1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-15 07:24:00 +03:00
Commit Graph

15632 Commits

Author SHA1 Message Date
Lennart Poettering
48e93f88ff sysusers: move systemd-sysusers to libexec for now 2014-06-13 13:26:32 +02:00
Kay Sievers
6555ad8e9d tmpfiles: skip mknod() on -EPERM (device cgroup) 2014-06-13 04:12:50 +02:00
Kay Sievers
c1b6b04f0e sysusers: do not set todo to create a user when we only need a group 2014-06-13 03:28:54 +02:00
Thomas Hindoe Paaboel Andersen
f268f57f63 cryptsetup: check that password is not null
Beef up the assert to protect against passing null to strlen.

Found with scan-build.
2014-06-13 00:30:40 +02:00
Lennart Poettering
f8b5d99408 sysuser: generate default snippet incorporating TTY_GID properly
When the user specifies --with-tty-gid= then we should honour that and
write it to the snippet, too.
2014-06-12 23:22:27 +02:00
Lennart Poettering
7ec9fb4be9 sysusers: add new input group to default snippet 2014-06-12 23:08:51 +02:00
Lennart Poettering
753615e85d tmpfiles: minor modernizations 2014-06-12 23:07:34 +02:00
Lennart Poettering
034753ac13 machine: minor modernizations 2014-06-12 23:07:33 +02:00
Lennart Poettering
1b99214789 sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.

The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.

This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.

The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.

The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.

This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
2014-06-12 23:07:33 +02:00
Kay Sievers
0138a2dcc5 debug-shell: add condition for tty device to run on 2014-06-12 22:26:43 +02:00
Kay Sievers
3dff3e00e0 udev: assign group "input" to all input devices 2014-06-12 14:59:53 +02:00
Mantas Mikulėnas
c54bed5d51 NEWS: fix directory name 2014-06-11 19:12:11 +02:00
Lennart Poettering
4c0d13bdd5 NEWS: add missing comment about the "floppy" group 2014-06-11 18:42:38 +02:00
Lennart Poettering
cd14eda321 NEWS: mention that resolved's resolv.conf fragment moved 2014-06-11 15:32:20 +02:00
Lennart Poettering
42a04ee69c build-sys: update library versions 2014-06-11 15:30:28 +02:00
Lennart Poettering
dc1d6c02fc NEWS: add contributor list for 214 2014-06-11 15:04:59 +02:00
Lennart Poettering
58e027023b units: order network-online.target after network.target
There might be implementations around where the network-online logic
might not talk to any network configuration service (and thus not have
to wait for it), hence let's explicitly order network-online.target
after network.target to avoid any ambiguities.
2014-06-11 15:00:45 +02:00
Kay Sievers
71449cafa1 NEWS: update 2014-06-11 14:04:28 +02:00
Lennart Poettering
04e91da2cf NEWS: prepare NEWS for 214 2014-06-11 13:31:51 +02:00
Umut Tezduyar Lindskog
a21b4670d4 doc: specify kernel configs for cpushares 2014-06-11 12:30:29 +02:00
Lennart Poettering
96bf4ee252 units: time-sync.target probably makes sense, is not just sysv compat 2014-06-11 12:14:55 +02:00
Lennart Poettering
a4a878d040 units: introduce network-pre.target as place to hook in firewalls
network-pre.target is a passive target that should be pulled in by
services that want to be executed before any network is configured (for
example: firewall scrips).

network-pre.target should be ordered before all network managemet
services (but not be pulled in by them).

network-pre.target should be order after all services that want to be
executed before any network is configured (and be pulled in by them).
2014-06-11 12:14:55 +02:00
Kay Sievers
4196a3ead3 NEWS: add section about udev locking 2014-06-11 12:00:47 +02:00
Kay Sievers
f31cf2b6d0 udev: stop using "floppy" group 2014-06-11 11:20:55 +02:00
Lennart Poettering
fc1d70af21 journald: create /run/log/journal with the correct access modes 2014-06-11 10:36:13 +02:00
Lennart Poettering
176f2acf8d tmpfiles: don't allow read access to journal files to users not in systemd-journal
Also, don't apply access mode recursively to /var/log/journal/*/, since
that might be quite large, and should be correct anyway.
2014-06-11 10:29:01 +02:00
Lennart Poettering
e90738c9bb update TODO 2014-06-11 10:15:51 +02:00
Lennart Poettering
1b77b581eb tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in 2014-06-11 10:15:07 +02:00
Lennart Poettering
abef3f91ce tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories
This way it makes a lot more sense to specify an access mode for "Z"
lines.
2014-06-11 10:14:07 +02:00
Lennart Poettering
1ebab2103d tmpfiles: if /var is mounted from tmpfs, we should adjust its access mode 2014-06-11 09:20:17 +02:00
Lennart Poettering
9855d6c7a1 tmpfiles: remove unnecessary function 2014-06-11 09:19:57 +02:00
Lennart Poettering
1910cd0e05 tmpfiles: when processing lines, always process prefixes before suffixes
If two lines refer to paths that are suffix and prefix of each other,
then always process the prefix first, the suffix second. In all other
cases strictly process rules in the order they appear in the files.

