| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| | |
The prefixes can be specified for any part of the command. The docs imply this,
but it's not entirely obvious. Let's add an example.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The description was split — part was under ExecStart= and part in "Command lines".
Now the whole generic part is moved to the separate section, and under ExecStart=
only the stuff that is specific to that option is described.
This just moves the text and removes some repetitions.
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Ensure sysexts do not contain an os-release file, do not load sysexts from /usr[/local]/lib/extensions/
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
sysexts are meant to extend /usr. All extension images and directories are opened and merged in a
single, read-only overlayfs layer, mounted on /usr.
So far, we had fallback storage directories in /usr/lib/extensions and /usr/local/lib/extensions.
This is problematic for three reasons.
Firstly, technically, for directory-based extensions the kernel will reject
creating such an overlay, as there is a recursion problem. It actively
validates that a lowerdir is not a child of another lowerdir, and fails with
-ELOOP if it is. So having a sysext /usr/lib/extensions/myextdir/ would result
in an overlayfs config lowerdir=/usr/lib/extensions/myextdir/usr/:/usr which is
not allowed, as indicated by Christian the kernel performs this check:
/*
* Check if this layer root is a descendant of:
* - another layer of this overlayfs instance
* - upper/work dir of any overlayfs instance
*/
<...>
/* Walk back ancestors to root (inclusive) looking for traps */
while (!err && parent != next) {
if (is_lower && ovl_lookup_trap_inode(sb, parent)) {
err = -ELOOP;
pr_err("overlapping %s path\n", name);
Secondly, there's a confusing aspect to this recursive storage. If you
have /usr/lib/extensions/myext.raw which contains /usr/lib/extensions/mynested.raw
'systemd-sysext merge' will only pick up the first one, but both will appear in
the merged root under /usr/lib/extensions/. So you have two extension images, both
appear in your merged filesystem, but only one is actually in use.
Finally, there's a conceptual aspect: the idea behind sysexts and hermetic /usr
is that the /usr tree is not modified locally, but owned by the vendor. Dropping
extensions in /usr thus goes contrary to this foundational concept.
|
| |\ \
| | |
| | | |
Do not pull in systemd-oomd on v1 to avoid repeated message in logs
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We use ConditionControlGroupController=v2 in systemd-oomd.service, and also
this condition makes sense in general, so it should be documented.
This reverts a part of 6d48c7cf736ced70c1c2fef1e1f03618911d04bc.
Deprecated commandline options and v1 controller names were removed from
the description.
|
| |/ /
| |
| |
| |
| |
| | |
This can be used to prepare an image for firstboot by removing all
files that systemd knows about that contain machine specific
information.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up for #26902 and #26971
Let's always calculate the next restart interval
since that's more useful.
For that, we add 1 to s->n_restarts unconditionally,
and change RestartUSecCurrent property to RestartUSecNext.
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
Similar to what we do for directories, just before we remove a file,
let's try to take a BSD lock on it. If that fails, skip removing the
file.
|
| |\
| |
| | |
add ability to show contents of service fdstore + teach systemd-notify passing fds into the fdstore
|
| | |
| |
| |
| |
| | |
This exposes the fd passing we support via sd_pid_notify_with_fds() also
via the command line tool systemd-notify.
|
| | | |
|
| | | |
|
| |/
|
|
| |
Follow-up for 600362aa11af5af90125aacc8ad7612a5cb80a68.
|
| |
|
|
| |
SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
|
| |
|
|
|
|
|
|
| |
Unit names can be 255 characters long, not 256.
We first say "name prefix" and then continue with "unit prefix".
Confusing. Couldn't figure out which term is better hence settled on
"unit name prefix".
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sysext DDI cannot carry an os-release file, but have to carry
an extension-release file. But so far, this was only used to
match the sysext DDI with the base DDI/rootdir. It is also
useful to describe the sysext DDI itself, just like we do in
os-release.
So document that the same fields used in os-release can also
be added to an extension-release, with the 'SYSEXT_' prefix,
and in that case they are understood to define the sysext DDI
itself, rather than for matching purposes.
|
| |
|
|
|
| |
This new property shows how much time we actually
waits before restarting.
|
| |
|
|
|
|
|
|
|
|
| |
interval between restarts
RestartSteps= accepts a positive integer as the number of steps
to take to increase the interval between auto-restarts from
RestartSec= to RestartSecMax=, or 0 to disable it.
