/*.tar.bz2
/*.tar.gz
/*.tar.xz
+/30-systemd-environment-d-generator
/GPATH
/GRTAGS
/GSYMS
/systemd-debug-generator
/systemd-delta
/systemd-detect-virt
+/systemd-dissect
/systemd-escape
/systemd-export
/systemd-firstboot
/systemd-update-utmp
/systemd-user-sessions
/systemd-vconsole-setup
+/systemd-veritysetup
+/systemd-veritysetup-generator
+/systemd-volatile-root
/tags
/test-acd
/test-acl-util
/test-dhcp-option
/test-dhcp-server
/test-dhcp6-client
+/test-dissect-image
/test-dns-domain
/test-dns-packet
/test-dnssec
/test-env-util
/test-escape
/test-event
+/test-exec-util
/test-execute
/test-extract-word
/test-fd-util
/test-fs-util
/test-fstab-util
/test-glob-util
+/test-hash
/test-hashmap
/test-hexdecoct
/test-hostname
/test-journal
/test-journal-enum
/test-journal-flush
+/test-journal-importer
/test-journal-init
/test-journal-interleaving
/test-journal-match
/test-loopback
/test-machine-tables
/test-mmap-cache
+/test-mount-util
/test-namespace
/test-ndisc-rs
/test-netlink
Lukáš Nykrýn <lnykryn@redhat.com>
Heikki Kemppainen <heikki.kemppainen@nokia.com>
Hendrik Brueckner <hbrueckner@users.noreply.github.com>
+Alexandros Frantzis <alexandros.frantzis@canonical.com>
+Alexander Kochetkov <al.kochet@gmail.com>
+Fionn Cleary <clearyf@tcd.ie>
+Michel Kraus <github@demonsphere.de> <27o@users.noreply.github.com>
+Charles (Chas) Williams <ciwillia@brocade.com>
+Emil Soleyman <emil@soleyman.com>
+Dmitry Khlebnikov <dmitry.khlebnikov@rea-group.com> <galaxy4public@users.noreply.github.com>
+Antoine Eiche <lewo@abesis.fr>
+Gianluca Boiano <morf3089@gmail.com>
+Paolo Giangrandi <paolo@luccalug.it>
+Karl Kraus <karl.kraus@tum.de> <laqueray@gmail.com>
+Tibor Nagy <xnagytibor@gmail.com>
+Stuart McLaren <stuart.mclaren@hp.com>
and Linux/GNU-specific APIs, we generally prefer the POSIX APIs. If there
aren't, we are happy to use GNU or Linux APIs, and expect non-GNU
implementations of libc to catch up with glibc.
+
+- Whenever installing a signal handler, make sure to set SA_RESTART for it, so
+ that interrupted system calls are automatically restarted, and we minimize
+ hassles with handling EINTR (in particular as EINTR handling is pretty broken
+ on Linux).
man/sd_id128_from_string.3 \
man/sd_id128_get_boot.3 \
man/sd_id128_get_invocation.3 \
+ man/sd_id128_get_machine_app_specific.3 \
man/sd_machine_get_ifindices.3 \
man/sd_notifyf.3 \
man/sd_pid_notify.3 \
man/sd_id128_from_string.3: man/sd_id128_to_string.3
man/sd_id128_get_boot.3: man/sd_id128_get_machine.3
man/sd_id128_get_invocation.3: man/sd_id128_get_machine.3
+man/sd_id128_get_machine_app_specific.3: man/sd_id128_get_machine.3
man/sd_machine_get_ifindices.3: man/sd_machine_get_class.3
man/sd_notifyf.3: man/sd_notify.3
man/sd_pid_notify.3: man/sd_notify.3
man/sd_id128_get_invocation.html: man/sd_id128_get_machine.html
$(html-alias)
+man/sd_id128_get_machine_app_specific.html: man/sd_id128_get_machine.html
+ $(html-alias)
+
man/sd_machine_get_ifindices.html: man/sd_machine_get_class.html
$(html-alias)
# Keep the test-suite.log
.PRECIOUS: $(TEST_SUITE_LOG) Makefile
-LIBELOGIND_CURRENT=17
-LIBELOGIND_REVISION=2
-LIBELOGIND_AGE=17
+LIBELOGIND_CURRENT=18
+LIBELOGIND_REVISION=0
+LIBELOGIND_AGE=18
# Dirs of external packages
dbuspolicydir=@dbuspolicydir@
pkgconfigdatadir=$(datadir)/pkgconfig
pkgconfiglibdir=$(libdir)/pkgconfig
polkitpolicydir=$(datadir)/polkit-1/actions
+polkitrulesdir=$(datadir)/polkit-1/rules.d
+polkitpkladir=$(localstatedir)/lib/polkit-1/localauthority/10-vendor.d
bashcompletiondir=@bashcompletiondir@
zshcompletiondir=@zshcompletiondir@
pkgconfiglib_DATA =
polkitpolicy_in_files =
polkitpolicy_files =
+polkitrules_files =
+polkitpkla_files =
dist_udevrules_DATA =
nodist_udevrules_DATA =
dist_pkgsysconf_DATA =
-DLIBDIR=\"$(libdir)\" \
-DROOTLIBDIR=\"$(rootlibdir)\" \
-DROOTLIBEXECDIR=\"$(rootlibexecdir)\" \
- -DTEST_DIR=\"$(abs_top_srcdir)/test\" \
-I $(top_srcdir)/src \
-I $(top_builddir)/src/basic \
-I $(top_srcdir)/src/basic \
-I $(top_srcdir)/src/libelogind/sd-id128 \
-I $(top_srcdir)/src/update-utmp \
-I $(top_srcdir)/src/sleep \
+ -DABS_SRC_DIR=\"$(abs_top_srcdir)\" \
+ -DABS_BUILD_DIR=\"$(abs_top_builddir)\" \
$(OUR_CPPFLAGS)
AM_CFLAGS = $(OUR_CFLAGS)
# ------------------------------------------------------------------------------
substitutions = \
+ '|rootlibdir=$(rootlibdir)|' \
'|rootlibexecdir=$(rootlibexecdir)|' \
'|rootbindir=$(rootbindir)|' \
'|bindir=$(bindir)|' \
SED_PROCESS = \
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(SED) $(subst '|,-e 's|@,$(subst =,\@|,$(subst |',|g',$(substitutions)))) \
- < $< > $@
+ -e '/^\#\# /d' \
+ < $< > $@
man/%: man/%.in
$(SED_PROCESS)
if ENABLE_POLKIT
nodist_polkitpolicy_DATA = \
$(polkitpolicy_files)
+polkitrules_DATA = $(polkitrules_files)
+polkitpkla_DATA = $(polkitpkla_files)
endif
EXTRA_DIST += \
if $(LIBTOOL) --mode=execute file $$f | grep -q shell; then \
echo -e "$${x}Skipping non-binary $$f"; else \
echo -e "$${x}Running $$f"; \
- libtool --mode=execute valgrind -q --leak-check=full --max-stackframe=5242880 --error-exitcode=55 $(builddir)/$$f ; fi; \
+ $(AM_TESTS_ENVIRONMENT) $(LIBTOOL) --mode=execute valgrind -q --leak-check=full --max-stackframe=5242880 --error-exitcode=55 $(builddir)/$$f ; fi; \
x="\n\n"; \
done
systemd System and Service Manager
+CHANGES WITH 233:
+
+ * The "hybrid" control group mode has been modified to improve
+ compatibility with "legacy" cgroups-v1 setups. Specifically, the
+ "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
+ "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
+ cgroups-v1 hierarchy), the only externally visible change being that
+ the cgroups-v2 hierarchy is also mounted, to
+ /sys/fs/cgroup/unified. This should provide a large degree of
+ compatibility with "legacy" cgroups-v1, while taking benefit of the
+ better management capabilities of cgroups-v2.
