| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Explicitly document the behavior introduced in #7437: when picking a new
UID shift base with "-U", a hash of the machine name will be tried
before falling back to fully random UID base candidates.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old code was only able to pass the value 0 for the inheritable
and ambient capability set when a non-root user was specified.
However, sometimes it is useful to run a program in its own container
with a user specification and some capabilities set. This is needed
when the capabilities cannot be provided by file capabilities (because
the file system is mounted with MS_NOSUID for additional security).
This commit introduces the option --ambient-capability and the config
file option AmbientCapability=. Both are used in a similar way to the
existing Capability= setting. It changes the inheritable and ambient
set (which is 0 by default). The code also checks that the settings
for the bounding set (as defined by Capability= and DropCapability=)
and the setting for the ambient set (as defined by AmbientCapability=)
are compatible. Otherwise, the operation would fail in any way.
Due to the current use of -1 to indicate no support for ambient
capability set the special value "all" cannot be supported.
Also, the setting of ambient capability is restricted to running a
single program in the container payload.
|
| | |
|
| |
|
|
|
| |
We do not allow machine names with "_", so the command would fail as written.
Share the example with the systemd-nspawn page instead.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
We should avoid duplicating lengthy description of very similar concepts.
--root-hash-sig follows the same semantics as RootHashSig=, so just refer
the reader to the other man page. --root-hash doesn't implement the same
features as RootHash=, so we can't fully replace the description, but let's
give the user a hint to look at the other man page too.
For #17177.
|
| |
|
|
| |
For #17177.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default we'll run a container in --console=interactive and
--console=read-only mode depending if we are invoked on a tty or not so
that the container always gets a /dev/console allocated, i.e is always
suitable to run a full init system /as those typically expect a
/dev/console to exist).
With the new --console=autopipe mode we do something similar, but
slightly different: when not invoked on a tty we'll use --console=pipe.
This means, if you invoke some tool in a container with this you'll get
full inetractivity if you invoke it on a tty but things will also be
very nicely pipeable. OTOH you cannot invoke a full init system like
this, because you might or might not become a /dev/console this way...
Prompted-by: #17070
(I named this "autopipe" rather than "auto" or so, since the default
mode probably should be named "auto" one day if we add a name for it,
and this is so similar to "auto" except that it uses pipes in the
non-tty case).
|
| |
|
|
|
| |
The text suggested that either nspawn or systemd can make use of credentials
themselves. In fact they only pass them to children.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Files found with:
for f in *; do \
l=`tr -d '[^(]' < $f | wc -c`; \
r=`tr -d '[^)]' < $f | wc -c`; \
if [ $l -ne $r ]; then \
echo $f $l $r; \
fi; \
done
|
| |
|
|
| |
Fixes #16363. Also includes some changes where I generalized the pattern.
|
| |
|
|
|
|
| |
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/
This gets rid of most but not occasions of these loaded terms:
1. scsi_id and friends are something that is supposed to be removed from
our tree (see #7594)
2. The test suite defines an API used by the ubuntu CI. We can remove
this too later, but this needs to be done in sync with the ubuntu CI.
3. In some cases the terms are part of APIs we call or where we expose
concepts the kernel names the way it names them. (In particular all
remaining uses of the word "slave" in our codebase are like this,
it's used by the POSIX PTY layer, by the network subsystem, the mount
API and the block device subsystem). Getting rid of the term in these
contexts would mean doing some major fixes of the kernel ABI first.
Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
|
| |
|
|
|
|
|
|
| |
dm-verity support in dissect-image at the moment is restricted to GPT
volumes.
If the image a single-filesystem type without a partition table (eg: squashfs)
and a roothash/verity file are passed, set the verity flag and mark as
read-only.
|
| | |
|
| |\
| |
| | |
A few more dbus api documentation updates
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It's not that I think that "hostname" is vastly superior to "host name". Quite
the opposite — the difference is small, and in some context the two-word version
does fit better. But in the tree, there are ~200 occurrences of the first, and
>1600 of the other, and consistent spelling is more important than any particular
spelling choice.
|
| |/ |
|
| |
|
|
|
| |
This saves ~24MB of space, see
https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot.
|
| | |
|
| |\
| |
| | |
introduce GPT partition types for /var and /var/tmp and support them for auto-discovery
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This was previously available here:
https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/
Let's pull it into our repository.
|
| | |
| |
| |
| | |
Now that we converted the documentation we should also link to it.
|
| |/
|
|
|
|
|
|
| |
This commit lowers the chance of having veth name conflicts for machines
created with similar names.
Replaces: #12865
Fixes: #13417
|
| |\
| |
| | |
Fix for the issue when machine cannot be started second time, and better nspawn logging
|
| | | |
|
| | | |
|
| |/
|
|
| |
We nowadays prefer positive options over negative.
|
| |
|
|
|
|
|
| |
Destination file needs to be a valid hostname and underscores
are not valid hostname characters.
Closes #13542
|
| |
|
|
|
|
| |
The default value was described at the end of two long paragraphs.
Make the first para self contained, and move the description of --console=pipe
into the second para.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Remove the retired flag -d from Example 4. "Boot a minimal Arch Linux
distribution in a container". It has been retired here:
https://git.archlinux.org/arch-install-scripts.git/commit/pacstrap.in?id=0af6884aca68dcb7eed0b85fbc2960903df3d968
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To access a shell on a disk image, the man page on Fedora-29 says to
run: `systemd-nspawn -M Fedora-Cloud-Base-28-1.1.x86_64.raw`. Let's
try.
List existing images:
$> machinectl list-images | awk '{print $1,$2}';
NAME TYPE
Fedora-Cloud-Base-30… raw
1 images
Now invoke `systemd-nspawn` as noted in the man page:
$> systemd-nspawn -M Fedora-Cloud-Base-30-1.2.x86_64.raw
No image for machine 'Fedora-Cloud-Base-30-1.2.x86_64.raw'.
Removing the ".raw" extension launches the image and gives a shell.
Update the man page to reflect that.
Frantisek Sumsal on #systemd (Freenode) noted the reason: "In older
versions systemd -M accepted both image-name.raw and image-name as a
valid image names, however, on Fedora 29 (systemd-239) with all the
BTRFS stuff around it accepts only -M image-name (without the
extension)"
- - -
While at it, update the fedora_{latest_version, cloud_release}
variables.
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
|
| |
|
|
| |
It only matters for --help.
|
| |
|
|
|
|
| |
No other changes, just some reshuffling and adding of section headers
(well, admittedly, I changed some "see above" and "see below" in the
text to match the new order.)
|
| | |
|
| |\
| |
| | |
Man headers
|
| | |
| |
| |
| |
| |
| |
| | |
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.
$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
|
| | |
| |
| |
| |
| |
| | |
No need to waste space, and uniformity is good.
$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
|
| |/
|
|
| |
Fixes: #10721
|
| |
|
|
| |
We never made this clear, let's fix that.
|
| | |
|
| |
|
| |
Fix a minor typo: abrubtly -> abruptly.
|
| |
|
|
|
| |
This is already included in .dir-locals, so we don't need it
in the files themselves.
|
| |
|
|
|
|
|
|
| |
nspawn as it is now is a generally useful tool, hence let's drop the
comments about it being useful for debug and so on only.
The new wording just makes the first sentence of the main page also the
summary.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Tested with F26-F29, debian unstable.
$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
|
| |
|
|
|
|
|
|
|
|
|
| |
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
