1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-04 22:21:55 +03:00
Commit Graph

441 Commits

Author SHA1 Message Date
Anita Zhang
4d824a4e0b core: add ManagedOOM*= properties to configure systemd-oomd on the unit
This adds the hook ups so it can be read with the usual systemd
utilities. Used in later commits by sytemd-oomd.
2020-10-07 16:17:23 -07:00
Zbigniew Jędrzejewski-Szmek
422128b46d man: use paragraphs in descriptions of /tmp and /var/tmp
We have three somewhat separate ideas: what the directory is for, what $TMPDIR is for, and security considerations.
Let's use paragraphs.

Also, conjunctions in titles aren't capitalized usually.
2020-10-05 18:38:35 +02:00
Lennart Poettering
c14ebe07a9
Merge pull request #17172 from keszybz/read-login-defs
Read /etc/login.defs
2020-10-02 11:01:30 +02:00
Zbigniew Jędrzejewski-Szmek
53393c894d Look at /etc/login.defs for the system_max_[ug]id values
It makes little sense to make the boundary between systemd and user guids
configurable. Nevertheless, a completely fixed compile-time define is not
enough in two scenarios:
- the systemd_uid_max boundary has moved over time. The default used to be
  500 for a long time. Systems which are upgraded over time might have users
  in the wrong range, but changing existing systems is complicated and
  expensive (offline disks, backups, remote systems, read-only media, etc.)
- systems are used in a heterogenous enviornment, where some vendors pick
  one value and others another.
So let's make this boundary overridable using /etc/login.defs.

Fixes #3855, #10184.
2020-10-01 17:49:31 +02:00
nl6720
f856778b9c docs: update old documentation links 2020-09-29 21:45:06 +02:00
Kyle Huey
fbccb980e5 random-util: Add an environment variable to disable RDRAND.
SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims
to support it. All other values have no effect.

Fixes: #17112
2020-09-24 09:22:45 +02:00
Lennart Poettering
36f8cf0163
Merge pull request #17086 from keszybz/developer-mode-default
Update dbus docs, make developer mode default
2020-09-22 16:29:28 +02:00
Lennart Poettering
329cde79c4 doc: document the new GPT partition type UUIDs 2020-09-19 21:20:16 +02:00
Zbigniew Jędrzejewski-Szmek
4c8e5f442b meson: make "developer" mode the default
This means that the dbus doc consistency checks will be enabled by default,
including in the CI. I think that will work better than current state where
people do not enable them and them follow-up patches for the docs like the
parent commit must be had.
2020-09-17 09:02:29 +02:00
Topi Miettinen
9df2cdd8ec exec: SystemCallLog= directive
With new directive SystemCallLog= it's possible to list system calls to be
logged. This can be used for auditing or temporarily when constructing system
call filters.

---
v5: drop intermediary, update HASHMAP_FOREACH_KEY() use
v4: skip useless debug messages, actually parse directive
v3: don't declare unused variables with old libseccomp
v2: fix build without seccomp or old libseccomp
2020-09-15 12:54:17 +03:00
Renaud Métrich
3e5f04bf64 socket: New option 'FlushPending' (boolean) to flush socket before entering listening state
Disabled by default. When Enabled, before listening on the socket, flush the content.
Applies when Accept=no only.
2020-09-01 17:20:23 +02:00
Lennart Poettering
c4bc2e9343 CONTRIBUTING: be clearer about versions and RFE process
Fixes: #16550
2020-08-31 23:23:56 +02:00
PhoenixDiscord
e8607daf7d
Replace gendered pronouns with gender neutral ones. (#16844) 2020-08-27 11:52:48 +09:00
Zbigniew Jędrzejewski-Szmek
b6abc2acb4
Merge pull request #16568 from poettering/creds-store
credentials logic to pass privileged data to services
2020-08-26 10:32:30 +02:00
Lennart Poettering
b0d29bfdfd man: document credentials passing in the container interface 2020-08-25 19:46:32 +02:00
Lennart Poettering
64abd37a60 docs: document new recovery key user record fields 2020-08-25 18:14:55 +02:00
Lennart Poettering
4e39995371 core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs mount options
Kernel 5.8 gained a hidepid= implementation that is truly per procfs,
which allows us to mount a distinct once into every unit, with
individual hidepid= settings. Let's expose this via two new settings:
ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=).

