Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET,
use BOOT_ID+offset or BOOT_ID-offset (either + or - is required).
Also make error handling a bit more robust and verbose.
Modify the man page to describe the most common case (-b) first,
and the second most common case (-b -1) second.
Based on a patch by Kay Sievers.
A tag is exported at boot as a symlinks to the device node in the folder
/run/udev/static_node-tags/<tagname>/, if the device node exists.
These tags are cleaned up by udevadm info --cleanup-db, but are otherwise
never removed.
A few asserts are replaced with 'return -EINVAL'. I think that
assert should not be used to check argument in public functions.
Fields in struct sd_journal are rearranged to make it less
swiss-cheesy.
The list and descriptions of valid output options was difficult to read,
so break up the long block of text into discrete man page list items to
improve readability.
Hi,
I redid the boot ID look up to use enumerate_unique.
This is quite fast if the cache is warm but painfully slow if
it isn't. It has a slight chance of returning the wrong order if
realtime clock jumps around.
This one has to do n searches for every boot ID there is plus
a sort, so it depends heavily on cache hotness. This is in contrast
to the other way of look-up through filtering by a MESSAGE_ID,
which only needs about 1 seek + whatever amount of relative IDs
you want to walk.
I also have a linked-list + (in-place) mergesort version of this
patch, which has pretty much the same runtime. But since this one
is using libc sorting and armortized allocation, I prefer this
one.
To summarize: The MESSAGE_ID way is a *lot* faster but can be
incomplete due to rotation, while the enumerate+sort will find
every boot ID out there but will be painfully slow for large
journals and cold caches.
You choose :P
Jan
In a User-Mode Linux session:
$ systemd-detect-virt
none
Although it is possible to reliably detect virtualization:
$ cat /proc/cpuinfo
processor : 0
vendor_id : User Mode Linux
model name : UML
mode : skas
host : Linux kytes 3.11.0-rc1-00009-ge5fd680 (...)
bogomips : 7007.43
So, grep for the string "\nvendor_id\t: User Mode Linux\n" in
/proc/cpuinfo, and say "uml" when asked.
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.
Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
Especially sentences like "filename ends in .suffix" are easier to
parse if the suffix is surrounded by quotes. In sentences like
"requires a .service unit", where the suffix is used as a class
designation, there is no need to use quotes.
The affected files in this patch had inconsistent use of tabs vs. spaces
for indentation, and this patch eliminates the stray tabs.
Also, the opening brace of sigchld_hdl() in activate.c was moved so the
opening braces are consistent throughout the file.
Use proper grammar, word usage, adjective hyphenation, commas,
capitalization, spelling, etc.
To improve readability, some run-on sentences or sentence fragments were
revised.
[zj: remove the space from 'file name', 'host name', and 'time zone'.]
Before: libsystemd-daemonpkg-config(1)
After: libsystemd-daemon pkg-config(1)
This fix is more complicated than it should be due to the consecutive
XML elements separated by collapsible whitespace.
Merging the lines and separating the XML elements with an en space or a
non-breaking space is the only solution that results in one, and only
one, space being inserted between them when testing. An em space results
in two spaces being inserted.
When manpages are displayed on a terminal, <literal>s are indistinguishable
from surrounding text. Add quotes everywhere, remove duplicate quotes,
and tweak a few lists for consistent formatting.
https://bugzilla.redhat.com/show_bug.cgi?id=874631
Reporting of the free space was bogus, since the remaining space
was compared with the maximum allowed, instead of the current
use being compared with the maximum allowed. Simplify and fix
by reporting limits directly at the point where they are calculated.
Also, assign a UUID to the message.
Sometimes an entry is not successfully written, and we end up with
data items which are "unlinked", not connected to, and not used by any
entry. This will usually happen when we write to write a core dump,
and the initial small data fields are written successfully, but
the huge COREDUMP= field is not written. This situation is hard
to avoid, but the results are mostly harmless. Thus only warn about
unused data items.
Also, be more verbose about why journal files failed verification.
This should help diagnose journal failure modes without resorting
to a hexadecimal editor.
https://bugs.freedesktop.org/show_bug.cgi?id=65235 (esp. see
system.journal attached to the bug report).
This complements existing functionality of setting variables
through 'systemctl set-environment', the kernel command line,
and through normal environment variables for systemd in session
mode.
