1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00
Commit Graph

514 Commits

Author SHA1 Message Date
Lennart Poettering
feb10c665f docs: document that one shouldn't pass the audit caps to containers
Apparently this is not well know, so let' document this.
2021-04-28 17:29:09 +02:00
Uwe Kleine-König
cbcdcaaa0e Add support for conditions on the machines firmware
This allows to limit units to machines that run on a certain firmware
type. For device tree defined machines checking against the machine's
compatible is also possible.
2021-04-28 10:55:55 +02:00
Lennart Poettering
66e482cbdb man: document the new grow-file-system flag 2021-04-23 17:57:19 +02:00
Lennart Poettering
eb3c3a89c9 doc: slightly reorder/improve partition type table
Let's put swap and generic linux data partitions next to each other, and
clarify they predated this spec.
2021-04-21 22:25:10 +02:00
Lennart Poettering
1d6ca0a219 doc: verity partitions may only contain Verity data (fix copypasta) 2021-04-21 22:25:08 +02:00
Zbigniew Jędrzejewski-Szmek
276dc7af74 docs: use new URL for package-notes 2021-04-09 10:27:36 +02:00
Lennart Poettering
1a80f4e0d7 docs: document native journal protocol
Fixes: #17748
2021-04-08 22:16:58 +02:00
Luca Boccassi
81e01cf809 coredump: update and shorten package metadata keys
Follow-up for a7ea0a460b
2021-04-07 14:04:04 +01:00
Luca Boccassi
a7ea0a460b Add markdown doc about coredump package metadata 2021-04-06 23:12:51 +01:00
Carlo Teubner
6d3831cee5 docs: use current spelling "macOS" not "OS X" etc. 2021-04-02 10:53:26 +01:00
Zbigniew Jędrzejewski-Szmek
4c31bfdf55
Merge pull request #18982 from keszybz/test-nss-users
Add a new test for user/group resolution in nss modules
2021-03-31 10:32:09 +02:00
Zbigniew Jędrzejewski-Szmek
b880ac2c15
Merge pull request #18958 from poettering/dissect-no-root
dissect-image: support images without rootfs but with /usr partition + support simple partition versioning via strverscmp() on part label
2021-03-31 10:31:32 +02:00
Henri Chain
cb0e818f7c Introduce ExitType 2021-03-31 10:26:07 +02:00
Luca Boccassi
063a43a1a7 Revert "fix wrong statement JOURNAL_FILE_FORMAT.md doc"
This reverts commit 119063d2b1.
2021-03-30 10:26:54 +02:00
Yangyang Shen
119063d2b1 fix wrong statement JOURNAL_FILE_FORMAT.md doc 2021-03-29 19:11:27 +02:00
Zbigniew Jędrzejewski-Szmek
f0cb09bb0f test-nss-hosts: make buffer size configurable too and document it 2021-03-23 14:14:08 +01:00
Lennart Poettering
7f966edbda homepage: fix year in footer to 2021
(And while we are at it, let's fix the "Sources" link in the footer to point to the right git repo subdir)
2021-03-18 23:31:55 +01:00
Luca Boccassi
acaf21e24d doc/RELEASE.md: document hwdb update step 2021-03-17 16:42:38 +01:00
Lennart Poettering
df27f1dbca doc: mention that choosing root/usr partitions by strverscmp() on the partition label is OK 2021-03-16 14:57:56 +01:00
Zbigniew Jędrzejewski-Szmek
bcef0f33cc docs: more markup 2021-03-11 14:43:16 +01:00
Lennart Poettering
932401fd61 docs: reference NAME_MAX where we talk about filenames 2021-03-08 22:47:48 +01:00
Lennart Poettering
b775b1828d docs: document not to use FILENAME_MAX in our codebase
It's a weird thing. Let's explain why.
2021-03-08 22:47:44 +01:00
Zbigniew Jędrzejewski-Szmek
48eb2af68a docs: document fuzzer variables 2021-03-06 09:32:18 +01:00
Zbigniew Jędrzejewski-Szmek
07dc08c269 man: move two sysv-specific variables to docs
https://github.com/systemd/systemd/pull/18827#discussion_r584807684
2021-03-01 20:57:36 +01:00
Joerg Behrmann
fa02711758 treewide: fix spelling 2021-02-25 05:54:11 +09:00
Zbigniew Jędrzejewski-Szmek
a5e5e102ba
Merge pull request #18704 from keszybz/fallback-hostame-override
Allow overriding of fallback hostname through envvar and os-release field
2021-02-23 00:41:27 +01:00
Zbigniew Jędrzejewski-Szmek
85c8eac822 docs: align tables vertically to top
Fixes #18706.
2021-02-22 22:29:34 +01:00
Zbigniew Jędrzejewski-Szmek
05c6f341b1 Allow the fallback hostname to be overriden using an environment variable
See https://bugzilla.redhat.com/show_bug.cgi?id=1893417 for the back story:
the fallback hostname matters a lot in certain environments. Right now the only
way to configure the fallback hostname is by recompiling systemd, which is
obviously problematic in case when the fallback hostname shall differ between
different editions of the same distro that share a single compiled rpm.

