summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-10-10security: rework selinux, smack, ima, apparmor detection logicLennart Poettering
Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
2013-10-10login: make sd_session_get_vt() actually workDavid Herrmann
We use VTNR, not VTNr as key. Until now sd_session_get_vt() just returns an error.
2013-10-10login: fix invalid free() in sd_session_get_vt()David Herrmann
We need to clear variables markes as _cleanup_free_. Otherwise, our error-paths might corrupt random memory.
2013-10-10bus: add minimal event loop APILennart Poettering
So far we tried to use epoll directly wherever we needed an event loop. However, that has various shortcomings, such as the inability to handle larger amounts of timers (since each timerfd costs one fd, which is a very limited resource, usually bounded to 1024), and inability to do priorisation between multiple queued events. Let's add a minimal event loop API around epoll that is suitable for implementation of our own daemons and maybe one day can become public API for those who desire it. This loop is part of libsystemd-bus, but may be used independently of it.
2013-10-09journald: remove rotated file from hashmap when rotation failsZbigniew Jędrzejewski-Szmek
Before, when the user journal file was rotated, journal_file_rotate could close the old file and fail to open the new file. In that case, we would leave the old (deallocated) file in the hashmap. On subsequent accesses, we could retrieve this stale entry, leading to a segfault. When journal_file_rotate fails with the file pointer set to 0, old file is certainly gone, and cannot be used anymore. https://bugzilla.redhat.com/show_bug.cgi?id=890463
2013-10-09journald: replace new+snprintf with asprintfZbigniew Jędrzejewski-Szmek
2013-10-10do not accept "garbage" from acpi firmware performance data (FPDT)Kay Sievers
00000000 46 42 50 54 38 00 00 00 02 00 30 02 00 00 00 00 |FBPT8.....0.....| 00000010 23 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |#E..............| 00000020 f5 6a 51 00 00 00 00 00 00 00 00 00 00 00 00 00 |.jQ.............| 00000030 00 00 00 00 00 00 00 00 70 74 61 6c 58 00 00 00 |........ptalX...|
2013-10-09Smack: Test if smack is enabled before mountingAuke Kok
Since on most systems with xattr systemd will compile with Smack support enabled, we still attempt to mount various fs's with Smack-only options. Before mounting any of these Smack-related filesystems with Smack specific mount options, check if Smack is functionally active on the running kernel. If Smack is really enabled in the kernel, all these Smack mounts are now *fatal*, as they should be. We no longer mount smackfs if systemd was compiled without Smack support. This makes it easier to make smackfs mount failures a critical error when Smack is enabled. We no longer mount these filesystems with their Smack specific options inside containers. There these filesystems will be mounted with there non-mount smack options for now.
2013-10-09udev: add SECLABEL{selinux}= supportKay Sievers
2013-10-09keymap: Fix Samsung 900X[34]CMartin Pitt
It appears that it's not really the 900 vs. 940 or the X3 vs X4, but the A/B/C/D suffix after that which makes the difference between the keymaps. On a NP900X3C-A04RU you get MODALIAS=dmi:bvn*:bvr*:bd*:svnSAMSUNGELECTRONICSCO.,LTD.:pn900X3C/900X3D/900X4C/900X4D:* So change the matches to use AB vs. CDG as the differentiator. Thanks to Anatoly Markov for reporting and testing!
2013-10-09udev: reset Linux Security Module labels if no custom rules are givenKay Sievers
2013-10-09bus: fix missing initializationLennart Poettering
2013-10-09tests: fix some memory leaks in testsLennart Poettering
2013-10-09journald: fix minor memory leakLennart Poettering
2013-10-09build-sys: add a makefile target to run all tests through valgrindLennart Poettering
2013-10-09build-sys: add sd-bus-vtable.h headerKay Sievers
2013-10-09bus: fix GetAll() userdata passingLennart Poettering
2013-10-09bus: don't require that if a child object node exists its parent node must tooLennart Poettering
2013-10-09bus: fix synthetic error messagesLennart Poettering
2013-10-09libsystemd-bus: add lightweight object vtable implementation for exposing ↵Lennart Poettering
objects on the bus This adds a lightweight scheme how to define interfaces in static fixed arrays which then can be easily registered on a bus connection. This makes it much easier to write bus services. This automatically handles implementation of the Properties, ObjectManager, and Introspection bus interfaces.
