From ed5f88409006a14e4c5643923514b2b179e7fcf8 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Wed, 10 Feb 2016 09:09:36 -0500 Subject: NEWS: journal device support is limited to current boot, grammar Reword some sentences for better flow. --- NEWS | 74 +++++++++++++++++++++++++++++++++----------------------------------- 1 file changed, 36 insertions(+), 38 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index e7f6bb4593..265847c7bd 100644 --- a/NEWS +++ b/NEWS @@ -5,23 +5,21 @@ CHANGES WITH 229: * The systemd-resolved DNS resolver service has gained a substantial set of new features, most prominently it may now act as a DNSSEC validating stub resolver. DNSSEC mode is currently turned off by - default, but it is expected that this is turned on by default in one - of the next releases. For now, we invite everybody to test the DNSSEC - logic by setting DNSSEC=allow-downgrade in - /etc/systemd/resolved.conf. The service also gained a full set of - D-Bus interfaces, including calls to configure DNS and DNSSEC - settings per link (for consumption by external network management - software). systemd-resolved (and systemd-networkd along with it) now - know to distinguish between "search" and "routing" domains. The - former are used to qualify single-label names, the latter are purely - used for routing lookups within certain domains to specific - links. resolved will now also synthesize RRs for all entries from - /etc/hosts. + default, but is expected to be turned on by default in one of the + next releases. For now, we invite everybody to test the DNSSEC logic + by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The + service also gained a full set of D-Bus interfaces, including calls + to configure DNS and DNSSEC settings per link (for use by external + network management software). systemd-resolved and systemd-networkd + now distinguish between "search" and "routing" domains. The former + are used to qualify single-label names, the latter are used purely + for routing lookups within certain domains to specific links. + resolved now also synthesizes RRs for all entries from /etc/hosts. * The systemd-resolve tool (which is a client utility for - systemd-resolved, and previously experimental) has been improved - considerably and is now fully supported and documented. Hence it has - moved from /usr/lib/systemd to /usr/bin. + systemd-resolved) has been improved considerably and is now fully + supported and documented. Hence it has moved from /usr/lib/systemd to + /usr/bin. * /dev/disk/by-path/ symlink support has been (re-)added for virtio devices. @@ -80,22 +78,22 @@ CHANGES WITH 229: * systemd-nspawn gained a new --as-pid2 switch that invokes any specified command line as PID 2 rather than PID 1 in the - container. In this mode PID 1 will be a minimal stub init process - that implements the special POSIX and Linux semantics of PID 1 - regarding signal and child process management. Note that this stub - init process is implemented in nspawn itself and requires no support - from the container image. This new logic is useful to support running - arbitrary command lines in the container, as normal processes are + container. In this mode PID 1 is a minimal stub init process that + implements the special POSIX and Linux semantics of PID 1 regarding + signal and child process management. Note that this stub init process + is implemented in nspawn itself and requires no support from the + container image. This new logic is useful to support running + arbitrary commands in the container, as normal processes are generally not prepared to run as PID 1. * systemd-nspawn gained a new --chdir= switch for setting the current working directory for the process started in the container. - * "journalctl /dev/sda" will now output all kernel log messages from - the specified device, in addition to all devices that are parents of - it. This should make log output about devices pretty useful, as long - as kernel drivers attach enough metadata to the log messages. (The - usual SATA drivers do.) + * "journalctl /dev/sda" will now output all kernel log messages for + specified device from the current boot, in addition to all devices + that are parents of it. This should make log output about devices + pretty useful, as long as kernel drivers attach enough metadata to + the log messages. (The usual SATA drivers do.) * The sd-journal API gained two new calls sd_journal_has_runtime_files() and sd_journal_has_persistent_files() @@ -125,7 +123,7 @@ CHANGES WITH 229: in addition to timesyncd during early boot-up, so that it is enforced before the first process is spawned by systemd. Note that the logic in timesyncd remains, as it is more comprehensive and ensures - montonic clocks by maintaining a persistant timestamp file in + clock monotonicity by maintaining a persistent timestamp file in /var. Since /var is generally not available in earliest boot or the initrd, this part of the logic remains in timesyncd, and is not done by PID 1. @@ -154,18 +152,18 @@ CHANGES WITH 229: to configure hard and soft limits individually. * The various libsystemd APIs such as sd-bus or sd-event now publicly - expose support for gcc's __attribute__((cleanup())) C - extension. Specifically, for many object destructor functions - alternative versions whose names are suffixed with "p" have been - added, which take a pointer to a pointer to the object to destroy, - instead of just a pointer to the object itself. This is useful because - these destructor functions may be used directly as parameters to the - cleanup construct. Internally, systemd has been a heavy user of the - GCC extension since a long time, and with this change similar support - is now available to consumers of the library outside of systemd. Note + expose support for gcc's __attribute__((cleanup())) C extension. + Specifically, for many object destructor functions alternative + versions have been added that have names suffixed with "p" and take a + pointer to a pointer to the object to destroy, instead of just a + pointer to the object itself. This is useful because these destructor + functions may be used directly as parameters to the cleanup + construct. Internally, systemd has been a heavy user of this GCC + extension for a long time, and with this change similar support is + now available to consumers of the library outside of systemd. Note that by using this extension in your sources compatibility with old - and strictly ANSI compatible C compilers is lost. However, any gcc or - LLVM version of recent years have supported this extension. + and strictly ANSI compatible C compilers is lost. However, all gcc or + LLVM versions of recent years support this extension. * Timer units gained support for a new setting RandomizedDelaySec= that allows configuring some additional randomized delay to the configured -- cgit v1.2.3-54-g00ecf From 7f6e804332f50dbd52afe04f5c3ce9db1072c98b Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Thu, 11 Feb 2016 22:11:33 -0500 Subject: Promote systemd-activate to /usr/bin/systemd-socket-activate It has fairly wide functionality now and the interface has been stable for a while. It it a useful testing tool. The name is changed to better indicate what it does. --- .gitignore | 2 +- Makefile-man.am | 4 +- Makefile.am | 8 +- NEWS | 6 ++ man/systemd-activate.xml | 206 ---------------------------------------- man/systemd-socket-activate.xml | 206 ++++++++++++++++++++++++++++++++++++++++ 6 files changed, 219 insertions(+), 213 deletions(-) delete mode 100644 man/systemd-activate.xml create mode 100644 man/systemd-socket-activate.xml (limited to 'NEWS') diff --git a/.gitignore b/.gitignore index cc24233ab8..4ac63a4e28 100644 --- a/.gitignore +++ b/.gitignore @@ -49,7 +49,6 @@ /systemctl /systemd /systemd-ac-power -/systemd-activate /systemd-analyze /systemd-ask-password /systemd-backlight @@ -109,6 +108,7 @@ /systemd-run /systemd-shutdown /systemd-sleep +/systemd-socket-activate /systemd-socket-proxyd /systemd-stdio-bridge /systemd-sysctl diff --git a/Makefile-man.am b/Makefile-man.am index 28b5fb6adb..f4c9edc42c 100644 --- a/Makefile-man.am +++ b/Makefile-man.am @@ -94,7 +94,6 @@ MANPAGES += \ man/shutdown.8 \ man/sysctl.d.5 \ man/systemctl.1 \ - man/systemd-activate.8 \ man/systemd-analyze.1 \ man/systemd-ask-password-console.service.8 \ man/systemd-ask-password.1 \ @@ -126,6 +125,7 @@ MANPAGES += \ man/systemd-resolve.1 \ man/systemd-run.1 \ man/systemd-sleep.conf.5 \ + man/systemd-socket-activate.1 \ man/systemd-socket-proxyd.8 \ man/systemd-suspend.service.8 \ man/systemd-sysctl.service.8 \ @@ -2574,7 +2574,6 @@ EXTRA_DIST += \ man/standard-options.xml \ man/sysctl.d.xml \ man/systemctl.xml \ - man/systemd-activate.xml \ man/systemd-analyze.xml \ man/systemd-ask-password-console.service.xml \ man/systemd-ask-password.xml \ @@ -2628,6 +2627,7 @@ EXTRA_DIST += \ man/systemd-rfkill.service.xml \ man/systemd-run.xml \ man/systemd-sleep.conf.xml \ + man/systemd-socket-activate.xml \ man/systemd-socket-proxyd.xml \ man/systemd-suspend.service.xml \ man/systemd-sysctl.service.xml \ diff --git a/Makefile.am b/Makefile.am index 676d97c7d4..da94b502a3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3875,13 +3875,13 @@ tests += \ # ------------------------------------------------------------------------------ -rootlibexec_PROGRAMS += \ - systemd-activate +bin_PROGRAMS += \ + systemd-socket-activate -systemd_activate_SOURCES = \ +systemd_socket_activate_SOURCES = \ src/activate/activate.c -systemd_activate_LDADD = \ +systemd_socket_activate_LDADD = \ libshared.la # ------------------------------------------------------------------------------ diff --git a/NEWS b/NEWS index 265847c7bd..80e59c53d3 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,11 @@ systemd System and Service Manager +CHANGES WITH 230 in spe: + + * Testing tool /usr/lib/systemd/systemd-activate is renamed to + systemd-socket-activate and installed into /usr/bin. It is now fully + supported. + CHANGES WITH 229: * The systemd-resolved DNS resolver service has gained a substantial diff --git a/man/systemd-activate.xml b/man/systemd-activate.xml deleted file mode 100644 index a8e17f2a2a..0000000000 --- a/man/systemd-activate.xml +++ /dev/null @@ -1,206 +0,0 @@ - - - - - - - - - systemd-activate - systemd - - - - Developer - Zbigniew - Jędrzejewski-Szmek - zbyszek@in.waw.pl - - - - - - systemd-activate - 8 - - - - systemd-activate - Test socket activation of daemons - - - - - /usr/lib/systemd/systemd-activate - OPTIONS - daemon - OPTIONS - - - - - Description - - systemd-activate may be used to launch a socket-activated service binary from the command - line for testing purposes. It may also be used to launch individual instances of the service binary per connection. - - - The daemon to launch and its options should be specified - after options intended for systemd-activate. - - - If the option is given, the socket file descriptor will be used as the standard - input and output of the launched process. Otherwise, standard input and output will be inherited, and sockets will - be passed through file descriptors 3 and higher. Sockets passed through $LISTEN_FDS to - systemd-activate will be passed through to the daemon, in the original positions. Other sockets - specified with will use consecutive descriptors. By default, - systemd-activate listens on a stream socket, use and - to listen on datagram or sequential packet sockets instead (see below). - - - - - Options - - - - - - Listen on this address. - Takes a string like 2000 or - 127.0.0.1:2001. - - - - - - - - Launch an instance of the service binary for each connection and pass the connection - socket. - - - - - - - Listen on a datagram socket (SOCK_DGRAM), instead of a stream socket - (SOCK_STREAM). May not be combined with . - - - - - - Listen on a sequential packet socket (SOCK_SEQPACKET), instead of a stream - socket (SOCK_STREAM). May not be combined with - . - - - - - - Use the inetd protocol for passing file descriptors, i.e. as standard input and standard - output, instead of the new-style protocol for passing file descriptors using $LISTEN_FDS - (see above). - - - - - - - Add this variable to the environment of the - launched process. If VAR is - followed by =, assume that it is a - variable–value pair. Otherwise, obtain the value from the - environment of systemd-activate itself. - - - - - NAME:NAME... - - Specify names for the file descriptors passed. This is equivalent to setting - FileDescriptorName= in socket unit files, and enables use of - sd_listen_fds_with_names3. - Multiple entries may be specifies using separate options or by separating names with colons - (:) in one option. In case more names are given than descriptors, superflous ones willl be - ignored. In case less names are given than descriptors, the remaining file descriptors will be unnamed. - - - - - - - - - - Environment variables - - - $LISTEN_FDS - $LISTEN_PID - $LISTEN_FDNAMES - - See - sd_listen_fds3. - - - - $SYSTEMD_LOG_TARGET - $SYSTEMD_LOG_LEVEL - $SYSTEMD_LOG_COLOR - $SYSTEMD_LOG_LOCATION - - Same as in - systemd1. - - - - - - Examples - - - Run an echo server on port 2000 - - $ /usr/lib/systemd/systemd-activate -l 2000 --inetd -a cat - - - - Run a socket-activated instance of <citerefentry><refentrytitle>systemd-journal-gatewayd</refentrytitle><manvolnum>8</manvolnum></citerefentry> - - $ /usr/lib/systemd/systemd-activate -l 19531 /usr/lib/systemd/systemd-journal-gatewayd - - - - - See Also - - systemd1, - systemd.socket5, - systemd.service5, - sd_listen_fds3, - sd_listen_fds_with_names3, - cat1 - - - diff --git a/man/systemd-socket-activate.xml b/man/systemd-socket-activate.xml new file mode 100644 index 0000000000..5d7f157c72 --- /dev/null +++ b/man/systemd-socket-activate.xml @@ -0,0 +1,206 @@ + + + + + + + + + systemd-socket-activate + systemd + + + + Developer + Zbigniew + Jędrzejewski-Szmek + zbyszek@in.waw.pl + + + + + + systemd-socket-activate + 1 + + + + systemd-socket-activate + Test socket activation of daemons + + + + + systemd-socket-activate + OPTIONS + daemon + OPTIONS + + + + + Description + + systemd-socket-activate may be used to launch a socket-activated service binary from the command + line for testing purposes. It may also be used to launch individual instances of the service binary per connection. + + + The daemon to launch and its options should be specified + after options intended for systemd-socket-activate. + + + If the option is given, the socket file descriptor will be used as the standard + input and output of the launched process. Otherwise, standard input and output will be inherited, and sockets will + be passed through file descriptors 3 and higher. Sockets passed through $LISTEN_FDS to + systemd-socket-activate will be passed through to the daemon, in the original positions. Other sockets + specified with will use consecutive descriptors. By default, + systemd-socket-activate listens on a stream socket, use and + to listen on datagram or sequential packet sockets instead (see below). + + + + + Options + + + + + + Listen on this address. + Takes a string like 2000 or + 127.0.0.1:2001. + + + + + + + + Launch an instance of the service binary for each connection and pass the connection + socket. + + + + + + + Listen on a datagram socket (SOCK_DGRAM), instead of a stream socket + (SOCK_STREAM). May not be combined with . + + + + + + Listen on a sequential packet socket (SOCK_SEQPACKET), instead of a stream + socket (SOCK_STREAM). May not be combined with + . + + + + + + Use the inetd protocol for passing file descriptors, i.e. as standard input and standard + output, instead of the new-style protocol for passing file descriptors using $LISTEN_FDS + (see above). + + + + + + + Add this variable to the environment of the + launched process. If VAR is + followed by =, assume that it is a + variable–value pair. Otherwise, obtain the value from the + environment of systemd-socket-activate itself. + + + + + NAME:NAME... + + Specify names for the file descriptors passed. This is equivalent to setting + FileDescriptorName= in socket unit files, and enables use of + sd_listen_fds_with_names3. + Multiple entries may be specifies using separate options or by separating names with colons + (:) in one option. In case more names are given than descriptors, superflous ones willl be + ignored. In case less names are given than descriptors, the remaining file descriptors will be unnamed. + + + + + + + + + + Environment variables + + + $LISTEN_FDS + $LISTEN_PID + $LISTEN_FDNAMES + + See + sd_listen_fds3. + + + + $SYSTEMD_LOG_TARGET + $SYSTEMD_LOG_LEVEL + $SYSTEMD_LOG_COLOR + $SYSTEMD_LOG_LOCATION + + Same as in + systemd1. + + + + + + Examples + + + Run an echo server on port 2000 + + $ systemd-socket-activate -l 2000 --inetd -a cat + + + + Run a socket-activated instance of <citerefentry><refentrytitle>systemd-journal-gatewayd</refentrytitle><manvolnum>8</manvolnum></citerefentry> + + $ systemd-socket-activate -l 19531 /usr/lib/systemd/systemd-journal-gatewayd + + + + + See Also + + systemd1, + systemd.socket5, + systemd.service5, + sd_listen_fds3, + sd_listen_fds_with_names3, + cat1 + + + -- cgit v1.2.3-54-g00ecf From 61ecb465b1c803316cb55bae0c2d7cf3c0008589 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 15 Feb 2016 18:40:02 +0100 Subject: resolved: turn on DNSSEC by default, unless configured otherwise Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to "allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled by default add a configure switch to disable this again. DNSSEC in "allow-downgrade" mode should mostly work without affecting user experience. There's one exception: some captive portal systems rewrite DNS in order to redirect HTTP traffic to the captive portal. If these systems implement DNS servers that are otherwise DNSSEC-capable (which in fact is pretty unlikely, but still...), then this will result in the captive portal being inaccessible. To fix this support in NetworkManager (or any other network management solution that does captive portal detection) is required, which simply turns off DNSSEC during the captive portal detection, and resets it back to the default (i.e. on) after captive portal authentication is complete. --- Makefile.am | 1 + NEWS | 17 +++++++++++++++++ configure.ac | 19 +++++++++++++++++-- src/resolve/resolved-manager.c | 2 +- src/resolve/resolved.conf.in | 2 +- 5 files changed, 37 insertions(+), 4 deletions(-) (limited to 'NEWS') diff --git a/Makefile.am b/Makefile.am index 9bc0bf2c05..8c151f538f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5759,6 +5759,7 @@ substitutions = \ '|PYTHON=$(PYTHON)|' \ '|NTP_SERVERS=$(NTP_SERVERS)|' \ '|DNS_SERVERS=$(DNS_SERVERS)|' \ + '|DEFAULT_DNSSEC_MODE=$(DEFAULT_DNSSEC_MODE)|' \ '|systemuidmax=$(SYSTEM_UID_MAX)|' \ '|systemgidmax=$(SYSTEM_GID_MAX)|' \ '|TTY_GID=$(TTY_GID)|' \ diff --git a/NEWS b/NEWS index 80e59c53d3..0cce79443b 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,23 @@ systemd System and Service Manager CHANGES WITH 230 in spe: + * DNSSEC is now turned on by default in systemd-resolved (in + "allow-downgrade" mode), but may be turned off during compile time by + passing "--with-default-dnssec=no" to "configure" (and of course, + during runtime with DNSSEC= in resolved.conf). We recommend + downstreams to leave this on at least during development cycles and + report any issues with the DNSSEC logic upstream. We are very + interested in collecting feedback about the DNSSEC validator and its + limitations in the wild. Note however, that DNSSEC support is + probably nothing downstreams should turn on in stable distros just + yet, as it might create incompabilities with a few DNS servers and + networks. We tried hard to make sure we downgrade to non-DNSSEC mode + automatically whenever we detect such incompatible setups, but there + might be systems we do not cover yet. Hence: please help us testing + the DNSSEC code, leave this on where you can, report back, but then + again don't consider turning this on in your stable, LTS or + production release just yet. + * Testing tool /usr/lib/systemd/systemd-activate is renamed to systemd-socket-activate and installed into /usr/bin. It is now fully supported. diff --git a/configure.ac b/configure.ac index 262f9e4fff..e72470a199 100644 --- a/configure.ac +++ b/configure.ac @@ -1128,6 +1128,20 @@ AC_ARG_WITH(dns-servers, AC_DEFINE_UNQUOTED(DNS_SERVERS, ["$DNS_SERVERS"], [Default DNS Servers]) AC_SUBST(DNS_SERVERS) +AC_ARG_WITH(default-dnssec, + AS_HELP_STRING([--with-default-dnssec=MODE], + [Default DNSSEC mode, defaults to "allow-downgrade"]), + [DEFAULT_DNSSEC_MODE="$withval"], + [DEFAULT_DNSSEC_MODE="allow-downgrade"]) + +AS_CASE("x${DEFAULT_DNSSEC_MODE}", + [xno], [mode=DNSSEC_NO], + [xyes], [mode=DNSSEC_YES], + [xallow-downgrade], [mode=DNSSEC_ALLOW_DOWNGRADE], + AC_MSG_ERROR(Bad DNSSEC mode ${DEFAULT_DNSSEC_MODE})) +AC_DEFINE_UNQUOTED(DEFAULT_DNSSEC_MODE, [$mode], [Default DNSSEC mode]) +AC_SUBST(DEFAULT_DNSSEC_MODE) + # ------------------------------------------------------------------------------ have_networkd=no AC_ARG_ENABLE(networkd, AS_HELP_STRING([--disable-networkd], [disable networkd])) @@ -1559,12 +1573,13 @@ AC_MSG_RESULT([ hostnamed: ${have_hostnamed} timedated: ${have_timedated} timesyncd: ${have_timesyncd} - default NTP servers: ${NTP_SERVERS} + Default NTP servers: ${NTP_SERVERS} time epoch: ${TIME_EPOCH} localed: ${have_localed} networkd: ${have_networkd} resolved: ${have_resolved} - default DNS servers: ${DNS_SERVERS} + Default DNS servers: ${DNS_SERVERS} + Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} coredump: ${have_coredump} polkit: ${have_polkit} efi: ${have_efi} diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index bf5efe4cfa..09e15fa230 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -485,7 +485,7 @@ int manager_new(Manager **ret) { m->llmnr_support = RESOLVE_SUPPORT_YES; m->mdns_support = RESOLVE_SUPPORT_NO; - m->dnssec_mode = DNSSEC_NO; + m->dnssec_mode = DEFAULT_DNSSEC_MODE; m->read_resolv_conf = true; m->need_builtin_fallbacks = true; m->etc_hosts_last = m->etc_hosts_mtime = USEC_INFINITY; diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in index efc9c6733a..a288588924 100644 --- a/src/resolve/resolved.conf.in +++ b/src/resolve/resolved.conf.in @@ -16,4 +16,4 @@ #FallbackDNS=@DNS_SERVERS@ #Domains= #LLMNR=yes -#DNSSEC=no +#DNSSEC=@DEFAULT_DNSSEC_MODE@ -- cgit v1.2.3-54-g00ecf From 96d490114900686b4d17f9b751fab6e39cfcc560 Mon Sep 17 00:00:00 2001 From: Torstein Husebø Date: Mon, 8 Feb 2016 13:27:22 +0100 Subject: treewide: fix typos and then/that use --- CODING_STYLE | 2 +- NEWS | 2 +- man/systemd.netdev.xml | 2 +- src/basic/socket-util.c | 2 +- src/libsystemd/sd-daemon/sd-daemon.c | 2 +- src/resolve/resolved-dns-answer.c | 2 +- src/resolve/resolved-dns-rr.h | 2 +- src/shared/condition.c | 2 +- src/shared/gcrypt-util.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) (limited to 'NEWS') diff --git a/CODING_STYLE b/CODING_STYLE index 46e366898e..e5ba396368 100644 --- a/CODING_STYLE +++ b/CODING_STYLE @@ -163,7 +163,7 @@ programming error with assert_return() and return a sensible return code. In all other calls, it is recommended to check for programming errors with a more brutal assert(). We are more forgiving to public - users then for ourselves! Note that assert() and assert_return() + users than for ourselves! Note that assert() and assert_return() really only should be used for detecting programming errors, not for runtime errors. assert() and assert_return() by usage of _likely_() inform the compiler that he should not expect these checks to fail, diff --git a/NEWS b/NEWS index 0cce79443b..8b30bee6b7 100644 --- a/NEWS +++ b/NEWS @@ -11,7 +11,7 @@ CHANGES WITH 230 in spe: interested in collecting feedback about the DNSSEC validator and its limitations in the wild. Note however, that DNSSEC support is probably nothing downstreams should turn on in stable distros just - yet, as it might create incompabilities with a few DNS servers and + yet, as it might create incompatibilities with a few DNS servers and networks. We tried hard to make sure we downgrade to non-DNSSEC mode automatically whenever we detect such incompatible setups, but there might be systems we do not cover yet. Hence: please help us testing diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index b697d0c9a6..c5fb2fa7fb 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -361,7 +361,7 @@ The [MACVTAP] section applies for netdevs of kind macvtap and accepts the - same key as [MACVLAN]. + same key as [MACVLAN]. diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c index 58512686e3..0f38f9a0f3 100644 --- a/src/basic/socket-util.c +++ b/src/basic/socket-util.c @@ -942,7 +942,7 @@ ssize_t next_datagram_size_fd(int fd) { int k; /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will - * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD dosn't + * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't * do. This difference is actually of major importance as we need to be sure that the size returned here * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of * the wrong size. */ diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c index 4e50b61979..bd1c7f15ff 100644 --- a/src/libsystemd/sd-daemon/sd-daemon.c +++ b/src/libsystemd/sd-daemon/sd-daemon.c @@ -465,7 +465,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char have_pid = pid != 0 && pid != getpid(); if (n_fds > 0 || have_pid) { - /* CMSG_SPACE(0) may return value different then zero, which results in miscalculated controllen. */ + /* CMSG_SPACE(0) may return value different than zero, which results in miscalculated controllen. */ msghdr.msg_controllen = (n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) + (have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0); diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c index 5d7b4b4b5c..0dadf8b1dd 100644 --- a/src/resolve/resolved-dns-answer.c +++ b/src/resolve/resolved-dns-answer.c @@ -757,7 +757,7 @@ int dns_answer_reserve_or_clone(DnsAnswer **a, unsigned n_free) { assert(a); /* Tries to extend the DnsAnswer object. And if that's not - * possibly, since we are not the sole owner, then allocate a + * possible, since we are not the sole owner, then allocate a * new, appropriately sized one. Either way, after this call * the object will only have a single reference, and has room * for at least the specified number of RRs. */ diff --git a/src/resolve/resolved-dns-rr.h b/src/resolve/resolved-dns-rr.h index 646e34598d..020a2abd77 100644 --- a/src/resolve/resolved-dns-rr.h +++ b/src/resolve/resolved-dns-rr.h @@ -82,7 +82,7 @@ enum { struct DnsResourceKey { unsigned n_ref; /* (unsigned -1) for const keys, see below */ uint16_t class, type; - char *_name; /* don't access directy, use dns_resource_key_name()! */ + char *_name; /* don't access directly, use dns_resource_key_name()! */ }; /* Creates a temporary resource key. This is only useful to quickly diff --git a/src/shared/condition.c b/src/shared/condition.c index f93785865e..3a45ed265c 