IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
georgem> libsystemd-id128.so: undefined reference to `sd_listen_fds'
In some toolchains (--as-needed not used or not working), the
toolchain doesn't drop this dependency. It is introduced because
sd-id128.so is linked against sd-shared.la, and some functions therein
use libsystemd-daemon, but libsd-id128 doesn't use any of those
functions.
This results in no change in libsystemd-id128.so when the unused
symbols are properly stripped.
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
Since journal-gatewayd is now running unprivileged, and detecting
virtalization requires privileges, query PID1 via D-Bus for the used
virtualization.
This is also the first time we use libsystemd-bus for more than just
testing.
https://bugs.freedesktop.org/show_bug.cgi?id=62173
This makes it easier to add substitutions to man pages,
avoiding the separate transformation step.
mkdir -p's are removed from the rule, because xsltproc will
will create directories on it's own.
All in all, two or three forks per man page are avoided,
which should make things marginally faster.
Unfortunately python parsers must too be tweaked to handle
entities. This isn't particularly easy: with lxml a custom
Resolver can be used, but the stdlib etree doesn't support
external entities *at all*. So when running without lxml,
the entities are just removed. Right now it doesn't matter,
since the entities are not indexed anyway. But I intend to
add indexing of filenames in the near future, and then the
index generated without lxml might be missing a few lines.
Oh well.
In order to write tests for the catalog functions, they
are made non-static and start taking a 'database' parameter,
which is the name of a file with the preprocessed catalog
entries.
This makes it possible to make test-catalog part of the
normal test suite, since it now only operates on files
in /tmp.
Some more tests are added.
Readahead has all sorts of bad side effects depending on your
storage media. On rotating disks, it may be degrading startup
performance if enough requests are queued spanning linearly
over all blocks early at boot, and mount, blkid and friends
want to insert reads to the start of these block devices after.
The end result is that on spinning disks with ext3/4 that udev
and mounts take a very long time, and nothing really happens until
readahead is completely finished.
This has the net effect that the CPU is almost entirely idle
for the entire period that readahead is working. We could have
finished starting up quite a lot of services in this time if
we were smarter at how we do readahead.
This patch sorts all requests into 2 second "chunks" and sub-sorts
each chunk by block. This adds a single cross-drive seek per "chunk"
but has the benefit that we will have a lot of the blocks we need
early on in the boot sequence loaded into memory faster.
For a comparison of how before/after bootcharts look (ext4 on a
mobile 5400rpm 250GB drive) please look at:
http://foo-projects.org/~sofar/blocked-tests/
There are bootcharts in the "before" and "after" folders where you
should be able to see that many low-level services finish 5-7
seconds earlier with the patch applied (after).
With the conversion from pci-db + usb-db to hwdb, the property
got accitentially renamed.
Move the name back to the long established identifier *MODEL*
instead of *PRODUCT*.
$ git grep -l ID_MODEL_FROM_DATABASE
hwdb/20-pci-vendor-model.hwdb
hwdb/20-usb-vendor-model.hwdb
hwdb/ids-update.pl
man/systemd.device.xml
rules/78-sound-card.rules
src/core/device.c
src/cryptsetup/cryptsetup.c
Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently
wrapped.
First, rename root-fs.target to initrd-root-fs.target to clarify its usage.
Mount units with "x-initrd-rootfs.mount" are now ordered before
initrd-root-fs.target. As we sometimes construct /sysroot mounts in
/etc/fstab in the initrd, we want these to be mounted before the
initrd-root-fs.target is active.
initrd.target can be the default target in the initrd.
(normal startup)
:
:
v
basic.target
|
______________________/|
/ |
| sysroot.mount
| |
| v
| initrd-root-fs.target
| |
| v
| initrd-parse-etc.service
(custom initrd services) |
| v
| (sysroot-usr.mount and
| various mounts marked
| with fstab option
| x-initrd.mount)
| |
| v
| initrd-fs.target
| |
\______________________ |
\|
v
initrd.target
|
v
initrd-cleanup.service
isolates to
initrd-switch-root.target
|
v
______________________/|
/ |
| initrd-udevadm-cleanup-db.service
| |
(custom initrd services) |
| |
\______________________ |
\|
v
initrd-switch-root.target
|
v
initrd-switch-root.service
|
v
switch-root
https://bugs.freedesktop.org/show_bug.cgi?id=62085
/usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/../../../../lib64/libsystemd-login.so:
undefined reference to `sd_listen_fds'
In ee465038ce 'build-sys: break dependency loop between
libsystemd-id128.la and -shared.la', a partial fix was applied, and
the use of functions from libsystemd-id128 was removed from
libsystemd-shared. Nevertheless, fdset.c was still using sd_listen_fds,
so libsystemd-login should be linked against libysystemd-daemon
or libsystemd-daemon-internal.