+
+ * The default control group setup mode may be selected both a boot-time
+ via a set of kernel command line parameters (specifically:
+ systemd.unified_cgroup_hierarchy= and
+ systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
+ default selected on the configure command line
+ (--with-default-hierarchy=). The upstream default is "hybrid"
+ (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
+ this will change in a future systemd version to be "unified" (pure
+ cgroups-v2 mode). The third option for the compile time option is
+ "legacy", to enter pure cgroups-v1 mode. We recommend downstream
+ distributions to default to "hybrid" mode for release distributions,
+ starting with v233. We recommend "unified" for development
+ distributions (specifically: distributions such as Fedora's rawhide)
+ as that's where things are headed in the long run. Use "legacy" for
+ greatest stability and compatibility only.
+
+ * Note one current limitation of "unified" and "hybrid" control group
+ setup modes: the kernel currently does not permit the systemd --user
+ instance (i.e. unprivileged code) to migrate processes between two
+ disconnected cgroup subtrees, even if both are managed and owned by
+ the user. This effectively means "systemd-run --user --scope" doesn't
+ work when invoked from outside of any "systemd --user" service or
+ scope. Specifically, it is not supported from session scopes. We are
+ working on fixing this in a future systemd version. (See #3388 for
+ further details about this.)
+
+ * DBus policy files are now installed into /usr rather than /etc. Make
+ sure your system has dbus >= 1.9.18 running before upgrading to this
+ version, or override the install path with --with-dbuspolicydir= .
+
+ * All python scripts shipped with systemd (specifically: the various
+ tests written in Python) now require Python 3.
+
+ * systemd unit tests can now run standalone (without the source or
+ build directories), and can be installed into /usr/lib/systemd/tests/
+ with 'make install-tests'.
+
+ * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
+ CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
+ kernel.
+
+ * Support for the %c, %r, %R specifiers in unit files has been
+ removed. Specifiers are not supposed to be dependent on configuration
+ in the unit file itself (so that they resolve the same regardless
+ where used in the unit files), but these specifiers were influenced
+ by the Slice= option.
+
+ * The shell invoked by debug-shell.service now defaults to /bin/sh in
+ all cases. If distributions want to use a different shell for this
+ purpose (for example Fedora's /sbin/sushell) they need to specify
+ this explicitly at configure time using --with-debug-shell=.
+
+ * The confirmation spawn prompt has been reworked to offer the
+ following choices:
+
+ (c)ontinue, proceed without asking anymore
+ (D)ump, show the state of the unit
+ (f)ail, don't execute the command and pretend it failed
+ (h)elp
+ (i)nfo, show a short summary of the unit
+ (j)obs, show jobs that are in progress
+ (s)kip, don't execute the command and pretend it succeeded
+ (y)es, execute the command
+
+ The 'n' choice for the confirmation spawn prompt has been removed,
+ because its meaning was confusing.
+
+ The prompt may now also be redirected to an alternative console by
+ specifying the console as parameter to systemd.confirm_spawn=.
+
+ * Services of Type=notify require a READY=1 notification to be sent
+ during startup. If no such message is sent, the service now fails,
+ even if the main process exited with a successful exit code.
+
+ * Services that fail to start up correctly now always have their
+ ExecStopPost= commands executed. Previously, they'd enter "failed"
+ state directly, without executing these commands.
+
+ * The option MulticastDNS= of network configuration files has acquired
+ an actual implementation. With MulticastDNS=yes a host can resolve
+ names of remote hosts and reply to mDNS A and AAAA requests.
+
+ * When units are about to be started an additional check is now done to
+ ensure that all dependencies of type BindsTo= (when used in
+ combination with After=) have been started.
+
+ * systemd-analyze gained a new verb "syscall-filter" which shows which
+ system call groups are defined for the SystemCallFilter= unit file
+ setting, and which system calls they contain.
+
+ * A new system call filter group "@filesystem" has been added,
+ consisting of various file system related system calls. Group
+ "@reboot" has been added, covering reboot, kexec and shutdown related
+ calls. Finally, group "@swap" has been added covering swap
+ configuration related calls.
+
+ * A new unit file option RestrictNamespaces= has been added that may be
+ used to restrict access to the various process namespace types the
+ Linux kernel provides. Specifically, it may be used to take away the
+ right for a service unit to create additional file system, network,
+ user, and other namespaces. This sandboxing option is particularly
+ relevant due to the high amount of recently discovered namespacing
+ related vulnerabilities in the kernel.
+
+ * systemd-udev's .link files gained support for a new AutoNegotiation=
+ setting for configuring Ethernet auto-negotiation.
+
+ * systemd-networkd's .network files gained support for a new
+ ListenPort= setting in the [DHCP] section to explicitly configure the
+ UDP client port the DHCP client shall listen on.
+
+ * .network files gained a new Unmanaged= boolean setting for explicitly
+ excluding one or more interfaces from management by systemd-networkd.
+
+ * The systemd-networkd ProxyARP= option has been renamed to
+ IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
+ renamed to ReduceARPProxy=. The old names continue to be available
+ for compatibility.
+
+ * systemd-networkd gained support for configuring IPv6 Proxy NDP
+ addresses via the new IPv6ProxyNDPAddress= .network file setting.
