summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-05-05logind: enforce a limit on current user sessionsLennart Poettering
We really should put limits on all resources we manage, hence add one to the number of concurrent sessions, too. This was previously unbounded, hence set a relatively high limit of 8K by default. Note that most PAM setups will actually invoke pam_systemd prefixed with "-", so that the return code of pam_systemd is ignored, and the login attempt succeeds anyway. On systems like this the session will be created but is not tracked by systemd.
2016-05-04Merge pull request #3156 from keszybz/duid-settingsLennart Poettering
Rework DUID setting
2016-05-04Merge pull request #3170 from poettering/v230-preparation-fixesLennart Poettering
make virtualization detection quieter, rework unit start limit logic, detect unit file drop-in changes correctly, fix autofs state propagation
2016-05-03networkd: Add support to configure IPv6 preferred lifetime (#3102)Susant Sahani
Closes #2166. We only allow 0, infinity and forever. infinity and forever is same.
2016-05-03Merge pull request #3132 from ssahani/route-tableZbigniew Jędrzejewski-Szmek
networkd: add support to set route table
2016-05-03networkd: add support to set route tableSusant Sahani
networkd: add support to set route table 1. add support to configure the table id. if id is less than 256 we can fit this in the header of route as netlink property is a char. But in kernel this proepty is a unsigned 32. Hence if greater that 256 add this as RTA_TABLE attribute. 2. we are not setting the address family now. Now set this property.
2016-05-03man: add a description of DUIDType and DUIDRawDataZbigniew Jędrzejewski-Szmek
This is essentially a revert of f38e0cce75ff2ffbd99f7e382ed39c160bb7d799 (which removed the documentation of DUIDType on purpose). The description is heavily updated for the new semantics. This addresses #3127 § 4.
2016-05-03man: s/similar/similarly/Zbigniew Jędrzejewski-Szmek
2016-05-03man: rename TriggerLimitIntervalBurst to TriggerLimitBurst (#3181)Evgeny Vereshchagin
[/etc/systemd/system/test.socket:2] Unknown lvalue 'TriggerLimitIntervalBurst' in section 'Socket' Follow-up for 8b26cdbd2a94
2016-05-02Merge pull request #3153 from poettering/async-cloneZbigniew Jędrzejewski-Szmek
machined: make "clone" asynchronous, and support copy-based fall-back
2016-05-02core: move enforcement of the start limit into per-unit-type code againLennart Poettering
Let's move the enforcement of the per-unit start limit from unit.c into the type-specific files again. For unit types that know a concept of "result" codes this allows us to hook up the start limit condition to it with an explicit result code. Also, this makes sure that the state checks in clal like service_start() may be done before the start limit is checked, as the start limit really should be checked last, right before everything has been verified to be in order. The generic start limit logic is left in unit.c, but the invocation of it is moved into the per-type files, in the various xyz_start() functions, so that they may place the check at the right location. Note that this change drops the enforcement entirely from device, slice, target and scope units, since these unit types generally may not fail activation, or may only be activated a single time. This is also documented now. Note that restores the "start-limit-hit" result code that existed before 6bf0f408e4833152197fb38fb10a9989c89f3a59 already in the service code. However, it's not introduced for all units that have a result code concept. Fixes #3166.
2016-05-02man: slightly extend the machinectl clone documentationLennart Poettering
2016-04-30Merge pull request #3152 from poettering/aliasfixZbigniew Jędrzejewski-Szmek
Refuse aliases to non-aliasable units in more places Fixes #2730.
