1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

793 Commits

Author SHA1 Message Date
Frantisek Sumsal
86b52a3958 tree-wide: fix spelling errors
Based on a report from Fossies.org using Codespell.

Followup to #15436
2020-04-21 23:21:08 +02:00
Zbigniew Jędrzejewski-Szmek
98ab0daeeb docs: use "polkit" to refer to PolicyKit
See d35f51ea84 for justification.

First use in each file is turned into a link to the documentation page.
2020-04-21 17:10:02 +02:00
Zbigniew Jędrzejewski-Szmek
38b38500c6 tree-wide: use "hostname" spelling everywhere
It's not that I think that "hostname" is vastly superior to "host name". Quite
the opposite — the difference is small, and in some context the two-word version
does fit better. But in the tree, there are ~200 occurrences of the first, and
>1600 of the other, and consistent spelling is more important than any particular
spelling choice.
2020-04-21 16:58:04 +02:00
Jouke Witteveen
1cabd2d0c5 systemctl: hide first column with --plain instead of --no-legend
Hiding the first column, which may contain bullet circles, with --no-legend
is undocumented and potentially unexpected. On the other hand, not printing
bullet circles with --plain is documented so hiding the column with that
switch is sensible.

The combination "--full --no-legend --no-pager --plain" is appropriate for
automated processing of systemctl output.
2020-04-17 19:15:49 +02:00
Zbigniew Jędrzejewski-Szmek
6635f57d3e sysctl: enable coredump for suid binaries
Right now the kernel will not dump anything that went through setuid or
setgid. But it is routine for daemons to do that, and it makes things hard to
debug.

systemd-coredump saves the coredump readable by the users the process was
running as. This should be enough to avoid information leakage. So let's also
tell the kernel to do the coredump.

For https://bugzilla.redhat.com/show_bug.cgi?id=1790972.

Both patterns are stored in the same file, so they are enabled or disabled
together. (Though suid_dumpable=2 is supposed to be safe even when writing to
plain files.)
2020-04-07 15:28:46 +02:00
Mike Kazantsev
0e4daba173 NEWS: fix use of tabs instead of spaces for one item 2020-03-16 12:33:43 +09:00
Zbigniew Jędrzejewski-Szmek
2ca17c7801 NEWS: add late note about job trimming issue
Closes #15091.
2020-03-12 15:26:47 +01:00
Zbigniew Jędrzejewski-Szmek
03985d069b NEWS: final contributor update for v245 2020-03-06 13:38:28 +01:00
Paul Menzel
a100fe3c27 NEWS: Use correct tense in v245 entry 2020-03-03 12:24:40 +01:00
Zbigniew Jędrzejewski-Szmek
d54bb63875 NEWS: two minor entries 2020-03-03 08:41:27 +01:00
Zbigniew Jędrzejewski-Szmek
9c4d3d7968 NEWS: update contributors list 2020-03-03 08:31:06 +01:00
Zbigniew Jędrzejewski-Szmek
901d1ce8ef NEWS: add contributors for v245 2020-02-05 10:20:56 +01:00
Zbigniew Jędrzejewski-Szmek
573e58f62f NEWS: mention the operational state changes 2020-02-05 10:20:56 +01:00
Yu Watanabe
f05c0615f4 NEWS: mention SuppressPrefixLength= 2020-02-05 10:13:27 +01:00
Zbigniew Jędrzejewski-Szmek
f2394ddb08 Merge pull request #14779 from keszybz/news-v245 2020-02-05 09:35:58 +01:00
Zbigniew Jędrzejewski-Szmek
69f173477b NEWS: mention the TrafficControlQueueingDiscipline rename 2020-02-05 09:32:16 +01:00
Zbigniew Jędrzejewski-Szmek
823b035271 NEWS: mention empty .link and .network files 2020-02-05 09:32:16 +01:00
Zbigniew Jędrzejewski-Szmek
2ad988896c NEWS: reword and shorten a bunch of stuff 2020-02-05 09:32:16 +01:00
Zbigniew Jędrzejewski-Szmek
427928caa4
network: change "Gateway=dhcp" to "Gateway=_dhcp" (#14774)
This way we avoid confusion with a DNS name. Fixes #14773.
2020-02-05 13:41:30 +09:00
Yu Watanabe
f2f1b52c6f
Merge pull request #14767 from yuwata/network-split-qdisc-section
network: split TrafficControlQueueingDiscipline section into small pieces
2020-02-05 13:35:25 +09:00
Zbigniew Jędrzejewski-Szmek
ca58d00c68 network: FairQueueTrafficPolicing→FairQueueing
This never made into a release, so we can change the name with impunity.
Suggested by Davide Pesavento.

I opted to add the "ing" ending. "Fair queuing" is the name of the general
concept and algorithm, and "Fair queue" is mostly used for the implementation
name.
2020-02-04 17:37:16 +01:00
Zbigniew Jędrzejewski-Szmek
60ed2dcfc7 network: TokenBufferFilter→TokenBucketFilter
This never made into a release, so we can change the name with impunity.
Noticed by Davide Pesavento.
2020-02-04 17:28:15 +01:00
Ansgar Burchardt
eb1322744d NEWS: correct indenting for two entries 2020-02-04 23:57:20 +09:00
Lennart Poettering
9a4940bf92 update NEWS 2020-02-02 18:17:24 +01:00
Lennart Poettering
6841019567 NEWS: more v245 preparation 2020-01-29 14:12:22 +01:00
Lennart Poettering
723822f00a NEWS: start preparing v245 2020-01-29 11:44:32 +01:00
Slava Kardakov
1e904320aa Fixup typo in NEWS 2019-12-03 08:02:24 +09:00
Lennart Poettering
8bf2a311f3 NEWS: update for final 244 2019-11-29 14:29:03 +01:00
Zbigniew Jędrzejewski-Szmek
bdf2357c12 NEWS: add contributors for v244 2019-11-22 09:33:59 +01:00
Lennart Poettering
168e131b8b update NEWS 2019-11-20 16:16:46 +01:00
Zbigniew Jędrzejewski-Szmek
2d8898f564
Merge pull request #14074 from keszybz/rename-system-options
Rename system-options
2019-11-20 16:13:46 +01:00
Yu Watanabe
88b860034e NEWS: SendRawOption= -> SendOption= 2019-11-19 11:52:36 +01:00
Zbigniew Jędrzejewski-Szmek
2536752dda Rename "system-options" to "systemd-efi-options"
This makes the naming more consistent: we now have
bootctl systemd-efi-options,
$SYSTEMD_EFI_OPTIONS
and the SystemdOptions EFI variable.

(SystemdEFIOptions would be redundant, because it is only used in the context
of efivars, and users don't interact with that name directly.)

bootctl is adjusted to use 2sp indentation, similarly to systemctl and other
programs.