+
+ * systemd-networkd's bonding device support gained support for two new
+ configuration options ActiveSlave= and PrimarySlave=.
+
+ * The various options in the [Match] section of .network files gained
+ support for negative matching.
+
+ * New systemd-specific mount options are now understood in /etc/fstab:
+
+ x-systemd.mount-timeout= may be used to configure the maximum
+ permitted runtime of the mount command.
+
+ x-systemd.device-bound may be set to bind a mount point to its
+ backing device unit, in order to automatically remove a mount point
+ if its backing device is unplugged. This option may also be
+ configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
+ on the block device, which is now automatically set for all CDROM
+ drives, so that mounted CDs are automatically unmounted when they are
+ removed from the drive.
+
+ x-systemd.after= and x-systemd.before= may be used to explicitly
+ order a mount after or before another unit or mount point.
+
+ * Enqueued start jobs for device units are now automatically garbage
+ collected if there are no jobs waiting for them anymore.
+
+ * systemctl list-jobs gained two new switches: with --after, for every
+ queued job the jobs it's waiting for are shown; with --before the
+ jobs which it's blocking are shown.
+
+ * systemd-nspawn gained support for ephemeral boots from disk images
+ (or in other words: --ephemeral and --image= may now be
+ combined). Moreover, ephemeral boots are now supported for normal
+ directories, even if the backing file system is not btrfs. Of course,
+ if the file system does not support file system snapshots or
+ reflinks, the initial copy operation will be relatively expensive, but
+ this should still be suitable for many use cases.
+
+ * Calendar time specifications in .timer units now support
+ specifications relative to the end of a month by using "~" instead of
+ "-" as separator between month and day. For example, "*-02~03" means
+ "the third last day in February". In addition a new syntax for
+ repeated events has been added using the "/" character. For example,
+ "9..17/2:00" means "every two hours from 9am to 5pm".
+
+ * systemd-socket-proxyd gained a new parameter --connections-max= for
+ configuring the maximum number of concurrent connections.
+
+ * sd-id128 gained a new API for generating unique IDs for the host in a
+ way that does not leak the machine ID. Specifically,
+ sd_id128_get_machine_app_specific() derives an ID based on the
+ machine ID a in well-defined, non-reversible, stable way. This is
+ useful whenever an identifier for the host is needed but where the
+ identifier shall not be useful to identify the system beyond the
+ scope of the application itself. (Internally this uses HMAC-SHA256 as
+ keyed hash function using the machine ID as input.)
+
+ * NotifyAccess= gained a new supported value "exec". When set
+ notifications are accepted from all processes systemd itself invoked,
+ including all control processes.
+
+ * .nspawn files gained support for defining overlay mounts using the
+ Overlay= and OverlayReadOnly= options. Previously this functionality
+ was only available on the systemd-nspawn command line.
+
+ * systemd-nspawn's --bind= and --overlay= options gained support for
+ bind/overlay mounts whose source lies within the container tree by
+ prefixing the source path with "+".
+
+ * systemd-nspawn's --bind= and --overlay= options gained support for
+ automatically allocating a temporary source directory in /var/tmp
+ that is removed when the container dies. Specifically, if the source
+ directory is specified as empty string this mechanism is selected. An
+ example usage is --overlay=+/var::/var, which creates an overlay
+ mount based on the original /var contained in the image, overlayed
+ with a temporary directory in the host's /var/tmp. This way changes
+ to /var are automatically flushed when the container shuts down.
+
+ * systemd-nspawn --image= option does now permit raw file system block
+ devices (in addition to images containing partition tables, as
+ before).
+
+ * The disk image dissection logic in systemd-nspawn gained support for
+ automatically setting up LUKS encrypted as well as Verity protected
+ partitions. When a container is booted from an encrypted image the
+ passphrase is queried at start-up time. When a container with Verity
+ data is started, the root hash is search in a ".roothash" file
+ accompanying the disk image (alternatively, pass the root hash via
+ the new --root-hash= command line option).
+
+ * A new tool /usr/lib/systemd/systemd-dissect has been added that may
+ be used to dissect disk images the same way as systemd-nspawn does
+ it, following the Bootable Partition Specification. It may even be
+ used to mount disk images with complex partition setups (including
+ LUKS and Verity partitions) to a local host directory, in order to
+ inspect them. This tool is not considered public API (yet), and is
+ thus not installed into /usr/bin. Please do not rely on its
+ existence, since it might go away or be changed in later systemd
+ versions.
+
+ * A new generator "systemd-verity-generator" has been added, similar in
+ style to "systemd-cryptsetup-generator", permitting automatic setup of
+ Verity root partitions when systemd boots up. In order to make use of
+ this your partition setup should follow the Discoverable Partitions
+ Specification, and the GPT partition ID of the root file system
+ partition should be identical to the upper 128bit of the Verity root
+ hash. The GPT partition ID of the Verity partition protecting it
+ should be the lower 128bit of the Verity root hash. If the partition
+ image follows this model it is sufficient to specify a single
+ "roothash=" kernel command line argument to both configure which root
+ image and verity partition to use as well as the root hash for
+ it. Note that systemd-nspawn's Verity support follows the same
+ semantics, meaning that disk images with proper Verity data in place
+ may be booted in containers with systemd-nspawn as well as on
+ physical systems via the verity generator. Also note that the "mkosi"
+ tool available at https://github.com/systemd/mkosi has been updated
+ to generate Verity protected disk images following this scheme. In
+ fact, it has been updated to generate disk images that optionally
+ implement a complete UEFI SecureBoot trust chain, involving a signed
+ kernel and initrd image that incorporates such a root hash as well as
+ a Verity-enabled root partition.
+
+ * The hardware database (hwdb) udev supports has been updated to carry
+ accelerometer quirks.
+
+ * All system services are now run with a fresh kernel keyring set up
+ for them. The invocation ID is stored by default in it, thus
+ providing a safe, non-overridable way to determine the invocation
+ ID of each service.
+
+ * Service unit files gained new BindPaths= and BindReadOnlyPaths=
+ options for bind mounting arbitrary paths in a service-specific
+ way. When these options are used, arbitrary host or service files and
+ directories may be mounted to arbitrary locations in the service's
+ view.
+
+ * Documentation has been added that lists all of systemd's low-level
+ environment variables:
+
+ https://github.com/systemd/systemd/blob/master/ENVIRONMENT.md
+
+ * sd-daemon gained a new API sd_is_socket_sockaddr() for determining
+ whether a specific socket file descriptor matches a specified socket
+ address.
