Dracut has a support for unlocking encrypted drives with keyfile stored
on the external drive. This support is included in the generated initrd
only if systemd module is not included.
When systemd is used in initrd then attachment of encrypted drives is
handled by systemd-cryptsetup tools. Our generator has support for
keyfile, however, it didn't support keyfile on the external block
device (keydev).
This commit introduces basic keydev support. Keydev can be specified per
luks.uuid on the kernel command line. Keydev is automatically mounted
during boot and we look for keyfile in the keydev
mountpoint (i.e. keyfile path is prefixed with the keydev mount point
path). After crypt device is attached we automatically unmount
where keyfile resides.
Example:
rd.luks.key=70bc876b-f627-4038-9049-3080d79d2165=/key:LABEL=KEYDEV
For an example where we already use it, see man:sd-login(3):
> A session is defined by the time a user is logged in until they log out.
As far as I can tell, this removes the only remaining occurrences of
referring to users by gendered pronouns in our documentation (though
some still survive in code comments and the NEWS and TODO files):
git grep '\b\(he\|him\|his\|she\|her\|hers\)\b' man/
You can only have one listitem in each varlistentry.
xmllint says:
resolvectl.xml:269: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term term term term term term term listitem listitem listitem )
Without this fix, udev(7) munges the two items together, like so:
ATTR{filename}, SYSCTL{kernel parameter}
Match sysfs attribute values of the event device. Trailing
whitespace in the attribute values is ignored unless the specified
match value itself contains trailing whitespace. Match a kernel
parameter value.
You're not allowed to have a <term> element after a <listitem> element within a
<varlistentry>.
xmllint complains:
udev.xml:192: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term listitem term listitem )
This work add support to generic netlink to sd-netlink.
See https://lwn.net/Articles/208755/
networkd: add support FooOverUDP support to IPIP tunnel netdev
https://lwn.net/Articles/614348/
Example conf:
/lib/systemd/network/1-fou-tunnel.netdev
```
[NetDev]
Name=fou-tun
Kind=fou
[FooOverUDP]
Port=5555
Protocol=4
```
/lib/systemd/network/ipip-tunnel.netdev
```
[NetDev]
Name=ipip-tun
Kind=ipip
[Tunnel]
Independent=true
Local=10.65.208.212
Remote=10.65.208.211
FooOverUDP=true
FOUDestinationPort=5555
```
$ ip -d link show ipip-tun
```
5: ipip-tun@NONE: <POINTOPOINT,NOARP> mtu 1472 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 10.65.208.212 peer 10.65.208.211 promiscuity 0
ipip remote 10.65.208.211 local 10.65.208.212 ttl inherit pmtudisc encap fou encap-sport auto encap-dport 5555 noencap-csum noencap-csum6 noencap-remcsum numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
```
The qgroup logic (types 'q' and 'Q') only has an effect if there's no previous
setup at all, and any explicitly configured subvolumes with their qgroups are
left entirely unmodified.
The idea is that if users want a different logic than the one we set up by
default, then by all means they should do that before hand, and tmpfiles won't
override their logic.
This makes it possible to wait until boot is finished without having to poll
for this command repeatedly, instead using the syntax:
$ systemctl is-system-running --wait
Waiting is implemented by waiting for the StartupFinished signal to be posted
on the bus.
Register the matcher before checking for the property to avoid race conditions.
Tested by artificially delaying startup with a oneshot service and calling this
command, checked that it emitted `running` and exited with a 0 return code as
soon as the delay service completed startup.
Also tested that booting to degraded state unblocks the command.
Inserted a delay between getting the property and waiting for the signal and
confirmed this seems to work free of race conditions.
Updated the --help text (under --wait) and the man page to document the new
feature.
RootImage= may require the following settings
```
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rwm
DeviceAllow=block-blkext rwm
```
This adds the following settings implicitly when RootImage= is
specified.
Fixes#9737.
Triggered by https://bugzilla.redhat.com/show_bug.cgi?id=1609349
This adds two generic paragaphs we include via xinclude. One is the
"strict" version, which contains wording saying that we are thread
agnostic and what that means. And the other is the "safe" version, for
the cases we provide fully safety.
