* auditd service files
-* auto-serial-getty vs. isolate
-
-* add RefuseManualIsolate= (default on?)
-
* add systemctl switch to dump transaction without executing it
* shell wenn fsck im arsch is
* o_ndelay ausschalten für stdin/stderr/stdout auf socket
-External:
+* kexec, suspend, resume
-* make sure MountOnPlug und MountAuto und SwapOnPlug is off in Fedora
+External:
* place /etc/inittab with explaining blurb.
<listitem><para>Start the unit
specified on the command line and its
- dependencies and stop all
- others.</para></listitem>
+ dependencies and stop all others. Note
+ that this works only on units where
+ <option>AllowIsolate=</option> is
+ enabled. See
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para></listitem>
</varlistentry>
<varlistentry>
<term><command>is-active [NAME...]</command></term>
<option>false</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>AllowIsolate=</varname></term>
+
+ <listitem><para>Takes a boolean
+ argument. If <option>true</option>
+ this unit may be used with the
+ <command>systemctl isolate</command>
+ command. Otherwise this will be
+ refused. It probably is a good idea to
+ leave this disabled except for target
+ units that shall be used similar to
+ runlevels in SysV init systems, just
+ as a precaution to avoid unusable
+ system states. This option defaults to
+ <option>false</option>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>DefaultDependencies=</varname></term>
#define BUS_ERROR_NOT_SUPPORTED "org.freedesktop.systemd1.NotSupported"
#define BUS_ERROR_INVALID_JOB_MODE "org.freedesktop.systemd1.InvalidJobMode"
#define BUS_ERROR_ONLY_BY_DEPENDENCY "org.freedesktop.systemd1.OnlyByDependency"
+#define BUS_ERROR_NO_ISOLATION "org.freedesktop.systemd1.NoIsolation"
#define BUS_ERROR_LOAD_FAILED "org.freedesktop.systemd1.LoadFailed"
#define BUS_ERROR_JOB_TYPE_NOT_APPLICABLE "org.freedesktop.systemd1.JobTypeNotApplicable"
#define BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE "org.freedesktop.systemd1.TransactionIsDestructive"
return 0;
}
+int bus_unit_append_can_isolate(Manager *m, DBusMessageIter *i, const char *property, void *data) {
+ Unit *u = data;
+ dbus_bool_t b;
+
+ assert(m);
+ assert(i);
+ assert(property);
+ assert(u);
+
+ b = unit_can_isolate(u) &&
+ !u->meta.refuse_manual_start;
+
+ if (!dbus_message_iter_append_basic(i, DBUS_TYPE_BOOLEAN, &b))
+ return -ENOMEM;
+
+ return 0;
+}
+
int bus_unit_append_job(Manager *m, DBusMessageIter *i, const char *property, void *data) {
Unit *u = data;
DBusMessageIter sub;
" <property name=\"CanReload\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"CanStart\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"CanStop\" type=\"b\" access=\"read\"/>\n" \
+ " <property name=\"CanIsolate\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"Job\" type=\"(uo)\" access=\"read\"/>\n" \
" <property name=\"RecursiveStop\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"StopWhenUneeded\" type=\"b\" access=\"read\"/>\n" \
{ "org.freedesktop.systemd1.Unit", "CanStart", bus_unit_append_can_start, "b", u }, \
{ "org.freedesktop.systemd1.Unit", "CanStop", bus_unit_append_can_stop, "b", u }, \
{ "org.freedesktop.systemd1.Unit", "CanReload", bus_unit_append_can_reload, "b", u }, \
+ { "org.freedesktop.systemd1.Unit", "CanIsolate", bus_unit_append_can_isolate, "b", u }, \
{ "org.freedesktop.systemd1.Unit", "Job", bus_unit_append_job, "(uo)", u }, \
{ "org.freedesktop.systemd1.Unit", "RecursiveStop", bus_property_append_bool, "b", &u->meta.recursive_stop }, \
{ "org.freedesktop.systemd1.Unit", "StopWhenUneeded", bus_property_append_bool, "b", &u->meta.stop_when_unneeded }, \
{ "org.freedesktop.systemd1.Unit", "RefuseManualStart", bus_property_append_bool, "b", &u->meta.refuse_manual_start }, \
