50f48ad37aad99c54de4db34b07c3825cdedcf41 |
|
10-Feb-2016 |
Daniel Mack <daniel@zonque.org> |
cgroup: remove support for NetClass= directive
Support for net_cls.class_id through the NetClass= configuration directive
has been added in v227 in preparation for a per-unit packet filter mechanism.
However, it turns out the kernel people have decided to deprecate the net_cls
and net_prio controllers in v2. Tejun provides a comprehensive justification
for this in his commit, which has landed during the merge window for kernel
v4.5:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
As we're aiming for full support for the v2 cgroup hierarchy, we can no
longer support this feature. Userspace tool such as nftables are moving over
to setting rules that are specific to the full cgroup path of a task, which
obsoletes these controllers anyway.
This commit removes support for tweaking details in the net_cls controller,
but keeps the NetClass= directive around for legacy compatibility reasons. |
89beff89edba592366b2960bd830d3f6e602c2c7 |
|
10-Feb-2016 |
Lennart Poettering <lennart@poettering.net> |
core: treat JobTimeout=0 as equivalent to JobTimeout=infinity
Corrects an incompatibility introduced with 36c16a7cdd6c33d7980efc2cd6a2211941f302b4.
Fixes: #2537 |
aad41f08144ab2333a3c42225c853d7d44f31c56 |
|
10-Feb-2016 |
Lennart Poettering <lennart@poettering.net> |
core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec=
Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout(). |
6bf0f408e4833152197fb38fb10a9989c89f3a59 |
|
10-Feb-2016 |
Lennart Poettering <lennart@poettering.net> |
core: make the StartLimitXYZ= settings generic and apply to any kind of unit, not just services
This moves the StartLimitBurst=, StartLimitInterval=, StartLimitAction=, RebootArgument= from the [Service] section
into the [Unit] section of unit files, and thus support it in all unit types, not just in services.
This way we can enforce the start limit much earlier, in particular before testing the unit conditions, so that
repeated start-up failure due to failed conditions is also considered for the start limit logic.
For compatibility the four options may also be configured in the [Service] section still, but we only document them in
their new section [Unit].
This also renamed the socket unit failure code "service-failed-permanent" into "service-start-limit-hit" to express
more clearly what it is about, after all it's only triggered through the start limit being hit.
Finally, the code in busname_trigger_notify() and socket_trigger_notify() is altered to become more alike.
Fixes: #2467 |
36c16a7cdd6c33d7980efc2cd6a2211941f302b4 |
|
01-Feb-2016 |
Lennart Poettering <lennart@poettering.net> |
core: rework unit timeout handling, and add new setting RuntimeMaxSec=
This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as
indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code
(following the logic that 0 means "no", and USEC_INFINITY means "never").
This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated,
and sd-event considers it has indication for turning off the event source.
This also alters the deserialization of the units to restart timeouts from the time they were originally started from.
Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to
artificially prolonged timeouts if a daemon reload took place.
Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a
specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs.
This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is
removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn()
calls fail.
Fixes: #2249 |
d0a7c5f69207b6719bab94893035fc8f5f6f87cb |
|
01-Feb-2016 |
Lennart Poettering <lennart@poettering.net> |
core: move parsing of rlimits into rlimit-util.[ch]
This way we can reuse it for parsing rlimit settings in "systemctl set-property" and related commands. |
755d4b67a471ed1a3472b8536cb51315d4e4e3c1 |
|
11-Jan-2016 |
Ismo Puustinen <ismo.puustinen@intel.com> |
capabilities: added support for ambient capabilities.
This patch adds support for ambient capabilities in service files. The
idea with ambient capabilities is that the execed processes can run with
non-root user and get some inherited capabilities, without having any
need to add the capabilities to the executable file.
You need at least Linux 4.3 to use ambient capabilities. SecureBit
keep-caps is automatically added when you use ambient capabilities and
wish to change the user.
An example system service file might look like this:
[Unit]
Description=Service for testing caps
[Service]
ExecStart=/usr/bin/sleep 10000
User=nobody
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
After starting the service it has these capabilities:
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000003fffffffff
CapAmb: 0000000000003000 |
a103496ca585e22bb5e386e3238b468d133f5659 |
|
11-Jan-2016 |
Ismo Puustinen <ismo.puustinen@intel.com> |
capabilities: keep bounding set in non-inverted format.
Change the capability bounding set parser and logic so that the bounding
set is kept as a positive set internally. This means that the set
reflects those capabilities that we want to keep instead of drop. |
6f5d79986a9c98b9cacc83f865fed957e4e6e4e6 |
|
26-Nov-2015 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
core: rename Random* to RandomizedDelay*
The name RandomSec is too generic: "Sec" just specifies the default
unit type, and "Random" by itself is not enough. Rename to something
that should give the user general idea what the setting does without
looking at documentation. |
744c7693751830149ae78fdaf95c6c6f99d59f07 |
|
18-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add new RandomSec= setting for time units
This allows configuration of a random time on top of the elapse events,
in order to spread time events in a network evenly across a range. |
74bb646ee5a812e91949c03fa461bc4bd7d2d7b8 |
|
18-Nov-2015 |
Susant Sahani <ssahani@gmail.com> |
socket: Add support for socket protcol
Now we don't support the socket protocol like
sctp and udplite .
This patch add a new config param
SocketProtocol: udplite/sctp
With this now we can configure the protocol as
udplite = IPPROTO_UDPLITE
sctp = IPPROTO_SCTP
Tested with nspawn: |
3e0c30ac56269c6fe7b6c0105e7ad826a27d21c6 |
|
17-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add RemainAfterElapse= setting to timer units
Previously, after a timer unit elapsed we'd leave it around for good,
which has the nice benefit that starting a timer that shall trigger at a
specific point in time multiple times will only result in one trigger
instead of possibly many. With this change a new option
RemainAfterElapse= is added. It defaults to "true", to mimic the old
behaviour. If set to "false" timer units will be unloaded after they
elapsed. This is specifically useful for transient timer units. |
0af20ea2ee2af2bcf2258e7a8e1a13181a6a75d6 |
|
13-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add new DefaultTasksMax= setting for system.conf
This allows initializing the TasksMax= setting of all units by default
to some fixed value, instead of leaving it at infinity as before. |
f32b43bda454a70ae23d6802605d41b26dc24ce2 |
|
12-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
core: remove support for RequiresOverridable= and RequisiteOverridable=
As discussed at systemd.conf 2015 and on also raised on the ML:
http://lists.freedesktop.org/archives/systemd-devel/2015-November/034880.html
This removes the two XyzOverridable= unit dependencies, that were
basically never used, and do not enhance user experience in any way.
