summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-25Merge pull request #3681 from walyong/systemctl_conditionZbigniew Jędrzejewski-Szmek
2016-07-25Merge pull request #3798 from keszybz/news-and-man-tweaksLennart Poettering
News and man tweaks
2016-07-25systemctl: style tweaks for the new condition codeZbigniew Jędrzejewski-Szmek
2016-07-25core: change ExecStart=! syntax to ExecStart=+ (#3797)Lennart Poettering
As suggested by @mbiebl we already use the "!" special char in unit file assignments for negation, hence we should not use it in a different context for privileged execution. Let's use "+" instead.
2016-07-25man: use "search for unit"Zbigniew Jędrzejewski-Szmek
To "search something", in the meaning of looking for it, is valid, but "search _for_ something" is much more commonly used, especially when the meaning could be confused with "looking _through_ something" (for some other object). (C.f. "the police search a person", "the police search for a person".) Also reword the rest of the paragraph to avoid using "automatically" three times.
2016-07-25NEWS: reword the text about libsharedZbigniew Jędrzejewski-Szmek
"strict versioned dependency" suggests that version "231" of the library is stable. But the ABI or API might be changed in any patch, so reword the text to avoid using "version".
2016-07-25man: make chroot less prominent in discussion of nspawnZbigniew Jędrzejewski-Szmek
Not as many people use chroot as before, so make the flow a bit nicer by talking less about chroot. "change to the either" is awkward and unclear. Just remove that part, because all changes are lost, period.
2016-07-25shared/install: allow "enable" on linked unit files (#3790)Zbigniew Jędrzejewski-Szmek
User expectations are broken when "systemctl enable /some/path/service.service" behaves differently to "systemctl link ..." followed by "systemctl enable". From user's POV, "enable" with the full path just combines the two steps into one. Fixes #3010.
2016-07-25getty@.service.m4: add Conflicts=/Before= against rescue.service (#3792)Michal Soltys
If user isolates rescue target from multi-user or graphical target (or just starts the service), IgnoreOnIsolate will cause issues with sulogin which is directly started on current virtual console. This patch adds necessary Conflicts= and Before= against rescue.service. Note that this is not needed for emergency target, as implicit Requires= and After= against sysinit.target is in effect for this service (DefaultDependencies=yes).
2016-07-25Merge pull request #3796 from poettering/mailmapMartin Pitt
documentation, NEWS and mailmap fixes
2016-07-25namespace: don't fail on masked mounts (#3794)Alban Crequy
Before this patch, a service file with ReadWriteDirectories=/file... could fail if the file exists but is not a mountpoint, despite being listed in /proc/self/mountinfo. It could happen with masked mounts. Fixes https://github.com/systemd/systemd/issues/3793
2016-07-25NEWS: document the new shared library for internal codeLennart Poettering
2016-07-25update hwdb (#3795)Lennart Poettering
"make update-hwdb" in preparation for v231.
2016-07-25man: update systemctl man page for unit file commands, in particular ↵Lennart Poettering
"systemctl enable" Clarify that "systemctl enable" can operate either on unit names or on unit file paths (also, adjust the --help text to clarify this). Say that "systemctl enable" on unit file paths also links the unit into the search path. Many other fixes. This should improve the documentation to avoid further confusion around #3706.
2016-07-25NEWS: update mailmap to bring NEWS and "make git-contrib" in lineLennart Poettering
Let's make sure that "make git-contrib" prints a useful contributors list directly useful for NEWS and fixes up contributors's IDs a bit.
2016-07-23NEWS: more stuff for v231 (#3786)Zbigniew Jędrzejewski-Szmek
2016-07-23Merge pull request #3785 from keszybz/less-return-errnoMartin Pitt
Use "return log_error_errno(...)" in more places + related fixes
2016-07-22NEWS: remove duplicate names and fix a few typosZbigniew Jędrzejewski-Szmek
2016-07-22Merge pull request #3784 from poettering/NEWS-v231Zbigniew Jędrzejewski-Szmek
2016-07-22nspawn: don't skip cleanup on locking errorZbigniew Jędrzejewski-Szmek
2016-07-22import: don't log "fake" errno valuesZbigniew Jędrzejewski-Szmek
2016-07-22Use "return log_error_errno" in more places"Zbigniew Jędrzejewski-Szmek
2016-07-22Merge pull request #3777 from poettering/id128-reworkZbigniew Jędrzejewski-Szmek
uuid/id128 code rework
2016-07-22Populate NEWS a bit, in preparation for v231Lennart Poettering
(Note complete yet.)
2016-07-22man: rework resolved.conf's Cache= documentationLennart Poettering
Let's not mention the supposed security benefit of turning off caching. It is really questionnable, and I#d rather not create the impression that we actually believed turning off caching would be a good idea. Instead, mention that Cache=no is implicit if a DNS server on the local host is used.
2016-07-22mailmap: add a few more namesLennart Poettering
Let's do something about my OCD and map a numbre of commiters to proper names.
2016-07-22Merge pull request #3783 from poettering/fix-3285Lennart Poettering
coredump: make sure to handle crashes of PID 1 and journald special
2016-07-22coredump: turn off coredump collection entirely after journald or PID 1 crashedLennart Poettering
Safe is safe, let's turn off the whole logic if we can, after all it is unlikely we'll be able to process further crashes in a reasonable way.
