| Age | Commit message (Collapse) | Author |
|---|
|
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
|
|
|
|
clang reports:
src/libudev/libudev-util.c:665:35: warning: cast from
"const unsigned char *" to "unsigned int *" increases required alignment
from 1 to 4 [-Wcast-align]
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=38355
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=58359
|
|
The ability to dump catalog entries in full and by id is added.
|
|
- separate methods with two empty lines for clarity
- avoid malloc(0) by specyfing private data size as -1
- add method name in error messages
|
|
This one wraps sd_journal_get_catalog_from_message_id.
Thanks to Python namespacing, we can stick to a shorter name.
|
|
This one wraps sd_journaal_get_catalog.
|
|
|
|
This should make the file interface of _Reader complete.
|
|
|
|
<heftig> kay: systemd commit 22582bb broke cups usb printing for me
<heftig> because the "lp" group isn't applied anymore
<heftig> SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
<heftig> moving this line to the end of 50-udev-default.rules restores correct behavior, as it's after usb_id
|
|
|
|
Separate out Ideapad U300s to its own line and add Microphone mute key.
Signed-off-by: Martin Pitt <martinpitt@gnome.org>
|
|
The "micmute" key code is outside of X.org's allowed range [1].
gnome-settings-daemon interprets F20 as "microphone mute" these days [2], so
use this until X.org either gets fixed or obsoleted.
[1] https://bugzilla.gnome.org/show_bug.cgi?id=692071
[2] https://mail.gnome.org/archives/commits-list/2013-January/msg05822.html
|
|
IdeaPad U300s needs mapping 0xf1 to f21 just like Lenovo V480.
Signed-off-by: Martin Pitt <martinpitt@gnome.org>
|
|
|
|
|
|
This is a followup to: commit 1a37b9b9043ef83e9900e460a9a1fccced3acf89
It will fix denial messages from dbus-daemon between gdm and
systemd-logind on logging into GNOME due to this.
See the previous commit for more details.
|
|
Seems natural to be able to specify relative directory,
e.g. with journalctl -D. And even if, this should be checked
in front-end code, not in the library.
|
|
|
|
One log_debug() moved to match order in other functions.
|
|
|
|
|
|
|
|
|
|
Unlike IMPORT and PROGRAM, RUN is not executed inline, but after all the rules of the given event have been processed.
|
|
The 'kmod' builtin, like the 'firmware' and 'uaccess' builtins, does not set
any variables, so don't use IMPORT.
Notice that this changes the behaviour slightly: the processing of subsequent
rules for the event that loads a module will no longer wait for the module
loading to finish. This is not expected to cause any problems, but we should
keep an eye on it.
|
|
The properties will still be set in the udev database, but they will not be used
for setting the interface names. As for the other kernel commandline switches,
we allow it to be prefixed by 'rd.' to only apply in the initrd.
|
|
Moved from udev(7) to systemd-udevd.service(8), where the rest of the
documentation of the configuration of the daemon lives.
|
|
|
|
Distros that whish to support old kernels should set
--with-firmware-dirs="/usr/lib/firmware/updates:/usr/lib/firmware"
to retain the old behaviour.
|
|
The new IMPORT{builtin} and RUN{builtin} were not documented. Also make it clear
that RUN= is really an alias for RUN{program}=.
|
|
|
|
|
|
|
|
|
|
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
|
|
The new socket option SO_REUSEPORT would enable some new functionality;
add it to TODO.
|
|
CIPSO is the Common IP Security Option, an IETF standard for setting
security levels for a process sending packets. In Smack kernels,
CIPSO headers are mapped to Smack labels automatically, but can be changed.
This patch writes label/category mappings from /etc/smack/cipso/ to
/sys/fs/smackfs/cipso2. The mapping format is "%s%4d%4d"["%4d"]...
For more information about Smack and CIPSO, see:
https://kernel.org/doc/Documentation/security/Smack.txt
|
|
Check all errors.
|
|
No need to try to stop systemd-sysctl on shutdown as
this service doesn't have ExecStop= anyways.
|
|
.mount units coming from /proc/self/mountinfo file are
unmounted after local-fs.target is reached during shutdown.
Problem: .mount units popping up in mountinfo file are
added to systemd without any dependency. For that reason,
they are the first one to be unmounted during shutdown.
Whichever program mounted the file system deserves a
chance to also unmount it. This patch ensures that
/proc/self/mountinfo units will be unmounted after
local-fs.target during shutdown (if they haven't been
unmounted already)
|
|
|
|
Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently
wrapped.
|
|
I need this to test half-installed socket-activated python
script, which requires PYTHONPATH and LD_LIBRARY_PATH set.
I assume that other people might find it useful to.
-E VAR passes through VAR from the environment, while
-E VAR=value sets VAR=value.
systemd-activate -E PYTHONPATH=/var/tmp/inst1/usr/lib64/python3.3/site-packages -E LD_LIBRARY_PATH=/var/tmp/inst1/usr/lib -l 2000 python3 -c 'from systemd.daemon import listen_fds; print(listen_fds())'
|
|
|
