Age | Commit message (Collapse) | Author |
|
|
|
(This is incomplete, /proc and /sys are still owned by root from outside
the container, not inside)
|
|
Fix result testing of is_symlink() to ignore negative results, which happen if
the file name does not exist at all. In this case we do not want a warning and
unlink the non-existing link.
https://bugs.debian.org/778700
|
|
Commit d5d8429a dropped the explicit runlevelN.target mapping. Adjust the tests
accordingly to explicitly state the expected targets instead of runlevels.
|
|
ThinkPad tablet firmware has DMI product name and version reversed:
Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: LENOVO
Product Name: 7762AS1
Version: ThinkPad X61 Tablet
Serial Number: LKZCDH2
UUID: 6ADBC681-4FC9-11CB-844F-B47CB9210BE2
Wake-up Type: Power Switch
SKU Number: Not Specified
Family: ThinkPad X61 Tablet
|
|
Add strings for fsckd.
|
|
|
|
Previously we always invoked the container PID 1 on /dev/console of the
container. With this change we do so only if nspawn was invoked
interactively (i.e. its stdin/stdout was connected to a TTY). In all other
cases we directly pass through the fds unmodified.
This has the benefit that nspawn can be added into shell pipelines.
https://bugs.freedesktop.org/show_bug.cgi?id=87732
|
|
|
|
With this change runlevel 2, 3, 4 are mapped to multi-user.target for
good, and 5 to graphical.target. This was already the previous mapping
but is now no longer reconfigurable, but hard-coded into the core.
This should generally simplify things, but also fix one bug: the
sysv-generator previously generated symlinks to runlevel[2-5].target
units, which possibly weren't picked up if these aliases were otherwise
only referenced by the real names "multi-user.target" and
"graphical.target".
We keep compat aliases "runlevel[2345].target" arround for cases where
this target name is explicitly requested.
|
|
|
|
|
|
This is similar to systemd-run's --property= setting.
|
|
The call iterates through cmsg list and closes all fds passed via
SCM_RIGHTS.
This patch also ensures the call is used wherever appropriate, where we
might get spurious fds sent and we should better close them, then leave
them lying around.
|
|
Make use of the new sd_bus_set_allow_interactive_authorization() call to
globally enable interactive authorization. Also, turn on PK agent for
more calls.
This allows us to make use of the sd_bus_call_method() convencience
helper at more places.
|
|
|
|
- Always issue selinux access check as early as possible, and PK check
as late as possible.
- Introduce a new policykit action for altering environment
- Open most remaining bus calls to unprivileged clients via PK
|
|
|
|
|
|
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part.
Adapt existing fsck man page.
|
|
systemd-fsckd can be socket-activated by systemd-fsck process. Reflect that
in the different unit files.
|
|
Also, add new plymouth fsckd translated strings in french.
Refreshed with "make update-po".
|
|
For plymouth themes not supporting i18n (like .script), send translated
messages to display to user, which is equivalent to the sent machine
readable data.
|
|
|
|
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.
Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
displaying the information above. It can be overriden by plymouth themes
supporting i18n.
Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.
Send a message to signal to user what key we are grabbing for fsck cancel.
Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overriden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.
|
|
Remove the plymouth running or show-status checks from systemd-fsck. Instead,
always connect to systemd-fsckd socket, and let this one decide if we display
progress or not.
|
|
Add systemd-fsckd multiplexer which accepts multiple systemd-fsck
instances to connect to it and sends progress report. systemd-fsckd then
computes and writes to /dev/console the number of devices currently being
checked and the minimum fsck progress. This will be used for interactive
progress report and cancelling in plymouth.
systemd-fsckd stops on idle when no systemd-fsck is connected.
Make the necessary changes to systemd-fsck to connect to the systemd-fsckd
socket.
|
|
|
|
What used to be gummiboot, was renamed sd-boot when it was merged into
systemd. Let's try to be a bit more consistent with the rest of systemd
and rename it again as follows:
The EFI bootloader is now called 'systemd-bootx64.efi', and its sources are in
'src/boot/efi/'. The drop-in directory where bootctl will find EFI loaders
is now /usr/lib/systemd/boot/efi/.
|
|
Set -std=gnu90 to let efibind.h define the standard types.
[tomegun: retyped the patch as the originl would not apply]
|
|
|
|
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
|
|
|
|
PolicyKit
|
|
"allow-interactive-authentication" message flag
Most of our client tools want to set this bit for all their method
calls, even though it defaults to off in sd-bus, and rightfully so.
Hence, to simplify thing, introduce a per sd_bus-object flag that sets
the default value for all messages created on the connection.
|
|
|
|
operations
This way, any bus client can make use of these calls.
|
|
|
|
Pull in new kdbus changes, namely:
- EOVERFLOW is replaces by KDBUS_RECV_RETURN_DROPPED_MSGS
- ENOMSG is merged with EAGAIN for consistency
|
|
We should never put any constraints on the IDs returned by the kernel. Use
sd_bus_get_unique_name() to retrieve the ID of a peer.
|
|
|
|
machined
This extends the bus interface, adding BindMountMachine() for bind
mounting directories from the host into the container.
|
|
|
|
|
|
parse_acl() returns the error instead of setting errno.
|
|
Found by Valgrind while testing the previous memory leak fix.
|
|
The output of gnutls_certificate_verification_status_print() needs to be
freed.
Noticed this while staring at verify_cert_authorized() to see what could
possibly confuse gcc5 on armv7hl to segfault during compilation.
|
|
|
|
This reverts commit 93a1e66efd4b0f4cda29c467d20d0f7510c0b3a8.
It broke the builds for Walters.
Kay hates it and "just knows" there are no actual users.
|
|
|