Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
After that functions which add matches, show_journal_by_unit
and show_journal_by_user_unit, become nearly identical, so
I merged them into one function.
The argument given to the __attribute__((cleanup)) functions is the
address of the variable that's going out of scope. It cannot be NULL.
The "if (!s)" check in set_freep() is pointless.
Perhaps "if (!*s)" was intented. But that's pointless too, because
set_free()/set_free_free() are OK to call with a NULL argument (just
like free()).
Setting "*s = NULL" is pointless, because the variable that s points
to is about to go out of scope.
The same holds for strv_freep().
The "OK" status messages should not draw attention to themselves.
It's better if they're not printed in bright/bold. Leave that
to errors and warnings.
Use a plain inconspicuous enterprisey green.
This partially reverts 7ad94c716d.
After that commit commands such as "systemctl enable" and friends
printed the search path information multiple times in its output, which
is ugly.
If we want the search paths to be printed at a higher log level, then we
should do this in PID 1 only, i.e. split the printing out of the normal
path lookup logic and invoke that explicitly from PID 1 but not in the
auxiliary tools.
Using less as a pager sometimes breaks terminal when output
is interrupted by ctrl-c.
Reproducer: run 'sudo journalctl' ctrl-c.
Thanks mbriza@redhat.com for the solution.
Sometimes the boot gets stuck until a timeout hits. The usual timeouts
are on the order of minutes, so users may lose patience.
Print animated status messages telling the names of units with running
jobs to make it easy to see what systemd is waiting for.
The animation looks cooler with a shorter interval, but 1 s is OK and
should not be too hard on slow serial console users.
This introduces a new static list of known attributes and their special
semantics. This means that cgroup attribute values can now be
automatically translated from user to kernel notation for command line
set settings, too.
This also adds proper support for multi-line attributes.
This reverts commit 4a01181e46.
This patch broke LOG_TARGET_AUTO, i.e. automatic selection of STDERR if
it is a TTY with a fallback on the journal and kmsg otherwise.
The general rule should probably be:
log_open() -- open the "best" possible logging channel according to
log_target configuration.
log_dispatch() -- don't open any log channels ever, with the exception
of kmsg since that has no drawbacks. And do this only on true errors of
the better log channel, not just when it wasn't opened.
write_to_journal() returns 0 if journal_fd is closed and nothing is
written. We need to make sure we'll try log_open_kmsg() then to make the
fallback work for "journal-or-kmsg".
[zj: Reworded message s/to watch/to add watch on/ to make it clear
that it was the watch init action that failed, and not the
"process of watching". I think this way it'll be clearer to
people who don't know what inotify does.]
The current code might make sense during startup for service restart
limiting:
With burst=1 after starting num is 1, so the next ('first') restart is
still accepted ( 1 <= 1). However, once interval has expired, num is 1
after the first restart, so the second restart is also accepted.
This change is also useful in combination with watchdogs:
With burst=1 and a very large interval the system can be restarted on
the first failure.
