IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
sysexits.h has:
#define EX_CANTCREAT 73 /* can't create (user) output file */
EX_DATAERR is a copy-paste error from the previous sentence, which is
correct.
Similar as the other options added before, this is primarily useful to
provide comprehensive OCI runtime compatbility, but might be useful
otherwise, too.
This simply controls the PR_SET_NO_NEW_PRIVS flag for the container.
This too is primarily relevant to provide OCI runtime compaitiblity, but
might have other uses too, in particular as it nicely complements the
existing --capability= and --drop-capability= flags.
Previously, the container's hostname was exclusively initialized from
the machine name configured with --machine=, i.e. the internal name and
the external name used for and by the container was synchronized. This
adds a new option --hostname= that optionally allows the internal name
to deviate from the external name.
This new option is mainly useful to ultimately implement the OCI runtime
spec directly in nspawn, but it might be useful on its own for some
other usecases too.
This ensures we set the various resource limits of our container
explicitly on each invocation so that we inherit less from our callers
into the payload.
By default resource limits are now set to the same values Linux
generally passes to the host PID 1, thus minimizing needless differences
between host and container environments.
The limits are now also configurable using a new --rlimit= switch. This
is preparation for teaching nspawn native OCI runtime support as OCI
permits setting resource limits for container payloads, and it hence
probably makes sense if we do too.
What the man page said was different than what the code did.
save_external_coredump() will store the core temporarily for backtrace
generation, and will delete if afterwards if it is too large. So to disable
processing, it's necessary to both set
Storage=none/Storage=journal+JournalSizeMax=0/Storage=external+ExternalSizeMax=0
and ProcessSizeMax=0. This updates the man page to reflect the code.
The man pages are extended to describe that Storage=none + ProcessSizeMax=0 is
the simplest way to disable coredump processing. All the storage and processing
options make this quite complicated, so let's add a copy-and-pasteable example
of how to disable coredump. Doing it through coredump.conf has the advantage
that we still log, and the effect is immediate, unlike masking the sysconf
file.
Fixes#8788.
Commenting out "WatchdogTimeout=3min" in systemd-logind.service causes
NotifyAccess to go from "main" to "none", breaking support for logind
restart. Let's fix that.
Since StandardOutput=file:path is more similar to StandardInput= than
StandardInputText=, and only StandardInput= is actually documented above
StandardOutput= whereas StandardInputText= is documented below it, I
assume the intention was to refer to the former.
While set of systemd-journal-{gatewayd,remote,upload}.service services presents single subsystem on journald logs network transmission, systemd-journal-gatewayd.service description should also contain links to other parts of this subsystem: systemd-journal-remote.service and systemd-journal-upload.service.
* man: systemd-networkd-wait-online: systemd.service
While service type is mentioned (is a oneshot system service), link on systemd.service is added. 'See Also' section is also updated with link on systemd.service man-page.
Added short keys -u and -m for --unescape and --mangle respectively. These short keys are present in systemd-escape --help output and are absent in man systemd-escape page.
Add journal-upload.conf refentrytitle to have the same format to systemd-journal-remote.service description, which contains refentrytitle on journal-remote.conf in 'See Also' section.
This patch add support to enables to send User Class option code 77
RFC 3004.
This option MAY carry multiple User Classes.
The format of this option is as follows:
Code Len Value
+-----+-----+--------------------- . . . --+
| 77 | N | User Class Data ('Len' octets) |
+-----+-----+--------------------- . . . --+
where Value consists of one or more instances of User Class Data.
Each instance of User Class Data is formatted as follows:
UC_Len_i User_Class_Data_i
+--------+------------------------ . . . --+
| L_i | Opaque-Data ('UC_Len_i' octets) |
+--------+------------------------ . . . --+
UserClass=
A DHCPv4 client can use UserClass option to identify the type or category of user or applications
it represents. The information contained in this option is an string that represents the user class
of which the client is a member. Each class sets an identifying string of information to be used by the DHCP service to classify clients. Takes a whitespace-separated list.
UserClass= hello world how are you
Closes: RFC: #5134
Our CODING_STYLE document suggests to suffix all paths referring to dirs
rather than regular files with a "/" in our docs and log messages.
Update file-hierarchy(7) to do just that.
No other changes.
We document this further down in the text, but let's also list this
early on, where we mention the FHS as major influence too, so that it is
clear we incorporate all that thinking.
Previously, reading through systemd.exec(5) one might get the idea that
XDG_SEAT and XDG_VTNR are part of the service management logic, but they
are not, they are only set if pam_systemd is part of a PAM stack an
pam_systemd is used.
Hence, let's drop these env vars from the list of env vars, and instead
add a paragraph after the list mentioning that pam_systemd might add
more systemd-specific env vars if included in the PAM stack for a
service that uses PAMName=.
