summaryrefslogtreecommitdiff
path: root/units
AgeCommit message (Collapse)Author
2016-06-22units: add nosuid and nodev options to tmp.mount (#3575)Martin Pitt
This makes privilege escalation attacks harder by putting traps and exploits into /tmp. https://bugs.debian.org/826377
2016-06-21emergency.service: Don't say "Welcome" when it's an emergency (#3569)Lennart Poettering
Quoting @cgwalters: Just uploading this as an RFC. Now I know reading the code that systemd says `Welcome to $OS` as a generic thing, but my initial impression on seeing this was that it was almost sarcastic =) Let's say "You are in emergency mode" as a more neutral/less excited phrase. This patch is based on #3556, but makes the same change for rescue mode.
2016-06-13units: tighten system call filters a bitLennart Poettering
Take away kernel keyring access, CPU emulation system calls and various debug system calls from the various daemons we have.
2016-06-09units: add a basic SystemCallFilter (#3471)Topi Miettinen
Add a line SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace for daemons shipped by systemd. As an exception, systemd-timesyncd needs @clock system calls and systemd-localed is not privileged. ptrace(2) is blocked to prevent seccomp escapes.
2016-06-08units: enable MemoryDenyWriteExecute (#3459)Topi Miettinen
Secure daemons shipped by systemd by enabling MemoryDenyWriteExecute. Closes: #3459
2016-06-01units: wait for plymouth to shut down in rescue.sevice (#3367)Franck Bui
In the same vein as commit ac59f0c12c117b9bb5b7e17f33987b0107791239 which added the --wait option to the emergency service, this patch makes sure that plymouth has exited before entering into the rescue mode.
2016-05-21units: restore ConditionNeesUpdate=/etc in ldconfig.service (#3311)Lennart Poettering
In order to support stateless systems that support offline /usr updates properly, let's restore the ConditionNeesUpdate=/etc line that makes sure we are run when /usr is updated and this update needs to be propagated to the /etc/ld.so.conf file stored in /etc. This reverts part of #2859, which snuck this change in, but really shouldn't have.
2016-05-12Create initrd-root-device.target synchronization point (#3239)Daniel Drake
Add a synchronization point so that custom initramfs units can run after the root device becomes available, before it is fsck'd and mounted. This is useful for custom initramfs units that may modify the root disk partition table, where the root device is not known in advance (it's dynamically selected by the generators).
2016-05-10units: make sure that fsck is executed before quotachecktblume
fsck determines wheter an automatic quotacheck should be executed. Hence fsck service needs to run before quotacheck service.
2016-04-27Stop syslog.socket when entering emergency mode (#3130)Martin Pitt
When enabling ForwardToSyslog=yes, the syslog.socket is active when entering emergency mode. Any log message then triggers the start of rsyslog.service (or other implementation) along with its dependencies such as local-fs.target and sysinit.target. As these might fail themselves (e. g. faulty /etc/fstab), this breaks the emergency mode. This causes syslog.socket to fail with "Failed to queue service startup job: Transition is destructive". Add Conflicts=syslog.socket to emergency.service to make sure the socket is stopped when emergency.service is started. Fixes #266
2016-04-26Merge pull request #3093 from poettering/nspawn-userns-magicLennart Poettering
nspawn automatic user namespaces
2016-04-25machined: add CAP_MKNOD to capabilities to run with (#3116)Lennart Poettering
Container images from Debian or suchlike contain device nodes in /dev. Let's make sure we can clone them properly, hence pass CAP_MKNOD to machined. Fixes: #2867 #465
2016-04-25units: turn on user namespace by default in systemd-nspawn@.serviceLennart Poettering
Now that user namespacing is supported in a pretty automatic way, actually turn it on by default if the systemd-nspawn@.service template is used.
2016-04-22units: order systemd-user-sessions.service after network.targetLennart Poettering
That way we can be sure that local users are logged out before the network is shut down when the system goes down, so that SSH session should be ending cleanly before the system goes down. Fixes: #2390
2016-04-22tmp.mount.hm4: After swap.target (#3087)frankheckenbach
fix issue #2930
2016-04-21units: Add "GuessMainPID=no" to compatibility unit for rc-local (#3018)Calvin Owens
With the current "Type=forking", systemd tries to guess the PID it should wait on at reboot (because we have no "PIDFile="). Depending on how wrong the guess is, we can end up hanging forever at reboot. Asking it not to do that eliminates the problem.
2016-03-17units: run ldconfig.service after we have mounted all local file systemsMichal Sekletar
Also drop ConditionNeedsUpdate=|/etc. Regardless if system is updated online or offline, updating dynamic loader cache should always be responsibility of packaging tools/scripts.
2016-02-26Don't escape the name of the container in instances ofElias Probst
When using `%I` for instances of `systemd-nspawn@.service`, the result will be `systemd-nspawn` trying to launch a container named e.g. `fedora/23` instead of `fedora-23`. Using `%i` instead prevents escaping `-` in a container name and uses the unmodified container name from the machine store.
2016-02-23Merge pull request #2664 from zonque/bootchart-removalLennart Poettering
Remove systemd-bootchart
2016-02-23man: link some unit files to their online bus API documentationLennart Poettering
2016-02-23Remove systemd-bootchartDaniel Mack
This commit rips out systemd-bootchart. It will be given a new home, outside of the systemd repository. The code itself isn't actually specific to systemd and can be used without systemd even, so let's put it somewhere else.
