| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This allows to limit units to machines that run on a certain firmware
type. For device tree defined machines checking against the machine's
compatible is also possible.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Requested in
https://github.com/systemd/systemd/pull/15206#discussion_r505506657,
preserve the full granularity for memory pressure limits (permyriad)
instead of capping out at percent.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FixedRandomDelay=yes will use
`siphash24(sd_id128_get_machine() || MANAGER_IS_SYSTEM(m) || getuid() || u->id)`,
where || is concatenation, instead of a random number to choose a value between
0 and RandomizedDelaySec= as the timer delay.
This essentially sets up a fixed, but seemingly random, offset for each timer
iteration rather than having a random offset recalculated each time it fires.
Closes #10355
Co-author: Anita Zhang <the.anitazha@gmail.com>
|
|
|
|
|
| |
This adds the hook ups so it can be read with the usual systemd
utilities. Used in later commits by sytemd-oomd.
|
|
|
|
|
|
|
|
|
|
|
|
| |
With new directive SystemCallLog= it's possible to list system calls to be
logged. This can be used for auditing or temporarily when constructing system
call filters.
---
v5: drop intermediary, update HASHMAP_FOREACH_KEY() use
v4: skip useless debug messages, actually parse directive
v3: don't declare unused variables with old libseccomp
v2: fix build without seccomp or old libseccomp
|
|
|
|
|
|
|
| |
listening state
Disabled by default. When Enabled, before listening on the socket, flush the content.
Applies when Accept=no only.
|
|
|
|
|
|
|
|
|
|
|
| |
procfs mount options
Kernel 5.8 gained a hidepid= implementation that is truly per procfs,
which allows us to mount a distinct once into every unit, with
individual hidepid= settings. Let's expose this via two new settings:
ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=).
Replaces: #11670
|
|
|
|
| |
Also sort entries for service settings.
|
| |
|
| |
|
|
|
|
| |
Fixes #6685.
|
| |
|
|
|
|
|
| |
For most we used uppercasing, but not for all. Let's stick to one rule,
and uppercase them all.
|
|
|
|
|
|
|
| |
Add custom Jekyll theme, logo, webfont and .gitignore
FIXME: the markdown files have some H1 headers which need to be replaced
with H2
|
| |
|
|
|
|
|
|
|
| |
Doing this manually seem to work only so well, but it is indeed hard to generate
automatically. Let's add the stuff that is missing for now.
AddRef= is not a unit file setting, remove it from the list.
|
|
|
|
| |
I don't know why these particular ones had them.
|
|\
| |
| | |
core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt OnTimezoneChange=
|
| |
| |
| |
| | |
OnTimezoneChange=
|
|\ \
| |/
|/| |
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.
This could be used for time-limited login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce support for configuring cpus and mems for processes using
cgroup v2 CPUSET controller. This allows users to limit which cpus
and memory NUMA nodes can be used by processes to better utilize
system resources.
The cgroup v2 interfaces to control it are cpuset.cpus and cpuset.mems
where the requested configuration is written. However, it doesn't mean
that the requested configuration will be actually used as parent cgroup
may limit the cpus or mems as well. In order to reflect the real
configuration cgroup v2 provides read-only files cpuset.cpus.effective
and cpuset.mems.effective which are exported to users as well.
|
|
|
|
| |
Closes #10596
|
|
|
|
|
|
|
| |
I missed adding a section in `systemd.resource-control` about
DefaultMemoryMin in #12332.
Also, add a NEWS entry going over the general concept.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.
This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.
If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).
This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.
Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).
Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.
After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
|
| |
|
|
|
|
| |
Fixes: #6228
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new setting allows configuration of CFS period on the CPU cgroup, instead
of using a hardcoded default of 100ms.
Tested:
- Legacy cgroup + Unified cgroup
- systemctl set-property
- systemctl show
- Confirmed that the cgroup settings (such as cpu.cfs_period_ns) were set
appropriately, including updating the CPU quota (cpu.cfs_quota_ns) when
CPUQuotaPeriodSec= is updated.
- Checked that clamping works properly when either period or (quota * period)
are below the resolution of 1ms, or if period is above the max of 1s.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out Jekyll (the engine behind GitHub Pages) requires that pages
include a "Front Matter" snippet of YAML at the top for proper rendering.
Omitting it will still render the pages, but including it opens up new
possibilities, such as using a {% for %} loop to generate index.md instead of
requiring a separate script.
I'm hoping this will also fix the issue with some of the pages (notably
CODE_OF_CONDUCT.html) not being available under systemd.io
Tested locally by rendering the website with Jekyll. Before this change, the
*.md files were kept unchanged (so not sure how that even works?!), after this
commit, proper *.html files were generated from it.
|
|
|
|
|
|
|
|
|
|
|
| |
in units
This adds SuccessActionExitStatus= and FailureActionExitStatus= that may
be used to configure the exit status to propagate in when
SuccessAction=exit or FailureAction=exit is used.
When not specified let's also propagate the exit status of the main
process we fork off for the unit.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add LogRateLimitIntervalSec= and LogRateLimitBurst= options for
services. If provided, these values get passed to the journald
client context, and those values are used in the rate limiting
function in the journal over the the journald.conf values.
Part of #10230
|
|
|
|
|
|
|
|
|
|
| |
Allows configuring the watchdog signal (with a default of SIGABRT).
This allows an alternative to SIGABRT when coredumps are not desirable.
Appropriate references to SIGABRT or aborting were renamed to reflect
more liberal watchdog signals.
Closes #8658
|
|
The docs/ directory is special in GitHub, since it can be used to serve GitHub
Pages from, so there's a benefit to switching to it in order to expose it
directly as a website.
Updated references to it from the documentations themselves, from the
CONTRIBUTING.md file and from Meson build files.
|