1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

1550 Commits

Author SHA1 Message Date
Susant Sahani
30ae9dfda3 networkd: Introduce tun/tap device
This patch introduces TUN/TAP device creation support
to networkd.

Example conf to create a tap device:

file: tap.netdev
------------------
[NetDev]
Name=tap-test
Kind=tap

[Tap]
OneQueue=true
MultiQueue=true
PacketInfo=true
User=sus
Group=sus
------------------

Test:
1. output of ip link
tap-test: tap pi one_queue UNKNOWN_FLAGS:900 user 1000 group 1000

id:
uid=1000(sus) gid=10(wheel) groups=10(wheel),1000(sus)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Modifications:

Added:
1. file networkd-tuntap.c
3. netdev kind NETDEV_KIND_TUN and NETDEV_KIND_TAP
2. Tun and Tap Sections and config params to parse
   conf and gperf conf parameters

[tomegun: tweak the 'kind' checking for received ifindex]
2014-07-03 11:00:02 +02:00
Lennart Poettering
8f6e22a1ca man: /usr/bin may contain binaries in any compatible arch, not just the primary one 2014-07-03 01:10:01 +02:00
Lennart Poettering
4ee4264c3b man: fix links to systemd-efi-boot-generator(8) 2014-07-03 01:09:35 +02:00
Lennart Poettering
9a00f57a5b path: add new "systemd-path" utility for querying paths described in file-hierarchy(7)
This new tool is based on "sd-path", a new (so far unexported) API for
libsystemd, that can hopefully grow into a workable API covering /opt
and more one day.
2014-07-02 12:23:36 +02:00
Tom Gundersen
9e358851b4 networkd: netdev - add dummy support 2014-07-01 22:10:07 +02:00
Eugene Yakubovich
4cc7a82c94 networkd: send hostname to dhcp server
Send hostname (option 12) in DISCOVER and REQUEST messages so the
DHCP server could use it to register with dynamic DNS and such.

To opt-out of this behaviour set SendHostname to false in [DHCP]
section of .network file

[tomegun: rebased, made sure a failing set_hostname is a noop and moved
          config from DHCPv4 to DHCP]
2014-07-01 22:02:25 +02:00
Tom Gundersen
0a8a0fad01 man: bring systemd.network(5) up-to-date
Based on diff by 'poma'.
2014-07-01 21:49:53 +02:00
Tom Gundersen
b35a290960 man: bring systemd.netdev(5) up-to-date
Based on a diff by the mysterious 'poma'.
2014-07-01 21:49:53 +02:00
Thomas Hindoe Paaboel Andersen
ce1dde29b9 typo fixes 2014-07-01 21:12:05 +02:00
Kay Sievers
eafbd4d7ce man: file-hierarchy - emphasize /usr/lib/$arch-id instead of $libdir 2014-07-01 17:47:38 +02:00
Christian Hesse
02ea24ca2a man/sd_journal_get_data: fix variable naming in example 2014-07-01 16:38:40 +02:00
Christian Hesse
8959ae0d4c man/sd_journal_next: fix argument in example
The example does not compile, it fails with:

error: passing argument 3 of ‘sd_journal_get_data’ from incompatible
pointer type

Cast to (const void **) to avoid this.
2014-07-01 16:38:37 +02:00
Lennart Poettering
959ddb4700 man: document directories in $HOME, too, in file-hierarchy(7) 2014-07-01 13:51:36 +02:00
Lennart Poettering
cdf0c7abf8 man: document ConditionNeedsUpdate= 2014-07-01 01:33:56 +02:00
Lennart Poettering
82a30aae48 man: extend a bit what to expect from the various places apps can store data 2014-07-01 01:14:22 +02:00
Lennart Poettering
c65b503d01 man: add sections about file node types and write access to file-hierarchy(7) 2014-07-01 01:14:22 +02:00
Zbigniew Jędrzejewski-Szmek
ee43f49b78 man: mention x-initrd.mount option in fstab options list 2014-06-30 18:41:17 -04:00
Zbigniew Jędrzejewski-Szmek
63b03c0b28 man: mention that x-systemd.device-timeout is only for fstab
Reformat fstab options description. Now they are easier to read and
show up in systemd.directives(7).