Most folks looking for the functionality this provides probably opt for
the "ignore-dependencies" job mode, and that's probably a good idea.
Hence, let's simplify systemd's dependency engine and remove these two
dependency types (and their inverses).
The unit file parser and the dbus property parser will now redirect
the settings/properties to result in an equivalent non-overridable
dependency. In the case of the unit file parser we generate a warning,
to inform the user.
The dbus properties for this unit type stay available on the unit
objects, but they are now hidden from usual introspection and will
always return the empty list when queried.
This should provide enough compatibility for the few unit files that
actually ever made use of this. |
2a2e1b36a0417d748048b530e03d5428241f749d |
|
12-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
core: remove SmackFileSystemRootLabel= again
Apparently, util-linux' mount command implicitly drops the smack-related
options anyway before passing them to the kernel, if the kernel doesn't
know SMACK, hence there's no point in duplicating this in systemd.
Fixes #1696 |
b4c14404b3e8753c41bac0b1d49369230a15c544 |
|
11-Nov-2015 |
Filipe Brandenburger <filbranden@google.com> |
execute: Add new PassEnvironment= directive
This directive allows passing environment variables from the system
manager to spawned services. Variables in the system manager can be set
inside a container by passing `--set-env=...` options to systemd-spawn.
Tested with an on-disk test.service unit. Tested using multiple variable
names on a single line, with an empty setting to clear the current list
of variables, with non-existing variables.
Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it
works with transient units.
Confirmed that `systemctl show` will display the PassEnvironment
settings.
Checked that man pages are generated correctly.
No regressions in `make check`. |
36b4a7ba555540edb7648e0f97019280b4ac38de |
|
11-Nov-2015 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
Remove snapshot unit type
Snapshots were never useful or used for anything. Many systemd
developers that I spoke to at systemd.conf2015, didn't even know they
existed, so it is fairly safe to assume that this type can be deleted
without harm.
The fundamental problem with snapshots is that the state of the system
is dynamic, devices come and go, users log in and out, timers fire...
and restoring all units to some state from the past would "undo"
those changes, which isn't really possible.
Tested by creating a snapshot, running the new binary, and checking
that the transition did not cause errors, and the snapshot is gone,
and snapshots cannot be created anymore.
New systemctl says:
Unknown operation snapshot.
Old systemctl says:
Failed to create snapshot: Support for snapshots has been removed.
IgnoreOnSnaphost settings are warned about and ignored:
Support for option IgnoreOnSnapshot= has been removed and it is ignored
http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html |
a4c1800284e3546bbfab2dc19eb59bcb91c4a2ca |
|
10-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
core: accept time units for time-based resource limits
Let's make sure "LimitCPU=30min" can be parsed properly, following the
usual logic how we parse time values. Similar for LimitRTTIME=.
While we are at it, extend a bit on the man page section about resource
limits.
Fixes: #1772 |
412ea7a936ebaa5342a4c2abf48b9e408e6ba5dc |
|
06-Nov-2015 |
Karel Zak <kzak@redhat.com> |
core: support IEC suffixes for RLIMIT stuff
Let's make things more user-friendly and support for example
LimitAS=16G
rather than force users to always use LimitAS=16106127360.
The change is relevant for options:
[Default]Limit{FSIZE,DATA,STACK,CORE,RSS,AS,MEMLOCK,MSGQUEUE}
The patch introduces config_parse_bytes_limit(), it's the same as
config_parse_limit() but uses parse_size() tu support the suffixes.
Addresses: https://github.com/systemd/systemd/issues/1772 |
7cb48925dc9d6c74edcf800b447c6c0c6955687d |
|
26-Oct-2015 |
Lennart Poettering <lennart@poettering.net> |
core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=
That way it's in sync with the other SMACK label settings.
https://github.com/systemd/systemd/pull/1664#issuecomment-150891270 |
46a01abae985024572ec860bd02ca7f1fe458096 |
|
24-Oct-2015 |
Sangjung Woo <sangjung.woo@samsung.com> |
mount: add new SmackFileSystemRoot= setting for mount unit
This option specifies the label to assign the root of the file system if
it lacks the Smack extended attribute. Note that this option will be
ignored if kernel does not support the Smack feature by runtime
checking. |
8dd4c05b5495c7ffe0f12ace87e71abe17bd0a0e |
|
06-Oct-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add support for naming file descriptors passed using socket activation
This adds support for naming file descriptors passed using socket
activation. The names are passed in a new $LISTEN_FDNAMES= environment
variable, that matches the existign $LISTEN_FDS= one and contains a
colon-separated list of names.
This also adds support for naming fds submitted to the per-service fd
store using FDNAME= in the sd_notify() message.
This also adds a new FileDescriptorName= setting for socket unit files
to set the name for fds created by socket units.
This also adds a new call sd_listen_fds_with_names(), that is similar to
sd_listen_fds(), but also returns the names of the fds.
systemd-activate gained the new --fdname= switch to specify a name for
testing socket activation.
This is based on #1247 by Maciej Wereski.
Fixes #1247. |
55301ec028937eab4722c9fd586fd77ffdbc50dd |
|
01-Oct-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add new setting Writable= to ListenSpecial= socket units
Writable= is a new boolean setting. If ture, then ListenSpecial= will
open the specified path in O_RDWR mode, rather than just O_RDONLY.
This is useful for implementing services like rfkill, where /dev/rfkill
is more useful when opened in write mode, if we want to not only save
but also restore its state. |
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7 |
|
29-Sep-2015 |
Lennart Poettering <lennart@poettering.net> |
core: allow setting WorkingDirectory= to the special value ~
If set to ~ the working directory is set to the home directory of the
user configured in User=.
