summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-12-02networkd: VXLAN add better explanation for ARPProxy (#4781)Susant Sahani
This closes #4768
2016-12-01nspawn: optionally, automatically allocated --bind=/--overlay source from ↵Lennart Poettering
/var/tmp This extends the --bind= and --overlay= syntax so that an empty string as source/upper directory is taken as request to automatically allocate a temporary directory below /var/tmp, whose lifetime is bound to the nspawn runtime. In combination with the "+" path extension this permits a switch "--overlay=+/var::/var" in order to use the container's shipped /var, combine it with a writable temporary directory and mount it to the runtime /var of the container.
2016-12-01nspawn: permit prefixing of source paths in --bind= and --overlay= with "+"Lennart Poettering
If a source path is prefixed with "+" it is taken relative to the container's root directory instead of the host. This permits easily establishing bind and overlay mounts based on data from the container rather than the host. This also reworks custom_mounts_prepare(), and turns it into two functions: one custom_mount_check_all() that remains in nspawn.c but purely verifies the validity of the custom mounts configured. And one called custom_mount_prepare_all() that actually does the preparation step, sorts the custom mounts, resolves relative paths, and allocates temporary directories as necessary.
2016-12-01nspawn: add ability to configure overlay mounts to .nspawn filesLennart Poettering
Fixes: #4634
2016-11-30Merge pull request #4745 from joukewitteveen/notifyEvgeny Vereshchagin
Improvements for notify services (including #4212)
2016-11-29service: new NotifyAccess= value for control processes (#4212)Jouke Witteveen
Setting NotifyAccess=exec allows notifications coming directly from any control process.
2016-11-29bus-util: add protocol error type explanationJouke Witteveen
2016-11-29units: add system-update-cleanup.service to guard against offline-update loopsZbigniew Jędrzejewski-Szmek
Note: the name is "system-update-cleanup.service" rather than "system-update-done.service", because it should not run normally, and also because there's already "systemd-update-done.service", and having them named so similarly would be confusing. In https://bugzilla.redhat.com/show_bug.cgi?id=1395686 the system repeatedly entered system-update.target on boot. Because of a packaging issue, the tool that created the /system-update symlink could be installed without the service unit that was supposed to perform the upgrade (and remove the symlink). In fact, if there are no units in system-update.target, and /system-update symlink is created, systemd always "hangs" in system-update.target. This is confusing for users, because there's no feedback what is happening, and fixing this requires starting an emergency shell somehow, and also knowing that the symlink must be removed. We should be more resilient in this case, and remove the symlink automatically ourselves, if there are no upgrade service to handle it. This adds a service which is started after system-update.target is reached and the symlink still exists. It nukes the symlink and reboots the machine. It should subsequently boot into the default default.target. This is a more general fix for https://bugzilla.redhat.com/show_bug.cgi?id=1395686 (the packaging issue was already fixed).
2016-11-29man: update the description of offline updatesZbigniew Jędrzejewski-Szmek
- use "service" instead of "script", because various offline updaters that we have aren't really scripts, e.g. dnf-plugin-system-upgrade, packagekit-offline-update, fwupd-offline-update. - strongly recommend After=sysinit.target, Wants=sysinit.target - clarify a bit what should happen when multiple update services are started - replace links to the wiki with refs to the man page that replaced it.
2016-11-28socket-proxyd: Introduced dynamic connection limit via an option. (#4749)(GalaxyMaster)
2016-11-24calendarspec: make specifications with ranges reversibleDouglas Christman
"*-*-01..03" is now formatted as "*-*-01..03" instead of "*-*-01,02,03"
2016-11-23man: document protocol error type for service failures (#4724)Jouke Witteveen
2016-11-23calendarspec: add support for scheduling timers at the end of the monthDouglas Christman
"*-*~1" => The last day of every month "*-02~3..5" => The third, fourth, and fifth last days in February "Mon 05~07/1" => The last Monday in May Resolves #3861
2016-11-22Merge pull request #4692 from poettering/networkd-dhcpZbigniew Jędrzejewski-Szmek
Various networkd/DHCP fixes.
