| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Stop importing non-sensical kernel-exported variables. All
parameters in the kernel command line are exported to the
initial environment of PID1, but suppressed if they are
recognized by kernel built-in code. The EFI booted kernel
will add further kernel-internal things which do not belong
into userspace.
The passed original environ data of the process is not touched
and preserved across re-execution, to allow external reading of
/proc/self/environ for process properties like container*=.
|
|
|
|
If you want timing information from the initramfs, use systemd in the
initramfs.
|
|
|
|
Since the cgroupfs is currently not virtualized for containers we
shouldn't reset the hosts agent from the container.
|
|
reload/reexec of PID 1
Since we'll unload all units/job during a reload, and then readd them it
is really useful for clients to be aware of this phase hence sent a
signal out before and after. This signal is called "Reloading" (despite
the fact that it is also sent out during reexecution, which we consider
a special case in this context) and has one boolean parameter which is
true for the signal sent before the reload, and false for the signal
after the reload. The UnitRemoved/JobRremoved and UnitNew/JobNew due to
the reloading are guranteed to be between the pair of Reloading
messages.
|
|
|
|
|
|
During shutdown, when we try to clean up all remaining processes, the
kernel will fork new agents every time a cgroup runs empty. These
new processes cause delays in the final SIGTERM, SIGKILL logic.
Apart from that, this should also avoid that the kernel-forked binaries
cause unpredictably timed access to the filesystem which we might need to
unmount.
|
|
Use proper grammar, word usage, adjective hyphenation, commas,
capitalization, spelling, etc.
To improve readability, some run-on sentences or sentence fragments were
revised.
[zj: remove the space from 'file name', 'host name', and 'time zone'.]
|
|
|
|
Transient units can be created via the bus API. They are configured via
the method call parameters rather than on-disk files. They are subject
to normal GC. Transient units currently may only be created for
services (however, we will extend this), and currently only ExecStart=
and the cgroup parameters can be configured (also to be extended).
Transient units require a unique name, that previously had no
configuration file on disk.
A tool systemd-run is added that makes use of this functionality to run
arbitrary command lines as transient services:
$ systemd-run /bin/ping www.heise.de
Will cause systemd to create a new transient service and run ping in it.
|
|
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
|
|
|
This complements existing functionality of setting variables
through 'systemctl set-environment', the kernel command line,
and through normal environment variables for systemd in session
mode.
|
|
This is a minor fix because it's not a major issue, this fix just avoid
to get EINVAL error from sigaction(2).
There are two signals can not handled at user space, SIGKILL and
SIGSTOP even we're PID 1, trying to handle these two signals will get
EINVAL error.
There are two kinds of systemd instance, running as system manager or
user session manager, apparently, the latter is a general user space
process which can not handle SIGKILL. The special pid 1 also can not
do that refer to kernel/signal.c:do_sigaction().
However, pid 1 is unkillable because the kernel did attach
SIGNAL_UNKILLABLE to it at system boot up, refer to
init/main.c:start_kernel()
--> rest_init()
--> kernel_thread()
--> kernel_init()
--> init_post()
current->signal->flags |= SIGNAL_UNKILLABLE
|
|
|
|
This partially reverts commit c3a170f3, which moved
efi_get_boot_timestamps too early in main(), before
/sys is assured to be mounted
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=64371
[tomegun: in particular /sys/firmware/efi/efivars needs to be
mounted, which is not a problem if a systemd-initramfs containing
the correct module is being used. But not everyone uses an
initramfs...]
|
|
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
|
The time for systemd initialization and selinux policy loading
is accounted to the initrd or the kernel, which is wrong.
Instead of:
Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) +
975ms (initrd) + 1.410s (userspace) = 8.647s
the more correct output is:
Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) +
475ms (initrd) + 1.910s (userspace) = 8.647s
|
|
Disallow recursive .include, and make it unavailable in anything but
unit files.
|
|
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
|
bus_error and bus_error_message_or_strerror dit almost exactly the same,
so use only one of them and place it in dbus-common.
|
|
|
|
The information about the unit for which files are being parsed
is passed all the way down. This way messages land in the journal
with proper UNIT=... or USER_UNIT=... attribution.
'systemctl status' and 'journalctl -u' not displaying those messages
has been a source of confusion for users, since the journal entry for
a misspelt setting was often logged quite a bit earlier than the
failure to start a unit.
Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
|
|
|
|
When switching root, i.e. LANG can be set to the locale of the initramfs
or "C", if it was unset. When systemd deserializes LANG in the real root
this would overwrite the setting previously gathered by locale_set().
To reproduce, boot with an initramfs without locale.conf or change
/etc/locale.conf to a different language than the initramfs and check a
daemon started by systemd:
$ tr "$\000" '\n' </proc/$(pidof sshd)/environ | grep LANG
LANG=C
To prevent that, serialization of environment variables is skipped, when
serializing for switching root.
https://bugzilla.redhat.com/show_bug.cgi?id=949525
|
|
|
|
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
|
|
Instead of outputting "5h 55s 50ms 3us" we'll now output "5h
55.050003s". Also, while outputting the accuracy is configurable.
Basically we now try use "dot notation" for all time values > 1min. For
>= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and
finally 'us'.
This should give reasonably values in most cases.
|
|
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
|
|
The ~80 chars per line part wasn't well received.
|
|
Use _cleanup_ and wrap lines to ~80 chars and such.
|
|
|
|
|
|
This completes c1dae1b3c9729fb8ab749dd4e2dad07e0fad7ed8 in a way.
|
|
Back from old times when we developed systemd on non-systemd hosts we
still mounted the missing directories such as the cgroup stuff even when
running with a PID != 1. There's no point for that anymore, so let's
just do that if we are actually PID 1, and never otherwise.
https://bugs.freedesktop.org/show_bug.cgi?id=62354
|
|
In order to maintain compatibility with older initrds which do not have
AllowIsolate=yes set for their target units, fallback to JOB_REPLACE if
JOB_ISOLATE doesn't work, but complain about it.
|
|
SMACK is the Simple Mandatory Access Control Kernel, a minimal
approach to Access Control implemented as a kernel LSM.
The kernel exposes the smackfs filesystem API through which access
rules can be loaded. At boot time, we want to load the access rules
as early as possible to ensure all early boot steps are checked by Smack.
This patch mounts smackfs at the new location at /sys/fs/smackfs for
kernels 3.8 and above. The /smack mountpoint is not supported.
After mounting smackfs, rules are loaded from the usual location.
For more information about Smack see:
http://www.kernel.org/doc/Documentation/security/Smack.txt
|
|
move mount_setup_early() call to main.c, before security module setup,
so there are no more repeat calls.
|
|
arguments in PID 1
https://bugzilla.redhat.com/show_bug.cgi?id=880025
|
|
This allows switch-root to work correctly if a unit is active both before and
after the switch-root, but its dependencies change. Before the patch, any
dependencies added to active units by switch-root will not be pulled, in
particular filesystems configured in /etc/fstab would not be activated if
local-fs.target was active in the initrd.
It is not clear to me if there is a bug in the REPLACE handling, or if it is
working as expected and that we really want to use ISOLATE instead as this patch
does.
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
Yay, we now have a completely generic systemd. No distribution specific checks anymore!
|
|
|
|
kmod is unecessary if loadable module support is disabled in the kernel,
so make the dependency optional.
|
