summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2014-06-20tmpfiles: copy/link /usr/share/factory/ files when the source argument is ↵Kay Sievers
omitted
2014-06-20debug-generator: add new kernel cmdline option systemd.wants= to add units ↵Lennart Poettering
to the initial transaction
2014-06-19man: also describe an udev rule for bridge sysctlZbigniew Jędrzejewski-Szmek
2014-06-19man: document statically loading modules for sysctl settingsZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1022977 https://bugzilla.novell.com/show_bug.cgi?id=725412
2014-06-19tmpfiles: make sure "C" doesn't copy anything if the destination already existsLennart Poettering
Previously it would recursively copy the entire tree in, and descend into subdirectories even if the destination already exists. Let's do what the documentation says and not do that. If files down the tree shall be copied too, they should get their own "C" lines.
2014-06-19man: document new coredumpctl commandsLennart Poettering
2014-06-19man: add documentation for systemd-debug-generatorLennart Poettering
2014-06-19man: add new kernel command line switches to kernel-command-line(7)Lennart Poettering
2014-06-19man: fix typoRonny Chevalier
2014-06-19coredump: coredumpctl is so useful now, make it a first-class citizenLennart Poettering
Drop the "systemd-" prefix, renaming it from "systemd-coredumpctl" to "coredumpctl".
2014-06-19journald: make SplitMode=uid the defaultLennart Poettering
Now that we actually can distuingish system and normal users there's no point in taking session information into account anymore when splitting up logs. This has the beenfit with that coredump information will actually end up in each user's own journal.
2014-06-18cryptsetup: introduce new cryptsetup-pre.traget unit so that services can ↵Lennart Poettering
make sure they are started before and stopped after any LUKS setup https://bugzilla.redhat.com/show_bug.cgi?id=1097938
2014-06-18tmpfiles: add "+" modifier support to b, c, p lines in addition to LLennart Poettering
2014-06-17man: fix typoZbigniew Jędrzejewski-Szmek
2014-06-17install: introduce new DefaultInstance= field for [Install] sectionsLennart Poettering
The DefaultInstance= name is used when enabling template units when only specifying the template name, but no instance. Add DefaultInstance=tty1 to getty@.service, so that when the template itself is enabled an instance for tty1 is created. This is useful so that we "systemctl preset-all" can work properly, because we can operate on getty@.service after finding it, and the right instance is created.
2014-06-17install: beef up preset logic to limit to only enable or only disable, and ↵Lennart Poettering
do all-unit preset operations The new "systemctl preset-all" command may now be used to put all installed units back into the enable/disable state the vendor/admin encoded in preset files. Also, introduce "systemctl --preset-mode=enable-only" and "systemctl --preset-mode=disable-only" to only apply the enable or only the disable operations of a "systemctl preset" or "systemctl preset-all" operation. "systemctl preset-all" implements this RFE: https://bugzilla.redhat.com/show_bug.cgi?id=630174
2014-06-16tmpfiles: add new "L+" command as stronger version of "L", that removes the ↵Lennart Poettering
destination before creating a symlink Also, make use of this for mtab as long as mount insists on creating it even if we invoke it with "-n".
2014-06-16mount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s ↵Lennart Poettering
"-s" switch
2014-06-13os-release: define /usr/lib/os-release as fallback for /etc/os-releaseLennart Poettering
The file should have been in /usr/lib/ in the first place, since it describes the OS container in /usr (and not the configuration in /etc), hence, let's support os-release files in /usr/lib as fallback if no version in /etc exists, following the usual override logic. A prior commit already enabled tmpfiles to create /etc/os-release as a symlink to /usr/lib/os-release should it be missing, thus providing nice compatibility with applications only checking in /etc. While it's probably a good idea if all apps check both locations via a fallback logic, it is only necessary in the early boot process, as long as the /etc/os-release symlink has not been restored, in case we boot with an empty /etc.
2014-06-11units: introduce network-pre.target as place to hook in firewallsLennart Poettering
network-pre.target is a passive target that should be pulled in by services that want to be executed before any network is configured (for example: firewall scrips). network-pre.target should be ordered before all network managemet services (but not be pulled in by them). network-pre.target should be order after all services that want to be executed before any network is configured (and be pulled in by them).