+
+ * systemd-firstboot has been updated to check for the
+ systemd.firstboot= kernel command line option. It accepts a boolean
+ and when set to false the first boot questions are skipped.
+
+ * systemd-fstab-generator has been updated to check for the
+ systemd.volatile= kernel command line option, which either takes an
+ optional boolean parameter or the special value "state". If used the
+ system may be booted in a "volatile" boot mode. Specifically,
+ "systemd.volatile" is used, the root directory will be mounted as
+ tmpfs, and only /usr is mounted from the actual root file system. If
+ "systemd.volatile=state" is used, the root directory will be mounted
+ as usual, but /var is mounted as tmpfs. This concept provides similar
+ functionality as systemd-nspawn's --volatile= option, but provides it
+ on physical boots. Use this option for implementing stateless
+ systems, or testing systems with all state and/or configuration reset
+ to the defaults. (Note though that many distributions are not
+ prepared to boot up without a populated /etc or /var, though.)
+
+ * systemd-gpt-auto-generator gained support for LUKS encrypted root
+ partitions. Previously it only supported LUKS encrypted partitions
+ for all other uses, except for the root partition itself.
+
+ * Socket units gained support for listening on AF_VSOCK sockets for
+ communication in virtualized QEMU environments.
+
+ * The "configure" script gained a new option --with-fallback-hostname=
+ for specifying the fallback hostname to use if none is configured in
+ /etc/hostname. For example, by specifying
+ --with-fallback-hostname=fedora it is possible to default to a
+ hostname of "fedora" on pristine installations.
+
+ * systemd-cgls gained support for a new --unit= switch for listing only
+ the control groups of a specific unit. Similar --user-unit= has been
+ added for listing only the control groups of a specific user unit.
+
+ * systemd-mount gained a new --umount switch for unmounting a mount or
+ automount point (and all mount/automount points below it).
+
+ * systemd will now refuse full configuration reloads (via systemctl
+ daemon-reload and related calls) unless at least 16MiB of free space
+ are available in /run. This is a safety precaution in order to ensure
+ that generators can safely operate after the reload completed.
+
+ * A new unit file option RootImage= has been added, which has a similar
+ effect as RootDirectory= but mounts the service's root directory from
+ a disk image instead of plain directory. This logic reuses the same
+ image dissection and mount logic that systemd-nspawn already uses,
+ and hence supports any disk images systemd-nspawn supports, including
+ those following the Discoverable Partition Specification, as well as
+ Verity enabled images. This option enables systemd to run system
+ services directly off disk images acting as resource bundles,
+ possibly even including full integrity data.
+
+ * A new MountAPIVFS= unit file option has been added, taking a boolean
+ argument. If enabled /proc, /sys and /dev (collectively called the
+ "API VFS") will be mounted for the service. This is only relevant if
+ RootDirectory= or RootImage= is used for the service, as these mounts
+ are of course in place in the host mount namespace anyway.
+
+ * systemd-nspawn gained support for a new --pivot-root= switch. If
+ specified the root directory within the container image is pivoted to
+ the specified mount point, while the original root disk is moved to a
+ different place. This option enables booting of ostree images
+ directly with systemd-nspawn.
+
+ * The systemd build scripts will no longer complain if the NTP server
+ addresses are not changed from the defaults. Google now supports
+ these NTP servers officially. We still recommend downstreams to
+ properly register an NTP pool with the NTP pool project though.
+
+ * coredumpctl gained new new "--reverse" option for printing the list
+ of coredumps in reverse order.
+
+ * coredumpctl will now show additional information about truncated and
+ inaccessible coredumps, as well as coredumps that are still being
+ processed. It also gained a new --quiet switch for suppressing
+ additional informational message in its output.
+
+ * coredumpctl gained support for only showing coredumps newer and/or
+ older than specific timestamps, using the new --since= and --until=
+ options, reminiscent of journalctl's options by the same name.
+
+ * The systemd-coredump logic has been improved so that it may be reused
+ to collect backtraces in non-compiled languages, for example in
+ scripting languages such as Python.
+
+ * machinectl will now show the UID shift of local containers, if user
+ namespacing is enabled for them.
+
+ * systemd will now optionally run "environment generator" binaries at
+ configuration load time. They may be used to add environment
+ variables to the environment block passed to services invoked. One
+ user environment generator is shipped by default that sets up
+ environment variables based on files dropped into /etc/environment.d
+ and ~/.config/environment.d/.
+
+ * systemd-resolved now includes the new, recently published 2017 DNSSEC
+ root key (KSK).
+
+ * hostnamed has been updated to report a new chassis type of
+ "convertible" to cover "foldable" laptops that can both act as a
+ tablet and as a laptop, such as various Lenovo Yoga devices.
+
+ Contributions from: Adrián López, Alexander Galanin, Alexander
+ Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
+ Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
+ Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
+ Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
+ David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
+ Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
+ Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
+ Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
+ Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
+ Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
+ Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
+ Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
+ Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
+ Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
+ Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
+ Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
+ Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
+ Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
+ Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
+ Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
+ Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
+ Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
+ Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
+ Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
+ Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
+ Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
+ YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
+ Тихонов
+
+ — Berlin, 2017-03-01
+
CHANGES WITH 232:
+ * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
+ RestrictAddressFamilies= enabled. These sandboxing options should
+ generally be compatible with the various external udev call-out
+ binaries we are aware of, however there may be exceptions, in
+ particular when exotic languages for these call-outs are used. In
+ this case, consider turning off these settings locally.
+
* The new RemoveIPC= option can be used to remove IPC objects owned by
the user or group of a service when that service exits.
gudev from the Gnome project instead. gudev is still included
in systemd, for now. It will be removed soon, though. Please
also see the announcement-thread on systemd-devel:
- http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
+ https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
* systemd now exposes a CPUUsageNSec= property for each
service unit on the bus, that contains the overall consumed
also supports LUKS-encrypted partitions now. With this in
place, automatic discovery of partitions to mount following
the Discoverable Partitions Specification
- (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)
+ (https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)
is now a lot more complete. This allows booting without
/etc/fstab and without root= on the kernel command line on
systems prepared appropriately.