Tested-by: Elias Probst <mail@eliasprobst.eu>
Instead of using local-fs*.target in the initrd, use root-fs.target for
sysroot.mount and initrd-fs.target for /sysroot/usr and friends.
Using local-fs.target would mean to carry over the activated
local-fs.target to the isolated initrd-switch-root.target and thus in
the real root. Having local-fs.target already active after
deserialization causes ordering problems with the real root services and
targets.
We better isolate to targets for initrd-switch-root.target, which are
only available in the initrd.
This should help readers of the man or HTML pages know if the documentation
is out of date. An alternative to use a date generated from 'git log' was
considered, but since we try to keep user visible documentation up to date,
showing the project version should be enough.
Let's update bootchar to share the coding style a bit more with the rest
of the package.
- Some tabs/spaces fixes
- add #pragma to header
- split up header so that we have a 1:1 relation between .c and .h files
like everywhere else
- Prefix user command line arguments/configuration settings with "arg_".
- other coding style fixes
SMACK is the Simple Mandatory Access Control Kernel, a minimal
approach to Access Control implemented as a kernel LSM.
The kernel exposes the smackfs filesystem API through which access
rules can be loaded. At boot time, we want to load the access rules
as early as possible to ensure all early boot steps are checked by Smack.
This patch mounts smackfs at the new location at /sys/fs/smackfs for
kernels 3.8 and above. The /smack mountpoint is not supported.
After mounting smackfs, rules are loaded from the usual location.
For more information about Smack see:
http://www.kernel.org/doc/Documentation/security/Smack.txt
Since sd_journal_reliable_fd wasn't exported before, it is as if
it was added now. Library "current" number must be bumped.
michich> Someone links with the fixed version and produces a RPM with
his program. The RPM will happily install on a system with an
old systemd version (the deps will appear fine), but the
program will fail to run.
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
Split the large bash completion script into separate, smaller files each
named after the binary it is used for and move the files to
/usr/share/bash-completion/completions. This way the completions can be
loaded on demand and we only install the completions for the tools we
actually build. The old path /etc/bash_completion.d/ is deprecated and
will disappear in the future.
This will:
* mount all configured filesystems (typically the rootfs on /sysroot)
* reload the configuration to pick up anything from the mounted fs (typically
/sysroot/etc/fstab)
* mount any newly configured filesystems (typically /usr on /sysroot/usr, if
applicable)
* shut-down and clean-up any daemons running in the initramfs (typically udevd)
* switch-root to /sysroot and start the real init
For an example of what files should be included in an initramfs based on this
see
<https://mailman.archlinux.org/pipermail/arch-projects/2013-February/003628.html>.
Cc: Harald Hoyer <harald.hoyer@gmail.com>
Cc: Dave Reisner <d@falconindy.com>
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
__REALTIME_TIMESTAMP and __MONOTONIC_TIMESTAMP return ints.
It doesn't make sense to convert to string, just to convert
back to a number later on.
Also try to follow systemd rules for indentation.
This introduces a new static list of known attributes and their special
semantics. This means that cgroup attribute values can now be
automatically translated from user to kernel notation for command line
set settings, too.
This also adds proper support for multi-line attributes.
This doesn't need to be passed, as it's handled by libtool. Since the
default for autoconf is --disable-static, this change is effectively a
noop. It only matters if you pass --enable-static, in which case the
static libs for systemd libraries will actually be built.
Nitpicky, but this only affects systemd libs. The override for the
other libs remains since these libs are always loaded dynamically and
never compiled staticly.
Written by Peeters Simon <peeters.simon@gmail.com>.
Makefile stuff and cleaned up a bit by Auke Kok <auke-jan.h.kok@intel.com>.
Some code inspired by Marc-Antoine Perennou <Marc-Antoine@Perennou.com>.
Now, actually check if the environment variable names and values used
are valid, before accepting them. With this in place are at some places
more rigid than POSIX, and less rigid at others. For example, this code
allows lower-case environment variables (which POSIX suggests not to
use), but it will not allow non-UTF8 variable values.
All in all this should be a good middle ground of what to allow and what
not to allow as environment variables.
