IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As of kmod v14, it is possible to export the static node information from
/lib/modules/`uname -r`/modules.devname in tmpfiles.d(5) format.
Use this functionality to let systemd-tmpfilesd create the static device nodes
at boot, and drop the functionality from systemd-udevd.
As an effect of this we can move from systemd-udevd to systemd-tmpfiles-setup-dev:
* the conditional CAP_MKNOD (replaced by checking if /sys is mounted rw)
* ordering before local-fs-pre.target (see 89d09e1b5c)
In order to prepare things for the single-writer cgroup scheme, let's
make logind use systemd's own primitives for cgroup management.
Every login user now gets his own private slice unit, in which his sessions
live in a scope unit each. Also, add user@$UID.service to the same
slice, and implicitly start it on first login.
"Scope" units are very much like service units, however with the
difference that they are created from pre-existing processes, rather
than processes that systemd itself forks off. This means they are
generated programmatically via the bus API as transient units rather
than from static configuration read from disk. Also, they do not provide
execution-time parameters, as at the time systemd adds the processes to
the scope unit they already exist and the parameters cannot be applied
anymore.
The primary benefit of this new unit type is to create arbitrary cgroups
for worker-processes forked off an existing service.
This commit also adds a a new mode to "systemd-run" to run the specified
processes in a scope rather then a transient service.
Transient units can be created via the bus API. They are configured via
the method call parameters rather than on-disk files. They are subject
to normal GC. Transient units currently may only be created for
services (however, we will extend this), and currently only ExecStart=
and the cgroup parameters can be configured (also to be extended).
Transient units require a unique name, that previously had no
configuration file on disk.
A tool systemd-run is added that makes use of this functionality to run
arbitrary command lines as transient services:
$ systemd-run /bin/ping www.heise.de
Will cause systemd to create a new transient service and run ping in it.
This introduces two bus calls to make runtime changes to selected bus
properties, optionally with persistence.
This currently hooks this up only for three cgroup atributes, but this
brings the infrastructure to add more changable attributes.
This allows setting multiple attributes at once, and takes an array
rather than a dictionary of properties, in order to implement simple
resetting of lists using the same approach as when they are sourced from
unit files. This means, that list properties are appended to by this
call, unless they are first reset via assigning the empty list.
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree.
Also reworded a few debug messages for brevity, and added a log
statement which prints out the filter at debug level:
Journal filter: (((UNIT=sys-module-configfs.device AND _PID=1) OR (COREDUMP_UNIT=sys-module-configfs.device AND MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR _SYSTEMD_UNIT=sys-module-configfs.device) AND _BOOT_ID=4e3c518ab0474c12ac8de7896fe6b154)
We want to allow clients to process an sd_bus_message on a different
thread than it was received on. Since unreffing a bus message might
readd some of its memfds to the memfd cache add some minimal locking
around the cache.
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
Bootchart has a help option. For the sake of consistency, this patch
adds it to the man page.
Also, the TODO is updated. Bootcharts were added to the journal in
commit c4d58b0.
This makes sure nss-myhostname not only resolves the local host name to
127.0.0.2/::1 but also the host name 'localhost: to 127.0.0.1/::1. This
makes installation of /etc/passwd optional, as it usually only includes
a mapping for 'localhost'.
This change also resolves ::1 to the local hostname (as before), but
also lists 'localhost' as an alias. This means look-ups are now fully
reversible, even though they are 1:n mappings.
Finally, the module will no longer erroneously claim that local IP
addresses which aren't on the loopback device were.
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
All attributes are stored as text, since root_directory is already
text, and it seems easier to have all of them in text format.
Attributes are written in the trusted. namespace, because the kernel
currently does not allow user. attributes on cgroups. This is a PITA,
and CAP_SYS_ADMIN is required to *read* the attributes. Alas.
A second pipe is opened for the child to signal the parent that the
cgroup hierarchy has been set up.
This changes the fstab mount option x-initrd-rootfs.mount to
x-initrd.rootfs, in order to only use a single namespace "x-initrd." for
all mount options of the initrd.
Setting MaxRetentionSec= caused the kernel log to overflow and the
journal daemon to enter an endless loop.
Logging from the journald main loop gets directed to /dev/kmsg,
which wakes up journald again. We skip the import of this message
by checking for our own PID, but this still causes the main loop
to never go to sleep again because we never stopped logging from
there.