* A new libsystemd-bus module has been added that implements a
pretty complete D-Bus client library. For details see:
- http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
+ https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
* journald will now explicitly flush the journal files to disk
at the latest 5min after each write. The file will then also
only in conjunction with Gummiboot, but could be supported
by other boot loaders too. For details see:
- http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
+ https://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
* A new generator has been added that automatically mounts the
EFI System Partition (ESP) to /boot, if that directory
* A new tool kernel-install has been added that can install
kernel images according to the Boot Loader Specification:
- http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
+ https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
* Boot time console output has been improved to provide
animated boot time output for hanging jobs.
of these policies is now the default. Please see this wiki
document for details:
- http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
+ https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
* Auke Kok's bootchart implementation has been added to the
systemd tree. It is an optional component that can graph the
indexed database to link up additional information with
journal entries. For further details please check:
- http://www.freedesktop.org/wiki/Software/systemd/catalog
+ https://www.freedesktop.org/wiki/Software/systemd/catalog
The indexed message catalog database also needs to be
rebuilt after installation of message catalog files. Use
* A framework for implementing offline system updates is now
integrated, for details see:
- http://freedesktop.org/wiki/Software/systemd/SystemUpdates
+ https://www.freedesktop.org/wiki/Software/systemd/SystemUpdates
* A new service type Type=idle is available now which helps us
avoiding ugly interleaving of getty output and boot status
* New unit file option ControlGroupPersistent= to make cgroups
persistent, following the mechanisms outlined in
- http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
+ https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
* Support multiple local RTCs in a sane way
* Processes with '@' in argv[0][0] are now excluded from the
final shut-down killing spree, following the logic explained
in:
- http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons
+ https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons
* All processes remaining in a service cgroup when we enter
the START or START_PRE states are now killed with
Environment=ONE='one' "TWO='two two' too" THREE=
ExecStart=/bin/python3 -c 'import sys;print(sys.argv)' $ONE $TWO $THREE
-* When systemctl --host is used, underlying ssh connection can remain open.
- bus_close does not kill children?
-
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
Janitorial Clean-ups:
-* code cleanup: retire FOREACH_WORD_QUOTED, port to extract_first_word() loops instead.
- For example, most conf parsing callbacks should use it.
-
-* replace manual readdir() loops with FOREACH_DIRENT or FOREACH_DIRENT_ALL
-
* Rearrange tests so that the various test-xyz.c match a specific src/basic/xyz.c again
Features:
+* sort generated hwdb files alphabetically when we import them, so that git
+ diffs remain minimal (in particular: the OUI databases we import are not
+ sorted, and not stable)
+
+* set SystemCallArchitectures=native on all our services
+
+* maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for
+ the sd-journal logging socket, and, if the timeout is set to 0, sets
+ O_NONBLOCK on it. That way people can control if and when to block for
+ logging.
+
+* tighten sd_notify() MAINPID= checks a bit: don't accept foreign PIDs (i.e.
+ PIDs not managed by the service manager)
+
+* journald: when we recv a log datagram via the native or syslog transports,
+ search for the PID in the active stream connections, and let's make sure to
+ always process the datagrams before the streams. Then, cache client metadata
+ per stream in the stream object. This way we can somewhat fix the race with
+ quickly exiting processes which log as long as they had their own stream
+ connection...
+
+* hostnamed: populate form factor data from a new hwdb database, so that old
+ yogas can be recognized as "convertible" too, even if they predate the DMI
+ "convertible" form factor
+
+* Maybe add a small tool invoked early at boot, that adds in or resizes
+ partitions automatically, to be used when the media used is actually larger
+ than the image written onto it is.
+
+* Maybe add PrivatePIDs= as new unit setting, and do minimal PID namespacing
+ after all. Be strict however, only support the equivalent of nspawn's
+ --as-pid2 switch, and sanely proxy sd_notify() messages dropping stuff such
+ as MAINPID.
+
+* change the dependency Set* objects in Unit structures to become Hashmap*, and
+ then store a bit mask who created a specific dependency: the source unit via
+ fragment configuration, the destination unit via fragment configuration, or
+ the source unit via udev rules (in case of .device units), or any combination
+ thereof. This information can then be used to flush out old udev-created
+ dependencies when the udev properties change, and eventually to implement a
+ "systemctl refresh" operation for reloading the configuration of individual
+ units without reloading the whole set.
+
+* Add ExecMonitor= setting. May be used multiple times. Forks off a process in
+ the service cgroup, which is supposed to monitor the service, and when it
+ exits the service is considered failed by its monitor.
+
+* track the per-service PAM process properly (i.e. as an additional control
+ process), so that it may be queried on the bus and everything.
+
+* add a new "debug" job mode, that is propagated to unit_start() and for
+ services results in two things: we raise SIGSTOP right before invoking
+ execve() and turn off watchdog support. Then, use that to implement
+ "systemd-gdb" for attaching to the start-up of any system service in its
+ natural habitat.
+
+* replace all canonicalize_file_name() invocations by chase_symlinks(), in
+ particulr those where a rootdir is relevant.
+
+* maybe introduce gpt auto discovery for /var/tmp?
+
+* set ProtectSystem=strict for all our usual services.
+
+* fix PrivateNetwork= so that we fall back gracefully on kernels lacking
+ namespacing support (similar for the other namespacing options)
+
+* maybe add gpt-partition-based user management: each user gets his own
+ LUKS-encrypted GPT partition with a new GPT type. A small nss module
+ enumerates users via udev partition enumeration. UIDs are assigned in a fixed
+ way: the partition index is added as offset to some fixed base uid. User name
+ is stored in GPT partition name. A PAM module authenticates the user via the
+ LUKS partition password. Benefits: strong per-user security, compatibility
+ with stateless/read-only/verity-enabled root. (other idea: do this based on
+ loopback files in /home, without GPT involvement)
+
+* gpt-auto logic: introduce support for discovering /var matching an image. For
+ that, use a partition type UUID that is hashed from the OS name (as encoded
+ in /etc/os-release), the architecture, and 4 new bits from the gpt flags
+ field of the root partition. This way can easily support multiple OS
+ installations on the same GPT partition table, without problems with
+ unmatched /var partitions.
+
+* gpt-auto logic: related to the above, maybe support a "secondary" root
+ partition, that is mounted to / and is writable, and where the actual root's
+ /usr is mounted into.
+
+* machined: add apis to query /etc/machine-info data of a container
+
+* .mount and .swap units: add Format=yes|no option that formats the partition before mounting/enabling it, implicitly
+
+* gpt-auto logic: support encrypted swap, add kernel cmdline option to force it, and honour a gpt bit about it, plus maybe a configuration file
+
* drop nss-myhostname in favour of nss-resolve?
