summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add SPDX license identifiers to catalog and po filesZbigniew Jędrzejewski-Szmek2017-11-1944-0/+88
|
* Add SPDX license identifiers to source files under the GPLZbigniew Jędrzejewski-Szmek2017-11-1934-0/+34
|
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191138-2/+1140
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* Merge pull request #7388 from keszybz/doc-tweakLennart Poettering2017-11-192-6/+6
|\ | | | | Add link to kernel docs about no_new_privs and drop note about CPU controller
| * man: remove note about CPU controller being unmergedZbigniew Jędrzejewski-Szmek2017-11-191-5/+1
| | | | | | | | | | | | | | | | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d5936344f30aba0f6ddb92b030cb6a05168efe6 In principle we shouldn't merge this until after 4.15 is released, but the chances of a revert upstream are low, and in that unlikely scenario we can just revert this patch, it's a trivial documentation update after all.
| * man: add link to kernel docs about no_new_privsZbigniew Jędrzejewski-Szmek2017-11-191-1/+5
| |
* | machined: support "machinectl bind" on non-directories (#7349)Lennart Poettering2017-11-192-36/+74
| | | | | | Fixes: #7195
* | Merge pull request #7365 from poettering/nspawn-bind-usernsZbigniew Jędrzejewski-Szmek2017-11-199-65/+174
|\ \ | |/ |/| nspawn: document --bind= and --private-users relationship, and make recursive chown()ing safe
| * nspawn: make recursive chown()ing logic safe for being aborted in the middleLennart Poettering2017-11-174-63/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We currently use the ownership of the top-level directory as a hint whether we need to descent into the whole tree to chown() it recursively or not. This is problematic with the previous chown()ing algorithm, as when descending into the tree we'd first chown() and then descend further down, which meant that the top-level directory would be chowned first, and an aborted recursive chowning would appear on the next invocation as successful, even though it was not. Let's reshuffle things a bit, to make the re-chown()ing safe regarding interruptions: a) We chown() the dir we are looking at last, and descent into all its children first. That way we know that if the top-level dir is properly owned everything inside of it is properly owned too. b) Before starting a chown()ing operation, we mark the top-level directory as owned by a special "busy" UID range, which we can use to recognize whether a tree was fully chowned: if it is marked as busy, it's definitely not fully chowned, as the busy ownership will only be fixed as final step of the chowning. Fixes: #6292
| * nspawn: add missing #pragma once to header fileLennart Poettering2017-11-171-0/+2
| |
| * fs-util: add access_fd() which is like access() but for fdsLennart Poettering2017-11-173-1/+44
| | | | | | | | | | | | Linux doesn't have faccess(), hence let's emulate it. Linux has access() and faccessat() but neither allows checking the access rights of an fd passed in directly.
| * man: document how nspawn's --bind= and --private-users interactLennart Poettering2017-11-171-1/+7
| | | | | | | | Fixes: #5900
* | core: be more defensive if we can't determine per-connection socket peer (#7329)Lennart Poettering2017-11-171-9/+6
| | | | | | | | | | | | | | | | Let's handle gracefully if a client disconnects very early on. This builds on #4120, but relaxes the condition checks further, since we getpeername() might already fail during ExecStartPre= and friends. Fixes: #7172
* | man: rescue.target could be seen as single-user.target (#7323)John Lin2017-11-171-1/+2
| |
* | man: document that start limiting of GC'ed units doesn't work (#7337)Lennart Poettering2017-11-171-15/+18
| | | | | | Fixes: #7139
* | Merge pull request #7360 from poettering/preset-fixZbigniew Jędrzejewski-Szmek2017-11-173-157/+196
|\ \ | | | | | | Some fixes for preset-all logic at boot, plus main.c reworking
| * | install: when we encounter a transient/generated unit while presetting all, ↵Lennart Poettering2017-11-171-0/+2
| | | | | | | | | | | | | | | | | | skip over it silently Fixes: #7100
| * | main: uid_to_name() might theoretically fail, handle thatLennart Poettering2017-11-171-2/+2
| | |
| * | core: shorten main() a bit, split out coredump initializationLennart Poettering2017-11-171-11/+17
| | | | | | | | | | | | No functional changes.
