shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-05 06:52:22 +03:00
Code
24,654 Commits 3 Branches 390 Tags 543 MiB
b72190e90f
Commit Graph

24654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lennart Poettering
b72190e90f Merge pull request #2505 from torstehu/fix-typo4 
Fix typos and a small build fix
 2016-02-01 22:09:54 +01:00
Torstein Husebø
fa9e9f72b9 resolve: Silence build warning, when systemd is built without libidn 
HAVE_IDN is not defined when systemd is build without it
 2016-02-01 21:10:03 +01:00
Torstein Husebø
e94968ba72 resolve: fix typos 2016-02-01 21:08:00 +01:00
Lennart Poettering
fd04bba0e8 Merge pull request #2491 from martinpitt/master 
tmpfiles: drop /run/lock/lockdev
 2016-02-01 18:27:51 +01:00
Martin Pitt
61f32bff61 tmpfiles: drop /run/lock/lockdev 
Hardly any software uses that any more, and better locking mechanisms like
flock() have been available for many years.

Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as
nothing else is using this.
 2016-02-01 12:16:24 +01:00
Lennart Poettering
f3ade27e68 Merge pull request #2497 from jsynacek/bootoffset-runtime-v4 
Expose additional booleans in sd_journal and improve error messages in journalctl
 2016-02-01 12:02:53 +01:00
Jan Synacek
c34e939909 journalctl: improve error messages when the specified boot is not found 2016-02-01 11:59:33 +01:00
Jan Synacek
0f1a9a830c journalctl: show friendly info when using -b on runtime journal only 
Make it clear that specifing boot when there is actually only one has no
effect. This cosmetic patch improves user experience a bit.
 2016-02-01 11:59:33 +01:00
Jan Synacek
39fd5b08a7 sd-journal: introduce has_runtime_files and has_persistent_files 
Also introduce sd_journal_has_runtime_files() and
sd_journal_has_persistent_files() to the public API. These functions
can be used to easily find out if the open journal files are runtime
and/or persistent.
 2016-02-01 11:59:27 +01:00
Lennart Poettering
c248c80dfd Merge pull request #2481 from xnox/pretty-ccw 
udev: net_id - for ccw bus, shorten the identifier and stip leading z…
 2016-02-01 11:39:11 +01:00
Lennart Poettering
da21f8743a Merge pull request #2493 from evverx/fix-selinux-checks 
Fix selinux check for ReloadUnit
 2016-02-01 11:34:56 +01:00
Lennart Poettering
a6c5361bb1 Merge pull request #2494 from michaelolbrich/resolved-without-gcrypt 
Resolved without gcrypt
 2016-02-01 11:05:45 +01:00
Zbigniew Jędrzejewski-Szmek
c25bf528a1 Merge pull request #2496 from whot/hwdb-updates 
hwdb: add Samsung 305V4A axis resolutions
 2016-01-31 22:08:25 -05:00
Peter Hutterer
d9a03677a5 hwdb: add Samsung 305V4A axis resolutions 
From https://bugzilla.redhat.com/show_bug.cgi?id=1294022
 2016-02-01 12:50:43 +10:00
Michael Olbrich
4709152273 resolved: allow building without libgcrypt 2016-01-31 23:54:12 +01:00
Michael Olbrich
421cc89d30 resolved: make dnssec_nsec_test_enclosed() static 
It's not used anywhere else.
 2016-01-31 23:54:12 +01:00
Michael Olbrich
dbf0b8a281 resolved: reorder functions 
Preparation to make gcrypt optional.
 2016-01-31 23:54:12 +01:00
Evgeny Vereshchagin
f596e00f32 core: let's check access before type modification 2016-01-31 14:23:46 +00:00
Evgeny Vereshchagin
94bd732348 core: refactoring: add job_type_to_access_method 
remove duplication
 2016-01-31 14:23:46 +00:00
Evgeny Vereshchagin
61ea63f1ab core: fix selinux check for reload 
Fixes:
-bash-4.3# echo 1 >/sys/fs/selinux/enforce
-bash-4.3# runcon -t systemd_test_start_t systemctl start hola

-bash-4.3# sesearch --allow -s systemd_test_reload_t -c service
Found 1 semantic av rules:
   allow systemd_test_reload_t systemd_unit_file_t : service reload ;

-bash-4.3# runcon -t systemd_test_reload_t systemctl reload hola
Failed to reload hola.service: Access denied
See system logs and 'systemctl status hola.service' for details.

-bash-4.3# journalctl -b | grep -i user_avc | grep reload
USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='
avc:  denied  { start } for auid=0 uid=0 gid=0 path="/etc/systemd/system/hola.service" cmdline="systemctl reload hola"
scontext=unconfined_u:unconfined_r:systemd_test_reload_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_unit_file_t:s0
tclass=service

See
https://fedoraproject.org/wiki/Features/SELinuxSystemdAccessControl#Documentation
 2016-01-31 14:19:15 +00:00
Lennart Poettering
09ce74e196 Merge pull request #2487 from msekletar/bootctl-foreach-dirent 
bootctl: replace readdir() loops with FOREACH_DIRENT
 2016-01-31 14:57:20 +01:00
Evgeny Vereshchagin
5c7290b195 tests: add test-selinux-checks 2016-01-31 09:02:51 +00:00
Michal Sekletar
e41256dcec bootctl: replace readdir() loops with FOREACH_DIRENT 2016-01-31 09:44:53 +01:00
Lennart Poettering
dcabda4155 Merge pull request #2469 from keszybz/resolved-2 
Resolved 2
 2016-01-30 15:04:56 +01:00
Zbigniew Jędrzejewski-Szmek
132bdb0cf8 Merge pull request #2478 from grawity/fix/touch-mode 
basic: fix touch() creating files with 07777 mode
 2016-01-29 21:19:21 -05:00
Mantas Mikulėnas
06eeacb6fe basic: fix touch() creating files with 07777 mode 
mode_t is unsigned, so MODE_INVALID < 0 can never be true.

