mirror of
https://github.com/systemd/systemd
synced 2026-03-19 03:24:45 +01:00
Compare commits
6 Commits
798d7d0a8a
...
17f8a7e972
| Author | SHA1 | Date | |
|---|---|---|---|
|
17f8a7e972 | ||
|
|
682e043c42 | ||
|
|
edf2ee22f5 | ||
|
|
63878c52be | ||
|
|
5601400e17 | ||
|
|
9a797ddc41 |
14
NEWS
14
NEWS
@ -61,8 +61,8 @@ CHANGES WITH 249 in spe:
|
||||
included in the image. For example, a disk image that contains a
|
||||
root, /home/, and /var/ partitions, may set MakeDirectories=yes to
|
||||
create /home/ and /var/ as empty directories in the root file system
|
||||
on its creation, so that the resulting image can mounted immediately,
|
||||
even in read-only mode.
|
||||
on its creation, so that the resulting image can be mounted
|
||||
immediately, even in read-only mode.
|
||||
|
||||
* systemd-repart's CopyBlocks= setting gained support for the special
|
||||
value "auto". If used, a suitable matching partition on the booted OS
|
||||
@ -134,7 +134,7 @@ CHANGES WITH 249 in spe:
|
||||
* The native Journal protocol has been documented. Clients may talk
|
||||
this as alternative to the classic BSD syslog protocol for locally
|
||||
delivering log records to the Journal. The protocol has been stable
|
||||
since a long time and in fact been implemented already in a variety
|
||||
for a long time and in fact been implemented already in a variety
|
||||
of alternative client libraries. This documentation makes the support
|
||||
for that official:
|
||||
|
||||
@ -226,10 +226,10 @@ CHANGES WITH 249 in spe:
|
||||
that matters most, to the point where this is defined.
|
||||
|
||||
* The Discoverable Partition Specification has been updated with a new
|
||||
GPT partition flag "growsfs" defined for its partition types.
|
||||
Whenever partitions with this flag set are automatically mounted
|
||||
(i.e. via systemd-gpt-auto-generator or the --image= switch of
|
||||
systemd-nspawn or other tools; and as opposed to explicit mounting
|
||||
GPT partition flag "grow-file-system" defined for its partition
|
||||
types. Whenever partitions with this flag set are automatically
|
||||
mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
|
||||
of systemd-nspawn or other tools; and as opposed to explicit mounting
|
||||
via /etc/fstab), the file system within the partition is
|
||||
automatically grown to the full size of the partition. If the file
|
||||
system size already matches the partition size this flag has no
|
||||
|
||||
5
TODO
5
TODO
@ -26,6 +26,11 @@ Janitorial Clean-ups:
|
||||
|
||||
Features:
|
||||
|
||||
* firstboot: allow provisioning of /etc/hosts entries, so that we can via the
|
||||
credentials logic insert host name to resolve into containers/hosts. Usecase:
|
||||
fork a container, and make it ping some specific address which is defined by
|
||||
the host on invocation
|
||||
|
||||
* in sd-id128: also parse UUIDs in RFC4122 URN syntax (i.e. chop off urn:uuid: prefix)
|
||||
|
||||
* ability to insert trusted configuration and secrets into the boot parameters
|
||||
|
||||
38
meson.build
38
meson.build
@ -793,12 +793,37 @@ endif
|
||||
conf.set_quoted('NOBODY_USER_NAME', nobody_user)
|
||||
conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
|
||||
|
||||
tty_gid = get_option('tty-gid')
|
||||
conf.set('TTY_GID', tty_gid)
|
||||
static_ugids = []
|
||||
foreach option : ['adm-gid',
|
||||
'audio-gid',
|
||||
'cdrom-gid',
|
||||
'dialout-gid',
|
||||
'disk-gid',
|
||||
'input-gid',
|
||||
'kmem-gid',
|
||||
'kvm-gid',
|
||||
'lp-gid',
|
||||
'render-gid',
|
||||
'sgx-gid',
|
||||
'tape-gid',
|
||||
'tty-gid',
|
||||
'users-gid',
|
||||
'utmp-gid',
|
||||
'video-gid',
|
||||
'wheel-gid',
|
||||
'systemd-journal-gid',
|
||||
'systemd-network-uid',
|
||||
'systemd-resolve-uid',
|
||||
'systemd-timesync-uid']
|
||||
name = option.underscorify().to_upper()
|
||||
val = get_option(option)
|
||||
|
||||
# Ensure provided GID argument is numeric, otherwise fall back to default assignment
|
||||
users_gid = get_option('users-gid')
|
||||
conf.set('USERS_GID', users_gid < 0 ? '-' : users_gid)
|
||||
# Ensure provided GID argument is numeric, otherwise fall back to default assignment
|
||||
conf.set(name, val >= 0 ? val : '-')
|
||||
if val >= 0
|
||||
static_ugids += '@0@:@1@'.format(option, val)
|
||||
endif
|
||||
endforeach
|
||||
|
||||
conf.set10('ENABLE_ADM_GROUP', get_option('adm-group'))
|
||||
conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group'))
|
||||
@ -3713,14 +3738,13 @@ status = [
|
||||
'extra start script: @0@'.format(get_option('rc-local')),
|
||||
