- The destructors always unregister the object from the next bigger
object, not the other way around
-- To minimize strict aliasing violations we prefer unions over casting
+- To minimize strict aliasing violations, we prefer unions over casting
-- For robustness reasons destructors should be able to destruct
+- For robustness reasons, destructors should be able to destruct
half-initialized objects, too
- Error codes are returned as negative Exxx. i.e. return -EINVAL. There
- are some exceptions: for constructors it is OK to return NULL on
- OOM. For lookup functions NULL is fine too for "not found".
+ are some exceptions: for constructors, it is OK to return NULL on
+ OOM. For lookup functions, NULL is fine too for "not found".
Be strict with this. When you write a function that can fail due to
more than one cause, it *really* should have "int" as return value
program" code. (With one exception: it's OK to log with DEBUG level
from any code, with the exception of maybe inner loops).
-- Always check OOM. There's no excuse. In program code you can use
+- Always check OOM. There's no excuse. In program code, you can use
"log_oom()" for then printing a short message, but not in "library" code.
- Do not issue NSS requests (that includes user name and host name
backwards!
- Think about the types you use. If a value cannot sensibly be
- negative don't use "int", but use "unsigned".
+ negative, don't use "int", but use "unsigned".
- Don't use types like "short". They *never* make sense. Use ints,
longs, long longs, all in unsigned+signed fashion, and the fixed
- size types uint32_t and so on, as well as size_t but nothing else.
+ size types uint32_t and so on, as well as size_t, but nothing else.
- Public API calls (i.e. functions exported by our shared libraries)
must be marked "_public_" and need to be prefixed with "sd_". No
other functions should be prefixed like that.
-- In public API calls you *must* validate all your input arguments for
+- In public API calls, you *must* validate all your input arguments for
programming error with assert_return() and return a sensible return
- code. In all other calls it is recommended to check for programming
+ code. In all other calls, it is recommended to check for programming
errors with a more brutal assert(). We are more forgiving to public
users then for ourselves! Note that assert() and assert_return()
really only should be used for detecting programming errors, not for
on their own, "non-logging" function never log on their own and
expect their callers to log. All functions in "library" code,
i.e. in src/shared/ and suchlike must be "non-logging". Everytime a
- "logging" function calls a "non-logging" function it should log
+ "logging" function calls a "non-logging" function, it should log
about the resulting errors. If a "logging" function calls another
"logging" function, then it should not generate log messages, so
that log messages are not generated twice for the same errors.
- Avoid static variables, except for caches and very few other
cases. Think about thread-safety! While most of our code is never
- used in threaded environments at least the library code should make
+ used in threaded environments, at least the library code should make
sure it works correctly in them. Instead of doing a lot of locking
- for that we tend to prefer using TLS to do per-thread caching (which
+ for that, we tend to prefer using TLS to do per-thread caching (which
only works for small, fixed-size cache objects), or we disable
caching for any thread that is not the main thread. Use
is_main_thread() to detect whether the calling thread is the main
systemd System and Service Manager
CHANGES WITH 215:
- * A new system group "input" is introduced, all input
+ * A new system group "input" is introduced, and all input
device nodes get this group assigned. This is useful for
system-level software to get access to input devices. It
complements what is already done for "audio" and "video".
was opened for writing, the close will trigger a partition
table rescan in udev's "watch" facility, and if needed
synthesize "change" events for the disk and all its partitions.
- This is now unconditionally enabled, if it turns out to
+ This is now unconditionally enabled, and if it turns out to
cause major problems, we might turn it on only for specific
devices, or might need to disable it entirely. Device-mapper
devices are excluded from this logic.
change has been released.
* The dependency on libattr has been removed. Since a long
- time the extended attribute calls have moved to glibc, and
+ time, the extended attribute calls have moved to glibc, and
libattr is thus unnecessary.
* Virtualization detection works without priviliges now. This
* systemd-networkd will no longer automatically attempt to
manually load kernel modules necessary for certain tunnel
- transports. Instead it is assumed the kernel loads them
+ transports. Instead, it is assumed the kernel loads them
automatically when required. This only works correctly on
very new kernels. On older kernels, please consider adding
the kernel modules to /etc/modules-load.d/ as a work-around.
* The resolv.conf file systemd-resolved generates has been
- moved to /run/systemd/resolve/, if you have a symlink from
- /etc/resolv.conf it might be necessary to correct it.
+ moved to /run/systemd/resolve/. If you have a symlink from
+ /etc/resolv.conf, it might be necessary to correct it.
