summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on bootLennart Poettering2014-06-139-9/+93
| | | | | Only when necessary of course, nicely guarded with the new ConditionNeedsUpdate= condition we added.
* core: add new ConditionNeedsUpdate= unit conditionLennart Poettering2014-06-135-0/+38
| | | | | | | | | | | | | | | | | | | This new condition allows checking whether /etc or /var are out-of-date relative to /usr. This is the counterpart for the update flag managed by systemd-update-done.service. Services that want to be started once after /usr got updated should use: [Unit] ConditionNeedsUpdate=/etc Before=systemd-update-done.service This makes sure that they are only run if /etc is out-of-date relative to /usr. And that it will be executed after systemd-update-done.service which is responsible for marking /etc up-to-date relative to the current /usr. ConditionNeedsUpdate= will also checks whether /etc is actually writable, and not trigger if it isn't, since no update is possible then.
* update-done: add minimal tool to manage system updates for /etc and /var, if ↵Lennart Poettering2014-06-136-4/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | /usr has changed In order to support offline updates to /usr, we need to be able to run certain tasks on next boot-up to bring /etc and /var in line with the updated /usr. Hence, let's devise a mechanism how we can detect whether /etc or /var are not up-to-date with /usr anymore: we keep "touch files" in /etc/.updated and /var/.updated that are mtime-compared with /usr. This means: Whenever the vendor OS tree in /usr is updated, and any services that shall be executed at next boot shall be triggered, it is sufficient to update the mtime of /usr itself. At next boot, if /etc/.updated and/or /var/.updated is older than than /usr (or missing), we know we have to run the update tools once. After that is completed we need to update the mtime of these files to the one of /usr, to keep track that we made the necessary updates, and won't repeat them on next reboot. A subsequent commit adds a new ConditionNeedsUpdate= condition that allows checking on boot whether /etc or /var are outdated and need updating. This is an early step to allow booting up with an empty /etc, with automatic rebuilding of the necessary cache files or user databases therein, as well as supporting later updates of /usr that then propagate to /etc and /var again.
* condition: minor modernizationsLennart Poettering2014-06-132-10/+5
|
* units: don't conditionalize sysctl serviceLennart Poettering2014-06-131-5/+0
| | | | | | We install two sysctl snippets ourselves, hence the condition will always trigger, so no point in tryng to optimize things with this, it just will make things slower, if anything.
* units: remove conditions from systemd-tmpfiles-setupLennart Poettering2014-06-132-11/+0
| | | | | | | | There's no point in conditionalizing systemd-tmpfiles at boot, since we ship tmpfiles snippets ourselves, hence they will always trigger anyway. Also, there's no reason to pull in local-fs.target from the service, hence drop that.
* system-update-generator: modernizationsLennart Poettering2014-06-131-7/+3
|
* sysusers: hide generate .conf fileLennart Poettering2014-06-131-0/+1
|
* update TODOLennart Poettering2014-06-131-4/+0
|
* sysusers: move systemd-sysusers to libexec for nowLennart Poettering2014-06-131-1/+1
|
* tmpfiles: skip mknod() on -EPERM (device cgroup)Kay Sievers2014-06-131-3/+11
|
* sysusers: do not set todo to create a user when we only need a groupKay Sievers2014-06-131-6/+7
|
* cryptsetup: check that password is not nullThomas Hindoe Paaboel Andersen2014-06-131-1/+1
| | | | | | Beef up the assert to protect against passing null to strlen. Found with scan-build.
* sysuser: generate default snippet incorporating TTY_GID properlyLennart Poettering2014-06-123-5/+13
| | | | | When the user specifies --with-tty-gid= then we should honour that and write it to the snippet, too.