This change also exposes the existing switch for the working directory
that allowed making missing working directories non-fatal.
This also changes "machinectl shell" to make use of this to ensure that
the invoked shell is by default in the user's home directory.
Fixes #1268. |
6b7e59231014b94636f4a1b730143fbe6f60c3f4 |
|
22-Sep-2015 |
Pawel Szewczyk <p.szewczyk@samsung.com> |
core: Add FFSDescriptors and FFSStrings service parameters
By using these parameters functionfs service can specify ffs descriptors
and strings which should be written to ep0. |
602524469ecd7db0e0d5a71ecd1dce34f7a108b6 |
|
22-Sep-2015 |
Pawel Szewczyk <p.szewczyk@samsung.com> |
core: Add socket type for usb functionfs endpoints
For handling functionfs endpoints additional socket type is added. |
32ee7d3309816994a02b3ff000e9734120d71214 |
|
16-Sep-2015 |
Daniel Mack <daniel@zonque.org> |
cgroup: add support for net_cls controllers
Add a new config directive called NetClass= to CGroup enabled units.
Allowed values are positive numbers for fix assignments and "auto" for
picking a free value automatically, for which we need to keep track of
dynamically assigned net class IDs of units. Introduce a hash table for
this, and also record the last ID that was given out, so the allocator
can start its search for the next 'hole' from there. This could
eventually be optimized with something like an irb.
The class IDs up to 65536 are considered reserved and won't be
assigned automatically by systemd. This barrier can be made a config
directive in the future.
Values set in unit files are stored in the CGroupContext of the
unit and considered read-only. The actually assigned number (which
may have been chosen dynamically) is stored in the unit itself and
is guaranteed to remain stable as long as the unit is active.
In the CGroup controller, set the configured CGroup net class to
net_cls.classid. Multiple unit may share the same net class ID,
and those which do are linked together. |
03a7b521e3ffb7f5d153d90480ba5d4bc29d1e8f |
|
10-Sep-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add support for the "pids" cgroup controller
This adds support for the new "pids" cgroup controller of 4.3 kernels.
It allows accounting the number of tasks in a cgroup and enforcing
limits on it.
This adds two new setting TasksAccounting= and TasksMax= to each unit,
as well as a gloabl option DefaultTasksAccounting=.
This also updated "cgtop" to optionally make use of the new
kernel-provided accounting.
systemctl has been updated to show the number of tasks for each service
if it is available.
This patch also adds correct support for undoing memory limits for units
using a MemoryLimit=infinity syntax. We do the same for TasksMax= now
and hence keep things in sync here. |
f757855e81fc0bc116de372220096e532afb5cb8 |
|
06-Sep-2015 |
Lennart Poettering <lennart@poettering.net> |
nspawn: add new .nspawn files for container settings
.nspawn fiels are simple settings files that may accompany container
images and directories and contain settings otherwise passed on the
nspawn command line. This provides an efficient way to attach execution
data directly to containers. |
023a4f67011f24d4b085995a4a3a02661c4794a2 |
|
24-Aug-2015 |
Lennart Poettering <lennart@poettering.net> |
core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entries
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and
INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS
and USER_PROCESS entries, instead of just a single INIT_PROCESS entry.
With this change systemd may be used to not only invoke a getty directly
in a SysV-compliant way but alternatively also a login(1) implementation
or even forego getty and login entirely, and invoke arbitrary shells in
a way that they appear in who(1) or w(1).
This is preparation for a later commit that adds a "machinectl shell"
operation to invoke a shell in a container, in a way that is compatible
with who(1) and w(1). |
1b09f548c7f303b486b5b1321c06336bff72ada4 |
|
17-Jun-2015 |
Kay Sievers <kay@vrfy.org> |
turn kdbus support into a runtime option
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.
If no kdbus kernel support is available, dbus-dameon will be used.
With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.
With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support. |
deb0a77cf0b409141c4b116ae30becb3d878e1ad |
|
21-Apr-2015 |
Michael Olbrich <m.olbrich@pengutronix.de> |
automount: add expire support |
b02cb41c78c61c27bf1432e19f241a3c3d47a419 |
|
07-Jan-2015 |
Lennart Poettering <lennart@poettering.net> |
conf-parse: don't accept invalid bus names as BusName= arguments in service units |
a354329f724d6ce913d2ccffb2be8f3327a67faa |
|
06-Jan-2015 |
Lennart Poettering <lennart@poettering.net> |
core: add new logic for services to store file descriptors in PID 1
With this change it is possible to send file descriptors to PID 1, via
sd_pid_notify_with_fds() which PID 1 will store individually for each
service, and pass via the usual fd passing logic on next invocation.
This is useful for enable daemon reload schemes where daemons serialize
their state to /run, push their fds into PID 1 and terminate, restoring
their state on next start from the data in /run and passed in from PID
1.
The fds are kept by PID 1 as long as no POLLHUP or POLLERR is seen on
them, and the service they belong to are either not dead or failed, or
have a job queued. |
9e37c9544b22aab2173695ac9c0e4b8bb02cb75c |
|
01-Dec-2014 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
core: warn and ignore SysVStartPriority=
Option was being parsed but not used for anything. |
a2c0e528b8b5ba370527db279605e4e4135689c1 |
|
01-Dec-2014 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
When warning about unsupported options, be more detailed |
2ca620c4ed28c01f285d869d0b22f22a360957da |
|
24-Nov-2014 |
WaLyong Cho <walyong.cho@samsung.com> |
smack: introduce new SmackProcessLabel option
In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.
