Commit Graph

4096 Commits

Author SHA1 Message Date
Yu Watanabe
97f9df9e30 network: rename Protocol= in [RoutingPolicyRule] to IPProtocol= 2018-12-02 06:13:47 +01:00
Lennart Poettering
ee93c1e664 man: document systemd-analyze security 2018-11-30 16:48:09 +01:00
Lennart Poettering
6740028516
Merge pull request #10989 from keszybz/nss-man
Add example to nss-mymachines(8)
2018-11-29 19:28:39 +01:00
Zbigniew Jędrzejewski-Szmek
401faa3533
Merge pull request #10357 from poettering/import-fs
machinectl import-fs command and other fixes
2018-11-29 16:38:46 +01:00
Zbigniew Jędrzejewski-Szmek
f2cca38e46 man: add an extensive example to nss-mymachines(8)
The man page didn't really say what we are mapping and with what
patterns. Let's fix that.
2018-11-29 15:47:21 +01:00
Zbigniew Jędrzejewski-Szmek
8b4e51a60e
Merge pull request #10797 from poettering/run-generator
add new "systemd-run-generator" for running arbitrary commands from the kernel command line as system services using the "systemd.run=" kernel command line switch
2018-11-28 22:40:55 +01:00
Susant Sahani
926062f083 networkd: add support to configure ip rule port range and protocol.
Please see:

iprule: support for ip_proto, sport and dport match options
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=f686f764682745daf6a93b0a6330ba42a961f858

Closes 10622
2018-11-28 20:06:28 +05:30
Zbigniew Jędrzejewski-Szmek
94f760ec9d man,factory: update factory config for nsswitch.conf to match the man pages
Also add a note in the man pages to remind people to adjust the factory config
and other man pages at the same time.
2018-11-27 22:35:02 +01:00
Lennart Poettering
de38f06f52
Merge pull request #10813 from poettering/cgroup-exec-start-pre
make sure ExecStartPre= and Delegate=yes mix well
2018-11-27 10:29:17 +01:00
Lennart Poettering
565f3d91a2 man: document systemd-run-generator 2018-11-27 09:44:40 +01:00
Lennart Poettering
6a4e939dd0 man: document FailureActionExitStatus=/SuccessActionExitStatus= 2018-11-27 09:44:40 +01:00
Yu Watanabe
9b6ffef372 man: update explanation for boolean options 2018-11-27 15:07:58 +09:00
Yu Watanabe
025314d97d man: improve the explanation of "Defaults to unset" 2018-11-27 14:40:25 +09:00
Susant Sahani
2266864b04 networkd: Add support for ERSPAN tunnel
Please see: https://patchwork.ozlabs.org/patch/800327/
```
[NetDev]
Name=erspan-test
Kind=erspan

[Tunnel]
Independent=true
ERSPANIndex=123
Local = 172.16.1.200
Remote = 172.16.1.100
Key=101
SerializeTunneledPackets=true
```
2018-11-27 11:04:42 +09:00
Lennart Poettering
077c40bc52 man: link Delegate= documentation up with the markdown docs 2018-11-26 18:43:23 +01:00
Lennart Poettering
5f7ecd610c import: drop logic of setting up /var/lib/machines as btrfs loopback mount
Let's simplify things and drop the logic that /var/lib/machines is setup
as auto-growing btrfs loopback file /var/lib/machines.raw.

THis was done in order to make quota available for machine management,
but quite frankly never really worked properly, as we couldn't grow the
file system in sync with its use properly. Moreover philosophically it's
problematic overriding the admin's choice of file system like this.

Let's hence drop this, and simplify things. Deleting code is a good
feeling.

Now that regular file systems provide project quota we could probably
add per-machine quota support based on that, hence the btrfs quota
argument is not that interesting anymore (though btrfs quota is a bit
more powerful as it allows recursive quota, i.e. that the machine pool
gets an overall quota in addition to per-machine quota).
2018-11-26 18:09:01 +01:00
Lennart Poettering
1d7579c473 machine: add support for importing containers from plain directories
Fixes: #2728

