1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

3557 Commits

Author SHA1 Message Date
Lennart Poettering
cb51f86af8
Merge pull request #8077 from sourcejedi/seccomp_cosmetic
seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)
2018-02-05 13:52:23 +01:00
Yu Watanabe
24c2c5689d
Merge pull request #8058 from keszybz/sysusers-inline
Extend sysusers for package installation scripts
2018-02-05 16:50:51 +09:00
Lucas Werkmeister
662b3e5861 man: document meaning of age in tmpfiles.d (#8092)
This documents how the age of a file is determined, which previously was
only alluded to in other parts of the documentation. Fixes #8091.

The phrasings of “last modification timestamp” etc. are taken from
man:inode(7) (as of man-pages 4.14). The debug messages in tmpfiles.c
use different messages (“modify time”), which according to a code
comment follow man:stat(1); however, my copy of that manpage (from GNU
coreutils 8.29) documents %y as “time of last data modification”
instead.
2018-02-05 08:19:09 +01:00
Yu Watanabe
cf6e1e6333
Merge pull request #8073 from keszybz/two-fixes
Two fixes
2018-02-03 20:11:17 +09:00
Alan Jenkins
2428aaf8a2 seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)
The VDSO provided by the kernel for x32, uses x86-64 syscalls instead of
x32 ones.

I think we can safely allow this; the set of x86-64 syscalls should be
very similar to the x32 ones.  The real point is not to allow *x86*
syscalls, because some of those are inconveniently multiplexed and we're
apparently not able to block the specific actions we want to.
2018-02-02 18:12:34 +00:00
Zbigniew Jędrzejewski-Szmek
4a7e5fce6a
Merge pull request #8041 from zx2c4-forks/jd/doc-fixups
WireGuard documentation fixes
2018-02-02 16:22:47 +01:00
Zbigniew Jędrzejewski-Szmek
06815764d1 man: fix awkward sentence in systemd-analyze(8)
Closes #8070.
2018-02-02 14:39:57 +01:00
Zbigniew Jędrzejewski-Szmek
d16a1c1bb6 sysusers: allow admin/runtime overrides to command-line config
When used in a package installation script, we want to invoke systemd-sysusers
before that package is installed (so it can contain files owned by the newly
created user), so the configuration to use is specified on the command
line. This should be a copy of the configuration that will be installed as
/usr/lib/sysusers.d/package.conf. We still want to obey any overrides in
/etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a
different result when systemd-sysusers is run with a copy of the new config on
the command line and when systemd-sysusers is run at boot after package
instalation. In the second case any files in /etc or /run have higher priority,
so the same should happen when the configuration is given on the command line.
More generally, we want the behaviour in this special case to be as close to
the case where the file is finally on disk as possible, so we have to read all
configuration files, since they all might contain overrides and additional
configuration that matters. Even files that have lower priority might specify
additional groups for the user we are creating. Thus, we need to read all
configuration, but insert our new configuration somewhere with the right
priority.

If --target=/path/to/file.conf is given on the command line, we gather the list
of files, and pretend that the command-line config is read from
/path/to/file.conf (doesn't matter if the file on disk actually exists or
not). All package scripts should use this option to obtain consistent and
idempotent behaviour.

The corner case when --target= is specified and there are no positional
arguments is disallowed.

v1:
- version with --config-name=
v2:
- disallow --config-name= and no positional args
v3:
- remove --config-name=
v4:
- add --target= and rework the code completely
v5:
- fix argcounting bug and add example in man page
v6:
- rename --target to --replace
2018-02-02 10:40:22 +01:00
Zbigniew Jędrzejewski-Szmek
7b1aaf6633 sysusers: allow the shell to be specified
This is necessary for some system users where the "login shell" is
set to a specific binary.
2018-02-02 10:35:30 +01:00
Zbigniew Jędrzejewski-Szmek
1b600bd522 sysusers: take configuration as positional arguments
If the configuration is included in a script, this is more convient.
I thought it would be possible to use this for rpm scriptlets with
'%pre -p systemd-sysuser "..."', but apparently there is no way to pass
arguments to the executable ($1 is used for the package installation count).
But this functionality seems generally useful, e.g. for testing and one-off
scripts, so let's keep it.

There's a slight change in behaviour when files are given on the command line:
if we cannot parse them, error out instead of ignoring the failure. When trying
to parse all configuration files, we don't want to fail even if some config
files are broken, but when parsing a list of items specified explicitly, we
should.

v2:
- rename --direct to --inline
2018-02-02 10:18:13 +01:00
Alan Jenkins
62a0680bf2 man: systemd.exec: cleanup "only X will be permitted" ... "but X=X+1"
> Only system calls of the *specified* architectures will be permitted to
> processes of this unit.

(my emphasis)

> Note that setting this option to a non-empty list implies that
> native is included too.

