Age | Commit message (Collapse) | Author |
|
systemd-run can now launch units with PrivateTmp, PrivateDevices,
PrivateNetwork, NoNewPrivileges set.
|
|
loginctl: print nontrivial properties in logictl show-*
|
|
|
|
|
|
systemctl: fix various aspects of polkit authorization in legacy tools.
|
|
machine: when removing, renaming, cloning images also care for .nspaw…
|
|
core: add support for the "pids" cgroup controller
|
|
Drop usage of off_t
|
|
This adds support for the new "pids" cgroup controller of 4.3 kernels.
It allows accounting the number of tasks in a cgroup and enforcing
limits on it.
This adds two new setting TasksAccounting= and TasksMax= to each unit,
as well as a gloabl option DefaultTasksAccounting=.
This also updated "cgtop" to optionally make use of the new
kernel-provided accounting.
systemctl has been updated to show the number of tasks for each service
if it is available.
This patch also adds correct support for undoing memory limits for units
using a MemoryLimit=infinity syntax. We do the same for TasksMax= now
and hence keep things in sync here.
|
|
off_t is a really weird type as it is usually 64bit these days (at least
in sane programs), but could theoretically be 32bit. We don't support
off_t as 32bit builds though, but still constantly deal with safely
converting from off_t to other types and back for no point.
Hence, never use the type anymore. Always use uint64_t instead. This has
various benefits, including that we can expose these values directly as
D-Bus properties, and also that the values parse the same in all cases.
|
|
systemctl: add RequisiteOf* as inverses of Requisite and RequisiteOverridable
|
|
|
|
Third round of Coccinelle fixes
|
|
|
|
Thus we allow (non-interactive) polkit auth to kick in for legacy commands
(halt, poweroff, reboot, telinit) as well.
Fixes (another aspect of) issue #213.
|
|
Handle -EOPNOTSUPP and -EINPROGRESS like in start_special().
|
|
|
|
|
|
Fixes (the main concern of) issue #213.
|
|
And set_free() too.
Another Coccinelle patch.
|
|
Another Coccinelle patch.
|
|
settings file
Whenever we remove/rename/clone a machine image, make sure we do the
same for the image's .nspawn settings file.
|
|
logind: make dry run command line arguments work again (v2)
|
|
Prefix the action parameter with "dry-" in case the --dry-run command
line switch was passed.
|
|
Allow passing a "dry-" prefix to the action parameter passed to
.ScheduleShutdown(). When strings with this prefix are passed,
the scheduled action will not take place. Instead, an info message
is logged.
|
|
notify: log error when sd_pid_notify() == 0
|
|
util: introduce safe_fclose() and port everything over to it
|
|
Adds a coccinelle script to port things over automatically.
|
|
locale: kill free_and_replace()
|
|
That function really makes little sense, as the open-coded variant
is much more readable. Also, if the 2nd argument is NULL, mfree()
is a much better candidate.
Convert the only users of this function in localed, and then remove it
entirely.
|
|
Coccinelle fixes 2
|
|
Another Coccinelle script.
|
|
Let's also clean up single-line while and for blocks.
|
|
The previous coccinelle semantic patch that improved usage of
log_error_errno()'s return value, only looked for log_error_errno()
invocations with a single parameter after the error parameter. Update
the patch to handle arbitrary numbers of additional arguments.
|
|
We should never put empty lines between `if` and `else if`, unless we use
braces.
|
|
sd_pid_notify_with_fds: fix computing msg_controllen
|
|
core: freeze execution if /etc/mtab exists
|
|
CMSG_SPACE(0) may return value other than 0. This caused sendmsg to fail
with EINVAL, when have_pid or n_fds was 0.
|
|
The mount monitor that was added to libmount v2.27 requires /etc/mtab to be
non-existant. As systemd now uses that functionality, we cannot monitor any
mounts anymore, and hence not support .mount units.
Systems that have /etc/mtab around as regular file are unsupported by
systemd since a long time.
This patch makes that condition fatal, so we do not boot up with
non-working mount monitor support.
|
|
|
|
Even though systemd has its own smack label since
'--with-smack-run-label' configuration is set, the smack label of each
CGROUP root directory should have the star (i.e. *) label. This is
mainly because current Linux Kernel set the label in this way.
(Refer to smack_d_instantiate() in security/smack/smack_lsm.c)
However, if systemd has its own smack label and arg_join_controllers is
explicitly set or initialized by initialize_join_controllers() function,
current systemd creates the symlink in CGROUP root directory with its
own smack label as below.
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpu -> cpu,cpuacct
dr-xr-xr-x. 4 root root * 0 Dec 31 16:01 cpu,cpuacct
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpuacct -> cpu,cpuacct
This patch fixes that bug by copying the smack label from the origin.
|
|
This adds a new mac_smack_copy() function in order to read the smack
label from the source and apply it to the destination.
|
|
|
|
cgroup fix, nspawn fix, plus change to download .nspawn files in importd
|
|
Coccinelle fixes
|
|
|
|
analyze: add alias handling for --{from,to}-pattern options of the dot command
|
|
Patch via coccinelle.
|
|
Turns this:
r = -errno;
log_error_errno(errno, "foo");
into this:
r = log_error_errno(errno, "foo");
and this:
r = log_error_errno(errno, "foo");
return r;
into this:
return log_error_errno(errno, "foo");
|
|
Turn this:
if ((r = foo()) < 0) { ...
into this:
r = foo();
if (r < 0) { ...
|