ALP-pool/systemd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 systemd revision 390d653de4477a8f2966339620c1ebf8

Browse Source
This commit is contained in:
Adrian Schröter 2024-10-16 09:23:12 +02:00
parent c2022c7d5e
commit cf460dfa1f
20 changed files with 303 additions and 1363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch Normal file
View File

@ -0,0 +1,99 @@
From c98df489ad5c9331bf80c83f4fa2d45bbf0f93be Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Wed, 6 Mar 2024 11:39:00 +0100
Subject: [PATCH 5001/5001] 99-systemd.rules: rework SYSTEMD_READY logic for
device mapper
Device mapper devices are set up in multiple steps. The first step, which
generates the initial "add" event, only creates an empty container, which is
useless for higher layers. SYSTEMD_READY should be set to 0 on this event to
avoid premature device activation.
The event that matters is the "activation" event: the first "change" event on
which DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 is not set. When this event arrives,
the device is ready for being scanned by blkid and similar tools, and for being
activated by systemd.
Intermittent events with DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 should be ignored
as far as systemd or higher-level block layers are concerned. Previous device
properties and symlinks should be preserved: the device shouldn't be scanned or
activated, but shouldn't be deactivated, either. In particular, SYSTEM_READY
shouldn't be set to 0 if it wasn't set before, because that might cause mounted
file systems to be unmounted. Such intermittent events may occur any time,
before or after the "activation" event.
DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 can have multiple reasons. One possible reason
is that the device is suspended. There are other reasons that depend on the
device-mapper subsystem (LVM, multipath, dm-crypt, etc.).
The current systemd rule set
1) sets SYSTEMD_READY=0 if DM_UDEV_DISABLE_OTHER_RULES_FLAG is set in "add"
events;
2) imports SYSTEMD_READY from the udev db if DM_SUSPENDED is set, and jumps to systemd_end;
3) sets SYSTEMD_READY=1, otherwise.
This logic has several flaws:
* 1) can cause file systems to be unmounted if an coldplug event arrives while
a file system is suspended. This rule shouldn't be applied for coldplug events
or in general, "synthetic" add events;
* 2) evaluates DM_SUSPENDED=1, which is a device-mapper internal property.
It's wrong to infer that a device is accessible if DM_SUSPENDED=0.
The jump to systemd_end may cause properties and/or symlinks to be lost;
* 3) is superfluous, because SYSTEMD_READY=1 is equivalent with SYSTEMD_READY
being unset, and can create the wrong impression that the device was explicitly
activated.
This patch fixes the logic as follows:
- apply 1) only if DM_NAME is empty, which is only the case for the first
"genuine add" event;
- change 2) to use DM_UDEV_DISABLE_OTHER_RULES_FLAG instead of DM_SUSPENDED,
and remove the GOTO directive;
- remove 3).
Fixes: b7cf1b6 ("udev: use SYSTEMD_READY to mask uninitialized DM devices")
Fixes: 35a6750 ("rules: set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event (#2747)")
Signed-off-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit c072860593329293e19580b337504adb52248462)
[fbui: fixes bsc#1229518]
---
rules.d/99-systemd.rules.in | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index de1d2eff9e..65bc6e2945 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -20,19 +20,18 @@ SUBSYSTEM=="ubi", TAG+="systemd"
SUBSYSTEM=="block", TAG+="systemd"
-# We can't make any conclusions about suspended DM devices so let's just import previous SYSTEMD_READY state and skip other rules
-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY"
-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", GOTO="systemd_end"
+# When a dm device is first created, it's just an empty container. Ignore it.
+# DM_NAME is not set in this case, but it's set on spurious "add" events that occur later.
+SUBSYSTEM=="block", ACTION=="add", KERNEL=="dm-*", ENV{DM_NAME}!="?*", ENV{SYSTEMD_READY}="0"
-SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
+# DM_UDEV_DISABLE_OTHER_RULES_FLAG==1 means that the device shouldn't be probed.
+# Import previous SYSTEMD_READY state.
+SUBSYSTEM=="block", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}=="", IMPORT{db}="SYSTEMD_READY"
# Ignore encrypted devices with no identified superblock on it, since
# we are probably still calling mke2fs or mkswap on it.
SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-# Explicitly set SYSTEMD_READY=1 for DM devices that don't have it set yet, so that we always have something to import above
-SUBSYSTEM=="block", ENV{DM_UUID}=="?*", ENV{SYSTEMD_READY}=="", ENV{SYSTEMD_READY}="1"
-
# add symlink to GPT root disk
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"
--
2.43.0

