Commit Graph

449 Commits

Author SHA1 Message Date
Kay Sievers
b45f770f00 udev: clarify man page regarding starting dameons 2012-04-14 21:53:26 +02:00
Lennart Poettering
ecedd90fcd service: place control command in subcgroup control/
Previously, we were brutally and onconditionally killing all processes
in a service's cgroup before starting the service anew, in order to
ensure that StartPre lines cannot be misused to spawn long-running
processes.

On logind-less systems this has the effect that restarting sshd
necessarily calls all active ssh sessions, which is usually not
desirable.

With this patch control processes for a service are placed in a
sub-cgroup called "control/". When starting a service anew we simply
kill this cgroup, but not the main cgroup, in order to avoid killing any
long-running non-control processes from previous runs.

https://bugzilla.redhat.com/show_bug.cgi?id=805942
2012-04-13 23:29:59 +02:00
Lennart Poettering
8aec53fb90 polkit: spawn agent in --fallback mode 2012-04-13 21:52:42 +02:00
Léo Gillot-Lamure
40c32a4ad4 One can specify in which cgroup hierarchies a systemd-nspawn container will appear 2012-04-12 00:46:09 +02:00
Lennart Poettering
23e0573cea update TODO 2012-04-11 23:56:58 +02:00
Lennart Poettering
4771148bb9 units: exclude gettys from isolate requests
gettys are nowadays mostly autospawned and hence usually subject to
being shut down on isolate requests, since they are no dependency of any
other unit. This is a bad idea if the user isolates between
multi-user.graphical and graphical.target, hence exclude them from the
isolation.

This has the effect that gettys no longer cleaned up when
emergency.target is isolated, which might actualy be considered a
feature, even though it is a change from previous behaviour...

Note that the one getty that really matters (the one on tty1) is still
removed when isolating to emergency.target since it conflicts with
emergency.service.
2012-04-11 22:37:48 +02:00
Lennart Poettering
f25626edf4 main: disarm watchdog when preparing for reexecution 2012-04-11 18:40:22 +02:00
Lennart Poettering
71ecc858fa main: drop container/initrd env vars from inherited set
Leave the env vars used in the container/initrd logic set for PID1, but
don't inherit them to any children.
2012-04-11 13:20:34 +02:00
Kay Sievers
d50f0b1c9f update TODO 2012-04-10 22:47:48 +02:00
Kay Sievers
b8b5e648ca update TODO 2012-04-09 22:07:18 +02:00
Kay Sievers
2d13da8821 udev: remove RUN+="socket:.." and udev_monitor_new_from_netlink() 2012-04-09 21:18:30 +02:00
Kay Sievers
1c0f62e37b udev: fix test-udev binary 2012-04-08 17:03:17 +02:00
Kay Sievers
07cd4fc168 udev: remove support for /lib/udev/devices/; tmpfiles should be used 2012-04-08 16:50:16 +02:00
Kay Sievers
baa30fbc2c udev: switch to systemd logging functions 2012-04-08 16:06:20 +02:00
Lennart Poettering
e96d6be763 systemd: add hardware watchdog support
This adds minimal hardware watchdog support to PID 1. The idea is that
PID 1 supervises and watchdogs system services, while the hardware
watchdog is used to supervise PID 1.

This adds two hardware watchdog configuration options, for the runtime
watchdog and for a shutdown watchdog. The former is active during normal
operation, the latter only at reboots to ensure that if a clean reboot
times out we reboot nonetheless.

If the runtime watchdog is enabled PID 1 will automatically wake up at
half the configured interval and write to the watchdog daemon.

By default we enable the shutdown watchdog, but leave the runtime
watchdog disabled in order not to break independent hardware watchdog
daemons people might be using.

This is only the most basic hookup. If necessary we can later on hook
up the watchdog ping more closely with services deemed crucial.
2012-04-05 22:15:29 +02:00
Kay Sievers
b8217b7bd5 update TODO 2012-04-04 14:57:36 +02:00
Kay Sievers
3e2147858f move imported udev into place 2012-04-04 05:05:07 +02:00
Lennart Poettering
3eff4208ff logind: log with AUTH facility 2012-04-03 19:26:02 +02:00
Lennart Poettering
568b679f2a systemctl: make -f short for both --follow and --force 2012-04-03 14:43:48 +02:00
Lennart Poettering
08f23fd29c update TODO 2012-04-03 14:27:13 +02:00
Lennart Poettering
3cc588803d update TODO 2012-04-02 20:54:15 +02:00
Lennart Poettering
b070e7f3c9 journal: implicitly add code location to all messages logged with the native interface
This logic can be turned off by defining SD_JOURNAL_SUPPRESS_LOCATION
before including sd-journal.h.

This also saves/restores errno in all logging functions, in order to be
useful as logging calls without side-effects.