(This also splits out all environment related calls into env-util.[ch])
After d848b9cbfa 'Move generic specifier functions to shared' libudev
depends (through) libsystemd-shared.la on libsystemd-id128.so. The
problem only appears when the linker does not support --gc-sections
and manifests itself as the inability to resolve sd_id128_get_machine
and other libsystemd-id128 functions, which aren't really used.
In other cases where multiple directories are searched for unit files,
the list of directories is described in the man page describing the
format. I think this makes sense too in case of systemd directories,
since the systemd(1) manpage already has an overview of many different
topics.
man rules were repeating the same information in too many places,
which was error prone. Those rules can be easily generated from .xml
files. For efficiency and because python is not a required dependency,
Makefile-man.am is only regenerated when requested with
make update-man-list
If no metadata in man/*.xml changed, this file should not change. So
only when a new man page or a new alias is added, this file should
show up in 'git diff'. The change should then be committed.
If the support for building from git without python was dropped, we
could drop Makefile-man.am from version control. This would also
increase the partial build time (since more stuff would be rebuild
whenever sources in man/*.xml would be modified), so it would probably
wouldn't be worth it.
adds test of:
strv_find
strv_find_prefix
strv_overlap
strv_sort
streq_ptr
first_word
Splits tests of util.c into own file to avoid clutter as we add more.
Removed a few prints and uses _cleanup_free_ to make the tests more focused.
Sometimes it is useful to look at them, and they don't take
up any significant amount of space. Keeping them also avoids
the message about files being removed at the end of make
run.
This allows one templated unit to refer to another templated unit
at installation time.
Examples:
> grep WantedBy ~/.config/systemd/user/mpop@.timer
WantedBy=services@%i.target
> srv disable mpop@iit.timer
rm '/home/alxchk/.config/systemd/user/services@iit.target.wants/mpop@iit.timer'
> srv enable mpop@iit.timer
ln -s '/home/alxchk/.config/systemd/user/mpop@.timer' '/home/alxchk/.config/systemd/user/services@iit.target.wants/mpop@iit.timer'
Based-on-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
New sections are added: PAM options, crypttab options, commandline
options, miscellaneous. The last category will be used for all
untagged <varname> elements.
Commandline options sections is meant to be a developer tool: when
adding an option it is sometimes useful to be able to check if
similarly named options exist elsewhere.
Based-on-patch-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
cppcheck reported:
[src/bootchart/svg.c:791]: (error) Mismatching allocation and deallocation: f
The idea is to make Makefile.am more declarative and avoid
repetitions. Redeclaring unit links as variables also makes
it easier to conditionally install only some of them.
In the x32 ABI, syscall numbers start at 0x40000000. Mask that bit on
x32 for lookups in the syscall_names array and syscall_filter and ensure
that syscall.h is parsed correctly.
[zj: added SYSCALL_TO_INDEX, INDEX_TO_SYSCALL macros.]
This allows us to print simple performance data of all parts of the boot now:
- firmware
- boot loader
- kernel
- initrd
- userspace
This only works for bootloaders which support passing TSC data via EFI
variables. As of now that's only gummiboot.
We no longer allow early-boot init scripts, however in late boot the
syslog socket and local mounts are established anyway, so let's simplify
our dep graph a bit.
If $syslog doesn't resolve to syslog.target anymore there's no reason to
keep syslog.target around anymore. Let's remove it.
Note that many 3rd party service unit files order themselves after
syslog.target. These will be dangling dependencies now, which should be
unproblematic, however.
New file output.h with output flags and modes.
--full parameter also for cgls and loginctl.
Include 'all' parameter in flags (show_cgroup_by_path, show_cgroup,
show_cgroup_and_extra, show_cgroup_and_extra_by_spec).
get_process_cmdline with max_length == 0 will not ellipsize output.
Replace LINE_MAX with 0 in some calls of get_process_cmdline.
[zj: Default to --full when under pager for clgs.
Drop '-f' since it wasn't documented and didn't actually work.
Reindent a bit.
]
Systemd should not introduce any new facilities. Distributions which still
need to support their non-standard/legacy facilities should add them as
patches to their packaging.
The following facilities are no longer recognized:
$x-display-manager
$mail-transfer-agent
$mail-transport-agent
$mail-transfer-agent
$smtp
$null
This target is no longer available:
mail-transfer-agent.target
This way we also get a man page. The output is not as polished.
I hope that it doesn't matter too much.
index.html is not generated now, the page is called
systemd.index.html. If necessary, an install hook should be added.
