Age | Commit message (Collapse) | Author |
|
Let's be nice to users, and let's turn the nonsensical "--unit=… --user" into
"--user-unit=…" which the user more likely meant.
Fixes #1621
|
|
Let's document the call as deprecated, since it doesn't cover containers with
directories that aren#t visible to the host properly.
|
|
This way, the switch becomes compatible with nspawn containers using --image=,
and those which only store journal data in /run (i.e. have persistant logs
off).
Fixes: #49
|
|
With this change a new flag SD_JOURNAL_OS_ROOT is introduced. If specified
while opening the journal with the per-directory calls (specifically:
sd_journal_open_directory() and sd_journal_open_directory_fd()) the passed
directory is assumed to be the root directory of an OS tree, and the journal
files are searched for in /var/log/journal, /run/log/journal relative to it.
This is useful to allow usage of sd-journal on file descriptors returned by the
OpenRootDirectory() call of machined.
|
|
This new call returns a file descriptor for the root directory of a container.
This file descriptor may then be used to access the rest of the container's
file system, via openat() and similar calls. Since the file descriptor returned
is for the file system namespace inside of the container it may be used to
access all files of the container exactly the way the container itself would
see them. This is particularly useful for containers run directly from
loopback media, for example via systemd-nspawn's --image= switch. It also
provides access to directories such as /run of a container that are normally
not accessible to the outside of a container.
This replaces PR #2870.
Fixes: #2870
|
|
Also, expose this via the "journalctl --file=-" syntax for STDIN. This feature
remains undocumented though, as it is probably not too useful in real-life as
this still requires fds that support mmaping and seeking, i.e. does not work
for pipes, for which reading from STDIN is most commonly used.
|
|
|
|
Let's output the actual error code encountered, and let's not claim this was
purely triggered by files, because it can also be triggered by directories.
|
|
Let's also collect errors returned by readdir() into our set of errors, like we
do this for all other errors from journal files.
|
|
This is slightly nicer, since we actually watch the directories we opened and
enumerate. However, primarily this is preparation for adding support for
opening journal files by fd without specifying any path, to be added in a later
commit.
|
|
Fixes: #2420
|
|
|
|
systemd-run: fix --slice= in conjunction with --scope
|
|
source->size < source->filled (#3086)
While the function journal-remote-parse.c:get_line() enforces an assertion that source->filled <= source->size, in function journal-remote-parse.c:process_source() there is a chance that source->size will be decreased to a lower value than source->filled, when source->buf is reallocated. Therefore a check is added that ensures that source->buf is reallocated only when source->filled is smaller than target / 2.
|
|
Fixes: #2991
|
|
Let's be more careful when setting up the Slice= property of transient units:
let's use manager_load_unit_prepare() instead of manager_load_unit(), so that
the load queue isn't dispatched right away, because our own transient unit is
in it, and we don#t want to have it loaded until we finished initializing it.
|
|
|
|
This suppresses output of the hostname for messages from the local system.
Fixes: #2342
|
|
1970 UTC
aka "UNIX time".
Fixes: #2120
|
|
After all, the enum definition is in output-mode.h
|
|
This moves the O_TMPFILE handling from the coredumping code into common library
code, and generalizes it as open_tmpfile_linkable() + link_tmpfile(). The
existing open_tmpfile() function (which creates an unlinked temporary file that
cannot be linked into the fs) is renamed to open_tmpfile_unlinkable(), to make
the distinction clear. Thus, code may now choose between:
a) open_tmpfile_linkable() + link_tmpfile()
b) open_tmpfile_unlinkable()
Depending on whether they want a file that may be linked back into the fs later
on or not.
In a later commit we should probably convert fopen_temporary() to make use of
open_tmpfile_linkable().
Followup for: #3065
|
|
|
|
Follow-up for:
https://github.com/systemd/systemd/pull/3033#discussion_r59689398
|
|
Before we invoke now(CLOCK_BOOTTIME), let's make sure we actually have that
clock, since now() will otherwise hit an assert.
Specifically, let's refuse CLOCK_BOOTTIME early in sd-event if the kernel
doesn't actually support it.
This is a follow-up for #3037, and specifically:
https://github.com/systemd/systemd/pull/3037#issuecomment-210199167
|
|
As discussed here:
https://github.com/systemd/systemd/issues/2619#issuecomment-184670042
Explicitly syncing /etc/machine-id after writing it, is probably a good idea,
since it has a strong "commit" character and is generally a one-time thing.
Fixes #2619.
|
|
Previously we'd have generally useful sd-bus utilities in bust-util.h,
intermixed with code that is specifically for writing clients for PID 1,
wrapping job and unit handling. Let's split the latter out and move it into
bus-unit-util.c, to make the sources a bit short and easier to grok.
|
|
Make this an output flag instead, so that our function prototypes can lose one
parameter
|
|
This ports over machinectl and loginctl to also use the new GetProcesses() bus
call to show the process tree of a container or login session. This is similar
to how systemctl already has been ported over in a previous commit.
|
|
available in the kernel
|
|
This adds a new GetProcesses() bus call to the Unit object which returns an
array consisting of all PIDs, their process names, as well as their full cgroup
paths. This is then used by "systemctl status" to show the per-unit process
tree.