Attempting to use "implies" in the later sentence, in a way that
contradicts the very clear meaning of the earlier sentence... it's too
much.
2018-01-31 15:39:13 +00:00
Jason A. Donenfeld
a8d6dbedca man: note handling of secret information with permissions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-29 20:43:30 +01:00
Jason A. Donenfeld
3209474fcb man: WireGuard is a proper noun
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-29 20:38:36 +01:00
Lennart Poettering
7755083256
Merge pull request #7881 from keszybz/pcre
Add new --grep option to journalctl
2018-01-28 15:29:10 +01:00
Zbigniew Jędrzejewski-Szmek
61c5f8a1f0 journalctl: make matching optionally case sensitive
Case sensitive or case insensitive matching can be requested using
--case-sensitive[=yes|no].

Unless specified, matching is case sensitive if the pattern contains any
uppercase letters, and case insensitive otherwise. This matches what
forward-search does in emacs, and recently also --ignore-case in less.  This
works surprisingly well, because usually when one is wants to do case-sensitive
matching, the pattern is usually camel-cased. In the less frequent case when
case-sensitive matching is required with an all-lowercase pattern,
--case-sensitive can be used to override the automatic logic.
2018-01-28 14:50:01 +01:00
Yu Watanabe
90657286fc analyze: merge {get,set}-log-{level,target} to log-{level,target} (#8020)
Also, service-watchdogs now shows current watchdog state when
no optional argument is provided.
2018-01-27 13:51:32 +01:00
Zbigniew Jędrzejewski-Szmek
6becf48ca3 journalctl: regexp matching 2018-01-27 13:40:57 +01:00
Yu Watanabe
786b8fa0fb
Merge pull request #7973 from mvo5/sysusers-uid-gid
sysusers: allow uid:gid in sysusers.conf files
2018-01-27 17:24:39 +09:00
Michael Vogt
28e7fad73f sysusers: ensure GID in uid:gid syntax exists
Ensure that the GID already exists or is created when the new
"uid:gid" syntax is used. This ensures the behaviour is always
predictable.
2018-01-25 17:43:08 +01:00
Lennart Poettering
71c9f49d73 Revert "man: mention that systemctl is-active or is-failed do not load units"
This reverts commit c7612b2005.
2018-01-25 15:19:13 +01:00
Michael Vogt
4cb41413c8 sysusers: allow uid:gid in sysusers.conf files
This PR allows to write sysuser.conf lines like:
```
u games 5:60 -
```
This will create an a "games" user with uid 5 and games group with
gid 60. This is arguable ugly, however it is required to represent
certain configurations like the default passwd file on Debian and
Ubuntu.

When the ":" syntax is used and there is a group with the given
gid already then no new group is created. This allows writing the
following:
```
g unrelated 60
u games 5:60 -
```
which will create a "games" user with the uid 5 and the primary
gid 60. No group games is created here (might be useful for [1]).

[1] https://pagure.io/packaging-committee/issue/442
2018-01-25 12:50:37 +01:00
Lennart Poettering
49e87292dc tmpfiles: make "f" lines behaviour match what the documentation says
CHANGE OF BEHAVIOUR — with this commit "f" line's behaviour is altered
to match what the documentation says: if an "argument" string is
specified it is written to the file only when the file didn't exist
before. Previously, it would be appended to the file each time
systemd-tmpfiles was invoked — which is not a particularly useful
behaviour as the tool is not idempotent then and the indicated files
grow without bounds each time the tool is invoked.

I did some spelunking whether this change in behaviour would break
things, but afaics nothing relies on the previous O_APPEND behaviour of
this line type, hence I think it's relatively safe to make "f" lines
work the way the docs say, rather than adding a new modifier for it or
so.

Triggered by:

https://lists.freedesktop.org/archives/systemd-devel/2018-January/040171.html
2018-01-24 10:54:10 +01:00
Lennart Poettering
7fa1074831 tmpfiles: create parent directories if they are missing for more line types
Currently, we create leading directories implicitly for all lines that
create directory or directory-like nodes.

With this, we also do the same for a number of other lines: f/F, C, p,
L, c/b (that is regular files, pipes, symlinks, device nodes as well as
file trees we copy).

The leading directories are created with te default access mode of 0755.
If something else is desired, users should simply declare appropriate
"d" lines.

Fixes: #7853
2018-01-23 21:19:00 +01:00
Lennart Poettering
2695b872bd man: it appears the description of async signal safety has its own man page now
Let's refer to the new page.
2018-01-23 19:09:54 +01:00
Lennart Poettering
5b7e1d8ef0 man: document explicitly that sd_journal_stream_fd() never shares fds
Also, clarify that O_NONBLOCK is turned off and that the fd is only
half-open.
2018-01-23 19:06:21 +01:00
Jan Klötzke
889d695d6c systemd-analyze: add service-watchdogs verb
New debug verb that enables or disables the service runtime watchdogs
and emergency actions during runtime. This is the systemd-analyze
version of the systemd.service_watchdogs command line option.
2018-01-22 18:10:12 +01:00
Jan Klötzke
2a12e32efa pid1: add option to disable service watchdogs
Add a "systemd.service_watchdogs=" option to the command line which
disables all service runtime watchdogs and emergency actions.
2018-01-22 18:10:03 +01:00
Susant Sahani
fb5c821664 networkd: DHCPv6 client allow to configure Rapid Commit (#6930)
The DHCPv6 client can obtain configuration parameters from a
DHCPv6 server through a rapid two-message exchange solicit and reply).
When the rapid commit option is enabled by both the DHCPv6 client and
the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message
exchange provides faster client configuration and is beneficial in environments
in which networks are under a heavy load.