Bootchart is renamed to 'systemd-bootchart' and installed as
/usr/lib/systemd/systemd-bootchart. The configuration file
will reside in /etc/systemd/bootchart.conf.
Define KEEP_LA_FILES to keep them.
The hook is repeated because both install-exec-hook and
install-data-hook can install libraries and with parallel make
it's not possible to predict which one will run first.
http://lists.freedesktop.org/archives/systemd-devel/2013-January/008016.html
tl;dr: Libtool .la files are not very useful for linking linux
libraries.
Note that there are still some rome for cleanups. In particular,
the .la files are now installed, which we probably don't want; and
some of the macros in Makefile.am are likely redundan.
The variable assignment operator was introduced in make 3.82 and thus
breaks "make install" with older versions of make. Since "=" is optional
in make 3.82 it is safe to drop.
Python binary used in the she-bang line in installed
scripts can be set with ./configure PYTHON_BINARY=...
Defaults to the same path as python used during compilation.
Adding --version makes systemd-analyze behave consistently with the
rest of installed programs.
The lines in ./configure output are reordered to keep all yes/no lines
separate. I think that this makes the output clearer.
This also drops automatic selection of the rc local scripts
based on the local distro. Distributions now should specify the paths
of the rc-local and halt-local scripts on the configure command line.
Commit f934051c4d broke the build
because it made libsystemd-shared call sd_listen_fds() which is
defined in libsystemd-daemon.
This is a bit of a contortion because libsystemd-shared.la is a
noinst_LTLIBRARY, but libtool should do the right thing here and emit
DT_NEEDED on libsystemd-daemon.so for things that consume
libsystemd-shared.la.
The individual address block is a poor man's organizationally unique
identifier.
Perhaps we should change the udev key from ID_OUI_FROM_DATABASE to
something like ID_IEEE_VENDOR_FROM_DATABASE?
Suggested-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
This saves test output to individual .log files.
The driver is only used in /Makefile.am, not in
/docs/*udev/Makefile.am because the latter don't seem to work with
this driver. They don't produce much output anyway.
.gitignore is alphabetized, and .log files are added to it.
Generated files from /build-aux are removed from the list.
Currently, keymaps are provided only for the NP90X3A laptop. Samsung
introduced updated models, codenamed 900X3B, 900X3C, 900X4B, 900X4C,
which are currently not matched by udev rules. This patch includes the
newer modules in udev rules and move the samsung-n90x3a file defining
keys to a more generic samsung-series-9 file.
The patch was tested on a 900X4C laptop, and other people reported
that the rules also work for 900X3B and 900X3C ones.
TARGET_UBUNTU is effectively the same as TARGET_DEBIAN. Given the Ubuntu
is unlikely to use systemd anytime soon there's no point in keeping this
separate.
Distcheck would fail due to sysvinit dir being set,
but not sysvrcnd dir:
# ./configure --enable-gtk-doc --with-sysvrcd-path=/etc/rc.d
# --with-sysvinit-path=/etc/rc.d
# make distcheck
...
configure: error: *** You need both --with-sysvinit-path=PATH and
--with-sysvrcd-path=PATH to enable SysV compatibility support, or both
empty to disable it.
make: *** [distcheck] Error 1
This also allows sysvcompat support to be disabled from distcheck.
> Kay:
udev is early boot without /var. /var is entirely taboo for udev.
This partially reverts commit ee623f0d0c
(moving hwdb.bin is reverted, but the uninstall hook and cosmetic
changes remain).
The path doesn't change in the standard configuration.
Also, give full path to the journalctl binary in the hook,
since it might be installed outside of $PATH.
Also, add uninstall hook to remove the binary catalog.
More specifically this adds a number of macros that resolve to
directories for udev rules, hwdb entries, tmpfiles and sysctl.
Thsi also includes three new macros for rebuilding the hwbd/catalog
index when a package drops in new files
The hook would fail if preexisting journalctl doesn't support
--update-catalog. Also, the catalog would be updated before new
catalog files were installed. Both issues are fixed by moving to
INSTALL_DATA_HOOK instead of INSTALL_EXEC_HOOK, since the hook is now
executed after both journalctl and catalog files are installed.
I'm building systemd for an embedded system and we would prefer not having
to include the entire util-linux package just to get a libblkid whose
functionality we don't need.
The message catalog can be used to attach short help texts to log lines,
keyed by their MESSAGE_ID= fields. This is useful to help the
administrator understand the context and cause of a message, find
possible solutions and find further related documentation.
