From e9c880dd2c841b4c61c6e8c194001767feed0aab Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 18 Oct 2016 16:18:08 +0200 Subject: man: one more cgroup wording fix --- man/machinectl.xml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/man/machinectl.xml b/man/machinectl.xml index eaa247714b..0d57c01765 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -343,18 +343,13 @@ show [NAME...] - Show properties of one or more registered - virtual machines or containers or the manager itself. If no - argument is specified, properties of the manager will be - shown. If a NAME is specified, properties of this virtual - machine or container are shown. By default, empty properties - are suppressed. Use to show those too. - To select specific properties to show, use - . This command is intended to be - used whenever computer-parsable output is required, and does - not print the cgroup tree or journal entries. Use - status if you are looking for formatted - human-readable output. + Show properties of one or more registered virtual machines or containers or the manager + itself. If no argument is specified, properties of the manager will be shown. If a NAME is specified, + properties of this virtual machine or container are shown. By default, empty properties are suppressed. Use + to show those too. To select specific properties to show, use + . This command is intended to be used whenever computer-parsable output is + required, and does not print the control group tree or journal entries. Use status if you + are looking for formatted human-readable output. -- cgit v1.2.1 From 8ae2c6300feffc598f1b13b9268e7312c647d19e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 19 Oct 2016 23:30:50 +0200 Subject: journald,core: add short comments we we keep reopening /dev/console all the time Just to make sure the next one reading this isn't surprised that the fd isn't kept open. SAK and stuff... Fix suggested: https://github.com/systemd/systemd/pull/4366#issuecomment-253659162 --- src/core/show-status.c | 5 +++++ src/journal/journald-console.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/src/core/show-status.c b/src/core/show-status.c index 59ebdc7219..65f9cb888a 100644 --- a/src/core/show-status.c +++ b/src/core/show-status.c @@ -61,6 +61,11 @@ int status_vprintf(const char *status, bool ellipse, bool ephemeral, const char if (vasprintf(&s, format, ap) < 0) return log_oom(); + /* Before you ask: yes, on purpose we open/close the console for each status line we write individually. This + * is a good strategy to avoid PID 1 getting killed by the kernel's SAK concept (it doesn't fix this entirely, + * but minimizes the time window the kernel might end up killing PID 1 due to SAK). It also makes things easier + * for us so that we don't have to recover from hangups and suchlike triggered on the console. */ + fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC); if (fd < 0) return fd; diff --git a/src/journal/journald-console.c b/src/journal/journald-console.c index fcc9f25814..3a9fba42a3 100644 --- a/src/journal/journald-console.c +++ b/src/journal/journald-console.c @@ -102,6 +102,11 @@ void server_forward_console( tty = s->tty_path ? s->tty_path : "/dev/console"; + /* Before you ask: yes, on purpose we open/close the console for each log line we write individually. This is a + * good strategy to avoid journald getting killed by the kernel's SAK concept (it doesn't fix this entirely, + * but minimizes the time window the kernel might end up killing journald due to SAK). It also makes things + * easier for us so that we don't have to recover from hangups and suchlike triggered on the console. */ + fd = open_terminal(tty, O_WRONLY|O_NOCTTY|O_CLOEXEC); if (fd < 0) { log_debug_errno(fd, "Failed to open %s for logging: %m", tty); -- cgit v1.2.1 From 47da760efddc1fae8dac460430efd0ae7090c6c4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 19 Oct 2016 23:40:31 +0200 Subject: man: document default for User= Replaces: #4375 --- man/systemd.exec.xml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 7453aa7bee..dbe4594730 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -141,8 +141,13 @@ Group= Set the UNIX user or group that the processes are executed as, respectively. Takes a single - user or group name, or numeric ID as argument. If no group is set, the default group of the user is used. This - setting does not affect commands whose command line is prefixed with +. + user or group name, or numeric ID as argument. For system services (services run by the system service manager, + i.e. managed by PID 1) and for user services of the root user (services managed by root's instance of + systemd --user), the default is root, but User= may be + used to specify a different user. For user services of any other user, switching user identity is not + permitted, hence the only valid setting is the same user the user's service manager is running as. If no group + is set, the default group of the user is used. This setting does not affect commands whose command line is + prefixed with +. -- cgit v1.2.1