* drop internal dlopen() based nss-dns fallback in nss-resolve, and rely on the
* switch to ProtectSystem=strict for all our long-running services where that's possible
-* If RootDirectory= is used, mount /proc, /sys, /dev into it, if not mounted yet
-
* Permit masking specific netlink APIs with RestrictAddressFamily=
* nspawn: start UID allocation loop from hash of container name
* define gpt header bits to select volatility mode
-* nspawn: mount loopback filesystems with "discard"
-
* ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
* ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
-* ProtectKernelModules= (drops CAP_SYS_MODULE and filters the kmod syscalls)
-
* ProtectTracing= (drops CAP_SYS_PTRACE, blocks ptrace syscall, makes /sys/kernel/tracing go away)
* ProtectMount= (drop mount/umount/pivot_root from seccomp, disallow fuse via DeviceAllow, imply Mountflags=slave)
* Add DataDirectory=, CacheDirectory= and LogDirectory= to match
RuntimeDirectory=, and create it as necessary when starting a service, owned by the right user.
-* Add BindDirectory= for allowing arbitrary, private bind mounts for services
-
-* Add RootImage= for mounting a disk image or file as root directory
-
-* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
-
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
* journalctl: make sure -f ends when the container indicated by -M terminates
* journald: sigbus API via a signal-handler safe function that people may call
from the SIGBUS handler
-* move specifier expansion from service_spawn() into load-fragment.c
-
* optionally, also require WATCHDOG=1 notifications during service start-up and shutdown
* resolved: when routing queries, make sure only look for the *longest* suffix...
* support empty /etc boots nicely:
- nspawn/gpt-generator: introduce new gpt partition type for /usr
- - fstab-generator: support systemd.volatile=yes|no|state on the kernel cmdline, too, similar to nspawn's --volatile=
* generator that automatically discovers btrfs subvolumes, identifies their purpose based on some xattr on them.
* For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services
they run added to the initial transaction and thus confuse Type=idle.
-* Run most system services with cgroupfs read-only and procfs with a more secure mode (doesn't work, since the hidepid= option is per-pid-namespace, not per-mount)
-
* add bus api to query unit file's X fields.
* gpt-auto-generator:
- - Support LUKS for root devices
- Define new partition type for encrypted swap? Support probed LUKS for encrypted swap?
- Make /home automount rather than mount?
* refuse boot if /usr/lib/os-release is missing or /etc/machine-id cannot be set up
-* btrfs raid assembly: some .device jobs stay stuck in the queue
-
* man: the documentation of Restart= currently is very misleading and suggests the tools from ExecStartPre= might get restarted.
* load .d/*.conf dropins for device units
- man: maybe sort directives in man pages, and take sections from --help and apply them to man too
* systemctl:
- - systemctl list-jobs - show dependencies
- add systemctl switch to dump transaction without executing it
- Add a verbose mode to "systemctl start" and friends that explains what is being done or not done
- "systemctl disable" on a static unit prints no message and does
- timer units should get the ability to trigger when:
o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET)
o DST changes
- - Support 2012-02~4 as syntax for specifying the fourth to last day of the month.
- Modulate timer frequency based on battery state
* add libsystemd-password or so to query passwords during boot using the password agent logic
* on shutdown: move utmp, wall, audit logic all into PID 1 (or logind?), get rid of systemd-update-utmp-runlevel
-* make repeated alt-ctrl-del presses printing a dump, or even force a reboot without
- waiting for the timeout
+* make repeated alt-ctrl-del presses printing a dump
* hostnamed: before returning information from /etc/machine-info.conf check the modification data and reread. Similar for localed, ...
* currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab is not
* nspawn:
- - nspawn -x should support ephemeral instances of gpt images
- emulate /dev/kmsg using CUSE and turn off the syslog syscall
with seccomp. That should provide us with a useful log buffer that
systemd can log to during early boot, and disconnect container logs
- maybe make copying of /etc/resolv.conf optional, and skip it if --read-only
is used
+* dissect
+ - refuse mounting over a mount point
+ - automatically discover .roothash files in dissect, similarly to nspawn
+
* machined:
- add an API so that libvirt-lxc can inform us about network interfaces being
removed or added to an existing machine
- maybe introduce WantsMountsFor=? Usecase:
http://lists.freedesktop.org/archives/systemd-devel/2015-January/027729.html
- recreate systemd's D-Bus private socket file on SIGUSR2
- - GC unreferenced jobs (such as .device jobs)
- move PAM code into its own binary
- when we automatically restart a service, ensure we restart its rdeps, too.
- hide PAM options in fragment parser when compile time disabled
AC_PREREQ([2.64])
AC_INIT([elogind],
- [232.2],
+ [233],
[https://github.com/elogind/elogind/issues],
[elogind],
[https://github.com/elogind/elogind])
-Wall \
-Wextra \
-Wundef \
- "-Wformat=2 -Wformat-security -Wformat-nonliteral" \
-Wlogical-op \
-Wmissing-include-dirs \
-Wold-style-definition \
-Werror=implicit-function-declaration \
-Werror=missing-declarations \
-Werror=return-type \
+ -Werror=incompatible-pointer-types \
+ -Werror=format=2 \
-Wstrict-prototypes \
-Wredundant-decls \
-Wmissing-noreturn \
-Wno-gnu-variable-sized-type-not-at-end \
])])
