1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Commit Graph

140 Commits

Author SHA1 Message Date
Christian Hesse
5833143708 man: ProtectHome= protects /root as well 2015-06-30 19:12:20 +02:00
Tom Gundersen
12b42c7667 man: revert dynamic paths for split-usr setups
This did not really work out as we had hoped. Trying to do this upstream
introduced several problems that probably makes it better suited as a
downstream patch after all. At any rate, it is not releaseable in the
current state, so we at least need to revert this before the release.

 * by adjusting the path to binaries, but not do the same thing to the
   search path we end up with inconsistent man-pages. Adjusting the search
   path too would be quite messy, and it is not at all obvious that this is
   worth the effort, but at any rate it would have to be done before we
   could ship this.

 * this means that distributed man-pages does not make sense as they depend
   on config options, and for better or worse we are still distributing
   man pages, so that is something that definitely needs sorting out before
   we could ship with this patch.

 * we have long held that split-usr is only minimally supported in order
   to boot, and something we hope will eventually go away. So before we start
   adding even more magic/effort in order to make this work nicely, we should
   probably question if it makes sense at all.
2015-06-18 19:47:44 +02:00
Filipe Brandenburger
681eb9cf2b man: generate configured paths in manpages
In particular, use /lib/systemd instead of /usr/lib/systemd in distributions
like Debian which still have not adopted a /usr merge setup.

Use XML entities from man/custom-entities.ent to replace configured paths while
doing XSLT processing of the original XML files. There was precedent of some
files (such as systemd.generator.xml) which were already using this approach.

This addresses most of the (manual) fixes from this patch:
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220

The idea of using generic XML entities was presented here:
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html

This patch solves almost all the issues, with the exception of:
- Path to /bin/mount and /bin/umount.
- Generic statements about preference of /lib over /etc.

These will be handled separately by follow up patches.

Tested:
- With default configure settings, ran "make install" to two separate
  directories and compared the output to confirm they matched exactly.
- Used a set of configure flags including $CONFFLAGS from Debian:
  http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules
  Installed the tree and confirmed the paths use /lib/systemd instead of
  /usr/lib/systemd and that no other unexpected differences exist.
- Confirmed that `make distcheck` still passes.
2015-05-28 19:28:19 +02:00
Zbigniew Jędrzejewski-Szmek
b5c7d097ec man: link to freebsd.org for inetd(8) 2015-03-13 23:42:18 -04:00
Zbigniew Jędrzejewski-Szmek
3ba3a79df4 man: fix a bunch of links
All hail linkchecker!
2015-03-13 23:42:18 -04:00
David Herrmann
f407824d75 man: split paragraph
Explicitly put the "multiple EnvironmentFile=" description into its own
paragraph to make it much easier to find.
2015-03-12 12:48:22 +01:00
Zbigniew Jędrzejewski-Szmek
b975b0d514 man: boilerplate unification 2015-02-10 23:24:27 -05:00
Zbigniew Jędrzejewski-Szmek
798d3a524e Reindent man pages to 2ch 2015-02-03 23:11:35 -05:00
Lennart Poettering
c51cbfdcc7 man: document that ProtectSystem= also covers /boot 2015-01-27 02:19:33 +01:00
Ronny Chevalier
6067b34a1f man: document that we set both soft and hard limits for Limit directives
See
http://cgit.freedesktop.org/systemd/systemd/tree/src/core/load-fragment.c#n1100
2014-11-30 20:45:01 +01:00
Ronny Chevalier
536256fc91 man: fix typos 2014-11-30 20:20:59 +01:00
Ronny Chevalier
b8825fff7b man: document equivalence between Limit directives and ulimit
See https://bugs.freedesktop.org/show_bug.cgi?id=80341
2014-11-30 20:17:00 +01:00
WaLyong Cho
2ca620c4ed smack: introduce new SmackProcessLabel option
In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.

[zj: reword man page]
2014-11-24 10:20:53 -05:00
Lennart Poettering
2134b5ef6b man: SyslogIdentifier= has an effect on journal logging too 2014-10-09 11:37:01 +02:00
Zbigniew Jędrzejewski-Szmek
e060073a8f man: say that SecureBits= are space separated 2014-10-03 21:06:52 -04:00
Michael Biebl
67826132ad man: fix references to systemctl man page which is now in section 1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760613
2014-09-06 13:45:18 +02:00
Ruben Kerkhof
06b643e7f5 Fix a few more typos 2014-08-30 13:46:07 -04:00
Ronny Chevalier
8257df2767 man: fix typo 2014-08-18 21:02:07 +02:00
Lennart Poettering
79c1afc67f man: improve documentation for StandardOutput= and StandardInput= 2014-08-11 19:29:25 +02:00
Ansgar Burchardt
ef392da6c5 Correct references to ProtectSystem and ProtectHome in documentation 2014-08-04 09:27:20 -04:00
Zbigniew Jędrzejewski-Szmek
8e8ba962c7 man: proper link for dmesg 2014-07-10 22:52:23 -04:00
Zbigniew Jędrzejewski-Szmek
5aded36978 man: add a mapping for external manpages
It is annoying when we have dead links on fd.o.

Add project='man-pages|die-net|archlinux' to <citerefentry>-ies.

In generated html, add external links to
http://man7.org/linux/man-pages/man, http://linux.die.net/man/,
https://www.archlinux.org/.

