1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-15 07:24:00 +03:00
Commit Graph

9193 Commits

Author SHA1 Message Date
Lennart Poettering
6569cae18e unit-printf: add specifiers for the host name, machine id, boot id 2012-09-18 11:53:47 +02:00
Lennart Poettering
3ef63c3174 unit-printf: before resolving exec context specifiers check whether the object actually has an exec context 2012-09-18 11:40:01 +02:00
Lennart Poettering
41f9172f42 unit: split unit_printf() and friends into its own .c file 2012-09-18 11:27:56 +02:00
Lennart Poettering
9900625116 unit: fix %f resolving 2012-09-18 11:18:37 +02:00
Lennart Poettering
c198300fc4 journalctl: don't choke on entries with no MESSAGE= field
https://bugs.freedesktop.org/show_bug.cgi?id=50177
2012-09-18 11:12:31 +02:00
Thomas Hindoe Paaboel Andersen
57ccf90735 docs: typos in loginctl.xml 2012-09-18 11:05:08 +02:00
Lennart Poettering
1850161f29 target: imply default ordering for PartsOf deps as well 2012-09-18 11:01:34 +02:00
Lennart Poettering
b7848021c3 execute: apply PAM logic only to main process if PermissionsStartOnly is set
https://bugs.freedesktop.org/show_bug.cgi?id=54176
2012-09-18 10:54:23 +02:00
Lennart Poettering
5f29d24dec selinux: rework method tail, make it into a nulstr array 2012-09-18 02:19:54 +02:00
Lennart Poettering
c309067483 selinux: use existing library calls for audit data 2012-09-18 01:55:49 +02:00
Lennart Poettering
aba15a0391 selinux: prefer source path over fragment path 2012-09-18 01:55:24 +02:00
Lennart Poettering
901c3d0d85 util: introduce get_process_gid() 2012-09-18 01:53:15 +02:00
Daniel J Walsh
e2417e4143 selinux: add bus service access control
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.

The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.

Similarly we want to allow a root admin webadm_t that can only manage the
apache environment.  systemctl enable httpd.service, systemctl disable
iptables.service bad.

To make this code cleaner, we really need to refactor the dbus-manager.c code.
 This has just become a huge if-then-else blob, which makes doing the correct
check difficult.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
2012-09-18 01:21:17 +02:00
Lennart Poettering
e9ace802cf Update TODO 2012-09-18 01:17:03 +02:00
Lennart Poettering
b14eda963c logind: split up inhibit acquire policy 2012-09-18 01:16:23 +02:00
Lennart Poettering
178cc7700c journald: log when we fail to forward messages to syslog
https://bugzilla.redhat.com/show_bug.cgi?id=847207
2012-09-17 23:59:26 +02:00
Lennart Poettering
cd15c4182b log: avoid function loop
https://bugs.freedesktop.org/show_bug.cgi?id=54766
2012-09-17 22:16:01 +02:00
Lennart Poettering
faa368e337 conf-parser: don't unescape parsed configuration strings by default
In many cases this might have a negative effect since we drop escaping
from strings where we better shouldn't have dropped it.

If unescaping makes sense for some settings we can readd it later again,
on a per-case basis.

https://bugs.freedesktop.org/show_bug.cgi?id=54522
2012-09-17 21:58:03 +02:00
Lennart Poettering
d4d882e5ce logind: make VT reservation logic compatible with containers 2012-09-17 19:11:48 +02:00
Lennart Poettering
c999977392 main: newer kernels return EINVAL if we invoke reboot() in a container lacking perms, deal with it 2012-09-17 19:05:33 +02:00
Lennart Poettering
669bec5d17 util: various cleanups for printing boot status 2012-09-17 19:05:32 +02:00
Lennart Poettering
84b98e6f5e git: update .gitignore 2012-09-17 17:48:19 +02:00
Lennart Poettering
19876c9b3d utmp: read the right timestamp 2012-09-17 17:48:19 +02:00
Lennart Poettering
a866073d35 main: when transitioning from initrd to the main system log to kmsg
When the new PID is invoked the journal socket from the initrd might
still be around. Due to the default log target being journal we'd log to
that initially when the new main systemd initializes even if the kernel
command line included a directive to redirect systemd's logging
elsewhere.

With this fix we initially always log to kmsg now, if we are PID1, and
only after parsing the kernel cmdline try to open the journal if that's
desired.

(The effective benefit of this is that SELinux performance data is now
logged again to kmsg like it used to be.)
2012-09-17 17:47:47 +02:00
Kay Sievers
72edcff5db hwclock: always set the kernel's timezone
Properly tell the kernel at bootup, and any later time zone changes,
the actual system time zone.

Things like the kernel's FAT filesystem driver needs the actual time
zone to calculate the proper local time to use for the on-disk time
stamps.

https://bugzilla.redhat.com/show_bug.cgi?id=802198
2012-09-17 16:56:26 +02:00
Lennart Poettering
4096d6f587 main: bump up RLIMIT_NOFILE for systemd itself
For setups with many listening sockets the default kernel resource limit
of 1024 fds is not enough. Bump this up to 64K to avoid any limitations
in this regard. We are careful to pass on the kernel default to daemons
however, since normally resource limits are a good to enforce,
especially since select() can't handle fds > 1023.
2012-09-17 16:35:59 +02:00
Lennart Poettering
b58b344afd journald: properly update perms on freshly rotate user journals 2012-09-17 15:53:42 +02:00
Lennart Poettering
bfba3256a0 service: don't hit an assert if a service unit changes type and we get a spurious event from before 2012-09-17 14:56:44 +02:00
Lennart Poettering
de34a42bca update TODO 2012-09-17 14:56:44 +02:00
Kay Sievers
0bb91b5010 udev: add btrfs support
All "btrfs" file systems will be registered with the kernel when they
show up.