Remove the prefix with the old name from 'bootctl systemd-efi-options' output,
since it's redundant and we don't want the old name anyway.
2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
cc560ac064 NEWS: fix antique typo 2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
852b72727a NEWS: more items
Also reorder some entries to restore the grouping by subject.
2019-11-16 13:48:41 +01:00
Zbigniew Jędrzejewski-Szmek
7b631898ef
Merge pull request #13961 from mwilck/udev-no-exit-timeout
udevd: wait for workers to finish when exiting
2019-11-13 08:56:49 +01:00
Martin Wilck
bfde9421af udevd: wait for workers to finish when exiting
On some systems with lots of devices, device probing for certain drivers can
take a very long time. If systemd-udevd detects a timeout and kills the worker
running modprobe using SIGKILL, some devices will not be probed, or end up in
unusable state. The --event-timeout option can be used to modify the maximum
time spent in an uevent handler. But if systemd-udevd exits, it uses a
different timeout, hard-coded to 30s, and exits when this timeout expires,
causing all workers to be KILLed by systemd afterwards. In practice, this may
lead to workers being killed after significantly less time than specified with
the event-timeout. This is particularly significant during initrd processing:
systemd-udevd will be stopped by systemd when initrd-switch-root.target is
about to be isolated, which usually happens quickly after finding and mounting
the root FS.

If systemd-udevd is started by PID 1 (i.e. basically always), systemd will
kill both udevd and the workers after expiry of TimeoutStopSec. This is
actually better than the built-in udevd timeout, because it's more transparent
and configurable for users. This way users can avoid the mentioned boot problem
by simply increasing StopTimeoutSec= in systemd-udevd.service.

If udevd is not started by systemd (standalone), this is still an
improvement. udevd will kill hanging workers when the event timeout is
reached, which is configurable via the udev.event_timeout= kernel
command line parameter. Before this patch, udevd would simply exit with
workers still running, which would then become zombie processes.

With the timeout removed, the sd_event_now() assertion in manager_exit() can be
dropped.
2019-11-12 12:20:20 +01:00
Anita Zhang
3e1db806b0 core: change top-level drop-in from -.service.d to service.d
Discussed in #13743, the -.service semantic conflicts with the
existing root mount and slice names, making this feature not
uniformly extensible to all types. Change the name to be
<type>.d instead.

Updating to this format also extends the top-level dropin to
unit types.
2019-11-07 08:34:53 +01:00
Yu Watanabe
6878c02245 NEWS: mention NetworkEmulatorDuplicateRate= setting 2019-11-01 13:18:13 +09:00
Christian Rebischke
597f905c76 add other worthy news
I think we can mention that systemd-resolved is able to validate IP
address certificates and prefer TLS 1.3 before TLS 1.2 now.

Also the `machinectl reboot` command actually works now.

Signed-off-by: Christian Rebischke <chris@nullday.de>
2019-10-31 09:02:15 +09:00
Zbigniew Jędrzejewski-Szmek
b7db8b7b13 NEWS: fix two typos 2019-10-30 15:58:53 +01:00
Yu Watanabe
f36e6a4a96 NEWS: fix option name 2019-10-30 14:01:01 +01:00
Zbigniew Jędrzejewski-Szmek
ee50dada49 NEWS: start preparations for v244 2019-10-30 11:16:38 +01:00
Zbigniew Jędrzejewski-Szmek
e48a1e3423 mailmap: add entry to fix authorship of commit
471cffcfb0 was committed on a debug VM where I
didn't have git set up properly.
2019-10-21 15:10:58 +02:00
Zbigniew Jędrzejewski-Szmek
efb536d0cb Update NEWS for v243 2019-09-03 11:27:19 +02:00
Zbigniew Jędrzejewski-Szmek
a7d9b3557e NEWS: update contributors list 2019-09-03 11:27:19 +02:00
Zbigniew Jędrzejewski-Szmek
6d8cf86476 docs: new systemd-security mailing list
In the past, we asked people to open a security bug on one of the "big"
distros. This worked OK as far as getting bugs reported and notifying some
upstream developers went. But we always had trouble getting information to
all the appropriate parties, because each time a bug was reported, a big
thread was created, with a growing CC list. People who were not CCed early
enough were missing some information, etc.

To clean this up, we decided to create a private mailing list. The natural
place would be freedesktop.org, but unfortunately the request to create a
mailing list wasn't handled
(https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/134). And even
if it was, at this point, if there was ever another administrative issue, it
seems likely it could take months to resolve. So instead, we asked for a list
to be created on the redhat mailservers.

Please consider the previous security issue reporting mechanisms rescinded, and
send any senstive bugs to systemd-security@redhat.com.
2019-08-30 09:12:27 +02:00
Zbigniew Jędrzejewski-Szmek
f21e2ecb8b NEWS: update contributors list 2019-08-22 13:47:11 +02:00
Kai Krakow
2dbc45aea7 cgroup: Also set io.bfq.weight
Current kernels with BFQ scheduler do not yet set their IO weight
through "io.weight" but through "io.bfq.weight" (using a slightly
different interface supporting only default weights, not per-device
weights). This commit enables "IOWeight=" to just to that.

This patch may be dropped at some time later.

Github-Link: https://github.com/systemd/systemd/issues/7057
Signed-off-by: Kai Krakow <kai@kaishome.de>
2019-08-20 11:50:59 +02:00
Chris Down
5c76ca6093 NEWS: Remove DisableControllers from v243
We already released this in v240 and had a NEWS entry then.
2019-07-31 12:12:46 +09:00
Zbigniew Jędrzejewski-Szmek
4860f5c2ae NEWS: more entries and some rewordings 2019-07-30 16:50:40 +02:00
Zbigniew Jędrzejewski-Szmek
e397eb50da
Merge pull request #13219 from poettering/named-exit-codes-tweaks
quick follow-up for the symbolic exit status PR #13207
2019-07-30 08:27:20 +02:00
Lennart Poettering
48fd50f749 update TODO 2019-07-30 08:23:18 +02:00
Lennart Poettering
5238d9a83a analyze: rename "exit-codes" to "exit-status"
waitid(2) and the libc function signature calls this "exit status", and
uses "exit code" for something different. Let's stick to the same
nomenclature hence.
2019-07-29 19:22:22 +02:00
Lennart Poettering
1d7458fbb1
Merge pull request #13207 from keszybz/symbolic-exit-code-names
Symbolic exit code names
2019-07-29 18:58:06 +02:00
Zbigniew Jędrzejewski-Szmek
ae6a32c260 NEWS: add entry about exit status changes 2019-07-29 15:59:17 +02:00
Lennart Poettering
a18a3aacd3 more 243 news 2019-07-29 11:03:08 +02:00
Clinton Roy
08b5953997 news corrections and improvements (#13200)
* missing whitespace.

* NEWS: some small fixes (?) and improvements (???).

* a number of small corrections and (hopefully) improvements
2019-07-29 09:35:25 +02:00
Zbigniew Jędrzejewski-Szmek
6304fec37c
Merge pull request #13191 from poettering/sysctl-no-fail
allow sysctl assignments to fail
2019-07-26 14:57:56 +02:00
Lennart Poettering
8deeef94e7
Merge pull request #13188 from yuwata/news-igmp-version
network: rename `IGMPVersion=` to `MulticastIGMPVersion=`
2019-07-26 09:40:21 +02:00
Yu Watanabe
13cb62af22 NEWS: mention SpeedMeter= 2019-07-26 09:38:20 +02:00
Lennart Poettering
b64c47c038 NEWS: mention the new sysctl.d/ - prefix 2019-07-26 09:28:43 +02:00
Lennart Poettering
0338934f4b Revert "Revert "sysctl: Enable ping(8) inside rootless Podman containers""
This reverts commit be74f51605.

