1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-13 23:21:08 +03:00
Commit Graph

416 Commits

Author SHA1 Message Date
Lennart Poettering
1271623839 build-sys: show audit/selinux in summary 2010-08-26 03:23:03 +02:00
Lennart Poettering
cff89041ae build-sys: prepare release v8 2010-08-25 21:28:50 +02:00
Lennart Poettering
afea26ad7d main: disable nscd properly, if possible 2010-08-11 23:31:07 +02:00
Lennart Poettering
4927fcae48 audit,utmp: implement audit logic and rip utmp stuff out of the main daemon and into a helper binary 2010-08-11 01:44:38 +02:00
Lennart Poettering
add060fea4 build-sys: prepare release 7 2010-08-10 03:47:00 +02:00
Lennart Poettering
7e551fbd68 build-sys: prepare new release 2010-08-06 12:15:54 +02:00
Lennart Poettering
804bbed8f4 prepare new release 2010-08-04 01:30:40 +02:00
Daniel J Walsh
56cf987fe7 Systemd is causing mislabeled devices to be created and then attempting to read them.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:7): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:8): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier.  I think this is caused by the
>>> modprobe calls to create /dev/autofs.  Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label.  Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e
2010-08-03 23:45:22 +02:00
Daniel J Walsh
7a58bfa4ae socket: SELinux support for socket creation.
It seems to work on my machine.

/proc/1/fd/20	system_u:system_r:system_dbusd_t:s0

/proc/1/fd/21	system_u:system_r:avahi_t:s0

And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.

If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
2010-07-23 05:12:13 +02:00
Lennart Poettering
25da667e1a build-sys: prepare release 4 2010-07-22 02:52:26 +02:00
Lennart Poettering
d3d91d10c9 build-sys: fix compatibility with vala 0.9 2010-07-22 02:21:42 +02:00
Lennart Poettering
db12315a18 build-sys: bump release 2010-07-13 23:18:40 +02:00
Lennart Poettering
35d2e7ec19 cgroup: reimplement the last bit of libcgroup functionality natively 2010-07-12 18:16:44 +02:00
Lennart Poettering
f1dfb62962 build-sys: require udev 160 to fix notify socket abstract namespace sockaddr length 2010-07-12 00:01:32 +02:00
Lennart Poettering
83bda35801 build-sys: drop special name hack for dbus.service since a native service file is now shipped upstream dbus 2010-07-10 00:22:38 +02:00
Lennart Poettering
39280feb57 build-sys: bump version 2010-07-09 05:02:26 +02:00
Lennart Poettering
27765dfc7a build-sys: disable inline warnings 2010-07-09 05:02:26 +02:00
Lennart Poettering
afe1be4dbd build-sys: prepare release 1 2010-07-07 04:45:21 +02:00
Lennart Poettering
8c6db83365 pam: implement systemd PAM module and generelize cgroup API for that a bit 2010-06-21 23:27:18 +02:00
Lennart Poettering
139be57d94 build-sys: speed up build via convenience library 2010-06-18 00:44:57 +02:00
Lennart Poettering
8745297f98 gcc: disable warn_unused_result attribute warnings 2010-06-17 23:47:59 +02:00
Pavol Rusnak
634826b51b fix --nonet calls to xsltproc
Also, fix spelling of openSUSE
2010-06-17 23:43:51 +02:00
Lennart Poettering
be1a67d9d6 build-sys: pass -fno-strict-aliasing by default 2010-06-17 23:41:21 +02:00
Lennart Poettering
812cce323d build-sys: fix configure output without libwrap 2010-06-16 23:11:48 +02:00
Lennart Poettering
5b6319dcee service: optionally call into PAM when dropping priviliges 2010-06-16 21:54:17 +02:00
Lennart Poettering
0213c3f810 socket: add optional libwrap support 2010-06-16 15:41:29 +02:00
Lennart Poettering
b60e6bbf67 build-sys: enable bz2 tarballs 2010-06-09 15:37:05 +02:00
Lennart Poettering
d2d12cd1bf build-sys: make make distcheck work again 2010-06-07 19:40:25 +02:00
Lennart Poettering
d122948d6f dbus: install bus activation file 2010-06-07 04:14:39 +02:00
Christian Ruppert
a45a909fbb build-sys: call AC_OUTPUT without any arguments 2010-06-02 18:53:19 +02:00
Lennart Poettering
a6baa3f681 build-sys: default rootdir to prefix 2010-06-02 05:02:50 +02:00
Lennart Poettering
8c4a3079a7 build-sys: install stuff intended for / into ${rootdir} which is configurable with --with-rootdir= 2010-06-02 00:35:58 +02:00
Lennart Poettering
e1ce2c2782 device: make use of new libudev tags logic 2010-05-22 01:00:28 +02:00
Kay Sievers
cfe243e372 units: SUSE support 2010-05-20 17:55:42 +02:00
Lennart Poettering
42e39f0b32 build-sys: remove vala generated sources only when valac is around 2010-05-18 00:28:39 +02:00
Lennart Poettering
53f7d807bf cgroup: don't require debug cgroup controller anymore, use name hierarchy instead 2010-05-17 23:54:44 +02:00
Lennart Poettering
9f2c5942e1 man: replace syslog name in man page by configured name 2010-05-17 22:45:52 +02:00
Lennart Poettering
12e84679cc build-sys: set M4_DISTRO_FLAG from the configure script 2010-05-17 19:52:57 +02:00
Lennart Poettering
b6c2bf61c5 build-sys: fix --distro= configure explations 2010-05-17 19:36:22 +02:00
Lennart Poettering
5e6afdd3d3 units: add distribution-specific units 2010-05-17 01:39:58 +02:00
Lennart Poettering
34eff652ce build-sys: provide distro-agnostic defaults for distro-specific settings 2010-05-16 21:28:41 +02:00
Lennart Poettering
a7b6f8e578 units: automatically generated syslog.target 2010-05-16 21:15:46 +02:00
Lennart Poettering
e99e38bbdc build-sys: move source files to subdirectory 2010-05-16 18:45:24 +02:00
Lennart Poettering
e9da3678fc build-sys: use autoconf'igured mkdir/ln/sed programs 2010-05-16 18:34:31 +02:00
Tollef Fog Heen
1b322bdb2a build-sys: update package URL to point to freedesktop.org 2010-05-16 18:18:55 +02:00
Tollef Fog Heen
1b00a25522 build-sys: point the development/bug report address at the fd.o list 2010-05-16 18:18:31 +02:00
Tollef Fog Heen
136337ff74 build-sys: support setting path and service names from configure
Allow passing --with switches for SysV init path, SysV rcN.d path,
DBus and syslog service names.