283
5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
View File

@ -1,283 +0,0 @@
From 14146f22cdcb6ecbf7d0f46a34843837a21aa118 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Jan 2024 11:30:14 +0100
Subject: [PATCH 5003/5011] cgroup: rename TasksMax structure to CGroupTasksMax
Almost all our enums/structs/funcs carry the CGroup prefix if they are
defined in cgroup.h, TasksMax so far does not, even though it is
exclusively used in cgroup context.
Change that.
(cherry picked from commit 94f0b13b1623c083ece9c0381bd1e65500dc1363)
[mkoutny: Adjust for missing struct UnitDefaults + contexts]
---
src/core/cgroup.c | 16 ++++++++--------
src/core/cgroup.h | 12 ++++++------
src/core/dbus-cgroup.c | 10 +++++-----
src/core/load-fragment.c | 10 +++++-----
src/core/main.c | 4 ++--
src/core/manager.c | 2 +-
src/core/manager.h | 2 +-
src/test/test-cgroup-mask.c | 2 +-
8 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 8a3059b042..5b7205a92e 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -51,7 +51,7 @@
* out specific attributes from us. */
#define LOG_LEVEL_CGROUP_WRITE(r) (IN_SET(abs(r), ENOENT, EROFS, EACCES, EPERM) ? LOG_DEBUG : LOG_WARNING)
-uint64_t tasks_max_resolve(const TasksMax *tasks_max) {
+uint64_t cgroup_tasks_max_resolve(const CGroupTasksMax *tasks_max) {
if (tasks_max->scale == 0)
return tasks_max->value;
@@ -170,7 +170,7 @@ void cgroup_context_init(CGroupContext *c) {
.blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID,
.startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID,
- .tasks_max = TASKS_MAX_UNSET,
+ .tasks_max = CGROUP_TASKS_MAX_UNSET,
.moom_swap = MANAGED_OOM_AUTO,
.moom_mem_pressure = MANAGED_OOM_AUTO,
@@ -562,7 +562,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"),
prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"),
prefix, c->memory_limit,
- prefix, tasks_max_resolve(&c->tasks_max),
+ prefix, cgroup_tasks_max_resolve(&c->tasks_max),
prefix, cgroup_device_policy_to_string(c->device_policy),
prefix, strempty(disable_controllers_str),
prefix, delegate_str,
@@ -1760,9 +1760,9 @@ static void cgroup_context_apply(
* which is desirable so that there's an official way to release control of the sysctl from
* systemd: set the limit to unbounded and reload. */
- if (tasks_max_isset(&c->tasks_max)) {
+ if (cgroup_tasks_max_isset(&c->tasks_max)) {
u->manager->sysctl_pid_max_changed = true;
- r = procfs_tasks_set_limit(tasks_max_resolve(&c->tasks_max));
+ r = procfs_tasks_set_limit(cgroup_tasks_max_resolve(&c->tasks_max));
} else if (u->manager->sysctl_pid_max_changed)
r = procfs_tasks_set_limit(TASKS_MAX);
else
@@ -1775,10 +1775,10 @@ static void cgroup_context_apply(
/* The attribute itself is not available on the host root cgroup, and in the container case we want to
* leave it for the container manager. */
if (!is_local_root) {
- if (tasks_max_isset(&c->tasks_max)) {
+ if (cgroup_tasks_max_isset(&c->tasks_max)) {
char buf[DECIMAL_STR_MAX(uint64_t) + 1];
- xsprintf(buf, "%" PRIu64 "\n", tasks_max_resolve(&c->tasks_max));
+ xsprintf(buf, "%" PRIu64 "\n", cgroup_tasks_max_resolve(&c->tasks_max));
(void) set_attribute_and_warn(u, "pids", "pids.max", buf);
} else
(void) set_attribute_and_warn(u, "pids", "pids.max", "max\n");
@@ -1894,7 +1894,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES;
if (c->tasks_accounting ||
- tasks_max_isset(&c->tasks_max))
+ cgroup_tasks_max_isset(&c->tasks_max))
mask |= CGROUP_MASK_PIDS;
return CGROUP_MASK_EXTEND_JOINED(mask);
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 9f1963b3f2..486957b545 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -9,20 +9,20 @@
#include "list.h"
#include "time-util.h"
-typedef struct TasksMax {
+typedef struct CGroupTasksMax {
/* If scale == 0, just use value; otherwise, value / scale.
* See tasks_max_resolve(). */
uint64_t value;
uint64_t scale;
-} TasksMax;
+} CGroupTasksMax;
-#define TASKS_MAX_UNSET ((TasksMax) { .value = UINT64_MAX, .scale = 0 })
+#define CGROUP_TASKS_MAX_UNSET ((CGroupTasksMax) { .value = UINT64_MAX, .scale = 0 })
-static inline bool tasks_max_isset(const TasksMax *tasks_max) {
+static inline bool cgroup_tasks_max_isset(const CGroupTasksMax *tasks_max) {
return tasks_max->value != UINT64_MAX || tasks_max->scale != 0;
}
-uint64_t tasks_max_resolve(const TasksMax *tasks_max);
+uint64_t cgroup_tasks_max_resolve(const CGroupTasksMax *tasks_max);
typedef struct CGroupContext CGroupContext;
typedef struct CGroupDeviceAllow CGroupDeviceAllow;
@@ -210,7 +210,7 @@ struct CGroupContext {
LIST_HEAD(CGroupSocketBindItem, socket_bind_deny);
/* Common */
- TasksMax tasks_max;
+ CGroupTasksMax tasks_max;
/* Settings for systemd-oomd */
ManagedOOMMode moom_swap;
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 5347525844..3c35673779 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -25,7 +25,7 @@
#include "percent-util.h"
#include "socket-util.h"
-BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve);
+BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve);
BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_cgroup_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch);
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy);
@@ -994,7 +994,7 @@ static int bus_cgroup_set_cpu_weight(
static int bus_cgroup_set_tasks_max(
Unit *u,
const char *name,
- TasksMax *p,
+ CGroupTasksMax *p,
sd_bus_message *message,
UnitWriteFlags flags,
sd_bus_error *error) {
@@ -1013,7 +1013,7 @@ static int bus_cgroup_set_tasks_max(
"Value specified in %s is out of range", name);
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- *p = (TasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */
+ *p = (CGroupTasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */
unit_invalidate_cgroup(u, CGROUP_MASK_PIDS);
if (v == CGROUP_LIMIT_MAX)
@@ -1030,7 +1030,7 @@ static int bus_cgroup_set_tasks_max(
static int bus_cgroup_set_tasks_max_scale(
Unit *u,
const char *name,
- TasksMax *p,
+ CGroupTasksMax *p,
sd_bus_message *message,
UnitWriteFlags flags,
sd_bus_error *error) {
@@ -1049,7 +1049,7 @@ static int bus_cgroup_set_tasks_max_scale(
"Value specified in %s is out of range", name);
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- *p = (TasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */
+ *p = (CGroupTasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */
unit_invalidate_cgroup(u, CGROUP_MASK_PIDS);
uint32_t scaled = DIV_ROUND_UP((uint64_t) v * 100U, (uint64_t) UINT32_MAX);
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 86235fa5b6..18ba95a6c5 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3934,23 +3934,23 @@ int config_parse_tasks_max(
void *userdata) {
const Unit *u = userdata;
- TasksMax *tasks_max = data;
+ CGroupTasksMax *tasks_max = data;
uint64_t v;
int r;
if (isempty(rvalue)) {
- *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
+ *tasks_max = u ? u->manager->default_tasks_max : CGROUP_TASKS_MAX_UNSET;
return 0;
}
if (streq(rvalue, "infinity")) {
- *tasks_max = TASKS_MAX_UNSET;
+ *tasks_max = CGROUP_TASKS_MAX_UNSET;
return 0;
}
r = parse_permyriad(rvalue);
if (r >= 0)
- *tasks_max = (TasksMax) { r, 10000U }; /* r‱ */
+ *tasks_max = (CGroupTasksMax) { r, 10000U }; /* r‱ */
else {
r = safe_atou64(rvalue, &v);
if (r < 0) {
@@ -3963,7 +3963,7 @@ int config_parse_tasks_max(
return 0;
}
- *tasks_max = (TasksMax) { v };
+ *tasks_max = (CGroupTasksMax) { v };
}
return 0;
diff --git a/src/core/main.c b/src/core/main.c
index 14aa1f00c0..efe75d96b3 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -106,7 +106,7 @@
#include <sanitizer/lsan_interface.h>
#endif
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
static enum {
ACTION_RUN,
@@ -166,7 +166,7 @@ static bool arg_default_ip_accounting;
static bool arg_default_blockio_accounting;
static bool arg_default_memory_accounting;
static bool arg_default_tasks_accounting;
-static TasksMax arg_default_tasks_max;
+static CGroupTasksMax arg_default_tasks_max;
static usec_t arg_default_memory_pressure_threshold_usec;
static CGroupPressureWatch arg_default_memory_pressure_watch;
static sd_id128_t arg_machine_id;
diff --git a/src/core/manager.c b/src/core/manager.c
index 2ccb753888..5f4522392d 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -840,7 +840,7 @@ int manager_new(RuntimeScope runtime_scope, ManagerTestRunFlags test_run_flags,
.default_timer_accuracy_usec = USEC_PER_MINUTE,
.default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT,
.default_tasks_accounting = true,
- .default_tasks_max = TASKS_MAX_UNSET,
+ .default_tasks_max = CGROUP_TASKS_MAX_UNSET,
.default_timeout_start_usec = manager_default_timeout(runtime_scope),
.default_timeout_stop_usec = manager_default_timeout(runtime_scope),
.default_restart_usec = DEFAULT_RESTART_USEC,
diff --git a/src/core/manager.h b/src/core/manager.h
index a6c87dc852..e4b2393d06 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -375,7 +375,7 @@ struct Manager {
bool default_tasks_accounting;
bool default_ip_accounting;
- TasksMax default_tasks_max;
+ CGroupTasksMax default_tasks_max;
usec_t default_timer_accuracy_usec;
OOMPolicy default_oom_policy;
diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c
index c0bf585963..35b2599e86 100644
--- a/src/test/test-cgroup-mask.c
+++ b/src/test/test-cgroup-mask.c
@@ -58,7 +58,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) {
m->default_blockio_accounting =
m->default_io_accounting =
m->default_tasks_accounting = false;
- m->default_tasks_max = TASKS_MAX_UNSET;
+ m->default_tasks_max = CGROUP_TASKS_MAX_UNSET;
assert_se(manager_startup(m, NULL, NULL, NULL) >= 0);
--
2.35.3