Use a single sublist for both /etc/fstab and /etc/crypttab options.
Many of them can be used in both places. crypttab(5) is updated to use
the same docbook elements, so formatting is uniform.
2014-06-30 18:41:17 -04:00
Zbigniew Jędrzejewski-Szmek
a17f2dc15b man: beef up systemd-fsck description 2014-06-30 18:41:17 -04:00
Lennart Poettering
6e81b5b9dc man: reference $TMPDIR, not $TMP in file-hierarchy(7)
This what environ(7) and POSIX define, so that's what we should
reference.
2014-07-01 00:29:38 +02:00
Lennart Poettering
7caa86ac4d man: document systemd-update-done.service 2014-07-01 00:16:48 +02:00
Tom Gundersen
dc7f577501 man: file-hierarchy - minor fixes
Leave non-specified top-level dirs out of the spec, and minor cleanups.
2014-07-01 00:06:16 +02:00
Lennart Poettering
cd48031bcf man: document how to query $libdir for the primary architecture using pkg-config 2014-06-30 23:30:00 +02:00
Thomas Hindoe Paaboel Andersen
fcba63a846 man: file-hierarchy - typo fixes 2014-06-30 22:54:21 +02:00
Lennart Poettering
2f3d398a05 man: deemphesize Fedora-specific "lib64", only mention the more generic $libdir 2014-06-30 22:49:10 +02:00
Thomas Hindoe Paaboel Andersen
908c32e0f3 man: daemon - typo fix 2014-06-30 22:38:17 +02:00
Lennart Poettering
9fc25924be man: a couple of additions to file-hierarchy(7) 2014-06-30 19:52:44 +02:00
Lennart Poettering
8c63bf4ab0 man: drop references to manual StandardError=syslog from daemon(7), we do this implicitly since ages 2014-06-30 19:06:11 +02:00
Lennart Poettering
9546c6ed67 man: add a minimized, modernized description of the file system hierarchy systemd suggests 2014-06-30 19:05:17 +02:00
Lennart Poettering
21236ab510 man: document the sysusers tool 2014-06-29 22:27:07 +02:00
Eugene Yakubovich
e1ea665eda Add support for DHCP static route options
This adds support for DHCP options 33 and 121: Static Route and
Classless Static Route. To enable this feature, set UseRoutes=true
in .network file. Returned routes are added to the routing table.
2014-06-29 15:18:21 +02:00
Tom Gundersen
ed942a9eb2 networkd: merge DHCPv4 and DHCPv6 config
If there are v4 or v6 specific options we can keep those in separate sections,
but for the common options, we will use only one.

Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.
2014-06-29 15:18:21 +02:00
Jan Engelhardt
45df8656eb doc: typographical improvements and choice of words 2014-06-28 00:06:31 -04:00
Jan Engelhardt
8d0e0ddda6 doc: grammatical corrections 2014-06-28 00:06:30 -04:00
Lennart Poettering
102bd40e1e man: split systemd.network(5) and related into various sections for better readability 2014-06-27 20:50:08 +02:00
Lennart Poettering
4bb278e51e man: document automatic networkd IP range allocation 2014-06-27 20:42:06 +02:00
Lennart Poettering
b1317b34f4 man: fix sd_watchdog_enabled() prototype in man page
https://bugs.freedesktop.org/show_bug.cgi?id=80597
2014-06-27 19:51:14 +02:00
Lennart Poettering
8c9571d0ae coredump: replace Compression= setting by simpler Compress= boolean setting
Let's move things closer to journald's configuration settings, which
knows Compress= already, as a boolean. This makes things more uniform,
but also gives us more freedom to possibly swap out the used compression
algorithm one day.
2014-06-27 19:35:57 +02:00
Lennart Poettering
cf677ac1b7 coredump: don't expose the compression level as configuration option
This sounds overly low-level and implementation-detaily. Let's just
use the default level XZ suggests. This gives us more room to possibly
swap out the compression algorithm used, as the compression level range
will not leak into user configuration.
2014-06-27 19:35:57 +02:00
Lennart Poettering
0dc5d23c85 coredump: add simple coredump vacuuming
When disk space taken up by coredumps grows beyond a configured limit
start removing the oldest coredump of the user with the most coredumps,
until we get below the limit again.
2014-06-27 19:35:57 +02:00
Zbigniew Jędrzejewski-Szmek
3cc765d271 man: add coredump.conf(5) 2014-06-26 01:41:04 -04:00
Lennart Poettering
99813a1912 systemctl: add new "is-system-running" command to check whether system is fully up
https://bugs.freedesktop.org/show_bug.cgi?id=66926
2014-06-25 12:31:03 +02:00
Zbigniew Jędrzejewski-Szmek
96e2644150 Revert "Add systemd-coredumpctl as an alias for coredumpctl"
This reverts the documentation part of commit
dfdd0e0730.
2014-06-23 23:14:55 -04:00
Zbigniew Jędrzejewski-Szmek
9fcdf32294 man: fix path in crypttab(5)
https://bugs.freedesktop.org/show_bug.cgi?id=75816
2014-06-23 23:14:54 -04:00
Zbigniew Jędrzejewski-Szmek
dfdd0e0730 Add systemd-coredumpctl as an alias for coredumpctl
Should make the transition easier for exisiting users.
2014-06-22 15:30:19 -04:00
Zbigniew Jędrzejewski-Szmek
c305edb643 man: untabify systemd-resolved.service.xml 2014-06-22 12:26:09 -04:00
Jonathan Boulle
40ef48600f fix systemd-resolved reference in man page
Guess this was missed in the copy-paste :-)
2014-06-22 12:26:09 -04:00
Kay Sievers
2f3b873a49 tmpfiles: copy/link /usr/share/factory/ files when the source argument is omitted 2014-06-20 15:57:43 +02:00
Lennart Poettering
3c5a87a879 debug-generator: add new kernel cmdline option systemd.wants= to add units to the initial transaction 2014-06-20 13:36:28 +02:00
Zbigniew Jędrzejewski-Szmek
7141829512 man: also describe an udev rule for bridge sysctl 2014-06-19 21:14:07 -04:00
Zbigniew Jędrzejewski-Szmek
7284335adb man: document statically loading modules for sysctl settings
https://bugzilla.redhat.com/show_bug.cgi?id=1022977
https://bugzilla.novell.com/show_bug.cgi?id=725412
2014-06-19 20:44:49 -04:00
Lennart Poettering
e156347e04 tmpfiles: make sure "C" doesn't copy anything if the destination already exists
Previously it would recursively copy the entire tree in, and descend
into subdirectories even if the destination already exists. Let's do
what the documentation says and not do that.

