1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

1427 Commits

Author SHA1 Message Date
Mark Eichin
299a55075d man: Searching for an explanation of what a "slice unit" was, found this, felt compelled to send in fixes for the obvious typos 2014-06-10 18:05:58 +02:00
David Strauss
9a92e77e43 man: clarify the effect of replace-irreversibly on future conflicting jobs 2014-06-09 15:32:03 -07:00
Mantas Mikulėnas
d275b52969 man: fix references to sd_journal_cutoff_realtime_usec 2014-06-06 15:50:30 +02:00
Lennart Poettering
d6797c920e namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
2014-06-06 14:37:40 +02:00
Lennart Poettering
6cfe2fde1c core: introduce new Restart=on-abnormal setting
Restart=on-abnormal is similar to Restart=on-failure, but avoids
restarts on unclean exit codes (but still doing restarts on all
obviously unclean exits, such as timeouts, signals, coredumps, watchdog
timeouts).

Also see:

https://fedorahosted.org/fpc/ticket/191
2014-06-05 18:42:52 +02:00
Lennart Poettering
5331194c12 core: don't include /boot in effect of ProtectSystem=
This would otherwise unconditionally trigger any /boot autofs mount,
which we probably should avoid.

ProtectSystem= will now only cover /usr and (optionally) /etc, both of
which cannot be autofs anyway.

ProtectHome will continue to cover /run/user and /home. The former
cannot be autofs either. /home could be, however is frequently enough
used (unlikey /boot) so that it isn't too problematic to simply trigger
it unconditionally via ProtectHome=.
2014-06-05 10:03:26 +02:00
Lennart Poettering
3900e5fdff socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system
This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.
2014-06-05 09:55:53 +02:00
Lennart Poettering
1b8689f949 core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.

With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
2014-06-04 18:12:55 +02:00
Lennart Poettering
03ee5c38cb journald: move /dev/log socket to /run
This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.
2014-06-04 16:53:58 +02:00
Lennart Poettering
811ba7a0e2 socket: add new Symlinks= option for socket units
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO
nodes in the file system, with the same lifecycle as the socket itself.

This has two benefits: first, this allows us to remove /dev/log and
/dev/initctl from /dev, thus leaving only symlinks, device nodes and
directories in the /dev tree. More importantly however, this allows us
to move /dev/log out of /dev, while still making it accessible there, so
that PrivateDevices= can provide /dev/log too.
2014-06-04 16:21:17 +02:00
Lennart Poettering
bd1fe7c79d socket: optionally remove sockets/FIFOs in the file system after use 2014-06-04 13:12:34 +02:00
Lennart Poettering
417116f234 core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
2014-06-03 23:57:51 +02:00
Tom Gundersen
b686acb27e resolved: move resolv.conf to resolved's runtime dir 2014-06-02 15:14:32 +02:00
Stef Walter
c779a44222 hostnamed: Fix the way that static and transient host names interact
It is almost always incorrect to allow DHCP or other sources of
transient host names to override an explicitly configured static host
name.

This commit changes things so that if a static host name is set, this
will override the transient host name (eg: provided via DHCP). Transient
host names can still be used to provide host names for machines that have
not been explicitly configured with a static host name.

The exception to this rule is if the static host name is set to
"localhost". In those cases we act as if no
static host name has been explicitly set.

As discussed elsewhere, systemd may want to have an fd based ownership
of the transient name. That part is not included in this commit.
2014-05-28 09:34:37 +08:00
Zbigniew Jędrzejewski-Szmek
623538c312 man: describe sd_uid_get_display 2014-05-24 18:50:21 -04:00
Zbigniew Jędrzejewski-Szmek
b9acccb3c9 man: reword StartupCPUShares= description
Now that we have two options described in the same paragraph, we cannot
use singular anymore.
2014-05-24 18:50:21 -04:00
Lennart Poettering
0afedd300c man: update URL refernce in daemon(7)
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html
2014-05-22 16:22:48 +09:00
Lennart Poettering
c4b834a4ad man: drop reference to file locking for PID file creation from daemon(7)
File locking is usually a bad idea, don't suggest using it.
2014-05-22 16:15:56 +09:00
Lennart Poettering
9a05490933 cgroups: simplify CPUQuota= logic
Only accept cpu quota values in percentages, get rid of period
definition.

It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values.
2014-05-22 11:53:12 +09:00
Lennart Poettering
db785129c9 cgroup: rework startup logic
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io
weights, and keep the startup unit set around all the time.
2014-05-22 07:13:56 +09:00
WaLyong Cho
95ae05c0e7 core: add startup resource control option
Similar to CPUShares= and BlockIOWeight= respectively. However only
assign the specified weight during startup. Each control group
attribute is re-assigned as weight by CPUShares=weight and
BlockIOWeight=weight after startup.  If not CPUShares= or
BlockIOWeight= be specified, then the attribute is re-assigned to each
default attribute value. (default cpu.shares=1024, blkio.weight=1000)
If only CPUShares=weight or BlockIOWeight=weight be specified, then
that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-05-22 07:13:56 +09:00
Tom Gundersen
091a364c80 resolved: add daemon to manage resolv.conf
Also remove the equivalent functionality from networkd.
2014-05-19 18:14:56 +02:00
Nis Martensen
f1721625e7 fix spelling of privilege 2014-05-19 00:40:44 +09:00
Michael Marineau
2bcc252371 man: note that entire sections can now be ignored
Prefixing a section name with "X-" will cause it and all of its contents
to be silently ignored as of commit 342aea19.
2014-05-18 11:32:51 +02:00
Jason St. John
24fe021ba5 man: logind.conf: fix grammar issues, unclear wording, and unclear default values 2014-05-16 23:10:11 -04:00
Mantas Mikulėnas
8f18f550e7 man: update journald rate limit defaults
This brings the man page back into sync with the actual code.
2014-05-16 18:58:35 +02:00
Holger Hans Peter Freyther
f1f0198cb6 fsck: Allow to specify the fsck repair option in the cmdline
Some unattended systems do not have a console attached and entering
the default rescue mode will not be too helpful. Allow to specify
the "-y" option to attempt to fix all filesystem errors.

