summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-08-03nspawn: deprecate --share-system supportLennart Poettering
This removes the --share-system switch: from the documentation, the --help text as well as the command line parsing. It's an ugly option, given that it kinda contradicts the whole concept of PID namespaces that nspawn implements. Since it's barely ever used, let's just deprecate it and remove it from the options. It might be useful as a debugging option, hence the functionality is kept around for now, exposed via an undocumented $SYSTEMD_NSPAWN_SHARE_SYSTEM environment variable.
2016-08-03Merge pull request #3828 from keszybz/drop-systemd-vconsole-setup-serviceLennart Poettering
Update documentation for systemd-vconsole-setup
2016-08-02socket: add support to control no. of connections from one source (#3607)Susant Sahani
Introduce MaxConnectionsPerSource= that is number of concurrent connections allowed per IP. RFE: 1939
2016-08-02units: add graphical-session-pre.target user unit (#3848)Martin Pitt
This complements graphical-session.target for services which set up the environment (e. g. dbus-update-activation-environment) and need to run before the actual graphical session.
2016-08-01virt: detect bhyve (FreeBSD hypervisor) (#3840)Leonardo Brondani Schenkel
The CPUID and DMI vendor strings do not seem to be documented. Values were found experimentally and by inspecting the source code.
2016-07-31man: move description of kernel vconsole.conf overrides to vconsole.conf(5)Zbigniew Jędrzejewski-Szmek
They were outdated, and this way it's less likely that they'll get out of sync again. Anyway, it's easier for the reader to have the kernel and config file options next to one another.
2016-07-31Merge pull request #3843 from maxime1986/minor-systemd.resource-controlZbigniew Jędrzejewski-Szmek
2016-07-31documentation: cgroup-v1 and systemd user instanceMaxime de Roucy
Explain in the systemd.resource-control man that systemd user instance can't use resource control on cgroup-v1.
2016-07-31documentation: add cgroup-v2.txt linkMaxime de Roucy
add cgroup-v2.txt link in section "Unified and Legacy Control Group Hierarchies" of systemd.resource-control man.
2016-07-28Merge pull request #3742 from msoltyspl/vconfix2Zbigniew Jędrzejewski-Szmek
vconsole-setup: updates & fixes V2
2016-07-27vconsole: update man pageMichal Soltys
- about namespace - about udev rules
2016-07-26journald: deprecate SplitMode=login (#3805)Zbigniew Jędrzejewski-Szmek
In this mode, messages from processes which are not part of the session land in the main journal file, and only output of processes which are properly part of the session land in the user's journal. This is confusing, in particular because systemd-coredump runs outside of the login session. "Deprecate" SplitMode=login by removing it from documentation, to discourage people from using it.
2016-07-25Merge pull request #3728 from poettering/dynamic-usersZbigniew Jędrzejewski-Szmek
2016-07-25Merge pull request #3757 from poettering/efi-searchZbigniew Jędrzejewski-Szmek
2016-07-25units: add graphical-session.target user unit (#3678)Martin Pitt
This unit acts as a dynamic "alias" target for any concrete graphical user session like gnome-session.target; these should declare "BindsTo=graphical-session.target" so that both targets stop and start at the same time. This allows services that run in a particular graphical user session (e. g. gnome-settings-daemon.service) to declare "PartOf=graphical-session.target" without having to know or get updated for all/new session types. This will ensure that stopping the graphical session will stop all services which are associated to it.
2016-07-25Merge pull request #3802 from poettering/id128-fixesZbigniew Jędrzejewski-Szmek
Id128 fixes and more
2016-07-25man: extend documentation on the SplitMode= setting (#3801)Lennart Poettering
Adressing https://github.com/systemd/systemd/issues/3755#issuecomment-234214273
2016-07-25man: minor man page fixLennart Poettering
Addressing: https://github.com/systemd/systemd/commit/b541146bf8c34aaaa9efcf58325f18da9253c4ec#commitcomment-17997074
2016-07-25Merge pull request #3798 from keszybz/news-and-man-tweaksLennart Poettering
News and man tweaks
2016-07-25core: change ExecStart=! syntax to ExecStart=+ (#3797)Lennart Poettering
As suggested by @mbiebl we already use the "!" special char in unit file assignments for negation, hence we should not use it in a different context for privileged execution. Let's use "+" instead.