Since this is keyed off MESSAGE_ID= this will only work for native
journal messages.
The message catalog supports i18n, and is useful to augment english
language system messages with explanations in the local language.
This commit only includes short explanatory messages for a few example
message IDs, we'll add more complete documentation for the relevant
systemd messages later on.
A service that only sets the scheduling policy to round-robin
fails to be started. This is because the cpu_sched_priority is
initialized to 0 and is not adjusted when the policy is changed.
Clamp the cpu_sched_priority when the scheduler policy is set. Use
the current policy to validate the new priority.
Change the manual page to state that the given range only applies
to the real-time scheduling policies.
Add a testcase that verifies this change:
$ make test-sched-prio; ./test-sched-prio
[test/sched_idle_bad.service:6] CPU scheduling priority is out of range, ignoring: 1
[test/sched_rr_bad.service:7] CPU scheduling priority is out of range, ignoring: 0
[test/sched_rr_bad.service:8] CPU scheduling priority is out of range, ignoring: 100
The point is to allow the use of journald functions by other binaries.
Before, journald code was split into multiple files (journald-*.[ch]),
but all those files all required functions from journald.c. And
journald.c has its own main(). Now, it is possible to link against
those functions, e.g. from test binaries.
This constitutes a fix for https://bugzilla.redhat.com/show_bug.cgi?id=872638.
The patch does the following:
1. rename journald.h to journald-server.h and move corresponding code
to journald-server.c.
2. add journald-server.c and other journald-*.c parts to
libsystemd-journal-internal.
3. remove journald-syslog.c from test_journal_syslog_SOURCES, since
it is now contained in libsystemd-journal-internal.
There are no code changes, apart from the removal of a few static's,
to allow function calls between files.
This was premarily intended to support the LSB facility $httpd which is
only known by Fedora, and a bad idea since it lacks any real-life
usecase.
Similar, drop support for some other old Fedora-specific facilities.
Also, document the rules for introduction of new facilities, to clarify
the situation for the future.
Network file systems generally do not offer inotify() that would work
across the network. We hence cannot rely on inotify() exclusiely in
those case. Provide an API to determine these cases, and suggest doing
manual regular rechecks.
Note that this is not complete yet, as we need to rescan journal dirs on
network file systems explicitly to find new/removed files
When traversing entry array chains for a bisection or for retrieving an
item by index we previously always started at the beginning of the
chain. Since we tend to look at the same chains repeatedly, let's cache
where we have been the last time, and maybe we can skip ahead with this
the next time.
This turns most bisections and index lookups from O(log(n)*log(n)) into
O(log(n)). More importantly however, we seek around on disk much less,
which is good to reduce buffer cache and seek times on rotational disks.
'systemd-coredumpctl' will list available coredumps:
PID UID GID sig exe
32452 500 500 11 /home/zbyszek/systemd/build/journalctl
32666 500 500 11 /usr/lib64/valgrind/memcheck-amd64-linux
...
'systemd-coredumpctl dump PID' will write the coredump
to specified file or stdout.
The new 'unique' API allows listing all unique field values that a field
specified by a field name can take in all entries of the journal. This
allows answering queries such as "What units logged to the journal?",
"What hosts have logged into the journal?", "Which boot IDs have logged
into the journal?".
Ultimately this allows implementation of tools similar to lastlog based
on journal data.
Note that listing these field values will not work for journal files
created with older journald, as the field values are not indexed in
older files.
On systemd systems seasoned admins might be surprised to see that the
init scripts and log files are gone. To ease the transition let's place
some README files there, that hopefully help clearing up the situation.
Much like logind has a client in loginctl, and journald in journalctl
introduce timedatectl, to change the system time (incl. RTC), timezones
and related settings.
Valgrind says:
==29176== Conditional jump or move depends on uninitialised value(s)
==29176== at 0x412A85: cunescape_length_with_prefix (util.c:1565)
==29176== by 0x40B351: dev_kmsg_record (journald-kmsg.c:301)
==29176== by 0x40B653: server_read_dev_kmsg (journald-kmsg.c:347)
==29176== by 0x40B701: server_flush_dev_kmsg (journald-kmsg.c:365)
==29176== by 0x409DE7: main (journald.c:1535)
No longer override the default kernel font if nothing is specified in
vconsole.conf.
