summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-09-30nspawn: mount /sys as tmpfs, and then mount only select subdirs of the real ↵Lennart Poettering
sysfs below it This way we can hide things like /sys/firmware or /sys/hypervisor from the container, while keeping the device tree around. While this is a security benefit in itself it also allows us to fix issue #1277. Previously we'd mount /sys before creating the user namespace, in order to be able to mount /sys/fs/cgroup/* beneath it (which resides in it), which we can only mount outside of the user namespace. To ensure that the user namespace owns the network namespace we'd set up the network namespace at the same time as the user namespace. Thus, we'd still see the /sys/class/net/ from the originating network namespace, even though we are in our own network namespace now. With this patch, /sys is mounted before transitioning into the user namespace as tmpfs, so that we can also mount /sys/fs/cgroup/* into it this early. The directories such as /sys/class/ are then later added in from the real sysfs from inside the network and user namespace so that they actually show whatis available in it. Fixes #1277
2015-09-30nspawn: fix user namespace supportLennart Poettering
We didn#t actually pass ownership of /run to the UID in the container since some releases, let's fix that.
2015-09-30nspawn: order includesLennart Poettering
2015-09-30nspawn: make sure mount_legacy_cgroup_hierarchy() can deal with NULL root ↵Lennart Poettering
directories
2015-09-30update TODOLennart Poettering
2015-09-30systemctl: when reading legacy -t argument for shutdown, don't drop ↵Lennart Poettering
following parameter We currently completely ignore the following parameter, but we really should not, as that is actually the time to shut down on.
2015-09-30systemctl: various modernizationsLennart Poettering
2015-09-30Merge pull request #1412 from zonque/stremptyLennart Poettering
tree-wide: use strempty() where possible
2015-09-30tree-wide: use strempty() where possibleDaniel Mack
Also add a Coccinell patch to detect such locations in the future.
2015-09-29Merge pull request #1408 from poettering/systemctl-and-moreDaniel Mack
Systemctl and more
2015-09-29systemctl: when a shutdown is scheduled, always go via logindLennart Poettering
2015-09-29systemctl: minor modernizationsLennart Poettering
2015-09-29systemctl: port verb dispatching to generic verbs.[ch] codeLennart Poettering
Let's parse the command line the same way in our various tools.
2015-09-29systemctl: prefer shutting down through logind even as rootLennart Poettering
Otherwise, wall messages will not be generated for root.
2015-09-29systemctl: split out code invoking SetExitCode() into function of its ownLennart Poettering
2015-09-29pager: minor modernizationsLennart Poettering
2015-09-29systemctl: don't assert on the arguments array unnecessarilyLennart Poettering
In most verbs it's fine to treat the arguments array being NULL is empty array, hence do so.
2015-09-29systemctl: make use of strv_skip() where appropriateLennart Poettering
2015-09-29systemctl: make use of log_error_errno() where we canLennart Poettering
Also adds a couple of "return" statements, where they are missing.
2015-09-29systemctl: rework how we connect to bussesLennart Poettering
Sometimes we have to connect to the system manager directly (early boot, initrd, late boot, ...), sometimes through the system bus (unprivileged, remote, logind, ...). Instead of guessing in advance, which kind of connection we require (and sometimes guessing incorrectly), let's make sure each time we need bus connection we request the right bus explicitly. This way, we set up exactly the bus connections require, never guess incorrectly, and do so only immediately when necessary. As effect this reworks avoid_bus() into install_client_side(), since that's all it determines now: whether to install unit files client-side or server-side (i.e. in PID 1).
2015-09-29core: add a "Requires=" dependency between units and the slices they are ↵Lennart Poettering
located in We place the processes we fork off in the cgroup anyway, and we probably shouldn't be able to get that far if we couldn't set up the slice due to resource problems or unmet conditions. Hence upgrade the dependency between units and the slices they are located in from Wants= to Requires=.