31
5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
View File

@ -1,31 +0,0 @@
From c44ecd40ed4b4221dd9f03f5c2090d994889064c Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 23 Jan 2024 11:30:15 +0100
Subject: [PATCH 5004/5011] bus-print-properties: ignore CGROUP_LIMIT_MAX for
Memory*{Current, Peak}
MemoryCurrent and MemoryAvailable are shown as "[not set]" when UINT64_MAX
(unset). Let's do the same for the newly-added Memory*{Current,Peak} properties.
(cherry picked from commit 3f362012ce0034dc14d3c1a1c2a3a64a11efa9da)
[mkoutny: Drop MemoryPeak=]
---
src/shared/bus-print-properties.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index db41ad2495..46724c98fa 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -158,6 +158,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
(STR_IN_SET(name, "CPUShares", "StartupCPUShares") && u == CGROUP_CPU_SHARES_INVALID) ||
(STR_IN_SET(name, "BlockIOWeight", "StartupBlockIOWeight") && u == CGROUP_BLKIO_WEIGHT_INVALID) ||
(STR_IN_SET(name, "MemoryCurrent", "TasksCurrent") && u == UINT64_MAX) ||
+ (startswith(name, "Memory") && ENDSWITH_SET(name, "Current") && u == CGROUP_LIMIT_MAX) ||
(endswith(name, "NSec") && u == UINT64_MAX))
bus_print_property_value(name, expected_value, flags, "[not set]");
--
2.35.3

38
5005-bus-print-properties-prettify-more-unset-properties.patch
View File

@ -1,38 +0,0 @@
From 278ef74e90a13821fc2209eb09de768035e14478 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 23 Jan 2024 11:30:16 +0100
Subject: [PATCH 5005/5011] bus-print-properties: prettify more unset
properties
(cherry picked from commit bfb6b1214a8da947cb82fed2eec3d7f2b1c6175f)
[mkoutny: Handle MemoryAvailable= separately.]
---
src/shared/bus-print-properties.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index 46724c98fa..f74d8994ad 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -157,13 +157,15 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
else if ((STR_IN_SET(name, "CPUWeight", "StartupCPUWeight", "IOWeight", "StartupIOWeight") && u == CGROUP_WEIGHT_INVALID) ||
(STR_IN_SET(name, "CPUShares", "StartupCPUShares") && u == CGROUP_CPU_SHARES_INVALID) ||
(STR_IN_SET(name, "BlockIOWeight", "StartupBlockIOWeight") && u == CGROUP_BLKIO_WEIGHT_INVALID) ||
- (STR_IN_SET(name, "MemoryCurrent", "TasksCurrent") && u == UINT64_MAX) ||
+ (STR_IN_SET(name, "MemoryCurrent", "MemoryAvailable", "TasksCurrent") && u == UINT64_MAX) ||
(startswith(name, "Memory") && ENDSWITH_SET(name, "Current") && u == CGROUP_LIMIT_MAX) ||
+ (startswith(name, "IO") && ENDSWITH_SET(name, "Bytes", "Operations") && u == UINT64_MAX) ||
(endswith(name, "NSec") && u == UINT64_MAX))
bus_print_property_value(name, expected_value, flags, "[not set]");
- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) ||
+ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
+ u == CGROUP_LIMIT_MAX) ||
(STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) ||
(startswith(name, "Limit") && u == UINT64_MAX) ||
(startswith(name, "DefaultLimit") && u == UINT64_MAX))
--
2.35.3

