| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Files found with:
for f in *; do \
l=`tr -d '[^(]' < $f | wc -c`; \
r=`tr -d '[^)]' < $f | wc -c`; \
if [ $l -ne $r ]; then \
echo $f $l $r; \
fi; \
done
|
| |
|
|
| |
Fixes #16363. Also includes some changes where I generalized the pattern.
|
| |
|
|
|
|
| |
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/
This gets rid of most but not occasions of these loaded terms:
1. scsi_id and friends are something that is supposed to be removed from
our tree (see #7594)
2. The test suite defines an API used by the ubuntu CI. We can remove
this too later, but this needs to be done in sync with the ubuntu CI.
3. In some cases the terms are part of APIs we call or where we expose
concepts the kernel names the way it names them. (In particular all
remaining uses of the word "slave" in our codebase are like this,
it's used by the POSIX PTY layer, by the network subsystem, the mount
API and the block device subsystem). Getting rid of the term in these
contexts would mean doing some major fixes of the kernel ABI first.
Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
|
| |
|
|
|
|
|
|
| |
dm-verity support in dissect-image at the moment is restricted to GPT
volumes.
If the image a single-filesystem type without a partition table (eg: squashfs)
and a roothash/verity file are passed, set the verity flag and mark as
read-only.
|
| | |
|
| |\
| |
| | |
A few more dbus api documentation updates
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It's not that I think that "hostname" is vastly superior to "host name". Quite
the opposite — the difference is small, and in some context the two-word version
does fit better. But in the tree, there are ~200 occurrences of the first, and
>1600 of the other, and consistent spelling is more important than any particular
spelling choice.
|
| |/ |
|
| |
|
|
|
| |
This saves ~24MB of space, see
https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot.
|
| | |
|
| |\
| |
| | |
introduce GPT partition types for /var and /var/tmp and support them for auto-discovery
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This was previously available here:
https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/
Let's pull it into our repository.
|
| | |
| |
| |
| | |
Now that we converted the documentation we should also link to it.
|
| |/
|
|
|
|
|
|
| |
This commit lowers the chance of having veth name conflicts for machines
created with similar names.
Replaces: #12865
Fixes: #13417
|
| |\
| |
| | |
Fix for the issue when machine cannot be started second time, and better nspawn logging
|
| | | |
|
| | | |
|
| |/
|
|
| |
We nowadays prefer positive options over negative.
|
| |
|
|
|
|
|
| |
Destination file needs to be a valid hostname and underscores
are not valid hostname characters.
Closes #13542
|
| |
|
|
|
|
| |
The default value was described at the end of two long paragraphs.
Make the first para self contained, and move the description of --console=pipe
into the second para.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Remove the retired flag -d from Example 4. "Boot a minimal Arch Linux
distribution in a container". It has been retired here:
https://git.archlinux.org/arch-install-scripts.git/commit/pacstrap.in?id=0af6884aca68dcb7eed0b85fbc2960903df3d968
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To access a shell on a disk image, the man page on Fedora-29 says to
run: `systemd-nspawn -M Fedora-Cloud-Base-28-1.1.x86_64.raw`. Let's
try.
List existing images:
$> machinectl list-images | awk '{print $1,$2}';
NAME TYPE
Fedora-Cloud-Base-30… raw
1 images
Now invoke `systemd-nspawn` as noted in the man page:
$> systemd-nspawn -M Fedora-Cloud-Base-30-1.2.x86_64.raw
No image for machine 'Fedora-Cloud-Base-30-1.2.x86_64.raw'.
Removing the ".raw" extension launches the image and gives a shell.
Update the man page to reflect that.
Frantisek Sumsal on #systemd (Freenode) noted the reason: "In older
versions systemd -M accepted both image-name.raw and image-name as a
valid image names, however, on Fedora 29 (systemd-239) with all the
BTRFS stuff around it accepts only -M image-name (without the
extension)"
- - -
While at it, update the fedora_{latest_version, cloud_release}
variables.
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
|
| |
|
|
| |
It only matters for --help.
|
| |
|
|
|
|
| |
No other changes, just some reshuffling and adding of section headers
(well, admittedly, I changed some "see above" and "see below" in the
text to match the new order.)
|
| | |
|
| |\
| |
| | |
Man headers
|
| | |
| |
| |
| |
| |
| |
| | |
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.
$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
|
| | |
| |
| |
| |
| |
| | |
No need to waste space, and uniformity is good.
$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
|
| |/
|
|
| |
Fixes: #10721
|
| |
|
|
| |
We never made this clear, let's fix that.
|
| | |
|
| |
|
| |
Fix a minor typo: abrubtly -> abruptly.
|
| |
|
|
|
| |
This is already included in .dir-locals, so we don't need it
in the files themselves.
|
| |
|
|
|
|
|
|
| |
nspawn as it is now is a generally useful tool, hence let's drop the
comments about it being useful for debug and so on only.
The new wording just makes the first sentence of the main page also the
summary.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Tested with F26-F29, debian unstable.
$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
|
| |
|
|
|
|
|
|
|
|
|
| |
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|
| | |
|
| |
|
|
|
|
|
|
| |
Fedora 28 is out already, let's advertise it. While at it, drop "container"
from "f28container" — it's a subdirectory under /var/lib/machines, it's pretty
obvious that's it a container.
To make the switch easier in the future, define the number as an entity.
|
| |
|
|
|
|
| |
more configurable
Fixes: #9009
|
| |
|
|
| |
Fixes: #8014 #1781
|
| |
|
|
|
|
| |
Similar as the other options added before, this is primarily useful to
provide comprehensive OCI runtime compatbility, but might be useful
otherwise, too.
|
| |
|
|
|
| |
This is primarily useful in order to provide comprehensive OCI runtime
compatibility with nspawn, but might have uses outside of it.
|
| |
|
|
|
|
|
| |
This simply controls the PR_SET_NO_NEW_PRIVS flag for the container.
This too is primarily relevant to provide OCI runtime compaitiblity, but
might have other uses too, in particular as it nicely complements the
existing --capability= and --drop-capability= flags.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
new --hostname= switch
Previously, the container's hostname was exclusively initialized from
the machine name configured with --machine=, i.e. the internal name and
the external name used for and by the container was synchronized. This
adds a new option --hostname= that optionally allows the internal name
to deviate from the external name.
This new option is mainly useful to ultimately implement the OCI runtime
spec directly in nspawn, but it might be useful on its own for some
other usecases too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for our container payloads
This ensures we set the various resource limits of our container
explicitly on each invocation so that we inherit less from our callers
into the payload.
By default resource limits are now set to the same values Linux
generally passes to the host PID 1, thus minimizing needless differences
between host and container environments.
The limits are now also configurable using a new --rlimit= switch. This
is preparation for teaching nspawn native OCI runtime support as OCI
permits setting resource limits for container payloads, and it hence
probably makes sense if we do too.
|
| |
|
|
| |
--boot neither
|
