From cc22318d0047fc81af3d8be7e434b490a7780447 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 13 2015 07:47:10 +0000 Subject: import systemd-208-11.el7_0.6 --- diff --git a/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch b/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch index 680b419..005ef88 100644 --- a/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch +++ b/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch @@ -1,4 +1,4 @@ -From c6b6b6f5ce19543e277999395252bde94f0f8d25 Mon Sep 17 00:00:00 2001 +From 3a45f6df7e5d37c1eb0c6e83b74093ef717942e6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 27 Aug 2014 21:42:20 +0200 Subject: [PATCH] util: fix minimal race where we might miss SIGTERMs when diff --git a/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch b/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch index ddc9a3e..04801b9 100644 --- a/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch +++ b/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch @@ -1,4 +1,4 @@ -From 3035def5df7ee87f7eef4a29ac7e11c136d09aca Mon Sep 17 00:00:00 2001 +From c0e227a9fbb99cc9d437f8ac695c93c72c92e11b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 26 Aug 2014 21:04:21 +0200 Subject: [PATCH] util: reset signals when we fork off agents diff --git a/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch b/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch index 4670661..5b6cfca 100644 --- a/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch +++ b/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch @@ -1,4 +1,4 @@ -From 6744ef720b34a87ff69acb8535cf5e83db6f5e8b Mon Sep 17 00:00:00 2001 +From efd4bdec3cd568439eb9b0f0a555b4016da12efe Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Tue, 24 Jun 2014 14:50:26 +0200 Subject: [PATCH] socket: add SocketUser= and SocketGroup= for chown()ing diff --git a/SOURCES/0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch b/SOURCES/0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch new file mode 100644 index 0000000..0e9f0c3 --- /dev/null +++ b/SOURCES/0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch @@ -0,0 +1,30 @@ +From dcfab2c436b48d87cdfd2b9fa525e07816322b96 Mon Sep 17 00:00:00 2001 +From: Tom Hirst +Date: Wed, 25 Jun 2014 11:57:11 +0000 +Subject: [PATCH] rules: don't enable usb pm for Avocent devices + +The Avocent KVM over IP devices doesn't work correctly with USB power +management enabled. + +(cherry-picked from 52fb538361053f8c4abce0e40cd0bae3d28ceb16) + +Resolves: #1176736 +--- + rules/42-usb-hid-pm.rules | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules +index 3fd6e8a..483a781 100644 +--- a/rules/42-usb-hid-pm.rules ++++ b/rules/42-usb-hid-pm.rules +@@ -11,10 +11,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}== + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto" + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto" + +-# Catch-all for Avocent HID devices. Keyed off interface in order to only +-# trigger on HID class devices. +-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto" +- + # Dell DRAC 4 + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto" + diff --git a/SOURCES/0239-core-introduce-new-Delegate-yes-no-property-controll.patch b/SOURCES/0239-core-introduce-new-Delegate-yes-no-property-controll.patch new file mode 100644 index 0000000..0e1f819 --- /dev/null +++ b/SOURCES/0239-core-introduce-new-Delegate-yes-no-property-controll.patch @@ -0,0 +1,385 @@ +From 80753fa3c0622fd8117c64e1ed2d7841edee3b00 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 13 Nov 2014 14:34:42 +0100 +Subject: [PATCH] core: introduce new Delegate=yes/no property controlling + creation of cgroup subhierarchies + +For priviliged units this resource control property ensures that the +processes have all controllers systemd manages enabled. + +For unpriviliged services (those with User= set) this ensures that +access rights to the service cgroup is granted to the user in question, +to create further subgroups. Note that this only applies to the +name=systemd hierarchy though, as access to other controllers is not +safe for unpriviliged processes. + +Delegate=yes should be set for container scopes where a systemd instance +inside the container shall manage the hierarchies below its own cgroup +and have access to all controllers. + +Delegate=yes should also be set for user@.service, so that systemd +--user can run, controlling its own cgroup tree. + +This commit changes machined, systemd-nspawn@.service and user@.service +to set this boolean, in order to ensure that container management will +just work, and the user systemd instance can run fine. + +(cherry picked from a931ad47a8623163a29d898224d8a8c1177ffdaf) + +Resolves: #1179715 +--- + man/systemd.resource-control.xml | 14 ++++++++++++ + src/core/cgroup.c | 19 +++++++++++++++-- + src/core/cgroup.h | 2 ++ + src/core/dbus-cgroup.c | 40 +++++++++++++++++++++++++++++++++++ + src/core/execute.c | 23 +++++++++++++++++--- + src/core/execute.h | 2 ++ + src/core/load-fragment-gperf.gperf.m4 | 3 ++- + src/core/mount.c | 1 + + src/core/service.c | 1 + + src/core/socket.c | 1 + + src/core/swap.c | 1 + + src/machine/machined-dbus.c | 10 +++++++++ + src/shared/cgroup-util.h | 3 ++- + units/systemd-nspawn@.service.in | 1 + + 14 files changed, 114 insertions(+), 7 deletions(-) + +diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml +index 8688905..3748c0c 100644 +--- a/man/systemd.resource-control.xml ++++ b/man/systemd.resource-control.xml +@@ -327,6 +327,20 @@ along with systemd; If not, see . + + + ++ ++ Delegate= ++ ++ ++ Turns on delegation of further resource control ++ partitioning to processes of the unit. For unpriviliged ++ services (i.e. those using the User= ++ setting) this allows processes to create a subhierarchy ++ beneath its control group path. For priviliged services and ++ scopes this ensures the processes will have all control ++ group controllers enabled. ++ ++ ++ + + + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 32e2599..764311f 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -94,14 +94,16 @@ void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix) { + "%sCPUShares=%lu\n" + "%sBlockIOWeight=%lu\n" + "%sMemoryLimit=%" PRIu64 "\n" +- "%sDevicePolicy=%s\n", ++ "%sDevicePolicy=%s\n" ++ "%sDelegate=%s\n", + prefix, yes_no(c->cpu_accounting), + prefix, yes_no(c->blockio_accounting), + prefix, yes_no(c->memory_accounting), + prefix, c->cpu_shares, + prefix, c->blockio_weight, + prefix, c->memory_limit, +- prefix, cgroup_device_policy_to_string(c->device_policy)); ++ prefix, cgroup_device_policy_to_string(c->device_policy), ++ prefix, yes_no(c->delegate)); + + LIST_FOREACH(device_allow, a, c->device_allow) + fprintf(f, +@@ -342,6 +344,19 @@ static CGroupControllerMask unit_get_cgroup_mask(Unit *u) { + if (!c) + return 0; + ++ /* If delegation is turned on, then turn on all cgroups, ++ * unless the process we fork into it is known to drop ++ * privileges anyway, and shouldn't get access to the ++ * controllers anyway. */ ++ ++ if (c->delegate) { ++ ExecContext *e; ++ ++ e = unit_get_exec_context(u); ++ if (!e || exec_context_maintains_privileges(e)) ++ return _CGROUP_CONTROLLER_MASK_ALL; ++ } ++ + return cgroup_context_get_mask(c); + } + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 0a079e9..d00bcac 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -80,6 +80,8 @@ struct CGroupContext { + + CGroupDevicePolicy device_policy; + LIST_HEAD(CGroupDeviceAllow, device_allow); ++ ++ bool delegate; + }; + + #include "unit.h" +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 9ebcad9..a13c869 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -124,6 +124,7 @@ static int bus_cgroup_append_device_allow(DBusMessageIter *i, const char *proper + } + + const BusProperty bus_cgroup_context_properties[] = { ++ { "Delegate", bus_property_append_bool, "b", offsetof(CGroupContext, delegate) }, + { "CPUAccounting", bus_property_append_bool, "b", offsetof(CGroupContext, cpu_accounting) }, + { "CPUShares", bus_property_append_ul, "t", offsetof(CGroupContext, cpu_shares) }, + { "BlockIOAccounting", bus_property_append_bool, "b", offsetof(CGroupContext, blockio_accounting) }, +@@ -138,6 +139,38 @@ const BusProperty bus_cgroup_context_properties[] = { + {} + }; + ++static int bus_cgroup_set_transient_property( ++ Unit *u, ++ CGroupContext *c, ++ const char *name, ++ DBusMessageIter *i, ++ UnitSetPropertiesMode mode, ++ DBusError *error) { ++ ++ assert(u); ++ assert(c); ++ assert(name); ++ assert(i); ++ ++ if (streq(name, "Delegate")) { ++ ++ if (dbus_message_iter_get_arg_type(i) != DBUS_TYPE_BOOLEAN) ++ return -EINVAL; ++ ++ if (mode != UNIT_CHECK) { ++ dbus_bool_t b; ++ ++ dbus_message_iter_get_basic(i, &b); ++ c->delegate = b; ++ unit_write_drop_in_private(u, mode, name, b ? "Delegate=yes" : "Delegate=no"); ++ } ++ ++ return 1; ++ } ++ ++ return 0; ++} ++ + int bus_cgroup_set_property( + Unit *u, + CGroupContext *c, +@@ -550,5 +583,12 @@ int bus_cgroup_set_property( + return 1; + } + ++ if (u->transient && u->load_state == UNIT_STUB) { ++ int r; ++ r = bus_cgroup_set_transient_property(u, c, name, i, mode, error); ++ if (r != 0) ++ return r; ++ } ++ + return 0; + } +diff --git a/src/core/execute.c b/src/core/execute.c +index 981b9e4..c3fd6a8 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1035,6 +1035,7 @@ int exec_spawn(ExecCommand *command, + bool confirm_spawn, + CGroupControllerMask cgroup_supported, + const char *cgroup_path, ++ bool cgroup_delegate, + const char *unit_id, + int idle_pipe[4], + pid_t *ret) { +@@ -1299,8 +1300,10 @@ int exec_spawn(ExecCommand *command, + } + } + +-#ifdef HAVE_PAM +- if (cgroup_path && context->user && context->pam_name) { ++ /* If delegation is enabled we'll pass ownership of the cgroup ++ * (but only in systemd's own controller hierarchy!) to the ++ * user of the new process. */ ++ if (cgroup_path && context->user && cgroup_delegate) { + err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid); + if (err < 0) { + r = EXIT_CGROUP; +@@ -1314,7 +1317,6 @@ int exec_spawn(ExecCommand *command, + goto fail_child; + } + } +-#endif + + if (apply_permissions) { + err = enforce_groups(context, username, gid); +@@ -2069,6 +2071,21 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { + prefix, c->utmp_id); + } + ++bool exec_context_maintains_privileges(ExecContext *c) { ++ assert(c); ++ ++ /* Returns true if the process forked off would run under ++ * an unchanged UID or as root. */ ++ ++ if (!c->user) ++ return true; ++ ++ if (streq(c->user, "root") || streq(c->user, "0")) ++ return true; ++ ++ return false; ++} ++ + void exec_status_start(ExecStatus *s, pid_t pid) { + assert(s); + +diff --git a/src/core/execute.h b/src/core/execute.h +index c1e9717..eca9d7d 100644 +--- a/src/core/execute.h ++++ b/src/core/execute.h +@@ -173,6 +173,7 @@ int exec_spawn(ExecCommand *command, + bool confirm_spawn, + CGroupControllerMask cgroup_mask, + const char *cgroup_path, ++ bool cgroup_delegate, + const char *unit_id, + int pipe_fd[2], + pid_t *ret); +@@ -199,6 +200,7 @@ void exec_context_tty_reset(const ExecContext *context); + int exec_context_load_environment(const ExecContext *c, char ***l); + + bool exec_context_may_touch_console(ExecContext *c); ++bool exec_context_maintains_privileges(ExecContext *c); + void