607
5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
View File

@ -1,607 +0,0 @@
From 9c86b2c20823dce7f8303648f7e8a8d76342d1d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:17 +0100
Subject: [PATCH 5006/5011] cgroup: Add EffectiveMemoryMax=,
EffectiveMemoryHigh= and EffectiveTasksMax= properties
Users become perplexed when they run their workload in a unit with no
explicit limits configured (moreover, listing the limit property would
even show it's infinity) but they experience unexpected resource
limitation.
The memory and pid limits come as the most visible, therefore add new
unit read-only properties:
- EffectiveMemoryMax=,
- EffectiveMemoryHigh=,
- EffectiveTasksMax=.
These properties represent the most stringent limit systemd is aware of
for the given unit -- and that is typically(*) the effective value.
Implement the properties by simply traversing all parents in the
leaf-slice tree and picking the minimum value. Note that effective
limits are thus defined even for units that don't enable explicit
accounting (because of the hierarchy).
(*) The evasive case is when systemd runs in a cgroupns and cannot
reason about outer setup. Complete solution would need kernel support.
(cherry picked from commit 4fb0d2dc140c9a2c01c236d2a8dc09a44157e896)
[mkoutny: adjust context, drop unapplicable XML]
[mkoutny: fixes jsc#PED-5659]
---
man/org.freedesktop.systemd1.xml | 108 ++++++++++++++++++++++++++++++
man/systemd.resource-control.xml | 11 ++-
src/core/cgroup.c | 48 +++++++++++++
src/core/cgroup.h | 13 ++++
src/core/dbus-unit.c | 25 +++++++
src/shared/bus-print-properties.c | 6 +-
6 files changed, 206 insertions(+), 5 deletions(-)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 2e357539fb..02db33626d 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -2716,6 +2716,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -2724,6 +2728,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -3335,6 +3341,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -3343,6 +3353,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -3963,6 +3975,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -3971,6 +3987,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -4748,6 +4766,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -4756,6 +4778,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -5377,6 +5401,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -5385,6 +5413,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -5983,6 +6013,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -5991,6 +6025,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -6643,6 +6679,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -6651,6 +6691,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -7200,6 +7242,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -7208,6 +7254,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -7724,6 +7772,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -7732,6 +7784,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -8511,6 +8565,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -8519,6 +8577,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -9054,6 +9114,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -9062,6 +9126,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -9564,6 +9630,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -9572,6 +9642,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -10210,6 +10282,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -10218,6 +10294,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -10381,6 +10459,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -10389,6 +10471,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -10557,6 +10641,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -10565,6 +10653,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -10759,6 +10849,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -10767,6 +10861,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -10950,6 +11046,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -10958,6 +11058,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -11156,6 +11258,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -11164,6 +11270,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 3c17efbe16..5b7900af87 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -392,7 +392,9 @@ CPUWeight=20 DisableControllers=cpu / \
system. If assigned the
special value <literal>infinity</literal>, no memory throttling is applied. This controls the
<literal>memory.high</literal> control group attribute. For details about this control group attribute, see
- <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para>
+ <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
+ The effective configuration is reported as <varname>EffectiveMemoryHigh=</varname>
+ (see also <varname>EffectiveMemoryMax=</varname>).</para>
<para>While <varname>StartupMemoryHigh=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryHigh=</varname> applies to normal runtime of the system, and if the former is not set also to
@@ -418,7 +420,9 @@ CPUWeight=20 DisableControllers=cpu / \
percentage value may be specified, which is taken relative to the installed physical memory on the system. If
assigned the special value <literal>infinity</literal>, no memory limit is applied. This controls the
<literal>memory.max</literal> control group attribute. For details about this control group attribute, see
- <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para>
+ <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
+ The effective configuration is reported as <varname>EffectiveMemoryMax=</varname> (the value is
+ the most stringent limit of the unit and parent slices).</para>
<para>While <varname>StartupMemoryMax=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryMax=</varname> applies to normal runtime of the system, and if the former is not set also to
@@ -534,7 +538,8 @@ CPUWeight=20 DisableControllers=cpu / \
limit is applied. This controls the <literal>pids.max</literal> control group attribute. For
details about this control group attribute, the
<ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#pid">pids controller
- </ulink>.</para>
+ </ulink>.
+ The effective configuration is reported as <varname>EffectiveTasksMax=</varname>.</para>
<para>The system default for this setting may be controlled with
<varname>DefaultTasksMax=</varname> in
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 5b7205a92e..0842036559 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4000,6 +4000,46 @@ int unit_get_ip_accounting(
return r;
}
+static uint64_t unit_get_effective_limit_one(Unit *u, CGroupLimitType type) {
+ CGroupContext *cc;
+
+ assert(u);
+ assert(UNIT_HAS_CGROUP_CONTEXT(u));
+
+ cc = unit_get_cgroup_context(u);
+ switch (type) {
+ /* Note: on legacy/hybrid hierarchies memory_max stays CGROUP_LIMIT_MAX unless configured
+ * explicitly. Effective value of MemoryLimit= (cgroup v1) is not implemented. */
+ case CGROUP_LIMIT_MEMORY_MAX:
+ return cc->memory_max;
+ case CGROUP_LIMIT_MEMORY_HIGH:
+ return cc->memory_high;
+ case CGROUP_LIMIT_TASKS_MAX:
+ return cgroup_tasks_max_resolve(&cc->tasks_max);
+ default:
+ assert_not_reached();
+ }
+}
+
+int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret) {
+ uint64_t infimum;
+
+ assert(u);
+ assert(ret);
+ assert(type >= 0);
+ assert(type < _CGROUP_LIMIT_TYPE_MAX);
+
+ if (!UNIT_HAS_CGROUP_CONTEXT(u))
+ return -EINVAL;
+
+ infimum = unit_get_effective_limit_one(u, type);
+ for (Unit *slice = UNIT_GET_SLICE(u); slice; slice = UNIT_GET_SLICE(slice))
+ infimum = MIN(infimum, unit_get_effective_limit_one(slice, type));
+
+ *ret = infimum;
+ return 0;
+}
+
static int unit_get_io_accounting_raw(Unit *u, uint64_t ret[static _CGROUP_IO_ACCOUNTING_METRIC_MAX]) {
static const char *const field_names[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {
[CGROUP_IO_READ_BYTES] = "rbytes=",
@@ -4418,3 +4458,11 @@ static const char* const cgroup_pressure_watch_table[_CGROUP_PRESSURE_WATCH_MAX]
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(cgroup_pressure_watch, CGroupPressureWatch, CGROUP_PRESSURE_WATCH_ON);
+
+static const char *const cgroup_limit_type_table[_CGROUP_LIMIT_TYPE_MAX] = {
+ [CGROUP_LIMIT_MEMORY_MAX] = "EffectiveMemoryMax",
+ [CGROUP_LIMIT_MEMORY_HIGH] = "EffectiveMemoryHigh",
+ [CGROUP_LIMIT_TASKS_MAX] = "EffectiveTasksMax",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(cgroup_limit_type, CGroupLimitType);
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 486957b545..a19a2fffa3 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -245,6 +245,15 @@ typedef enum CGroupIOAccountingMetric {
_CGROUP_IO_ACCOUNTING_METRIC_INVALID = -EINVAL,
} CGroupIOAccountingMetric;
+/* Used for limits whose value sets have infimum */
+typedef enum CGroupLimitType {
+ CGROUP_LIMIT_MEMORY_MAX,
+ CGROUP_LIMIT_MEMORY_HIGH,
+ CGROUP_LIMIT_TASKS_MAX,
+ _CGROUP_LIMIT_TYPE_MAX,
+ _CGROUP_LIMIT_INVALID = -EINVAL,
+} CGroupLimitType;
+
typedef struct Unit Unit;
typedef struct Manager Manager;
@@ -337,6 +346,7 @@ int unit_get_tasks_current(Unit *u, uint64_t *ret);
int unit_get_cpu_usage(Unit *u, nsec_t *ret);
int unit_get_io_accounting(Unit *u, CGroupIOAccountingMetric metric, bool allow_cache, uint64_t *ret);
int unit_get_ip_accounting(Unit *u, CGroupIPAccountingMetric metric, uint64_t *ret);
+int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret);
int unit_reset_cpu_accounting(Unit *u);
int unit_reset_ip_accounting(Unit *u);
@@ -378,3 +388,6 @@ FreezerAction freezer_action_from_string(const char *s) _pure_;
const char* cgroup_pressure_watch_to_string(CGroupPressureWatch a) _const_;
CGroupPressureWatch cgroup_pressure_watch_from_string(const char *s) _pure_;
+
+const char* cgroup_limit_type_to_string(CGroupLimitType m) _const_;
+CGroupLimitType cgroup_limit_type_from_string(const char *s) _pure_;
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index ed376cec87..b4509a990e 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1438,6 +1438,28 @@ static int property_get_io_counter(
return sd_bus_message_append(reply, "t", value);
}
+static int property_get_effective_limit(
+ sd_bus *bus,
+ const char *path,
+ const char *interface,
+ const char *property,
+ sd_bus_message *reply,
+ void *userdata,
+ sd_bus_error *error) {
+
+ uint64_t value = CGROUP_LIMIT_MAX;
+ Unit *u = ASSERT_PTR(userdata);
+ ssize_t type;
+
+ assert(bus);
+ assert(reply);
+ assert(property);
+
+ assert_se((type = cgroup_limit_type_from_string(property)) >= 0);
+ (void) unit_get_effective_limit(u, type, &value);
+ return sd_bus_message_append(reply, "t", value);
+}
+
int bus_unit_method_attach_processes(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
@@ -1557,10 +1579,13 @@ const sd_bus_vtable bus_unit_cgroup_vtable[] = {
SD_BUS_PROPERTY("ControlGroupId", "t", NULL, offsetof(Unit, cgroup_id), 0),
SD_BUS_PROPERTY("MemoryCurrent", "t", property_get_current_memory, 0, 0),
SD_BUS_PROPERTY("MemoryAvailable", "t", property_get_available_memory, 0, 0),
+ SD_BUS_PROPERTY("EffectiveMemoryMax", "t", property_get_effective_limit, 0, 0),
+ SD_BUS_PROPERTY("EffectiveMemoryHigh", "t", property_get_effective_limit, 0, 0),
SD_BUS_PROPERTY("CPUUsageNSec", "t", property_get_cpu_usage, 0, 0),
SD_BUS_PROPERTY("EffectiveCPUs", "ay", property_get_cpuset_cpus, 0, 0),
SD_BUS_PROPERTY("EffectiveMemoryNodes", "ay", property_get_cpuset_mems, 0, 0),
SD_BUS_PROPERTY("TasksCurrent", "t", property_get_current_tasks, 0, 0),
+ SD_BUS_PROPERTY("EffectiveTasksMax", "t", property_get_effective_limit, 0, 0),
SD_BUS_PROPERTY("IPIngressBytes", "t", property_get_ip_counter, 0, 0),
SD_BUS_PROPERTY("IPIngressPackets", "t", property_get_ip_counter, 0, 0),
SD_BUS_PROPERTY("IPEgressBytes", "t", property_get_ip_counter, 0, 0),
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index f74d8994ad..62bbc598bb 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -164,9 +164,11 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
bus_print_property_value(name, expected_value, flags, "[not set]");
- else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
+ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin",
+ "MemoryHigh", "MemoryMax",
+ "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
u == CGROUP_LIMIT_MAX) ||
- (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) ||
+ (endswith(name, "TasksMax") && u == UINT64_MAX) ||
(startswith(name, "Limit") && u == UINT64_MAX) ||
(startswith(name, "DefaultLimit") && u == UINT64_MAX))
--
2.35.3