[zj: reword man page] |
59fccdc587bc179c1638916ee16a24099f94f81f |
|
06-Nov-2014 |
Lennart Poettering <lennart@poettering.net> |
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met |
a931ad47a8623163a29d898224d8a8c1177ffdaf |
|
05-Nov-2014 |
Lennart Poettering <lennart@poettering.net> |
core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine. |
47cb901e38cd7092576fc8e76cc4a14f39bf719d |
|
28-Oct-2014 |
Lennart Poettering <lennart@poettering.net> |
swap: replace Discard= setting by a more generic Options= setting
For now, it's systemd itself that parses the options string, but as soon
as util-linux' swapon can take the option string directly with -o we
should pass it on unmodified. |
f189ab18de69d3dee81117d7925fb370cd038f0f |
|
28-Oct-2014 |
Lennart Poettering <lennart@poettering.net> |
job: optionally, when a job timeout is hit, also execute a failure action |
86b23b07c96b185126bfbf217227dad362a20c25 |
|
29-Sep-2014 |
Jan Synacek <jsynacek@redhat.com> |
swap: introduce Discard property
Process possible "discard" values from /etc/fstab. |
16115b0a7b7cdf08fb38084d857d572d8a9088dc |
|
19-Sep-2014 |
Michal Sekletar <msekleta@redhat.com> |
socket: introduce SELinuxContextFromNet option
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com> |
501996231293506a85bf4d610938a655ddc8cb92 |
|
08-Sep-2014 |
Daniel Mack <zonque@gmail.com> |
bus: parse BusPolicy directive in service files
Add a new directive called BusPolicy to define custom endpoint policies. If
one such directive is given, an endpoint object in the service's ExecContext is
created and the given policy is added to it. |
3cd761e4df278cdef6fda9d7f50be512d3c1d7ae |
|
19-Aug-2014 |
Lennart Poettering <lennart@poettering.net> |
socket: suffix newly added TCP sockopt time properties with "Sec"
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit. |
3bb07b7680c543c982077ac075abe8badeb46ca1 |
|
19-Aug-2014 |
Lennart Poettering <lennart@poettering.net> |
Revert "socket: introduce SELinuxLabelViaNet option"
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list. |
cf8bd44339b00330fdbc91041d6731ba8aba9fec |
|
19-Aug-2014 |
Michal Sekletar <msekleta@redhat.com> |
socket: introduce SELinuxLabelViaNet option
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com> |
cc567c9beace114554f7e7f50c3a5181cc44a07d |
|
15-Aug-2014 |
Susant Sahani <susant@redhat.com> |
socket: Add support for TCP defer accept
TCP_DEFER_ACCEPT Allow a listener to be awakened only when data
arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side
listening socket, the TCP/IP stack will not to wait for the final
ACK packet and not to initiate the process until the first packet
of real data has arrived. After sending the SYN/ACK, the server will
then wait for a data packet from a client. Now, only three packets
will be sent over the network, and the connection establishment delay
will be significantly reduced. |
209e9dcd7b2f23b68ff93bf20fad025bc03219ac |
|
15-Aug-2014 |
Susant Sahani <susant@redhat.com> |
socket: Add Support for TCP keep alive variables
The tcp keep alive variables now can be configured via conf
parameter. Follwing variables are now supported by this patch.
tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes
tcp_keepalive_probes: The maximum number of TCP keep-alive probes to
send before giving up and killing the connection if no response is
obtained from the other end.
tcp_keepalive_time: The number of seconds a connection needs to be
idle before TCP begins sending out keep-alive probes. |
4d8ddba9d71e51356cc9488f906b8fef89c60c23 |
|
14-Aug-2014 |
Lennart Poettering <lennart@poettering.net> |
Revert "socket: add support for TCP fast Open"
This reverts commit 9528592ff8d7ff361da430285deba8196e8984d5.
Apparently TFO is actually the default at least for the server side now.
Also the setsockopt doesn't actually take a bool, but a qlen integer. |
9528592ff8d7ff361da430285deba8196e8984d5 |
|
14-Aug-2014 |
Susant Sahani <susant@redhat.com> |
socket: add support for TCP fast Open
TCP Fast Open (TFO) speeds up the opening of successiveTCP)
connections between two endpoints.It works by using a TFO cookie
in the initial SYN packet to authenticate a previously connected
client. It starts sending data to the client before the receipt
of the final ACK packet of the three way handshake is received,
skipping a round trip and lowering the latency in the start of
transmission of data. |
4427c3f43a87c2e0c784fda6be1b9715be820733 |
|
14-Aug-2014 |
Susant Sahani <susant@redhat.com> |
socket: add support for tcp nagle
This patch adds support for TCP TCP_NODELAY socket option. This can be
configured via NoDelay conf parameter. TCP Nagle's algorithm works by
combining a number of small outgoing messages, and sending them all at
once. This controls the TCP_NODELAY socket option. |
9a8c867fecec55998b7a78470aebdede2db0673e |
|
08-Jul-2014 |
Michal Schmidt <mschmidt@redhat.com> |
load-fragment: ConditionFirstBoot wants a bool string, not a path |
e26807239bd65bc17535a53cd540f38600e7ef24 |
|
07-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
firstboot: get rid of firstboot generator again, introduce ConditionFirstBoot= instead
As Zbigniew pointed out a new ConditionFirstBoot= appears like the nicer
way to hook in systemd-firstboot.service on first boots (those with /etc
unpopulated), so let's do this, and get rid of the generator again. |
37520c1bec9a92adbe02fceaece588a7aa2fea2b |
|
03-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
core: introduce new RestartForceExitStatus= service setting
This does the inverse of RestartPreventExitStatus=: it forces a restart
of a service when a certain exit status is returned by a service
process. |
d54c4993699f4fa5feece43715aac3564c4dada6 |
|
17-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
install: introduce new DefaultInstance= field for [Install] sections
The DefaultInstance= name is used when enabling template units when only
specifying the template name, but no instance.
Add DefaultInstance=tty1 to getty@.service, so that when the template
itself is enabled an instance for tty1 is created.
This is useful so that we "systemctl preset-all" can work properly,
because we can operate on getty@.service after finding it, and the right
instance is created. |
2dbd4a9454f127f600e5764b7883a472eeb32be0 |
|
16-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
mount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s "-s" switch |
a55654d598c78f8e084aa6a18fec6eff900c9aed |
|
13-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add new ConditionNeedsUpdate= unit condition
This new condition allows checking whether /etc or /var are out-of-date
relative to /usr. This is the counterpart for the update flag managed by
systemd-update-done.service. Services that want to be started once after
/usr got updated should use:
[Unit]
ConditionNeedsUpdate=/etc
Before=systemd-update-done.service
This makes sure that they are only run if /etc is out-of-date relative
to /usr. And that it will be executed after systemd-update-done.service
which is responsible for marking /etc up-to-date relative to the current
/usr.
