Age | Commit message (Collapse) | Author |
|
sysfs below it
This way we can hide things like /sys/firmware or /sys/hypervisor from
the container, while keeping the device tree around.
While this is a security benefit in itself it also allows us to fix
issue #1277.
Previously we'd mount /sys before creating the user namespace, in order
to be able to mount /sys/fs/cgroup/* beneath it (which resides in it),
which we can only mount outside of the user namespace. To ensure that
the user namespace owns the network namespace we'd set up the network
namespace at the same time as the user namespace. Thus, we'd still see
the /sys/class/net/ from the originating network namespace, even though
we are in our own network namespace now. With this patch, /sys is
mounted before transitioning into the user namespace as tmpfs, so that
we can also mount /sys/fs/cgroup/* into it this early. The directories
such as /sys/class/ are then later added in from the real sysfs from
inside the network and user namespace so that they actually show whatis
available in it.
Fixes #1277
|
|
We didn#t actually pass ownership of /run to the UID in the container
since some releases, let's fix that.
|
|
|
|
directories
|
|
|
|
following parameter
We currently completely ignore the following parameter, but we really
should not, as that is actually the time to shut down on.
|
|
|
|
tree-wide: use strempty() where possible
|
|
Also add a Coccinell patch to detect such locations in the future.
|
|
Systemctl and more
|
|
|
|
|
|
Let's parse the command line the same way in our various tools.
|
|
Otherwise, wall messages will not be generated for root.
|
|
|
|
|
|
In most verbs it's fine to treat the arguments array being NULL is empty
array, hence do so.
|
|
|
|
Also adds a couple of "return" statements, where they are missing.
|
|
Sometimes we have to connect to the system manager directly (early boot,
initrd, late boot, ...), sometimes through the system bus (unprivileged,
remote, logind, ...). Instead of guessing in advance, which kind of
connection we require (and sometimes guessing incorrectly), let's make
sure each time we need bus connection we request the right bus
explicitly.
This way, we set up exactly the bus connections require, never guess
incorrectly, and do so only immediately when necessary.
As effect this reworks avoid_bus() into install_client_side(), since
that's all it determines now: whether to install unit files client-side
or server-side (i.e. in PID 1).
|
|
located in
We place the processes we fork off in the cgroup anyway, and we probably
shouldn't be able to get that far if we couldn't set up the slice due to
resource problems or unmet conditions. Hence upgrade the dependency
between units and the slices they are located in from Wants= to
Requires=.
|
|
|
|
|
|
In sd-bus, the sd_bus_open_xyz() family of calls allocates a new bus,
while sd_bus_default_xyz() family tries to reuse the thread's default
bus. bus_open_transport() sometimes internally uses the former,
sometimes the latter family, but suggests it only calls the former via
its name. Hence, let's avoid this confusion, and generically rename the
call to bus_connect_transport().
Similar for all related calls.
And while we are at it, also change cgls + cgtop to do direct systemd
connections where possible, since all they do is talk to systemd itself.
|
|
|
|
Let's clarify that this function is specific to shutdown time
specifications, nothing else.
|
|
|
|
Previously, we'd allocate it sometimes from the heap, but otherwise let
it point directly int argv[]. Let's clean this up, so that we know
exactly how to release its resources, and do so at the end.
|
|
|
|
logind sends out wall messages now, let's remove this from the systemctl
client side hence. If people build systemd without logind support they
won't get wall messages now, but that's OK.
|
|
Make it generic, call it strv_skip() and move it to strv.[ch]
|
|
|
|
|
|
Let's make sure the main switch statement only invokes functions, but
doesn't do anything real on its own.
|
|
Let's move its dispatching to the main switch statement.
|
|
Let's not have the same code three times, but reduce it to one function.
|
|
This introduces a new systemd.crash_reboot=1 kernel command line option
that triggers a reboot after crashing.
This also cleans up crash VT handling. Specifically, it cleans up the
configuration setting, to be between 1..63 or a boolean. This is to
replace the previous logic where "-1" meant disabled. We continue to
accept that setting, but only document the boolean syntax instead.
This also brings the documentation of the default settings in sync with
what actually happens.
The CrashChVT= configuration file setting is renamed to CrashChangeVT=,
following our usual logic of not abbreviating unnecessarily. The old
setting stays support for compat reasons.
Fixes #1300
|
|
The relation to USB should really be clearer.
|
|
|
|
|
|
Let's always return the allocated fds as return values where possible,
and make more use of _cleanup_close_
|
|
|
|
|
|
If set to ~ the working directory is set to the home directory of the
user configured in User=.
This change also exposes the existing switch for the working directory
that allowed making missing working directories non-fatal.
This also changes "machinectl shell" to make use of this to ensure that
the invoked shell is by default in the user's home directory.
Fixes #1268.
|
|
|
|
|
|
|
|
|
|
And remove machine-id-commit as separate binary.
There's really no point in keeping this separate, as the sources are
pretty much identical, and have pretty identical interfaces. Let's unify
this in one binary.
Given that machine-id-commit was a private binary of systemd (shipped in
/usr/lib/) removing the tool is not an API break.
While we are at it, improve the documentation of the command substantially.
|
|
Apparently, disk IO issues are more frequent than we hope, and 1min
waiting for disk IO happens, so let's increase the watchdog timeout a
bit, for all our services.
See #1353 for an example where this triggers.
|