1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

389 Commits

Author SHA1 Message Date
Lennart Poettering
b042dd687c man: document that the supplementary groups list is initialized from User='s database entry
Fixes: #12936
2019-07-12 14:25:28 +02:00
Lennart Poettering
8c8208cb80 man: document new "systemctl clean…" operation 2019-07-11 12:18:51 +02:00
Philip Withnall
a9a50bd680 man: Add some notes about variable $prefix for StateDirectory=
tl;dr: It isn’t supported.

Wording by Zbigniew Jędrzejewski-Szmek.

See https://twitter.com/pid_eins/status/1102639279614906369 and
https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/5#note_125536
onwards.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-07-04 18:26:03 +02:00
Lennart Poettering
330703fb22 man: beef up systemd.exec(5)
Prompted by:

https://lists.freedesktop.org/archives/systemd-devel/2019-May/042773.html
2019-06-24 18:31:36 +02:00
Michal Sekletar
b070c7c0e1 core: introduce NUMAPolicy and NUMAMask options
Make possible to set NUMA allocation policy for manager. Manager's
policy is by default inherited to all forked off processes. However, it
is possible to override the policy on per-service basis. Currently we
support, these policies: default, prefer, bind, interleave, local.
See man 2 set_mempolicy for details on each policy.

Overall NUMA policy actually consists of two parts. Policy itself and
bitmask representing NUMA nodes where is policy effective. Node mask can
be specified using related option, NUMAMask. Default mask can be
overwritten on per-service level.
2019-06-24 16:58:54 +02:00
Lennart Poettering
eedaf7f322 man: drop references to "syslog" and "syslog+console" from man page
These options are pretty much equivalent to "journal" and
"journal+console" anyway, let's simplify things, and drop them from the
documentation hence.

For compat reasons let's keep them in the code.

(Note that they are not 100% identical to 'journal', but I doubt the
distinction in behaviour is really relevant to keep this in the docs.
And we should probably should drop 'syslog' entirely from our codebase
eventually, but it's problematic as long as we semi-support udev on
non-systemd systems still.)
2019-06-24 15:23:11 +02:00
Lennart Poettering
e0e65f7d09 man: document that DynamicUser=1 implied sandboxing cannot be turned off
Fixes: #12476
2019-06-24 14:20:36 +02:00
Zbigniew Jędrzejewski-Szmek
61fbbac1d5 pid1: parse CPUAffinity= in incremental fashion
This makes the handling of this option match what we do in unit files. I think
consistency is important here. (As it happens, it is the only option in
system.conf that is "non-atomic", i.e. where there's a list of things which can
be split over multiple assignments. All other options are single-valued, so
there's no issue of how to handle multiple assignments.)
2019-05-29 10:29:28 +02:00
Ben Boeckel
5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Zbigniew Jędrzejewski-Szmek
db8d154dc4 man: describe interaction with ProtectHome=/InaccessiblePaths= in BindMount=
https://github.com/systemd/systemd/issues/7153#issuecomment-485252308

Apparently this is still confusing for people.

Longer-term, I think we should just make BindMount= automatically "upgrade"
(or "downgrade", depending on how you look at this), any InaccessiblePath=
mountpoints to "tmpfs". I don't see much point in forcing users to remember
this interaction. But let's at least document the status quo, we can always
update the docs if the code changes.
2019-04-24 10:21:37 +02:00
Lennart Poettering
8e74bf7f9c man: document new OOMPolicy= setting 2019-04-09 11:17:58 +02:00
Lennart Poettering
bf65b7e0c9 core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.

Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.
2019-04-02 16:56:48 +02:00
Lennart Poettering
7445db6eb7 man: document the new RestrictSUIDSGID= setting 2019-04-02 16:56:48 +02:00
Lennart Poettering
6d463b8aed man: refer to innermost directory as innermost, not as "lowest"
Let's avoid confusion whether the root is at the top or of the bottom of
the directory tree. Moreover we use "innermost" further down for the
same concept, so let's stick to the same terminology here.
2019-04-01 18:30:18 +02:00
Lennart Poettering
8601482cd8 man: tweak XyzDirectory= table a bit 2019-04-01 18:30:18 +02:00
Zbigniew Jędrzejewski-Szmek
de04bbdce1 tree-wide: spell "lifecycle" without hyphen everywhere
We had 10 instances of unhyphentated spelling, and 4 of the hyphenated one.
Consistency trumps ispell.
2019-03-14 22:47:44 +01:00
Lennart Poettering
b3f6c4531e
Merge pull request #12002 from keszybz/man-headers
Man headers
2019-03-14 15:55:04 +01:00
Lennart Poettering
c4d4b5a708 man: say explicitly which settings are not available in --user services
Fixes: #3944
2019-03-14 15:13:33 +01:00
Zbigniew Jędrzejewski-Szmek
3a54a15760 man: use same header for all files
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.

$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n  "http^gms' man/*.xml
2019-03-14 14:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
0307f79171 man: standarize on one-line license header
No need to waste space, and uniformity is good.

$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
2019-03-14 14:29:37 +01:00
Lennart Poettering
c648d4d4c8 man: mention that DynamicUser= should not be mixed with ReadWriteDirectory= or AF_UNIX dir fd passing 2019-03-14 09:31:09 +01:00
Zbigniew Jędrzejewski-Szmek
fb6692ed33
Merge pull request #11927 from poettering/network-namespace-path
Add NetworkNamespacePath= to unit files
2019-03-12 14:29:14 +01:00
Lennart Poettering
8df87b4383 man: document that ProtectHostname= disables hostname change notifications 2019-03-08 15:49:10 +01:00
Lennart Poettering
4107452e51 man: document NetworkNamespacePath= 2019-03-07 21:27:02 +01:00
Lennart Poettering
eb5149ba74
Merge pull request #11682 from topimiettinen/private-utsname
core: ProtectHostname feature
2019-02-20 14:12:15 +01:00
Topi Miettinen
aecd5ac621 core: ProtectHostname= feature
Let services use a private UTS namespace. In addition, a seccomp filter is
installed on set{host,domain}name and a ro bind mounts on
/proc/sys/kernel/{host,domain}name.
2019-02-20 10:50:44 +02:00
Lennart Poettering
dcf3c3c3d9 core: export $PIDFILE env var for services, derived from PIDFile= 2019-02-15 11:32:19 +01:00
Zbigniew Jędrzejewski-Szmek
e0e2ecd5a8 man: move entries to the right section in systemd.directives
They were in "miscellaneuos" because of the missing class= assignment.
Probably introduced when the split into sections was done.
2019-02-13 11:17:41 +01:00
Yu Watanabe
d1698b82e6 man: add referecne to systemd-system.conf 2019-02-01 12:31:51 +01:00
Yu Watanabe
68d838f71d man: fix volume num of journalctl 2019-02-01 12:30:36 +01:00
Topi Miettinen
10d44e72ec Document weaknesses with MDWE and suggest hardening
Closes #11473
2019-01-21 11:37:46 +01:00
Philip Withnall
35f2c0ba6a man: Fix a typo in systemd.exec.xml
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-01-16 21:33:38 +09:00
Alex Mayer
8d7fac92f0 Docs: Add Missing Space Between Words 2019-01-03 03:07:50 +09:00
Zbigniew Jędrzejewski-Szmek
0b57803630 man: add note about systemd-vconsole-setup.service and tty as input/output
Closes #10019.
2018-12-14 11:18:32 +01:00
Lennart Poettering
438311a518 man: document that env vars are not suitable for passing secrets
Prompted by the thread around:

https://lists.freedesktop.org/archives/systemd-devel/2018-November/041665.html
2018-11-14 09:12:49 +03:00
Lennart Poettering
0e18724eb1 man: emphasize the ReadOnlyPaths= mount propagation "hole"
This changes the ProtectSystem= documentation to refer in more explicit
words to the restrictions of ReadOnlyPath=, as sugegsted in #9857.

THis also extends the paragraph in ReadOnlyPath= that explains the hole.

Fixes: #9857
2018-10-30 15:30:18 +01:00
Lennart Poettering
d287820dec man: document that various sandboxing settings are not available in --user services
This is brief and doesn't go into detail, but should at least indicate
to those searching for it that some stuff is not available.