ConditionNeedsUpdate= will also checks whether /etc is actually
writable, and not trigger if it isn't, since no update is possible then. |
a4152e3fe28b53b8919cc404dd7eca7ead1bf9bd |
|
05-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
kdbus: when uploading bus name policy, resolve users/groups out-of-process
It's not safe invoking NSS from PID 1, hence fork off worker processes
that upload the policy into the kernel for busnames. |
3900e5fdff688dc3c273f177d9d913b7389d5561 |
|
05-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system
This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily. |
a8330cd118993c20629565684144e0cc0e2edabe |
|
04-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
core: make sure we properly parse ProtectHome= and ProtectSystem= |
1b8689f94983b47bf190e77ddb03a8fc6af15fb3 |
|
04-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.
With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data. |
811ba7a0e292eda0f2f470613cc28a97bda7ee66 |
|
04-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
socket: add new Symlinks= option for socket units
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO
nodes in the file system, with the same lifecycle as the socket itself.
This has two benefits: first, this allows us to remove /dev/log and
/dev/initctl from /dev, thus leaving only symlinks, device nodes and
directories in the /dev tree. More importantly however, this allows us
to move /dev/log out of /dev, while still making it accessible there, so
that PrivateDevices= can provide /dev/log too. |
bd1fe7c79de3d81325afecb7ded46c1627f6c1df |
|
04-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
socket: optionally remove sockets/FIFOs in the file system after use |
417116f23432073162ebfcb286a7800846482eed |
|
03-Jun-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.
ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.
This patch also enables these settings for all our long-running services.
Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data. |
9a0549093332880df47c4218209ce126b8586835 |
|
22-May-2014 |
Lennart Poettering <lennart@poettering.net> |
cgroups: simplify CPUQuota= logic
Only accept cpu quota values in percentages, get rid of period
definition.
It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values. |
db785129c9bce9294a118484cbc9bb6935ca34c2 |
|
22-May-2014 |
Lennart Poettering <lennart@poettering.net> |
cgroup: rework startup logic
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io
weights, and keep the startup unit set around all the time. |
95ae05c0e79868c22b3e8e6fbc53432786876730 |
|
22-May-2014 |
WaLyong Cho <walyong.cho@samsung.com> |
core: add startup resource control option
Similar to CPUShares= and BlockIOWeight= respectively. However only
assign the specified weight during startup. Each control group
attribute is re-assigned as weight by CPUShares=weight and
BlockIOWeight=weight after startup. If not CPUShares= or
BlockIOWeight= be specified, then the attribute is re-assigned to each
default attribute value. (default cpu.shares=1024, blkio.weight=1000)
If only CPUShares=weight or BlockIOWeight=weight be specified, then
that implies StartupCPUShares=weight and StartupBlockIOWeight=weight. |
f1721625e7145977ba705e169580f2eb0002600c |
|
18-May-2014 |
Nis Martensen <nis.martensen@web.de> |
fix spelling of privilege |
b2f8b02ec27dfec9cbd23573f47aba494f2e9b5f |
|
25-Apr-2014 |
Lennart Poettering <lennart@poettering.net> |
core: expose CFS CPU time quota as high-level unit properties |
bf500566323bbc2240d1fdd1165a8c908faf4098 |
|
24-Apr-2014 |
Michael Olbrich <m.olbrich@pengutronix.de> |
service: rename StartLimitAction enum to FailureAction
It's used for the FailureAction property as well. |
93ae25e6fd62b2f87c3dd9ad3e81934eecc48057 |
|
24-Apr-2014 |
Michael Olbrich <m.olbrich@pengutronix.de> |
service: add FailureAction= option
It has the same possible values as StartLimitAction= and is executed
immediately if a service fails. |
efe6e7d33a9feb0b647c77862016284457895fa6 |
|
21-Apr-2014 |
Michael Olbrich <m.olbrich@pengutronix.de> |
service: add support for reboot argument when triggered by StartLimitAction=
When rebooting with systemctl, an optional argument can be passed to the
reboot system call. This makes it possible the specify the argument in a
service file and use it when the service triggers a restart.
This is useful to distinguish between manual reboots and reboots caused by
failing services. |
7f8aa67131cfc03ddcbd31c0420754864fc122f0 |
|
24-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
core: remove tcpwrap support
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.
Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost. |
dedabea4b3d61a87cedb5c8d7ccce5b86ea84afe |
|
24-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
timer: support timers that can resume the system from suspend |
06642d1795382a4849aa750ee54238f91e2f3126 |
|
21-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
timer: add timer persistance (aka anacron-like behaviour) |
5892a914d173e4b968d2a14fbf717373dee3999a |
|
19-Mar-2014 |
Daniel Mack <zonque@gmail.com> |
busname: introduce Activating directive
Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.
If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running. |
3f9da416457c4265b8f1179516a32ad1a987ff7d |
|
18-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add new AcceptFD= setting to .busname units
AcceptFD= defaults to true, thus making sure that by default fd passing
is enabled for all activatable names. Since for normal bus connections
fd passing is enabled too by default this makes sure fd passing works
correctly regardless whether a service is already activated or not.
Making this configurable on both busname units and in bus connections is
messy, but unavoidable since busnames are established and may queue
messages before the connection feature negotiation is done by the
service eventually activated. Conversely, feature negotiation on bus
connections takes place before the connection acquires its names.