Getting the cursor is split out from .get_next() into
.get_cursor(). This mirrors the C API more closely, and
also makes things a bit faster if the cursor is not needed.
The properties will still be set in the udev database, but they will not be used
for setting the interface names. As for the other kernel commandline switches,
we allow it to be prefixed by 'rd.' to only apply in the initrd.
Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently
wrapped.
The userspace firmware loader is deprecated now, and will be entirely
removed when we depend on a kernel version with the built-in firmware
loader available.
I originally added this to stay as compatible as possible with the kernel, but
as Lennart argued it is not really useful in the initramfs, so let's drop it (we
already don't support 'rootdealy').
We currently enforce that seats are to be named in the form of
"seatXXX", i.e. need to begin with the 4 characters "seat". Thus,
"seat-master" would qualify as a seat name. As seat names are frequently
used as tags on devices, the "seat-master" tag might hence confuse
logind if the user decides to name a seat "seat-master".
Hence, avoid any ambuigity: let's rename the "seat-master" tag to
"master-of-seat".
- fix typo
- use compiled systemd-nspawn
- drop --capability=... from systemd-nspawn invocation, is is the default now
- simplify sudo make invocations
- Don't allow any locks to be taken while we are in the process of
executing the specific operation, so that apps are not surprised if a
suspend/shutdown happens while they rely on their inhibitor.
- Get rid of the Resumed signal, it was a bad idea, and redundant due to
PrepareForSleep(false), see below.
- Always send out PrepareFor{Shutdown,Sleep} signals, instead of only if
a delay lock is taken.
- Move PrepareForSleep(false) after we come back from the suspend, so
that apps can use this as "Resumed" notification. This also has the
benefit that apps know when to take a new lock.
We should not pimp up the kernel's VC stuff, it's too linited and
fragile.
At the moment not even the font uploaded early during bootup does
survive the KMS driver taking over the framebuffer driver. We
surely don't want to make promises about colors or resolution.
The future is fullscreen KMS/kmscon/wayland/... based terminals using
X fonts, keymaps, input methods, and not the old school too limited
kernel VC stuff. So leave the kernel VCs as they are, and don't expect
wonders.
This way we also get a man page. The output is not as polished.
I hope that it doesn't matter too much.
index.html is not generated now, the page is called
systemd.index.html. If necessary, an install hook should be added.
Adds is-failed to join is-active and is-enabled.
I grabbed this one from the todo list. Most of the functionality was
already there for is-active. I just needed to make check_one_unit take
the states to check for as an argument instead of the hardcoded
"active" and "reloading".
is-failed will return 1 if none of the units given are failed. This is
different from is-active which will return 3 if none of the units
given are active. It returns 3 with this comment:
/* According to LSB: "program is not running" */
As that does not make sense when looking for failed units I simply
chose 1 instead.
The split should be into a lightweight collection tool that can run
with minimal dependencies and resources for server and embedded
systems. The analysis tool can pull in desktop-style dependencies
like Cairo and GTK.
Much like logind has a client in loginctl, and journald in journalctl
introduce timedatectl, to change the system time (incl. RTC), timezones
and related settings.
Turns out cpuset needs explicit initialization before we could make use
of it. Thus mounting cpuset with cpu/cpuacct would make it impossible to
just create a group in "cpu" and start it.
Instead of doing hand optimized fd bisect arrays just use plain old
hashmaps. Now I can understand my own code again. Yay!
As a side effect this should fix some bad memory accesses caused by
accesses after mmap(), introduced in 189.
Note: I did s/MANAGER/SYSTEMD/ everywhere, even though it makes the
patch quite verbose. Nevertheless, keeping MANAGER prefix in some
places, and SYSTEMD prefix in others would just lead to confusion down
the road. Better to rip off the band-aid now.
When the new PID is invoked the journal socket from the initrd might
still be around. Due to the default log target being journal we'd log to
that initially when the new main systemd initializes even if the kernel
command line included a directive to redirect systemd's logging
elsewhere.
With this fix we initially always log to kmsg now, if we are PID1, and
only after parsing the kernel cmdline try to open the journal if that's
desired.
(The effective benefit of this is that SELinux performance data is now
logged again to kmsg like it used to be.)
Previously, if X allocated all 6 TTYs (for multi-session for example) no
getty would be available anymore to guarantee console-based logins.
With the new ReserveVT= switch in logind.conf we can now choose one VT
(6 by default) that will always be subject to autovt-style activation,
i.e. we'll always have a getty on TTY6, and X will never take possession
of it.
