| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Allow earlier PAM modules to set `systemd.runtime_max_sec`. If they do,
parse it and set it as the `RuntimeMaxUSec=` property of the session
scope, to limit the maximum lifetime of the session. This could be
useful for time-limiting login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.
This could be used for time-limited login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035
|
| |
|
|
|
|
|
| |
Factor it out into a helper function which is a bit easier to expand in
future. This introduces no functional changes.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
| |
|
|
|
|
|
| |
This introduces no functional changes, but will make some upcoming
changes a little clearer.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
| |
|
|
|
|
| |
This introduces no functional changes.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
| |
|
|
|
|
|
|
| |
In situations where hibernation is requested but resume= and
resume_offset= kernel parameters are not configured, systemd
will attempt to locate a suitable swap location by inspecting
/proc/swaps. This change will use the first suitable swap with
the highest configured priority.
|
| | |
|
| |
|
|
|
|
| |
Prompted by:
https://lists.freedesktop.org/archives/systemd-devel/2019-July/043149.html
|
| |
|
|
|
|
|
|
| |
* missing whitespace.
* NEWS: some small fixes (?) and improvements (???).
* a number of small corrections and (hopefully) improvements
|
| |\
| |
| | |
po: include network1.policy and update ja.po
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Increase journald min_use value
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugzilla.redhat.com/show_bug.cgi?id=1715699
> /dev/mapper/live-rw 6.4G 5.7G 648M 91% /
> systemd-journald[905]: Fixed min_use=1.0M max_use=648.7M max_size=81.0M min_size=512.0K keep_free=973.1M n_max_files=100
When journald is started, we pick keep_free as 15% of the disk size. When the
fs is almost filled, we will only keep one journal file around and rotate very
often (because min_size is very small).
Let's set min use to something reasonable, so that we get more useful logs that
will cover at least the full boot.
Some cases considered in the PR:
> /dev/mapper/live-rw 6.4G 5.7G 648M 91% /
keep_free→MIN(327,100)→100 MB.
min_use→16MB.
effective range: 16 MB – 548 MB
> /dev/mapper/fedora_krowka-root 78G 69G 5.7G 93% /
keep_free → MIN(4GB, 100MB)→100MB
min_use→16MB
effective range: 16 MB – 5.6 GB
(but then there's the max_use limit, which cuts the range down)
> 4TB, 4GB free
keep_free → MIN(209715, 100) → 100 MB
min_use→16MB
effective range: 16 MB – 4.9 GB
(also effectively limited by max_use)
Also replace unneeded width suffixes with spaces, I think this is more
readable, and drop DEFAULT_ prefixes in cases where this setting is
simply a bound, and cannot be overridden by user config, hence is not
a default.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902795
https://bugzilla.redhat.com/show_bug.cgi?id=1715699
report "thousands" of those messages. I think this occurs when journald
rotates files very quickly. Nevertheless, logging this over and over is not
useful, let's do it just once.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
C's strerror() function does not return a "const char *" pointer
for the string. That has historic reasons and C99 even comments
that "[t]he array pointed to shall not be modified by the program".
Make the strerror_safe() wrapper correct this and be more strict
in this regard.
|
| |\ \
| | |
| | | |
Chase symlinks testing
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
$ build/test-chase-symlinks /etc/os-release
/etc/os-release → /usr/lib/os-release
$ build/test-chase-symlinks --nofollow /etc/os-release /etc/../etc/os-release /etc/../etc/./././os-release
/etc/os-release → /etc/os-release
/etc/../etc/os-release → /etc/os-release
/etc/../etc/./././os-release → /etc/os-release
|
| | | |
| | |
| | |
| | |
| | | |
v2:
- print --help to stdout, use size_t
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Minor rewordings
|
| | | | |
| | | |
| | | |
| | | | |
Follow-up for e44c3229f22459b189c1e79cb01fdb156672eb93.
|
| |/ / /
| | |
| | |
| | | |
Follow-up for e08be64937.
|
| |\ \ \
| | | |
| | | | |
allow sysctl assignments to fail
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Fixes: #13177
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit be74f51605b4c7cb74fec3a50cd13b67598a8ac1.
Let's add this again. With the new sysctl "-" thing we can make this
work.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
With @keszybz' recent work this will give us clickable links in the
journalctl output.
|
| |\ \ \ \
| | | | |
| | | | | |
beef up random seed logic, add boot loader entropy privisioning, improve docs about it
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Fixes: #9428
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This makes two major changes to the way systemd-random-seed operates:
1. We now optionally credit entropy if this is configured (via an env
var). Previously we never would do that, with this change we still don't
by default, but it's possible to enable this if people acknowledge that
they shouldn't replicate an image with a contained random seed to
multiple systems. Note that in this patch crediting entropy is a boolean
thing (unlike in previous attempts such as #1062), where only a relative
amount of bits was credited. The simpler scheme implemented here should
be OK though as the random seeds saved to disk are now written only with
data from the kernel's entropy pool retrieved after the pool is fully
initialized. Specifically:
2. This makes systemd-random-seed.service a synchronization point for
kernel entropy pool initialization. It was already used like this, for
example by systemd-cryptsetup-generator's /dev/urandom passphrase
handling, with this change it explicitly operates like that (at least
systems which provide getrandom(), where we can support this). This
means services that rely on an initialized random pool should now place
After=systemd-random-seed.service and everything should be fine. Note
that with this change sysinit.target (and thus early boot) is NOT
systematically delayed until the entropy pool is initialized, i.e.
regular services need to add explicit ordering deps on this service if
they require an initialized random pool.
Fixes: #4271
Replaces: #10621 #4513
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
work
There's no reason why writing should work if reading and writing
doesn't. Let's simplify this hence. /dev/urandom is generally an r/w
device, and everything else would be a serious system misconfiguration.
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
That way we can reuse it elsewhere.
|
| | | | | | |
|
| | | | | | |
|
