Age | Commit message (Collapse) | Author |
|
|
|
Due to the brokeness of much of the userspace audit code we cannot
really start too many systems without the audit caps set. To make nspawn
easier to use just add the audit caps by default.
To boot up containers successfully the kernel's auditing needs to be
turned off still (use "audit=0" on the kernel command line), but at
least no manual caps have to be passed anymore.
In the long run auditing will be fixed for containers and ve virtualized
properly at which time it should be safe to enable these caps anyway.
|
|
|
|
|
|
|
|
Print the journal for a user session unit. For now this filters by
_SYSTEMD_USER_UNIT and USER_UNIT and additionally _UID.
|
|
|
|
|
|
|
|
Variable definitions can be written on more than one line - if each ends
with a backslash, then is concatenated with a previous one. Only
backslash and unix end of line (\n) are treated as a continuation.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=58083
[zj: squashed two patches together; cleaned up grammar; removed
comment about ignoring trailing backslash -- it is not ignored.]
Document continuation support in systemd.exec
|
|
|
|
Returns "HTTP/1.0 406 Not Acceptable" instead of silently
closing the connection.
|
|
The request must not be answered immediately (at first call to
response_handler()), but on the second. This is also important
for authentication, which cannot be performed on the first call.
Before:
% wget -O/dev/null -S https://localhost:19531/
--2012-11-28 18:29:43-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Location: /browse [following]
--2012-11-28 18:29:43-- https://localhost:19531/browse
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Connection: close
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Length: 23260 (23K) [text/html]
After:
% wget --no-check-certificate -O/dev/null -S https://localhost:19531/
--2012-11-28 18:30:05-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:30:05 GMT
Location: /browse [following]
--2012-11-28 18:30:05-- https://localhost:19531/browse
Reusing existing connection to localhost:19531.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:30:06 GMT
Length: 23260 (23K) [text/html]
|
|
|
|
The new microhttpd logger doesn't know this information. It is
better to log nothing than fake values.
|
|
Explicit zeroing is replaced with initialization to {0}.
No functional change.
|
|
A prefix ("microhttpd: ") is added to the log lines to make it easy to
distinguish the source.
|
|
For now the certificates are passed around as options to the
program. This might not be the most convenient under "production",
but makes for fairly easy testing.
|
|
In preparation for adding more options, split out the option
handling code.
|
|
Also adds a pair of bus calls for this to the daemon.
|
|
We generally follow the rule not to touch return values unless we
succeed, so for the sake of uniformity do the same here.
|
|
lines up anyway, so let's just assert
|
|
Now that strv_extend() is not so slow anymore, we can make use of it, to
shorten our code a bit.
|
|
|
|
|
|
It's a bit easier to read...
|
|
systemctl list-dependencies lists all unit's dependecies and
recursively expands all subsidiary target units into a tree.
Primary purpose for this command is to show all units which are
enabled in specified target.
|
|
|
|
In commit 246aa6d (core: add bus API and systemctl commands for altering
cgroup parameters during runtime), when rewriting unit_add_one_default_cgroup
to prefered style, the check of strduped b->controller was incorrectly
changed to check the containing structure. Correct it.
|
|
This makes sure that a service is not indefinitely restarted in a tight
loop if it fails before it is able to process its socket.
This corrects the breakage introduced with
8d1b002a2e389e79a2414491523de549783abf73. Shame on me.
|
|
|
|
resetting the lists
https://bugzilla.redhat.com/show_bug.cgi?id=756787
|
|
|
|
|
|
|
|
We no longer allow early-boot init scripts, however in late boot the
syslog socket and local mounts are established anyway, so let's simplify
our dep graph a bit.
If $syslog doesn't resolve to syslog.target anymore there's no reason to
keep syslog.target around anymore. Let's remove it.
Note that many 3rd party service unit files order themselves after
syslog.target. These will be dangling dependencies now, which should be
unproblematic, however.
|
|
specified
New file output.h with output flags and modes.
--full parameter also for cgls and loginctl.
Include 'all' parameter in flags (show_cgroup_by_path, show_cgroup,
show_cgroup_and_extra, show_cgroup_and_extra_by_spec).
get_process_cmdline with max_length == 0 will not ellipsize output.
Replace LINE_MAX with 0 in some calls of get_process_cmdline.
[zj: Default to --full when under pager for clgs.
Drop '-f' since it wasn't documented and didn't actually work.
Reindent a bit.
]
|
|
|
|
|
|
Systemd should not introduce any new facilities. Distributions which still
need to support their non-standard/legacy facilities should add them as
patches to their packaging.
The following facilities are no longer recognized:
$x-display-manager
$mail-transfer-agent
$mail-transport-agent
$mail-transfer-agent
$smtp
$null
This target is no longer available:
mail-transfer-agent.target
|
|
MNT_FORCE is honoured by NFS and FUSE and allows unmounting of the FS
even if consumers still use it. For our brute-force loop we rely on
EBUSY being reported as long as a file system is still used by a
loopback device or suchlike. Hence, drop MNT_FORCE to make EBUSY
reliable.
|
|
|
|
|
|
|
|
/sys/subsystem/net/devices/lo is never considered active, so sockets
with BindToDevice=lo would never be activated.
|
|
This makes journalctl quit on ferror() conditions on stdout. It fixes an
annoying bug if you pipe its output through 'less' and press 'q'. Without
this fix journalctl will continue reading all journal data until EOF which
can take quite some time. For instance on my machine:
david-nb ~ # time journalctl | wc -l
327240
real 1m13.039s
user 1m0.217s
sys 0m10.467s
However, expected behavior is journalctl to quit when its pager closed the
output pipe.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
|
|
|
|
|
|
|
|
|