Closes #5845
2018-01-22 17:09:18 +09:00
Zbigniew Jędrzejewski-Szmek
91ec71c162 man: document that sd_j_stream_fd is signal safe (#7942)
Fixes #7912.
2018-01-21 18:51:55 +09:00
Zbigniew Jędrzejewski-Szmek
89f552c0e2 man: document signal unsafeness of journal functions
Fixes #7912.
2018-01-20 15:11:54 +11:00
Alan Jenkins
bf105e38d5 man: sd_journal_stream_fd: no, fds are not shared (#7926)
sd_journal_stream_fd() does not return the same file descriptor across
different calls.  It can't possibly do so, because the file descriptor
is created using certain parameters passed by the caller.

Also the implementation clearly isn't doing this, it's just connecting
to a unix socket.

It opens exactly one file descriptor, and does not close it unless there
is a write failure.  Nothing like "temporarily multiple file descriptors
may be open".
2018-01-20 14:02:50 +11:00
Yu Watanabe
fec0ccea86 man: fix typo (#7937)
Reported by Дилян Палаузов (https://github.com/dilyanpalauzov) in #7870.
2018-01-20 13:22:57 +11:00
Yu Watanabe
7e577c30d6
Merge pull request #7934 from keszybz/man-improvements
Man page improvements
2018-01-20 11:15:52 +09:00
Susant Sahani
09f5dfad2c networkd: add quickack option to route (#7896)
This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.
2018-01-20 08:49:15 +09:00
Michal Sekletar
877dce40cb man: make clear that accessing network and mounting filesystems is not supported in udev rules (#7916)
These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.
2018-01-20 08:47:27 +09:00
Zbigniew Jędrzejewski-Szmek
22a705631d man: clarify that Requires stop propagation only applies to explit requests
Follow-up for e79eabdb1b. There was an
apparent contradiction:

  man/systemd.unit says for Requires=:

  Besides, with or without specifying After=, this unit will be deactivated
  if one of the other units get deactivated.

  Also, some unit types may deactivate on their own (for example, a service
  process may decide to exit cleanly, or a device may be unplugged by the
  user), which is not propagated to units having a Requires= dependency.

Fixes #7870.
2018-01-20 10:45:02 +11:00
Zbigniew Jędrzejewski-Szmek
1317f55b9b man: alphabetize and move targets to proper sections in systemd.special 2018-01-20 10:38:09 +11:00
Zbigniew Jędrzejewski-Szmek
1655cdee04 man: fix example formatting in systemd.preset
Repeating "example" everywhere was not useful, so remove
that and improve the formatting a bit.
2018-01-20 10:37:34 +11:00
Zbigniew Jędrzejewski-Szmek
c605bd00d2 man: document default for WakeOnLan 2018-01-20 10:33:15 +11:00
Zbigniew Jędrzejewski-Szmek
8eeaf79c86 man: add a note where coredump default values are
I don't want to include all the default values in the man page
because that's bound to get out of date…
2018-01-20 10:27:46 +11:00
Zbigniew Jędrzejewski-Szmek
ee8f5a58b0 man: fix _STREAM_ID, _LINE_BREAK descriptions
Pointed out by Дилян Палаузов (https://github.com/dilyanpalauzov).
Fixes #7870.
2018-01-20 10:15:06 +11:00
Alan Jenkins
a30504ed69 man: systemd-nspawn: fix list of default capabilities (#7925)
* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).

the list is now in sync with the one at the top of nspawn.c
2018-01-19 04:11:11 +09:00
Yu Watanabe
c7612b2005 man: mention that systemctl is-active or is-failed do not load units
See the discussion in the issue #7875.
2018-01-16 23:25:56 +09:00
Yu Watanabe
fb76275a7a man: remove duplicated line
Follow-up for c46bc7e216.
2018-01-16 22:22:18 +09:00
John Lin
3c887f9733 man: fix broken kernel document links (#7892) 2018-01-16 18:29:35 +09:00
Shawn Landden
c46bc7e216 machined: use getent to get default shell for machinectl shell (#7684)
Closes: https://github.com/systemd/systemd/issues/1395
2018-01-16 05:17:51 +11:00
Дилян Палаузов
5f79d69cba man: fix typo
Closes #7866.
2018-01-16 00:10:12 +09:00
Yu Watanabe
3249bf3125 man: logind: update reference
Fixes #7858.
2018-01-16 00:03:33 +09:00
Lennart Poettering
38edb7674b
Merge pull request #7582 from pfl/dhcp6_prefix_delegation
DHCPv6 prefix delegation
2018-01-15 12:02:37 +01:00
Zbigniew Jędrzejewski-Szmek
f94abc667a man: --this-boot is deprecated (#7880)
This removes the last public reference. Follow-up for #7844.
2018-01-15 19:45:40 +09:00