| Age | Commit message (Collapse) | Author |
|---|
|
a small number of install and unit management related fixes
|
|
|
|
#4067 added documentation to systemd.exec(5), but not systemd.journal-fields(7).
|
|
replace test/sys.tar.xz with script to create test/sys/ contents
|
|
IPv6 Neighbor discovery proxy is the IPv6 equivalent to proxy ARP for IPv4.
It is required when ISPs do not unconditional route IPv6 subnets
to their designated target, but expect neighbor solicitation messages
for every address on a link.
A variable IPv6ProxyNDPAddress= is introduced to the [Network] section,
each representing a IPv6 neighbour proxy entry in the neighbour table.
|
|
https://lists.freedesktop.org/archives/systemd-devel/2017-February/038286.html
Let's keep both the old and new for now, so systemd builds correctly in either
environment. Later on we should drop the old.
|
|
this way, we can still call seccomp ourselves, even if seccomp() is
blocked by the filter we are installing.
Fixes: #5300
|
|
The tarball is no longer needed, as the sys-script.py script creates
all the sys/ contents.
|
|
|
|
The script contains the contents of all sys/ test files, and creates
all dirs/links/files when run. This replaces the sys.tar.xz tarball
that contained sys/, so changes to sys files only require a simple
commit in git, instead of checking in an entire new tarball for each
sys/ change.
|
|
Instead of keeping all sys/ nodes in a tarball, use a script
"sys-script.py" to create all the sys/ entries.
This adds a script to create that initial "sys-script.py" script, using
an existing sys/ directory, created from the sys.tar.xz contents.
The "sys-script.py" can then be edited or recreated later, when any sys/
files are added or modified; the change will be only a patch to the
"sys-script.py" script in git, instead of forcing git to store a new
binary tarball.
|
|
So far, if either $HOME or $XDG_RUNTIME_DIR is not set we wouldn't use
either, and fail acquire_config_dirs() and acquire_control_dirs() in
their entireties. With this change, let's make use of the variables we
can acquire, and don't bother with the other.
Specifically this means: in both acquire_config_dirs() and
acquire_control_dirs() handle ENXIO from user_config_dir() and
user_runtime_dir() directly, instead of propagating it up and handling
it in the caller.
|
|
If the strv is empty, then strv_extend_strv_concat() is a NOP anyway,
and hence there is no reason to guard for this explicitly.
|
|
Let's use get_home_dir() for figuring out the home directory, so that
there's a good chance we succeed figuring out unit locations even if
$HOME isn't set.
Fixes: #5260
|
|
configuration symlinks
Under specific circumstances it might happen that we can't figure out
where to place our symlinks, for example because we are supposed to
create them in the runtime directory but $XDG_RUNTIME_DIR is not set. In
this case, return -ENXIO instead of hitting an assert().
(Yeah, the error isn't very descriptive, but for now this should at
least be good enough to remove the assert() being hit.)
|
|
In some cases there might be unit symlinks in .wants/ or .requires/
directories even though the unit is otherwise fully removed. In this
case, don't fail removal, but still remove the symlinks.
This reworks the symlink marking logic to always add unit files that we
are missing to the changes list, but proceed with any symlink removal
for them. This way we'll still generate useful hints that a unit is
missing if you invoke "systemctl disable idontexist.service", but also
still remove any link to it.
Fixes: #4995
|
|
We protect less interetsing stuff with selinux "status", let's do that
here too.
|
|
off the bus (#5294)
Fixes: #4528
|
|
In networkd-test.py, show resolved's journal on failure, to debug issues
like https://github.com/systemd/systemd/pull/5283.
|
|
We added mmap() and mmap2(), but forgot munmap(). Fix that.
Pointed out by @lucaswerkmeister:
https://github.com/systemd/systemd/pull/4537#issuecomment-273275298
|
|
Two doc fixes
|
|
Shut up canonicalize debug log messages
|
|
Previously, we'd refuse the GetUnitProcesses() bus call if the unit file
couldn't be loaded. Which is wrong, as admins should be able to inspect
services whose unit files was deleted. Change this logic, so that we
permit introspecting the processes of any unit that is loaded,
regardless if it has a unit file or not.