97
5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
View File

@ -1,97 +0,0 @@
From 46451a18828473edaf7e9873a084f26f0c827a3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:18 +0100
Subject: [PATCH 5007/5011] test: Convert rlimit test to subtest of generic
limit testing
No functional change intended. Preparation for new tests.
(cherry picked from commit 834ca54624ae1d61ec4fcf3a63b10271c38c4860)
[mkoutny: fixes jsc#PED-5659]
---
test/units/testsuite-05.rlimit.sh | 25 +++++++++++++++++++++++++
test/units/testsuite-05.service | 2 +-
test/units/testsuite-05.sh | 22 +++-------------------
3 files changed, 29 insertions(+), 20 deletions(-)
create mode 100755 test/units/testsuite-05.rlimit.sh
diff --git a/test/units/testsuite-05.rlimit.sh b/test/units/testsuite-05.rlimit.sh
new file mode 100755
index 0000000000..bbf3adbe65
--- /dev/null
+++ b/test/units/testsuite-05.rlimit.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+P=/run/systemd/system.conf.d
+mkdir $P
+
+cat >$P/rlimits.conf <<EOF
+[Manager]
+DefaultLimitNOFILE=10000:16384
+EOF
+
+systemctl daemon-reload
+
+[[ "$(systemctl show -P DefaultLimitNOFILESoft)" = "10000" ]]
+[[ "$(systemctl show -P DefaultLimitNOFILE)" = "16384" ]]
+
+[[ "$(systemctl show -P LimitNOFILESoft testsuite-05.service)" = "10000" ]]
+[[ "$(systemctl show -P LimitNOFILE testsuite-05.service)" = "16384" ]]
+
+# shellcheck disable=SC2016
+systemd-run --wait -t bash -c '[[ "$(ulimit -n -S)" = "10000" ]]'
+# shellcheck disable=SC2016
+systemd-run --wait -t bash -c '[[ "$(ulimit -n -H)" = "16384" ]]'
diff --git a/test/units/testsuite-05.service b/test/units/testsuite-05.service
index ab72d8fe27..cf32accb8c 100644
--- a/test/units/testsuite-05.service
+++ b/test/units/testsuite-05.service
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
-Description=TEST-05-RLIMITS
+Description=TEST-05-LIMITS
[Service]
ExecStartPre=rm -f /failed /testok
diff --git a/test/units/testsuite-05.sh b/test/units/testsuite-05.sh
index 870845d14b..9c2a033aa9 100755
--- a/test/units/testsuite-05.sh
+++ b/test/units/testsuite-05.sh
@@ -3,25 +3,9 @@
set -eux
set -o pipefail
-P=/run/systemd/system.conf.d
-mkdir $P
+# shellcheck source=test/units/test-control.sh
+. "$(dirname "$0")"/test-control.sh
-cat >$P/rlimits.conf <<EOF
-[Manager]
-DefaultLimitNOFILE=10000:16384
-EOF
-
-systemctl daemon-reload
-
-[[ "$(systemctl show -P DefaultLimitNOFILESoft)" = "10000" ]]
-[[ "$(systemctl show -P DefaultLimitNOFILE)" = "16384" ]]
-
-[[ "$(systemctl show -P LimitNOFILESoft testsuite-05.service)" = "10000" ]]
-[[ "$(systemctl show -P LimitNOFILE testsuite-05.service)" = "16384" ]]
-
-# shellcheck disable=SC2016
-systemd-run --wait -t bash -c '[[ "$(ulimit -n -S)" = "10000" ]]'
-# shellcheck disable=SC2016
-systemd-run --wait -t bash -c '[[ "$(ulimit -n -H)" = "16384" ]]'
+run_subtests
touch /testok
--
2.35.3

111
5008-test-Add-effective-cgroup-limits-testing.patch
View File

@ -1,111 +0,0 @@
From d0c92dae23e409f6a29f70f039455c08610c943f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:19 +0100
Subject: [PATCH 5008/5011] test: Add effective cgroup limits testing
(cherry picked from commit ce35bb95c7b6fe9a48d2b8628bd690279b17fffa)
[mkoutny: fixes jsc#PED-5659]
---
test/units/testsuite-05.effective-limit.sh | 68 ++++++++++++++++++++++
test/units/util.sh | 9 +++
2 files changed, 77 insertions(+)
create mode 100755 test/units/testsuite-05.effective-limit.sh
diff --git a/test/units/testsuite-05.effective-limit.sh b/test/units/testsuite-05.effective-limit.sh
new file mode 100755
index 0000000000..3ff8e83140
--- /dev/null
+++ b/test/units/testsuite-05.effective-limit.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+pre=test05
+cat >/run/systemd/system/"$pre"alpha.slice <<EOF
+[Slice]
+MemoryMax=40M
+MemoryHigh=40M
+TasksMax=400
+EOF
+
+cat >/run/systemd/system/"$pre"alpha-beta.slice <<EOF
+[Slice]
+MemoryMax=10M
+MemoryHigh=10M
+TasksMax=100
+EOF
+
+cat >/run/systemd/system/"$pre"alpha-beta-gamma.slice <<EOF
+[Slice]
+MemoryMax=20M
+MemoryHigh=20M
+TasksMax=200
+EOF
+
+systemctl daemon-reload
+
+srv=probe.service
+slc0="$pre"alpha.slice
+slc="$pre"alpha-beta-gamma.slice
+
+systemd-run --unit "$srv" --slice "$slc" \
+ -p MemoryMax=5M \
+ -p MemoryHigh=5M \
+ -p TasksMax=50 \
+ sleep inf
+
+# Compare with inequality because test can run in a constrained container
+assert_le "$(systemctl show -P EffectiveMemoryMax "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveMemoryHigh "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveTasksMax "$srv")" "50"
+
+systemctl stop "$srv"
+
+systemd-run --unit "$srv" --slice "$slc" \
+ sleep inf
+
+assert_le "$(systemctl show -P EffectiveMemoryMax "$srv")" "10485760"
+assert_le "$(systemctl show -P EffectiveMemoryHigh "$srv")" "10485760"
+assert_le "$(systemctl show -P EffectiveTasksMax "$srv")" "100"
+
+systemctl set-property "$slc0" \
+ MemoryMax=5M \
+ MemoryHigh=5M \
+ TasksMax=50
+
+assert_le "$(systemctl show -P EffectiveMemoryMax "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveMemoryHigh "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveTasksMax "$srv")" "50"
+
+systemctl stop "$srv"
+
+rm -f /run/systemd/system/"$pre"* || :
diff --git a/test/units/util.sh b/test/units/util.sh
index 932fe1e603..7af98bb45e 100755
--- a/test/units/util.sh
+++ b/test/units/util.sh
@@ -26,6 +26,15 @@ assert_eq() {(
fi
)}
+assert_le() {(
+ set +ex
+
+ if [[ "${1:?}" -gt "${2:?}" ]]; then
+ echo "FAIL: '$1' > '$2'" >&2
+ exit 1
+ fi
+)}
+
assert_in() {(
set +ex
--
2.35.3