- * Two new service settings ProtectedHome= and ProtectedSystem=
- have been added. When enabled they will make the user data
+ * Two new service settings, ProtectedHome= and ProtectedSystem=,
+ have been added. When enabled, they will make the user data
(such as /home) inaccessible or read-only and the system
(such as /usr) read-only, for specific services. This allows
very light-weight per-service sandboxing to avoid
settings to set the owner user and group of AF_UNIX sockets
and FIFOs in the file system.
- * Socket units gained a new RemoveOnStop= setting. If enabled
+ * Socket units gained a new RemoveOnStop= setting. If enabled,
all FIFOS and sockets in the file system will be removed
when the specific socket unit is stopped.
vanished.
* A new "on-abnormal" setting for Restart= has been added. If
- set it will result in automatic restarts on all "abnormal"
+ set, it will result in automatic restarts on all "abnormal"
reasons for a process to exit, which includes unclean
signals, core dumps, timeouts and watchdog timeouts, but
does not include clean and unclean exit codes or clean
files or entire directories.
* systemd-tmpfiles "m" lines are now fully equivalent to "z"
- lines. So far they have been non-globbing versions of the
- latter, and have thus been redundant. In future it is
- recommended to only use "z"; and "m" has hence been removed
+ lines. So far, they have been non-globbing versions of the
+ latter, and have thus been redundant. In future, it is
+ recommended to only use "z". "m" has hence been removed
from the documentation, even though it stays supported.
* A tmpfiles snippet to recreate the most basic structure in
/var has been added. This is enough to create the /var/run →
/run symlink and create a couple of structural
directories. This allows systems to boot up with an empty or
- volatile /var. Of course, while with this change the core OS
- now is capable with dealing with a volatile /var not all
+ volatile /var. Of course, while with this change, the core OS
+ now is capable with dealing with a volatile /var, not all
user services are ready for it. However, we hope that sooner
- or later many service daemons will be changed upstream so
+ or later, many service daemons will be changed upstream so
that they are able to automatically create their necessary
directories in /var at boot, should they be missing. This is
the first step to allow state-less systems that only require
* Access modes specified in tmpfiles snippets may now be
prefixed with "~", which indicates that they shall be masked
by whether the existing file or directly is currently
- writable, readable or executable at all. Also, if specified
+ writable, readable or executable at all. Also, if specified,
the sgid/suid/sticky bits will be masked for all
non-directories.
* A new "systemd-timesyncd" daemon has been added for
synchronizing the system clock across the network. It
implements an SNTP client. In contrast to NTP
- implementations such as chrony or the NTP reference server
+ implementations such as chrony or the NTP reference server,
this only implements a client side, and does not bother with
the full NTP complexity, focusing only on querying time from
one remote server and synchronizing the local clock to
it. Unless you intend to serve NTP to networked clients or
- want to connect to local hardware clocks this simple NTP
+ want to connect to local hardware clocks, this simple NTP
client should be more than appropriate for most
installations. The daemon runs with minimal privileges, and
has been hooked up with networkd to only operate when
acquired, and uses this to possibly correct the system clock
early at bootup, in order to accommodate for systems that
lack an RTC such as the Raspberry Pi and embedded devices,
- and make sure that time monotonically progresses on these
+ and to make sure that time monotonically progresses on these
systems, even if it is not always correct. To make use of
- this daemon a new system user and group "systemd-timesync"
+ this daemon, a new system user and group "systemd-timesync"
needs to be created on installation of systemd.
* The queue "seqnum" interface of libudev has been disabled, as
* A new FailureAction= setting has been added for service
units which may be used to specify an operation to trigger
when a service fails. This works similarly to
- StartLimitAction=, but unlike it controls what is done
+ StartLimitAction=, but unlike it, controls what is done
immediately rather than only after several attempts to
restart the service in question.
* hostnamed has been changed to prefer the statically
configured hostname in /etc/hostname (unless set to
'localhost' or empty) over any dynamic one supplied by
- dhcp. With this change the rules for picking the hostname
+ dhcp. With this change, the rules for picking the hostname
match more closely the rules of other configuration settings
where the local administrator's configuration in /etc always
overrides any other settings.
exist. During execution this network facing service will drop
privileges and assume this uid/gid for security reasons.
- Similar, the NTP daemon requires the "systemd-timesync" system
+ Similarly, the NTP daemon requires the "systemd-timesync" system
user and group to exist.
- Similar, the network management daemon requires the
+ Similarly, the network management daemon requires the
"systemd-network" system user and group to exist.
