This reverts commit 362c378291.
This commit introduced an ordering loop: remote-cryptsetup.target was both
before and after remote-fs-pre.target. It also globally ordered all cryptsetup
volumes before all mounts. Such global ordering is problematic if people have
stacked storage. Let's look for a different solution.
See https://github.com/systemd/systemd/pull/14378#discussion_r359460109.
Let per-user service managers have user namespaces too.
For unprivileged users, user namespaces are set up much earlier
(before the mount, network, and UTS namespaces vs after) in
order to obtain capbilities in the new user namespace and enable use of
the other listed namespaces. However for privileged users (root), the
set up for the user namspace is still done at the end to avoid any
restrictions with combining namespaces inside a user namespace (see
inline comments).
Closes#10576
PrefixRoute= was added by e63be0847c,
but unfortunately, the meaning of PrefixRoute= is inverted; when true
IFA_F_NOPREFIXROUTE flag is added. This introduces AddPrefixRoute=
setting.
Intermediate Functional Block
The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic. Packets from or to other interfaces have to be redirected to it using the mirred action in order to be handled, regularly routed traffic will be dropped. This way, a single stack of qdiscs, classes and filters can be shared between multiple interfaces.
Here's a simple example to feed incoming traffic from multiple interfaces through a Stochastic Fairness Queue (sfq):
(1) # modprobe ifb
(2) # ip link set ifb0 up
(3) # tc qdisc add dev ifb0 root sfq
This option is an indication for PID1 that the entry in crypttab is handled by
initrd only and therefore it shouldn't interfer during the usual start-up and
shutdown process.
It should be primarily used with the encrypted device containing the root FS as
we want to keep it (and thus its encrypted device) until the very end of the
shutdown process, i.e. when initrd takes over.
This option is the counterpart of "x-initrd.mount" used in fstab.
Note that the slice containing the cryptsetup services also needs to drop the
usual shutdown dependencies as it's required by the cryptsetup services.
Fixes: #14224
Stochastic Fairness Queueing is a classless queueing discipline.
SFQ does not shape traffic but only schedules the transmission of packets, based on 'flows'.
The goal is to ensure fairness so that each flow is able to send data in turn,
thus preventing any single flow from drowning out the rest.
The actual burst limit is modified by the remaining disk space. This
isn't mentioned anywhere in the available documentation and might be a
source of surprise for an end user expecting certain behaviors.
We don't, the signal remains blocked. We use signalfd() to be able to
read the signal events without unblocking the signal.
While we are at it, mention that pthread_sigmask() is fine too.
The docs didn't talk about this, so let's add an explicit mention that the
boot loader must cooperate. And also make the message from the generator
notice level. This should help people who are trying to mix grub and the
gpt auto logic.
Let's make sure we get back to 100% man page documentation coverage of
our sd-event APIs. We are bad enough at the others, let's get these ones
right at least.
We dropped documentation from sd_journal_open_container() long ago
(since the call is obsolete), hence drop the reference to machined. But
add one in for journald instead.
systemd.nspawn(5) contained a partial repeat of the stuff that is now in the
dedicated man page. Let's just refer to that.
While at it, do s/searched/searched for/ where appropriate and reword some
sentences for brevity.
In those two pages, we need to include individual entries with xi:include to
merge the list less-variables.xml with the other entries, which is obviously
error prone. All variables are supported in both tools so add them.
When wrong element types are used, directives are sometimes placed in the wrong
section. Also, strip part of text starting with "'", which is used in a few
places and which is displayed improperly in the index.
Apparently some firmwares don't allow us to write this token, and refuse
it with EINVAL. We should normally consider that a fatal error, but not
really in the case of "bootctl random-seed" when called from the
systemd-boot-system-token.service since it's called as "best effort"
service after boot on various systems, and hence we shouldn't fail
loudly.
Similar, when we cannot find the ESP don't fail either, since there are
systems (arch install ISOs) that carry a boot loader capable of the
random seed logic but don't mount it after boot.
Fixes: #13603
This makes the naming more consistent: we now have
bootctl systemd-efi-options,
$SYSTEMD_EFI_OPTIONS
and the SystemdOptions EFI variable.
(SystemdEFIOptions would be redundant, because it is only used in the context
of efivars, and users don't interact with that name directly.)
bootctl is adjusted to use 2sp indentation, similarly to systemctl and other
programs.
Remove the prefix with the old name from 'bootctl systemd-efi-options' output,
since it's redundant and we don't want the old name anyway.
This copies the commands log-level and log-target (to query and set the current
settings) from systemd-analyze to systemctl, essentially reverting
a65615ca5d. Controllling the log level settings
of the manager is basic functionality, that should be available even if
systemd-analyze (which is more of an analysis tool) is not installed. This is
like dmesg and journalctl, which should be available even if a debugger and
more advanced tools to analyze the kernel are not available. (Note that dmesg
is used to control the log level too, not just to browse the kernel logs.)
I chose to copy&paste the methods from analyze.c to the new location. There
isn't enough code to share, because acquire_bus() in both places has a
different signature despite the same name, so the only part that is common
is the invocation of sd_bus_set_property().