'debug shell: @0@ @ @1@'.format(get_option('debug-shell'),
|
||||
get_option('debug-tty')),
|
||||
'TTY GID: @0@'.format(tty_gid),
|
||||
'users GID: @0@'.format(conf.get('USERS_GID')),
|
||||
'system UIDs: <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_UID_MAX'),
|
||||
conf.get('SYSTEM_ALLOC_UID_MIN')),
|
||||
'system GIDs: <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_GID_MAX'),
|
||||
conf.get('SYSTEM_ALLOC_GID_MIN')),
|
||||
'dynamic UIDs: @0@…@1@'.format(dynamic_uid_min, dynamic_uid_max),
|
||||
'container UID bases: @0@…@1@'.format(container_uid_base_min, container_uid_base_max),
|
||||
'static UID/GID allocations: @0@'.format(' '.join(static_ugids)),
|
||||
'/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')),
|
||||
'render group access mode: @0@'.format(get_option('group-render-mode')),
|
||||
'certificate root directory: @0@'.format(get_option('certificate-root')),
|
||||
|
||||
@ -204,6 +204,7 @@ option('status-unit-format-default', type : 'combo',
|
||||
description : 'use unit name or description in messages by default')
|
||||
option('time-epoch', type : 'integer', value : '-1',
|
||||
description : 'time epoch for time clients')
|
||||
|
||||
option('system-alloc-uid-min', type : 'integer', value : '-1',
|
||||
description : 'minimum system UID used when allocating')
|
||||
option('system-alloc-gid-min', type : 'integer', value : '-1',
|
||||
@ -220,10 +221,6 @@ option('container-uid-base-min', type : 'integer', value : 0x00080000,
|
||||
description : 'minimum container UID base')
|
||||
option('container-uid-base-max', type : 'integer', value : 0x6FFF0000,
|
||||
description : 'maximum container UID base')
|
||||
option('tty-gid', type : 'integer', value : 5,
|
||||
description : 'the numeric GID of the "tty" group')
|
||||
option('users-gid', type : 'integer', value : '-1',
|
||||
description : 'the numeric GID of the "users" group')
|
||||
option('adm-group', type : 'boolean',
|
||||
description : 'the ACL for adm group should be added')
|
||||
option('wheel-group', type : 'boolean',
|
||||
@ -234,6 +231,49 @@ option('nobody-user', type : 'string',
|
||||
option('nobody-group', type : 'string',
|
||||
description : 'The name of the nobody group (the one with GID 65534)',
|
||||
value : 'nobody')
|
||||
option('adm-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "adm" group')
|
||||
option('audio-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "audio" group')
|
||||
option('cdrom-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "cdrom" group')
|
||||
option('dialout-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "dialout" group')
|
||||
option('disk-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "disk" group')
|
||||
option('input-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "input" group')
|
||||
option('kmem-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "kmem" group')
|
||||
option('kvm-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "kvm" group')
|
||||
option('lp-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "lp" group')
|
||||
option('render-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "render" group')
|
||||
option('sgx-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "sgx" group')
|
||||
option('tape-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "tape" group')
|
||||
option('tty-gid', type : 'integer', value : 5,
|
||||
description : 'the numeric GID of the "tty" group')
|
||||
option('users-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "users" group')
|
||||
option('utmp-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "utmp" group')
|
||||
option('video-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "video" group')
|
||||
option('wheel-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the "wheel" group')
|
||||
option('systemd-journal-gid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the systemd-journal group')
|
||||
option('systemd-network-uid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the systemd-network user')
|
||||
option('systemd-resolve-uid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the systemd-resolve user')
|
||||
option('systemd-timesync-uid', type : 'integer', value : '-1',
|
||||
description : 'soft-static allocation for the systemd-timesync user')
|
||||
|
||||
option('dev-kvm-mode', type : 'string', value : '0666',
|
||||
description : '/dev/kvm access mode')
|
||||
option('group-render-mode', type : 'string', value : '0666',
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef bootctl -*- shell-script -*-
|
||||
#compdef bootctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