2014-06-11tmpfiles: add ability to mask access mode by pre-existing access mode on ↵Lennart Poettering
files/directories This way it makes a lot more sense to specify an access mode for "Z" lines.
2014-06-11tmpfiles: when processing lines, always process prefixes before suffixesLennart Poettering
If two lines refer to paths that are suffix and prefix of each other, then always process the prefix first, the suffix second. In all other cases strictly process rules in the order they appear in the files. This makes creating /var/run as symlink to /run a lot more fun, since it is automatically created first.
2014-06-11nspawn: add new --tmpfs= option to mount a tmpfs on specific directories, ↵Lennart Poettering
such as /var
2014-06-10tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering
"m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
2014-06-10tmpfiles: add new "C" line for copying files or directoriesLennart Poettering
2014-06-10man: updates to the passive target sectionLennart Poettering
2014-06-10man: Searching for an explanation of what a "slice unit" was, found this, ↵Mark Eichin
felt compelled to send in fixes for the obvious typos
2014-06-09man: clarify the effect of replace-irreversibly on future conflicting jobsDavid Strauss
2014-06-06man: fix references to sd_journal_cutoff_realtime_usecMantas Mikulėnas
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05core: introduce new Restart=on-abnormal settingLennart Poettering
Restart=on-abnormal is similar to Restart=on-failure, but avoids restarts on unclean exit codes (but still doing restarts on all obviously unclean exits, such as timeouts, signals, coredumps, watchdog timeouts). Also see: https://fedorahosted.org/fpc/ticket/191
2014-06-05core: don't include /boot in effect of ProtectSystem=Lennart Poettering
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04journald: move /dev/log socket to /runLennart Poettering
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
2014-06-04socket: add new Symlinks= option for socket unitsLennart Poettering
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-06-02resolved: move resolv.conf to resolved's runtime dirTom Gundersen
2014-05-28hostnamed: Fix the way that static and transient host names interactStef Walter
It is almost always incorrect to allow DHCP or other sources of transient host names to override an explicitly configured static host name. This commit changes things so that if a static host name is set, this will override the transient host name (eg: provided via DHCP). Transient host names can still be used to provide host names for machines that have not been explicitly configured with a static host name. The exception to this rule is if the static host name is set to "localhost". In those cases we act as if no static host name has been explicitly set. As discussed elsewhere, systemd may want to have an fd based ownership of the transient name. That part is not included in this commit.
2014-05-24man: describe sd_uid_get_displayZbigniew Jędrzejewski-Szmek
2014-05-24man: reword StartupCPUShares= descriptionZbigniew Jędrzejewski-Szmek
Now that we have two options described in the same paragraph, we cannot use singular anymore.
2014-05-22man: update URL refernce in daemon(7)Lennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html
2014-05-22man: drop reference to file locking for PID file creation from daemon(7)Lennart Poettering
File locking is usually a bad idea, don't suggest using it.
2014-05-22cgroups: simplify CPUQuota= logicLennart Poettering
Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22cgroup: rework startup logicLennart Poettering
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io weights, and keep the startup unit set around all the time.
2014-05-22core: add startup resource control optionWaLyong Cho
Similar to CPUShares= and BlockIOWeight= respectively. However only assign the specified weight during startup. Each control group attribute is re-assigned as weight by CPUShares=weight and BlockIOWeight=weight after startup. If not CPUShares= or BlockIOWeight= be specified, then the attribute is re-assigned to each default attribute value. (default cpu.shares=1024, blkio.weight=1000) If only CPUShares=weight or BlockIOWeight=weight be specified, then that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-05-19resolved: add daemon to manage resolv.confTom Gundersen
Also remove the equivalent functionality from networkd.
2014-05-19fix spelling of privilegeNis Martensen
2014-05-18man: note that entire sections can now be ignoredMichael Marineau
Prefixing a section name with "X-" will cause it and all of its contents to be silently ignored as of commit 342aea19.