| Age | Commit message (Collapse) | Author |
|---|
|
files
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
|
|
|
|
Thinking about it we should probably not hide bugs by falling back to
audit when we have our own session information anyway.
|
|
|
|
journal files
We should always go by our own cgroup hierarchy before using foreign
schemes such as audit, so let's do that for the split out logic too.
|
|
This reverts commit 8330847e949fc0c26b16910e5240eef1fe2c330a.
Conflicts:
src/fstab-generator/fstab-generator.c
|
|
|
|
cgroup path rather than audit
Previously for cases like "su" or "sudo" where a session is attempted to
be created from within an existing one we used the audit session ID to
detect this and in such a case we simple returned the session data of
the original session a second time.
With this change we will now use the cgroup path of the calling path to
determine the old session, i.e. we only rely on our own session
identification scheme, instead of audits.
We will continue to keep the audit session ID and ours in sync however,
to avoid unnecessary confusion.
|
|
If coredump support is disabled via --disable-coredump, do not build and
install the systemd-coredumpctl binary and man page.
|
|
parameter
skip s.th. like root=nfs:... root=iscsi:... root=nbd:...
|
|
also do not overwrite /sysroot*.mount units already generated from fstab
|
|
|
|
|
|
|
|
The condition was wrong: HAVE_PAM -> ENABLE_LOGIND.
|
|
|
|
|
|
Harald encountered division by zero in manager_print_jobs_in_progress.
Clearly we had the watch enabled when we shouldn't - there were no
running jobs in m->jobs, only waiting ones. This is either a deadlock,
or maybe some of them would be detected as runnable in the next dispatch
of the run queue. In any case we mustn't crash.
Fix it by starting and stopping the watch based on n_running_jobs
instead of the number of all jobs.
|
|
|
|
Unary not has higher precedence than comparisons,
so the condition was bogus.
|
|
When watches are installed from the bottom, it is always possible
to race, and miss a file creation event. The race can be avoided
if a watch is first established for a parent directory, and then for
the file in the directory. If the file is created in the time between,
the watch on the parent directory will fire.
Some messages (mostly at debug level) are added to help diagnose
pidfile issues.
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=917075.
|
|
use readlink -m instead of -f since we might be building in a minimal
chroot where those directories do not actually exist and readlink -f
would return an empty string.
|
|
/usr/share/dbus-1/system-services simply looks a lot nicer then
/usr/share/dbus-1/services/../system-services
|
|
for consistencies sake use $() everywhere
|
|
|
|
|
|
The android gadget driver for network tethering over rndis somehow has a
parent device with a null subsystem. Probably this is bug in android driver,
but it is easy enough to make systemd/udev behave gracefully and not
segfault. And this will help for making linux distros with systemd
(like fedora) work on android devices.
|
|
|
|
The userspace firmware loader is deprecated now, and will be entirely
removed when we depend on a kernel version with the built-in firmware
loader available.
|
|
Assertion 'interval > 0 || burst == 0' failed at src/journal/journald-rate-limit.c:78, function journal_rate_limit_new(). Aborting.
|
|
|
|
Errors because of oom conditions or descriptor exhaustion should not
be ignored. We probably cannot recover from those conditions.
Current behaviour wrt. insufficient permissions is described in the
man page. It might make sense in case of user sessions, so I left
it as is.
|
|
|
|
... and fix bogus return code on malloc failure.
|
|
... and use automatic cleanup.
|
|
|
|
Split the large bash completion script into separate, smaller files each
named after the binary it is used for and move the files to
/usr/share/bash-completion/completions. This way the completions can be
loaded on demand and we only install the completions for the tools we
actually build. The old path /etc/bash_completion.d/ is deprecated and
will disappear in the future.
|
|
The "OK" status messages should not draw attention to themselves.
It's better if they're not printed in bright/bold. Leave that
to errors and warnings.
Use a plain inconspicuous enterprisey green.
|
|
The crash that the check prevented has been fixed by commit 9e9e2b7.
|
|
Installation of a deserialized job may fail (though purely in theory),
so increase the running job counter only when succeeding.
|
|
This will:
* mount all configured filesystems (typically the rootfs on /sysroot)
* reload the configuration to pick up anything from the mounted fs (typically
/sysroot/etc/fstab)
* mount any newly configured filesystems (typically /usr on /sysroot/usr, if
applicable)
* shut-down and clean-up any daemons running in the initramfs (typically udevd)
* switch-root to /sysroot and start the real init
For an example of what files should be included in an initramfs based on this
see
<https://mailman.archlinux.org/pipermail/arch-projects/2013-February/003628.html>.
Cc: Harald Hoyer <harald.hoyer@gmail.com>
Cc: Dave Reisner <d@falconindy.com>
|
|
We only mount "/usr" and entries marked with "x-initrd.mount".
This (together with the right unit files) is needed in the initramfs in order to
natively support mounting /usr (and friends) from the initramfs.
The way it is meant to work is:
* wait for sysroot.mount to be mounted
* do a daemon-reload to generate sysroot-usr.mount (++) from /sysroot/etc/fstab
* wait for sysroot-usr.mount to be mounted
* switch-root
Cc: Harald Hoyer <harald.hoyer@gmail.com>
Cc: Dave Reisner <d@falconindy.com>
|
|
|
|
|
|
|
|
|
|
I originally added this to stay as compatible as possible with the kernel, but
as Lennart argued it is not really useful in the initramfs, so let's drop it (we
already don't support 'rootdealy').
|
|
|
|
The columnar output can become pretty horrible. When GNOME inhibits
power/suspend/hibernate keys, the "WHAT" column's text extends to "WHO"
and even "WHY". At the same time, all texts in "WHY" are of the form
GNOME handlin...sses
Receiving sle...ions
GNOME needs t...reen
This patch splits each inhibit entry into four lines, allowing the full
text to fit in a normal-width terminal.
|
|
In the long run we really should make this runtime configurable.
|
