1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
systemd-stable/units
Juho Son f2a474aea8 journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
systemd-journald check the cgroup id to support rate limit option for
every messages. so journald should be available to access cgroup node in
each process send messages to journald.
In system using SMACK, cgroup node in proc is assigned execute label
as each process's execute label.
so if journald don't want to denied for every process, journald
should have all of access rule for all process's label.
It's too heavy. so we could give special smack label for journald te get
all accesses's permission.
'^' label.
When assign '^' execute smack label to systemd-journald,
systemd-journald need to add  CAP_MAC_OVERRIDE capability to get that smack privilege.

so I want to notice this information and set default capability to
journald whether system use SMACK or not.
because that capability affect to only smack enabled kernel
2014-10-22 19:12:06 +02:00
..
user consoled: add a unit file 2014-10-04 13:19:18 +02:00
.gitignore readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
basic.target units: remove RefuseManualStart from units which are always around 2014-06-28 00:06:30 -04:00
bluetooth.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
busnames.target units: install busnames.target by default 2013-12-03 01:18:26 +01:00
console-getty.service.m4.in units: when spawning a getty configure TERM explicitly 2013-12-18 18:21:28 +01:00
console-shell.service.m4.in core: optionally send SIGHUP in addition to the configured kill signal 2013-07-30 01:54:59 +02:00
container-getty@.service.m4.in units: when spawning a getty configure TERM explicitly 2013-12-18 18:21:28 +01:00
cryptsetup-pre.target cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup 2014-06-18 00:09:46 +02:00
cryptsetup.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
debug-shell.service.in debug-shell: add condition for tty device to run on 2014-06-12 22:26:43 +02:00
dev-hugepages.mount units: add reference to new wiki page to all api mount units 2013-01-15 18:14:13 +01:00
dev-mqueue.mount units: add reference to new wiki page to all api mount units 2013-01-15 18:14:13 +01:00
emergency.service.in units: update rescue.service and emergency.service 2014-08-31 00:04:44 -04:00
emergency.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
final.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
getty.target unit: link up getty configuration from man page and unit files 2012-11-20 20:10:30 +01:00
getty@.service.m4 install: introduce new DefaultInstance= field for [Install] sections 2014-06-17 02:43:43 +02:00
graphical.target units: drop [Install] section from multi-user.target and graphical.target 2014-01-17 20:27:35 +01:00
halt-local.service.in build-sys: make rc-local support part of SYSV compat 2013-01-04 23:26:20 +01:00
halt.target units: rename halt/hibernate/kexec/poweroff/reboot/suspend to systed-xxx 2012-06-25 14:28:50 +02:00
hibernate.target unit: rename BindTo= to BindsTo= 2012-07-13 23:34:40 +02:00
hybrid-sleep.target logind: support for hybrid sleep (i.e. suspend+hibernate at the same time) 2012-10-28 00:50:35 +02:00
initrd-cleanup.service.in core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-fs.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-parse-etc.service.in initrd-parse-etc.service: ignore return code of daemon-reload 2014-09-03 13:28:31 +02:00
initrd-root-fs.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-switch-root.service.in core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-switch-root.target Make initrd.target the default target in the initrd 2013-03-15 00:49:37 +01:00
initrd-udevadm-cleanup-db.service.in Move udevadm to rootbindir 2013-03-11 07:18:33 +01:00
initrd.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
kexec.target units: rename halt/hibernate/kexec/poweroff/reboot/suspend to systed-xxx 2012-06-25 14:28:50 +02:00
kmod-static-nodes.service.in units: conditionalize static device node logic on CAP_SYS_MODULES instead of CAP_MKNOD 2014-07-04 03:24:41 +02:00
ldconfig.service readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
local-fs-pre.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
local-fs.target units: local-fs.target - don't pull in default dependencies 2014-06-29 16:20:33 +02:00
machine.slice logind: add infrastructure to keep track of machines, and move to slices 2013-06-20 03:49:59 +02:00
Makefile build-sys: add small redirecting Makefiles to simplify compilation from within emacs 2010-05-17 01:44:03 +02:00
multi-user.target units: drop [Install] section from multi-user.target and graphical.target 2014-01-17 20:27:35 +01:00
network-online.target units: order network-online.target after network.target 2014-06-11 15:00:45 +02:00
network-pre.target units: introduce network-pre.target as place to hook in firewalls 2014-06-11 12:14:55 +02:00
network.target units: introduce network-pre.target as place to hook in firewalls 2014-06-11 12:14:55 +02:00
nss-lookup.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
nss-user-lookup.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