Of course, this means developers really should make sure to keep the
settings in .busname units in sync with what they later intend to
negotiate. |
54d76c92868838e17d6aad0a3bb0cc7a5b11e35f |
|
07-Mar-2014 |
Daniel Mack <zonque@gmail.com> |
busname: add parser for bus name policies
There are three directives to specify bus name polices in .busname
files:
* AllowUser [username] [access]
* AllowGroup [groupname] [access]
* AllowWorld [access]
Where [access] is one of
* 'see': The user/group/world is allowed to see a name on the bus
* 'talk': The user/group/world is allowed to talk to a name
* 'own': The user/group/world is allowed to own a name
There is no user added yet in this commit. |
760b9d7cbaa72cc7446ad915f84d4939c11a360c |
|
05-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
core: don't override NoNewPriviliges= from SystemCallFilter= if it is already explicitly set |
94828d2ddc89c9dba3d6f386e55b6c9310d8f627 |
|
03-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c
The parse code actually checked for specific lvalue names, which is
really wrong for supposedly generic parsers... |
ca37242e52cbf90d6cdb3b26b2986b11ed1d5e91 |
|
03-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
conf-parse: rename config_parse_level() to config_parse_log_level()
"level" is a bit too generic, let's clarify what kind of level we are
referring to here. |
e66cf1a3f94fff48a572f6dbd19b43c9bcf7b8c7 |
|
03-Mar-2014 |
Lennart Poettering <lennart@poettering.net> |
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings
As discussed on the ML these are useful to manage runtime directories
below /run for services. |
4298d0b5128326621c8f537107c4c8b459490721 |
|
26-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add new RestrictAddressFamilies= switch
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform. |
5556b5fe41173107a67dbe875fbd916a46e52a02 |
|
23-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: clean up some confusing regarding SI decimal and IEC binary suffixes for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is. |
eef65bf3ee6f73afa4a5de23ae3a794a279f30c0 |
|
21-Feb-2014 |
Michael Scherer <misc@zarb.org> |
core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature. |
099524d7b0df690e3361ffc3fe3c6aed0558b4fc |
|
21-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add new ConditionArchitecture() that checks the architecture returned by uname()'s machine field. |
ac45f971a12280de55b834a65237f72dcacfc099 |
|
19-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add Personality= option for units to set the personality for spawned processes |
acfbbf5c5615dbc413ec653ec31fd8525190e39e |
|
17-Feb-2014 |
Jasper St. Pierre <jstpierre@mecheye.net> |
Fix gperf syntax
If we put a closing bracket on its own line, gperf will complain about
empty lines. Only occurs if the option in question is disabled. So fix the
m4 macros to work properly in both cases. |
6a6751fe24bf456cf5c1efad785a4d11e78b42d0 |
|
17-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: warn when unit files with unsupported options are parsed |
5f8640fb628cb034981e02d741fd9ddf26fdf38d |
|
17-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: store and expose SELinuxContext field normalized as bool + string |
d3b1c5083359faa6cfca81810cf87ef70d0290f6 |
|
13-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add a system-wide SystemCallArchitectures= setting
This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings. |
57183d117a1d6a96d71ce99d648beb0d2b36228d |
|
13-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls
Also, turn system call filter bus properties into complex types instead
of concatenated strings. |
17df7223be064b1542dbe868e3b35cca977ee639 |
|
12-Feb-2014 |
Lennart Poettering <lennart@poettering.net> |
core: rework syscall filter
- Allow configuration of an errno error to return from blacklisted
syscalls, instead of immediately terminating a process.
- Fix parsing logic when libseccomp support is turned off
- Only keep the actual syscall set in the ExecContext, and generate the
string version only on demand. |
7b52a628f8b43ba521c302a7f32bccf9d0dc8bfd |
|
10-Feb-2014 |
Michael Scherer <misc@zarb.org> |
exec: Add SELinuxContext configuration item
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service. |
7f112f50fea585411ea2d493b3582bea77eb4d6e |
|
20-Jan-2014 |
Lennart Poettering <lennart@poettering.net> |
exec: introduce PrivateDevices= switch to provide services with a private /dev
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that
sets up a private /dev with only the API pseudo-devices like /dev/null,
/dev/zero, /dev/random, but not any physical devices in them. |
e821075a23fdfa3ca7738fc30bb2d4c430fe10c0 |
|
02-Dec-2013 |
Lennart Poettering <lennart@poettering.net> |
bus: add .busname unit type to implement kdbus-style bus activation |
613b411c947635136637f8cdd66b94512f761eab |
|
27-Nov-2013 |
Lennart Poettering <lennart@poettering.net> |
service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces |
d420282b28f50720e233ccb1c02547c562195653 |
|
26-Nov-2013 |
Lennart Poettering <lennart@poettering.net> |
core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable |
9f5eb56a13dee1085cbf2560ac3afd73f72402cb |
|
21-Nov-2013 |
Lennart Poettering <lennart@poettering.net> |
timer: make timer accuracy configurable
And make it default to 1min |
718db96199eb307751264e4163555662c9a389fa |
|
20-Nov-2013 |
Lennart Poettering <lennart@poettering.net> |
core: convert PID 1 to libsystemd-bus
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.
This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:
- Synthesizing of "Disconnected" messages when bus connections are
severed.
- Support for attaching multiple vtables for the same interface on the
same path.
This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.
As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information. |
f0511bd7e3d591383485a36ddcb764abe74b1939 |
|
17-Nov-2013 |
Shawn Landden <shawn@churchofgit.com> |
core/socket: fix SO_REUSEPORT |
accdd018ede77ef1c057775396c18c73406cbcb4 |
|
19-Oct-2013 |
Tom Gundersen <teg@jklm.no> |
mount/service: drop FsckPassNo support
We now treat passno as boleans in the generators, and don't need this any more. fsck itself
is able to sequentialize checks on the same local media, so in the common case the ordering
is redundant.
It is still possible to force an order by using .d fragments, in case that is desired. |
a57f7e2c828b852eb32fd810dcea041bb2975501 |
|
26-Sep-2013 |
Lennart Poettering <lennart@poettering.net> |
core: rework how we match mount units against each other
Previously to automatically create dependencies between mount units we
matched every mount unit agains all others resulting in O(n^2)
complexity. On setups with large amounts of mount units this might make
things slow.
This change replaces the matching code to use a hashtable that is keyed
by a path prefix, and points to a set of units that require that path to
be around. When a new mount unit is installed it is hence sufficient to
simply look up this set of units via its own file system paths to know
which units to order after itself.
This patch also changes all unit types to only create automatic mount
dependencies via the RequiresMountsFor= logic, and this is exposed to
the outside to make things more transparent.
