1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

63 Commits

Author SHA1 Message Date
Lennart Poettering
d91c34f21f exec: Assigning the empty string to CapabilityBoundSet= should drop all caps
Previously, it would set all caps, but it should drop them all, anything
else makes little sense.

Also, document that this works as it does, and what to do in order to
assign all caps to the bounding set.

https://bugzilla.redhat.com/show_bug.cgi?id=914705
2013-03-22 23:28:44 +01:00
Michal Sekletar
c17ec25e4d core: reuse the same /tmp, /var/tmp and inaccessible dir
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
2013-03-15 22:56:40 -04:00
Zbigniew Jędrzejewski-Szmek
e670b166a0 man: use <replaceable> in various places 2013-02-13 23:09:00 -05:00
Zbigniew Jędrzejewski-Szmek
5f9cfd4c38 man: rename systemd.conf to systemd-system.conf
Alias as systemd-user.conf is also provided. This should help
users running systemd in session mode.

https://bugzilla.redhat.com/show_bug.cgi?id=690868
2013-02-13 09:48:32 -05:00
Zbigniew Jędrzejewski-Szmek
ccc9a4f9ff man: extend systemd.directives(7) to all manual pages
New sections are added: PAM options, crypttab options, commandline
options, miscellaneous. The last category will be used for all
untagged <varname> elements.

Commandline options sections is meant to be a developer tool: when
adding an option it is sometimes useful to be able to check if
similarly named options exist elsewhere.
2013-01-26 11:36:53 -05:00
Zbigniew Jędrzejewski-Szmek
652d0dd709 man: mention that PrivateTmp means /var/tmp too 2013-01-26 10:52:32 -05:00
Frederic Crozat
0ae9c92a93 man: systemd.exec - explicit Environment assignment
Hi all,

while working on another bug, I discovered the "strange" way systemd is
parsing Environment= in .service and thought it was worth documenting
(because I don't expect people to find this syntax by themselves unless
they read the parsing code ;)

Be more verbose about using space in Environment field and not
using value of other variables

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=840260

[zj: expand and reformat the example a bit]
2013-01-24 19:36:47 -05:00
Michal Vyskocil
565d91fdf1 util: continuation support for load_env_file
Variable definitions can be written on more than one line - if each ends
with a backslash, then is concatenated with a previous one. Only
backslash and unix end of line (\n) are treated as a continuation.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=58083

[zj: squashed two patches together; cleaned up grammar; removed
     comment about ignoring trailing backslash -- it is not ignored.]

Document continuation support in systemd.exec
2013-01-18 11:06:15 -05:00
Lennart Poettering
74051b9b58 units: for all unit settings that take lists, allow the empty string for resetting the lists
https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:50:05 +01:00
Zbigniew Jędrzejewski-Szmek
9cc2c8b763 man: add links to directive index to see-alsos
systemd.directives(5) is renamed to systemd.directives(7).
Section 7 is "Miscellaneous".
2013-01-15 11:30:42 -05:00
Pekka Lundstrom
2bef10ab36 Added globbing support to EnvironmentFile
This patch allows globbing to be used with EnvironmentFile option.
Example:
EnvironmentFile=/etc/foo.d/*.conf

t. Pekka
2013-01-04 01:11:50 +01:00
Kay Sievers
8050c22151 man: systemd.exec - mention mount(2)
https://bugzilla.redhat.com/show_bug.cgi?id=880552
2012-11-27 11:40:08 +01:00
Holger Hans Peter Freyther
bb11271068 sched: Only setting CPUSchedulingPriority=rr doesn't work
A service that only sets the scheduling policy to round-robin
fails to be started. This is because the cpu_sched_priority is
initialized to 0 and is not adjusted when the policy is changed.

Clamp the cpu_sched_priority when the scheduler policy is set. Use
the current policy to validate the new priority.

Change the manual page to state that the given range only applies
to the real-time scheduling policies.