Describe how to handle an AF_UNIX socket, with Accept set to false,
received from systemd, upon exit.
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
The list and descriptions of valid transports was difficult to read, so
break the long sentence up into discrete man page list items to improve
readability.
This allows the caller to explicitly specify which journal files
should be opened. The same functionality could be achieved before
by creating a directory and playing around with symlinks. It
is useful to debug stuff and explore the journal, and has been
requested before.
Waiting is supported, the journal will notice modifications on
the files supplied when opening the journal, but will not add
any new files.
--user basically gives messages from your own systemd --user services.
--system basically gives messages from PID 1, kernel, and --system
services. Those two options are not exahustive, because a priviledged
user might be able to see messages from other users, and they will not
be shown with either or both of those flags.
This is the just the library part.
SD_JOURNAL_CURRENT_USER flags is added to sd_j_open(), to open
files from current user.
SD_JOURNAL_SYSTEM_ONLY is renamed to SD_JOURNAL_SYSTEM,
and changed to mean to (also) open system files. This way various
flags can be combined, which gives them nicer semantics, especially
if other ones are added later.
Backwards compatibility is kept, because SD_JOURNAL_SYSTEM_ONLY
is equivalent to SD_JOURNAL_SYSTEM if used alone, and before there
we no other flags.
This change is based on existing usage in systemd and online.
'File-system' may make sense in adjectival form, but man pages
seem to prefer 'file system' even in those situations.
That way ordering it with MountsRequiredFor= works properly, as this no
longer results in mount units start requests to be added to the shutdown
transaction that conflict with stop requests for the same unit.
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
Do the depmod in the kernel-install hooks, so hooks can produce/install
kernel modules and be part of the depmod.
Also move the basic boot loader entry creation and removal to a
plugin script.
If PRETTY_NAME is not defined in /etc/os-release, fallback to
PRETTY_NAME="Linux $KERNEL_VERSION".
Add documentation for everything in the man page.
Everything which is an absolute filename marked with <filename></filename>
lands in the index, unless noindex= attribute is present. Should make
it easier for people to find stuff when they are looking at a file on
disk.
Various formatting errors in manpages are fixed, kernel-install(1) is
restored to formatting sanity.
Bootchart has a help option. For the sake of consistency, this patch
adds it to the man page.
Also, the TODO is updated. Bootcharts were added to the journal in
commit c4d58b0.
We generally document the suggested paths, not the paths possible in
weird, non-standard setups. We do this in order to not confuse
administrators/users unnecessarily and to push people to install things
into the same directories on all distributions.
We are PID 1 after all, the really basic building block of the OS.
Unlike for an app there's very little benefit in being entirely
relocatable.
Using the signal name to put systemd in debug mode with bash results in:
$ kill -s SIGRTMIN+22 1
bash: kill: SIGRTMIN+22: invalid signal specification
whereas this works:
$ kill -s SIGRTMAX-8 1
/usr/bin/kill understands both signal names, so just change them to the
bash names.
Previously only one "--unit=" or "--user-unit" could be specified.
With this patch, journalcrtl can show multiple units.
$ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b
-- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12
09:10:22 CEST. --
Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager.
Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager.
Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager.
Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used
instead of sendmail.)
Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify
support)
Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon...
Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon.
Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22.
Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22.
Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8:
"/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
Apparently nsenter doesn't handle options concatenated together.
I'm pretty sure it worked at one point, but it seems like magic,
since each of those options can take arguments.
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
This mirrors --property, and is generally useful.
New functionality is used in bash completion.
In case of zsh completion, new functionality is less useful
because of caching. Nevertheless, zsh completion for restart
is made to behave more-or-less the same as bash completion.
At least sockets can be restarted.
Make "systemd-analyze dot" output only lines with units matching
given glob(7) patterns. Add --from-pattern and --to-pattern options.
Without any patterns all relationships are printed as before.
A relationship must match the follwing expression:
(isempty(from) || from[0] || from[1] || .. || from[n]) &&
(isempty(to) || to[0] || to[1] || .. || to[n]) &&
(isempty(P) || P[0] || P[1] || ... || P[n])
where from[] and to[] are lists of patterns provided with subsequent
--from-pattern and --to-pattern respectively. P[] is a list of additional
patterns provided after the "dot" subcommand.