This is also supposed to be preparation for doing #10234 eventually,
where a very similar operation is requested: instead of importing a tree
to /var/lib/machines it would need to be imported into
/var/lib/portables/.
2018-11-26 18:09:01 +01:00
Lennart Poettering
576cf244a4 man: document that machinectl is also happy with block devices these days 2018-11-26 18:09:01 +01:00
Yu Watanabe
cbae79b8d0 man: systemd-boot does not read loader.conf.d/*.conf
Fixes #10923.
2018-11-26 06:58:31 +09:00
Lennart Poettering
badd28e158 run: add new --shell switch for spawning a shell as service
I keep running "systemd-run -t /bin/bash" to quickly get a shell running
in service context. I suspect I am not the only one, hence let's add a
shortcut for it. While we are at it, let's make it smarter, and
automatically inherit the $SHELL of the invoking user as well as the
working directory, and let's imply --pty. --shell (or -S) is hence
equivalent to "-t -d $SHELL".
2018-11-23 12:49:00 +01:00
Lennart Poettering
2d21165a4e run: add a switch for specifiying the working directory of a service
I find myself testing service management quite often with "systemd-run
-t /bin/bash". For that it is handy if the invoked shell would use the
working directory I am currently in. Hence introduce a shorthand for
that:

        $ systemd-run -dt /bin/bash

This will automatically insert a WorkingDirectory= property into the
transient service, pointing to the working directory of the caller.
2018-11-23 12:49:00 +01:00
Zbigniew Jędrzejewski-Szmek
c43acf69e4 man: update description of Description=
The way this is used drifted a bit from the original intent. Let's update
the description and add some examples to inspire people to texts that look
less bad during initial boot.
2018-11-22 20:58:43 +01:00
Lennart Poettering
fd78fd122a man: minor fixes
As suggested here:

https://github.com/systemd/systemd/pull/10538#pullrequestreview-176710207
2018-11-20 15:56:24 +01:00
Zbigniew Jędrzejewski-Szmek
606b0b64a7
Merge pull request #10538 from poettering/tmpfiles-reorder
tmpfiles: remove children before their parents plus other fixlets
2018-11-20 13:00:28 +01:00
Chris Down
a88c5b8ac4 cgroup v2: DefaultCPUAccounting=yes if CPU controller isn't required
We now don't enable the CPU controller just for CPU accounting if we are
on 4.15+ and using pure unified hierarchy, as this is provided
externally to the CPU controller. This makes CPUAccounting=yes
essentially free, so enabling it by default when it's cheap seems like a
good idea.
2018-11-18 12:21:41 +00:00
Lennart Poettering
14c4da2ffe
Merge pull request #10805 from poettering/migrate-boot-loader-interface
migrate boot loader interface doc from wiki into markdown (split out of #10495)
2018-11-16 17:55:08 +01:00
Lennart Poettering
6415fecd4c
Merge pull request #10785 from poettering/cgroup-join-removal
remove JoinControllers= setting
2018-11-16 17:53:26 +01:00
Lennart Poettering
3382cf28b6
Merge pull request #10802 from poettering/hide-only-on
man: let's deprecate PermissionsStartOnly=
2018-11-16 17:53:01 +01:00
Lennart Poettering
2fe8213230 docs: migrate boot loader interface from fdo wiki to git
This imports
https://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface/
into our sources, and extends it substantially with various variables
now supported.
2018-11-16 17:43:59 +01:00
Lennart Poettering
5dd5f7cfa8 sd-boot: add new EFI variable exposing feature set of boot loader
We keep adding new features, let's advertise to the host OS what these
are in a new variable LoaderFeatures.

It works a bit like OsIndicationsSupported, but is about Loader
features.
2018-11-16 15:47:18 +01:00
Lennart Poettering
fe2579dd9c sd-boot: introduce a one-time override for the boot menu timeout
This is useful to allow userspace to request a "boot into boot menu"
feature.
2018-11-16 15:47:18 +01:00
Lennart Poettering
143fadf369 core: remove JoinControllers= configuration setting
This removes the ability to configure which cgroup controllers to mount
together. Instead, we'll now hardcode that "cpu" and "cpuacct" are
mounted together as well as "net_cls" and "net_prio".

The concept of mounting controllers together has no future as it does
not exist to cgroupsv2. Moreover, the current logic is systematically
broken, as revealed by the discussions in #10507. Also, we surveyed Red
Hat customers and couldn't find a single user of the concept (which
isn't particularly surprising, as it is broken...)

