IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Distributions that never shipped upstart do not have
"telinit" in /lib/upstart/..
Defaults to /lib/upstart/telinit so there is no change
for systems existing installs.
use readlink -m instead of -f since we might be building in a minimal
chroot where those directories do not actually exist and readlink -f
would return an empty string.
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
Both gtk-doc and intltoolize have problems with VPATH builds.
"Creatively" disable tests when configuring from outside the
source directory.
This more-or-less reverts 9795da43c.
This patch only adds one line, but moves python detection
after cflags detection, so the result of the latter can
be used in the former.
$PYTHON_CFLAGS usually includes -D_FORTIFY_SOURCE, which will generate
a warning when compiling without optimization. Avoid by undefining
_FORTIFY_SOURCE.
Rather then force the user to undefine _FORTIFY_SOURCE,
don't define it in the first place if it cannot be used.
I'm assuming that -O* can only be sensibly specified in $CFLAGS.
Bootchart is renamed to 'systemd-bootchart' and installed as
/usr/lib/systemd/systemd-bootchart. The configuration file
will reside in /etc/systemd/bootchart.conf.
Note that there are still some rome for cleanups. In particular,
the .la files are now installed, which we probably don't want; and
some of the macros in Makefile.am are likely redundan.
Commit c4eb236a2c didn't take into account the situation when the user
sets e.g. PYTHON=python3 (without the full path). This value would
then be used verbatim for PYTHON_BINARY and in she-bang lines in
scripts, which is incorrect. To fix this, $PYTHON is passed through
which, which expands the path. If $PYTHON_BINARY is desired which is
not installed on the build system, then PYTHON_BINARY must be set
separately.
Python binary used in the she-bang line in installed
scripts can be set with ./configure PYTHON_BINARY=...
Defaults to the same path as python used during compilation.
Adding --version makes systemd-analyze behave consistently with the
rest of installed programs.
The lines in ./configure output are reordered to keep all yes/no lines
separate. I think that this makes the output clearer.
This also drops automatic selection of the rc local scripts
based on the local distro. Distributions now should specify the paths
of the rc-local and halt-local scripts on the configure command line.
TARGET_UBUNTU is effectively the same as TARGET_DEBIAN. Given the Ubuntu
is unlikely to use systemd anytime soon there's no point in keeping this
separate.
I'm building systemd for an embedded system and we would prefer not having
to include the entire util-linux package just to get a libblkid whose
functionality we don't need.
This is the usual setup, where pythonX.Y and pythonX.Y-config go
together. Using python-config with python3 will only lead to
confusion.
--libs is changed to --ldflags, since the latter also includes other
required flags like -L<dir>.
The tests for HAVE_PYTHON and HAVE_PYTHON_DEVEL are separated. It is
possible to have python development libraries installed without the
binary (or to want to build python modules without using python during
the build).
A line is added to the output, to show what flags will be used for
python.
Being able to be explicit about Python support (in addition to the
default of auto-detecting it) and acting upon the result, specifying
it as an option gains us more control about both dependencies and
the resulting build.
Furthermore, relying purely on auto-detection can lead to problems for
source-based distros. E. g. systemd being built before *both* 32-bit &
64-bit ABIs are installed will lead to build failures as systemd's
build system will pick up either 32-/64-bit Python, conclude both are
available and fail if that's not the case.
This minimal HTTP server can serve journal data via HTTP. Its primary
purpose is synchronization of journal data across the network. It serves
journal data in three formats:
text/plain: the text format known from /var/log/messages
application/json: the journal entries formatted as JSON
application/vnd.fdo.journal: the binary export format of the journal
The HTTP server also serves a small HTML5 app that makes use of the JSON
serialization to present the journal data to the user.
Examples:
This downloads the journal in text format:
# systemctl start systemd-journal-gatewayd.service
# wget http://localhost:19531/entries
Same for JSON:
# curl -H"Accept: application/json" http://localhost:19531/entries
Access via web browser:
$ firefox http://localhost:19531/
./.libs/libsystemd-core.a(libsystemd_core_la-selinux-access.o):
In function "selinux_access_check":
src/core/selinux-access.c:487: undefined reference to
"selinux_check_access"
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.
