1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-13 23:21:08 +03:00
Commit Graph

24 Commits

Author SHA1 Message Date
Lennart Poettering
e51bc1a23e selinux: split off selinux calls into seperate file label.c 2010-08-11 22:58:34 +02:00
Lennart Poettering
e364ad0628 clang: fix numerous little issues found with clang-analyzer 2010-08-11 22:04:25 +02:00
Lennart Poettering
69dd2852bb manager: when two pending jobs conflict, keep the one that "conflicts", remove the one that is "conflicted"
This gives the writer of units control which unit is kept and which is
stopped when two units conflict.
2010-08-09 22:32:30 +02:00
Lennart Poettering
75d287d3ae automount: order automount units after fsck, too 2010-08-06 02:23:45 +02:00
Daniel J Walsh
56cf987fe7 Systemd is causing mislabeled devices to be created and then attempting to read them.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:7): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:8): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier.  I think this is caused by the
>>> modprobe calls to create /dev/autofs.  Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label.  Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e
2010-08-03 23:45:22 +02:00
Lennart Poettering
5632e3743d systemctl: introduce reset-maintenance command 2010-07-19 04:08:07 +02:00
Lennart Poettering
ba3e67a785 socket: when the socket is supposed to stop, don't accept any connections anymore 2010-07-13 00:27:27 +02:00
Lennart Poettering
2edd4434e5 mount: add automatic start ordering dependencies for mounts 2010-07-12 22:55:27 +02:00
Lennart Poettering
73c33e7f22 mount: add implicit umount.target conflicts only in system mode 2010-07-10 04:46:58 +02:00
Lennart Poettering
41e450596a automount: refuse automounts for the root file system 2010-07-10 02:41:25 +02:00
Lennart Poettering
4e67ddd6b3 units: introduce umount.target for unmounting all file systems 2010-07-10 02:41:06 +02:00
Lennart Poettering
398ef8ba02 dbus: make errors reported via D-Bus more useful 2010-07-08 02:43:18 +02:00
Lennart Poettering
2c966c038d unit: simplify things a little by introducing API to add two dependencies in one step 2010-07-03 19:46:38 +02:00
Lennart Poettering
1cf18f2733 automount: add DirectoryMode= setting 2010-07-02 01:17:21 +02:00
Lennart Poettering
032ff4afc9 unit: shorten active state enums to make systemctl output nicer 2010-07-01 03:34:15 +02:00
Lennart Poettering
6124958c7b unit: add new abstracted maintenance state for units 2010-07-01 00:31:53 +02:00
Lennart Poettering
4cd1fbcc06 unit: get rid of various unnecessary casts 2010-06-19 16:55:49 +02:00
Lennart Poettering
eb22ac37f3 systemctl: add /dev/initctl fallback 2010-06-18 04:44:53 +02:00
Lennart Poettering
18c78fb1af typo: the correct spelling is maintenance not maintainance 2010-06-16 14:01:55 +02:00
Lennart Poettering
01f78473b1 path: add .path unit type for monitoring files 2010-05-24 05:25:33 +02:00
Lennart Poettering
11c3a4eeb7 kmod: automatically load a few kernel modules we need for normal operation before udev is active 2010-05-22 00:29:53 +02:00
Lennart Poettering
ca9a0317a4 automount: try to modprobe autofs4 if its lacking 2010-05-19 22:30:28 +02:00
Lennart Poettering
1b5601907e automount: never consider our own mount point a prefix mount of us 2010-05-19 03:42:05 +02:00
Lennart Poettering
e99e38bbdc build-sys: move source files to subdirectory 2010-05-16 18:45:24 +02:00