Let's then change most man pages to use either of these generic
paragraphs. With one exception: man/sd_journal_get_catalog.xml contains
both kinds of function, we hence use manual wording.
sd_bus_message{get_type,is_signal,is_method_call,is_method_error} get one man
page.
sd_bus_message_{set,get}_{destination,path,interface,member,sender} are put in
the second one.
Moving them out makes it easier to run them through a compiler, use automatic
indentation, and opens the possibility to provide a download link in the
future. I verified that all examples compile cleanly.
(2-space indentation is used because the examples are already significantly
indented in the man page, and we need to keep them narrow so that they display
well on standard terminals.)
Meson does not care either way, so let's use the simpler syntax. And files()
already gives a list, so nesting this in a list wouldn't be necessary even
if meson did not flatten everything.
And while we are at it, let's rearrange and extend the Type=
documentation a bit. Let's make it an itemized list, and let's add a
paragraph explaining which type best to use.
1. Document the new desktop= parameter
2. Clarify that we set XDG_SESSION_DESKTOP, XDG_SESSION_CLASS,
XDG_SESSION_TYPE if we have the data, and don't just read it.
After upgrading to emacs-26.1-1.fc28.x86_64 I noticed that our
.dir-locals.el files weren't honoured anymore (specifically the fill
column variable is not correctly set for c-mode files). I finally
tracked this down to the order in which items are listed in
.dir-locals.el: if the "nil" one is listed last everything works,
otherwise, it's the one that is applied instead of the c-mode one.
This patch simply swaps the entries, and puts the "nil" one last. My
emacs lisp fu is a bit too limited to understand the full impact for
this, and why emacs 26.1 changed behaviour in this regard, but from an
outsider's view the order shouldn't negatively affect things otherwise,
hence this patch.
This adds -Dnss-resolve= and -Dnss-mymachines= meson options.
By using this option, e.g., resolved can be built without nss-resolve.
When no nss modules are built, then test-nss is neither built.
Also, This changes the option name -Dmyhostname= to -Dnss-myhostname=
for consistency to other nss related options.
Closes#9596.
Usecase is to allow changing the final kill from SIGKILL to SIGQUIT which
should create a core dump useful for debugging why the service didn't stop
with the SIGTERM
User units were in the middle, which is just confusing. Let's discuss
all system units first, and all user units second.
I'm using "System manager units" and "user manager units" instead of the more
obvious "system units" and "user units", because there are also units like
"user@.service".
The original manpage says "Implies BBBAccounting" many times but actually that accounting is not implied by the respective resource control in v239 with the unified cgroup hierarchy. This commit removes those false explanations.
The current CLI does not support a way to clear these lists, since without any
additional arguments, the command will list the current values.
Introduce a new way to clear the lists by passing a single '' argument to these
subcommands.
Update the man page to document this.
Tested:
$ build/resolvectl domain eth1
Link 3 (eth1): ~.
$ build/resolvectl domain eth1 ''
$ build/resolvectl domain eth1
Link 3 (eth1):
$ build/resolvectl domain eth1 '~.' '~example.com'
$ build/resolvectl domain eth1
Link 3 (eth1): ~. ~example.com
$ build/resolvectl domain eth1 ''
$ build/resolvectl domain eth1
Link 3 (eth1):
$ build/resolvectl domain eth1 '~.'
$ build/resolvectl domain eth1
Link 3 (eth1): ~.
And similar for "dns" and "nta".
Back in 2012 the project was renamed, see the release notes for v 0.105
[https://cgit.freedesktop.org/polkit/tree/NEWS#n754]. Let's update our
documentation and comments to do the same. Referring to PolicyKit is confusing
to users because at the time the polkit api changed too, and we support the new
version. I updated NEWS too, since all the references to PolicyKit there were
added after the rename.
"PolicyKit" is unchanged in various URLs and method call names.