2013-10-09core: unify the way we denote serialization attributesLennart Poettering
2013-10-07systemd: serialize/deserialize forbid_restart valueSylvia Else
The Service type's forbid_restart field was not preserved by serialization/deserialization, so the fact that the service should not be restarted after stopping was lost. If a systemctl stop foo command has been given, but the foo service has not yet stopped, and then the systemctl --system daemon-reload was given, then when the foo service eventually stopped, systemd would restart it. https://bugs.freedesktop.org/show_bug.cgi?id=69800
2013-10-07journalctl: flip to --full by defaultZbigniew Jędrzejewski-Szmek
We already shew lines in full when using a pager or not on a tty. The commit disables ellipsization in the sole remaining case, namely when --follow is used. This has been a popular request for a long time, and indeed, full output seems much more useful. Old behaviour can still be requested by using --no-full. Old options retain their behaviour for compatiblity, but aren't advertised as much. This change applies only to jornalctl, not to systemctl, when ellipsization is useful to keep the layout. https://bugzilla.redhat.com/show_bug.cgi?id=984758
2013-10-08udev: support custom Linux Security Module labels for device nodesKay Sievers
2013-10-07Run with a custom SMACK domain (label).Auke Kok
Allows the systemd --system process to change its current SMACK label to a predefined custom label (usually "system") at boot time. This is needed to have a few system-generated folders and sockets automatically be created with the right SMACK label. Without that, processes either cannot communicate with systemd or systemd fails to perform some actions.
2013-10-07Mount /run, /dev/shm usable to tasks when using SMACK.Auke Kok
Once systemd itself is running in a security domain for SMACK, it will fail to start countless tasks due to missing privileges for mounted and created directory structures. For /run and shm specifically, we grant all tasks access. These 2 mounts are allowed to fail, which will happen if the system is not running a SMACK enabled kernel or security=none is passed to the kernel.
2013-10-06shared/util: fix off-by-one error in tag_to_udev_nodeDave Reisner
Triggered false negatives when encoding a string which needed every character to be escaped, e.g. "LABEL=/".
2013-10-05utf8: fix utf8_is_printableZbigniew Jędrzejewski-Szmek
2013-10-05core: do not add "what" to RequiresMountsFor for network mountsZbigniew Jędrzejewski-Szmek
For cifs mount like //server/share, we would get RequiresMountsFor=/server/share, which probably isn't harmful, but quite confusing. Unfortunately a bunch of static functions had to be moved up, but patch is really one line.
2013-10-04mount: check for NULL before reading pm->whatDave Reisner
Since a57f7e2c828b85, a mount unit with garbage in it would cause systemd to crash on loading it. ref: https://bugs.freedesktop.org/show_bug.cgi?id=70148
2013-10-04logind: fix bus introspection data for TakeControl()Lennart Poettering
2013-10-04manager: when verifying whether clients may change environment using selinux ↵Lennart Poettering
check for "reload" rather "reboot" This appears to be a copy/paste error.
2013-10-04update TODOLennart Poettering
2013-10-03systemd: order remote mounts from mountinfo before remote-fs.targetZbigniew Jędrzejewski-Szmek
Usually the network is stopped before filesystems are umounted. Ordering network filesystems before remote-fs.target means that their unmounting will be performed earlier, and can terminate sucessfully. https://bugs.freedesktop.org/show_bug.cgi?id=70002
2013-10-03Introduce _cleanup_endmntent_Zbigniew Jędrzejewski-Szmek
2013-10-03gpt-auto-generator: exit immediately if in containerZbigniew Jędrzejewski-Szmek
Otherwise we get an ugly warning when running systemd in a container.
2013-10-03execute: more debugging messagesZbigniew Jędrzejewski-Szmek
2013-10-03man: Improve the description of parameter X in tmpfiles.d pageVáclav Pavlín
2013-10-02execute.c: always set $SHELLZbigniew Jędrzejewski-Szmek
In e6dca81 $SHELL was added to user@.service. Let's instead provide it to all units which have a user.
2013-10-02tmpfiles.d: include setgid perms for /run/log/journalDave Reisner
4608af4333d0f7f5 set permissions for journal storage on persistent disk but not the volatile storage. ref: https://bugs.archlinux.org/task/37170
2013-10-02nspawn: always copy /etc/resolv.conf rather than bind mountLennart Poettering
We were already creating the file if it was missing, and this way containers can reconfigure the file without running into problems. This also makes resolv.conf handling more alike to handling of /etc/localtime, which is also not a bind mount.
2013-10-02mkdir: pass a proper function pointer to mkdir_safe_internalLennart Poettering
2013-10-02strv: don't access potentially NULL string arraysLennart Poettering
2013-10-02efi: never call qsort on potentially NULL arraysLennart Poettering
2013-10-02modules-load: fix error handlingLennart Poettering
2013-10-02dbus: fix return value of dispatch_rqueue()Lennart Poettering
2013-10-02bus: fix potentially uninitialized memory accessLennart Poettering
2013-10-02journald: add missing error checkLennart Poettering
2013-10-02cryptsetup: fix OOM handling when parsing mount optionsLennart Poettering
2013-10-02systemctl: fix name mangling for sysv unitsVáclav Pavlín