This function should be used when filling in "struct pollfd"'s .events
field for watching the journal. It will always return POLLIN for now,
but we should keep our options open to change this later on.
This mimics libsystemd-bus' sd_bus_get_events() call with the same
purpose.
This makes it easier to add substitutions to man pages,
avoiding the separate transformation step.
mkdir -p's are removed from the rule, because xsltproc will
will create directories on it's own.
All in all, two or three forks per man page are avoided,
which should make things marginally faster.
Unfortunately python parsers must too be tweaked to handle
entities. This isn't particularly easy: with lxml a custom
Resolver can be used, but the stdlib etree doesn't support
external entities *at all*. So when running without lxml,
the entities are just removed. Right now it doesn't matter,
since the entities are not indexed anyway. But I intend to
add indexing of filenames in the near future, and then the
index generated without lxml might be missing a few lines.
Oh well.
The rules governing %s where just too complicated. First of
all, looking at $SHELL is dangerous. For systemd --system,
it usually wouldn't be set. But it could be set if the admin
first started a debug shell, let's say /sbin/sash, and then
launched systemd from it. This shouldn't influence how daemons
are started later on, so is better ignored. Similar reasoning
holds for session mode. Some shells set $SHELL, while other
set it only when it wasn't set previously (e.g. zsh). This
results in fragility that is better avoided by ignoring $SHELL
totally.
With $SHELL out of the way, simplify things by saying that
%s==/bin/sh for root, and the configured shell otherwise.
get_shell() is the only caller, so it can be inlined.
Fixes one issue seen with 'make check'.
This introduces remote-fs-setup.target independently of
remote-fs-pre.target. The former is only for pulling things in, the
latter only for ordering.
The new semantics:
remote-fs-setup.target: is pulled in automatically by all remote mounts.
Shall be used to pull in other units that want to run when at least one
remote mount is set up. Is not ordered against the actual mount units,
in order to allow activation of its dependencies even 'a posteriori',
i.e. when a mount is established outside of systemd and is only picked
up by it.
remote-fs-pre.target: needs to be pulled in automatically by the
implementing service, is otherwise not part of the initial transaction.
This is ordered before all remote mount units.
A service that wants to be pulled in and run before all remote mounts
should hence have:
a) WantedBy=remote-fs-setup.target -- so that it is pulled in
b) Wants=remote-fs-pre.target + Before=remote-fs-pre.target -- so that
it is ordered before the mount point, normally.
Add option to force journal sync with fsync. Default timeout is 5min.
Interval configured via SyncIntervalSec option at journal.conf. Synced
journal files will be marked as OFFLINE.
Manual sync can be performed via sending SIGUSR1.
Previously, it would set all caps, but it should drop them all, anything
else makes little sense.
Also, document that this works as it does, and what to do in order to
assign all caps to the bounding set.
https://bugzilla.redhat.com/show_bug.cgi?id=914705
Seems natural to be able to specify relative directory,
e.g. with journalctl -D. And even if, this should be checked
in front-end code, not in the library.
The properties will still be set in the udev database, but they will not be used
for setting the interface names. As for the other kernel commandline switches,
we allow it to be prefixed by 'rd.' to only apply in the initrd.
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
I need this to test half-installed socket-activated python
script, which requires PYTHONPATH and LD_LIBRARY_PATH set.
I assume that other people might find it useful to.
-E VAR passes through VAR from the environment, while
-E VAR=value sets VAR=value.
systemd-activate -E PYTHONPATH=/var/tmp/inst1/usr/lib64/python3.3/site-packages -E LD_LIBRARY_PATH=/var/tmp/inst1/usr/lib -l 2000 python3 -c 'from systemd.daemon import listen_fds; print(listen_fds())'
Previously we were testing whether /sys/fs/cgroup/systemd/ was a mount
point. This might be problematic however, when the cgroup trees are bind
mounted into a container from the host (which should be absolutely
valid), which might create the impression that the container was running
systemd, but only the host actually is.
Replace this by a check for the existance of the directory
/run/systemd/system/, which should work unconditionally, since /run can
never be a bind mount but *must* be a tmpfs on systemd systems, which is
flushed at boots. This means that data in /run always reflects
information about the current boot, and only of the local container,
which makes it the perfect choice for a check like this.