The kernel added support for a new cgroup memory controller knob memory.min in
bf8d5d52ffe8 ("memcg: introduce memory.min") which was merged during v4.18
merge window.
Add MemoryMin to support memory.min.
Use <literallayout> to keep each reference on a separate line. With all the
pages jumbled together into a paragraph, it is quite hard to find anything in
that list.
Also add the missing pages to the list. And remove the nonexistent ones — not
much point in advertisting pages that haven't been written yet.
This is useful if someone wants to recreate the original syslog datagram. We
already include timestamp information as _SOURCE_REALTIME_TIMESTAMP=, and in
normal use that timestamp, converted back to the form used by syslog
(Mth dd HH:MM:SS) would usually give the value. But there are various
circumstances where this might not be true. Most obviously, if the datagram is
sent a bit later after being prepared, the time is rounded to the nearest
second, and it might be off. This is especially bad around New Year when the
syslog timestamp wraps around. Then the same timezone and locale need to be
used to recreate the original timestamp. In the end doing this reliably is
complicated, and it seems much easier to just unconditionally include the
original timestamp.
If the original timestamp cannot be located, we store the full log line.
This way, it should be always possible to recreate the original input.
Example:
MESSAGE=x
SYSLOG_TIMESTAMP=Sep 15 15:07:58
SYSLOG_RAW
^]^@^@^@^@^@^@^@<13>Sep 15 15:07:58 HOST: x^@y
_PID=3318
_SOURCE_REALTIME_TIMESTAMP=1530743976393553
Fixes#2398.
One mention of --user was missing the surrounding <option> tag, making
the table look inconsistent (though the inconsistency is less obvious
after the reordering in 709f4c472c, since the four specifiers mentioning
the --user option are no longer immediately adjacent).
nspawn as it is now is a generally useful tool, hence let's drop the
comments about it being useful for debug and so on only.
The new wording just makes the first sentence of the main page also the
summary.
Similar semantics applies to {System,Runtime}MaxUse= as to
{System,Runtime}MaxFiles=, i.e. active files aren't vacuumed and the limit
is not thus strictly honored.
Let's fully document where the list of entries come from, including unified
images and such.
Let's add a "Files" section (replacing the "Configuration" section), and
let's move it after they keybinding section (why? because keybinds are
primary UI material, while configuration is one level more complex than
that).
Also, reword lot's of stuff to make it more precise.
Fixes: #5127
This is an additional synchronization point normally not needed. Hence,
let's make it passive, i.e. pull it in from the unit which wants to be
ordered before the update service rather than by the update service
itself.
systemd offline-updates allows dropping multiple system update units
to be added to system-update.target.wants.
As documented in systemd.offline-updates(7) only 1 of these units
should actually be active (based on the /system-update symlink) and
when that unit is done it should reboot the system.
In some cases it is desirable to run a unit whenever booting in
offline-updates mode indepedent of which update unit is going to
handle the update. One example of this is integration with bootloader
code which checks if the previous boot was succesful.
Since the active unit will reboot the system when it is done, there
is no guarantee that adding such a unit to system-update.target.wants
will get it executed always.
This commit adds a system-update-pre.target which can be used for
units which should always run when booting in offline-updates mode.
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.
The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Tested with F26-F29, debian unstable.
$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
To make debugging easier, this patches allows one to change the log target and
do reload/reexec without modifying configuration permanently, which makes
debugging easier.
Indeed if one changed the log target at runtime (via the bus or via signals),
the change was lost on the next reload/reexecution.
In order to restore back the default value (set via system.conf, environment
variables or any other means ), the empty string in the "LogTarget" property is
now supported as well as sending SIGTRMIN+26 signal.
To make debugging easier, this patches allows one to change the log level and
do reload/reexec without modifying configuration permanently, which makes
debugging easier.
Indeed if one changed the log max level at runtime (via the bus or via
signals), the change was lost on the next daemon reload/reexecution.
In order to restore the original value back (set via system.conf, environment
variables or any other means), the empty string in the "LogLevel" property is
now supported as well as sending SIGRTMIN+23 signal.
