IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The handling of the command name and other arguments is unified. This
simplifies things and should make them more predictable for users.
Incidentally, this makes ExecStart handling match the .desktop file
specification, apart for the requirment for an absolute path.
https://bugs.freedesktop.org/show_bug.cgi?id=86171
This pulls out the hwdb managment from udevadm into an independent tool.
The old code is left in place for backwards compatibility, and easy of
testing, but all documentation is dropped to encourage use of the new
tool instead.
Also, when booting up an ephemeral container of / use the system
hostname as default machine name.
This way specifiyng -M is unnecessary when booting up an ephemeral
container, while allowing any number of ephemeral containers to run from
the same tree.
This adds --template= to duplicate an OS tree as btrfs snpashot and run
it
This also adds --ephemeral or -x to create a snapshot of an OS tree and
boot that, removing it after exit.
Let's stick to generic sections that describe the general technology,
instead of specific per-object sections, unless we really have a reason
to do that otherwise.
Support timer options --on-active=, --on-boot=, --on-startup=,
--on-unit-active=, --on-unit-inactive=, --on-calendar=. Each options
corresponding with OnActiveSec=, OnBootSec=, OnStartupSec=,
OnUnitActiveSec=, OnUnitInactiveSec=, OnCalendar= of timer
respectively. And OnCalendar= and WakeSystem= supported by
--timer-property= option like --property= of systemd-run.
And if --unit= option and timer options are specified the command can
be omitted. In this case, systemd-run assumes the target service is
already loaded. And just try to generate transient timer unit only.
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.
It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:
name=value
All other fields are ignored.
If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.
Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
This has been requested repeatedly, so let's give it a go. We explicitly do not allow matching
on names that have already been changed (from a previous udev run, or otherwise), and matching
on unpredictable names (ethX) is discouraged (but not currently disallowed).
We also currently allow:
[Match]
Name=veth0
[Link]
Name=my-name0
SomeOtherSetting=true
Which means that the link file will be applied the first time it is invoked, but
not on subsequent invocations, which may be surprising.
This patch add support to specify path cost of the
bridge port to be configured via conf file.
Exampe: conf
file: br.netdev
[NetDev]
Name=br-test
Kind=bridge
file: br.network
[Match]
Name=em1
[Network]
Bridge=br-test
[BridgePort]
Cost=332
bridge link
2: em1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master
br-test state disabled priority 32 cost 332
In man journald.conf, removes reference to XZ as sole form of
compression. See commit d89c8fdf48.
In man coredump.conf, clarifies that "Compression=" controls existence,
not type, of compression.
Several manpages contain duplicate text describing a standard set of .d
configuration directories, with the usual sorting, precedence,
overrides, and so on. Factor this common text out using XInclude before
proliferating it even further.
It helps editing units by either creating a drop-in file, like
/etc/systemd/system/my.service.d/override.conf, or by copying the
original unit from /usr/lib/systemd/ to /etc/systemd/ if the --full
option is specified.
It invokes an editor on temporary files related to the unit files and
if the editor exited successfully, then it renames the temporary files
to their original names (e.g. my.service or override.conf) and
daemon-reload is invoked.
If the temporary file is empty the modification is canceled.
See https://bugzilla.redhat.com/show_bug.cgi?id=906824
In principle SysV stuff is only for compatibility, but we are stuck
with it for the forseeable future, so documentation might as well
be provided.
https://bugs.debian.org/771172
This makes it possible to drop in logind configuration snippets from a
package or other configuration management mechanism.
Add documentation to the header of /etc/logind.conf pointing the user at
/etc/logind.conf.d/*.conf.
Introduce a new helper, conf_parse_many, to parse configuration files in
a search path.
systemd stops adding automatic dependencies on swap.target to swap
units. If a dependency is required, it has to be added by unit
configuration. fstab-generator did that already, except that now it is
modified to create a Requires or Wants type dependency, depending on
whether nofail is specified in /etc/fstab. This makes .swap units
obey the nofail/noauto options more or less the same as .mount units.
Documentation is extended to clarify that, and to make
systemd.mount(5) and system.swap(5) more similar. The gist is not
changed, because current behaviour actually matches existing
documentation.
https://bugs.freedesktop.org/show_bug.cgi?id=86488
This makes udevadm trigger mirror udevadm info, except that multiple
device names can be specified. Instructions in 60-keyboard.hwdb should
now actually work.
udevadm(8) is updated, but it could use a bit more polishing.
https://bugs.freedesktop.org/show_bug.cgi?id=82311
In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.
[zj: reword man page]
The previous version was a bit too vague. It is better
to simply list all dependency types that are followed.
Previous version also made an emphasis on dependencies introduced by
configuration. But this command (or systemd) don't care about this
distinction between configured and automatically added dependencies at
all. This distinctionis removed from the main description, and an
explanatory paragraph is added to remind the user that all
dependencies are shown, no matter where they come from.
