summaryrefslogtreecommitdiff
path: root/src/nspawn
AgeCommit message (Collapse)Author
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
2016-02-03nspawn: make sure --help fits it 79chLennart Poettering
2016-02-03nspawn: optionally run a stub init process as PID 1Lennart Poettering
This adds a new switch --as-pid2, which allows running commands as PID 2, while a stub init process is run as PID 1. This is useful in order to run arbitrary commands in a container, as PID1's semantics are different from all other processes regarding reaping of unknown children or signal handling.
2016-02-03nspawn: add new --chdir= switchLennart Poettering
Fixes: #2192
2016-02-01core: fix support for transient resource limit propertiesLennart Poettering
Make sure we can properly process resource limit properties. Specifically, allow transient configuration of both the soft and hard limit, the same way from the unit files. Previously, only the the hard rlimits could be configured but they'd implicitly spill into the soft hard rlimits. This also updates the client-side code to be able to parse hard/soft resource limit specifications. Since we need to serialize two properties in bus_append_unit_property_assignment() now, the marshalling of the container around it is now moved into the function itself. This has the benefit of shortening the calling code. As a side effect this now beefs up the rlimit parser of "systemctl set-property" to understand time and disk sizes where that's appropriate.
2016-01-28nspawn: make sure --link-journal=host may be used twice in a rowLennart Poettering
Fixes #2186 This fixes fall-out from 574edc90066c3faeadcf4666928ed9b0ac409c75.
2016-01-28nspawn: make journal linking non-fatal in try and auto modesLennart Poettering
Fixes #2091
2016-01-25nspawn: fix memory leakMichal Sekletar
2016-01-12capabilities: keep bounding set in non-inverted format.Ismo Puustinen
Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-06nspawn: fix two typos in error messagesDaniel Mack
On errors, mention the functions that really failed.
2015-12-28nspawn: userns and unified cgroup: chown cgroup.eventsAlban Crequy
When starting a container in a new user namespace, systemd-nspawn chowns the cgroup knob files so they are usable by the container. But the cgroup knob file "cgroup.events" was missing. This file exists when the unified hierarchy is used.
2015-12-04nspawn: set TasksMax in machined instead of nspawnAlban Crequy
https://github.com/systemd/systemd/issues/2016
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-17Merge pull request #1926 from phomes/include-order-libudevDaniel Mack
tree-wide: group include of libudev.h with sd-*
2015-11-17tree-wide: group include of libudev.h with sd-*Thomas Hindoe Paaboel Andersen
2015-11-17tree-wide: use right cast macros for UIDs, GIDs and PIDsLennart Poettering
2015-11-17Merge pull request #1923 from zonque/siphashLennart Poettering
siphash24: let siphash24_finalize() and siphash24() return the result…
2015-11-16siphash24: let siphash24_finalize() and siphash24() return the result directlyDaniel Mack
Rather than passing a pointer to return the result, return it directly from the function calls. Also, return the result in native endianess, and let the callers care about the conversion. For hash tables and bloom filters, we don't care, but in order to keep MAC addresses and DHCP client IDs stable, we explicitly convert to LE.
2015-11-16tree-wide: sort includesThomas Hindoe Paaboel Andersen
Sort the includes accoding to the new coding style.
2015-11-16Merge pull request #1916 from zonque/alignTom Gundersen
siphash: alignment
2015-11-16siphash24: change result argument to uint64_tMartin Pitt
Change the "out" parameter from uint8_t[8] to uint64_t. On architectures which enforce pointer alignment this fixes crashes when we previously cast an unaligned array to uint64_t*, and on others this should at least improve performance as the compiler now aligns these properly. This also simplifies the code in most cases by getting rid of typecasts. The only place which we can't change is struct duid's en.id, as that is _packed_ and public API, so we can't enforce alignment of the "id" field and have to use memcpy instead.
2015-11-16nspawn: set TasksMax= for containers to 8192 by defaultLennart Poettering
2015-11-12nspawn: add new --network-veth-extra= switch for defining additional veth linksLennart Poettering
The new switch operates like --network-veth, but may be specified multiple times (to define multiple link pairs) and allows flexible definition of the interface names. This is an independent reimplementation of #1678, but defines different semantics, keeping the behaviour completely independent of --network-veth. It also comes will full hook-up for .nspawn files, and the matching documentation.
2015-11-09Merge pull request #1820 from michich/errno-v2Daniel Mack
[v2] treewide: treatment of errno and other cleanups
2015-11-09treewide: apply errno.cocciMichal Schmidt
with small manual cleanups for style.
2015-11-09Merge pull request #1799 from jengelh/docLennart Poettering
doc: typo and ortho fixes
2015-11-09nspawn: support custom container service nameIago López Galeiras
We were hardcoding "systemd-nspawn" as the value of the $container env variable and "nspawn" as the service string in machined registration. This commit allows the user to configure it by setting the $SYSTEMD_NSPAWN_CONTAINER_SERVICE env variable when calling systemd-nspawn. If $SYSTEMD_NSPAWN_CONTAINER_SERVICE is not set, we use the string "systemd-nspawn" for both, fixing the previous inconsistency.
2015-11-06doc: correct orthography, word forms and missing/extraneous wordsJan Engelhardt
2015-11-06doc: correct punctuation and improve typography in documentationJan Engelhardt
2015-11-05nspawn: save errno before reopening log after exec failureMichal Schmidt
2015-11-05nspawn: no fake errnoMichal Schmidt
The S_ISREG test does not set errno, so don't use it in the error message.
2015-11-05nspawn: simplify error returnsMichal Schmidt
Use the "return log_error_errno(...)" idiom to have fewer curly braces. The last hunk also fixes the return value of setup_journal(), but the fix has no practical effect.
2015-11-05treewide: use the negative error codes returned by our functionsMichal Schmidt
Our functions return negative error codes. Do not rely on errno being set after calling our own functions.
2015-10-31core,nspawn: minor coding style fixesLennart Poettering
2015-10-28nspwan: port to extract_first_wordSusant Sahani
2015-10-27process-util: move a couple of process-related calls overLennart Poettering
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27util-lib: split out printf() helpers to stdio-util.hLennart Poettering
2015-10-27user-util: move UID/GID related macros from macro.h to user-util.hLennart Poettering
2015-10-27src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → ↵Lennart Poettering
capability-util.[ch] The files are named too generically, so that they might conflict with the upstream project headers. Hence, let's add a "-util" suffix, to clarify that this are just our utility headers and not any official upstream headers.
2015-10-27util-lib: split out umask-related code to umask-util.hLennart Poettering
2015-10-27util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch]Lennart Poettering
2015-10-27util-lib: move a number of fs operations into fs-util.[ch]Lennart Poettering
2015-10-27util-lib: move mount related utility calls to mount-util.[ch]Lennart Poettering
2015-10-27util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]Lennart Poettering
2015-10-26socket-util: move remaining socket-related calls from util.[ch] to ↵Lennart Poettering
socket-util.[ch]
2015-10-26util-lib: split out user/group/uid/gid calls into user-util.[ch]Lennart Poettering
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
There are more than enough to deserve their own .c file, hence move them over.
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.