This reduced the (already way too complex) cgroup handling for us, since
we now know whenever we make a change to a cgroup for one controller to
which other controllers it applies.
2018-11-16 14:54:13 +01:00
Lennart Poettering
899feb7225 man: let's deprecate PermissionsStartOnly=
The concept is redundant and predates the special chars that do the same
in ExecStar=. Let's settle on advertising just the latter, and hide
PermissionsStartOnly= from the docs (even if we continue supporting it).
2018-11-16 14:31:37 +01:00
Zbigniew Jędrzejewski-Szmek
08c1eb0e30 sd-event: make sd_event_source_get_enabled return more info 2018-11-16 09:03:41 +01:00
Lennart Poettering
042cad5737
Merge pull request #10753 from keszybz/pager-no-interrupt
Add mode in journalctl where ^C is handled by the pager
2018-11-14 20:09:39 +01:00
Zbigniew Jędrzejewski-Szmek
84afbbcf24 man: use <keycombo> more 2018-11-14 16:57:33 +01:00
Zbigniew Jędrzejewski-Szmek
6432da6a69 basic/pager: ignore ^C when piping to less and K is not set
Normally, we want to immediately quit on ^C. But when we are running under
less, people may set SYSTEMD_LESS without K, in which case they can use ^C to
communicate with less, and e.g. start and stop following input.

Fixes #6405.
2018-11-14 16:53:50 +01:00
Lennart Poettering
8755568681
Merge pull request #10759 from keszybz/udevd-more-configuration
Udevd more configuration options
2018-11-14 16:21:14 +01:00
Lennart Poettering
438311a518 man: document that env vars are not suitable for passing secrets
Prompted by the thread around:

https://lists.freedesktop.org/archives/systemd-devel/2018-November/041665.html
2018-11-14 09:12:49 +03:00
Zbigniew Jędrzejewski-Szmek
a14e7af162 udev: also allow resolve_names= to be specified in udev.conf 2018-11-13 14:35:36 +01:00
Zbigniew Jędrzejewski-Szmek
4b3ca79ea9 udevd: allow more parameters to be set through udev.conf
Rebooting to set change the kernel command line to set some udev parameters is
inconvenient. Let's allow setting more stuff in the config file.

Also drop quotes from around "info" in udev.conf. We need to accept them for
compatibility, but there is no reason to use them.
2018-11-13 14:03:47 +01:00
Yu Watanabe
bf877a54c7
Merge pull request #10669 from danderson/networkd-6rd
networkd: add 6rd support for sit netdevs
2018-11-12 15:55:03 +09:00
Alexander Kurtz
f628e3eea7 man: fix default value in resolved.conf man page (#10733)
See https://github.com/systemd/systemd/blob/v239/meson_options.txt#L190
2018-11-12 15:44:55 +09:00
Lennart Poettering
5fb0720ebb
Merge pull request #10728 from keszybz/four-unrelated-cleanups
Four unrelated cleanups
2018-11-11 21:16:14 +01:00
Lennart Poettering
a9353a5c5b core: log about /var/run/ prefix used in PIDFile=, patch it to be /run instead
In a way this is a follow-up for
a2d1fb882c, but adds a similar warning for
PIDFile=.

There's a much stronger case for doing this kind of notification in
tmpfiles.d (since it helps relating lines to each other for the purpose
of merging them). Doing this for PIDFile= is mostly about being
systematic and copying tmpfiles.d/ behaviour here.

While we are at it, let's also support relative filenames in PIDFile=
now, and prefix them with /run, to make them absolute.

Fixes: #10657
2018-11-10 19:17:00 +01:00
David Anderson
d067cab35c networkd: support 6rd tunnel netdev setup. 2018-11-09 17:56:33 -08:00
Zbigniew Jędrzejewski-Szmek
b98a3c286e man: add missing link in sd-bus(3)
Follow-up for 576af73f4a.
2018-11-09 21:40:21 +01:00
Michael Biebl
631e393a21 man: fix system.generator in systemd.unit
Fixes: #10713
2018-11-09 21:39:59 +01:00
Zbigniew Jędrzejewski-Szmek
15e9a42074
Merge pull request #10306 from poettering/nspawn-ref-unref
nspawn scope lifecycle fixes
2018-11-09 20:49:31 +01:00
Lennart Poettering
48c3512269 man: document sd_bus_attach_event() 2018-11-09 17:09:52 +01:00