diff options
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | TODO | 22 | ||||
| -rw-r--r-- | man/sd_notify.xml | 9 | ||||
| -rw-r--r-- | man/systemd-notify.xml | 22 | ||||
| -rw-r--r-- | man/systemd.service.xml | 40 | ||||
| -rw-r--r-- | src/mount/mount-tool.c | 1 |
6 files changed, 72 insertions, 26 deletions
@@ -67,13 +67,13 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG - Required for PrivateNetwork and PrivateDevices in service units: + Required for PrivateNetwork= and PrivateDevices= in service units: CONFIG_NET_NS CONFIG_DEVPTS_MULTIPLE_INSTANCES Note that systemd-localed.service and other systemd units use PrivateNetwork and PrivateDevices so this is effectively required. - Required for PrivateUsers in service units: + Required for PrivateUsers= in service units: CONFIG_USER_NS Optional but strongly recommended: @@ -24,6 +24,11 @@ Janitorial Clean-ups: Features: +* maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for + the sd-journal logging socket, and, if the timeout is set to 0, sets + O_NONBLOCK on it. That way people can control if and when to block for + logging. + * journald: when we recv a log datagram via the native or syslog transports, search for the PID in the active stream connections, and let's make sure to always process the datagrams before the streams. Then, cache client metadata @@ -35,6 +40,11 @@ Features: partitions automatically, to be used when the media used is actually larger than the image written onto it is. +* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing + after all. Be strict however, only support the equivalent of nspawn's + --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such + as MAINPID. + * change the dependency Set* objects in Unit structures to become Hashmap*, and then store a bit mask who created a specific dependency: the source unit via fragment configuration, the destination unit via fragment configuration, or @@ -48,6 +58,15 @@ Features: the service cgroup, which is supposed to monitor the service, and when it exits the service is considered failed by its monitor. +* track the per-service PAM process properly (i.e. as an additional control + process), so that it may be queried on the bus and everything. + +* add a new "debug" job mode, that is propagated to unit_start() and for + services results in two things: we raise SIGSTOP right before invoking + execve() and turn off watchdog support. Then, use that to implement + "systemd-gdb" for attaching to the start-up of any system service in its + natural habitat. + * replace all canonicalize_file_name() invocations by chase_symlinks(), in particulr those where a rootdir is relevant. @@ -55,6 +74,9 @@ Features: * set ProtectSystem=strict for all our usual services. +* fix PrivateNetwork= so that we fall back gracefully on kernels lacking + namespacing support (similar for the other namespacing options) + * maybe add gpt-partition-based user management: each user gets his own LUKS-encrypted GPT partition with a new GPT type. A small nss module enumerates users via udev partition enumeration. UIDs are assigned in a fixed diff --git a/man/sd_notify.xml b/man/sd_notify.xml index 6e98041912..4dcefc4baf 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -268,6 +268,15 @@ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.</para> + <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if either + the sending process is still around at the time PID 1 processes the message, or if the sending process is + explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally forked + off the process, i.e. on all processes that match <varname>NotifyAccess=</varname><option>main</option> or + <varname>NotifyAccess=</varname><option>exec</option>. Conversely, if an auxiliary process of the unit sends an + <function>sd_notify()</function> message and immediately exits, the service manager might not be able to properly + attribute the message to the unit, and thus will ignore it, even if + <varname>NotifyAccess=</varname><option>all</option> is set for it.</para> + <para><function>sd_notifyf()</function> is similar to <function>sd_notify()</function> but takes a <function>printf()</function>-like format string plus diff --git a/man/systemd-notify.xml b/man/systemd-notify.xml index 4a8e119eb6..8c56a6b8ed 100644 --- a/man/systemd-notify.xml +++ b/man/systemd-notify.xml @@ -72,10 +72,24 @@ <para>The command line may carry a list of environment variables to send as part of the status update.</para> - <para>Note that systemd will refuse reception of status updates - from this command unless <varname>NotifyAccess=all</varname> is - set for the service unit this command is called from.</para> - + <para>Note that systemd will refuse reception of status updates from this command unless + <varname>NotifyAccess=</varname> is set for the service unit this command is called from.