Add a testcase that verifies this change:

$ make test-sched-prio; ./test-sched-prio
[test/sched_idle_bad.service:6] CPU scheduling priority is out of range, ignoring: 1
[test/sched_rr_bad.service:7] CPU scheduling priority is out of range, ignoring: 0
[test/sched_rr_bad.service:8] CPU scheduling priority is out of range, ignoring: 100
2012-11-15 16:16:45 +01:00
Lennart Poettering
df688b23da man: minor updates 2012-10-26 01:18:41 +02:00
Andrew Eikum
16dad32e43 Reword sentences that contain psuedo-English "resp."
As you likely know, Arch Linux is in the process of moving to systemd.
So I was reading through the various systemd docs and quickly became
baffled by this new abbreviation "resp.", which I've never seen before
in my English-mother-tongue life.

Some quick Googling turned up a reference:
<http://www.transblawg.eu/index.php?/archives/870-Resp.-and-other-non-existent-English-wordsNicht-existente-englische-Woerter.html>

I guess it's a literal translation of the German "Beziehungsweise", but
English doesn't work the same way. The word "respectively" is used
exclusively to provide an ordering connection between two lists. E.g.
"the prefixes k, M, and G refer to kilo-, mega-, and giga-,
respectively." It is also never abbreviated to "resp." So the sentence
"Sets the default output resp. error output for all services and
sockets" makes no sense to a natural English speaker.

This patch removes all instances of "resp." in the man pages and
replaces them with sentences which are much more clear and, hopefully,
grammatically valid. In almost all instances, it was simply replacing
"resp." with "or," which the original author (Lennart?) could probably
just do in the future.

The only other instances of "resp." are in the src/ subtree, which I
don't feel privileged to correct.

Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
2012-10-16 01:03:01 +02:00
Thomas Hindoe Paaboel Andersen
c53158818d man: fix a bunch of typos in docs
https://bugs.freedesktop.org/show_bug.cgi?id=54501
2012-09-13 19:34:24 +02:00
Lennart Poettering
ac0930c892 namespace: rework namespace support
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
  right behaviour when people want writable mounts inside of
  read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
2012-08-13 15:27:04 +02:00
Lennart Poettering
4819ff0358 unit: split off KillContext from ExecContext containing only kill definitions 2012-07-20 00:10:31 +02:00
Lennart Poettering
8351ceaea9 execute: support syscall filtering using seccomp filters 2012-07-17 04:17:53 +02:00
Lennart Poettering
34511ca7b1 man: reword man page titles
Make sure the man page titles are similar in style and capitalization so
that our man page index looks pretty.
2012-07-16 18:08:25 +02:00
Lennart Poettering
e06c73cc91 unit: set default working directory to the user's home directory when running in user mode 2012-07-16 12:44:42 +02:00
Ville Skyttä
49f43d5f91 Spelling fixes. 2012-07-16 12:16:29 +02:00
Lennart Poettering
cb07866b1b man: move header file man pages from section 7 to 3
This way we can include documentation about minor macros/inline function
within the introducionary man page in a sane way.
2012-07-13 01:50:05 +02:00
Lennart Poettering
d88a251b12 util: introduce a proper nsec_t and make use of it where appropriate 2012-05-31 04:27:03 +02:00
Lennart Poettering
ec8927ca59 main: add configuration option to alter capability bounding set for PID 1
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
2012-05-24 04:00:56 +02:00
Lennart Poettering
5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Lennart Poettering
169c4f6513 journalctl,loginctl: drop systemd- prefix in binary names
Let's make things a bit easier to type, drop the systemd- prefix for
journalctl and loginctl, but provide the old names for compat.

