summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-05-15namespace: Make private /dev noexec and readonly (#3263)topimiettinen
Private /dev will not be managed by udev or others, so we can make it noexec and readonly after we have made all device nodes. As /dev/shm needs to be writable, we can't use bind_remount_recursive().
2016-05-15/var/tmp instead of /tmp/var in systemd.unit man page (#3262)gdamjan
2016-05-15man: fix typo (#3261)Andre Klärner
2016-05-15networkd: bridge add support to configure multicast snooping (#3223)Susant Sahani
This patch implements support for the IFLA_BR_MCAST_SNOOPING attribute it can change the multicast snooping value. IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic between hosts and multicast routers.
2016-05-12Create initrd-root-device.target synchronization point (#3239)Daniel Drake
Add a synchronization point so that custom initramfs units can run after the root device becomes available, before it is fsck'd and mounted. This is useful for custom initramfs units that may modify the root disk partition table, where the root device is not known in advance (it's dynamically selected by the generators).
2016-05-10man: document the nfs mount option bg as unsupported (#3231)tblume
The nfs mount option bg will not be supported with systemd. Reasons are discussed here: https://github.com/systemd/systemd/pull/3169
2016-05-09networkd: reworkd LLDP emission to allow control of propagation levelLennart Poettering
This allows selecting the propagation level of emitted LLDP packets (specifically: the destination MAC address of the packets). This is useful because it allows generating LLDP packets that optionally cross certain types of bridges. See 802.11ab-2009, Table 7-1 for details.
2016-05-09man: add documentation for the new --network-zone= concept of nspawnLennart Poettering
2016-05-09man: document that nspawn's host0 and ve-* interfaces have default config in ↵Lennart Poettering
networkd
2016-05-06man: link the part about [DHCP] to the DHCP= explanationLennart Poettering
2016-05-06man: move IPv6 note to the right sectionLennart Poettering
Make the XML validate again.
2016-05-06networkd: move the IAID configuration option into the [DHCP] sectionLennart Poettering
It's only relevant to DHCP, and it should be where the DUID is configured too.
2016-05-05Merge pull request #3190 from poettering/logind-fixesZbigniew Jędrzejewski-Szmek
2016-05-05logind: enforce a limit on inhibitors we hand outLennart Poettering
For similar reasons as the recent addition of a limit on sessions. Note that we don't enforce a limit on inhibitors per-user currently, but there's an implicit one, since each inhibitor takes up one fd, and fds are limited via RLIMIT_NOFILE, and the limit on the number of processes per user.
2016-05-05logind: enforce a limit on current user sessionsLennart Poettering
We really should put limits on all resources we manage, hence add one to the number of concurrent sessions, too. This was previously unbounded, hence set a relatively high limit of 8K by default. Note that most PAM setups will actually invoke pam_systemd prefixed with "-", so that the return code of pam_systemd is ignored, and the login attempt succeeds anyway. On systems like this the session will be created but is not tracked by systemd.
2016-05-05core: change default trigger limits for socket unitsLennart Poettering
Let's lower the default values a bit, and pick different defaults for Accept=yes and Accept=no sockets. Fixes: #3167
2016-05-04Merge pull request #3156 from keszybz/duid-settingsLennart Poettering
Rework DUID setting
2016-05-04Merge pull request #3170 from poettering/v230-preparation-fixesLennart Poettering
make virtualization detection quieter, rework unit start limit logic, detect unit file drop-in changes correctly, fix autofs state propagation
2016-05-03networkd: Add support to configure IPv6 preferred lifetime (#3102)Susant Sahani
Closes #2166. We only allow 0, infinity and forever. infinity and forever is same.