* sysusers: add new input group to default snippetLennart Poettering2014-06-121-0/+1
|
* tmpfiles: minor modernizationsLennart Poettering2014-06-121-4/+8
|
* machine: minor modernizationsLennart Poettering2014-06-121-5/+10
|
* sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from ↵Lennart Poettering2014-06-1211-12/+1476
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
* debug-shell: add condition for tty device to run onKay Sievers2014-06-121-0/+1
|
* udev: assign group "input" to all input devicesKay Sievers2014-06-123-1/+8
|
* NEWS: fix directory nameMantas Mikulėnas2014-06-111-1/+1
|
* NEWS: add missing comment about the "floppy" groupLennart Poettering2014-06-111-0/+5
|
* NEWS: mention that resolved's resolv.conf fragment movedv214Lennart Poettering2014-06-111-0/+4
|
* build-sys: update library versionsLennart Poettering2014-06-113-6/+17
|
* NEWS: add contributor list for 214Lennart Poettering2014-06-111-0/+10
|
* units: order network-online.target after network.targetLennart Poettering2014-06-112-1/+2
| | | | | | | There might be implementations around where the network-online logic might not talk to any network configuration service (and thus not have to wait for it), hence let's explicitly order network-online.target after network.target to avoid any ambiguities.
* NEWS: updateKay Sievers2014-06-111-4/+4
|
* NEWS: prepare NEWS for 214Lennart Poettering2014-06-111-0/+158
|
* doc: specify kernel configs for cpusharesUmut Tezduyar Lindskog2014-06-111-0/+4
|
* units: time-sync.target probably makes sense, is not just sysv compatLennart Poettering2014-06-111-3/+0
|
* units: introduce network-pre.target as place to hook in firewallsLennart Poettering2014-06-116-3/+31
| | | | | | | | | | | | network-pre.target is a passive target that should be pulled in by services that want to be executed before any network is configured (for example: firewall scrips). network-pre.target should be ordered before all network managemet services (but not be pulled in by them). network-pre.target should be order after all services that want to be executed before any network is configured (and be pulled in by them).
* NEWS: add section about udev lockingKay Sievers2014-06-112-1/+18
|
* udev: stop using "floppy" groupKay Sievers2014-06-112-2/+1
|
* journald: create /run/log/journal with the correct access modesLennart Poettering2014-06-111-1/+4
|
* tmpfiles: don't allow read access to journal files to users not in ↵Lennart Poettering2014-06-111-3/+4
| | | | | | | systemd-journal Also, don't apply access mode recursively to /var/log/journal/*/, since that might be quite large, and should be correct anyway.
* update TODOLennart Poettering2014-06-111-5/+0
|
* tmpfiles: don't apply sgid and executable bit to journal files, only the ↵Lennart Poettering2014-06-111-2/+2
| | | | directories they are contained in
* tmpfiles: add ability to mask access mode by pre-existing access mode on ↵Lennart Poettering2014-06-112-7/+46
| | | | | | | files/directories This way it makes a lot more sense to specify an access mode for "Z" lines.
* tmpfiles: if /var is mounted from tmpfs, we should adjust its access modeLennart Poettering2014-06-111-0/+2
|
* tmpfiles: remove unnecessary functionLennart Poettering2014-06-111-14/+6
|
* tmpfiles: when processing lines, always process prefixes before suffixesLennart Poettering2014-06-112-1/+21
| | | | | | | | | If two lines refer to paths that are suffix and prefix of each other, then always process the prefix first, the suffix second. In all other cases strictly process rules in the order they appear in the files. This makes creating /var/run as symlink to /run a lot more fun, since it is automatically created first.
* tmpfiles: static variables populated immediately from the command line ↵Lennart Poettering2014-06-111-12/+12
| | | | should be prefixed with arg_
* nspawn: add new --tmpfs= option to mount a tmpfs on specific directories, ↵Lennart Poettering2014-06-112-13/+105
| | | | such as /var
* tmpfiles: always recreate the most basic directory structure in /varLennart Poettering2014-06-115-7/+24
| | | | | | Let's allow booting up with /var empty. Only create the most basic directories to get to a working directory structure and symlink set in /var.
* update TODOLennart Poettering2014-06-111-2/+0
|
* tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering2014-06-106-106/+80
| | | | | | | "m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
* tmpfiles: add new "C" line for copying files or directoriesLennart Poettering2014-06-108-63/+372
|
* tmpfiles: various modernizationsLennart Poettering2014-06-101-12/+27
|
* label: when clearing selinux context, don't mangle errnoLennart Poettering2014-06-102-8/+8
|
* bus-proxy: fix misplaced s/system/session/Mantas Mikulėnas2014-06-101-1/+1
|