| Age | Commit message (Collapse) | Author |
|---|
|
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
|
|
for us
|
|
As pointed-out by clang -Wunreachable-code.
No behaviour changes.
|
|
remotely
|
|
BlockIOAccounting= for all units at once
|
|
With loaded_policy set to true mount_setup() relabels /dev properly.
|
|
next_elapse_monotonic() should map to the "NextElapseUSecMonotonic"
property and next_elapse_realtime() to "NextElapseUSecRealtime" one.
This makes "systemctl list-timers" compute and show the correct times.
https://bugs.freedesktop.org/show_bug.cgi?id=75272
|
|
hence don't bother
|
|
|
|
We expose the control group of the units on the bus, so let's also
expose the root control group.
|
|
of the message
|
|
for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
|
|
particular devices nodes
|
|
|
|
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
|
|
Currently on at least Fedora, SELinux policy does not come in the
initramfs. systemd will attempt to load *both* in the initramfs and
in the real root.
Now, the selinux_init_load_policy() API has a regular error return
value, as well as an "enforcing" boolean. To determine enforcing
state, it looks for /etc/selinux/config as well as the presence of
"enforcing=" on the kernel command line.
Ordinarily, neither of those exist in the initramfs, so it will return
"unknown" for enforcing, and systemd will simply ignore the failure to
load policy.
|
|
|
|
by uname()'s machine field.
|
|
The parts that require linknig to libcap, libselinux and friends stays in libsystemd-core.
|
|
No functional change, just move code around a bit to make it simpler to split out
some functions.
|
|
|
|
For units without any dependencies, r needs to be initialized to 0.
Otherwise, the return value of unit_add_target_dependencies() is
unspecified.
|
|
first (or second)
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
|
|
|
|
|
|
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
|
|
processes
|
|
And make use of it where appropriate for executing services and for
nspawn.
|
|
This mimics the sd-bus api, as we may need it in the future.
|
|
|
|
|
|
Resolve spotted issues related to missing or extraneous commas, dashes.
|
|
In other parts of systemd, the code checks for " (deleted)",
but in one instance, it did not (yet). Make it do the same.
|
|
If we put a closing bracket on its own line, gperf will complain about
empty lines. Only occurs if the option in question is disabled. So fix the
m4 macros to work properly in both cases.
|
|
|
|
|
|
|
|
Previously, we'd fixed show_state only after printing the welcome
message which had the effect that the welcome message was almost always
suppressed.
|
|
enabled when enabling/disabling cgroup controllers for units
|
|
|
|
|
|
After all, we want to allow userspace to get new privs...
|
|
Previously a cgroup setting down tree would result in cgroup membership
additions being propagated up the tree and to the siblings, however a
unit could never lose cgroup memberships again. With this change we'll
make sure that both cgroup additions and removals propagate properly.
|
|
If PID 1 debug logging is enabled, it is nice to keep those settings
when switching to systemd-shutdown binary, independently of whether
this was done through /proc/cmdline options, or through runtime
manipulations.
|
|
|
|
In cryptsetup-generator automatic cleanup had to be replaced
with manual cleanup, and the code gets a bit longer. But existing
code had the issue that it returned negative values from main(),
which was wrong, so should be reworked anyway.
|
|
|
|
Fix for commit e10c9985bb.
|
|
|
|
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd
actually reaps the zombie. Which leads to service_load_pid_file accepting
zombie as a valid pid.
This fixes timeouts like:
[ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing.
[ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring.
[ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing.
[ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
|