By making this overridable through an envvar, we're providing an escape hatch
without making this a top-level api. Later on a way to set this through
os-release is added, but I think the approach with the variable is still
useful. It it very convenient for testing, or to override settings only in a
particular service, etc.
2021-02-22 20:10:55 +01:00
Lennart Poettering
f553b772e9 docs: , → . 2021-02-22 18:00:14 +01:00
wouter bolsterlee
a1f782e44c Update docs about fdisk/gdisk support for discoverable partitions
This updates the docs about using fdisk/gdisk to make partitions with the right
partition type UUID as defined in the discoverable partitions spec.

Improve wording/grammar/formatting, and reflect that gdisk supports this as
well nowadays; see https://www.rodsbooks.com/gdisk/revisions.html
2021-02-21 19:40:14 +00:00
Zbigniew Jędrzejewski-Szmek
1d10005b39 tree-wide: fix links to systemd.io pages
Having the extra slash at the end is not a problem, just inconsistent. But the links with
.html or .md return 404.
2021-02-19 09:28:08 +01:00
Zbigniew Jędrzejewski-Szmek
e7b86e4813 docs/ENVIRONMENT: syntax highlighting and some rewordings
Use backticks for commands and functions and variables, suffix directories with
a slash. Some sentences were reworded.
2021-02-19 09:28:00 +01:00
Zbigniew Jędrzejewski-Szmek
b3c57df0f5
Merge pull request #18401 from anitazha/oomdxattr
oomd: implement avoid/omit support for cgroups
2021-02-13 10:00:31 +01:00
Anita Zhang
4e806bfa9f oom: add unit file settings for oomd avoid/omit xattrs 2021-02-12 12:45:36 -08:00
Adrian Vovk
4368c60c39 tmpfiles: v/q/Q: Add env var to skip check for rootfs in subvolume 2021-02-10 21:10:28 +01:00
Zbigniew Jędrzejewski-Szmek
3d0112878f
Merge pull request #18444 from anitazha/proprename
oom: parse properties with 1/10000 precision instead of 1/100
2021-02-04 12:53:10 +01:00
Anita Zhang
0a9f93443b oom: rework *MemoryPressureLimit= properties to have 1/10000 precision
Requested in
https://github.com/systemd/systemd/pull/15206#discussion_r505506657,
preserve the full granularity for memory pressure limits (permyriad)
instead of capping out at percent.
2021-02-02 17:52:48 -08:00
Zbigniew Jędrzejewski-Szmek
7e215af765 man: move content from the wiki to systemd.preset(5)
The wiki was slightly stale, and almost all the information there
was already present in the man page. I moved the remaing part (discussion)
into the man page and adjusted all links to point to the man page instead.