Replaces: #11670
2020-08-24 20:11:02 +02:00
Zbigniew Jędrzejewski-Szmek
69bb9f999c
Merge pull request #16817 from keszybz/update-bus-api-docs
Update bus api docs
2020-08-24 09:31:31 +02:00
Zbigniew Jędrzejewski-Szmek
3c682b17ce docs: add man/update-dbus-docs step to release instructions 2020-08-22 12:39:37 +02:00
Ronan Pigott
f3d97c0587 docs: fix gpt-auto-generator manpage link 2020-08-22 12:26:27 +02:00
Steve Dodd
44aaddad06 Request seccomp logging if SYSTEMD_LOG_SECCOMP environment variable is set. 2020-08-21 11:24:53 +02:00
Lennart Poettering
5b14956385
Merge pull request #16543 from poettering/nspawn-run-host
nspawn: /run/host/ tweaks
2020-08-20 16:20:05 +02:00
Luca Boccassi
7489ccc350 coding style: document how to break a function declaration 2020-08-20 13:19:28 +02:00
Lennart Poettering
00e64c6d06 doc: document what we now place in /run/host 2020-08-20 10:17:59 +02:00
Anita Zhang
96a4ce9f1d
Merge pull request #16690 from poettering/userdb-group-desc
description field for group records
2020-08-11 00:27:54 -07:00
Lennart Poettering
721bb6ed08
Merge pull request #16684 from keszybz/assorted-cleanups
Assorted cleanups
2020-08-10 19:28:05 +02:00
Lennart Poettering
072779f0bf docs: document new description field
Also, explain GECOS syntax requirements.
2020-08-07 08:39:56 +02:00
Marc Kleine-Budde
3f449f2106 Update DISCOVERABLE_PARTITIONS.md
This patch fixes a typo in the link to the systemd-id128 documentation.
2020-08-05 19:55:26 +02:00
Zbigniew Jędrzejewski-Szmek
4ea0782649 docs: rework awkward sentence in AUTOMATIC_BOOT_ASSESSMENT 2020-08-05 19:44:37 +02:00
Anita Zhang
fe01daee67
Merge pull request #16650 from keszybz/two-doc-updates
Two doc updates
2020-08-04 18:05:38 -07:00
Joerg Behrmann
c90b6abc91 docs: spelling fixes 2020-08-04 12:39:03 +02:00
Zbigniew Jędrzejewski-Szmek
3e2d2fbbdd docs: reword intro in DISCOVERABLE PARTITIONS
This specification is useful independently of UEFI, so avoid making assertions
about UEFI. Also reword the intro to say what this is about in the very first
sentence. Closes #16570.
2020-08-03 14:51:47 +02:00
David Edmundson
d7d717b7e2 docs: Document xdg-autostart parameter X-systemd-skip 2020-07-20 16:03:47 +02:00
Benjamin Berg
6a097936b2 docs: Update section about XDG autostart generator
The generator is already merged. So update the corresponding section to
describe the current status.
2020-07-20 12:46:56 +02:00
Zbigniew Jędrzejewski-Szmek
e6791b5522
Merge pull request #16497 from DaanDeMeyer/mkosi
mkosi: Keep mkosi.default out of the repository
2020-07-20 09:03:51 +02:00
Daan De Meyer
172ad053ff mkosi: Keep mkosi.default out of the repository.
Defaulting to fedora makes it a pain to override mkosi.default
point to one of the other mkosi settings files. Instead, have
every developer manually add the symlink to his distro
of choice and don't commit the symlink to the repository by
putting it in the .gitignore.
2020-07-16 21:44:02 +01:00
Lennart Poettering
38ccb55731 nss-mymachines: drop support for UID/GID resolving
Now that we make the user/group name resolving available via userdb and
thus nss-systemd, we do not need the UID/GID resolving support in
nss-mymachines anymore. Let's drop it hence.

We keep the module around, since besides UID/GID resolving it also does
hostname resolving, which we care about. (One of those days we should
replace that by some Varlink logic between
nss-resolve/systemd-resolved.service too)

The hooks are kept in the NSS module, but they do not resolve anything
anymore, in order to keep compat at a maximum.
2020-07-14 17:08:12 +02:00
Lennart Poettering
4c2cf15751 man: document new varlink service 2020-07-14 17:08:12 +02:00
Lennart Poettering
56870d324b docs: permit user/group services that do not support enumeration
sssd people don't like enumeration and for some other cases it's not
nice to support either, in particular when synthesizing records for
container/userns UID/GID ranges.

