| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Also, service-watchdogs now shows current watchdog state when
no optional argument is provided.
|
| |\
| |
| | |
sysusers: allow uid:gid in sysusers.conf files
|
| | |
| |
| |
| |
| |
| | |
Ensure that the GID already exists or is created when the new
"uid:gid" syntax is used. This ensures the behaviour is always
predictable.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This PR allows to write sysuser.conf lines like:
```
u games 5:60 -
```
This will create an a "games" user with uid 5 and games group with
gid 60. This is arguable ugly, however it is required to represent
certain configurations like the default passwd file on Debian and
Ubuntu.
When the ":" syntax is used and there is a group with the given
gid already then no new group is created. This allows writing the
following:
```
g unrelated 60
u games 5:60 -
```
which will create a "games" user with the uid 5 and the primary
gid 60. No group games is created here (might be useful for [1]).
[1] https://pagure.io/packaging-committee/issue/442
|
| |/
|
|
| |
This reverts commit c7612b20052d9151f60a96623b8743cbac88390d.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CHANGE OF BEHAVIOUR — with this commit "f" line's behaviour is altered
to match what the documentation says: if an "argument" string is
specified it is written to the file only when the file didn't exist
before. Previously, it would be appended to the file each time
systemd-tmpfiles was invoked — which is not a particularly useful
behaviour as the tool is not idempotent then and the indicated files
grow without bounds each time the tool is invoked.
I did some spelunking whether this change in behaviour would break
things, but afaics nothing relies on the previous O_APPEND behaviour of
this line type, hence I think it's relatively safe to make "f" lines
work the way the docs say, rather than adding a new modifier for it or
so.
Triggered by:
https://lists.freedesktop.org/archives/systemd-devel/2018-January/040171.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we create leading directories implicitly for all lines that
create directory or directory-like nodes.
With this, we also do the same for a number of other lines: f/F, C, p,
L, c/b (that is regular files, pipes, symlinks, device nodes as well as
file trees we copy).
The leading directories are created with te default access mode of 0755.
If something else is desired, users should simply declare appropriate
"d" lines.
Fixes: #7853
|
| |
|
|
| |
Let's refer to the new page.
|
| |
|
|
|
| |
Also, clarify that O_NONBLOCK is turned off and that the fd is only
half-open.
|
| |
|
|
|
|
| |
New debug verb that enables or disables the service runtime watchdogs
and emergency actions during runtime. This is the systemd-analyze
version of the systemd.service_watchdogs command line option.
|
| |
|
|
|
| |
Add a "systemd.service_watchdogs=" option to the command line which
disables all service runtime watchdogs and emergency actions.
|
| |
|
|
|
|
|
|
|
|
|
| |
The DHCPv6 client can obtain configuration parameters from a
DHCPv6 server through a rapid two-message exchange solicit and reply).
When the rapid commit option is enabled by both the DHCPv6 client and
the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message
exchange provides faster client configuration and is beneficial in environments
in which networks are under a heavy load.
Closes #5845
|
| |
|
| |
Fixes #7912.
|
| |
|
|
| |
Fixes #7912.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sd_journal_stream_fd() does not return the same file descriptor across
different calls. It can't possibly do so, because the file descriptor
is created using certain parameters passed by the caller.
Also the implementation clearly isn't doing this, it's just connecting
to a unix socket.
It opens exactly one file descriptor, and does not close it unless there
is a write failure. Nothing like "temporarily multiple file descriptors
may be open".
|
| |
|
| |
Reported by Дилян Палаузов (https://github.com/dilyanpalauzov) in #7870.
|
| |\
| |
| | |
Man page improvements
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up for e79eabdb1becc93cf4afc909aa18dc40c931eab5. There was an
apparent contradiction:
man/systemd.unit says for Requires=:
Besides, with or without specifying After=, this unit will be deactivated
if one of the other units get deactivated.
Also, some unit types may deactivate on their own (for example, a service
process may decide to exit cleanly, or a device may be unplugged by the
user), which is not propagated to units having a Requires= dependency.
Fixes #7870.
|
| | | |
|
| | |
| |
| |
| |
| | |
Repeating "example" everywhere was not useful, so remove
that and improve the formatting a bit.
|
| | | |
|
| | |
| |
| |
| |
| | |
I don't want to include all the default values in the man page
because that's bound to get out of date…
|
| | |
| |
| |
| |
| | |
Pointed out by Дилян Палаузов (https://github.com/dilyanpalauzov).
Fixes #7870.
|
| | |
| |
| |
| | |
This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.
|
| |/
|
|
|
|
|
|
|
| |
supported in udev rules (#7916)
These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.
|
| |
|
|
|
|
| |
* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).
the list is now in sync with the one at the top of nspawn.c
|
| |
|
|
| |
See the discussion in the issue #7875.
|
| |
|
|
| |
Follow-up for c46bc7e2162d774f55847c1a8cb9d49085cf89bb.
|
| | |
|
| |
|
| |
Closes: https://github.com/systemd/systemd/issues/1395
|
| |
|
|
| |
Closes #7866.
|
| |
|
|
| |
Fixes #7858.
|
| |\
| |
| | |
DHCPv6 prefix delegation
|
| | | |
|
| | |
| |
| | |
This removes the last public reference. Follow-up for #7844.
|
| |\ \
| | |
| | | |
Make MAINPID= and PIDFile= handling more restrictive (and other stuff)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.
This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.
When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.
Fixes: #6632
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The new --uid= switch allows selecting the UID from which the
notificaiton messages shall originate.
This is primarily useful for testing purposes, but might have other
uses.
|
| |\ \ \
| |/ /
|/| | |
update bash completions
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| | |
Closes #7765
|
| |\ \
| | |
| | |
| | |
| | | |
The change in netdev.c done in the merge is necessary to avoid crashing in
cleanup. This is a follow-up for f3c33b234d9f0256805722f02c7b4c4b59fd6de6.
|
| | | |
| | |
| | |
| | | |
More information may be found at wireguard.com.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
/var/run is a legacy compatibility feature, let's avoid mentioning it.
|
| | |/
|/|
| |
| | |
This is useful for testing, and early-boot scripting.
|
| | |
| |
| |
| |
| |
| | |
Nowadays people use systemd on many different architectures, so we
shouldn't presuppose that they are using amd64. debootstrap defaults
to the native architecture and this should be good enough.
|
| |\ \
| |/
|/| |
DBus-API: add more options in transient units
|