daemon(7) has a some examples of packaging scriptlets… I don't think it fits
there very well. Most likely they should be moved to systemd.preset(5) or maybe
even removed, but I'm leaving that for later.
2021-02-02 14:20:23 +01:00
Zbigniew Jędrzejewski-Szmek
2bc48bbdd7 docs: expose GVARIANT-SERIALIZATION as markdown 2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
4095cff07e meson: rename target to update-hwdb
The goal is to have all "update-*" targets named uniformly so that
tab-completion works. The script is renamed to match.
2021-01-27 09:22:15 +01:00
Zbigniew Jędrzejewski-Szmek
e3c368f63c meson: rename target to update-man-rules
Same justification as for update-dbus-docs.
2021-01-27 09:10:25 +01:00
Zbigniew Jędrzejewski-Szmek
4c890ad3cc meson: rename target to update-dbus-docs
Very old versions of meson did not include the subdirectory name in the
target name, so we started adding various "top-level" custom targets in
subdirectories. This was nice because the main meson.build file wasn't
as cluttered. But then meson started including the subdir name in the
target name. So let's move the definition to the root so we can have all
targets named uniformly.
2021-01-27 08:46:42 +01:00
Yu Watanabe
679dab6a8f docs/ENVIRONMENT: move entry for systemd-udevd
`$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP=` or friends are for logind.
2021-01-26 13:45:47 +00:00
Daan De Meyer
c38667f70d docs: Update HACKING.md with the mkosi boot/qemu commands + options
Let's use the mkosi commands in HACKING.md and recommend some options
that speed up mkosi builds. Also includes some other small improvements.
2021-01-24 11:15:30 +00:00
Daan De Meyer
4cc06b8073 docs: Add a section to HACKING.md on using mkosi and clangd together
While it's perfectly possible today to completely rely on mkosi for
building and testing systemd, to get code completion and other IDE
niceties to work properly, it's still necessary to build systemd
locally.

Recently, mkosi gained the ability to allow external programs to
communicate with the build script. We can use this feature to run
the clangd language server in the mkosi build image via a custom
build script to provide IDE features in editors without requiring
developers to build systemd on the host or install any of systemd's
build dependencies locally.

This commit adds the necessary information on how to set this up
to HACKING.md.
2021-01-24 11:14:30 +00:00
Lennart Poettering
7a87fb6119 man: add man page for systemd-sysext 2021-01-19 13:41:42 +01:00
Lennart Poettering
3dc536e0c5
Merge pull request #17576 from gportay/veritysetup-add-support-for-dm-verity-flags
veritysetup: add support for veritytab
2021-01-17 11:18:25 +01:00
Yu Watanabe
38f3e0a58d tree-wide: fix typo 2021-01-17 16:20:27 +09:00
Gaël PORTAY
08b04ec7e7 veritysetup-generator: add support for veritytab
This adds the support for veritytab.

The veritytab file contains at most five fields, the first four are
mandatory, the last one is optional:
 - The first field contains the name of the resulting verity volume; its
   block device is set up /dev/mapper/</filename>.
 - The second field contains a path to the underlying block data device,
   or a specification of a block device via UUID= followed by the UUID.
 - The third field contains a path to the underlying block hash device,
   or a specification of a block device via UUID= followed by the UUID.
 - The fourth field is the roothash in hexadecimal.
 - The fifth field, if present, is a comma-delimited list of options.
   The following options are recognized only: ignore-corruption,
   restart-on-corruption, panic-on-corruption, ignore-zero-blocks,
   check-at-most-once and root-hash-signature. The others options will
   be implemented later.

Also, this adds support for the new kernel verity command line boolean
option "veritytab" which enables the read for veritytab, and the new
environment variable SYSTEMD_VERITYTAB which sets the path to the file
veritytab to read.
2021-01-15 11:06:11 -05:00
Kairui Song
1f22621ba3 initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs
Sometimes, non-ramfs initrd root are useful. Eg, for kdump, because
initramfs is memory consuming, so mount a compressed image in earlier
initrd, chroot into it then let systemd do the rest of job is a good
solution.