If files down the tree shall be copied too, they should get their own
"C" lines.
2014-06-19 19:36:08 +02:00
Lennart Poettering
eca8701ae7 man: document new coredumpctl commands 2014-06-19 17:36:39 +02:00
Lennart Poettering
f685b70279 man: add documentation for systemd-debug-generator 2014-06-19 17:06:35 +02:00
Lennart Poettering
52c611b776 man: add new kernel command line switches to kernel-command-line(7) 2014-06-19 16:54:40 +02:00
Ronny Chevalier
08d555f347 man: fix typo 2014-06-19 08:53:31 -04:00
Lennart Poettering
f4bab1690e coredump: coredumpctl is so useful now, make it a first-class citizen
Drop the "systemd-" prefix, renaming it from "systemd-coredumpctl" to
"coredumpctl".
2014-06-19 13:46:01 +02:00
Lennart Poettering
edc3797f7c journald: make SplitMode=uid the default
Now that we actually can distuingish system and normal users there's no
point in taking session information into account anymore when splitting
up logs.

This has the beenfit with that coredump information will actually end up
in each user's own journal.
2014-06-19 12:38:45 +02:00
Lennart Poettering
9542239eaf cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup
https://bugzilla.redhat.com/show_bug.cgi?id=1097938
2014-06-18 00:09:46 +02:00
Lennart Poettering
1554afae54 tmpfiles: add "+" modifier support to b, c, p lines in addition to L 2014-06-18 00:09:46 +02:00
Zbigniew Jędrzejewski-Szmek
0a498f163a man: fix typo 2014-06-17 17:29:47 -04:00
Lennart Poettering
d54c499369 install: introduce new DefaultInstance= field for [Install] sections
The DefaultInstance= name is used when enabling template units when only
specifying the template name, but no instance.

Add DefaultInstance=tty1 to getty@.service, so that when the template
itself is enabled an instance for tty1 is created.

This is useful so that we "systemctl preset-all" can work properly,
because we can operate on getty@.service after finding it, and the right
instance is created.
2014-06-17 02:43:43 +02:00
Lennart Poettering
d309c1c364 install: beef up preset logic to limit to only enable or only disable, and do all-unit preset operations
The new "systemctl preset-all" command may now be used to put all
installed units back into the enable/disable state the vendor/admin
encoded in preset files.

Also, introduce "systemctl --preset-mode=enable-only" and "systemctl
--preset-mode=disable-only" to only apply the enable or only the disable
operations of a "systemctl preset" or "systemctl preset-all" operation.

