1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

18246 Commits

Author SHA1 Message Date
Przemyslaw Kedzierski
dd5ae4c36c bus-proxy: cloning smack label
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.

It is done before and independent of dropping privileges.

The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.

The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.

In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.

In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
2014-12-09 18:23:24 +01:00
WaLyong Cho
4c213d6cf4 run: introduce timer support option
Support timer options --on-active=, --on-boot=, --on-startup=,
--on-unit-active=, --on-unit-inactive=, --on-calendar=. Each options
corresponding with OnActiveSec=, OnBootSec=, OnStartupSec=,
OnUnitActiveSec=, OnUnitInactiveSec=, OnCalendar= of timer
respectively. And OnCalendar= and WakeSystem= supported by
--timer-property= option like --property= of systemd-run.

And if --unit= option and timer options are specified the command can
be omitted. In this case, systemd-run assumes the target service is
already loaded. And just try to generate transient timer unit only.
2014-12-09 18:19:40 +01:00
Lennart Poettering
e82959c0e3 update TODO 2014-12-09 18:17:35 +01:00
Lennart Poettering
3280236156 sd-bus: get rid of PID starttime concept
As kdbus no longer exports this, remove all traces from sd-bus too
2014-12-09 18:16:54 +01:00
Lennart Poettering
7dcd79c295 sd-bus: properly support passing memfds around with offset/size parameters 2014-12-09 18:07:46 +01:00
David Herrmann
77adde6382 bus: sync with kdbus-git (ABI break)
kdbus-git gained two new features:
 * memfd offsets: This allows to specify a 'start' offset in kdbus_memfd
                  so you can send partial memfd hunks instead of always
                  the full memfd
 * KDBUS_HELLO_UNPRIVILEGED: If passed during HELLO, the client will be
                             treated as unprivileged.
2014-12-09 11:14:55 +01:00
Dan Winship
fbf7dcb588 libsystemd-network: fix writing of routes in dhcp lease file
inet_ntoa() uses a static buffer, so you can't call it twice in the
same fprintf() call.
2014-12-09 09:38:13 +01:00
Lennart Poettering
a5ccdb9884 sleep: drop redundant MESSAGE= prefix 2014-12-09 03:58:20 +01:00
Lennart Poettering
bf27dcb613 update TODO 2014-12-09 03:58:10 +01:00
Wesley Dawson
8ee8e53648 journalctl: respect --after-cursor semantics with --follow in all cases
In the case where no entries have been added to the journal after the specified
cursor, set need_seek before the main loop to prevent display of the entry at
said cursor.
2014-12-09 02:40:16 +01:00
Lennart Poettering
b1491eba40 core: rename unit_destroy_cgroup() to unit_destroy_cgroup_if_empty() since it's not quite as destructive as it sounds nowadays 2014-12-09 02:31:42 +01:00
Ross Lagerwall
dab5bf8599 cgroup: Handle error when destroying cgroup
If a cgroup fails to be destroyed (most likely because there are still
processes running as part of a service after the main pid exits), don't
free and remove the cgroup unit from the manager.  This fixes a
regression introduced by the cgroup rework in v205 where systemd would
forget about processes still running after the unit becomes inactive.
(This can happen when the main pid exits and KillMode=process or none).
2014-12-09 02:28:09 +01:00
Michael Marineau
eb5800026d fstab-generator: Allow mount.usr without mount.usrflags, honor rw/ro
There is no need to require mount.usrflags. The original implementation
assumed that a btrfs subvolume would always be needed but that is not
applicable to systems that do not use btrfs for /usr.

Similar to using rootflags= for the default of mount.usrflags=, append
the classic 'ro' and 'rw' flags to the mount options.
2014-12-09 02:24:26 +01:00
Lennart Poettering
59cfa62f20 fstab-generator: free all allocated strings 2014-12-09 02:22:44 +01:00
Lennart Poettering
68ac53e62f units: make sure container-getty@.service stops restarting when the pts device it is bound to is gone
We only want to restart the getty as long as the pts device is still
around. As soon as it is gone, the service should be removed to.

http://lists.freedesktop.org/archives/systemd-devel/2014-December/026048.html
2014-12-09 02:12:11 +01:00
Lennart Poettering
088c357d13 update TODO 2014-12-09 02:05:19 +01:00
Lennart Poettering
e867ceb6b9 nspawn: make sure macvlan MAC addresses are stable
https://bugs.freedesktop.org/show_bug.cgi?id=85527
2014-12-09 01:20:09 +01:00
Lennart Poettering
3072eecf3c sd-rtnl: fix size check in sd_rtnl_message_append_string() 2014-12-09 01:09:21 +01:00
Lennart Poettering
4a02e68602 update TODO 2014-12-09 00:08:31 +01:00
Lennart Poettering
96ceff4283 sd-bus: catch up with current kdbus, don't do matches on kdbus monitor connections 2014-12-09 00:01:36 +01:00
Lennart Poettering
e7100587da update TODO 2014-12-08 23:52:27 +01:00
Lennart Poettering
0aa72be6a0 bus-proxy: fix compat with autostarted services 2014-12-08 23:52:27 +01:00
Zbigniew Jędrzejewski-Szmek
4e7dff9b09 load-fragment: remove wrong ifdef guard
config_parse_warn_compat is now always used for removed options.