Let's add this again. With the new sysctl "-" thing we can make this
work.
2019-07-26 09:25:09 +02:00
Evgeny Vereshchagin
be74f51605 Revert "sysctl: Enable ping(8) inside rootless Podman containers"
This reverts commit 90ce7627df.

See https://github.com/systemd/systemd/issues/13177#issuecomment-514931461
2019-07-26 06:56:58 +00:00
Yu Watanabe
9f0d45e402 NEWS: mention Bridge.MulticastIGMPVersion= 2019-07-26 11:01:28 +09:00
Lennart Poettering
907ddcd361 update NEWS with more recently commited stuff 2019-07-24 17:35:25 +02:00
Debarshi Ray
90ce7627df sysctl: Enable ping(8) inside rootless Podman containers
This makes ping(8) work without CAP_NET_ADMIN and CAP_NET_RAW because
those aren't effective inside rootless Podman containers.

It's quite useful when using OSTree based operating systems like Fedora
Silverblue, where development environments are often set up using
rootless Podman containers with helpers like Toolbox [1]. Not having
a basic network utility like ping(8) work inside the development
environment can be inconvenient.

See:
https://lwn.net/Articles/422330/
http://man7.org/linux/man-pages/man7/icmp.7.html
https://github.com/containers/libpod/issues/1550

The upper limit of the range of group identifiers is set to 2147483647,
which is 2^31-1. Values greater than that get rejected by the kernel
because of this definition in linux/include/net/ping.h:
  #define GID_T_MAX (((gid_t)~0U) >> 1)

That's not so bad because values between 2^31 and 2^32-1 are reserved
on systemd-based systems anyway [2].

[1] https://github.com/debarshiray/toolbox
[2] https://systemd.io/UIDS-GIDS.html#summary
2019-07-24 16:41:45 +02:00
Lennart Poettering
29db4c3a08 NEWS: more additions in preparation von v243 2019-07-23 15:56:41 +02:00
Anita Zhang
a4d5848aa2 NEWS: bullet point for ExecCondition= 2019-07-17 22:27:57 -07:00
Jorge Niedbalski
37d7a7d984 resolved: switch cache option to a tri-state option (systemd#5552).
Change the resolved.conf Cache option to a tri-state "no, no-negative, yes" values.

If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See systemd#5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.

This change adds the 'no-negative' option when set it avoids putting in cache
negative answers but still works the same heuristics for positive answers.

Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
2019-07-17 10:42:53 -04:00
Yu Watanabe
7018373537 NEWS: update section name 2019-07-16 10:30:47 +09:00
Boucman
eebaa72446 Update NEWS 2019-07-14 23:46:19 +09:00
Lennart Poettering
2875a36b77 NEWS: add some notes for v243
Let's get this ball rolling.
2019-07-14 22:16:01 +09:00
Yu Watanabe
e110599b63 NEWS: mention that the libidn2 is used by default 2019-06-29 03:18:43 +09:00
Michael Prokop
d238709c14 docs: fix typos and duplicate words
s/and and/and/
s/explicity/explicitly/
s/that that/that/
s/the the/the/
s/is is/it is/
s/overriden/overridden/
2019-06-27 10:43:21 +02:00
Michal Sekletar
b070c7c0e1 core: introduce NUMAPolicy and NUMAMask options
Make possible to set NUMA allocation policy for manager. Manager's
policy is by default inherited to all forked off processes. However, it
is possible to override the policy on per-service basis. Currently we
support, these policies: default, prefer, bind, interleave, local.
See man 2 set_mempolicy for details on each policy.

Overall NUMA policy actually consists of two parts. Policy itself and
bitmask representing NUMA nodes where is policy effective. Node mask can
be specified using related option, NUMAMask. Default mask can be
overwritten on per-service level.
2019-06-24 16:58:54 +02:00
Yu Watanabe
c111cd9834 NEWS: add more hint about MACAddressPolicy= change
C.f. https://bugzilla.suse.com/show_bug.cgi?id=1136600
2019-06-14 16:19:14 +02:00
Zbigniew Jędrzejewski-Szmek
9120e2bfdf NEWS: add note about the CPUAffinity= changes 2019-06-06 21:33:59 +09:00
Zbigniew Jędrzejewski-Szmek
51b568f752 NEWS: add some entries
For #12680, #12571.
2019-05-28 14:28:09 +02:00
Lennart Poettering
87cf1f8f59 meson: let's make unified cgroupsv2 the default
Prompted by @evverx' comments:

https://github.com/systemd/systemd/pull/10161#pullrequestreview-158327715
2019-05-24 16:44:26 +02:00
Lennart Poettering
4cd8263166 NEWS: document the new SystemCallFilter= behaviour 2019-05-24 10:48:28 +02:00
Chris Down
22bf131be2 cgroup: Support 0-value for memory protection directives
These make sense to be explicitly set at 0 (which has a different effect
than the default, since it can affect processing of `DefaultMemoryXXX`).

Without this, it's not easily possible to relinquish memory protection
for a subtree, which is not great.
2019-05-08 12:06:32 +01:00
Chris Down
acdb4b5236 cgroup: Polish hierarchically aware protection docs a bit
I missed adding a section in `systemd.resource-control` about
DefaultMemoryMin in #12332.

Also, add a NEWS entry going over the general concept.
2019-05-08 12:06:32 +01:00
Ben Boeckel
5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Paul Menzel
1fa3ba9096 NEWS: List getty@tty1.service as not being enabled anymore
Fixes: https://github.com/systemd/systemd/issues/12345
2019-04-24 16:13:02 +02:00
Lennart Poettering
6af9058324 NEWS: document kernel.pid_max change 2019-04-12 12:01:41 +02:00
Lennart Poettering
39e445c95d NEWS: fix typo 2019-04-12 12:01:23 +02:00
Zbigniew Jędrzejewski-Szmek
1e5d2d6564 NEWS: update contributors and date 2019-04-11 18:28:36 +02:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
network: add PresharedKeyFile= setting and make reading key file failure fatal
2019-04-09 10:52:52 +02:00
Yu Watanabe
78bb2866fd NEWS: mention PresharedKeyFile= 2019-04-09 15:50:23 +09:00
Zbigniew Jędrzejewski-Szmek
ab80eca144 NEWS: add mention of time-set.target 2019-04-08 16:57:23 +02:00
Lennart Poettering
c3287a42ae update NEWS for 242 final 2019-04-08 11:35:45 +02:00
Zbigniew Jędrzejewski-Szmek
d822bd4e26 Merge pull request #12121 from poettering/contrib 2019-04-03 09:53:51 +02:00
Lennart Poettering
2eb466fc10 update NEWS 2019-04-02 17:31:41 +02:00
Lennart Poettering
5b2fc74fca NEWS: add preliminary contributor list 2019-04-02 17:31:41 +02:00
Lennart Poettering
bf65b7e0c9 core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.

Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.
2019-04-02 16:56:48 +02:00
Zbigniew Jędrzejewski-Szmek
a313424154 NEWS: document the change to installation 2019-04-02 06:11:13 +09:00
Lennart Poettering
70d8401d74 update NEWS 2019-03-28 18:43:04 +01:00
Lennart Poettering
5787c50932 NEWS: various tweaks and updates for v242 2019-03-25 13:45:45 +01:00
Zbigniew Jędrzejewski-Szmek
fd9baae8c4 NEWS: add missing word 2019-03-22 16:28:43 +01:00
Zbigniew Jędrzejewski-Szmek
9b89e602ea NEWS: prepare for v242 2019-03-22 15:38:53 +01:00
Zbigniew Jędrzejewski-Szmek
de04bbdce1 tree-wide: spell "lifecycle" without hyphen everywhere
We had 10 instances of unhyphentated spelling, and 4 of the hyphenated one.
Consistency trumps ispell.
2019-03-14 22:47:44 +01:00
Zbigniew Jędrzejewski-Szmek
d271c5d345 kernel-install: rename $BOOT_DIR[_ABS] to $ENTRY_DIR[_ABS]
"BOOT" is misleading, because it sounds like this refers to /boot or $BOOT,
when in fact it refers to some subdirectory. Those variable names are purely
interal, so we can change them. $BOOT_DIR_ABS was used in NEWS, but it should
not be (because it is an internal detail), so the old NEWS entry is reworded to
use "entry directory".
2019-03-12 09:45:16 +01:00
Yu Watanabe
ecebd1ecf8 NEWS: add entry about 'udevadm trigger --wait-daemon' 2019-02-15 10:18:14 +09:00
Yu Watanabe
36d28ebc04 NEWS: fix release date 2019-02-15 10:15:55 +09:00
Lennart Poettering
d0f7174963 NEWS: update for final v241 2019-02-14 10:58:06 +01:00
Christian Hesse
a579d42a24 NEWS fix boolean value for meson options
Valid boolean values for meson are 'true' and 'false',
not 'yes' and 'no'.
2019-02-04 10:43:04 +01:00
Lennart Poettering
ba7a6b8c09 More NEWS prep for v241 2019-01-30 19:26:40 +01:00
Louis Taylor
a77f438b6a NEWS: add section about backslashes in EnvironmentFile
As a follow-up from #11427.
2019-01-21 11:35:00 +01:00
Zbigniew Jędrzejewski-Szmek
f26ad32197 NEWS: retroactively describe .include deprecation
Closes #11479.
2019-01-18 13:55:16 +01:00
Lennart Poettering
8274a4132c
Merge pull request #11449 from keszybz/udev-link-naming-again
Make udev link re-renaming conditional
2019-01-17 20:06:55 +01:00
Zbigniew Jędrzejewski-Szmek
08e1fe4249 NEWS: describe the naming scheme updates 2019-01-17 13:56:02 +01:00
Lennart Poettering
57c03b1e6e seccomp: drop mincore() from @system-service syscall filter group
Previously, this system call was included in @system-service since it is
a "getter" only, i.e. only queries information, and doesn't change
anything, and hence was considered not risky.

However, as it turns out, mincore() is actually security sensitive, see
the discussion here:

https://lwn.net/Articles/776034/

Hence, let's adjust the system call filter and drop mincore() from it.

This constitues a compatibility break to some level, however I presume
we can get away with this as the systemcall is pretty exotic. The fact
that it is pretty exotic is also reflected by the fact that the kernel
intends to majorly change behaviour of the system call soon (see the
linked LWN article)
2019-01-16 18:08:35 +01:00
Lucas Werkmeister
2732587540 Enable regular file and FIFO protection
These sysctls were added in Linux 4.19 (torvalds/linux@30aba6656f), and
we should enable them just like we enable the older hardlink/symlink
protection since v199. Implements #11414.
2019-01-16 12:22:01 +01:00
Zbigniew Jędrzejewski-Szmek
774d6375d6 NEWS: typos 2019-01-15 14:56:24 +01:00
Yu Watanabe
bd36ef0a7c NEWS: add more entries 2019-01-13 09:47:10 +09:00
Zbigniew Jędrzejewski-Szmek
455027c98f NEWS: document deprecation of PermissionsStartOnly= in v240
https://github.com/systemd/systemd/pull/10802#issuecomment-453772058
2019-01-13 09:47:10 +09:00
Zbigniew Jędrzejewski-Szmek
b4ff3dbb66 NEWS: update for v241 2019-01-13 09:47:10 +09:00
Yu Watanabe
787a133f2d NEWS: also mention that clock file for timesyncd may need to move
Follow-up for aa2437e2ae.

Closes #11329.
2019-01-08 10:20:33 +01:00
Chris Down
4e1dfa45e9 cgroup: s/cgroups? ?v?([0-9])/cgroup v\1/gI
Nitpicky, but we've used a lot of random spacings and names in the past,
but we're trying to be completely consistent on "cgroup vN" now.

Generated by `fd -0 | xargs -0 -n1 sed -ri --follow-symlinks 's/cgroups?  ?v?([0-9])/cgroup v\1/gI'`.

I manually ignored places where it's not appropriate to replace (eg.
"cgroup2" fstype and in src/shared/linux).
2019-01-03 11:32:40 +09:00
Zbigniew Jędrzejewski-Szmek
1742aae2aa NEWS: add one more name and adjust location 2018-12-21 19:53:33 +01:00
Zbigniew Jędrzejewski-Szmek
1a2397e985
Merge pull request #11239 from poettering/news-v240-final
NEWS and build system bump for 240
2018-12-21 19:49:54 +01:00
Zbigniew Jędrzejewski-Szmek
9d6e839ed8
Merge pull request #11206 from cdown/cgroup_no_v1
cgroup: Imply systemd.unified_cgroup_hierarchy=1 on cgroup_no_v1=all
2018-12-21 19:48:51 +01:00
Zbigniew Jędrzejewski-Szmek
8340b762e4 Revert "sleep: offer hibernation only if the kernel image still exists"
This reverts commit edda44605f.

The kernel explicitly supports resuming with a different kernel than the one
used before hibernation. If this is something that shouldn't be supported, the
place to change this is in the kernel. We shouldn't censor something that this
exclusively in the kernel's domain.

People might be using this to switch kernels without restaring programs, and
we'd break this functionality for them.

