summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2014-06-05core: don't include /boot in effect of ProtectSystem=Lennart Poettering
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04journald: move /dev/log socket to /runLennart Poettering
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
2014-06-04socket: add new Symlinks= option for socket unitsLennart Poettering
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-06-02resolved: move resolv.conf to resolved's runtime dirTom Gundersen
2014-05-28hostnamed: Fix the way that static and transient host names interactStef Walter
It is almost always incorrect to allow DHCP or other sources of transient host names to override an explicitly configured static host name. This commit changes things so that if a static host name is set, this will override the transient host name (eg: provided via DHCP). Transient host names can still be used to provide host names for machines that have not been explicitly configured with a static host name. The exception to this rule is if the static host name is set to "localhost". In those cases we act as if no static host name has been explicitly set. As discussed elsewhere, systemd may want to have an fd based ownership of the transient name. That part is not included in this commit.
2014-05-24man: describe sd_uid_get_displayZbigniew Jędrzejewski-Szmek
2014-05-24man: reword StartupCPUShares= descriptionZbigniew Jędrzejewski-Szmek
Now that we have two options described in the same paragraph, we cannot use singular anymore.
2014-05-22man: update URL refernce in daemon(7)Lennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019410.html
2014-05-22man: drop reference to file locking for PID file creation from daemon(7)Lennart Poettering
File locking is usually a bad idea, don't suggest using it.
2014-05-22cgroups: simplify CPUQuota= logicLennart Poettering
Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22cgroup: rework startup logicLennart Poettering
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io weights, and keep the startup unit set around all the time.
2014-05-22core: add startup resource control optionWaLyong Cho
Similar to CPUShares= and BlockIOWeight= respectively. However only assign the specified weight during startup. Each control group attribute is re-assigned as weight by CPUShares=weight and BlockIOWeight=weight after startup. If not CPUShares= or BlockIOWeight= be specified, then the attribute is re-assigned to each default attribute value. (default cpu.shares=1024, blkio.weight=1000) If only CPUShares=weight or BlockIOWeight=weight be specified, then that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-05-19resolved: add daemon to manage resolv.confTom Gundersen
Also remove the equivalent functionality from networkd.
2014-05-19fix spelling of privilegeNis Martensen
2014-05-18man: note that entire sections can now be ignoredMichael Marineau
Prefixing a section name with "X-" will cause it and all of its contents to be silently ignored as of commit 342aea19.
2014-05-16man: logind.conf: fix grammar issues, unclear wording, and unclear default ↵Jason St. John
values
2014-05-16man: update journald rate limit defaultsMantas Mikulėnas
This brings the man page back into sync with the actual code.
2014-05-16fsck: Allow to specify the fsck repair option in the cmdlineHolger Hans Peter Freyther
Some unattended systems do not have a console attached and entering the default rescue mode will not be too helpful. Allow to specify the "-y" option to attempt to fix all filesystem errors. Manually verified by downloading an image.gz of e2fsprogs, using losetup and running systemd-fsck on the loop device and varying the fsck.repair=preen|yes|no option.
2014-05-16man: readahead: fix cmdline switch inconsistency between readahead.c and docsAlison Chaiken
Source code has "files-max" and XML has --max-files.
2014-05-16man: fix some minor language typosLennart Poettering
2014-05-16man: clarify that the ExecReload= command should be synchronousLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019054.html
2014-05-15Fix typos in systemctl manpageEelco Dolstra
2014-05-09man: sd_journal_send does nothing when journald is not availableZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1096067
2014-05-07doc: balance C indirections in function prototypesJan Engelhardt
Shift the asterisks in the documentation's prototypes such that they are consistent among each other. Use the right side to match what is used in source code. Addendum to commit v209~82.
2014-05-07doc: write out stdin/stdout file descriptorsJan Engelhardt
"When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc." Addendum to commit v209~127.
2014-05-07doc: comma placement corrections and word orderJan Engelhardt
Set commas where there should be some. Some improvements to word order.
2014-05-07doc: corrections to words and formsJan Engelhardt
This patch exchange words which are inappropriate for a situation, deletes duplicated words, and adds particles where needed.
2014-05-06doc: adhere to XML syntaxJan Engelhardt
2014-05-06doc: typographical fine tuningJan Engelhardt
2014-05-06doc: use non-contracted forms in written documentsJan Engelhardt
2014-05-06man: document sd_event_add_time(3)Lennart Poettering
2014-04-29timesyncd: add unit and man pageKay Sievers
2014-04-26man: networkd typo fixespoma
2014-04-26networkd-wait-online: drop config file and add commandline options insteadTom Gundersen
2014-04-25core: expose CFS CPU time quota as high-level unit propertiesLennart Poettering
2014-04-24bootchart: add control group optionWaLyong Cho
2014-04-24service: add FailureAction= optionMichael Olbrich
It has the same possible values as StartLimitAction= and is executed immediately if a service fails.
2014-04-24networkd-wait-online: improve interoptability and enable by defaultTom Gundersen
To make sure we don't delay boot on systems where (some) network links are managed by someone else we don't block if something else has successfully brought up a link. We will still block until all links we are aware of that are managed by networkd have been configured, but if no such links exist, and someone else have configured a link sufficiently that it has a carrier, it may be that the link is ready so we should no longer block. Note that in all likelyhood the link is not ready (no addresses/routes configured), so whatever network managment daemon configured it should provide a similar wait-online service to block network-online.target until it is ready. The aim is to block as long as we know networking is not fully configured, but no longer. This will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't know whether networkd is the main/only network manager. Even in the case networking is fully configured by networkd, the default behavior may not be sufficient: if two links need to be configured, but the first is fully configured before the second one appears we will assume the network is up. To work around that, we allow specifying specific devices to wait for before considering the network up. This unit is enabled by default, just like systemd-networkd, but will only be pulled in if anyone pulls in network-online.target.
2014-04-23man: recommend that XDG_SESSION_DESKTOP and XDG_CURRENT_DESKTOP use the same ↵Lennart Poettering
identifiers
2014-04-21service: add support for reboot argument when triggered by StartLimitAction=Michael Olbrich
When rebooting with systemctl, an optional argument can be passed to the reboot system call. This makes it possible the specify the argument in a service file and use it when the service triggers a restart. This is useful to distinguish between manual reboots and reboots caused by failing services.
2014-04-16man: document relationship between RequiresMountsFor and noautoZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
2014-04-16sysctl: replaces some slashes with dotsZbigniew Jędrzejewski-Szmek
It turns out that plain sysctl understands a.b/c syntax to write to /proc/sys/a/b.c. Support this for compatibility. https://bugs.freedesktop.org/show_bug.cgi?id=77466
2014-04-14man: fix typos in sd_event_newThomas Hindoe Paaboel Andersen
2014-04-13man: explain that the timestamps on incoming kdbus messages are not ↵Lennart Poettering
necessarily monotonically increasing
2014-04-13man: add man page for sd_event_new()Lennart Poettering
2014-04-13udev: remove seqnum API and all assumptions about seqnumsKay Sievers
The way the kernel namespaces have been implemented breaks assumptions udev made regarding uevent sequence numbers. Creating devices in a namespace "steals" uevents and its sequence numbers from the host. It confuses the "udevadmin settle" logic, which might block until util a timeout is reached, even when no uevent is pending. Remove any assumptions about sequence numbers and deprecate libudev's API exposing these numbers; none of that can reliably be used anymore when namespaces are involved.