In the long run we really should figure out if we want to stick with 8ch
or 2ch indenting, and not continue with half-and-half. For now, just
make emacs aware of the files that use 2ch indenting.
--link-journal={host,guest} fail if the host does not have persistent
journalling enabled and /var/log/journal/ does not exist. Even worse, as there
is no stdout/err any more, there is no error message to point that out.
Introduce two new modes "try-host" and "try-guest" which don't fail in this
case, and instead just silently skip the guest journal setup.
Change -j to mean "try-guest" instead of "guest", and fix the wrong --help
output for it (it said "host" before).
Change systemd-nspawn@.service.in to use "try-guest" so that this unit works
with both persistent and non-persistent journals on the host without failing.
https://bugs.debian.org/770275
This effectively reverts 599b6322f1, which
in turn partially reverted 4dc5b821ae.
The --failed switch is not documented on purpose, since it is redundant
due to --state=failed, which it predates. Due to that it's not
documented in --help either.
We generally try to avoid redundant interfaces, but if we need to keep
them for compatibility we do so, however remove them from documentation
to ensure they are not used in future.
The man page is now changed to include a comment about the fact that
--failed is not documented on purpose. Also, explicitly mention
--state=failed as example for --state.
We really don't want to get lost in adding fridge, car, plane, drone, or
whatever else, hence add a generic term "embedded" cover all the cases
where the computer is just part of something bigger, and not at the
focus of things.
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
The term "priority" is misleading because higher levels have lower
priority. "Level" is clearer and shorter.
This commit touches only the textual descriptions, not function and variable
names themselves. "Priority" is used in various command-line switches and
protocol constants, so completly getting rid of "priority" is hard.
I also left "priority" in various places where the clarity suffered
when it was removed.
For now, it's systemd itself that parses the options string, but as soon
as util-linux' swapon can take the option string directly with -o we
should pass it on unmodified.
In some cases it is preferable to ship system images with a pre-generated
binary hwdb database, to avoid having to build it at runtime, avoid shipping
the source hwdb files, or avoid storing large binary files in /etc.
So if hwdb.bin does not exist in /etc/udev/, fall back to looking for it in
UDEVLIBEXECDIR. This keeps the possibility to add files to /etc/udev/hwdb.d/
and re-generating the database which trumps the one in /usr/lib.
Add a new --usr flag to "udevadm hwdb --update" which puts the database
into UDEVLIBEXECDIR.
Adjust systemd-udev-hwdb-update.service to not generate the file in /etc if we
already have it in /usr.
The system start timeout as previously implemented would get confused by
long-running services that are included in the initial system startup
transaction for example by being cron-job-like long-running services
triggered immediately at boot. Such long-running jobs would be subject
to the default 15min timeout, esily triggering it.
Hence, remove this again. In a subsequent commit, introduce per-target
job timeouts instead, that allow us to control these timeouts more
finegrained.
Using "their" as pronoun in these places is confusing since it is more
associated with plural rather than singular, and the sentence already
contains a plural. The word "her/his" apparently offends some people,
hence let's avoid the problem altogether and just name the noun again.
Systemd 209 started setting $WATCHDOG_PID, and sd-daemon watch was
modified to check for this variable. This means that
sd_watchdog_enabled() stopped working with previous versions of
systemd. But sd-event is a public library and API and we must keep it
working even when a program compiled with a newer version of the
libary is used on a system running an older version of the manager.
getenv() and unsetenv() are fairly expensive calls, so optimize
sd_watchdog_enabled() by not calling them when unnecessary.
man: centralize the description of $WATCHDOG_PID and $WATCHDOG_USEC in
the sd_watchdog_enabled manpage. It is better not to repeat the same
stuff in two places.
This new command will ask the journal daemon to flush all log data
stored in /run to /var, and wait for it to complete. This is useful, so
that in case of Storage=persistent we can order systemd-tmpfiles-setup
afterwards, to ensure any possibly newly created directory in /var/log
gets proper access mode and owners.
Clean up the function namespace by renaming the following:
sd_bus_get_owner_uid() → sd_bus_get_name_creds_uid()
sd_bus_get_owner_machine_id() → sd_bus_get_name_machine_id()
sd_bus_get_peer_creds() → sd_bus_get_owner_creds()
I think it is more readable and nicer if everything is in
one table.
Also, describe what the return value, since it seems awkward to
describe the change in behaviour with --quiet before describing
what the default is.
Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames. Masking usernames with * seems just silly.
v2 - Don't mess with termios flags, instead print the input
instead of an asterix. Resolves issues with backspace
and TAB input.
v3 - Renamed 'do_echo' variables and argument to 'echo'. Also
modified the ask_password_{tty,agent,auto} API instead of
additional wrapper functions.