Also, even if resuming with a different kernel was a bad idea, we don't really
prevent that with this check, since most users have more than one kernel and
can freely pick a different one from the menu. So this only affected the corner
case where the kernel has been removed, but there is no reason to single it
out.
2018-12-21 18:23:17 +01:00
Lennart Poettering
326731624c NEWS: prepare for v240 2018-12-21 15:02:11 +01:00
Chris Down
8f044cf9c9 cgroup: Add NEWS entry for cgroup_no_v1=all implying unified usage 2018-12-21 13:29:27 +00:00
Yu Watanabe
aa2437e2ae NEWS: mention DynamicUser= is disabled for networkd, resolved and timesyncd
Which was disabled by #10117.
2018-12-21 05:22:21 +09:00
Zbigniew Jędrzejewski-Szmek
b1a082cd91 NEWS: add a note about symlink following in .wants and .requires
This ain't so easy to express without using too much technical language...

https://github.com/systemd/systemd/pull/10094#issuecomment-427407570
2018-12-18 15:02:24 +01:00
Zbigniew Jędrzejewski-Szmek
e68a35a78d NEWS: add note about NNP=yes 2018-12-18 15:01:57 +01:00
Lennart Poettering
144d7f1dc6 NEWS: add one more item 2018-12-18 13:04:43 +01:00
Lennart Poettering
c37e2358c9 NEWS: update contributors list, taking new .mailmap into account 2018-12-18 12:56:56 +01:00
Lennart Poettering
98a7b55a53 NEWS: document the usern/mknod borkage in 4.18 a bit 2018-12-17 21:36:30 +01:00
Lennart Poettering
46b028f250 NEWS: add missing 'not' 2018-12-17 20:51:11 +01:00
Yu Watanabe
d6131be94d NEWS: mention DynamicTransmitLoadBalancing=
Which was added by #11142.
2018-12-17 07:25:48 +01:00
Lennart Poettering
670814387b sd-id128: add helpers to check fo all-0xFF ids 2018-12-15 12:06:44 +01:00
Zbigniew Jędrzejewski-Szmek
3f9a0a522f tree-wide: s/time-out/timeout/g
From WordNet (r) 3.0 (2006) [wn]:

  time-out
      n 1: a brief suspension of play; "each team has two time-outs left"

From The Free On-line Dictionary of Computing (18 March 2015) [foldoc]:

  timeout

     A period of time after which an error condition is raised if
     some event has not occured.  A common example is sending a
     message.  If the receiver does not acknowledge the message
     within some preset timeout period, a transmission error is
     assumed to have occured.
2018-12-14 11:17:52 +01:00
Zbigniew Jędrzejewski-Szmek
421e3b45f0 NEWS: typos and wording adjustments 2018-12-13 11:10:07 +01:00
Lennart Poettering
6b1ab752c2 NEWS: initialy version of NEWS
Needs lots of updates still, but let's get the party started.
2018-12-12 21:31:01 +01:00
Chris Down
a8467688ca NEWS: Add DisableControllers= to v240 2018-12-11 15:54:20 +00:00
Chris Down
23305a292c NEWS: Add that CPUAccounting=yes may not enable CPU controller in v240 2018-12-11 15:54:20 +00:00
Lennart Poettering
0abf94923b NEWS: extend docs on RLIMIT_NOFILE
We now settled on 512K, and forgot to update NEWS.

Moreover, explain why 512K was chosen.
2018-11-29 14:55:31 +09:00
Lubomir Rintel
230450d4e4 sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2
This switches the RFC3704 Reverse Path filtering from Strict mode to Loose
mode. The Strict mode breaks some pretty common and reasonable use cases,
such as keeping connections via one default route alive after another one
appears (e.g. plugging an Ethernet cable when connected via Wi-Fi).

The strict filter also makes it impossible for NetworkManager to do
connectivity check on a newly arriving default route (it starts with a
higher metric and is bumped lower if there's connectivity).

Kernel's default is 0 (no filter), but a Loose filter is good enough. The
few use cases where a Strict mode could make sense can easily override
this.

The distributions that don't care about the client use cases and prefer a
strict filter could just ship a custom configuration in
/usr/lib/sysctl.d/ to override this.
2018-11-28 16:29:01 +01:00
Lennart Poettering
4f7dc24f8b update NEWS 2018-11-14 17:01:55 +01:00
Lennart Poettering
a8b627aaed main: bump fs.nr_open + fs.max-file to their largest possible values
After discussions with kernel folks, a system with memcg really
shouldn't need extra hard limits on file descriptors anymore, as they
are properly accounted for by memcg anyway. Hence, let's bump these
values to their maximums.

This also adds a build time option to turn thiss off, to cover those
users who do not want to use memcg.
2018-10-17 14:40:39 +02:00
Lennart Poettering
0972c1aefa NEWS: explain the RLIMIT_NOFILE bump 2018-10-16 16:33:55 +02:00
Yu Watanabe
0ac4f1a513
Merge pull request #10070 from keszybz/test-reporting
Test reporting improvements
2018-09-15 15:55:15 +09:00
killermoehre
a8a273743f replace https://github.com/systemd/systemd/blob/master/doc/* with https://github.com/systemd/systemd/blob/master/docs/* to point to proper documentation 2018-09-13 22:12:38 +02:00
Zbigniew Jędrzejewski-Szmek
15c5594bec NEWS: remove repeated "slightly" 2018-09-13 12:07:34 +02:00
Zbigniew Jędrzejewski-Szmek
54fe2ce1b9
Merge pull request #9504 from poettering/nss-deadlock
some nss deadlock love
2018-07-26 10:16:25 +02:00
Lennart Poettering
fcb9751296 NEWS: add entry about Type=exec and announce that systemd-run is going to default to it in 241 2018-07-25 22:48:11 +02:00
Lennart Poettering
abc291aafb NEWS: document nss-ldap incompatibilities 2018-07-20 16:57:35 +02:00
Zbigniew Jędrzejewski-Szmek
d35f51ea84 tree-wide: use "polkit" to refer to PolicyKit/polkit
Back in 2012 the project was renamed, see the release notes for v 0.105
[https://cgit.freedesktop.org/polkit/tree/NEWS#n754]. Let's update our
documentation and comments to do the same. Referring to PolicyKit is confusing
to users because at the time the polkit api changed too, and we support the new
version. I updated NEWS too, since all the references to PolicyKit there were
added after the rename.