__bootctl() {
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef busctl -*- shell-script -*-
|
||||
#compdef busctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
# busctl(1) completion -*- shell-script -*-
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef coredumpctl -*- shell-script -*-
|
||||
#compdef coredumpctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_coredumpctl_commands] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef hostnamectl -*- shell-script -*-
|
||||
#compdef hostnamectl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_hostnamectl_hostname] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef journalctl -*- shell-script -*-
|
||||
#compdef journalctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_journalctl_fields] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef kernel-install -*- shell-script -*-
|
||||
#compdef kernel-install
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_kernel-install_images] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef localectl -*- shell-script -*-
|
||||
#compdef localectl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_localectl_set-locale] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef loginctl -*- shell-script -*-
|
||||
#compdef loginctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_loginctl_all_sessions] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef machinectl -*- shell-script -*-
|
||||
#compdef machinectl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[__machinectl_get_machines] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef networkctl -*- shell-script -*-
|
||||
#compdef networkctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_networkctl_commands] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef resolvectl systemd-resolve -*- shell-script -*-
|
||||
#compdef resolvectl systemd-resolve
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
#
|
||||
# This file is part of systemd.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemctl -*- shell-script -*-
|
||||
#compdef systemctl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_systemctl_commands] )) || _systemctl_commands()
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-cat systemd-ask-password systemd-cgls systemd-cgtop systemd-detect-virt systemd-machine-id-setup systemd-notify systemd-tty-ask-password-agent -*- shell-script -*-
|
||||
#compdef systemd-cat systemd-ask-password systemd-cgls systemd-cgtop systemd-detect-virt systemd-machine-id-setup systemd-notify systemd-tty-ask-password-agent
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
local curcontext="$curcontext" state lstate line
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-analyze -*- shell-script -*-
|
||||
#compdef systemd-analyze
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_systemd-analyze_log-level] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-delta -*- shell-script -*-
|
||||
#compdef systemd-delta
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_systemd-delta_types] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-inhibit -*- shell-script -*-
|
||||
#compdef systemd-inhibit
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_systemd-inhibit_commands] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-nspawn -*- shell-script -*-
|
||||
#compdef systemd-nspawn
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_systemd-nspawn_caps] )) ||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-run -*- shell-script -*-
|
||||
#compdef systemd-run
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
# @todo _systemctl has a helper with the same name, so we must redefine
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef systemd-tmpfiles -*- shell-script -*-
|
||||
#compdef systemd-tmpfiles
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
_arguments \
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef timedatectl -*- shell-script -*-
|
||||
#compdef timedatectl
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
_timedatectl_set-timezone(){
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#compdef udevadm -*- shell-script -*-
|
||||
#compdef udevadm
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
(( $+functions[_udevadm_info] )) ||
|
||||
|
||||
@ -5520,7 +5520,11 @@ int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
|
||||
void unit_log_success(Unit *u) {
|
||||
assert(u);
|
||||
|
||||
log_unit_struct(u, LOG_INFO,
|
||||
/* Let's show message "Deactivated successfully" in debug mode (when manager is user) rather than in info mode.
