summaryrefslogtreecommitdiff
path: root/units
AgeCommit message (Collapse)Author
2014-08-03ldconfig: dont run it if ldconfig is not installedUmut Tezduyar Lindskog
2014-07-17units: fix typoZbigniew Jędrzejewski-Szmek
vrutkovs> zbyszek: http://cgit.freedesktop.org/systemd/systemd/diff/units/systemd-journal-upload.service.in?id=ad95fd1d2b9c6344864857c2ba7634fd87753f8e - typo in Group name
2014-07-15units/serial-getty@.service: use the default RestartSecMichael Olbrich
For pluggable ttys such as USB serial devices, the getty is restarted and exits in a loop until the remove event reaches systemd. Under certain circumstances the restart loop can overload the system in a way that prevents the remove event from reaching systemd for a long time (e.g. at least several minutes on a small embedded system). Use the default RestartSec to prevent the restart loop from overloading the system. Serial gettys are interactive units, so waiting an extra 100ms really doesn't make a difference anyways compared to the time it takes the user to log in.
2014-07-15journal-remote: add units and read certs from default locationsZbigniew Jędrzejewski-Szmek
2014-07-16resolved: add busname unit fileKay Sievers
2014-07-09units: make ExecStopPost action part of ExecStartMichal Sekletar
Currently after exiting rescue shell we isolate default target. User might want to isolate to some other target than default one. However issuing systemctl isolate command to desired target would bring system to default target as a consequence of running ExecStopPost action. Having common ancestor for rescue shell and possible followup systemctl default command should fix this. If user exits rescue shell we will proceed with isolating default target, otherwise, on manual isolate, parent shell process is terminated and we don't isolate default target, but target chosen by user. Suggested-by: Michal Schmidt <mschmidt@redhat.com>
2014-07-07firstboot: get rid of firstboot generator again, introduce ↵Lennart Poettering
ConditionFirstBoot= instead As Zbigniew pointed out a new ConditionFirstBoot= appears like the nicer way to hook in systemd-firstboot.service on first boots (those with /etc unpopulated), so let's do this, and get rid of the generator again.
2014-07-07firstboot: add new component to query basic system settings on first boot, ↵Lennart Poettering
or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not.
2014-07-04units: conditionalize configfs and debugfs with CAP_SYS_RAWIOLennart Poettering
We really don't want these in containers as they provide a too lowlevel look on the system. Conditionalize them with CAP_SYS_RAWIO since that's required to access /proc/kcore, /dev/kmem and similar, which feel similar in style. Also, npsawn containers lack that capability.
2014-07-04units: conditionalize static device node logic on CAP_SYS_MODULES instead of ↵Lennart Poettering
CAP_MKNOD npsawn containers generally have CAP_MKNOD, since this is required to make PrviateDevices= work. Thus, it's not useful anymore to conditionalize the kmod static device node units. Use CAP_SYS_MODULES instead which is not available for nspawn containers. However, the static device node logic is only done for being able to autoload modules with it, and if we can't do that there's no point in doing it.
2014-07-03machinectl: show /etc/os-release information of container in status outputLennart Poettering
2014-07-03nspawn: when running in a service unit, use systemd for restartsLennart Poettering
THis way we can remove cgroup priviliges after setup, but get them back for the next restart, as we need it.
2014-07-01man: document systemd-update-done.serviceLennart Poettering
2014-06-30units: skip mounting /tmp if it is a symlinkLennart Poettering
We shouldn't get confused if people have symlinked /tmp somewhere, so let's simply skip the mount then.
2014-06-30units: networkd - don't order wait-online.service before network.targetTom Gundersen
Reported by Michael Olbrich.
2014-06-29units: local-fs.target - don't pull in default dependenciesTom Gundersen
Reported by Gerardo Exequiel Pozzi: Looks like [commit a4a878d0] also changes a unrelated file (units/local-fs.target) [partially]reverting the commit 40f862e3 (filesystem targets: disable default dependencies) The side effect, at least in my case is that the "nofail" option in both "crypttab" and "fstab" has partial effect does the default timeout instead of continue normal boot without timeout.