2016-07-22coredump: make sure to handle crashes of PID 1 and journald specialLennart Poettering
Fixes: #3285
2016-07-22Merge pull request #3753 from poettering/tasks-max-scaleLennart Poettering
Add support for relative TasksMax= specifications, and bump default for services
2016-07-22coredump: truncate overly long coredump metadata fields (#3780)Lennart Poettering
Fixes: #3573 Replaces: #3588
2016-07-22systemctl: never check inhibitors if -H or -M are used (#3781)Lennart Poettering
Don't check inhibitors when operating remotely. The interactivity inhibitors imply can#t be provided anyway, and the current code checks for local sessions directly, via various sd_session_xyz() APIs, hence bypass it entirely if we operate on remote systems. Fixes: #3476
2016-07-22Merge pull request #3779 from kinvolk/alessandro/nspawn-inaccessible-devsLennart Poettering
cgroup: whitelist inaccessible devices for "auto" and "closed" DevicePolicy
2016-07-22cgroup: whitelist inaccessible devices for "auto" and "closed" DevicePolicy.Alessandro Puccetti
https://github.com/systemd/systemd/pull/3685 introduced /run/systemd/inaccessible/{chr,blk} to map inacessible devices, this patch allows systemd running inside a nspawn container to create /run/systemd/inaccessible/{chr,blk}.
2016-07-22nspawn: set DevicesPolicy closed and clean up duplicated devicesAlessandro Puccetti
2016-07-22namespace: ensure to return a valid inaccessible nodes (#3778)Alessandro Puccetti
Because /run/systemd/inaccessible/{chr,blk} are devices with major=0 and minor=0 it might be possible that these devices cannot be created so we use /run/systemd/inaccessible/sock instead to map them.
2016-07-22core: check for overflow when handling scaled MemoryLimit= settingsLennart Poettering
Just in case...
2016-07-22macros.systemd.in: add %systemd_ordering (#3776)Harald Hoyer
To remove the hard dependency on systemd, for packages, which function without a running systemd the %systemd_ordering macro can be used to ensure ordering in the rpm transaction. %systemd_ordering makes sure, the systemd rpm is installed prior to the package, so the %pre/%post scripts can execute the systemd parts. Installing systemd afterwards though, does not result in the same outcome.
2016-07-22core: change TasksMax= default for system services to 15%Lennart Poettering
As it turns out 512 is max number of tasks per service is hit by too many applications, hence let's bump it a bit, and make it relative to the system's maximum number of PIDs. With this change the new default is 15%. At the kernel's default pids_max value of 32768 this translates to 4915. At machined's default TasksMax= setting of 16384 this translates to 2457. Why 15%? Because it sounds like a round number and is close enough to 4096 which I was going for, i.e. an eight-fold increase over the old 512 Summary: | on the host | in a container old default | 512 | 512 new default | 4915 | 2457
2016-07-22logind: change TasksMax= value for user logins to 33%Lennart Poettering
Let's change from a fixed value of 12288 tasks per user to a relative value of 33%, which with the kernel's default of 32768 translates to 10813. This is a slight decrease of the limit, for no other reason than "33%" sounding like a nice round number that is close enough to 12288 (which would translate to 37.5%). (Well, it also has the nice effect of still leaving a bit of room in the PID space if there are 3 cooperating evil users that try to consume all PIDs... Also, I like my bikesheds blue). Since the new value is taken relative, and machined's TasksMax= setting defaults to 16384, 33% inside of containers is usually equivalent to 5406, which should still be ample space. To summarize: | on the host | in the container old default | 12288 | 12288 new default | 10813 | 5406
2016-07-22main: simplify things a bit by moving container check into fixup_environment()Lennart Poettering
2016-07-22core: rename MemoryLimitByPhysicalMemory transient property to MemoryLimitScaleLennart Poettering
That way, we can neatly keep this in line with the new TasksMaxScale= option. Note that we didn't release a version with MemoryLimitByPhysicalMemory= yet, hence this change should be unproblematic without breaking API.
2016-07-22core: support percentage specifications on TasksMax=Lennart Poettering
This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-22machine-id-setup: add new --print switchLennart Poettering
If specified we'll simply output the used machine ID.
2016-07-22core: rework machine-id-setup.c to use the calls from id128-util.[ch]Lennart Poettering
This allows us to delete quite a bit of code and make the whole thing a lot shorter.
2016-07-22sd-id128: handle NULL return parameter in sd_id128_from_string() nicerLennart Poettering
If the return parameter is NULL, simply validate the string, and return no error.
2016-07-22main: make sure set_machine_id() doesn't clobber arg_machine_id on failureLennart Poettering
2016-07-22machine-id-setup: port machine_id_commit() to new id128-util.c APIsLennart Poettering
2016-07-22nspawn: rework /etc/machine-id handlingLennart Poettering
With this change we'll no longer write to /etc/machine-id from nspawn, as that breaks the --volatile= operation, as it ensures the image is never considered in "first boot", since that's bound to the pre-existance of /etc/machine-id. The new logic works like this: - If /etc/machine-id already exists in the container, it is read by nspawn and exposed in "machinectl status" and friends. - If the file doesn't exist yet, but --uuid= is passed on the nspawn cmdline, this UUID is passed in $container_uuid to PID 1, and PID 1 is then expected to persist this to /etc/machine-id for future boots (which systemd already does). - If the file doesn#t exist yet, and no --uuid= is passed a random UUID is generated and passed via $container_uuid. The result is that /etc/machine-id is never initialized by nspawn itself, thus unbreaking the volatile mode. However still the machine ID configured in the machine always matches nspawn's and thus machined's idea of it. Fixes: #3611
2016-07-22systemctl: fix format string for uint64_t fieldLennart Poettering