(As side effect this is nice to Ubuntu people who now use logind with
the systemd cgroup hierarchy, where the old sd_booted() check misdetects
systemd, even though they still run legacy Upstart.)
First, rename root-fs.target to initrd-root-fs.target to clarify its usage.
Mount units with "x-initrd-rootfs.mount" are now ordered before
initrd-root-fs.target. As we sometimes construct /sysroot mounts in
/etc/fstab in the initrd, we want these to be mounted before the
initrd-root-fs.target is active.
initrd.target can be the default target in the initrd.
(normal startup)
:
:
v
basic.target
|
______________________/|
/ |
| sysroot.mount
| |
| v
| initrd-root-fs.target
| |
| v
| initrd-parse-etc.service
(custom initrd services) |
| v
| (sysroot-usr.mount and
| various mounts marked
| with fstab option
| x-initrd.mount)
| |
| v
| initrd-fs.target
| |
\______________________ |
\|
v
initrd.target
|
v
initrd-cleanup.service
isolates to
initrd-switch-root.target
|
v
______________________/|
/ |
| initrd-udevadm-cleanup-db.service
| |
(custom initrd services) |
| |
\______________________ |
\|
v
initrd-switch-root.target
|
v
initrd-switch-root.service
|
v
switch-root
journalctl -u unit is not very useful, because it doesn't show
systemd messages about starting, stopping, coredumps, etc,
like systemctl status unit does. Make it show the same
information using the same rules.
If somebody really want to see just messages from by the unit,
it is easy enough to use _SYSTEMD_UNIT=...
Instead of using local-fs*.target in the initrd, use root-fs.target for
sysroot.mount and initrd-fs.target for /sysroot/usr and friends.
Using local-fs.target would mean to carry over the activated
local-fs.target to the isolated initrd-switch-root.target and thus in
the real root. Having local-fs.target already active after
deserialization causes ordering problems with the real root services and
targets.
We better isolate to targets for initrd-switch-root.target, which are
only available in the initrd.
The documentation makes it sound like ExecStopPost is only run when
stopping the service with `systemctl stop foo.service`
However, that is not the case, as it also gets run when the service
unexpectedly exists, crashes, or gets SIGKILLed.
This should help readers of the man or HTML pages know if the documentation
is out of date. An alternative to use a date generated from 'git log' was
considered, but since we try to keep user visible documentation up to date,
showing the project version should be enough.
Since the HTML files are in different directories during build
and on fd.o, links are broken in the build directory. This could
be fixed by moving stuff around, or by modifying the files during
upload, but I think that people do not usually create HTML files
for local browsing, and this is not necessary.
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
Errors because of oom conditions or descriptor exhaustion should not
be ignored. We probably cannot recover from those conditions.
Current behaviour wrt. insufficient permissions is described in the
man page. It might make sense in case of user sessions, so I left
it as is.
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
This reverts commit cb96a2c69a.
It is not a mistake to pass args when -b is specified. They will simply
be passed on to the container's init.
The manpage needs fixing, that's true.
Occasionally people report problem with reboot/poweroff operations hanging in
the middle. One known cause is when a new transaction to start a unit is
enqueued while the shutdown is going on. The start of the unit conflicts with
the shutdown jobs, so they get cancelled. The failure case can be quite unpleasant,
becase getty and sshd may already be stopped.
Fix it by using irreversible jobs for shutdown (reboot/poweroff/...) actions.
This applies to commands like "reboot", "telinit 6", "systemctl reboot". Should
someone desire to use reversible jobs, they can say "systemctl start reboot.target".`
Add a new job mode: replace-irreversibly. Jobs enqueued using this mode
cannot be implicitly canceled by later enqueued conflicting jobs.
They can however still be canceled with an explicit "systemctl cancel"
call.
"systemctl default" should behave identically to "telinit N" (where N is the
corresponding runlevel target number), therefore it should use isolate job mode
too.
In systemd-bootchart, the disk model information will not be found
unless the root device is specified using `root=/dev/sdxY` on the kernel
line. Just add a note as to why this doesn't happen.
Turning off filtering with --filter is just too confusing.
Config option "Filter" doesn't have to be changed, here
"Filter=yes" already meant to filter.
This makes 'status' behave like 'list-units':
systemctl status -> status of all units
systemctl -t error status -> status of error units
systemctl -t mount status -> etc.