| * | main: let's make main() shorter, let's split out clock initializationLennart Poettering2017-11-171-40/+43
| | | | | | | | | | | | no functional changes
| * | main: let's make main() shorter, let's split out invocation of shutdown binaryLennart Poettering2017-11-171-71/+83
| | | | | | | | | | | | No functional changes
| * | core: let's shorten main() a bit, let's split out telinit redirection into a ↵Lennart Poettering2017-11-171-10/+18
| | | | | | | | | | | | separate function
| * | main: add set_manager_settings(), similar in style to set_manager_defaults()Lennart Poettering2017-11-171-5/+13
| | |
| * | core: never apply first boot presets in the initrdLennart Poettering2017-11-172-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Presets are useful to initialize uninitialized /etc, but that doesn't apply to the initrd. Also, let's rename etc_empty → first_boot. After all, the variable doesn't actually reflect whether /etc is really empty, it just reflects whether /etc/machine-id existed originally or not. Moreover, we later on directly initialize manager_set_first_boot() from it, hence let's just name it the same way all through the codepath, to make this all less confusing. See: #7100
| * | main: rename manager_set_defaults() → set_manager_defaults()Lennart Poettering2017-11-171-3/+3
| |/ | | | | | | | | | | This function is really not a method of the Manager object (implemented in manager.c), but just a helper in main.c. Hence let's not confusingly name it the way methods are called.
* | Merge pull request #7338 from poettering/doc-restart-fixZbigniew Jędrzejewski-Szmek2017-11-173-19/+28
|\ \ | |/ |/| improve unit restart documentation a bit
| * update TODOLennart Poettering2017-11-171-0/+4
| |
| * man: document that ExecStop= is executed during restartsLennart Poettering2017-11-171-1/+3
| | | | | | | | Fixes: #7126
| * man: add missing suffixing "=" for setting nameLennart Poettering2017-11-171-1/+1
| |
| * man: write "stop and start" instead of "restart" when explaining the reload ↵Lennart Poettering2017-11-171-14/+9
| | | | | | | | | | | | | | | | | | | | | | fallback operations We already made a similar change when talking about the "restart" command, let's also do this for "systemctl reload" and friends. Follow-up for: 6539dd7c42946d9ba5dc43028b8b5785eb2db3c5 See: #7126
| * man: document the interaction of "systemctl restart" and the FD storeLennart Poettering2017-11-171-3/+11
|/ | | | See: #7126
* test-cgroup-util: skip cg hierarchy tests when necessary (#7371)Zbigniew Jędrzejewski-Szmek2017-11-171-2/+7
|
* nspawn: correctly document the relationship of --keep-unit and --register=no ↵Lennart Poettering2017-11-171-13/+10
| | | | | (#7364) Fixes: #7228
* core/cgroup: assigning empty string to Delegate= resets list of controllers ↵Yu Watanabe2017-11-173-3/+13
| | | | | | | | | | | (#7336) Before this, assigning empty string to Delegate= makes no change to the controller list. This is inconsistent to the other options that take list of strings. After this, when empty string is assigned to Delegate=, the list of controllers is reset. Such behavior is consistent to other options and useful for drop-in configs. Closes #7334.