https://bugs.freedesktop.org/show_bug.cgi?id=87125
2014-12-08 17:27:46 -05:00
Tom Gundersen
45af44d47d networkd: manager - enumerate addresses globally, rather than per-link
The kernel always returns all addresses, rather than only for the given link, so let's only enumerate once.
2014-12-08 22:13:40 +01:00
Olivier Brunel
2173cbf847 journal: Fix navigating backwards missing entries
With DIRECTION_UP (i.e. navigating backwards) in generic_array_bisect() when the
needle was found as the last item in the array, it wasn't actually processed as
match, resulting in entries being missed.

https://bugs.freedesktop.org/show_bug.cgi?id=86855
2014-12-08 19:38:55 +01:00
Tom Gundersen
1e19f35297 networkd: link - typo 2014-12-08 18:38:55 +01:00
Tom Gundersen
0e707326fc sd-rtnl: fix bogus warning about dropping 20 bytes from multi-part messages
Nothing was being dropped, we just failed to account for the NLMSG_DONE.
2014-12-08 18:38:55 +01:00
Tom Gundersen
935c0d26f7 networkd: route - ignore unknown address family 2014-12-08 18:38:55 +01:00
Tom Gundersen
ca6038b896 udev: link-config - simplify net-match 2014-12-08 18:38:55 +01:00
Dave Reisner
285760fedf Check return value from reading name_assign_type attr
This file won't exist on kernels earlier than 3.17.
2014-12-08 18:38:55 +01:00
Mantas Mikulėnas
8c12bb073d networkd: update manpage for optional Gateway=
Following commit 59580681f5.
2014-12-08 12:20:11 -05:00
WaLyong Cho
d8a812d168 timer: timer can be a transient unit 2014-12-08 16:28:56 +01:00
WaLyong Cho
ab31f6b871 bus: StartTransientUnit can have aux unit 2014-12-08 16:28:54 +01:00
Lennart Poettering
90b3dc4dd9 update TODO 2014-12-08 14:55:22 +01:00
Lennart Poettering
5f86c1f4c4 sd-bus: rework ELF error mapping table magic
The ELF magic cannot work for consumers of our shard library, since they
are in a different module. Hence make all the ELF magic private, and
instead introduce a public function to register additional static
mapping table.
2014-12-08 14:55:22 +01:00
Thomas Hindoe Paaboel Andersen
8b5e2af108 remove duplicated includes 2014-12-06 09:51:12 +01:00
Tom Gundersen
32bc8adcd8 net_setup/networkd: warn if matching is done on possibly unstable ifname 2014-12-05 16:01:18 +01:00
Lennart Poettering
2a441c8afe update TODO 2014-12-05 14:09:39 +01:00
Felipe Sateler
030512b244 man: fix reference to obsolete command "systemctl dump"
https://bugs.freedesktop.org/show_bug.cgi?id=87020
2014-12-05 14:09:39 +01:00
Daniel Mack
840ceb897f sd-bus: follow kdbus changes (ABI break)
Implement a recent change in the kdbus pool logic:

PAYLOAD_VEC_OFF items are now referencing offsets relative to the
connection's pool, not to the item itself. Follow this change in
sd-bus.
2014-12-05 10:04:02 +01:00
Jan Janssen
baade8cc23 cryptsetup-generator: Add support for naming luks devices on kernel cmdline 2014-12-05 01:29:45 +01:00
Jan Janssen
6cd5b12aa5 cryptsetup-generator: Add support for UUID-specific key files on kernel command line 2014-12-05 01:29:43 +01:00
Jan Janssen
0fa9e53d12 cryptsetup-generator: Split main() into more functions and use hasmaps 2014-12-05 01:27:00 +01:00
Lennart Poettering
deb6120920 man: there's actually no "fail" fstab option, but only "nofail" 2014-12-05 01:09:08 +01:00
Tom Gundersen
c106cc36b9 networkd: add basic [Link] settings to .network files
This allows the default link settings (set in .link files) to be overridden per Network. Only MTU and MACAddress is supported for now.
2014-12-05 00:38:10 +01:00
WaLyong Cho
c18c2a0ea1 gitignore: ignore generated systemd-bootchart.service 2014-12-04 20:43:28 +01:00
Lennart Poettering
3e49a3a063 sd-bus: add extra assert check 2014-12-04 20:30:46 +01:00
Maciej Wereski
ebf4e8013b tmpfiles, man: Add xattr support to tmpfiles
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
2014-12-04 20:21:45 +01:00
Colin Walters
1cb636d92d missing: define NET_NAME_UNKNOWN
It's only exposed to userspace since

  commit 685343fc3ba61a1f6eef361b786601123db16c28
  Author:     Tom Gundersen <teg@jklm.no>
  AuthorDate: Mon Jul 14 16:37:22 2014 +0200
  Commit:     David S. Miller <davem@davemloft.net>
  CommitDate: Tue Jul 15 16:12:01 2014 -0700

to the kernel.
2014-12-04 19:24:46 +01:00
Tom Gundersen
7eb08da4b3 udev: net_setup - allow matching on OriginalName=
This has been requested repeatedly, so let's give it a go. We explicitly do not allow matching
on names that have already been changed (from a previous udev run, or otherwise), and matching
on unpredictable names (ethX) is discouraged (but not currently disallowed).

We also currently allow:

[Match]
Name=veth0

[Link]
Name=my-name0
SomeOtherSetting=true

Which means that the link file will be applied the first time it is invoked, but
not on subsequent invocations, which may be surprising.
2014-12-04 18:53:47 +01:00