The default kernel font[0] provides ISO-8859-1 and box characters. Users
of Arabic, Cyrilic or Hebrew must set a different font manually as these
character sets were provided by the old default font [1], but are not
any longer.
Rationale:
* it is counter-intuitive that an empty vconsole.conf file is different
from adding FONT="";
* the version of the default font shipped with Arch (which is the
upstream one) behaves very badly during early boot[2] (which should
admittedly be fixed in the font itself);
* the kernel already supplies a default font, it seems reasonable to
use that unless anything else is specified;
* This also avoids a needless slow call to setfont; and
* We don't want to work around problems in the kernel (in case the
compiled-in font is not acceptable for whatever reason).
[0]: <https://dev.archlinux.org/~tomegun/kernel.bdf>
[1]: <https://dev.archlinux.org/~tomegun/latarcyrheb.bdf>
[2]: <http://i.imgur.com/J2tM4.jpg>
As audit is pretty much just a special kind of logging we should treat
it similar, and manage the audit fd in a static variable.
This simplifies the audit fd sharing with the SELinux access checking
code quite a bit.
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
This minimal HTTP server can serve journal data via HTTP. Its primary
purpose is synchronization of journal data across the network. It serves
journal data in three formats:
text/plain: the text format known from /var/log/messages
application/json: the journal entries formatted as JSON
application/vnd.fdo.journal: the binary export format of the journal
The HTTP server also serves a small HTML5 app that makes use of the JSON
serialization to present the journal data to the user.
Examples:
This downloads the journal in text format:
# systemctl start systemd-journal-gatewayd.service
# wget http://localhost:19531/entries
Same for JSON:
# curl -H"Accept: application/json" http://localhost:19531/entries
Access via web browser:
$ firefox http://localhost:19531/
Instead of doing hand optimized fd bisect arrays just use plain old
hashmaps. Now I can understand my own code again. Yay!
As a side effect this should fix some bad memory accesses caused by
accesses after mmap(), introduced in 189.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.
The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.
Similarly we want to allow a root admin webadm_t that can only manage the
apache environment. systemctl enable httpd.service, systemctl disable
iptables.service bad.
To make this code cleaner, we really need to refactor the dbus-manager.c code.
This has just become a huge if-then-else blob, which makes doing the correct
check difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
All "btrfs" file systems will be registered with the kernel when they
show up.
Incomplete multi-device volumes will set SYSTEMD_READY=0, to prevent
access until the volume is complete and fully registered.
Systemd has a large (and growing) number of manpages. Sometimes it's
not immediately obvious, where to look for a directive. Especially,
when something is described in more than one place. Making sense of
all the settings should be easier with an index.
instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
Currently MIPS and ARM define syscall numbers for multiple ABI in one
<asm/unistd.h>. The #define statments for each syscall are formated as:
#define __NR_scname (BASE_OFFSET + sc_number)
Thus we need a more generic regular expression to match these in awk.
It's time to get rid of prefdm. Distributions which still want to use
this should maintain this downstream, but it's probably better to just
provide proper units for the various display managers, like Fedora is
doing this, for example:
https://fedoraproject.org/wiki/Features/DisplayManagerRework
This file is generated, so it should be referred to as
$(top_builddir)/src/gudev/gudevenumtypes.h. It could only appear in
$(top_srcdir) as a result of previous build in $(top_srcdir). Better
to just let automake add the prefix for us, so there's no need to
spell it out.
Remove the prefix from other source files too, $(top_srcdir) is the
default anyway.
$(MKDIR_P) is added where missing, and rules are standardized on one
form of $(MKDIR_P), to make it easier to spot when it is missing.
Single line $(MKDIR)&&command form is broken into two line form.
https://bugs.freedesktop.org/show_bug.cgi?id=49459
For compilation in a separate build directory to work, when a file is
generated, the rule must include an explicit mkdir first, unless the
file is created at the top level. Even when building in a separate
build-dir, automake would normally create all directories as a side
result of creating the dependencies files. Therefore the bug was only
visible with -C (turning off dependency generation).
We want to keep things uniform, and hence treat udevd's man page like
any other in the repo. What matters is how users primarily interface
with a service, and that is not the binary path in /usr/lib/systemd but
the service name.
This reverts commit 6c1f3ba54a.
Instead of making systemd-udevd a so-link to systemd-udevd.service,
ship the real page as systemd-udevd to integrate better with distros
where udevd might be run standalone.
"make dist" can build a different tarball depending on the flags passed
to ./configure and the (optional) dependencies found on the system.