This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/systemd/show-status.
 2016-01-29 23:41:09 +02:00
Zbigniew Jędrzejewski-Szmek
c542f805dd man: reword sentence 2016-01-29 12:24:15 -05:00
Zbigniew Jędrzejewski-Szmek
e3309036cd resolved: log server type when switching servers 
I'm not defining _DNS_SERVER_TYPE_MAX/INVALID as usual in the enum,
because it wouldn't be used, and then gcc would complain that
various enums don't test for _DNS_SERVER_TYPE_MAX. It seems better
to define the macro rather than add assert_not_reached() in multiple
places.
 2016-01-29 12:24:15 -05:00
Zbigniew Jędrzejewski-Szmek
a43a068a30 resolved: add macro to compare sized fields 
For consistency, generic.size is renamed to generic.data_size.

nsec3.next_hashed_name comparison was missing a size check.
 2016-01-29 12:24:14 -05:00
Zbigniew Jędrzejewski-Szmek
ba82da3bb5 resolve-host: add option to list protocols 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek
869b3b67e3 resolve-host: allow specifying type as TYPEnn 
This mirrors the behaviour of host and makes the conversion to and from
string symmetrical.
 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek
f3367a64ca test-tables: ellide boring parts of sparse mappings 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek
c7472ce088 test-resolve-tables: new "test", useful to print mappings 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek
fc8eec10f6 resolved: calculate and print tags for DNSKEY records 2016-01-29 12:13:06 -05:00
Dimitri John Ledkov
0037a669ac udev: net_id - for ccw bus, shorten the identifier and stip leading zeros 
The commmon case default qeth link is enccw0.0.0600 is rather long.

Thus strip leading zeros (which doesn't make the bus_id unstable),
similar to the PCI domain case.

Also 'ccw' is redundant on S/390, as there aren't really other buses
available which could have qeth driver interfaces. Not sure why this
code is even compiled on non-s390[x] platforms. But to distinguish from
e.g. MAC stable names shorten the suffix to just 'c'.

Thus enccw0.0.0600 becomes enc600.
 2016-01-29 17:54:30 +01:00
Martin Pitt
7d82cd4d53 Merge pull request #2474 from poettering/doc-fix-2189 
man: document special considerations when mixing templated service un…
 2016-01-29 16:53:13 +01:00
Lennart Poettering
ae0a5fb1e1 man: document special considerations when mixing templated service units and DefaultDependencies=no 
Fixes #2189.
 2016-01-29 16:50:50 +01:00
Daniel Mack
0e3a930a60 Merge pull request #2465 from poettering/systemctl-chroot 
Fix for #2015
 2016-01-29 16:04:03 +01:00
Daniel Mack
e0d2df39b1 Merge pull request #2472 from poettering/mini-fixes 
Two mini fixes
 2016-01-29 15:51:16 +01:00
Lennart Poettering
d152dd467a systemctl: actually honour the try-reload-or-restart verb aabf5d4243 promised 
The verb entry got lost in the ultimate commit.
 2016-01-29 15:49:05 +01:00
Lennart Poettering
1e726cc963 systemctl: make most systemctl commands NOPs in a chroot() environment 
Fixes #2015
 2016-01-29 15:49:05 +01:00
Lennart Poettering
040524b4a3 systemctl: consider a chroot() environment always offline 2016-01-29 15:16:56 +01:00
Lennart Poettering
a16f96cd56 basic: when parsing verb command lines, optionally shortcut them in chroot() environments 
This adds some basic infrastructure in order to fix #2015.
 2016-01-29 15:16:56 +01:00
Lennart Poettering
6c033c3496 man: document which section the configuration settings of timesyncd.conf belong into 2016-01-29 14:53:05 +01:00
Lennart Poettering
dbc7bede4a man: actually say which section resolv.conf's setting should be placed in 2016-01-29 14:53:01 +01:00
Lennart Poettering
6c38b6c04e build-sys: install systemd-resolve in /usr/bin 
The command has a man page now and is public, hence add it to /usr/bin.
 2016-01-29 14:45:41 +01:00
Zbigniew Jędrzejewski-Szmek
a5a5f03382 Merge pull request #2466 from poettering/nspawn-journal 
Two small nspawn fixes
 2016-01-28 19:32:48 -05:00
Zbigniew Jędrzejewski-Szmek
2bc968b748 Merge pull request #2464 from poettering/reload-or-try-restart 
Fix for #688
 2016-01-28 19:11:30 -05:00
Zbigniew Jędrzejewski-Szmek
99e5ca6d8b resolved: expand flags field in DNSKEY records 2016-01-28 18:35:02 -05:00
Zbigniew Jędrzejewski-Szmek
cfb90da3dc resolved: convert TLSA fields to string 
Example output:
_443._tcp.fedoraproject.org IN TLSA  0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
                                     -- Cert. usage: CA constraint
                                     -- Selector: Full Certificate
                                     -- Matching type: SHA-256
 2016-01-28 18:35:02 -05:00