Age | Commit message (Collapse) | Author |
|
define for the max number of rlimits, too
|
|
|
|
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
|
|
Inexplicably, 550a40ec ('core: do not print invalid utf-8 in error
messages') only fixed two paths. Convert all of them now.
|
|
This mirrors set_consume and makes the common use a bit nicer.
|
|
|
|
The code checked for two lvalues that aren't even using
config_parse_path(), so let's drop these checks and make the function
completely generic again.
|
|
load-fragment.c
The parse code actually checked for specific lvalue names, which is
really wrong for supposedly generic parsers...
|
|
Let's keep specific config parsers close to where they are needed. Only
the really generic ones should be defined in conf-parser.[ch].
|
|
Let's make the scope of the show-status stuff a bit smaller, and make it
private to the core, rather than shared API in shared/.
|
|
"level" is a bit too generic, let's clarify what kind of level we are
referring to here.
|
|
As discussed on the ML these are useful to manage runtime directories
below /run for services.
|
|
Things like 3B4T, 4B50B, 400 100 (meaning 4*1024**4+3, 54, and 500,
respectively) are now disallowed. It is necessary to say 4T3B, 54B,
500 instead. I think this was confusing and error prone.
As a special form, 400B 100 is allowed, i.e. "B" suffix is treated
as different from "", although they mean the same thing.
|
|
It seems natural to be able to say SystemMaxUsage=1.5G.
https://bugzilla.redhat.com/show_bug.cgi?id=1047568
|
|
Add Tilera's TILE-GX processor family support.
|
|
If a message had zero length, journalctl would print no newline, and
two output lines would be concatenated. Fix. The problem was
introduced in commit 31f7bf199452 ("logs-show: print multiline
messages"). Affected short and verbose output modes.
Before fix:
Feb 09 21:16:17 glyph dhclient[1323]: Feb 09 21:16:17 glyph NetworkManager[788]: <info> (enp4s2): DHCPv4 state changed nbi -> preinit
after:
Feb 09 21:16:17 glyph dhclient[1323]:
Feb 09 21:16:17 glyph NetworkManager[788]: <info> (enp4s2): DHCPv4 state changed nbi -> preinit
|
|
|
|
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
|
|
GREEDY_REALLOC takes a pointer to the real size, not the array-width as
argument. Therefore, our array is currently way to small to keep the seat
positions.
Introduce GREEDY_REALLOC0_T() as typed version of GREEDY_REALLOC and store
the array-width instead of array-size.
|
|
As pointed-out by clang -Wunreachable-code.
No behaviour changes.
|
|
|
|
|
|
Systemd creates directories in /dev. These directories will
get the label of systemd, which is the label of the System
domain, which is not accessable to everyone. Relabel the
directories, files and symlinks created so that they can be
generally used.
Based on a patch by Casey Schaufler <casey@schaufler-ca.com>.
|
|
This makes llvm happy when we assign an error code to the variable.
|
|
for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
|
|
../src/shared/unit-name.c:462: error: undefined reference to 'sd_bus_label_escape'
../src/shared/unit-name.c:477: error: undefined reference to 'sd_bus_label_unescape'
collect2: error: ld returned 1 exit status
|
|
Also fix a copy-paste error that broke matching on interface name.
|
|
to deprecate them one day
|
|
Apparently bash doesn't turn off non-blocking mode on stdin/stdout when
reading from it, so be nice to bash. Ideally bash would do this on its
own for robustness reasons, though.
https://bugs.freedesktop.org/show_bug.cgi?id=70622
|
|
|
|
Use 'if defined()', not 'ifdef defined()'. Fixes the following warning.
CC src/shared/architecture.lo
In file included from src/shared/architecture.c:24:0:
src/shared/architecture.h:89:17: warning: extra tokens at end of #ifdef
directive [enabled by default]
# ifdef defined(WORDS_BIGENDIAN)
^
|
|
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
|
|
|
|
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
|
|
by uname()'s machine field.
|
|
For now support globbing for interface name and path.
|
|
|
|
The parts that require linknig to libcap, libselinux and friends stays in libsystemd-core.
|
|
|
|
|
|
|
|
Suggested by Holger Schurig.
|
|
|
|
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
|
|
|
|
These were added to the kernel between 3.5 and 3.9, let's not require such
recent kernels (yet).
|
|
processes
|
|
containers on a 64bit host
|
|
And make use of it where appropriate for executing services and for
nspawn.
|
|
|