With this change we still have some O(n) complexities in place when
handling mounts, but that's currently unavoidable due to kernel APIs,
and still substantially better than O(n^2) as before.
https://bugs.freedesktop.org/show_bug.cgi?id=69740 |
ddca82aca08712a302cfabdbe59f73ee9ed3f73a |
|
17-Sep-2013 |
Lennart Poettering <lennart@poettering.net> |
cgroup: get rid of MemorySoftLimit=
The cgroup attribute memory.soft_limit_in_bytes is unlikely to stay
around in the kernel for good, so let's not expose it for now. We can
readd something like it later when the kernel guys decided on a final
API for this. |
c3df8d3dde5a032b382b3f59c016c1d0b7741ae8 |
|
30-Jul-2013 |
Lennart Poettering <lennart@poettering.net> |
core: make sure scope attributes survive a reload |
82659fd7571bda0f3dce9755b89a23c411d53dda |
|
30-Jul-2013 |
Lennart Poettering <lennart@poettering.net> |
core: optionally send SIGHUP in addition to the configured kill signal
This is useful to fake session ends for processes like shells. |
8e7076caae32a560a11c1643b53fc4f12db4a6b1 |
|
11-Jul-2013 |
Lennart Poettering <lennart@poettering.net> |
cgroup: split out per-device BlockIOWeight= setting into BlockIODeviceWeight=
This way we can nicely map the configuration directive to properties and
back, without requiring two different signatures for the same property. |
b9316fb0f39fff3df792e4e72eb491ec4265b91f |
|
10-Jul-2013 |
Lennart Poettering <lennart@poettering.net> |
unit: save description/slice of transient units to /run
This is necessary so that these properties survive a daemon reload. |
d28e9236e79e2d0a49aba472f86f7551ce9ca2f1 |
|
01-Jul-2013 |
Lennart Poettering <lennart@poettering.net> |
core: parse Slice= from the unit type specific unit file section
Since not all unit types know Slice= it belongs in the unit type
specific unit file section. |
4ad490007b70e6ac18d3cb04fa2ed92eba1451fa |
|
27-Jun-2013 |
Lennart Poettering <lennart@poettering.net> |
core: general cgroup rework
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=). |
a016b9228f338cb9b380ce7e00826ef462767d98 |
|
17-Jun-2013 |
Lennart Poettering <lennart@poettering.net> |
core: add new .slice unit type for partitioning systems
In order to prepare for the kernel cgroup rework, let's introduce a new
unit type to systemd, the "slice". Slices can be arranged in a tree and
are useful to partition resources freely and hierarchally by the user.
Each service unit can now be assigned to one of these slices, and later
on login users and machines may too.
Slices translate pretty directly to the cgroup hierarchy, and the
various objects can be assigned to any of the slices in the tree. |
3ecaa09bccd8a59c9f1e06756a1334a162206dc4 |
|
23-Apr-2013 |
Lennart Poettering <lennart@poettering.net> |
unit: rework trigger dependency logic
Instead of having explicit type-specific callbacks that inform the
triggering unit when a triggered unit changes state, make this generic
so that state changes are forwarded betwee any triggered and triggering
unit.
Also, get rid of UnitRef references from automount, timer, path units,
to the units they trigger and rely exclsuively on UNIT_TRIGGER type
dendencies. |
7f602784de4fd378120e8ebfe6d830862b9cae03 |
|
03-Apr-2013 |
Lennart Poettering <lennart@poettering.net> |
util: rename parse_usec() to parse_sec() sinds the default unit is seconds
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it. |
3c912ded61c69d89873d5d164ba56c5637b8ddbe |
|
06-Mar-2013 |
Lennart Poettering <lennart@poettering.net> |
core: add missing comma for NonewPrivileges=
https://bugzilla.redhat.com/show_bug.cgi?id=917404 |
26d04f86a36595e3565c74d67863e076c3e3c773 |
|
27-Feb-2013 |
Lennart Poettering <lennart@poettering.net> |
unit: rework resource management API
This introduces a new static list of known attributes and their special
semantics. This means that cgroup attribute values can now be
automatically translated from user to kernel notation for command line
set settings, too.
This also adds proper support for multi-line attributes. |
853b8397acdebdd44777810e560403bae3756859 |
|
11-Feb-2013 |
Lennart Poettering <lennart@poettering.net> |
core: properly validate environment data from Environment= lines in unit files |
74051b9b5865586bf4d30b9075649af838fb92bd |
|
17-Jan-2013 |
Lennart Poettering <lennart@poettering.net> |
units: for all unit settings that take lists, allow the empty string for resetting the lists
https://bugzilla.redhat.com/show_bug.cgi?id=756787 |
240dbaa44f8e5ad51775c776fc3ce9cd2f19f037 |
|
31-Dec-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: add ConditionACPower= |
36697dc0199e25f09b78090fcf5f1cf8a3648ffd |
|
23-Nov-2012 |
Lennart Poettering <lennart@poettering.net> |
timer: implement calendar time events |
a66f3bea8b9978fa9e232f213dd6d762254c0f0a |
|
15-Nov-2012 |
Oleksii Shevchuk <alxchk@gmail.com> |
core/load-fragment-gperf: add missing CONDITION_FILE_NOT_EMPTY
Unit files couldn't be properly parsed, because of
absent ConditionFileNotEmpty in load-fragment table. |
e4f44e734c4f397ee5e7ba3270e014a8ae0043dd |
|
06-Nov-2012 |
Dave Reisner <dreisner@archlinux.org> |
Revert "Implement SocketUser= and SocketGroup= for [Socket]"
This was never intended to be pushed.
This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e. |
aea54018a5e66a41318afb6c6be745b6aef48d9e |
|
06-Nov-2012 |
Dave Reisner <dreisner@archlinux.org> |
Implement SocketUser= and SocketGroup= for [Socket]
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it
makes sense to also allow specific user/group ownership of the socket
file for restricting access. |
0eb59ccfe619cbc4b42ef8ff02b52971994dfe05 |
|
30-Oct-2012 |
Auke Kok <auke-jan.h.kok@intel.com> |
SMACK: Add configuration options. (v3)
This adds SMACK label configuration options to socket units.
