Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
library
|
|
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
|
|
|
|
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
|
|
|
|
|
|
After that functions which add matches, show_journal_by_unit
and show_journal_by_user_unit, become nearly identical, so
I merged them into one function.
|
|
Just like mempcpy() is almost identical to memcpy() except the useful
return value, so is the relation of mempset() to memset().
|
|
|
|
Commit 984a2be4 failed to adjust this caller of status_printf().
|
|
|
|
The argument given to the __attribute__((cleanup)) functions is the
address of the variable that's going out of scope. It cannot be NULL.
The "if (!s)" check in set_freep() is pointless.
Perhaps "if (!*s)" was intented. But that's pointless too, because
set_free()/set_free_free() are OK to call with a NULL argument (just
like free()).
Setting "*s = NULL" is pointless, because the variable that s points
to is about to go out of scope.
The same holds for strv_freep().
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=868383
Primary reason to do this is to ensure "-e" works as intended, and is
not ignored because the user set his own LESS variable.
|
|
$ journalctl -be
is what you want :)
https://bugzilla.redhat.com/show_bug.cgi?id=867841
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=61491
|
|
This follows the suggestions from:
http://lists.freedesktop.org/archives/systemd-devel/2013-March/009363.html
|
|
The "OK" status messages should not draw attention to themselves.
It's better if they're not printed in bright/bold. Leave that
to errors and warnings.
Use a plain inconspicuous enterprisey green.
|
|
This partially reverts 7ad94c716d6403233d04c4d37cb14df958c9b65d.
After that commit commands such as "systemctl enable" and friends
printed the search path information multiple times in its output, which
is ugly.
If we want the search paths to be printed at a higher log level, then we
should do this in PID 1 only, i.e. split the printing out of the normal
path lookup logic and invoke that explicitly from PID 1 but not in the
auxiliary tools.
|
|
Using less as a pager sometimes breaks terminal when output
is interrupted by ctrl-c.
Reproducer: run 'sudo journalctl' ctrl-c.
Thanks mbriza@redhat.com for the solution.
|
|
|
|
Sometimes the boot gets stuck until a timeout hits. The usual timeouts
are on the order of minutes, so users may lose patience.
Print animated status messages telling the names of units with running
jobs to make it easy to see what systemd is waiting for.
The animation looks cooler with a shorter interval, but 1 s is OK and
should not be too hard on slow serial console users.
|
|
|
|
Ephemeral status lines do not end with a newline and they expect to be
overwritten by the next printed status line.
|
|
This introduces a new static list of known attributes and their special
semantics. This means that cgroup attribute values can now be
automatically translated from user to kernel notation for command line
set settings, too.
This also adds proper support for multi-line attributes.
|
|
This reverts commit 4a01181e460686d8b4a543b1dfa7f77c9e3c5ab8.
This patch broke LOG_TARGET_AUTO, i.e. automatic selection of STDERR if
it is a TTY with a fallback on the journal and kmsg otherwise.
The general rule should probably be:
log_open() -- open the "best" possible logging channel according to
log_target configuration.
log_dispatch() -- don't open any log channels ever, with the exception
of kmsg since that has no drawbacks. And do this only on true errors of
the better log channel, not just when it wasn't opened.
|
|
|
|
write_to_journal() returns 0 if journal_fd is closed and nothing is
written. We need to make sure we'll try log_open_kmsg() then to make the
fallback work for "journal-or-kmsg".
|
|
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
|
|
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
|
|
|
|
runtime-optional already)
|
|
order in the efivars fs is probably not useful
This also introduces a new FOREACH_DIRENT macro and makes use of it.
|
|
|
|
|
|
This reverts commit 2826d14091e43ed3397d862dee79d09d0115c84e.
We never should generate log messages from a library.
|
|
[zj: Reworded message s/to watch/to add watch on/ to make it clear
that it was the watch init action that failed, and not the
"process of watching". I think this way it'll be clearer to
people who don't know what inotify does.]
|
|
Alias as systemd-user.conf is also provided. This should help
users running systemd in session mode.
https://bugzilla.redhat.com/show_bug.cgi?id=690868
|
|
The current code might make sense during startup for service restart
limiting:
With burst=1 after starting num is 1, so the next ('first') restart is
still accepted ( 1 <= 1). However, once interval has expired, num is 1
after the first restart, so the second restart is also accepted.
This change is also useful in combination with watchdogs:
With burst=1 and a very large interval the system can be restarted on
the first failure.
|
|
See the linked references for why we should not do this.
|
|
|
|
|
|
|
|
|