- Similar, the name resolution daemon requires the
+ Similarly, the name resolution daemon requires the
"systemd-resolve" system user and group to exist.
- Similar, the kdbus dbus1 proxy daemon requires the
+ Similarly, the kdbus dbus1 proxy daemon requires the
"systemd-bus-proxy" system user and group to exist.
WARNINGS:
<listitem><para>Controls where to store cores. One of
<literal>none</literal>, <literal>external</literal>,
<literal>journal</literal>, and <literal>both</literal>. When
- <literal>none</literal> the coredumps will be logged but not
+ <literal>none</literal>, the coredumps will be logged but not
stored permanently. When <literal>external</literal> (the
default), cores will be stored in <filename>/var/lib/systemd/coredump</filename>.
When <literal>journal</literal>, cores will be stored in
<listitem><para>List coredumps
captured in the journal matching
specified characteristics. If no
- command is specified this is the
+ command is specified, this is the
implied default.</para></listitem>
</varlistentry>
(e.g. "lennarts-laptop"), and the transient hostname
which is a default received from network configuration.
If a static hostname is set, and is valid (something other
- than localhost) then the transient hostname is not used.</para>
+ than localhost), then the transient hostname is not used.</para>
<para>Note that the pretty hostname has little
restrictions on the characters used, while the static
files at the same
time. <filename>/usr/lib/os-release</filename> is the
recommended place to store OS release information as
- part of vendor trees. Frequently
+ part of vendor trees. Frequently,
<filename>/etc/os-release</filename> is simply a
symlink to <filename>/usr/lib/os-release</filename>,
to provide compatibility with applications only
<listitem>
<para>Takes one of <literal>full</literal> (the default),
<literal>enable-only</literal>,
- <literal>disable-only</literal>. When use with the
+ <literal>disable-only</literal>. When used with the
<command>preset</command> or <command>preset-all</command>
- commands controls whether units shall be disabled and
+ commands, controls whether units shall be disabled and
enabled according to the preset rules, or only enabled, or
only disabled.</para>
</listitem>
understands three options:</para>
<para>If the <option>systemd.mask=</option> option is
- specified and followed by a unit name this unit is
+ specified and followed by a unit name, this unit is
masked for the runtime, similar to the effect of
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
<command>mask</command> command. This is useful to
specified more than once.</para>
<para>If the <option>systemd.wants=</option> option is
- specified and followed by a unit name a start job for
+ specified and followed by a unit name, a start job for
this unit is added to the initial transaction. This is
useful to start one ore more additional units at
boot. May be specified more than once.</para>
<para>If the <option>systemd.debug-shell</option>
- option is specified the debug shell service
+ option is specified, the debug shell service
<literal>debug-shell.service</literal> is pulled into
the boot transaction. It will spawn a debug shell on
tty9 during early system startup. Note that the shell
mounts the <filename>/usr</filename>
directory read-only for processes
invoked by this unit. If set to
- <literal>full</literal> the
- <filename>/etc</filename> is mounted
+ <literal>full</literal>, the
+ <filename>/etc</filename> directory is mounted
read-only, too. This setting ensures
that any modification of the vendor
supplied operating system (and
all long-running services, unless they
are involved with system updates or
need to modify the operating system in
- other ways. Note however, that
+ other ways. Note however that
processes retaining the CAP_SYS_ADMIN
capability can undo the effect of this
setting. This setting is hence
<filename>/run/user</filename> are
made inaccessible and empty for
processes invoked by this unit. If set
- to <literal>read-only</literal> the
+ to <literal>read-only</literal>, the
two directores are made read-only
instead. It is recommended to enable
this setting for all long-running
ones), to ensure they cannot get access
to private user data, unless the
services actually require access to
- the user's private data. Note however,
+ the user's private data. Note however
that processes retaining the
CAP_SYS_ADMIN capability can undo the
effect of this setting. This setting
<term><varname>SloppyOptions=</varname></term>
<listitem><para>Takes a boolean
- argument. If true parsing of the
+ argument. If true, parsing of the
options specified in
<varname>Options=</varname> is
relaxed, and unknown mount options are
<para>If the specified
address is 0.0.0.0
(for IPv4) or [::]
- (for IPv6) a new
+ (for IPv6), a new
address range of the
requested size is
automatically
recovery from errors. For services
that shall be able to terminate on
their own choice (and avoiding
- immediate restart)
+ immediate restart),
<option>on-abnormal</option> is an