"PolicyKit" is unchanged in various URLs and method call names.
2018-07-16 12:44:24 +02:00
Lennart Poettering
e8498f821b final touches to NEWS 2018-06-22 13:11:49 +02:00
Yu Watanabe
704ae53659 NEWS: mention 'timedatectl show' 2018-06-21 10:51:35 +09:00
Zbigniew Jędrzejewski-Szmek
8809935978 NEWS: mention %E 2018-06-21 10:26:49 +09:00
Zbigniew Jędrzejewski-Szmek
57ab451e85 NEWS: mention ConditionSecurity=uefi-secureboot
Follow-up for be405b909e.
2018-06-20 22:35:36 +02:00
Lennart Poettering
d690610801 NEWS: document that the BLS is now part of our tree 2018-06-20 17:01:56 +02:00
Lennart Poettering
bb6f071f5a update NEWS contributors list again 2018-06-20 13:32:57 +02:00
Lennart Poettering
c7668c1ce0 units: make system-update-pre.target a passive unit (#9349)
This is an additional synchronization point normally not needed. Hence,
let's make it passive, i.e. pull it in from the unit which wants to be
ordered before the update service rather than by the update service
itself.
2018-06-20 12:46:18 +02:00
Zbigniew Jędrzejewski-Szmek
88f375b8c2
Merge pull request #8766 from poettering/syscall-filter-service
add a new `@system-service` syscall group that is good as a starting point for whitelisting syscalls
2018-06-15 11:34:44 +02:00
Zbigniew Jędrzejewski-Szmek
d69f528216 NEWS: rework the description of device naming changes
We really should try to be as precise as possible here. Saying
"your interfaces might be renamed" scares the shit of out people,
for obvious reasons. This change only touches some niche cases
fortunately, let's make this clear.
2018-06-15 12:08:25 +09:00
Lennart Poettering
61d0025d5a NEWS: update contributor list to current git 2018-06-15 12:07:57 +09:00
Lennart Poettering
e01d9e2193 update NEWS 2018-06-14 17:44:20 +02:00
Iwan Timmer
c9299be2f5 resolve: rename PrivateDNS to DNSOverTLS
PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
2018-06-14 09:57:56 +02:00
Lennart Poettering
ba1dc1a12b NEWS: add an example that actually applies 2018-06-13 14:20:03 +02:00
Lennart Poettering
75da262a13 NEWS: the tool is called resolvconf, without the inner e 2018-06-13 14:20:03 +02:00
Lennart Poettering
fe903cf420 NEWS: break lines with emacs once more
Let's follow the line break rules our .dir-locals.el file defines
2018-06-13 14:20:03 +02:00
Lennart Poettering
ec53d48c41 NEWS: some .mailmap work to clean up contributors list 2018-06-13 14:20:03 +02:00
Yu Watanabe
73c718a9e5 NEWS: add more news 2018-06-13 08:27:14 +02:00
Zbigniew Jędrzejewski-Szmek
70127be805
Merge pull request #9153 from poettering/private-mounts
introduce PrivateMounts= setting and clean up documentation for MountFlags=
2018-06-13 08:20:18 +02:00
Lennart Poettering
c086ce8c2e NEWS: announce DNS-over-TLS too 2018-06-13 14:39:53 +09:00
Lennart Poettering
c49a7cbd63 update NEWS with new PrivateMounts= blurb 2018-06-12 16:27:37 +02:00
Michael Biebl
bc99dac545 NEWS: typo fixes 2018-06-12 15:41:38 +02:00
Zbigniew Jędrzejewski-Szmek
c7f93e282c NEWS: mention "bad-setting" load state and other small additions 2018-06-12 14:06:47 +02:00
Zbigniew Jędrzejewski-Szmek
5cadf58eb8 NEWS, CODE_QUALITY: wording fixes
No additions, just moving stuff around and wording cleanups.
2018-06-12 14:06:13 +02:00
Lennart Poettering
41a4c3ec09 prepare an initial NEWS file for v239 2018-06-12 13:05:38 +02:00
Zbigniew Jędrzejewski-Szmek
ce55bd5e4a NEWS: add note about --runtime 2018-06-06 12:38:44 +02:00
Lennart Poettering
1fc83d09c3 update NEWS to explain new OnFailure= behaviour 2018-06-01 19:13:38 +02:00
Yu Watanabe
ead6bd250d tree-wide: fix typo in comments and NEWS 2018-05-29 20:18:45 +02:00
Yu Watanabe
e0eee47707 doc: mention RestrictNamespaces= merges multiple assignment now
Follow-up for #8817.
2018-05-29 09:11:09 +02:00
Yu Watanabe
6e2d744b2f doc: mention in NEWS that AF_INET{,6} are dropped from logind
Closes #9072.
2018-05-24 12:05:54 +02:00
Stuart Hayes
019cb3abf0 NEWS: Warn about predictable network naming changes 2018-03-26 14:00:43 -04:00
Tomasz Torcz
07a35e846b NEWS: fix typos in v238 section (#8369) 2018-03-06 17:35:47 +09:00
Zbigniew Jędrzejewski-Szmek
c657bff1d5 NEWS: bump version and add contributors 2018-03-05 17:22:09 +01:00
Zbigniew Jędrzejewski-Szmek
313c32c3a4 NEWS: update for v238 2018-03-05 16:42:04 +01:00
Lennart Poettering
f09eb7688e doc: add a new doc/ directory, and move two markdown docs into them
I figure sooneror later we'll have more of these docs, hence let's give
them a clean place to be.

This leaves NEWS and README/README.md as well as the LICENSE texts in
the root directory of the project since that appears to be customary for
Free Software projects.
2018-02-27 19:59:09 +01:00
Zbigniew Jędrzejewski-Szmek
444d586333 meson: add -Dmemory-accounting-default=true|false
This makes it easy to set the default for distributions and users which want to
default to off because they primarily use older kernels.
2018-02-15 12:02:41 +01:00
Lennart Poettering
e0c46a7364 pid1: turn memory accounting on by default now
After discussions with @htejun it appears it's OK now to enable memory
accounting by default for all units without affecting system performance
too badly. facebook has made good experiences with deploying memory
accounting across their infrastructure.

This hence turns MemoryAccounting= from opt-in to opt-out, similar to
how TasksAccounting= is already handled. The other accounting options
remain off, their performance impact is too big still.
2018-02-09 20:06:33 +01:00
Zbigniew Jędrzejewski-Szmek
31751f7e2a NEWS: add missing equal sign
Important!
2018-01-28 16:54:18 +01:00
Zbigniew Jędrzejewski-Szmek
1a0cd2c74e NEWS: reword one sentence 2018-01-28 16:52:47 +01:00
Lennart Poettering
82c8e3e650 NEWS: let's get this thing done 2018-01-28 16:36:03 +01:00
Zbigniew Jędrzejewski-Szmek
e6501af8b8 NEWS: mention --grep (#8029) 2018-01-28 23:52:06 +09:00
Lennart Poettering
508058c9c5 NEWS: update NEWS again, we didn't release yesterday (#8027)
Fix tons of whitespace issues, also add a sysusers.d/ change and update
to contributors list again
2018-01-28 21:28:58 +09:00
Thomas Hindoe Paaboel Andersen
caf2a2d8e6 NEWS: typo fix 2018-01-28 00:05:27 +01:00
bleep_blop
56a2911255 Update NEWS to reflect changes made in #8020 (#8024) 2018-01-28 01:33:52 +09:00
Lennart Poettering
f3ad25df08 NEWS: get ready for release today (#8019) 2018-01-27 13:52:09 +01:00
Jason A. Donenfeld
4592e20659 NEWS: add self to news file for this late commit
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-26 15:41:17 +01:00
Clinton Roy
6cddc79251 News: some fixes and improvements (#8010)
* missing whitespace.

* NEWS: some small fixes and improvements.
2018-01-26 19:44:11 +09:00
Lennart Poettering
95894b91b4 NEWS: start putting together an entry for v237 2018-01-25 13:21:00 +01:00
Lennart Poettering
49e87292dc tmpfiles: make "f" lines behaviour match what the documentation says
CHANGE OF BEHAVIOUR — with this commit "f" line's behaviour is altered
to match what the documentation says: if an "argument" string is
specified it is written to the file only when the file didn't exist
before. Previously, it would be appended to the file each time
systemd-tmpfiles was invoked — which is not a particularly useful
behaviour as the tool is not idempotent then and the indicated files
grow without bounds each time the tool is invoked.