Move all append-to-EXTRA_DIST operations out of automake conditionals to
fix this.
Introduce a polkitpolicy_files so that the policy files built still
correctly depend on the automake conditionals, but the .in files that
get distributed do not.
make-man-index.py doesn't care about .html files, only .xml files, so
the source list was wrong. Also, $(XML_FILES) are specified without
prefix, so compilation in sepearate build-dir was broken:
GEN man/index.html
Traceback (most recent call last):
File "../make-man-index.py", line 24, in <module>
t = parse(p)
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1183, in parse
tree.parse(source, parser)
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'man/systemd.xml'
All instances of "|| rm $@" are replaced with .DELETE_ON_ERROR, which
has a similar effect. One difference is that the return code is not
masked by rm return code.
.DELETE_ON_ERROR is GNU-Make specific, but -Wno-portability is already
defined, and it's unlikely that anyone would build systemd with a
shell not supporting .DELETE_ON_ERROR. If they did, then
.DELETE_ON_ERROR would be silently ignored, i.e. in the worst case a
garbage file wouldn't be deleted, which is not very serious.
sd-readahead.h is supposed to be a drop-in API, nothing people should
ever link to or could make use without also adding sd-readahead.c to
their sources. Hence, don't install this header file into INCLUDES, but
instead install it as DOCS.
we now can take multiple matches, and they will apply as AND if they
apply to different fields and OR if they apply to the same fields. Also,
terms of this kind can be combined with an overreaching OR.
Before: shared code such as log.c was linked once into the public
libraries (where it is entirely hidden) and once into the various tools
which might use those libraries. This is suboptimal, as this way static
variables such as the maximum log level are instantiated twice in all
tools.
After: our build the public libraries a second time, as a convenience
libary, and link our tools against those. Hence all tools use only a
single instance of everything.
The old automatism that the flushing of the journal from /run to /var
was triggered by the appearance of /var/log/journal is broken if that
directory is mounted from another host and hence always available to be
useful as mount point. To avoid probelsm with this, introduce a new unit
that is explicitly orderer after all mounte files systems and triggers
the flushing.
The MeeGo distribution is still a supported distribution, but
will probably not see an updated version of systemd anymore.
Most of the development is focussing on Tizen now, and the
generic support for building --with-distro=other is more than
adequate enough.
This patch removes the support as a custom configuration build
target in systemd. People who are still building this for
the MeeGo distribution should build as "other" distro.
To be considered by timedated for NTP a package simply has to drop in
/usr/lib/systemd/ntp-units.d/foobar.list and write one or more unit
names into it. The first one listed is the one that is enabled.
This naming convention is more inline with other systemd daemon
unit names (systemd-logind.service, systemd-localed.service etc)
The companion .socket units have also been renamed, however the
-trigger and -settle units keep their current name as these are
not directly related to daemon process itself.
The previous systemd-timedated-ntp.target was suffering by the problem
that NTP implementations enabled via the machanism could not be disabled
the obvious way on the "systemctl disable" command line. Replace
systemd-timedated-ntp.target by a list of implementations we try in
turn. The list is encoded in $pkgdatadir/ntp-units.
This replaces the symlink based dependency by an explicit one in the
unit file so that we avoid the dangling symlink when no display manager
is installed.
The rule is that units that encapsulate our own code are prefixed with
"systemd-". Since the fsck units invoke our own code, hence add the
missing prefix. Since a long long time the fsck units didn't invoke the
naked fsck binaries anymore, and it is unlikely that this well ever
change. On the opposite: the code in systemd-fsck will probably get more
complex over time to handle fsck progress to plymouth forwarding.
Same for quotacheck (but not quotaon!)
This makes sure that
systemctl status /home
is implicitly translated to:
systemctl status /home.mount
Similar, /dev/foobar becomes dev-foobar.device.
Also, all characters that cannot be part of a unit name are implicitly
escaped.
Since the binary name is now hidden away in /usr/lib/ the primary user
handle for the udev service is the unit name, hence change the man page
to be available under the unit name, and make the binary name an alias
for it.
since the binaries share much of the same code and we better load only
one binary instead of two from disk at early boot let's merge the three
readahead binaries into one. This also allows us to drop a lot of
duplicated code.
Let's try to standardize a bit the RPM macros used for
installing/uninstalling services.
This only covers the non-SysV compat bits, since that tends to vary
widely between the various distros.
