We want to allow clients to process an sd_bus_message on a different
thread than it was received on. Since unreffing a bus message might
readd some of its memfds to the memfd cache add some minimal locking
around the cache.
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
Bootchart has a help option. For the sake of consistency, this patch
adds it to the man page.
Also, the TODO is updated. Bootcharts were added to the journal in
commit c4d58b0.
This makes sure nss-myhostname not only resolves the local host name to
127.0.0.2/::1 but also the host name 'localhost: to 127.0.0.1/::1. This
makes installation of /etc/passwd optional, as it usually only includes
a mapping for 'localhost'.
This change also resolves ::1 to the local hostname (as before), but
also lists 'localhost' as an alias. This means look-ups are now fully
reversible, even though they are 1:n mappings.
Finally, the module will no longer erroneously claim that local IP
addresses which aren't on the loopback device were.
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
All attributes are stored as text, since root_directory is already
text, and it seems easier to have all of them in text format.
Attributes are written in the trusted. namespace, because the kernel
currently does not allow user. attributes on cgroups. This is a PITA,
and CAP_SYS_ADMIN is required to *read* the attributes. Alas.
A second pipe is opened for the child to signal the parent that the
cgroup hierarchy has been set up.
This changes the fstab mount option x-initrd-rootfs.mount to
x-initrd.rootfs, in order to only use a single namespace "x-initrd." for
all mount options of the initrd.
Setting MaxRetentionSec= caused the kernel log to overflow and the
journal daemon to enter an endless loop.
Logging from the journald main loop gets directed to /dev/kmsg,
which wakes up journald again. We skip the import of this message
by checking for our own PID, but this still causes the main loop
to never go to sleep again because we never stopped logging from
there.
Getting the cursor is split out from .get_next() into
.get_cursor(). This mirrors the C API more closely, and
also makes things a bit faster if the cursor is not needed.
The properties will still be set in the udev database, but they will not be used
for setting the interface names. As for the other kernel commandline switches,
we allow it to be prefixed by 'rd.' to only apply in the initrd.
Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently
wrapped.
The userspace firmware loader is deprecated now, and will be entirely
removed when we depend on a kernel version with the built-in firmware
loader available.
I originally added this to stay as compatible as possible with the kernel, but
as Lennart argued it is not really useful in the initramfs, so let's drop it (we
already don't support 'rootdealy').
We currently enforce that seats are to be named in the form of
"seatXXX", i.e. need to begin with the 4 characters "seat". Thus,
"seat-master" would qualify as a seat name. As seat names are frequently
used as tags on devices, the "seat-master" tag might hence confuse
logind if the user decides to name a seat "seat-master".
Hence, avoid any ambuigity: let's rename the "seat-master" tag to
"master-of-seat".