2016-02-12remove bus-proxydDaniel Mack
As kdbus won't land in the anticipated way, the bus-proxy is not needed in its current form. It can be resurrected at any time thanks to the history, but for now, let's remove it from the sources. If we'll have a similar tool in the future, it will look quite differently anyway. Note that stdio-bridge is still available. It was restored from a version prior to f252ff17, and refactored to make use of the current APIs.
2016-02-11Merge pull request #2581 from evverx/dev-mqueue-condLennart Poettering
units: don't try to mount the mqueue fs if we lack the privileges for it
2016-02-11units: don't try to mount the mqueue fs if we lack the privileges for itEvgeny Vereshchagin
See https://github.com/systemd/systemd/pull/2576#discussion-diff-52592680
2016-02-10units: don't try to mount the FUSE fs if we lack the privileges for itLennart Poettering
See: https://lists.freedesktop.org/archives/systemd-devel/2016-February/035740.html
2016-02-10coredump: rework coredumping logicLennart Poettering
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a stacktrace and writes the coredump to disk. This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust= and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally priorized processes. This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until /var/systemd/coredump is mounted and writable. Fixes: #2286
2016-02-09Merge pull request #2565 from poettering/fix-2315Zbigniew Jędrzejewski-Szmek
2016-02-09units: downgrade dependency on /tmp in basic.target to Wants=Lennart Poettering
Now that requiring of a masked unit results in failure again, downgrade the dependency on /tmp to Wants= again, so that our suggested way to disable /tmp-on-tmpfs by masking doesn't result in a failing boot. References: #2315
2016-02-05Fix typo in rescue shellIndrajit Raychaudhuri
2016-01-22Merge pull request #2331 from yuwata/journal-remote-unit-v2Daniel Mack
journal-remote: add SupplementaryGroups to systemd-journal-upload.service
2016-01-17units: don't fail if /root doesn't exist for shell unitsLennart Poettering
As discussed on the ML: http://lists.freedesktop.org/archives/systemd-devel/2016-January/035594.html
2016-01-15journal-remote: add SupplementaryGroups to systemd-journal-upload.serviceYu Watanabe
2016-01-11kmod-static-nodes: don't run if module list is emptyMartin Pitt
With this kmod commit, modules.devname will be empty by default instead of containing just a comment: https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/?id=4c30a11d5f Refine the startup condition of kmod-static-nodes.service to not run needlessly if the list is empty.
2015-12-15journal-remote: add documents in the unit filesYu Watanabe
2015-11-22Set user@.service TasksMax=infinityJan Alexander Steffens (heftig)
The user manager is still limited by its parent slice user-UID.slice, which defaults to 4096 tasks. However, it no longer has an additional limit of 512 tasks. Fixes #1955.
2015-11-16nspawn: set TasksMax= for containers to 8192 by defaultLennart Poettering
2015-11-12core: remove SmackFileSystemRootLabel= againLennart Poettering
Apparently, util-linux' mount command implicitly drops the smack-related options anyway before passing them to the kernel, if the kernel doesn't know SMACK, hence there's no point in duplicating this in systemd. Fixes #1696
2015-11-11units: fix system.slice to require -.slice, instead of just want itLennart Poettering
2015-11-03journal: restore watchdog supportLennart Poettering
2015-11-03Merge pull request #1726 from teg/networkd-2Daniel Mack
networkd: (de)serialize more state and support expiring routes
2015-11-01journald: never block when sending messages on NOTIFY_SOCKET socketLennart Poettering
Otherwise we might run into deadlocks, when journald blocks on the notify socket on PID 1, and PID 1 blocks on IPC to dbus-daemon and dbus-daemon blocks on logging to journald. Break this cycle by making sure that journald never ever blocks on PID 1. Note that this change disables support for event loop watchdog support, as these messages are sent in blocking style by sd-event. That should not be a big loss though, as people reported frequent problems with the watchdog hitting journald on excessively slow IO. Fixes: #1505.
2015-10-30networkd: route - track routesTom Gundersen
2015-10-26core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=Lennart Poettering
That way it's in sync with the other SMACK label settings. https://github.com/systemd/systemd/pull/1664#issuecomment-150891270
2015-10-24units: add 'SmackFileSystemRoot=*' option into tmp.mountSangjung Woo
If SMACK is enabled, 'smackfsroot=*' option should be specified when /tmp is mounted since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing. In order to do that, 'SmackFileSystemRoot=*' is newly added into tmp.mount.
2015-10-22units: also whitelist "blkext" block devices for nspawn serviceLennart Poettering
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop, hence whitelist this too. Fixes #1446
2015-10-18Revert "units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled"Kay Sievers
This reverts commit 409c2a13fd65692c611b7bcaba12e908ef7cf1e5. It breaks the bootup of systems which enable smack at compile time, but have no smack enabled in the kernel. This needs a different solution.
2015-10-15units: .gitignore: units - ignore tmp.mountTom Gundersen
This is a follow-up to 409c2a13fd656.
2015-10-15Merge pull request #1572 from again4you/devel/tmp-smackLennart Poettering
units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
2015-10-15units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabledSangjung Woo
If SMACK is enabled, 'smackfsroot=*' option should be specified in tmp.mount file since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing.
2015-10-14unit: remove [Install] section from the user exit.target unitLennart Poettering
There's no concept of ctrl-alt-del for user systemd instances, hence don't suggest it woud make sense to symlink the unit to it. Fixes #1525.