56
5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
View File

@ -1,56 +0,0 @@
From edfd70ab2c5490131fcf5a4348e31c19251d3479 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:20 +0100
Subject: [PATCH 5009/5011] cgroup: Restrict effective limits with global
resource provision
Global resource (whole system or root cg's (e.g. in a container)) is
also a well-defined limit for memory and tasks, take it into account
when calculating effective limits.
(cherry picked from commit 93f8e88d23bd383b5134f32c1e2ee315ac3a38c8)
[mkoutny: fixes jsc#PED-5659]
---
man/systemd.resource-control.xml | 2 +-
src/core/cgroup.c | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 5b7900af87..ded4722e7a 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -422,7 +422,7 @@ CPUWeight=20 DisableControllers=cpu / \
<literal>memory.max</literal> control group attribute. For details about this control group attribute, see
<ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
The effective configuration is reported as <varname>EffectiveMemoryMax=</varname> (the value is
- the most stringent limit of the unit and parent slices).</para>
+ the most stringent limit of the unit and parent slices and it is capped by physical memory).</para>
<para>While <varname>StartupMemoryMax=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryMax=</varname> applies to normal runtime of the system, and if the former is not set also to
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 0842036559..a53d90486c 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4006,6 +4006,17 @@ static uint64_t unit_get_effective_limit_one(Unit *u, CGroupLimitType type) {
assert(u);
assert(UNIT_HAS_CGROUP_CONTEXT(u));
+ if (unit_has_name(u, SPECIAL_ROOT_SLICE))
+ switch (type) {
+ case CGROUP_LIMIT_MEMORY_MAX:
+ case CGROUP_LIMIT_MEMORY_HIGH:
+ return physical_memory();
+ case CGROUP_LIMIT_TASKS_MAX:
+ return system_tasks_max();
+ default:
+ assert_not_reached();
+ }
+
cc = unit_get_cgroup_context(u);
switch (type) {
/* Note: on legacy/hybrid hierarchies memory_max stays CGROUP_LIMIT_MAX unless configured
--
2.35.3

64
5010-cgroup-Rename-effective-limits-internal-table.patch
View File

@ -1,64 +0,0 @@
From 0c3448f0e341e3e1f23722e4275c4fdd4062d280 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:21 +0100
Subject: [PATCH 5010/5011] cgroup: Rename effective limits internal table
Post-merge fixup of commit 4fb0d2dc14 ("cgroup: Add EffectiveMemoryMax=,
EffectiveMemoryHigh= and EffectiveTasksMax= properties"), no functional
change intended.
(cherry picked from commit 8ad614890bba66b5f6b590d6a3e1b8b04a920126)
[mkoutny: adjust context]
[mkoutny: fixes jsc#PED-5659]
---
src/core/cgroup.c | 4 ++--
src/core/cgroup.h | 4 ++--
src/core/dbus-unit.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index a53d90486c..2d8d61a26d 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4470,10 +4470,10 @@ static const char* const cgroup_pressure_watch_table[_CGROUP_PRESSURE_WATCH_MAX]
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(cgroup_pressure_watch, CGroupPressureWatch, CGROUP_PRESSURE_WATCH_ON);
-static const char *const cgroup_limit_type_table[_CGROUP_LIMIT_TYPE_MAX] = {
+static const char *const cgroup_effective_limit_type_table[_CGROUP_LIMIT_TYPE_MAX] = {
[CGROUP_LIMIT_MEMORY_MAX] = "EffectiveMemoryMax",
[CGROUP_LIMIT_MEMORY_HIGH] = "EffectiveMemoryHigh",
[CGROUP_LIMIT_TASKS_MAX] = "EffectiveTasksMax",
};
-DEFINE_STRING_TABLE_LOOKUP(cgroup_limit_type, CGroupLimitType);
+DEFINE_STRING_TABLE_LOOKUP(cgroup_effective_limit_type, CGroupLimitType);
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index a19a2fffa3..9ff650abcf 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -389,5 +389,5 @@ FreezerAction freezer_action_from_string(const char *s) _pure_;
const char* cgroup_pressure_watch_to_string(CGroupPressureWatch a) _const_;
CGroupPressureWatch cgroup_pressure_watch_from_string(const char *s) _pure_;
-const char* cgroup_limit_type_to_string(CGroupLimitType m) _const_;
-CGroupLimitType cgroup_limit_type_from_string(const char *s) _pure_;
+const char* cgroup_effective_limit_type_to_string(CGroupLimitType m) _const_;
+CGroupLimitType cgroup_effective_limit_type_from_string(const char *s) _pure_;
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index b4509a990e..da22e8f524 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1455,7 +1455,7 @@ static int property_get_effective_limit(
assert(reply);
assert(property);
- assert_se((type = cgroup_limit_type_from_string(property)) >= 0);
+ assert_se((type = cgroup_effective_limit_type_from_string(property)) >= 0);
(void) unit_get_effective_limit(u, type, &value);
return sd_bus_message_append(reply, "t", value);
}
--
2.35.3

1
baselibs.conf
View File

@ -8,3 +8,4 @@ systemd
-/usr/lib/cryptsetup
libsystemd0
libudev1
systemd-devel

2
files.experimental
View File

@ -5,6 +5,8 @@
%if %{with sd_boot}
%dir %{_unitdir}/initrd.target.wants
%endif
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/oomd.conf
%{_bindir}/oomctl
%{_bindir}/systemd-repart
%{_datadir}/bash-completion/completions/oomctl

3
files.journal-remote
View File

@ -4,6 +4,9 @@
%dir %{_sysconfdir}/systemd/journal-remote.conf.d
%dir %{_sysconfdir}/systemd/journal-upload.conf.d
%ghost %dir %{_localstatedir}/log/journal/remote
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/journal-remote.conf
%ghost %{_sysconfdir}/systemd/journal-upload.conf
%{_datadir}/systemd/gatewayd
%{_datadir}/systemd/gatewayd/browse.html
%{_mandir}/man5/journal-remote.conf.5.gz

2
files.network
View File

@ -5,6 +5,8 @@
%dir %{_sysconfdir}/systemd/network
%dir %{_sysconfdir}/systemd/networkd.conf.d
%dir %{_systemd_util_dir}/network
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/networkd.conf
%{_bindir}/networkctl
%{_datadir}/bash-completion/completions/networkctl
%{_datadir}/dbus-1/interfaces/org.freedesktop.network1.DHCPServer.xml

5
files.systemd
View File

@ -87,6 +87,11 @@
%ghost %config(noreplace) %{_sysconfdir}/machine-info
%ghost %dir %attr(2755, root, systemd-journal) %{_localstatedir}/log/journal
%ghost %{_localstatedir}/lib/systemd/catalog/database
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/journald.conf
%ghost %{_sysconfdir}/systemd/logind.conf
%ghost %{_sysconfdir}/systemd/system.conf
%ghost %{_sysconfdir}/systemd/user.conf
%license LICENSE.GPL2
%license LICENSE.LGPL2.1
%{_bindir}/busctl

6
files.udev
View File

@ -33,6 +33,11 @@
%ghost %attr(644, root, root) %{_prefix}/lib/udev/compat-symlink-generation
%ghost %config(noreplace) %{_sysconfdir}/vconsole.conf
%ghost %{_localstatedir}/lib/systemd/backlight
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/pstore.conf
%ghost %{_sysconfdir}/systemd/sleep.conf
%ghost %{_sysconfdir}/systemd/timesyncd.conf
%ghost %{_sysconfdir}/udev/iocost.conf
%if %{without bootstrap}
%{_bindir}/kernel-install
%{_bindir}/systemd-cryptenroll
@ -222,6 +227,7 @@
%{_udevhwdbdir}/70-analyzers.hwdb
%{_udevhwdbdir}/70-av-production.hwdb
%{_udevhwdbdir}/70-cameras.hwdb
%{_udevhwdbdir}/70-hardware-wallets.hwdb
%{_udevhwdbdir}/70-joystick.hwdb
%{_udevhwdbdir}/70-mouse.hwdb
%{_udevhwdbdir}/70-pda.hwdb

