1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 09:56:51 +03:00
Commit Graph

17435 Commits

Author SHA1 Message Date
WaLyong Cho
66b6d9d5b5 label: rearrange mandatory access control(MAC) apis
move label apis to selinux-util.ch or smack-util.ch appropriately.
2014-10-23 17:10:05 +02:00
Zbigniew Jędrzejewski-Szmek
99a1ab10b0 man: add example how to generate certificates with openssl 2014-10-23 00:43:49 -04:00
Zbigniew Jędrzejewski-Szmek
36d4739a68 journal-upload: return proper exit code
Even when termninated normally, systemd-journal-upload would return
something positive which would be interpreted as failure.
2014-10-23 00:31:56 -04:00
Zbigniew Jędrzejewski-Szmek
cb41ff2922 shared/log: add log_trace as compile-time optional debugging
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
2014-10-23 00:27:57 -04:00
Zbigniew Jędrzejewski-Szmek
8847551bcb journal-upload: fix --trust=all option 2014-10-23 00:27:55 -04:00
Zbigniew Jędrzejewski-Szmek
30776485c5 journal-upload: avoid calling printf with maximum precision
Precision of INT_MAX does not work as I expected it to.

https://bugzilla.redhat.com/show_bug.cgi?id=1154334
2014-10-23 00:27:25 -04:00
Zbigniew Jędrzejewski-Szmek
d71839afd8 journal-upload: verify state file can be saved before uploading
Do our best verify that we can actually write the state file
before upload commences to avoid duplicate messages on the server.
2014-10-23 00:27:23 -04:00
Zbigniew Jędrzejewski-Szmek
cb6518345f socket-util: use IP address when hostname is not found
socknameinfo_pretty() would fail for addresses without reverse DNS,
but we do not want that to happen.
2014-10-23 00:26:35 -04:00
Zbigniew Jędrzejewski-Szmek
a7736b14de journal-remote: add --split-mode to help 2014-10-23 00:26:33 -04:00
Zbigniew Jędrzejewski-Szmek
9ce998b937 journal-remote: better error message on failure
Return a proper code instead of simply NULL for failure.
2014-10-23 00:18:47 -04:00
Zbigniew Jędrzejewski-Szmek
50a0b07175 journal-upload: do not require port to be set 2014-10-23 00:18:42 -04:00
Zbigniew Jędrzejewski-Szmek
1af719edc5 systemd-upload: print paths in help() 2014-10-23 00:18:15 -04:00
Zbigniew Jędrzejewski-Szmek
43300d9d38 journal-remote: give names to event sources
This possibility was recently added, and it makes debugging much nicer.
2014-10-23 00:18:13 -04:00
Zbigniew Jędrzejewski-Szmek
42b6bf75e4 journal-upload: fix socket activation 2014-10-23 00:18:10 -04:00
Zbigniew Jędrzejewski-Szmek
a9becdd65b sd-daemon,man: ignore missing $WATCHDOG_PID
Systemd 209 started setting $WATCHDOG_PID, and sd-daemon watch was
modified to check for this variable. This means that
sd_watchdog_enabled() stopped working with previous versions of
systemd. But sd-event is a public library and API and we must keep it
working even when a program compiled with a newer version of the
libary is used on a system running an older version of the manager.

getenv() and unsetenv() are fairly expensive calls, so optimize
sd_watchdog_enabled() by not calling them when unnecessary.