This has the benefit that the client-side no longer needs to access the
cgroupfs directly to show the process tree of a unit. Instead, it now uses this
new API, which means it also works if -H or -M are used correctly, as the
information from the specific host is used, and not the one from the local
system.
Fixes: #2945
|
|
|
|
|
|
Nicer error message is symlinking chokes on an existing file
|
|
|
|
Before:
$ systemctl preset getty@.service
Failed to preset unit, file /etc/systemd/system/getty.target.wants/getty@tty1.service
already exists and is a symlink to ../../../../usr/lib/systemd/system/getty@.service.
After:
$ systemctl preset getty@.service
Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service,
pointing to /usr/lib/systemd/system/getty@.service.
We don't really care where the symlink points to. For example, it might point
to /usr/lib or /etc, and systemd will always load the unit from /etc in
preference to /usr/lib. In fact, if we make a symlink like
/etc/systemd/system/multi-user.target.wants/b.service -> ../a.service, pid1
will still start b.service. The name of the symlink is the only thing that
matters, as far as systemd is concerned. For humans it's confusing when the
symlinks points to anything else than the actual unit file. At the very least,
the symlink is supposed to point to a file with the same name in some other
directory. Since we don't care where the symlink points, we can always replace
an existing symlink.
Another option I considered would be to simply leave an existing symlink in
place. That would work too, but replacing the symlink with the expected value
seems more intuitive.
Of course those considerations only apply to .wants and .requires. Symlinks
created with "link" and "alias" are a separate matter.
Fixes #3056.
|
|
When "preset" was executed for a unit without install info, we'd warn similarly
as for "enable" and "disable". But "preset" is usually called for all units,
because the preset files are provided by the distribution, and the units are under
control of individual programs, and it's reasonable to call "preset" for all units
rather then try to do it only for the ones that can be installed.
We also don't warn about missing info for "preset-all". Thus it seems reasonable
to silently ignore units w/o install info when presetting.
(In addition, when more than one unit was specified, we'd issue the warning
only if none of them had install info. But this is probably something to fix
for enable/disable too.)
|
|
path_kill_slashes was applied to the wrong arg...
|
|
|
|
Fixes #1892.
Previously:
Failed to enable unit: Invalid argument
Now:
Failed to enable unit, file /etc/systemd/system/ssh.service already exists.
It would be nice to include the unit name in the message too. I looked into
this, but it would require major surgery on the whole installation logic,
because we first create a list of things to change, and then try to apply them
in a loop. To transfer the knowledge which unit was the source of each change,
the data structures would have to be extended to carry the unit name over into
the second loop. So I'm skipping this for now.
|
|
If we not marking manager dirty when link is dirty then
the state file is not updated. This is a side effect of
issue 2850
setting CriticalConnection=yes
timesyncd NTP servers given by DHCP server are ignored.
|
|
Kill user session scope by default
|
|
When building without resolved and/or myhostname, test-nss.c failed to build
with
src/test/test-nss.c: In function 'main':
src/test/test-nss.c:417:32: error: 'MODULE1' undeclared (first use in this function)
NULSTR_FOREACH(module, MODULE1 MODULE2 MODULE3 MODULE4) {
^
Ensure that all MODULEx are always defined, and empty if the module is not
available (so that it will be a no-op in the string concatenation).
|
|
|
|
zbyszek (1002)
Since: Tue 2016-04-12 23:11:46 EDT; 23min ago
State: active
Sessions: *3
Linger: yes
Unit: user-1002.slice
├─user@1002.service
│ └─init.scope
│ ├─38 /usr/lib/systemd/systemd --user
│ └─39 (sd-pam)
└─session-3.scope
├─ 31 login -- zbyszek
├─ 44 -bash
├─15076 loginctl user-status zbyszek
└─15077 less
|
|
We enable lingering for anyone who wants this. It is still disabled by
default to avoid keeping long-running processes accidentally.
Admins might want to customize this policy on multi-user sites.
|
|
Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be
used to specify users to kill, independently of the KillUserProcesses
setting. Having the settings orthogonal seems to make more sense. It also
makes KillOnlyUsers symmetrical to KillExcludeUsers.
|
|
|
|
This ensures that users sessions are properly cleaned up after.
The admin can still enable or disable linger for specific users to allow
them to run processes after they log out. Doing that through the user
session is much cleaner and provides better control.
dbus daemon can now be run in the user session (with --enable-user-session,
added in 1.10.2), and most distributions opted to pick this configuration.
In the normal case it makes a lot of sense to kill remaining processes.
The exception is stuff like screen and tmux. But it's easy enough to
work around, a simple example was added to the man page in previous
commit. In the long run those services should integrate with the systemd
users session on their own.
https://bugs.freedesktop.org/show_bug.cgi?id=94508
https://github.com/systemd/systemd/issues/2900
|
|
v2:
- fix setting of kill_user_processes and
*_ignore_inhibited settings
|
|
SELinux outputs semi-random messages like "Unknown permission start for class
system", and the user has to dig into message metadata to find out where
they are comming from. Add a prefix to give a hint.
|