<para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with
<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
- <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
- and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known
- names like <literal>localhost</literal> and the machine hostname are given higher priority than the
- external configuration. This is recommended when the external DNS servers and network are not absolutely
- trusted. In the second version, external configuration is given higher priority and
- <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely
- controlled networks, for example on a company LAN.</para>
+ <para>It is recommended to place <literal>myhostname</literal> after <literal>file</literal> and before <literal>dns</literal>.
+ This resolves well-known hostnames like <literal>localhost</literal>
+ and the machine hostnames locally. It is consistent with the behaviour
+ of <command>nss-resolve</command>, and still allows overriding via
+ <filename>/etc/hosts</filename>.</para>
+
+ <para>Please keep in mind that <command>nss-myhostname</command> (and <command>nss-resolve</command>) also resolve
+ in the other direction — from locally attached IP adresses to
+ hostnames. If you rely on that lookup being provided by DNS, you might
+ want to order things differently.
+ </para>
</refsect1>
<refsect1>
gshadow: files systemd
-# Either (untrusted network, see above):
hosts: mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
-# Or (only trusted networks):
-hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
networks: files
protocols: db files
log_warning_errno(r, "Failed to set NUMA memory policy: %m");
}
+static void filter_args(const char* dst[], unsigned *pos, char **src, int argc) {
+ assert(dst);
+ assert(pos);
+
+ /* Copy some filtered arguments into the dst array from src. */
+ for (int i = 1; i < argc; i++) {
+ if (STR_IN_SET(src[i],
+ "--switched-root",
+ "--system",
+ "--user"))
+ continue;
+
+ if (startswith(src[i], "--deserialize="))
+ continue;
+ if (streq(src[i], "--deserialize")) {
+ i++; /* Skip the argument too */
+ continue;
+ }
+
+ /* Skip target unit designators. We already acted upon this information and have queued
+ * appropriate jobs. We don't want to redo all this after reexecution. */
+ if (startswith(src[i], "--unit="))
+ continue;
+ if (streq(src[i], "--unit")) {
+ i++; /* Skip the argument too */
+ continue;
+ }
+
+ if (startswith(src[i],
+ in_initrd() ? "rd.systemd.unit=" : "systemd.unit="))
+ continue;
+
+ if (runlevel_to_target(src[i]))
+ continue;
+
+ /* Seems we have a good old option. Let's pass it over to the new instance. */
+ dst[*pos] = src[i];
+ (*pos)++;
+ }
+}
+
static void do_reexecute(
int argc,
- char *argv[],
+ char* argv[],
const struct rlimit *saved_rlimit_nofile,
const struct rlimit *saved_rlimit_memlock,
FDSet *fds,
const char *switch_root_init,
const char **ret_error_message) {
- unsigned i, j, args_size;
+ unsigned i, args_size;
const char **args;
int r;
log_error_errno(r, "Failed to switch root, trying to continue: %m");
}
- args_size = MAX(6, argc+1);
+ args_size = argc + 6;
args = newa(const char*, args_size);
if (!switch_root_init) {
- char sfd[DECIMAL_STR_MAX(int) + 1];
+ char sfd[DECIMAL_STR_MAX(int)];
/* First try to spawn ourselves with the right path, and with full serialization. We do this only if
* the user didn't specify an explicit init to spawn. */
xsprintf(sfd, "%i", fileno(arg_serialization));
- i = 0;
- args[i++] = SYSTEMD_BINARY_PATH;
+ i = 1; /* Leave args[0] empty for now. */
+ filter_args(args, &i, argv, argc);
+
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_system ? "--system" : "--user";
*/
valgrind_summary_hack();
+ args[0] = SYSTEMD_BINARY_PATH;
(void) execv(args[0], (char* const*) args);
- log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
+ log_debug_errno(errno, "Failed to execute our own binary %s, trying fallback: %m", args[0]);
}
/* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
/* Reopen the console */
(void) make_console_stdio();
- for (j = 1, i = 1; j < (unsigned) argc; j++)
+ i = 1; /* Leave args[0] empty for now. */
+ for (int j = 1; j <= argc; j++)
args[i++] = argv[j];
- args[i++] = NULL;
assert(i <= args_size);
/* Re-enable any blocked signals, especially important if we switch from initial ramdisk to init=... */
if (switch_root_init) {
args[0] = switch_root_init;
(void) execve(args[0], (char* const*) args, saved_env);
- log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
+ log_warning_errno(errno, "Failed to execute configured init %s, trying fallback: %m", args[0]);
}
args[0] = "/sbin/init";