summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2014-06-16tmpfiles: add new "L+" command as stronger version of "L", that removes the ↵Lennart Poettering
destination before creating a symlink Also, make use of this for mtab as long as mount insists on creating it even if we invoke it with "-n".
2014-06-16mount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s ↵Lennart Poettering
"-s" switch
2014-06-13os-release: define /usr/lib/os-release as fallback for /etc/os-releaseLennart Poettering
The file should have been in /usr/lib/ in the first place, since it describes the OS container in /usr (and not the configuration in /etc), hence, let's support os-release files in /usr/lib as fallback if no version in /etc exists, following the usual override logic. A prior commit already enabled tmpfiles to create /etc/os-release as a symlink to /usr/lib/os-release should it be missing, thus providing nice compatibility with applications only checking in /etc. While it's probably a good idea if all apps check both locations via a fallback logic, it is only necessary in the early boot process, as long as the /etc/os-release symlink has not been restored, in case we boot with an empty /etc.
2014-06-11units: introduce network-pre.target as place to hook in firewallsLennart Poettering
network-pre.target is a passive target that should be pulled in by services that want to be executed before any network is configured (for example: firewall scrips). network-pre.target should be ordered before all network managemet services (but not be pulled in by them). network-pre.target should be order after all services that want to be executed before any network is configured (and be pulled in by them).
2014-06-11tmpfiles: add ability to mask access mode by pre-existing access mode on ↵Lennart Poettering
files/directories This way it makes a lot more sense to specify an access mode for "Z" lines.
2014-06-11tmpfiles: when processing lines, always process prefixes before suffixesLennart Poettering
If two lines refer to paths that are suffix and prefix of each other, then always process the prefix first, the suffix second. In all other cases strictly process rules in the order they appear in the files. This makes creating /var/run as symlink to /run a lot more fun, since it is automatically created first.
2014-06-11nspawn: add new --tmpfs= option to mount a tmpfs on specific directories, ↵Lennart Poettering
such as /var
2014-06-10tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering
"m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
2014-06-10tmpfiles: add new "C" line for copying files or directoriesLennart Poettering
2014-06-10man: updates to the passive target sectionLennart Poettering
2014-06-10man: Searching for an explanation of what a "slice unit" was, found this, ↵Mark Eichin
felt compelled to send in fixes for the obvious typos
2014-06-09man: clarify the effect of replace-irreversibly on future conflicting jobsDavid Strauss
2014-06-06man: fix references to sd_journal_cutoff_realtime_usecMantas Mikulėnas
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05core: introduce new Restart=on-abnormal settingLennart Poettering
Restart=on-abnormal is similar to Restart=on-failure, but avoids restarts on unclean exit codes (but still doing restarts on all obviously unclean exits, such as timeouts, signals, coredumps, watchdog timeouts). Also see: https://fedorahosted.org/fpc/ticket/191
2014-06-05core: don't include /boot in effect of ProtectSystem=Lennart Poettering
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04journald: move /dev/log socket to /runLennart Poettering
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
2014-06-04socket: add new Symlinks= option for socket unitsLennart Poettering
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-06-02resolved: move resolv.conf to resolved's runtime dirTom Gundersen
2014-05-28hostnamed: Fix the way that static and transient host names interactStef Walter
It is almost always incorrect to allow DHCP or other sources of transient host names to override an explicitly configured static host name. This commit changes things so that if a static host name is set, this will override the transient host name (eg: provided via DHCP). Transient host names can still be used to provide host names for machines that have not been explicitly configured with a static host name. The exception to this rule is if the static host name is set to "localhost". In those cases we act as if no static host name has been explicitly set. As discussed elsewhere, systemd may want to have an fd based ownership of the transient name. That part is not included in this commit.
2014-05-24man: describe sd_uid_get_displayZbigniew Jędrzejewski-Szmek
2014-05-24man: reword StartupCPUShares= descriptionZbigniew Jędrzejewski-Szmek
Now that we have two options described in the same paragraph, we cannot use singular anymore.
2014-05-22man: update URL refernce in daemon(7)Lennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html
2014-05-22man: drop reference to file locking for PID file creation from daemon(7)Lennart Poettering
File locking is usually a bad idea, don't suggest using it.
2014-05-22cgroups: simplify CPUQuota= logicLennart Poettering
Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22cgroup: rework startup logicLennart Poettering
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io weights, and keep the startup unit set around all the time.
2014-05-22core: add startup resource control optionWaLyong Cho
Similar to CPUShares= and BlockIOWeight= respectively. However only assign the specified weight during startup. Each control group attribute is re-assigned as weight by CPUShares=weight and BlockIOWeight=weight after startup. If not CPUShares= or BlockIOWeight= be specified, then the attribute is re-assigned to each default attribute value. (default cpu.shares=1024, blkio.weight=1000) If only CPUShares=weight or BlockIOWeight=weight be specified, then that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-05-19resolved: add daemon to manage resolv.confTom Gundersen
Also remove the equivalent functionality from networkd.
2014-05-19fix spelling of privilegeNis Martensen
2014-05-18man: note that entire sections can now be ignoredMichael Marineau
Prefixing a section name with "X-" will cause it and all of its contents to be silently ignored as of commit 342aea19.
2014-05-16man: logind.conf: fix grammar issues, unclear wording, and unclear default ↵Jason St. John
values
2014-05-16man: update journald rate limit defaultsMantas Mikulėnas
This brings the man page back into sync with the actual code.
2014-05-16fsck: Allow to specify the fsck repair option in the cmdlineHolger Hans Peter Freyther
Some unattended systems do not have a console attached and entering the default rescue mode will not be too helpful. Allow to specify the "-y" option to attempt to fix all filesystem errors. Manually verified by downloading an image.gz of e2fsprogs, using losetup and running systemd-fsck on the loop device and varying the fsck.repair=preen|yes|no option.
2014-05-16man: readahead: fix cmdline switch inconsistency between readahead.c and docsAlison Chaiken
Source code has "files-max" and XML has --max-files.
2014-05-16man: fix some minor language typosLennart Poettering
2014-05-16man: clarify that the ExecReload= command should be synchronousLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019054.html
2014-05-15Fix typos in systemctl manpageEelco Dolstra
2014-05-09man: sd_journal_send does nothing when journald is not availableZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1096067
2014-05-07doc: balance C indirections in function prototypesJan Engelhardt
Shift the asterisks in the documentation's prototypes such that they are consistent among each other. Use the right side to match what is used in source code. Addendum to commit v209~82.
2014-05-07doc: write out stdin/stdout file descriptorsJan Engelhardt
"When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc." Addendum to commit v209~127.
2014-05-07doc: comma placement corrections and word orderJan Engelhardt
Set commas where there should be some. Some improvements to word order.
2014-05-07doc: corrections to words and formsJan Engelhardt
This patch exchange words which are inappropriate for a situation, deletes duplicated words, and adds particles where needed.
2014-05-06doc: adhere to XML syntaxJan Engelhardt
2014-05-06doc: typographical fine tuningJan Engelhardt
2014-05-06doc: use non-contracted forms in written documentsJan Engelhardt
2014-05-06man: document sd_event_add_time(3)Lennart Poettering