| Age | Commit message (Collapse) | Author |
|---|
|
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit.
|
|
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list.
|
|
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
|
in via stdin
This allows encoding users to create directly in %pre, which is
necessary so that files owned by the RPM can be assigned to the right
users/groups.
This new macro does create a redundancy, as user definitions for all
users that shall own files need to to be listed twice, once with this
new macro, and then secondly, in the sysusers file shipped with the
package. But there's little way around that, as the users of this type
need to exist before we install the first file, but we actually want to
ship the user information in a file.
|
|
|
|
Start jobs for Type=oneshot units are successful when the unit state
transition activating → inactive took place. In such a case all units
that BindsTo= on it previously would continue to run, even though the unit
they dependet on was actually already gone.
|
|
DBus methods that retrieve information can be called by anyone.
DBus methods that modify state of units are verified via polkit
action: org.freedesktop.systemd1.manage-units
DBus methods that modify state of unit files are verified via polkit
action: org.freedesktop.systemd1.manage-unit-files
DBus methods that reload the entire daemon state are verified via polkit
action: org.freedesktop.systemd1.reload-daemon
DBus methods that modify job state are callable from the clients
that started the job.
root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property
access etc. There are several DBus methods that can only be
called by root.
Open up the dbus1 policy for the above methods.
(Heavily modified by Lennart, making use of the new
bus_verify_polkit_async() version that doesn't force us to always
pass the original callback around. Also, interactive auhentication must
be opt-in, not unconditional, hence I turned this off.)
|
|
|
|
|
|
only, and for all tools
Previously, we ended up parsing some of them three times: in main.c when
processing the kernel cmdline, in main.c when processing the process
cmdline (only for containers), and in log.c again.
Let's streamline this, and only parse them in log.c
In PID 1 also make sure we parse "quiet" first, and then override this
with the more specific checks in log.c
|
|
|
|
This reflects how this field will be used, to not only track where
to send signals, but also which callers (other than root) are allowed
to call DBus methods on the Job.
|
|
Both ofs.Job.Cancel() and ofs.Manager.CancelJob() now use same
implementation. So we can add caller verify logic appropriately.
|
|
|
|
Missed to add the SD_BUS_PROPERTY for no_delay.
|
|
TCP_DEFER_ACCEPT Allow a listener to be awakened only when data
arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side
listening socket, the TCP/IP stack will not to wait for the final
ACK packet and not to initiate the process until the first packet
of real data has arrived. After sending the SYN/ACK, the server will
then wait for a data packet from a client. Now, only three packets
will be sent over the network, and the connection establishment delay
will be significantly reduced.
|
|
The tcp keep alive variables now can be configured via conf
parameter. Follwing variables are now supported by this patch.
tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes
tcp_keepalive_probes: The maximum number of TCP keep-alive probes to
send before giving up and killing the connection if no response is
obtained from the other end.
tcp_keepalive_time: The number of seconds a connection needs to be
idle before TCP begins sending out keep-alive probes.
|
|
|
|
This makes no difference if /usr was mounted in the initrd,
and brings the behaviour of legacy systems closer to those
with a propper initrd.
|
|
This reverts commit 9528592ff8d7ff361da430285deba8196e8984d5.
Apparently TFO is actually the default at least for the server side now.
Also the setsockopt doesn't actually take a bool, but a qlen integer.
|
|
TCP Fast Open (TFO) speeds up the opening of successiveTCP)
connections between two endpoints.It works by using a TFO cookie
in the initial SYN packet to authenticate a previously connected
client. It starts sending data to the client before the receipt
of the final ACK packet of the three way handshake is received,
skipping a round trip and lowering the latency in the start of
transmission of data.
|
|
This patch adds support for TCP TCP_NODELAY socket option. This can be
configured via NoDelay conf parameter. TCP Nagle's algorithm works by
combining a number of small outgoing messages, and sending them all at
once. This controls the TCP_NODELAY socket option.
|
|
Avoids triggering timers prematurely on systems with significantly inaccurate
clocks, or some embedded platforms that lack one entirely.
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-August/021772.html
|
|
switch-root would only mkdir the parents of the mount move directories.
With this patch, the mount move target directory is created to make
switch-root to an empty root directory work.
|
|
We don't support journal-less systems anyway, so let's avoid the
confusion.
|
|
The kernel will set up the IP addresses for us, so don't duplicate that
in userspace.
|
|
A unit should not Conflict with itself. It also does not make
much sense for a unit to be After or Before itself, or to
trigger itself in some way.
If one of those dependency types is encountered, warn, instead
of dropping it silently like other dependency types.
% build/systemd-analyze verify test/loopy3.service
...
Dependency Conflicts dropped when merging unit loopy4.service into loopy3.service
Dependency ConflictedBy dropped when merging unit loopy4.service into loopy3.service
|
|
Adds a pair of files which cause a segfault (also with
systemd-analyze verify).
https://bugzilla.redhat.com/show_bug.cgi?id=1124843
|
|
|
|
getopt is usually good at printing out a nice error message when
commandline options are invalid. It distinguishes between an unknown
option and a known option with a missing arg. It is better to let it
do its job and not use opterr=0 unless we actually want to suppress
messages. So remove opterr=0 in the few places where it wasn't really
useful.
When an error in options is encountered, we should not print a lengthy
help() and overwhelm the user, when we know precisely what is wrong
with the commandline. In addition, since help() prints to stdout, it
should not be used except when requested with -h or --help.
Also, simplify things here and there.
|
|
The unmount occurs after the pivot_root, so the path used to unmount
should take into account the new root directory. This will allow the
umount to actually succeed.
|
|
In practice this shouldn't make much difference, but
sometimes our headers might be newer, and we want to
test them.
|
|
There's little sense in telling the user to look at the logs...
|
|
With everything on one line they are just harder to read.
|
|
$ systemd-analyze verify trailing-g.service
[./trailing-g.service:2] Trailing garbage, ignoring.
trailing-g.service lacks ExecStart setting. Refusing.
Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument.
Failed to create trailing-g.service/start: Invalid argument
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
|
|
At least
t->ignore = f->ignore;
is missing here. Just copy the full struct to be sure.
|
|
We can not reliably manage any notion of local time. Every daylight
saving time change or time zone change by traveling will make the
time jump, and the local time might jump backwards which creates
unsolvable problems with file timestamps.
We will no longer tell the kernel our local time zone and leave
everything set to UTC. This will effectively turn FAT timestamps
into UTC timestamps.
If and only if the machine is configured to read the RTC in local
time mode, the kernel's time zone will be configured, but
systemd-timesysnc will disable the kernel's system time to RTC
syncing. In this mode, the RTC will not be managed, and external
tools like Windows bootups are expected to manage the RTC's time.
https://bugs.freedesktop.org/show_bug.cgi?id=81538
|
|
This makes it easier to debug what is going on.
|
|
There is a small number of the places in sources where we don't check
asprintf() return code and assume that after error the function
returns NULL pointer via the first argument. That's wrong, after
error the content of pointer is undefined.
|
|
|
|
This tool will warn about misspelt directives, unknown sections, and
non-executable commands. It will also catch the common mistake of
using Accept=yes with a non-template unit and vice versa.
https://bugs.freedesktop.org/show_bug.cgi?id=56607
|
|
It can now contain more than one directory, and can be used
to only prepend, not totally override, the normal load path.
|
|
|
|
Also add a bit of debugging output to help diagnose problems,
add missing units, and simplify cppflags.
Move test-engine to normal tests from manual tests, it should now
work without destroying the system.
|
|
|
|
|
|
Also be more verbose in devnode_acl_all().
|
