IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This adds minimal hardware watchdog support to PID 1. The idea is that
PID 1 supervises and watchdogs system services, while the hardware
watchdog is used to supervise PID 1.
This adds two hardware watchdog configuration options, for the runtime
watchdog and for a shutdown watchdog. The former is active during normal
operation, the latter only at reboots to ensure that if a clean reboot
times out we reboot nonetheless.
If the runtime watchdog is enabled PID 1 will automatically wake up at
half the configured interval and write to the watchdog daemon.
By default we enable the shutdown watchdog, but leave the runtime
watchdog disabled in order not to break independent hardware watchdog
daemons people might be using.
This is only the most basic hookup. If necessary we can later on hook
up the watchdog ping more closely with services deemed crucial.
Especially in the case of --enable-split-usr, several units will point
to the wrong location for systemctl. Use @SYSTEMCTL@ which will always
contain the proper path.
This logic can be turned off by defining SD_JOURNAL_SUPPRESS_LOCATION
before including sd-journal.h.
This also saves/restores errno in all logging functions, in order to be
useful as logging calls without side-effects.
This also adds a couple of __unlikely__ around the early checks in the
logging calls, in order to minimize the runtime impact.
The default setups should be a stateless as possible. /tmp as tmpfs is
the intended default for general purpose systems.
Small temporary files should not be stored on disk; lager files, or
files which should potentially survive a reboot, belong into /var/tmp.
Also catch up with some good old UNIX history.
More details are here:
https://fedoraproject.org/wiki/Features/tmp-on-tmpfs
Since a number of distribitions don't need this compat glue anymore drop
it from systemd upstream. Distributions which still haven't converted
to /run can steal these unit files from the git history if they need to.
udisks2 doesn't use /media anymore, instead mounts removable media in a
user-private directory beneath /run. /media is hence mostly obsolete and
hence it makes little sense to continue to mount a tmpfs to it.
Distributions should consider dropping the mount point entirely since
nothing uses it anymore.
Let's make things a bit easier to type, drop the systemd- prefix for
journalctl and loginctl, but provide the old names for compat.
All systemd binaries are hence now prefixed with "systemd-" with the
exception of the three primary user interface binaries:
systemctl
loginctl
journalctl
For those three we do provide systemd-xyz names as well, via symlinks:
systemd-systemctl → systemctl
systemd-loginctl → loginctl
systemd-journalctl → journalctl
We do this only for the *primary* user tools, in order to avoid
unnecessary namespace problems. That means tools like systemd-notify
stay the way they are.
This is an S/MIME signed message
The new function ima_setup() loads an IMA custom policy from a file in the
default location '/etc/ima/ima-policy', if present, and writes it to the
path 'ima/policy' in the security filesystem. This function is executed
at early stage in order to avoid that some file operations are not measured
by IMA and it is placed after the initialization of SELinux because IMA
needs the latter (or other security modules) to understand LSM-specific
rules. This feature is enabled by default and can be disabled by providing
the option '--disable-ima' to the configure script.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This is an S/MIME signed message
The mount of the securityfs filesystem is now performed in the main systemd
executable as it is used by IMA to provide the interface for loading custom
policies. The unit file 'units/sys-kernel-security.mount' has been removed
because it is not longer necessary.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
we need to make sure that configuration data we expose via the bus ends
up in using getting an assert(). Even though configuration data is only
parsed from trusted sources we should be more careful with what we read.
In preparation for https://bugzilla.gnome.org/show_bug.cgi?id=655380 we
decided it's better to include the multi-seat X wrapper in systemd,
rather than gdm. (Side effect: this makes this accessible for other
DMs)
This is a stop-gap for now, until X gins proper multi-seat graphics
support at which point this code will go away without replacement.
When separate 'builddirs', like with 'distcheck', are used, the generated
sources, like the '.c' files from 'gperf', are placed in the 'builddir' and
can not find the include headers in 'srcdir'.
rc-local.service acts as an ordering barrier even if its condition is
false, because conditions are evaluated when the service is about to be
started.
To avoid the ordering barrier in a legacy-free system, add a generator
to pull rc-local.service into the transaction only if the script is
executable.
If/when we rewrite SysV compatibility into a generator, this one can become
a part of it.
This patch adds support for the Mageia Linux distribution:
http://www.mageia.org/
Mageia is a fork of Mandriva although some divergence has already occured
and thus inclusion of these changes upstream allow us to (hopefully)
migrate more rapidly to the new standard approaches systemd offers.