Closes #6129
|
| |
|
|
| |
Define $KERNEL_INSTALL_UKI_GENERATOR in case one wants it to be different from $KERNEL_INSTALL_INITRD_GENERATOR. This can be useful if one wants to use mkinitcpio / Dracut to generate the initrd, but without creating the UKI so this can be left for e.g. ukify or something else. Right now these initrd generators will read /etc/kernel/install.conf and generate the UKI
|
| |\
| |
| | |
test: add a couple of tests for userdbctl
|
| | | |
|
| |\ \
| | |
| | | |
syscall filter group updates
|
| | |/ |
|
| |\ \
| | |
| | | |
ukify: Use pefile to add sections to EFI stub
|
| | |/ |
|
| |\ \
| |/
|/| |
Implement --help/--version in all udev builtins
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those are separate binaries, and occasionally people will get a misplaced
binary that doesn't match the rest of the installed system and be confused, so
it good to be able to check the version. It is also nice to have the same
interface in all binaries.
Note that we usually use a separate 'enum ARG_VERSION = 0x100' for an option
without a short name. We can use a less verbose approach of simply taking any
unused letter, which works just as well and even the compiler would warn us
if we tried to use the letter in another place. This way we avoid a few lines
of boilerplate.
The help texts are adjusted to have an empty line between the synopsis and
option list, and no empty lines after the option list.
|
| |\ \
| | |
| | | |
core: support overriding NOTIFYACCESS= through sd-notify during runtime
|
| | | |
| | |
| | |
| | | |
Closes #25963
|
| |/ /
| |
| |
| |
| |
| | |
Let's allow configuring tty term and size using kernel cmdline arguments
so that when running in a VM we can communicate the terminal TERM and size
from the host via SMBIOS extra kernel cmdline arguments.
|
| | |
| |
| |
| |
| |
| | |
`dracut.kernel.7` is just a symlink to `dracut.cmdline.7`, so the web reference
points to a non-existent URL
(https://man7.org/linux/man-pages/man7/dracut.kernel.7.html).
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This allows operating on .nspawn files using machinectl.
Closes #26246
|
| |\ \
| | |
| | | |
core: append LogExtraFields= values to log_unit* messages
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This ensure messages from PID1 regarding a unit also contain those
fields. For example, portable services have PORTABLE=<image> as
extra fields, which is useful to identify which version of a portable
image produced a log message like an error or an oomd kill.
|
| |\ \ \
| | | |
| | | | |
Do not show xattrs and cgroup ids in cgls by default
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
-x is short for --xattrs=yes and
-c is short for --cgroup-id=yes.
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Those are rather specialized bits of information, useful mostly for debugging.
I use cgls quite often but never had the need to use either of those…
But they take up a significant amount of screen real estate, esp. when
executed as root:
-.slice
├─user.slice (#1683)
│ → user.invocation_id: 74b0bd1258c5485eb969016384e0d06a
│ → trusted.invocation_id: 74b0bd1258c5485eb969016384e0d06a
│ └─user-1000.slice (#6488)
│ → user.invocation_id: b0261a14fe74490d9a9d5266c52cceb6
│ → trusted.invocation_id: b0261a14fe74490d9a9d5266c52cceb6
│ ├─user@1000.service … (#6590)
│ │ → user.invocation_id: 9e1fb54ad07940d8b92c33c81d169f11
│ │ → user.delegate: 1
│ │ → trusted.invocation_id: 9e1fb54ad07940d8b92c33c81d169f11
│ │ → trusted.delegate: 1
│ │ ├─session.slice (#6874)
...
Let's not show them by default, so we can show more cgroups.
(Also, on a terminal, we already highlight delegate units via underlining and
an ellipsis, so 'user.delegate:1' is redundant.)
|
| |\ \ \
| | | |
| | | | |
Docs and dump output follow-up for the case of delegation with no controllers
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
This case is a bit surprising, even if logical if one understands how the
parser works. Let's be more explicit.
Follow-up for 7b3693e4e4c9cae50fca65136278a62fae11327e.
|
| |/ /
| |
| |
| |
| |
| |
| | |
Pass an empty string or "cancel" will cancel the action.
Pass "show" will show the scheduled actions.
Replaces #17258
|
| | | |
|
