Age | Commit message (Collapse) | Author |
|
|
|
|
|
Routing-domains-manpage tweak and NEWS update
|
|
|
|
|
|
|
|
This does not include the description of the mixed v1/v2 mode, but
everything important apart from that should be covered.
|
|
In this mode, messages from processes which are not part of the session
land in the main journal file, and only output of processes which are
properly part of the session land in the user's journal. This is
confusing, in particular because systemd-coredump runs outside of the
login session.
"Deprecate" SplitMode=login by removing it from documentation, to
discourage people from using it.
|
|
|
|
News and man tweaks
|
|
As suggested by @mbiebl we already use the "!" special char in unit file
assignments for negation, hence we should not use it in a different context for
privileged execution. Let's use "+" instead.
|
|
"strict versioned dependency" suggests that version "231" of the library
is stable. But the ABI or API might be changed in any patch, so reword
the text to avoid using "version".
|
|
|
|
Let's make sure that "make git-contrib" prints a useful contributors list
directly useful for NEWS and fixes up contributors's IDs a bit.
|
|
|
|
|
|
(Note complete yet.)
|
|
|
|
|
|
|
|
In some cases, caching DNS results locally is not desirable, a it makes DNS
cache poisoning attacks a tad easier and also allows users on the system to
determine whether or not a particular domain got visited by another user. Thus
provide a new "Cache" resolved.conf option to disable it.
|
|
This documents the "add nosuid and nodev options to tmp.mount" change from
commit 2f9df7c96a2.
|
|
There are many cgroups-related changes (thanks, @htejun!)
This commit will simplify testing a bit.
Use:
make run UNIFIED_CGROUP_HIERARCHY=yes to enable cgroup-v2
make run UNIFIED_CGROUP_HIERARCHY=no to enable cgroup-v1
|
|
|
|
|
|
|
|
|
|
|
|
... logind SIGHUP support, sd_journal_open_{directory,files}_fd,
specifiers in DeviceAllow, "generated" and "trasnient" unit types.
Move removed features to the end and cluster features by type.
|
|
Add an option to disable appending DHCP option 3 (Router) to the DHCP
OFFER and ACK packets.
This commit adds the boolean option EmitRouter= for the [DHCPServer]
section in .network files.
Rationale: On embedded devices, it is very useful to have a DHCP server
running on an USB OTG ethernet gadget interface to avoid manual setup on
the client PCs, but it should only serve IP addresses, no route(r)s.
Otherwise, Windows clients experience network connectivity issues, due
to them using the address set in DHCP option 3 as default gateway.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Kill user session scope by default
|
|
We enable lingering for anyone who wants this. It is still disabled by
default to avoid keeping long-running processes accidentally.
Admins might want to customize this policy on multi-user sites.
|
|
|
|
This ensures that users sessions are properly cleaned up after.
The admin can still enable or disable linger for specific users to allow
them to run processes after they log out. Doing that through the user
session is much cleaner and provides better control.
dbus daemon can now be run in the user session (with --enable-user-session,
added in 1.10.2), and most distributions opted to pick this configuration.
In the normal case it makes a lot of sense to kill remaining processes.
The exception is stuff like screen and tmux. But it's easy enough to
work around, a simple example was added to the man page in previous
commit. In the long run those services should integrate with the systemd
users session on their own.
https://bugs.freedesktop.org/show_bug.cgi?id=94508
https://github.com/systemd/systemd/issues/2900
|
|
--enable-libmount-force-mountinfo
Fixes: #2978
|
|
DUID support is mentioned without details since those are still
being worked out.
|
|
NEWS for `219` references `machinectl list-images` to describe the introduced clone feature - this looks like a copy'n'paste problem.
Use `machinectl clone` instead.
|
|
|
|
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.
DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
|
|
It has fairly wide functionality now and the interface has been
stable for a while. It it a useful testing tool.
The name is changed to better indicate what it does.
|
|
Reword some sentences for better flow.
|
|
|
|
cgroup: remove support for NetClass= directive
|