Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-02-25 | Use /var/run/dbus/system_bus_socket for the D-Bus socket | Zbigniew Jędrzejewski-Szmek | |
2014-02-26 | Revert back to /var/run at a couple of problems | Lennart Poettering | |
This partially reverts 41a55c46ab8fb4ef6727434227071321fc762cce Some specifications we want to stay compatibility actually document /var/run, not /run, and we should stay compatible with that. In order to make sure our D-Bus implementation works on any system, regardless if running systemd or not, we should always use /var/run which is the only path mandated by the D-Bus spec. Similar, glibc hardcodes the utmp location to /var/run, and this is exposed in _UTMP_PATH in limits.h, hence let's stay in sync with this public API, too. We simply do not support systems where /var/run is not a symlink → /run. Hence both are equivalent. Staying compatible with upstream specifications hence weighs more than cleaning up superficial appearance. | |||
2014-02-25 | Replace /var/run with /run in remaining places | Zbigniew Jędrzejewski-Szmek | |
/run was already used almost everywhere, fix the remaining places for consistency. | |||
2014-02-26 | exec: imply NoNewPriviliges= only when seccomp filters are used in user mode | Lennart Poettering | |
2014-02-26 | core: add new RestrictAddressFamilies= switch | Lennart Poettering | |
This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform. | |||
2014-02-25 | networkd: add basic support for MACVLANs | Tom Gundersen | |
2014-02-25 | man: refer to systemd.net{work,dev}(5) from systemd-networkd(8) | Tom Gundersen | |
2014-02-25 | man: split out systemd.net{work,dev}(5) from systemd-networkd(8) | Tom Gundersen | |
2014-02-25 | man: split out systemd.link(5) from udev(7) | Tom Gundersen | |
2014-02-25 | man: networkd - clarify that multiple addresses/routes are supported | Tom Gundersen | |
2014-02-25 | nspawn: add new switch --network-macvlan= to add a macvlan device to the ↵ | Lennart Poettering | |
container | |||
2014-02-24 | core: add global settings for enabling CPUAccounting=, MemoryAccounting=, ↵ | Lennart Poettering | |
BlockIOAccounting= for all units at once | |||
2014-02-23 | man: document that per-interface sysctl variables are applied as network ↵ | Lennart Poettering | |
interfaces show up https://bugzilla.redhat.com/show_bug.cgi?id=1062955 | |||
2014-02-23 | core: clean up some confusing regarding SI decimal and IEC binary suffixes ↵ | Lennart Poettering | |
for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is. | |||
2014-02-22 | udev: net - allow MTU and Speed to be specified with units | Tom Gundersen | |
This also changes the names to MTUBytes and BitsPerSecond, respectively. Notice that the speed was mistakenly documented to be in bytes before this change. | |||
2014-02-22 | cgroup: Extend DeviceAllow= syntax to whitelist groups of devices, not just ↵ | Lennart Poettering | |
particular devices nodes | |||
2014-02-21 | net-util: match on the driver as exposed by ethtool if DRIVER not set | Tom Gundersen | |
Also fix a copy-paste error that broke matching on interface name. | |||
2014-02-21 | man: networkd typo fixes | Thomas Hindoe Paaboel Andersen | |
2014-02-21 | man: suffix networkd config file options with "=" | Lennart Poettering | |
That's what we do for all options in the other man pages. It helps clarifying that these are options that values need to be assigned to. | |||
2014-02-21 | man: split settings documentaiton in systemd.unit(5) into two sections | Lennart Poettering | |
2014-02-21 | man: don't document ".include" in configuration files anymore as first step ↵ | Lennart Poettering | |
to deprecate them one day | |||
2014-02-21 | .network/.netdev/.link: allow to match on architecture | Tom Gundersen | |
2014-02-21 | man: there is no ExecStopPre= for service units | Lennart Poettering | |
https://bugs.freedesktop.org/show_bug.cgi?id=73177 | |||
2014-02-20 | man: xinclude pkg-config note | Zbigniew Jędrzejewski-Szmek | |
2014-02-20 | man: xinclude --host/--machine | Zbigniew Jędrzejewski-Szmek | |
As usual, those common options are pushed to the end. | |||
2014-02-20 | man: xinclude --user/--system | Zbigniew Jędrzejewski-Szmek | |
2014-02-20 | man: xinclude --help/--version/--no-pager | Zbigniew Jędrzejewski-Szmek | |
2014-02-20 | build-sys: add conditionals and regenerate manpage list | Zbigniew Jędrzejewski-Szmek | |
The list of man pages is auto generated, based on conditonal='...' attributes in the man page itself. | |||
2014-02-21 | nspawn: when adding a veth interface to a bridge, use the "vb-" rather than ↵ | Lennart Poettering | |
"ve-" interface name prefix This way we can recognize the interfaces later on to apply different host-side configuration to them. | |||
2014-02-21 | core: Add AppArmor profile switching | Michael Scherer | |
This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature. | |||
2014-02-21 | core: add new ConditionArchitecture() that checks the architecture returned ↵ | Lennart Poettering | |
by uname()'s machine field. | |||
2014-02-20 | man: networkd/udev - add to [Match] documentation | Tom Gundersen | |
2014-02-19 | udev: net-config - allow interface names to be set from the hwdb | Tom Gundersen | |
2014-02-19 | man: fix references to .pc files which aren't separate anymore | Lennart Poettering | |
2014-02-19 | man: don't advertise sd-daemon as embeddable anymore | Lennart Poettering | |
It's now part of libsystemd, and should be used like any other API. | |||
2014-02-19 | busctl: add --no-legend and use in bash completion | Thomas Hindoe Paaboel Andersen | |
2014-02-19 | man: busctl typo fix | Thomas Hindoe Paaboel Andersen | |
2014-02-19 | man: document $MAINPID | Lennart Poettering | |
2014-02-19 | core: add Personality= option for units to set the personality for spawned ↵ | Lennart Poettering | |
processes | |||
2014-02-18 | nspawn: add new --personality= switch to make it easier to run 32bit ↵ | Lennart Poettering | |
containers on a 64bit host | |||
2014-02-18 | net-match: fix Driver= match | Tom Gundersen | |
It should match on the driver of the parent device. | |||
2014-02-18 | seccomp: add helper call to add all secondary archs to a seccomp filter | Lennart Poettering | |
And make use of it where appropriate for executing services and for nspawn. | |||
2014-02-18 | machinectl: remove unused --no-ask-password | Thomas Hindoe Paaboel Andersen | |
2014-02-18 | machinectl: add bash completion | Thomas Hindoe Paaboel Andersen | |
2014-02-18 | man: machinectl: there is no command 'kill-machine' | Thomas Hindoe Paaboel Andersen | |
2014-02-18 | man: minor fixes to networkd page | Tom Gundersen | |
Also enforce that we don't allow setting the Broadcast for IPv6 addresses. | |||
2014-02-18 | doc: orthographic corrections | Jan Engelhardt | |
2014-02-17 | doc: utilize the DocBook markup for some literals | Jan Engelhardt | |
2014-02-17 | doc: reword "shared per-thread" wording | Jan Engelhardt | |
Either it is shared across threads, or it is per-thread: decide. Reading the source code, I see a thread_local identifier, so that's that. But that does not yet preclude that a program may pass around the pointer returned from the function among its own threads. Do a best effort at saying so. | |||
2014-02-17 | doc: balance C indirections in function prototypes | Jan Engelhardt | |
Shift the asterisks in the documentation's prototypes such that they are consistent among each other. Use the right side to match source code. |