Essentially transfer the 'README' file in src/bootchart to the man page
for easier reading by users.
Moved the 'History' section to the bottom, before the 'See Also' section.
man/systemd-bootchart.xml | 100 ++++++++++++++++++++++++++++++++++++++--------
1 file changed, 83 insertions(+), 17 deletions(-)
systemd-nspawn will now print the PID of the child.
An example showing how to enter the container is added
to the man page.
Support for nsenter without an explicit command was
added in https://github.com/karelzak/util-linux/commit/5758069
(post v2.22.2). So this example requires both a new kernel
and the latest util-linux.
Option listings seemed to be pretty much random, some were short opt,
long opt, others were long opt, short opt. This just makes every option
with a short and long opt that I could find in the order short opt, long
opt, for formatting's sake.
This unifies much of the logic behind them:
- All four will now ofllow the rule that the earlier file and earlier
assignment in the .d/ directories wins. Before, sysctl was the only
outlier, where the later setting always won.
- All four now support getopt() and --help on the command line.
- All four can now handle specification of configuration file names on
the command line to apply. The tools will automatically find them, and
apply them. Previously only tmpfiles could do that. This is useful for
%post scripts in RPMs and suchlike.
- This fixes various error path issues in conf_files_list()
In other cases where multiple directories are searched for unit files,
the list of directories is described in the man page describing the
format. I think this makes sense too in case of systemd directories,
since the systemd(1) manpage already has an overview of many different
topics.
man rules were repeating the same information in too many places,
which was error prone. Those rules can be easily generated from .xml
files. For efficiency and because python is not a required dependency,
Makefile-man.am is only regenerated when requested with
make update-man-list
If no metadata in man/*.xml changed, this file should not change. So
only when a new man page or a new alias is added, this file should
show up in 'git diff'. The change should then be committed.
If the support for building from git without python was dropped, we
could drop Makefile-man.am from version control. This would also
increase the partial build time (since more stuff would be rebuild
whenever sources in man/*.xml would be modified), so it would probably
wouldn't be worth it.
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only"
option, while the code understands "readonly".
We could just fix the manpage, but for consistency in naming of
multi-word options it would be prettier to have "read-only". So let's
accept both spellings.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
This allows one templated unit to refer to another templated unit
at installation time.
Examples:
> grep WantedBy ~/.config/systemd/user/mpop@.timer
WantedBy=services@%i.target
> srv disable mpop@iit.timer
rm '/home/alxchk/.config/systemd/user/services@iit.target.wants/mpop@iit.timer'
> srv enable mpop@iit.timer
ln -s '/home/alxchk/.config/systemd/user/mpop@.timer' '/home/alxchk/.config/systemd/user/services@iit.target.wants/mpop@iit.timer'
Based-on-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
Archlinux has a similar tool to debbotstrap in the arch-install-scripts
package that will install to a specified directory. This is generally
used for installation, so the -d flag must be passed to tell it to
install to a non-mountpoint directory.
New sections are added: PAM options, crypttab options, commandline
options, miscellaneous. The last category will be used for all
untagged <varname> elements.
Commandline options sections is meant to be a developer tool: when
adding an option it is sometimes useful to be able to check if
similarly named options exist elsewhere.
Type X will exclude path itself from clean-up. However, if the path is a
directory systemd-tmpfiles will clean-up its content.
In contrast to type x, where path is ignored completely, type X needs some
Age parameter. In order to determine Age parameter, we will look for config
entries of type d or D and pick the best match. Best match is either
exact match or longest prefix match.
Hi all,
while working on another bug, I discovered the "strange" way systemd is
parsing Environment= in .service and thought it was worth documenting
(because I don't expect people to find this syntax by themselves unless
they read the parsing code ;)
Be more verbose about using space in Environment field and not
using value of other variables
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=840260
[zj: expand and reformat the example a bit]
Due to the brokeness of much of the userspace audit code we cannot
really start too many systems without the audit caps set. To make nspawn
easier to use just add the audit caps by default.
To boot up containers successfully the kernel's auditing needs to be
turned off still (use "audit=0" on the kernel command line), but at
least no manual caps have to be passed anymore.
In the long run auditing will be fixed for containers and ve virtualized
properly at which time it should be safe to enable these caps anyway.