2016-05-03Merge pull request #3132 from ssahani/route-tableZbigniew Jędrzejewski-Szmek
networkd: add support to set route table
2016-05-03networkd: add support to set route tableSusant Sahani
networkd: add support to set route table 1. add support to configure the table id. if id is less than 256 we can fit this in the header of route as netlink property is a char. But in kernel this proepty is a unsigned 32. Hence if greater that 256 add this as RTA_TABLE attribute. 2. we are not setting the address family now. Now set this property.
2016-05-03man: add a description of DUIDType and DUIDRawDataZbigniew Jędrzejewski-Szmek
This is essentially a revert of f38e0cce75ff2ffbd99f7e382ed39c160bb7d799 (which removed the documentation of DUIDType on purpose). The description is heavily updated for the new semantics. This addresses #3127 § 4.
2016-05-03man: s/similar/similarly/Zbigniew Jędrzejewski-Szmek
2016-05-03man: rename TriggerLimitIntervalBurst to TriggerLimitBurst (#3181)Evgeny Vereshchagin
[/etc/systemd/system/test.socket:2] Unknown lvalue 'TriggerLimitIntervalBurst' in section 'Socket' Follow-up for 8b26cdbd2a94
2016-05-02Merge pull request #3153 from poettering/async-cloneZbigniew Jędrzejewski-Szmek
machined: make "clone" asynchronous, and support copy-based fall-back
2016-05-02core: move enforcement of the start limit into per-unit-type code againLennart Poettering
Let's move the enforcement of the per-unit start limit from unit.c into the type-specific files again. For unit types that know a concept of "result" codes this allows us to hook up the start limit condition to it with an explicit result code. Also, this makes sure that the state checks in clal like service_start() may be done before the start limit is checked, as the start limit really should be checked last, right before everything has been verified to be in order. The generic start limit logic is left in unit.c, but the invocation of it is moved into the per-type files, in the various xyz_start() functions, so that they may place the check at the right location. Note that this change drops the enforcement entirely from device, slice, target and scope units, since these unit types generally may not fail activation, or may only be activated a single time. This is also documented now. Note that restores the "start-limit-hit" result code that existed before 6bf0f408e4833152197fb38fb10a9989c89f3a59 already in the service code. However, it's not introduced for all units that have a result code concept. Fixes #3166.
2016-05-02man: slightly extend the machinectl clone documentationLennart Poettering
2016-04-30Merge pull request #3152 from poettering/aliasfixZbigniew Jędrzejewski-Szmek
Refuse aliases to non-aliasable units in more places Fixes #2730.
2016-04-29Merge pull request #3151 from keszybz/pr3149-2Zbigniew Jędrzejewski-Szmek
Assorted fixes #3149 + one commit tacked on top
2016-04-29man: document that some unit types do not support unit aliases via symlinksLennart Poettering
2016-04-29core: make parsing of RLIMIT_NICE aware of actual nice levelsLennart Poettering
2016-04-29core: rename StartLimitInterval= to StartLimitIntervalSec=Lennart Poettering
We generally follow the rule that for time settings we suffix the setting name with "Sec" to indicate the default unit if none is specified. The only exception was the rate limiting interval settings. Fix this, and keep the old names for compatibility. Do the same for journald's RateLimitInterval= setting
2016-04-29core: move start ratelimiting check after condition checksLennart Poettering
With #2564 unit start rate limiting was moved from after the condition checks are to before they are made, in an attempt to fix #2467. This however resulted in #2684. However, with a previous commit a concept of per socket unit trigger rate limiting has been added, to fix #2467 more comprehensively, hence the start limit can be moved after the condition checks again, thus fixing #2684. Fixes: #2684
2016-04-29core: introduce activation rate limiting for socket unitsLennart Poettering
This adds two new settings TriggerLimitIntervalSec= and TriggerLimitBurst= that define a rate limit for activation of socket units. When the limit is hit, the socket is is put into a failure mode. This is an alternative fix for #2467, since the original fix resulted in issue #2684. In a later commit the StartLimitInterval=/StartLimitBurst= rate limiter will be changed to be applied after any start conditions checks are made. This way, there are two separate rate limiters enforced: one at triggering time, before any jobs are queued with this patch, as well as the start limit that is moved again to be run immediately before the unit is activated. Condition checks are done in between the two, and thus no longer affect the start limit.