man: centralize the description of $WATCHDOG_PID and $WATCHDOG_USEC in
the sd_watchdog_enabled manpage. It is better not to repeat the same
stuff in two places.
2014-10-23 00:17:18 -04:00
Zbigniew Jędrzejewski-Szmek
203af57fcd man: make udev.event-timeout more visible
Evidently some people had trouble finding it in the documentation.
2014-10-23 00:12:50 -04:00
Lennart Poettering
b825ab1a99 units: run firstboot before sysusers, so that firstboot can initialize the root password 2014-10-23 01:24:59 +02:00
Lennart Poettering
758c4d7a39 update TODO 2014-10-23 01:09:38 +02:00
Lennart Poettering
821cc13dda update TODO 2014-10-23 00:52:21 +02:00
Lennart Poettering
74055aa762 journalctl: add new --flush command and make use of it in systemd-journal-flush.service
This new command will ask the journal daemon to flush all log data
stored in /run to /var, and wait for it to complete. This is useful, so
that in case of Storage=persistent we can order systemd-tmpfiles-setup
afterwards, to ensure any possibly newly created directory in /var/log
gets proper access mode and owners.
2014-10-23 00:39:42 +02:00
Lennart Poettering
0e2f14014c cryptsetup: fix an OOM check 2014-10-23 00:39:42 +02:00
Lennart Poettering
affcf18915 machine: validate machine names using machine_name_is_valid() instead of string_is_safe()
After all, we know have this as generic validator, so let's be correct
and use it wherver applicable.
2014-10-22 23:22:47 +02:00
Daniel Mack
505e77caa5 sd-bus: fix transition left-overs in sd_bus_get_owner_creds()
sd_bus_get_owner_creds() was only halfly ported over to
_cleanup_bus_creds_unref_.
2014-10-22 22:06:53 +02:00
WaLyong Cho
3bfd4e0c63 journal: do server_vacuum for sigusr1
runtime journal is migrated to system journal when only
"/run/systemd/journal/flushed" exist. It's ok but according to this
the system journal directory size(max use) can be over the config. If
journal is not rotated during some time the journal directory can be
remained as over the config(or default) size. To avoid, do
server_vacuum just after the system journal migration from runtime.
2014-10-22 20:43:40 +02:00
Lennart Poettering
07a60cc13c firstboot: don't prohibit re-generating the machine id on the current root fs
If it really is missing it should be safe to create it.

Also see:

http://lists.freedesktop.org/archives/systemd-devel/2014-August/022726.html
2014-10-22 20:30:15 +02:00
Lennart Poettering
8483d73ff1 update TODO 2014-10-22 20:30:06 +02:00
Lennart Poettering
97e1cc8b59 journalctl: don't introduce numeric constants with special names, give them names 2014-10-22 20:30:06 +02:00
Daniel Mack
8f44e3ea3e sd-bus: implement sd_bus_get_owner_creds() for kdbus
kdbus learned a new ioctl to tell userspace about a bus creator's
credentials, which is what we need to implement sd_bus_get_owner_creds() for
kdbus.

Move the function from sd-bus.c to bus-control.c to be able to reuse
the bus_populate_creds_from_items() helper.
2014-10-22 19:45:07 +02:00
Daniel Mack
056f95d0a7 sd-bus: rename sd_bus_get_owner_uid(), sd_bus_get_owner_machine_id() and sd_bus_get_peer_creds()
Clean up the function namespace by renaming the following:

  sd_bus_get_owner_uid()        → sd_bus_get_name_creds_uid()
  sd_bus_get_owner_machine_id() → sd_bus_get_name_machine_id()
  sd_bus_get_peer_creds()       → sd_bus_get_owner_creds()
2014-10-22 19:45:07 +02:00
Daniel Mack
370d7a9c0f sd-bus: factor out creds item iterator
We will re-use the code to walk items in order to populate a creds object,
so let's factor it out first.
2014-10-22 19:45:07 +02:00
Daniel Mack
a1783d61a8 sd-bus: sync kdbus.h
kdbus learned a new command to query a bus creator's credentials. Sync
kdbus.h first, which also renames some struct to more generic terms.
That is, however, not an ABI break this time.
2014-10-22 19:45:07 +02:00
Juho Son
f2a474aea8 journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
systemd-journald check the cgroup id to support rate limit option for
every messages. so journald should be available to access cgroup node in
each process send messages to journald.
In system using SMACK, cgroup node in proc is assigned execute label
as each process's execute label.
so if journald don't want to denied for every process, journald
should have all of access rule for all process's label.
It's too heavy. so we could give special smack label for journald te get
all accesses's permission.
'^' label.
When assign '^' execute smack label to systemd-journald,
systemd-journald need to add  CAP_MAC_OVERRIDE capability to get that smack privilege.

so I want to notice this information and set default capability to
journald whether system use SMACK or not.
because that capability affect to only smack enabled kernel
2014-10-22 19:12:06 +02:00
Hans de Goede
fc1ae82cae hwdb: Add mapping for special keys on compaq ku 0133 keyboards
The compaq ku 0133 keyboard has 8 special keys at the top:
http://lackof.org/taggart/hacking/keyboard/cpqwireless.jpg

3 of these use standard HID usage codes from the consumer page, the 5
others use part of the reserved 0x07 - 0x1f range.