Hence, let's make enumeration optional.
2020-07-14 16:44:52 +02:00
Florian Mayer
ed1de7108e Explain how to determine hierarchy type from shell
This makes it easier for people than just recommending the syscall.
2020-07-10 18:52:22 +02:00
Zbigniew Jędrzejewski-Szmek
55aacd502b
Merge pull request #15891 from bluca/host_os_release
Container Interface: expose the host's os-release metadata to nspawn and portable guests
2020-07-08 23:52:13 +02:00
Lukas Nykryn
21d19a7a13 docs: update information where to file bugs against RHEL/CentOS versions of systemd 2020-07-07 23:12:51 +02:00
Zbigniew Jędrzejewski-Szmek
cd990847b9 tree-wide: more repeated words 2020-07-07 12:08:22 +02:00
Tomer Shechner
c1495f8e9d fix typo
I was thoroughly reading your nice coding style page and found out that you guys missed an 's'.

😁
2020-07-07 10:50:36 +09:00
Zbigniew Jędrzejewski-Szmek
8dc647fd30 man: do not say that tasks are threads and processes
This is confusing because the reader might think that processes and threads are
counted separately. Another issue pointed out in #16363.
2020-07-06 16:32:33 +02:00
Zbigniew Jędrzejewski-Szmek
f04a98e13f Fix two typos found by codespell 2020-07-06 15:09:23 +02:00
Zbigniew Jędrzejewski-Szmek
071be2fa9f
Merge pull request #15442 from poettering/fido2
add fido2 authentication support to homed
2020-07-03 17:27:15 +02:00
Zbigniew Jędrzejewski-Szmek
37b22b3b47 tree: wide "the the" and other trivial grammar fixes 2020-07-02 09:51:38 +02:00
Lennart Poettering
fe2520fbb5 docs: document new FIDO2 user record fields 2020-07-01 11:20:26 +02:00
Lennart Poettering
c0bde0d240 user-record: rename JSON field "pkcs11Pin" to "tokenPin"
We'd like to use it for FIDO2 tokens too, and the concept is entirely
generic, hence let's just reuse the field, but rename it. Read the old
name for compatibility, and treat the old name and the new name as
identical for most purposes.
2020-07-01 11:17:28 +02:00
Yu Watanabe
830ffbce1b doc: add recentry introduced transient settings
Also sort entries for service settings.
2020-07-01 10:38:08 +02:00
Zbigniew Jędrzejewski-Szmek
0e31a6c2ad
Merge pull request #16142 from poettering/random-seed-cmdline
pid1: add support for allowing to pass in random seed via kernel cmdline
2020-06-26 22:42:51 +02:00
Frantisek Sumsal
cb713f1696 tree-wide: spellcheck fixes
Most of them were reported by Fossies.org
2020-06-26 22:33:56 +02:00
Lennart Poettering
22aa58adc9 JOURNAL_FILE_FORMAT: minor markdown fixes 2020-06-26 13:55:18 +02:00
Lennart Poettering
70cd1e561c docs: document the new journal file format additions 2020-06-25 15:02:41 +02:00
Lennart Poettering
bbcd38e41e docs: import journal file format docs from fdo wiki
Just an import, with no textual changes (some fixed URLs however)
2020-06-25 15:02:34 +02:00
Lennart Poettering
6b000af4f2 tree-wide: avoid some loaded terms
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/

This gets rid of most but not occasions of these loaded terms:

1. scsi_id and friends are something that is supposed to be removed from
   our tree (see #7594)

2. The test suite defines an API used by the ubuntu CI. We can remove
   this too later, but this needs to be done in sync with the ubuntu CI.

3. In some cases the terms are part of APIs we call or where we expose
   concepts the kernel names the way it names them. (In particular all
   remaining uses of the word "slave" in our codebase are like this,
   it's used by the POSIX PTY layer, by the network subsystem, the mount
   API and the block device subsystem). Getting rid of the term in these
   contexts would mean doing some major fixes of the kernel ABI first.

Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
2020-06-25 09:00:19 +02:00
Lennart Poettering
18d9cee002 man: document systemd.random-seed= 2020-06-24 15:33:48 +02:00
Lennart Poettering
21385e639a man: replace perl bug tracker link that went away with link to paper
Fixes: #16245
2020-06-23 17:19:05 +02:00
Luca Boccassi
34e0d56ce2 Container interface: document exposing the host's os-release
In order to allow applications to detect the host OS version or other
metadata, ask container managers to expose the os-release files as
read-only bind mounts.
For systemd-nspawn, we will also expose ID, BUILD_ID, VERSION_ID and
VARIANT_ID as lowercase environment variables prefixed by the
container_host_ string.
2020-06-23 12:57:05 +01:00
Lennart Poettering
ffc8eeae62 USER_RECORD: fix typo
Fixes: #16172
2020-06-16 20:24:32 +02:00
Evgeny Vereshchagin
135a1add7b turn off fuzzit part 2
it's just a follow-up to https://github.com/systemd/systemd/pull/16064
2020-06-11 18:59:44 +02:00
David Edmundson
6a881daf85 docs: Change suffix for desktop applications to support non-transient services
One problem found with the current draft specification is we can't have
an application provide a non-transient systemd service file in a way
that is spec compliant as the service name currently needs to end in a
random token defined by the launcher.

This came up when trying to put DBus activated services into the correct
cgroup. There isn't enough metadata in the DBus service file to know the
correct application ID, and the most intuitive fix is for those
applications to just specify the SystemdService file in the existing
system. They're generally unique for a given user session anyway so
don't need a separate cgroup identifier.

This changes the spec for RANDOM to be optional for services.

It also changes the separator between in services to act like templates.
Ultimately that's what we're trying to recreate with the RANDOM token of
the systemd service and it's a better fit. It's needed as otherwise with
launcher and the random ident being both optional it would be impossible
to get the application ID reliably.

Scopes are unchanged as they don't support templates.
2020-06-10 17:10:57 +02:00
Lennart Poettering
c85b6ff1b2 docs: point contributors to list of most recent systemd releases
Fixes: #16083
2020-06-10 10:30:02 +02:00
Michał Bartoszkiewicz
fa0e23c900 docs: use bool in varlink interface definition
Boolean type in varlink is named bool, not boolean.
2020-06-09 17:11:38 +02:00
Lennart Poettering
a3d19f5d99 core: add new PassPacketInfo= socket unit property 2020-05-27 22:40:38 +02:00
Daniel Fullmer
e6190e2882 sd-boot: fix menu ordering with boot counting
systemd-boot selects the last valid entry by default, not the first.

Fixes: #15256
2020-05-26 19:27:59 +02:00
Zbigniew Jędrzejewski-Szmek
201632e314 tree-wide: s/time-out/timeout/g
See 3f9a0a522f for justification.
2020-05-26 10:28:59 +02:00
Evgeny Vereshchagin
2f0a427b45 docs: add a link to the Fossies codespell report 2020-05-21 09:00:53 +02:00
Zbigniew Jędrzejewski-Szmek
bb94ded693
Merge pull request #15661 from hundeboll/mount-read-write-only
Mount read write only
2020-05-20 15:48:04 +02:00
Martin Hundebøll
75f4bd7fd0 man: document ReadWriteOnly property for mount units 2020-05-20 14:26:04 +02:00
Zbigniew Jędrzejewski-Szmek
154962d348 docs: policy for systemd-security subscriptions
Replaces #14325.
2020-05-15 20:40:58 +02:00
Дамјан Георгиевски
5a0173147b
docs: add some backticks and more formatting to PASSWORD_AGENTS.md (#15803)
docs: add some backticks and more formatting to PASSWORD_AGENTS.md
2020-05-13 14:52:09 +02:00
Дамјан Георгиевски
8623836502 fix WikiWord not-links 2020-05-13 04:56:50 +02:00
Дамјан Георгиевски
67a40f217c docs: import password agents documentation
imported from:
https://cgit.freedesktop.org/wiki/www/plain/Software/systemd/PasswordAgents.mdwn
2020-05-12 20:31:44 +02:00
Lennart Poettering
c0440512e6 docs: document the new offline discard logic 2020-05-07 16:13:07 +02:00
Gergely Polonkai
c28904dae0 Update the rsync command in CONVERTING_TO_HOMED
The old version of this command will delete everything under the new home directory (including `.identity`), rendering the directory unusable with homed.
2020-05-06 10:52:22 +02:00
Benjamin Berg
60ca8f22b8 docs: Change prefix for desktop applications to app-
We need both a slice name and a prefix for application units. For
consistency we tried to use the same name and ended up standardising on
"apps.slice" and and "apps-" prefix for the units.