2016-04-29man: document that RemainAfterExit= doesn't make much sense for repetitive ↵Lennart Poettering
timers Fixes #3122
2016-04-29networkd: clean up DUID code a bitLennart Poettering
Let's move DUID configuration into the [DHCP] section, since it only makes sense in a DHCP context, and should be close to the configuration of ClientIdentifier= and suchlike. This really shouldn't be a section of its own, we don't have any for any of our other per-protocol specific identifiers... Follow-up for #2890 #2943
2016-04-29man: minor wording fixesLennart Poettering
As suggested in: https://github.com/systemd/systemd/pull/3124#discussion_r61068789
2016-04-26core: set start job timeout from the kernel commandline (#3112)tblume
Add the boot parameter: systemd.default_timeout_start_sec to allow modification of the default start job timeout at boot time.
2016-04-26Merge pull request #3124 from poettering/small-journal-fixesZbigniew Jędrzejewski-Szmek
2016-04-26Revert "smaller journal fixes (#3124)"Zbigniew Jędrzejewski-Szmek
This reverts commit 6e3930c40f3379b7123e505a71ba4cd6db6c372f. Merge got squashed by mistake.
2016-04-26Merge pull request #3093 from poettering/nspawn-userns-magicLennart Poettering
nspawn automatic user namespaces
2016-04-26smaller journal fixes (#3124)Lennart Poettering
* sd-journal: detect earlier if we try to read an object from an invalid offset Specifically, detect early if we try to read from offset 0, i.e. are using uninitialized offset data. * journal: when dumping journal contents, react nicer to lines we can't read If journal files are not cleanly closed it might happen that intermediaery journal entries cannot be read. Handle this nicely, skip over the unreadable entries, and log a debug message about it; after all we generally follow the logic that we try to make the best of corrupted files. * journal-file: always generate the same error when encountering corrupted files Let's make sure EBADMSG is the one error we throw when we encounter corrupted data, so that we can neatly test for it. * journal-file: when iterating through a partly corruped journal file, treat error like EOF When we linearly iterate through a corrupted journal file, and we encounter a read error, don't consider this fatal, but merely as EOF condition (and log about it). * journal-file: make seeking in corrupted files work Previously, when we used a bisection table for seeking through a corrupted file, and the end of the bisection table was corrupted we'd most likely fail the entire seek operation. Improve the situation: if we encounter invalid entries in a bisection table, linearly go backwards until we find a working entry again. * man: elaborate on the automatic systemd-journald.socket service dependencies Fixes: #1603
2016-04-26man: elaborate on the automatic systemd-journald.socket service dependenciesLennart Poettering
Fixes: #1603
2016-04-25man: document the new by-fd journal callsLennart Poettering
Also, remove documentation for sd_journal_open_container() as we consider it deprecated now.
2016-04-25man: don't include history sections in man pagesLennart Poettering
I am pretty sure we shouldn't carry history sections in man pages, since it's very hard to keep them correctly updated, the current ones are very out-of-date, and they tend to make APIs appear unnecessarily complex.
2016-04-25nspawn: make -U a tiny bit smarterLennart Poettering
With this change -U will turn on user namespacing only if the kernel actually supports it and otherwise gracefully degrade to non-userns mode.
2016-04-25man: document the new user namespacing optionsLennart Poettering
2016-04-22man: document the default for systemd.timer's Persistent flag (#3099)Evgeny Vereshchagin
Closes #3096
2016-04-22man: don't claim systemd would connect stdout/stderr of daemons with /dev/nullLennart Poettering
2016-04-22journalctl: add --no-hostname switchLennart Poettering
This suppresses output of the hostname for messages from the local system. Fixes: #2342