Incomplete multi-device volumes will set SYSTEMD_READY=0, to prevent
access until the volume is complete and fully registered.
2012-09-17 13:54:03 +02:00
Zbigniew Jędrzejewski-Szmek
f6c2e28b07 directive-index: journal directives 2012-09-17 12:42:22 +02:00
Zbigniew Jędrzejewski-Szmek
ffafe91b5a directive-index: system manager directives 2012-09-17 12:42:22 +02:00
Zbigniew Jędrzejewski-Szmek
e1abd3efab directive-index: add UDEV fields 2012-09-17 12:42:22 +02:00
Zbigniew Jędrzejewski-Szmek
d9cfd69403 man: generate an index of directives
Systemd has a large (and growing) number of manpages. Sometimes it's
not immediately obvious, where to look for a directive. Especially,
when something is described in more than one place. Making sense of
all the settings should be easier with an index.
2012-09-17 12:42:22 +02:00
Lennart Poettering
98a77df5fe logind: make sure there's always a getty available on TTY6
Previously, if X allocated all 6 TTYs (for multi-session for example) no
getty would be available anymore to guarantee console-based logins.

With the new ReserveVT= switch in logind.conf we can now choose one VT
(6 by default) that will always be subject to autovt-style activation,
i.e. we'll always have a getty on TTY6, and X will never take possession
of it.
2012-09-17 12:39:16 +02:00
Zbigniew Jędrzejewski-Szmek
4db17f291c build-sys: __secure_getenv lost dunder in libc 2.17 2012-09-17 00:21:25 +02:00
Dave Reisner
54693d9bfa tmpfiles: use write(2) for the 'w' action
This resolves problems with filesystems which do not implement the
aio_write file operation. In this case, the kernel will fall back using
a loop writing technique for each pointer in a received iovec. The
result is strange errors in dmesg such as:

[   31.855871] elevator: type  not found
[   31.856262] elevator: switch to
[   31.856262]  failed

It does not make sense to implement a synchronous aio_write method for
sysfs as this isn't a real filesystem where a reasonable use case for
using writev exists, nor is there an expectation that tmpfiles will be
used to write more data than can be reasonably written in a single write
syscall.

In addition, some sysfs attrs are currently buggy and will NOT reject
the second write with the newline, causing the sysfs value to be zeroed
out. This of course should be fixed in the kernel regardless of any
wrongdoing in userspace, but this simple change makes us immune to such
a bug.

This change means that we do not write a trailing newline by default, as
the expected use case of 'w' is for sysfs and procfs. In exchange, honor
C-style backslash escapes so that if the newline is really needed, the
user can add it.
2012-09-16 17:18:04 +02:00
Dave Reisner
c65a0b1466 socket: prevent signed integer overflow
src/core/socket.c:588:25: error: overflow in implicit constant conversion
src/core/socket.c:589:17: error: overflow in implicit constant conversion
2012-09-16 16:55:46 +02:00
Zbigniew Jędrzejewski-Szmek
89154bd4ac nspawn: fix memleak introduced with automatic cleanup
6b2d0e8 introduced a memleak instead of fixing one.
Fix both.
2012-09-16 16:33:20 +02:00
Zbigniew Jędrzejewski-Szmek
25ea79fe07 nspawn: use automatic cleanup for umask 2012-09-16 16:20:09 +02:00
Zbigniew Jędrzejewski-Szmek
ed8b7a3ee5 nspawn: _cleanup_free_ more 2012-09-16 16:20:09 +02:00
Zbigniew Jędrzejewski-Szmek
6b2d0e85dc nspawn: use automatic cleanup
This one actually clears up a (totally harmless) memleak.
2012-09-16 16:20:09 +02:00
Zbigniew Jędrzejewski-Szmek
ede89845a4 nspawn: mount tmpfs on /dev/shm
Most things seem to function fine without /dev/shm, but it is expected
to be there (quoting linux/Documentation/filesystems/tmpfs.txt:
glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for POSIX
shared memory (shm_open, shm_unlink)).

Since /tmp/ is already mounted as tmpfs, it would be enough to mkdir
/tmp/shm and chmod it. Mounting it separately has the advantage that
it can be easily remounted to change the quota.
2012-09-16 16:20:09 +02:00
Zbigniew Jędrzejewski-Szmek
d8831ed554 install: use automatic cleanup 2012-09-16 16:20:06 +02:00
Zbigniew Jędrzejewski-Szmek
d5891fdacf install: treat non-existent directory as empty
When looking for symlinks, it doesn't make sense to error-out if
the directory is missing. The user might delete an empty directory.

This check caused test-unit-file to fail when run before installation.
2012-09-16 14:00:25 +02:00
Zbigniew Jędrzejewski-Szmek
4a271908f1 logind: redefine idleness to start at last activity
Before, after the timeout, a session would be timestamped as idle
since 'last activity' + 'idle timeout'. Now, it is timestamped as idle
since 'last activity'.

Before, after all sessions were idle, the seat would be marked with as
idle with the timestamp of the oldest idle session. Now it is
marked with the timestamp of the youngest idle session.

Both changes seem to me to be closer to natural understanding of
idleness: the time since last activity counts.
2012-09-16 11:34:53 +02:00
Lennart Poettering
49cb1ecf2d update TODO 2012-09-15 07:38:38 +02:00
Lennart Poettering
4ce849853c TODO: isolate items to fix before F18 2012-09-15 06:57:15 +02:00
Lennart Poettering
dcf76484ec update TODO 2012-09-14 20:50:24 +02:00
Lennart Poettering
050a99bd7b man: update localtime(5) a bit 2012-09-14 20:45:37 +02:00