All systemd binaries are hence now prefixed with "systemd-" with the
exception of the three primary user interface binaries:

systemctl
loginctl
journalctl

For those three we do provide systemd-xyz names as well, via symlinks:

systemd-systemctl → systemctl
systemd-loginctl → loginctl
systemd-journalctl → journalctl

We do this only for the *primary* user tools, in order to avoid
unnecessary namespace problems. That means tools like systemd-notify
stay the way they are.
2012-03-26 20:58:47 +02:00
Lennart Poettering
353e12c2f4 service: ignore SIGPIPE by default 2012-02-09 03:18:04 +01:00
Lennart Poettering
9f056f4087 man: document that we support tcpwrappers only for access control
We do not support, and explicitly never want to support environment
variable settings and suchlike in tcpwrappers.

https://bugs.freedesktop.org/show_bug.cgi?id=45143
2012-02-02 06:22:36 +01:00
Kay Sievers
891703e1ee persistant -> persistent 2012-01-18 21:47:30 +01:00
Lennart Poettering
8d53b4534a exec: introduce ControlGroupPersistant= to make cgroups persistant 2012-01-18 15:40:21 +01:00
Lennart Poettering
706343f492 journal: introduce log target 'journal' for executed processes 2012-01-06 02:48:38 +01:00
Barry Scott
7734f77373 man: for ExecStart= provide more details on env var substitution and how that turns into arguments.
For EnvironmentFile= explain that double quotes can be used
to protect whitespace.
2011-10-11 01:11:26 +02:00
Lennart Poettering
de6c78f879 service: change default stdout/stderr to syslog 2011-08-30 22:57:58 +02:00
Lennart Poettering
346bce1f4c stdout-bridge: rename logger to stdout-syslog-bridge to make it more descriptive 2011-08-30 22:42:49 +02:00
Lennart Poettering
3377af3e22 man: fix securebits docs 2011-08-29 13:44:12 +02:00
Lennart Poettering
94959f0fa0 exec: allow passing arbitrary path names to blkio cgroup attributes
If a device node is specified, then adjust the bandwidth/weight of it,
otherwise find the backing block device of the file system the path
refers to and adjust its bandwidth/weight.
2011-08-21 20:07:45 +02:00
Lennart Poettering
9e37286844 exec: add high-level controls for blkio cgroup attributes 2011-08-21 20:07:08 +02:00
Lennart Poettering
ab1f063390 exec: optionally apply cgroup attributes to the cgroups we create 2011-08-20 00:22:02 +02:00
Lennart Poettering
ff01d048b4 exec: introduce PrivateNetwork= process option to turn off network access to specific services 2011-08-02 05:24:58 +02:00
Lennart Poettering
260d370833 man: document that we default to 022 as umask 2011-08-01 22:37:45 +02:00
Lennart Poettering
64747e2d4b exec: add ControlGroupModify= switch to allow changing access mode to cgroups fs 2011-06-30 00:11:25 +02:00
Lennart Poettering
5f4b19f4bc service: check whether sysv scripts where changed 2011-06-21 19:29:45 +02:00
Ville Skyttä
9f7dad774e man: Documentation spelling fixes 2011-06-20 17:57:22 +02:00
Ozan Çağlayan
9a66640832 exec: Fix number of unit types
There are four unit types mentioned in here, not three
2011-05-27 08:28:40 +02:00
Lennart Poettering
6ea832a207 exec: hangup/reset/deallocate VTs in gettys
Explicitly disconnect all clients from a VT when a getty starts/finishes
(requires TIOCVHANGUP, available in 2.6.29).

Explicitly deallocate getty VTs in order to flush scrollback buffer.

Explicitly reset terminals to a defined state before spawning getty.
2011-05-18 01:07:36 +02:00
Lennart Poettering
3d57c6ab80 exec: support unlimited resources 2011-04-04 18:15:13 +02:00
Lennart Poettering
260abb780a exec: properly apply capability bounding set, add inverted bounding sets 2011-03-18 04:52:45 +01:00
Lennart Poettering
f1779fd27b man: document changed EnvironmentFile= behaviour 2011-03-04 14:13:47 +01:00
Mike Kazantsev
48c4fad950 man: fixed typo in SyslogIdentifier= 2011-02-19 14:32:44 +01:00