diff options
| -rw-r--r-- | NEWS | 30 | ||||
| -rw-r--r-- | catalog/systemd.ko.catalog.in | 61 | ||||
| -rw-r--r-- | man/journald.conf.xml | 9 | ||||
| -rw-r--r-- | src/core/service.c | 10 | ||||
| -rw-r--r-- | src/journal/journald-server.c | 33 |
5 files changed, 122 insertions, 21 deletions
@@ -12,7 +12,7 @@ CHANGES WITH 232 in spe whole file system tree with the exception of /dev, /proc, and /sys, to be remounted read-only for a service. - * The new ProtectedKernelTunables= option can be used to disable + * The new ProtectKernelTunables= option can be used to disable modification of configuration files in /sys and /proc by a service. Various directories and files are remounted read-only, so access is restricted even if the file permissions would allow it. @@ -360,7 +360,7 @@ CHANGES WITH 231: file. It can be used in lieu of %systemd_requires in packages which don't use any systemd functionality and are intended to be installed in minimal containers without systemd present. This macro provides - ordering dependecies to ensure that if the package is installed in + ordering dependencies to ensure that if the package is installed in the same rpm transaction as systemd, systemd will be installed before the scriptlets for the package are executed, allowing unit presets to be handled. @@ -395,7 +395,7 @@ CHANGES WITH 231: "mkosi" is invoked in the build tree a new raw OS image is generated incorporating the systemd sources currently being worked on and a clean, fresh distribution installation. The generated OS image may be - booted up with "systemd-nspawn -b -i", qemu-kvm or on any physcial + booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical UEFI PC. This functionality is particularly useful to easily test local changes made to systemd in a pristine, defined environment. See HACKING for details. @@ -1058,7 +1058,7 @@ CHANGES WITH 228: --user instance of systemd these specifiers where correctly resolved, but hardly made any sense, since the user instance lacks privileges to do user switches anyway, and User= is - hence useless. Morever, even in the --user instance of + hence useless. Moreover, even in the --user instance of systemd behaviour was awkward as it would only take settings from User= assignment placed before the specifier into account. In order to unify and simplify the logic around @@ -1194,7 +1194,7 @@ CHANGES WITH 227: * The RuntimeDirectory= setting now understands unit specifiers like %i or %f. - * A new (still internal) libary API sd-ipv4acd has been added, + * A new (still internal) library API sd-ipv4acd has been added, that implements address conflict detection for IPv4. It's based on code from sd-ipv4ll, and will be useful for detecting DHCP address conflicts. @@ -1763,7 +1763,7 @@ CHANGES WITH 220: * systemd-nspawn gained a new --property= setting to set unit properties for the container scope. This is useful for - setting resource parameters (e.g "CPUShares=500") on + setting resource parameters (e.g. "CPUShares=500") on containers started from the command line. * systemd-nspawn gained a new --private-users= switch to make @@ -3109,7 +3109,7 @@ CHANGES WITH 214: time, the extended attribute calls have moved to glibc, and libattr is thus unnecessary. - * Virtualization detection works without priviliges now. This + * Virtualization detection works without privileges now. This means the systemd-detect-virt binary no longer requires CAP_SYS_PTRACE file capabilities, and our daemons can run with fewer privileges. @@ -3833,7 +3833,7 @@ CHANGES WITH 209: /usr/lib/net/links/99-default.link. Old 80-net-name-slot.rules udev configuration file has been removed, so local configuration overriding this file should - be adapated to override 99-default.link instead. + be adapted to override 99-default.link instead. * When the User= switch is used in a unit file, also initialize $SHELL= based on the user database entry. @@ -4476,7 +4476,7 @@ CHANGES WITH 206: * logind's device ACLs may now be applied to these "dead" devices nodes too, thus finally allowing managed access to - devices such as /dev/snd/sequencer whithout loading the + devices such as /dev/snd/sequencer without loading the backing module right-away. * A new RPM macro has been added that