However, "app-" would be a more natural prefix for applications. And it
is no problem to simply also name the slice "app.slice" for consistency
rather than keeping the current "apps.slice".
2020-04-30 14:21:44 +02:00
Zbigniew Jędrzejewski-Szmek
f20078df0b docs: reorder the section about security reporting to emphasize the sekrit list 2020-04-29 17:20:37 +02:00
Lennart Poettering
a9ab5cdb50
Merge pull request #15472 from keszybz/dbus-api-docs
A few more dbus api documentation updates
2020-04-23 17:01:11 +02:00
Frantisek Sumsal
86b52a3958 tree-wide: fix spelling errors
Based on a report from Fossies.org using Codespell.

Followup to #15436
2020-04-21 23:21:08 +02:00
Zbigniew Jędrzejewski-Szmek
98ab0daeeb docs: use "polkit" to refer to PolicyKit
See d35f51ea84 for justification.

First use in each file is turned into a link to the documentation page.
2020-04-21 17:10:02 +02:00
Zbigniew Jędrzejewski-Szmek
38b38500c6 tree-wide: use "hostname" spelling everywhere
It's not that I think that "hostname" is vastly superior to "host name". Quite
the opposite — the difference is small, and in some context the two-word version
does fit better. But in the tree, there are ~200 occurrences of the first, and
>1600 of the other, and consistent spelling is more important than any particular
spelling choice.
2020-04-21 16:58:04 +02:00
Lennart Poettering
5fe63895b9 docs: introduce documentation category for user/group stuff
We have so many different docs on various facets of user/group stuff,
let's add our own category for it.
2020-04-11 18:03:24 +02:00
Lennart Poettering
b05e122036 docs: add some documentation about hooking up userdb/homed to desktop environments
Prompted by some inquires from the GNOME camp. let's document this here,
since other DEs might be interested too.
2020-04-10 18:54:58 +02:00
Lennart Poettering
5a3033321a docs: add brief document how to convert home directories to homed 2020-04-10 15:57:29 +02:00
Lennart Poettering
10eed9848d docs: fix typo now → not 2020-04-09 19:26:36 +02:00
Lennart Poettering
b27cb676bf docs: add missing dash 2020-04-09 19:24:44 +02:00
Lennart Poettering
9b3c65ed36
Merge pull request #15352 from poettering/user-group-name-valdity-rework
user/group name validity rework
2020-04-09 18:49:22 +02:00
Zbigniew Jędrzejewski-Szmek
ad21e542b2 manager: add CoredumpFilter= setting
Fixes #6685.
2020-04-09 14:08:48 +02:00
Lennart Poettering
887a8fa341 docs: hook up the new USER_NAMES document everywhere
(Also correct the set of names we accept in User=, which was forgotten
to be updated in ae480f0b09.
2020-04-08 17:30:04 +02:00
Lennart Poettering
cafed7b32c docs: add a longer document explaining our rules on user/group names 2020-04-08 17:30:04 +02:00
Benjamin Berg
31c68e0277 docs: Add some notes about managing graphical user sessions
This is work in progress and not finished yet. However, I hope to have
captured some of the key points that came up in previous discussions
with appropriate notes about things that still need to be defined.

I may revisit it later. Also, feel free to completely rewrite if the
format is not quite right.
2020-03-27 21:57:44 +01:00
Lucas Werkmeister
e1ef1e5d53 docs: fix typo 2020-03-06 22:58:53 +01:00
Lucas Werkmeister
afcb3e758c docs: fix misplaced close-paren
I assume it’s supposed to be “see Home Directories for details” and not
“… and embeds these JSON records directly in the home directory images …
for details”, but the previous text suggested the latter reading to me.
2020-03-06 22:12:37 +01:00
Zbigniew Jędrzejewski-Szmek
870d38dca9 docs: add .link/.network/.netdev files to interface stability chart
Fixes #9850.
2020-03-03 19:11:45 +01:00
Zbigniew Jędrzejewski-Szmek
b0cda24148 docs: interlink the docs to make it easier to navigate 2020-02-28 16:54:33 +01:00
Zbigniew Jędrzejewski-Szmek
04c31af4c5 docs: say XBOOTLDR instead of just giving the GPT identifier
Fixes #14832.

Also, say "MBR partition table" and not "MBR disk label". "disk label" doesn't
seem to mean anything.
2020-02-28 16:54:33 +01:00
Lynn Kirby
6cec69fc3e Change all fuzzing links to point to OSS-Fuzz site 2020-02-18 01:50:36 +03:00
Lynn Kirby
129c55c06f docs: fix HACKING.md broken links 2020-02-18 01:50:36 +03:00