org.freedesktop.hostname1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.locale1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.login1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.machine1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.resolve1.busname resolved: add busname unit file 2014-07-16 04:12:03 +02:00
org.freedesktop.systemd1.busname bus: provide org.freedesktop.systemd1.busname for systemd --user 2014-03-26 03:38:48 +01:00
org.freedesktop.timedate1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
paths.target units: introduce new timers.target and paths.target to hook timer/path units into for boot 2013-03-25 21:28:30 +01:00
poweroff.target units: rename halt/hibernate/kexec/poweroff/reboot/suspend to systed-xxx 2012-06-25 14:28:50 +02:00
printer.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
proc-sys-fs-binfmt_misc.automount units: add reference to new wiki page to all api mount units 2013-01-15 18:14:13 +01:00
proc-sys-fs-binfmt_misc.mount units: add reference to new wiki page to all api mount units 2013-01-15 18:14:13 +01:00
quotaon.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
rc-local.service.in build-sys: make rc-local support part of SYSV compat 2013-01-04 23:26:20 +01:00
reboot.target units: rename halt/hibernate/kexec/poweroff/reboot/suspend to systed-xxx 2012-06-25 14:28:50 +02:00
remote-fs-pre.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
remote-fs.target filesystem targets: disable default dependencies 2013-09-11 14:40:58 +02:00
rescue.service.in units: update rescue.service and emergency.service 2014-08-31 00:04:44 -04:00
rescue.target rescue: don't pull in sockets 2012-05-22 16:12:25 +02:00
rpcbind.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
serial-getty@.service.m4 units/serial-getty@.service: use the default RestartSec 2014-07-15 23:51:10 -04:00
shutdown.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
sigpwr.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
sleep.target units: stop sleep.target when it has done its job 2012-06-25 12:01:09 +02:00
slices.target core: general cgroup rework 2013-06-27 04:17:34 +02:00
smartcard.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
sockets.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
sound.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
suspend.target unit: rename BindTo= to BindsTo= 2012-07-13 23:34:40 +02:00
swap.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
sys-fs-fuse-connections.mount units: add reference to new wiki page to all api mount units 2013-01-15 18:14:13 +01:00
sys-kernel-config.mount units: conditionalize configfs and debugfs with CAP_SYS_RAWIO 2014-07-04 03:24:42 +02:00
sys-kernel-debug.mount units: conditionalize configfs and debugfs with CAP_SYS_RAWIO 2014-07-04 03:24:42 +02:00
sysinit.target units: remove RefuseManualStart from units which are always around 2014-06-28 00:06:30 -04:00
syslog.socket service: ignore dependencies on $syslog and $local_fs in LSB scripts 2013-01-16 21:34:09 +01:00
system-update.target readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
system.slice core: general cgroup rework 2013-06-27 04:17:34 +02:00
systemd-ask-password-console.path units: introduce new timers.target and paths.target to hook timer/path units into for boot 2013-03-25 21:28:30 +01:00
systemd-ask-password-console.service.in units: run systemd-ask-password-console.service after systemd-vconsole-setup.service 2013-03-06 15:39:37 +01:00
systemd-ask-password-wall.path units: introduce new timers.target and paths.target to hook timer/path units into for boot 2013-03-25 21:28:30 +01:00
systemd-ask-password-wall.service.in units: automatically respawn the core services 2012-06-28 12:18:04 +02:00
systemd-backlight@.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-binfmt.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-bus-proxyd.socket Use /var/run/dbus/system_bus_socket for the D-Bus socket 2014-02-25 21:26:42 -05:00
systemd-bus-proxyd@.service.in bus-proxy: read the right policy when running in user mode 2014-06-10 17:56:51 +02:00
systemd-firstboot.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-fsck-root.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-fsck@.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-halt.service.in man: document systemd-halt.service and friends 2012-06-26 17:50:29 +02:00
systemd-hibernate-resume@.service.in systemd-hibernate-resume@.service: remove unnecessary ordering 2014-10-09 23:53:15 -04:00
systemd-hibernate.service.in man: document systemd-suspend.service 2012-06-26 17:33:11 +02:00
systemd-hostnamed.service.in core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only 2014-06-04 18:12:55 +02:00
systemd-hybrid-sleep.service.in logind: support for hybrid sleep (i.e. suspend+hibernate at the same time) 2012-10-28 00:50:35 +02:00
systemd-initctl.service.in man: document systemd-initctl 2012-06-26 00:15:59 +02:00
systemd-initctl.socket initctl: move /dev/initctl fifo into /run, replace it by symlink 2014-06-04 16:53:58 +02:00
systemd-journal-catalog-update.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-journal-flush.service.in journal: replace implicit flushing of journal by explicit one 2012-07-11 02:41:16 +02:00