This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.
This requires libcryptsetup >= 1.4.2 (released 12.4.2012).
Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
The MeeGo distribution is still a supported distribution, but
will probably not see an updated version of systemd anymore.
Most of the development is focussing on Tizen now, and the
generic support for building --with-distro=other is more than
adequate enough.
This patch removes the support as a custom configuration build
target in systemd. People who are still building this for
the MeeGo distribution should build as "other" distro.
On Sat, Jun 9, 2012 at 12:46 AM, Malte Starostik <lists@malte.homeip.net> wrote:
> From: Malte Starostik <m-starostik@versanet.de>
>
> Rules get installed in $(libexecdir)/udev/, so are keymaps. Helper
> binaries go to $(rootprefix)/lib/udev though. Problem is, in the code,
> both are referenced via UDEVLIBEXECDIR which is defined to the former
> location. Result: systemd-udev can't find e.g. the keymap binary to
> apply keymaps.
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
This is an S/MIME signed message
The new function ima_setup() loads an IMA custom policy from a file in the
default location '/etc/ima/ima-policy', if present, and writes it to the
path 'ima/policy' in the security filesystem. This function is executed
at early stage in order to avoid that some file operations are not measured
by IMA and it is placed after the initialization of SELinux because IMA
needs the latter (or other security modules) to understand LSM-specific
rules. This feature is enabled by default and can be disabled by providing
the option '--disable-ima' to the configure script.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
The text mode welcome message will only show the distro name stored
in /etc/os-release and no longer read any distro-specific files. If
/etc/os-release does not exist, 'Linux' will be printed.
When the source tree is is ./configure'd, only /etc-os-release is read
to guess the distro to build for. If /etc/os-release does not exist,
--with-distro= needs to be specified.
The way the various properties[] arrays are initialized is inefficient:
- only the .data members change at runtime, yet the whole arrays of
properties with all the fields are constructed on the stack one by
one by the code.
- there's duplication, eg. the properties of "org.freedesktop.systemd1.Unit"
are repeated in several unit types.
Fix it by moving the information about properties into static const
sections. Instead of storing the .data directly in the property, store
a constant offset from a run-time base.
The small arrays of struct BusBoundProperties bind together the constant
information with the right runtime information (the base pointer).
On my system the code shrinks by 60 KB, data increases by 10 KB.
This patch adds support for the Mageia Linux distribution:
http://www.mageia.org/
Mageia is a fork of Mandriva although some divergence has already occured
and thus inclusion of these changes upstream allow us to (hopefully)
migrate more rapidly to the new standard approaches systemd offers.
Indeed, we already use the preferred mechanism of OS identification via
the /etc/os-release file rather than a distro specific variation.
This patch mostly mirrors the patch added previously for Mandriva
support. In addition to those original authors, this patch was mostly
written by Dexter Morgan with help from Colin Guthrie and Eugeni Dodonov.
<mbiebl> kay, mezcalero: https://bugzilla.gnome.org/show_bug.cgi?id=627789
<mezcalero> so we can drop that entirely?
<mezcalero> kay: if you drop those two lines, does it improve things for you?
<mbiebl> kay: but ./configure should work now
<mbiebl> resp. autogen.sh
<kay> mezcalero, mbiebl: autogen.sh seems a lot better without the two lines
<kay> mezcalero: works without the 'touch' thing
<mezcalero> kay: ok, commit please
As in the bug[1] it would be nice to configure plymouth support
independently of the distro. This patch adds a "--enable-plymouth" and
"--disable-plymouth" option to the configure script to overwrite the
distro specific default.
[1] https://bugs.freedesktop.org/show_bug.cgi?id=38460
This commit consists of the initial work to include Angstrom as a ported
distribution for systemd.
Angstrom tries to follow the debian way as much as possible, but deviates
where it doesn't make sense for 'embedded'.
This commit consists of the initial work to include MeeGo as a ported
distribution for systemd.
The majority of the changes are small configuration additions to auto
tools, so that MeeGo is identified as a valid distribution option.