2016-07-25man: use "search for unit"Zbigniew Jędrzejewski-Szmek
To "search something", in the meaning of looking for it, is valid, but "search _for_ something" is much more commonly used, especially when the meaning could be confused with "looking _through_ something" (for some other object). (C.f. "the police search a person", "the police search for a person".) Also reword the rest of the paragraph to avoid using "automatically" three times.
2016-07-25man: make chroot less prominent in discussion of nspawnZbigniew Jędrzejewski-Szmek
Not as many people use chroot as before, so make the flow a bit nicer by talking less about chroot. "change to the either" is awkward and unclear. Just remove that part, because all changes are lost, period.
2016-07-25man: update systemctl man page for unit file commands, in particular ↵Lennart Poettering
"systemctl enable" Clarify that "systemctl enable" can operate either on unit names or on unit file paths (also, adjust the --help text to clarify this). Say that "systemctl enable" on unit file paths also links the unit into the search path. Many other fixes. This should improve the documentation to avoid further confusion around #3706.
2016-07-22Merge pull request #3784 from poettering/NEWS-v231Zbigniew Jędrzejewski-Szmek
2016-07-22Merge pull request #3777 from poettering/id128-reworkZbigniew Jędrzejewski-Szmek
uuid/id128 code rework
2016-07-22man: rework resolved.conf's Cache= documentationLennart Poettering
Let's not mention the supposed security benefit of turning off caching. It is really questionnable, and I#d rather not create the impression that we actually believed turning off caching would be a good idea. Instead, mention that Cache=no is implicit if a DNS server on the local host is used.
2016-07-22nss: add new "nss-systemd" NSS module for mapping dynamic usersLennart Poettering
With this NSS module all dynamic service users will be resolvable via NSS like any real user.
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a ↵Lennart Poettering
service is running This adds a new boolean setting DynamicUser= to service files. If set, a new user will be allocated dynamically when the unit is started, and released when it is stopped. The user ID is allocated from the range 61184..65519. The user will not be added to /etc/passwd (but an NSS module to be added later should make it show up in getent passwd). For now, care should be taken that the service writes no files to disk, since this might result in files owned by UIDs that might get assigned dynamically to a different service later on. Later patches will tighten sandboxing in order to ensure that this cannot happen, except for a few selected directories. A simple way to test this is: systemd-run -p DynamicUser=1 /bin/sleep 99999
2016-07-22core: change TasksMax= default for system services to 15%Lennart Poettering
As it turns out 512 is max number of tasks per service is hit by too many applications, hence let's bump it a bit, and make it relative to the system's maximum number of PIDs. With this change the new default is 15%. At the kernel's default pids_max value of 32768 this translates to 4915. At machined's default TasksMax= setting of 16384 this translates to 2457. Why 15%? Because it sounds like a round number and is close enough to 4096 which I was going for, i.e. an eight-fold increase over the old 512 Summary: | on the host | in a container old default | 512 | 512 new default | 4915 | 2457
2016-07-22logind: change TasksMax= value for user logins to 33%Lennart Poettering
Let's change from a fixed value of 12288 tasks per user to a relative value of 33%, which with the kernel's default of 32768 translates to 10813. This is a slight decrease of the limit, for no other reason than "33%" sounding like a nice round number that is close enough to 12288 (which would translate to 37.5%). (Well, it also has the nice effect of still leaving a bit of room in the PID space if there are 3 cooperating evil users that try to consume all PIDs... Also, I like my bikesheds blue). Since the new value is taken relative, and machined's TasksMax= setting defaults to 16384, 33% inside of containers is usually equivalent to 5406, which should still be ample space. To summarize: | on the host | in the container old default | 12288 | 12288 new default | 10813 | 5406
2016-07-22core: support percentage specifications on TasksMax=Lennart Poettering
This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-22machine-id-setup: add new --print switchLennart Poettering
If specified we'll simply output the used machine ID.
2016-07-22sd-id128: handle NULL return parameter in sd_id128_from_string() nicerLennart Poettering
If the return parameter is NULL, simply validate the string, and return no error.
