Age | Commit message (Collapse) | Author |
|
actually returns
|
|
* Specifying a device node has an effect much larger than a simple shortcut
for a field/value match, so the original sentence is no longer a good way
to start the paragraph.
* Specifying a device node causes matches to be generated for all ancestor
devices of the device specified, not just its parents.
* Indicates that the path must be absolute, but that it may be a link.
* Eliminates a few typos.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1151651
Also explain what localectl does a bit better:
https://bugzilla.redhat.com/show_bug.cgi?id=1357861
|
|
namespace: unify limit behavior on non-directory paths
|
|
improve handling of trailing newline in journal logging
|
|
Let's make sure our logging APIs is in sync with how stdout/stderr logging
works.
|
|
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories=
to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept
as aliases but they are not advertised in the documentation.
Renamed variables:
`read_write_dirs` --> `read_write_paths`
`read_only_dirs` --> `read_only_paths`
`inaccessible_dirs` --> `inaccessible_paths`
|
|
Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.
Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
|
|
|
|
json output
With this change, binary record data is formatted as string if --all is
specified when using json output. This is inline with the effect of --all on
the other available output modes.
Fixes: #3416
|
|
When converting log messages from human readable text into binary records to
send off to journald in sd_journal_print(), strip trailing whitespace in the
log message. This way, handling of logs made via syslog(), stdout/stderr and
sd_journal_print() are treated the same way: trailing (but not leading)
whitespace is automatically removed, in particular \n and \r. Note that in case
of syslog() and stdout/stderr based logging the stripping takes place
server-side though, while for the native protocol based transport this takes
place client-side. This is because in the former cases conversion from
free-form human-readable strings into structured, binary log records takes
place on the server-side while for journal-native logging it happens on the
client side, and after conversion into binary records we probably shouldn't
alter the data anymore.
See: #3416
|
|
|
|
install everything in /boot/efi, if this is a mountpoint
|
|
|
|
Trivial fixes3
|
|
|
|
|
|
|
|
|
|
WaitForKeyEx may never return on some UEFI systems depending
on firmware, hardware configuration and the phase of the moon.
Use ConIn->WaitForKey unconditionally instead.
Fixes #3632
|
|
|
|
Such mkdir errors happen for example when trying to mkdir /sys/fs/selinux.
/sys is documented to be readonly in the container, so mkdir errors below /sys
can be expected.
They shouldn't be logged as warnings since they lead users to think that
there is something wrong.
|
|
Fix make nulstr confusion
|
|
Trivial fixes
|
|
|
|
|
|
Usually multiple DNS servers are configured, and it looks strange to have
singular in the heading.
|
|
strv_make_nulstr was creating a nulstr which was not a valid nulstr,
because it was missing the terminating NUL. This didn't cause any issues,
because strv_parse_nulstr correctly parsed the result, using the
separately specified length.
But it's confusing to have something called nulstr which really isn't.
It is likely that somebody will try to use strv_make_nulstr() in
some other place, incorrectly.
This patch changes strv_parse_nulstr() to produce a valid nulstr, and
changes the output length parameter to be the minimum number of bytes
which can be later on parsed by strv_parse_nulstr(). This allows the
only user in ask-password-api to be slightly simplified.
Based-on-patch-by: Jean-Sébastien Bour <jean-sebastien@bour.name>
Fixes #3689.
|
|
(systemd/systemd#3689)
|
|
(#3738)
During stop when service has one "regular" pid one main pid and one
control pid and the sighld for the regular one is processed first the
unit_tidy_watch_pids will skip the main and control pid and does not
remove them from u->pids(). But then we skip the sigchld event because we
already did one in the iteration and there are two pids in u->pids.
v2: Use general unit_main_pid() and unit_control_pid() instead of
reaching directly to service structure.
|
|
The distinction between systemd-shutdown the binary vs system-shutdown
the hook directory (without the 'd') is not immediately obvious and can
be quite confusing if you are looking for a directory which doesn't exist.
Therefore explicitly mention the hook directory in the synopsis with a
trailing slash to make it clearer which is which.
|
|
|
|
This adds a build script and a settings file for "mkosi", a tool for putting
together full, bootable disk images for container managers of EFI systems and
VMs.
With these files it's enough to type "mkosi" in the project directory to
generate a bootable Fedora 24 OS image with a version of systemd compiled fresh
from the working tree.
See https://github.com/systemd/mkosi
|
|
We should look that the kind is invalid rather than pointer is NULL.
|
|
Sometimes, the persistent storage rules should be skipped for a subset
of devices. For example, the Qubes operating system prevents dom0 from
parsing untrusted block device content (such as filesystem metadata) by
shipping a custom 60-persistent-storage.rules, patched to bail out early
if the device name matches a hardcoded pattern.
As a less brittle and more flexible alternative, this commit adds a line
to the two relevant .rules files which makes them test the value of the
UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG device property, modeled
after the various DM_UDEV_DISABLE_*_RULES_FLAG properties.
|
|
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
deprecated selinux_context_t. Replace with a simple char* everywhere.
Alternative fix for #3719.
|
|
Callers of the 'udev monitor' tool expect to see output when
an event occurs. The stdio buffering defeats that. This patch
switches it to line buffering.
|
|
|
|
... as requested in
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/DJ7HDNRM5JGBSA4HL3UWW5ZGLQDJ6Y7M/.
Adding the macro makes it marginally easier to create generators
for outside projects.
I opted for "generatordir" and "usergeneratordir" to match
%unitdir and %userunitdir. OTOH, "_systemd" prefix makes it obvious
that this is related to systemd. "%_generatordir" would be to generic
of a name.
|
|
Do not allocate objects of dynamic and potentially large size on the stack
to avoid both clang compilation errors and unpredictable runtime behavior
on exotic platforms. Use the heap for that instead.
While at it, refactor the code a bit. Access 's->domain' via
NDISC_DNSSL_DOMAIN(), and refrain from allocating 'x' independently, but
rather reuse 's' if we're dealing with a new entry to the set.
Fixes #3717
|
|
systemd.special.xml: corrections about implicit
dependencies for basic.target, sysinit.target and shutdown.target.
systemd.target.xml: corrections about implicit dependencies for
target units in general.
|
|
journald-related shutdown fixes for slow I/O
|
|
(#3724)
Signed-off-by: Andreas Pokorny <andreas.pokorny@canonical.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=96875
|
|
|
|
This way, slow IO journald has to wait for can't cause it to reach the killing
spree timeout and is hit by SIGKILL in addition to SIGTERM.
|
|
There's really no reason to use 10s here, let's instead default to 90s like we
do for everything else.
The SIGKILL during the final killing spree is in most regards the fourth level
of a safety net, after all: any normal service should have already been stopped
during the normal service shutdown logic, first via SIGTERM and then SIGKILL,
and then also via SIGTERM during the finall killing spree before we send
SIGKILL. And as a fourth level safety net it should only be required in
exceptional cases, which means it's safe to rais the default timeout, as normal
shutdowns should never be delayed by it.
Note that journald excludes itself from the normal service shutdown, and relies
on the final killing spree to terminate it (this is because it wants to cover
the normal shutdown phase's complete logging). If the system's IO is
excessively slow, then the 10s might not be enough for journald to sync
everything to disk and logs might get lost during shutdown.
|
|
|
|
|
|
seccomp_syscall_resolve_name() can return a mix of positive and negative
(pseudo-) syscall numbers, while errors are signaled via __NR_SCMP_ERROR.
This commit lets the syscall filter parser only abort on real parsing
failures, letting libseccomp handle pseudo-syscall number on its own
and allowing proper multiplexed syscalls filtering.
|