{ "org.freedesktop.systemd1.Unit", "RefuseManualStop", bus_property_append_bool, "b", &u->meta.refuse_manual_stop }, \
+ { "org.freedesktop.systemd1.Unit", "AllowIsolate", bus_property_append_bool, "b", &u->meta.allow_isolate }, \
{ "org.freedesktop.systemd1.Unit", "DefaultDependencies", bus_property_append_bool, "b", &u->meta.default_dependencies }, \
{ "org.freedesktop.systemd1.Unit", "DefaultControlGroup", bus_unit_append_default_cgroup, "s", u }, \
{ "org.freedesktop.systemd1.Unit", "ControlGroups", bus_unit_append_cgroups, "as", u }, \
int bus_unit_append_can_start(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_unit_append_can_stop(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_unit_append_can_reload(Manager *m, DBusMessageIter *i, const char *property, void *data);
+int bus_unit_append_can_isolate(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_unit_append_job(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_unit_append_default_cgroup(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_unit_append_cgroups(Manager *m, DBusMessageIter *i, const char *property, void *data);
{ "StopWhenUnneeded", config_parse_bool, &u->meta.stop_when_unneeded, "Unit" },
{ "RefuseManualStart", config_parse_bool, &u->meta.refuse_manual_start, "Unit" },
{ "RefuseManualStop", config_parse_bool, &u->meta.refuse_manual_stop, "Unit" },
+ { "AllowIsolate", config_parse_bool, &u->meta.allow_isolate, "Unit" },
{ "DefaultDependencies", config_parse_bool, &u->meta.default_dependencies, "Unit" },
{ "IgnoreDependencyFailure",config_parse_bool, &u->meta.ignore_dependency_failure, "Unit" },
{ "JobTimeoutSec", config_parse_usec, &u->meta.job_timeout, "Unit" },
return -EINVAL;
}
+ if (mode == JOB_ISOLATE && !unit->meta.allow_isolate) {
+ dbus_set_error(e, BUS_ERROR_NO_ISOLATION, "Operation refused, unit may not be isolated.");
+ return -EPERM;
+ }
+
log_debug("Trying to enqueue job %s/%s", unit->meta.id, job_type_to_string(type));
if ((r = transaction_add_job_and_dependencies(m, type, unit, NULL, true, override, false, e, &ret)) < 0) {
return !!UNIT_VTABLE(u)->start;
}
+bool unit_can_isolate(Unit *u) {
+ assert(u);
+
+ return unit_can_start(u) &&
+ u->meta.allow_isolate;
+}
+
/* Errors:
* -EBADR: This unit type does not support stopping.
* -EALREADY: Unit is already stopped.
/* Don't allow the user to stop this unit manually, allow stopping only indirectly via dependency. */
bool refuse_manual_stop;
+ /* Allow isolation requests */
+ bool allow_isolate;
+
bool in_load_queue:1;
bool in_dbus_queue:1;
bool in_cleanup_queue:1;
/* Exclude from automatic gc */
bool no_gc:1;
- /* Exclude from isolation requests */
+ /* Exclude from stopping on isolation requests */
bool no_isolate:1;
/* Show status updates on the console */
bool unit_can_reload(Unit *u);
bool unit_can_start(Unit *u);
+bool unit_can_isolate(Unit *u);
int unit_start(Unit *u);
int unit_stop(Unit *u);
Description=Emergency Mode
Requires=emergency.service
After=emergency.service
+AllowIsolate=yes
m4_ifdef(`TARGET_SUSE',
Names=runlevel5.target
)m4_dnl
+AllowIsolate=yes
[Install]
Alias=default.target
Description=Halt
Requires=halt.service
After=halt.service
+AllowIsolate=yes
[Install]
Alias=ctrl-alt-del.target
m4_ifdef(`TARGET_SUSE',
Names=runlevel3.target
)m4_dnl
+AllowIsolate=yes
[Install]
Alias=default.target
Names=runlevel0.target
Requires=poweroff.service
After=poweroff.service
+AllowIsolate=yes
[Install]
Alias=ctrl-alt-del.target
Names=runlevel6.target
Requires=reboot.service
After=reboot.service
+AllowIsolate=yes
[Install]
Alias=ctrl-alt-del.target
Requires=sysinit.target local-fs.target swap.target
After=sysinit.target local-fs.target swap.target
Names=runlevel1.target
+AllowIsolate=yes
[Install]
Alias=kbrequest.target
~ianmdlvl / elogind.git / commitdiff