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -295,7 +295,7 @@ static int condition_test_needs_update(Condition *c) { return false; /* Any other failure means we should allow the condition to be true, - * so that we rather invoke too many update tools then too + * so that we rather invoke too many update tools than too * few. */ if (!path_is_absolute(c->parameter)) diff --git a/src/shared/gcrypt-util.c b/src/shared/gcrypt-util.c index b887243849..4ff94520c3 100644 --- a/src/shared/gcrypt-util.c +++ b/src/shared/gcrypt-util.c @@ -32,7 +32,7 @@ void initialize_libgcrypt(bool secmem) { p = gcry_check_version("1.4.5"); assert(p); - /* Turn off "secmem". Clients which whish to make use of this + /* Turn off "secmem". Clients which wish to make use of this * feature should initialize the library manually */ if (!secmem) gcry_control(GCRYCTL_DISABLE_SECMEM); -- cgit v1.2.3-54-g00ecf From f59dba2654eb9dadeb4d0ae486f85191dc0c5c53 Mon Sep 17 00:00:00 2001 From: Elias Probst Date: Wed, 16 Mar 2016 09:23:31 +0100 Subject: Reference correct `machinectl` command in 219 NEWS NEWS for `219` references `machinectl list-images` to describe the introduced clone feature - this looks like a copy'n'paste problem. Use `machinectl clone` instead. --- NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 8b30bee6b7..6f43b8ce3a 100644 --- a/NEWS +++ b/NEWS @@ -1345,7 +1345,7 @@ CHANGES WITH 219: * machinectl is now able to clone container images efficiently, if the underlying file system (btrfs) supports - it, with the new "machinectl list-images" command. It also + it, with the new "machinectl clone" command. It also gained commands for renaming and removing images, as well as marking them read-only or read-write (supported also on legacy file systems). -- cgit v1.2.3-54-g00ecf From 96515dbf443e15121cf91629338e880a618065a4 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 3 Apr 2016 13:16:06 -0400 Subject: NEWS: add some more items DUID support is mentioned without details since those are still being worked out. --- NEWS | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 6f43b8ce3a..b75638ed36 100644 --- a/NEWS +++ b/NEWS @@ -19,10 +19,58 @@ CHANGES WITH 230 in spe: again don't consider turning this on in your stable, LTS or production release just yet. + * systemd-resolve conveniently resolves DANE records with the --tlsa + option and OPENPGPKEY records with the --openpgp option. + * Testing tool /usr/lib/systemd/systemd-activate is renamed to systemd-socket-activate and installed into /usr/bin. It is now fully supported. + * The unified cgroup hierarchy added in Linux 4.5 is now supported. + Use systemd.unified_cgroup_hierarchy=1 on the kernel command line + to enable. + WARNING: it is not possible to use previous systemd versions with + systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it + is necessary to also update systemd in the initramfs if using the + unified hierarchy. Updated selinux policy is also required. + + * LLDP support has been extended, and both passive (receive-only) + and active (sender) modes are supported. Passive mode + ("routers-only") is enabled by default in systemd-networkd. + Active LLDP mode is enabled by default for containers on the + internal network. + "networkctl lldp" can be used to list information gathered. + + * Headers for LLDP support (sd-lldp.h) are now public. + + * The Unique Identifier sent in DHCP requests can be configured. + + * systemd-journald now uses separate threads to flush changes to + disk when closing journal files. + + * systemd-ask-password skips printing of the password to stdout + with --no-output which can be useful in scripts. + + * Framebuffer devices (/dev/fb*) and 3D printers and scanners + (devices tagged with ID_MAKER_TOOL) are now tagged with + "uaccess" and are available to logged in users. + + * systemd-bootchart has been split out to a separate repository: + https://github.com/systemd/systemd-bootchart + + * Compatibility libraries libsystemd-daemon.so, libsystemd-journal.so, + libsystemd-id128.so, and libsystemd-login.so which have been + deprecated since systemd-209 have been removed along along with the + corresponding pkg-config files. All symbols provided by the those + libraries are provided by libsystemd.so. + + * Capabilities= setting has been removed (it is ignored for backwards + compatibility). AmbientCapabilities= and CapabilityBoundingSet= + should be used instead. + + * systemd-bus-proxyd has been removed, as kdbus will not be merged + in current form. + CHANGES WITH 229: * The systemd-resolved DNS resolver service has gained a substantial -- cgit v1.2.3-54-g00ecf From d5bd92bbbe578d96b3905832cd3ccdb9249e620c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 8 Apr 2016 19:13:43 +0200 Subject: README: document that we only support util-linux built with --enable-libmount-force-mountinfo Fixes: #2978 --- NEWS | 3 +++ README | 1 + 2 files changed, 4 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index b75638ed36..58a0f032a8 100644 --- a/NEWS +++ b/NEWS @@ -417,6 +417,9 @@ CHANGES WITH 228: https://sourceware.org/bugzilla/show_bug.cgi?id=19108 + Note that only util-linux versions built with + --enable-libmount-force-mountinfo are supported. + * Support for the ".snapshot" unit type has been removed. This feature turned out to be little useful and little used, and has now been removed from the core and from systemctl. diff --git a/README b/README index 0118c102f6..ca8993cb12 100644 --- a/README +++ b/README @@ -118,6 +118,7 @@ REQUIREMENTS: glibc >= 2.16 libcap libmount >= 2.27.1 (from util-linux) + (util-linux *must* be built with --enable-libmount-force-mountinfo) libseccomp >= 1.0.0 (optional) libblkid >= 2.24 (from util-linux) (optional) libkmod >= 15 (optional) -- cgit v1.2.3-54-g00ecf From 97e5530cf2076a2b4fc55755917262607aaa6338 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sat, 9 Apr 2016 20:40:45 -0400 Subject: logind: flip KillUserProcesses to on by default This ensures that users sessions are properly cleaned up after. The admin can still enable or disable linger for specific users to allow them to run processes after they log out. Doing that through the user session is much cleaner and provides better control. dbus daemon can now be run in the user session (with --enable-user-session, added in 1.10.2), and most distributions opted to pick this configuration. In the normal case it makes a lot of sense to kill remaining processes. The exception is stuff like screen and tmux. But it's easy enough to work around, a simple example was added to the man page in previous commit. In the long run those services should integrate with the systemd users session on their own. https://bugs.freedesktop.org/show_bug.cgi?id=94508 https://github.com/systemd/systemd/issues/2900 --- NEWS | 27 ++++++++++++++++++++++++--- man/logind.conf.xml | 2 +- src/login/logind.c | 2 +- src/login/logind.conf | 2 +- 4 files changed, 27 insertions(+), 6 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index b75638ed36..99e6b51ae3 100644 --- a/NEWS +++ b/NEWS @@ -22,9 +22,26 @@ CHANGES WITH 230 in spe: * systemd-resolve conveniently resolves DANE records with the --tlsa option and OPENPGPKEY records with the --openpgp option. - * Testing tool /usr/lib/systemd/systemd-activate is renamed to - systemd-socket-activate and installed into /usr/bin. It is now fully - supported. + * systemd-logind will now by default terminate user processes that are + part of the user session scope unit (session-XX.scope) when the user + logs out. This behaviour is controlled by the + KillUserProcesses=yes|no setting in logind.conf, and previous default + of "no" is now changed to "yes". This means that user sessions will + be properly cleaned up after, but additional steps are necessary to + allow intentionally long-running processes to survive logout. + + While the user is logged in at least once, user@.service is running, + and any service that should survive the end of any individual login + session can be started at a user service or scope using systemd-run. + systemd-run(1) man page has been extended with an example which + shows how to run screen in a scope unit underneath user@.service. + The same command works for tmux. + + After the user logs out of all sessions, user@.service will be + terminated too, by default, unless the user has "lingering" enabled. + To effectively allow users to run long-term tasks even if they are + logged out, lingering must be enabled for them. See loginctl(1) + for details. * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line @@ -45,6 +62,10 @@ CHANGES WITH 230 in spe: * The Unique Identifier sent in DHCP requests can be configured. + * Testing tool /usr/lib/systemd/systemd-activate is renamed to + systemd-socket-activate and installed into /usr/bin. It is now fully + supported. + * systemd-journald now uses separate threads to flush changes to disk when closing journal files. diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 10a23955a4..6e587c3561 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -124,7 +124,7 @@ corresponding to the session and all processes inside that scope will be terminated. If false, the scope is "abandonded", see systemd.scope5, - and processes are not killed. Defaults to no. + and processes are not killed. Defaults to yes. In addition to session processes, user process may run under the user manager unit user@.service. Depending on the linger diff --git a/src/login/logind.c b/src/login/logind.c index 268502c437..616346799a 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -64,7 +64,7 @@ static void manager_reset_config(Manager *m) { m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ m->user_tasks_max = UINT64_C(12288); - m->kill_user_processes = false; + m->kill_user_processes = true; m->kill_only_users = strv_free(m->kill_only_users); m->kill_exclude_users = strv_free(m->kill_exclude_users); diff --git a/src/login/logind.conf b/src/login/logind.conf index 6095e482ac..8316bb4d74 100644 --- a/src/login/logind.conf +++ b/src/login/logind.conf @@ -14,7 +14,7 @@ [Login] #NAutoVTs=6 #ReserveVT=6 -#KillUserProcesses=no +#KillUserProcesses=yes #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 -- cgit v1.2.3-54-g00ecf From 95365a576f7e81f3e2f02fa3e8225c4b03f12214 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Mon, 11 Apr 2016 22:51:31 -0400 Subject: build-sys: add --without-kill-user-processes configure option --- Makefile.am | 6 +- NEWS | 3 + configure.ac | 215 +++++++++++++++++++++++++---------------------- src/login/.gitignore | 1 + src/login/logind.c | 2 +- src/login/logind.conf | 35 -------- src/login/logind.conf.in | 35 ++++++++ 7 files changed, 157 insertions(+), 140 deletions(-) delete mode 100644 src/login/logind.conf create mode 100644 src/login/logind.conf.in (limited to 'NEWS') diff --git a/Makefile.am b/Makefile.am index c566b1f6e4..e97d5bd78f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5725,7 +5725,7 @@ dist_dbussystemservice_DATA += \ dist_dbuspolicy_DATA += \ src/login/org.freedesktop.login1.conf -dist_pkgsysconf_DATA += \ +nodist_pkgsysconf_DATA += \ src/login/logind.conf polkitpolicy_files += \ @@ -5762,7 +5762,8 @@ gperf_gperf_sources += \ EXTRA_DIST += \ src/login/71-seat.rules.in \ src/login/73-seat-late.rules.in \ - units/systemd-logind.service.in + units/systemd-logind.service.in \ + src/login/logind.conf.in # ------------------------------------------------------------------------------ if HAVE_PAM @@ -5879,6 +5880,7 @@ substitutions = \ '|NTP_SERVERS=$(NTP_SERVERS)|' \ '|DNS_SERVERS=$(DNS_SERVERS)|' \ '|DEFAULT_DNSSEC_MODE=$(DEFAULT_DNSSEC_MODE)|' \ + '|KILL_USER_PROCESSES=$(KILL_USER_PROCESSES)|' \ '|systemuidmax=$(SYSTEM_UID_MAX)|' \ '|systemgidmax=$(SYSTEM_GID_MAX)|' \ '|TTY_GID=$(TTY_GID)|' \ diff --git a/NEWS b/NEWS index 99e6b51ae3..7199a67201 100644 --- a/NEWS +++ b/NEWS @@ -43,6 +43,9 @@ CHANGES WITH 230 in spe: logged out, lingering must be enabled for them. See loginctl(1) for details. + Previous defaults can be restored at compile time by the + --without-kill-user-processes option. + * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to enable. diff --git a/configure.ac b/configure.ac index 7b9e64a0f6..d4e8ab6664 100644 --- a/configure.ac +++ b/configure.ac @@ -1014,6 +1014,16 @@ fi AM_CONDITIONAL(ENABLE_LOGIND, [test "$have_logind" = "yes"]) AS_IF([test "$have_logind" = "yes"], [ AC_DEFINE(HAVE_LOGIND, [1], [Logind support available]) ]) +AC_ARG_WITH([kill-user-processes], + [AS_HELP_STRING([--without-kill-user-processes], [Set logind's KillUserProcesses=no by default])]) +AS_IF([test "$with_kill_user_processes" != "no"], + [kill_user_processes=true + KILL_USER_PROCESSES=yes], + [kill_user_processes=false + KILL_USER_PROCESSES=no]) +AC_DEFINE_UNQUOTED(KILL_USER_PROCESSES, [$kill_user_processes], [Default KillUserProcesses setting]) +AC_SUBST(KILL_USER_PROCESSES) + # ------------------------------------------------------------------------------ have_machined=no AC_ARG_ENABLE(machined, AS_HELP_STRING([--disable-machined], [disable machine daemon])) @@ -1554,106 +1564,107 @@ AC_OUTPUT AC_MSG_RESULT([ $PACKAGE_NAME $VERSION - libcryptsetup: ${have_libcryptsetup} - PAM: ${have_pam} - AUDIT: ${have_audit} - IMA: ${have_ima} - AppArmor: ${have_apparmor} - SELinux: ${have_selinux} - SECCOMP: ${have_seccomp} - SMACK: ${have_smack} - ZLIB: ${have_zlib} - XZ: ${have_xz} - LZ4: ${have_lz4} - BZIP2: ${have_bzip2} - ACL: ${have_acl} - GCRYPT: ${have_gcrypt} - QRENCODE: ${have_qrencode} - MICROHTTPD: ${have_microhttpd} - GNUTLS: ${have_gnutls} - libcurl: ${have_libcurl} - libidn: ${have_libidn} - libiptc: ${have_libiptc} - ELFUTILS: ${have_elfutils} - binfmt: ${have_binfmt} - vconsole: ${have_vconsole} - quotacheck: ${have_quotacheck} - tmpfiles: ${have_tmpfiles} - sysusers: ${have_sysusers} - firstboot: ${have_firstboot} - randomseed: ${have_randomseed} - backlight: ${have_backlight} - rfkill: ${have_rfkill} - logind: ${have_logind} - machined: ${have_machined} - importd: ${have_importd} - hostnamed: ${have_hostnamed} - timedated: ${have_timedated} - timesyncd: ${have_timesyncd} - Default NTP servers: ${NTP_SERVERS} - time epoch: ${TIME_EPOCH} - localed: ${have_localed} - networkd: ${have_networkd} - resolved: ${have_resolved} - Default DNS servers: ${DNS_SERVERS} - Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} - coredump: ${have_coredump} - polkit: ${have_polkit} - efi: ${have_efi} - gnuefi: ${have_gnuefi} - efi arch: ${EFI_ARCH} - EFI machine type: ${EFI_MACHINE_TYPE_NAME} - EFI CC ${EFI_CC} - EFI libdir: ${EFI_LIB_DIR} - EFI ldsdir: ${EFI_LDS_DIR} - EFI includedir: ${EFI_INC_DIR} - kmod: ${have_kmod} - xkbcommon: ${have_xkbcommon} - blkid: ${have_blkid} - libmount: ${have_libmount} - dbus: ${have_dbus} - nss-myhostname: ${have_myhostname} - hwdb: ${enable_hwdb} - tpm: ${have_tpm} - kdbus: ${have_kdbus} - Python: ${have_python} - man pages: ${have_manpages} - test coverage: ${have_coverage} - Split /usr: ${enable_split_usr} - SysV compatibility: ${SYSTEM_SYSV_COMPAT} - utmp/wtmp support: ${have_utmp} - ldconfig support: ${enable_ldconfig} - hibernate support: ${enable_hibernate} - extra debugging: ${enable_debug} - tests: ${enable_tests} - - prefix: ${prefix} - rootprefix: ${with_rootprefix} - sysconf dir: ${sysconfdir} - datarootdir: ${datarootdir} - includedir: ${includedir} - lib dir: ${libdir} - rootlib dir: ${with_rootlibdir} - SysV init scripts: ${SYSTEM_SYSVINIT_PATH} - SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH} - Build Python: ${PYTHON} - PAM modules dir: ${with_pamlibdir} - PAM configuration dir: ${with_pamconfdir} - D-Bus policy dir: ${with_dbuspolicydir} - D-Bus session dir: ${with_dbussessionservicedir} - D-Bus system dir: ${with_dbussystemservicedir} - Bash completions dir: ${with_bashcompletiondir} - Zsh completions dir: ${with_zshcompletiondir} - Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} - Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} - Wheel group: ${have_wheel_group} - Debug shell: ${SUSHELL} @ ${DEBUGTTY} - TTY GID: ${TTY_GID} - Maximum System UID: ${SYSTEM_UID_MAX} - Maximum System GID: ${SYSTEM_GID_MAX} - Certificate root: ${CERTIFICATEROOT} - - CFLAGS: ${OUR_CFLAGS} ${CFLAGS} - CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} - LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} + libcryptsetup: ${have_libcryptsetup} + PAM: ${have_pam} + AUDIT: ${have_audit} + IMA: ${have_ima} + AppArmor: ${have_apparmor} + SELinux: ${have_selinux} + SECCOMP: ${have_seccomp} + SMACK: ${have_smack} + ZLIB: ${have_zlib} + XZ: ${have_xz} + LZ4: ${have_lz4} + BZIP2: ${have_bzip2} + ACL: ${have_acl} + GCRYPT: ${have_gcrypt} + QRENCODE: ${have_qrencode} + MICROHTTPD: ${have_microhttpd} + GNUTLS: ${have_gnutls} + libcurl: ${have_libcurl} + libidn: ${have_libidn} + libiptc: ${have_libiptc} + ELFUTILS: ${have_elfutils} + binfmt: ${have_binfmt} + vconsole: ${have_vconsole} + quotacheck: ${have_quotacheck} + tmpfiles: ${have_tmpfiles} + sysusers: ${have_sysusers} + firstboot: ${have_firstboot} + randomseed: ${have_randomseed} + backlight: ${have_backlight} + rfkill: ${have_rfkill} + logind: ${have_logind} + Default KillUserProcesses setting: ${KILL_USER_PROCESSES} + machined: ${have_machined} + importd: ${have_importd} + hostnamed: ${have_hostnamed} + timedated: ${have_timedated} + timesyncd: ${have_timesyncd} + Default NTP servers: ${NTP_SERVERS} + time epoch: ${TIME_EPOCH} + localed: ${have_localed} + networkd: ${have_networkd} + resolved: ${have_resolved} + Default DNS servers: ${DNS_SERVERS} + Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} + coredump: ${have_coredump} + polkit: ${have_polkit} + efi: ${have_efi} + gnuefi: ${have_gnuefi} + efi arch: ${EFI_ARCH} + EFI machine type: ${EFI_MACHINE_TYPE_NAME} + EFI CC ${EFI_CC} + EFI libdir: ${EFI_LIB_DIR} + EFI ldsdir: ${EFI_LDS_DIR} + EFI includedir: ${EFI_INC_DIR} + kmod: ${have_kmod} + xkbcommon: ${have_xkbcommon} + blkid: ${have_blkid} + libmount: ${have_libmount} + dbus: ${have_dbus} + nss-myhostname: ${have_myhostname} + hwdb: ${enable_hwdb} + tpm: ${have_tpm} + kdbus: ${have_kdbus} + Python: ${have_python} + man pages: ${have_manpages} + test coverage: ${have_coverage} + Split /usr: ${enable_split_usr} + SysV compatibility: ${SYSTEM_SYSV_COMPAT} + utmp/wtmp support: ${have_utmp} + ldconfig support: ${enable_ldconfig} + hibernate support: ${enable_hibernate} + extra debugging: ${enable_debug} + tests: ${enable_tests} + + prefix: ${prefix} + rootprefix: ${with_rootprefix} + sysconf dir: ${sysconfdir} + datarootdir: ${datarootdir} + includedir: ${includedir} + lib dir: ${libdir} + rootlib dir: ${with_rootlibdir} + SysV init scripts: ${SYSTEM_SYSVINIT_PATH} + SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH} + Build Python: ${PYTHON} + PAM modules dir: ${with_pamlibdir} + PAM configuration dir: ${with_pamconfdir} + D-Bus policy dir: ${with_dbuspolicydir} + D-Bus session dir: ${with_dbussessionservicedir} + D-Bus system dir: ${with_dbussystemservicedir} + Bash completions dir: ${with_bashcompletiondir} + Zsh completions dir: ${with_zshcompletiondir} + Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} + Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} + Wheel group: ${have_wheel_group} + Debug shell: ${SUSHELL} @ ${DEBUGTTY} + TTY GID: ${TTY_GID} + Maximum System UID: ${SYSTEM_UID_MAX} + Maximum System GID: ${SYSTEM_GID_MAX} + Certificate root: ${CERTIFICATEROOT} + + CFLAGS: ${OUR_CFLAGS} ${CFLAGS} + CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} + LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} ]) diff --git a/src/login/.gitignore b/src/login/.gitignore index 39088ec252..3a8ba497c1 100644 --- a/src/login/.gitignore +++ b/src/login/.gitignore @@ -1,4 +1,5 @@ /logind-gperf.c +/logind.conf /org.freedesktop.login1.policy /71-seat.rules /73-seat-late.rules diff --git a/src/login/logind.c b/src/login/logind.c index 616346799a..a48e2fc61e 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -64,7 +64,7 @@ static void manager_reset_config(Manager *m) { m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ m->user_tasks_max = UINT64_C(12288); - m->kill_user_processes = true; + m->kill_user_processes = KILL_USER_PROCESSES; m->kill_only_users = strv_free(m->kill_only_users); m->kill_exclude_users = strv_free(m->kill_exclude_users); diff --git a/src/login/logind.conf b/src/login/logind.conf deleted file mode 100644 index 8316bb4d74..0000000000 --- a/src/login/logind.conf +++ /dev/null @@ -1,35 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=yes -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#UserTasksMax=12288 diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in new file mode 100644 index 0000000000..3c96def45d --- /dev/null +++ b/src/login/logind.conf.in @@ -0,0 +1,35 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=@KILL_USER_PROCESSES@ +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes +#UserTasksMax=12288 -- cgit v1.2.3-54-g00ecf From 152199f2d705effdcddacff63b3ca88671b1290f Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Tue, 12 Apr 2016 22:52:28 -0400 Subject: logind: allow any user to request lingering We enable lingering for anyone who wants this. It is still disabled by default to avoid keeping long-running processes accidentally. Admins might want to customize this policy on multi-user sites. --- NEWS | 5 +++-- src/login/logind-dbus.c | 8 +++++--- src/login/org.freedesktop.login1.policy.in | 8 ++++++++ 3 files changed, 16 insertions(+), 5 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 7199a67201..3924264e6f 100644 --- a/NEWS +++ b/NEWS @@ -40,8 +40,9 @@ CHANGES WITH 230 in spe: After the user logs out of all sessions, user@.service will be terminated too, by default, unless the user has "lingering" enabled. To effectively allow users to run long-term tasks even if they are - logged out, lingering must be enabled for them. See loginctl(1) - for details. + logged out, lingering must be enabled for them. See loginctl(1) for + details. The default polkit policy was modified to allow users to + set lingering for themselves without authentication. Previous defaults can be restored at compile time by the --without-kill-user-processes option. diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 1d3133ee25..a281f99a34 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_free_ char *cc = NULL; Manager *m = userdata; - int b, r; + int r, b, interactive; struct passwd *pw; const char *path; uint32_t uid; - int interactive; + bool self = false; assert(message); assert(m); @@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu if (r < 0) return r; + self = true; + } else if (!uid_is_valid(uid)) return -EINVAL; @@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, - "org.freedesktop.login1.set-user-linger", + self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger", NULL, interactive, UID_INVALID, diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in index 23326bb79f..1fa6441629 100644 --- a/src/login/org.freedesktop.login1.policy.in +++ b/src/login/org.freedesktop.login1.policy.in @@ -111,6 +111,14 @@ + + <_description>Allow non-logged-in user to run programs + <_message>Explicit request is required to run programs as a non-logged-in user. + + yes + + + <_description>Allow non-logged-in users to run programs <_message>Authentication is required to run programs as a non-logged-in user. -- cgit v1.2.3-54-g00ecf From ccddd104fc95e0e769142af6e1fe1edec5be70a6 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Thu, 21 Apr 2016 22:57:06 -0400 Subject: tree-wide: use mdash instead of a two minuses --- NEWS | 50 ++++++++++++++++---------------- TODO | 2 +- man/daemon.xml | 2 +- man/sd_event_source_set_priority.xml | 2 +- man/sd_journal_get_data.xml | 2 +- man/systemd-ask-password.xml | 2 +- man/systemd-journal-gatewayd.service.xml | 2 +- man/systemd-nspawn.xml | 2 +- man/systemd.special.xml | 2 +- src/core/ima-setup.c | 2 +- src/core/ima-setup.h | 2 +- src/core/unit.c | 2 +- src/journal/journald-server.c | 2 +- src/libsystemd/sd-device/sd-device.c | 6 ++-- src/libsystemd/sd-resolve/test-resolve.c | 2 +- src/network/test-network-tables.c | 2 +- src/nspawn/nspawn.c | 2 +- src/resolve/RFCs | 2 +- src/resolve/resolved-link.c | 2 +- src/udev/udev-builtin-net_id.c | 28 +++++++++--------- 20 files changed, 59 insertions(+), 59 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index f697599a8f..16ea7b7290 100644 --- a/NEWS +++ b/NEWS @@ -311,7 +311,7 @@ CHANGES WITH 229: Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2016-02-11 + — Berlin, 2016-02-11 CHANGES WITH 228: @@ -512,7 +512,7 @@ CHANGES WITH 228: Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-11-18 + — Berlin, 2015-11-18 CHANGES WITH 227: @@ -716,7 +716,7 @@ CHANGES WITH 227: Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich, Zbigniew Jędrzejewski-Szmek, Марко М. Костић - -- Berlin, 2015-10-07 + — Berlin, 2015-10-07 CHANGES WITH 226: @@ -836,7 +836,7 @@ CHANGES WITH 226: Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø - -- Berlin, 2015-09-08 + — Berlin, 2015-09-08 CHANGES WITH 225: @@ -909,7 +909,7 @@ CHANGES WITH 225: Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts, WaLyong Cho, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-08-27 + — Berlin, 2015-08-27 CHANGES WITH 224: @@ -924,7 +924,7 @@ CHANGES WITH 224: Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen - -- Berlin, 2015-07-31 + — Berlin, 2015-07-31 CHANGES WITH 223: @@ -989,7 +989,7 @@ CHANGES WITH 223: Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-07-29 + — Berlin, 2015-07-29 CHANGES WITH 222: @@ -1029,7 +1029,7 @@ CHANGES WITH 222: Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-07-07 + — Berlin, 2015-07-07 CHANGES WITH 221: @@ -1107,7 +1107,7 @@ CHANGES WITH 221: Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner Fink, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-06-19 + — Berlin, 2015-06-19 CHANGES WITH 220: @@ -1336,7 +1336,7 @@ CHANGES WITH 220: Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-05-22 + — Berlin, 2015-05-22 CHANGES WITH 219: @@ -1660,7 +1660,7 @@ CHANGES WITH 219: Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland Hoffmann, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-02-16 + — Berlin, 2015-02-16 CHANGES WITH 218: @@ -1862,7 +1862,7 @@ CHANGES WITH 218: Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-12-10 + — Berlin, 2014-12-10 CHANGES WITH 217: @@ -2074,7 +2074,7 @@ CHANGES WITH 217: Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-10-28 + — Berlin, 2014-10-28 CHANGES WITH 216: @@ -2276,7 +2276,7 @@ CHANGES WITH 216: Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-08-19 + — Berlin, 2014-08-19 CHANGES WITH 215: @@ -2510,7 +2510,7 @@ CHANGES WITH 215: Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-07-03 + — Berlin, 2014-07-03 CHANGES WITH 214: @@ -2704,7 +2704,7 @@ CHANGES WITH 214: Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-06-11 + — Berlin, 2014-06-11 CHANGES WITH 213: @@ -2836,7 +2836,7 @@ CHANGES WITH 213: Lindskog, WaLyong Cho, Will Woods, Zbigniew Jędrzejewski-Szmek - -- Beijing, 2014-05-28 + — Beijing, 2014-05-28 