25
fixlet-systemd-post.sh
View File

@ -276,6 +276,31 @@ drop_after_local_support() {
fi
}
#
# We have stopped shipping the main config files in /etc but we don't try to
# clean them up automatically as it can have unexepected side effects
# (bsc#1226415). Instead we simply suggest users to convert them (if they exist)
# into drop-ins.
#
# Note: run at each package update
#
check_config_files () {
config_files=(systemd/journald.conf systemd/logind.conf systemd/system.conf systemd/user.conf
systemd/pstore.conf systemd/sleep.conf systemd/timesyncd.conf systemd/coredump.conf
systemd/journal-remote.conf systemd/journal-upload.conf systemd/networkd.conf
systemd/resolved.conf systemd/oomd.conf udev/iocost.conf)
for f in ${config_files[*]}; do
[ -e /etc/$f ] || continue
cat >&2 <<EOF
Main configuration files are deprecated in favor of drop-ins.
Hence we suggest you to remove /etc/$f if it doesn't contain any customization or convert it into drop-in otherwise.
For more details, please visit https://en.opensuse.org/Systemd#Configuration.
EOF
done
}
r=0
fix_machine_id_perms || r=1
fix_pre_210 || r=1

BIN
systemd-v254.18+suse.50.g87f11f092e.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
systemd-v254.9+suse.30.g31f1148f75.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

144
systemd.changes
View File

@ -1,3 +1,146 @@
-------------------------------------------------------------------
Wed Sep 11 11:59:27 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 87f11f092e2a63f6b9af98871ea716dab54f8b58 (merge of v254.18)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/0512d0d1fc0b54a84964281708036a46ab39c153...87f11f092e2a63f6b9af98871ea716dab54f8b58
-------------------------------------------------------------------
Thu Aug 29 15:38:50 UTC 2024 - Franck Bui <fbui@suse.com>
- Add 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch (bsc#1229518)
-------------------------------------------------------------------
Thu Aug 29 12:37:22 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 0512d0d1fc0b54a84964281708036a46ab39c153
0512d0d1fc cgroup: Rename effective limits internal table (jsc#PED-5659)
765846b70b cgroup: Restrict effective limits with global resource provision (jsc#PED-5659)
e29909088b test: Add effective cgroup limits testing (jsc#PED-5659)
beacac6df0 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659)
e3b789e512 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659)
5aa063ae16 bus-print-properties: prettify more unset properties
a53122c9bd bus-print-properties: ignore CGROUP_LIMIT_MAX for Memory*{Current, Peak}
8418791441 cgroup: rename TasksMax structure to CGroupTasksMax
- Drop 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
5005-bus-print-properties-prettify-more-unset-properties.patch
5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
5008-test-Add-effective-cgroup-limits-testing.patch
5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
5010-cgroup-Rename-effective-limits-internal-table.patch
These patches have been merged in the SUSE/254 branch.
-------------------------------------------------------------------
Tue Aug 27 08:08:10 UTC 2024 - Franck Bui <fbui@suse.com>
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
-------------------------------------------------------------------
Wed Aug 21 08:39:51 UTC 2024 - Franck Bui <fbui@suse.com>
- Make the 32bit version of libudev.so available again (bsc#1228223)
The symlink for building 32bit applications was mistakenly dropped when the
content of libudev-devel was merged into systemd-devel.
Provide the 32bit flavor of systemd-devel again, which should restore the plug
and play support in Wine for 32bit windows applications.
-------------------------------------------------------------------
Mon Aug 19 16:18:23 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 5aa182660dff86fe9d5cba61b0c6542bb2f2db23 (merge of v254.17)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/981815f400481fc28508e4de7395e8c1632f3c60...5aa182660dff86fe9d5cba61b0c6542bb2f2db23
-------------------------------------------------------------------
Mon Aug 19 12:33:31 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 981815f400481fc28508e4de7395e8c1632f3c60 (merge of v254.16)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8acd7e2a9524d0a8db7976b4e1f10d6f0bd0441f...981815f400481fc28508e4de7395e8c1632f3c60
-------------------------------------------------------------------
Mon Jul 22 12:29:11 UTC 2024 - Franck Bui <fbui@suse.com>
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
-------------------------------------------------------------------
Wed Jul 17 08:21:21 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 8acd7e2a9524d0a8db7976b4e1f10d6f0bd0441f (merge of v254.15)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/10392b9b7c013cbc6c3dc70d8c623e22b0a7c78b...8acd7e2a9524d0a8db7976b4e1f10d6f0bd0441f
-------------------------------------------------------------------
Thu Jul 11 17:48:32 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 10392b9b7c013cbc6c3dc70d8c623e22b0a7c78b (merge of v254.14)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e87183896e2dbb0b2a78709c9ae0e37911b7fbcd...10392b9b7c013cbc6c3dc70d8c623e22b0a7c78b
-------------------------------------------------------------------
Thu Jul 11 17:45:27 UTC 2024 - Franck Bui <fbui@suse.com>
- testsuite: move a misplaced %endif
-------------------------------------------------------------------
Thu Jul 11 15:50:51 UTC 2024 - Franck Bui <fbui@suse.com>
- Don't automatically clean unmodified config files up (bsc#1226415)
Relying on the presence of .rpmsave for detecting unmodified main config files
couldn't work as it created a time window in which some of the systemd
services were restarted with no config file. That had the bad side effect to
restart them with the upstream defaults, ignoring any user's customization.
-------------------------------------------------------------------
Thu Jul 11 14:07:44 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit e87183896e2dbb0b2a78709c9ae0e37911b7fbcd (merge of v254.11)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/952e82f83554e8f49b2246799dddc38257a0893a...e87183896e2dbb0b2a78709c9ae0e37911b7fbcd
-------------------------------------------------------------------
Thu Jul 11 12:56:31 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 952e82f83554e8f49b2246799dddc38257a0893a
d317008225 gpt-auto-generator: be more defensive when checking the presence of ESP in fstab
fed117d448 journalctl: explicitly check < 0 for error
41d9e82099 journalctl: make --until work again with --after-cursor and --lines (bsc#1221906)
-------------------------------------------------------------------
Thu Jul 11 10:40:35 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 67a66ebcb994882ebfe0e9de3765628969e50067 (merge of v254.10)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/31f1148f75a1155d3eb37fd1a450096d669ec65b...67a66ebcb994882ebfe0e9de3765628969e50067
-------------------------------------------------------------------
Thu Jul 11 10:17:37 UTC 2024 - Franck Bui <fbui@suse.com>
- Make sure systemd-sysvcompat replaces systemd-sysvinit on upgrades (bsc#1218110)
-------------------------------------------------------------------
Thu Feb 22 09:47:41 UTC 2024 - Franck Bui <fbui@suse.com>
@ -1062,6 +1205,7 @@ Mon Nov 14 11:15:06 UTC 2022 - Franck Bui <fbui@suse.com>
- upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723)
- upstream commit 9102c625a673a3246d7e73d8737f3494446bad4e (bsc#1204968 CVE-2022-3821)
- upstream commit efbd4b3ca84c0426b6ff98d6352f82f3b7c090b2 (bsc#1213873)
- upstream commit f562abe2963bad241d34e0b308e48cf114672c84 (bsc#1226414)
* Rebased 0001-conf-parser-introduce-early-drop-ins.patch
1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch

