| Age | Commit message (Collapse) | Author |
|---|
|
We will (at least at first), restrict our focus to running the server
on at most one interface.
|
|
Bind to UDP socket and listen for messages, discarding anything we receive.
|
|
|
|
For this to work nicely we need to use REUSEADDR so that more than one socket
can be open at the same time. Also, we request the ifindex to be appended
to incoming messages, so we know whence it came.
|
|
This new condition allows checking whether /etc or /var are out-of-date
relative to /usr. This is the counterpart for the update flag managed by
systemd-update-done.service. Services that want to be started once after
/usr got updated should use:
[Unit]
ConditionNeedsUpdate=/etc
Before=systemd-update-done.service
This makes sure that they are only run if /etc is out-of-date relative
to /usr. And that it will be executed after systemd-update-done.service
which is responsible for marking /etc up-to-date relative to the current
/usr.
ConditionNeedsUpdate= will also checks whether /etc is actually
writable, and not trigger if it isn't, since no update is possible then.
|
|
/usr has changed
In order to support offline updates to /usr, we need to be able to run
certain tasks on next boot-up to bring /etc and /var in line with the
updated /usr. Hence, let's devise a mechanism how we can detect whether
/etc or /var are not up-to-date with /usr anymore: we keep "touch
files" in /etc/.updated and /var/.updated that are mtime-compared with
/usr. This means:
Whenever the vendor OS tree in /usr is updated, and any services that
shall be executed at next boot shall be triggered, it is sufficient to
update the mtime of /usr itself. At next boot, if /etc/.updated and/or
/var/.updated is older than than /usr (or missing), we know we have to
run the update tools once. After that is completed we need to update the
mtime of these files to the one of /usr, to keep track that we made the
necessary updates, and won't repeat them on next reboot.
A subsequent commit adds a new ConditionNeedsUpdate= condition that
allows checking on boot whether /etc or /var are outdated and need
updating.
This is an early step to allow booting up with an empty /etc, with
automatic rebuilding of the necessary cache files or user databases
therein, as well as supporting later updates of /usr that then propagate
to /etc and /var again.
|
|
|
|
|
|
|
|
|
|
Beef up the assert to protect against passing null to strlen.
Found with scan-build.
|
|
|
|
|
|
static files
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.
The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.
This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.
The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.
The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.
This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
|
|
|
|
|
|
files/directories
This way it makes a lot more sense to specify an access mode for "Z"
lines.
|
|
|
|
If two lines refer to paths that are suffix and prefix of each other,
then always process the prefix first, the suffix second. In all other
cases strictly process rules in the order they appear in the files.
This makes creating /var/run as symlink to /run a lot more fun, since it
is automatically created first.
|
|
should be prefixed with arg_
|
|
such as /var
|
|
Let's allow booting up with /var empty. Only create the most basic
directories to get to a working directory structure and symlink set in
/var.
|
|
"m" so far has been a non-globbing version of "z". Since this makes it
quite redundant, let's get rid of it. Remove "m" from the man pages,
beef up "z" docs instead, and make "m" nothing more than a compatibility
alias for "z".
|
|
|
|
|
|
|
|
Not that it really would have any effect on the generated code, but
let's not confuse people...
|
|
It was forgotten in b1e90ec515408aec2702522f6f68c4920b56375b
See https://bugs.freedesktop.org/show_bug.cgi?id=79582
|
|
The return value from udev_enumerate_scan_devices was stored but
never used. I assume this was meant to be checked.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=77092
On Thu, Jun 05, 2014 at 08:37:20AM +0200, Lennart Poettering wrote:
> The patch is line-broken, please send an uncorrupted patch!
I am very sorry, I forgot that my client limits line width. I will use
mutt now on.
> clamp_brightness() clamps the brightness value to the range of the
> actual device. This is a recent addition that was added to deal with
> driver updates where the resolution is changed. I don't think this part
> should be dropped for LED devices. The clamp_brightness() call hence
> should be called unconditionally, however, internally it should use a
> different min_brightness value if something is an !backlight devices...
Thank you for explanation, this sounds very reasonable to me. Please,
see updated patch:
|
|
The current vm detection lacks the distinction between Xen dom0 and Xen domU.
Both, dom0 and domU are running inside the hypervisor.
Therefore systemd-detect-virt and the ConditionVirtualization directive detect
dom0 as a virtual machine.
dom0 is not using virtual devices but is accessing the real hardware.
Therefore dom0 should be considered the virtualisation host and not a virtual
machine.
https://bugs.freedesktop.org/show_bug.cgi?id=77271
|
|
|
|
|
|
Arguments were wrong order, no?
This fixes commits:
e918a1b5a94f270186dca59156354acd2a596494
3d06f4183470d42361303086ed9dedd29c0ffc1b
|
|
Lets allow LC_ALL=C without corrupted output
|
|
|
|
For names like /var/lib/container/something, the message
becomes quite long. Better to split it.
Also reword the message not to suggest that ^]^]^] only works
in the beginning.
|
|
|
|
Parsing sysv files was moved to the sysv-generator in the previous commit.
This patch removes the sysv parsing from serivce.c.
Note that this patch drops the following now unused sysv-specific info
from service dump:
"SysV Init Script has LSB Header: (yes/no)"
"SysVEnabled: (yes/no)"
"SysVRunLevels: (levels)"
|
|
Reuses logic from service.c and the rc-local generator.
Note that this drops reading of chkconfig entirely. It also drops reading
runlevels from the LSB headers. The runlevels were only used to check for
runlevels outside of the normal 1-5 range and then add special dependencies
and settings. Special runlevels were dropped in the past so it seemed to be
unused code.
The generator does not know about non-generated units with a value set with
SysVStartPriority=. These are therefor not taken into account when converting
start priority to before/after.
|
|
For now only What=, Options=, Type= are supported, and Where= is deduced
from the unit name.
|
|
Prevent use of uninitialized variable and removed a now unused
cleanup function for freeaddrinfo
|
|
|
|
Enforcement is still missing, but at least we can parse it now.
|
|
It seems unnecessary to support this, and we rather should avoid
allowing this at all, so that people don't program against this
sloppily and we end up remarshalling all the time...
|
|
Now that we properly exclude autofs mounts from ProtectSystem= we can
include it in the effect of ProtectSystem= again.
|
|
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
|
|
/root can't really be autofs, and is also a home, directory, so cover it
with ProtectHome=.
|
|
everything below
This has the benefit of not triggering any autofs mount points
unnecessarily.
|
|
|