But systemd doesn't recognize the initrd environment if rootfs is not a
temporary fs. This is a reasonable check, because switch-root in initrd
will wipe the whole rootfs, will be a disaster if there are any
misdetect.

So extend SYSTEMD_IN_INITRD environment variable, now it accepts boolean
value and two extra keyword, "auto" and "lenient". "auto" is same as
before, and it's the default value. "lenient" will let systemd bypass
the rootfs check.
2021-01-14 01:19:09 +08:00
Lennart Poettering
349aa041fe doc: add missing comma in DISCOVERABLE_PARTITIONS.md 2021-01-06 16:18:54 +01:00
Gaël PORTAY
7745379ea8 docs: fix the link to boot loader specification
The boot loader specification link points to the boot loader interface
documentation.

This fixes the link to point to BOOT_LOADER_SPECIFICATION instead of
BOOTLOADER_INTERFACE which is itself.
2020-12-30 16:04:14 +00:00
Lennart Poettering
8b08be4052 tree-wide: suggest meson command lines instead of ninja ones
This only changes documentation. In various places we call "ninja"
directly. I figured it would be safer to leave those in place for now,
given the meson replacement commands lines appears to be supported in
newer meson versions only.
2020-12-17 16:51:48 +01:00
Zbigniew Jędrzejewski-Szmek
89341c83c3 docs/RELEASE: clarify which steps are done when 2020-11-26 13:54:37 +01:00
Lennart Poettering
5695ee502d docs: document what VPNs should do to systemd-resolved.service
Fixes: #17588 #17512

Prompted-by: #17529

(Also relevant: #6076)
2020-11-25 14:08:37 +01:00
Dimitri John Ledkov
499f0f8209 gpt: add RISC-V GPT partition typecode uuid 2020-11-23 22:15:36 +01:00
Zbigniew Jędrzejewski-Szmek
e0300086ba
Merge pull request #17651 from yuwata/the-the
tree-wide: fix "the the" and "that that"
2020-11-18 09:32:09 +01:00
Vito Caputo
e3500e9d21 JOURNAL_FILE_FORMAT: fixup typos and punctuation
No significant changes
2020-11-18 09:29:58 +01:00
Yu Watanabe
273d76f4f8 tree-wide: update "that that" 2020-11-18 17:23:00 +09:00
Lennart Poettering
394131d5be
Merge pull request #17497 from anitazha/randomizeonce
timer: add new feature FixedRandomDelay=
2020-11-10 13:29:04 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Lennart Poettering
ce8f6d478e seccomp: allow turning off of seccomp filtering via env var
Fixes: #17504

(While we are it, also move $SYSTEMD_SECCOMP_LOG= env var description
into the right document section)

Also suggested in: https://github.com/systemd/systemd/issues/17245#issuecomment-704773603
2020-11-05 20:22:19 +01:00
Kristijan Gjoshev
acf24a1a84 timer: add new feature FixedRandomDelay=
FixedRandomDelay=yes will use
`siphash24(sd_id128_get_machine() || MANAGER_IS_SYSTEM(m) || getuid() || u->id)`,
where || is concatenation, instead of a random number to choose a value between
0 and RandomizedDelaySec= as the timer delay.
This essentially sets up a fixed, but seemingly random, offset for each timer
iteration rather than having a random offset recalculated each time it fires.