86
systemd.spec
View File

@ -18,14 +18,14 @@
%global flavor @BUILD_FLAVOR@%{nil}
%define archive_version +suse.30.g31f1148f75
%define archive_version +suse.50.g87f11f092e
%if 0%{?version_override}
%define systemd_major %version_override
%define systemd_minor %{nil}
%else
%define systemd_major 254
%define systemd_minor 9
%define systemd_minor 18
%endif
%define systemd_version %{systemd_major}%{?systemd_minor:.%{systemd_minor}}
@ -76,20 +76,6 @@
%bcond_without filetriggers
%bcond_with split_usr
# We stopped shipping main config files in /etc but we have to restore any
# config files that might have been backed up by rpm during the migration of the
# main config files from /etc to /usr. This needs to be done in %%posttrans
# because the .rpmsave files are created when the *old* package version is
# removed. This is not needed by ALP and will be dropped from Factory near the
# end of 2024.
%define restore_rpmsave() \
if [ -e %{_sysconfdir}/%{1}.rpmsave ] && [ ! -e %{_sysconfdir}/%{1} ]; then \
echo >&2 "Restoring %{_sysconfdir}/%1. Please consider moving your customizations in a drop-in instead." \
echo >&2 "For more details, visit https://en.opensuse.org/Systemd#Configuration." \
mv -v %{_sysconfdir}/%{1}.rpmsave %{_sysconfdir}/%{1} || : \
fi \
%{nil}
Name: systemd%{?mini}
URL: http://www.freedesktop.org/wiki/Software/systemd
# Allow users to specify the version and release when building the rpm by
@ -180,8 +166,6 @@ Obsoletes: nss-myhostname < %{version}-%{release}
Provides: nss-myhostname = %{version}-%{release}
Provides: systemd-logger = %{version}-%{release}
Obsoletes: systemd-logger < %{version}-%{release}
Provides: systemd-sysvinit = %{version}-%{release}
Obsoletes: systemd-sysvinit < %{version}-%{release}
Provides: systemd-analyze = %{version}-%{release}
Obsoletes: pm-utils <= 1.4.1
Obsoletes: suspend <= 1.0
@ -231,7 +215,6 @@ Patch5: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
%endif
%if %{without upstream}
# Patches listed below are put in quarantine. Normally all changes must go to
# upstream first and then are cherry-picked in the SUSE git repository. But for
# very few cases, some stuff might be broken in upstream and need to be fixed or
@ -239,17 +222,8 @@ Patch5: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
# will be removed as soon as a proper fix will be merged by upstream.
Patch5001: 5001-Revert-udev-update-devlink-with-the-newer-device-nod.patch
Patch5002: 5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch
# jsc#PED-5659
Patch5003: 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
Patch5004: 5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
Patch5005: 5005-bus-print-properties-prettify-more-unset-properties.patch
Patch5006: 5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
Patch5007: 5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
Patch5008: 5008-test-Add-effective-cgroup-limits-testing.patch
Patch5009: 5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
Patch5010: 5010-cgroup-Rename-effective-limits-internal-table.patch
%endif
Patch5003: 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
@ -285,8 +259,8 @@ developing and building applications linking to these libraries.
Summary: SySV and LSB init script support for systemd (deprecated)
License: LGPL-2.1-or-later
Requires: %{name} = %{version}-%{release}
Provides: systemd-sysvinit:%{_sbindir}/runlevel
Provides: systemd-sysvinit:%{_sbindir}/telinit
Provides: systemd-sysvinit = %{version}-%{release}
Obsoletes: systemd-sysvinit < %{version}-%{release}
%description sysvcompat
This package ships the necessary files that enable minimal SysV and LSB init
@ -616,6 +590,7 @@ Recommends: tpm2.0-tools
%if %{with resolved}
# Optional dep for knot needed by TEST-75-RESOLVED
Recommends: knot
%endif
%if %{with selinux}
# Optional deps needed by TEST-06-SELINUX (otherwise skipped)
Recommends: selinux-policy-devel
@ -626,7 +601,6 @@ Recommends: selinux-policy-targeted
# image, see install_missing_libraries() for details.
Requires: libidn2
Requires: pkgconfig(libidn2)
%endif
%if %{with experimental}
Requires: libpwquality1
Requires: libqrencode4
@ -1061,9 +1035,9 @@ rm -f %{buildroot}%{_journalcatalogdir}/*
rm -fr %{buildroot}%{_docdir}/systemd
%endif
# Don't drop %%pre section even if it becomes empty: the build process of
# installation images uses a hardcoded list of packages with a %%pre that needs
# to be run during the build and complains if it can't find one.
# Don't drop the 'pre' section even if it becomes empty: the build process of
# installation images uses a hardcoded list of packages with a 'pre' section
# that needs to be run during the build and complains if it can't find one.
%pre
# We don't really need to enable these units explicitely since during
# installation `systemctl preset-all` is executed at the end of the install
@ -1110,7 +1084,8 @@ systemd-tmpfiles --create || :
journalctl --update-catalog || :
%endif
# See the comment in %%pre about why we need to call %%systemd_pre.
# See the comment in the 'pre' section about why we need to call 'systemd_pre'
# macro.
%systemd_post remote-fs.target
%systemd_post getty@.service
%systemd_post systemd-journald-audit.socket
@ -1128,12 +1103,6 @@ journalctl --update-catalog || :
%systemd_postun_with_restart systemd-timedated.service
%systemd_postun_with_restart systemd-userdbd.service
%posttrans
%restore_rpmsave systemd/journald.conf
%restore_rpmsave systemd/logind.conf
%restore_rpmsave systemd/system.conf
%restore_rpmsave systemd/user.conf
%pre -n udev%{?mini}
# Units listed below can be enabled at installation accoding to their preset
# setting.
@ -1167,31 +1136,13 @@ fi
%postun -n udev%{?mini}
%regenerate_initrd_post
# The order of the units being restarted is important here because there's
# currently no way to queue multiple jobs into a single transaction
# atomically. Therefore systemctl will create 3 restart jobs that can be handled
# by PID1 separately and if the jobs for the sockets are being handled first
# then starting them again will fail as the service is still active hence the
# sockets held by udevd. However if the restart job for udevd is handled first,
# there should be enough time to queue the socket jobs before the stop job for
# udevd is processed. Hence PID1 will automatically sort the restart jobs
# correctly by stopping the service then the sockets and then by starting the
# sockets and the unit.
#
# Note that when systemd-udevd is restarted, there will always be a short time
# frame where no socket will be listening to the events sent by the kernel, no
# matter if the socket unit is restarted in first or not.
%systemd_postun_with_restart systemd-udevd.service systemd-udevd-{control,kernel}.socket
# Restarting udev socket units along with udevd is not safe (bsc#1228809).
%systemd_postun_with_restart systemd-udevd.service
%systemd_postun_with_restart systemd-timesyncd.service
%systemd_postun systemd-pstore.service
%posttrans -n udev%{?mini}
%regenerate_initrd_posttrans
%restore_rpmsave systemd/pstore.conf
%restore_rpmsave systemd/sleep.conf
%restore_rpmsave systemd/timesyncd.conf
%restore_rpmsave udev/iocost.conf
%ldconfig_scriptlets -n libsystemd0%{?mini}
%ldconfig_scriptlets -n libudev%{?mini}1
@ -1252,10 +1203,6 @@ fi
%systemd_postun_with_restart systemd-journal-gatewayd.service
%systemd_postun_with_restart systemd-journal-remote.service
%systemd_postun_with_restart systemd-journal-upload.service
%posttrans journal-remote
%restore_rpmsave systemd/journal-remote.conf
%restore_rpmsave systemd/journal-upload.conf
%endif
%if %{with networkd} || %{with resolved}
@ -1304,10 +1251,6 @@ fi
%ldconfig
%systemd_postun systemd-resolved.service
%endif
%posttrans network
%restore_rpmsave systemd/networkd.conf
%restore_rpmsave systemd/resolved.conf
%endif
%if %{with homed}
@ -1366,9 +1309,6 @@ fi
%postun experimental
%systemd_postun systemd-homed.service
%systemd_postun systemd-oomd.service systemd-oomd.socket
%posttrans experimental
%restore_rpmsave systemd/oomd.conf
%endif
# File trigger definitions