Age | Commit message (Collapse) | Author |
|
We check /etc/machine-id of the container and if it is already populated
we use value from there, possibly ignoring value of --uuid option from
the command line. When dealing with R/O image we setup transient machine
id.
Once we determined machine id of the container, we use this value for
registration with systemd-machined and we also export it via
container_uuid environment variable.
As registration with systemd-machined is done by the main nspawn process
we communicate container machine id established by setup_machine_id from
outer child to the main process by unix domain socket. Similarly to PID
of inner child.
|
|
DHCP DUID parsing fix, logging fix, man-page fix
|
|
|
|
Man coredump sysctl
|
|
Add `--value` option to systemctl and loginctl to only print values
|
|
|
|
Added in 3c171f0b1e.
|
|
|
|
This recently moved from /cgroups/ to /cgroup-v1/.
Fixes #2958
|
|
|
|
1. Replace strtol with unhexchar, verified with valid and invalid DUID strings.
2. Fix logging to use log_syntax instead of log_error.
3. On error reading DUID, ignore read and preserve previous state.
4. Fix man-pages to use markup, remove options not yet implemented.
5. Remove spurious header line in new files.
|
|
|
|
With this option, systemctl will only print the rhs in show:
$ systemctl show -p Wants,After systemd-journald --value
systemd-journald.socket ...
systemd-journald-dev-log.socket ...
This is useful in scripts, because the need to call awk or similar
is removed.
|
|
*.localdomain != localhost
|
|
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any
product expecting *.localdomain to resolve to localhost, however I am aware of
at least one product that defaults to ".localdomain" as its DNS suffix provided
via DHCP (pfSense). This leads to unexpected results when attempting to access
a host that's offline (or a host that's online, when nsswitch.conf is
[mis-]configured to have myhostname ahead of DNS).
Operate on:
localhost (and localhost.)
*.localhost (and *.localhost.)
localhost.localdomain (and localhost.localdomain.)
*.localhost.localdomain (and *.localhost.localdomain.)
We should not cover:
*.localdomain (nor *.localdomain.)
localdomain (nor localdomain.)
|
|
Offline updates man page
|
|
In 110ceee58e5bc796c03a7db2109f85a999d5bc2e we removed the period after
printing the started units. This makes copying the unit name easier but
results in improper English.
This adds a colon before printing the units, which makes the output
look better.
|
|
Most of the changes are already implemented in dnf-system-upgrade.service
and packagekit-offline-update.service, so this update mostly changes the
documentation to match status quo.
|
|
Also fixes option name (s/--path/--prefix/).
|
|
Fixes #2901.
|
|
|
|
|
|
|
|
|
|
If you start a unit with systemd-run you usually need its name to
inspect it or stop it. Removing the period makes copying the unit name
easier.
|
|
|
|
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
|
|
|
|
This imports most of http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/
to turn it into a man page. Similarly for the man page about generators,
this will make it easier to keep up-to-date, keep a history of changes,
and make it more discoverable for end-users.
|
|
Signed-off-by: Petros Angelatos <petrosagg@gmail.com>
|
|
|
|
|
|
systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
|
|
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
|
|
|
|
man: clarify unit ordering language
|
|
|
|
Remove systemd-bootchart
|
|
|
|
|
|
So far we recommended placing "nss-mymachines" after "nss-resolve" in the order
of preference in /etc/nsswitch.conf. This change reverse this order.
Rationale: single-label names are resolved via LLMNR by resolved, which has to
time out if no peer by that name exists. By placing "nss-mymachines" first
(which always responds immediately) we avoid running into this timeout for most
containers. Both modules should return the same data if LLMNR is used by the
container anyway.
While we are at it, improve the man pages of the three NSS modules in other
ways a bit.
|
|
Networkctl prettification
|
|
|
|
Better to use the mirror manager and https.
|
|
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
|
|
network: minor manpage clarifications
|
|
udevadm test-builtin can be very useful for testing .link files, so add a reference.
Addresses issue #2406.
|
|
Make it clear that we are talking of links (in the sense used in networkd) and not ports.
Addresses issue #964.
|
|
Enabling router advertisement may even trigger SLAAC or DHCPv6 to be used to configure
IPv6 addresses on the link. It may not be obvious that only in the SLAAC case will the
Token have an effect. Clarify this in the man page.
Addresses issue #863.
|
|
Among other fixes, add information about more architectures that are supported
these days.
|