Commit Graph

567 Commits

Author SHA1 Message Date
Slava Kardakov
1e904320aa Fixup typo in NEWS 2019-12-03 08:02:24 +09:00
Lennart Poettering
8bf2a311f3 NEWS: update for final 244 2019-11-29 14:29:03 +01:00
Zbigniew Jędrzejewski-Szmek
bdf2357c12 NEWS: add contributors for v244 2019-11-22 09:33:59 +01:00
Lennart Poettering
168e131b8b update NEWS 2019-11-20 16:16:46 +01:00
Zbigniew Jędrzejewski-Szmek
2d8898f564
Merge pull request #14074 from keszybz/rename-system-options
Rename system-options
2019-11-20 16:13:46 +01:00
Yu Watanabe
88b860034e NEWS: SendRawOption= -> SendOption= 2019-11-19 11:52:36 +01:00
Zbigniew Jędrzejewski-Szmek
2536752dda Rename "system-options" to "systemd-efi-options"
This makes the naming more consistent: we now have
bootctl systemd-efi-options,
$SYSTEMD_EFI_OPTIONS
and the SystemdOptions EFI variable.

(SystemdEFIOptions would be redundant, because it is only used in the context
of efivars, and users don't interact with that name directly.)

bootctl is adjusted to use 2sp indentation, similarly to systemctl and other
programs.

Remove the prefix with the old name from 'bootctl systemd-efi-options' output,
since it's redundant and we don't want the old name anyway.
2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
cc560ac064 NEWS: fix antique typo 2019-11-18 20:20:58 +01:00
Zbigniew Jędrzejewski-Szmek
852b72727a NEWS: more items
Also reorder some entries to restore the grouping by subject.
2019-11-16 13:48:41 +01:00
Zbigniew Jędrzejewski-Szmek
7b631898ef
Merge pull request #13961 from mwilck/udev-no-exit-timeout
udevd: wait for workers to finish when exiting
2019-11-13 08:56:49 +01:00
Martin Wilck
bfde9421af udevd: wait for workers to finish when exiting
On some systems with lots of devices, device probing for certain drivers can
take a very long time. If systemd-udevd detects a timeout and kills the worker
running modprobe using SIGKILL, some devices will not be probed, or end up in
unusable state. The --event-timeout option can be used to modify the maximum
time spent in an uevent handler. But if systemd-udevd exits, it uses a
different timeout, hard-coded to 30s, and exits when this timeout expires,
causing all workers to be KILLed by systemd afterwards. In practice, this may
lead to workers being killed after significantly less time than specified with
the event-timeout. This is particularly significant during initrd processing:
systemd-udevd will be stopped by systemd when initrd-switch-root.target is
about to be isolated, which usually happens quickly after finding and mounting
the root FS.

If systemd-udevd is started by PID 1 (i.e. basically always), systemd will
kill both udevd and the workers after expiry of TimeoutStopSec. This is
actually better than the built-in udevd timeout, because it's more transparent
and configurable for users. This way users can avoid the mentioned boot problem
by simply increasing StopTimeoutSec= in systemd-udevd.service.

If udevd is not started by systemd (standalone), this is still an
improvement. udevd will kill hanging workers when the event timeout is
reached, which is configurable via the udev.event_timeout= kernel
command line parameter. Before this patch, udevd would simply exit with
workers still running, which would then become zombie processes.

With the timeout removed, the sd_event_now() assertion in manager_exit() can be
dropped.
2019-11-12 12:20:20 +01:00
Anita Zhang
3e1db806b0 core: change top-level drop-in from -.service.d to service.d
Discussed in #13743, the -.service semantic conflicts with the
existing root mount and slice names, making this feature not
uniformly extensible to all types. Change the name to be
<type>.d instead.

Updating to this format also extends the top-level dropin to
unit types.
2019-11-07 08:34:53 +01:00
Yu Watanabe
6878c02245 NEWS: mention NetworkEmulatorDuplicateRate= setting 2019-11-01 13:18:13 +09:00
Christian Rebischke
597f905c76 add other worthy news
I think we can mention that systemd-resolved is able to validate IP
address certificates and prefer TLS 1.3 before TLS 1.2 now.

Also the `machinectl reboot` command actually works now.