This structure of the man page originates from the time when systemd was
installed on top of sysvinit systems, and users had an actual chance to
interact with the systemd binary directly. Nowadays it is almost never called
directly, so let's properly explain this in the overview.
The Options section is moved down below the kernel command line, those options
are only needed in special circumstances. Let's refer the reader to the
description of the kernel command line options, and not duplicate the
descriptions (which makes the text longer than necessary and increases chances
for discrepancies).
Systemd is also prominently used as the user manager, let's mention that in the
Overview.
While at it, use "=" only when an argument is required as we nowadays do.
It was only described in systemd(1), making it hard to discover.
Fixes#13561.
The same for $SYSTEMD_URLIFY.
I think all the tools whose man pages include less-variables.xml support
those variables.
DNSOverTLS in strict mode (value yes) does check the server, as it is said in
the first few lines of the option documentation. The check is not performed in
"opportunistic" mode, however, as that is allowed by RFC 7858, section "4.1.
Opportunistic Privacy Profile".
> With such a discovered DNS server, the client might or might not validate the
> resolver. These choices maximize availability and performance, but they leave
> the client vulnerable to on-path attacks that remove privacy.
This partially reverts db11487d10 (the logic to
calculate the correct value is removed, we always use the same setting as for
the system manager). Distributions have an easy mechanism to override this if
they wish.
I think making this configurable is better, because different distros clearly
want different defaults here, and making this configurable is nice and clean.
If we don't make it configurable, distros which either have to carry patches,
or what would be worse, rely on some other configuration mechanism, like
/etc/profile. Those other solutions do not apply everywhere (they usually
require the shell to be used at some point), so it is better if we provide
a nice way to override the default.
Fixes #13469.
Discussed in #13743, the -.service semantic conflicts with the
existing root mount and slice names, making this feature not
uniformly extensible to all types. Change the name to be
<type>.d instead.
Updating to this format also extends the top-level dropin to
unit types.
We want users to use Wants, but we'd describe Requires first and ask users to
look for Wants instead. While at it, let's split the wall of text into sensible
paragraphs: syntax first, followed by semantics and longer description, and
finally hints and comparison to other configuration items last.
The value is obviously bogus, but didn't seem to cause problems so far.
With meson-0.52.0, it causes a hang. The number of aliases is always rather
small (usually just one or two, possibly up to a dozen in a few cases), so
even if this causes some looping, it is strange that it has such a huge impact.
But let's just remove it.
Fixes#13742.
Tested with meson-0.52.0-1.module_f31+6771+f5d842eb.noarch,
meson-0.51.1-1.fc29.noarch.
Fixes#13756. We were returning things that didn't make much sense:
we would always use the exit_code value as the exit code. But it sometimes
contains a exit code from the process, and sometimes the number of a signal
that was used to kill the process. We would also ignore SuccessExitStatus=
and in general whether systemd thinks the service exited successfully
(hence the issue in #13756, where systemd would return success/SIGTERM,
but we'd just look at the SIGTERM part.)
If we are doing --wait, let's always propagate the exit code/status from
the child.
While at it, make the documentation useful.
The name with plural made more sense where multiple options could be specified
in one line. After changes in the pull request, this option only accepts one
value, so from users' POV it should be singular.
(The field in the data structure remains plural, because it actually stores
multiple values.)
We slowly added many many conditions over the years, and the text became
very hard to read, because all the terms were squished in one <termitem>.
This rearragnes the text into a new subsection, with minimal grammar changes
and removal of repetitions.
Allow earlier PAM modules to set `systemd.runtime_max_sec`. If they do,
parse it and set it as the `RuntimeMaxUSec=` property of the session
scope, to limit the maximum lifetime of the session. This could be
useful for time-limiting login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.
This could be used for time-limited login sessions, for example.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #12035
The default value was described at the end of two long paragraphs.
Make the first para self contained, and move the description of --console=pipe
into the second para.
Currently, there is no way to match against system-wide constants, such
as architecture or virtualization type, without forking helper binaries.
That potentially results in a huge number of spawned processes which
output always the same answer.
This patch introduces a special CONST keyword which takes a hard-coded
string as its key and returns a value assigned to that key. Currently
implemented are CONST{arch} and CONST{virt}, which can be used to match
against the system's architecture and virtualization type.
For executables which take a verb, we should list the verbs first, and
then options which modify those verbs second. The general layout of
the man page is from general description to specific details, usually
Overview, Commands, Options, Return Value, Examples, References.
This partially reverts 95355a281c.
It seems that other parts of link_stop_clients() should be skipped
when restarting, but I don't know enough about those other clients to have
an opinion if it is better to stop&start them on restart or not.
Anyway, that can be done in later patches now that the support for restarts
is there.
Fixes#13625.
exec-condition and oom-kill were added without updating this table
Updated success to reflect the code, which also allows kills by signal in certain situations
IPServiceType set to CS6 (network control) causes problems on some old
network setups that continue to interpret the field as IP TOS.
Make DHCP work on such networks by allowing this field to be set to
CS4 (Realtime) instead, as this maps to IPTOS_LOWDELAY.
Signed-off-by: Siddharth Chandrasekaran <csiddharth@vmware.com>
Yu Watanabe