This makes creating /var/run as symlink to /run a lot more fun, since it
is automatically created first.
2014-06-11 01:37:35 +02:00
Lennart Poettering
7bc040fab8 tmpfiles: static variables populated immediately from the command line should be prefixed with arg_ 2014-06-11 01:26:28 +02:00
Lennart Poettering
06c17c39a8 nspawn: add new --tmpfs= option to mount a tmpfs on specific directories, such as /var 2014-06-11 00:44:30 +02:00
Lennart Poettering
9339db7187 tmpfiles: always recreate the most basic directory structure in /var
Let's allow booting up with /var empty. Only create the most basic
directories to get to a working directory structure and symlink set in
/var.
2014-06-11 00:12:21 +02:00
Lennart Poettering
61147436a3 update TODO 2014-06-11 00:07:07 +02:00
Lennart Poettering
e73a03e059 tmpfiles: get rid of "m" lines, make them redundant by "z"
"m" so far has been a non-globbing version of "z". Since this makes it
quite redundant, let's get rid of it. Remove "m" from the man pages,
beef up "z" docs instead, and make "m" nothing more than a compatibility
alias for "z".
2014-06-10 23:42:16 +02:00
Lennart Poettering
849958d1ba tmpfiles: add new "C" line for copying files or directories 2014-06-10 23:02:40 +02:00
Lennart Poettering
cde684a293 tmpfiles: various modernizations 2014-06-10 22:50:46 +02:00
Lennart Poettering
874f1947e3 label: when clearing selinux context, don't mangle errno 2014-06-10 22:48:56 +02:00
Mantas Mikulėnas
62be1c9aab bus-proxy: fix misplaced s/system/session/ 2014-06-10 19:34:34 +02:00
Lennart Poettering
34f750b725 machine-id-setup: fix array size of parameters
Not that it really would have any effect on the generated code, but
let's not confuse people...
2014-06-10 19:19:35 +02:00
Ronny Chevalier
e683212f04 log: honour the kernel's quiet cmdline argument
It was forgotten in b1e90ec515

See https://bugs.freedesktop.org/show_bug.cgi?id=79582
2014-06-10 19:16:59 +02:00
Thomas Hindoe Paaboel Andersen
47a3fa0f76 udev: check the return value from udev_enumerate_scan_devices
The return value from udev_enumerate_scan_devices was stored but
never used. I assume this was meant to be checked.
2014-06-10 19:06:50 +02:00
Ronny Chevalier
d31e109677 tests: do not use systemctl status --failed
since v212 calling systemctl status without arguments
will show a overall system state
2014-06-10 19:04:18 +02:00
Denis Tikhomirov
4cd2b2cf8c backlight: Do not clamp brightness for LEDs
https://bugs.freedesktop.org/show_bug.cgi?id=77092

On Thu, Jun 05, 2014 at 08:37:20AM +0200, Lennart Poettering wrote:
> The patch is line-broken, please send an uncorrupted patch!
I am very sorry, I forgot that my client limits line width. I will use
mutt now on.
> clamp_brightness() clamps the brightness value to the range of the
> actual device. This is a recent addition that was added to deal with
> driver updates where the resolution is changed. I don't think this part
> should be dropped for LED devices. The clamp_brightness() call hence
> should be called unconditionally, however, internally it should use a
> different min_brightness value if something is an !backlight devices...
Thank you for explanation, this sounds very reasonable to me. Please,
see updated patch:
2014-06-10 18:57:48 +02:00
Lennart Poettering
51cb9d734a man: updates to the passive target section 2014-06-10 18:52:28 +02:00
Thomas Blume
37287585b6 systemd-detect-virt: only discover Xen domU
The current vm detection lacks the distinction between Xen dom0 and Xen domU.
Both, dom0 and domU are running inside the hypervisor.
Therefore systemd-detect-virt and the ConditionVirtualization directive detect
dom0 as a virtual machine.

dom0 is not using virtual devices but is accessing the real hardware.
Therefore dom0 should be considered the virtualisation host and not a virtual
machine.

https://bugs.freedesktop.org/show_bug.cgi?id=77271
2014-06-10 18:16:47 +02:00
Mark Eichin
299a55075d man: Searching for an explanation of what a "slice unit" was, found this, felt compelled to send in fixes for the obvious typos 2014-06-10 18:05:58 +02:00
Lennart Poettering
13f8b8cbb4 bus-proxy: properly index policy by uid/gid when parsing 2014-06-10 17:56:52 +02:00