CHANGES WITH 212: @@ -2985,7 +2985,7 @@ CHANGES WITH 212: Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-03-25 + — Berlin, 2014-03-25 CHANGES WITH 211: @@ -3109,7 +3109,7 @@ CHANGES WITH 211: Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-03-12 + — Berlin, 2014-03-12 CHANGES WITH 210: @@ -3214,7 +3214,7 @@ CHANGES WITH 210: Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-02-24 + — Berlin, 2014-02-24 CHANGES WITH 209: @@ -3670,7 +3670,7 @@ CHANGES WITH 209: Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-02-20 + — Berlin, 2014-02-20 CHANGES WITH 208: @@ -3757,7 +3757,7 @@ CHANGES WITH 208: Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty, Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2013-10-02 + — Berlin, 2013-10-02 CHANGES WITH 207: @@ -3857,7 +3857,7 @@ CHANGES WITH 207: Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao, William Giokas, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2013-09-13 + — Berlin, 2013-09-13 CHANGES WITH 206: @@ -3956,14 +3956,14 @@ CHANGES WITH 206: Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William Giokas, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2013-07-23 + — Berlin, 2013-07-23 CHANGES WITH 205: * Two new unit types have been introduced: Scope units are very similar to service units, however, are - created out of pre-existing processes -- instead of PID 1 + created out of pre-existing processes — instead of PID 1 forking off the processes. By using scope units it is possible for system services and applications to group their own child processes (worker processes) in a powerful way diff --git a/TODO b/TODO index 4d8161cadf..c94729a027 100644 --- a/TODO +++ b/TODO @@ -384,7 +384,7 @@ Features: * systemd-inhibit: make taking delay locks useful: support sending SIGINT or SIGTERM on PrepareForSleep() -* remove any syslog support from log.c -- we probably cannot do this before split-off udev is gone for good +* remove any syslog support from log.c — we probably cannot do this before split-off udev is gone for good * shutdown logging: store to EFI var, and store to USB stick? diff --git a/man/daemon.xml b/man/daemon.xml index b6125cb5c7..fed1ca1f49 100644 --- a/man/daemon.xml +++ b/man/daemon.xml @@ -234,7 +234,7 @@ bus-activatable by supplying a D-Bus service activation configuration file. This has multiple advantages: your daemon may be started lazily on-demand; it may be started in parallel - to other daemons requiring it -- which maximizes + to other daemons requiring it — which maximizes parallelization and boot-up speed; your daemon can be restarted on failure without losing any bus requests, as the bus queues requests for activatable services. See below for diff --git a/man/sd_event_source_set_priority.xml b/man/sd_event_source_set_priority.xml index 9234f4233e..8c9b39fe5e 100644 --- a/man/sd_event_source_set_priority.xml +++ b/man/sd_event_source_set_priority.xml @@ -97,7 +97,7 @@ SD_EVENT_PRIORITY_IDLE (100) may be used to indicate event sources that shall be dispatched early, normally or late. It is recommended to specify priorities based on these - definitions, and relative to them -- however, the full 64bit + definitions, and relative to them — however, the full 64bit signed integer range is available for ordering event sources. diff --git a/man/sd_journal_get_data.xml b/man/sd_journal_get_data.xml index 1f25d068d7..908ee7db16 100644 --- a/man/sd_journal_get_data.xml +++ b/man/sd_journal_get_data.xml @@ -148,7 +148,7 @@ sd_journal_enumerate_unique(). This threshold is a hint only: it indicates that the client program is interested only in the initial parts of the data fields, up to the threshold - in size -- but the library might still return larger data objects. + in size — but the library might still return larger data objects. That means applications should not rely exclusively on this setting to limit the size of the data fields returned, but need to apply a explicit size limit on the returned data as well. This diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index e84a15c554..2b6fb5a82f 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -67,7 +67,7 @@ processes. The purpose of this tool is to query system-wide passwords - -- that is passwords not attached to a specific user account. + — that is passwords not attached to a specific user account. Examples include: unlocking encrypted hard disks when they are plugged in or at boot, entering an SSL certificate passphrase for web and VPN servers. diff --git a/man/systemd-journal-gatewayd.service.xml b/man/systemd-journal-gatewayd.service.xml index e32ac26850..9ed85c3950 100644 --- a/man/systemd-journal-gatewayd.service.xml +++ b/man/systemd-journal-gatewayd.service.xml @@ -262,7 +262,7 @@ boot Limit events to the current boot of the system - (like journalctl --this--boot). + (like journalctl --this-boot). diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 6732b9d7be..a0376ed3e0 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -502,7 +502,7 @@ host interface name and container interface name. The latter may be omitted in which case the container and host sides will be assigned the same name. This switch is independent of - , and -- in contrast -- may be + , and — in contrast — may be used multiple times, and allows configuration of the network interface names. Note that has no effect on interfaces created with diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 80c15b700d..14998b9647 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -742,7 +742,7 @@ defined what that is supposed to mean, with one exception: at shutdown, a unit that is ordered after network.target will be stopped before - the network -- to whatever level it might be set up then -- + the network — to whatever level it might be set up then — is shut down. It is hence useful when writing service files that require network access on shutdown, which should order themselves after this target, but not pull it in. Also see diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c index ff7558d500..d1b0ce76ef 100644 --- a/src/core/ima-setup.c +++ b/src/core/ima-setup.c @@ -3,7 +3,7 @@ Copyright 2010 Lennart Poettering Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy - TORSEC group -- http://security.polito.it + TORSEC group — http://security.polito.it systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/src/core/ima-setup.h b/src/core/ima-setup.h index 3bad74b246..472b58cb00 100644 --- a/src/core/ima-setup.h +++ b/src/core/ima-setup.h @@ -5,7 +5,7 @@ Copyright 2010 Lennart Poettering Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy - TORSEC group -- http://security.polito.it + TORSEC group — http://security.polito.it systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/src/core/unit.c b/src/core/unit.c index c60ae2be9d..1f57293a0b 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3600,7 +3600,7 @@ int unit_kill_context( * cases. It doesn't work at all in * containers, and outside of containers it * can be confused easily by left-over - * directories in the cgroup -- which however + * directories in the cgroup — which however * should not exist in non-delegated units. On * the unified hierarchy that's different, * there we get proper events. Hence rely on diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index b1d1bf9e14..8089bb5883 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1660,7 +1660,7 @@ static int server_connect_notify(Server *s) { it. Specifically: given that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might hence block on us, we might end up in a deadlock - if we block on sending PID 1 notification messages -- by + if we block on sending PID 1 notification messages — by generating a full blocking circle. To avoid this, let's create a non-blocking socket, and connect it to the notification socket, and then wait for POLLOUT before we diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index e787cb69d3..b1c3d5f228 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -1212,19 +1212,19 @@ int device_get_id_filename(sd_device *device, const char **ret) { if (major(devnum) > 0) { assert(subsystem); - /* use dev_t -- b259:131072, c254:0 */ + /* use dev_t — b259:131072, c254:0 */ r = asprintf(&id, "%c%u:%u", streq(subsystem, "block") ? 'b' : 'c', major(devnum), minor(devnum)); if (r < 0) return -ENOMEM; } else if (ifindex > 0) { - /* use netdev ifindex -- n3 */ + /* use netdev ifindex — n3 */ r = asprintf(&id, "n%u", ifindex); if (r < 0) return -ENOMEM; } else { - /* use $subsys:$sysname -- pci:0000:00:1f.2 + /* use $subsys:$sysname — pci:0000:00:1f.2 * sysname() has '!' translated, get it from devpath */ const char *sysname; diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c index 33ef6fc0f7..1be1a7f8a7 100644 --- a/src/libsystemd/sd-resolve/test-resolve.c +++ b/src/libsystemd/sd-resolve/test-resolve.c @@ -63,7 +63,7 @@ static int getnameinfo_handler(sd_resolve_query *q, int ret, const char *host, c return 0; } - printf("Host: %s -- Serv: %s\n", strna(host), strna(serv)); + printf("Host: %s — Serv: %s\n", strna(host), strna(serv)); return 0; } diff --git a/src/network/test-network-tables.c b/src/network/test-network-tables.c index ecbbe6c3c9..adbe09a5e1 100644 --- a/src/network/test-network-tables.c +++ b/src/network/test-network-tables.c @@ -9,7 +9,7 @@ int main(int argc, char **argv) { test_table(bond_mode, NETDEV_BOND_MODE); - /* test_table(link_state, LINK_STATE); -- not a reversible mapping */ + /* test_table(link_state, LINK_STATE); — not a reversible mapping */ test_table(link_operstate, LINK_OPERSTATE); test_table(address_family_boolean, ADDRESS_FAMILY_BOOLEAN); test_table(netdev_kind, NETDEV_KIND); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index a07f148ef6..44dce471e7 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1481,7 +1481,7 @@ static int setup_journal(const char *directory) { } if (arg_link_journal == LINK_HOST) { - /* don't create parents here -- if the host doesn't have + /* don't create parents here — if the host doesn't have * permanent journal set up, don't force it here */ if (mkdir(p, 0755) < 0 && errno != EEXIST) { diff --git a/src/resolve/RFCs b/src/resolve/RFCs index 22004a00cd..09c85f9518 100644 --- a/src/resolve/RFCs +++ b/src/resolve/RFCs @@ -8,7 +8,7 @@ D = Comprehensively Implemented, by a dependency of resolved Y https://tools.ietf.org/html/rfc1034 → DOMAIN NAMES - CONCEPTS AND FACILITIES Y https://tools.ietf.org/html/rfc1035 → DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION ? https://tools.ietf.org/html/rfc1101 → DNS Encoding of Network Names and Other Types -Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts -- Application and Support +Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts — Application and Support ~ https://tools.ietf.org/html/rfc1464 → Using the Domain Name System To Store Arbitrary String Attributes Y https://tools.ietf.org/html/rfc1536 → Common DNS Implementation Errors and Suggested Fixes Y https://tools.ietf.org/html/rfc1876 → A Means for Expressing Location Information in the Domain Name System diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c index c5863b3aa2..b0dc65036d 100644 --- a/src/resolve/resolved-link.c +++ b/src/resolve/resolved-link.c @@ -468,7 +468,7 @@ static void link_read_settings(Link *l) { } if (r > 0) { - /* If this link used to be managed, but is now unmanaged, flush all our settings -- but only once. */ + /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */ if (l->is_managed) link_flush_settings(l); diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c index 8b1bcefe2d..a7be2a4eed 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c @@ -27,21 +27,21 @@ * http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames * * Two character prefixes based on the type of interface: - * en -- Ethernet - * sl -- serial line IP (slip) - * wl -- wlan - * ww -- wwan + * en — Ethernet + * sl — serial line IP (slip) + * wl — wlan + * ww — wwan * * Type of names: - * b -- BCMA bus core number - * c -- CCW bus group name, without leading zeros [s390] - * o[d] -- on-board device index number - * s[f][d] -- hotplug slot index number - * x -- MAC address + * b — BCMA bus core number + * c — CCW bus group name, without leading zeros [s390] + * o[d] — on-board device index number + * s[f][d] — hotplug slot index number + * x — MAC address * [P]ps[f][d] - * -- PCI geographical location + * — PCI geographical location * [P]ps[f][u][..][c][i] - * -- USB port number chain + * — USB port number chain * * All multi-function PCI devices will carry the [f] number in the * device name, including the function 0 device. @@ -140,9 +140,9 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) { const char *attr; int idx; - /* ACPI _DSM -- device specific method for naming a PCI or PCI Express device */ + /* ACPI _DSM — device specific method for naming a PCI or PCI Express device */ attr = udev_device_get_sysattr_value(names->pcidev, "acpi_index"); - /* SMBIOS type 41 -- Onboard Devices Extended Information */ + /* SMBIOS type 41 — Onboard Devices Extended Information */ if (!attr) attr = udev_device_get_sysattr_value(names->pcidev, "index"); if (!attr) @@ -230,7 +230,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) { if (l == 0) names->pci_path[0] = '\0'; - /* ACPI _SUN -- slot user number */ + /* ACPI _SUN — slot user number */ pci = udev_device_new_from_subsystem_sysname(udev, "subsystem", "pci"); if (!pci) { err = -ENOENT; -- cgit v1.2.3-54-g00ecf From e40a326cef05b25a80e00c8924d0d3bc8935930d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 