2014-06-28units: remove RefuseManualStart from units which are always aroundZbigniew Jędrzejewski-Szmek
In a normal running system, non-passive targets and units used during early bootup are always started. So refusing "manual start" for them doesn't make any difference, because a "start" command doesn't cause any action. In early boot however, the administrator might want to start on of those targets or services by hand. We shouldn't interfere with that. Note: in case of systemd-tmpfiles-setup.service, really running the unit after system is up would break the system. So e.g. restarting should not be allowed. The unit has "RefuseManualStop=yes", which prevents restart too.
2014-06-19units/systemd-sysctl.service.in: run after load-modulesCristian Rodríguez
Modules might or will register new sysctl options. [zj: This mechanism of adding modules just to reliably set sysctl attributes is not ideal. Nevertheless, sysctl for dynamically created attributes is simply broken, and this is the easiest workaround.] https://bugzilla.redhat.com/show_bug.cgi?id=1022977 https://bugzilla.novell.com/show_bug.cgi?id=725412
2014-06-20units: order systemd-tmpfiles-clean.service after time-sync.targetLennart Poettering
That way, on systems lacking an RTC we don't false start removing aged files too early.
2014-06-19units: add missing caps so that GetAddresses() can workLennart Poettering
2014-06-18cryptsetup: introduce new cryptsetup-pre.traget unit so that services can ↵Lennart Poettering
make sure they are started before and stopped after any LUKS setup https://bugzilla.redhat.com/show_bug.cgi?id=1097938
2014-06-17timesyncd: do not start in virtualized environmentsKay Sievers
2014-06-17units: minor cleanupsLennart Poettering
2014-06-17networkd: don't pull in systemd-networkd-wait-online service from ↵Lennart Poettering
systemd-networkd when enabling networkd-wait-online should never exist in the default transaction, unless explicitly enable or pulled in via things like NFS. However, just enabling networkd shouldn't enable networkd-wait-online, since it's common to use the former without the latter.
2014-06-17install: introduce new DefaultInstance= field for [Install] sectionsLennart Poettering
The DefaultInstance= name is used when enabling template units when only specifying the template name, but no instance. Add DefaultInstance=tty1 to getty@.service, so that when the template itself is enabled an instance for tty1 is created. This is useful so that we "systemctl preset-all" can work properly, because we can operate on getty@.service after finding it, and the right instance is created.
2014-06-16units: add a service to invoke ldconfig on system updates at bootLennart Poettering
2014-06-16units: drop RefuseManualStart= from a couple of update servicesLennart Poettering
The only update service we really need to guard like this is systemd-tmpfiles-setup.service since if invoked manually might create /var/run/nologin and thus blocking the user from login. The other services are pretty much idempotent and don't suffer by this problem, hence let's simplify them.
2014-06-15units: bring systemd-tmpfiles-setup-dev.service closer to ↵Lennart Poettering
systemd-tmpfiles-setup.service Among other things, order both services relative to systemd-sysusers.service in the same direction.
2014-06-14sysusers: order before tmpfiles which need the idsKay Sievers
2014-06-13rpm: add RPM macros to apply sysusers, sysctl, and binfmt drop-insLennart Poettering
With this in place RPMs can make sure that whatever they drop in is immeidately applied, and not delayed until next reboot. This also moves systemd-sysusers back to /usr/bin, since hardcoding the path to /usr/lib in the macros would mean compatibility breaks in future, should we turn sysusers into a command that is actually OK for people to call directly. And given that that is quite likely to happen (since it is useful to prepare images with its --root= switch), let's just prepare for it.
2014-06-13units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on bootLennart Poettering
Only when necessary of course, nicely guarded with the new ConditionNeedsUpdate= condition we added.