"systemctl preset-all" implements this RFE:

https://bugzilla.redhat.com/show_bug.cgi?id=630174
2014-06-17 02:43:17 +02:00
Lennart Poettering
2e78fa79bb tmpfiles: add new "L+" command as stronger version of "L", that removes the destination before creating a symlink
Also, make use of this for mtab as long as mount insists on creating it
even if we invoke it with "-n".
2014-06-16 13:21:07 +02:00
Lennart Poettering
2dbd4a9454 mount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s "-s" switch 2014-06-16 01:02:27 +02:00
Lennart Poettering
5ae4d543cb os-release: define /usr/lib/os-release as fallback for /etc/os-release
The file should have been in /usr/lib/ in the first place, since it
describes the OS container in /usr (and not the configuration in /etc),
hence, let's support os-release files in /usr/lib as fallback if no
version in /etc exists, following the usual override logic.

A prior commit already enabled tmpfiles to create /etc/os-release as a
symlink to /usr/lib/os-release should it be missing, thus providing nice
compatibility with applications only checking in /etc.

While it's probably a good idea if all apps check both locations via a
fallback logic, it is only necessary in the early boot process, as long
as the /etc/os-release symlink has not been restored, in case we boot
with an empty /etc.
2014-06-13 20:11:59 +02:00
Lennart Poettering
a4a878d040 units: introduce network-pre.target as place to hook in firewalls
network-pre.target is a passive target that should be pulled in by
services that want to be executed before any network is configured (for
example: firewall scrips).

network-pre.target should be ordered before all network managemet
services (but not be pulled in by them).

network-pre.target should be order after all services that want to be
executed before any network is configured (and be pulled in by them).
2014-06-11 12:14:55 +02:00
Lennart Poettering
abef3f91ce tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories
This way it makes a lot more sense to specify an access mode for "Z"
lines.
2014-06-11 10:14:07 +02:00
Lennart Poettering
1910cd0e05 tmpfiles: when processing lines, always process prefixes before suffixes
If two lines refer to paths that are suffix and prefix of each other,
then always process the prefix first, the suffix second. In all other
cases strictly process rules in the order they appear in the files.

This makes creating /var/run as symlink to /run a lot more fun, since it
is automatically created first.
2014-06-11 01:37:35 +02:00
Lennart Poettering
06c17c39a8 nspawn: add new --tmpfs= option to mount a tmpfs on specific directories, such as /var 2014-06-11 00:44:30 +02:00
Lennart Poettering
e73a03e059 tmpfiles: get rid of "m" lines, make them redundant by "z"
"m" so far has been a non-globbing version of "z". Since this makes it
quite redundant, let's get rid of it. Remove "m" from the man pages,
beef up "z" docs instead, and make "m" nothing more than a compatibility
alias for "z".
2014-06-10 23:42:16 +02:00
Lennart Poettering
849958d1ba tmpfiles: add new "C" line for copying files or directories 2014-06-10 23:02:40 +02:00
Lennart Poettering
51cb9d734a man: updates to the passive target section 2014-06-10 18:52:28 +02:00
Mark Eichin
299a55075d man: Searching for an explanation of what a "slice unit" was, found this, felt compelled to send in fixes for the obvious typos 2014-06-10 18:05:58 +02:00
David Strauss
9a92e77e43 man: clarify the effect of replace-irreversibly on future conflicting jobs 2014-06-09 15:32:03 -07:00
Mantas Mikulėnas
d275b52969 man: fix references to sd_journal_cutoff_realtime_usec 2014-06-06 15:50:30 +02:00
Lennart Poettering
d6797c920e namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
2014-06-06 14:37:40 +02:00
Lennart Poettering
6cfe2fde1c core: introduce new Restart=on-abnormal setting
Restart=on-abnormal is similar to Restart=on-failure, but avoids
restarts on unclean exit codes (but still doing restarts on all
obviously unclean exits, such as timeouts, signals, coredumps, watchdog
timeouts).

Also see:

https://fedorahosted.org/fpc/ticket/191
2014-06-05 18:42:52 +02:00
Lennart Poettering
5331194c12 core: don't include /boot in effect of ProtectSystem=
This would otherwise unconditionally trigger any /boot autofs mount,
which we probably should avoid.

ProtectSystem= will now only cover /usr and (optionally) /etc, both of
which cannot be autofs anyway.

ProtectHome will continue to cover /run/user and /home. The former
cannot be autofs either. /home could be, however is frequently enough
used (unlikey /boot) so that it isn't too problematic to simply trigger
it unconditionally via ProtectHome=.
2014-06-05 10:03:26 +02:00
Lennart Poettering
3900e5fdff socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system
This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.
2014-06-05 09:55:53 +02:00
Lennart Poettering
1b8689f949 core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.