[zj: undo changes to ask_password_auto, since no callers were using
the new argument.]
Example from Tom Gundersen is included using xi:include.
The copyright notice stands out a bit. Maybe it should be removed,
and the code placed in public domain.
The desktop brand is stored as DESKTOP variable for sessions. It can be
set arbitrarily by the session owner and identifies the desktop
environment that is running on that session.
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
This sentence can be misread to mean that "\x20" is the escape code for
"-" which is the only character explicitly mentioned. This lead to at
least one user loosing hair over why a mount unit for "/foo/bar-baz"
didn't work. The example escape is arbitrary so lets prevent hair loss.
This extends the udev parser to support OP_REMOVE (-=) and adds support
for TAG-= to remove previously set tags. We don't fail if the tag didn't
exist.
This is pretty handy if we ship default rules for seat-assignments and
users want to exclude specific devices from that. They can easily add
rules that drop any automatically added "seat" tags again.
This lets the routing metric for links to be specified per-network,
still defaulting to DHCP_ROUTE_METRIC (1024) if unspecified. Hopefully
this helps with multiple interfaces configured via DHCP.
Add a new directive called BusPolicy to define custom endpoint policies. If
one such directive is given, an endpoint object in the service's ExecContext is
created and the given policy is added to it.
hibernate-resume-generator understands resume= kernel command line parameter
and instantiates the systemd-resume@.service accordingly if it is passed.
This enables resume from hibernation using device specified on the kernel
command line, and it may be specified either as "/dev/disk/by-foo/bar"
or "FOO=bar", not only "/dev/sdXY" which is understood by the in-kernel
implementation.
So now resume= is brought on par with root= in terms of possible ways to
specify a device.
This can be used to initiate a resume from hibernation by path to a swap
device containing the hibernation image.
The respective templated unit is also added. It is instantiated using
path to the desired resume device.
When this system-wide start-up timeout is hit we execute one of the
failure actions already implemented for services that fail.
This should not only be useful on embedded devices, but also on laptops
which have the power-button reachable when the lid is closed. This
devices, when in a backpack might get powered on by accident due to the
easily reachable power button. We want to make sure that the system
turns itself off if it starts up due this after a while.
When the system manages to fully start-up logind will suspend the
machine by default if the lid is closed. However, in some cases we don't
even get as far as logind, and the boot hangs much earlier, for example
because we ask for a LUKS password that nobody ever enters.
Yeah, this is a real-life problem on my Yoga 13, which has one of those
easily accessible power buttons, even if the device is closed.
This is useful for services that simply want to run something on
shutdown, but not at bootup. They should only set ExecStop= but leave
ExecStart= unset.
This turns journalctl to the counterpart of systemd-cat.
Messages sent with
systemd-cat --identifier foo --prioritiy debug
can now be shown with
journalctl --identifier foo --prioritiy debug
"--identifier" is not merged with "--unit" to make a clear
distinction between syslog and systemd units.
syslog identifiers can be chosen freely by anyone.
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit.
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
The interface for creating tuntap devices should be ported to rtnl so it would support the same settings
as other kinds. In the meantime, the best one can do is to drop in a .link file to set the desired options.
Remove the sd_ prefix from internal functions and get rid of the sd_memfd
type. As a memfd is now just a native file descriptor, we can get rid of our
own wrapper type, and also use close() and dup() on them directly.
TCP_DEFER_ACCEPT Allow a listener to be awakened only when data
arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side
listening socket, the TCP/IP stack will not to wait for the final
ACK packet and not to initiate the process until the first packet
of real data has arrived. After sending the SYN/ACK, the server will
then wait for a data packet from a client. Now, only three packets
will be sent over the network, and the connection establishment delay
will be significantly reduced.
The tcp keep alive variables now can be configured via conf
parameter. Follwing variables are now supported by this patch.
tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes
tcp_keepalive_probes: The maximum number of TCP keep-alive probes to
send before giving up and killing the connection if no response is
obtained from the other end.
tcp_keepalive_time: The number of seconds a connection needs to be
idle before TCP begins sending out keep-alive probes.
This reverts commit 9528592ff8.
Apparently TFO is actually the default at least for the server side now.
Also the setsockopt doesn't actually take a bool, but a qlen integer.
TCP Fast Open (TFO) speeds up the opening of successiveTCP)
connections between two endpoints.It works by using a TFO cookie
in the initial SYN packet to authenticate a previously connected
client. It starts sending data to the client before the receipt
of the final ACK packet of the three way handshake is received,
skipping a round trip and lowering the latency in the start of
transmission of data.
This patch adds support for TCP TCP_NODELAY socket option. This can be
configured via NoDelay conf parameter. TCP Nagle's algorithm works by
combining a number of small outgoing messages, and sending them all at
once. This controls the TCP_NODELAY socket option.