This commit adds mapping for this keyboard for these reserved codes, making
the other 5 keys work.

Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2014-10-22 17:11:04 +02:00
Lennart Poettering
f62531c572 update TODO 2014-10-22 16:54:06 +02:00
Lennart Poettering
a5f0359600 resolved: simplify detection of packets from the loopback device
We can simplify our code quite a bit if we explicitly check for the
ifindex being 1 on Linux as a loopback check. Apparently, this is
hardcoded on Linux on the kernel, and effectively exported to userspace
via rtnl and such, hence we should be able to rely on it.
2014-10-22 16:52:38 +02:00
Torstein Husebø
91c40d8612 networkd: Fix a couple of typos 2014-10-22 16:38:35 +02:00
Daniel Mack
b680a194bf sd-bus: assert clock_gettime()'s return value
Don't handle clock_gettime() errors gracefully but use assert_se().
2014-10-22 13:39:51 +02:00
Lennart Poettering
b857e042d6 update TODO 2014-10-22 12:40:49 +02:00
Lennart Poettering
fdbbad981c README: simplify documented dependency on util-linux
we stritcly require features from util-linux v2.25, such a new version
is not optional, hence document this.
2014-10-22 12:37:08 +02:00
Karel Zak
48d3e8d07f fsck: re-enable fsck -l
The -l (lock) has been temporary disabled due to conflict with
udev (https://bugs.freedesktop.org/show_bug.cgi?id=79576)

The problem is fixed since util-linux v2.25 (Jul 2014).
2014-10-22 11:45:36 +02:00
Lennart Poettering
39bb33c192 Update TODO 2014-10-22 11:45:12 +02:00
Lennart Poettering
61f33134fc CODING_STYLE: clarify that single-line if blocks should not be enclosed in {} 2014-10-22 11:45:12 +02:00
Daniel Mack
03785ad0e5 sd-bus: sync kdbus.h (API change: switch to absolute timeouts)
kdbus_msg.timeout_ns now takes an absolute value, based on CLOCK_MONOTONIC,
in order to eventually support automatically restarted syscalls.

Signed-off-by: Daniel Mack <daniel@zonque.org>
2014-10-21 22:14:03 +02:00
Daniel Mack
bc75205c77 sd-bus: sync kdbus.h (ABI break)
In kdbus.h, the following details changed:

 * All commands gained a 'kernel_flags' field to report the flags supported
   by the driver. Before, this was done in the 'flags' field in a
   bidirectional way, which turned out to be a problem for the code in
   sd-bus, as many parts of it reuse the same ioctl struct more than once
   and consider them to be owned by userspace.

 * Name listings are now returned by a new struct instead of reusing struct
   kdbus_cmd_name for that matter. This way, we don't add more unneeded
   fields to it and make the API cleaner.

 * 'conn_flags' was renamed to 'flags' in struct kdbus_cmd_hello to make
   the API a bit more unified.
2014-10-21 19:19:44 +02:00
Michal Schmidt
14f27b4e3b strv: use realloc_multiply() to check for multiplication overflow
This could overflow on 32bit, where size_t is the same as unsigned.
2014-10-21 14:36:03 +02:00
Lennart Poettering
97569e154b strv: add an additional overflow check when enlarging strv()s
https://bugs.freedesktop.org/show_bug.cgi?id=76745
2014-10-21 14:01:28 +02:00
Ronny Chevalier
bb604b2f42 man: add examples for coredumpctl
Add examples to clarify how to use coredumpctl

See https://bugs.freedesktop.org/show_bug.cgi?id=83437
2014-10-21 01:16:17 +02:00
Ronny Chevalier
c45827d6e7 man: fix project reference for archlinux 2014-10-21 01:11:50 +02:00
Ronny Chevalier
d4873485cf man: add missing commas 2014-10-21 01:11:46 +02:00
Lennart Poettering
0b3b83e59b man: move one more nspawn example into a proper <example> section 2014-10-21 01:11:14 +02:00