2015-09-29update-utmp: flush and close the bus used for connections after useLennart Poettering
2015-09-29update-utmp: minor modernizationsLennart Poettering
2015-09-29bus-util: rename bus_open_transport() to bus_connect_transport()Lennart Poettering
In sd-bus, the sd_bus_open_xyz() family of calls allocates a new bus, while sd_bus_default_xyz() family tries to reuse the thread's default bus. bus_open_transport() sometimes internally uses the former, sometimes the latter family, but suggests it only calls the former via its name. Hence, let's avoid this confusion, and generically rename the call to bus_connect_transport(). Similar for all related calls. And while we are at it, also change cgls + cgtop to do direct systemd connections where possible, since all they do is talk to systemd itself.
2015-09-29pager: minor simplificationLennart Poettering
2015-09-29systemctl: rename parse_time_spec() to parse_shutdown_time_spec()Lennart Poettering
Let's clarify that this function is specific to shutdown time specifications, nothing else.
2015-09-29systemctl: conditionalize /dev/initctl fallback on HAVE_SYSV_COMPATLennart Poettering
2015-09-29systemctl: allocate arg_wall only on the heapLennart Poettering
Previously, we'd allocate it sometimes from the heap, but otherwise let it point directly int argv[]. Let's clean this up, so that we know exactly how to release its resources, and do so at the end.
2015-09-29systemctl: add 'const' where appropriateLennart Poettering
2015-09-29systemctl: remove client-side wall message supportLennart Poettering
logind sends out wall messages now, let's remove this from the systemctl client side hence. If people build systemd without logind support they won't get wall messages now, but that's OK.
2015-09-29systemctl: move strv_skip_first() out of systemctl.cLennart Poettering
Make it generic, call it strv_skip() and move it to strv.[ch]
2015-09-29systemctl: split out code that schedules shutdowsn into its own functionLennart Poettering
2015-09-29systemctl: rename all logind-specific functions to logind_xyz()Lennart Poettering
2015-09-29systemctl: move shutdown cancelling code into its own functionLennart Poettering
Let's make sure the main switch statement only invokes functions, but doesn't do anything real on its own.
2015-09-29systemctl: don't special case ACTION_RUNLEVEL anymoreLennart Poettering
Let's move its dispatching to the main switch statement.
2015-09-29systemctl: introduce a single function to set the wall messageLennart Poettering
Let's not have the same code three times, but reduce it to one function.
2015-09-29core: rework crash handlingLennart Poettering
This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-29socket: rename ffs_xyz to usbffs_xyzLennart Poettering
The relation to USB should really be clearer.
2015-09-29core: turn a large if statement into a switchLennart Poettering
2015-09-29selinux: add _cleanup_ concepts to SELinux label allocationLennart Poettering
2015-09-29core: simplify how we create socket fdsLennart Poettering
Let's always return the allocated fds as return values where possible, and make more use of _cleanup_close_
2015-09-29core: small error message wording improvementsLennart Poettering
2015-09-29core: properly use the ExitCode bus property when exiting is --user instanceLennart Poettering
2015-09-29core: allow setting WorkingDirectory= to the special value ~Lennart Poettering
If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-29man: also properly indent our examples to 8chLennart Poettering
2015-09-29detect-virt: various modernizationsLennart Poettering
2015-09-29journal-cat: various modernizationsLennart Poettering
2015-09-29journal-cat: return a correct error, not -1Lennart Poettering
2015-09-29machine-id-commit: merge machine-id-commit functionality into machine-id-setupLennart Poettering
And remove machine-id-commit as separate binary. There's really no point in keeping this separate, as the sources are pretty much identical, and have pretty identical interfaces. Let's unify this in one binary. Given that machine-id-commit was a private binary of systemd (shipped in /usr/lib/) removing the tool is not an API break. While we are at it, improve the documentation of the command substantially.
2015-09-29units: increase watchdog timeout to 3min for all our servicesLennart Poettering
Apparently, disk IO issues are more frequent than we hope, and 1min waiting for disk IO happens, so let's increase the watchdog timeout a bit, for all our services. See #1353 for an example where this triggers.