Age | Commit message (Collapse) | Author |
|
Fixes fall-out from 8b3aa503c171acdb9ec63484a8c50e2680d31e79.
Fixes: #2635
|
|
Fixes: #2632
|
|
Fixes: #2457
|
|
|
|
no change in behaviour
|
|
|
|
units: don't try to mount the mqueue fs if we lack the privileges for it
|
|
Random fixes
|
|
|
|
|
|
|
|
Fixes: #1981
|
|
tests: add test for https://github.com/systemd/systemd/issues/1981
|
|
man: follow up fixes for #2575
|
|
See https://github.com/systemd/systemd/pull/2576#discussion-diff-52592680
|
|
|
|
A variety of man page fixes
|
|
The "is-enabled" command doesn't care whether the symlinks are declared in the
[Install] section of a unit file or not, when returning "enabled". Any alias,
.wants/ or .requires/ symlinks suffice.
Fixes: #975
|
|
Fixes: #846
|
|
Fixes: #1502
|
|
(And similar for resolved)
Fixes: #1630
|
|
Fixes: #1774
Fixes: #1090
|
|
References: #2468
|
|
Fixes: #2523
|
|
See:
https://lists.freedesktop.org/archives/systemd-devel/2016-February/035740.html
|
|
Don't ever permit successful user or group lookups if no UID/GID mapping is
actually applied. THis way, we can be sure that nss-mymachines cannot be used
to insert invalid cache entries into nscd's cache.
https://bugzilla.redhat.com/show_bug.cgi?id=1285339
|
|
|
|
This is a follow-up to https://github.com/systemd/systemd/pull/2493
|
|
|
|
cgroup: remove support for NetClass= directive
|
|
tty-ask-password: Split out password sending
|
|
Coredump fixes and more
|
|
Support for net_cls.class_id through the NetClass= configuration directive
has been added in v227 in preparation for a per-unit packet filter mechanism.
However, it turns out the kernel people have decided to deprecate the net_cls
and net_prio controllers in v2. Tejun provides a comprehensive justification
for this in his commit, which has landed during the merge window for kernel
v4.5:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
As we're aiming for full support for the v2 cgroup hierarchy, we can no
longer support this feature. Userspace tool such as nftables are moving over
to setting rules that are specific to the full cgroup path of a task, which
obsoletes these controllers anyway.
This commit removes support for tweaking details in the net_cls controller,
but keeps the NetClass= directive around for legacy compatibility reasons.
|
|
|
|
Corrects an incompatibility introduced with 36c16a7cdd6c33d7980efc2cd6a2211941f302b4.
Fixes: #2537
|
|
Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
|
|
|
|
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system
user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump
was created under.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
|
|
The kernel sets RLIMIT_CORE to 0 by default. Let's bump this to unlimited by
default (for systemd itself and all processes we fork off), so that the
coredump hooks have an effect if they honour it.
Bumping RLIMIT_CORE of course would have the effect that "core" files will end
up on the system at various places, if no coredump hook is used. To avoid this,
make sure PID1 sets the core pattern to the empty string by default, so that
this logic is disabled.
This change in defaults should be useful for all systems where coredump hooks
are used, as it allows useful usage of RLIMIT_CORE from these hooks again. OTOH
systems that expect that coredumps are placed under the name "core" in the
current directory will break with this change. Given how questionnable this
behaviour is, and given that no common distro makes use of this by default it
shouldn't be too much of a loss. Also, the old behaviour may be restored by
explicitly configuring a "core_pattern" of "core", and setting the default
system RLIMIT_CORE to 0 again via system.conf.
|
|
With this change processing/saving of coredumps takes the RLIMIT_CORE resource limit of the crashing process into
account, given the user control whether specific processes shall core dump or not, and how large to make the core dump.
Note that this effectively disables core-dumping for now, as RLIMIT_CORE defaults to 0 (i.e. is disabled) for all
system processes.
|
|
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data
about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a
stacktrace and writes the coredump to disk.
This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and
hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust=
and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally
priorized processes.
This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until
/var/systemd/coredump is mounted and writable.
Fixes: #2286
|
|
Previously, using --accept would enable inetd-style socket activation in addition to per-connection operation. This is
now split into two switches: --accept only switches between per-connection or single-instance operation. --inetd
switches between inetd-style or new-style fd passing.
This breaks the interface of the tool, but given that it is a debugging tool shipped in /usr/lib/systemd/ it's not
really a public interface.
This change allows testing new-style per-connection daemons.
|
|
|
|
|
|
|
|
|
|
Remove some old cruft
|
|
NEWS: Various clarification and grammar fixes
|
|
configure.ac: Fix help text of --enable-* options
|
|
Fixes #2567
|