may be used to apply @@ -4967,7 +4967,7 @@ CHANGES WITH 199: processes executed in parallel based on the number of available CPUs instead of the amount of available RAM. This is supposed to provide a more reliable default and limit a too aggressive - paralellism for setups with 1000s of devices connected. + parallelism for setups with 1000s of devices connected. Contributions from: Auke Kok, Colin Walters, Cristian Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes @@ -5305,7 +5305,7 @@ CHANGES WITH 197: presenting log data. * systemctl will no longer show control group information for - a unit if a the control group is empty anyway. + a unit if the control group is empty anyway. * logind can now automatically suspend/hibernate/shutdown the system on idle. @@ -6096,7 +6096,7 @@ CHANGES WITH 186: * The SysV search path is no longer exported on the D-Bus Manager object. - * The Names= option is been removed from unit file parsing. + * The Names= option has been removed from unit file parsing. * There's a new man page bootup(7) detailing the boot process. @@ -6241,7 +6241,7 @@ CHANGES WITH 183: about this in more detail. * var-run.mount and var-lock.mount are no longer provided - (which prevously bind mounted these directories to their new + (which previously bind mounted these directories to their new places). Distributions which have not converted these directories to symlinks should consider stealing these files from git history and add them downstream. @@ -6382,7 +6382,7 @@ CHANGES WITH 44: * Many bugfixes for the journal, including endianness fixes and ensuring that disk space enforcement works - * sd-login.h is C++ comptaible again + * sd-login.h is C++ compatible again * Extend the /etc/os-release format on request of the Debian folks @@ -6610,7 +6610,7 @@ CHANGES WITH 38: * New man pages for all APIs from libsystemd-login. - * The build tree got reorganized and a the build system is a + * The build tree got reorganized and the build system is a lot more modular allowing embedded setups to specifically select the components of systemd they are interested in. diff --git a/catalog/systemd.ko.catalog.in b/catalog/systemd.ko.catalog.in index 8a053254ee..0249cba747 100644 --- a/catalog/systemd.ko.catalog.in +++ b/catalog/systemd.ko.catalog.in @@ -25,6 +25,7 @@ # # Translator : # Seong-ho Cho <darkcircle.0426@gmail.com>, 2015. +# Dongsu Park <dpark@posteo.net>, 2016. -- f77379a8490b408bbe5f6940505a777b Subject: 저널 시작 @@ -42,6 +43,24 @@ Support: %SUPPORT_URL% 시스템 저널 프로세스를 껐고 현재 활성화 중인 저널 파일을 모두 닫았습니다. +-- ec387f577b844b8fa948f33cad9a75e6 +Subject: 저널이 디스크 공간을 점유중 +Defined-By: systemd +Support: %SUPPORT_URL% + +저널 @JOURNAL_NAME@ (@JOURNAL_PATH@)이 현재 @CURRENT_USE_PRETTY@ +만큼의 용량을 사용하고 있습니다. 최대 허용 용량은 +@MAX_USE_PRETTY@입니다. 최소한 @DISK_KEEP_FREE_PRETTY@의 빈공간을 +남겨둡니다. (현재 디스크 전체 용량은 @DISK_AVAILABLE_PRETTY@) +따라서 실제 사용 최대 한도는 @LIMIT_PRETTY@으로 설정되며, +@AVAILABLE_PRETTY@ 만큼의 용량이 계속 비어있습니다. + +저널이 차지하는 디스크 공간을 제어하기 위해서는 +/etc/systemd/journald.conf 의 SystemMaxUse=, SystemKeepFree=, +SystemMaxFileSize=, RuntimeMaxUse=, RuntimeKeepFree=, +RuntimeMaxFileSize= 변수를 설정합니다. 자세한 내용은 +journald.conf(5)을 살펴보십시오. + -- a596d6fe7bfa4994828e72309e95d61e Subject: 서비스의 메시지를 거절함 Defined-By: systemd @@ -56,7 +75,7 @@ Documentation: man:journald.conf(5) 메시지 거절 제어 제한 값은 /etc/systemd/journald.conf 의 RateLimitIntervalSec= 변수와 RateLimitBurst= 변수로 설정합니다. -자세한 내용은 ournald.conf(5)를 살펴보십시오. +자세한 내용은 journald.conf(5)를 살펴보십시오. -- e9bf28e6e834481bb6f48f548ad13606 Subject: 저널 메시지 놓침 @@ -246,7 +265,7 @@ Support: %SUPPORT_URL% 두번째 필드 또는 systemd 유닛 파일의 Where= 필드) 비어있지 않습니다. 마운트 과정에 방해가 되진 않지만 이전에 이 디렉터리에 존재하는 파일에 접근할 수 없게 됩니다. 중복으로 마운트한 파일을 보려면, 근본 파일 -시스템의 다음 위치에 직접 마운트하십시오. +시스템을 별도 위치에 직접 마운트하십시오. -- 24d8d4452573402496068381a6312df2 Subject: 가상 머신 또는 컨테이너 시작 @@ -262,3 +281,41 @@ Defined-By: systemd Support: %SUPPORT_URL% @LEADER@ 프로세스 ID로 동작하는 @NAME@ 가상 머신을 껐습니다. + +-- 36db2dfa5a9045e1bd4af5f93e1cf057 +Subject: 서버 미지원으로 인하여 DNSSEC 모드 종료 +Defined-By: systemd +Support: %SUPPORT_URL% +Documentation: man:systemd-resolved.service(8) resolved.conf(5) + +해당 DNS 서버가 DNSSEC을 지원하지 않는다는 것을 리졸버 서비스 +(systemd-resolved.service)가 인식했습니다. 따라서 DNSSEC 검증 기능도 +꺼집니다. + +이 이벤트는 resolved.conf 파일에 DNSSEC=allow-downgrade가 설정되었고, 해당 +DNS 서버가 DNSSEC과 비호환일 경우에만 발생합니다. 