2014-06-13core: add new ConditionNeedsUpdate= unit conditionLennart Poettering
This new condition allows checking whether /etc or /var are out-of-date relative to /usr. This is the counterpart for the update flag managed by systemd-update-done.service. Services that want to be started once after /usr got updated should use: [Unit] ConditionNeedsUpdate=/etc Before=systemd-update-done.service This makes sure that they are only run if /etc is out-of-date relative to /usr. And that it will be executed after systemd-update-done.service which is responsible for marking /etc up-to-date relative to the current /usr. ConditionNeedsUpdate= will also checks whether /etc is actually writable, and not trigger if it isn't, since no update is possible then.
2014-06-13update-done: add minimal tool to manage system updates for /etc and /var, if ↵Lennart Poettering
/usr has changed In order to support offline updates to /usr, we need to be able to run certain tasks on next boot-up to bring /etc and /var in line with the updated /usr. Hence, let's devise a mechanism how we can detect whether /etc or /var are not up-to-date with /usr anymore: we keep "touch files" in /etc/.updated and /var/.updated that are mtime-compared with /usr. This means: Whenever the vendor OS tree in /usr is updated, and any services that shall be executed at next boot shall be triggered, it is sufficient to update the mtime of /usr itself. At next boot, if /etc/.updated and/or /var/.updated is older than than /usr (or missing), we know we have to run the update tools once. After that is completed we need to update the mtime of these files to the one of /usr, to keep track that we made the necessary updates, and won't repeat them on next reboot. A subsequent commit adds a new ConditionNeedsUpdate= condition that allows checking on boot whether /etc or /var are outdated and need updating. This is an early step to allow booting up with an empty /etc, with automatic rebuilding of the necessary cache files or user databases therein, as well as supporting later updates of /usr that then propagate to /etc and /var again.
2014-06-13units: don't conditionalize sysctl serviceLennart Poettering
We install two sysctl snippets ourselves, hence the condition will always trigger, so no point in tryng to optimize things with this, it just will make things slower, if anything.
2014-06-13units: remove conditions from systemd-tmpfiles-setupLennart Poettering
There's no point in conditionalizing systemd-tmpfiles at boot, since we ship tmpfiles snippets ourselves, hence they will always trigger anyway. Also, there's no reason to pull in local-fs.target from the service, hence drop that.
2014-06-12debug-shell: add condition for tty device to run onKay Sievers
2014-06-11units: order network-online.target after network.targetLennart Poettering
There might be implementations around where the network-online logic might not talk to any network configuration service (and thus not have to wait for it), hence let's explicitly order network-online.target after network.target to avoid any ambiguities.
2014-06-11units: time-sync.target probably makes sense, is not just sysv compatLennart Poettering
2014-06-11units: introduce network-pre.target as place to hook in firewallsLennart Poettering
network-pre.target is a passive target that should be pulled in by services that want to be executed before any network is configured (for example: firewall scrips). network-pre.target should be ordered before all network managemet services (but not be pulled in by them). network-pre.target should be order after all services that want to be executed before any network is configured (and be pulled in by them).
2014-06-10bus-proxy: fix misplaced s/system/session/Mantas Mikulėnas
2014-06-10bus-proxy: read the right policy when running in user modeLennart Poettering
2014-06-06units: pull in time-sync.target from systemd-timedated.serviceLennart Poettering
After all, that's what we document for time-sync.target in systemd.special(5), hence let's follow our own suggestion.
2014-06-06units: fix minor typoLennart Poettering
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04initctl: move /dev/initctl fifo into /run, replace it by symlinkLennart Poettering
With this change we have no fifos/sockets remaining in /dev.
2014-06-04journald: move /dev/log socket to /runLennart Poettering
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-04remove ReadOnlySystem and ProtectedHome from udevd and logindKay Sievers
logind needs access to /run/user/, udevd fails during early boot with these settings
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-06-03resolved: run as unpriviliged "systemd-resolve" userTom Gundersen
This service is not yet network facing, but let's prepare nonetheless. Currently all caps are dropped, but some may need to be kept in the future.