I did some spelunking whether this change in behaviour would break
things, but afaics nothing relies on the previous O_APPEND behaviour of
this line type, hence I think it's relatively safe to make "f" lines
work the way the docs say, rather than adding a new modifier for it or
so.

Triggered by:

https://lists.freedesktop.org/archives/systemd-devel/2018-January/040171.html
2018-01-24 10:54:10 +01:00
Martin Pitt
2b0c59baa2 hwdb: map zoomin/out keys to up/down
Some keyboards come with a zoom see-saw or rocker which until now got
mapped to the Linux "zoomin/out" keys in hwdb. However, these keycodes
are not recognized by any major desktop. They now produce Up/Down key
events so that they can be used for scrolling.

The internet is full of instructions how to "unbreak" these keys, e. g.

  https://askubuntu.com/questions/471802/make-the-zoom-slider-of-microsoft-natural-ergonomic-keyboard-4000-and-7000-scrol
  https://unix.stackexchange.com/questions/322075/how-to-get-ms-natural-ergonomic-4000-slider-work-on-linux-mint

So let's make it official. But keep their physical meaning in comments
in case desktops start to do something useful with them at some point.

Thanks to Finn Christiansen for the original patch!

Replaces #6953
2018-01-23 10:30:49 +01:00
Zbigniew Jędrzejewski-Szmek
000b1ba561 NEWS: fix typo 2018-01-20 14:04:17 +11:00
Lennart Poettering
dd95b381b2 NEWS: add in a missing change back from 229 (#7804)
See:

https://lists.freedesktop.org/archives/systemd-devel/2017-July/039255.html
http://fromthecodefront.blogspot.de/2017/07/systemd-pitfalls.html
2018-01-04 13:52:50 +01:00
Lennart Poettering
a1b2c92d82 final v236 update (#7649) 2017-12-14 23:09:57 +01:00
Lennart Poettering
ea2a3c9e50 NEWS: update NEWS again, and prepare for a release tomorrow 2017-12-14 17:29:30 +01:00
Daniel Black
a327431bd1 core: add EXTEND_TIMEOUT_USEC={usec} - prevent timeouts in startup/runtime/shutdown (#7214)
With Type=notify services, EXTEND_TIMEOUT_USEC= messages will delay any startup/
runtime/shutdown timeouts.

A service that hasn't timed out, i.e, start time < TimeStartSec,
runtime < RuntimeMaxSec and stop time < TimeoutStopSec, may by sending
EXTEND_TIMEOUT_USEC=, allow the service to continue beyond the limit for
the execution phase (i.e TimeStartSec, RunTimeMaxSec and TimeoutStopSec).

EXTEND_TIMEOUT_USEC= must continue to be sent (in the same way as
WATCHDOG=1) within the time interval specified to continue to reprevent
the timeout from occuring.

Watchdog timeouts are also extended if a EXTEND_TIMEOUT_USEC is greater
than the remaining time on the watchdog counter.

Fixes #5868.
2017-12-14 12:17:43 +01:00
Lennart Poettering
3925496a96 NEWS: more updates for v236 2017-12-11 16:05:41 +01:00
Zbigniew Jędrzejewski-Szmek
8ea2dcb061
NEWS: mention systemd-tmpfiles --user (#7574) 2017-12-07 21:03:32 +01:00
Christian Hesse
dd014eebfb NEWS: add missing whitespace (#7561) 2017-12-06 23:49:01 +01:00
Zbigniew Jędrzejewski-Szmek
751223fecf Fail on unknown (alphanumerical) specifiers
The code intentionally ignored unknown specifiers, treating them as text. This
needs to change because otherwise we can never add a new specifier in a backwards
compatible way. So just treat an unknown (potential) specifier as an error.

In principle this is a break of backwards compatibility, but the previous
behaviour was pretty much useless, since the expanded value could change every
time we add new specifiers, which we do all the time.

As a compromise for backwards compatibility, only fail on alphanumerical
characters. This should cover the most cases where an unescaped percent
character is used, like size=5% and such, which behave the same as before with
this patch. OTOH, this means that we will not be able to use non-alphanumerical
specifiers without breaking backwards compatibility again. I think that's an
acceptable compromise.

v2:
- add NEWS entry

v3:
- only fail on alphanumerical
2017-12-06 10:17:37 +01:00
Zbigniew Jędrzejewski-Szmek
89780840a2 NEWS: update the text a bit (#7524)
This fixes various typos, removes some duplications, and adds a bit more
detail in the few places which are potential pitfalls for users.
Also change the way the paragraphs about new options begin, because having
a paragraph saying "Two new options have been added", and then bit lower
again "Two new options have been added" is confusing.
2017-12-01 16:25:19 +01:00
Yu Watanabe
ccac84d02e NEWS: systemd-mount also support -G option 2017-12-01 04:49:21 +09:00
Yu Watanabe
e9ad86d509 NEWS: fix typo 2017-12-01 04:48:57 +09:00
Lennart Poettering
67eb5b380a NEWS: some preliminary work for v236 (#7519)
Totally not complete, but let's get this started.
2017-12-01 04:07:18 +09:00
Shawn Landden
23d37367ed NEWS: fix minor error (#7399) 2017-11-21 11:05:57 +09:00
Lennart Poettering
2bcbffd6db NEWS: document the systemd-logind IP firewalling incompatibility (#7343)
Fixes: #7074
2017-11-16 11:57:32 +09:00
Tom Stellard
3754abc58f NEWS: Add note about udev changes for /dev/kvm, /dev/dri/renderD*, and /dev/kfd 2017-11-08 08:37:18 -08:00
Dimitri John Ledkov
e6b2d948f8 resolved: create private stub resolve file for /etc/resolv.conf integration (#7014)
This creates a second private resolve.conf file which lists the stub resolver
and the resolved acquired search domains.

This runtime file should be used as a symlink target for /etc/resolv.conf such
that non-nss based applications can resolve search domains.