2016-07-21man: add missing whitespace to bootctl command linesLennart Poettering
2016-07-21man: use <filename> in bootctl man page where appropriateLennart Poettering
2016-07-21bootctl: rework to use common verbs parsing, and add searching of ESP pathLennart Poettering
This rearranges bootctl a bit, so that it uses the usual verbs parsing routines, and automatically searches the ESP in /boot, /efi or /boot/efi, thus increasing compatibility with mainstream distros that insist on /boot/efi. This also adds minimal support for running bootctl in a container environment: when run inside a container verification of the ESP via raw block device access, trusting the container manager to mount the ESP correctly. Moreover, EFI variables are not accessed when running in the container.
2016-07-21gpt-generator: use /efi as mount point for the ESP if it existsLennart Poettering
Let's make the EFI generator a bit smarter: if /efi exists it is used as mount point for the ESP, otherwise /boot is used. This should increase compatibility with distros which use legacy boot loaders that insist on having /boot as something that isn't the ESP.
2016-07-21Merge pull request #3770 from AlexanderKurtz/masterLennart Poettering
bootctl: Always use upper case for "/EFI/BOOT" and "/EFI/BOOT/BOOT*.EFI".
2016-07-21bootctl: Always use upper case for "/EFI/BOOT" and "/EFI/BOOT/BOOT*.EFI".Alexander Kurtz
If the ESP is not mounted with "iocharset=ascii", but with "iocharset=utf8" (which is for example the default in Debian), the file system becomes case sensitive. This means that a file created as "FooBarBaz" cannot be accessed as "foobarbaz" since those are then considered different files. Moreover, a file created as "FooBar" can then also not be accessed as "foobar", and it also prevents such a file from being created, as both would use the same 8.3 short name "FOOBAR". Even though the UEFI specification [0] does give the canonical spelling for the files mentioned above, not all implementations completely conform to that, so it's possible that those files would already exist, but with a different spelling, causing subtle bugs when scanning or modifying the ESP. While the proper fix would of course be that everybody conformed to the standard, we can work around this problem by just referencing the files by their 8.3 short names, i.e. using upper case. Fixes: #3740 [0] <http://www.uefi.org/specifications>, version 2.6, section 3.5.1.1
2016-07-20man: document a tiny bit better what udev_device_get_is_initialized() ↵Lennart Poettering
actually returns
2016-07-19man: revise entry about specifying a file path (#3739)mulkieran
* Specifying a device node has an effect much larger than a simple shortcut for a field/value match, so the original sentence is no longer a good way to start the paragraph. * Specifying a device node causes matches to be generated for all ancestor devices of the device specified, not just its parents. * Indicates that the path must be absolute, but that it may be a link. * Eliminates a few typos.
2016-07-19man: mention that locale changes might require initramfs to be rebuilt (#3754)Zbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1151651 Also explain what localectl does a bit better: https://bugzilla.redhat.com/show_bug.cgi?id=1357861
2016-07-19Merge pull request #3685 from kinvolk/alessandro/inaccessible-pathsLennart Poettering
namespace: unify limit behavior on non-directory paths
2016-07-19sd-journal: suppress empty linesLennart Poettering
Let's make sure our logging APIs is in sync with how stdout/stderr logging works.
2016-07-19doc,core: Read{Write,Only}Paths= and InaccessiblePaths=Alessandro Puccetti
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories= to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept as aliases but they are not advertised in the documentation. Renamed variables: `read_write_dirs` --> `read_write_paths` `read_only_dirs` --> `read_only_paths` `inaccessible_dirs` --> `inaccessible_paths`
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
2016-07-19man: document that sd_journal_print() strips trailing whitespaceLennart Poettering
2016-07-18Merge pull request #3746 from keszybz/trivial-fixesDaniel Mack
Trivial fixes
2016-07-17Drop parentheses in two placesZbigniew Jędrzejewski-Szmek
2016-07-16man: mention system-shutdown hook directory in synopsis (#3741)Michael Biebl
The distinction between systemd-shutdown the binary vs system-shutdown the hook directory (without the 'd') is not immediately obvious and can be quite confusing if you are looking for a directory which doesn't exist. Therefore explicitly mention the hook directory in the synopsis with a trailing slash to make it clearer which is which.