* Merge pull request #7357 from yuwata/7314-modLennart Poettering2017-11-172-6/+34
|\ | | | | mount: add "-G" as shortcut for "--property=CollectMode=inactive-or-failed"
| * mount: show which argument is invalidYu Watanabe2017-11-171-4/+4
| |
| * mount: add "-G" as shortcut for "--property=CollectMode=inactive-or-failed"Yu Watanabe2017-11-172-2/+30
| |
* | cgroup: assume the use of v1 when all the preceding checks fail (#7366)Evgeny Vereshchagin2017-11-171-10/+11
|/ | | | | | This patch restores the default that was changed in 2977724b09eb997fc8, making the tools depending on it work again. Closes: #6477 and https://github.com/lxc/lxc/issues/1669
* Merge pull request #7314 from poettering/gc-modeLennart Poettering2017-11-1613-28/+186
|\ | | | | add new CollectMode= unit file setting for tweaking the unit garbage collection logic
| * update TODOLennart Poettering2017-11-161-5/+4
| |
| * run: add "-G" as shortcut for "--property=CollectMode=inactive-or-failed"Lennart Poettering2017-11-162-2/+30
| | | | | | | | | | | | | | | | | | This option is likely to be very useful for systemd-run invocations, hence let's add a shortcut for it. With this new concepts it's now very easy to put together systemd-run invocations that leave zero artifacts in the system, including when they fail.
| * core: add a new unit file setting CollectMode= for tweaking the GC logicLennart Poettering2017-11-168-7/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now, the option only takes one of two possible values "inactive" or "inactive-or-failed", the former being the default, and exposing same behaviour as the status quo ante. If set to "inactive-or-failed" units may be collected by the GC logic when in the "failed" state too. This logic should be a nicer alternative to using the "-" modifier for ExecStart= and friends, as the exit data is collected and logged about and only removed when the GC comes along. This should be useful in particular for per-connection socket-activated services, as well as "systemd-run" command lines that shall leave no artifacts in the system. I was thinking about whether to expose this as a boolean, but opted for an enum instead, as I have the suspicion other tweaks like this might be a added later on, in which case we extend this setting instead of having to add yet another one. Also, let's add some documentation for the GC logic.
| * unit: rework a bit how we keep the service fdstore from being destroyed ↵Lennart Poettering2017-11-164-16/+25
|/ | | | | | | | | | | | | | | | | | | | | | during service restart When preparing for a restart we quickly go through the DEAD/INACTIVE service state before entering AUTO_RESTART. When doing this, we need to make sure we don't destroy the FD store. Previously this was done by checking the failure state of the unit, and keeping the FD store around when the unit failed, under the assumption that the restart logic will then get into action. This is not entirely correct howver, as there might be failure states that will no result in restarts. With this commit we slightly alter the logic: a ref counter for the fd store is added, that is increased right before we handle the restart logic, and decreased again right-after. This should ensure that the fdstore lives exactly as long as it needs. Follow-up for f0bfbfac43b7faa68ef1bb2ad659c191b9ec85d2.
* Merge pull request #7246 from poettering/journal-extra-fieldsZbigniew Jędrzejewski-Szmek2017-11-1633-242/+1008
|\ | | | | add new per-unit LogLevelMax= and LogExtraField= setting
| * test-unit-file: add test for config_parse_log_extra_fields()Zbigniew Jędrzejewski-Szmek2017-11-161-0/+68
| |
| * man: document LogFieldMax= and LogExtraFields=Lennart Poettering2017-11-161-0/+35
| |
| * core: implement /run/systemd/units/-based path for passing unit info from ↵Lennart Poettering2017-11-1627-87/+766
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
| * man: update SyslogXYZ= documentation a bitLennart Poettering2017-11-161-61/+41
| | | | | | | | | | | | Let's clarify that these settings only apply to stdout/stderr logging. Always mention the journal before syslog (as the latter is in most ways just a legacy alias these days). Always mention the +console cases too.
| * man: rework the discussion of Storage= a bitLennart Poettering2017-11-161-11/+13
| | | | | | | | | | Most distributions default to persistent storage these days, hence don't claim otherwise.
| * journald: when logging about dropped messages, include more meta dataLennart Poettering2017-11-165-12/+15
| | | | | | | | | | | | | | | | | | | | | | When we drop messages of a unit, we log about. Let's add some structured data to that. Let's include how many messages we dropped, but more importantly, let's link up the message we generate to the unit we dropped the messages from by using the "OBJECT" logic, i.e. by generating OBJECT_SYSTEMD_UNIT= fields and suchlike, that "journalctl -u" and friends already look for. Fixes: #6494