By default, pages in sections 2 and 4 go to man7, since Michael
Kerrisk is the autorative source on kernel related stuff.

The rest of links goes to linux.die.net, because they have the
manpages.

Except for the pacman stuff, since it seems to be only available from
archlinux.org.

Poor gummiboot gets no link, because gummitboot(8) ain't to be found
on the net. According to common wisdom, that would mean that it does
not exist. But I have seen Kay using it, so I know it does, and
deserves to be found. Can somebody be nice and put it up somewhere?
2014-07-07 18:36:55 -04:00
Jan Engelhardt
8d0e0ddda6 doc: grammatical corrections 2014-06-28 00:06:30 -04:00
Lennart Poettering
d6797c920e namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
2014-06-06 14:37:40 +02:00
Lennart Poettering
5331194c12 core: don't include /boot in effect of ProtectSystem=
This would otherwise unconditionally trigger any /boot autofs mount,
which we probably should avoid.

ProtectSystem= will now only cover /usr and (optionally) /etc, both of
which cannot be autofs anyway.

ProtectHome will continue to cover /run/user and /home. The former
cannot be autofs either. /home could be, however is frequently enough
used (unlikey /boot) so that it isn't too problematic to simply trigger
it unconditionally via ProtectHome=.
2014-06-05 10:03:26 +02:00
Lennart Poettering
1b8689f949 core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.

With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
2014-06-04 18:12:55 +02:00
Lennart Poettering
417116f234 core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
2014-06-03 23:57:51 +02:00
Nis Martensen
f1721625e7 fix spelling of privilege 2014-05-19 00:40:44 +09:00
Jan Engelhardt
b8bde11658 doc: comma placement corrections and word order
Set commas where there should be some.
Some improvements to word order.
2014-05-07 20:13:27 -04:00
Jan Engelhardt
dca348bcbb doc: corrections to words and forms
This patch exchange words which are inappropriate for a situation,
deletes duplicated words, and adds particles where needed.
2014-05-07 20:13:26 -04:00
Jan Engelhardt
70a44afee3 doc: typographical fine tuning 2014-05-06 23:05:39 +02:00
Lennart Poettering
905826156d man: be more specific when EnvironmentFile= is read
http://lists.freedesktop.org/archives/systemd-devel/2014-March/018004.html
2014-03-25 00:26:09 +01:00
Lennart Poettering
7f8aa67131 core: remove tcpwrap support
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.

Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
2014-03-24 20:07:42 +01:00
Lennart Poettering
c2c13f2df4 unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
2014-03-20 04:16:39 +01:00
Lennart Poettering
907afa0682 man: improve documentation of fs namespace related settings 2014-03-19 22:26:08 +01:00
Lennart Poettering
f1660f96f5 core: drop CAP_MKNOD when PrivateDevices= is set 2014-03-18 17:58:19 +01:00
Lennart Poettering
e66cf1a3f9 core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings
As discussed on the ML these are useful to manage runtime directories
below /run for services.
2014-03-03 17:55:32 +01:00
Lennart Poettering
f513e420c8 exec: imply NoNewPriviliges= only when seccomp filters are used in user mode 2014-02-26 02:28:52 +01:00
Lennart Poettering
4298d0b512 core: add new RestrictAddressFamilies= switch
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.

This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
2014-02-26 02:19:28 +01:00
Michael Scherer
eef65bf3ee core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
2014-02-21 03:44:20 +01:00
Lennart Poettering
b67f562c9c man: document $MAINPID 2014-02-19 03:27:03 +01:00
Lennart Poettering
ac45f971a1 core: add Personality= option for units to set the personality for spawned processes 2014-02-19 03:27:03 +01:00
Lennart Poettering
e9642be2cc seccomp: add helper call to add all secondary archs to a seccomp filter
And make use of it where appropriate for executing services and for
nspawn.
2014-02-18 22:14:00 +01:00
Jan Engelhardt
66f756d437 doc: resolve missing/extraneous words or inappropriate forms
Issues fixed:
* missing words required by grammar
* duplicated or extraneous words
* inappropriate forms (e.g. singular/plural), and declinations
* orthographic misspellings
2014-02-17 19:03:07 -05:00
Jan Engelhardt
73e231abde doc: update punctuation
Resolve spotted issues related to missing or extraneous commas, dashes.
2014-02-17 19:03:07 -05:00
Zbigniew Jędrzejewski-Szmek
6db2742802 man: replace STDOUT with standard output, etc.
Actually 'STDOUT' is something that doesn't appear anywhere: in the
stdlib we have 'stdin', and there's only the constant STDOUT_FILENO,
so there's no reason to use capitals. When refering to code,
STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in
other places they are replaced with normal phrases like standard
output, etc.
2014-02-14 22:03:40 -05:00
Jason St. John
bcddd5bf80 man: fix grammatical errors and other formatting issues
* standardize capitalization of STDIN, STDOUT, and STDERR
* reword some sentences for clarity
* reflow some very long lines to be shorter than ~80 characters
* add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags
2014-02-14 22:03:40 -05:00
Lennart Poettering
57183d117a core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls

Also, turn system call filter bus properties into complex types instead
of concatenated strings.
2014-02-13 00:24:00 +01:00
Lennart Poettering
17df7223be core: rework syscall filter
- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.
2014-02-12 18:30:36 +01:00
Ronny Chevalier
c0467cf387 syscallfilter: port to libseccomp 2014-02-12 18:30:36 +01:00