Fixes: #7009
2017-10-24 15:28:41 +02:00
Mantas Mikulėnas
195b943d4e NEWS: start adding 236 (#7159) 2017-10-23 22:56:01 +02:00
Lennart Poettering
c1719d8bc9 NEWS: patch in today's date for the 235 release 2017-10-06 10:18:04 +02:00
Zbigniew Jędrzejewski-Szmek
082827e6c6 Merge pull request #6999 from poettering/seccomp-newgroups
add three new syscall groups, and port @privileged to make use of more existing ones
2017-10-05 22:06:39 +02:00
Zbigniew Jędrzejewski-Szmek
acc7b23256 Merge pull request #7008 from poettering/sorevision235
bump so revision for 235 and mailmap updates
2017-10-05 21:51:13 +02:00
Lennart Poettering
76451c1db0 update .mailmap a bit more 2017-10-05 17:39:50 +02:00
Lennart Poettering
75dfbbacb3 NEWS: one more addition 2017-10-05 17:23:17 +02:00
Lennart Poettering
cf84484a56 resolved: include DNS server feature level info in SIGUSR1 status dump
let's make the status dump more useful for tracking down server issues.
2017-10-05 17:02:25 +02:00
Lennart Poettering
d55b0463b2 resolved: add support for explicitly forgetting everything we learnt about DNS server feature levels
This adds "systemd-resolve --reset-server-features" for explicitly
forgetting what we learnt. This might be useful for debugging
purposes, and to force systemd-resolved to restart its learning logic
for all DNS servers.
2017-10-05 16:56:50 +02:00
Lennart Poettering
44898c5358 seccomp: add three more seccomp groups
@aio → asynchronous IO calls
@sync → msync/fsync/... and friends
@chown → changing file ownership

(Also, change @privileged to reference @chown now, instead of the
individual syscalls it contains)
2017-10-05 15:42:48 +02:00
Zbigniew Jędrzejewski-Szmek
608f70e6b4 Update mailmap and contributor list (#7006)
Also fix typo (by using a word that is a better git anyway.)
2017-10-05 15:41:33 +02:00
Zbigniew Jędrzejewski-Szmek
21723f53db NEWS: some nitpicking and bike-shedding 2017-10-05 14:42:12 +02:00
Andrew Jeddeloh
95ab9eff1e Revert "networkd: change UseMTU default to true. (#6837)" (#6950)
This reverts commit 22043e4317.
UseMTU is broken on real hardware and should not be enabled by default.
2017-10-05 12:58:02 +02:00
Zbigniew Jędrzejewski-Szmek
c9905d4dd2 Merge pull request #6944 from poettering/suspend-fix
systemctl reboot/suspend tweaks
2017-10-05 11:26:44 +02:00
Lennart Poettering
f6e64b78cc tmpfiles: change btmp mode 0600 → 0660 (#6997)
As discussed in #6994.

Fixes: #6994
2017-10-04 21:44:29 +02:00
Lennart Poettering
e06fafb2d7 NEWS: add comment about change sync/async behaviour for shutdown commands 2017-10-04 20:59:15 +02:00
Djalal Harouni
09d3020b0a seccomp: remove '@credentials' syscall set (#6958)
This removes the '@credentials' syscall set that was added in commit
v234-468-gcd0ddf6f75.

Most of these syscalls are so simple that we do not want to filter them.
They work on the current calling process, doing only read operations,
they do not have a deep kernel path.

The problem may only be in 'capget' syscall since it can query arbitrary
processes, and used to discover processes, however sending signal 0 to
arbitrary processes can be used to discover if a process exists or not.
It is unfortunate that Linux allows to query processes of different
users. Lets put it now in '@process' syscall set, and later we may add
it to a new '@basic-process' set that allows most basic process
operations.
2017-10-03 07:20:05 +02:00
Lennart Poettering
fccf5419e8 prepare NEWS for 235 2017-09-28 11:26:02 +02:00
Dimitri John Ledkov
22043e4317 networkd: change UseMTU default to true. (#6837)
Typically when DHCP server sets MTU it is a lower one. And a lower than usual
MTU is then thus required on said network to have operational networking. This
makes networkd's dhcp client to work in more similar way to other dhcp-clients
(e.g. isc-dhcp). In particular, in a cloud setting, without this default
instances have resulted in timing out talking to cloud metadata source and
failing to provision.

This does not change this default for the Annonymize code path.
2017-09-19 10:26:17 +02:00
Lucas Werkmeister
ef5a8cb1a7 analyze: add get-log-level, get-log-target verbs
They’re counterparts to the existing set-log-level and set-log-target
verbs, simply printing the current value to stdout. This makes it
slightly easier to temporarily change the log level and/or target and
then restore the old value(s).
2017-09-07 23:55:59 +02:00
Jörg Thalheim
6b3c9ead19 NEWS: fix typo in v235 (#6731) 2017-09-04 03:12:12 +09:00
Mike Gilbert
8f968c7321 Revert "README: document that gperf 3.1 is required for building now" (#6541)
This reverts commit 4f5e972279.

Building with gperf 3.0 works just fine; we had an autoconf check to
determine the correct data types, and this check was ported to meson.
2017-08-05 18:30:37 -04:00
Dimitri John Ledkov
582faeb461 modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)
This allows networkd to correctly manage bond0 using networkd, when requested
by the user.

Fixes #5971 #6184
2017-08-02 08:41:18 -04:00
Zbigniew Jędrzejewski-Szmek
7f7ab22892 NEWS: say that libidn2 is experimental (#6335)
Handling of "_" and some other details requires more thought:
https://gitlab.com/libidn/libidn2/issues/30

Let's switch the default back to libidn and add a note in NEWS.
2017-07-12 09:25:59 +02:00
Lennart Poettering
ac172e52d3 update NEWS file, let's try to release this tomorrow 2017-07-11 19:17:58 +02:00
Thomas H. P. Andersen
38d9338588 NEWS: typo fixes (#6276) 2017-07-03 17:35:05 -04:00
Lennart Poettering
184d2c1576 NEWS: tweak contributors list a bit
Let's add more .mailmap entries to clean up GitHub's mess.
2017-07-03 11:19:20 +02:00
Zbigniew Jędrzejewski-Szmek
9f09a95a7e NEWS: mention that logind is restartable 2017-06-30 13:36:42 -04:00
Zbigniew Jędrzejewski-Szmek
44abc32307 mailmap: some additions for recent commits 2017-06-30 13:23:32 -04:00
Lennart Poettering
4b4da299a6 start preparing NEWS file for 234 2017-06-27 23:06:55 +02:00
Yu Watanabe
9d8813b3b4 kernel-install: support the case /etc/machine-id is missing or empty (#5975)
Some .install plugins does not require that machine ID is set such as
20-grubby.install for Fedora and 50-depmod.install.
To support such plugins to run without valid machine-id, this commit
makes the following change:
* if /etc/machine-id is missing or empty, create temporary directory
  and set its path to BOOT_DIR_ABS,
* run the .install helpers with KERNEL_INSTALL_MACHINE_ID environment
  variable that'd be empty if /etc/machine-id is missing or empty.
This may be useful for installing kernel for e.g. stateless systems
which initialize machine-id while booting the systems.
2017-05-30 09:45:10 -04:00
Zbigniew Jędrzejewski-Szmek
5486a31d28 nss-resolve: drop the internal fallback to libnss_dns (#5945)
If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:

   hosts: resolve [!UNAVAIL=return] dns myhostname

Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.

Tested with
   hosts: resolve [!UNAVAIL=return] myhostname
and
   hosts: resolve [!UNAVAIL=return] dns myhostname

Fixes #5742.
2017-05-12 14:31:46 +02:00
Philip Withnall
46ae28d8c3 man: Fix reference to timer-sync.target instead of time-sync.target (#5764)
Also fix an erroneous reference to it in the NEWS file, for posterity.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2017-04-20 12:34:26 +02:00