+# ------------------------------------------------------------------------------
AC_ARG_ENABLE([lto], [AS_HELP_STRING([--disable-lto], [disable -flto])],
[], [enable_lto=yes])
AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [-flto])],
[AC_MSG_RESULT([disabling -flto as requested])])],
[AC_MSG_RESULT([skipping -flto, optimization not enabled])])
-AC_SUBST([OUR_CFLAGS], "$with_cflags $sanitizer_cflags")
# ------------------------------------------------------------------------------
AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\
-Wp,-D_FORTIFY_SOURCE=2])],
[AC_MSG_RESULT([skipping -D_FORTIFY_SOURCE, optimization not enabled])])
-AC_SUBST([OUR_CPPFLAGS], "$with_cppflags $sanitizer_cppflags")
+# ------------------------------------------------------------------------------
AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
-Wl,--gc-sections])],
[AC_MSG_RESULT([skipping --gc-sections, optimization not enabled])])
-AC_SUBST([OUR_CFLAGS], "$with_ldflags $sanitizer_cflags")
+# ------------------------------------------------------------------------------
AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-ffunction-sections -fdata-sections])],
[AC_MSG_RESULT([skipping -ffunction/data-section, optimization not enabled])])
-AC_SUBST([OUR_CFLAGS], "$with_cflags $sanitizer_cflags")
+# ------------------------------------------------------------------------------
CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
-Wl,--as-needed \
-Wl,--no-undefined \
-Wl,-z,now \
-pie \
-Wl,-fuse-ld=gold])
+
+# ------------------------------------------------------------------------------
+AC_SUBST([OUR_CPPFLAGS], "$with_cppflags $sanitizer_cppflags")
+AC_SUBST([OUR_CFLAGS], "-D__SANE_USERSPACE_TYPES__ $with_cflags $sanitizer_cflags")
AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags")
+# ------------------------------------------------------------------------------
AC_CHECK_SIZEOF(pid_t)
AC_CHECK_SIZEOF(uid_t)
AC_CHECK_SIZEOF(gid_t)
# we use python to build the man page index
have_python=no
AC_ARG_WITH([python],
- [AS_HELP_STRING([--without-python], [Disable building the man page index and systemd-python (default: test)])])
+ [AS_HELP_STRING([--without-python], [disable building the man page index and systemd-python (default: test)])])
have_lxml=no
AS_IF([test "x$with_python" != "xno"], [
- AM_PATH_PYTHON(,, [:])
+ AM_PATH_PYTHON([3],, [:])
AS_IF([test "x$PYTHON" != "x:"], [
AC_MSG_CHECKING([for python lxml module])
AS_IF(["$PYTHON" -c 'import lxml' 2>/dev/null], [have_lxml=yes])
AC_CHECK_HEADERS([sys/capability.h], [], [AC_MSG_ERROR([*** POSIX caps headers not found])])
AC_CHECK_HEADERS([linux/memfd.h], [], [])
+AC_CHECK_HEADERS([linux/vm_sockets.h], [], [], [#include <sys/socket.h>])
AC_CHECK_HEADERS([printf.h], [have_printf_h=yes], [have_printf_h=no])
AS_IF([test x$have_printf_h = xyes], [
kcmp,
keyctl,
LO_FLAGS_PARTSCAN,
- copy_file_range],
+ copy_file_range,
+ explicit_bzero],
[], [], [[
#include <sys/types.h>
#include <unistd.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <sched.h>
+#include <string.h>
#include <linux/loop.h>
#include <linux/random.h>
]])
-AC_CHECK_TYPES([char16_t, char32_t, key_serial_t],
+AC_CHECK_TYPES([char16_t, char32_t, key_serial_t, struct ethtool_link_settings],
[], [], [[
#include <uchar.h>
+#include <linux/ethtool.h>
]])
AC_CHECK_DECLS([IFLA_INET6_ADDR_GEN_MODE,
# ------------------------------------------------------------------------------
have_selinux=no
-AC_ARG_ENABLE(selinux, AS_HELP_STRING([--disable-selinux], [Disable optional SELINUX support]))
+AC_ARG_ENABLE(selinux, AS_HELP_STRING([--disable-selinux], [disable optional SELINUX support]))
if test "x$enable_selinux" != "xno"; then
PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.1.9],
[AC_DEFINE(HAVE_SELINUX, 1, [Define if SELinux is available])
AC_DEFINE_UNQUOTED(KILL_USER_PROCESSES, [$kill_user_processes], [Default KillUserProcesses setting])
AC_SUBST(KILL_USER_PROCESSES)
+# ------------------------------------------------------------------------------
+# We do not really support systemd hybrid or unified mode, but set the default
+# to 'legacy' here. That is currently the only cgroup mode supported by elogind.
+#AC_ARG_WITH(default-hierarchy,
+# AS_HELP_STRING([--with-default-hierarchy=MODE],
+# [default cgroup hierarchy, defaults to "hybrid"]),
+# [DEFAULT_HIERARCHY="$withval"],
+# [DEFAULT_HIERARCHY="hybrid"])
+DEFAULT_HIERARCHY=legacy
+
+AS_CASE("$DEFAULT_HIERARCHY",
+ [legacy], [mode=CGROUP_UNIFIED_NONE],
+ [hybrid], [mode=CGROUP_UNIFIED_SYSTEMD],
+ [unified], [mode=CGROUP_UNIFIED_ALL],
+ AC_MSG_ERROR(Bad default hierarchy mode ${DEFAULT_HIERARCHY}))
+AC_DEFINE_UNQUOTED(DEFAULT_HIERARCHY, [$mode], [Default cgroup hierarchy])
+AC_DEFINE_UNQUOTED(DEFAULT_HIERARCHY_NAME, ["$DEFAULT_HIERARCHY"],
+ [Default cgroup hierarchy as string])
+
# ------------------------------------------------------------------------------
AC_ARG_ENABLE([pam],
- AS_HELP_STRING([--disable-pam],[Disable optional PAM support]),
+ AS_HELP_STRING([--disable-pam],[disable optional PAM support]),
[case "${enableval}" in
yes) have_pam=yes ;;
no) have_pam=no ;;
# ------------------------------------------------------------------------------
AC_ARG_ENABLE([acl],
- AS_HELP_STRING([--disable-acl],[Disable optional ACL support]),
+ AS_HELP_STRING([--disable-acl],[disable optional ACL support]),
[case "${enableval}" in
yes) have_acl=yes ;;
no) have_acl=no ;;
AM_CONDITIONAL([HAVE_ACL], [test "x$have_acl" != xno])
# ------------------------------------------------------------------------------
-AC_ARG_ENABLE([smack], AS_HELP_STRING([--disable-smack],[Disable optional SMACK support]),
+AC_ARG_ENABLE([smack], AS_HELP_STRING([--disable-smack],[disable optional SMACK support]),
[case "${enableval}" in
yes) have_smack=yes ;;