exec_context_serialize(const ExecContext *c, Unit *u, FILE *f); + + void exec_status_start(ExecStatus *s, pid_t pid); +diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 +index 0991cb9..3e88c8a 100644 +--- a/src/core/load-fragment-gperf.gperf.m4 ++++ b/src/core/load-fragment-gperf.gperf.m4 +@@ -95,7 +95,8 @@ $1.BlockIOAccounting, config_parse_bool, 0, + $1.BlockIOWeight, config_parse_blockio_weight, 0, offsetof($1, cgroup_context) + $1.BlockIODeviceWeight, config_parse_blockio_device_weight, 0, offsetof($1, cgroup_context) + $1.BlockIOReadBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context) +-$1.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)' ++$1.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context) ++$1.Delegate, config_parse_bool, 0, offsetof($1, cgroup_context.delegate)' + )m4_dnl + Unit.Description, config_parse_unit_string_printf, 0, offsetof(Unit, description) + Unit.Documentation, config_parse_documentation, 0, offsetof(Unit, documentation) +diff --git a/src/core/mount.c b/src/core/mount.c +index 3672338..f7c98c4 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -793,6 +793,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) { + UNIT(m)->manager->confirm_spawn, + UNIT(m)->manager->cgroup_supported, + UNIT(m)->cgroup_path, ++ m->cgroup_context.delegate, + UNIT(m)->id, + NULL, + &pid); +diff --git a/src/core/service.c b/src/core/service.c +index f6fdbbc..da30d77 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -1869,6 +1869,7 @@ static int service_spawn( + UNIT(s)->manager->confirm_spawn, + UNIT(s)->manager->cgroup_supported, + path, ++ s->cgroup_context.delegate, + UNIT(s)->id, + s->type == SERVICE_IDLE ? UNIT(s)->manager->idle_pipe : NULL, + &pid); +diff --git a/src/core/socket.c b/src/core/socket.c +index 32e0d35..f365125 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -1229,6 +1229,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { + UNIT(s)->manager->confirm_spawn, + UNIT(s)->manager->cgroup_supported, + UNIT(s)->cgroup_path, ++ s->cgroup_context.delegate, + UNIT(s)->id, + NULL, + &pid); +diff --git a/src/core/swap.c b/src/core/swap.c +index 727bb95..597c8ca 100644 +--- a/src/core/swap.c ++++ b/src/core/swap.c +@@ -591,6 +591,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) { + UNIT(s)->manager->confirm_spawn, + UNIT(s)->manager->cgroup_supported, + UNIT(s)->cgroup_path, ++ s->cgroup_context.delegate, + UNIT(s)->id, + NULL, + &pid); +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index 22caadf..0cebdc5 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -739,9 +739,11 @@ int manager_start_scope( + DBusMessageIter iter, sub, sub2, sub3, sub4; + const char *timeout_stop_property = "TimeoutStopUSec"; + const char *pids_property = "PIDs"; ++ const char *delegate_property = "Delegate"; + uint64_t timeout = 500 * USEC_PER_MSEC; + const char *fail = "fail"; + uint32_t u; ++ dbus_bool_t b = 1; + int r; + + assert(manager); +@@ -814,6 +816,14 @@ int manager_start_scope( + !dbus_message_iter_close_container(&sub, &sub2)) + return log_oom(); + ++ if (!dbus_message_iter_open_container(&sub, DBUS_TYPE_STRUCT, NULL, &sub2) || ++ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &delegate_property) || ++ !dbus_message_iter_open_container(&sub2, DBUS_TYPE_VARIANT, "b", &sub3) || ++ !dbus_message_iter_append_basic(&sub3, DBUS_TYPE_BOOLEAN, &b) || ++ !dbus_message_iter_close_container(&sub2, &sub3) || ++ !dbus_message_iter_close_container(&sub, &sub2)) ++ return log_oom(); ++ + if (more_properties) { + r = copy_many_fields(&sub, more_properties); + if (r < 0) +diff --git a/src/shared/cgroup-util.h b/src/shared/cgroup-util.h +index 0963450..0608b9a 100644 +--- a/src/shared/cgroup-util.h ++++ b/src/shared/cgroup-util.h +@@ -34,7 +34,8 @@ typedef enum