Rather than choosing to set or unset any of these flag
use kernel defaults. This patch makes following properties to unset.
UseBPDU = unset
HairPin = unset
FastLeave = unset
AllowPortToBeRoot = unset
UnicastFlood = unset
This implements similar logic as conf_files_cat(), but with slightly different
file gathering logic. I also want to add support for replacement files later on,
so it seems better to keep those two file-gathering functions separate.
This is used as 'systemd-analyze show-config systemd/logind.conf', which
will dump
/etc/systemd/system/user@.service
/etc/systemd/system/user@.service.d/*.conf
/run/systemd/system/user@.service.d/*.conf
/usr/local/lib/systemd/system/user@.service.d/*.conf
/usr/lib/systemd/system/user@.service.d/*.conf
The idea is to make it easy to dump the configuration using the same locations
and order that systemd programs use themselves (including masking, in the right
order, etc.). This is the generic variant that works with any configuration
scheme that follows the same general rules:
$ systemd-analyze cat-config systemd/system.conf
$ systemd-analyze cat-config systemd/user.conf
$ systemd-analyze cat-config systemd/logind.conf
$ systemd-analyze cat-config systemd/sleep.conf
$ systemd-analyze cat-config systemd/journald.conf
$ systemd-analyze cat-config systemd/journal-remote.conf
$ systemd-analyze cat-config systemd/journal-upload.conf
$ systemd-analyze cat-config systemd/coredump.conf
$ systemd-analyze cat-config systemd/resolved.conf
$ systemd-analyze cat-config systemd/timesyncd.conf
$ systemd-analyze cat-config udev/udev.conf
This removes the UserTasksMax= setting in logind.conf. Instead, the generic
TasksMax= setting on the slice should be used. Instead of a transient unit we
use a drop-in to tweak the default definition of a .slice. It's better to use
the normal unit mechanisms instead of creating units on the fly. This will also
make it easier to start user@.service independently of logind, or set
additional settings like MemoryMax= for user slices.
The setting in logind is removed, because otherwise we would have two sources
of "truth": the slice on disk and the logind config. Instead of trying to
coordinate those two sources of configuration (and maintainer overrides to
both), let's just convert to the new one fully.
Right now now automatic transition mechanism is provided. logind will emit a
hint when it encounters the setting, but otherwise it will be ignored.
Fixes#2556.
Those are quite similar to %i/%I, but refer to the last dash-separated
component of the name prefix.
The new functionality of dash-dropins could largely supersede the template
functionality, so it would be tempting to overload %i/%I. But that would
not be backwards compatible. So let's add the two new letters instead.
The description in the man page disagreed with the code. Let the code win,
since if anybody is using this, they are more likely to depend on actual
behaviour rather than the docs. (In Fedora workstation installation there's
only one use, and it doesn't make much sense either way: SyslogIdentifier=%N
in xfs_scrub@.service.)
Also adds dots at the end everywhere, because we have multiple sentences in
some explanations, so we need dots.
- Add a new flag --strict to tell systemd-hwdb to return a
non-zero code on error.
- Make systemd-hwdb update return an error when any parsing
error occurs (only if strict flag is set).
Newer terminals (in particular gnome-terminal) understand special escape
sequence for formatting clickable links. Let's support that to make our
tool output more clickable where that's appropriate.
For details see this:
https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
The one big issue is that 'less' currently doesn't grok this, and
doesn't ignore sequence like regular terminal implementations do if they
don't support it. Hence for now, let's disable URL output if a pager is
used. We should revisit that though as soon as less added support for it
and enough time passed for it to enter various distributions.
Double newlines (i.e. one empty lines) are great to structure code. But
let's avoid triple newlines (i.e. two empty lines), quadruple newlines,
quintuple newlines, …, that's just spurious whitespace.
It's an easy way to drop 121 lines of code, and keeps the coding style
of our sources a bit tigther.
First of all, it's frickin' ugly and wrong, as IPC sockets should be
placed in /run and definitely not under a guessable name under
world-writable /tmp. Secondly, it can't even work as we set
PrivateTmp=yes on the service.
Hence, let's clean up the example, and simply use a socket in /run
instead.
Fixes: #8419
We have a common parser, but for the user it might be
completely unobvious that the same general rules apply
to all those files. Let's add a page about the basic syntax
so that the more specific pages don't have to repeat those
details.
Absolute paths make everything simple and quick, but sometimes this requirement
can be annoying. A good example is calling 'test', which will be located in
/usr/bin/ or /bin depending on the distro. The need the provide the full path
makes it harder a portable unit file in such cases.
This patch uses a fixed search path (DEFAULT_PATH which was already used as the
default value of $PATH), and if a non-absolute file name is found, it is
immediately resolved to a full path using this search path when the unit is
loaded. After that, everything behaves as if an absolute path was specified. In
particular, the executable must exist when the unit is loaded.