Usage:
Add %{?systemd_requires} to the header of the spec file. And then:
%post
%systemd_post foobar.service
%preun
%systemd_preun foobar.service
%postun
%systemd_postun foobar.service
And, instead of the latter, in case the service shall be restarted on updates:
%postun
%systemd_postun_restart foobar.service
On Sat, Jun 9, 2012 at 12:46 AM, Malte Starostik <lists@malte.homeip.net> wrote:
> From: Malte Starostik <m-starostik@versanet.de>
>
> Rules get installed in $(libexecdir)/udev/, so are keymaps. Helper
> binaries go to $(rootprefix)/lib/udev though. Problem is, in the code,
> both are referenced via UDEVLIBEXECDIR which is defined to the former
> location. Result: systemd-udev can't find e.g. the keymap binary to
> apply keymaps.
This patch adds code to compile 'systemd-readahead-analyze' and install
it into $bindir.
Use this program to parse the contents of the readahead pack file, or
an arbitrary pack file and display which files are listed in it, and
how much of the files are requested to be readahead.
This code is not new - it's partially taken from sreadahead (formerly
maintained by Arjan van der Ven and me, and was originally written
by me), and adapted with the right bits to parse the systemd
readahead pack files, which are slightly different in format.
v2 adds a common READAHEAD_PACK_FILE_VERSION used in all the code
to provide a quick way to assure all these programs are always
synchronized. v3 fixes the integer math.
This takes handling of chassis power and sleep keys as well as the lid
switch over from acpid.
This logic is enabled by default for power and sleep keys, but not for
the lid switch.
If a graphical session is in the foreground no action is taken under the
assumption that the graphical session does this.
In rescue mode let's not establish all sockets, so that we don't end up
starting a lot of additional services automatically.
Instead of pulling in basic.target we now only pull in sysinit.target
which pulls in local-fs.target and swap.target. That way rescue mode has
all the really basic setup around, but normal services are not started
and not autostarted either.
RequiresMountsFor= is a shortcut for adding requires and after
dependencies to all mount units neeed for the specified paths.
This solves a couple of issues regarding dep loop cycles for encrypted
swap.
Two of our current job types are special:
JOB_TRY_RESTART, JOB_RELOAD_OR_START.
They differ from other job types by being sensitive to the unit active state.
They perform some action when the unit is active and some other action
otherwise. This raises a question: when exactly should the unit state be
checked to make the decision?
Currently the unit state is checked when the job becomes runnable. It's more
sensible to check the state immediately when the job is added by the user.
When the user types "systemctl try-restart foo.service", he really intends
to restart the service if it's running right now. If it isn't running right
now, the restart is pointless.
Consider the example (from Bugzilla[1]):
sleep.service takes some time to start.
hello.service has After=sleep.service.
Both services get started. Two jobs will appear:
hello.service/start waiting
sleep.service/start running
Then someone runs "systemctl try-restart hello.service".
Currently the try-restart operation will block and wait for
sleep.service/start to complete.
The correct result is to complete the try-restart operation immediately
with success, because hello.service is not running. The two original
jobs must not be disturbed by this.
To fix this we introduce two new concepts:
- a new job type: JOB_NOP
A JOB_NOP job does not do anything to the unit. It does not pull in any
dependencies. It is always immediately runnable. When installed to a unit,
it sits in a special slot (u->nop_job) where it never conflicts with
the installed job (u->job) of a different type. It never merges with jobs
of other types, but it can merge into an already installed JOB_NOP job.
- "collapsing" of job types
When a job of one of the two special types is added, the state of the unit
is checked immediately and the job type changes:
JOB_TRY_RESTART -> JOB_RESTART or JOB_NOP
JOB_RELOAD_OR_START -> JOB_RELOAD or JOB_START
Should a job type JOB_RELOAD_OR_START appear later during job merging, it
collapses immediately afterwards.
Collapsing actually makes some things simpler, because there are now fewer
job types that are allowed in the transaction.
[1] Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=753586
We shouldn't hardcode the name of the NTP implementation in the
timedated mechanism, especially since Fedora currently switched from NTP
to chrony.
This patch introduces a new target that is enabled/disabled instead of
the actual NTP implementation. The various NTP implementations should
then add .wants/ symlinks to their services and BindTo back to the
target, so that their implementations are started/stopped jointly with
the target.
https://bugzilla.redhat.com/show_bug.cgi?id=815748
manager.c takes care of the main loop, unit management, signal handling, ...
transaction.c computes transactions.
After split:
manager.c: 65 KB
transaction.c: 40 KB