CGroupControllerMask { + CGROUP_CPUACCT = 2, + CGROUP_BLKIO = 4, + CGROUP_MEMORY = 8, +- CGROUP_DEVICE = 16 ++ CGROUP_DEVICE = 16, ++ _CGROUP_CONTROLLER_MASK_ALL = 31 + } CGroupControllerMask; + + /* +diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in +index 8e00736..bdfa89f 100644 +--- a/units/systemd-nspawn@.service.in ++++ b/units/systemd-nspawn@.service.in +@@ -12,6 +12,7 @@ Documentation=man:systemd-nspawn(1) + [Service] + ExecStart=@bindir@/systemd-nspawn -bjD /var/lib/container/%i + Type=notify ++Delegate=yes + + [Install] + WantedBy=multi-user.target diff --git a/SOURCES/0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch b/SOURCES/0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch new file mode 100644 index 0000000..17bf635 --- /dev/null +++ b/SOURCES/0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch @@ -0,0 +1,50 @@ +From ca891be92be9f82078bd88d041098c34ae35334f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 10 Dec 2014 20:38:24 +0100 +Subject: [PATCH] core: don't migrate PIDs for units that may contain + subcgroups, do this only for leaf units + +Otherwise a slice or delegation unit might move PIDs around ignoring the +fact that it is attached to a subcgroup. + +(cherry picked from commit 0cd385d31814c8c1bc0c81d11ef321036b8b0921) + +Resolves: #1179715 +--- + src/core/cgroup.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 764311f..5558b6d 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -392,11 +392,16 @@ static CGroupControllerMask unit_get_siblings_mask(Unit *u) { + + static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) { + _cleanup_free_ char *path; ++ CGroupContext *c; + int r; + bool was_in_hash = false; + + assert(u); + ++ c = unit_get_cgroup_context(u); ++ if (!c) ++ return 0; ++ + path = unit_default_cgroup_path(u); + if (!path) + return log_oom(); +@@ -416,8 +421,10 @@ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) { + if (r < 0) + log_error("Failed to create cgroup %s: %s", path, strerror(-r)); + +- /* Then, possibly move things over */ +- if (u->cgroup_path) { ++ /* Then, possibly move things over, but not if ++ * subgroups may contain processes, which is the case ++ * for slice and delegation units. */ ++ if (u->cgroup_path && u->type != UNIT_SLICE && !c->delegate) { + r = cg_migrate_everywhere(u->manager->cgroup_supported, u->cgroup_path, path); + if (r < 0) + log_error("Failed to migrate cgroup from %s to %s: %s", diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index d8d055a..b896a0c 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -11,7 +11,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 208 -Release: 11%{?dist}.5 +Release: 11%{?dist}.6 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager @@ -268,6 +268,9 @@ Patch0234: 0234-units-order-network-online.target-after-network.targ.patch Patch0235: 0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch Patch0236: 0236-util-reset-signals-when-we-fork-off-agents.patch Patch0237: 0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch +Patch0238: 0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch +Patch0239: 0239-core-introduce-new-Delegate-yes-no-property-controll.patch +Patch0240: 0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -1066,6 +1069,11 @@ getent passwd systemd-journal-gateway >/dev/null 2>&1 || useradd -r -l -u 191 -g %{_datadir}/systemd/gatewayd %changelog +* Wed Jan 07 2015 Lukas Nykryn - 208-11.6 +- rules: don't enable usb pm for Avocent devices (#1176736) +- core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies (#1179715) +- core: don't migrate PIDs for units that may contain subcgroups, do this only for leaf units (#1179715) + * Fri Dec 05 2014 Michal Sekletar - 208-11.5 - socket: add SocketUser= and SocketGroup= for chown()ing (#1171054)