이 모드를 켤 경우에는 +DNSSEC 다운그레이드 공격을 허용할수 있다는 점에 주의하세요. 이는 공격자 +역시 다운그레이드가 발생한 통신 채널에 DNS 응답 메시지를 끼워넣는 방식으로 +DNSSEC 검증 기능을 꺼버릴수 있기 때문입니다. + +이 이벤트가 의미하는 것은, DNS 서버가 실제로 DNSSEC과 비호환이거나, 또는 +공격자가 위와 같은 다운그레이드 공격을 수행하는데 성공했다는 뜻입니다. + +-- 1675d7f172174098b1108bf8c7dc8f5d +Subject: DNSSEC 검증 실패 +Defined-By: systemd +Support: %SUPPORT_URL% +Documentation: man:systemd-resolved.service(8) + +DNS 요청 또는 리소스 레코드가 DNSSEC 검증에 실패했습니다. 이것은 보통 +해당 통신 채널이 조작되었다는 뜻입니다. + +-- 4d4408cfd0d144859184d1e65d7c8a65 +Subject: DNSSEC 신뢰성 시작점 취소 +Defined-By: systemd +Support: %SUPPORT_URL% +Documentation: man:systemd-resolved.service(8) + +DNSSEC 신뢰성 시작점이 취소되었습니다. 새로운 신뢰성 시작점이 설정되거나, +또는 업데이트된 DNSSEC 신뢰성 시작점을 제공하기 위해서 운영체제를 업데이트 +해야 합니다. diff --git a/man/journald.conf.xml b/man/journald.conf.xml index a9562c121a..df2e2246a1 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -348,7 +348,14 @@ <literal>notice</literal> for <varname>MaxLevelKMsg=</varname>, <literal>info</literal> for <varname>MaxLevelConsole=</varname>, and <literal>emerg</literal> for - <varname>MaxLevelWall=</varname>.</para></listitem> + <varname>MaxLevelWall=</varname>. These settings may be + overridden at boot time with the kernel command line options + <literal>systemd.journald.max_level_store=</literal>, + <literal>systemd.journald.max_level_syslog=</literal>, + <literal>systemd.journald.max_level_kmsg=</literal>, + <literal>systemd.journald.max_level_console=</literal>, + <literal>systemd.journald.max_level_wall=</literal>.</para> + </listitem> </varlistentry> <varlistentry> diff --git a/src/core/service.c b/src/core/service.c index 5b92c901e3..ee4f4983fc 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1756,7 +1756,15 @@ static void service_enter_start(Service *s) { } if (!c) { - assert(s->type == SERVICE_ONESHOT); + if (s->type != SERVICE_ONESHOT) { + /* There's no command line configured for the main command? Hmm, that is strange. This can only + * happen if the configuration changes at runtime. In this case, let's enter a failure + * state. */ + log_unit_error(UNIT(s), "There's no 'start' task anymore we could start: %m"); + r = -ENXIO; + goto fail; + } + service_enter_start_post(s); return; } diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 5ea65e2deb..44962bc5d6 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -71,6 +71,7 @@ #include "string-table.h" #include "string-util.h" #include "user-util.h" +#include "syslog-util.h" #define USER_JOURNALS_MAX 1024 @@ -130,8 +131,6 @@ static void cache_space_invalidate(JournalStorageSpace *space) { } static int cache_space_refresh(Server *s, JournalStorage *storage) { - - _cleanup_closedir_ DIR *d = NULL; JournalStorageSpace *space; JournalMetrics *metrics; uint64_t vfs_used, vfs_avail, avail; @@ -1573,6 +1572,36 @@ static int server_parse_proc_cmdline(Server *s) { log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33); else s->forward_to_wall = r; + } else if (startswith(word, "systemd.journald.max_level_console=")) { + r = log_level_from_string(word + 35); + if (r < 0) + log_warning("Failed to parse max level console value %s. Ignoring.", word + 35); + else + s->max_level_console = r; + } else if (startswith(word, "systemd.journald.max_level_store=")) { + r = log_level_from_string(word + 33); + if (r < 0) + log_warning("Failed to parse max level store value %s. Ignoring.", word + 33); + else + s->max_level_store = r; + } else if (startswith(word, "systemd.journald.max_level_syslog=")) { + r = log_level_from_string(word + 34); + if (r < 0) + log_warning("Failed to parse max level syslog value %s. Ignoring.", word + 34); + else + s->max_level_syslog = r; + } else if (startswith(word, "systemd.journald.max_level_kmsg=")) { + r = log_level_from_string(word + 32); + if (r < 0) + log_warning("Failed to parse max level kmsg value %s. Ignoring.", word + 32); + else + s->max_level_kmsg = r; + } else if (startswith(word, "systemd.journald.max_level_wall=")) { + r = log_level_from_string(word + 32); + if (r < 0) + log_warning("Failed to parse max level wall value %s. Ignoring.", word + 32); + else + s->max_level_wall = r; } else if (startswith(word, "systemd.journald")) log_warning("Invalid systemd.journald parameter. Ignoring."); } |