Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
We shouldn't get confused if people have symlinked /tmp somewhere, so
let's simply skip the mount then.
|
|
|
|
|
|
|
|
Now that logind will clean up all IPC resources of a user we should
really consider $XDG_RUNTIME_DIR as just another kind of IPC with the
same life-cycle logic as the other IPC resources. This should be safe
now to do since every user gets his own $XDG_RUNTIME_DIR tmpfs instance
with a fixed size limit, so that flooding of it will more effectively be
averted.
|
|
this implicitly since ages
|
|
systemd suggests
|
|
Let's protect ourselves against the recently reported docker security
issue. Our man page makes clear that we do not make any security
promises anyway, but well, this one is easy to mitigate, so let's do it.
While we are at it block a couple of more syscalls that are no good in
containers, too.
|
|
|
|
|
|
This is at the suggestion of Djalal Harouni on the mailing list, and
reflects the behavior of shared/util.c:wait_for_terminate_and_warn().
|
|
Commit 113cea8 introduced a bug that caused the exit code of systemd-nspawn
to not reflect the exit code of the program executed in the container.
|
|
|
|
Reported by Michael Olbrich.
|
|
|
|
|
|
Otherwise the test fails because specifier_runtime() returns -ENOTSUP
when XDG_RUNTIME_DIR is not set.
|
|
This ways, distributions have an easier way to replace the OS specific
generic groups/users while keeping systemd's own.
|
|
|
|
|
|
|
|
strndup need to be chcked
|
|
The logic otherwise is that we leave anything preconfigured alone, but in the case of DHCP
we actually need to update it whenever the lease is renewed.
|
|
Even if we cannot renew the lease at T1, we will likely succeed at T2, so warn and ignore the failure.
This could happen if for whatever reason the received address is not yet configured, or it has
been lost.
|
|
|
|
Reported by Gerardo Exequiel Pozzi:
Looks like [commit a4a878d0] also changes a unrelated file
(units/local-fs.target) [partially]reverting the commit
40f862e3 (filesystem targets: disable default dependencies)
The side effect, at least in my case is that the "nofail" option in both
"crypttab" and "fstab" has partial effect does the default timeout
instead of continue normal boot without timeout.
|
|
Don't wait for IPv4LL nor DHCP to finish before setting statically configured addresses.
|
|
This adds support for DHCP options 33 and 121: Static Route and
Classless Static Route. To enable this feature, set UseRoutes=true
in .network file. Returned routes are added to the routing table.
|
|
If there are v4 or v6 specific options we can keep those in separate sections,
but for the common options, we will use only one.
Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.
|
|
Note that /proc/sys/net/ipv4/ip_dynaddr needs to be non-zero.
[tomegun: hook up DHCP renew events to increase the lifetime when necessary]
|
|
|
|
|
|
|
|
|
|
In a normal running system, non-passive targets and units used during
early bootup are always started. So refusing "manual start" for them
doesn't make any difference, because a "start" command doesn't cause
any action.
In early boot however, the administrator might want to start on
of those targets or services by hand. We shouldn't interfere with that.
Note: in case of systemd-tmpfiles-setup.service, really running the
unit after system is up would break the system. So e.g. restarting
should not be allowed. The unit has "RefuseManualStop=yes", which
prevents restart too.
|
|
readability
|
|
|
|
|
|
The Avocent KVM over IP devices doesn't work correctly with USB power
management enabled.
|
|
descriptor
|
|
|
|
journald.conf(5) states that the default for MaxFileSec is one month,
but the code didn't respect that.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=80597
|
|
|
|
This also make sure we remove the original coredump temporary file if we
successfully managed to compress the coredump.
|
|
Let's move things closer to journald's configuration settings, which
knows Compress= already, as a boolean. This makes things more uniform,
but also gives us more freedom to possibly swap out the used compression
algorithm one day.
|
|
This sounds overly low-level and implementation-detaily. Let's just
use the default level XZ suggests. This gives us more room to possibly
swap out the compression algorithm used, as the compression level range
will not leak into user configuration.
|