Age | Commit message (Collapse) | Author |
|
Let's make sure libselinux doesn't spew to stderr
|
|
|
|
|
|
CAP_SYS_BOOT is missing
The kernel's PID namespaces support reboot(2) just fine, so let's make
use of it if possible.
|
|
The kernel implicitly does sync() anyway, hence there is no need to do
that in userspace explicitly. This makes the "-n" switch to halt(8) a
noop.
|
|
After talking to the cgroup kernel folks at LPC we came to the
conclusion that it is probably a good idea to mount all CPU related
resp. all network related cgroup controllers together, both because they
are good defaults for admins and because this might prepare
for eventual kernel cleanups where the ability to mount them separately
is removed.
|
|
|
|
|
|
|
|
|
|
|
|
__secure_getenv() rather than getenv()
It's better to be safe than sorry.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
With this adjustment, we can reuse this code elsewhere, such as in
nspawn.
|
|
|
|
|
|
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.
Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.
|
|
|
|
We want to make sure that everything from the host is also visible in
the sandbox.
|
|
|
|
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
right behaviour when people want writable mounts inside of
read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
|
|
The kernel does not allow switching roots if things are mounted
MS_SHARED. As a work-around, remount things MS_PRIVATE before switching
roots.
This should be fixed in the kernel for good.
https://bugzilla.redhat.com/show_bug.cgi?id=847418
|
|
Because root is now recursively marked as shared on bootup, we need to
recursively mark root as private. This prevents a pivot_root failure on
shutdown:
Cannot finalize remaining file systems and devices, giving up.
pivot failed: Invalid argument
|
|
|
|
Makes possible to specify separate timeout for start and stop of
the service.
[ Improved the manpage. Coding style fix. -- michich ]
|
|
In order to make containers work nicely out of the box it is highly
desirable to have the mount propagation mode for the root fs is set as
"shared" by default so that containers receive system mounts by default.
(See mount --make-shared for more information).
As it is unlikely that the kernel will change the default to "shared"
for this, do this early at boot-up from PID 1. Setups which prefer the
default of "private" should undo this change via invoking "mount
--make-private /" or a similar command after boot.
In the long run /etc/fstab should take the propagation mode as a mount
option like any other, so that this may be used to change the default
mode. However, if fstab is not around or doesn't list / we still should
default to shared as propagation mode, hence this change now.
|
|
|
|
Adds messages for formally silent errors: new "Failed on cmdline argument %s: %s".
Removes some specific error messages for -ENOMEM in mount-setup.c. A few specific
ones have been left in other binaries.
|
|
Old: systemd[1]: Got direct mount request for ffff88003bb10c00, triggered by 14476 (fuser)
New: systemd[1]: Got direct mount request on /dev/mqueue, triggered by 2177 (ls)
|
|
Avoids a compile time warning:
warning: 'null_log' defined but not used [-Wunused-function]
|
|
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
|
|
also reorder the table according to the enum order.
|
|
|
|
|
|
This should address TODO item "new dependency type to "group" services
in a target". Semantic of new dependency is as follows. Once configured
it creates dependency which will cause that all dependent units get
stopped if unit they all depend on is stopped or restarted. Usual use
case would be configuring PartOf=some.target in template unit file
and WantedBy=some.target in [Install] section and enabling desired
number of instances. In this case starting one instance won't pull in
target but stopping or starting target(in case of WantedBy is properly
configured) will cause stop/start of all instances.
|
|
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
|
|
Become the reaper for all children part of the user session. Tested
with several forking services.
|
|
There is no point in clearing the bits of a "struct stat" when the very
next statement just calls stat or fstat to fill in that same memory.
[zj: two more places]
|
|
|
|
It made no sense, and since we are documenting the bus calls now and
want to include them in our stability promise we really should get it
cleaned up sooner, not later.
|
|
|
|
#pragma once has been "un-deprecated" in gcc since 3.3, and is widely supported
in other compilers.
I've been using and maintaining (rebasing) this patch for a while now, as
it annoyed me to see #ifndef fooblahfoo, etc all over the place,
almost arrogant about the annoyance of having to define all these names to
perform a commen but neccicary functionality, when a completely superior
alternative exists.
I havn't sent it till now, cause its kindof a style change, and it is bad
voodoo to mess with style that has been established by more established
editors. So feel free to lambast me as a crazy bafoon.
v2 - preserve externally used headers
|
|
shared abstract socket namespaces
|
|
|
|
start a unit just yet
|