IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
Also reworded a few debug messages for brevity, and added a log
statement which prints out the filter at debug level:
Journal filter: (((UNIT=sys-module-configfs.device AND _PID=1) OR (COREDUMP_UNIT=sys-module-configfs.device AND MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR _SYSTEMD_UNIT=sys-module-configfs.device) AND _BOOT_ID=4e3c518ab0474c12ac8de7896fe6b154)
We want to allow clients to process an sd_bus_message on a different
thread than it was received on. Since unreffing a bus message might
readd some of its memfds to the memfd cache add some minimal locking
around the cache.
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
Bootchart has a help option. For the sake of consistency, this patch
adds it to the man page.
Also, the TODO is updated. Bootcharts were added to the journal in
commit c4d58b0.
This makes sure nss-myhostname not only resolves the local host name to
127.0.0.2/::1 but also the host name 'localhost: to 127.0.0.1/::1. This
makes installation of /etc/passwd optional, as it usually only includes
a mapping for 'localhost'.
This change also resolves ::1 to the local hostname (as before), but
also lists 'localhost' as an alias. This means look-ups are now fully
reversible, even though they are 1:n mappings.
Finally, the module will no longer erroneously claim that local IP
addresses which aren't on the loopback device were.
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
All attributes are stored as text, since root_directory is already
text, and it seems easier to have all of them in text format.
Attributes are written in the trusted. namespace, because the kernel
currently does not allow user. attributes on cgroups. This is a PITA,
and CAP_SYS_ADMIN is required to *read* the attributes. Alas.
A second pipe is opened for the child to signal the parent that the
cgroup hierarchy has been set up.
This changes the fstab mount option x-initrd-rootfs.mount to
x-initrd.rootfs, in order to only use a single namespace "x-initrd." for
all mount options of the initrd.
Setting MaxRetentionSec= caused the kernel log to overflow and the
journal daemon to enter an endless loop.
Logging from the journald main loop gets directed to /dev/kmsg,
which wakes up journald again. We skip the import of this message
by checking for our own PID, but this still causes the main loop
to never go to sleep again because we never stopped logging from
there.
Getting the cursor is split out from .get_next() into
.get_cursor(). This mirrors the C API more closely, and
also makes things a bit faster if the cursor is not needed.
The properties will still be set in the udev database, but they will not be used
for setting the interface names. As for the other kernel commandline switches,
we allow it to be prefixed by 'rd.' to only apply in the initrd.
Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently
wrapped.
The userspace firmware loader is deprecated now, and will be entirely
removed when we depend on a kernel version with the built-in firmware
loader available.
I originally added this to stay as compatible as possible with the kernel, but
as Lennart argued it is not really useful in the initramfs, so let's drop it (we
already don't support 'rootdealy').
We currently enforce that seats are to be named in the form of
"seatXXX", i.e. need to begin with the 4 characters "seat". Thus,
"seat-master" would qualify as a seat name. As seat names are frequently
used as tags on devices, the "seat-master" tag might hence confuse
logind if the user decides to name a seat "seat-master".
Hence, avoid any ambuigity: let's rename the "seat-master" tag to
"master-of-seat".
- fix typo
- use compiled systemd-nspawn
- drop --capability=... from systemd-nspawn invocation, is is the default now
- simplify sudo make invocations
- Don't allow any locks to be taken while we are in the process of
executing the specific operation, so that apps are not surprised if a
suspend/shutdown happens while they rely on their inhibitor.
- Get rid of the Resumed signal, it was a bad idea, and redundant due to
PrepareForSleep(false), see below.
- Always send out PrepareFor{Shutdown,Sleep} signals, instead of only if
a delay lock is taken.
- Move PrepareForSleep(false) after we come back from the suspend, so
that apps can use this as "Resumed" notification. This also has the
benefit that apps know when to take a new lock.
We should not pimp up the kernel's VC stuff, it's too linited and
fragile.