Fixes: #9870
2018-10-30 15:30:18 +01:00
Anita Zhang
90fc172e19 core: implement per unit journal rate limiting
Add LogRateLimitIntervalSec= and LogRateLimitBurst= options for
services. If provided, these values get passed to the journald
client context, and those values are used in the rate limiting
function in the journal over the the journald.conf values.

Part of #10230
2018-10-18 09:56:20 +02:00
Alan Jenkins
923f910115 man/systemd.exec: MountFlags=shared behaviour was changed (fixed?)
The behaviour described *was* observed on Fedora 28
(systemd-238-9.git0e0aa59), with and without SELinux.  I don't actually
know why though!  It contradicts my understanding of the code, including an
explicit comment in the code.

Testing in a VM upgraded to v239-792-g1327f272d, this behaviour goes away.


Test case:

# /etc/systemd/system/mount-test.service
[Service]
MountFlags=shared
Type=oneshot
ExecStart=/usr/bin/ls -l /proc/1/ns/mnt /proc/self/ns/mnt
ExecStart=/usr/bin/grep ext4 /proc/self/mountinfo


Weird old behaviour: new mount namespace but / is fully shared.

lrwxrwxrwx. 1 root root 0 Sep 14 11:18 /proc/1/ns/mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Sep 14 11:48 /proc/self/ns/mnt ->
mnt:[4026532851]

968 967 253:0 / / rw,relatime shared:1 - ext4 /dev/mapper/alan_dell_2016...


Current behaviour: / is not fully shared

lrwxrwxrwx. 1 root root 0 Sep 14 11:39 /proc/1/ns/mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Sep 14 11:41 /proc/self/ns/mnt ->
mnt:[4026532329]

591 558 8:3 / / rw,relatime shared:313 master:1 - ext4 /dev/sda3 rw,secl...
2018-10-05 17:38:38 +02:00
Yu Watanabe
d491e65e74 man: document RUNTIME_DIRECTORY= or friends 2018-09-13 17:02:58 +09:00
Lennart Poettering
2d2224e407 man: document that most sandboxing options are best effort only 2018-08-21 20:00:33 +02:00
Yu Watanabe
fe65e88ba6 namespace: implicitly adds DeviceAllow= when RootImage= is set
RootImage= may require the following settings
```
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rwm
DeviceAllow=block-blkext rwm
```
This adds the following settings implicitly when RootImage= is
specified.

Fixes #9737.
2018-08-06 14:02:31 +09:00
Zsolt Dollenstein
566b7d23eb Add support for opening files for appending
Addresses part of #8983
2018-07-20 03:54:22 -07:00
Lennart Poettering
9236cabf78 man: elaborate a bit on the effect of PrivateNetwork=
Triggered by this thread:

https://lists.freedesktop.org/archives/systemd-devel/2018-July/040992.html
2018-07-17 21:41:23 +02:00
Alexander Kurtz
1448dfa6bf man: Mention that paths in unit files must be fully normalized.
Related to issues #9107 and #9498 and PRs #9149 and #9157.
2018-07-05 22:55:26 +02:00
Zbigniew Jędrzejewski-Szmek
514094f933 man: drop mode line in file headers
This is already included in .dir-locals, so we don't need it
in the files themselves.
2018-07-03 01:32:25 +02:00
Lennart Poettering
705268414f seccomp: add new system call filter, suitable as default whitelist for system services
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.

The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
2018-06-14 17:44:20 +02:00
Zbigniew Jędrzejewski-Szmek
fdbbee37d5 man: drop unused <authorgroup> tags from man sources
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.

Tested with F26-F29, debian unstable.

$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
2018-06-14 12:22:18 +02:00
Lennart Poettering
0c69794138 tree-wide: remove Lennart's copyright lines
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
2018-06-14 10:20:20 +02:00
Lennart Poettering
818bf54632 tree-wide: drop 'This file is part of systemd' blurb
This part of the copyright blurb stems from the GPL use recommendations:

https://www.gnu.org/licenses/gpl-howto.en.html

The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.

hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
2018-06-14 10:20:20 +02:00