Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-02-19 | udev: net-config - allow interface names to be set from the hwdb | Tom Gundersen | |
2014-02-19 | man: fix references to .pc files which aren't separate anymore | Lennart Poettering | |
2014-02-19 | man: don't advertise sd-daemon as embeddable anymore | Lennart Poettering | |
It's now part of libsystemd, and should be used like any other API. | |||
2014-02-19 | busctl: add --no-legend and use in bash completion | Thomas Hindoe Paaboel Andersen | |
2014-02-19 | man: busctl typo fix | Thomas Hindoe Paaboel Andersen | |
2014-02-19 | man: document $MAINPID | Lennart Poettering | |
2014-02-19 | core: add Personality= option for units to set the personality for spawned ↵ | Lennart Poettering | |
processes | |||
2014-02-18 | nspawn: add new --personality= switch to make it easier to run 32bit ↵ | Lennart Poettering | |
containers on a 64bit host | |||
2014-02-18 | net-match: fix Driver= match | Tom Gundersen | |
It should match on the driver of the parent device. | |||
2014-02-18 | seccomp: add helper call to add all secondary archs to a seccomp filter | Lennart Poettering | |
And make use of it where appropriate for executing services and for nspawn. | |||
2014-02-18 | machinectl: remove unused --no-ask-password | Thomas Hindoe Paaboel Andersen | |
2014-02-18 | machinectl: add bash completion | Thomas Hindoe Paaboel Andersen | |
2014-02-18 | man: machinectl: there is no command 'kill-machine' | Thomas Hindoe Paaboel Andersen | |
2014-02-18 | man: minor fixes to networkd page | Tom Gundersen | |
Also enforce that we don't allow setting the Broadcast for IPv6 addresses. | |||
2014-02-18 | doc: orthographic corrections | Jan Engelhardt | |
2014-02-17 | doc: utilize the DocBook markup for some literals | Jan Engelhardt | |
2014-02-17 | doc: reword "shared per-thread" wording | Jan Engelhardt | |
Either it is shared across threads, or it is per-thread: decide. Reading the source code, I see a thread_local identifier, so that's that. But that does not yet preclude that a program may pass around the pointer returned from the function among its own threads. Do a best effort at saying so. | |||
2014-02-17 | doc: balance C indirections in function prototypes | Jan Engelhardt | |
Shift the asterisks in the documentation's prototypes such that they are consistent among each other. Use the right side to match source code. | |||
2014-02-17 | doc: properly use XML entities | Jan Engelhardt | |
2014-02-17 | doc: choose different words to improve clarity | Jan Engelhardt | |
I suggest the following changes to improve the way the text reads ("flows"). | |||
2014-02-17 | doc: resolve missing/extraneous words or inappropriate forms | Jan Engelhardt | |
Issues fixed: * missing words required by grammar * duplicated or extraneous words * inappropriate forms (e.g. singular/plural), and declinations * orthographic misspellings | |||
2014-02-17 | doc: update punctuation | Jan Engelhardt | |
Resolve spotted issues related to missing or extraneous commas, dashes. | |||
2014-02-17 | doc: detail what "UID" is | Jan Engelhardt | |
2014-02-17 | doc: quote consistently in autoconf code | Jan Engelhardt | |
AS_HELP_STRING has been observed to expand such that the surround function complains; play it safe and consistenly quote the example code throughout. | |||
2014-02-17 | man: fix a typo | Ansgar Burchardt | |
2014-02-17 | Revert "man: systemd.service(5): clarify behavior of SuccessExitStatus" | Lennart Poettering | |
This reverts commit 29e254f7f093c07a1ec7e845e60203357f585235. Conflicts: man/systemd.service.xml | |||
2014-02-17 | Some modernizations | Zbigniew Jędrzejewski-Szmek | |
2014-02-16 | nspawn: add new --network-bridge= switch | Tom Gundersen | |
This adds the host side of the veth link to the given bridge. Also refactor the creation of the veth interfaces a bit to set it up from the host rather than the container. This simplifies the addition to the bridge, but otherwise the behavior is unchanged. | |||
2014-02-14 | man: use spaces instead of tabs | Jason St. John | |
Several sections of the man pages included intermixed tabs and spaces; this commit replaces all tabs with spaces. | |||
2014-02-14 | man: replace STDOUT with standard output, etc. | Zbigniew Jędrzejewski-Szmek | |
Actually 'STDOUT' is something that doesn't appear anywhere: in the stdlib we have 'stdin', and there's only the constant STDOUT_FILENO, so there's no reason to use capitals. When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc. | |||
2014-02-14 | man: fix grammatical errors and other formatting issues | Jason St. John | |
* standardize capitalization of STDIN, STDOUT, and STDERR * reword some sentences for clarity * reflow some very long lines to be shorter than ~80 characters * add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags | |||
2014-02-14 | man: always place <programlisting> and </programlisting> in a line with ↵ | Lennart Poettering | |
actual sources, so that we don't get spurious newlines in the man page output | |||
2014-02-14 | man: systemd.service(5): clarify behavior of SuccessExitStatus | Dave Reisner | |
The behavior of this is a little cryptic in that $MAINPID must exit as a direct result of receiving a signal in order for a listed signal to be considered a success condition. | |||
2014-02-13 | nspawn: add new --network-veth switch to add a virtual ethernet link to the host | Lennart Poettering | |
2014-02-13 | nspawn: --private-network should imply CAP_NET_ADMIN | Lennart Poettering | |
2014-02-13 | nspawn: add new --network-interface= switch to move an existing interface ↵ | Lennart Poettering | |
into the container | |||
2014-02-13 | nspawn: introduce --capability=all for retaining all capabilities | Lennart Poettering | |
2014-02-13 | core: add a system-wide SystemCallArchitectures= setting | Lennart Poettering | |
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings. | |||
2014-02-13 | core: add SystemCallArchitectures= unit setting to allow disabling of non-native | Lennart Poettering | |
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings. | |||
2014-02-12 | core: rework syscall filter | Lennart Poettering | |
- Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand. | |||
2014-02-12 | syscallfilter: port to libseccomp | Ronny Chevalier | |
2014-02-12 | man: use xinclude to de-deduplicate common text | Zbigniew Jędrzejewski-Szmek | |
I only tested with python-lxml. I'm not sure if xml.etree should be deprecated. | |||
2014-02-12 | pager: support SYSTEMD_LESS environment variable | Jason A. Donenfeld | |
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less. | |||
2014-02-12 | nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵ | Lennart Poettering | |
of this | |||
2014-02-12 | machinectl: add new "machinectl reboot" call | Lennart Poettering | |
2014-02-11 | machined: optionally, allow registration of pre-existing units (scopes | Lennart Poettering | |
or services) as machine with machined | |||
2014-02-11 | nspawn: add --register=yes|no switch to optionally disable registration of ↵ | Lennart Poettering | |
the container with machined | |||
2014-02-10 | networkd: VLAN - allow multiple vlans to be created on a link | Tom Gundersen | |
Also limit the range of vlan ids. Other implementations and documentation use the ranges {0,1}-{4094,4095}, but we use the one accepted by the kernel: 0-4094. Reported-by: Oleksii Shevchuk <alxchk@gmail.com> | |||
2014-02-10 | nspawn: add new --share-system switch to run a container without PID/UTS/IPC ↵ | Lennart Poettering | |
namespacing | |||
2014-02-10 | nspawn,man: use a common vocabulary when referring to selinux security contexts | Lennart Poettering | |
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly. |