Some small deviations will be noticed between the configuration of MeeGo
and other distributions. As MeeGo is a distribution striving for
compliancy to support its near embedded attributes and target users,
there is less user configuration options available by default. Most
services will be enabled by systemd as part of the distribution
requirements, and as such most links and service files will be pre-setup
for the MeeGo distribution. As much of this is going to be done within
the MeeGo distribution packaging this is still noteworthy to mention, as
it explains why in systemd you will observe configuration differences
where the MeeGo distribution removes all links in the pkgsysconfdir for
instance. MeeGo will be user configurable if there is desire, but most
services will be enabled by the distribution as designated by the MeeGo
compliancy standards.
Other changes are in source to add such areas as meego-release defined
in utils, and hostname in hostname-setup, defining vconsole-setup,
localizations and rescue additions as needed.
As this is all ground work, MeeGo will continue to strive for complete
compatibility.
This merges several separate patches that I carry as part of
Mandriva systemd RPM. They touch those parts that are very
unlikely to be changed in near future and do not impose any
functionality change for systemd core. I also think it is
useful for troubleshooting to have real distribution name in
system logs, espicially when someone reports problem upstream.
The patch looks bigger than sum of replaced patches because
- previous patches were applied on top of distro=fedora, now
I need to add all those bits for distro=mandriva as well
- part of patch was done as spec file magic, but it seems more
logical to ship all these bits together
There's already a condition that gives a warning if user is
cross-compiling an relying on files from the build system. AC_CHECK_FILE
macro only tests for file in the build system. Hence use a simple
'test -f' that does the same job, without the warning.
When cross-compiling systemd, the introspection XML files fail to be
generated because the systemd host binary is not executable. This patch
works around this by putting the introspection XML data into separate
ELF sections and extracting them from the binary when generating the XML
files.
The extracted XML data is passed through the strings utility in order to
strip the trailing NUL character. A small AWK script is used to prepend
the doctype and add the opening and closing node tags respectively.
Finally, the C preprocessor is used to substitute the correct doctype
information from the D-Bus header files.
Previously Ubuntu was treated as being equivalent to Debian, but the two
distributions require different behaviour in certain places. This commit does
not change the behaviour of systemd on either distro but it creates a
framework for changes to be introduced by later commits.
The following previously meant "Target is Debian or Ubuntu".
* configure option "--with-distro=debian"
* C preprocessor symbol "TARGET_DEBIAN"
* Automake conditional "TARGET_DEBIAN"
After this commit, all of the above are redefined to mean "Target is Debian"
The following are introduced to mean "Target is Ubuntu".
* configure option "--with-distro=ubuntu"
* C preprocessor symbol "TARGET_UBUNTU"
* Automake conditional "TARGET_UBUNTU"
Most code written for Debian will also be applicable to Ubuntu. An extra
Automake conditional "TARGET_DEBIAN_OR_UBUNTU" is introduced to avoid
duplication of code that would otherwise occur.
This commit updates configure.ac, Makefile.am and distro-specific source files
in line with the above definitions.
Reduce number of exported symbols with -fvisibility=hidden by default,
this is safe as we're not generating and loadable library and our
binaries should have no exported symbol other than main(). This alone
reduces around 4kb per binary.
It will also request GCC to emit every function and data variable in
its own section, then request the linker to remove unused
sections. This reduces the size of utility tools
(/lib/systemd/systemd-*) by half or even more (in my system some
binaries went from 84kb to 32kb).
This patch adds a cpp definition HAVE_SYSV_COMPAT that is used to
isolate code dealing with /etc/init.d and /etc/rcN.d for systems where
it does not make sense (one that does not use sysv or one that is fully
systemd native).
The patch tries to be as little intrusive as possible, however in
order to minimize the number of #ifdef'ed regions I've reordered some
code in path-lookup.c:lookup_paths_init() where all code dealing with
sysv is now isolated under running_as == MANAGER_SYSTEM as well.
Moreover, In struct Service, some fields were rearranged to reduce
the number of ifdefs.
Lennart's suggestions were fixed and squashed with the original patch,
that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier. I think this is caused by the
>>> modprobe calls to create /dev/autofs. Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label. Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e
It seems to work on my machine.
/proc/1/fd/20 system_u:system_r:system_dbusd_t:s0
/proc/1/fd/21 system_u:system_r:avahi_t:s0
And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.
If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