no) have_smack=no ;;
AC_ARG_WITH([dbuspolicydir],
AS_HELP_STRING([--with-dbuspolicydir=DIR], [D-Bus policy directory]),
[],
- [with_dbuspolicydir=${sysconfdir}/dbus-1/system.d])
+ [with_dbuspolicydir=${datadir}/dbus-1/system.d])
AX_NORMALIZE_PATH([with_dbuspolicydir])
AC_ARG_WITH([dbussystemservicedir],
AX_NORMALIZE_PATH([with_dbussystemservicedir])
AC_ARG_WITH([bashcompletiondir],
- AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
+ AS_HELP_STRING([--with-bashcompletiondir=DIR], [bash completions directory]),
[],
[AS_IF([$($PKG_CONFIG --exists bash-completion)], [
with_bashcompletiondir=$($PKG_CONFIG --variable=completionsdir bash-completion)
AX_NORMALIZE_PATH([with_bashcompletiondir])
AC_ARG_WITH([zshcompletiondir],
- AS_HELP_STRING([--with-zshcompletiondir=DIR], [Zsh completions directory]),
+ AS_HELP_STRING([--with-zshcompletiondir=DIR], [zsh completions directory]),
[], [with_zshcompletiondir=${datadir}/zsh/site-functions])
AM_CONDITIONAL(ENABLE_ZSH_COMPLETION, [test "$with_zshcompletiondir" != "no"])
AX_NORMALIZE_PATH([with_zshcompletiondir])
AX_NORMALIZE_PATH([with_rootprefix])
AC_ARG_WITH([rootlibdir],
- AS_HELP_STRING([--with-rootlibdir=DIR], [Root directory for libraries necessary for boot]),
+ AS_HELP_STRING([--with-rootlibdir=DIR], [root directory for libraries necessary for boot]),
[],
[with_rootlibdir=${libdir}])
AX_NORMALIZE_PATH([with_rootlibdir])
AC_ARG_WITH([pamlibdir],
- AS_HELP_STRING([--with-pamlibdir=DIR], [Directory for PAM modules]),
+ AS_HELP_STRING([--with-pamlibdir=DIR], [directory for PAM modules]),
[],
[with_pamlibdir=${with_rootlibdir}/security])
AX_NORMALIZE_PATH([with_pamlibdir])
AC_ARG_WITH([pamconfdir],
- AS_HELP_STRING([--with-pamconfdir=DIR], [Directory for PAM configuration (pass no to disable installing)]),
+ AS_HELP_STRING([--with-pamconfdir=DIR], [directory for PAM configuration (pass no to disable installing)]),
[],
[with_pamconfdir=${sysconfdir}/pam.d])
AM_CONDITIONAL(ENABLE_PAM_CONFIG, [test "$with_pamconfdir" != "no"])
AX_NORMALIZE_PATH([with_pamconfdir])
AC_ARG_ENABLE([split-usr],
- AS_HELP_STRING([--enable-split-usr], [Assume that /bin, /sbin aren\'t symlinks into /usr]),
+ AS_HELP_STRING([--enable-split-usr], [assume that /bin, /sbin aren\'t symlinks into /usr]),
[],
[AS_IF([test "x${ac_default_prefix}" != "x${with_rootprefix}"], [
enable_split_usr=yes
])
AC_ARG_ENABLE(tests,
- [AC_HELP_STRING([--disable-tests], [disable tests])],
+ [AS_HELP_STRING([--disable-tests], [disable tests, or enable extra tests with =unsafe])],
enable_tests=$enableval, enable_tests=yes)
AM_CONDITIONAL(ENABLE_TESTS, [test x$enable_tests = xyes])
AC_MSG_RESULT([
$PACKAGE_NAME $VERSION
- PAM: ${have_pam}
- SELinux: ${have_selinux}
- SMACK: ${have_smack}
- ACL: ${have_acl}
- KillUserProcesses default: ${KILL_USER_PROCESSES}
- polkit: ${have_polkit}
- Python: ${have_python}
- man pages: ${have_manpages}
- test coverage: ${have_coverage}
- Split /usr: ${enable_split_usr}
- utmp/wtmp support: ${have_utmp}
- extra debugging: ${enable_debug}
- cgroup controller: ${with_cgroupctrl}
-
- prefix: ${prefix}
- rootprefix: ${with_rootprefix}
- sysconf dir: ${sysconfdir}
- datarootdir: ${datarootdir}
- includedir: ${includedir}
- lib dir: ${libdir}
- rootlib dir: ${with_rootlibdir}
- PAM modules dir: ${with_pamlibdir}
- PAM configuration dir: ${with_pamconfdir}
- D-Bus policy dir: ${with_dbuspolicydir}
- D-Bus system dir: ${with_dbussystemservicedir}
- Bash completions dir: ${with_bashcompletiondir}
- Zsh completions dir: ${with_zshcompletiondir}
- Maximum System UID: ${SYSTEM_UID_MAX}
- Maximum System GID: ${SYSTEM_GID_MAX}
-
- CFLAGS: ${OUR_CFLAGS} ${CFLAGS}
- CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}
- LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS}
+ PAM: . . . . . . . . . . . . . . . ${have_pam}
+ SELinux: . . . . . . . . . . . . . ${have_selinux}
+ SMACK: . . . . . . . . . . . . . . ${have_smack}
+ ACL: . . . . . . . . . . . . . . . ${have_acl}
+ default cgroup hierarchy: . . . . ${DEFAULT_HIERARCHY}
+ default KillUserProcesses setting: ${KILL_USER_PROCESSES}
+ polkit: . . . . . . . . . . . . . ${have_polkit}
+ Python: . . . . . . . . . . . . . ${have_python}
+ man pages: . . . . . . . . . . . . ${have_manpages}
+ test coverage: . . . . . . . . . . ${have_coverage}
+ Split /usr: . . . . . . . . . . . ${enable_split_usr}
+ utmp/wtmp support: . . . . . . . . ${have_utmp}
+ extra debugging: . . . . . . . . . ${enable_debug}
+ cgroup controller: . . . . . . . . ${with_cgroupctrl}
+
+ prefix: . . . . . . . . . . . . . ${prefix}
+ rootprefix: . . . . . . . . . . . ${with_rootprefix}
+ sysconf dir: . . . . . . . . . . . ${sysconfdir}
+ datarootdir: . . . . . . . . . . . ${datarootdir}
+ includedir: . . . . . . . . . . . ${includedir}
+ lib dir: . . . . . . . . . . . . . ${libdir}
+ rootlib dir: . . . . . . . . . . . ${with_rootlibdir}
+ PAM modules dir: . . . . . . . . . ${with_pamlibdir}
+ PAM configuration dir: . . . . . . ${with_pamconfdir}
+ D-Bus policy dir: . . . . . . . . ${with_dbuspolicydir}
+ D-Bus system dir: . . . . . . . . ${with_dbussystemservicedir}
+ bash completions dir: . . . . . . ${with_bashcompletiondir}
+ zsh completions dir: . . . . . . . ${with_zshcompletiondir}
+ maximum system UID: . . . . . . . ${SYSTEM_UID_MAX}
+ maximum system GID: . . . . . . . ${SYSTEM_GID_MAX}
+
+ CFLAGS: . . . . . . . . . . . . . ${OUR_CFLAGS} ${CFLAGS}
+ CPPFLAGS: . . . . . . . . . . . . ${OUR_CPPFLAGS} ${CPPFLAGS}
+ LDFLAGS: . . . . . . . . . . . . . ${OUR_LDFLAGS} ${LDFLAGS}
])
<para><command>loginctl</command> may be used to introspect and
control the state of the
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- login manager
+ <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ login manager</para>
</refsect1>
<refsect1>