Age | Commit message (Collapse) | Author |
|
* Specifying a device node has an effect much larger than a simple shortcut
for a field/value match, so the original sentence is no longer a good way
to start the paragraph.
* Specifying a device node causes matches to be generated for all ancestor
devices of the device specified, not just its parents.
* Indicates that the path must be absolute, but that it may be a link.
* Eliminates a few typos.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1151651
Also explain what localectl does a bit better:
https://bugzilla.redhat.com/show_bug.cgi?id=1357861
|
|
namespace: unify limit behavior on non-directory paths
|
|
Let's make sure our logging APIs is in sync with how stdout/stderr logging
works.
|
|
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories=
to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept
as aliases but they are not advertised in the documentation.
Renamed variables:
`read_write_dirs` --> `read_write_paths`
`read_only_dirs` --> `read_only_paths`
`inaccessible_dirs` --> `inaccessible_paths`
|
|
Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.
Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
|
|
|
|
Trivial fixes
|
|
|
|
The distinction between systemd-shutdown the binary vs system-shutdown
the hook directory (without the 'd') is not immediately obvious and can
be quite confusing if you are looking for a directory which doesn't exist.
Therefore explicitly mention the hook directory in the synopsis with a
trailing slash to make it clearer which is which.
|
|
|
|
systemd.special.xml: corrections about implicit
dependencies for basic.target, sysinit.target and shutdown.target.
systemd.target.xml: corrections about implicit dependencies for
target units in general.
|
|
|
|
|
|
|
|
|
|
The xmit_hash_policy does not have 802.3ad value. Remove this
from man.
|
|
|
|
|
|
For backwards compatibility, both the new format (Mon..Wed) and
the old format (Mon-Wed) are supported.
|
|
Resolves #3042
|
|
|
|
sd_event_get_iteration() (#3631)
This extends the existing event loop iteration counter to 64bit, and exposes it
via a new function sd_event_get_iteration(). This is helpful for cases like
issue #3612. After all, since we maintain the counter anyway, we might as well
expose it.
(This also fixes an unrelated issue in the man page for sd_event_wait() where
micro and milliseconds got mixed up)
|
|
Type=notify has a magic overriding case where a NotifyAccess=none
is turned into a NotifyAccess=main for sanity purposes.
This makes docs more clear about such behavior:
https://github.com/systemd/systemd/blob/2787d83c28b7565ea6f80737170514e5e6186917/src/core/service.c#L650:L651
|
|
means (#3571)
My educated guess is that #3561 was filed due to confusion around the
systemd-resolve "Data Authenticated:" output. Let's try to clean up the
confusion a bit, and document what it means in the man page.
|
|
|
|
In some cases, caching DNS results locally is not desirable, a it makes DNS
cache poisoning attacks a tad easier and also allows users on the system to
determine whether or not a particular domain got visited by another user. Thus
provide a new "Cache" resolved.conf option to disable it.
|
|
resolved: more fixes, among them "systemctl-resolve --status" to see DNS configuration in effect, and a local DNS stub listener on 127.0.0.53
|
|
It takes a boolean value. If true, access to SCHED_RR, SCHED_FIFO and
SCHED_DEADLINE is blocked, which my be used to lock up the system.
|
|
This change documents the existance of the systemd-nspawn@.service template
unit file, which was previously not mentioned at all. Since the unit file uses
slightly different default than nspawn invoked from the command line, these
defaults are now explicitly documented too.
A couple of further additions and changes are made, too.
Replaces: #3497
|
|
|
|
Add sd_notify() parameter to change watchdog_usec during runtime.
Application can change watchdog_usec value by
sd_notify like this. Example. sd_notify(0, "WATCHDOG_USEC=20000000").
To reset watchdog_usec as configured value in service file,
restart service.
Notice.
sd_event is not currently supported. If application uses
sd_event_set_watchdog, or sd_watchdog_enabled, do not use
"WATCHDOG_USEC" option through sd_notify.
|
|
* sd_bus_add_match
* sd_bus_get_fd
* sd_bus_message_read_basic
* sd_bus_process
|
|
Let's explain the various APIs and various ways to handle /etc/resolv.conf.
|
|
The new command shows the per-link and global DNS configuration currently in
effect. This is useful to quickly see the DNS settings resolved acquired from
networkd and that was pushed into it via the bus APIs.
|
|
In makefile we create symlinks runlevel5.target to graphical.target and
runlevel2-4.target to multi-user.target. Let's say the same thing in
systemd.special manpage.
|
|
networkd: add support for vrf interfaces (#3316)
|
|
various changes, most importantly regarding memory metrics
|
|
|
|
|
|
executed services
This permits services to detect whether their stdout/stderr is connected to the
journal, and if so talk to the journal directly, thus permitting carrying of
metadata.
As requested by the gtk folks: #2473
|
|
-x never worked, so let's just correct the man page.
Fixes #3524.
|
|
|
|
settings
If a percentage is used, it is taken relative to the installed RAM size. This
should make it easier to write generic unit files that adapt to the local system.
|
|
fixes #3298
|
|
Syscall filter fixes, tighter nspawn seccomp sandbox by default
|
|
Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
|
|
This adds three new seccomp syscall groups: @keyring for kernel keyring access,
@cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and
suchlike, and @debug for ptrace() and related calls.
Also, the @clock group is updated with more syscalls that alter the system
clock. capset() is added to @privileged, and pciconfig_iobase() is added to
@raw-io.
Finally, @obsolete is a cleaned up. A number of syscalls that never existed on
Linux and have no number assigned on any architecture are removed, as they only
exist in the man pages and other operating sytems, but not in code at all.
create_module() is moved from @module to @obsolete, as it is an obsolete system
call. mem_getpolicy() is removed from the @obsolete list, as it is not
obsolete, but simply a NUMA API.
|
|
And expose it in "resolve-tool --flush-caches".
|
|
|