At the moment not even the font uploaded early during bootup does
survive the KMS driver taking over the framebuffer driver. We
surely don't want to make promises about colors or resolution.
The future is fullscreen KMS/kmscon/wayland/... based terminals using
X fonts, keymaps, input methods, and not the old school too limited
kernel VC stuff. So leave the kernel VCs as they are, and don't expect
wonders.
This way we also get a man page. The output is not as polished.
I hope that it doesn't matter too much.
index.html is not generated now, the page is called
systemd.index.html. If necessary, an install hook should be added.
Adds is-failed to join is-active and is-enabled.
I grabbed this one from the todo list. Most of the functionality was
already there for is-active. I just needed to make check_one_unit take
the states to check for as an argument instead of the hardcoded
"active" and "reloading".
is-failed will return 1 if none of the units given are failed. This is
different from is-active which will return 3 if none of the units
given are active. It returns 3 with this comment:
/* According to LSB: "program is not running" */
As that does not make sense when looking for failed units I simply
chose 1 instead.
The split should be into a lightweight collection tool that can run
with minimal dependencies and resources for server and embedded
systems. The analysis tool can pull in desktop-style dependencies
like Cairo and GTK.
Much like logind has a client in loginctl, and journald in journalctl
introduce timedatectl, to change the system time (incl. RTC), timezones
and related settings.
Turns out cpuset needs explicit initialization before we could make use
of it. Thus mounting cpuset with cpu/cpuacct would make it impossible to
just create a group in "cpu" and start it.
Instead of doing hand optimized fd bisect arrays just use plain old
hashmaps. Now I can understand my own code again. Yay!
As a side effect this should fix some bad memory accesses caused by
accesses after mmap(), introduced in 189.
Note: I did s/MANAGER/SYSTEMD/ everywhere, even though it makes the
patch quite verbose. Nevertheless, keeping MANAGER prefix in some
places, and SYSTEMD prefix in others would just lead to confusion down
the road. Better to rip off the band-aid now.
When the new PID is invoked the journal socket from the initrd might
still be around. Due to the default log target being journal we'd log to
that initially when the new main systemd initializes even if the kernel
command line included a directive to redirect systemd's logging
elsewhere.
With this fix we initially always log to kmsg now, if we are PID1, and
only after parsing the kernel cmdline try to open the journal if that's
desired.
(The effective benefit of this is that SELinux performance data is now
logged again to kmsg like it used to be.)
Previously, if X allocated all 6 TTYs (for multi-session for example) no
getty would be available anymore to guarantee console-based logins.
With the new ReserveVT= switch in logind.conf we can now choose one VT
(6 by default) that will always be subject to autovt-style activation,
i.e. we'll always have a getty on TTY6, and X will never take possession
of it.
- Make writing/reading of /etc/timezone dependendent of HAVE_SYSV_COMPAT
- Introduce symlink_atomic() after all, and use it
- Use relative symlink for /etc/localtime
This splits the JSON output mode into different modes: json and
json-pretty. The former printing one entry per line, the latter showing
JSON objects nicely indented and in multiple lines to make it easier to
read for humans.
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
In order to make containers work nicely out of the box it is highly
desirable to have the mount propagation mode for the root fs is set as
"shared" by default so that containers receive system mounts by default.
(See mount --make-shared for more information).
As it is unlikely that the kernel will change the default to "shared"
for this, do this early at boot-up from PID 1. Setups which prefer the
default of "private" should undo this change via invoking "mount
--make-private /" or a similar command after boot.
In the long run /etc/fstab should take the propagation mode as a mount
option like any other, so that this may be used to change the default
mode. However, if fstab is not around or doesn't list / we still should
default to shared as propagation mode, hence this change now.
Adds messages for formally silent errors: new "Failed on cmdline argument %s: %s".
Removes some specific error messages for -ENOMEM in mount-setup.c. A few specific
ones have been left in other binaries.
When an automatic restart is already queued, then make subsequent start
jobs wait until the restart can be handled (i.e. after the holdhoff
time), instead of simply fail.