2016-11-22Document an edge-case with resume and mounting (#4581)Janne Heß
When trying to read keyfiles from an encrypted partition to unlock the swap, a cyclic dependency is generated because systemd can not mount the filesystem before it has checked if there is a swap to resume from. Closes #3940
2016-11-22nspawn: add fallback top normal copy/reflink when we cannot btrfs snapshotLennart Poettering
Given that other file systems (notably: xfs) support reflinks these days, let's extend the file system snapshotting logic to fall back to plan copies or reflinks when full btrfs subvolume snapshots are not available. This essentially makes "systemd-nspawn --ephemeral" and "systemd-nspawn --template=" available on non-btrfs subvolumes. Of course, both operations will still be slower on non-btrfs than on btrfs (simply because reflinking each file individually in a directory tree is still slower than doing this in one step for a whole subvolume), but it's probably good enough for many cases, and we should provide the users with the tools, they have to figure out what's good for them. Note that "machinectl clone" already had a fallback like this in place, this patch generalizes this, and adds similar support to our other cases.
2016-11-22nspawn: support ephemeral boots from imagesLennart Poettering
Previously --ephemeral was only supported with container trees in btrfs subvolumes (i.e. in combination with --directory=). This adds support for --ephemeral in conjunction with disk images (i.e. --image=) too. As side effect this fixes that --ephemeral was accepted but ignored when using -M on a container that turned out to be an image. Fixes: #4664
2016-11-21seccomp: add @filesystem syscall group (#4537)Lennart Poettering
@filesystem groups various file system operations, such as opening files and directories for read/write and stat()ing them, plus renaming, deleting, symlinking, hardlinking.
2016-11-21man: make /etc/nsswitch.conf documentation for nss-resolve match exampleLennart Poettering
Fixes: #4683
2016-11-18Merge pull request #4538 from fbuihuu/confirm-spawn-fixesLennart Poettering
Confirm spawn fixes/enhancements
2016-11-17core: allow to redirect confirmation messages to a different consoleFranck Bui
It's rather hard to parse the confirmation messages (enabled with systemd.confirm_spawn=true) amongst the status messages and the kernel ones (if enabled). This patch gives the possibility to the user to redirect the confirmation message to a different virtual console, either by giving its name or its path, so those messages are separated from the other ones and easier to read.
2016-11-17namespace: simplify, optimize and extend handling of mounts for namespaceLennart Poettering
This changes a couple of things in the namespace handling: It merges the BindMount and TargetMount structures. They are mostly the same, hence let's just use the same structue, and rely on C's implicit zero initialization of partially initialized structures for the unneeded fields. This reworks memory management of each entry a bit. It now contains one "const" and one "malloc" path. We use the former whenever we can, but use the latter when we have to, which is the case when we have to chase symlinks or prefix a root directory. This means in the common case we don't actually need to allocate any dynamic memory. To make this easy to use we add an accessor function bind_mount_path() which retrieves the right path string from a BindMount structure. While we are at it, also permit "+" as prefix for dirs configured with ReadOnlyPaths= and friends: if specified the root directory of the unit is implicited prefixed. This also drops set_bind_mount() and uses C99 structure initialization instead, which I think is more readable and clarifies what is being done. This drops append_protect_kernel_tunables() and append_protect_kernel_modules() as append_static_mounts() is now simple enough to be called directly. Prefixing with the root dir is now done in an explicit step in prefix_where_needed(). It will prepend the root directory on each entry that doesn't have it prefixed yet. The latter is determined depending on an extra bit in the BindMount structure.
2016-11-16systemctl: show waiting jobs when "systemctl list-jobs --after/--before" is ↵Lennart Poettering
called Let's expose the new bus functions we added in the previous commit in systemctl.
2016-11-15doc: move ProtectKernelModules= documentation near ProtectKernelTunalbes=Djalal Harouni
2016-11-15doc: note when no new privileges is impliedDjalal Harouni
2016-11-11man: add Itanium root GUID to table (#4656)Lucas Werkmeister
This GUID was added in #2263, but the manpage was not updated.