Signed-off-by: Christian Rebischke <chris@nullday.de>
2019-10-31 09:02:15 +09:00
Zbigniew Jędrzejewski-Szmek
b7db8b7b13 NEWS: fix two typos 2019-10-30 15:58:53 +01:00
Yu Watanabe
f36e6a4a96 NEWS: fix option name 2019-10-30 14:01:01 +01:00
Zbigniew Jędrzejewski-Szmek
ee50dada49 NEWS: start preparations for v244 2019-10-30 11:16:38 +01:00
Zbigniew Jędrzejewski-Szmek
e48a1e3423 mailmap: add entry to fix authorship of commit
471cffcfb0 was committed on a debug VM where I
didn't have git set up properly.
2019-10-21 15:10:58 +02:00
Zbigniew Jędrzejewski-Szmek
efb536d0cb Update NEWS for v243 2019-09-03 11:27:19 +02:00
Zbigniew Jędrzejewski-Szmek
a7d9b3557e NEWS: update contributors list 2019-09-03 11:27:19 +02:00
Zbigniew Jędrzejewski-Szmek
6d8cf86476 docs: new systemd-security mailing list
In the past, we asked people to open a security bug on one of the "big"
distros. This worked OK as far as getting bugs reported and notifying some
upstream developers went. But we always had trouble getting information to
all the appropriate parties, because each time a bug was reported, a big
thread was created, with a growing CC list. People who were not CCed early
enough were missing some information, etc.

To clean this up, we decided to create a private mailing list. The natural
place would be freedesktop.org, but unfortunately the request to create a
mailing list wasn't handled
(https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/134). And even
if it was, at this point, if there was ever another administrative issue, it
seems likely it could take months to resolve. So instead, we asked for a list
to be created on the redhat mailservers.

Please consider the previous security issue reporting mechanisms rescinded, and
send any senstive bugs to systemd-security@redhat.com.
2019-08-30 09:12:27 +02:00
Zbigniew Jędrzejewski-Szmek
f21e2ecb8b NEWS: update contributors list 2019-08-22 13:47:11 +02:00
Kai Krakow
2dbc45aea7 cgroup: Also set io.bfq.weight
Current kernels with BFQ scheduler do not yet set their IO weight
through "io.weight" but through "io.bfq.weight" (using a slightly
different interface supporting only default weights, not per-device
weights). This commit enables "IOWeight=" to just to that.

This patch may be dropped at some time later.

Github-Link: https://github.com/systemd/systemd/issues/7057
Signed-off-by: Kai Krakow <kai@kaishome.de>
2019-08-20 11:50:59 +02:00
Chris Down
5c76ca6093 NEWS: Remove DisableControllers from v243
We already released this in v240 and had a NEWS entry then.
2019-07-31 12:12:46 +09:00
Zbigniew Jędrzejewski-Szmek
4860f5c2ae NEWS: more entries and some rewordings 2019-07-30 16:50:40 +02:00
Zbigniew Jędrzejewski-Szmek
e397eb50da
Merge pull request #13219 from poettering/named-exit-codes-tweaks
quick follow-up for the symbolic exit status PR #13207
2019-07-30 08:27:20 +02:00
Lennart Poettering
48fd50f749 update TODO 2019-07-30 08:23:18 +02:00
Lennart Poettering
5238d9a83a analyze: rename "exit-codes" to "exit-status"
waitid(2) and the libc function signature calls this "exit status", and
uses "exit code" for something different. Let's stick to the same
nomenclature hence.
2019-07-29 19:22:22 +02:00
Lennart Poettering
1d7458fbb1
Merge pull request #13207 from keszybz/symbolic-exit-code-names
Symbolic exit code names
2019-07-29 18:58:06 +02:00
Zbigniew Jędrzejewski-Szmek
ae6a32c260 NEWS: add entry about exit status changes 2019-07-29 15:59:17 +02:00
Lennart Poettering
a18a3aacd3 more 243 news 2019-07-29 11:03:08 +02:00
Clinton Roy
08b5953997 news corrections and improvements (#13200)
* missing whitespace.

* NEWS: some small fixes (?) and improvements (???).