SMACK labels should be applied to most objects on disk well before
execution time, but two items remain that are generated dynamically
at run time that require SMACK labels to be set in order to enforce
MAC on all objects.
Files on disk can be labelled using package management.
For device nodes, simple udev rules are sufficient to add SMACK labels
at boot/insertion time.
Sockets can be created at run time and systemd does just that for
several services. In order to protect FIFO's and UNIX domain sockets,
we must instruct systemd to apply SMACK labels at runtime.
This patch adds the following options:
Smack - applicable to FIFO's.
SmackIpIn/SmackIpOut - applicable to sockets.
No external dependencies are required to support SMACK, as setting
the labels is done using fsetxattr(). The labels can be set on a
kernel that does not have SMACK enabled either, so there is no need
to #ifdef any of this code out.
For more information about SMACK, please see Documentation/Smack.txt
in the kernel source code.
v3 of this patch changes the config options to be CamelCased. |
c0d6e764d107a81a6439c41edbe92790623ed7de |
|
22-Aug-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: add new ConditionHost= condition type |
96342de68d0d6de71a062d984dafd2a0905ed9fe |
|
14-Aug-2012 |
Lukas Nykryn <lnykryn@redhat.com> |
service: add options RestartPreventExitStatus and SuccessExitStatus
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.
Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus. |
d568a3350ee8a45877eef87cd026a954124e2cf8 |
|
08-Aug-2012 |
Michal Sekletar <msekleta@redhat.com> |
systemd: introduced new timeout types
Makes possible to specify separate timeout for start and stop of
the service.
[ Improved the manpage. Coding style fix. -- michich ] |
85e9a1010d16064ce435b84f02dc585bc645aade |
|
26-Jul-2012 |
Michal Sekletar <msekleta@redhat.com> |
systemd: added new dependency PartOf
This should address TODO item "new dependency type to "group" services
in a target". Semantic of new dependency is as follows. Once configured
it creates dependency which will cause that all dependent units get
stopped if unit they all depend on is stopped or restarted. Usual use
case would be configuring PartOf=some.target in template unit file
and WantedBy=some.target in [Install] section and enabling desired
number of instances. In this case starting one instance won't pull in
target but stopping or starting target(in case of WantedBy is properly
configured) will cause stop/start of all instances. |
4819ff0358b6317c195fd4b1768e03d09c871070 |
|
20-Jul-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: split off KillContext from ExecContext containing only kill definitions |
8351ceaea9480d9c2979aa2ff0f4982cfdfef58d |
|
17-Jul-2012 |
Lennart Poettering <lennart@poettering.net> |
execute: support syscall filtering using seccomp filters |
7f2cddae09fd2579ae24434df577bb5e5a157d86 |
|
13-Jul-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: rename BindTo= to BindsTo=
all other dependencies are in 3rd person. Change BindTo= accordingly to
BindsTo=.
Of course, the dependency is widely used, hence we parse the old name
too for compatibility. |
8ff290af3b7db00eef76bdec61fee4aca7d84d0b |
|
22-Jun-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: drop the Names= option
Names= is a source of errors, simply because alias names specified like
this only become relevant after a unit has been loaded but cannot be
used to load a unit.
Let's get rid of the confusion and drop this field. To establish alias
names peope should use symlinks, which have the the benefit of being
useful as key to load a unit, even though they are not taken into
account if unit names are listed but they haven't been explicitly
referenced before. |
98709151f3e782eb508ba15e2a12c0b46003f061 |
|
15-Jun-2012 |
Lukas Nykryn <lnykryn@redhat.com> |
service: timeout for oneshot services
Add possibility to specify timeout for oneshot services.
[ https://bugzilla.redhat.com/show_bug.cgi?id=761656
Added minor fixups. -- michich ] |
d88a251b125f6e9178b9ca9ea47ab7da3234cb58 |
|
31-May-2012 |
Lennart Poettering <lennart@poettering.net> |
util: introduce a proper nsec_t and make use of it where appropriate |
ec8927ca5940e809f0b72f530582c76f1db4f065 |
|
24-May-2012 |
Lennart Poettering <lennart@poettering.net> |
main: add configuration option to alter capability bounding set for PID 1
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway. |
66b1a24790ccc3c60509e6f94890ed8c20a2fe9e |
|
23-May-2012 |
Lennart Poettering <lennart@poettering.net> |
man: properly document FsckPassNo= for mount units |
1b64d026af01277e332d10d9e67e2eed5a4ded28 |
|
22-May-2012 |
Lennart Poettering <lennart@poettering.net> |
units: remove service sysv_path variable and replace it by generic unit_path
UnitPath= is also writable via native units and may be used by generators
to clarify from which file a unit is generated. This patch also hooks up
the cryptsetup and fstab generators to set UnitPath= accordingly. |
36140842612803d71fe771ce03f3dee7732284f0 |
|
21-May-2012 |
Lennart Poettering <lennart@poettering.net> |
service: make the fsck pass no configurable |
78d54bd42b87818f5d0ef862d247f9db4844fadd |
|
21-May-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: introduce RequiredBy= setting in [Install], to complement WantedBy= |
49dbfa7b2b0bf3906704dac1eaeb4eba91056a19 |
|
21-May-2012 |
Lennart Poettering <lennart@poettering.net> |
units: introduce new Documentation= field and make use of it everywhere
This should help making the boot process a bit easier to explore and
understand for the administrator. The simple idea is that "systemctl
status" now shows a link to documentation alongside the other status and
decriptionary information of a service.
This patch adds the necessary fields to all our shipped units if we have
proper documentation for them. |
7c8fa05c4d5d01748ff2a04edb882afb3119b7d7 |
|
30-Apr-2012 |
Lennart Poettering <lennart@poettering.net> |
unit: add new dependency type RequiresMountsFor=
RequiresMountsFor= is a shortcut for adding requires and after
dependencies to all mount units neeed for the specified paths.
This solves a couple of issues regarding dep loop cycles for encrypted
swap. |
90ccc3fca7e53a60a9e67b9d5812e1d4a27fc07d |
|
12-Apr-2012 |
Kay Sievers <kay@vrfy.org> |
move more main systemd parts to core/ |