Also bail out if those are not passed and distro is other
2010-05-16 18:18:02 +02:00
Tollef Fog Heen
bf024b022d build-sys: rename --with-distro=none to --with-distro=other 2010-05-16 18:17:35 +02:00
Malcolm Studd
65c8976ab1 build-sys: slackware support
Attached is a patch for slackware support. If you want it some other
way, let me know; I haven't used git before.

Slackware doesn't have gnome or vala, and I'm having some issues with
the vala programs in systemd. I installed the vala compiler, and the
configure script says I have everything required, but compilation
fails (log attached). Is there something I'm missing? I installed
systemd by commenting out the vala programs in Makefile.am.

Malcolm
2010-05-15 23:43:33 +02:00
Robert Gerus
e12891f70c build-sys: Update Vala configure check 2010-05-15 23:20:37 +02:00
Lennart Poettering
d1ab0ca073 man: add some initial man page work 2010-05-15 23:06:41 +02:00
Michael Tremer
a9b5b03212 configure: Allow to disable build of tools that require GTK. 2010-05-13 03:16:12 +02:00
Fabian Henze
f2b4af1cd4 build-sys: detect Gentoo 2010-05-08 15:43:54 +02:00
Lennart Poettering
924b4d5bcc build-sys: fix name of Debian syslog service 2010-05-06 22:46:07 +02:00
Lennart Poettering
5fada85280 build-sys: require at least vala 0.7 2010-05-06 22:02:42 +02:00
Tollef Fog Heen
b237ef2cfa build-sys: better test for pkg-config/pkg.m4
In some cases, people will run autoreconf rather than bootstrap.sh, or
they will uninstall pkg-config.  This is now detected properly rather
than relying on bootstrap.sh checking for us.
2010-05-06 21:42:46 +02:00
Maarten Lankhorst
41160f3dbf build-sys: support non-git versions of libcgroup 2010-05-06 21:30:01 +02:00
Lennart Poettering
b9cd233f49 we don't actually need libgee anymore 2010-05-06 21:26:21 +02:00
Dave Reisner
d7c114c000 build-sys: add Arch Linux support 2010-05-05 22:03:52 +02:00
Lennart Poettering
2c696a96a2 build-sys: automatically figure out names of dbus/syslog services 2010-04-10 18:00:21 +02:00
Lennart Poettering
d64b723a9e build-sys: fix AC_SUBST for /etc/rcN.d 2010-04-07 15:44:35 +02:00
Lennart Poettering
c16c534dcb build-sys: drop debug output 2010-04-07 15:36:28 +02:00
Lennart Poettering
0571e0111d build-sys: automatically detect SysV init dirs 2010-04-07 15:35:01 +02:00
Lennart Poettering
ac8cfcf56c build-sys: drop -Wunsafe-loop-optimizations 2010-04-07 13:55:02 +02:00
Lennart Poettering
8e27452380 cgroup: add cgroupsification 2010-03-31 16:29:55 +02:00
Lennart Poettering
47be870bd8 build: basic autoconfization 2010-02-03 14:21:48 +01:00