summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-13core: add a system-wide SystemCallArchitectures= settingLennart Poettering
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13networkd: correctly handle manager_free(NULL)Tom Gundersen
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-12core: fix build without libseccompLennart Poettering
2014-02-12core: rework syscall filterLennart Poettering
- Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12syscallfilter: port to libseccompRonny Chevalier
2014-02-12sd-dhcp: make sure client->secs > 0Tom Gundersen
Some DHCP servers will not work correctly if secs == 0, so round up to at least 1.
2014-02-12networkd: work inside containersTom Gundersen
Udev does not run in containers, so instead of relying on it to tell us when a network device is ready to be used by networkd, we simply assume that any device was fully initialized before being added to the container.
2014-02-12update TODO (add section for things to fix before 209)Lennart Poettering
2014-02-12build-sys: make lxml required when generating indicesZbigniew Jędrzejewski-Szmek
Since the manpage indices generated without lxml would be missing some parts, it doesn't make sense to keep lxml optional anymore.
2014-02-12build-sys: add less-variables.xml to EXTRA_DISTZbigniew Jędrzejewski-Szmek
2014-02-12man: use xinclude to de-deduplicate common textZbigniew Jędrzejewski-Szmek
I only tested with python-lxml. I'm not sure if xml.etree should be deprecated.
2014-02-12pager: support SYSTEMD_LESS environment variableJason A. Donenfeld
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less.
2014-02-12nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵Lennart Poettering
of this
2014-02-12test: fix "make check"Lennart Poettering
Let's remove the tests for cg_path_get_machine_name(), since they no longer operate solely on the cgroup path, but actually look up data in /run. Since we have a test for cg_pid_get_machine_name() this shouldn't be too much of a loss.
2014-02-12machinectl: add new "machinectl reboot" callLennart Poettering
2014-02-11logind: ignore PropertiesChanged signals for jobsZbigniew Jędrzejewski-Szmek
Otherwise we get a (harmless) message like: systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument
2014-02-11logind: always kill session when termination is requestedZbigniew Jędrzejewski-Szmek
KillUserProcesses=yes/no should be ignored when termination is explicitly requested.
2014-02-11journald: log provenience of signalsZbigniew Jędrzejewski-Szmek
2014-02-11units: make use of nspawn's --keep-unit switch in systemd-nspawn@.serviceLennart Poettering
2014-02-11machined: fix enumeration of existing machines on restartLennart Poettering
2014-02-11update TODOLennart Poettering
2014-02-11logind: use session_get_state() to get sessions state of the userDjalal Harouni
In function user_get_state() remove the session_is_active() check, just count on the session_get_state() function to get the correct session state. session_is_active() may return true before starting the session scope and user service, this means it will return true even before the creation of the session fifo_fd which will produce incorrect states. So be consistent and just use session_get_state().
2014-02-11efi: fix Undefined reference efi_loader_get_boot_usec when EFI support is ↵Cristian Rodríguez
disabled
2014-02-11machined: optionally, allow registration of pre-existing units (scopesLennart Poettering
or services) as machine with machined
2014-02-11util: modernize readlink_malloc() a bitLennart Poettering
2014-02-11util: drop parse_user_at_host() since its unused nowLennart Poettering
2014-02-11nspawn: add --register=yes|no switch to optionally disable registration of ↵Lennart Poettering
the container with machined
2014-02-11sd-dhcp: split out packet handling from clientTom Gundersen
2014-02-10sd-bus: export sd_bus_call{,_async,_async_cancel}David Herrmann
The .sym file somehow lacks these declarations, so add these. You have to run "make clean" to make sure the sym-test runs fine afterwards.
2014-02-10networkd: link - correctly skip state ENSLAVING when no vlans configuredTom Gundersen
This fixes a regression introduced in 672682a6b
2014-02-10networkd: VLAN - allow multiple vlans to be created on a linkTom Gundersen
Also limit the range of vlan ids. Other implementations and documentation use the ranges {0,1}-{4094,4095}, but we use the one accepted by the kernel: 0-4094. Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
2014-02-10pam: use correct log levelMichal Sekletar
2014-02-10sd-rtnl: added support for a few more attributesSusant Sahani
2014-02-10sd-rtnl: test - improve test of MTU a bitTom Gundersen
We are more likely to catch errors if we don't use '0' as test value.
2014-02-10sd-rtnl: add test cases for linkSusant Sahani
2014-02-10nspawn: add new --share-system switch to run a container without PID/UTS/IPC ↵Lennart Poettering
namespacing
2014-02-10update TODOLennart Poettering
2014-02-10nspawn,man: use a common vocabulary when referring to selinux security contextsLennart Poettering
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.
2014-02-10exec: Add support for ignoring errors on SELinuxContext by prefixing it with ↵Michael Scherer
-, like for others settings. Also remove call to security_check_context, as this doesn't serve anything, since setexeccon will fail anyway.
2014-02-10exec: Ignore the setting SELinuxContext if selinux is not enabledMichael Scherer
2014-02-10exec: Add SELinuxContext configuration itemMichael Scherer
This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.
2014-02-10includes: remove duplicate includesTom Gundersen
Found by the new check-includes make target.
2014-02-10build-sys: move python helpers to tools directoryKarel Zak
Note that make-man-rules.py is missing in EXTRA_DIST=, this patch fixes this mistake too.
2014-02-10build-sys: add check-includes build target and scriptKarel Zak
2014-02-10fstab-generator: Create fsck-root symlink with correct pathColin Guthrie
This was noticed in Brussels at the hackfest. The fstab-generator currently creates a broken symlink pointing to itself in /run/systemd/generator/local-fs.target.wants/ for systemd-fsck-root.service
2014-02-10nspawn: require /etc/os-release only for initVincent Batts
/etc/os-release is expected for the case for booting a full system, and need not be required for thin container execution.
2014-02-10networkd: fix setting dns from dhcpTom Gundersen
2014-02-09man: fix another reference in systemd-inhibit(1)Zbigniew Jędrzejewski-Szmek
http://bugs.debian.org/738316
2014-02-09man: fix reference in systemd-inhibit(1)Zbigniew Jędrzejewski-Szmek
http://bugs.debian.org/738316
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-12-02 10:01:06 +0000