connect_system_systemd(sd_bus **ret_bus) {
|
|
|
613b6e |
|
|
|
613b6e |
r = sd_bus_start(bus);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
- return sd_bus_default_system(ret_bus);
|
|
|
613b6e |
+ return r;
|
|
|
613b6e |
|
|
|
613b6e |
r = bus_check_peercred(bus);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
@@ -265,7 +265,7 @@ int bus_connect_user_systemd(sd_bus **ret_bus) {
|
|
|
613b6e |
|
|
|
613b6e |
e = secure_getenv("XDG_RUNTIME_DIR");
|
|
|
613b6e |
if (!e)
|
|
|
613b6e |
- return sd_bus_default_user(ret_bus);
|
|
|
613b6e |
+ return -ENXIO;
|
|
|
613b6e |
|
|
|
613b6e |
ee = bus_address_escape(e);
|
|
|
613b6e |
if (!ee)
|
|
|
613b6e |
@@ -281,7 +281,7 @@ int bus_connect_user_systemd(sd_bus **ret_bus) {
|
|
|
613b6e |
|
|
|
613b6e |
r = sd_bus_start(bus);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
- return sd_bus_default_user(ret_bus);
|
|
|
613b6e |
+ return r;
|
|
|
613b6e |
|
|
|
613b6e |
r = bus_check_peercred(bus);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
|
|
|
613b6e |
From a178ffdfcd9d25886a6e563a0fbd9929852e85c4 Mon Sep 17 00:00:00 2001
|
|
|
613b6e |
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
613b6e |
Date: Wed, 9 Oct 2024 12:10:44 +0200
|
|
|
613b6e |
Subject: [PATCH 4/6] bus-util: Move geteuid() check out of
|
|
|
613b6e |
bus_connect_system_systemd()
|
|
|
613b6e |
|
|
|
613b6e |
Let's move this check to bus_connect_transport_systemd() so that
|
|
|
613b6e |
bus_connect_system_systemd() will only ever connect to the manager
|
|
|
613b6e |
private manager bus instance and fail otherwise.
|
|
|
613b6e |
---
|
|
|
613b6e |
src/shared/bus-util.c | 13 ++++++-------
|
|
|
613b6e |
1 file changed, 6 insertions(+), 7 deletions(-)
|
|
|
613b6e |
|
|
|
613b6e |
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
|
|
|
613b6e |
index 44ed617da8dfb..a196ba47f647c 100644
|
|
|
613b6e |
--- a/src/shared/bus-util.c
|
|
|
613b6e |
+++ b/src/shared/bus-util.c
|
|
|
613b6e |
@@ -229,12 +229,6 @@ int bus_connect_system_systemd(sd_bus **ret_bus) {
|
|
|
613b6e |
|
|
|
613b6e |
assert(ret_bus);
|
|
|
613b6e |
|
|
|
613b6e |
- if (geteuid() != 0)
|
|
|
613b6e |
- return sd_bus_default_system(ret_bus);
|
|
|
613b6e |
-
|
|
|
613b6e |
- /* If we are root then let's talk directly to the system
|
|
|
613b6e |
- * instance, instead of going via the bus */
|
|
|
613b6e |
-
|
|
|
613b6e |
r = sd_bus_new(&bus;;
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
return r;
|
|
|
613b6e |
@@ -521,8 +515,13 @@ int bus_connect_transport_systemd(
|
|
|
613b6e |
/* Print a friendly message when the local system is actually not running systemd as PID 1. */
|
|
|
613b6e |
return log_error_errno(SYNTHETIC_ERRNO(EHOSTDOWN),
|
|
|
613b6e |
"System has not been booted with systemd as init system (PID 1). Can't operate.");
|
|
|
613b6e |
- return bus_connect_system_systemd(ret_bus);
|
|
|
613b6e |
|
|
|
613b6e |
+ if (geteuid() == 0)
|
|
|
613b6e |
+ /* If we are root then let's talk directly to the system
|
|
|
613b6e |
+ * instance, instead of going via the bus. */
|
|
|
613b6e |
+ return bus_connect_system_systemd(ret_bus);
|
|
|
613b6e |
+
|
|
|
613b6e |
+ return sd_bus_default_system(ret_bus);
|
|
|
613b6e |
default:
|
|
|
613b6e |
assert_not_reached();
|
|
|
613b6e |
}
|
|
|
613b6e |
|
|
|
613b6e |
From b066b683539675bc51a71259f1e0f42cef5379ad Mon Sep 17 00:00:00 2001
|
|
|
613b6e |
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
613b6e |
Date: Thu, 10 Oct 2024 15:54:37 +0200
|
|
|
613b6e |
Subject: [PATCH 5/6] stdio-bridge: Use bus_log_connect_error()
|
|
|
613b6e |
|
|
|
613b6e |
---
|
|
|
613b6e |
src/stdio-bridge/stdio-bridge.c | 2 +-
|
|
|
613b6e |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
613b6e |
|
|
|
613b6e |
diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c
|
|
|
613b6e |
index d3629f5fb0dc5..7b774860c8eb1 100644
|
|
|
613b6e |
--- a/src/stdio-bridge/stdio-bridge.c
|
|
|
613b6e |
+++ b/src/stdio-bridge/stdio-bridge.c
|
|
|
613b6e |
@@ -142,7 +142,7 @@ static int run(int argc, char *argv[]) {
|
|
|
613b6e |
|
|
|
613b6e |
r = sd_bus_start(a);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
- return log_error_errno(r, "Failed to start bus client: %m");
|
|
|
613b6e |
+ return bus_log_connect_error(r, arg_transport, arg_runtime_scope);
|
|
|
613b6e |
|
|
|
613b6e |
r = sd_bus_get_bus_id(a, &server_id);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
|
|
|
613b6e |
From d94e85c2279ac255a9c964046723684ca99b7f00 Mon Sep 17 00:00:00 2001
|
|
|
613b6e |
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
613b6e |
Date: Thu, 10 Oct 2024 15:54:57 +0200
|
|
|
613b6e |
Subject: [PATCH 6/6] stdio-bridge: Use customized log message for forwarding
|
|
|
613b6e |
bus
|
|
|
613b6e |
|
|
|
613b6e |
Let's more clearly indicate that we failed to set up the server
|
|
|
613b6e |
which forwards messages from the remote client to the local bus
|
|
|
613b6e |
instead of logging a generic bus client message.
|
|
|
613b6e |
---
|
|
|
613b6e |
src/stdio-bridge/stdio-bridge.c | 2 +-
|
|
|
613b6e |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
613b6e |
|
|
|
613b6e |
diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c
|
|
|
613b6e |
index 7b774860c8eb1..22570511cbabb 100644
|
|
|
613b6e |
--- a/src/stdio-bridge/stdio-bridge.c
|
|
|
613b6e |
+++ b/src/stdio-bridge/stdio-bridge.c
|
|
|
613b6e |
@@ -170,7 +170,7 @@ static int run(int argc, char *argv[]) {
|
|
|
613b6e |
|
|
|
613b6e |
r = sd_bus_start(b);
|
|
|
613b6e |
if (r < 0)
|
|
|
613b6e |
- return log_error_errno(r, "Failed to start bus client: %m");
|
|
|
613b6e |
+ return log_error_errno(r, "Failed to start bus forwarding server: %m");
|
|
|
613b6e |
|
|
|
613b6e |
for (;;) {
|
|
|
613b6e |
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|