|
||||
* This message has low information value for regular users and it might be a bit overwhelming on a system with
|
||||
* a lot of devices. */
|
||||
log_unit_struct(u,
|
||||
MANAGER_IS_USER(u->manager) ? LOG_DEBUG : LOG_INFO,
|
||||
"MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
|
||||
LOG_UNIT_INVOCATION_ID(u),
|
||||
LOG_UNIT_MESSAGE(u, "Deactivated successfully."));
|
||||
|
||||
@ -12,28 +12,28 @@ u root 0 "Super User" /root
|
||||
u {{NOBODY_USER_NAME}} 65534 "Nobody" -
|
||||
|
||||
# Administrator group: can *see* more than normal users
|
||||
g adm - - -
|
||||
g adm {{ADM_GID }} - -
|
||||
|
||||
# Administrator group: can *do* more than normal users
|
||||
g wheel - - -
|
||||
g wheel {{WHEEL_GID }} - -
|
||||
|
||||
# Access to certain kernel and userspace facilities
|
||||
g kmem - - -
|
||||
g tty {{TTY_GID}} - -
|
||||
g utmp - - -
|
||||
# Access to shared database of users on the system
|
||||
g utmp {{UTMP_GID }} - -
|
||||
|
||||
# Hardware access groups
|
||||
g audio - - -
|
||||
g cdrom - - -
|
||||
g dialout - - -
|
||||
g disk - - -
|
||||
g input - - -
|
||||
g kvm - - -
|
||||
g lp - - -
|
||||
g render - - -
|
||||
g sgx - - -
|
||||
g tape - - -
|
||||
g video - - -
|
||||
# Physical and virtual hardware access groups
|
||||
g audio {{AUDIO_GID }} - -
|
||||
g cdrom {{CDROM_GID }} - -
|
||||
g dialout {{DIALOUT_GID}} - -
|
||||
g disk {{DISK_GID }} - -
|
||||
g input {{INPUT_GID }} - -
|
||||
g kmem {{KMEM_GID }} - -
|
||||
g kvm {{KVM_GID }} - -
|
||||
g lp {{LP_GID }} - -
|
||||
g render {{RENDER_GID }} - -
|
||||
g sgx {{SGX_GID }} - -
|
||||
g tape {{TAPE_GID }} - -
|
||||
g tty {{TTY_GID }} - -
|
||||
g video {{VIDEO_GID }} - -
|
||||
|
||||
# Default group for normal users
|
||||
g users {{USERS_GID}} - -
|
||||
g users {{USERS_GID }} - -
|
||||
|
||||
@ -5,18 +5,18 @@
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
g systemd-journal - -
|
||||
g systemd-journal {{SYSTEMD_JOURNAL_GID}} -
|
||||
{% if ENABLE_NETWORKD %}
|
||||
u systemd-network - "systemd Network Management"
|
||||
u systemd-network {{SYSTEMD_NETWORK_UID}} "systemd Network Management"
|
||||
{% endif %}
|
||||
{% if ENABLE_OOMD %}
|
||||
u systemd-oom - "systemd Userspace OOM Killer"
|
||||
{% endif %}
|
||||
{% if ENABLE_RESOLVE %}
|
||||
u systemd-resolve - "systemd Resolver"
|
||||
u systemd-resolve {{SYSTEMD_RESOLVE_UID}} "systemd Resolver"
|
||||
{% endif %}
|
||||
{% if ENABLE_TIMESYNCD %}
|
||||
u systemd-timesync - "systemd Time Synchronization"
|
||||
u systemd-timesync {{SYSTEMD_TIMESYNC_UID}} "systemd Time Synchronization"
|
||||
{% endif %}
|
||||
{% if ENABLE_COREDUMP %}
|
||||
u systemd-coredump - "systemd Core Dumper"
|
||||
|
||||
@ -1006,12 +1006,14 @@ create_empty_image() {
|
||||
fi
|
||||
|
||||
local size=500
|
||||
if [ -z "$NO_BUILD" ]; then
|
||||
if meson configure "${BUILD_DIR:?}" | grep 'static-lib\|standalone-binaries' | awk '{ print $2 }' | grep -q 'true'; then
|
||||
size=$((size+=200))
|
||||
fi
|
||||
if meson configure "${BUILD_DIR:?}" | grep 'link-.*-shared' | awk '{ print $2 }' | grep -q 'false'; then
|
||||
size=$((size+=200))
|
||||
fi
|
||||
fi
|
||||
if [[ "$STRIP_BINARIES" = "no" ]]; then
|
||||
size=$((4 * size))
|
||||
fi
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user