With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
2014-06-04 18:12:55 +02:00
Lennart Poettering
03ee5c38cb journald: move /dev/log socket to /run
This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.
2014-06-04 16:53:58 +02:00
Lennart Poettering
811ba7a0e2 socket: add new Symlinks= option for socket units
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO
nodes in the file system, with the same lifecycle as the socket itself.

This has two benefits: first, this allows us to remove /dev/log and
/dev/initctl from /dev, thus leaving only symlinks, device nodes and
directories in the /dev tree. More importantly however, this allows us
to move /dev/log out of /dev, while still making it accessible there, so
that PrivateDevices= can provide /dev/log too.
2014-06-04 16:21:17 +02:00
Lennart Poettering
bd1fe7c79d socket: optionally remove sockets/FIFOs in the file system after use 2014-06-04 13:12:34 +02:00
Lennart Poettering
417116f234 core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
2014-06-03 23:57:51 +02:00
Tom Gundersen
b686acb27e resolved: move resolv.conf to resolved's runtime dir 2014-06-02 15:14:32 +02:00
Stef Walter
c779a44222 hostnamed: Fix the way that static and transient host names interact
It is almost always incorrect to allow DHCP or other sources of
transient host names to override an explicitly configured static host
name.

This commit changes things so that if a static host name is set, this
will override the transient host name (eg: provided via DHCP). Transient
host names can still be used to provide host names for machines that have
not been explicitly configured with a static host name.

The exception to this rule is if the static host name is set to
"localhost". In those cases we act as if no
static host name has been explicitly set.

As discussed elsewhere, systemd may want to have an fd based ownership
of the transient name. That part is not included in this commit.
2014-05-28 09:34:37 +08:00
Zbigniew Jędrzejewski-Szmek
623538c312 man: describe sd_uid_get_display 2014-05-24 18:50:21 -04:00
Zbigniew Jędrzejewski-Szmek
b9acccb3c9 man: reword StartupCPUShares= description
Now that we have two options described in the same paragraph, we cannot
use singular anymore.
2014-05-24 18:50:21 -04:00
Lennart Poettering
0afedd300c man: update URL refernce in daemon(7)
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html
2014-05-22 16:22:48 +09:00
Lennart Poettering
c4b834a4ad man: drop reference to file locking for PID file creation from daemon(7)
File locking is usually a bad idea, don't suggest using it.
2014-05-22 16:15:56 +09:00
Lennart Poettering
9a05490933 cgroups: simplify CPUQuota= logic
Only accept cpu quota values in percentages, get rid of period
definition.

It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values.
2014-05-22 11:53:12 +09:00
Lennart Poettering
db785129c9 cgroup: rework startup logic
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io
weights, and keep the startup unit set around all the time.
2014-05-22 07:13:56 +09:00
WaLyong Cho
95ae05c0e7 core: add startup resource control option
Similar to CPUShares= and BlockIOWeight= respectively. However only
assign the specified weight during startup. Each control group
attribute is re-assigned as weight by CPUShares=weight and
BlockIOWeight=weight after startup.  If not CPUShares= or
BlockIOWeight= be specified, then the attribute is re-assigned to each
default attribute value. (default cpu.shares=1024, blkio.weight=1000)
If only CPUShares=weight or BlockIOWeight=weight be specified, then
that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-05-22 07:13:56 +09:00
Tom Gundersen
091a364c80 resolved: add daemon to manage resolv.conf
Also remove the equivalent functionality from networkd.
2014-05-19 18:14:56 +02:00
Nis Martensen
f1721625e7 fix spelling of privilege 2014-05-19 00:40:44 +09:00
Michael Marineau
2bcc252371 man: note that entire sections can now be ignored
Prefixing a section name with "X-" will cause it and all of its contents
to be silently ignored as of commit 342aea19.
2014-05-18 11:32:51 +02:00
Jason St. John
24fe021ba5 man: logind.conf: fix grammar issues, unclear wording, and unclear default values 2014-05-16 23:10:11 -04:00
Mantas Mikulėnas
8f18f550e7 man: update journald rate limit defaults
This brings the man page back into sync with the actual code.
2014-05-16 18:58:35 +02:00
Holger Hans Peter Freyther
f1f0198cb6 fsck: Allow to specify the fsck repair option in the cmdline
Some unattended systems do not have a console attached and entering
the default rescue mode will not be too helpful. Allow to specify
the "-y" option to attempt to fix all filesystem errors.

Manually verified by downloading an image.gz of e2fsprogs, using
losetup and running systemd-fsck on the loop device and varying
the fsck.repair=preen|yes|no option.
2014-05-16 18:33:59 +02:00