(Note that we won't load unit files in GetUnitProcess(), but only
operate on already loaded ones. That's because only loaded units can
have processes — as that's how our GC logic works — and hence loading
the unit just for the process tree is pointless, as it would be empty).
See: #4995
|
|
Just as a matter of coding style: whenever we return successfully, let's
make sure all our return parameters are properly initialized to
something.
|
|
After generating the template name we can shortcut things and just call
unit_file_find_dirs() from inside itself, just with the new name and
save a good number of duplicate lines.
|
|
|
|
After all, most units won't have drop-in dirs, hence there's no point in
logging about that.
Fixes: #5252
|
|
This builds on @utezduyar's #4640, but extends on it.
Fixes: #4550
Replaces: #4640
|
|
Let's clarify that RestrictAddressFamilies= and MemoryDenyWriteExecute=
are only fully effective if non-native system call architectures are
disabled, since they otherwise may be used to circumvent the filters, as
the filters aren't equally effective on all ABIs.
Fixes: #5277
|
|
comment (#5289)
Sometimes we have comments which don't make sense outside of the systemd
codebase, so let's filter them out from the user-visible files.
Fixes #5286.
|
|
rework WorkingDirectory= and RootDirectory= management for services
|
|
fstab-generator: Options= applies specifier expansion
|
|
Fixes: #5125
|
|
|
|
WorkingDirectory=~ is
Or actually, try to to do the right thing depending on what is
available:
- If we know $HOME from User=, then use that.
- If the UID for the service is 0, hardcode that WorkingDirectory=~ means WorkingDirectory=/root
- In any other case (which will be the unprivileged --user case), use
get_home_dir() to find the $HOME of the user we are running as.
- Otherwise fail.
Fixes: #5246 #5124
|
|
This reverts commit 8b89628a10af3863bfc97872912e9da4076a5929.
This broke #5246
|
|
|
|
|
|
A revert and some other tweaks for the man pages
|
|
Add new MountAPIVFS= boolean unit file setting + RootImage=
|
|
|
|
This effectively reverts commit 5d2abc04fc95f5c5f6d0eaf2f:
Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Wed Apr 16 22:15:42 2014 -0400
man: document relationship between RequiresMountsFor and noauto
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
Fixes #5249.
|
|
We should try to keep the unbreakable lines below 80 columns.
It's not always possible of course.
Also, use the dl.fp.o alias instead of a specific mirror.
|
|
swap seccomp filter params on s390
|
|
There was a missing dependency and one with the wrong type. Additionally, refer
to DefaultDependencies= once instead of twice, without a vague reference in the
first one that doesn't mention that the value matters.
Fixes #5226.
|
|
|
|
Add a bit of code that tries to get the right parameter order in place
for some of the better known architectures, and skips
restrict_namespaces for other archs.
This also bypasses the test on archs where we don't know the right
order.
In this case I didn't bother with testing the case where no filter is
applied, since that is hopefully just an issue for now, as there's
nothing stopping us from supporting more archs, we just need to know
which order is right.
Fixes: #5241
|
|
When services are already enabled/disabled/masked, make sure
that --now still enforces start/stop.
|
|
(#5271)
The code make the following assertion: when freeing a event loop object
(usually it's done after exiting from the main event loop), no signal events
are still queued and are pending.
This assertion can be found in event_unmask_signal_data() with
"assert(!d->current);" assertion.
It appears that this assertion can be wrong at least in a specific case
described below.
Consider the following example which is inspired from udev: a process defines 3
source events: 2 are created by sd_event_add_signal() and 1 is created by
sd_event_add_post().
1. the process receives the 2 signals consecutively so that signal 'A' source
event is queued and pending. Consequently the post source event is also
queued and pending. This is done by sd_event_wait().
2. The callback for signal 'A' is called by sd_event_dispatch().
3. The next call to sd_event_wait() will queue signal 'B' source event.
4. The callback for the post source event is called and calls sd_event_exit().
5. the event loop is exited.
6. freeing the event loop object will lead to the assertion failure in
event_unmask_signal_data().
This patch simply removes this assertion as it doesn't seem to be a
bug if the signal data still reference a signal source at this point.
|
|
The kernel documentation page is not distribution specific and also more
likely to be up to date than the Fedora wiki page referenced previously.
|