6 May 2016 16:55:44 +0200 Subject: NEWS: bring NEWS a bit up-to-date --- NEWS | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++---------------- TODO | 9 +--- 2 files changed, 127 insertions(+), 46 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 16ea7b7290..7abe338e8b 100644 --- a/NEWS +++ b/NEWS @@ -17,25 +17,29 @@ CHANGES WITH 230 in spe: might be systems we do not cover yet. Hence: please help us testing the DNSSEC code, leave this on where you can, report back, but then again don't consider turning this on in your stable, LTS or - production release just yet. + production release just yet. (Note that you have to enable + nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved + and its DNSSEC mode for host name resolution from local + applications.) * systemd-resolve conveniently resolves DANE records with the --tlsa - option and OPENPGPKEY records with the --openpgp option. + option and OPENPGPKEY records with the --openpgp option. It also + supports dumping raw DNS record data via the new --raw= switch now. * systemd-logind will now by default terminate user processes that are part of the user session scope unit (session-XX.scope) when the user - logs out. This behaviour is controlled by the - KillUserProcesses=yes|no setting in logind.conf, and previous default - of "no" is now changed to "yes". This means that user sessions will - be properly cleaned up after, but additional steps are necessary to - allow intentionally long-running processes to survive logout. + logs out. This behaviour is controlled by the KillUserProcesses= + setting in logind.conf, and the previous default of "no" is now + changed to "yes". This means that user sessions will be properly + cleaned up after, but additional steps are necessary to allow + intentionally long-running processes to survive logout. While the user is logged in at least once, user@.service is running, and any service that should survive the end of any individual login session can be started at a user service or scope using systemd-run. - systemd-run(1) man page has been extended with an example which - shows how to run screen in a scope unit underneath user@.service. - The same command works for tmux. + systemd-run(1) man page has been extended with an example which shows + how to run screen in a scope unit underneath user@.service. The same + command works for tmux. After the user logs out of all sessions, user@.service will be terminated too, by default, unless the user has "lingering" enabled. @@ -45,36 +49,38 @@ CHANGES WITH 230 in spe: set lingering for themselves without authentication. Previous defaults can be restored at compile time by the - --without-kill-user-processes option. + --without-kill-user-processes option to "configure". * The unified cgroup hierarchy added in Linux 4.5 is now supported. - Use systemd.unified_cgroup_hierarchy=1 on the kernel command line - to enable. + Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to + enable. + WARNING: it is not possible to use previous systemd versions with systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it is necessary to also update systemd in the initramfs if using the - unified hierarchy. Updated selinux policy is also required. - - * LLDP support has been extended, and both passive (receive-only) - and active (sender) modes are supported. Passive mode - ("routers-only") is enabled by default in systemd-networkd. - Active LLDP mode is enabled by default for containers on the - internal network. - "networkctl lldp" can be used to list information gathered. + unified hierarchy. An updated SELinux policy is also required. - * Headers for LLDP support (sd-lldp.h) are now public. + * LLDP support has been extended, and both passive (receive-only) and + active (sender) modes are supported. Passive mode ("routers-only") is + enabled by default in systemd-networkd. Active LLDP mode is enabled + by default for containers on the internal network. The "networkctl + lldp" command may be used to list information gathered. "networkctl + status" will also show basic LLDP information on connected peers now. - * The Unique Identifier sent in DHCP requests can be configured. + * The IAID and DUID unique identifier sent in DHCP requests may now be + configured for the system and each .network file managed by + systemd-networkd. - * Testing tool /usr/lib/systemd/systemd-activate is renamed to + * The testing tool /usr/lib/systemd/systemd-activate is renamed to systemd-socket-activate and installed into /usr/bin. It is now fully supported. - * systemd-journald now uses separate threads to flush changes to - disk when closing journal files. + * systemd-journald now uses separate threads to flush changes to disk + when closing journal files, thus reducing impact of slow disk I/O on + logging performance. - * systemd-ask-password skips printing of the password to stdout - with --no-output which can be useful in scripts. + * systemd-ask-password now optionally skips printing of the password to + stdout with --no-output which can be useful in scripts. * Framebuffer devices (/dev/fb*) and 3D printers and scanners (devices tagged with ID_MAKER_TOOL) are now tagged with @@ -83,18 +89,98 @@ CHANGES WITH 230 in spe: * systemd-bootchart has been split out to a separate repository: https://github.com/systemd/systemd-bootchart - * Compatibility libraries libsystemd-daemon.so, libsystemd-journal.so, - libsystemd-id128.so, and libsystemd-login.so which have been - deprecated since systemd-209 have been removed along along with the - corresponding pkg-config files. All symbols provided by the those - libraries are provided by libsystemd.so. - - * Capabilities= setting has been removed (it is ignored for backwards - compatibility). AmbientCapabilities= and CapabilityBoundingSet= - should be used instead. + * The compatibility libraries libsystemd-daemon.so, + libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so + which have been deprecated since systemd-209 have been removed along + with the corresponding pkg-config files. All symbols provided by the + those libraries are provided by libsystemd.so. + + * The Capabilities= unit file setting has been removed (it is ignored + for backwards compatibility). AmbientCapabilities= and + CapabilityBoundingSet= should be used instead. + + * "systemctl show" gained a new --value switch, which allows print a + only the contents of a specific unit property, without also printing + the property's name. + + * A new command "systemctl revert" has been added that may be used to + revert to the vendor version of a unit file, in case local changes + have been made by adding drop-ins or overriding the unit file. + + * "machinectl clean" gained a new verb to automatically remove all or + just hidden container images. + + * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be + merged into the kernerl in its current form. + + * systemd-networkd gained support for configuring proxy ARP support for + each interface, via the ProxyArp= setting in .network files. It also + gained support for configuring the multicast querier feature of + bridge devices, via the new MulticastQuerier= setting in .netdev + files. A new setting PreferredLifetime= has been added for addresses + configured in .network file to configure the lifetime intended for an + address. + + * systemd-tmpfiles gained support for a new line type "e" for emptying + directories, if they exist, without creating them if they don't. + + * journalctl learned a new output mode "-o short-unix" that outputs log + lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970 + UTC). It also gained support for a new --no-hostname setting to + suppress the hostname column in the family of "short" output modes. + + * systemd-nspawn gained support for automatically patching the UID/GIDs + of the owners and the ACLs of all files and directories in a + container tree to match the UID/GID user namespacing range selected + for the container invocation. This mode is enabled via the new + --private-user-chown switch. It also gained support for automatically + choosing a free, previously unused UID/GID range when starting a + container, via the new --private-users=pick setting (which implies + --private-user-chown). Together, these options for the first time + make user namespacing for nspawn containers fully automatic and thus + deployable. The systemd-nspaw@.service template unit file has been + changed to use this functionality by default. + + * The default start timeout may now be configured on the kernel command + line via systemd.default_timeout_start_sec=. It was configurable + previously via the DefaultTimeoutStartSec= option in + /etc/systemd/system.conf already. + + * Socket units gaineda new TriggerLimitIntervalSec= and + TriggerLimitBurst= setting to configure a limit on the activation + rate of the socket unit. + + * The LimitNICE= setting now optionally takes normal UNIX nice values + in addition to the raw integer limit value. If the specified + parameter is prefixed with "+" or "-" and is in the range -20..19 the + value is understood as UNIX nice value. If not prefixed like this it + is understood as raw RLIMIT_NICE limit. + + Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford, + Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao + Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Colin Guthrie, Daniel + J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David + R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny + Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck + Bui, frankheckenbach, Georgia Brikis, Harald Hoyer, Hendrik Brueckner, + Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo Puustinen, Jakub + Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth, kayrus, Klearchos + Chaloulos, Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukáš + Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl, + michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletar, + Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin, mulkieran, + muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, Nicolas + Braud-Santoni, Patrik Flykt, Peter Hutterer, Petr Lautrbach, Petros + Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny + Chevalier, Samuel Tardieu, Stefan Schallenberg, Steven Siloti, Susant + Sahani, Sylvain Plantefève, Taylor Smock, tblume, Tejun Heo, Thomas + Blume, Thomas Haller, Thomas Hindoe Paaboel Andersen, Thomas + H. P. Andersen, Tobias Klauser, Tom Gundersen, Torstein Husebø, Umut + Tezduyar Lindskog, Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), + Vladimir Panteleev, Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, + Zbigniew Jędrzejewski-Szmek - * systemd-bus-proxyd has been removed, as kdbus will not be merged - in current form. + — Berlin, 2016-05-XX CHANGES WITH 229: diff --git a/TODO b/TODO index 2a8af13a14..bf80f86e04 100644 --- a/TODO +++ b/TODO @@ -33,11 +33,9 @@ Janitorial Clean-ups: Features: -* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things +* IAID field must move from [Link] to [DHCP] section in .network files -* maybe: pid1: replace cgroups agent transport by AF_UNIX/SOCK_DGRAM, so that - we aren't hit by socket backlog exhaustion on the dbus AF_UNIX/SOCK_STREAM - socket +* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * journalctl: make sure -f ends when the container indicated by -M terminates @@ -51,9 +49,6 @@ Features: * make sure resolved can be restarted without losing pushed-in dns config -* fix https://github.com/systemd/systemd/pull/2890, this shouldn't be exported - like this. - * journald: sigbus API via a signal-handler safe function that people may call from the SIGBUS handler -- cgit v1.2.3-54-g00ecf From 030bd8397a4c2653615e70245cd777fd454f6e96 Mon Sep 17 00:00:00 2001 From: Daniele Medri Date: Sat, 7 May 2016 05:00:12 +0200 Subject: NEWS: minor fixes --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 7abe338e8b..5163637de2 100644 --- a/NEWS +++ b/NEWS @@ -111,7 +111,7 @@ CHANGES WITH 230 in spe: just hidden container images. * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be - merged into the kernerl in its current form. + merged into the kernel in its current form. * systemd-networkd gained support for configuring proxy ARP support for each interface, via the ProxyArp= setting in .network files. It also @@ -146,7 +146,7 @@ CHANGES WITH 230 in spe: previously via the DefaultTimeoutStartSec= option in /etc/systemd/system.conf already. - * Socket units gaineda new TriggerLimitIntervalSec= and + * Socket units gained a new TriggerLimitIntervalSec= and TriggerLimitBurst= setting to configure a limit on the activation rate of the socket unit. -- cgit v1.2.3-54-g00ecf From 8951eaec50c3c7deecb2259f26ad6ac39573f229 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sat, 7 May 2016 11:43:39 -0400 Subject: NEWS: machinectl and loginctl also support --value --- NEWS | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 5163637de2..8f1cde01e8 100644 --- a/NEWS +++ b/NEWS @@ -38,7 +38,7 @@ CHANGES WITH 230 in spe: and any service that should survive the end of any individual login session can be started at a user service or scope using systemd-run. systemd-run(1) man page has been extended with an example which shows - how to run screen in a scope unit underneath user@.service. The same + how to run screen in a scope unit underneath user@.service. The same command works for tmux. After the user logs out of all sessions, user@.service will be @@ -62,8 +62,8 @@ CHANGES WITH 230 in spe: * LLDP