2016-11-11fstab-generator: add x-systemd.mount-timeout (#4603)Christian Hesse
This adds a new systemd fstab option x-systemd.mount-timeout. The option adds a timeout value that specifies how long systemd waits for the mount command to finish. It allows to mount huge btrfs volumes without issues. This is equivalent to adding option TimeoutSec= to [Mount] section in a mount unit file. fixes #4055
2016-11-11man: update machine-id(5) with a note about privacy (#4645)Zbigniew Jędrzejewski-Szmek
2016-11-10networkd: support setting dhcp client listen port (#4631)Susant Sahani
Allow setting custom port for the DHCP client to listen on in networkd. [DHCP] ListenPort=6677
2016-11-10man: mention start rate limiting in Restart= doc (#4637)Lucas Werkmeister
2016-11-10Link: port to new ethtool ETHTOOL_xLINKSETTINGSSusant Sahani
Link: port to new ethtool ETHTOOL_xLINKSETTINGS This patch defines a new ETHTOOL_GLINKSETTINGS/SLINKSETTINGS API, handled by the new get_link_ksettings/set_link_ksettings . This is a WIP version based on this [kernel patch](https://patchwork.kernel.org/patch/8411401/). commit 0527f1c http://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cfommit 35afb33
2016-11-09man/sd_watchdog_enabled: correct minor typos (#4632)Jonathan Boulle
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
core: add new RestrictNamespaces= unit file setting Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08man: fix typo (#4615)Yu Watanabe
2016-11-08man: add an example how to unconditionally empty a directory (#4570)Zbigniew Jędrzejewski-Szmek
It was logical, but not entirely obvious, that 'e' with no arguments does nothing. Expand the explanation a bit and add an example. Fixes #4564.
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-04man: update kernel-install(8) to match reality (#4563)Zbigniew Jędrzejewski-Szmek
2016-11-03Merge pull request #4548 from keszybz/seccomp-helpZbigniew Jędrzejewski-Szmek
systemd-analyze syscall-filter
2016-11-03doc: clarify NoNewPrivileges (#4562)Kees Cook
Setting no_new_privs does not stop UID changes, but rather blocks gaining privileges through execve(). Also fixes a small typo.
2016-11-03seccomp-util, analyze: export comments as a help stringZbigniew Jędrzejewski-Szmek
Just to make the whole thing easier for users.
2016-11-03analyze: add syscall-filter verbZbigniew Jędrzejewski-Szmek
This should make it easier for users to understand what each filter means as the list of syscalls is updated in subsequent systemd versions.
2016-11-02man: fix two typos (is → are) (#4544)Lucas Werkmeister
2016-11-02Merge pull request #4456 from keszybz/stored-fdsLennart Poettering
Preserve stored fds over service restart
2016-11-02man: document that too strict system call filters may affect the service managerLennart Poettering
If execve() or socket() is filtered the service manager might get into trouble executing the service binary, or handling any failures when this fails. Mention this in the documentation. The other option would be to implicitly whitelist all system calls that are required for these codepaths. However, that appears less than desirable as this would mean socket() and many related calls have to be whitelisted unconditionally. As writing system call filters requires a certain level of expertise anyway it sounds like the better option to simply document these issues and suggest that the user disables system call filters in the service temporarily in order to debug any such failures. See: #3993.
2016-11-02seccomp: add two new syscall groupsLennart Poettering
@resources contains various syscalls that alter resource limits and memory and scheduling parameters of processes. As such they are good candidates to block for most services. @basic-io contains a number of basic syscalls for I/O, similar to the list seccomp v1 permitted but slightly more complete. It should be useful for building basic whitelisting for minimal sandboxes
2016-11-02man: two minor fixesLennart Poettering
2016-11-02seccomp: include pipes and memfd in @ipcLennart Poettering
These system calls clearly fall in the @ipc category, hence should be listed there, simply to avoid confusion and surprise by the user.
2016-11-02seccomp: drop execve() from @process listLennart Poettering
The system call is already part in @default hence implicitly allowed anyway. Also, if it is actually blocked then systemd couldn't execute the service in question anymore, since the application of seccomp is immediately followed by it.
2016-11-02seccomp: add clock query and sleeping syscalls to "@default" groupLennart Poettering
Timing and sleep are so basic operations, it makes very little sense to ever block them, hence don't.
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…