systemd-journal-gatewayd.service.in core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only 2014-06-04 18:12:55 +02:00
systemd-journal-gatewayd.socket journal: add minimal journal gateway daemon based on GNU libmicrohttpd 2012-09-28 00:55:24 +02:00
systemd-journal-remote.service.in journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
systemd-journal-remote.socket journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
systemd-journal-upload.service.in systemd-journal-upload: fix invalid After= 2014-08-28 18:06:02 -04:00
systemd-journald-dev-log.socket journald: also increase the SendBuffer of /dev/log to 8M 2014-08-13 18:53:05 +02:00
systemd-journald.service.in journald: add CAP_MAC_OVERRIDE in journald for SMACK issue 2014-10-22 19:12:06 +02:00
systemd-journald.socket journald: move /dev/log socket to /run 2014-06-04 16:53:58 +02:00
systemd-kexec.service.in man: document systemd-halt.service and friends 2012-06-26 17:50:29 +02:00
systemd-localed.service.in core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only 2014-06-04 18:12:55 +02:00
systemd-logind.service.in logind: mount per-user tmpfs with 'smackfsroot=*' for smack enabled systems 2014-10-09 11:38:59 +02:00
systemd-machined.service.in machinectl: show /etc/os-release information of container in status output 2014-07-03 17:54:24 +02:00
systemd-modules-load.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-networkd-wait-online.service.in units: networkd - don't order wait-online.service before network.target 2014-06-30 13:06:33 +02:00
systemd-networkd.service.in units: networkd - order after udev 2014-09-08 15:07:51 +02:00
systemd-nspawn@.service.in nspawn: when running in a service unit, use systemd for restarts 2014-07-03 12:51:07 +02:00
systemd-poweroff.service.in man: document systemd-halt.service and friends 2012-06-26 17:50:29 +02:00
systemd-quotacheck.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-random-seed.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-reboot.service.in man: document systemd-halt.service and friends 2012-06-26 17:50:29 +02:00
systemd-remount-fs.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-resolved.service.in core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only 2014-06-04 18:12:55 +02:00
systemd-rfkill@.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-shutdownd.service.in man: properly document .socket units in man page 2012-06-27 01:06:35 +02:00
systemd-shutdownd.socket man: properly document .socket units in man page 2012-06-27 01:06:35 +02:00
systemd-suspend.service.in man: document systemd-suspend.service 2012-06-26 17:33:11 +02:00
systemd-sysctl.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-sysusers.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-timedated.service.in core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only 2014-06-04 18:12:55 +02:00
systemd-timesyncd.service.in timesyncd: do not start in virtualized environments 2014-06-17 03:34:09 +02:00
systemd-tmpfiles-clean.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-tmpfiles-clean.timer man: link systemd-tmpfiles-setup-dev.service 2013-04-23 12:55:44 +02:00
systemd-tmpfiles-setup-dev.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-tmpfiles-setup.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-udev-hwdb-update.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-udev-settle.service.in udev: replace CAP_MKNOD by writable /sys condition 2013-08-17 19:07:42 +02:00
systemd-udev-trigger.service.in udev: replace CAP_MKNOD by writable /sys condition 2013-08-17 19:07:42 +02:00
systemd-udevd-control.socket udev: replace CAP_MKNOD by writable /sys condition 2013-08-17 19:07:42 +02:00
systemd-udevd-kernel.socket udev: replace CAP_MKNOD by writable /sys condition 2013-08-17 19:07:42 +02:00
systemd-udevd.service.in units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on boot 2014-06-13 13:26:32 +02:00
systemd-update-done.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-update-utmp-runlevel.service.in utmp: turn systemd-update-utmp-shutdown.service into a normal runtime service 2013-05-16 00:19:03 +02:00
systemd-update-utmp.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-user-sessions.service.in man: document systemd-user-sessions.service 2012-06-25 17:34:50 +02:00
systemd-vconsole-setup.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
time-sync.target units: time-sync.target probably makes sense, is not just sysv compat 2014-06-11 12:14:55 +02:00
timers.target units: introduce new timers.target and paths.target to hook timer/path units into for boot 2013-03-25 21:28:30 +01:00
tmp.mount units: skip mounting /tmp if it is a symlink 2014-06-30 22:49:10 +02:00
umount.target units: introduce new Documentation= field and make use of it everywhere 2012-05-21 15:14:51 +02:00
user.slice logind: add infrastructure to keep track of machines, and move to slices 2013-06-20 03:49:59 +02:00
user@.service.in core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes 2014-01-29 13:42:06 +01:00
x-.slice build-sys: work around automake issue with files with a leading '-' 2013-07-02 23:15:49 -04:00