Age | Commit message (Collapse) | Author |
|
It's probably better to be safe here.
|
|
interesting data
|
|
This way, invoking nspawn from a shell in the best case inherits the TERM
setting all the way down into the login shell spawned in the container.
Fixes: #3697
|
|
|
|
This removes the --share-system switch: from the documentation, the --help text
as well as the command line parsing. It's an ugly option, given that it kinda
contradicts the whole concept of PID namespaces that nspawn implements. Since
it's barely ever used, let's just deprecate it and remove it from the options.
It might be useful as a debugging option, hence the functionality is kept
around for now, exposed via an undocumented $SYSTEMD_NSPAWN_SHARE_SYSTEM
environment variable.
|
|
This has the benefit that the container can follow the host's DNS server
changes without us having to constantly update the container's resolv.conf
settings.
|
|
Update documentation for systemd-vconsole-setup
|
|
Each series has identical hardware, let's use a glob instead of listing them
one by one.
|
|
Whether a device is a trackball or not is a physical property so we should
store this globally, in one place. The new property must be set in addition to
ID_INPUT_MOUSE, otherwise existing clients won't detect the device.
No actual code changes required, the default match rule is simply checking for
"Trackball" in the name (in a few versions), other entries need to be added
manually.
|
|
Introduce MaxConnectionsPerSource= that is number of concurrent
connections allowed per IP.
RFE: 1939
|
|
Coredump: save information useful for debuging crashes in containers - v2
|
|
|
|
…since 4de282cf9324ab.
|
|
Process container parent is the process used to start processes with a new
user namespace - e.g systemd-nspawn, runc, lxc, etc.
There is not standard way how to find such a process - or I do not know
about it - hence I have decided to find the first process in the parent
process hierarchy with a different mount namespace and different
/proc/self/root's inode.
I have decided for this criteria because in ABRT we take special care
only if the crashed process runs different code than installed on the
host. Other processes with namespaces different than PID 1's namespaces
are just processes running code shipped by the OS vendor and bug
reporting tools can get information about the provider of the code
without the need to deal with changed root and so on.
|
|
IMA wiki says: "If the IMA policy contains LSM labels, then the LSM
policy must be loaded prior to the IMA policy." Right now, in case of
Smack, the IMA policy is loaded before the Smack policy. Move the order
around to allow Smack labels to be used in IMA policy.
|
|
This complements graphical-session.target for services which set up the
environment (e. g. dbus-update-activation-environment) and need to run before
the actual graphical session.
|
|
(#3850)
The password directory watch should get ordered before cryptsetup to make sure
that the password for unlocking the crypt device gets prompted.
|
|
The file contains information one can use to debug processes running
within a container.
|
|
For this moment machinectl prints legend and count of machines/images/etc.
But in a case when we have no images,machines,etc., there is no sense to
show legend:
~$ machinectl
MACHINE CLASS SERVICE
0 machines listed.
Let's print only 'No machines', 'No images', 'No transfers' in this case.
|
|
The CPUID and DMI vendor strings do not seem to be documented.
Values were found experimentally and by inspecting the source code.
|
|
the ACTION_DONE was introduced in the 4288f61921 (dbus: automatically
generate and install introspection files ) commit and was used in
systemd --introspect command.
Later 'introspect' command was removed in the ca2871d9b (bus: remove
static introspection file export) commit and have no users anymore.
So we can remove it.
|
|
Lenovo trackpoint speed fixes
|
|
They were outdated, and this way it's less likely that they'll get out of sync
again. Anyway, it's easier for the reader to have the kernel and config file
options next to one another.
|
|
For error messages, make them more meaningful by printing the tty name.
Follow-up for #3742.
|
|
In this patch "enabled" and "disabled" is used exclusively, but "enable" and
"disable" forms are need for the following patch.
|
|
|
|
Depending on how binutils was configured and the --enable-fast-install
configure option, the test binary might be called either name.
Fixes: https://github.com/systemd/systemd/issues/3838
|
|
config_parse_user_tasks_max() was incorrectly accepting percentage value
between 1 and 99. Update it to accept 0% and 100%. This brings it in line
with TasksMax handling in systemd.
|
|
|
|
Explain in the systemd.resource-control man that systemd user instance can't use resource control on
cgroup-v1.
|
|
add cgroup-v2.txt link in section "Unified and Legacy Control Group
Hierarchies" of systemd.resource-control man.
|
|
Private devices don't exist when running in a container, so skip the related
tests.
|
|
No point running tests against process 1 if systemd is not running as that
process. This is a rework of an unpublished patch by @9muir.
|
|
The condition tests for hostname will fail if hostname looks like an id128.
The test function attempts to convert hostname to an id128, and if that
succeeds compare it to the machine ID (presumably because the 'hostname'
condition test is overloaded to also test machine ID). That will typically
fail, and unfortunately the 'mock' utility generates a random hostname that
happens to have the same format as an id128, thus causing a test failure.
|
|
|
|
vconsole-setup: updates & fixes V2
|
|
This adds a --disable-lto option to ./configure, but does not change the
default behavior.
|
|
Fixes #3813.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X260 models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T560 models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T460s models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the L460 models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X250 models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T450s models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the L450 models.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the T440p models.
|
|
"#pragma GCC optimize" is merely a convenience to decorate multiple
functions with attribute optimize. And the manual has this to say about
this attribute:
This attribute should be used for debugging purposes only. It
is not suitable in production code.
Some versions of GCC also seem to have a problem with this pragma in
combination with LTO, resulting in ICEs.
So use a different approach (indirect the memset call via a volatile
function pointer) as implemented in openssl's crypto/mem_clr.c.
Closes: #3811
|
|
- about namespace
- about udev rules
|
|
|
|
|