2016-04-29Merge pull request #3151 from keszybz/pr3149-2Zbigniew Jędrzejewski-Szmek
Assorted fixes #3149 + one commit tacked on top
2016-04-29man: document that some unit types do not support unit aliases via symlinksLennart Poettering
2016-04-29core: make parsing of RLIMIT_NICE aware of actual nice levelsLennart Poettering
2016-04-29core: rename StartLimitInterval= to StartLimitIntervalSec=Lennart Poettering
We generally follow the rule that for time settings we suffix the setting name with "Sec" to indicate the default unit if none is specified. The only exception was the rate limiting interval settings. Fix this, and keep the old names for compatibility. Do the same for journald's RateLimitInterval= setting
2016-04-29core: move start ratelimiting check after condition checksLennart Poettering
With #2564 unit start rate limiting was moved from after the condition checks are to before they are made, in an attempt to fix #2467. This however resulted in #2684. However, with a previous commit a concept of per socket unit trigger rate limiting has been added, to fix #2467 more comprehensively, hence the start limit can be moved after the condition checks again, thus fixing #2684. Fixes: #2684
2016-04-29core: introduce activation rate limiting for socket unitsLennart Poettering
This adds two new settings TriggerLimitIntervalSec= and TriggerLimitBurst= that define a rate limit for activation of socket units. When the limit is hit, the socket is is put into a failure mode. This is an alternative fix for #2467, since the original fix resulted in issue #2684. In a later commit the StartLimitInterval=/StartLimitBurst= rate limiter will be changed to be applied after any start conditions checks are made. This way, there are two separate rate limiters enforced: one at triggering time, before any jobs are queued with this patch, as well as the start limit that is moved again to be run immediately before the unit is activated. Condition checks are done in between the two, and thus no longer affect the start limit.
2016-04-29man: document that RemainAfterExit= doesn't make much sense for repetitive ↵Lennart Poettering
timers Fixes #3122
2016-04-29networkd: clean up DUID code a bitLennart Poettering
Let's move DUID configuration into the [DHCP] section, since it only makes sense in a DHCP context, and should be close to the configuration of ClientIdentifier= and suchlike. This really shouldn't be a section of its own, we don't have any for any of our other per-protocol specific identifiers... Follow-up for #2890 #2943
2016-04-29man: minor wording fixesLennart Poettering
As suggested in: https://github.com/systemd/systemd/pull/3124#discussion_r61068789
2016-04-26core: set start job timeout from the kernel commandline (#3112)tblume
Add the boot parameter: systemd.default_timeout_start_sec to allow modification of the default start job timeout at boot time.
2016-04-26Merge pull request #3124 from poettering/small-journal-fixesZbigniew Jędrzejewski-Szmek
2016-04-26Revert "smaller journal fixes (#3124)"Zbigniew Jędrzejewski-Szmek
This reverts commit 6e3930c40f3379b7123e505a71ba4cd6db6c372f. Merge got squashed by mistake.
2016-04-26Merge pull request #3093 from poettering/nspawn-userns-magicLennart Poettering
nspawn automatic user namespaces
2016-04-26smaller journal fixes (#3124)Lennart Poettering
* sd-journal: detect earlier if we try to read an object from an invalid offset Specifically, detect early if we try to read from offset 0, i.e. are using uninitialized offset data. * journal: when dumping journal contents, react nicer to lines we can't read If journal files are not cleanly closed it might happen that intermediaery journal entries cannot be read. Handle this nicely, skip over the unreadable entries, and log a debug message about it; after all we generally follow the logic that we try to make the best of corrupted files. * journal-file: always generate the same error when encountering corrupted files Let's make sure EBADMSG is the one error we throw when we encounter corrupted data, so that we can neatly test for it. * journal-file: when iterating through a partly corruped journal file, treat error like EOF When we linearly iterate through a corrupted journal file, and we encounter a read error, don't consider this fatal, but merely as EOF condition (and log about it). * journal-file: make seeking in corrupted files work Previously, when we used a bisection table for seeking through a corrupted file, and the end of the bisection table was corrupted we'd most likely fail the entire seek operation. Improve the situation: if we encounter invalid entries in a bisection table, linearly go backwards until we find a working entry again. * man: elaborate on the automatic systemd-journald.socket service dependencies Fixes: #1603
2016-04-26man: elaborate on the automatic systemd-journald.socket service dependenciesLennart Poettering
Fixes: #1603
2016-04-25man: document the new by-fd journal callsLennart Poettering
Also, remove documentation for sd_journal_open_container() as we consider it deprecated now.
2016-04-25man: don't include history sections in man pagesLennart Poettering
I am pretty sure we shouldn't carry history sections in man pages, since it's very hard to keep them correctly updated, the current ones are very out-of-date, and they tend to make APIs appear unnecessarily complex.
2016-04-25nspawn: make -U a tiny bit smarterLennart Poettering
With this change -U will turn on user namespacing only if the kernel actually supports it and otherwise gracefully degrade to non-userns mode.