alternative choice.</para>
</listitem>
<term><varname>SocketGroup=</varname></term>
<listitem><para>Takes a UNIX
- user/group name. When specified
+ user/group name. When specified,
all AF_UNIX sockets and FIFO nodes in
the file system are owned by the
specified user and group. If unset
<varlistentry>
<term><varname>RemoveOnStop=</varname></term>
<listitem><para>Takes a boolean
- argument. If enabled any file nodes
+ argument. If enabled, any file nodes
created by this socket unit are
removed when it is stopped. This
applies to AF_UNIX sockets in the file
- system, POSIX message queues as well
- as FIFOs, as well as any symlinks to
+ system, POSIX message queues, FIFOs,
+ as well as any symlinks to
them configured with
- <varname>Symlinks=</varname>. Normally
+ <varname>Symlinks=</varname>. Normally,
it should not be necessary to use this
option, and is not recommended as
services might continue to run after
system paths. The specified paths will
be created as symlinks to the AF_UNIX
socket path or FIFO path of this
- socket unit. If this setting is used
+ socket unit. If this setting is used,
only one AF_UNIX socket in the file
system or one FIFO may be configured
for the socket unit. Use this option
target has been reached. Since
the shutdown order is
implicitly the reverse
- start-up order between units
+ start-up order between units,
this target is particularly
useful to ensure that a
service is shut down only
<varlistentry>
<term><varname>DefaultInstance=</varname></term>
- <listitem><para>In template unit files
+ <listitem><para>In template unit files,
this specifies for which instance the
unit shall be enabled if the template
is enabled without any explicitly set
all other conflicting entries will be logged as
errors. When two lines are prefix and suffix of each
other, then the prefix is always processed first, the
- suffix later. Otherwise the files/directories are
+ suffix later. Otherwise, the files/directories are
processed in the order they are listed.</para>
<para>If the administrator wants to disable a
exist yet. If suffixed with
<varname>+</varname> and a
file already exists where the
- pipe is to be created it will
+ pipe is to be created, it will
be removed and be replaced by
the pipe.</para></listitem>
</varlistentry>
yet. If suffixed with
<varname>+</varname> and a
file already exists where the
- symlink is to be created it
+ symlink is to be created, it
will be removed and be
replaced by the
symlink. If the argument is omitted,
suffixed with
<varname>+</varname> and a
file already exists where the
- device node is to be created
+ device node is to be created,
it will be removed and be
replaced by the device
node.</para></listitem>
exist yet. If suffixed with
<varname>+</varname> and a
file already exists where the
- device node is to be created
+ device node is to be created,
it will be removed and be
replaced by the device
node.</para></listitem>
<listitem><para>Recursively
copy a file or directory, if
the destination files or
- directories don't exist
+ directories do not exist
yet. Note that this command
will not descend into
subdirectories if the
destination directory already
- exists, instead the entire
+ exists. Instead, the entire
copy operation is
skipped. If the argument is omitted,
files from the source directory
<varname>L</varname> lines.</para>
<para>Optionally, if prefixed with
- <literal>~</literal> the access mode is masked
+ <literal>~</literal>, the access mode is masked
based on the already set access bits for
existing file or directories: if the existing
- file has all executable bits unset then all
+ file has all executable bits unset, all
executable bits are removed from the new
- access mode, too. Similar, if all read bits
- are removed from the old access mode they will
+ access mode, too. Similarly, if all read bits
+ are removed from the old access mode, they will
be removed from the new access mode too, and
if all write bits are removed, they will be
removed from the new access mode too. In
- addition the sticky/suid/gid bit is removed unless
+ addition, the sticky/suid/gid bit is removed unless
applied to a directory. This
functionality is particularly useful in
conjunction with <varname>Z</varname>.</para>
and <varname>w</varname> may be used to
specify a short string that is written to the
file, suffixed by a newline. For
- <varname>C</varname> specifies the source file
+ <varname>C</varname>, specifies the source file
or directory. Ignored for all other
lines.</para>
</refsect2>
goto fail;
if (n->policy) {
- /* If there's a policy we need to resolve user/group
+ /* If there is a policy, we need to resolve user/group
* names, which we can't do from PID1, hence let's
* fork. */
busname_unwatch_control_pid(n);
busname_set_state(n, BUSNAME_MAKING);
} else {
- /* If there's no policy then we can do everything
+ /* If there is no policy, we can do everything
* directly from PID 1, hence do so. */
r = bus_kernel_make_starter(n->starter_fd, n->name, n->activating, n->accept_fd, NULL, n->policy_world);