</para> + + <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if either + the sending process is still around at the time PID 1 processes the message, or if the sending process is + explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally forked + off the process, i.e. on all processes that match <varname>NotifyAccess=</varname><option>main</option> or + <varname>NotifyAccess=</varname><option>exec</option>. Conversely, if an auxiliary process of the unit sends an + <function>sd_notify()</function> message and immediately exits, the service manager might not be able to properly + attribute the message to the unit, and thus will ignore it, even if + <varname>NotifyAccess=</varname><option>all</option> is set for it.</para> + + <para><command>systemd-notify</command> will first attempt to invoke <function>sd_notify()</function> pretending to + have the PID of the invoking process. This will only succeed when invoked with sufficient privileges. On failure, + it will then fall back to invoking it under its own PID. This behaviour is useful in order that when the tool is + invoked from a shell script the shell process — and not the <command>systemd-notify</command> process — appears as + sender of the message, which in turn is helpful if the shell process is the main process of a service, due to the + limitations of <varname>NotifyAccess=</varname><option>all</option> described above.</para> </refsect1> <refsect1> diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 522ed5e61e..420ae4e7b5 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -792,26 +792,26 @@ <varlistentry> <term><varname>NotifyAccess=</varname></term> - <listitem><para>Controls access to the service status - notification socket, as accessible via the - <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> - call. Takes one of <option>none</option> (the default), - <option>main</option>, <option>exec</option> or - <option>all</option>. If <option>none</option>, no daemon status - updates are accepted from the service processes, all status - update messages are ignored. If <option>main</option>, only - service updates sent from the main process of the service are - accepted. If <option>exec</option>, only service updates sent - from any of the control processes originating from one of the - <varname>Exec*=</varname> commands are accepted. If - <option>all</option>, all services updates from all members of - the service's control group are accepted. This option should - be set to open access to the notification socket when using - <varname>Type=notify</varname> or - <varname>WatchdogSec=</varname> (see above). If those options - are used but <varname>NotifyAccess=</varname> is not - configured, it will be implicitly set to - <option>main</option>.</para></listitem> + <listitem><para>Controls access to the service status notification socket, as accessible via the + <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> call. Takes one + of <option>none</option> (the default), <option>main</option>, <option>exec</option> or + <option>all</option>. If <option>none</option>, no daemon status updates are accepted from the service + processes, all status update messages are ignored. If <option>main</option>, only service updates sent from the + main process of the service are accepted. If <option>exec</option>, only service updates sent from any of the + main or control processes originating from one of the <varname>Exec*=</varname> commands are accepted. If + <option>all</option>, all services updates from all members of the service's control group are accepted. This + option should be set to open access to the notification socket when using <varname>Type=notify</varname> or + <varname>WatchdogSec=</varname> (see above). If those options are used but <varname>NotifyAccess=</varname> is + not configured, it will be implicitly set to <option>main</option>.</para> + + <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if + either the sending process is still around at the time PID 1 processes the message, or if the sending process + is explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally + forked off the process, i.e. on all processes that match <option>main</option> or + <option>exec</option>. Conversely, if an auxiliary process of the unit sends an + <function>sd_notify()</function> message and immediately exits, the service manager might not be able to + properly attribute the message to the unit, and thus will ignore it, even if + <varname>NotifyAccess=</varname><option>all</option> is set for it.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c index a277724029..4b3cac8a22 100644 --- a/src/mount/mount-tool.c +++ b/src/mount/mount-tool.c @@ -139,6 +139,7 @@ static int parse_argv(int argc, char *argv[]) { { "discover", no_argument, NULL, ARG_DISCOVER }, { "type", required_argument, NULL, 't' }, { "options", required_argument, NULL, 'o' }, + { "fsck", required_argument, NULL, ARG_FSCK }, { "description", required_argument, NULL, ARG_DESCRIPTION }, { "property", required_argument, NULL, 'p' }, { "automount", required_argument, NULL, ARG_AUTOMOUNT }, |