2016-04-25man: document the new user namespacing optionsLennart Poettering
2016-04-22man: document the default for systemd.timer's Persistent flag (#3099)Evgeny Vereshchagin
Closes #3096
2016-04-22man: don't claim systemd would connect stdout/stderr of daemons with /dev/nullLennart Poettering
2016-04-22journalctl: add --no-hostname switchLennart Poettering
This suppresses output of the hostname for messages from the local system. Fixes: #2342
2016-04-22journalctl: add output mode where time is shown in seconds since 1st Jan ↵Lennart Poettering
1970 UTC aka "UNIX time". Fixes: #2120
2016-04-22treewide: fix typos (#3092)Torstein Husebø
2016-04-22Merge pull request #3084 from keszybz/preset-fixesLennart Poettering
Nicer error message is symlinking chokes on an existing file
2016-04-21tree-wide: use mdash instead of a two minusesZbigniew Jędrzejewski-Szmek
2016-04-21man: document size param of sd_journal_add_matchZbigniew Jędrzejewski-Szmek
Fixes #1724.
2016-04-21systemctl,pid1: do not warn about missing install info with "preset"Zbigniew Jędrzejewski-Szmek
When "preset" was executed for a unit without install info, we'd warn similarly as for "enable" and "disable". But "preset" is usually called for all units, because the preset files are provided by the distribution, and the units are under control of individual programs, and it's reasonable to call "preset" for all units rather then try to do it only for the ones that can be installed. We also don't warn about missing info for "preset-all". Thus it seems reasonable to silently ignore units w/o install info when presetting. (In addition, when more than one unit was specified, we'd issue the warning only if none of them had install info. But this is probably something to fix for enable/disable too.)
2016-04-21Merge pull request #3005 from keszybz/kill-user-procesesLennart Poettering
Kill user session scope by default
2016-04-21logind: make KillOnlyUsers override KillUserProcessesZbigniew Jędrzejewski-Szmek
Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be used to specify users to kill, independently of the KillUserProcesses setting. Having the settings orthogonal seems to make more sense. It also makes KillOnlyUsers symmetrical to KillExcludeUsers.
2016-04-21logind: flip KillUserProcesses to on by defaultZbigniew Jędrzejewski-Szmek
This ensures that users sessions are properly cleaned up after. The admin can still enable or disable linger for specific users to allow them to run processes after they log out. Doing that through the user session is much cleaner and provides better control. dbus daemon can now be run in the user session (with --enable-user-session, added in 1.10.2), and most distributions opted to pick this configuration. In the normal case it makes a lot of sense to kill remaining processes. The exception is stuff like screen and tmux. But it's easy enough to work around, a simple example was added to the man page in previous commit. In the long run those services should integrate with the systemd users session on their own. https://bugs.freedesktop.org/show_bug.cgi?id=94508 https://github.com/systemd/systemd/issues/2900
2016-04-21man: expand description of lingering and KillUserProcesses settingZbigniew Jędrzejewski-Szmek
The description in the man page was wrong, KillUserProcesses does not kill all processes of the user. Describe what the setting does, and also add links between the relavant sections of the manual. Also, add an extensive example which shows how to launch screen in the background.
2016-04-21man: reformat examples using <example>Zbigniew Jędrzejewski-Szmek
2016-04-20networkd: bump MTU to 1280 for interfaces which have IPv6 enabled (#3077)Susant Sahani
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface. This fixes #3046. Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled. Introduce network_has_static_ipv6_addresses() to find out if any static ipv6 address configured. If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static IPv6 addresses not configured, then IPv6 will be automatically disabled for that interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
2016-04-20tmpfiles: add new 'e' action which cleans up a dir without creating itZbigniew Jędrzejewski-Szmek
I wanted to add a config line that would empty a directory without creating it if doesn't exist. Existing actions don't allow this. v2: properly add 'e' to needs_glob() and takes_ownership()
2016-04-20man: try to explain different actions in tmpfiles a bit betterZbigniew Jędrzejewski-Szmek
- do not suggest that vendor configuration files should be in /etc, use /usr/lib/tmpfiles.d instead - split the first example, because the text talked about "needing two directories", but then a smack attribute was also set, and on a different path, which looked like a typo. Replace that with the example from original patch [1] which added 't'. - fix the example for /var/tmp/abrt. The 'x' line was redundant, because /var/tmp/abrt/* is already filtered because "d /var/tmp/abrt" overrides "d /var/tmp". [1] http://permalink.gmane.org/gmane.comp.sysutils.systemd.devel/25051
2016-04-20tmpfiles: interpret "-" as stdinZbigniew Jędrzejewski-Szmek