Age | Commit message (Collapse) | Author |
|
- do not suggest that vendor configuration files should be in
/etc, use /usr/lib/tmpfiles.d instead
- split the first example, because the text talked about "needing
two directories", but then a smack attribute was also set, and
on a different path, which looked like a typo. Replace that
with the example from original patch [1] which added 't'.
- fix the example for /var/tmp/abrt. The 'x' line was redundant,
because /var/tmp/abrt/* is already filtered because "d /var/tmp/abrt"
overrides "d /var/tmp".
[1] http://permalink.gmane.org/gmane.comp.sysutils.systemd.devel/25051
|
|
|
|
|
|
|
|
v2:
- "=" is required, so remove the <optional> tags that v1 added
|
|
* man: change time unit specifier for minutes to "m", not "min".
To alert the reader to the fact that the ambiguous prefix "m" will be
interpreted as minutes, not months.
* man: change 'journal files' to 'archived journal files'.
So that the user may be reminded why they see log entries in the journal
from a time previous to the one they specified when using --vacuum-time.
|
|
|
|
|
|
Fixes: #2889
|
|
Let's make this more digestable to read by making the list of documented unit
file paths a bit shorter.
Specifically, let's drop references to $XDG_CONFIG_HOME and $XDG_DATA_HOME, as
their default values are listed too already. Given that the fact that the XDG
basedir spec makes these paths configurable is probably not a strong point of
the spec, let's drop the reference to the env vars, and keep only the literal,
default paths for them in the list. Of course, we do support the full XDG
basedir spec in this regard, but it's one thing to implement it and another one
to recommend it by documenting it.
Replace "$HOME" by "~", because UNIX.
|
|
This new command removes all, or all hidden container images that have been
downloaded.
|
|
This hopefully reduces confusion resulting in issues like #2992.
|
|
This allows dropping all user configuration and reverting back to the vendor
default of a unit file. It basically undoes what "systemctl edit", "systemctl
set-property" and "systemctl mask" do.
|
|
Now, that the search path logic knows the unit path for transient units we also
can introduce an explicit unit file state "transient" that clarifies to the
user what kind of unit file he is encountering.
|
|
Now that we store the generator directories in LookupPaths we can use this to
intrdouce a new unit file state called "generated", for units in these
directories.
Fixes: #2348
|
|
|
|
We check /etc/machine-id of the container and if it is already populated
we use value from there, possibly ignoring value of --uuid option from
the command line. When dealing with R/O image we setup transient machine
id.
Once we determined machine id of the container, we use this value for
registration with systemd-machined and we also export it via
container_uuid environment variable.
As registration with systemd-machined is done by the main nspawn process
we communicate container machine id established by setup_machine_id from
outer child to the main process by unix domain socket. Similarly to PID
of inner child.
|
|
DHCP DUID parsing fix, logging fix, man-page fix
|
|
|
|
Man coredump sysctl
|
|
Add `--value` option to systemctl and loginctl to only print values
|
|
|
|
Added in 3c171f0b1e.
|
|
|
|
This recently moved from /cgroups/ to /cgroup-v1/.
Fixes #2958
|
|
|
|
1. Replace strtol with unhexchar, verified with valid and invalid DUID strings.
2. Fix logging to use log_syntax instead of log_error.
3. On error reading DUID, ignore read and preserve previous state.
4. Fix man-pages to use markup, remove options not yet implemented.
5. Remove spurious header line in new files.
|
|
|
|
With this option, systemctl will only print the rhs in show:
$ systemctl show -p Wants,After systemd-journald --value
systemd-journald.socket ...
systemd-journald-dev-log.socket ...
This is useful in scripts, because the need to call awk or similar
is removed.
|
|
*.localdomain != localhost
|
|
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any
product expecting *.localdomain to resolve to localhost, however I am aware of
at least one product that defaults to ".localdomain" as its DNS suffix provided
via DHCP (pfSense). This leads to unexpected results when attempting to access
a host that's offline (or a host that's online, when nsswitch.conf is
[mis-]configured to have myhostname ahead of DNS).
Operate on:
localhost (and localhost.)
*.localhost (and *.localhost.)
localhost.localdomain (and localhost.localdomain.)
*.localhost.localdomain (and *.localhost.localdomain.)
We should not cover:
*.localdomain (nor *.localdomain.)
localdomain (nor localdomain.)
|
|
Offline updates man page
|
|
In 110ceee58e5bc796c03a7db2109f85a999d5bc2e we removed the period after
printing the started units. This makes copying the unit name easier but
results in improper English.
This adds a colon before printing the units, which makes the output
look better.
|
|
Most of the changes are already implemented in dnf-system-upgrade.service
and packagekit-offline-update.service, so this update mostly changes the
documentation to match status quo.
|
|
Also fixes option name (s/--path/--prefix/).
|
|
Fixes #2901.
|
|
|
|
|
|
|
|
|
|
If you start a unit with systemd-run you usually need its name to
inspect it or stop it. Removing the period makes copying the unit name
easier.
|
|
|
|
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
|
|
|
|
This imports most of http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/
to turn it into a man page. Similarly for the man page about generators,
this will make it easier to keep up-to-date, keep a history of changes,
and make it more discoverable for end-users.
|
|
Signed-off-by: Petros Angelatos <petrosagg@gmail.com>
|
|
|
|
|
|
systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
|
|
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
|