man: extend systemd.directives(7) to all manual pages
New sections are added: PAM options, crypttab options, commandline
options, miscellaneous. The last category will be used for all
untagged <varname> elements.
Commandline options sections is meant to be a developer tool: when
adding an option it is sometimes useful to be able to check if
similarly named options exist elsewhere.
Michal Schmidt [Fri, 25 Jan 2013 23:16:13 +0000 (00:16 +0100)]
nspawn: assume stdout is always writable if it does not support epoll
stdout can be redirected to a regular file. Regular files don't support epoll.
nspawn failed with: "Failed to register fds in epoll: Operation not permitted".
If stdout does not support epoll, assume it's always writable.
Michal Schmidt [Fri, 25 Jan 2013 21:19:19 +0000 (22:19 +0100)]
test: factor out testsuite.target, end.service
Tests can use the same testsuite.target.
Add end.service to call poweroff instead of doing it from ExecStopPost
where it may be skipped on failure of ExecStart.
Michal Sekletar [Fri, 18 Jan 2013 15:13:08 +0000 (16:13 +0100)]
tmpfiles: introduce type X
Type X will exclude path itself from clean-up. However, if the path is a
directory systemd-tmpfiles will clean-up its content.
In contrast to type x, where path is ignored completely, type X needs some
Age parameter. In order to determine Age parameter, we will look for config
entries of type d or D and pick the best match. Best match is either
exact match or longest prefix match.
Add _cleanup_pclose_ and fix mismatching pipe close opened by popen()
Based-on-patch-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
cppcheck reported:
[src/bootchart/svg.c:791]: (error) Mismatching allocation and deallocation: f
- Don't allow any locks to be taken while we are in the process of
executing the specific operation, so that apps are not surprised if a
suspend/shutdown happens while they rely on their inhibitor.
- Get rid of the Resumed signal, it was a bad idea, and redundant due to
PrepareForSleep(false), see below.
- Always send out PrepareFor{Shutdown,Sleep} signals, instead of only if
a delay lock is taken.
- Move PrepareForSleep(false) after we come back from the suspend, so
that apps can use this as "Resumed" notification. This also has the
benefit that apps know when to take a new lock.
loginctl: don't show [UACCESS] info in device tree
As the tree doesn't really necessarily show all device node devices and
only those are marked for uaccess it's kinda pointless showing this at
all, since it would give a pretty incomplete impression of the uaccess
information.
while working on another bug, I discovered the "strange" way systemd is
parsing Environment= in .service and thought it was worth documenting
(because I don't expect people to find this syntax by themselves unless
they read the parsing code ;)
Be more verbose about using space in Environment field and not
using value of other variables
Michael Olbrich [Wed, 23 Jan 2013 13:12:16 +0000 (14:12 +0100)]
service: make sure the watchdog timer is not restarted while stopping
A watchdog notification may be handled after the watchdog timer was stopped
while stopping the service. As a result the timer is restarted and the
service may be restarted as well.
The watchdog timestamp is initially set during startup in
service_enter_start_post() and cleared when the timer is stopped. Therefore
it can be used as an indication if the timer should be reset.
Michael Olbrich [Wed, 23 Jan 2013 13:12:15 +0000 (14:12 +0100)]
service: really stop watchdog timer when stopping
For services without ExecStop= the state SERVICE_STOP is never entered. as
a result the watchdog timer is not stopped and the service is restarted (if
it is configuered to restart).
Stopping the watchdog timer for SERVICE_STOP_SIGTERM as well fixes this.
The idea is to make Makefile.am more declarative and avoid
repetitions. Redeclaring unit links as variables also makes
it easier to conditionally install only some of them.
logind: send Resumed() signal after we come back from suspend/hibernate/hybrid-sleep
This allows clients to get asynchronous notifications for user-requested
suspend/hibernate cycles. Kernel-triggered automatic suspending is not
covered.
Tom Gundersen [Wed, 23 Jan 2013 00:02:14 +0000 (01:02 +0100)]
man: clearify the meaning of timeout=0 for password agents
The fact that timeout=0 makes password agents wait indefinitely is documented
in http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents. Document
it also in the relevant man pages.
Jonathan Callen [Wed, 25 Jul 2012 02:45:22 +0000 (22:45 -0400)]
execute: Fix seccomp support on x32
In the x32 ABI, syscall numbers start at 0x40000000. Mask that bit on
x32 for lookups in the syscall_names array and syscall_filter and ensure
that syscall.h is parsed correctly.
Due to the brokeness of much of the userspace audit code we cannot
really start too many systems without the audit caps set. To make nspawn
easier to use just add the audit caps by default.
To boot up containers successfully the kernel's auditing needs to be
turned off still (use "audit=0" on the kernel command line), but at
least no manual caps have to be passed anymore.
In the long run auditing will be fixed for containers and ve virtualized
properly at which time it should be safe to enable these caps anyway.
Michal Vyskocil [Fri, 18 Jan 2013 09:05:10 +0000 (10:05 +0100)]
util: continuation support for load_env_file
Variable definitions can be written on more than one line - if each ends
with a backslash, then is concatenated with a previous one. Only
backslash and unix end of line (\n) are treated as a continuation.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=58083
[zj: squashed two patches together; cleaned up grammar; removed
comment about ignoring trailing backslash -- it is not ignored.]
The request must not be answered immediately (at first call to
response_handler()), but on the second. This is also important
for authentication, which cannot be performed on the first call.
Before:
% wget -O/dev/null -S https://localhost:19531/
--2012-11-28 18:29:43-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Location: /browse [following]
--2012-11-28 18:29:43-- https://localhost:19531/browse
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Connection: close
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Length: 23260 (23K) [text/html]
For now the certificates are passed around as options to the
program. This might not be the most convenient under "production",
but makes for fairly easy testing.
Kay Sievers [Thu, 17 Jan 2013 16:00:50 +0000 (17:00 +0100)]
TODO: remove vconsole items
We should not pimp up the kernel's VC stuff, it's too linited and
fragile.
At the moment not even the font uploaded early during bootup does
survive the KMS driver taking over the framebuffer driver. We
surely don't want to make promises about colors or resolution.
The future is fullscreen KMS/kmscon/wayland/... based terminals using
X fonts, keymaps, input methods, and not the old school too limited
kernel VC stuff. So leave the kernel VCs as they are, and don't expect
wonders.