shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Code
Backports of patch from systemd git to stable distributions
24,183 Commits 36 Branches 651 Tags 227 MiB
C 89.4%
Python 5.8%
Shell 2.1%
Meson 1.3%
HTML 0.9%
Other 0.4%
ae176752f9
Go to file
Casey Schaufler ae176752f9 smack: Handling network 
- Set Smack ambient to match run label
- Set Smack netlabel host rules

Set Smack ambient to match run label
------------------------------------
Set the Smack networking ambient label to match the
run label of systemd. System services may expect to
communicate with external services over IP. Setting
the ambient label assigns that label to IP packets
that do not include CIPSO headers. This allows systemd
and the services it spawns access to unlabeled IP
packets, and hence external services.

A system may choose to restrict network access to
particular services later in the startup process.
This is easily done by resetting the ambient label
elsewhere.

Set Smack netlabel host rules
-----------------------------
If SMACK_RUN_LABEL is defined set all other hosts to be
single label hosts at the specified label. Set the loopback
address to be a CIPSO host.

If any netlabel host rules are defined in /etc/smack/netlabel.d
install them into the smackfs netlabel interface.

[Patrick Ohly: copied from https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commit;h=db4f6c9a074644aa2bf]
[Patrick Ohly: adapt to write_string_file() change in "fileio: consolidate write_string_file*()"]
[Patrick Ohly: create write_netlabel_rules() based on the original write_rules() that was removed in "smack: support smack access change-rule"]
[Patrick Ohly: adapted to upstream code review feedback: error logging, string constants]
2016-01-11 11:12:06 +01:00
catalog Add initial Hungarian message catalog translation 2016-01-02 23:17:27 +01:00
coccinelle coccinelle: additional errno.cocci hunk 2015-11-09 20:01:06 +01:00
docs docs: add .gitignore 2015-07-06 17:47:38 +02:00
factory/etc factory: remove broken pam_limits 2014-07-30 15:21:54 +02:00
hwdb keymap: remap microphone mute keycode for Lenovo Thinkcentre M800z 2016-01-06 04:02:32 +01:00
m4 build-sys: Check behavior of -Werror=shadow before deciding to use it 2015-09-22 09:54:33 -07:00
man resolved: introduce support for per-interface negative trust anchors 2016-01-06 18:36:32 +01:00
network networkd: emit DNS/NTP/Timezone info via DHCP server by default 2015-08-27 16:47:26 +02:00
po Update Hungarian translation 2016-01-02 23:16:52 +01:00
rules rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
shell-completion importd: drop dkr support 2015-12-10 16:54:41 +01:00
src smack: Handling network 2016-01-11 11:12:06 +01:00
sysctl.d sysctl: use %P instead of %p in core pattern 2015-11-17 17:32:49 +01:00
system-preset preset: enable machines.target by default 2014-12-29 17:36:57 +01:00
sysusers.d build: fix systemd-journal-upload installation 2015-12-09 03:48:56 +00:00
test tests: add regression test for systemctl restart systemd-journald 2015-12-30 05:00:14 +00:00
tmpfiles.d tmpfiles: set acls on system.journal explicitly 2015-11-29 23:38:09 -05:00
tools man: include the target name when linking to man pages in html output 2015-11-22 23:54:29 -05:00
units journal-remote: add documents in the unit files 2015-12-15 10:51:12 +09:00
xorg login: support user-bus on dbus1 2015-08-31 18:12:37 +02:00
.dir-locals.el Keep emacs configuration in one configuration file. 2011-03-08 01:53:46 +01:00
.editorconfig add editorconfig configuration 2015-11-23 12:32:59 +01:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore Merge pull request #2115 from dvdhrm/rbtree 2015-12-08 17:31:09 +01:00
.mailmap NEWS: add more stuff, and reorder things a bit 2015-11-13 13:59:50 +01:00
.travis.yml remove gudev and gtk-doc 2015-06-03 00:22:53 +02:00
.vimrc vimrc: add warning about dangerous exrc mode 2015-11-23 19:31:00 +01:00
.ycm_extra_conf.py ycm: update flag blacklist 2014-06-04 15:41:10 -04:00
autogen.sh terminal: drop unfinished code 2015-07-27 20:15:34 +02:00
CODING_STYLE CODING_STYLE: elaborate on usage of C99 fixed size integer types 2015-11-10 17:31:30 +01:00
configure.ac build-sys: refactor have_smack detection 2015-12-12 06:08:25 +00:00
DISTRO_PORTING build-sys: warn if people don't change the default NTP servers when building systemd 2015-07-11 14:24:29 -03:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile-man.am man: add documentation for dnssec-trust-anchors.d(5) 2016-01-05 14:20:27 +01:00
Makefile.am Merge pull request #2276 from poettering/dnssec12 2016-01-07 15:05:58 +01:00
NEWS NEWS: add in missing NEWS entry for 228 feature RemainAfterElapse= 2015-11-18 17:04:04 +01:00
README README: Recommend kinvolk regarding engineering services 2015-12-10 11:57:08 +01:00
README.md README.md: add Coverity scan status badge 2015-06-08 13:26:54 +02:00
TODO Merge pull request #2096 from teg/resolved-cache 2015-12-10 20:48:42 +01:00

README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status

Details

  • General information about systemd can be found in the systemd Wiki
  • Information about build requirements are provided in the README file