Age | Commit message (Collapse) | Author |
|
That way ordering it with MountsRequiredFor= works properly, as this no
longer results in mount units start requests to be added to the shutdown
transaction that conflict with stop requests for the same unit.
|
|
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
|
|
the user what's going on
Let's try to be helpful to the user and give him a hint what he can do
to make nspawn work with normal OS containers.
https://bugzilla.redhat.com/show_bug.cgi?id=893751
|
|
|
|
with nspawn containers
|
|
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
|
|
|
|
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
|
|
|
|
|
|
|
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=64014
|
|
Do the depmod in the kernel-install hooks, so hooks can produce/install
kernel modules and be part of the depmod.
Also move the basic boot loader entry creation and removal to a
plugin script.
If PRETTY_NAME is not defined in /etc/os-release, fallback to
PRETTY_NAME="Linux $KERNEL_VERSION".
Add documentation for everything in the man page.
|
|
|
|
So no one needs to say "go to fd.o/software/systemd/man, open page X,
then scroll down to section 3, and look for ..." anymore.
|
|
This patch adds more script-friendly output for list-dependencies.
|
|
As some SSDs are still seeing performance degredation when
reaching 85% usage the default value of 5% seems a little low.
Set this to 15% by default.
|
|
Everything which is an absolute filename marked with <filename></filename>
lands in the index, unless noindex= attribute is present. Should make
it easier for people to find stuff when they are looking at a file on
disk.
Various formatting errors in manpages are fixed, kernel-install(1) is
restored to formatting sanity.
|
|
|
|
Bootchart has a help option. For the sake of consistency, this patch
adds it to the man page.
Also, the TODO is updated. Bootcharts were added to the journal in
commit c4d58b0.
|
|
cg_get_machine_path is modified to include the escaped machine name
+ ".nspawn" if the machine argument is nonnull.
|
|
|
|
We generally document the suggested paths, not the paths possible in
weird, non-standard setups. We do this in order to not confuse
administrators/users unnecessarily and to push people to install things
into the same directories on all distributions.
We are PID 1 after all, the really basic building block of the OS.
Unlike for an app there's very little benefit in being entirely
relocatable.
|
|
Also, always accept both our simple hexdump syntax and UUID syntax.
|
|
Related to https://bugzilla.redhat.com/show_bug.cgi?id=957135.
|
|
"critical-chain" prints a tree of the critical chain of units
$ ./systemd-analyze critical-chain
graphical.target @1.226s
└─multi-user.target @1.226s
└─nfs-lock.service @961ms +265ms
└─rpcbind.service @958ms +1ms
└─network.target @957ms
└─NetworkManager.service @434ms +522ms
└─basic.target @428ms
└─sockets.target @428ms
└─dbus.socket @428ms
└─sysinit.target @427ms
└─systemd-tmpfiles-setup.service @411ms +15ms
└─local-fs.target @410ms
└─boot-efi.automount @410ms
└─boot.mount @397ms +9ms
└─local-fs-pre.target @192ms
└─systemd-udevd.service @187ms +5ms
└─systemd-udevd-control.socket @140ms
└─-.mount
With the "--fuzz=<ms>" parameter one can display more units around
the critical units.
$ ./systemd-analyze --fuzz=10ms critical-chain
└─multi-user.target @1.226s
└─nfs-lock.service @961ms +265ms
├─rpcbind.service @958ms +1ms
│ └─network.target @957ms
│ └─NetworkManager.service @434ms +522ms
│ ├─basic.target @428ms
│ │ ├─sockets.target @428ms
│ │ │ ├─dbus.socket @428ms
│ │ │ │ └─sysinit.target @427ms
│ │ │ │ ├─systemd-tmpfiles-setup.service @411ms +15ms
│ │ │ │ │ └─local-fs.target @410ms
│ │ │ │ │ └─boot-efi.automount @410ms
│ │ │ │ │ └─boot.mount @397ms +9ms
│ │ │ │ │ └─local-fs-pre.target @192ms
│ │ │ │ │ └─systemd-udevd.service @187ms +5ms
│ │ │ │ │ ├─systemd-udevd-control.socket @140ms
│ │ │ │ │ │ └─-.mount
│ │ │ │ │ └─systemd-udevd-kernel.socket @140ms
│ │ │ │ └─swap.target @421ms
│ │ │ │ └─dev-disk-by\x2duuid-....swap @414ms +6ms
│ │ │ │ └─systemd-journald.socket
│ │ │ ├─rpcbind.socket @428ms
│ │ │ └─cups.socket @428ms
│ │ ├─paths.target @428ms
│ │ │ └─cups.path @428ms
│ │ ├─timers.target @427ms
│ │ │ └─systemd-tmpfiles-clean.timer @427ms
│ │ └─sysinit.target @427ms
│ │ └─...
│ └─dbus.socket @428ms
│ └─...
└─network.target @957ms
└─...
|
|
|
|
machines and containers
|
|
Also update completion scripts a bit.
|
|
|
|
|
|
|
|
Also clarify rd.luks.uuid and luks.uuid in the manual.
https://bugzilla.redhat.com/show_bug.cgi?id=905683
|
|
|
|
I wouldn't know what "internally" is supposed to mean hear, and we use
this terminology in this context nowhere else, so let's drop this.
|
|
This reverts commit 432c30d25fc2a7b4939d5ea6c29708e1323a2b9c.
Suggestion was to fix bash instead. :-/
|
|
Using the signal name to put systemd in debug mode with bash results in:
$ kill -s SIGRTMIN+22 1
bash: kill: SIGRTMIN+22: invalid signal specification
whereas this works:
$ kill -s SIGRTMAX-8 1
/usr/bin/kill understands both signal names, so just change them to the
bash names.
|
|
Novice users might think, that
$ systemctl --all
is equal to
$ systemctl list-unit-files
https://bugzilla.redhat.com/show_bug.cgi?id=748512
|
|
Previously only one "--unit=" or "--user-unit" could be specified.
With this patch, journalcrtl can show multiple units.
$ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b
-- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12
09:10:22 CEST. --
Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager.
Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager.
Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager.
Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used
instead of sendmail.)
Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify
support)
Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon...
Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon.
Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22.
Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22.
Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8:
"/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
|
|
Apparently nsenter doesn't handle options concatenated together.
I'm pretty sure it worked at one point, but it seems like magic,
since each of those options can take arguments.
|
|
|
|
containers there
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
|
|
|
|
|
|
|
|
LISTEN UNIT ACTIVATES
/dev/initctl systemd-initctl.socket systemd-initctl.service
/dev/log systemd-journald.socket systemd-journald.service
...
[::]:19531 systemd-journal-gatewayd.socket systemd-journal-gatewayd.service
kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
17 sockets listed.
Pass --all to see loaded but inactive sockets, too.
|
|
This mirrors --property, and is generally useful.
New functionality is used in bash completion.
In case of zsh completion, new functionality is less useful
because of caching. Nevertheless, zsh completion for restart
is made to behave more-or-less the same as bash completion.
At least sockets can be restarted.
|
|
|
|
|