Closes #10355

Co-author: Anita Zhang <the.anitazha@gmail.com>
2020-11-05 10:59:33 -08:00
Zbigniew Jędrzejewski-Szmek
c37a43d2dd
Merge pull request #17438 from anitazha/systoomd_quick
Additional fix ups from #17417
2020-10-27 18:43:34 +01:00
Anita Zhang
800d0802e4 docs: update coding style for return (void) func(...)
Seems that people think it's useful for brevity so make it explicit in
the CODING_STYLE.
2020-10-27 00:20:17 -07:00
Yu Watanabe
377a9545e9 tree-wide: fix typos found by Fossies codespell report 2020-10-24 13:29:31 +02:00
Yu Watanabe
4b28e50f9e
Merge pull request #17390 from keszybz/logind-notifications-and-links
Fix sd_notify() usage in various daemons and update some documentation links
2020-10-20 13:44:52 +09:00
Lennart Poettering
f105d29b47
Merge pull request #17389 from poettering/bootspec-clarifications
bootspec entry character set clarifications
2020-10-19 17:17:10 +02:00
Lennart Poettering
cf33b70765 docs: some coding style updates
Primarily:

1. Mention that we prefer if return parameters carry "ret_" as prefix in
   their name

2. Clarify that debug-level logging is always OK, and irrelevant to when
   deciding whether a function is logging or non-logging.
2020-10-19 15:30:11 +02:00
Zbigniew Jędrzejewski-Szmek
515736d0f3 tree-wide: update web link to logind description
https://www.freedesktop.org/wiki/Software/systemd/multiseat/ says that it
is obsoleted by sd-login(3), so it doesn't make much sense to link to the former.
2020-10-19 15:23:37 +02:00
Lennart Poettering
d9067aba40 doc: document charset to use for bootspec entry names
Prompted-by: https://github.com/systemd/systemd/issues/12572#issuecomment-711074702
2020-10-19 14:22:12 +02:00
Zbigniew Jędrzejewski-Szmek
69c0807432
Merge pull request #15206 from anitazha/systoomd-v0
systemd-oomd
2020-10-15 14:16:52 +02:00
Lennart Poettering
5fa661a4fb docs: clarify that udev watches for IN_CLOSE_WRITE (and not IN_CLOSE)
Also, while we are at it, explain that udev won't reprobe if users just
release the lock, they have to close the block device too.
2020-10-10 10:01:59 +02:00
Anita Zhang
4d824a4e0b core: add ManagedOOM*= properties to configure systemd-oomd on the unit
This adds the hook ups so it can be read with the usual systemd
utilities. Used in later commits by sytemd-oomd.
2020-10-07 16:17:23 -07:00
Zbigniew Jędrzejewski-Szmek
422128b46d man: use paragraphs in descriptions of /tmp and /var/tmp
We have three somewhat separate ideas: what the directory is for, what $TMPDIR is for, and security considerations.
Let's use paragraphs.

Also, conjunctions in titles aren't capitalized usually.
2020-10-05 18:38:35 +02:00
Lennart Poettering
c14ebe07a9
Merge pull request #17172 from keszybz/read-login-defs
Read /etc/login.defs
2020-10-02 11:01:30 +02:00
Zbigniew Jędrzejewski-Szmek
53393c894d Look at /etc/login.defs for the system_max_[ug]id values
It makes little sense to make the boundary between systemd and user guids
configurable. Nevertheless, a completely fixed compile-time define is not
enough in two scenarios:
- the systemd_uid_max boundary has moved over time. The default used to be
  500 for a long time. Systems which are upgraded over time might have users
  in the wrong range, but changing existing systems is complicated and
  expensive (offline disks, backups, remote systems, read-only media, etc.)
- systems are used in a heterogenous enviornment, where some vendors pick
  one value and others another.
So let's make this boundary overridable using /etc/login.defs.

Fixes #3855, #10184.
2020-10-01 17:49:31 +02:00
nl6720
f856778b9c docs: update old documentation links 2020-09-29 21:45:06 +02:00
Kyle Huey
fbccb980e5 random-util: Add an environment variable to disable RDRAND.
SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims
to support it. All other values have no effect.