This also adds a couple of __unlikely__ around the early checks in the
logging calls, in order to minimize the runtime impact.
2012-04-02 19:29:48 +02:00
Lennart Poettering
1fa80181ae journal: decrease default mmap window size to allow a bigger number of journals to be traversed in parallel 2012-04-02 19:29:47 +02:00
Kay Sievers
18b754d345 rename /etc/systemd/systemd-{login,journal}d.conf to {login,journal}d.conf 2012-03-30 23:36:44 +02:00
Lennart Poettering
231931ffba units: don't mount tmpfs on /media anymore
udisks2 doesn't use /media anymore, instead mounts removable media in a
user-private directory beneath /run. /media is hence mostly obsolete and
hence it makes little sense to continue to mount a tmpfs to it.

Distributions should consider dropping the mount point entirely since
nothing uses it anymore.
2012-03-27 17:04:22 +02:00
Lennart Poettering
2bd3c38a44 journalctl: add --local switch 2012-03-27 00:14:29 +02:00
Lennart Poettering
169c4f6513 journalctl,loginctl: drop systemd- prefix in binary names
Let's make things a bit easier to type, drop the systemd- prefix for
journalctl and loginctl, but provide the old names for compat.

All systemd binaries are hence now prefixed with "systemd-" with the
exception of the three primary user interface binaries:

systemctl
loginctl
journalctl

For those three we do provide systemd-xyz names as well, via symlinks:

systemd-systemctl → systemctl
systemd-loginctl → loginctl
systemd-journalctl → journalctl

We do this only for the *primary* user tools, in order to avoid
unnecessary namespace problems. That means tools like systemd-notify
stay the way they are.
2012-03-26 20:58:47 +02:00
Lennart Poettering
6ba383fa49 update TODO 2012-03-22 01:42:34 +01:00
Lennart Poettering
bd08f24224 man: fix parameter name for sd_uid_xxx() 2012-03-20 15:28:35 +01:00
Lennart Poettering
38cacf5acd man: make sure we ship HTML versions of the man pages in the tarball 2012-03-16 01:25:32 +01:00
Lennart Poettering
5c3246b1a6 man: document journal features of systemctl(1) 2012-03-16 01:00:23 +01:00
Kay Sievers
d3c7d7dd77 update TODO 2012-03-15 12:43:53 +01:00
Lennart Poettering
71100051c5 journald: increase max file size to 128MB 2012-03-15 02:57:39 +01:00
Lennart Poettering
fb0864e7b9 virt: the pidns controller does not exist anymore 2012-03-15 00:43:47 +01:00
Lennart Poettering
18da49531e update TODO 2012-03-14 19:10:29 +01:00
Lennart Poettering
8af0fcdb90 update TODO 2012-03-14 17:23:43 +01:00
Lennart Poettering
0d1575814b update TODO 2012-03-14 14:37:49 +01:00
Lennart Poettering
9586cdfab6 socket: if we fail to create an instantiated service for a socket, don't put the socket in failure mode
An incoming connection that is immediately terminated might result in
getpeername() or a similar call failing. Hence it is quite possible that
while we are setting up an instantiated service for a socket we might
get an error and we shouldn't take this as hint to take the listening
socket down.

https://bugs.freedesktop.org/show_bug.cgi?id=45297
https://bugzilla.novell.com/show_bug.cgi?id=741590
2012-03-14 03:01:27 +01:00
Lennart Poettering
6b80b9b8ee update TODO 2012-03-13 13:44:47 +01:00
Lennart Poettering
54ecda32c6 socket: add option for SO_PASSEC
https://bugzilla.redhat.com/show_bug.cgi?id=798760

(Note that this work is not complete yet, as the kernel seems to send us
useless data with SCM_SECURITY enabled)
2012-03-13 00:00:27 +01:00
Lennart Poettering
7f110ff9b8 conf: enforce UTF8 validty everywhere
we need to make sure that configuration data we expose via the bus ends
up in using getting an assert(). Even though configuration data is only
parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:21 +01:00
Lennart Poettering
8d2831af71 update TODO 2012-03-12 14:01:27 +01:00
Lennart Poettering
93e487fc8f update TODO 2012-03-06 12:55:57 +01:00
Lennart Poettering
0716c60e37 update TODO 2012-03-06 01:36:58 +01:00
Lennart Poettering
4007e72e05 update TODO 2012-03-06 01:30:00 +01:00
Lennart Poettering
9cacf56451 umount: don't try to umount /usr, if we are running from it 2012-03-06 01:28:32 +01:00
Lennart Poettering
7d900eb6f5 update TODO 2012-03-05 22:55:49 +01:00
Lennart Poettering
101f077676 update TODO 2012-03-05 14:09:27 +01:00
Lennart Poettering
d0e5a33374 update TODO 2012-02-20 19:56:14 +01:00
Lennart Poettering
f7f964eb36 update TODO 2012-02-20 15:54:28 +01:00