- Make writing/reading of /etc/timezone dependendent of HAVE_SYSV_COMPAT
- Introduce symlink_atomic() after all, and use it
- Use relative symlink for /etc/localtime
This splits the JSON output mode into different modes: json and
json-pretty. The former printing one entry per line, the latter showing
JSON objects nicely indented and in multiple lines to make it easier to
read for humans.
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
In order to make containers work nicely out of the box it is highly
desirable to have the mount propagation mode for the root fs is set as
"shared" by default so that containers receive system mounts by default.
(See mount --make-shared for more information).
As it is unlikely that the kernel will change the default to "shared"
for this, do this early at boot-up from PID 1. Setups which prefer the
default of "private" should undo this change via invoking "mount
--make-private /" or a similar command after boot.
In the long run /etc/fstab should take the propagation mode as a mount
option like any other, so that this may be used to change the default
mode. However, if fstab is not around or doesn't list / we still should
default to shared as propagation mode, hence this change now.
Adds messages for formally silent errors: new "Failed on cmdline argument %s: %s".
Removes some specific error messages for -ENOMEM in mount-setup.c. A few specific
ones have been left in other binaries.
When an automatic restart is already queued, then make subsequent start
jobs wait until the restart can be handled (i.e. after the holdhoff
time), instead of simply fail.
all other dependencies are in 3rd person. Change BindTo= accordingly to
BindsTo=.
Of course, the dependency is widely used, hence we parse the old name
too for compatibility.
sd-readahead.h is supposed to be a drop-in API, nothing people should
ever link to or could make use without also adding sd-readahead.c to
their sources. Hence, don't install this header file into INCLUDES, but
instead install it as DOCS.
There's now sd_journal_new_directory() for watching specific journal
directories. This is exposed in journalctl -D.
sd_journal_wait() and sd_journal_process() now return whether changes in
the journal are invalidating or just appending.
We now create inotify kernel watches only when we actually need them
This naming convention is more inline with other systemd daemon
unit names (systemd-logind.service, systemd-localed.service etc)
The companion .socket units have also been renamed, however the
-trigger and -settle units keep their current name as these are
not directly related to daemon process itself.
sd_notify() should work for daemons that chroot() as part of their
initilization, hence it's a good idea to use an abstract namespace
socket which is not affected by chroot.
This replaces the symlink based dependency by an explicit one in the
unit file so that we avoid the dangling symlink when no display manager
is installed.
This adds a timeout if the TTY cannot be acquired and makes sure we
always output the question to the console, never to the TTY of the
respective service.
Names= is a source of errors, simply because alias names specified like
this only become relevant after a unit has been loaded but cannot be
used to load a unit.
Let's get rid of the confusion and drop this field. To establish alias
names peope should use symlinks, which have the the benefit of being
useful as key to load a unit, even though they are not taken into
account if unit names are listed but they haven't been explicitly
referenced before.
People should use systemd.pc if anything at all to determine these
directories, and people should not assume that the bus fields are part
of the supported API, so let's just drop this.
This makes sure that
systemctl status /home
is implicitly translated to:
systemctl status /home.mount
Similar, /dev/foobar becomes dev-foobar.device.
Also, all characters that cannot be part of a unit name are implicitly
escaped.
since the binaries share much of the same code and we better load only
one binary instead of two from disk at early boot let's merge the three
readahead binaries into one. This also allows us to drop a lot of
duplicated code.
Let's try to standardize a bit the RPM macros used for
installing/uninstalling services.
This only covers the non-SysV compat bits, since that tends to vary
widely between the various distros.
Usage:
Add %{?systemd_requires} to the header of the spec file. And then:
%post
%systemd_post foobar.service
%preun
%systemd_preun foobar.service
%postun
%systemd_postun foobar.service
And, instead of the latter, in case the service shall be restarted on updates:
%postun
%systemd_postun_restart foobar.service
online = logged in
active = logged in and session is in the fg
closing = nominally logged out but some left-over processes still around
Related to:
https://bugzilla.gnome.org/show_bug.cgi?id=677556
Since we boot so fast now that gdm might get started before the
graphics drivers are properly loaded and probed we might end up
announcing seat0 to gdm before it has graphics capabilities. Which will
cause gdm/X11 cause to fail later on.