support has been extended, and both passive (receive-only) and active (sender) modes are supported. Passive mode ("routers-only") is - enabled by default in systemd-networkd. Active LLDP mode is enabled - by default for containers on the internal network. The "networkctl + enabled by default in systemd-networkd. Active LLDP mode is enabled + by default for containers on the internal network. The "networkctl lldp" command may be used to list information gathered. "networkctl status" will also show basic LLDP information on connected peers now. @@ -101,7 +101,8 @@ CHANGES WITH 230 in spe: * "systemctl show" gained a new --value switch, which allows print a only the contents of a specific unit property, without also printing - the property's name. + the property's name. Similar support was added to "show*" verbs + of loginctl and machinectl that output "key=value" lists. * A new command "systemctl revert" has been added that may be used to revert to the vendor version of a unit file, in case local changes @@ -142,9 +143,9 @@ CHANGES WITH 230 in spe: changed to use this functionality by default. * The default start timeout may now be configured on the kernel command - line via systemd.default_timeout_start_sec=. It was configurable - previously via the DefaultTimeoutStartSec= option in - /etc/systemd/system.conf already. + line via systemd.default_timeout_start_sec=. It was already + configurable via the DefaultTimeoutStartSec= option in + /etc/systemd/system.conf. * Socket units gained a new TriggerLimitIntervalSec= and TriggerLimitBurst= setting to configure a limit on the activation -- cgit v1.2.3-54-g00ecf From 977f2beaf2d9c60c69d9dc5d86685bb2960a6a7d Mon Sep 17 00:00:00 2001 From: "Thomas H. P. Andersen" Date: Sat, 7 May 2016 23:52:31 +0200 Subject: NEWS: typo fix and american english (#3219) --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 8f1cde01e8..b3e51877c9 100644 --- a/NEWS +++ b/NEWS @@ -28,7 +28,7 @@ CHANGES WITH 230 in spe: * systemd-logind will now by default terminate user processes that are part of the user session scope unit (session-XX.scope) when the user - logs out. This behaviour is controlled by the KillUserProcesses= + logs out. This behavior is controlled by the KillUserProcesses= setting in logind.conf, and the previous default of "no" is now changed to "yes". This means that user sessions will be properly cleaned up after, but additional steps are necessary to allow @@ -92,7 +92,7 @@ CHANGES WITH 230 in spe: * The compatibility libraries libsystemd-daemon.so, libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so which have been deprecated since systemd-209 have been removed along - with the corresponding pkg-config files. All symbols provided by the + with the corresponding pkg-config files. All symbols provided by those libraries are provided by libsystemd.so. * The Capabilities= unit file setting has been removed (it is ignored -- cgit v1.2.3-54-g00ecf From 25b0e6cb99c2a13c8f1ae9c5057f6941b722e764 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 16 May 2016 22:18:39 +0200 Subject: update TODO --- NEWS | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index b3e51877c9..6469074549 100644 --- a/NEWS +++ b/NEWS @@ -53,7 +53,9 @@ CHANGES WITH 230 in spe: * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to - enable. + enable. Also, support for the "io" cgroup controller in the unified + hierarchy has been added, so that the "memory", "pids" and "io" are + now the controllers that are supported on the unified hierarchy. WARNING: it is not possible to use previous systemd versions with systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it @@ -142,6 +144,19 @@ CHANGES WITH 230 in spe: deployable. The systemd-nspaw@.service template unit file has been changed to use this functionality by default. + * systemd-nspawn gained a new --network-zone= switch, that allows + creating ad-hoc virtual Ethernet links between multiple containers, + that only exist as long as at least one container referencing them is + running. This allows easy connecting of multiple containers with a + common link that implements an Ethernet broadcast domain. Each of + these network "zones" may be named relatively freely by the user, and + may be referenced by any number of containers, but each container may + only reference one of these "zones". On the lower level, this is + implemented by an automatically managed bridge network interface for + each zone, that is created when the first container referencing its + zone is created and removed when the last one referencing its zone + terminates. + * The default start timeout may now be configured on the kernel command line via systemd.default_timeout_start_sec=. It was already configurable via the DefaultTimeoutStartSec= option in -- cgit v1.2.3-54-g00ecf From 999a43f80ac2edfa3881fcf4c42aa1723945fe10 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 16 May 2016 23:07:08 +0200 Subject: update NEWS --- NEWS | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 6469074549..ff2dd9abbf 100644 --- a/NEWS +++ b/NEWS @@ -172,6 +172,14 @@ CHANGES WITH 230 in spe: value is understood as UNIX nice value. If not prefixed like this it is understood as raw RLIMIT_NICE limit. + * Note that the effect of the PrivateDevices= unit file setting changed + slightly with this release: the per-device /dev file system will be + mounted read-only from this version on, and will have "noexec" + set. This (minor) change of behaviour might cause some (exceptional) + legacy software to break, when PrivateDevices=yes is set for its + service. Please leave PrivateDevices= off if you run into problems + with this. + Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford, Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Colin Guthrie, Daniel -- cgit v1.2.3-54-g00ecf From 77ff6022fa30005f8e965c42064e0274d329b6c0 Mon Sep 17 00:00:00 2001 From: Clemens Gruber Date: Wed, 18 May 2016 01:34:25 +0200 Subject: networkd: Add EmitRouter= option for DHCP Server (#3251) Add an option to disable appending DHCP option 3 (Router) to the DHCP OFFER and ACK packets. This commit adds the boolean option EmitRouter= for the [DHCPServer] section in .network files. Rationale: On embedded devices, it is very useful to have a DHCP server running on an USB OTG ethernet gadget interface to avoid manual setup on the client PCs, but it should only serve IP addresses, no route(r)s. Otherwise, Windows clients experience network connectivity issues, due to them using the address set in DHCP option 3 as default gateway. Signed-off-by: Clemens Gruber --- NEWS | 32 +++++++++++++++------------ man/systemd.network.xml | 10 +++++++++ src/libsystemd-network/dhcp-server-internal.h | 2 ++ src/libsystemd-network/sd-dhcp-server.c | 31 +++++++++++++++++++------- src/network/networkd-link.c | 6 +++++ src/network/networkd-network-gperf.gperf | 1 + src/network/networkd-network.c | 1 + src/network/networkd-network.h | 1 + src/systemd/sd-dhcp-server.h | 1 + 9 files changed, 63 insertions(+), 22 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index ff2dd9abbf..a6e0581879 100644 --- a/NEWS +++ b/NEWS @@ -180,22 +180,26 @@ CHANGES WITH 230 in spe: service. Please leave PrivateDevices= off if you run into problems with this. + * The systemd-networkd DHCP server gained the option EmitRouter=, which + defaults to yes, to configure if the DHCP Option 3 (Router) should be + emitted. + Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford, Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao - Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Colin Guthrie, Daniel - J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David - R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny - Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck - Bui, frankheckenbach, Georgia Brikis, Harald Hoyer, Hendrik Brueckner, - Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo Puustinen, Jakub - Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth, kayrus, Klearchos - Chaloulos, Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukáš - Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl, - michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletar, - Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin, mulkieran, - muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, Nicolas - Braud-Santoni, Patrik Flykt, Peter Hutterer, Petr Lautrbach, Petros - Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny + Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens Gruber, Colin + Guthrie, Daniel J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David + Herrmann, David R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, + Evgeny Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, + Franck Bui, frankheckenbach, Georgia Brikis, Harald Hoyer, Hendrik + Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo + Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth, + kayrus, Klearchos Chaloulos, Lennart Poettering, Lubomir Rintel, Lukas + Nykryn, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, + Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, + Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin, + mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, + Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Petr Lautrbach, + Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Schallenberg, Steven Siloti, Susant Sahani, Sylvain Plantefève, Taylor Smock, tblume, Tejun Heo, Thomas Blume, Thomas Haller, Thomas Hindoe Paaboel Andersen, Thomas diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 70e3804746..d917fe2c12 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -981,6 +981,16 @@ DNS=. + + EmitRouter= + + Similar to the EmitDNS= + setting described above, this setting configures whether the + DHCP lease should contain the router option. The same syntax, + propagation semantics and defaults apply as for + EmitDNS=. + + EmitTimezone= Timezone= diff --git a/src/libsystemd-network/dhcp-server-internal.h b/src/libsystemd-network/dhcp-server-internal.h index adb557167a..0c76956fad 100644 --- a/src/libsystemd-network/dhcp-server-internal.h +++ b/src/libsystemd-network/dhcp-server-internal.h @@ -63,6 +63,8 @@ struct sd_dhcp_server { struct in_addr *ntp, *dns; unsigned n_ntp, n_dns; + bool emit_router; + Hashmap *leases_by_client_id; DHCPLease **bound_leases; DHCPLease invalid_lease; diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index 9adf8ec19d..fb335337c4 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -468,10 +468,12 @@ static int server_send_offer(sd_dhcp_server *server, DHCPRequest *req, if (r < 0) return r; - r = dhcp_option_append(&packet->dhcp, req->max_optlen, &offset, 0, - SD_DHCP_OPTION_ROUTER, 4, &server->address); - if (r < 0) - return r; + if (server->emit_router) { + r = dhcp_option_append(&packet->dhcp, req->max_optlen, &offset, 0, + SD_DHCP_OPTION_ROUTER, 4, &server->address); + if (r < 0) + return r; + } r = dhcp_server_send_packet(server, req, packet, DHCP_OFFER, offset); if (r < 0) @@ -505,10 +507,12 @@ static int server_send_ack(sd_dhcp_server *server, DHCPRequest *req, if (r < 0) return r; - r = dhcp_option_append(&packet->dhcp, req->max_optlen, &offset, 0, - SD_DHCP_OPTION_ROUTER, 4, &server->address); - if (r < 0) - return r; + if (server->emit_router) { + r = dhcp_option_append(&packet->dhcp, req->max_optlen, &offset, 0, + SD_DHCP_OPTION_ROUTER, 4, &server->address); + if (r < 0) + return r; + } if (server->n_dns > 0) { r = dhcp_option_append( @@ -1158,3 +1162,14 @@ int sd_dhcp_server_set_ntp(sd_dhcp_server *server, const struct in_addr ntp[], u return 1; } + +int sd_dhcp_server_set_emit_router(sd_dhcp_server *server, int enabled) { + assert_return(server, -EINVAL); + + if (enabled == server->emit_router) + return 0; + + server->emit_router = enabled; + + return 1; +} diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index f3a79b0ec8..16a3609a0b 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1020,6 +1020,12 @@ static int link_enter_set_addresses(Link *link) { log_link_warning_errno(link, r, "Failed to set NTP server for DHCP server, ignoring: %m"); } + r = sd_dhcp_server_set_emit_router(link->dhcp_server, link->network->dhcp_server_emit_router); + if (r < 0) { + log_link_warning_errno(link, r, "Failed to set router emission for DHCP server: %m"); + return r; + } + if (link->network->dhcp_server_emit_timezone) { _cleanup_free_ char *buffer = NULL; const char *tz = NULL; diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index 4425ee4e2f..03e4e3b39f 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -95,6 +95,7 @@ DHCPServer.EmitDNS, config_parse_bool, DHCPServer.DNS, config_parse_dhcp_server_dns, 0, 0 DHCPServer.EmitNTP, config_parse_bool, 0, offsetof(Network, dhcp_server_emit_ntp) DHCPServer.NTP, config_parse_dhcp_server_ntp, 0, 0 +DHCPServer.EmitRouter, config_parse_bool, 0, offsetof(Network, dhcp_server_emit_router) DHCPServer.EmitTimezone, config_parse_bool, 0, offsetof(Network, dhcp_server_emit_timezone) DHCPServer.Timezone, config_parse_timezone, 0, offsetof(Network, dhcp_server_timezone) DHCPServer.PoolOffset, config_parse_uint32, 0, offsetof(Network, dhcp_server_pool_offset) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 206c270e50..dd89b3770c 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -113,6 +113,7 @@ static int network_load_one(Manager *manager, const char *filename) { network->dhcp_server_emit_dns = true; network->dhcp_server_emit_ntp = true; + network->dhcp_server_emit_router = true; network->dhcp_server_emit_timezone = true; network->use_bpdu = true; diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h index 4cd0fa4ab8..91099161ce 100644 --- a/src/network/networkd-network.h +++ b/src/network/networkd-network.h @@ -127,6 +127,7 @@ struct Network { bool dhcp_server_emit_ntp; struct in_addr *dhcp_server_ntp; unsigned n_dhcp_server_ntp; + bool dhcp_server_emit_router; bool dhcp_server_emit_timezone; char *dhcp_server_timezone; usec_t dhcp_server_default_lease_time_usec, dhcp_server_max_lease_time_usec; diff --git a/src/systemd/sd-dhcp-server.h b/src/systemd/sd-dhcp-server.h index fcef083ce6..d4517a26d6 100644 --- a/src/systemd/sd-dhcp-server.h +++ b/src/systemd/sd-dhcp-server.h @@ -51,6 +51,7 @@ int sd_dhcp_server_configure_pool(sd_dhcp_server *server, struct in_addr *addres int sd_dhcp_server_set_timezone(sd_dhcp_server *server, const char *timezone); int sd_dhcp_server_set_dns(sd_dhcp_server *server, const struct in_addr ntp[], unsigned n); int sd_dhcp_server_set_ntp(sd_dhcp_server *server, const struct in_addr dns[], unsigned n); +int sd_dhcp_server_set_emit_router(sd_dhcp_server *server, int enabled); int sd_dhcp_server_set_max_lease_time(sd_dhcp_server *server, uint32_t t); int sd_dhcp_server_set_default_lease_time(sd_dhcp_server *server, uint32_t t); -- cgit v1.2.3-54-g00ecf From e75690c3894458f1869f21b615e80507284a9170 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Thu, 19 May 2016 00:11:20 -0400 Subject: NEWS: mention SessionsMax, InhibitorsMax, MulticastSnooping... ... logind SIGHUP support, sd_journal_open_{directory,files}_fd, specifiers in DeviceAllow, "generated" and "trasnient" unit types. Move removed features to the end and cluster features by type. --- NEWS | 129 ++++++++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 77 insertions(+), 52 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index a6e0581879..6c605846b2 100644 --- a/NEWS +++ b/NEWS @@ -24,7 +24,7 @@ CHANGES WITH 230 in spe: * systemd-resolve conveniently resolves DANE records with the --tlsa option and OPENPGPKEY records with the --openpgp option. It also - supports dumping raw DNS record data via the new --raw= switch now. + supports dumping raw DNS record data via the new --raw= switch. * systemd-logind will now by default terminate user processes that are part of the user session scope unit (session-XX.scope) when the user @@ -51,6 +51,12 @@ CHANGES WITH 230 in spe: Previous defaults can be restored at compile time by the --without-kill-user-processes option to "configure". + * systemd-logind gained new configuration settings SessionsMax= and + InhibitorsMax=, both with a default of 8192. It will not register new + user sessions or inibitors above this limit. + + * systemd-logind will now reload configuration on SIGHUP. + * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to enable. Also, support for the "io" cgroup controller in the unified @@ -71,7 +77,22 @@ CHANGES WITH 230 in spe: * The IAID and DUID unique identifier sent in DHCP requests may now be configured for the system and each .network file managed by - systemd-networkd. + systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options. + + * systemd-networkd gained support for configuring proxy ARP support for + each interface, via the ProxyArp= setting in .network files. It also + gained support for configuring the multicast querier feature of + bridge devices, via the new MulticastQuerier= setting in .netdev + files. Similarly, snooping on the IGMP traffic can be controlled + via the new setting MulticastSnooping=. + + A new setting PreferredLifetime= has been added for addresses + configured in .network file to configure the lifetime intended for an + address. + + The systemd-networkd DHCP server gained the option EmitRouter=, which + defaults to yes, to configure whether the DHCP Option 3 (Router) + should be emitted. * The testing tool /usr/lib/systemd/systemd-activate is renamed to systemd-socket-activate and installed into /usr/bin. It is now fully @@ -81,6 +102,18 @@ CHANGES WITH 230 in spe: when closing journal files, thus reducing impact of slow disk I/O on logging performance. + * The sd-journal API gained two new calls + sd_journal_open_directory_fd() and sd_journal_open_files_fd() which + can be used to open journal files using file descriptors instead of + file or directory paths. sd_journal_open_container() has been + deprecated, sd_journal_open_directory_fd() should be used instead + with the flag SD_JOURNAL_OS_ROOT. + + * journalctl learned a new output mode "-o short-unix" that outputs log + lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970 + UTC). It also gained support for a new --no-hostname setting to + suppress the hostname column in the family of "short" output modes. + * systemd-ask-password now optionally skips printing of the password to stdout with --no-output which can be useful in scripts. @@ -88,24 +121,18 @@ CHANGES WITH 230 in spe: (devices tagged with ID_MAKER_TOOL) are now tagged with "uaccess" and are available to logged in users. - * systemd-bootchart has been split out to a separate repository: - https://github.com/systemd/systemd-bootchart - - * The compatibility libraries libsystemd-daemon.so, - libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so - which have been deprecated since systemd-209 have been removed along - with the corresponding pkg-config files. All symbols provided by - those libraries are provided by libsystemd.so. - - * The Capabilities= unit file setting has been removed (it is ignored - for backwards compatibility). AmbientCapabilities= and - CapabilityBoundingSet= should be used instead. + * The DeviceAllow= unit setting now supports specifiers (with "%"). * "systemctl show" gained a new --value switch, which allows print a only the contents of a specific unit property, without also printing the property's name. Similar support was added to "show*" verbs of loginctl and machinectl that output "key=value" lists. + * A new unit type "generated" was added for files dynamically generated + by generator tools. Similarly, a new unit type "transient" is used + for unit files created using the runtime API. "systemctl enable" will + refuse to operate on such files. + * A new command "systemctl revert" has been added that may be used to revert to the vendor version of a unit file, in case local changes have been made by adding drop-ins or overriding the unit file. @@ -113,25 +140,9 @@ CHANGES WITH 230 in spe: * "machinectl clean" gained a new verb to automatically remove all or just hidden container images. - * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be - merged into the kernel in its current form. - - * systemd-networkd gained support for configuring proxy ARP support for - each interface, via the ProxyArp= setting in .network files. It also - gained support for configuring the multicast querier feature of - bridge devices, via the new MulticastQuerier= setting in .netdev - files. A new setting PreferredLifetime= has been added for addresses - configured in .network file to configure the lifetime intended for an - address. - * systemd-tmpfiles gained support for a new line type "e" for emptying directories, if they exist, without creating them if they don't. - * journalctl learned a new output mode "-o short-unix" that outputs log - lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970 - UTC). It also gained support for a new --no-hostname setting to - suppress the hostname column in the family of "short" output modes. - * systemd-nspawn gained support for automatically patching the UID/GIDs of the owners and the ACLs of all files and directories in a container tree to match the UID/GID user namespacing range selected @@ -180,33 +191,47 @@ CHANGES WITH 230 in spe: service. Please leave PrivateDevices= off if you run into problems with this. - * The systemd-networkd DHCP server gained the option EmitRouter=, which - defaults to yes, to configure if the DHCP Option 3 (Router) should be - emitted. - - Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford, - Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao - Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens Gruber, Colin - Guthrie, Daniel J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David - Herrmann, David R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, - Evgeny Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, - Franck Bui, frankheckenbach, Georgia Brikis, Harald Hoyer, Hendrik + * systemd-bootchart has been split out to a separate repository: + https://github.com/systemd/systemd-bootchart + + * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be + merged into the kernel in its current form. + + * The compatibility libraries libsystemd-daemon.so, + libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so + which have been deprecated since systemd-209 have been removed along + with the corresponding pkg-config files. All symbols provided by + those libraries are provided by libsystemd.so. + + * The Capabilities= unit file setting has been removed (it is ignored + for backwards compatibility). AmbientCapabilities= and + CapabilityBoundingSet= should be used instead. + + Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov, + Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin + Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens + Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh, + Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David + R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny + Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck + Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth, - kayrus, Klearchos Chaloulos, Lennart Poettering, Lubomir Rintel, Lukas - Nykryn, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, + John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos + Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir + Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt, Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin, mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween, - Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Petr Lautrbach, - Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny - Chevalier, Samuel Tardieu, Stefan Schallenberg, Steven Siloti, Susant - Sahani, Sylvain Plantefève, Taylor Smock, tblume, Tejun Heo, Thomas - Blume, Thomas Haller, Thomas Hindoe Paaboel Andersen, Thomas - H. P. Andersen, Tobias Klauser, Tom Gundersen, Torstein Husebø, Umut - Tezduyar Lindskog, Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), - Vladimir Panteleev, Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, - Zbigniew Jędrzejewski-Szmek + Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern, + Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert + Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan + Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain + Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller, + Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen, + Torstein Husebø, Umut Tezduyar Lindskog, Victor Toso, Vinay Kulkarni, + Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev, Wieland + Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew Jędrzejewski-Szmek — Berlin, 2016-05-XX -- cgit v1.2.3-54-g00ecf From 188d3082037ddba12eae29188022d07216d4424e Mon Sep 17 00:00:00 2001 From: "Thomas H. P. Andersen" Date: Fri, 20 May 2016 15:04:01 +0200 Subject: NEWS: typo fix and american english (#3301) --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 6c605846b2..cce8883193 100644 --- a/NEWS +++ b/NEWS @@ -53,7 +53,7 @@ CHANGES WITH 230 in spe: * systemd-logind gained new configuration settings SessionsMax= and InhibitorsMax=, both with a default of 8192. It will not register new - user sessions or inibitors above this limit. + user sessions or inhibitors above this limit. * systemd-logind will now reload configuration on SIGHUP. @@ -186,7 +186,7 @@ CHANGES WITH 230 in spe: * Note that the effect of the PrivateDevices= unit file setting changed slightly with this release: the per-device /dev file system will be mounted read-only from this version on, and will have "noexec" - set. This (minor) change of behaviour might cause some (exceptional) + set. This (minor) change of behavior might cause some (exceptional) legacy software to break, when PrivateDevices=yes is set for its service. Please leave PrivateDevices= off if you run into problems with this. -- cgit v1.2.3-54-g00ecf From 46e40fab2bcddff50662b702b546a15f2e86a15f Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sat, 21 May 2016 17:51:13 -0400 Subject: NEWS: final updates for v230 --- NEWS | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index cce8883193..7c3f99d31c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ systemd System and Service Manager -CHANGES WITH 230 in spe: +CHANGES WITH 230: * DNSSEC is now turned on by default in systemd-resolved (in "allow-downgrade" mode), but may be turned off during compile time by @@ -229,11 +229,12 @@ CHANGES WITH 230 in spe: Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen, - Torstein Husebø, Umut Tezduyar Lindskog, Victor Toso, Vinay Kulkarni, - Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev, Wieland - Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew Jędrzejewski-Szmek + Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso, + Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev, + Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew + Jędrzejewski-Szmek - — Berlin, 2016-05-XX + — Fairfax, 2016-05-21 CHANGES WITH 229: -- cgit v1.2.3-54-g00ecf