* a number of small corrections and (hopefully) improvements
2019-07-29 09:35:25 +02:00
Zbigniew Jędrzejewski-Szmek
6304fec37c
Merge pull request #13191 from poettering/sysctl-no-fail
allow sysctl assignments to fail
2019-07-26 14:57:56 +02:00
Lennart Poettering
8deeef94e7
Merge pull request #13188 from yuwata/news-igmp-version
network: rename `IGMPVersion=` to `MulticastIGMPVersion=`
2019-07-26 09:40:21 +02:00
Yu Watanabe
13cb62af22 NEWS: mention SpeedMeter= 2019-07-26 09:38:20 +02:00
Lennart Poettering
b64c47c038 NEWS: mention the new sysctl.d/ - prefix 2019-07-26 09:28:43 +02:00
Lennart Poettering
0338934f4b Revert "Revert "sysctl: Enable ping(8) inside rootless Podman containers""
This reverts commit be74f51605.

Let's add this again. With the new sysctl "-" thing we can make this
work.
2019-07-26 09:25:09 +02:00
Evgeny Vereshchagin
be74f51605 Revert "sysctl: Enable ping(8) inside rootless Podman containers"
This reverts commit 90ce7627df.

See https://github.com/systemd/systemd/issues/13177#issuecomment-514931461
2019-07-26 06:56:58 +00:00
Yu Watanabe
9f0d45e402 NEWS: mention Bridge.MulticastIGMPVersion= 2019-07-26 11:01:28 +09:00
Lennart Poettering
907ddcd361 update NEWS with more recently commited stuff 2019-07-24 17:35:25 +02:00
Debarshi Ray
90ce7627df sysctl: Enable ping(8) inside rootless Podman containers
This makes ping(8) work without CAP_NET_ADMIN and CAP_NET_RAW because
those aren't effective inside rootless Podman containers.

It's quite useful when using OSTree based operating systems like Fedora
Silverblue, where development environments are often set up using
rootless Podman containers with helpers like Toolbox [1]. Not having
a basic network utility like ping(8) work inside the development
environment can be inconvenient.

See:
https://lwn.net/Articles/422330/
http://man7.org/linux/man-pages/man7/icmp.7.html
https://github.com/containers/libpod/issues/1550

The upper limit of the range of group identifiers is set to 2147483647,
which is 2^31-1. Values greater than that get rejected by the kernel
because of this definition in linux/include/net/ping.h:
  #define GID_T_MAX (((gid_t)~0U) >> 1)

That's not so bad because values between 2^31 and 2^32-1 are reserved
on systemd-based systems anyway [2].

[1] https://github.com/debarshiray/toolbox
[2] https://systemd.io/UIDS-GIDS.html#summary
2019-07-24 16:41:45 +02:00
Lennart Poettering
29db4c3a08 NEWS: more additions in preparation von v243 2019-07-23 15:56:41 +02:00
Anita Zhang
a4d5848aa2 NEWS: bullet point for ExecCondition= 2019-07-17 22:27:57 -07:00
Jorge Niedbalski
37d7a7d984 resolved: switch cache option to a tri-state option (systemd#5552).
Change the resolved.conf Cache option to a tri-state "no, no-negative, yes" values.

If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See systemd#5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.

This change adds the 'no-negative' option when set it avoids putting in cache
negative answers but still works the same heuristics for positive answers.

Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
2019-07-17 10:42:53 -04:00
Yu Watanabe
7018373537 NEWS: update section name 2019-07-16 10:30:47 +09:00
Boucman
eebaa72446 Update NEWS 2019-07-14 23:46:19 +09:00
Lennart Poettering
2875a36b77 NEWS: add some notes for v243
Let's get this ball rolling.
2019-07-14 22:16:01 +09:00
Yu Watanabe
e110599b63 NEWS: mention that the libidn2 is used by default 2019-06-29 03:18:43 +09:00
Michael Prokop
d238709c14 docs: fix typos and duplicate words
s/and and/and/
s/explicity/explicitly/
s/that that/that/
s/the the/the/
s/is is/it is/
s/overriden/overridden/
2019-06-27 10:43:21 +02:00
Michal Sekletar
b070c7c0e1 core: introduce NUMAPolicy and NUMAMask options
Make possible to set NUMA allocation policy for manager. Manager's
policy is by default inherited to all forked off processes. However, it
is possible to override the policy on per-service basis. Currently we
support, these policies: default, prefer, bind, interleave, local.
See man 2 set_mempolicy for details on each policy.

Overall NUMA policy actually consists of two parts. Policy itself and
bitmask representing NUMA nodes where is policy effective. Node mask can
be specified using related option, NUMAMask. Default mask can be
overwritten on per-service level.
2019-06-24 16:58:54 +02:00