This causes machines without connectivity to hang where they would otherwise fail. Keep it
opt-in for now, but consider whether we sholud just drop it.
Newer kernels export meta-information about the origin of an ifname. Respect this
from the ifname rename logic. We do not rename any interfaces that was originally
named by userspace, nor once which have already been renamed from userspace.
Moreover, we optionally do not (the default) rename interfaces which the kernel
claims to have named in a predictable way.
* systemd-bootchart always parses /proc/uptime, although the
information is unnecessary when --rel specified
* use /proc/uptime is overkill, since Linux 2.6.39 we have
clock_gettime(CLOCK_BOOTTIME, ...). The backend on kernel side is
get_monotonic_boottime() in both cases.
* main() uses "if (graph_start <= 0.0)" to detect that /proc is
available.
This is fragile solution as graph_start is always smaller than zero
on all systems after suspend/resume (e.g. laptops), because in this
case the system uptime includes suspend time and uptime is always
greater number than monotonic time. For example right now difference
between uptime and monotonic time is 37 hours on my laptop.
Note that main() calls log_uptime() (to parse /proc/uptime) for each
sample when it believes that /proc is not available. So on my laptop
systemd-boochars spends all live with /proc/uptime parsing +
nanosleep(), try
strace /usr/lib/systemd/systemd-bootchart
to see the never ending loop.
This patch uses access("/proc/vmstat", F_OK) to detect procfs.
We generally have separate man pages for all configuration files.
In this case udev.conf was already described in systemd-udevd.service(8),
but it was hard to find. Docbook makes it hard to add a .so link from
a different section, so describe udev.conf in its own page.
This changes the behavior when both DHCPv4 and IPv4LL are enabled. Before,
we would disable IPv4LL when we got a DHCPv4 lease and enable it if the
lease was lost.
Now we just always set up both, if both are enabled, but the DHCPv4
addresses and routes will always take precedence due to their metric
and scope.
Some events take longer than the default 30 seconds. Killing those
events will leave the machine halfway configured.
Add a commandline option '--event-timeout' to handle these cases.
This is necessary for non-ipv4ll hosts to communicate with ipv4ll-only hosts on the same link. Defaults
to being enabled, but can be opted out.
See: <http://avahi.org/wiki/AvahiAutoipd#Routes>
The following bond options are supported by this patch.
MIIMonitorSec:
Specifies the frequency in milli-seconds that MII link
monitoring will occur.
UpDelaySec:
Specifies the delay time in milli-seconds to enable a link
after a link up status has been detected.
DownDelaySec:
Specifies the delay time in milli-seconds to disable a link
after a link failure has been detected.
changes:
1. Added gconf variables.
2. man page
conf:
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
TransmitHashPolicy=layer2+3
LacpduTransmitRate=fast
MIIMonitorSec=1s
UpDelaySec=2s
DownDelaySec=8s
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 1000
Up Delay (ms): 2000
Down Delay (ms): 8000
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
bond bond1 has no active aggregator
[tomegun: rephrased manpage, dropped bond_ prefix from variables]
LacpduTransmitRate
option specifies the rate in which link partner to transmit
LACPDU packets in 802.3ad mode. Possible values
slow : Request partner to transmit LACPDUs every 30 seconds
fast : Request partner to transmit LACPDUs every 1 second
The default is slow.
chages:
1. Added enum bond_lacp_rate_table
2. gperf LacpduTransmitRate
Test:
conf file:
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
LacpduTransmitRate=fast
test:
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
bond bond1 has no active aggregator
[tomegun: renamed from LacpduTransmitRate to LACPTransmitRate, manpage fixes and
dropped bond_ prefix from variables]
This patch adds support the transmit hash policy to use
for slave selection in balance-xor, 802.3ad, and tlb modes
layer2, layer3+4, layer2+3, encap3+4, encap3+4
Added:
1. BondXmitHashPolicy
2. conf param TransmitHashPolicy
Test conf:
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
TransmitHashPolicy=layer2+3
test output:
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
bond bond1 has no active aggregator
[tomegun: dropped bond_ prefix from new Bond variable, drop repeated man-page section]
A system that is running on a logical partition (LPAR) provided by
PR/SM has access to physical hardware (except CPU). It is true that
PR/SM abstracts the hardware, but only for sharing purposes.
Details are statet at:
http://publib.boulder.ibm.com/infocenter/eserver/v1r2/topic/eicaz/eicazzlpar.htm
-->--
In other words, PR/SM transforms physical resources into virtual resources so
that many logical partitions can share the same physical resources.
--<--
Still, from the OS point of view, the shared virtual resource is real
hardware. ConditionVirtualization must be set to false if the OS runs
directly on PR/SM (e.g. in an LPAR).
[zj: reorder code so that variables are not allocated when #if-def is
false. Add commit message.]