Fixes: #17112
2020-09-24 09:22:45 +02:00
Lennart Poettering
36f8cf0163
Merge pull request #17086 from keszybz/developer-mode-default
Update dbus docs, make developer mode default
2020-09-22 16:29:28 +02:00
Lennart Poettering
329cde79c4 doc: document the new GPT partition type UUIDs 2020-09-19 21:20:16 +02:00
Zbigniew Jędrzejewski-Szmek
4c8e5f442b meson: make "developer" mode the default
This means that the dbus doc consistency checks will be enabled by default,
including in the CI. I think that will work better than current state where
people do not enable them and them follow-up patches for the docs like the
parent commit must be had.
2020-09-17 09:02:29 +02:00
Topi Miettinen
9df2cdd8ec exec: SystemCallLog= directive
With new directive SystemCallLog= it's possible to list system calls to be
logged. This can be used for auditing or temporarily when constructing system
call filters.

---
v5: drop intermediary, update HASHMAP_FOREACH_KEY() use
v4: skip useless debug messages, actually parse directive
v3: don't declare unused variables with old libseccomp
v2: fix build without seccomp or old libseccomp
2020-09-15 12:54:17 +03:00
Renaud Métrich
3e5f04bf64 socket: New option 'FlushPending' (boolean) to flush socket before entering listening state
Disabled by default. When Enabled, before listening on the socket, flush the content.
Applies when Accept=no only.
2020-09-01 17:20:23 +02:00
Lennart Poettering
c4bc2e9343 CONTRIBUTING: be clearer about versions and RFE process
Fixes: #16550
2020-08-31 23:23:56 +02:00
PhoenixDiscord
e8607daf7d
Replace gendered pronouns with gender neutral ones. (#16844) 2020-08-27 11:52:48 +09:00
Zbigniew Jędrzejewski-Szmek
b6abc2acb4
Merge pull request #16568 from poettering/creds-store
credentials logic to pass privileged data to services
2020-08-26 10:32:30 +02:00
Lennart Poettering
b0d29bfdfd man: document credentials passing in the container interface 2020-08-25 19:46:32 +02:00
Lennart Poettering
64abd37a60 docs: document new recovery key user record fields 2020-08-25 18:14:55 +02:00
Lennart Poettering
4e39995371 core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs mount options
Kernel 5.8 gained a hidepid= implementation that is truly per procfs,
which allows us to mount a distinct once into every unit, with
individual hidepid= settings. Let's expose this via two new settings:
ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=).

Replaces: #11670
2020-08-24 20:11:02 +02:00
Zbigniew Jędrzejewski-Szmek
69bb9f999c
Merge pull request #16817 from keszybz/update-bus-api-docs
Update bus api docs
2020-08-24 09:31:31 +02:00
Zbigniew Jędrzejewski-Szmek
3c682b17ce docs: add man/update-dbus-docs step to release instructions 2020-08-22 12:39:37 +02:00
Ronan Pigott
f3d97c0587 docs: fix gpt-auto-generator manpage link 2020-08-22 12:26:27 +02:00
Steve Dodd
44aaddad06 Request seccomp logging if SYSTEMD_LOG_SECCOMP environment variable is set. 2020-08-21 11:24:53 +02:00
Lennart Poettering
5b14956385
Merge pull request #16543 from poettering/nspawn-run-host
nspawn: /run/host/ tweaks
2020-08-20 16:20:05 +02:00
Luca Boccassi
7489ccc350 coding style: document how to break a function declaration 2020-08-20 13:19:28 +02:00
Lennart Poettering
00e64c6d06 doc: document what we now place in /run/host 2020-08-20 10:17:59 +02:00
Anita Zhang
96a4ce9f1d
Merge pull request #16690 from poettering/userdb-group-desc
description field for group records
2020-08-11 00:27:54 -07:00
Lennart Poettering
721bb6ed08
Merge pull request #16684 from keszybz/assorted-cleanups
Assorted cleanups
2020-08-10 19:28:05 +02:00
Lennart Poettering
072779f0bf docs: document new description field
Also, explain GECOS syntax requirements.
2020-08-07 08:39:56 +02:00