Age | Commit message (Collapse) | Author |
|
|
|
peers
This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.
|
|
Commit 4a77ca7 was an attempt at fixing the wording of --after and --before,
but the new wording was unclear.
Split the combined --after/--before section into a separate section for
each, explicitly state what each option does, and add information about
how these lists are generated.
Reported-by: Andrey Borzenkov <arvidjaar@gmail.com>
Reported-by: Lennart Poettering <lennart@poettering.net>
|
|
Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd
server on those two ports, in http and https modes respectively.
As before, --listen-http=3 --listen-https=4 will launch µhttpd servers
on ports 3 and 4.
|
|
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.
Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.
The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
|
|
|
|
addition to the host
|
|
This will let journald forward logs as messages sent to all logged in
users (like wall).
Two options are added:
* ForwardToWall (default yes)
* MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.
This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
|
|
This makes it possible to initialize or cleanup an arbitrary filesystem
hierarchy in the same way that it would be during system boot.
|
|
|
|
|
|
This makes it possible to initialize the /etc/machine-id file on an
arbitrary filesystem hierarchy. This helps systems that wish to run
this at image creation time in a subdirectory, or from initramfs before
pivot-root is called.
[tomegun: converted to using _cleanup_free_ macros]
|
|
|
|
them fully log out
|
|
overall system state
Previously "systemctl status" without argument would print the status of
all loaded units. This has now been moved to "systemctl status -a".
|
|
"systemctl list-machines" shows one line per local container which
includes the current system state of the container, the number of failed
units as well as the number of currently queued jobs.
|
|
|
|
sd_bus_path_{encode,decode}()
The new calls work similarly, but enforce a that a common, fixed bus
path prefix is used.
This follows discussions with Simon McVittie on IRC that it should be a
good idea to make sure that people don't use the escaping applied here
too wildly as anything other than the last label of a bus path.
|
|
|
|
It was backward - --after fetches After property, so units shown really
come *before* unit given as argument. Same for --before.
|
|
As pointed out by Jason A. Donenfeld.
|
|
Discoverable Partitions Specification
|
|
|
|
'man/systemd.link.xml' recovery from:
commit eac684ef1c29684b1bcd27a89c38c202e568e469
Author: Tom Gundersen <teg@jklm.no>
Date: Tue Feb 25 19:30:40 2014 +0100
man: split out systemd.net{work,dev}(5) from systemd-networkd(8)
|
|
man page
|
|
marcosf0> missing comma in udevadm "see also" section
|
|
|
|
|
|
When run in an initrd and no root= argument is set (or is set to
root=gpt-auto) we will automatically look for the root partition on the
same disk the EFI ESP is located on.
Since we look for swap, /home and /srv on the disk the root partition is
located on, we hence have a fully discoverable chain:
Firmware discovers the EFI ESP partition → the initrd discovers the
root partition → the host OS discovers swap, /home, and /srv.
Note that this requires an EFI boot loader that sets the
LoaderDevicePartUUID EFI variable, such as Gummiboot.
|
|
Use the same formatting as the systemd-analyze man page, so that man shows a space.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1073402
|
|
|
|
|
|
--scope mode
|
|
|
|
for the unit that is created
The code for parsing these properties is shared with "systemctl
set-property", which means all the resource control settings are
immediately available.
|
|
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
|
|
|
|
Previously we expected the desktop environment to take an inhibitor
lock, but this opened a race on boot-up where logind might already be
running but no DE is active.
Hence, let's move checking for additional displays into logind. This
also opens up this logic for other DEs, given that only GNOME
implemented the inhibitor logic so far.
|
|
|
|
As discussed on the ML these are useful to manage runtime directories
below /run for services.
|
|
|
|
This partially reverts 41a55c46ab8fb4ef6727434227071321fc762cce
Some specifications we want to stay compatibility actually document
/var/run, not /run, and we should stay compatible with that. In order to
make sure our D-Bus implementation works on any system, regardless if
running systemd or not, we should always use /var/run which is the
only path mandated by the D-Bus spec.
Similar, glibc hardcodes the utmp location to /var/run, and this is
exposed in _UTMP_PATH in limits.h, hence let's stay in sync with this
public API, too.
We simply do not support systems where /var/run is not a symlink → /run.
Hence both are equivalent. Staying compatible with upstream
specifications hence weighs more than cleaning up superficial
appearance.
|
|
/run was already used almost everywhere, fix the remaining places
for consistency.
|
|
|
|
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
|
|
|
|
|
|
|
|
|