1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-29 11:21:33 +03:00
Commit Graph

225 Commits

Author SHA1 Message Date
Michael Tretter
09ee387e08 boot-loader-spec: add devicetree-overlay key
Device tree overlays are a convenient way to patch device trees, e.g.,
add new devices to a device tree or enable/disable devices. This is
useful for non-discoverable but configurable hardware. Device tree
overlays are commonly used for displays on the Raspberry Pi or for
describing the content of FPGA bitstreams.

Add the devicetree-overlay key to boot loader specification entries to
allow boot loaders to apply overlays.

See #13537
2019-10-29 11:24:19 +01:00
Zbigniew Jędrzejewski-Szmek
a5f6f346d3
Merge pull request #13423 from pwithnall/12035-session-time-limits
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
2019-10-28 14:57:00 +01:00
Philip Withnall
9ed7de605d scope: Support RuntimeMaxSec= directive in scope units
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.

This could be used for time-limited login sessions, for example.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #12035
2019-10-28 09:44:31 +01:00
Zbigniew Jędrzejewski-Szmek
581004bd33 docs: fix inadvertent change in uid range
a305eda35f (r35378755)
2019-10-06 19:05:57 +02:00
Zbigniew Jędrzejewski-Szmek
86e94d95d0
Merge pull request #13246 from keszybz/add-SystemdOptions-efi-variable
Add efi variable to augment /proc/cmdline
2019-10-03 12:19:44 +02:00
Zbigniew Jędrzejewski-Szmek
c78c095b1e nspawn: rename UNIFIED_CGROUP_HIERARCHY to SYSTEMD_NSPAWN_UNIFIED_HIERARCHY
We should never have used an unprefixed environment variable name.
All other systemd-nspawn variables have the "SYSTEMD_NSPAWN_" prefix,
and all other systemd variables have the "SYSTEMD_" prefix.

The new variable name takes precedence, but we fall back to checking the
old one. If only the old one is found, a warning is emitted.

In addition, SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="" is accepted as an override
to avoid looking for the old variable name.

We have a variable with the same name ($UNIFIED_CGROUP_HIERARCHY) in tests,
which governs both systemd-nspawn and qemu behaviour. It is not renamed.
2019-10-01 10:21:13 -07:00
Pavel Hrdina
047f5d63d7 cgroup: introduce support for cgroup v2 CPUSET controller
Introduce support for configuring cpus and mems for processes using
cgroup v2 CPUSET controller.  This allows users to limit which cpus
and memory NUMA nodes can be used by processes to better utilize
system resources.

The cgroup v2 interfaces to control it are cpuset.cpus and cpuset.mems
where the requested configuration is written.  However, it doesn't mean
that the requested configuration will be actually used as parent cgroup
may limit the cpus or mems as well.  In order to reflect the real
configuration cgroup v2 provides read-only files cpuset.cpus.effective
and cpuset.mems.effective which are exported to users as well.
2019-09-24 15:16:07 +02:00
Zbigniew Jędrzejewski-Szmek
53aa0d02ad Add support for SystemdOptions EFI var to augment /proc/cmdline
In various circumstances, overriding the kernel commandline can be inconvenient.
People have different bootloaders, and e.g. the grub config can be pretty scary.
grubby helps, but it isn't always available.

This option adds an alternative mechanism that can quite convenient on EFI
systems. cmdline settings have higher priority, because they can be (usually)
changed on the bootloader prompt.

$SYSTEMD_EFI_OPTIONS can be used to override, same as $SYSTEMD_PROC_CMDLINE.
2019-09-16 18:08:54 +02:00
Zbigniew Jędrzejewski-Szmek
31e1bbd1ca docs: fix push recipe in RELEASE.md 2019-09-05 13:40:31 +02:00
nikolas
22aba2b969 docs: fix typo in boot loader doc 2019-09-05 07:41:26 +09:00
Zbigniew Jędrzejewski-Szmek
153d597575 docs: create new SECURITY.md page
github has special support for that name:
https://help.github.com/en/articles/adding-a-security-policy-to-your-repository.
2019-08-30 11:45:42 +02:00
Zbigniew Jędrzejewski-Szmek
6d8cf86476 docs: new systemd-security mailing list
In the past, we asked people to open a security bug on one of the "big"
distros. This worked OK as far as getting bugs reported and notifying some
upstream developers went. But we always had trouble getting information to
all the appropriate parties, because each time a bug was reported, a big
thread was created, with a growing CC list. People who were not CCed early
enough were missing some information, etc.

