Age | Commit message (Collapse) | Author |
|
Previously, we checked whether /etc was completely empty. This makes it
difficult though for container managers such as nspawn to install a
small number of files (such as /etc/timezone), and have the system
otherwise populate its own tree.
Hence, change this by looking for /etc/machine-id, which should be a
good sign whether /etc is populated or not.
|
|
We really don't want these in containers as they provide a too lowlevel
look on the system.
Conditionalize them with CAP_SYS_RAWIO since that's required to access
/proc/kcore, /dev/kmem and similar, which feel similar in style. Also,
npsawn containers lack that capability.
|
|
CAP_MKNOD
npsawn containers generally have CAP_MKNOD, since this is required
to make PrviateDevices= work. Thus, it's not useful anymore to
conditionalize the kmod static device node units.
Use CAP_SYS_MODULES instead which is not available for nspawn
containers. However, the static device node logic is only done for being
able to autoload modules with it, and if we can't do that there's no
point in doing it.
|
|
Reported by Moviuro <moviuro@gmail.com>
|
|
When doing a NEWADDR, the reply we get back is the NEWADDR itself, rather
than just an empty ack (unlike how NEWLINK works). For this reason, the
process that did the NEWADDR does not get the broadcast message.
We were only listening for broadcast messages, and hence not tracking the
addresses we added ourselves. This went unnoticed as the kernel will usually
send NEWADDR messages from time to time anyway, so things would mostly work,
but in the worst case we would not notice that a routable address was available
and consider ourselves offline.
|
|
|
|
the only correct name appears to be "crisv32"...
http://lists.freedesktop.org/archives/systemd-devel/2014-July/020899.html
|
|
|
|
|
|
|
|
|
|
container on a remote host
|
|
|
|
|
|
|
|
|
|
|
|
|
|
set up
|
|
|
|
|
|
|
|
I don't have suitable hardware at hand, so this is based
on debian documentation:
https://wiki.debian.org/ArmEabiPort#GCC_preprocessor_macros_for_floating_point
|
|
|
|
|
|
|
|
|
|
This is really just about library locations, hence clarify that we don't
assume this to be anything but that.
|
|
We should follow the naming scheme waitid() uses, not come up with our
own reversed one...
|
|
|
|
|
|
|
|
THis way we can remove cgroup priviliges after setup, but get them back
for the next restart, as we need it.
|
|
When a machine is registered in machined with CreateMachine it is OK to
kill the machine when it is terminated, but when an existing unit is
simply registered via RegisterMachine we shouldn't do that, as the unit
is controlled by somebody else.
|
|
This does the inverse of RestartPreventExitStatus=: it forces a restart
of a service when a certain exit status is returned by a service
process.
|
|
Susant says:
> ip tuntap turns this off by default.
Let's follow ip(8) here as that should be the least surprising.
|
|
The group argument is a union. We need to
pass the correct type
|
|
|
|
|
|
|
|
It had a bug in the typing, fix that and also make it save the address family so we
can print proper error messages.
|
|
This patch introduces TUN/TAP device creation support
to networkd.
Example conf to create a tap device:
file: tap.netdev
------------------
[NetDev]
Name=tap-test
Kind=tap
[Tap]
OneQueue=true
MultiQueue=true
PacketInfo=true
User=sus
Group=sus
------------------
Test:
1. output of ip link
tap-test: tap pi one_queue UNKNOWN_FLAGS:900 user 1000 group 1000
id:
uid=1000(sus) gid=10(wheel) groups=10(wheel),1000(sus)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Modifications:
Added:
1. file networkd-tuntap.c
3. netdev kind NETDEV_KIND_TUN and NETDEV_KIND_TAP
2. Tun and Tap Sections and config params to parse
conf and gperf conf parameters
[tomegun: tweak the 'kind' checking for received ifindex]
|
|
|
|
We should never call them again, so make sure they are cleaned up correctly.
|
|
Keeping the refcounting next to the sd_bus_call_async() makes it easier to check.
|
|
|
|
|
|
|
|
systemctl -H root@foobar:waldi
will now show a list of services running on container "waldi" on host
"foobar", using "root" for authenticating at "foobar".
Since entereing a container requires priviliges, this will only work
correctly for root logins.
|
|
primary one
|