Indeed, we already use the preferred mechanism of OS identification via
the /etc/os-release file rather than a distro specific variation.
This patch mostly mirrors the patch added previously for Mandriva
support. In addition to those original authors, this patch was mostly
written by Dexter Morgan with help from Colin Guthrie and Eugeni Dodonov.
The mount point directory /sys/kernel/config is only created after the
module is loaded, hence there's little value in having this an automount
unit: the runtime penalty for mounting an autofs here should be the same
as for a real mount.
The new WrapLabel is there to work around a deficiency in GTK,
namely the fact that it is hard to make labels which are both
resizable and wrappable. The code is a port from libview.
Many people prefer to avoid clearing /tmp and /var/tmp, and
distributions often have explicit settings for how often to clear them
if at all. Overriding those with systemd currently requires overriding
all of /usr/lib/tmpfiles.d/systemd.conf via
/etc/tmpfiles.d/systemd.conf, copying across all the other entries, and
updating that override when systemd.conf changes.
Move the /tmp and /var/tmp entries from systemd.conf to a separate
tmp.conf, making them easier to override without affecting the rest of
systemd.conf.
This new installer will replace the current code of "systemctl enable"
but also be available via D-Bus. It adds a couple of new features:
- Mask/Unmask calls
- Reenable call
- Preset call
- Support for enabling units temporarily (i.e. in /run/systemd instead
of /etc/systemd)
- Enumeration of installed units
- Support for out-of-search-path units
systemctl and D-Bus are not hooked up with this yet
Compilation fails if sys/acl.h is not available. The configure script
already tests for sys/acl.h presence, but the result was so far unused.
To compile without acl, stub implementations of the acl functions are
used.
We don't want to fiddle around changing the RTC, not on bootup, not
on shutdown.
If we don't run NTP, we have absolutely no clue what's the current
time to store in the RTC. If we run NTP, the kernel syncs the system
time every 11 minutes to the RTC.
Especially in multi-boot environents we must not call hwclock(8)
which tries to be smart with calculating/storing/applying drifts
and such.
Live-CDs must never touch the RTC, because we don't know if it is
running in UTC or locatime.
We check for LOCAL in /etc/adjtime and if needed, ask the kernel to
apply the timezone delta to the system clock.
The very first call of settimeofday() without a time, but a timezone
warps the system clock, so that it properly runs in UTC.
otherwise building fails if it doesn't exist:
( cd <DESTDIR>/usr/share/dbus-1/services && \
rm -f org.freedesktop.systemd1.service && \
ln -s ../system-services/org.freedesktop.systemd1.service org.freedesktop.systemd1.service )
/bin/sh: line 0: cd: <DESTDIR>/usr/share/dbus-1/services: No such file or directory
This commit consists of the initial work to include Angstrom as a ported
distribution for systemd.
Angstrom tries to follow the debian way as much as possible, but deviates
where it doesn't make sense for 'embedded'.
This commit consists of the initial work to include MeeGo as a ported
distribution for systemd.
The majority of the changes are small configuration additions to auto
tools, so that MeeGo is identified as a valid distribution option.
Some small deviations will be noticed between the configuration of MeeGo
and other distributions. As MeeGo is a distribution striving for
compliancy to support its near embedded attributes and target users,
there is less user configuration options available by default. Most
services will be enabled by systemd as part of the distribution
requirements, and as such most links and service files will be pre-setup
for the MeeGo distribution. As much of this is going to be done within
the MeeGo distribution packaging this is still noteworthy to mention, as
it explains why in systemd you will observe configuration differences
where the MeeGo distribution removes all links in the pkgsysconfdir for
instance. MeeGo will be user configurable if there is desire, but most
services will be enabled by the distribution as designated by the MeeGo
compliancy standards.
Other changes are in source to add such areas as meego-release defined
in utils, and hostname in hostname-setup, defining vconsole-setup,
localizations and rescue additions as needed.
As this is all ground work, MeeGo will continue to strive for complete
compatibility.
On request of Miroslav Lichvar, rename rtc-set.target to
time-sync.target since usually the RTC chip isn't involved at all in NTP
syncs.
Also, pull it in by hwclock-load.service.
This adds support for executing systemctl operations remotely or as
privileged user while still running systemctl itself unprivileged and
locally.
This currently requires a D-Bus patch to work properly.
https://bugs.freedesktop.org/show_bug.cgi?id=35230