Manually verified by downloading an image.gz of e2fsprogs, using
losetup and running systemd-fsck on the loop device and varying
the fsck.repair=preen|yes|no option.
2014-05-16 18:33:59 +02:00
Alison Chaiken
332bc31992 man: readahead: fix cmdline switch inconsistency between readahead.c and docs
Source code has "files-max" and XML has --max-files.
2014-05-16 17:13:03 +02:00
Lennart Poettering
851fafe587 man: fix some minor language typos 2014-05-16 16:51:56 +02:00
Lennart Poettering
33169701b0 man: clarify that the ExecReload= command should be synchronous
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019054.html
2014-05-16 01:33:22 +02:00
Eelco Dolstra
1e89266b76 Fix typos in systemctl manpage 2014-05-15 13:23:55 +02:00
Zbigniew Jędrzejewski-Szmek
bdf9fc1a94 man: sd_journal_send does nothing when journald is not available
https://bugzilla.redhat.com/show_bug.cgi?id=1096067
2014-05-09 08:39:51 -04:00
Jan Engelhardt
3b3d7d069d doc: balance C indirections in function prototypes
Shift the asterisks in the documentation's prototypes such that they
are consistent among each other. Use the right side to match what is
used in source code.

Addendum to commit v209~82.
2014-05-07 20:13:27 -04:00
Jan Engelhardt
6667311dc3 doc: write out stdin/stdout file descriptors
"When refering to code, STDOUT/STDOUT/STDERR are replaced with
stdin/stdout/stderr, and in other places they are replaced with
normal phrases like standard output, etc."

Addendum to commit v209~127.
2014-05-07 20:13:27 -04:00
Jan Engelhardt
b8bde11658 doc: comma placement corrections and word order
Set commas where there should be some.
Some improvements to word order.
2014-05-07 20:13:27 -04:00
Jan Engelhardt
dca348bcbb doc: corrections to words and forms
This patch exchange words which are inappropriate for a situation,
deletes duplicated words, and adds particles where needed.
2014-05-07 20:13:26 -04:00
Jan Engelhardt
b588c2d1b7 doc: adhere to XML syntax 2014-05-06 23:08:04 +02:00
Jan Engelhardt
70a44afee3 doc: typographical fine tuning 2014-05-06 23:05:39 +02:00
Jan Engelhardt
d28315e4af doc: use non-contracted forms in written documents 2014-05-06 23:05:09 +02:00
Lennart Poettering
b408026b98 man: document sd_event_add_time(3) 2014-05-06 18:51:08 +02:00
Kay Sievers
a91df40e69 timesyncd: add unit and man page 2014-04-29 09:51:53 +02:00
poma
7f1f9b4bcb man: networkd typo fixes 2014-04-26 11:16:25 +02:00
Tom Gundersen
cef8b07358 networkd-wait-online: drop config file and add commandline options instead 2014-04-26 01:20:12 +02:00
Lennart Poettering
b2f8b02ec2 core: expose CFS CPU time quota as high-level unit properties 2014-04-25 13:27:25 +02:00
WaLyong Cho
49e5b2a933 bootchart: add control group option 2014-04-24 19:21:51 -04:00
Michael Olbrich
93ae25e6fd service: add FailureAction= option
It has the same possible values as StartLimitAction= and is executed
immediately if a service fails.
2014-04-24 20:11:20 +02:00
Tom Gundersen
3a67e927e3 networkd-wait-online: improve interoptability and enable by default
To make sure we don't delay boot on systems where (some) network links are managed by someone else
we don't block if something else has successfully brought up a link.

We will still block until all links we are aware of that are  managed by networkd have been
configured, but if no such links exist, and someone else have configured a link sufficiently
that it has a carrier, it may be that the link is ready so we should no longer block.

Note that in all likelyhood the link is not ready (no addresses/routes configured),
so whatever network managment daemon configured it should provide a similar wait-online
service to block network-online.target until it is ready.

The aim is to block as long as we know networking is not fully configured, but no longer. This
will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't
know whether networkd is the main/only network manager.

Even in the case networking is fully configured by networkd, the default behavior may not be
sufficient: if two links need to be configured, but the first is fully configured before the
second one appears we will assume the network is up. To work around that, we allow specifying
specific devices to wait for before considering the network up.

This unit is enabled by default, just like systemd-networkd, but will only be pulled in if
anyone pulls in network-online.target.
2014-04-24 00:23:07 +02:00
Lennart Poettering
4423116699 man: recommend that XDG_SESSION_DESKTOP and XDG_CURRENT_DESKTOP use the same identifiers 2014-04-23 20:11:38 +02:00
Michael Olbrich
efe6e7d33a service: add support for reboot argument when triggered by StartLimitAction=
When rebooting with systemctl, an optional argument can be passed to the
reboot system call. This makes it possible the specify the argument in a
service file and use it when the service triggers a restart.
This is useful to distinguish between manual reboots and reboots caused by
failing services.
2014-04-21 09:58:53 -04:00
Zbigniew Jędrzejewski-Szmek
5d2abc04fc man: document relationship between RequiresMountsFor and noauto
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
2014-04-16 22:17:29 -04:00