| Age | Commit message (Collapse) | Author |
|---|
|
Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be
used to specify users to kill, independently of the KillUserProcesses
setting. Having the settings orthogonal seems to make more sense. It also
makes KillOnlyUsers symmetrical to KillExcludeUsers.
|
|
This ensures that users sessions are properly cleaned up after.
The admin can still enable or disable linger for specific users to allow
them to run processes after they log out. Doing that through the user
session is much cleaner and provides better control.
dbus daemon can now be run in the user session (with --enable-user-session,
added in 1.10.2), and most distributions opted to pick this configuration.
In the normal case it makes a lot of sense to kill remaining processes.
The exception is stuff like screen and tmux. But it's easy enough to
work around, a simple example was added to the man page in previous
commit. In the long run those services should integrate with the systemd
users session on their own.
https://bugs.freedesktop.org/show_bug.cgi?id=94508
https://github.com/systemd/systemd/issues/2900
|
|
The description in the man page was wrong, KillUserProcesses does
not kill all processes of the user. Describe what the setting
does, and also add links between the relavant sections of the
manual.
Also, add an extensive example which shows how to launch screen
in the background.
|
|
|
|
DHCP DUID parsing fix, logging fix, man-page fix
|
|
|
|
Man coredump sysctl
|
|
Add `--value` option to systemctl and loginctl to only print values
|
|
|
|
Added in 3c171f0b1e.
|
|
|
|
This recently moved from /cgroups/ to /cgroup-v1/.
Fixes #2958
|
|
|
|
1. Replace strtol with unhexchar, verified with valid and invalid DUID strings.
2. Fix logging to use log_syntax instead of log_error.
3. On error reading DUID, ignore read and preserve previous state.
4. Fix man-pages to use markup, remove options not yet implemented.
5. Remove spurious header line in new files.
|
|
|
|
With this option, systemctl will only print the rhs in show:
$ systemctl show -p Wants,After systemd-journald --value
systemd-journald.socket ...
systemd-journald-dev-log.socket ...
This is useful in scripts, because the need to call awk or similar
is removed.
|
|
*.localdomain != localhost
|
|
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any
product expecting *.localdomain to resolve to localhost, however I am aware of
at least one product that defaults to ".localdomain" as its DNS suffix provided
via DHCP (pfSense). This leads to unexpected results when attempting to access
a host that's offline (or a host that's online, when nsswitch.conf is
[mis-]configured to have myhostname ahead of DNS).
Operate on:
localhost (and localhost.)
*.localhost (and *.localhost.)
localhost.localdomain (and localhost.localdomain.)
*.localhost.localdomain (and *.localhost.localdomain.)
We should not cover:
*.localdomain (nor *.localdomain.)
localdomain (nor localdomain.)
|
|
Offline updates man page
|
|
In 110ceee58e5bc796c03a7db2109f85a999d5bc2e we removed the period after
printing the started units. This makes copying the unit name easier but
results in improper English.
This adds a colon before printing the units, which makes the output
look better.
|
|
Most of the changes are already implemented in dnf-system-upgrade.service
and packagekit-offline-update.service, so this update mostly changes the
documentation to match status quo.
|
|
Also fixes option name (s/--path/--prefix/).
|
|
Fixes #2901.
|
|
|
|
|
|
|
|
|
|
If you start a unit with systemd-run you usually need its name to
inspect it or stop it. Removing the period makes copying the unit name
easier.
|
|
|
|
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
|
|
|
|
This imports most of http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/
to turn it into a man page. Similarly for the man page about generators,
this will make it easier to keep up-to-date, keep a history of changes,
and make it more discoverable for end-users.
|
|
Signed-off-by: Petros Angelatos <petrosagg@gmail.com>
|
|
|
|
|
|
systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
|
|
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
|
|
|
|
man: clarify unit ordering language
|
|
|
|
Remove systemd-bootchart
|
|
|
|
|
|
So far we recommended placing "nss-mymachines" after "nss-resolve" in the order
of preference in /etc/nsswitch.conf. This change reverse this order.
Rationale: single-label names are resolved via LLMNR by resolved, which has to
time out if no peer by that name exists. By placing "nss-mymachines" first
(which always responds immediately) we avoid running into this timeout for most
containers. Both modules should return the same data if LLMNR is used by the
container anyway.
While we are at it, improve the man pages of the three NSS modules in other
ways a bit.
|
|
Networkctl prettification
|
|
|
|
Better to use the mirror manager and https.
|
|
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
|
|
network: minor manpage clarifications
|
|
udevadm test-builtin can be very useful for testing .link files, so add a reference.
Addresses issue #2406.
|