To clean this up, we decided to create a private mailing list. The natural
place would be freedesktop.org, but unfortunately the request to create a
mailing list wasn't handled
(https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/134). And even
if it was, at this point, if there was ever another administrative issue, it
seems likely it could take months to resolve. So instead, we asked for a list
to be created on the redhat mailservers.

Please consider the previous security issue reporting mechanisms rescinded, and
send any senstive bugs to systemd-security@redhat.com.
2019-08-30 09:12:27 +02:00
Lennart Poettering
d35c77412a docs: fix env var name in random seed markdown documentation 2019-08-11 06:10:58 +09:00
Simon Schricker
2d1b928109 docs: fix typo 2019-07-30 08:44:05 +02:00
Lennart Poettering
93f5910078 docs: add longer document about systemd and random number seeds 2019-07-25 18:31:20 +02:00
Lennart Poettering
c7bb4dfcf4 docs: document new random seed EFI vars as part of the boot loader interface 2019-07-25 18:31:20 +02:00
Anita Zhang
31cd5f63ce core: ExecCondition= for services
Closes #10596
2019-07-17 11:35:02 +02:00
Lennart Poettering
a7d9fccd0e locale-util: suppress non-UTF-8 locales when enumerating them
Let's hide non-UTF-8 locales by default. It's 2019 after all.

Let's add an undocumented env var to reenable listing them though.

This should substantially shorten the list of choices we offer users,
and only show realistic choices.

note that only firstboot and localectl make use of this information, and
both allow configuration of values outside of these lists, hence all
this change does is hide legacy options, but they are still available if
you know what you do, and that's how it should be.
2019-07-14 11:05:34 +02:00
Zbigniew Jędrzejewski-Szmek
29c7680ec9 meson: drop varlogdir variable
It was only used for exactly one thing: to substitute in the text in
/var/log/README. But it's use there was completely wrong, because the text
talks about "missing" log files from syslog, so even if we configured systemd
to log to a different directory, the "missing" log files would still be
"missing" from the old location.
2019-07-04 10:16:48 +02:00
Zbigniew Jędrzejewski-Szmek
6ed5ef9819 meson: create /var/log/journal/{,remote/} conditionally
Not everybody has those dirs in the filesystem (and they don't need to).
When creating an installation package using $DESTDIR, it is easy enough to
remove or ignore those directories, but if installing into a real root, it
is ugly to create and remove them. Let's add an option so people can skip
it if they want.

Inspired by #12930.
2019-07-04 10:16:48 +02:00
Michael Prokop
d238709c14 docs: fix typos and duplicate words
s/and and/and/
s/explicity/explicitly/
s/that that/that/
s/the the/the/
s/is is/it is/
s/overriden/overridden/
2019-06-27 10:43:21 +02:00
Lennart Poettering
b5bd7a29f9 some CODING_STYLE additions 2019-06-25 10:56:15 +02:00
Jan Pokorný
1a31d050f2 docs: CGROUP_DELEGATION: fix a typo in "that" 2019-06-18 11:31:47 +09:00
Jeka Pats
53a42e6268 Continuous Fuzzing Integration with Fuzzit
includes two travis ci steps:

1) Every pull-request/push all fuzzing targets will do a quick
sanity run on the generated corpus and crashes (via Fuzzit)
2) On a daily basis the fuzzing targets will be compiled (from
master) and will and their respectible fuzzing job on Fuzzit
will be updated to the new binary.
2019-06-14 21:09:40 +03:00
Frantisek Sumsal
c9a95378ec docs: add documentation for sanitizers 2019-05-27 17:46:10 +02:00
Michael Biebl
4450894653 Drop support for /usr/sbin/halt.local
/usr/sbin/halt.local is a Fedora/Red Hat anachronism from pre-systemd
times.
2019-05-23 10:19:01 +02:00
Lennart Poettering
a305eda35f docs: add comment about high 32bit range and signed uids 2019-05-16 19:24:59 +02:00
Chris Down
acdb4b5236 cgroup: Polish hierarchically aware protection docs a bit
I missed adding a section in `systemd.resource-control` about
DefaultMemoryMin in #12332.

Also, add a NEWS entry going over the general concept.
2019-05-08 12:06:32 +01:00
Ben Boeckel
5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Anita Zhang
25cc30c4c8 core: support DisableControllers= for transient units 2019-04-22 11:52:08 -07:00
Yu Watanabe
cc83684947
Merge pull request #12296 from poettering/coding-style-sections
split CODING_STYLE document into multiple thematic sections
2019-04-13 18:23:13 +09:00
Jan Klötzke
dc653bf487 service: handle abort stops with dedicated timeout
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
2019-04-12 17:32:52 +02:00
Chris Down
c52db42b78 cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).

This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.

Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).

Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.

After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
2019-04-12 17:23:58 +02:00
Lennart Poettering
b4f12824a0 CODING_STYLE: rename "Others" section to "Code Organization and Semantics"
This is a bit of a grabbag, but it's the best I could come up with
without having lots of single-item sections.
2019-04-12 17:01:05 +02:00
Lennart Poettering
4467d39315 CODING_STYLE: split out section about runtime behaviour 2019-04-12 16:59:48 +02:00
Lennart Poettering
78e5b4d7ee CODING_STYLE: add section about C constructs use 2019-04-12 16:53:27 +02:00
Lennart Poettering
3b75e079a8 CODING_STYLE: split out section about deadlocks 2019-04-12 16:50:24 +02:00
Lennart Poettering
96f6cfbf62 CODING_STYLE: split out section about logging 2019-04-12 16:49:02 +02:00
Lennart Poettering
5638076135 CODING_STYLE: export section about exporting symbols 2019-04-12 16:45:03 +02:00
Lennart Poettering
c159efe341 CODING_STYLE: split out section about destructors 2019-04-12 16:42:44 +02:00
Lennart Poettering
996f119d97 CODING_STYLE: split out section about command line parsing 2019-04-12 16:40:34 +02:00
Lennart Poettering
b065e1f176 CODING_STYLE: Split out section about error handling 2019-04-12 16:38:14 +02:00
Lennart Poettering
831781b9c9 CODING_STYLE: split out section about commiting to git 2019-04-12 16:35:17 +02:00
Lennart Poettering
25553cd9cd CODING_STYLE: split out section about file descriptors 2019-04-12 16:34:01 +02:00
Lennart Poettering
0485824030 CODING_STYLE: split out section about memory allocations 2019-04-12 16:31:58 +02:00
Lennart Poettering
f42c1cd4b5 CODING_STYLE: move out section about Types 2019-04-12 16:28:35 +02:00
Lennart Poettering
971dfffab8 CODING_STYLE: add section about how to reference specific concepts 2019-04-12 16:28:35 +02:00
Lennart Poettering
8c9289e705 CODING_STYLE: split out bits about Formatting into its own section
(And, for now, add a section "Other" to separate the rest of the stuff)
2019-04-12 16:28:35 +02:00
Lennart Poettering
2d0dce2afe CODING_STYLE: add a section about functions not to use
Let's add sections to the document. First off, let's add one about
functions not to use.
2019-04-12 16:28:02 +02:00
Zbigniew Jędrzejewski-Szmek
3b69b18fbf CODING_STYLE: adjust indentation rules, and add note about config loading 2019-04-12 08:37:41 +02:00