| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
core: allow to specify RestrictNamespaces= multiple times
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Add support to set the route MTU.
Closes #9047
|
| |\ \
| | |
| | | |
make even more nspawn concepts configurable
|
| | | |
| | |
| | |
| | |
| | |
| | | |
more configurable
Fixes: #9009
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fixes: #8014 #1781
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sysexits.h has:
#define EX_CANTCREAT 73 /* can't create (user) output file */
EX_DATAERR is a copy-paste error from the previous sentence, which is
correct.
|
| |/ / |
|
| | |
| |
| |
| | |
VM/container envs
|
| | |
| |
| |
| | |
Fixes #9045.
|
| | | |
|
| |\ \
| | |
| | | |
nspawn: make a couple of additional container parameters configurable
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Similar as the other options added before, this is primarily useful to
provide comprehensive OCI runtime compatbility, but might be useful
otherwise, too.
|
| | | |
| | |
| | |
| | |
| | | |
This is primarily useful in order to provide comprehensive OCI runtime
compatibility with nspawn, but might have uses outside of it.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This simply controls the PR_SET_NO_NEW_PRIVS flag for the container.
This too is primarily relevant to provide OCI runtime compaitiblity, but
might have other uses too, in particular as it nicely complements the
existing --capability= and --drop-capability= flags.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
new --hostname= switch
Previously, the container's hostname was exclusively initialized from
the machine name configured with --machine=, i.e. the internal name and
the external name used for and by the container was synchronized. This
adds a new option --hostname= that optionally allows the internal name
to deviate from the external name.
This new option is mainly useful to ultimately implement the OCI runtime
spec directly in nspawn, but it might be useful on its own for some
other usecases too.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
for our container payloads
This ensures we set the various resource limits of our container
explicitly on each invocation so that we inherit less from our callers
into the payload.
By default resource limits are now set to the same values Linux
generally passes to the host PID 1, thus minimizing needless differences
between host and container environments.
The limits are now also configurable using a new --rlimit= switch. This
is preparation for teaching nspawn native OCI runtime support as OCI
permits setting resource limits for container payloads, and it hence
probably makes sense if we do too.
|
| | | |
| | |
| | |
| | | |
--boot neither
|
| | | |
| | |
| | |
| | | |
It's our own command, we document it in our own set of man pages.
|
| |/ / |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
What the man page said was different than what the code did.
save_external_coredump() will store the core temporarily for backtrace
generation, and will delete if afterwards if it is too large. So to disable
processing, it's necessary to both set
Storage=none/Storage=journal+JournalSizeMax=0/Storage=external+ExternalSizeMax=0
and ProcessSizeMax=0. This updates the man page to reflect the code.
The man pages are extended to describe that Storage=none + ProcessSizeMax=0 is
the simplest way to disable coredump processing. All the storage and processing
options make this quite complicated, so let's add a copy-and-pasteable example
of how to disable coredump. Doing it through coredump.conf has the advantage
that we still log, and the effect is immediate, unlike masking the sysconf
file.
Fixes #8788.
|
| | |
| |
| |
| |
| |
| | |
Commenting out "WatchdogTimeout=3min" in systemd-logind.service causes
NotifyAccess to go from "main" to "none", breaking support for logind
restart. Let's fix that.
|
| | |
| |
| |
| |
| |
| |
| | |
Since StandardOutput=file:path is more similar to StandardInput= than
StandardInputText=, and only StandardInput= is actually documented above
StandardOutput= whereas StandardInputText= is documented below it, I
assume the intention was to refer to the former.
|
| | | |
|
| | |
| |
| |
| | |
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
| | |
| |
| | |
Security note on 2048 bits is added.
|
| | |
| |
| | |
rsa:2048 is currently in use as minimal recommended key length on cert/key generating. Specifying rsa:1024 is not recommended for security reasons.
|
| |\ \
| | |
| | | |
systemd-analyze show-config
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
$ systemd-analyze cat-config systemd/logind.conf
$ systemd-analyze cat-config /etc/systemd/logind.conf
$ systemd-analyze cat-config /usr/lib/systemd/logind.conf
are all equvalent,
$ systemd-analyze cat-config /var/systemd/logind.conf
is an error.
|
| | | |
| | |
| | |
| | | |
Document --help and --version while at it.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This implements similar logic as conf_files_cat(), but with slightly different
file gathering logic. I also want to add support for replacement files later on,
so it seems better to keep those two file-gathering functions separate.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is used as 'systemd-analyze show-config systemd/logind.conf', which
will dump
/etc/systemd/system/user@.service
/etc/systemd/system/user@.service.d/*.conf
/run/systemd/system/user@.service.d/*.conf
/usr/local/lib/systemd/system/user@.service.d/*.conf
/usr/lib/systemd/system/user@.service.d/*.conf
The idea is to make it easy to dump the configuration using the same locations
and order that systemd programs use themselves (including masking, in the right
order, etc.). This is the generic variant that works with any configuration
scheme that follows the same general rules:
$ systemd-analyze cat-config systemd/system.conf
$ systemd-analyze cat-config systemd/user.conf
$ systemd-analyze cat-config systemd/logind.conf
$ systemd-analyze cat-config systemd/sleep.conf
$ systemd-analyze cat-config systemd/journald.conf
$ systemd-analyze cat-config systemd/journal-remote.conf
$ systemd-analyze cat-config systemd/journal-upload.conf
$ systemd-analyze cat-config systemd/coredump.conf
$ systemd-analyze cat-config systemd/resolved.conf
$ systemd-analyze cat-config systemd/timesyncd.conf
$ systemd-analyze cat-config udev/udev.conf
|
| | | |
| | |
| | | |
While set of systemd-journal-{gatewayd,remote,upload}.service services presents single subsystem on journald logs network transmission, systemd-journal-gatewayd.service description should also contain links to other parts of this subsystem: systemd-journal-remote.service and systemd-journal-upload.service.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* man: systemd-networkd-wait-online: systemd.service
While service type is mentioned (is a oneshot system service), link on systemd.service is added. 'See Also' section is also updated with link on systemd.service man-page.
|
| | | |
| | |
| | | |
Added short keys -u and -m for --unescape and --mangle respectively. These short keys are present in systemd-escape --help output and are absent in man systemd-escape page.
|
| | | |
| | |
| | |
| | | |
Add journal-upload.conf refentrytitle to have the same format to systemd-journal-remote.service description, which contains refentrytitle on journal-remote.conf in 'See Also' section.
|
| |\ \ \
| | | |
| | | | |
resolvectl: drop service_family_{from,to}_string()
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
addresses
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
$network is converted to network-online.target, not network-target.
See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
and the implementation at `src/sysv-generator/sysv-generator.c`.
|
| | | | |
| | | |
| | | | |
closes #8856
|
| |\ \ \ \
| | | | |
| | | | | |
Small additions to sd-journal-{remote,upload}.service man pages
|
| | | | | | |
|
