summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2014-02-04Add SELinux support to systemd-nspawnDan Walsh
This patch adds to new options: -Z PROCESS_LABEL This specifies the process label to run on processes run within the container. -L FILE_LABEL The file label to assign to memory file systems created within the container. For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
2014-01-30networkd: dhcpv4 - add notion of 'CriticalConnection'Tom Gundersen
These connections are never torn down, even when the DHCP specifications say that they should be. This is useful/necessary when the rootfs (or another critical fs) is mounted over this network connection, and dataloss would result if the connection is lost. This option defaults to off, but our initrd generator (TBD) will enable it when applicable.
2014-01-29core: introduce new KillMode=mixed which sends SIGTERM only to the main ↵Lennart Poettering
process, but SIGKILL to all daemon processes This should fix some race with terminating systemd --user, where the system systemd instance might race against the user systemd instance when sending SIGTERM.
2014-01-28man: remove erroneous history sectionZbigniew Jędrzejewski-Szmek
2014-01-27manager: add systemd.show_status=auto modeZbigniew Jędrzejewski-Szmek
When set to auto, status will shown when the first ephemeral message is shown (a job has been running for five seconds). Then until the boot or shutdown ends, status messages will be shown. No indication about the switch is done: I think it should be clear for the user that first the cylon eye and the ephemeral messages appear, and afterwards messages are displayed. The initial arming of the event source was still wrong, but now should really be fixed.
2014-01-27journal: guarantee async-signal-safety in sd_journald_sendvZbigniew Jędrzejewski-Szmek
signal(7) provides a list of functions which may be called from a signal handler. Other functions, which only call those functions and don't access global memory and are reentrant are also safe. sd_j_sendv was mostly OK, but would call mkostemp and writev in a fallback path, which are unsafe. Being able to call sd_j_sendv in a async-signal-safe way is important because it allows it be used in signal handlers. Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an open-coded writev replacement which uses write. Unfortunately, O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is unavailable, an open-coded mkostemp is used. https://bugzilla.gnome.org/show_bug.cgi?id=722889
2014-01-26cryptsetup: Support key-slot optionChristian Seiler
Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-25networkd: add basic VLAN supportTom Gundersen
2014-01-22networkd: add basic bonding supportTom Gundersen
Refactor bridging support to be generic netdev support and extend it to cover bonding as well.
2014-01-22man: document message timestamping/sequence number APILennart Poettering
2014-01-20exec: introduce PrivateDevices= switch to provide services with a private /devLennart Poettering
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that sets up a private /dev with only the API pseudo-devices like /dev/null, /dev/zero, /dev/random, but not any physical devices in them.
2014-01-18networkd: dhcp - by default ignore the MTUTom Gundersen
2014-01-16sd-dhcp-client/networkd: add transient hostname supportTom Gundersen
2014-01-16sd-dhcp-client/networkd: add interface MTU supportTom Gundersen
2014-01-15systemctl: introduce new "import-environment" commandLennart Poettering
This may be used in graphical session start-up scripts to upload environment variables such as $DISPLAY into the systemd manager easily.
2014-01-13networkd: DHCPv4 - allow opting out of using DNS serversTom Gundersen
Setting UseDNS=no will ignore any received DNS servers.
2014-01-13libsystemd-bus: rename to libsystemdTom Gundersen
Documentation was updated to refer to either 'libsystemd' or 'sd-bus' in place of libsystemd-bus.
2014-01-11man: add busctl(1)Zbigniew Jędrzejewski-Szmek
2014-01-11journald: do not free space when disk space runs lowZbigniew Jędrzejewski-Szmek
Before, journald would remove journal files until both MaxUse= and KeepFree= settings would be satisfied. The first one depends (if set automatically) on the size of the file system and is constant. But the second one depends on current use of the file system, and a spike in disk usage would cause journald to delete journal files, trying to reach usage which would leave 15% of the disk free. This behaviour is surprising for the user who doesn't expect his logs to be purged when disk usage goes above 85%, which on a large disk could be some gigabytes from being full. In addition attempting to keep 15% free provides an attack vector where filling the disk sufficiently disposes of almost all logs. Instead, obey KeepFree= only as a limit on adding additional files. When replacing old files with new, ignore KeepFree=. This means that if journal disk usage reached some high point that at some later point start to violate the KeepFree= constraint, journald will not add files to go above this point, but it will stay (slightly) below it. When journald is restarted, it forgets the previous maximum usage value, and sets the limit based on the current usage, so if disk remains to be filled, journald might use one journal-file-size less on each restart, if restarts happen just after rotation. This seems like a reasonable compromise between implementation complexity and robustness.
