The behaviour described *was* observed on Fedora 28
(systemd-238-9.git0e0aa59), with and without SELinux. I don't actually
know why though! It contradicts my understanding of the code, including an
explicit comment in the code.
Testing in a VM upgraded to v239-792-g1327f272d, this behaviour goes away.
Test case:
# /etc/systemd/system/mount-test.service
[Service]
MountFlags=shared
Type=oneshot
ExecStart=/usr/bin/ls -l /proc/1/ns/mnt /proc/self/ns/mnt
ExecStart=/usr/bin/grep ext4 /proc/self/mountinfo
Weird old behaviour: new mount namespace but / is fully shared.
lrwxrwxrwx. 1 root root 0 Sep 14 11:18 /proc/1/ns/mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Sep 14 11:48 /proc/self/ns/mnt ->
mnt:[4026532851]
968 967 253:0 / / rw,relatime shared:1 - ext4 /dev/mapper/alan_dell_2016...
Current behaviour: / is not fully shared
lrwxrwxrwx. 1 root root 0 Sep 14 11:39 /proc/1/ns/mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Sep 14 11:41 /proc/self/ns/mnt ->
mnt:[4026532329]
591 558 8:3 / / rw,relatime shared:313 master:1 - ext4 /dev/sda3 rw,secl...
It is very useful for distributions to be able to set a primary
documentation URL in a standard location so that users and
applications on the system can identify it. For example, many
headless systems these days use the "Cockpit" admin console. It
would be ideal if we could specify this location directly in the
os-release file so that any application or service could have a
well-known location for retrieving this and displaying it
appropriately. Users could likewise examine /etc/os-release to
learn this location.
Related: https://github.com/cockpit-project/cockpit/issues/10198
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Let's remove redundancy and not advertise "journalctl --new-id128"
anymore, now that we have "systemd-id128 new" in a proper tool.
This allows us to reduce the overly large journalctl command set a bit.
Note that this just removes the --help and man text, the call remains
available for compat reasons.
The raison d'etre for this program is printing machine-app-specific IDs. We
provide a library function for that, but not a convenient API. We can hardly
ask people to quickly hack their own C programs or call libsystemd through CFFI
in python or another scripting language if they just want to print an ID.
Verb 'new' was already available as 'journalctl --new-id128', but this makes
it more discoverable.
v2:
- rename binary to systemd-id128
- make --app-specific= into a switch that applies to boot-id and machine-id
Allows configuring the watchdog signal (with a default of SIGABRT).
This allows an alternative to SIGABRT when coredumps are not desirable.
Appropriate references to SIGABRT or aborting were renamed to reflect
more liberal watchdog signals.
Closes#8658
This is an implementation that covers making errors encountered when writing
file content optionally fatal. If this is something that folks would want I'll
add handling of this for all the other directives. I'd appreciate suggestions
on how this might better be structured as well (use of a goto fail or such) as
I'm not super happy with the approach.
This changes the output a bit, as the previous multi-line output of each
inhibitor is changed to a single line, but it does unify the output look
with the one of our other tools. Moreover this adds proper sorting.
RFC 7084, WPD-4, requires Customer Edge end routers to behave
according to the following:
"WPD-4: By default, the IPv6 CE router MUST initiate DHCPv6 prefix
delegation when either the M or O flags are set to 1 in a
received Router Advertisement (RA) message. Behavior of the
CE router to use DHCPv6 prefix delegation when the CE router
has not received any RA or received an RA with the M and the
O bits set to zero is out of scope for this document."
Since it cannot be automatically detected whether DHCPv6 is to be
operated as an CE end router or whether to initiate an Informational
exchange to obtain other useful network information via DHCPv6 when the
Router Advertisement 'O' bit is set, a 'ForceDHCPv6PDOtherInformation'
boolean network configuration option in the '[DHCP]' section of a is
introduced. Setting this option causes DHCPv6 to be started in stateful
mode, although only the 'O' bit is seen in the Router Advertisement.
When 'ForceDHCPv6PDOtherInformation' is set and the Router Advertisement
has only the Other information 'O' bit set, disable requests for IA_NA
addresses.
Fixes#9745.
That recommendation is likely to cause more trouble and for pretty
much all end-user units is not useful. Let's recommend relying on
the implicit dependency instead.
Fixes#10015.
Dracut has a support for unlocking encrypted drives with keyfile stored
on the external drive. This support is included in the generated initrd
only if systemd module is not included.
When systemd is used in initrd then attachment of encrypted drives is
handled by systemd-cryptsetup tools. Our generator has support for
keyfile, however, it didn't support keyfile on the external block
device (keydev).
This commit introduces basic keydev support. Keydev can be specified per
luks.uuid on the kernel command line. Keydev is automatically mounted
during boot and we look for keyfile in the keydev
mountpoint (i.e. keyfile path is prefixed with the keydev mount point
path). After crypt device is attached we automatically unmount
where keyfile resides.
Example:
rd.luks.key=70bc876b-f627-4038-9049-3080d79d2165=/key:LABEL=KEYDEV
For an example where we already use it, see man:sd-login(3):
> A session is defined by the time a user is logged in until they log out.
As far as I can tell, this removes the only remaining occurrences of
referring to users by gendered pronouns in our documentation (though
some still survive in code comments and the NEWS and TODO files):
git grep '\b\(he\|him\|his\|she\|her\|hers\)\b' man/
You can only have one listitem in each varlistentry.
xmllint says:
resolvectl.xml:269: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term term term term term term term listitem listitem listitem )
Without this fix, udev(7) munges the two items together, like so:
ATTR{filename}, SYSCTL{kernel parameter}
Match sysfs attribute values of the event device. Trailing
whitespace in the attribute values is ignored unless the specified
match value itself contains trailing whitespace. Match a kernel
parameter value.
You're not allowed to have a <term> element after a <listitem> element within a
<varlistentry>.
xmllint complains:
udev.xml:192: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term listitem term listitem )
This work add support to generic netlink to sd-netlink.
See https://lwn.net/Articles/208755/
networkd: add support FooOverUDP support to IPIP tunnel netdev
https://lwn.net/Articles/614348/
Example conf:
/lib/systemd/network/1-fou-tunnel.netdev
```
[NetDev]
Name=fou-tun
Kind=fou
[FooOverUDP]
Port=5555
Protocol=4
```
/lib/systemd/network/ipip-tunnel.netdev
```
[NetDev]
Name=ipip-tun
Kind=ipip
[Tunnel]
Independent=true
Local=10.65.208.212
Remote=10.65.208.211
FooOverUDP=true
FOUDestinationPort=5555
```
$ ip -d link show ipip-tun
```
5: ipip-tun@NONE: <POINTOPOINT,NOARP> mtu 1472 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 10.65.208.212 peer 10.65.208.211 promiscuity 0
ipip remote 10.65.208.211 local 10.65.208.212 ttl inherit pmtudisc encap fou encap-sport auto encap-dport 5555 noencap-csum noencap-csum6 noencap-remcsum numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
```
The qgroup logic (types 'q' and 'Q') only has an effect if there's no previous
setup at all, and any explicitly configured subvolumes with their qgroups are
left entirely unmodified.
The idea is that if users want a different logic than the one we set up by
default, then by all means they should do that before hand, and tmpfiles won't
override their logic.
Lennart Poettering