To fix this race, let's expose CanGraphical and CanTTY fields on all
seats, which clarify whether a seat is suitable for gdm resp, suitable
for text logins. gdm then needs to watch CanGraphical and spawn X11 on
it only if it is true.
This way:
USB graphics seats will expose CanGraphical=yes, CanTTY=no
Machines with no graphics drivers at all, but a text console:
CanGraphical=no, CanTTY=yes
Machines with CONFIG_VT turned off: CanGraphical=yes, CanTTY=no
And the most important case: seat0 where the graphics driver has not
been probed yet boot up with CanGraphical=no, CanTTY=yes first, which
then changes to CanGraphical=yes as soon as the probing is complete.
This takes handling of chassis power and sleep keys as well as the lid
switch over from acpid.
This logic is enabled by default for power and sleep keys, but not for
the lid switch.
If a graphical session is in the foreground no action is taken under the
assumption that the graphical session does this.
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
Checking the device major/minor is not a good idea. Let's replace this
with an explicit flag file, which we model after /etc/os-release and
call /etc/initrd-release.
If the inode nr for each file is available in the pack file we can
easily detect replaced files (like they result from package upgrades)
which we can then skip to readahead.
In some cases the main/control PID of a service can be outside of the
services cgroups (for example, if logind readjusts the processes'
cgroup). In order to clarify this for the user show the main/control PID
in the cgroup tree nonetheless, but mark them specially.
Previously, we were brutally and onconditionally killing all processes
in a service's cgroup before starting the service anew, in order to
ensure that StartPre lines cannot be misused to spawn long-running
processes.
On logind-less systems this has the effect that restarting sshd
necessarily calls all active ssh sessions, which is usually not
desirable.
With this patch control processes for a service are placed in a
sub-cgroup called "control/". When starting a service anew we simply
kill this cgroup, but not the main cgroup, in order to avoid killing any
long-running non-control processes from previous runs.
https://bugzilla.redhat.com/show_bug.cgi?id=805942
gettys are nowadays mostly autospawned and hence usually subject to
being shut down on isolate requests, since they are no dependency of any
other unit. This is a bad idea if the user isolates between
multi-user.graphical and graphical.target, hence exclude them from the
isolation.
This has the effect that gettys no longer cleaned up when
emergency.target is isolated, which might actualy be considered a
feature, even though it is a change from previous behaviour...
Note that the one getty that really matters (the one on tty1) is still
removed when isolating to emergency.target since it conflicts with
emergency.service.
This adds minimal hardware watchdog support to PID 1. The idea is that
PID 1 supervises and watchdogs system services, while the hardware
watchdog is used to supervise PID 1.
This adds two hardware watchdog configuration options, for the runtime
watchdog and for a shutdown watchdog. The former is active during normal
operation, the latter only at reboots to ensure that if a clean reboot
times out we reboot nonetheless.
If the runtime watchdog is enabled PID 1 will automatically wake up at
half the configured interval and write to the watchdog daemon.
By default we enable the shutdown watchdog, but leave the runtime
watchdog disabled in order not to break independent hardware watchdog
daemons people might be using.
This is only the most basic hookup. If necessary we can later on hook
up the watchdog ping more closely with services deemed crucial.
This logic can be turned off by defining SD_JOURNAL_SUPPRESS_LOCATION
before including sd-journal.h.
This also saves/restores errno in all logging functions, in order to be
useful as logging calls without side-effects.
This also adds a couple of __unlikely__ around the early checks in the
logging calls, in order to minimize the runtime impact.
udisks2 doesn't use /media anymore, instead mounts removable media in a
user-private directory beneath /run. /media is hence mostly obsolete and
hence it makes little sense to continue to mount a tmpfs to it.
Distributions should consider dropping the mount point entirely since
nothing uses it anymore.
Let's make things a bit easier to type, drop the systemd- prefix for
journalctl and loginctl, but provide the old names for compat.
All systemd binaries are hence now prefixed with "systemd-" with the
exception of the three primary user interface binaries:
systemctl
loginctl
journalctl
For those three we do provide systemd-xyz names as well, via symlinks:
systemd-systemctl → systemctl
systemd-loginctl → loginctl
systemd-journalctl → journalctl
We do this only for the *primary* user tools, in order to avoid
unnecessary namespace problems. That means tools like systemd-notify
stay the way they are.
we need to make sure that configuration data we expose via the bus ends
up in using getting an assert(). Even though configuration data is only
parsed from trusted sources we should be more careful with what we read.