2014-01-11journalctl: allow globbing in --unit and --user-unitZbigniew Jędrzejewski-Szmek
This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2014-01-10man: clarify sd_bus_e_get_errno with NULL argZbigniew Jędrzejewski-Szmek
2014-01-09man: mention which variables will be expanded in ExecStartZbigniew Jędrzejewski-Szmek
2014-01-07man: document label escaping functionsZbigniew Jędrzejewski-Szmek
2014-01-07man: fix bogus description of sd_bus_creds_has_*_capZbigniew Jędrzejewski-Szmek
2014-01-07man: document sd-bus error functionsZbigniew Jędrzejewski-Szmek
2014-01-05man: document some more bus functionsZbigniew Jędrzejewski-Szmek
2014-01-05networkd: refuse to use .network files with missing Address/Gateway keyTom Gundersen
These keys are mandatory in [Address]/[Route] sections. Otherwise, we hit an assert: ens3: setting addresses Assertion 'address->family == 2 || address->family == 10' failed at /build/amd64-generic/tmp/portage/sys-apps/systemd-9999-r1/work/systemd-9999/src/network/networkd-address.c:137, function address_configure(). Aborting. Reported-by: Alex Polvi <alex.polvi@coreos.com> At the same time make sure Route's Destination and Gateway uses the same address family.
2014-01-04man: typo fixThomas Hindoe Paaboel Andersen
2014-01-04Revert "net-util: add support for Type=ethernet"Tom Gundersen
This reverts commit 4cd1214db6cf4b262e8ce6381bc710091b375c96. This may still be fixed in the kernel, revert this for now until we see how it all shakes out.
2014-01-04man: document a batch of bus functionsZbigniew Jędrzejewski-Szmek
2014-01-03man: networkd - document DHCP optionTom Gundersen
2014-01-03net-util: add support for Type=ethernetTom Gundersen
When DEVTYPE is not set for a nic, it means it is a wired/ethernet device.
2013-12-30tmpfiles: rename --unsafe to --bootZbigniew Jędrzejewski-Szmek
As suggested by Kay, it is better to describe what is done, not what might happen.
2013-12-30man: expand on some more subtle points in systemd.socket(5)Zbigniew Jędrzejewski-Szmek
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727708#1694
2013-12-30acticate: rename --environment to --setenvZbigniew Jędrzejewski-Szmek
Nspawn has --setenv, and systemd itself accepts systemd.setenv. It is nice to have the same parameter name everywhere. Old name is accepted, but not advertised.
2013-12-27man: include autoconf snippet in daemon(7)Michał Górny
https://bugs.freedesktop.org/show_bug.cgi?id=40446
2013-12-27man: add a note about propagating signalsZbigniew Jędrzejewski-Szmek
2013-12-27man: fix Type= reference v2Zbigniew Jędrzejewski-Szmek
grawity: It looks like the old version _was_ correct – the default value will be "Type=dbus" if the service has a BusName set. Suggested change: "if neither Type= nor BusName= is specified"
2013-12-26man: fix Type= referenceMarcos Felipe Rasia de Mello
Simple man page fix attached. -- Marcos From 268d10a2f8769fd1dcb9440670af15ac02c5df89 Mon Sep 17 00:00:00 2001 From: Marcos Mello <marcosfrm@gmail.com> Date: Thu, 26 Dec 2013 17:19:04 -0200 Subject: [PATCH 1/1] man: fix Type= reference
2013-12-26systemctl: allow globbing in commands which take multiple unit namesZbigniew Jędrzejewski-Szmek
2013-12-26man: fix description of is-enabled returned valueZbigniew Jędrzejewski-Szmek
2013-12-25man: document fail/nofail, auto/noautoZbigniew Jędrzejewski-Szmek
Also s/filesystem/file system/ in a few places.
2013-12-25man: grammar and wording improvementsJan Engelhardt
This is a recurring submission and includes corrections to: - missing words, preposition choice. - change of /lib to /usr/lib, because that is what most distros are using as the system-wide location for systemd/udev files.
2013-12-25man: improvements to comma placementJan Engelhardt
This is a recurring submission and includes corrections to: comma placement.
2013-12-25man: resolve word omissionsJan Engelhardt
This is a recurring submission and includes corrections to: word omissions and word class choice.
2013-12-25man: add missing sd_bus_message_get_cookie man page fieLennart Poettering
2013-12-25man: document sd_bus_message_get_cookie()Lennart Poettering
2013-12-24tmpfiles: introduce the concept of unsafe operationsZbigniew Jędrzejewski-Szmek
Various operations done by systemd-tmpfiles may only be safely done at boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin). Other operations may be done at any point in time (e.g. setting the ownership on /{run,var}/log/journal). This distinction is largely orthogonal to the type of operation. A new switch --unsafe is added, and operations which should only be executed during bootup are marked with an exclamation mark in the configuration files. systemd-tmpfiles.service is modified to use this switch, and guards are added so it is hard to re-start it by mistake. If we install a new version of systemd, we actually want to enforce some changes to tmpfiles configuration immediately. This should now be possible to do safely, so distribution packages can be modified to execute the "safe" subset at package installation time. /run/nologin creation is split out into a separate service, to make it easy to override. https://bugzilla.redhat.com/show_bug.cgi?id=1043212 https://bugzilla.redhat.com/show_bug.cgi?id=1045849
2013-12-24man,units: tmpfiles.d(5) cleanupZbigniew Jędrzejewski-Szmek
Condition for /lib (necessary for split /usr) was missing from the unit. Some changes which were done in tmpfiles.d(5) were not carried over to systemd-tmpfiles(1). Also use markup where possible.
2013-12-22delta: if prefix is specified, only show overrides thereZbigniew Jędrzejewski-Szmek
systemd-delta /run/systemd/system will show all unit overrides in /run, etc.